From a51e4d6c0c2299fa9253c35782e5cb7cd28b5c16 Mon Sep 17 00:00:00 2001
From: "carey.xu" <carey.xuhan@huawei.com>
Date: Sat, 16 Jan 2016 13:50:42 +0800
Subject: bugfix: SSH permissions error when resizing or migrating an instance

  - make all host cant ssh login each other with out password,
    so nova can resize on diffrent hosts

  - remove some error httpchk options in haproxy

JIRA: COMPASS-269

Change-Id: If9d75bc94446000ed1a8fb7bbd777ae205ecd630
Signed-off-by: carey.xu <carey.xuhan@huawei.com>
---
 .../ansible/openstack/HA-ansible-multinodes.yml    | 85 +++++++++++++++++++++-
 .../ansible/roles/ha/templates/haproxy.cfg         |  4 -
 2 files changed, 83 insertions(+), 6 deletions(-)

(limited to 'deploy')

diff --git a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml
index 199c14ab..bb468c56 100644
--- a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml
+++ b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml
@@ -1,6 +1,42 @@
 ---
 - hosts: all
   remote_user: root
+  pre_tasks:
+    - name: make sure ssh dir exist
+      file:
+        path: '{{ item.path }}'
+        owner: '{{ item.owner }}'
+        group: '{{ item.group }}'
+        state: directory
+        mode: 0755
+      with_items:
+        - path: /root/.ssh
+          owner: root
+          group: root
+
+    - name: write ssh config
+      copy:
+        content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no"
+        dest: '{{ item.dest }}'
+        owner: '{{ item.owner }}'
+        group: '{{ item.group }}'
+        mode: 0600
+      with_items:
+        - dest: /root/.ssh/config
+          owner: root
+          group: root
+
+    - name: generate ssh keys
+      shell: if [ ! -f ~/.ssh/id_rsa.pub ]; then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; else echo "already gen ssh key!"; fi;
+
+    - name: fetch ssh keys
+      fetch: src=/root/.ssh/id_rsa.pub dest=/tmp/ssh-keys-{{ ansible_hostname }} flat=yes
+
+    - authorized_key:
+        user: root
+        key:  "{{ lookup('file', 'item') }}"
+      with_fileglob:
+        - /tmp/ssh-keys-*
   roles:
     - common
 
@@ -38,8 +74,8 @@
 - hosts: all
   remote_user: root
   accelerate: true
-  roles: 
-    - storage 
+  roles:
+    - storage
 
 - hosts: compute
   remote_user: root
@@ -91,3 +127,48 @@
   accelerate: true
   roles:
     - secgroup
+
+- hosts: all
+  remote_user: root
+  accelerate: true
+  tasks:
+    - name: set bash to nova
+      user:
+         name: nova
+         shell: /bin/bash
+
+    - name: make sure ssh dir exist
+      file:
+        path: '{{ item.path }}'
+        owner: '{{ item.owner }}'
+        group: '{{ item.group }}'
+        state: directory
+        mode: 0755
+      with_items:
+        - path: /var/lib/nova/.ssh
+          owner: nova
+          group: nova
+
+    - name: copy ssh keys for nova
+      shell: cp -rf /root/.ssh/id_rsa /var/lib/nova/.ssh;
+
+    - name: write ssh config
+      copy:
+        content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no"
+        dest: '{{ item.dest }}'
+        owner: '{{ item.owner }}'
+        group: '{{ item.group }}'
+        mode: 0600
+      with_items:
+        - dest: /var/lib/nova/.ssh/config
+          owner: nova
+          group: nova
+
+    - authorized_key:
+        user: nova
+        key:  "{{ lookup('file', 'item') }}"
+      with_fileglob:
+        - /tmp/ssh-keys-*
+
+    - name: chown ssh file
+      shell: chown -R nova:nova /var/lib/nova/.ssh;
diff --git a/deploy/adapters/ansible/roles/ha/templates/haproxy.cfg b/deploy/adapters/ansible/roles/ha/templates/haproxy.cfg
index 1bca5e39..3ff63689 100644
--- a/deploy/adapters/ansible/roles/ha/templates/haproxy.cfg
+++ b/deploy/adapters/ansible/roles/ha/templates/haproxy.cfg
@@ -56,7 +56,6 @@ listen  proxy-glance_registry_cluster
     bind {{ public_vip.ip }}:9191
     option tcpka
     option tcplog
-    option httpchk
     balance source
 {% for host,ip in haproxy_hosts.items() %}
     server {{ host }} {{ ip }}:9191 weight 1 check inter 2000 rise 2 fall 5
@@ -78,7 +77,6 @@ listen  proxy-nova-novncproxy
     bind {{ public_vip.ip }}:6080
     option tcpka
     option tcplog
-    option httpchk
     balance source
 {% for host,ip in haproxy_hosts.items() %}
     server {{ host }} {{ ip }}:6080 weight 1 check inter 2000 rise 2 fall 5
@@ -144,7 +142,6 @@ listen  proxy-nova_metadata_api_cluster
     bind {{ public_vip.ip }}:8775
     option tcpka
     option tcplog
-    option httpchk
     balance source
 {% for host,ip in haproxy_hosts.items() %}
     server {{ host }} {{ ip }}:8775 weight 1 check inter 2000 rise 2 fall 5
@@ -180,7 +177,6 @@ listen  proxy-dashboarad
     cookie  SERVERID insert indirect nocache
     option  forwardfor
     option  httpchk
-    option httpchk
     option  httpclose
     rspidel  ^Set-cookie:\ IP=
 {% for host,ip in haproxy_hosts.items() %}
-- 
cgit 1.2.3-korg