Merge "TripleO inventory add the ability to provide password instead …

…of manually copy it" into devel
MaxBab · Feb 21, 2017 · a5ce495 · a5ce495
2 parents 580ae1c + 0bea836
commit a5ce495
Show file tree

Hide file tree

Showing 12 changed files with 261 additions and 109 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,6 @@
+environments/*_env
 inventory
-ansible.ssh.config
-id_rsa*
+ansible.ssh.config*
+ssh/ansible.ssh.config*
+ssh/id_rsa*
 *.retry
diff --git a/README.md b/README.md
@@ -6,6 +6,8 @@ For the repository documentation, refer to the **docs** directory, which provide
 In order to start working with TripleO environment, refer to the following doc - **docs/tripleo/post_install/tripleo_inventory.md**.  
 The playbook will generate an inventory file for the tripleo environment.
 
+**The minimum required version of Ansible for the playbooks - 2.1.3**
+
 ## Playbooks
 * TripleO
     * NFV

diff --git a/docs/tripleo/post_install/tripleo_inventory.md b/docs/tripleo/post_install/tripleo_inventory.md
@@ -1,21 +1,44 @@
 # TripleO Inventory
 
 ## Description
-TripleO Inventory play generates new inventory file from the provided Openstack TripleO environment.  
-The play will generate two files:
+From time to time, we may get a new Openstack environment for work/testing/etc.
+In order to be able to run an Ansible playbooks or different ad-hoc commands against the overcloud nodes,
+inventory file required.
+
+TripleO Inventory play will generate new inventory file from the provided Undercloud host.  
+The play could be run in two available scenarios:
+1. The public key of your ssh key already located on the Undercloud host.  
+   The play will generate three files:
   * inventory
   * ansible.ssh.config
+  * id_rsa_overcloud
+
+2. You have only the password of the Undercloud host.  
+   The play will generate five files:
+  * inventory
+  * ansible.ssh.config
+  * id_rsa_overcloud
+  * id_rsa_undercloud
+  * id_rsa_undercloud.pub
+
 
-Inventory - will hold the Undercloud node and all Overcloud nodes existing within the environment.  
+Inventory - Will hold the Undercloud node and all Overcloud nodes located within the environment.  
 Ansible.ssh.config - SSH config file. Allow to connect to the overcloud nodes from the localhost.
 ```
+For example:
 ssh -F ansible.ssh.config controller-0
 ```
+Id_rsa_overcloud - The ssh key for the connection to overcloud nodes. Used by the above files.  
+Id_rsa_undercloud - In case, password provided to Undercloud host, play will generate new ssh key  
+                    and will use it for the connection to Undercloud host.  
+Id_rsa_undercloud.pub - Public key of the id_rsa_undercloud.
 
-**Requirement** - Before running the playbook, make sure to pass your public key to the undercloud.
-```
-ssh-copy-id -i /path/to/the/public/key stack@undercloud_server
-```
+Each environment files will be generated under the following path:  
+**{{ ansible_repo_dir }}/inventories/undercloud_name_env/**  
+This provide the ability to have multiple environment inventories, and to choose the environment I want to work with.  
+Each run, the latest generated environment will be symlinked to the **inventory** and **ansible.ssh.config** at the root of the ansible repo directory.
+
+***
 
 ## Play variables
 Provide the undercloud host.  
@@ -31,11 +54,18 @@ Not mandatory variable.
 user: stack
 ```
 
-Specify the undercloud ssh private key file.  
+Specify the Undercloud ssh private key file.  
 The public key should already be copied to the undercloud host.  
-Mandatory variable.
+One of two parameters should be provided: ssh_key or ssh_pass.
 ```
-ssh_file
+ssh_key
+```
+
+Specify the password for the Undercloud host.
+Use this variable in case there is no your public key on the Undercloud host.
+One of two parameters should be provided: ssh_key or ssh_pass.
+```
+ssh_pass
 ```
 
 Overcloud user. The user which has an access to the overcloud nodes.  
@@ -44,8 +74,20 @@ Default: 'heat-admin'.
 overcloud_user: heat-admin
 ```
 
