diff --git a/doc/source/roles/role-tripleo-create-admin.rst b/doc/source/roles/role-tripleo-create-admin.rst new file mode 100644 index 000000000..e57607dc1 --- /dev/null +++ b/doc/source/roles/role-tripleo-create-admin.rst @@ -0,0 +1,38 @@ +=========================================== +TripleO-Ansible Role - tripleo-create-admin +=========================================== + +This role provides for the following services: + + * tripleo-create-admin + + +Default variables +~~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../../tripleo_ansible/roles/tripleo-create-admin/defaults/main.yml + :language: yaml + :start-after: under the License. + + +Example default playbook +~~~~~~~~~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../../tripleo_ansible/roles/tripleo-create-admin/molecule/default/playbook.yml + :language: yaml + :start-after: under the License. + + +Example keygen playbook +~~~~~~~~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../../tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/playbook.yml + :language: yaml + :start-after: under the License. + +Authorize existing user +^^^^^^^^^^^^^^^^^^^^^^^ + +.. literalinclude:: ../../../tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/playbook.yml + :language: yaml + :start-after: under the License. diff --git a/tox.ini b/tox.ini index cca96ff8e..5f1363a87 100644 --- a/tox.ini +++ b/tox.ini @@ -189,3 +189,27 @@ basepython = {[testenv:mol]basepython} deps = {[testenv:mol]deps} changedir = {toxinidir}/tripleo_ansible/roles/tripleo-bootstrap commands = python -m pytest --color=yes --html={envlogdir}/reports.html --self-contained-html {tty:-s} {toxinidir}/tests/test_molecule.py + +[testenv:mol-tripleo-create-admin] +basepython = {[testenv:mol]basepython} +deps = {[testenv:mol]deps} +changedir = {toxinidir}/tripleo_ansible/roles/tripleo-create-admin +commands = python -m pytest --color=yes --html={envlogdir}/reports.html --self-contained-html {tty:-s} {toxinidir}/tests/test_molecule.py + +[testenv:mol-tripleo-create-admin-default] +basepython = {[testenv:mol]basepython} +deps = {[testenv:mol]deps} +changedir = {toxinidir}/tripleo_ansible/roles/tripleo-create-admin +commands = python -m pytest --color=yes --html={envlogdir}/reports.html --self-contained-html {tty:-s} {toxinidir}/tests/test_molecule.py --scenario=default + +[testenv:mol-tripleo-create-admin-keyadd] +basepython = {[testenv:mol]basepython} +deps = {[testenv:mol]deps} +changedir = {toxinidir}/tripleo_ansible/roles/tripleo-create-admin +commands = python -m pytest --color=yes --html={envlogdir}/reports.html --self-contained-html {tty:-s} {toxinidir}/tests/test_molecule.py --scenario=keyadd + +[testenv:mol-tripleo-create-admin-keygen] +basepython = {[testenv:mol]basepython} +deps = {[testenv:mol]deps} +changedir = {toxinidir}/tripleo_ansible/roles/tripleo-create-admin +commands = python -m pytest --color=yes --html={envlogdir}/reports.html --self-contained-html {tty:-s} {toxinidir}/tests/test_molecule.py --scenario=keygen diff --git a/tripleo_ansible/roles/tripleo-create-admin/README.md b/tripleo_ansible/roles/tripleo-create-admin/README.md new file mode 100644 index 000000000..120796f1e --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/README.md @@ -0,0 +1,15 @@ +# TripleO Create Admin # + +A role to create an admin user to be later used for running playbooks. + +## Role Variables ## + +| Name | Default Value | Description | +|-------------------|---------------------|-----------------------| +| `tripleo_admin_user` | `tripleo-admin` | Name of user to create| +| `tripleo_admin_pubkey` | `[undefined]` | Public key for authorization| + +## Requirements ## + + - ansible >= 2.4 + - python >= 2.6 diff --git a/tripleo_ansible/roles/tripleo-create-admin/defaults/main.yml b/tripleo_ansible/roles/tripleo-create-admin/defaults/main.yml new file mode 100644 index 000000000..4502f3aee --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/defaults/main.yml @@ -0,0 +1,28 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# All variables intended for modification should place placed in this file. + +# Set the default admin user +tripleo_admin_user: tripleo-admin + +# Enable or disable key generation for the defined user +tripleo_admin_generate_key: false + +# When `tripleo_admin_pubkey` is defined an additional authorized key will +# added to the admin users authroized_keys file. +# tripleo_admin_pubkey: ssh-rsa AAAA... diff --git a/tripleo_ansible/roles/tripleo-create-admin/meta/main.yml b/tripleo_ansible/roles/tripleo-create-admin/meta/main.yml new file mode 100644 index 000000000..61d02baec --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/meta/main.