diff options
Diffstat (limited to 'xci/installer')
-rw-r--r-- | xci/installer/osa/files/ansible-role-requirements.yml | 12 | ||||
-rw-r--r-- | xci/installer/osa/playbooks/configure-opnfvhost.yml | 187 | ||||
-rw-r--r-- | xci/installer/osa/playbooks/configure-targethosts.yml | 34 |
3 files changed, 120 insertions, 113 deletions
diff --git a/xci/installer/osa/files/ansible-role-requirements.yml b/xci/installer/osa/files/ansible-role-requirements.yml index 761609ef..e4e87ddd 100644 --- a/xci/installer/osa/files/ansible-role-requirements.yml +++ b/xci/installer/osa/files/ansible-role-requirements.yml @@ -7,8 +7,8 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## -# these versions are based on the osa commit dbf6a9c54a8a3aa59eb998daef296022eeadfa0f on 2018-03-21 -# http://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=dbf6a9c54a8a3aa59eb998daef296022eeadfa0f +# these versions are based on the osa commit 85714acedb50ea65d7e7684c127984c8dc56afe4 on 2018-04-03 +# http://github.com/cgit/openstack/openstack-ansible/commit/?id=90d0679d209cb494b9a71817c56e2c26c7fc5ca1 - name: ansible-hardening scm: git src: https://github.com/openstack/ansible-hardening @@ -20,7 +20,7 @@ - name: pip_install scm: git src: https://github.com/openstack/openstack-ansible-pip_install - version: 99181a635478d082f5b8f2bf47d15509907fafb7 + version: 78e615c712771e33c1a7436e05bc91644318ece1 - name: galera_client scm: git src: https://github.com/openstack/openstack-ansible-galera_client @@ -48,7 +48,7 @@ - name: lxc_hosts scm: git src: https://github.com/openstack/openstack-ansible-lxc_hosts - version: 0abc1e2352f928e6c42bd952c1434dd0060cdaa2 + version: 400f0c80b9c531a792dc01ff12cf1f3b3bd69a2d - name: memcached_server scm: git src: https://github.com/openstack/openstack-ansible-memcached_server @@ -80,7 +80,7 @@ - name: os_cinder scm: git src: https://github.com/openstack/openstack-ansible-os_cinder - version: c96e5e21273adbaa48ebb8f957226c6ec0ad3b8c + version: 948305aa6bfeeb2abdda7351aa0a8ff292810e56 - name: os_designate scm: git src: https://github.com/openstack/openstack-ansible-os_designate @@ -160,7 +160,7 @@ - name: repo_build scm: git src: https://github.com/openstack/openstack-ansible-repo_build - version: df5483086d92d1148d1e763247e086ff44388aaf + version: 0e50a282b09f62670494ada2f7d42509c148067f - name: repo_server scm: git src: https://github.com/openstack/openstack-ansible-repo_server diff --git a/xci/installer/osa/playbooks/configure-opnfvhost.yml b/xci/installer/osa/playbooks/configure-opnfvhost.yml index 001fcee3..11957cdc 100644 --- a/xci/installer/osa/playbooks/configure-opnfvhost.yml +++ b/xci/installer/osa/playbooks/configure-opnfvhost.yml @@ -43,44 +43,62 @@ proxy_settings_no_proxy: "{{ lookup('env','no_proxy') }}" tasks: - - name: generate SSH keys - command: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N "" - args: - creates: "{{ ansible_env.HOME }}/.ssh/id_rsa" - changed_when: True - - name: fetch public key - fetch: - src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub" - dest: "{{ xci_path }}/xci/files/authorized_keys" - flat: yes + - name: Configure SSH key for root user + user: + name: root + generate_ssh_key: yes + ssh_key_bits: 2048 + ssh_key_comment: xci + ssh_key_type: rsa + state: present + - name: Copy releng-xci to remote host synchronize: src: "{{ xci_path }}/" dest: "{{ remote_xci_path }}" recursive: yes delete: yes - - name: copy flavor inventory - command: "/bin/cp -rf {{ remote_xci_flavor_files }}/inventory {{ remote_xci_playbooks }}" - args: - creates: "{{ remote_xci_playbooks }}/inventory" - - name: copy openstack_deploy - command: "/bin/cp -rf {{openstack_osa_path}}/etc/openstack_deploy {{openstack_osa_etc_path}}" - args: - creates: "{{ openstack_osa_etc_path }}" - - name: copy openstack_user_config.yml - command: "/bin/cp -rf {{ remote_xci_flavor_files }}/openstack_user_config.yml {{openstack_osa_etc_path}}" - args: - creates: "{{ openstack_osa_etc_path }}/openstack_user_config.yml" - failed_when: false - - name: copy all user override files - command: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_variables.yml {{openstack_osa_etc_path}}" - args: - creates: "{{ openstack_osa_etc_path }}/user_variables.yml }}" - failed_when: false - - name: copy cinder.yml - command: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/cinder.yml {{openstack_osa_etc_path}}/env.d" + + - name: Re-create OpenStack-Ansible /etc