f98c136078
The ceph-ansible and skydive workflows now consumes the blacklisted_ip_addresses input. The enable_ssh_admin workflow is modified to consume a list of ip addresses and only enable ssh on the given set of addresses. Change-Id: I4255739c852409fb8e170a9913fe7ad810711734 Depends-On: Ic158171c629e82892e480f1e6903a67457f86064 Closes-Bug: #1743046
74 lines
3.1 KiB
YAML
74 lines
3.1 KiB
YAML
---
|
|
version: '2.0'
|
|
name: tripleo.skydive_ansible.v1
|
|
description: TripleO manages Skydive with skydive-ansible
|
|
|
|
workflows:
|
|
skydive_install:
|
|
# allows for additional extra_vars via workflow input
|
|
input:
|
|
- ansible_playbook_verbosity: 0
|
|
- ansible_extra_env_variables:
|
|
ANSIBLE_ROLES_PATH: /usr/share/skydive-ansible/roles/
|
|
ANSIBLE_RETRY_FILES_ENABLED: 'False'
|
|
ANSIBLE_LOG_PATH: /var/log/mistral/skydive-install-workflow.log
|
|
ANSIBLE_HOST_KEY_CHECKING: 'False'
|
|
- skydive_ansible_extra_vars: {}
|
|
- skydive_ansible_playbook: /usr/share/skydive-ansible/playbook.yml.sample
|
|
tags:
|
|
- tripleo-common-managed
|
|
tasks:
|
|
set_blacklisted_ips:
|
|
publish:
|
|
blacklisted_ips: <% env().get('blacklisted_ip_addresses', []) %>
|
|
on-success: set_ip_lists
|
|
set_ip_lists:
|
|
publish:
|
|
agent_ips: <% let(root => $) -> env().get('service_ips', {}).get('skydive_agent_ctlplane_node_ips', []).where(not ($ in $root.blacklisted_ips)) %>
|
|
analyzer_ips: <% let(root => $) -> env().get('service_ips', {}).get('skydive_analyzer_ctlplane_node_ips', []).where(not ($ in $root.blacklisted_ips)) %>
|
|
on-success: enable_ssh_admin
|
|
enable_ssh_admin:
|
|
workflow: tripleo.access.v1.enable_ssh_admin
|
|
input:
|
|
ssh_servers: <% ($.agent_ips + $.analyzer_ips).toSet() %>
|
|
on-success: get_private_key
|
|
get_private_key:
|
|
action: tripleo.validations.get_privkey
|
|
publish:
|
|
private_key: <% task().result %>
|
|
on-success: set_fork_count
|
|
set_fork_count:
|
|
publish: # unique list of all IPs: make each list a set, take unions and count
|
|
fork_count: <% min($.agent_ips.toSet().union($.analyzer_ips.toSet()).count(), 100) %> # don't use >100 forks
|
|
on-success: set_role_vars
|
|
set_role_vars:
|
|
publish:
|
|
# NOTE(sbaubeau): collect role settings from all tht roles
|
|
agent_vars: <% env().get('role_merged_configs', {}).values().select($.get('skydive_agent_ansible_vars', {})).aggregate($1 + $2) %>
|
|
analyzer_vars: <% env().get('role_merged_configs', {}).values().select($.get('skydive_analyzer_ansible_vars', {})).aggregate($1 + $2) %>
|
|
on-success: build_extra_vars
|
|
build_extra_vars:
|
|
publish:
|
|
# NOTE(sbaubeau): merge vars from all ansible roles
|
|
extra_vars: <% $.agent_vars + $.analyzer_vars + $.skydive_ansible_extra_vars %>
|
|
on-success: skydive_install
|
|
skydive_install:
|
|
action: tripleo.ansible-playbook
|
|
input:
|
|
inventory:
|
|
agents:
|
|
hosts: <% $.agent_ips.toDict($, {}) %>
|
|
analyzers:
|
|
hosts: <% $.analyzer_ips.toDict($, {}) %>
|
|
playbook: <% $.skydive_ansible_playbook %>
|
|
remote_user: tripleo-admin
|
|
become: true
|
|
become_user: root
|
|
verbosity: <% $.ansible_playbook_verbosity %>
|
|
forks: <% $.fork_count %>
|
|
ssh_private_key: <% $.private_key %>
|
|
extra_env_variables: <% $.ansible_extra_env_variables %>
|
|
extra_vars: <% $.extra_vars %>
|
|
publish:
|
|
output: <% task().result %>
|