diff options
| author |   Markos Chandras <mchandras@suse.de> | 2018-04-03 09:33:17 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@opnfv.org> | 2018-04-03 09:33:17 +0000 |
| commit | e2b961ec221a68437fae2a062d3492b6e77d27ad (patch) | |
| tree | 19ac6db7720ae38914f65b14920b831bee2e0678 /xci/installer/osa | |
| parent | 56ab31c8ae5fe9e4f151fc1de5881c7bb2a09a2f (diff) | |
| parent | 396ea65c98f71580a2e789c7d93c8d8611878b64 (diff) | |
Merge changes from topic 'misc-simplifications-osa'
* changes:
xci: bootstrap-host: Make active network interface consistent
xci: osa: Simplify tasks for copying OSA configuration files
xci: Use proper Ansible modules to manage SSH keys
Diffstat (limited to 'xci/installer/osa')
| -rw-r--r-- | xci/installer/osa/playbooks/configure-opnfvhost.yml | 187 | ||||
| -rw-r--r-- | xci/installer/osa/playbooks/configure-targethosts.yml | 34 |
2 files changed, 114 insertions, 107 deletions
diff --git a/xci/installer/osa/playbooks/configure-opnfvhost.yml b/xci/installer/osa/playbooks/configure-opnfvhost.yml index 001fcee3..11957cdc 100644 --- a/xci/installer/osa/playbooks/configure-opnfvhost.yml +++ b/xci/installer/osa/playbooks/configure-opnfvhost.yml @@ -43,44 +43,62 @@ proxy_settings_no_proxy: "{{ lookup('env','no_proxy') }}" tasks: - - name: generate SSH keys - command: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N "" - args: - creates: "{{ ansible_env.HOME }}/.ssh/id_rsa" - changed_when: True - - name: fetch public key - fetch: - src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub" - dest: "{{ xci_path }}/xci/files/authorized_keys" - flat: yes + - name: Configure SSH key for root user + user: + name: root + generate_ssh_key: yes + ssh_key_bits: 2048 + ssh_key_comment: xci + ssh_key_type: rsa + state: present + - name: Copy releng-xci to remote host synchronize: src: "{{ xci_path }}/" dest: "{{ remote_xci_path }}" recursive: yes delete: yes - - name: copy flavor inventory - command: "/bin/cp -rf {{ remote_xci_flavor_files }}/inventory {{ remote_xci_playbooks }}" - args: - creates: "{{ remote_xci_playbooks }}/inventory" - - name: copy openstack_deploy - command: "/bin/cp -rf {{openstack_osa_path}}/etc/openstack_deploy {{openstack_osa_etc_path}}" - args: - creates: "{{ openstack_osa_etc_path }}" - - name: copy openstack_user_config.yml - command: "/bin/cp -rf {{ remote_xci_flavor_files }}/openstack_user_config.yml {{openstack_osa_etc_path}}" - args: - creates: "{{ openstack_osa_etc_path }}/openstack_user_config.yml" - failed_when: false - - name: copy all user override files - command: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_variables.yml {{openstack_osa_etc_path}}" - args: - creates: "{{ openstack_osa_etc_path }}/user_variables.yml }}" - failed_when: false - - name: copy cinder.yml - command: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/cinder.yml {{openstack_osa_etc_path}}/env.d" + + - name: Re-create OpenStack-Ansible /etc directory + file: + path: "{{ openstack_osa_etc_path }}" + state: "{{ item }}" + with_items: + - absent + - directory + + - name: Remove upstream OpenStack-Ansible files + file: + path: "{{ openstack_osa_path }}/playbooks/{{ item }}" + state: absent + with_items: + - inventory + - setup-openstack.yml + + - name: Copy OpenStack-Ansible configuration files + command: "/bin/cp -rf {{ item.src }} {{ item.dest }}" args: - creates: "{{ openstack_osa_etc_path }}/env.d/cinder.yml" + creates: "{{ item.dest }}/{{ item.src | basename }}" + with_items: + - { src: "{{ openstack_osa_path }}/etc/openstack_deploy/env.d", dest: "{{ openstack_osa_etc_path }}" } + - { src: "{{ openstack_osa_path }}/etc/openstack_deploy/conf.d", dest: "{{ openstack_osa_etc_path }}" } + - { src: "{{ openstack_osa_path }}/etc/openstack_deploy/user_secrets.yml", dest: "{{ openstack_osa_etc_path }}" } + - { src: "{{ remote_xci_flavor_files }}/inventory", dest: "{{ remote_xci_playbooks }}" } + - { src: "{{ remote_xci_flavor_files }}/openstack_user_config.yml", dest: "{{ openstack_osa_etc_path }}" } + - { src: "{{ remote_xci_flavor_files }}/user_variables.yml", dest: "{{ openstack_osa_etc_path }}" } + - { src: "{{ remote_xci_flavor_files }}/ceph.yml", dest: "{{ openstack_osa_etc_path }}/conf.d/", cond: xci_ceph_enabled } + - { src: "{{ remote_xci_flavor_files }}/user_ceph.yml", dest: "{{ openstack_osa_etc_path }}/user_ceph.yml", cond: xci_ceph_enabled } + - { src: "{{ remote_xci_flavor_files }}/user_variables_ceph.yml", dest: "{{ openstack_osa_etc_path }}/user_variables_ceph.yml", cond: xci_ceph_enabled } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/cinder.yml", dest: "{{ openstack_osa_etc_path }}/env.d" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/user_variables_proxy.yml", dest: "{{ openstack_osa_etc_path }}/user_variables_proxy.yml", cond: "{{ lookup('env', 'http_proxy') != '' }}" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/setup-openstack.yml", dest: "{{ openstack_osa_path }}/playbooks" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/ansible-role-requirements.yml", dest: "{{openstack_osa_path}}/ansible-role-requirements.yml", cond: openstack_osa_version != "master" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/global-requirement-pins.txt", dest: "{{openstack_osa_path}}/global-requirement-pins.txt", cond: openstack_osa_version != "master" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/openstack_services.yml", dest: "{{ openstack_osa_path }}/playbooks/defaults/repo_packages/openstack_services.yml", cond: openstack_osa_version != "master" } + when: item.cond is not defined or (item.cond is defined and item.cond | bool) + loop_control: + label: "{{ item.src }}" + - name: Configure OpenStack-Ansible components lineinfile: path: "{{ openstack_osa_etc_path }}/user_variables.yml" @@ -90,51 +108,15 @@ - { component: "tempest_install", value: "{{ run_tempest | bool }}" } - { component: "tempest_run", value: "{{ run_tempest | bool }}" } - { component: "core_openstack", value: "{{ core_openstack_install | bool }}" } - - block: - - name: copy ceph.yml - command: "/bin/cp -rf {{ remote_xci_flavor_files }}/ceph.yml {{openstack_osa_etc_path}}/conf.d/" - args: - creates: "{{ openstack_osa_etc_path }}/conf.d/ceph.yml" - - name: copy user_ceph.yml - command: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_ceph.yml {{openstack_osa_etc_path}}/user_ceph.yml" - args: - creates: "{{ openstack_osa_etc_path }}/user_ceph.yml" - - name: copy user_variables_ceph.yml - command: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_variables_ceph.yml {{openstack_osa_etc_path}}/user_variables_ceph.yml" - args: - creates: "{{ openstack_osa_etc_path }}/user_variables_ceph.yml" - when: xci_ceph_enabled == "true" - - block: - - name: copy user_variables_proxy.yml - command: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/user_variables_proxy.yml {{openstack_osa_etc_path}}/user_variables_proxy.yml" - args: - creates: "{{ openstack_osa_etc_path }}/user_variables_proxy.yml" - - name: "Configure http_proxy_env_url" - lineinfile: - path: "{{openstack_osa_etc_path}}/user_variables_proxy.yml" - regexp: "^http_proxy_env_url:.*" - line: "{{ 'http_proxy_env_url: ' + lookup('env','http_proxy') }}" - when: - - lookup('env','http_proxy') != "randomfoobarstring" - - name: copy OPNFV OpenStack playbook - command: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/setup-openstack.yml {{openstack_osa_path}}/playbooks" - args: - creates: "{{ openstack_osa_path }}/playbooks/setup-openstack.yml" - - name: copy pinned versions of OSA Roles and global requirements - command: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/{{ item }} {{openstack_osa_path}}/{{ item }}" - args: - creates: "{{ openstack_osa_path }}/{{ item }}" - with_items: - - "ansible-role-requirements.yml" - - "global-requirement-pins.txt" - when: - - openstack_osa_version != "master" - - name: copy pinned versions of OpenStack services - command: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/openstack_services.yml {{openstack_osa_path}}/playbooks/defaults/repo_packages/openstack_services.yml" - args: - creates: "{{ openstack_osa_path }}/playbooks/defaults/repo_packages/openstack_services.yml" + + - name: "Configure http_proxy_env_url" + lineinfile: + path: "{{openstack_osa_etc_path}}/user_variables_proxy.yml" + regexp: "^http_proxy_env_url:.