Support configuration of user accounts

User accounts are configured during the following commands:

kayobe seed hypervisor host configure
kayobe seed host configure
kayobe overcloud host configure

The users are defined by the following variables:

seed_hypervisor_users
seed_users
controller_users
monitoring_users

The format required is described in the singleplatform-eng.users role
on Galaxy.

Any additional control plane hosts not in the controllers or monitoring
groups should define a 'users' variable.

.gitignore

@@ -50,6 +50,7 @@ ansible/*.retry
 
 # Ansible Galaxy roles
 ansible/roles/ahuffman.resolv/
+ansible/roles/singleplatform-eng.users/
 ansible/roles/jriguera.configdrive/
 ansible/roles/mrlesmithjr.manage-lvm/
 ansible/roles/MichaelRigart.interfaces/

ansible/group_vars/all/controllers

@@ -116,3 +116,10 @@ controller_lvm_group_data_lv_docker_volumes_fs: ext4
 
 # Dict of sysctl parameters to set.
 controller_sysctl_parameters: {}
+
+###############################################################################
+# Controller node user configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+controller_users: "{{ users_default }}"

ansible/group_vars/all/monitoring

@@ -75,3 +75,10 @@ monitoring_lvm_groups_extra: "{{ controller_lvm_groups_extra }}"
 
 # Dict of sysctl parameters to set.
 monitoring_sysctl_parameters: "{{ controller_sysctl_parameters }}"
+
+###############################################################################
+# Monitoring node user configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+monitoring_users: "{{ controller_users }}"

ansible/group_vars/all/seed

@@ -73,3 +73,10 @@ seed_lvm_group_data_lv_docker_volumes_fs: ext4
 
 # Dict of sysctl parameters to set.
 seed_sysctl_parameters: {}
+
+###############################################################################
+# Seed node user configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+seed_users: "{{ users_default }}"

ansible/group_vars/all/seed-hypervisor

@@ -63,3 +63,10 @@ seed_hypervisor_libvirt_networks: >
 
 # Dict of sysctl parameters to set.
 seed_hypervisor_sysctl_parameters: {}
+
+###############################################################################
+# Seed hypervisor user configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+seed_hypervisor_users: "{{ users_default }}"

ansible/group_vars/all/users

@@ -0,0 +1,7 @@
+---
+################################################################################
+# User configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+users_default: []

ansible/group_vars/controllers/users

@@ -0,0 +1,4 @@
+---
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+users: "{{ controller_users }}"

ansible/group_vars/monitoring/users

@@ -0,0 +1,4 @@
+---
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+users: "{{ monitoring_users }}"

ansible/group_vars/seed-hypervisor/users

@@ -0,0 +1,4 @@
+---
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+users: "{{ seed_hypervisor_users }}"

ansible/group_vars/seed/users

@@ -0,0 +1,4 @@
+---
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+users: "{{ seed_users }}"

ansible/requirements.yml

@@ -4,6 +4,10 @@
 - src: MichaelRigart.interfaces
 - src: mrlesmithjr.manage-lvm
 - src: resmo.ntp
+#- src: singleplatform-eng.users
+- src: https://github.com/singleplatform-eng/ansible-users
+  version: append
+  name: singleplatform-eng.users
 - src: stackhpc.drac
 - src: stackhpc.drac-facts
 - src: stackhpc.os-flavors

ansible/users.yml

@@ -0,0 +1,6 @@
+---
+- name: Ensure users exist
+  hosts: seed:seed-hypervisor:overcloud
+  roles:
+    - role: singleplatform-eng.users
+      become: True

doc/source/control-plane-service-placement.rst

@@ -66,6 +66,9 @@ hosts in the ``monitoring`` group.
    ``network_interfaces`` List of names of networks to which the host is
                           connected.
    ``sysctl_parameters``  Dict of sysctl parameters to set.
+   ``users``              List of users to create. See
+                          `singleplatform-eng.users role
+                          <https://galaxy.ansible.com/singleplatform-eng/users/>`_
    ====================== =====================================================
 
 If configuring BIOS and RAID via ``kayobe overcloud bios raid configure``, the
@@ -184,6 +187,7 @@ providing the necessary variables for a control plane host.
    lvm_groups: "{{ controller_lvm_groups }}"
    network_interfaces: "{{ controller_network_host_network_interfaces }}"
    sysctl_parameters: "{{ controller_sysctl_parameters }}"
+   users: "{{ controller_users }}"
 
 Here we are using the controller-specific values for some of these variables,
 but they could equally be different.

etc/kayobe/controllers.yml

@@ -92,6 +92,13 @@
 # Dict of sysctl parameters to set.
 #controller_sysctl_parameters:
 
+###############################################################################
+# Controller node user configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+#controller_users:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes

etc/kayobe/monitoring.yml

@@ -69,6 +69,13 @@
 # Dict of sysctl parameters to set.
 #monitoring_sysctl_parameters:
 
+###############################################################################
+# Monitoring node user configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+#monitoring_users:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes

etc/kayobe/seed-hypervisor.yml

@@ -50,6 +50,13 @@
 # Dict of sysctl parameters to set.
 #seed_hypervisor_sysctl_parameters:
 
+###############################################################################
+# Seed hypervisor user configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+#seed_hypervisor_users:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes

etc/kayobe/seed.yml

@@ -57,6 +57,13 @@
 # Dict of sysctl parameters to set.
 #seed_sysctl_parameters:
 
+###############################################################################
+# Seed node user configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+#seed_users:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes

etc/kayobe/users.yml

@@ -0,0 +1,7 @@
+---
+################################################################################
+# User configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+#users_default:

kayobe/cli/commands.py

@@ -226,7 +226,7 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
     def take_action(self, parsed_args):
         self.app.LOG.debug("Configuring seed hypervisor host OS")
         playbooks = _build_playbook_list(
-            "ip-allocation", "ssh-known-host", "dev-tools", "network",
+            "ip-allocation", "ssh-known-host", "users", "dev-tools", "network",
             "sysctl", "ntp", "seed-hypervisor-libvirt-host")
         self.run_kayobe_playbooks(parsed_args, playbooks,
                                   limit="seed-hypervisor")
@@ -285,8 +285,8 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
         if parsed_args.wipe_disks:
             playbooks += _build_playbook_list("wipe-disks")
         playbooks += _build_playbook_list(
-            "dev-tools", "disable-selinux", "network", "sysctl", "ip-routing",
+            "users", "dev-tools", "disable-selinux", "network", "sysctl",
-            "snat", "disable-glean", "ntp", "lvm")
+            "ip-routing", "snat", "disable-glean", "ntp", "lvm")
         self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed")
         playbooks = _build_playbook_list("kolla-ansible")
         self.run_kayobe_playbooks(parsed_args, playbooks, tags="config")
@@ -465,7 +465,7 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
         if parsed_args.wipe_disks:
             playbooks += _build_playbook_list("wipe-disks")
         playbooks += _build_playbook_list(
-            "dev-tools", "disable-selinux", "network", "sysctl",
+            "users", "dev-tools", "disable-selinux", "network", "sysctl",
             "disable-glean", "ntp", "lvm")
         self.run_kayobe_playbooks(parsed_args, playbooks, limit="overcloud")
         playbooks = _build_playbook_list("kolla-ansible")