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + author: OpenStack + description: TripleO OpenStack Role -- tripleo-create-admin + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.7 + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: Fedora + versions: + - 28 + - name: CentOS + versions: + - 7 + + galaxy_tags: + - tripleo + + +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. +dependencies: [] diff --git a/tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/Dockerfile b/tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/Dockerfile new file mode 100644 index 000000000..1b91a0e0b --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/Dockerfile @@ -0,0 +1,37 @@ +# Molecule managed +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi + +{% for pkg in item.easy_install | default([]) %} +# install pip for centos where there is no python-pip rpm in default repos +RUN easy_install {{ pkg }} +{% endfor %} + + +CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/molecule.yml b/tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/molecule.yml new file mode 100644 index 000000000..3a32890d4 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/molecule.yml @@ -0,0 +1,48 @@ +--- +driver: + name: docker + +log: true + +platforms: + - name: centos7 + hostname: centos7 + image: centos:7 + dockerfile: Dockerfile + pkg_extras: python-setuptools + easy_install: + - pip + environment: &env + http_proxy: "{{ lookup('env', 'http_proxy') }}" + https_proxy: "{{ lookup('env', 'https_proxy') }}" + + - name: fedora28 + hostname: fedora28 + image: fedora:28 + dockerfile: Dockerfile + pkg_extras: python*-setuptools + environment: + <<: *env + +provisioner: + name: ansible + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + +scenario: + test_sequence: + - destroy + - create + - prepare + - converge + - verify + - destroy + +lint: + enabled: false + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/playbook.yml b/tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/playbook.yml new file mode 100644 index 000000000..2f2acb9b3 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/playbook.yml @@ -0,0 +1,28 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + roles: + - role: "tripleo-create-admin" + post_tasks: + - import_role: + name: tripleo-create-admin + tasks_from: authorize_user.yml + vars: + tripleo_admin_user: tripleo-admin + tripleo_admin_pubkey: ssh-rsa AAAATEST diff --git a/tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/prepare.yml b/tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/prepare.yml new file mode 100644 index 000000000..57929e854 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/prepare.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + roles: + - role: test_deps + tasks: + - name: Install additional dependencies + package: + name: openssh + state: present diff --git a/tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/tests/test_keyadd.py b/tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/tests/test_keyadd.py new file mode 100644 index 000000000..8d77d71c0 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/tests/test_keyadd.py @@ -0,0 +1,28 @@ +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +import os + +import testinfra.utils.ansible_runner + + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_user_key_add(host): + auth_keys = host.file("/home/tripleo-admin/.ssh/authorized_keys") + assert 'ssh-rsa AAAATEST' in auth_keys.content_string diff --git a/tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/verify.yml b/tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/verify.yml new file mode 100644 index 000000000..dfd4c7352 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/molecule/addkey/verify.yml @@ -0,0 +1,15 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. diff --git a/tripleo_ansible/roles/tripleo-create-admin/molecule/default/Dockerfile b/tripleo_ansible/roles/tripleo-create-admin/molecule/default/Dockerfile new file mode 100644 index 000000000..1b91a0e0b --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/molecule/default/Dockerfile @@ -0,0 +1,37 @@ +# Molecule managed +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi + +{% for pkg in item.easy_install | default([]) %} +# install pip for centos where there is no python-pip rpm in default repos +RUN easy_install {{ pkg }} +{% endfor %} + + +CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/tripleo_ansible/roles/tripleo-create-admin/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo-create-admin/molecule/default/molecule.yml new file mode 100644 index 000000000..3a32890d4 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/molecule/default/molecule.yml @@ -0,0 +1,48 @@ +--- +driver: + name: docker + +log: true + +platforms: + - name: centos7 + hostname: centos7 + image: centos:7 + dockerfile: Dockerfile + pkg_extras: python-setuptools + easy_install: + - pip + environment: &env + http_proxy: "{{ lookup('env', 'http_proxy') }}" + https_proxy: "{{ lookup('env', 'https_proxy') }}" + + - name: fedora28 + hostname: fedora28 + image: fedora:28 + dockerfile: Dockerfile + pkg_extras: python*-setuptools + environment: + <<: *env + +provisioner: + name: ansible + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + +scenario: + test_sequence: + - destroy + - create + - prepare + - converge + - verify + - destroy + +lint: + enabled: false + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/tripleo_ansible/roles/tripleo-create-admin/molecule/default/playbook.yml b/tripleo_ansible/roles/tripleo-create-admin/molecule/default/playbook.yml new file mode 100644 index 000000000..2fb837e0e --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/molecule/default/playbook.