From cfa103dab7edcb86ba4629764e4a0cdc515152cf Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin@cloudnull.com>
Date: Mon, 21 Jan 2019 21:12:22 -0600
Subject: [PATCH] Update delegated setup hosts to support IP delegation

The option `skydive_service_setup_host` allows a user to define a
setup host target which could, or could not, be in the provided
inventory. Additionally a setup target host could also be simply
an IP reference. This change ensures that the playbooks and roles
respect the different setup host delegation node types by creating
in memory host entries and gathering facts on the dynamic
information when the target is not in inventory, is not in the
skydive_all group, or simply an IP.

Change-Id: I532abd7171ba9077759640e4bf18b9b517264426
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 skydive/buildSkydive.yml                      |  4 +-
 skydive/buildTraefik.yml                      |  4 +-
 skydive/installSkydive.yml                    | 41 ++++++++++++++++++-
 skydive/roles/skydive_analyzer/meta/main.yml  |  2 +-
 .../roles/skydive_common/defaults/main.yml    |  2 +-
 skydive/roles/skydive_common/tasks/main.yml   |  6 +++
 .../skydive_common/tasks/skydive_ssl.yml      | 25 +++++++++++
 .../templates/skydive-openssl.cnf.j2          | 14 ++++---
 skydive/roles/skydive_common/vars/debian.yml  |  1 +
 skydive/roles/skydive_common/vars/main.yml    |  2 +-
 skydive/roles/skydive_common/vars/redhat.yml  |  1 +
 skydive/roles/skydive_common/vars/suse.yml    |  1 +
 skydive/validateSkydive.yml                   |  3 +-
 13 files changed, 89 insertions(+), 17 deletions(-)

diff --git a/skydive/buildSkydive.yml b/skydive/buildSkydive.yml
index 8c38af61..0c14a736 100644
--- a/skydive/buildSkydive.yml
+++ b/skydive/buildSkydive.yml
@@ -22,9 +22,7 @@
 
 - name: Gather facts
   hosts: skydive_all
-  tasks:
-    - name: Gather facts on all hosts
-      setup: {}
+  gather_facts: true
   tags:
     - always
 
diff --git a/skydive/buildTraefik.yml b/skydive/buildTraefik.yml
index d263eb08..66fd0bd2 100644
--- a/skydive/buildTraefik.yml
+++ b/skydive/buildTraefik.yml
@@ -22,9 +22,7 @@
 
 - name: Gather facts
   hosts: traefik_all
-  tasks:
-    - name: Gather facts on all hosts
-      setup: {}
+  gather_facts: true
   tags:
     - always
 
diff --git a/skydive/installSkydive.yml b/skydive/installSkydive.yml
index fa97e94b..26f6971b 100644
--- a/skydive/installSkydive.yml
+++ b/skydive/installSkydive.yml
@@ -13,6 +13,42 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Setup localhost
+  hosts: localhost
+  connection: local
+  tags:
+    - always
+
+
+- name: Configure skydive-service-setup-host
+  hosts: skydive_all[0]
+  connection: local
+  become: yes
+  tasks:
+    # NOTE(cloudnull): When the host entry is an IP, these tasks will construct a basic
+    #                  host entry for the delegated node, which will ensure facts are
+    #                  available for the deployment host.
+    - name: Add dynamic host entry
+      add_host:
+        name: "{{ skydive_service_setup_host }}"
+        groups: skydive_all
+        ansible_host: "{{ skydive_service_setup_host }}"
+      when:
+        - ((skydive_service_setup_host is defined) and (skydive_service_setup_host | ipaddr)) or
+          (skydive_service_setup_host not in groups['all']) or
+          (skydive_service_setup_host not in groups['skydive_all'])
+  tags:
+    - always
+
+
+- name: Gather all facts
+  hosts: skydive_all
+  become: yes
+  gather_facts: yes
+  tags:
+    - always
+
+
 - name: Deploy skydive binaries
   hosts: skydive_agents:skydive_analyzers
   become: yes
@@ -130,6 +166,8 @@
   become: yes
   roles:
     - role: skydive_analyzer
+  vars:
+    skydive_service_setup_host: "{{ openstack_service_setup_host | default(groups['skydive_analyzers'][0]) }}"
   tags:
     - skydive-analyzer-setup
 
