This way we are able to stream the output from commands as they
are received for better debugging. We can also move some new
debug statements to inside of the new run() function so they
are more automatic.
Change-Id: I484f5cf70aa15923ea4bb866f3be536b2e8ed4ed
One problem with "shell script as python" is that there's no
equivalent of "-x" in shell, which makes it really hard to extract
what's being called and where output came from.
This adds a bit more verbose logging around the ssh calls to try and
help someone parsing the logs.
Change-Id: I85e2415b47e044cfa1c678fc7786b4891fa1f93e
Avoid a bunch of warnings about unwritable /var/log/ansible.log (the
default) by setting the log path environment variable where we call
ansible.
Note expand-groups.sh is moved inside the JobDir() context so we can
use the environment var there too, as it calls ansible underneath.
Change-Id: I575d633a36db8cfb891c8903a7bfbea73a4cfb29
Save the key to a file in /tmp when failing early with --keep.
Although it is put into the JobDir later, if we fail before that we're
locked out of the host.
While we're here, make what just happened in an error case a little
clearer
Change-Id: Ide601e2018302664bc4ad609c4483aa1451b3724
RAX nodes are exhibiting new behaviour of having ipv6 configured but
not active. Restart eth0 to pick up the address in
/etc/network/interfaces so the ping6's work
Change-Id: I6b60bde34cc28ca60c5cbbb41de02cd89354cc32
There are potentially two related issues here which can result in
an empty generated groups file. The first is that if there are OS_
environment variables set, then os-client-config can create an 'environ'
cloud. That cloud then, in most cases here, will not be a valid cloud
since it won't be a full config, so iterating over all existing clouds
to get their server will fail, meaning that the inventory will be empty
meaning that generated groups will then be generated empty.
To deal with that, we can consume the newer upstream option that allows
the inventory to not bail out if it has a bad cloud, but instead get all
of the resources from the clouds that do work.
Additionally though, we can do an explicit inventory run so that we can
look to see if the inventory run failed, and if so, avoid running the
expand-groups.sh script, since we'd be fairly assured that it would be
running on top of a bad inventory cache.
Change-Id: Ib18987b3083f6addc61934b435d7ecb14aa1d25a
For --config-drive to actually work as advertised in launch-node.py,
it needs to default to False. Otherwise this option is useless.
Change-Id: Ib29fa758779e89d3d25399615fd009b836dda598
When launching a server, ansible needs to know what groups the
new host is in so that it can copy the appropriate files. Figuring
that out is done based on the groups.txt file and the expand-groups
script. This change runs that script after creating a host, which
will update the global list of expanded groups. That is then
symlinked into a temporary inventory directory used by launch-node.
The JobDir concept is borrowed from Zuul as a simple way of creating
and deleting at the appropriate time a complex temporary directory.
Change-Id: Icce083ca67a3473b7d77401142f870fd28dd08f5
We can only get the volume attach device if we are attaching a volume.
Check if the volume is being attached and only determine the attachment
location in that case to avoid errors.
Story: 2000569
Change-Id: I4adc5e23abdfc0627a0850f845e2333d3bd25e63
Now that we have a shade version of the launch node script adding in
support for attaching a cinder volume is simple. Do this so that
launching mirrors which rely on cinder volumes is simpler.
This updates the mount_volume.sh script to setup the first cinder volume
with lvm and mount it under the specified path. It will also install
lvm2 pacakges since they may not be present on all base images.
This updates the make_swap.sh script to avoid blindly using /dev/vdb as
the location for swap as this may be a cinder volume or config drive.
We add availability zone, device specification, mount path, and
fs label support to shade-launch-node.py as these are all necessary
inputs to properly mount a cinder volume in a VM.
Change-Id: Ie95fd4bd5fca8df4f8046d43d1333935cad567e3
There is a bug in OCC that causes an envvars cloud to be created when
the only two env vars are the selectors OS_CLOUD and OS_REGION_NAME. So
exclude them from the envionment when running the group creation
command.
Also, there is a bug in the invocation of the hostname playbook, in that
it was passing in the UUID as the target to run against, but we're
writing out a name-based inventory.
Change-Id: I0b524dc43ec96c6645ae82a090744eab463e7fb9
It looks like we solved the duplicate server problem twice in
conflicting ways. Using uuid in the inventory is not needed, bcause
we're making a specific inventory for the ansible commands and avoiding
the OpenStack inventory. So the ansible run has no idea of any other
servers other than the one we're making right now. With that, we can use
name as the hostname rather than UUID.
Story: 2000520
Change-Id: Idb967e10fc00471923077e4e9caa32fdb4c1cc78
We have a playbook that does the logic of setting the hostname. Rather
than implementing that logic in launch-node - just use the playbook.
Change-Id: I1a6c0ff12803bdac35631cb3bb2c8fe70cbd1904
https://github.com/ansible/ansible/pull/14882 landed, so the inventory
will understand that an empty cache means the inventory needs
refetching. Zero out the file, and start consuming inventory from the
master branch of ansible since mordred controls that file anyway.
Change-Id: I2a4f4b21c50bfa94a229dd109e3d21f47552f0a1
We have a set of hostname patterns which is not a thing that ansible
supports in inventory files. While we can put hostname patterns into
playbooks directly, that does not help us with copying hiera group files
since ansible doesn't know about the groups in site.pp and puppet
doesn't know about the ansible groups.
