From 52833cf48186699d5d90891d5885595d4b42fcb7 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Thu, 16 Mar 2017 13:56:42 +0000 Subject: [PATCH] Use static IP on provisioning network to access the seed This saves us some messing around with the dynamic libvirt IP address and writing out the IP address to the Ansible inventory. --- ansible/group_vars/all/seed | 7 +++ ansible/group_vars/all/seed-vm | 4 -- ansible/group_vars/controllers/ansible-user | 4 ++ ansible/group_vars/seed/ansible-host | 3 + ansible/group_vars/seed/ansible-user | 6 +- ansible/kayobe-ansible-user.yml | 44 +++++++------- ansible/seed-vm.yml | 67 +++++++++------------ etc/kayobe/seed-vm.yml | 4 -- etc/kayobe/seed.yml | 5 ++ kayobe/cli/commands.py | 2 + 10 files changed, 75 insertions(+), 71 deletions(-) create mode 100644 ansible/group_vars/seed/ansible-host diff --git a/ansible/group_vars/all/seed b/ansible/group_vars/all/seed index 2530538cd..3d17faebf 100644 --- a/ansible/group_vars/all/seed +++ b/ansible/group_vars/all/seed @@ -1,4 +1,11 @@ --- +############################################################################### +# Seed node configuration. + +# User with which to access the seed via SSH during bootstrap, in order to +# setup the Kayobe user account. +seed_bootstrap_user: "{{ lookup('env', 'USER') }}" + ############################################################################### # Seed node LVM configuration. diff --git a/ansible/group_vars/all/seed-vm b/ansible/group_vars/all/seed-vm index bd593aa36..c3098816a 100644 --- a/ansible/group_vars/all/seed-vm +++ b/ansible/group_vars/all/seed-vm @@ -52,7 +52,3 @@ seed_vm_data_capacity: 100G # Format of the seed VM data volume. seed_vm_data_format: qcow2 - -# User with which to access the seed VM via SSH during bootstrap, in order to -# setup the Kayobe user account. -seed_vm_bootstrap_user: "{{ lookup('env', 'USER') }}" diff --git a/ansible/group_vars/controllers/ansible-user b/ansible/group_vars/controllers/ansible-user index b411db836..784bac7cb 100644 --- a/ansible/group_vars/controllers/ansible-user +++ b/ansible/group_vars/controllers/ansible-user @@ -1,3 +1,7 @@ --- # User with which to access the controllers via SSH. ansible_user: "{{ kayobe_ansible_user }}" + +# User with which to access the controllers before the kayobe_ansible_user +# account has been created. +bootstrap_user: "{{ controller_bootstrap_user }}" diff --git a/ansible/group_vars/seed/ansible-host b/ansible/group_vars/seed/ansible-host new file mode 100644 index 000000000..bb6cb26ac --- /dev/null +++ b/ansible/group_vars/seed/ansible-host @@ -0,0 +1,3 @@ +--- +# Host/IP with which to access the seed via SSH. +ansible_host: "{{ provision_oc_net_name | net_ip }}" diff --git a/ansible/group_vars/seed/ansible-user b/ansible/group_vars/seed/ansible-user index 2d577280f..0b8d64d07 100644 --- a/ansible/group_vars/seed/ansible-user +++ b/ansible/group_vars/seed/ansible-user @@ -1,3 +1,7 @@ --- -# User with which to access the seed VM via SSH. +# User with which to access the seed via SSH. ansible_user: "{{ kayobe_ansible_user }}" + +# User with which to access the seed before the kayobe_ansible_user account has +# been created. +bootstrap_user: "{{ seed_bootstrap_user }}" diff --git a/ansible/kayobe-ansible-user.yml b/ansible/kayobe-ansible-user.yml index a6019e783..1c4a01517 100644 --- a/ansible/kayobe-ansible-user.yml +++ b/ansible/kayobe-ansible-user.yml @@ -2,31 +2,29 @@ - name: Ensure the Kayobe Ansible user