43aa2c6a44
This change will improve the deployer UX by ensuring that the log output does not show failed tasks. While the potential for failed tasks should be rescued, and complete successfully, the output confusing and could result in the operator taking unnecessary debugging steps during a deployment. To ensure that the output is accurate and easy to understand the playbook will now stat the required file and the needed blocks will only execute when the appropriate conditions are met. Change-Id: I0e69f44a6e06926a8987defa96c7ffac167ccdb5 Signed-off-by: Kevin Carter <kecarter@redhat.com>
241 lines
8.1 KiB
YAML
241 lines
8.1 KiB
YAML
---
|
|
# Copyright 2019 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
- name: Playbook for establishing ssh keys
|
|
connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}"
|
|
hosts: "{{ tripleo_target_host | default('localhost') }}"
|
|
remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}"
|
|
gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}"
|
|
any_errors_fatal: true
|
|
handlers:
|
|
- name: Remove mistral tmp file
|
|
file:
|
|
path: "{{ tempfile_1.path }}"
|
|
state: absent
|
|
tasks:
|
|
- name: No ssh servers defined
|
|
fail:
|
|
msg: >-
|
|
The ssh_servers option was undefined.
|
|
when:
|
|
- ssh_servers is undefined
|
|
|
|
- name: No cloud name is defined
|
|
fail:
|
|
msg: >-
|
|
The tripleo_cloud_name option was undefined.
|
|
when:
|
|
- tripleo_cloud_name is undefined
|
|
|
|
- name: Run blacklist IP check
|
|
command: >-
|
|
openstack --os-cloud undercloud stack output show {{ tripleo_cloud_name }} BlacklistedIpAddresses -f yaml
|
|
register: blacklist_cmd
|
|
changed_when: false
|
|
async: 1000
|
|
poll: 0
|
|
|
|
- name: Retrieve compute managed network ports
|
|
os_port_facts:
|
|
cloud: undercloud
|
|
filters:
|
|
status: ACTIVE
|
|
changed_when: false
|
|
register: port_check
|
|
async: 1000
|
|
poll: 0
|
|
|
|
- name: Set local connection user facts
|
|
set_fact:
|
|
ansible_home: "{{ lookup('env', 'HOME') }}"
|
|
ansible_user: "{{ lookup('env', 'USER') }}"
|
|
run_once: true
|
|
when:
|
|
- (tripleo_target_host is defined) | ternary('ssh', 'local') == 'local'
|
|
|
|
- name: Set facts for ssh servers and user private key file
|
|
set_fact:
|
|
set_ssh_servers: "{{ ssh_servers }}"
|
|
defined_user_private_key_file: "{{ user_private_key_file | default(ansible_home ~ '/.ssh/id_rsa_tripleo') }}"
|
|
run_once: true
|
|
|
|
- name: Ensure .ssh directory
|
|
file:
|
|
path: "{{ ansible_home }}/.ssh"
|
|
state: directory
|
|
mode: "0700"
|
|
owner: "{{ ansible_user }}"
|
|
become: true
|
|
|
|
- name: Ensure ssh key pair
|
|
user:
|
|
name: "{{ ansible_user }}"
|
|
generate_ssh_key: true
|
|
ssh_key_bits: 4096
|
|
ssh_key_file: "{{ ansible_home }}/.ssh/id_rsa"
|
|
become: true
|
|
|
|
- name: Stat key file
|
|
stat:
|
|
path: "{{ defined_user_private_key_file }}"
|
|
register: key_check
|
|
|
|
- name: Key block
|
|
when:
|
|
- user_public_key is undefined
|
|
- user_private_key is undefined
|
|
- user_private_key_file is undefined
|
|
block:
|
|
- name: Read key block
|
|
run_once: true
|
|
when:
|
|
- key_check.stat.exists | bool
|
|
block:
|
|
- name: Get local private key
|
|
slurp:
|
|
src: "{{ defined_user_private_key_file }}"
|
|
register: private_key_get
|
|
become: true
|
|
|
|
- name: Get local public key
|
|
slurp:
|
|
src: "{{ defined_user_private_key_file }}.pub"
|
|
register: public_key_get
|
|
become: true
|
|
|
|
- name: Set key facts
|
|
set_fact:
|
|
user_public_key: "{{ public_key_get['content'] | b64decode }}"
|
|
user_private_key: "{{ private_key_get['content'] | b64decode }}"
|
|
user_private_key_file: "{{ defined_user_private_key_file }}"
|
|
|
|
- name: Read and create key block
|
|
run_once: true
|
|
when:
|
|
- not (key_check.stat.exists | bool)
|
|
block:
