diff --git a/ansible/group_vars/all/seed b/ansible/group_vars/all/seed index 2530538cd..3d17faebf 100644 --- a/ansible/group_vars/all/seed +++ b/ansible/group_vars/all/seed @@ -1,4 +1,11 @@ --- +############################################################################### +# Seed node configuration. + +# User with which to access the seed via SSH during bootstrap, in order to +# setup the Kayobe user account. +seed_bootstrap_user: "{{ lookup('env', 'USER') }}" + ############################################################################### # Seed node LVM configuration. diff --git a/ansible/group_vars/all/seed-vm b/ansible/group_vars/all/seed-vm index bd593aa36..c3098816a 100644 --- a/ansible/group_vars/all/seed-vm +++ b/ansible/group_vars/all/seed-vm @@ -52,7 +52,3 @@ seed_vm_data_capacity: 100G # Format of the seed VM data volume. seed_vm_data_format: qcow2 - -# User with which to access the seed VM via SSH during bootstrap, in order to -# setup the Kayobe user account. -seed_vm_bootstrap_user: "{{ lookup('env', 'USER') }}" diff --git a/ansible/group_vars/controllers/ansible-user b/ansible/group_vars/controllers/ansible-user index b411db836..784bac7cb 100644 --- a/ansible/group_vars/controllers/ansible-user +++ b/ansible/group_vars/controllers/ansible-user @@ -1,3 +1,7 @@ --- # User with which to access the controllers via SSH. ansible_user: "{{ kayobe_ansible_user }}" + +# User with which to access the controllers before the kayobe_ansible_user +# account has been created. +bootstrap_user: "{{ controller_bootstrap_user }}" diff --git a/ansible/group_vars/seed/ansible-host b/ansible/group_vars/seed/ansible-host new file mode 100644 index 000000000..bb6cb26ac --- /dev/null +++ b/ansible/group_vars/seed/ansible-host @@ -0,0 +1,3 @@ +--- +# Host/IP with which to access the seed via SSH. +ansible_host: "{{ provision_oc_net_name | net_ip }}" diff --git a/ansible/group_vars/seed/ansible-user b/ansible/group_vars/seed/ansible-user index 2d577280f..0b8d64d07 100644 --- a/ansible/group_vars/seed/ansible-user +++ b/ansible/group_vars/seed/ansible-user @@ -1,3 +1,7 @@ --- -# User with which to access the seed VM via SSH. +# User with which to access the seed via SSH. ansible_user: "{{ kayobe_ansible_user }}" + +# User with which to access the seed before the kayobe_ansible_user account has +# been created. +bootstrap_user: "{{ seed_bootstrap_user }}" diff --git a/ansible/kayobe-ansible-user.yml b/ansible/kayobe-ansible-user.yml index a6019e783..1c4a01517 100644 --- a/ansible/kayobe-ansible-user.yml +++ b/ansible/kayobe-ansible-user.yml @@ -2,31 +2,29 @@ - name: Ensure the Kayobe Ansible user account exists hosts: seed:controllers vars: - ansible_user: "{{ seed_vm_bootstrap_user if inventory_hostname in groups['seed'] else controller_bootstrap_user }}" + ansible_user: "{{ bootstrap_user }}" tasks: - - name: Ensure the Kayobe Ansible group exists - group: - name: "{{ kayobe_ansible_user }}" - state: present - become: True + - block: + - name: Ensure the Kayobe Ansible group exists + group: + name: "{{ kayobe_ansible_user }}" + state: present - - name: Ensure the Kayobe Ansible user account exists - user: - name: "{{ kayobe_ansible_user }}" - group: "{{ kayobe_ansible_user }}" - comment: "Kayobe Ansible SSH access" - state: present - become: True + - name: Ensure the Kayobe Ansible user account exists + user: + name: "{{ kayobe_ansible_user }}" + group: "{{ kayobe_ansible_user }}" + comment: "Kayobe Ansible SSH access" + state: present - - name: Ensure the Kayobe Ansible user has passwordless sudo - copy: - content: "{{ kayobe_ansible_user }} ALL=(ALL) NOPASSWD: ALL" - dest: "/etc/sudoers.d/kayobe-ansible-user" - mode: 0440 - become: True + - name: Ensure the Kayobe Ansible user has passwordless sudo + copy: + content: "{{ kayobe_ansible_user }} ALL=(ALL) NOPASSWD: ALL" + dest: "/etc/sudoers.d/kayobe-ansible-user" + mode: 0440 - - name: Ensure the Kayobe Ansible user has authorized our SSH key - authorized_key: - user: "{{ kayobe_ansible_user }}" - key: "{{ lookup('file', ssh_public_key_path) }}" + - name: Ensure the Kayobe Ansible user has authorized our SSH key + authorized_key: + user: "{{ kayobe_ansible_user }}" + key: "{{ lookup('file', ssh_public_key_path) }}" become: True diff --git a/ansible/seed-vm.yml b/ansible/seed-vm.yml index a1aaa4338..b070a2e4e 100644 --- a/ansible/seed-vm.yml +++ b/ansible/seed-vm.yml @@ -4,12 +4,32 @@ vars: seed_host: "{{ groups['seed'][0] }}" seed_hostvars: "{{ hostvars[seed_host] }}" + seed_user_data_path: "{{ image_cache_path }}/seed-vm-user-data" pre_tasks: + - name: Verify the seed host exists in the Ansible inventory + fail: + msg: > + There should be exactly one host in the seed group. There are + currently {{ groups['seed'] | length }}. + when: "{{ groups['seed'] | length != 1 }}" + - name: Ensure the image cache directory exists file: path: "{{ image_cache_path }}" state: directory + # The user data script is used to bring up the network interfaces that will + # be configured by metadata in the configdrive. It could be used for other + # things in future if necessary. + - name: Ensure the user data file exists + copy: + content: | + #!