account exists hosts: seed:controllers vars: - ansible_user: "{{ seed_vm_bootstrap_user if inventory_hostname in groups['seed'] else controller_bootstrap_user }}" + ansible_user: "{{ bootstrap_user }}" tasks: - - name: Ensure the Kayobe Ansible group exists - group: - name: "{{ kayobe_ansible_user }}" - state: present - become: True + - block: + - name: Ensure the Kayobe Ansible group exists + group: + name: "{{ kayobe_ansible_user }}" + state: present - - name: Ensure the Kayobe Ansible user account exists - user: - name: "{{ kayobe_ansible_user }}" - group: "{{ kayobe_ansible_user }}" - comment: "Kayobe Ansible SSH access" - state: present - become: True + - name: Ensure the Kayobe Ansible user account exists + user: + name: "{{ kayobe_ansible_user }}" + group: "{{ kayobe_ansible_user }}" + comment: "Kayobe Ansible SSH access" + state: present - - name: Ensure the Kayobe Ansible user has passwordless sudo - copy: - content: "{{ kayobe_ansible_user }} ALL=(ALL) NOPASSWD: ALL" - dest: "/etc/sudoers.d/kayobe-ansible-user" - mode: 0440 - become: True + - name: Ensure the Kayobe Ansible user has passwordless sudo + copy: + content: "{{ kayobe_ansible_user }} ALL=(ALL) NOPASSWD: ALL" + dest: "/etc/sudoers.d/kayobe-ansible-user" + mode: 0440 - - name: Ensure the Kayobe Ansible user has authorized our SSH key - authorized_key: - user: "{{ kayobe_ansible_user }}" - key: "{{ lookup('file', ssh_public_key_path) }}" + - name: Ensure the Kayobe Ansible user has authorized our SSH key + authorized_key: + user: "{{ kayobe_ansible_user }}" + key: "{{ lookup('file', ssh_public_key_path) }}" become: True diff --git a/ansible/seed-vm.yml b/ansible/seed-vm.yml index a1aaa4338..b070a2e4e 100644 --- a/ansible/seed-vm.yml +++ b/ansible/seed-vm.yml @@ -4,12 +4,32 @@ vars: seed_host: "{{ groups['seed'][0] }}" seed_hostvars: "{{ hostvars[seed_host] }}" + seed_user_data_path: "{{ image_cache_path }}/seed-vm-user-data" pre_tasks: + - name: Verify the seed host exists in the Ansible inventory + fail: + msg: > + There should be exactly one host in the seed group. There are + currently {{ groups['seed'] | length }}. + when: "{{ groups['seed'] | length != 1 }}" + - name: Ensure the image cache directory exists file: path: "{{ image_cache_path }}" state: directory + # The user data script is used to bring up the network interfaces that will + # be configured by metadata in the configdrive. It could be used for other + # things in future if necessary. + - name: Ensure the user data file exists + copy: + content: | + #!/bin/bash + {% for interface in seed_hostvars.seed_vm_interfaces | map(attribute='net_name') | map('net_interface', seed_host) %} + ifup {{ interface }} + {% endfor %} + dest: "{{ seed_user_data_path }}" + roles: - role: jriguera.configdrive # For now assume the VM OS family is the same as the hypervisor's. @@ -30,6 +50,7 @@ map(attribute='net_name') | map('net_configdrive_network_device', seed_host) | list }} + configdrive_config_user_data_path: "{{ seed_user_data_path }}" tasks: - name: Set a fact containing the configdrive image path @@ -42,10 +63,13 @@ | gunzip > {{ seed_vm_configdrive_path }} - - name: Ensure compressed configdrive is removed + - name: Ensure unnecessary files are removed file: - path: "{{ image_cache_path }}/{{ seed_host | to_uuid }}.gz" + path: "{{ item }}" state: absent + with_items: + - "{{ seed_user_data_path }}" + - "{{ image_cache_path }}/{{ seed_host | to_uuid }}.gz" - name: Ensure that the seed VM is