summaryrefslogtreecommitdiffstats
path: root/xci/installer
diff options
context:
space:
mode:
Diffstat (limited to 'xci/installer')
-rw-r--r--xci/installer/osa/files/ansible-role-requirements.yml12
-rw-r--r--xci/installer/osa/playbooks/configure-opnfvhost.yml187
-rw-r--r--xci/installer/osa/playbooks/configure-targethosts.yml34
3 files changed, 120 insertions, 113 deletions
diff --git a/xci/installer/osa/files/ansible-role-requirements.yml b/xci/installer/osa/files/ansible-role-requirements.yml
index 761609ef..e4e87ddd 100644
--- a/xci/installer/osa/files/ansible-role-requirements.yml
+++ b/xci/installer/osa/files/ansible-role-requirements.yml
@@ -7,8 +7,8 @@
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
-# these versions are based on the osa commit dbf6a9c54a8a3aa59eb998daef296022eeadfa0f on 2018-03-21
-# http://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=dbf6a9c54a8a3aa59eb998daef296022eeadfa0f
+# these versions are based on the osa commit 85714acedb50ea65d7e7684c127984c8dc56afe4 on 2018-04-03
+# http://github.com/cgit/openstack/openstack-ansible/commit/?id=90d0679d209cb494b9a71817c56e2c26c7fc5ca1
- name: ansible-hardening
scm: git
src: https://github.com/openstack/ansible-hardening
@@ -20,7 +20,7 @@
- name: pip_install
scm: git
src: https://github.com/openstack/openstack-ansible-pip_install
- version: 99181a635478d082f5b8f2bf47d15509907fafb7
+ version: 78e615c712771e33c1a7436e05bc91644318ece1
- name: galera_client
scm: git
src: https://github.com/openstack/openstack-ansible-galera_client
@@ -48,7 +48,7 @@
- name: lxc_hosts
scm: git
src: https://github.com/openstack/openstack-ansible-lxc_hosts
- version: 0abc1e2352f928e6c42bd952c1434dd0060cdaa2
+ version: 400f0c80b9c531a792dc01ff12cf1f3b3bd69a2d
- name: memcached_server
scm: git
src: https://github.com/openstack/openstack-ansible-memcached_server
@@ -80,7 +80,7 @@
- name: os_cinder
scm: git
src: https://github.com/openstack/openstack-ansible-os_cinder
- version: c96e5e21273adbaa48ebb8f957226c6ec0ad3b8c
+ version: 948305aa6bfeeb2abdda7351aa0a8ff292810e56
- name: os_designate
scm: git
src: https://github.com/openstack/openstack-ansible-os_designate
@@ -160,7 +160,7 @@
- name: repo_build
scm: git
src: https://github.com/openstack/openstack-ansible-repo_build
- version: df5483086d92d1148d1e763247e086ff44388aaf
+ version: 0e50a282b09f62670494ada2f7d42509c148067f
- name: repo_server
scm: git
src: https://github.com/openstack/openstack-ansible-repo_server
diff --git a/xci/installer/osa/playbooks/configure-opnfvhost.yml b/xci/installer/osa/playbooks/configure-opnfvhost.yml
index 001fcee3..11957cdc 100644
--- a/xci/installer/osa/playbooks/configure-opnfvhost.yml
+++ b/xci/installer/osa/playbooks/configure-opnfvhost.yml
@@ -43,44 +43,62 @@
proxy_settings_no_proxy: "{{ lookup('env','no_proxy') }}"
tasks:
- - name: generate SSH keys
- command: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N ""
- args:
- creates: "{{ ansible_env.HOME }}/.ssh/id_rsa"
- changed_when: True
- - name: fetch public key
- fetch:
- src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub"
- dest: "{{ xci_path }}/xci/files/authorized_keys"
- flat: yes
+ - name: Configure SSH key for root user
+ user:
+ name: root
+ generate_ssh_key: yes
+ ssh_key_bits: 2048
+ ssh_key_comment: xci
+ ssh_key_type: rsa
+ state: present
+
- name: Copy releng-xci to remote host
