openstack
/
kolla-ansible
Code Issues Proposed changes

Don't use 'become' in CI tests 

Kolla Ansible now claims [1] to support executing as a user other than
root.  We should ensure that this is tested in CI.

This change removes the 'become' from hosts in the inventory, and sets
the remote user to 'kolla', as configured via the bootstrap-servers
command. The bootstrap-servers command and other ansible commands
executed before it still need to execute as the zuul user and not as
kolla, since kolla does not exist yet.

The autogenerated SSH private key in passwords.yml is now added to the
zuul user's SSH config, such that it can SSH as the kolla user, which
has authorised this key.

[1]
https://blueprints.launchpad.net/kolla-ansible/+spec/ansible-specific-task-become

Change-Id: I8f3587e2908bc5b8889cd6fbc01981a6186d33e6
This commit is contained in:
Mark Goddard 2018-09-27 14:00:52 +01:00
parent b50917fe2c
commit 8399fc7813
3 changed files with 36 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
tests/run.yml
View File

@ -89,12 +89,6 @@
when: scenario == "bifrost"
delegate_to: "primary"
- name: copy passwords.yml file
copy:
src: "{{ kolla_ansible_full_src_dir }}/etc/kolla/passwords.yml"
dest: /etc/kolla/passwords.yml
delegate_to: "primary"
- name: ensure /etc/docker exists
file:
path: "/etc/docker"
@ -110,15 +104,39 @@
dest: "/etc/docker/daemon.json"
become: true
- name: install kolla-ansible requirements
pip:
requirements: "{{ ansible_env.HOME }}/{{ kolla_ansible_src_dir }}/requirements.txt"
become: true
- name: copy passwords.yml file
copy:
src: "{{ kolla_ansible_full_src_dir }}/etc/kolla/passwords.yml"
dest: /etc/kolla/passwords.yml
- name: generate passwords
shell: "{{ kolla_ansible_src_dir }}/tools/generate_passwords.py"
delegate_to: "primary"
- name: slurp kolla passwords
slurp:
src: /etc/kolla/passwords.yml
register: passwords_yml
- name: write out kolla SSH private key
copy:
content: "{{ (passwords_yml.content | b64decode | from_yaml).kolla_ssh_key.private_key }}"
dest: ~/.ssh/id_rsa_kolla
mode: 0600
- name: authorise kolla public key for zuul user
authorized_key:
user: "{{ ansible_env.USER }}"
key: "{{ (passwords_yml.content | b64decode | from_yaml).kolla_ssh_key.public_key }}"
# Delegate to each host in turn. If more tasks require execution on all
# hosts in future, break out into a separate play.
with_inventory_hostnames:
- all
delegate_to: "{{ item }}"
- name: generate ceph config overrides
template:

12
tests/templates/inventory.j2
View File

@ -2,32 +2,32 @@
# additional groups are for more control of the environment.
[control]
{% for host in hostvars %}
{{ host }} ansible_host={{ hostvars[host]['ansible_host'] }} ansible_become=true ansible_user={{ hostvars[host]['ansible_user'] }}
{{ host }} ansible_host={{ hostvars[host]['ansible_host'] }} ansible_user=kolla ansible_ssh_private_key_file={{ ansible_env.HOME ~ '/.ssh/id_rsa_kolla' }}
{% endfor %}
[network]
{% for host in hostvars %}
{{ host }} ansible_host={{ hostvars[host]['ansible_host'] }} ansible_become=true ansible_user={{ hostvars[host]['ansible_user'] }}
{{ host }} ansible_host={{ hostvars[host]['ansible_host'] }} ansible_user=kolla ansible_ssh_private_key_file={{ ansible_env.HOME ~ '/.ssh/id_rsa_kolla' }}
{% endfor %}
[compute]
{% for host in hostvars %}
{{ host }} ansible_host={{ hostvars[host]['ansible_host'] }} ansible_become=true ansible_user={{ hostvars[host]['ansible_user'] }}
{{ host }} ansible_host={{ hostvars[host]['ansible_host'] }} ansible_user=kolla ansible_ssh_private_key_file={{ ansible_env.HOME ~ '/.ssh/id_rsa_kolla' }}
{% endfor %}
[storage]
{% for host in hostvars %}
{{ host }} ansible_host={{ hostvars[host]['ansible_host'] }} ansible_become=true ansible_user={{ hostvars[host]['ansible_user'] }}
{{ host }} ansible_host={{ hostvars[host]['ansible_host'] }} ansible_user=kolla ansible_ssh_private_key_file={{ ansible_env.HOME ~ '/.ssh/id_rsa_kolla' }}
{% endfor %}
[monitoring]
{% for host in hostvars %}
{{ host }} ansible_host={{ hostvars[host]['ansible_host'] }} ansible_become=true ansible_user={{ hostvars[host]['ansible_user'] }}
{{ host }} ansible_host={{ hostvars[host]['ansible_host'] }} ansible_user=kolla ansible_ssh_private_key_file={{ ansible_env.HOME ~ '/.ssh/id_rsa_kolla' }}
{% endfor %}
[deployment]
{% for host in hostvars %}
{{ host }} ansible_host={{ hostvars[host]['ansible_host'] }} ansible_become=true ansible_user={{ hostvars[host]['ansible_user'] }}
{{ host }} ansible_host={{ hostvars[host]['ansible_host'] }} ansible_user=kolla ansible_ssh_private_key_file={{ ansible_env.HOME ~ '/.ssh/id_rsa_kolla' }}
{% endfor %}
# You can explicitly specify which hosts run each project by updating the

8
tools/setup_gate.sh
View File

@ -98,11 +98,11 @@ host_key_checking = False
EOF
# Record the running state of the environment as seen by the setup module
ansible all -i ${RAW_INVENTORY} -m setup > /tmp/logs/ansible/initial-setup
ansible all -i ${RAW_INVENTORY} -e ansible_user=$USER -m setup > /tmp/logs/ansible/initial-setup
}
function setup_node {
ansible-playbook -i ${RAW_INVENTORY} tools/playbook-setup-nodes.yml
ansible-playbook -i ${RAW_INVENTORY} -e ansible_user=$USER tools/playbook-setup-nodes.yml
}
function prepare_images {
@ -141,7 +141,7 @@ function sanity_check {
function test_openstack {
# Create dummy interface for neutron
ansible -m shell -i ${RAW_INVENTORY} -a "ip l a fake_interface type dummy" all
ansible -m shell -i ${RAW_INVENTORY} -b -a "ip l a fake_interface type dummy" all
#TODO(inc0): Post-deploy complains that /etc/kolla is not writable. Probably we need to include become there
sudo chmod -R 777 /etc/kolla
@ -229,7 +229,7 @@ setup_ansible
setup_config
setup_node
tools/kolla-ansible -i ${RAW_INVENTORY} bootstrap-servers > /tmp/logs/ansible/bootstrap-servers
tools/kolla-ansible -i ${RAW_INVENTORY} -e ansible_user=$USER bootstrap-servers > /tmp/logs/ansible/bootstrap-servers
prepare_images
if [[ $ACTION != bifrost ]]; then