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + roles: + - role: "tripleo-create-admin" diff --git a/tripleo_ansible/roles/tripleo-create-admin/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo-create-admin/molecule/default/prepare.yml new file mode 100644 index 000000000..57929e854 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/molecule/default/prepare.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + roles: + - role: test_deps + tasks: + - name: Install additional dependencies + package: + name: openssh + state: present diff --git a/tripleo_ansible/roles/tripleo-create-admin/molecule/default/tests/test_default.py b/tripleo_ansible/roles/tripleo-create-admin/molecule/default/tests/test_default.py new file mode 100644 index 000000000..e82fee990 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/molecule/default/tests/test_default.py @@ -0,0 +1,27 @@ +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +import os + +import testinfra.utils.ansible_runner + + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_user_exists(host): + assert host.user('tripleo-admin').home == "/home/tripleo-admin" diff --git a/tripleo_ansible/roles/tripleo-create-admin/molecule/default/verify.yml b/tripleo_ansible/roles/tripleo-create-admin/molecule/default/verify.yml new file mode 100644 index 000000000..dfd4c7352 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/molecule/default/verify.yml @@ -0,0 +1,15 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. diff --git a/tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/Dockerfile b/tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/Dockerfile new file mode 100644 index 000000000..1b91a0e0b --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/Dockerfile @@ -0,0 +1,37 @@ +# Molecule managed +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi + +{% for pkg in item.easy_install | default([]) %} +# install pip for centos where there is no python-pip rpm in default repos +RUN easy_install {{ pkg }} +{% endfor %} + + +CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/molecule.yml b/tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/molecule.yml new file mode 100644 index 000000000..3a32890d4 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/molecule.yml @@ -0,0 +1,48 @@ +--- +driver: + name: docker + +log: true + +platforms: + - name: centos7 + hostname: centos7 + image: centos:7 + dockerfile: Dockerfile + pkg_extras: python-setuptools + easy_install: + - pip + environment: &env + http_proxy: "{{ lookup('env', 'http_proxy') }}" + https_proxy: "{{ lookup('env', 'https_proxy') }}" + + - name: fedora28 + hostname: fedora28 + image: fedora:28 + dockerfile: Dockerfile + pkg_extras: python*-setuptools + environment: + <<: *env + +provisioner: + name: ansible + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + +scenario: + test_sequence: + - destroy + - create + - prepare + - converge + - verify + - destroy + +lint: + enabled: false + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/playbook.yml b/tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/playbook.yml new file mode 100644 index 000000000..05e5823a6 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/playbook.yml @@ -0,0 +1,22 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + roles: + - role: "tripleo-create-admin" + tripleo_admin_generate_key: true diff --git a/tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/prepare.yml b/tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/prepare.yml new file mode 100644 index 000000000..57929e854 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/prepare.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + roles: + - role: test_deps + tasks: + - name: Install additional dependencies + package: + name: openssh + state: present diff --git a/tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/tests/test_keygen.py b/tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/tests/test_keygen.py new file mode 100644 index 000000000..2672b5c92 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/tests/test_keygen.py @@ -0,0 +1,27 @@ +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +import os + +import testinfra.utils.ansible_runner + + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_user_key_exists(host): + assert host.file("/home/tripleo-admin/.ssh/id_rsa.pub").exists diff --git a/tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/verify.yml b/tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/verify.yml new file mode 100644 index 000000000..dfd4c7352 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/molecule/keygen/verify.yml @@ -0,0 +1,15 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. diff --git a/tripleo_ansible/roles/tripleo-create-admin/tasks/authorize_user.yml b/tripleo_ansible/roles/tripleo-create-admin/tasks/authorize_user.yml new file mode 100644 index 000000000..1bbe83333 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/tasks/authorize_user.yml @@ -0,0 +1,24 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: authorize TripleO Mistral key for user {{ tripleo_admin_user }} + lineinfile: + path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys + line: '{{ tripleo_admin_pubkey }}' + regexp: 'Generated by TripleO' + when: + - tripleo_admin_pubkey is defined diff --git a/tripleo_ansible/roles/tripleo-create-admin/tasks/create_user.yml b/tripleo_ansible/roles/tripleo-create-admin/tasks/create_user.yml new file mode 100644 index 000000000..36ba5bfc7 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/tasks/create_user.yml @@ -0,0 +1,62 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: create user {{ tripleo_admin_user }} + user: + name: '{{ tripleo_admin_user }}' + generate_ssh_key: '{{ tripleo_admin_generate_key }}' + +- name: grant admin rights to user {{ tripleo_admin_user }} + copy: + dest: /etc/sudoers.d/{{ tripleo_admin_user }} + content: | + {{ tripleo_admin_user }} ALL=(ALL) NOPASSWD:ALL + mode: 0440 + +- name: ensure .ssh dir exists for user {{ tripleo_admin_user }} + file: + path: /home/{{ tripleo_admin_user }}/.ssh + state: directory + owner: '{{ tripleo_admin_user }}' + group: '{{ tripleo_admin_user }}' + mode: 0700 + +- name: ensure authorized_keys file exists for user {{ tripleo_admin_user }} + file: + path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys + state: touch + owner: '{{ tripleo_admin_user }}' + group: '{{ tripleo_admin_user }}' + mode: 0600 + +- name: get remote {{ tripleo_admin_user }} public key + slurp: + src: /home/{{ tripleo_admin_user }}/.ssh/id_rsa.pub + register: key + when: + - tripleo_admin_generate_key | bool + +- name: append {{ tripleo_admin_user }} public key to authorized_keys + lineinfile: + path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys + line: "{{ key['content'] | b64decode }}" + state: present + owner: '{{ tripleo_admin_user }}' + group: '{{ tripleo_admin_user }}' + mode: 0600 + when: + - tripleo_admin_generate_key | bool diff --git a/tripleo_ansible/roles/tripleo-create-admin/tasks/main.yml b/tripleo_ansible/roles/tripleo-create-admin/tasks/main.yml new file mode 100644 index 000000000..a43750463 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-create-admin/tasks/main.yml @@ -0,0 +1,19 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- import_tasks: create_user.yml +- import_tasks: authorize_user.yml diff --git a/zuul.d/molecule.yaml b/zuul.d/molecule.yaml index b2bc7baef..5c003789d 100644 --- a/zuul.d/molecule.yaml +++ b/zuul.d/molecule.yaml @@ -9,6 +9,7 @@ - tripleo-ansible-centos-7-molecule-tripleo-bootstrap - tripleo-ansible-centos-7-molecule-tuned - tripleo-ansible-centos-7-role-addition + - tripleo-ansible-centos-7-molecule-tripleo-create-admin gate: jobs: - tripleo-ansible-centos-7-molecule-aide @@ -18,17 +19,18 @@ - tripleo-ansible-centos-7-molecule-tripleo-bootstrap - tripleo-ansible-centos-7-molecule-tuned - tripleo-ansible-centos-7-role-addition + - tripleo-ansible-centos-7-molecule-tripleo-create-admin name: tripleo-ansible-molecule-jobs - job: files: - - ^roles/aide/.* + - ^tripleo_ansible/roles/aide/.* name: tripleo-ansible-centos-7-molecule-aide parent: tripleo-ansible-centos vars: tox_envlist: mol-aide - job: files: - - ^roles/test_deps/.* + - ^tripleo_ansible/roles/test_deps/.* name: tripleo-ansible-centos-7-molecule-test_deps parent: tripleo-ansible-centos vars: @@ -43,7 +45,7 @@ - job: files: - ^ansible_plugins/action/package.py - - ^roles/test_package_action/.* + - ^tripleo_ansible/roles/test_package_action/.* name: tripleo-ansible-centos-7-molecule-test_package_action parent: tripleo-ansible-centos vars: @@ -58,16 +60,24 @@ tox_envlist: mol-tripleo-bootstrap - job: files: - - ^roles/tuned/.* + - ^tripleo_ansible/roles/tuned/.* name: tripleo-ansible-centos-7-molecule-tuned parent: tripleo-ansible-centos vars: tox_envlist: mol-tuned - job: files: - - ^_skeleton_role_/.* - - ^role-addition.yml + - ^_skeleton_role_/.* + - ^role-addition.yml name: tripleo-ansible-centos-7-role-addition parent: tripleo-ansible-centos vars: tox_envlist: role-addition +- job: + files: + - ^tripleo_ansible/roles/tripleo-create-admin/.* + name: tripleo-ansible-centos-7-molecule-tripleo-create-admin + parent: tripleo-ansible-centos + timeout: 1800 + vars: + tox_envlist: mol-tripleo-create-admin