*" + line: "{{ 'http_proxy_env_url: ' + lookup('env','http_proxy') }}" when: - - openstack_osa_version != "master" + - lookup('env','http_proxy') != "" + - include: "{{ xci_path }}/xci/playbooks/bootstrap-scenarios.yml" - name: bootstrap ansible on opnfv host command: "/bin/bash ./scripts/bootstrap-ansible.sh" @@ -204,32 +186,14 @@ src: "{{ xci_path }}/.cache/xci.env" dest: /root/xci.env -- hosts: localhost - remote_user: root - - tasks: - - name: Append public keys to authorized_keys - shell: "/bin/cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub >> {{ xci_path }}/xci/files/authorized_keys" - changed_when: True - -- hosts: opnfv - remote_user: root - vars_files: - - "{{ xci_path }}/xci/var/opnfv.yml" - - pre_tasks: - - name: Load distribution variables + - name: Reload OpenStack-Ansible variables include_vars: - file: "{{ item }}" - failed_when: false - with_items: - - "{{ xci_path }}/xci/var/{{ ansible_os_family }}.yml" - - "{{ xci_flavor_ansible_file_path }}/flavor-vars.yml" - - "{{ xci_flavor_ansible_file_path }}/user_variables.yml" - roles: - - role: "openstack-ansible-openstack_openrc" + file: "{{ xci_flavor_ansible_file_path }}/user_variables.yml" + + - name: Generate openrc + include_role: + name: "openstack-ansible-openstack_openrc" - tasks: - name: add extra insecure flag to generated openrc blockinfile: dest: "{{ ansible_env.HOME }}/openrc" @@ -242,7 +206,24 @@ dest: "{{ xci_path }}/.cache/openrc" flat: true - - name: add public key to host - copy: - src: "{{ xci_path }}/xci/files/authorized_keys" - dest: /root/.ssh/authorized_keys + - name: Determine local user + become: no + local_action: command whoami + changed_when: False + register: _ansible_user + + - name: Fetch local SSH key + delegate_to: localhost + become: no + slurp: + src: "/home/{{ _ansible_user.stdout }}/.ssh/id_rsa.pub" + register: _local_ssh_key + + - name: Configure OPNFV authorized_keys file + authorized_key: + exclusive: yes + user: root + state: present + manage_dir: yes + comment: "{{ _ansible_user.stdout }} key" + key: "{{ _local_ssh_key['content'] | b64decode }}" diff --git a/xci/installer/osa/playbooks/configure-targethosts.yml b/xci/installer/osa/playbooks/configure-targethosts.yml index 09258e7c..b76a5950 100644 --- a/xci/installer/osa/playbooks/configure-targethosts.yml +++ b/xci/installer/osa/playbooks/configure-targethosts.yml @@ -33,7 +33,33 @@ - xci_ceph_enabled == "true" - "'compute' in group_names" tasks: - - name: add public key to host - copy: - src: "{{ xci_path }}/xci/files/authorized_keys" - dest: /root/.ssh/authorized_keys + - name: Determine local user + become: no + local_action: command whoami + changed_when: False + register: _ansible_user + + - name: Fetch local SSH key + delegate_to: localhost + become: no + slurp: + src: "/home/{{ _ansible_user.stdout }}/.ssh/id_rsa.pub" + register: _local_ssh_key + + - name: Fetch OPNFV SSH key + delegate_to: opnfv + slurp: + src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub" + register: _opnfv_ssh_key + + - name: "Configure {{ inventory_hostname }} authorized_keys file" + authorized_key: + exclusive: "{{ item.exclusive }}" + user: root + state: present + manage_dir: yes + key: "{{ item.key }}" + comment: "{{ item.comment }}" + with_items: + - { key: "{{ _local_ssh_key['content'] | b64decode }}", comment: "{{ _ansible_user.stdout }} key", exclusive: yes } + - { key: "{{ _opnfv_ssh_key['content'] | b64decode }}", comment: "opnfv host key", exclusive: no } |