diff --git a/tripleo_ansible/roles/tripleo-ssh-known-hosts/README.md b/tripleo_ansible/roles/tripleo-ssh-known-hosts/README.md index 220a33f2a..1de468fa0 100644 --- a/tripleo_ansible/roles/tripleo-ssh-known-hosts/README.md +++ b/tripleo_ansible/roles/tripleo-ssh-known-hosts/README.md @@ -9,12 +9,6 @@ Requirements This section needs to be documented. -Role variables --------------- - -- ssh_known_hosts: -- Dict of hostname to ssh_known_hosts entries for a given - host - Dependencies ------------ diff --git a/tripleo_ansible/roles/tripleo-ssh-known-hosts/defaults/main.yml b/tripleo_ansible/roles/tripleo-ssh-known-hosts/defaults/main.yml index 0759e0ad6..a689d9e6a 100644 --- a/tripleo_ansible/roles/tripleo-ssh-known-hosts/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo-ssh-known-hosts/defaults/main.yml @@ -16,22 +16,3 @@ # All variables intended for modification should place placed in this file. - -# NOTE(cloudnull): This role used to use a non-namespaced option, which has a high -# probability of creating conflicts with other roles in the greater -# ansible ecosystem. To ensure that we're able to retain existing -# variable functionality the "ssh_known_hosts" option will supersede -# "tripleo_ssh_known_hosts" if defined. This default should be removed -# just as soon as we're validate that the non-namespaced option is -# no longer in use. -# -# tripleo_ssh_known_hosts: -# overcloud-controller-0: '[172.17.25.246]*,[overcloud-controller-0.localdomain]*,[overcloud-controller-0]*,...' -# overcloud-novacompute-0: '[172.17.25.247]*,[overcloud-novacompute-0.localdomain]*,[overcloud-novacompute-0]*,...' -# overcloud-novacompute-1: '[172.17.25.248]*,[overcloud-novacompute-1.localdomain]*,[overcloud-novacompute-1]*,...' -# overcloud-novacompute-2: '[172.17.25.249]*,[overcloud-novacompute-2.localdomain]*,[overcloud-novacompute-2]*,...' -# -# tripleo_ssh_known_hosts_use_template: false - -tripleo_ssh_known_hosts: "{{ ssh_known_hosts | default({}) }}" -tripleo_ssh_known_hosts_use_template: false diff --git a/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/default/molecule.yml index 4ceafc6b0..c051b7838 100644 --- a/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/default/molecule.yml +++ b/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/default/molecule.yml @@ -30,9 +30,10 @@ provisioner: hosts: all: vars: - tripleo_ssh_known_hosts: - "centos7": '[10.0.0.0]*,[test-0.localdomain]*,[test-0]*' - "fedora28": '[10.0.0.0]*,[test-0.localdomain]*,[test-0]*' + ctlplane_ip: 10.0.0.0 + cloud_domain: localdomain + enabled_networks: [] + role_networks: [] children: overcloud: hosts: diff --git a/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/default/tests/test_default.py b/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/default/tests/test_default.py index efbeb6795..83d5a6e52 100644 --- a/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/default/tests/test_default.py +++ b/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/default/tests/test_default.py @@ -24,5 +24,6 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def test_host_key_add(host): - assert '[10.0.0.0]*,[test-0.localdomain]*,[test-0]* ssh-rsa AAAATEST' \ - in host.file("/etc/ssh/ssh_known_hosts").content_string + hostname = host.ansible.get_variables()['inventory_hostname'] + line = '[10.0.0.0]*,[%s.localdomain]*,[%s]* ssh-rsa AAAATEST' % (hostname, hostname) + assert line in host.file("/etc/ssh/ssh_known_hosts").content_string diff --git a/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/legacy_vars/Dockerfile b/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/legacy_vars/Dockerfile deleted file mode 100644 index 1b91a0e0b..000000000 --- a/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/legacy_vars/Dockerfile +++ /dev/null @@ -1,37 +0,0 @@ -# Molecule managed -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} - - -CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/legacy_vars/molecule.yml