From 287acd1f920fc1401599472830a21e52810c6817 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Fri, 8 Sep 2017 16:02:40 +0000 Subject: [PATCH] Support configuration of user accounts User accounts are configured during the following commands: kayobe seed hypervisor host configure kayobe seed host configure kayobe overcloud host configure The users are defined by the following variables: seed_hypervisor_users seed_users controller_users monitoring_users The format required is described in the singleplatform-eng.users role on Galaxy. Any additional control plane hosts not in the controllers or monitoring groups should define a 'users' variable. --- .gitignore | 1 + ansible/group_vars/all/controllers | 7 +++++++ ansible/group_vars/all/monitoring | 7 +++++++ ansible/group_vars/all/seed | 7 +++++++ ansible/group_vars/all/seed-hypervisor | 7 +++++++ ansible/group_vars/all/users | 7 +++++++ ansible/group_vars/controllers/users | 4 ++++ ansible/group_vars/monitoring/users | 4 ++++ ansible/group_vars/seed-hypervisor/users | 4 ++++ ansible/group_vars/seed/users | 4 ++++ ansible/requirements.yml | 4 ++++ ansible/users.yml | 6 ++++++ doc/source/control-plane-service-placement.rst | 4 ++++ etc/kayobe/controllers.yml | 7 +++++++ etc/kayobe/monitoring.yml | 7 +++++++ etc/kayobe/seed-hypervisor.yml | 7 +++++++ etc/kayobe/seed.yml | 7 +++++++ etc/kayobe/users.yml | 7 +++++++ kayobe/cli/commands.py | 8 ++++---- 19 files changed, 105 insertions(+), 4 deletions(-) create mode 100644 ansible/group_vars/all/users create mode 100644 ansible/group_vars/controllers/users create mode 100644 ansible/group_vars/monitoring/users create mode 100644 ansible/group_vars/seed-hypervisor/users create mode 100644 ansible/group_vars/seed/users create mode 100644 ansible/users.yml create mode 100644 etc/kayobe/users.yml diff --git a/.gitignore b/.gitignore index a12d909e5..ed9cea8e3 100644 --- a/.gitignore +++ b/.gitignore @@ -50,6 +50,7 @@ ansible/*.retry # Ansible Galaxy roles ansible/roles/ahuffman.resolv/ +ansible/roles/singleplatform-eng.users/ ansible/roles/jriguera.configdrive/ ansible/roles/mrlesmithjr.manage-lvm/ ansible/roles/MichaelRigart.interfaces/ diff --git a/ansible/group_vars/all/controllers b/ansible/group_vars/all/controllers index f1c98d9d9..590474a69 100644 --- a/ansible/group_vars/all/controllers +++ b/ansible/group_vars/all/controllers @@ -116,3 +116,10 @@ controller_lvm_group_data_lv_docker_volumes_fs: ext4 # Dict of sysctl parameters to set. controller_sysctl_parameters: {} + +############################################################################### +# Controller node user configuration. + +# List of users to create. This should be in a format accepted by the +# singleplatform-eng.users role. +controller_users: "{{ users_default }}" diff --git a/ansible/group_vars/all/monitoring b/ansible/group_vars/all/monitoring index e9a247a17..fbf20ed69 100644 --- a/ansible/group_vars/all/monitoring +++ b/ansible/group_vars/all/monitoring @@ -75,3 +75,10 @@ monitoring_lvm_groups_extra: "{{ controller_lvm_groups_extra }}" # Dict of sysctl parameters to set. monitoring_sysctl_parameters: "{{ controller_sysctl_parameters }}" + +############################################################################### +# Monitoring node user configuration. + +# List of users to create. This should be in a format accepted by the +# singleplatform-eng.users role. +monitoring_users: "{{ controller_users }}" diff --git a/ansible/group_vars/all/seed b/ansible/group_vars/all/seed index 12aefb778..fec668f10 100644 --- a/ansible/group_vars/all/seed +++ b/ansible/group_vars/all/seed @@ -73,3 +73,10 @@ seed_lvm_group_data_lv_docker_volumes_fs: ext4 # Dict of sysctl parameters to set. seed_sysctl_parameters: {} + +############################################################################### +# Seed node user configuration. + +# List of users to create. This should be in a format accepted by the +# singleplatform-eng.users role. +seed_users: "{{ users_default }}" diff --git a/ansible/group_vars/all/seed-hypervisor b/ansible/group_vars/all/seed-hypervisor index bf6b86403..58c3b0fcd 100644 --- a/ansible/group_vars/all/seed-hypervisor +++ b/ansible/group_vars/all/seed-hypervisor @@ -63,3 +63,10 @@ seed_hypervisor_libvirt_networks: > # Dict of sysctl parameters to set. seed_hypervisor_sysctl_parameters: {} + +############################################################################### +# Seed hypervisor user configuration. + +# List of users to create. This should be in a format accepted by the +# singleplatform-eng.users role. +seed_hypervisor_users: "{{ users_default }}" diff --git a/ansible/group_vars/all/users b/ansible/group_vars/all/users new file mode 100644 index 000000000..e86660d16 --- /dev/null +++ b/ansible/group_vars/all/users @@ -0,0 +1,7 @@ +--- +################################################################################ +# User configuration. + +# List of users to create. This should be in a format accepted by the +# singleplatform-eng.users role. +users_default: [] diff --git a/ansible/group_vars/controllers/users b/ansible/group_vars/controllers/users new file mode 100644 index 000000000..4fc0add23 --- /dev/null +++ b/ansible/group_vars/controllers/users @@ -0,0 +1,4 @@ +--- +# List of users to create. This should be in a format accepted by the +# singleplatform-eng.users role. +users: "{{ controller_users }}" diff --git a/ansible/group_vars/monitoring/users b/ansible/group_vars/monitoring/users new file mode 100644 index 000000000..990b2d7ba --- /dev/null +++ b/ansible/group_vars/monitoring/users @@ -0,0 +1,4 @@ +--- +# List of users to create. This should be in a format accepted by the +# singleplatform-eng.users role. +users: "{{ monitoring_users }}" diff --git a/ansible/group_vars/seed-hypervisor/users b/ansible/group_vars/seed-hypervisor/users new file mode 100644 index 000000000..51705f69d --- /dev/null +++ b/ansible/group_vars/seed-hypervisor/users @@ -0,0 +1,4 @@ +--- +# List of users to create. This should be in a format accepted by the +# singleplatform-eng.users role. +users: "{{ seed_hypervisor_users }}" diff --git a/ansible/group_vars/seed/users b/ansible/group_vars/seed/users new file mode 100644 index 000000000..9423829b0 --- /dev/null +++ b/ansible/group_vars/seed/users @@ -0,0 +1,4 @@ +--- +# List of users to create. This should be in a format accepted by the +# singleplatform-eng.users role. +users: "{{ seed_users }}" diff --git a/ansible/requirements.yml b/ansible/requirements.yml index 70031cec2..c517169ca 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -4,6 +4,10 @@ - src: MichaelRigart.interfaces - src: mrlesmithjr.manage-lvm - src: resmo.ntp +#- src: singleplatform-eng.users +- src: https://github.com/singleplatform-eng/ansible-users + version: append + name: singleplatform-eng.users - src: stackhpc.drac - src: stackhpc.drac-facts - src: stackhpc.os-flavors diff --git a/ansible/users.yml b/ansible/users.yml new file mode 100644 index 000000000..2f5f749d3 --- /dev/null +++ b/ansible/users.yml @@ -0,0 +1,6 @@ +--- +- name: Ensure users exist + hosts: seed:seed-hypervisor:overcloud + roles: + - role: singleplatform-eng.users + become: True diff --git a/doc/source/control-plane-service-placement.rst b/doc/source/control-plane-service-placement.rst index 448ca336f..6ec81d6d4 100644 --- a/doc/source/control-plane-service-placement.rst +++ b/doc/source/control-plane-service-placement.rst @@ -66,6 +66,9 @@ hosts in the ``monitoring`` group. ``network_interfaces`` List of names of networks to which the host is connected. ``sysctl_parameters`` Dict of sysctl parameters to set. + ``users`` List of users to create. See + `singleplatform-eng.users role + `_ ====================== ===================================================== If configuring BIOS and RAID via ``kayobe overcloud bios raid configure``, the @@ -184,6 +187,7 @@ providing the necessary variables for a control plane host. lvm_groups: "{{ controller_lvm_groups }}" network_interfaces: "{{ controller_network_host_network_interfaces }}" sysctl_parameters: "{{ controller_sysctl_parameters }}" + users: "{{ controller_users }}" Here we are using the controller-specific values for some of these variables, but they could equally be different. diff --git a/etc/kayobe/controllers.yml b/etc/kayobe/controllers.yml index 7e2cd9b39..ed412727f 100644 --- a/etc/kayobe/controllers.yml +++ b/etc/kayobe/controllers.yml @@ -92,6 +92,13 @@ # Dict of sysctl parameters to set. #controller_sysctl_parameters: +############################################################################### +# Controller node user configuration. + +# List of