provisioned hosts: seed-hypervisor @@ -53,7 +77,7 @@ seed_host: "{{ groups['seed'][0] }}" seed_hostvars: "{{ hostvars[seed_host] }}" pre_tasks: - - name: Check the size of the configdrive + - name: Check the size of the configdrive image stat: path: "{{ seed_vm_configdrive_path }}" register: stat_result @@ -77,44 +101,9 @@ become: True tasks: - - name: Check the seed VM's IP address - shell: virsh domifaddr {{ seed_vm_name }} | awk 'NR > 2 { print $4 }' - register: ifaddr_result - changed_when: False - become: True - until: "{{ ifaddr_result | failed or ifaddr_result.stdout != '' }}" - retries: 60 - delay: 1 - - - name: Ensure the inventory contains a group variables directory for the seed - local_action: - module: file - path: "{{ item.path }}" - state: directory - become: "{{ item.become | bool }}" - with_items: - - { path: "{{ kayobe_config_path }}/inventory/group_vars/seed", become: False } - - # Generate inventory group variable files for the seed VM. Note that this - # host will not be accessible to this instance of Ansible - another process - # should be started. - - name: Ensure the inventory contains a group variables file for the seed - local_action: - module: copy - content: | - --- - # Do not edit this file - it is managed by Ansible and changes will be lost. - # Ansible inventory file for the Kayobe seed VM. - # This host will provide the Bifrost undercloud. - ansible_host: "{{ ifaddr_result.stdout_lines[0] | ipaddr('address') }}" - dest: "{{ item.path }}" - become: "{{ item.become | bool }}" - with_items: - - { path: "{{ kayobe_config_path }}/inventory/group_vars/seed/ansible-host", become: False } - - name: Wait for SSH access to the seed VM local_action: module: wait_for - host: "{{ ifaddr_result.stdout_lines[0] | ipaddr('address') }}" + host: "{{ seed_hostvars.ansible_host }}" port: 22 state: started diff --git a/etc/kayobe/seed-vm.yml b/etc/kayobe/seed-vm.yml index e5e12ffea..e9fe71773 100644 --- a/etc/kayobe/seed-vm.yml +++ b/etc/kayobe/seed-vm.yml @@ -29,10 +29,6 @@ # Base image for the seed VM root volume. #seed_vm_root_image: -# User with which to access the seed VM via SSH during bootstrap, in order to -# setup the Kayobe user account. -#seed_vm_bootstrap_user: - ############################################################################### # Dummy variable to allow Ansible to accept this file. workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/seed.yml b/etc/kayobe/seed.yml index 82b623a18..bd179ce7a 100644 --- a/etc/kayobe/seed.yml +++ b/etc/kayobe/seed.yml @@ -1,6 +1,11 @@ --- +############################################################################### # Seed node configuration. +# User with which to access the seed via SSH during bootstrap, in order to +# setup the Kayobe user account. +#seed_bootstrap_user: + ############################################################################### # Network interface attachments. diff --git a/kayobe/cli/commands.py b/kayobe/cli/commands.py index 5148615b4..c826076ad 100644 --- a/kayobe/cli/commands.py +++ b/kayobe/cli/commands.py @@ -149,6 +149,8 @@ class SeedVMProvision(KollaAnsibleMixin, KayobeAnsibleMixin, Command): def take_action(self, parsed_args): self.app.LOG.debug("Provisioning seed VM") + ansible.run_playbook(parsed_args, "ansible/ip-allocation.yml", + limit="seed") ansible.run_playbook(parsed_args, "ansible/seed-vm.yml") # Now populate the Kolla Ansible inventory. ansible.run_playbook(parsed_args, "ansible/kolla-ansible.yml",