synchronize:
src: "{{ xci_path }}/"
dest: "{{ remote_xci_path }}"
recursive: yes
delete: yes
- - name: copy flavor inventory
- command: "/bin/cp -rf {{ remote_xci_flavor_files }}/inventory {{ remote_xci_playbooks }}"
- args:
- creates: "{{ remote_xci_playbooks }}/inventory"
- - name: copy openstack_deploy
- command: "/bin/cp -rf {{openstack_osa_path}}/etc/openstack_deploy {{openstack_osa_etc_path}}"
- args:
- creates: "{{ openstack_osa_etc_path }}"
- - name: copy openstack_user_config.yml
- command: "/bin/cp -rf {{ remote_xci_flavor_files }}/openstack_user_config.yml {{openstack_osa_etc_path}}"
- args:
- creates: "{{ openstack_osa_etc_path }}/openstack_user_config.yml"
- failed_when: false
- - name: copy all user override files
- command: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_variables.yml {{openstack_osa_etc_path}}"
- args:
- creates: "{{ openstack_osa_etc_path }}/user_variables.yml }}"
- failed_when: false
- - name: copy cinder.yml
- command: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/cinder.yml {{openstack_osa_etc_path}}/env.d"
+
+ - name: Re-create OpenStack-Ansible /etc directory
+ file:
+ path: "{{ openstack_osa_etc_path }}"
+ state: "{{ item }}"
+ with_items:
+ - absent
+ - directory
+
+ - name: Remove upstream OpenStack-Ansible files
+ file:
+ path: "{{ openstack_osa_path }}/playbooks/{{ item }}"
+ state: absent
+ with_items:
+ - inventory
+ - setup-openstack.yml
+
+ - name: Copy OpenStack-Ansible configuration files
+ command: "/bin/cp -rf {{ item.src }} {{ item.dest }}"
args:
- creates: "{{ openstack_osa_etc_path }}/env.d/cinder.yml"
+ creates: "{{ item.dest }}/{{ item.src | basename }}"
+ with_items:
+ - { src: "{{ openstack_osa_path }}/etc/openstack_deploy/env.d", dest: "{{ openstack_osa_etc_path }}" }
+ - { src: "{{ openstack_osa_path }}/etc/openstack_deploy/conf.d", dest: "{{ openstack_osa_etc_path }}" }
+ - { src: "{{ openstack_osa_path }}/etc/openstack_deploy/user_secrets.yml", dest: "{{ openstack_osa_etc_path }}" }
+ - { src: "{{ remote_xci_flavor_files }}/inventory", dest: "{{ remote_xci_playbooks }}" }
+ - { src: "{{ remote_xci_flavor_files }}/openstack_user_config.yml", dest: "{{ openstack_osa_etc_path }}" }
+ - { src: "{{ remote_xci_flavor_files }}/user_variables.yml", dest: "{{ openstack_osa_etc_path }}" }
+ - { src: "{{ remote_xci_flavor_files }}/ceph.yml", dest: "{{ openstack_osa_etc_path }}/conf.d/", cond: xci_ceph_enabled }
+ - { src: "{{ remote_xci_flavor_files }}/user_ceph.yml", dest: "{{ openstack_osa_etc_path }}/user_ceph.yml", cond: xci_ceph_enabled }
+ - { src: "{{ remote_xci_flavor_files }}/user_variables_ceph.yml", dest: "{{ openstack_osa_etc_path }}/user_variables_ceph.yml", cond: xci_ceph_enabled }
+ - { src: "{{ remote_xci_path }}/xci/installer/osa/files/cinder.yml", dest: "{{ openstack_osa_etc_path }}/env.d" }
+ - { src: "{{ remote_xci_path }}/xci/installer/osa/files/user_variables_proxy.yml", dest: "{{ openstack_osa_etc_path }}/user_variables_proxy.yml", cond: "{{ lookup('env', 'http_proxy') != '' }}" }
+ - { src: "{{ remote_xci_path }}/xci/installer/osa/files/setup-openstack.yml", dest: "{{ openstack_osa_path }}/playbooks" }
+ - { src: "{{ remote_xci_path }}/xci/installer/osa/files/ansible-role-requirements.yml", dest: "{{openstack_osa_path}}/ansible-role-requirements.yml", cond: openstack_osa_version != "master" }
