Remove access.yaml workbook
We don't use it anymore. Change-Id: Ibebd1728bb38eb638201b6bb8ca101005c9a6681
This commit is contained in:
Rabi Mishra
parent
60c6df1fd5
commit
25dd847653
@ -1,179 +0,0 @@
|
||||
---
|
||||
version: '2.0'
|
||||
name: tripleo.access.v1
|
||||
description: TripleO administration access workflows
|
||||
|
||||
workflows:
|
||||
|
||||
enable_ssh_admin:
|
||||
description: >-
|
||||
This workflow creates an admin user on the overcloud nodes,
|
||||
which can then be used for connecting for automated
|
||||
administrative or deployment tasks, e.g. via Ansible. The
|
||||
workflow can be used both for Nova-managed and split-stack
|
||||
deployments, assuming the correct input values are passed
|
||||
in. The workflow defaults to Nova-managed approach, for which no
|
||||
additional parameters need to be supplied. In case of
|
||||
split-stack, temporary ssh connection details (user, key, list
|
||||
of servers) need to be provided -- these are only used
|
||||
temporarily to create the actual ssh admin user for use by
|
||||
Mistral.
|
||||
tags:
|
||||
- tripleo-common-managed
|
||||
input:
|
||||
- ssh_private_key: null
|
||||
- ssh_user: null
|
||||
- ssh_servers: []
|
||||
- overcloud_admin: tripleo-admin
|
||||
- queue_name: tripleo
|
||||
- plan_name: overcloud
|
||||
|
||||
tasks:
|
||||
get_pubkey:
|
||||
action: tripleo.validations.get_pubkey
|
||||
on-success: get_blacklisted_ip_addresses
|
||||
publish:
|
||||
pubkey: <% task().result %>
|
||||
|
||||
get_blacklisted_ip_addresses:
|
||||
action: heat.stacks_output_show
|
||||
input:
|
||||
stack_id: <% $.plan_name %>
|
||||
output_key: BlacklistedIpAddresses
|
||||
publish:
|
||||
blacklisted_ip_addresses: <% task().result.output.output_value %>
|
||||
on-success: get_ssh_servers_not_blacklisted
|
||||
publish-on-error:
|
||||
status: FAILED
|
||||
message: <% task().result %>
|
||||
|
||||
get_ssh_servers_not_blacklisted:
|
||||
publish:
|
||||
ssh_servers_not_blacklisted: <% let(blacklisted=>$.blacklisted_ip_addresses, ssh_servers=>$.ssh_servers) -> $ssh_servers.where(not $ in $blacklisted) %>
|
||||
on-success:
|
||||
- create_admin_via_nova: <% $.ssh_private_key = null %>
|
||||
- create_admin_via_ssh: <% $.ssh_private_key != null %>
|
||||
publish-on-error:
|
||||
status: FAILED
|
||||
message: <% task().result %>
|
||||
|
||||
# Nova variant
|
||||
create_admin_via_nova:
|
||||
workflow: tripleo.access.v1.create_admin_via_nova
|
||||
input:
|
||||
queue_name: <% $.queue_name %>
|
||||
ssh_servers: <% $.ssh_servers_not_blacklisted %>
|
||||
tasks:
|
||||
- name: create and authorize user <% $.overcloud_admin %>
|
||||
import_role:
|
||||
name: tripleo-create-admin
|
||||
vars:
|
||||
tripleo_admin_user: <% $.overcloud_admin %>
|
||||
tripleo_admin_pubkey: <% $.pubkey %>
|
||||
overcloud_admin: <% $.overcloud_admin %>
|
||||
|
||||
# SSH variant
|
||||
create_admin_via_ssh:
|
||||
workflow: tripleo.access.v1.create_admin_via_ssh