directory + file: + path: "{{ openstack_osa_etc_path }}" + state: "{{ item }}" + with_items: + - absent + - directory + + - name: Remove upstream OpenStack-Ansible files + file: + path: "{{ openstack_osa_path }}/playbooks/{{ item }}" + state: absent + with_items: + - inventory + - setup-openstack.yml + + - name: Copy OpenStack-Ansible configuration files + command: "/bin/cp -rf {{ item.src }} {{ item.dest }}" args: - creates: "{{ openstack_osa_etc_path }}/env.d/cinder.yml" + creates: "{{ item.dest }}/{{ item.src | basename }}" + with_items: + - { src: "{{ openstack_osa_path }}/etc/openstack_deploy/env.d", dest: "{{ openstack_osa_etc_path }}" } + - { src: "{{ openstack_osa_path }}/etc/openstack_deploy/conf.d", dest: "{{ openstack_osa_etc_path }}" } + - { src: "{{ openstack_osa_path }}/etc/openstack_deploy/user_secrets.yml", dest: "{{ openstack_osa_etc_path }}" } + - { src: "{{ remote_xci_flavor_files }}/inventory", dest: "{{ remote_xci_playbooks }}" } + - { src: "{{ remote_xci_flavor_files }}/openstack_user_config.yml", dest: "{{ openstack_osa_etc_path }}" } + - { src: "{{ remote_xci_flavor_files }}/user_variables.yml", dest: "{{ openstack_osa_etc_path }}" } + - { src: "{{ remote_xci_flavor_files }}/ceph.yml", dest: "{{ openstack_osa_etc_path }}/conf.d/", cond: xci_ceph_enabled } + - { src: "{{ remote_xci_flavor_files }}/user_ceph.yml", dest: "{{ openstack_osa_etc_path }}/user_ceph.yml", cond: xci_ceph_enabled } + - { src: "{{ remote_xci_flavor_files }}/user_variables_ceph.yml", dest: "{{ openstack_osa_etc_path }}/user_variables_ceph.yml", cond: xci_ceph_enabled } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/cinder.yml", dest: "{{ openstack_osa_etc_path }}/env.d" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/user_variables_proxy.yml", dest: "{{ openstack_osa_etc_path }}/user_variables_proxy.yml", cond: "{{ lookup('env', 'http_proxy') != '' }}" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/setup-openstack.yml", dest: "{{ openstack_osa_path }}/playbooks" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/ansible-role-requirements.yml", dest: "{{openstack_osa_path}}/ansible-role-requirements.yml", cond: openstack_osa_version != "master" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/global-requirement-pins.txt", dest: "{{openstack_osa_path}}/global-requirement-pins.txt", cond: openstack_osa_version != "master" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/openstack_services.yml", dest: "{{ openstack_osa_path }}/playbooks/defaults/repo_packages/openstack_services.yml", cond: openstack_osa_version != "master" } + when: item.cond is not defined or (item.cond is defined and item.cond | bool) + loop_control: + label: "{{ item.src }}" + - name: Configure OpenStack-Ansible components lineinfile: path: "{{ openstack_osa_etc_path }}/user_variables.yml" @@ -90,51 +108,15 @@ - { component: "tempest_install", value: "{{ run_tempest | bool }}" } - { component: "tempest_run", value: "{{ run_tempest | bool }}" } - { component: "core_openstack", value: "{{ core_openstack_install | bool }}" } - - block: - - name: copy ceph.yml - command: "/bin/cp -rf {{ remote_xci_flavor_files }}/ceph.yml {{openstack_osa_etc_path}}/conf.d/" - args: - creates: "{{ openstack_osa_etc_path }}/conf.d/ceph.yml" - - name: copy user_ceph.yml - command: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_ceph.yml {{openstack_osa_etc_path}}/user_ceph.yml" - args: - creates: "{{ openstack_osa_etc_path }}/user_ceph.yml" - - name: copy user_variables_ceph.yml - command: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_variables_ceph.yml {{openstack_osa_etc_path}}/user_variables_ceph.yml" - args: - creates: "{{ openstack_osa_etc_path }}/user_variables_ceph.yml" - when: xci_ceph_enabled == "true" - - block: - - name: copy user_variables_proxy.yml - command: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/user_variables_proxy.yml {{openstack_osa_etc_path}}/user_variables_proxy.yml" - args: - creates: "{{ openstack_osa_etc_path }}/user_variables_proxy.yml" - - name: "Configure http_proxy_env_url" - lineinfile: - path: "{{openstack_osa_etc_path}}/user_variables_proxy.yml" - regexp: "^http_proxy_env_url:.