+RC file path.
+Default: '/home/stack/stackrc'.
+```
+rc_file_path
+```
+
 ***
-The example of running the TripleO Inventory playbook.
+The example of running the TripleO Inventory playbook.  
+With SSH key file:
+```
+ansible-playbook playbooks/tripleo/post_install/tripleo_inventory.yml -e undercloud_host=undercloud-host-fqdn/ip -e ssh_key=/path/to/ssh/private/file
+```
+
+With password:
 ```
-ansible-playbook playbooks/tripleo/post_install/tripleo_inventory.yml -e undercloud_host=undercloud-host-fqdn/ip -e ssh_file=/path/to/ssh/private/file
+ansible-playbook playbooks/tripleo/post_install/tripleo_inventory.yml -e undercloud_host=undercloud-host-fqdn/ip -e ssh_pass=undercloud_password
 ```
diff --git a/environments/README.md b/environments/README.md
@@ -0,0 +1,9 @@
+## Inventory files, SSH config and SSH key files
+
+This directory will hold the following types of files.
+For each environment, a dedicated folder will be created.
+
+- Inventory files generated by the TripleO Inventory play.
+- Ansible.ssh.config file that allow to establish direct connection from the locahost to the overcloud node (controller/compute/etc).
+- Overcloud SSH public key.
+- In case 'ssh_pass' parameter is used, a new ssh key will be generated for the Undercloud host.
diff --git a/inventory.sample → environments/sample.inventory b/inventory.sample → environments/sample.inventory
diff --git a/playbooks/tripleo/post_install/tripleo_inventory.yml b/playbooks/tripleo/post_install/tripleo_inventory.yml
@@ -1,47 +1,7 @@
 ---
 
-- name: Set an Undercloud host
+- name: TripleO inventory creation
   hosts: localhost
   gather_facts: no
-  vars:
-    undercloud_host: "{{ host }}"
-    undercloud_user: "{{ user | default('stack') }}"
-    undercloud_private_key_file: "{{ ssh_file | default(omit) }}"
-  tasks:
-      # Flash in-memory inventory in order to recreate
-      # the inventory file with the new parameters
-    - meta: refresh_inventory
-
-    - name: Add undercloud to host list
-      add_host:
-        name: "{{ undercloud_host }}"
-        groups: "undercloud,tester"
-        ansible_ssh_host: "{{ undercloud_host }}"
-        ansible_ssh_user: "{{ undercloud_user }}"
-        ansible_ssh_private_key_file: "{{ undercloud_private_key_file | default(omit) }}"
-
-    - name: Generate Inventory file
-      template:
-        src: '../../../roles/post_install/tripleo_inventory/templates/inventory.j2'
-        dest: "{{ lookup('env', 'PWD') }}/inventory"
-
-- name: Create TripleO inventory
-  hosts: undercloud
   roles:
     - post_install/tripleo_inventory
-  vars:
-    overcloud_private_key: "{{ inventory_dir }}/id_rsa_overcloud"
-    overcloud_user: heat-admin
-
-- name: Update inventory and ansible.ssh.config files
-  hosts: localhost
-  tasks:
-    - name: Update ansible.ssh.config for SSH tunneling
-      template:
-        src: '../../../roles/post_install/tripleo_inventory/templates/ansible.ssh.config.j2'
-        dest: "{{ inventory_dir }}/ansible.ssh.config"
-
-    - name: Generate Inventory file
-      template:
-        src: '../../../roles/post_install/tripleo_inventory/templates/inventory.j2'
-        dest: "{{ inventory_dir }}/inventory"
diff --git a/roles/post_install/tripleo_inventory/defaults/main.yml b/roles/post_install/tripleo_inventory/defaults/main.yml
@@ -0,0 +1,14 @@
+---
+
+# Undercloud host name/ip
+# host:
+
+# Undercloud user. Default - stack
+# user:
+
+# Define one of the following.
+# In case ssh_pass is used, dynamic ssh key will be generated ans used.
+# ssh_key:
+# ssh_pass:
+
+overcloud_user: heat-admin
diff --git a/roles/post_install/tripleo_inventory/tasks/main.yml b/roles/post_install/tripleo_inventory/tasks/main.yml
@@ -1,65 +1,55 @@
 ---
 
-- name: Install python-virtualenv, gcc, python-devel for the pip tasks
-  yum:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - 'python-virtualenv'
-    - 'python-devel'
-    - 'git'
-    - 'wget'
-    - 'gcc'
-    - 'libffi-devel'
-    - 'libxml2-devel'
-    - 'libxslt-devel'
-    - 'openssl-devel'
-  become: true
+- name: Set environment variable
+  set_fact:
+    environment_dir: "{{ lookup('env', 'PWD') }}/environments/{{ host }}_env"
+
+- name: Set SSH key variables
+  set_fact:
+    tripleo_undercloud_key: "{{ environment_dir }}/id_rsa_{{ host }}"
+    overcloud_private_key: "{{ environment_dir }}/id_rsa_overcloud_{{ host }}"
 