Instead, do a quick expansion any time the groups.txt file changes and
at the end of launch-node. It will be left to admins to run
expand-groups.sh whenever they delete a node.
Change-Id: I00c60748ddb2d35a3b98f78d828dabebcf065118
With the puppetmaster not there anymore, we should consume inventory
from OpenStack rather than from puppet.
It turns out that because of the way static and dynamic inventories get
merged, the static file needs to stand alone. SO - if you need to
disable a dynamic host from OpenStack (pretty much all of our hosts) you
need to not only add it to dynamic:children, you need to add an emtpy
group into the static file too, otherwise you'll get an error like:
root@puppetmaster:~# ansible -i newinv '!disabled' --list-hosts
ERROR: newinv/static:4: child group is not defined: (jenkins-dev.openstack.org)
Change-Id: Ic6809ed0b7014d7aebd414bf3a342e3a37eb10b6
This parameter is usually not necessary, and over-specifying it
can be problematic because the value is not consistent.
Change-Id: I0a90631499294e7a6eb287f24739cf4884a8db7b
New systemd based distros reboot so quickly that the ssh connection
errors returning 255 (or -1 in python because signed integers). Ignore
return codes of -1 when rebooting over ssh as a result. All other return
codes will be propogated properly.
Change-Id: I272f00e9e07f1ed04f2b97d0e1609c6e8d49caf3
Because, you know, we should have to do this.
Rackspace publishes two things called "compute" into their catalog for
customers who still have the old compute service.
Change-Id: I27d5a78fc743057a270acd4bf7c85fd998f9074d
* launch/launch-node.py: Now that we're using --detailed-exit-codes
with puppet, we should not abort when the ssh call exits nonzero.
Puppet explicitly returns nonzero codes which indicate success
conditions, and we already have a function in place to interpret
them.
Change-Id: If66d345902d05fa0898d202f5f71c087df9f4ce7
HP Cloud centos7 images are currently failing with 'Please login as
the user "centos" rather than the user "root"'.
This adds the 'centos' user as one of the logins to try, and adds a
little documentation to the subsequent fixup of the authorized_keys
file
Change-Id: I46b62c8c4aed7a1c9522d60db7f726ebcb30281c
We've got the logic elsewhere to properly deal with puppet bizarre exit
code strategy. Put it in launch_node too.
Change-Id: I4a414a27b58b2d4d890020f4b2aaed50f7c8f26b
Currently launch-node.py doesn't allow to specify network label
and floating IP pool name, using the defaults from nova-network.
This patch allows to specify network label to attach instance to,
and floating IP pool from which floating IPs could be assigned.
Change-Id: I46024bc1c217f99f19717aeb04d424a01440203a
The new code to create volumes incorrectly affects the non-volume
case due to an indentation bug. This corrects that.
Change-Id: I18eb1222447393e769fbbbf550407bf103b11e99
We are using cinder block devices more and more. Update launch node so
that it can attach a preexisting cinder volume against a new nova server
on first boot. This will allow puppet or other config management to
format and mount that block device into the VMs filesystem.
Change-Id: Ic121cdc06dcbea0e38e8d0ff8946e999af3d727e
It is deemed useful by some to pass IDs rather than names to
launch-node.py for flavors and images; mostly due to the fact that
names are not unique, and the "first-matched" behavior on names
means that it can end up doing the wrong thing in certain cases.
Change-Id: Ief89174fedac7921f85bbfe3a456059ecc0f19bf
We don't really use the salt infrastructure that we set up, which means
it's cruft. Go ahead and admit that we don't use it and remove it from
our systems.
Change-Id: Ic43695719cbad30aded16ac480deb3dfd9b2a110
* launch/README: Correct outdated references to salt and puppet
certs. Modernize the recommended image name.
* launch/launch-node.py: When run as root, keep the puppet group on
private keys so that they're readable by puppet group members. That
way it won't break subsequent runs as non-root following the current
instructions in the README file. Modernize the default image name.
Change-Id: Ic5034121d4d0df3c096c2e474a9d3d41ec361021
Added the abillity to use launch_node.py to connect to and create
infrastructure instances in openstack setups that are not setup to use
the ssl secured clients.
This matches the functionality of the nova cli to accept NOVACLIENT_INSECURE.
Change-Id: Ibfb5bb4665f36a155ec488c475e03f9cd901e9d6
Signed-off-by: Philip Schwartz <philip.schwartz@rackspace.com>
Add a script to handle cloud servers with no swap. This can be
used before install_puppet when developers run it by hand, and
is called directly by launch_node. If the host has
no swap, create a swap partition from the ephemeral disk and use
the remainder on /opt.
Change-Id: Iac8bfe4924d8607ddbddc45312a51fe52eb4cdbc
In anticipation of swtiching to flake8 as part of the removal of
pyflakes jobs, clean up a few flake8 errors so that we don't have to
ignore as many things.
Change-Id: Idb8466bb3194904d84e17dd3f2a7c32aff13788c
This is a minor step towards PEP-8 as well, but mainly makes it easier
to document what third party modules are needed.
Change-Id: Id901ef437fcdeb11c8dd555e8db7c13daa86c4b2
