From a5f6eb6ed494d6161d0c4b3a76c1f7311094c112 Mon Sep 17 00:00:00 2001 From: Vladimir Kozhukalov Date: Fri, 19 Jul 2024 12:58:39 -0500 Subject: [PATCH] Update deploy-env role When generating keys and sharing them between nodes in a multinode env it is important that task which generates keys is finished before trying to use these keys on another node. The PR splits the Ansible block into two blocks and makes sure the playbook deploy-env is run with the linear strategy. Thus we can be sure that keys are first generated on all affected nodes and only then are used to setup tunnels and passwordless ssh. Change-Id: I9985855d7909aa5365876a24e2a806ab6be1dd7c --- playbooks/deploy-env.yaml | 1 + .../deploy-env/tasks/client_cluster_ssh.yaml | 44 ++++++++++--------- .../tasks/client_cluster_tunnel.yaml | 5 ++- 3 files changed, 28 insertions(+), 22 deletions(-) diff --git a/playbooks/deploy-env.yaml b/playbooks/deploy-env.yaml index 3efab3564..dd26203b2 100644 --- a/playbooks/deploy-env.yaml +++ b/playbooks/deploy-env.yaml @@ -12,6 +12,7 @@ --- - hosts: all + strategy: linear become: true gather_facts: true roles: diff --git a/roles/deploy-env/tasks/client_cluster_ssh.yaml b/roles/deploy-env/tasks/client_cluster_ssh.yaml index 7bbf3ea85..7fcee1076 100644 --- a/roles/deploy-env/tasks/client_cluster_ssh.yaml +++ b/roles/deploy-env/tasks/client_cluster_ssh.yaml @@ -11,28 +11,28 @@ # limitations under the License. --- -- name: Setup passwordless ssh from primary and cluster nodes +- name: Set client user home directory + set_fact: + client_user_home_directory: /home/{{ client_ssh_user }} + when: client_ssh_user != "root" + +- name: Set client user home directory + set_fact: + client_user_home_directory: /root + when: client_ssh_user == "root" + +- name: Set cluster user home directory + set_fact: + cluster_user_home_directory: /home/{{ cluster_ssh_user }} + when: cluster_ssh_user != "root" + +- name: Set cluster user home directory + set_fact: + cluster_user_home_directory: /root + when: cluster_ssh_user == "root" + +- name: Setup ssh keys block: - - name: Set client user home directory - set_fact: - client_user_home_directory: /home/{{ client_ssh_user }} - when: client_ssh_user != "root" - - - name: Set client user home directory - set_fact: - client_user_home_directory: /root - when: client_ssh_user == "root" - - - name: Set cluster user home directory - set_fact: - cluster_user_home_directory: /home/{{ cluster_ssh_user }} - when: cluster_ssh_user != "root" - - - name: Set cluster user home directory - set_fact: - cluster_user_home_directory: /root - when: cluster_ssh_user == "root" - - name: Generate ssh key pair shell: | ssh-keygen -t ed25519 -q -N "" -f {{ client_user_home_directory }}/.ssh/id_ed25519 @@ -45,6 +45,8 @@ register: ssh_public_key when: (inventory_hostname in (groups['primary'] | default([]))) +- name: Setup passwordless ssh from primary and cluster nodes + block: - name: Set primary ssh public key set_fact: client_ssh_public_key: "{{ (groups['primary'] | map('extract', hostvars, ['ssh_public_key', 'stdout']))[0] }}" diff --git a/roles/deploy-env/tasks/client_cluster_tunnel.yaml b/roles/deploy-env/tasks/client_cluster_tunnel.yaml index 8a39f4ab6..31d3118b3 100644 --- a/roles/deploy-env/tasks/client_cluster_tunnel.yaml +++ b/roles/deploy-env/tasks/client_cluster_tunnel.yaml @@ -19,7 +19,7 @@ set_fact: client_default_ip: "{{ (groups['primary'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']))[0] }}" -- name: Setup wireguard tunnel between primary and cluster control-plane node +- name: Setup wireguard keys when: (groups['primary'] | difference(groups['k8s_control_plane']) | length > 0) block: - name: Generate wireguard key pair @@ -33,6 +33,9 @@ register: wg_public_key when: (inventory_hostname in (groups['primary'] | default([]))) or (inventory_hostname in (groups['k8s_control_plane'] | default([]))) +- name: Setup wireguard tunnel between primary and cluster control-plane node + when: (groups['primary'] | difference(groups['k8s_control_plane']) | length > 0) + block: - name: Set primary wireguard public key set_fact: client_wg_public_key: "{{ (groups['primary'] | map('extract', hostvars, ['wg_public_key', 'stdout']))[0] }}"