x/tobiko
Code Issues Proposed changes

Fix tobiko-ensure-ssh-keys to work out of Vagrant

Browse Source 
Change-Id: Ice2ad3d8deff8b6976422618717679e647228ac3
This commit is contained in:
Federico Ressi
2022-02-04 16:50:29 +01:00
parent a694d585b1
commit e51e2f70ca
7 changed files with 118 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
playbooks/tripleo/pre.yaml
View File

@@ -3,10 +3,7 @@
- hosts: primary - hosts: primary
roles: roles:
- tobiko-zuul - tobiko-zuul
- tobiko-ensure-ssh-keys
- tobiko-configure - tobiko-configure
- ci-common-vars
- name: "import tripleo-ci common role" - run-test
role: ci-common-vars
- name: "install tripleo"
role: run-test

2
roles/tests/Vagrantfile vendored
View File

@@ -118,7 +118,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
ansible.extra_vars = { ansible.extra_vars = {
'vagrant_nodes' => NODES, 'vagrant_nodes' => NODES,
'vagrant_groups' => GROUPS, 'vagrant_groups' => GROUPS,
'ssh_key_file' => SSH_KEY_FILE, 'ssh_local_key_file' => SSH_KEY_FILE,
'rh_username' => RH_USERNAME, 'rh_username' => RH_USERNAME,
'rh_password' => RH_PASSWORD, 'rh_password' => RH_PASSWORD,
'tobiko_src_dir' => TOBIKO_SRC_DIR, 'tobiko_src_dir' => TOBIKO_SRC_DIR,

168
roles/tests/provision.yaml
View File

@@ -1,8 +1,79 @@
--- ---
- hosts: all - hosts: all
roles:
- tobiko-ensure-ssh-keys
tasks: tasks:
- name: 'disable tempfs on Fedora' - name: copy /etc/resolv.conf
become: yes
copy:
src: /etc/resolv.conf
dest: /etc/resolv.conf
owner: root
group: root
mode: '0644'
- name: make /etc/hosts
become: yes
template:
src: hosts.j2
dest: /etc/hosts
owner: root
mode: '0644'
- name: make ~/.ssh/config file with all nodes
template:
src: ssh_config.j2
dest: /home/vagrant/.ssh/config
owner: vagrant
mode: '0600'
- name: check ICMP connectivity
shell: |
set -xe
ping -c 1 '{{ item.1.ip }}'
ping -c 1 '{{ item.1.hostname }}'
changed_when: false
register: check_icmp_connectivity
loop: '{{ vagrant_nodes | dictsort }}'
- name: check SSH connectivity via hostname
shell: |
set -xe
ssh '{{ item.1.ip }}' hostname
ssh '{{ item.1.hostname }}' hostname
ssh '{{ item.0 }}' hostname
changed_when: false
register: check_ssh_connectivity
loop: '{{ vagrant_nodes | dictsort }}'
- hosts: primary
tasks:
- name: set test_inventory_hostvars_yaml fact
set_fact:
test_inventory_hostvars_yaml: |
---
{% for name, node in (vagrant_nodes | dictsort) %}
{{ name }}:
ansible_host: {{ node.hostname }}
{% endfor %}
- name: set test_inventory_hostvars fact
set_fact:
test_inventory_hostvars:
'{{ test_inventory_hostvars_yaml | from_yaml }}'
test_inventory_groups: '{{ vagrant_groups }}'
- debug: var=test_inventory_hostvars
- debug: var=test_inventory_groups
- include_role: name=tobiko-inventory
- hosts: all
tasks:
- name: disable tempfs on Fedora
become: yes become: yes
command: systemctl mask tmp.mount # noqa 303 command: systemctl mask tmp.mount # noqa 303
when: ansible_distribution == 'Fedora' when: ansible_distribution == 'Fedora'
@@ -19,41 +90,7 @@
- rh_username is defined - rh_username is defined
- (rh_username | length) > 0 - (rh_username | length) > 0
- name: update APT database
- hosts: primary
tasks:
- name: "copy /etc/resolv.conf"
become: yes
copy:
src: /etc/resolv.conf
dest: /etc/resolv.conf
owner: root
group: root
mode: '0644'
- name: "make /etc/hosts"
become: yes
template:
src: 'hosts.j2'
dest: '/etc/hosts'
owner: root
mode: '0644'
- name: "make ~/.ssh/config file with all Vagrant nodes"
template:
src: 'ssh_config.j2'
dest: '/home/vagrant/.ssh/config'
owner: vagrant
mode: '0600'
- include_role:
name: tobiko-ensure-ssh-keys
- hosts: all
tasks:
- name: "update APT database"
apt: apt:
update_cache: yes update_cache: yes
cache_valid_time: 3600 cache_valid_time: 3600
@@ -61,66 +98,19 @@
when: when:
- ansible_os_family == 'Debian' - ansible_os_family == 'Debian'
- name: "set authorized SSH key taken from '{{ ssh_key_file }}'"
authorized_key:
user: vagrant
state: present
key: "{{ lookup('file', ssh_key_file + '.pub') }}"
- name: "ensure deploy tools are installed" - hosts: primary
roles:
- tobiko-common
tasks:
- name: ensure deploy tools are installed
become: true become: true
package: name='{{ item }}' package: name='{{ item }}'
loop: loop:
- git - git
- rsync - rsync
- name: copy '{{ tobiko_src_dir }}' to '{{ tobiko_dir }}'
- hosts: primary
tasks:
- name: "check ICMP connectivity"
shell: |
set -xe
ping -c 1 '{{ item.1.ip }}'
ping -c 1 '{{ item.1.hostname }}'
changed_when: false
register: check_icmp_connectivity
loop: '{{ vagrant_nodes | dictsort }}'
- name: "check SSH connectivity via hostname"
shell: |
set -xe
ssh '{{ item.1.ip }}' hostname
ssh '{{ item.1.hostname }}' hostname
ssh '{{ item.0 }}' hostname
changed_when: false
register: check_ssh_connectivity
loop: '{{ vagrant_nodes | dictsort }}'
- name: "set test_inventory_hostvars_yaml fact"
set_fact:
test_inventory_hostvars_yaml: |
---
{% for name, node in (vagrant_nodes | dictsort) %}
{{ name }}:
ansible_host: {{ node.hostname }}
{% endfor %}
- name: "set test_inventory_hostvars fact"
set_fact:
test_inventory_hostvars:
'{{ test_inventory_hostvars_yaml | from_yaml }}'
test_inventory_groups: '{{ vagrant_groups }}'
- debug: var=test_inventory_hostvars
- debug: var=test_inventory_groups
- hosts: primary
roles:
- role: tobiko-inventory
tasks:
- name: "copy '{{ tobiko_src_dir }}' to '{{ tobiko_dir }}'"
synchronize: synchronize:
src: "{{ tobiko_src_dir | realpath }}/." src: "{{ tobiko_src_dir | realpath }}/."
dest: "{{ tobiko_dir }}" dest: "{{ tobiko_dir }}"

