Support configuration of user accounts

User accounts are configured during the following commands: kayobe seed hypervisor host configure kayobe seed host configure kayobe overcloud host configure The users are defined by the following variables: seed_hypervisor_users seed_users controller_users monitoring_users The format required is described in the singleplatform-eng.users role on Galaxy. Any additional control plane hosts not in the controllers or monitoring groups should define a 'users' variable.
2017-09-08 16:02:40 +00:00 · 2017-09-08 16:02:40 +00:00 · 287acd1f92
commit 287acd1f92
parent b0e199c1fc
19 changed files with 105 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -50,6 +50,7 @@ ansible/*.retry

 # Ansible Galaxy roles
 ansible/roles/ahuffman.resolv/
+ansible/roles/singleplatform-eng.users/
 ansible/roles/jriguera.configdrive/
 ansible/roles/mrlesmithjr.manage-lvm/
 ansible/roles/MichaelRigart.interfaces/
--- a/ansible/group_vars/all/controllers
+++ b/ansible/group_vars/all/controllers
@ -116,3 +116,10 @@ controller_lvm_group_data_lv_docker_volumes_fs: ext4

 # Dict of sysctl parameters to set.
 controller_sysctl_parameters: {}
+
+###############################################################################
+# Controller node user configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+controller_users: "{{ users_default }}"
--- a/ansible/group_vars/all/monitoring
+++ b/ansible/group_vars/all/monitoring
@ -75,3 +75,10 @@ monitoring_lvm_groups_extra: "{{ controller_lvm_groups_extra }}"

 # Dict of sysctl parameters to set.
 monitoring_sysctl_parameters: "{{ controller_sysctl_parameters }}"
+
+###############################################################################
+# Monitoring node user configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+monitoring_users: "{{ controller_users }}"
--- a/ansible/group_vars/all/seed
+++ b/ansible/group_vars/all/seed
@ -73,3 +73,10 @@ seed_lvm_group_data_lv_docker_volumes_fs: ext4

 # Dict of sysctl parameters to set.
 seed_sysctl_parameters: {}
+
+###############################################################################
+# Seed node user configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+seed_users: "{{ users_default }}"
--- a/ansible/group_vars/all/seed-hypervisor
+++ b/ansible/group_vars/all/seed-hypervisor
@ -63,3 +63,10 @@ seed_hypervisor_libvirt_networks: >

 # Dict of sysctl parameters to set.
 seed_hypervisor_sysctl_parameters: {}
+
+###############################################################################
+# Seed hypervisor user configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+seed_hypervisor_users: "{{ users_default }}"
--- a/ansible/group_vars/all/users
+++ b/ansible/group_vars/all/users
@ -0,0 +1,7 @@
+---
+################################################################################
+# User configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+users_default: []
--- a/ansible/group_vars/controllers/users
+++ b/ansible/group_vars/controllers/users
@ -0,0 +1,4 @@
+---
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+users: "{{ controller_users }}"
--- a/ansible/group_vars/monitoring/users
+++ b/ansible/group_vars/monitoring/users
@ -0,0 +1,4 @@
+---
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+users: "{{ monitoring_users }}"
--- a/ansible/group_vars/seed-hypervisor/users
+++ b/ansible/group_vars/seed-hypervisor/users
@ -0,0 +1,4 @@
+---
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+users: "{{ seed_hypervisor_users }}"
--- a/ansible/group_vars/seed/users
+++ b/ansible/group_vars/seed/users
@ -0,0 +1,4 @@
+---
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+users: "{{ seed_users }}"
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -4,6 +4,10 @@
 - src: MichaelRigart.interfaces
 - src: mrlesmithjr.manage-lvm
 - src: resmo.ntp
+#- src: singleplatform-eng.users
+- src: https://github.com/singleplatform-eng/ansible-users
+  version: append
+  name: singleplatform-eng.users
 - src: stackhpc.drac
 - src: stackhpc.drac-facts
 - src: stackhpc.os-flavors
--- a/ansible/users.yml
+++ b/ansible/users.yml
@ -0,0 +1,6 @@
+---
+- name: Ensure users exist
+  hosts: seed:seed-hypervisor:overcloud
+  roles:
+    - role: singleplatform-eng.users
+      become: True
--- a/doc/source/control-plane-service-placement.rst
+++ b/doc/source/control-plane-service-placement.rst
@ -66,6 +66,9 @@ hosts in the ``monitoring`` group.
   ``network_interfaces`` List of names of networks to which the host is
                          connected.
   ``sysctl_parameters``  Dict of sysctl parameters to set.
+   ``users``              List of users to create. See
+                          `singleplatform-eng.users role
+                          <https://galaxy.ansible.com/singleplatform-eng/users/>`_
   ====================== =====================================================

