diff --git a/imagebuild/ironic-ansible/README.rst b/imagebuild/ironic-ansible/README.rst new file mode 100644 index 0000000..5ecffc8 --- /dev/null +++ b/imagebuild/ironic-ansible/README.rst @@ -0,0 +1,22 @@ +============== +ironic-ansible +============== + +Builds a ramdisk for Ironic Ansible deploy driver. + +This element is based on the following elements: + +- ``devuser`` to create and configure a user for Ansible to access the node +- ``ironic-agent`` to provide Ironic API lookup and heartbeats via IPA + +Consult docs for those elements for available options. + +Additionally this element: + +- ensures OpenSSH is installed and configured properly +- correctly sets hostname to avoid some Ansible problems with elevation + +Note: compared to ``devuser`` element, this element **always** gives +the configured user password-less sudo permissions (*unconfigurable*). + +Requires Ironic API >= 1.22. diff --git a/imagebuild/ironic-ansible/element-deps b/imagebuild/ironic-ansible/element-deps new file mode 100644 index 0000000..a3ed5fd --- /dev/null +++ b/imagebuild/ironic-ansible/element-deps @@ -0,0 +1,2 @@ +ironic-agent +devuser diff --git a/imagebuild/ironic-ansible/element-provides b/imagebuild/ironic-ansible/element-provides new file mode 100644 index 0000000..9ec79a8 --- /dev/null +++ b/imagebuild/ironic-ansible/element-provides @@ -0,0 +1 @@ +ironic-ansible-deploy diff --git a/imagebuild/ironic-ansible/environment.d/95-ironic-ansible b/imagebuild/ironic-ansible/environment.d/95-ironic-ansible new file mode 100755 index 0000000..f5982e3 --- /dev/null +++ b/imagebuild/ironic-ansible/environment.d/95-ironic-ansible @@ -0,0 +1 @@ +export DIB_DEV_USER_PWDLESS_SUDO="yes" diff --git a/imagebuild/ironic-ansible/package-installs.yaml b/imagebuild/ironic-ansible/package-installs.yaml new file mode 100644 index 0000000..c342a0b --- /dev/null +++ b/imagebuild/ironic-ansible/package-installs.yaml @@ -0,0 +1 @@ +openssh-server: diff --git a/imagebuild/ironic-ansible/post-install.d/81-ansible-ssh b/imagebuild/ironic-ansible/post-install.d/81-ansible-ssh new file mode 100755 index 0000000..0889480 --- /dev/null +++ b/imagebuild/ironic-ansible/post-install.d/81-ansible-ssh @@ -0,0 +1,29 @@ +#!/bin/bash + +if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +ANSIBLE_DEPLOY_HOSTAME="ironic-ansible-deploy" + +echo $ANSIBLE_DEPLOY_HOSTAME > /etc/hostname + +# not having a hostname in hosts produces an extra output +# on every "sudo" command like the following: +# +# sudo: unable to resolve host \r\n +# +# which as of Ansible 2.0.1.0 fails JSON parsing +# in case of tasks using become+async. +# Ansible issues #13965 (fixed in 2.0.1.0), #14568, #14714 + +# ensure /etc/hosts has hostname in it +sed -i "s/127.0.0.1\s*localhost/127.0.0.1 localhost $ANSIBLE_DEPLOY_HOSTAME/g" /etc/hosts + +# ensure SSH host keys exist +ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa +ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa +ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa +ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519 diff --git a/imagebuild/ironic-ansible/test-elements/README.rst b/imagebuild/ironic-ansible/test-elements/README.rst new file mode 100644 index 0000000..e69de29 diff --git a/imagebuild/ironic-ansible/test-elements/build-succeeds-fedora/element-deps b/imagebuild/ironic-ansible/test-elements/build-succeeds-fedora/element-deps new file mode 100644 index 0000000..35a143b --- /dev/null +++ b/imagebuild/ironic-ansible/test-elements/build-succeeds-fedora/element-deps @@ -0,0 +1 @@ +fedora diff --git a/imagebuild/ironic-ansible/test-elements/build-succeeds-fedora/element-type b/imagebuild/ironic-ansible/test-elements/build-succeeds-fedora/element-type new file mode 100644 index 0000000..fb12a1f --- /dev/null +++ b/imagebuild/ironic-ansible/test-elements/build-succeeds-fedora/element-type @@ -0,0 +1 @@ +ramdisk diff --git a/imagebuild/ironic-ansible/test-elements/build-succeeds-fedora/environment.d/10-fedora-pin-mirror.bash b/imagebuild/ironic-ansible/test-elements/build-succeeds-fedora/environment.d/10-fedora-pin-mirror.bash new file mode 100644 index 0000000..13224cf --- /dev/null +++ b/imagebuild/ironic-ansible/test-elements/build-succeeds-fedora/environment.d/10-fedora-pin-mirror.bash @@ -0,0 +1,2 @@ +# Pin to this mirror because the roundrobin is fairly unreliable +export DIB_DISTRIBUTION_MIRROR=http://dl.fedoraproject.org/pub/fedora/linux