openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Host access fixes for Kubespray playbook run 

We don't do host key checking for any of our current Ansible
executions (validations, ceph-ansible, ...) so let's not do it for
Kubespray either. Having it enabled caused Kubespray to stop and ask
for confirmation, and given that the outer Ansible action wasn't
interactive, it failed.

Also we are now setting the become flag only for overcloud machines,
rather than globally on the whole ansible-playbook run. Kubespray also
accesses localhost for some task, and we won't always run it as a user
who is allowed passwordless privilege escalation (e.g. mistral user
isn't).

Change-Id: Id49b97c2b5d37f6d215132a987a53aa742b4a60f
This commit is contained in:
Jiri Stransky 2017-11-20 16:59:03 +01:00
parent 301e8d84e9
commit 03e8766905
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
extraconfig/services/kubernetes-master.yaml
View File

@ -104,6 +104,7 @@ outputs:
{{ hostvars.raw_get(host)['ansible_hostname'] }}:
ansible_user: {{ hostvars.raw_get(host)['ansible_user'] | default(hostvars.raw_get(host)['ansible_ssh_user']) | default('root') }}
ansible_host: {{ hostvars.raw_get(host)['ansible_host'] | default(host) }}
ansible_become: true
{% endfor %}
kube-node:
@ -113,6 +114,7 @@ outputs:
{{ hostvars.raw_get(host)['ansible_hostname'] }}:
ansible_user: {{ hostvars.raw_get(host)['ansible_user'] | default(hostvars.raw_get(host)['ansible_ssh_user']) | default('root') }}
ansible_host: {{ hostvars.raw_get(host)['ansible_host'] | default(host) }}
ansible_become: true
{% endfor %}
etcd:
@ -145,8 +147,8 @@ outputs:
{%- if kubespray_command is defined -%}
{{kubespray_command}}
{%- else -%}
ANSIBLE_HOST_KEY_CHECKING=False
ansible-playbook
-b
-i '{{playbook_dir}}/kubespray/inventory.yml'
--skip-tags docker,bastion-ssh-config
--extra-vars '@{{playbook_dir}}/kubespray/global_vars.yml'