StarlingX Ansible Playbooks
5bd1246be7
The scenario where a new subcloud is added to a DC after the execution of "manage_local_ldap_account.yml" playbook is not being supported in the current implementation, because the openrc file of the new Keystone user is created in each cloud by the playbook and the new subcloud will not have this file. The solution for this is the openrc file to be created by the subcloud itself and not by the playbook. Besides the problem of openrc file creation, the current implementation of "manage_local_ldap_account.yml" playbook has other problems, like trying to add the new LDAP user to linux groups locally in each cloud (this is unnecessary and wrong). To deal with these issues, all non-essentials actions of "manage_local_ldap_account.yml" playbook were removed. The "manage_local_ldap_account.yml" playbook, before this commit, did the following actions: it created a LDAP user, created a Keystone user, created an openrc file in every cloud's active controller (in central cloud and subclouds for DC environments, in the standalone cloud for standalone environments) and verified that the created Keystone user is propagated to every subcloud (in DC environments). After this commit, the "manage_local_ldap_account.yml" playbook will do fewer actions: it will just create a LDAP user and a Keystone user. The openrc file will be created by the user (see https://review.opendev.org/c/starlingx/utilities/+/887117). In DC environments, the "manage_local_ldap_account.yml" playbook will no longer check if the created Keystone user propagated to managed subclouds, as it is handled by DC orchestration. It will be added in the documentation that, for already managed and synced subclouds, it may take up to two minutes to get the Keystone user propagated to all subclouds. Test Plan: PASS: Successfully create 2 environments: a DC with 1 AIO-SX subcloud and a standalone AIO-DX, both using an image containing this change. PASS: In the DC central cloud and in the AIO-DX, successfully create a user using the command "ansible-playbook --inventory inventory.txt --extra-vars='user_id=user5 mode=create' /usr/share/ansible/stx-ansible/playbooks/manage_local_ldap_account.yml". Targeting each cloud (central cloud, subcloud and AIO-DX), execute a SSH using the new user, execute 'source local_starlingxrc', provide Keystone password and execute 'system host-list' with no errors. PASS: In the DC central cloud and in the AIO-DX, successfully delete "user5" (created in the previous test) using "manage_local_ldap_account.yml" playbook with 'mode=delete'. Targeting each cloud (central cloud, subcloud and AIO-DX), try to SSH using the deleted user and verify that it fails. Check that the Keystone user was removed from each cloud using the command "openstack user list". PASS: In the DC subcloud, try to create a new user with "manage_local_ldap_account.yml" playbook and check that it fails with a message saying the playbook should not run on subclouds. PASS: In the DC central cloud, create a LDAP user called "user10" using command "ldapusersetup", then try to create the same user using "manage_local_ldap_account.yml" playbook and check that it fails with a message saying the LDAP user already exists. PASS: In the DC central cloud, successfully delete the LDAP user "user10" (created in previous test) using "manage_local_ldap_account.yml" playbook with 'mode=delete'. PASS: In the DC central cloud, create a Keystone user called "user15" using command "openstack user create", then try to create the same user using "manage_local_ldap_account.yml" playbook and check that it fails with a message saying the Keystone user already exists. PASS: In the DC central cloud, successfully delete the Keystone user "user15" (created in previous test) using "manage_local_ldap_account.yml" playbook with 'mode=delete'. Partial-Bug: 2024627 Depends-On: https://review.opendev.org/c/starlingx/utilities/+/887117 Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com> Change-Id: I7ebd570ca7fc7a6d53d3b2ab42d3e5083e83949c |
||
|---|---|---|
| examples | ||
| playbookconfig | ||
| .ansible-lint | ||
| .gitignore | ||
| .gitreview | ||
| .yamllint | ||
| .zuul.yaml | ||
| centos_build_layer.cfg | ||
| centos_iso_image.inc | ||
| centos_pkg_dirs | ||
| CONTRIBUTORS.wrs | ||
| debian_build_layer.cfg | ||
| debian_iso_image.inc | ||
| debian_pkg_dirs | ||
| LICENSE | ||
| README.rst | ||
| requirements.txt | ||
| test-requirements.txt | ||
| tox.ini | ||
stx-ansible-playbooks
StarlingX Bootstrap and Deployment Playbooks
Execution environment
- Unix like OS (recent Linux based distributions, MacOS, Cygwin)
- Python 2.7
Additional Required Packages
The playbooks in this repo have been verified with the following versions of Ansible and StarlingX playbooks dependencies:
- sshpass 1.06
- python2-ptyprocess 0.5
- python2-pexpect 4.6
- python2-netaddr 0.7
ansible2.7.5
Supported StarlingX Releases
The playbooks in this repo are compatible with the following StarlingX releases:
- 20.01
Executing StarlingX Playbooks
Executing Bootstrap Playbook
Please refer to StarlingX Deployment Guides, section
Configuration controller-0 of the respective system
configuration for instructions on how to set up and execute the
bootstrap playbook from another host.