@@ -139,6 +177,7 @@
   become: yes
   roles:
     - role: skydive_agent
-      skydive_service_setup_host: "{{ openstack_service_setup_host | default(groups['skydive_analyzers'][0]) }}"
+  vars:
+    skydive_service_setup_host: "{{ openstack_service_setup_host | default(groups['skydive_analyzers'][0]) }}"
   tags:
     - skydive-agent-setup
diff --git a/skydive/roles/skydive_analyzer/meta/main.yml b/skydive/roles/skydive_analyzer/meta/main.yml
index 84ee0b6f..98d4078a 100644
--- a/skydive/roles/skydive_analyzer/meta/main.yml
+++ b/skydive/roles/skydive_analyzer/meta/main.yml
@@ -38,7 +38,7 @@ galaxy_info:
 dependencies:
   - role: traefik_common
     traefik_basic_auth_users: "{{ _skydive_basic_auth_users | combine(skydive_basic_auth_users) }}"
-    traffic_dashboard_bind: "{{ skydive_bind_address | default(hostvars[inventory_hostname]['ansible_' ~ (skydive_network_device | replace('-', '_') | string)]['ipv4']['address']) }}"
+    traffic_dashboard_bind: "{{ skydive_bind_address | default(hostvars[inventory_hostname]['ansible_' ~ ((skydive_network_device | default(ansible_default_ipv4['interface'])) | replace('-', '_') | string)]['ipv4']['address']) }}"
     traefik_dashboard_enabled: true
     traefik_destinations:
       elasticsearch:
diff --git a/skydive/roles/skydive_common/defaults/main.yml b/skydive/roles/skydive_common/defaults/main.yml
index 91a09909..ecfb769d 100644
--- a/skydive/roles/skydive_common/defaults/main.yml
+++ b/skydive/roles/skydive_common/defaults/main.yml
@@ -29,7 +29,7 @@ skydive_agent_port: 8081
 skydive_flow_protocol: udp
 
 # Set a particulare network interface used for skydive traffic
-skydive_network_device: "{{ ansible_default_ipv4['interface'] }}"
+# skydive_network_device: "{{ ansible_default_ipv4['interface'] }}"
 
 # The skydive bind address can also be used to set the specific bind address of
 # a given node running the skydive analyzer. By default this variable is undefined
diff --git a/skydive/roles/skydive_common/tasks/main.yml b/skydive/roles/skydive_common/tasks/main.yml
index c3b45e5d..6321a7e1 100644
--- a/skydive/roles/skydive_common/tasks/main.yml
+++ b/skydive/roles/skydive_common/tasks/main.yml
@@ -112,6 +112,12 @@
   when:
     - clouds_file['content'] is defined
 
+- name: Set network device fact
+  set_fact:
+    skydive_network_device: "{{ ansible_default_ipv4['interface'] }}"
+  when:
+    - skydive_network_device is undefined
+
 - include_tasks: skydive_setup.yml
 
 - include_tasks: skydive_ssl.yml
diff --git a/skydive/roles/skydive_common/tasks/skydive_ssl.yml b/skydive/roles/skydive_common/tasks/skydive_ssl.yml
index df45c4e0..83eaedbf 100644
--- a/skydive/roles/skydive_common/tasks/skydive_ssl.yml
+++ b/skydive/roles/skydive_common/tasks/skydive_ssl.yml
@@ -25,6 +25,31 @@
   run_once: true
   delegate_to: "{{ skydive_service_setup_host }}"
   block:
+    - name: create the system group
+      group:
+        name: "skydive"
+        state: "present"
+        system: "yes"
+
+    - name: Create the skydive user
+      user:
+        name: "skydive"
+        group: "skydive"
+        comment: "skydive user"
+        shell: "/bin/false"
+        createhome: "yes"
+        home: "/usr/share/skydive"
+
+    - name: Create skydive ssl path
+      file:
+        path: "{{ item }}"
+        state: directory
+        owner: "skydive"
+        group: "skydive"
+        mode: "0700"
+      with_items:
+        - "/var/lib/skydive/ssl"
+
     - name: Create CNF
       template:
         src: "skydive-openssl.cnf.j2"
diff --git a/skydive/roles/skydive_common/templates/skydive-openssl.cnf.j2 b/skydive/roles/skydive_common/templates/skydive-openssl.cnf.j2
index a5b5e91b..b3640e7b 100644
--- a/skydive/roles/skydive_common/templates/skydive-openssl.cnf.j2
+++ b/skydive/roles/skydive_common/templates/skydive-openssl.cnf.j2
@@ -24,14 +24,16 @@ subjectAltName = @alt_names
 {% set ips = [] %}
 {% set hostnames = [] %}
 {% for node in groups['skydive_all'] %}
-{%   set _ansible_interface_name = hostvars[node]['skydive_network_device'] | default(hostvars[node]['ansible_default_ipv4']['interface']) | replace('-', '_') %}
-{%   set _skydive_ip = hostvars[node]['skydive_bind_address'] | default(hostvars[node]["ansible_" ~ _ansible_interface_name]['ipv4']['address']) %}
-{%   set _skydive_ansible_domain = hostvars[node]['ansible_domain'] | default(hostvars[node]['ansible_hostname'] ) %}
-{%   set _skydive_dns_name = ((_skydive_ansible_domain | length) > 0) | ternary(_skydive_ansible_domain, hostvars[node]['ansible_hostname']) %}
-{%   set _ = ips.append(_skydive_ip) %}
-{%   set _ = hostnames.append(_skydive_dns_name) %}
+{%   if hostvars[node]['ansible_default_ipv4'] is defined %}
+{%     set _ansible_interface_name = hostvars[node]['skydive_network_device'] | default(hostvars[node]['ansible_default_ipv4']['interface']) | replace('-', '_') %}
+{%     set _skydive_ip = hostvars[node]['skydive_bind_address'] | default(hostvars[node]["ansible_" ~ _ansible_interface_name]['ipv4']['address']) %}
+{%     set _skydive_ansible_domain = hostvars[node]['ansible_fqdn'] | default(hostvars[node]['ansible_hostname'] ) %}
+{%     set _skydive_dns_name = ((_skydive_ansible_domain | length) > 0) | ternary(_skydive_ansible_domain, hostvars[node]['ansible_hostname']) %}
+{%     set _ = ips.append(_skydive_ip) %}
+{%     set _ = hostnames.append(_skydive_dns_name) %}
 IP.{{ loop.index }} = {{ _skydive_ip }}
 DNS.{{ loop.index }} = {{ _skydive_dns_name }}
+{%   endif %}
 {% endfor %}
 