 If configuring BIOS and RAID via ``kayobe overcloud bios raid configure``, the
@ -184,6 +187,7 @@ providing the necessary variables for a control plane host.
   lvm_groups: "{{ controller_lvm_groups }}"
   network_interfaces: "{{ controller_network_host_network_interfaces }}"
   sysctl_parameters: "{{ controller_sysctl_parameters }}"
+   users: "{{ controller_users }}"

 Here we are using the controller-specific values for some of these variables,
 but they could equally be different.
--- a/etc/kayobe/controllers.yml
+++ b/etc/kayobe/controllers.yml
@ -92,6 +92,13 @@
 # Dict of sysctl parameters to set.
 #controller_sysctl_parameters:

+###############################################################################
+# Controller node user configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+#controller_users:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes
--- a/etc/kayobe/monitoring.yml
+++ b/etc/kayobe/monitoring.yml
@ -69,6 +69,13 @@
 # Dict of sysctl parameters to set.
 #monitoring_sysctl_parameters:

+###############################################################################
+# Monitoring node user configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+#monitoring_users:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes
--- a/etc/kayobe/seed-hypervisor.yml
+++ b/etc/kayobe/seed-hypervisor.yml
@ -50,6 +50,13 @@
 # Dict of sysctl parameters to set.
 #seed_hypervisor_sysctl_parameters:

+###############################################################################
+# Seed hypervisor user configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+#seed_hypervisor_users:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes
--- a/etc/kayobe/seed.yml
+++ b/etc/kayobe/seed.yml
@ -57,6 +57,13 @@
 # Dict of sysctl parameters to set.
 #seed_sysctl_parameters:

+###############################################################################
+# Seed node user configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+#seed_users:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes
--- a/etc/kayobe/users.yml
+++ b/etc/kayobe/users.yml
@ -0,0 +1,7 @@
+---
+################################################################################
+# User configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+#users_default:
--- a/kayobe/cli/commands.py
+++ b/kayobe/cli/commands.py
@ -226,7 +226,7 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
    def take_action(self, parsed_args):
        self.app.LOG.debug("Configuring seed hypervisor host OS")
        playbooks = _build_playbook_list(
-            "ip-allocation", "ssh-known-host", "dev-tools", "network",
+            "ip-allocation", "ssh-known-host", "users", "dev-tools", "network",
            "sysctl", "ntp", "seed-hypervisor-libvirt-host")
        self.run_kayobe_playbooks(parsed_args, playbooks,
                                  limit="seed-hypervisor")
@ -285,8 +285,8 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
        if parsed_args.wipe_disks:
            playbooks += _build_playbook_list("wipe-disks")
        playbooks += _build_playbook_list(
-            "dev-tools", "disable-selinux", "network", "sysctl", "ip-routing",
-            "snat", "disable-glean", "ntp", "lvm")
+            "users", "dev-tools", "disable-selinux", "network", "sysctl",
+            "ip-routing", "snat", "disable-glean", "ntp", "lvm")
        self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed")
        playbooks = _build_playbook_list("kolla-ansible")
        self.run_kayobe_playbooks(parsed_args, playbooks, tags="config")
@ -465,7 +465,7 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
        if parsed_args.wipe_disks:
            playbooks += _build_playbook_list("wipe-disks")
        playbooks += _build_playbook_list(
-            "dev-tools", "disable-selinux", "network", "sysctl",
+            "users", "dev-tools", "disable-selinux", "network", "sysctl",
            "disable-glean", "ntp", "lvm")
        self.run_kayobe_playbooks(parsed_args, playbooks, limit="overcloud")
        playbooks = _build_playbook_list("kolla-ansible")