|
|
- name: Get local private key
|
|
slurp:
|
|
src: "{{ ansible_home }}/.ssh/id_rsa"
|
|
register: private_key_get
|
|
become: true
|
|
|
|
- name: Get local public key
|
|
slurp:
|
|
src: "{{ ansible_home }}/.ssh/id_rsa.pub"
|
|
register: public_key_get
|
|
become: true
|
|
|
|
- name: Write tripleo private key
|
|
copy:
|
|
content: "{{ private_key_get['content'] | b64decode }}"
|
|
dest: "{{ defined_user_private_key_file }}"
|
|
mode: "0600"
|
|
|
|
- name: Write tripleo public key
|
|
copy:
|
|
content: "{{ public_key_get['content'] | b64decode }}"
|
|
dest: "{{ defined_user_private_key_file }}.pub"
|
|
mode: "0640"
|
|
|
|
- name: Set key file fact
|
|
set_fact:
|
|
user_public_key: "{{ public_key_get['content'] | b64decode }}"
|
|
user_private_key: "{{ private_key_get['content'] | b64decode }}"
|
|
user_private_key_file: "{{ defined_user_private_key_file }}"
|
|
|
|
- name: Ensure user can ssh to localhost
|
|
authorized_key:
|
|
user: "{{ ansible_user }}"
|
|
key: "{{ user_public_key }}"
|
|
become: true
|
|
|
|
- name: Block on async blacklist check
|
|
async_status:
|
|
jid: "{{ blacklist_cmd.ansible_job_id }}"
|
|
register: blacklist_cmd_job_result
|
|
until: blacklist_cmd_job_result.finished
|
|
retries: 30
|
|
|
|
- name: Set BlacklistedIpAddresses fact
|
|
set_fact:
|
|
BlacklistedIpAddresses: "{{ (blacklist_cmd_job_result.stdout | from_yaml)['output_value'] }}"
|
|
|
|
- name: Block on async port check
|
|
async_status:
|
|
jid: "{{ port_check.ansible_job_id }}"
|
|
register: port_check_job_result
|
|
until: port_check_job_result.finished
|
|
retries: 30
|
|
|
|
- name: Set ManagedIpAddresses fact
|
|
set_fact:
|
|
ManagedIpAddresses: "{{ openstack_ports | map(attribute='fixed_ips') | sum(start=[]) | map(attribute='ip_address') | list }}"
|
|
|
|
- name: Set node key fact
|
|
set_fact:
|
|
node_key_fact: "{{ lookup('env', 'ANSIBLE_PRIVATE_KEY_FILE') or (ansible_ssh_private_key_file | default(ansible_home ~ '/.ssh/id_rsa')) }}"
|
|
|
|
- name: Add ssh-servers
|
|
add_host:
|
|
hostname: "{{ item }}"
|
|
groups: tripleo_queues
|
|
user_public_key: "{{ user_public_key }}"
|
|
user_private_key: "{{ user_private_key }}"
|
|
user_private_key_file: "{{ user_private_key_file }}"
|
|
ansible_user: "{{ (item in ManagedIpAddresses) | ternary('heat-admin', (ssh_user | default(ansible_user))) }}"
|
|
ansible_ssh_private_key_file: "{{ node_key_fact }}"
|
|
changed_when: false
|
|
loop: '{{ set_ssh_servers | difference(((BlacklistedIpAddresses | length) < 1) | ternary([], BlacklistedIpAddresses)) }}'
|
|
|
|
|
|
- name: Run Create admin
|
|
hosts: localhost:tripleo_queues
|
|
become: true
|
|
any_errors_fatal: true
|
|
gather_facts: false
|
|
pre_tasks:
|
|
# NOTE(cloudnull): The connection will allow for 40 minutes before failing. This time was chosen
|
|
# because a server may take anywhere from 5 to 40 minutes to boot, and in large
|
|
# deployments the number of "forks" may not accomodate all nodes running this
|
|
# task in parallel. Because we don't know the all of the characteristics of the
|
|
# machine being used, there's no way to compute the value appropriate for a
|
|
# given node(s), so 40 minutes should accommodate most environments.
|
|
- name: Wait for connection to become available
|
|
wait_for_connection:
|
|
sleep: 4
|
|
timeout: 2400
|
|
|
|
- name: Gather facts with an active connection
|
|
setup:
|
|
gather_subset:
|
|
- '!facter'
|
|
- '!ohai'
|
|
roles:
|
|
- role: tripleo_create_admin
|
|
tripleo_admin_user: tripleo-admin
|
|
tripleo_admin_pubkey: "{{ user_public_key }}"
|
|
|
|
|
|
- name: Validate TripleO Admin Access
|
|
hosts: localhost:tripleo_queues
|
|
user: tripleo-admin
|
|
gather_facts: false
|
|
vars:
|
|
ansible_ssh_private_key_file: "{{ user_private_key_file }}"
|
|
tasks:
|
|
- name: Ping host
|
|
ping: {}
|