|
||||
input:
|
||||
ssh_private_key: <% $.ssh_private_key %>
|
||||
ssh_user: <% $.ssh_user %>
|
||||
ssh_servers: <% $.ssh_servers_not_blacklisted %>
|
||||
tasks:
|
||||
- name: create and authorize user <% $.overcloud_admin %>
|
||||
import_role:
|
||||
name: tripleo-create-admin
|
||||
vars:
|
||||
tripleo_admin_user: <% $.overcloud_admin %>
|
||||
tripleo_admin_pubkey: <% $.pubkey %>
|
||||
|
||||
create_admin_via_nova:
|
||||
input:
|
||||
- tasks
|
||||
- queue_name: tripleo
|
||||
- ssh_servers: []
|
||||
- overcloud_admin: tripleo-admin
|
||||
- ansible_extra_env_variables:
|
||||
ANSIBLE_HOST_KEY_CHECKING: 'False'
|
||||
tags:
|
||||
- tripleo-common-managed
|
||||
tasks:
|
||||
get_servers:
|
||||
action: nova.servers_list
|
||||
with-items: server in <% $.ssh_servers %>
|
||||
input:
|
||||
search_opts:
|
||||
ip: <% $.server %>
|
||||
publish:
|
||||
servers: <% task().result._info %>
|
||||
on-success: create_admin
|
||||
|
||||
create_admin:
|
||||
workflow: tripleo.deployment.v1.deploy_on_server
|
||||
on-success: get_privkey
|
||||
with-items: server in <% $.servers.flatten() %>
|
||||
input:
|
||||
server_name: <% $.server.name %>
|
||||
server_uuid: <% $.server.id %>
|
||||
queue_name: <% $.queue_name %>
|
||||
config_name: create_admin
|
||||
group: ansible
|
||||
config: |
|
||||
- hosts: localhost
|
||||
connection: local
|
||||
gather_facts: false
|
||||
tasks: <% json_pp($.tasks) %>
|
||||
|
||||
get_privkey:
|
||||
action: tripleo.validations.get_privkey
|
||||
on-success: wait_for_occ
|
||||
publish:
|
||||
privkey: <% task().result %>
|
||||
|
||||
wait_for_occ:
|
||||
action: tripleo.ansible-playbook
|
||||
input:
|
||||
inventory:
|
||||
overcloud:
|
||||
hosts: <% $.ssh_servers.toDict($, {}) %>
|
||||
remote_user: <% $.overcloud_admin %>
|
||||
ssh_private_key: <% $.privkey %>
|
||||
extra_env_variables: <% $.ansible_extra_env_variables %>
|
||||
playbook:
|
||||
- hosts: overcloud
|
||||
gather_facts: no
|
||||
tasks:
|
||||
- name: wait for connection
|
||||
wait_for_connection:
|
||||
sleep: 5
|
||||
timeout: 300
|
||||
execution_id: <% execution().id %>
|
||||
|
||||
create_admin_via_ssh:
|
||||
input:
|
||||
- tasks
|
||||
- ssh_private_key
|
||||
- ssh_user
|
||||
- ssh_servers
|
||||
- ansible_extra_env_variables:
|
||||
ANSIBLE_HOST_KEY_CHECKING: 'False'
|
||||
|
||||
tags:
|
||||
- tripleo-common-managed
|
||||
tasks:
|
||||
write_tmp_playbook:
|
||||
action: tripleo.ansible-playbook
|
||||
input:
|
||||
trash_output: true
|
||||
inventory:
|
||||
overcloud:
|
||||
hosts: <% $.ssh_servers.toDict($, {}) %>
|
||||
remote_user: <% $.ssh_user %>
|
||||
ssh_private_key: <% $.ssh_private_key %>
|
||||
extra_env_variables: <% $.ansible_extra_env_variables %>
|
||||
become: true
|
||||
become_user: root
|
||||
playbook:
|
||||
- hosts: overcloud
|
||||
tasks: <% $.tasks %>
|
||||
execution_id: <% execution().id %>
|
||||
Loading…
x
Reference in New Issue
Block a user