4
roles/tests/templates/ssh_config.j2
View File

@@ -4,9 +4,9 @@
{% for node in (vagrant_nodes | dictsort) %} {% for node in (vagrant_nodes | dictsort) %}
Host {{ node.0 }} {{ node.1.hostname }} {{ node.1.ip }} Host {{ node.0 }} {{ node.1.hostname }} {{ node.1.ip }}
Hostname {{ node.1.hostname }} Hostname {{ node.1.hostname }}
User vagrant User {{ ssh_key_user }}
StrictHostkeyChecking no StrictHostkeyChecking no
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
IdentityFile ~/.ssh/id_ecdsa IdentityFile {{ ssh_key_file }}
{% endfor %} {% endfor %}

3
roles/tobiko-ensure-ssh-keys/defaults/main.yaml
View File

@@ -1,3 +0,0 @@
---
ssh_key_file: '{{ playbook_dir }}/ssh_identity'

35
roles/tobiko-ensure-ssh-keys/tasks/main.yaml
View File

@@ -1,22 +1,39 @@
--- ---
- name: "generate local SSH key '{{ ssh_key_file }}'" - name: generate local SSH key file ({{ ssh_local_key_file }})
openssh_keypair: openssh_keypair:
path: '{{ ssh_key_file }}' path: '{{ ssh_local_key_file }}'
type: ecdsa type: '{{ ssh_key_algorithm }}'
size: 521 size: '{{ ssh_key_size }}'
state: present state: present
force: no force: no
delegate_to: localhost delegate_to: localhost
- name: make sure '{{ ssh_key_file | dirname }}' directory exists
file:
state: directory
path: '{{ ssh_key_file | dirname }}'
mode: 0700
- name: "copy '{{ ssh_key_file }}' file to host" - name: copy '{{ ssh_local_key_file }}' file to '{{ ssh_key_file }}'
copy: copy:
src: '{{ ssh_key_file }}{{ item }}' src: '{{ ssh_local_key_file }}{{ item }}'
dest: '/home/vagrant/.ssh/id_ecdsa{{ item }}' dest: '{{ ssh_key_file }}{{ item }}'
owner: vagrant owner: '{{ ssh_key_user }}'
group: vagrant group: '{{ ssh_key_user }}'
mode: '0600' mode: '0600'
loop: loop:
- '' - ''
- '.pub' - '.pub'
- name: enable access via key file on all nodes
authorized_key:
user: '{{ ssh_key_user }}'
state: present
key: "{{ lookup('file', ssh_local_key_file + '.pub') }}"
- name: set facts
set_fact:
ssh_key_file: '{{ ssh_key_file }}'
ssh_key_user: '{{ ssh_key_user }}'

7
roles/tobiko-ensure-ssh-keys/vars/main.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
ssh_local_key_file: '{{ playbook_dir }}/ssh_identity'
ssh_key_file: '{{ ansible_user_dir }}/.ssh/id_{{ ssh_key_algorithm }}'
ssh_key_algorithm: ecdsa
ssh_key_size: 521
ssh_key_user: '{{ ansible_ssh_user }}'