/bin/bash + {% for interface in seed_hostvars.seed_vm_interfaces | map(attribute='net_name') | map('net_interface', seed_host) %} + ifup {{ interface }} + {% endfor %} + dest: "{{ seed_user_data_path }}" + roles: - role: jriguera.configdrive # For now assume the VM OS family is the same as the hypervisor's. @@ -30,6 +50,7 @@ map(attribute='net_name') | map('net_configdrive_network_device', seed_host) | list }} + configdrive_config_user_data_path: "{{ seed_user_data_path }}" tasks: - name: Set a fact containing the configdrive image path @@ -42,10 +63,13 @@ | gunzip > {{ seed_vm_configdrive_path }} - - name: Ensure compressed configdrive is removed + - name: Ensure unnecessary files are removed file: - path: "{{ image_cache_path }}/{{ seed_host | to_uuid }}.gz" + path: "{{ item }}" state: absent + with_items: + - "{{ seed_user_data_path }}" + - "{{ image_cache_path }}/{{ seed_host | to_uuid }}.gz" - name: Ensure that the seed VM is provisioned hosts: seed-hypervisor @@ -53,7 +77,7 @@ seed_host: "{{ groups['seed'][0] }}" seed_hostvars: "{{ hostvars[seed_host] }}" pre_tasks: - - name: Check the size of the configdrive + - name: Check the size of the configdrive image stat: path: "{{ seed_vm_configdrive_path }}" register: stat_result @@ -77,44 +101,9 @@ become: True tasks: - - name: Check the seed VM's IP address - shell: virsh domifaddr {{ seed_vm_name }} | awk 'NR > 2 { print $4 }' - register: ifaddr_result - changed_when: False - become: True - until: "{{ ifaddr_result | failed or ifaddr_result.stdout != '' }}" - retries: 60 - delay: 1 - - - name: Ensure the inventory contains a group variables directory for the seed - local_action: - module: file - path: "{{ item.path }}" - state: directory - become: "{{ item.become | bool }}" - with_items: - - { path: "{{ kayobe_config_path }}/inventory/group_vars/seed", become: False } - - # Generate inventory group variable files for the seed VM. Note that this - # host will not be accessible to this instance of Ansible - another process - # should be started. - - name: Ensure the inventory contains a group variables file for the seed - local_action: - module: copy - content: | - --- - # Do not edit this file - it is managed by Ansible and changes will be lost. - # Ansible inventory file for the Kayobe seed VM. - # This host will provide the Bifrost undercloud. - ansible_host: "{{ ifaddr_result.stdout_lines[0] | ipaddr('address') }}" - dest: "{{ item.path }}" - become: "{{ item.become | bool }}" - with_items: - - { path: "{{ kayobe_config_path }}/inventory/group_vars/seed/ansible-host", become: False } - - name: Wait for SSH access to the seed VM local_action: module: wait_for - host: "{{ ifaddr_result.stdout_lines[0] | ipaddr('address') }}" + host: "{{ seed_hostvars.ansible_host }}" port: 22 state: started diff --git a/etc/kayobe/seed-vm.yml b/etc/kayobe/seed-vm.yml index e5e12ffea..e9fe71773 100644 --- a/etc/kayobe/seed-vm.yml +++ b/etc/kayobe/seed-vm.yml @@ -29,10 +29,6 @@ # Base image for the seed VM root volume. #seed_vm_root_image: -# User with which to access the seed VM via SSH during bootstrap, in order to -# setup the Kayobe user account. -#seed_vm_bootstrap_user: - ############################################################################### # Dummy variable to allow Ansible to accept this file. workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/seed.yml b/etc/kayobe/seed.yml index 82b623a18..bd179ce7a 100644 --- a/etc/kayobe/seed.yml +++ b/etc/kayobe/seed.yml @@ -1,6 +1,11 @@ --- +############################################################################### # Seed node configuration. +# User with which to access the seed via SSH during bootstrap, in order to +# setup the Kayobe user account. +#seed_bootstrap_user: + ############################################################################### # Network interface attachments. diff --git a/kayobe/cli/commands.py b/kayobe/cli/commands.py index 5148615b4..c826076ad 100644 --- a/kayobe/cli/commands.py +++ b/kayobe/cli/commands.py @@ -149,6 +149,8 @@ class SeedVMProvision(KollaAnsibleMixin, KayobeAnsibleMixin, Command): def take_action(self, parsed_args): self.app.LOG.debug("Provisioning seed VM") + ansible.run_playbook(parsed_args, "ansible/ip-allocation.yml", + limit="seed") ansible.run_playbook(parsed_args, "ansible/seed-vm.yml") # Now populate the Kolla Ansible inventory. ansible.run_playbook(parsed_args, "ansible/kolla-ansible.yml",