Update deploy-env role

When generating keys and sharing them between nodes
in a multinode env it is important that task which
generates keys is finished before trying to use these
keys on another node.

The PR splits the Ansible block into two blocks and
makes sure the playbook deploy-env is run with the linear
strategy. Thus we can be sure that keys are first generated
on all affected nodes and only then are used to setup
tunnels and passwordless ssh.

Change-Id: I9985855d7909aa5365876a24e2a806ab6be1dd7c
This commit is contained in:
Vladimir Kozhukalov 2024-07-19 12:58:39 -05:00
parent c68a4ff43e
commit a5f6eb6ed4
3 changed files with 28 additions and 22 deletions

View File

@ -12,6 +12,7 @@
--- ---
- hosts: all - hosts: all
strategy: linear
become: true become: true
gather_facts: true gather_facts: true
roles: roles:

View File

@ -11,28 +11,28 @@
# limitations under the License. # limitations under the License.
--- ---
- name: Setup passwordless ssh from primary and cluster nodes - name: Set client user home directory
block:
- name: Set client user home directory
set_fact: set_fact:
client_user_home_directory: /home/{{ client_ssh_user }} client_user_home_directory: /home/{{ client_ssh_user }}
when: client_ssh_user != "root" when: client_ssh_user != "root"
- name: Set client user home directory - name: Set client user home directory
set_fact: set_fact:
client_user_home_directory: /root client_user_home_directory: /root
when: client_ssh_user == "root" when: client_ssh_user == "root"
- name: Set cluster user home directory - name: Set cluster user home directory
set_fact: set_fact:
cluster_user_home_directory: /home/{{ cluster_ssh_user }} cluster_user_home_directory: /home/{{ cluster_ssh_user }}
when: cluster_ssh_user != "root" when: cluster_ssh_user != "root"
- name: Set cluster user home directory - name: Set cluster user home directory
set_fact: set_fact:
cluster_user_home_directory: /root cluster_user_home_directory: /root
when: cluster_ssh_user == "root" when: cluster_ssh_user == "root"
- name: Setup ssh keys
block:
- name: Generate ssh key pair - name: Generate ssh key pair
shell: | shell: |
ssh-keygen -t ed25519 -q -N "" -f {{ client_user_home_directory }}/.ssh/id_ed25519 ssh-keygen -t ed25519 -q -N "" -f {{ client_user_home_directory }}/.ssh/id_ed25519
@ -45,6 +45,8 @@
register: ssh_public_key register: ssh_public_key
when: (inventory_hostname in (groups['primary'] | default([]))) when: (inventory_hostname in (groups['primary'] | default([])))
- name: Setup passwordless ssh from primary and cluster nodes
block:
- name: Set primary ssh public key - name: Set primary ssh public key
set_fact: set_fact:
client_ssh_public_key: "{{ (groups['primary'] | map('extract', hostvars, ['ssh_public_key', 'stdout']))[0] }}" client_ssh_public_key: "{{ (groups['primary'] | map('extract', hostvars, ['ssh_public_key', 'stdout']))[0] }}"

View File

@ -19,7 +19,7 @@
set_fact: set_fact:
client_default_ip: "{{ (groups['primary'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']))[0] }}" client_default_ip: "{{ (groups['primary'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']))[0] }}"
- name: Setup wireguard tunnel between primary and cluster control-plane node - name: Setup wireguard keys
when: (groups['primary'] | difference(groups['k8s_control_plane']) | length > 0) when: (groups['primary'] | difference(groups['k8s_control_plane']) | length > 0)
block: block:
- name: Generate wireguard key pair - name: Generate wireguard key pair
@ -33,6 +33,9 @@
register: wg_public_key register: wg_public_key
when: (inventory_hostname in (groups['primary'] | default([]))) or (inventory_hostname in (groups['k8s_control_plane'] | default([]))) when: (inventory_hostname in (groups['primary'] | default([]))) or (inventory_hostname in (groups['k8s_control_plane'] | default([])))
- name: Setup wireguard tunnel between primary and cluster control-plane node
when: (groups['primary'] | difference(groups['k8s_control_plane']) | length > 0)
block:
- name: Set primary wireguard public key - name: Set primary wireguard public key
set_fact: set_fact:
client_wg_public_key: "{{ (groups['primary'] | map('extract', hostvars, ['wg_public_key', 'stdout']))[0] }}" client_wg_public_key: "{{ (groups['primary'] | map('extract', hostvars, ['wg_public_key', 'stdout']))[0] }}"