6c54ce4d3b
This allows us to continue execution until a certain proportion of hosts fail. This can be useful at scale, where failures are common, and restarting a deployment is time-consuming. The default max failure percentage is 100, keeping the default behaviour. A global max failure percentage may be set via kayobe_max_fail_percentage, and individual playbooks may define a max failure percentage via <playbook>_max_fail_percentage. Related Kolla Ansible patch: https://review.opendev.org/c/openstack/kolla-ansible/+/805598 Change-Id: Ib81c72b63be5765cca664c38141ffc769640cf07
113 lines
4.0 KiB
YAML
113 lines
4.0 KiB
YAML
---
|
|
# NOTE(mgoddard): The bootstrap user may be used to create the kayobe user
|
|
# account and configure passwordless sudo. We can't assume that the bootstrap
|
|
# user account will exist after the initial bootstrapping, or that the
|
|
# current operator's key is authorised for the bootstrap user. We therefore
|
|
# attempt to access the kayobe user account via SSH, and only perform the
|
|
# bootstrap process if the account is inaccessible.
|
|
|
|
- name: Determine whether user bootstrapping is required
|
|
hosts: seed-hypervisor:seed:overcloud:infra-vms
|
|
gather_facts: false
|
|
max_fail_percentage: >-
|
|
{{ kayobe_ansible_user_max_fail_percentage |
|
|
default(host_configure_max_fail_percentage) |
|
|
default(kayobe_max_fail_percentage) |
|
|
default(100) }}
|
|
tags:
|
|
- kayobe-ansible-user
|
|
tasks:
|
|
- name: Check whether the host is accessible via SSH
|
|
raw: hostname
|
|
ignore_unreachable: true
|
|
changed_when: false
|
|
check_mode: no
|
|
register: ssh_result
|
|
|
|
- name: Group hosts requiring kayobe user bootstrapping
|
|
group_by:
|
|
key: kayobe_user_bootstrap_required_{{ ssh_result.unreachable | default(false) }}
|
|
changed_when: false
|
|
|
|
- name: Display a message when bootstrapping is required
|
|
debug:
|
|
msg: >
|
|
Cannot access host via SSH using Kayobe Ansible user account -
|
|
attempting bootstrap
|
|
when: ssh_result.unreachable | default(false)
|
|
|
|
- name: Ensure python is installed and the Kayobe Ansible user account exists
|
|
hosts: kayobe_user_bootstrap_required_True
|
|
gather_facts: no
|
|
max_fail_percentage: >-
|
|
{{ kayobe_ansible_user_max_fail_percentage |
|
|
default(host_configure_max_fail_percentage) |
|
|
default(kayobe_max_fail_percentage) |
|
|
default(100) }}
|
|
vars:
|
|
ansible_user: "{{ bootstrap_user }}"
|
|
# We can't assume that a virtualenv exists at this point, so use the system
|
|
# python interpreter.
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
dnf_options:
|
|
- "-y"
|
|
- "{% if 'proxy' in dnf_config %}--setopt=proxy={{ dnf_config['proxy'] }}{% endif %}"
|
|
tags:
|
|
- kayobe-ansible-user
|
|
- ensure-python
|
|
tasks:
|
|
- name: Check if python is installed
|
|
raw: test -e /usr/bin/python3
|
|
changed_when: false
|
|
failed_when: false
|
|
register: check_python
|
|
|
|
# TODO(priteau): Support apt proxy
|
|
- name: Ensure python is installed
|
|
raw: "test -e /usr/bin/apt && (sudo apt -y update && sudo apt install -y python3-minimal) || (sudo dnf {{ dnf_options | select | join(' ') }} install python3)"
|
|
when: check_python.rc != 0
|
|
|
|
- import_role:
|
|
name: singleplatform-eng.users
|
|
vars:
|
|
groups_to_create: "{{ [{'name': 'docker'}] if 'docker' in group_names else [] }}"
|
|
users:
|
|
- username: "{{ kayobe_ansible_user }}"
|
|
name: Kayobe deployment user
|
|
groups: "{{ ['docker'] if 'docker' in group_names else [] }}"
|
|
append: True
|
|
ssh_key:
|
|
- "{{ lookup('file', ssh_public_key_path) }}"
|
|
become: True
|
|
|
|
- name: Ensure the Kayobe Ansible user has passwordless sudo
|
|
copy:
|
|
content: "{{ kayobe_ansible_user }} ALL=(ALL) NOPASSWD: ALL"
|
|
dest: "/etc/sudoers.d/kayobe-ansible-user"
|
|
mode: 0440
|
|
become: True
|
|
|
|
- name: Verify that the Kayobe Ansible user account is accessible
|
|
hosts: seed-hypervisor:seed:overcloud:infra-vms
|
|
gather_facts: false
|
|
max_fail_percentage: >-
|
|
{{ kayobe_ansible_user_max_fail_percentage |
|
|
default(host_configure_max_fail_percentage) |
|
|
default(kayobe_max_fail_percentage) |
|
|
default(100) }}
|
|
tags:
|
|
- kayobe-ansible-user
|
|
vars:
|
|
# We can't assume that a virtualenv exists at this point, so use the system
|
|
# python interpreter.
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
tasks:
|
|
- name: Verify that a command can be executed
|
|
command: hostname
|
|
changed_when: false
|
|
|
|
- name: Verify that a command can be executed with become
|
|
command: hostname
|
|
changed_when: false
|
|
become: true
|