b/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/legacy_vars/molecule.yml deleted file mode 100644 index d34dc19df..000000000 --- a/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/legacy_vars/molecule.yml +++ /dev/null @@ -1,62 +0,0 @@ ---- -driver: - name: docker - -log: true - -platforms: - - name: centos7 - hostname: centos7 - image: centos:7 - dockerfile: Dockerfile - pkg_extras: python-setuptools - easy_install: - - pip - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - - - name: fedora28 - hostname: fedora28 - image: fedora:28 - dockerfile: Dockerfile - pkg_extras: python*-setuptools - environment: - <<: *env - -provisioner: - name: ansible - inventory: - hosts: - all: - vars: - ssh_known_hosts: - "centos7": '[10.0.0.0]*,[test-0.localdomain]*,[test-0]*' - "fedora28": '[10.0.0.0]*,[test-0.localdomain]*,[test-0]*' - children: - overcloud: - hosts: - fedora28: - ansible_ssh_host_key_rsa_public: AAAATEST - centos7: - ansible_ssh_host_key_rsa_public: AAAATEST - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -lint: - enabled: false - -verifier: - name: testinfra - lint: - name: flake8 diff --git a/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/legacy_vars/playbook.yml b/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/legacy_vars/playbook.yml deleted file mode 100644 index 602efb953..000000000 --- a/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/legacy_vars/playbook.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - pre_tasks: - roles: - - role: "tripleo-ssh-known-hosts" diff --git a/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/legacy_vars/prepare.yml b/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/legacy_vars/prepare.yml deleted file mode 100644 index 57929e854..000000000 --- a/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/legacy_vars/prepare.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - tasks: - - name: Install additional dependencies - package: - name: openssh - state: present diff --git a/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/legacy_vars/tests/test_default.py b/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/legacy_vars/tests/test_default.py deleted file mode 100644 index efbeb6795..000000000 --- a/tripleo_ansible/roles/tripleo-ssh-known-hosts/molecule/legacy_vars/tests/test_default.py +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import os - -import testinfra.utils.ansible_runner - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_host_key_add(host): - assert '[10.0.0.0]*,[test-0.localdomain]*,[test-0]* ssh-rsa AAAATEST' \ - in host.file("/etc/ssh/ssh_known_hosts").content_string diff --git a/tripleo_ansible/roles/tripleo-ssh-known-hosts/tasks/main.yml b/tripleo_ansible/roles/tripleo-ssh-known-hosts/tasks/main.yml index c339f2418..aa85a5269 100644 --- a/tripleo_ansible/roles/tripleo-ssh-known-hosts/tasks/main.yml +++ b/tripleo_ansible/roles/tripleo-ssh-known-hosts/tasks/main.yml @@ -57,26 +57,13 @@ {%- endfor -%} {{ ' ssh-rsa ' ~ hostvars[host]['ansible_ssh_host_key_rsa_public'] }} {% endfor %} - when: - - tripleo_ssh_known_hosts_use_template | bool - - name: Add host keys to temporary ssh_known_hosts from rendered template + - name: Add host keys to temporary ssh_known_hosts lineinfile: path: "{{ ssh_known_hosts_tmp.path }}" line: "{{ item }}" create: true with_items: "{{ ssh_known_hosts_lines.splitlines() }}" - when: - - tripleo_ssh_known_hosts_use_template | bool - - - name: Add host keys to temporary ssh_known_hosts - lineinfile: - path: "{{ ssh_known_hosts_tmp.path }}" - line: "{{ tripleo_ssh_known_hosts[(hostvars[item]['ansible_hostname'] | lower)] ~ ' ssh-rsa ' ~ hostvars[item]['ansible_ssh_host_key_rsa_public'] }}" - create: true - with_items: "{{ groups['overcloud'] | intersect(play_hosts) }}" - when: - - not (tripleo_ssh_known_hosts_use_template | bool) # Workaround https://bugs.launchpad.net/tripleo/+bug/1810932 # Ansible modules perform a replace instead of in-place modification.