+ - { src: "{{ remote_xci_path }}/xci/installer/osa/files/global-requirement-pins.txt", dest: "{{openstack_osa_path}}/global-requirement-pins.txt", cond: openstack_osa_version != "master" }
+ - { src: "{{ remote_xci_path }}/xci/installer/osa/files/openstack_services.yml", dest: "{{ openstack_osa_path }}/playbooks/defaults/repo_packages/openstack_services.yml", cond: openstack_osa_version != "master" }
+ when: item.cond is not defined or (item.cond is defined and item.cond | bool)
+ loop_control:
+ label: "{{ item.src }}"
+
- name: Configure OpenStack-Ansible components
lineinfile:
path: "{{ openstack_osa_etc_path }}/user_variables.yml"
@@ -90,51 +108,15 @@
- { component: "tempest_install", value: "{{ run_tempest | bool }}" }
- { component: "tempest_run", value: "{{ run_tempest | bool }}" }
- { component: "core_openstack", value: "{{ core_openstack_install | bool }}" }
- - block:
- - name: copy ceph.yml
- command: "/bin/cp -rf {{ remote_xci_flavor_files }}/ceph.yml {{openstack_osa_etc_path}}/conf.d/"
- args:
- creates: "{{ openstack_osa_etc_path }}/conf.d/ceph.yml"
- - name: copy user_ceph.yml
- command: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_ceph.yml {{openstack_osa_etc_path}}/user_ceph.yml"
- args:
- creates: "{{ openstack_osa_etc_path }}/user_ceph.yml"
- - name: copy user_variables_ceph.yml
- command: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_variables_ceph.yml {{openstack_osa_etc_path}}/user_variables_ceph.yml"
- args:
- creates: "{{ openstack_osa_etc_path }}/user_variables_ceph.yml"
- when: xci_ceph_enabled == "true"
- - block:
- - name: copy user_variables_proxy.yml
- command: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/user_variables_proxy.yml {{openstack_osa_etc_path}}/user_variables_proxy.yml"
- args:
- creates: "{{ openstack_osa_etc_path }}/user_variables_proxy.yml"
- - name: "Configure http_proxy_env_url"
- lineinfile:
- path: "{{openstack_osa_etc_path}}/user_variables_proxy.yml"
- regexp: "^http_proxy_env_url:.*"
- line: "{{ 'http_proxy_env_url: ' + lookup('env','http_proxy') }}"
- when:
- - lookup('env','http_proxy') != "randomfoobarstring"
- - name: copy OPNFV OpenStack playbook
- command: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/setup-openstack.yml {{openstack_osa_path}}/playbooks"
- args:
- creates: "{{ openstack_osa_path }}/playbooks/setup-openstack.yml"
- - name: copy pinned versions of OSA Roles and global requirements
- command: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/{{ item }} {{openstack_osa_path}}/{{ item }}"
- args:
- creates: "{{ openstack_osa_path }}/{{ item }}"
- with_items:
- - "ansible-role-requirements.yml"
- - "global-requirement-pins.txt"
- when:
- - openstack_osa_version != "master"
- - name: copy pinned versions of OpenStack services
- command: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/openstack_services.yml {{openstack_osa_path}}/playbooks/defaults/repo_packages/openstack_services.yml"
- args:
- creates: "{{ openstack_osa_path }}/playbooks/defaults/repo_packages/openstack_services.yml"
+
+ - name: "Configure http_proxy_env_url"
+ lineinfile:
+ path: "{{openstack_osa_etc_path}}/user_variables_proxy.yml"
+ regexp: "^http_proxy_env_url:.*"
+ line: "{{ 'http_proxy_env_url: ' + lookup('env','http_proxy') }}"
when:
- - openstack_osa_version != "master"
+ - lookup('env','http_proxy') != ""
