Add DIB element for ansible-deploy driver ramdisk
Based on: - `ironic-agent` element and uses IPA for lookup/heartbeats - `devuser` element to set user name, permissions and SSH keys. Additionally: - ensures OpenSSH is installed and configured properly - correctly sets hostname to avoid some Ansible problems with elevation - overrides DIB_DEV_USER_PWDLESS_SUDO to always be "yes" Ironic callback functionality requires Ironic API >= 1.22. Change-Id: I3f6c3baf0197d27f2d423f52611666ca186cd0a4 Related-Bug: #1526308
This commit is contained in:
parent
a634d43e8c
commit
6aae875ed4
|
@ -0,0 +1,22 @@
|
||||||
|
==============
|
||||||
|
ironic-ansible
|
||||||
|
==============
|
||||||
|
|
||||||
|
Builds a ramdisk for Ironic Ansible deploy driver.
|
||||||
|
|
||||||
|
This element is based on the following elements:
|
||||||
|
|
||||||
|
- ``devuser`` to create and configure a user for Ansible to access the node
|
||||||
|
- ``ironic-agent`` to provide Ironic API lookup and heartbeats via IPA
|
||||||
|
|
||||||
|
Consult docs for those elements for available options.
|
||||||
|
|
||||||
|
Additionally this element:
|
||||||
|
|
||||||
|
- ensures OpenSSH is installed and configured properly
|
||||||
|
- correctly sets hostname to avoid some Ansible problems with elevation
|
||||||
|
|
||||||
|
Note: compared to ``devuser`` element, this element **always** gives
|
||||||
|
the configured user password-less sudo permissions (*unconfigurable*).
|
||||||
|
|
||||||
|
Requires Ironic API >= 1.22.
|
|
@ -0,0 +1,2 @@
|
||||||
|
ironic-agent
|
||||||
|
devuser
|
|
@ -0,0 +1 @@
|
||||||
|
ironic-ansible-deploy
|
|
@ -0,0 +1 @@
|
||||||
|
export DIB_DEV_USER_PWDLESS_SUDO="yes"
|
|
@ -0,0 +1 @@
|
||||||
|
openssh-server:
|
|
@ -0,0 +1,29 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
|
||||||
|
set -x
|
||||||
|
fi
|
||||||
|
set -eu
|
||||||
|
set -o pipefail
|
||||||
|
|
||||||
|
ANSIBLE_DEPLOY_HOSTAME="ironic-ansible-deploy"
|
||||||
|
|
||||||
|
echo $ANSIBLE_DEPLOY_HOSTAME > /etc/hostname
|
||||||
|
|
||||||
|
# not having a hostname in hosts produces an extra output
|
||||||
|
# on every "sudo" command like the following:
|
||||||
|
#
|
||||||
|
# sudo: unable to resolve host <HOSTNAME>\r\n
|
||||||
|
#
|
||||||
|
# which as of Ansible 2.0.1.0 fails JSON parsing
|
||||||
|
# in case of tasks using become+async.
|
||||||
|
# Ansible issues #13965 (fixed in 2.0.1.0), #14568, #14714
|
||||||
|
|
||||||
|
# ensure /etc/hosts has hostname in it
|
||||||
|
sed -i "s/127.0.0.1\s*localhost/127.0.0.1 localhost $ANSIBLE_DEPLOY_HOSTAME/g" /etc/hosts
|
||||||
|
|
||||||
|
# ensure SSH host keys exist
|
||||||
|
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
|
||||||
|
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
|
||||||
|
ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa
|
||||||
|
ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
|
|
@ -0,0 +1 @@
|
||||||
|
fedora
|
|
@ -0,0 +1 @@
|
||||||
|
ramdisk
|
|
@ -0,0 +1,2 @@
|
||||||
|
# Pin to this mirror because the roundrobin is fairly unreliable
|
||||||
|
export DIB_DISTRIBUTION_MIRROR=http://dl.fedoraproject.org/pub/fedora/linux
|
Loading…
Reference in New Issue