diff --git a/ansible/group_vars/all/controllers b/ansible/group_vars/all/controllers new file mode 100644 index 000000000..e93ed2533 --- /dev/null +++ b/ansible/group_vars/all/controllers @@ -0,0 +1,7 @@ +--- +############################################################################### +# Controller node configuration. + +# User with which to access the controllers via SSH during bootstrap, in order +# to setup the Kayobe user account. +controller_bootstrap_user: "{{ lookup('env', 'USER') }}" diff --git a/ansible/group_vars/all/globals b/ansible/group_vars/all/globals index 3e02c501b..3f318cbb0 100644 --- a/ansible/group_vars/all/globals +++ b/ansible/group_vars/all/globals @@ -12,3 +12,7 @@ image_cache_path: "{{ ansible_user_dir ~ '/kayobe-image-cache' }}" # Path on which to checkout source code repositories. source_checkout_path: "{{ ansible_user_dir ~ '/kayobe-source' }}" + +# User with which to access seed and controller nodes. This user will be +# created if it does not exist. +kayobe_ansible_user: "stack" diff --git a/ansible/group_vars/all/seed-vm b/ansible/group_vars/all/seed-vm index c3098816a..bd593aa36 100644 --- a/ansible/group_vars/all/seed-vm +++ b/ansible/group_vars/all/seed-vm @@ -52,3 +52,7 @@ seed_vm_data_capacity: 100G # Format of the seed VM data volume. seed_vm_data_format: qcow2 + +# User with which to access the seed VM via SSH during bootstrap, in order to +# setup the Kayobe user account. +seed_vm_bootstrap_user: "{{ lookup('env', 'USER') }}" diff --git a/ansible/group_vars/controllers/ansible-user b/ansible/group_vars/controllers/ansible-user new file mode 100644 index 000000000..b411db836 --- /dev/null +++ b/ansible/group_vars/controllers/ansible-user @@ -0,0 +1,3 @@ +--- +# User with which to access the controllers via SSH. +ansible_user: "{{ kayobe_ansible_user }}" diff --git a/ansible/group_vars/seed/ansible-user b/ansible/group_vars/seed/ansible-user new file mode 100644 index 000000000..2d577280f --- /dev/null +++ b/ansible/group_vars/seed/ansible-user @@ -0,0 +1,3 @@ +--- +# User with which to access the seed VM via SSH. +ansible_user: "{{ kayobe_ansible_user }}" diff --git a/ansible/kayobe-ansible-user.yml b/ansible/kayobe-ansible-user.yml new file mode 100644 index 000000000..a6019e783 --- /dev/null +++ b/ansible/kayobe-ansible-user.yml @@ -0,0 +1,32 @@ +--- +- name: Ensure the Kayobe Ansible user account exists + hosts: seed:controllers + vars: + ansible_user: "{{ seed_vm_bootstrap_user if inventory_hostname in groups['seed'] else controller_bootstrap_user }}" + tasks: + - name: Ensure the Kayobe Ansible group exists + group: + name: "{{ kayobe_ansible_user }}" + state: present + become: True + + - name: Ensure the Kayobe Ansible user account exists + user: + name: "{{ kayobe_ansible_user }}" + group: "{{ kayobe_ansible_user }}" + comment: "Kayobe Ansible SSH access" + state: present + become: True + + - name: Ensure the Kayobe Ansible user has passwordless sudo + copy: + content: "{{ kayobe_ansible_user }} ALL=(ALL) NOPASSWD: ALL" + dest: "/etc/sudoers.d/kayobe-ansible-user" + mode: 0440 + become: True + + - name: Ensure the Kayobe Ansible user has authorized our SSH key + authorized_key: + user: "{{ kayobe_ansible_user }}" + key: "{{ lookup('file', ssh_public_key_path) }}" + become: True diff --git a/deploy-overcloud.sh b/deploy-overcloud.sh index c2ab1c035..8ae8a9625 100755 --- a/deploy-overcloud.sh +++ b/deploy-overcloud.sh @@ -8,8 +8,9 @@ function run_playbook { test -e ${KAYOBE_CONFIG_PATH}/inventory ansible-playbook \ -i ${KAYOBE_CONFIG_PATH}/inventory \ - -e @${KAYOBE_CONFIG_PATH}/globals.yml \ + -e @${KAYOBE_CONFIG_PATH}/controllers.yml \ -e @${KAYOBE_CONFIG_PATH}/dns.yml \ + -e @${KAYOBE_CONFIG_PATH}/globals.yml \ -e @${KAYOBE_CONFIG_PATH}/kolla.yml \ -e @${KAYOBE_CONFIG_PATH}/networks.yml \ -e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \ @@ -34,12 +35,14 @@ function run_kolla_ansible { } function configure_os { + ansible_user=$(./kayobe-config-dump -e dump_hosts=controllers[0] -e dump_var_name=kayobe_ansible_user | head -n -1) run_playbook ansible/ip-allocation.yml -l controllers run_playbook ansible/ssh-known-host.yml -l controllers + run_playbook ansible/kayobe-ansible-user.yml -l controllers run_playbook ansible/disable-selinux.yml -l controllers run_playbook ansible/network.yml -l controllers run_playbook ansible/ntp.yml -l controllers - run_kolla_ansible bootstrap-servers -e ansible_user=${USER} + run_kolla_ansible bootstrap-servers -e ansible_user=${ansible_user} run_playbook ansible/kolla-host.yml -l controllers run_playbook ansible/docker.yml -l controllers } diff --git a/deploy-seed.sh b/deploy-seed.sh index 7869d2705..fb5faf558 100755 --- a/deploy-seed.sh +++ b/deploy-seed.sh @@ -36,12 +36,14 @@ function run_kolla_ansible { } function configure_os { + ansible_user=$(./kayobe-config-dump -e dump_hosts=seed -e dump_var_name=kayobe_ansible_user | head -n -1) run_playbook ansible/ip-allocation.yml -l seed run_playbook ansible/ssh-known-host.yml -l seed + run_playbook ansible/kayobe-ansible-user.yml -l seed run_playbook ansible/disable-selinux.yml -l seed run_playbook ansible/network.yml -l seed run_playbook ansible/ntp.yml -l seed - run_kolla_ansible bootstrap-servers -e ansible_user=${USER} + run_kolla_ansible bootstrap-servers -e ansible_user=${ansible_user} run_playbook ansible/kolla-host.yml -l seed run_playbook ansible/docker.yml -l seed } diff --git a/etc/kayobe/controllers.yml b/etc/kayobe/controllers.yml new file mode 100644 index 000000000..defcc1411 --- /dev/null +++ b/etc/kayobe/controllers.yml @@ -0,0 +1,11 @@ +--- +############################################################################### +# Controller node configuration. + +# User with which to access the controllers via SSH during bootstrap, in order +# to setup the Kayobe user account. +#controller_bootstrap_user: + +############################################################################### +# Dummy variable to allow Ansible to accept this file. +workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/globals.yml b/etc/kayobe/globals.yml index a78c725a8..57aea0052 100644 --- a/etc/kayobe/globals.yml +++ b/etc/kayobe/globals.yml @@ -13,6 +13,10 @@ # Path on which to checkout source code repositories. #source_checkout_path: +# User with which to access seed and controller nodes. This user will be +# created if it does not exist. +#kayobe_ansible_user: + ############################################################################### # Dummy variable to allow Ansible to accept this file. workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/seed-vm.yml b/etc/kayobe/seed-vm.yml index e9fe71773..e5e12ffea 100644 --- a/etc/kayobe/seed-vm.yml +++ b/etc/kayobe/seed-vm.yml @@ -29,6 +29,10 @@ # Base image for the seed VM root volume. #seed_vm_root_image: +# User with which to access the seed VM via SSH during bootstrap, in order to +# setup the Kayobe user account. +#seed_vm_bootstrap_user: + ############################################################################### # Dummy variable to allow Ansible to accept this file. workaround_ansible_issue_8743: yes diff --git a/kayobe-playbook b/kayobe-playbook index 63e28cdee..f1d289295 100755 --- a/kayobe-playbook +++ b/kayobe-playbook @@ -9,6 +9,7 @@ test -e ${KAYOBE_CONFIG_PATH}/inventory exec ansible-playbook \ -i ${KAYOBE_CONFIG_PATH}/inventory \ -e @${KAYOBE_CONFIG_PATH}/bifrost.yml \ + -e @${KAYOBE_CONFIG_PATH}/controllers.yml \ -e @${KAYOBE_CONFIG_PATH}/dns.yml \ -e @${KAYOBE_CONFIG_PATH}/globals.yml \ -e @${KAYOBE_CONFIG_PATH}/kolla.yml \