*" - line: "{{ 'http_proxy_env_url: ' + lookup('env','http_proxy') }}" - when: - - lookup('env','http_proxy') != "randomfoobarstring" - - name: copy OPNFV OpenStack playbook - command: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/setup-openstack.yml {{openstack_osa_path}}/playbooks" - args: - creates: "{{ openstack_osa_path }}/playbooks/setup-openstack.yml" - - name: copy pinned versions of OSA Roles and global requirements - command: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/{{ item }} {{openstack_osa_path}}/{{ item }}" - args: - creates: "{{ openstack_osa_path }}/{{ item }}" - with_items: - - "ansible-role-requirements.yml" - - "global-requirement-pins.txt" - when: - - openstack_osa_version != "master" - - name: copy pinned versions of OpenStack services - command: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/openstack_services.yml {{openstack_osa_path}}/playbooks/defaults/repo_packages/openstack_services.yml" - args: - creates: "{{ openstack_osa_path }}/playbooks/defaults/repo_packages/openstack_services.yml" + + - name: "Configure http_proxy_env_url" + lineinfile: + path: "{{openstack_osa_etc_path}}/user_variables_proxy.yml" + regexp: "^http_proxy_env_url:.*" + line: "{{ 'http_proxy_env_url: ' + lookup('env','http_proxy') }}" when: - - openstack_osa_version != "master" + - lookup('env','http_proxy') != "" + - include: "{{ xci_path }}/xci/playbooks/bootstrap-scenarios.yml" - name: bootstrap ansible on opnfv host command: "/bin/bash ./scripts/bootstrap-ansible.sh" @@ -204,32 +186,14 @@ src: "{{ xci_path }}/.cache/xci.env" dest: /root/xci.env -- hosts: localhost - remote_user: root - - tasks: - - name: Append public keys to authorized_keys - shell: "/bin/cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub >> {{ xci_path }}/xci/files/authorized_keys" - changed_when: True - -- hosts: opnfv - remote_user: root - vars_files: - - "{{ xci_path }}/xci/var/opnfv.yml" - - pre_tasks: - - name: Load distribution variables + - name: Reload OpenStack-Ansible variables include_vars: - file: "{{ item }}" - failed_when: false - with_items: - - "{{ xci_path }}/xci/var/{{ ansible_os_family }}.yml" - - "{{ xci_flavor_ansible_file_path }}/flavor-vars.yml" - - "{{ xci_flavor_ansible_file_path }}/user_variables.yml" - roles: - - role: "openstack-ansible-openstack_openrc" + file: "{{ xci_flavor_ansible_file_path }}/user_variables.yml" + + - name: Generate openrc + include_role: + name: "openstack-ansible-openstack_openrc" - tasks: - name: add extra insecure flag to generated openrc blockinfile: dest: "{{ ansible_env.HOME }}/openrc" @@ -242,7 +206,24 @@ dest: "{{ xci_path }}/.cache/openrc" flat: true - - name: add public key to host - copy: - src: "{{ xci_path }}/xci/files/authorized_keys" - dest: /root/.ssh/authorized_keys + - name: Determine local user + become: no + local_action: command whoami + changed_when: False + register: _ansible_user + + - name: Fetch local SSH key + delegate_to: localhost + become: no + slurp: + src: "/home/{{ _ansible_user.stdout }}/.ssh/id_rsa.pub" + register: _local_ssh_key + + - name: Configure OPNFV authorized_keys file + authorized_key: + exclusive: yes + user: root + state: present + manage_dir: yes + comment: "{{ _ansible_user.stdout }} key" + key: "{{ _local_ssh_key['content'] | b64decode }}" diff --git a/xci/installer/osa/playbooks/configure-targethosts.yml b/xci/installer/osa/playbooks/configure-targethosts.yml index 09258e7c..b76a5950 100644 --- a/xci/installer/osa/playbooks/configure-targethosts.yml +++ b/xci/installer/osa/playbooks/configure-targethosts.yml @@ -33,7 +33,33 @@ - xci_ceph_enabled == "true" - "'compute' in group_names" tasks: - - name: add public key to host - copy: - src: "{{ xci_path }}/xci/files/authorized_keys" - dest: /root/.ssh/authorized_keys + - name: Determine local user + become: no + local_action: command whoami + changed_when: False + register: _ansible_user + + - name: Fetch local SSH key + delegate_to: localhost + become: no + slurp: + src: "/home/{{ _ansible_user.stdout }}/.ssh/id_rsa.pub" + register: _local_ssh_key + + - name: Fetch OPNFV SSH key + delegate_to: opnfv + slurp: + src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub" + register: _opnfv_ssh_key + + - name: "Configure {{ inventory_hostname }} authorized_keys file" + authorized_key: + exclusive: "{{ item.exclusive }}" + user: root + state: present + manage_dir: yes + key: "{{ item.key }}" + comment: "{{ item.comment }}" + with_items: + - { key: "{{ _local_ssh_key['content'] | b64decode }}", comment: "{{ _ansible_user.stdout }} key", exclusive: yes } + - { key: "{{ _opnfv_ssh_key['content'] | b64decode }}", comment: "opnfv host key", exclusive: no } |