openstack/openstack-ansible-os_nova
Code Issues Proposed changes

Merge "Improve deployment performance on large clusters"

Browse Source
This commit is contained in:
Jenkins 2016-07-19 14:30:55 +00:00 committed by Gerrit Code Review
commit 472e0afbfb
3 changed files with 73 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
releasenotes/notes/nova-largecluster-key-inserts-afc8cac63af41087.yaml Normal file
View File

@ -0,0 +1,12 @@
---
features:
- The nova SSH public key distribution has been made a lot faster
especially when deploying against very large clusters. To support
larger clusters the role has moved away from the "authorized_key"
module and is now generating a script to insert keys that may
be missing from the authorized keys file. The script is saved on all
nova compute nodes and can be found at
``/usr/local/bin/openstack-nova-key.sh``. If ever there is a need to
reinsert keys or fix issues on a given compute node the script can be
executed at any time without directly running the ansible playbooks
or roles.

36
tasks/nova_compute_key_distribute.yml
View File

@ -13,12 +13,36 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: Create authorized keys file from host vars # The authorized key file script will be generated locally and copied to all known
authorized_key: # compute hosts within the environment. This script will add a key to the nova
user: "{{ nova_system_user_name }}" # user's .ssh/authorized_keys file if it's not already found.
key: "{{ hostvars[item]['nova_pubkey'] | b64decode }}" - name: Drop authorized keys file script locally
with_items: "{{ groups['nova_compute'] }}" template:
when: hostvars[item]['nova_pubkey'] is defined src: "nova-key-insert.sh.j2"
dest: "/usr/local/bin/openstack-nova-key.sh"
mode: "0755"
delegate_to: localhost
when: inventory_hostname == groups['nova_compute'][0]
tags:
- nova-key
- nova-key-distribute
- name: Copy templated authorized keys file script
copy:
src: "/usr/local/bin/openstack-nova-key.sh"
dest: "/usr/local/bin/openstack-nova-key.sh"
mode: "0755"
tags:
- nova-key
- nova-key-distribute
- name: Run authorized keys file script
command: "/usr/local/bin/openstack-nova-key.sh"
register: key_create
changed_when: key_create.rc == 3
failed_when:
- key_create.rc != 3
- key_create.rc != 0
tags: tags:
- nova-key - nova-key
- nova-key-distribute - nova-key-distribute

31
templates/nova-key-insert.sh.j2 Normal file
View File

@ -0,0 +1,31 @@
#!/usr/bin/env bash
# Running the script:
# * The script will exit 99 if the home folder for the user set by
# "nova_system_user_name" is not found.
# * If the script adds a key to the authorized keys file it will exit 3.
# * If the script takes no action it will exit 0.
set -ex
EXIT_CODE=0
USER_HOME="$(getent passwd {{ nova_system_user_name }} | awk -F':' '{print $6}')"
[[ -d "${USER_HOME}" ]] || exit 99
if [[ ! -f "${USER_HOME}/.ssh/authorized_keys" ]]; then
touch "${USER_HOME}/.ssh/authorized_keys"
chown {{ nova_system_user_name }}:{{ nova_system_group_name }} "${USER_HOME}/.ssh/authorized_keys"
chmod 0600 "${USER_HOME}/.ssh/authorized_keys"
fi
{% for item in groups['nova_compute'] %}
{% if hostvars[item]['nova_pubkey'] is defined %}
KEY="{{ hostvars[item]['nova_pubkey'] | b64decode }}"
if ! grep -q -w "${KEY}" "${USER_HOME}/.ssh/authorized_keys"; then
echo "${KEY}" | tee -a "${USER_HOME}/.ssh/authorized_keys"
EXIT_CODE=3
fi
{% endif %}
{% endfor %}
exit "${EXIT_CODE}"