users to create. This should be in a format accepted by the +# singleplatform-eng.users role. +#controller_users: + ############################################################################### # Dummy variable to allow Ansible to accept this file. workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/monitoring.yml b/etc/kayobe/monitoring.yml index 0cba7baf3..a5dabbff3 100644 --- a/etc/kayobe/monitoring.yml +++ b/etc/kayobe/monitoring.yml @@ -69,6 +69,13 @@ # Dict of sysctl parameters to set. #monitoring_sysctl_parameters: +############################################################################### +# Monitoring node user configuration. + +# List of users to create. This should be in a format accepted by the +# singleplatform-eng.users role. +#monitoring_users: + ############################################################################### # Dummy variable to allow Ansible to accept this file. workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/seed-hypervisor.yml b/etc/kayobe/seed-hypervisor.yml index ad57215d6..968cec9a2 100644 --- a/etc/kayobe/seed-hypervisor.yml +++ b/etc/kayobe/seed-hypervisor.yml @@ -50,6 +50,13 @@ # Dict of sysctl parameters to set. #seed_hypervisor_sysctl_parameters: +############################################################################### +# Seed hypervisor user configuration. + +# List of users to create. This should be in a format accepted by the +# singleplatform-eng.users role. +#seed_hypervisor_users: + ############################################################################### # Dummy variable to allow Ansible to accept this file. workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/seed.yml b/etc/kayobe/seed.yml index 492405786..c3d92763c 100644 --- a/etc/kayobe/seed.yml +++ b/etc/kayobe/seed.yml @@ -57,6 +57,13 @@ # Dict of sysctl parameters to set. #seed_sysctl_parameters: +############################################################################### +# Seed node user configuration. + +# List of users to create. This should be in a format accepted by the +# singleplatform-eng.users role. +#seed_users: + ############################################################################### # Dummy variable to allow Ansible to accept this file. workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/users.yml b/etc/kayobe/users.yml new file mode 100644 index 000000000..198ecc95f --- /dev/null +++ b/etc/kayobe/users.yml @@ -0,0 +1,7 @@ +--- +################################################################################ +# User configuration. + +# List of users to create. This should be in a format accepted by the +# singleplatform-eng.users role. +#users_default: diff --git a/kayobe/cli/commands.py b/kayobe/cli/commands.py index 6181e6187..4675eda6f 100644 --- a/kayobe/cli/commands.py +++ b/kayobe/cli/commands.py @@ -226,7 +226,7 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, def take_action(self, parsed_args): self.app.LOG.debug("Configuring seed hypervisor host OS") playbooks = _build_playbook_list( - "ip-allocation", "ssh-known-host", "dev-tools", "network", + "ip-allocation", "ssh-known-host", "users", "dev-tools", "network", "sysctl", "ntp", "seed-hypervisor-libvirt-host") self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed-hypervisor") @@ -285,8 +285,8 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin, if parsed_args.wipe_disks: playbooks += _build_playbook_list("wipe-disks") playbooks += _build_playbook_list( - "dev-tools", "disable-selinux", "network", "sysctl", "ip-routing", - "snat", "disable-glean", "ntp", "lvm") + "users", "dev-tools", "disable-selinux", "network", "sysctl", + "ip-routing", "snat", "disable-glean", "ntp", "lvm") self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed") playbooks = _build_playbook_list("kolla-ansible") self.run_kayobe_playbooks(parsed_args, playbooks, tags="config") @@ -465,7 +465,7 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin, if parsed_args.wipe_disks: playbooks += _build_playbook_list("wipe-disks") playbooks += _build_playbook_list( - "dev-tools", "disable-selinux", "network", "sysctl", + "users", "dev-tools", "disable-selinux", "network", "sysctl", "disable-glean", "ntp", "lvm") self.run_kayobe_playbooks(parsed_args, playbooks, limit="overcloud") playbooks = _build_playbook_list("kolla-ansible")