+
- include: "{{ xci_path }}/xci/playbooks/bootstrap-scenarios.yml"
- name: bootstrap ansible on opnfv host
command: "/bin/bash ./scripts/bootstrap-ansible.sh"
@@ -204,32 +186,14 @@
src: "{{ xci_path }}/.cache/xci.env"
dest: /root/xci.env
-- hosts: localhost
- remote_user: root
-
- tasks:
- - name: Append public keys to authorized_keys
- shell: "/bin/cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub >> {{ xci_path }}/xci/files/authorized_keys"
- changed_when: True
-
-- hosts: opnfv
- remote_user: root
- vars_files:
- - "{{ xci_path }}/xci/var/opnfv.yml"
-
- pre_tasks:
- - name: Load distribution variables
+ - name: Reload OpenStack-Ansible variables
include_vars:
- file: "{{ item }}"
- failed_when: false
- with_items:
- - "{{ xci_path }}/xci/var/{{ ansible_os_family }}.yml"
- - "{{ xci_flavor_ansible_file_path }}/flavor-vars.yml"
- - "{{ xci_flavor_ansible_file_path }}/user_variables.yml"
- roles:
- - role: "openstack-ansible-openstack_openrc"
+ file: "{{ xci_flavor_ansible_file_path }}/user_variables.yml"
+
+ - name: Generate openrc
+ include_role:
+ name: "openstack-ansible-openstack_openrc"
- tasks:
- name: add extra insecure flag to generated openrc
blockinfile:
dest: "{{ ansible_env.HOME }}/openrc"
@@ -242,7 +206,24 @@
dest: "{{ xci_path }}/.cache/openrc"
flat: true
- - name: add public key to host
- copy:
- src: "{{ xci_path }}/xci/files/authorized_keys"
- dest: /root/.ssh/authorized_keys
+ - name: Determine local user
+ become: no
+ local_action: command whoami
+ changed_when: False
+ register: _ansible_user
+
+ - name: Fetch local SSH key
+ delegate_to: localhost
+ become: no
+ slurp:
+ src: "/home/{{ _ansible_user.stdout }}/.ssh/id_rsa.pub"
+ register: _local_ssh_key
+
+ - name: Configure OPNFV authorized_keys file
+ authorized_key:
+ exclusive: yes
+ user: root
+ state: present
+ manage_dir: yes
+ comment: "{{ _ansible_user.stdout }} key"
+ key: "{{ _local_ssh_key['content'] | b64decode }}"
diff --git a/xci/installer/osa/playbooks/configure-targethosts.yml b/xci/installer/osa/playbooks/configure-targethosts.yml
index 09258e7c..b76a5950 100644
--- a/xci/installer/osa/playbooks/configure-targethosts.yml
+++ b/xci/installer/osa/playbooks/configure-targethosts.yml
@@ -33,7 +33,33 @@
- xci_ceph_enabled == "true"
- "'compute' in group_names"
tasks:
- - name: add public key to host
- copy:
- src: "{{ xci_path }}/xci/files/authorized_keys"
- dest: /root/.ssh/authorized_keys
+ - name: Determine local user
+ become: no
+ local_action: command whoami
+ changed_when: False
+ register: _ansible_user
+
+ - name: Fetch local SSH key
+ delegate_to: localhost
+ become: no
+ slurp:
+ src: "/home/{{ _ansible_user.stdout }}/.ssh/id_rsa.pub"
+ register: _local_ssh_key
+
+ - name: Fetch OPNFV SSH key
+ delegate_to: opnfv
+ slurp:
+ src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub"
+ register: _opnfv_ssh_key
+
+ - name: "Configure {{ inventory_hostname }} authorized_keys file"
+ authorized_key:
+ exclusive: "{{ item.exclusive }}"
+ user: root
+ state: present
+ manage_dir: yes
+ key: "{{ item.key }}"
+ comment: "{{ item.comment }}"
+ with_items:
+ - { key: "{{ _local_ssh_key['content'] | b64decode }}", comment: "{{ _ansible_user.stdout }} key", exclusive: yes }
+ - { key: "{{ _opnfv_ssh_key['content'] | b64decode }}", comment: "opnfv host key", exclusive: no }