 {% set localhost_index = (groups['skydive_all'] | length) + 1 %}
diff --git a/skydive/roles/skydive_common/vars/debian.yml b/skydive/roles/skydive_common/vars/debian.yml
index ec63a97d..6b34a580 100644
--- a/skydive/roles/skydive_common/vars/debian.yml
+++ b/skydive/roles/skydive_common/vars/debian.yml
@@ -18,3 +18,4 @@ sykdive_distro_packages:
   - python3-openssl
   - python-openssl
   - python-passlib
+  - python-virtualenv
diff --git a/skydive/roles/skydive_common/vars/main.yml b/skydive/roles/skydive_common/vars/main.yml
index c46c727c..ac9508dc 100644
--- a/skydive/roles/skydive_common/vars/main.yml
+++ b/skydive/roles/skydive_common/vars/main.yml
@@ -50,7 +50,7 @@ skydive_ssl_cnf: "/var/lib/skydive/ssl/skydive-openssl.cnf"
 skydive_ssl_key: "/var/lib/skydive/ssl/skydive.key"
 skydive_ssl_csr: "/var/lib/skydive/ssl/skydive.csr"
 skydive_ssl_cert: "/var/lib/skydive/ssl/skydive-{{ inventory_hostname | replace('_', '-') | replace(' ', '-') }}.crt"
-skydive_ssl_signed_subject: "/C=XX/L=OpenStack-Cloud/O=OpenStack/OU=IT/CN={{ ((ansible_domain | length) > 0) | ternary(ansible_domain, ansible_hostname) }}"
+skydive_ssl_signed_subject: "/C=XX/L=OpenStack-Cloud/O=OpenStack/OU=IT/CN={{ ((ansible_fqdn | length) > 0) | ternary(ansible_fqdn, ansible_hostname) }}"
 
 skydive_ssl_ca_key: "/var/lib/skydive/ssl/skydive-ca.key"
 skydive_ssl_ca_cert: "/var/lib/skydive/ssl/skydive-ca.crt"
diff --git a/skydive/roles/skydive_common/vars/redhat.yml b/skydive/roles/skydive_common/vars/redhat.yml
index 9f8879b4..fc10cc6e 100644
--- a/skydive/roles/skydive_common/vars/redhat.yml
+++ b/skydive/roles/skydive_common/vars/redhat.yml
@@ -17,3 +17,4 @@ sykdive_distro_packages:
   - openssl
   - python2-passlib
   - pyOpenSSL
+  - python-virtualenv
diff --git a/skydive/roles/skydive_common/vars/suse.yml b/skydive/roles/skydive_common/vars/suse.yml
index 80c5e764..3fa7f4eb 100644
--- a/skydive/roles/skydive_common/vars/suse.yml
+++ b/skydive/roles/skydive_common/vars/suse.yml
@@ -18,3 +18,4 @@ sykdive_distro_packages:
   - python2-pyOpenSSL
   - python3-pyOpenSSL
   - python-passlib
+  - python2-virtualenv
diff --git a/skydive/validateSkydive.yml b/skydive/validateSkydive.yml
index 1076aa39..0c6987d6 100644
--- a/skydive/validateSkydive.yml
+++ b/skydive/validateSkydive.yml
@@ -27,4 +27,5 @@
       delay: 10
 
     - name: Show Skydive client
-      debug: var=skydive_client
+      debug:
+        msg: "{{ skydive_client.stdout | from_json }}"