-- name: Install required pip packages
-  pip:
-    name: "{{ item }}"
-    virtualenv: "/tmp/ansible_venv"
-    extra_args: '--upgrade'
+- name: Unlink old inventory file
+  file:
+    path: "{{ item }}"
+    state: absent
   with_items:
-    - 'pip'
-    - 'setuptools'
-    - 'pytz'
-    - 'shade'
-    - 'requests'
+    - "{{ lookup('env', 'PWD') }}/inventory"
+    - "{{ lookup('env', 'PWD') }}/ansible.ssh.config"
 
-- name: Fetch private key from the undercloud host
-  fetch:
-    src: "/home/stack/.ssh/id_rsa"
-    dest: "{{ overcloud_private_key }}"
-    flat: yes
+  # Flash in-memory inventory in order to recreate
+  # the inventory file with the new parameters
+- meta: refresh_inventory
 
-- name: Set SSH key permissions
+- name: Create environment directory
   file:
-    path: "{{ overcloud_private_key }}"
-    mode: 0600
-  delegate_to: localhost
+    path: "{{ environment_dir }}"
+    recurse: yes
+    state: directory
 
-- name: Grab auth data from stackrc file and publish it as YAML
-  ### ToDo(MaximB): Convert the task to more generic execution.
-  ###               Implement reuse.
-  shell: |
-      source "{{ rc_file_path | default('/home/stack/stackrc') }}"
-      echo "
-      auth_url: $OS_AUTH_URL
-      username: $OS_USERNAME
-      password: $OS_PASSWORD
-      project_name: $OS_TENANT_NAME
-      "
-  register: creds
+- name: Add undercloud to host list
+  add_host:
+    name: "{{ host }}"
+    groups: "undercloud,tester"
+    ansible_ssh_host: "{{ host }}"
+    ansible_ssh_user: "{{ user | default('stack') }}"
+    ansible_ssh_private_key_file: "{{ ssh_key | default(omit) }}"
+    ansible_ssh_pass: "{{ ssh_pass | default(omit) }}"
 
-- name: Gather Overcloud nodes data
+- name: Generate Inventory file
   vars:
-    ansible_python_interpreter: "/tmp/ansible_venv/bin/python"
-  os_server_facts:
-    auth: "{{ creds.stdout | from_yaml }}"
-    # Required for SSL
-    validate_certs: no
+    ansible_python_interpreter: /usr/bin/python
+  template:
+    src: 'inventory.j2'
+    dest: "{{ environment_dir }}/inventory_{{ host }}"
+
+- name: Generate and set an SSH key if password is used
+  include: undercloud_pass.yml
+  when: ssh_pass is defined
+
+- name: Create TripleO inventory
+  include: overcloud_nodes.yml
+  delegate_to: "{{ host }}"
 
 - name: Add hosts to host list
   add_host:
@@ -82,3 +72,29 @@
                               -W %h:%p -i {{ hostvars[groups['undercloud'][0]].ansible_ssh_private_key_file }} \
                               {{ hostvars[groups['undercloud'][0]].ansible_ssh_user }}@{{ hostvars[groups['undercloud'][0]].ansible_ssh_host }}\""
   with_items: "{{ openstack_servers }}"
+
+- name: Update ansible.ssh.config for SSH tunneling
+  vars:
+    ansible_python_interpreter: /usr/bin/python
+  template:
+    src: 'ansible.ssh.config.j2'
+    dest: "{{ environment_dir }}/ansible.ssh.config.{{ host }}"
+
+- name: Link the current environment SSH file
+  file:
+    src: "{{ environment_dir }}/ansible.ssh.config.{{ host }}"
+    dest: "{{ lookup('env', 'PWD') }}/ansible.ssh.config"
+    state: link
+
+- name: Generate Inventory file
+  vars:
+    ansible_python_interpreter: /usr/bin/python
+  template:
+    src: 'inventory.j2'
+    dest: "{{ environment_dir }}/inventory_{{ host }}"
+
+- name: Link the current environment inventory file
+  file:
+    src: "{{ environment_dir }}/inventory_{{ host }}"
+    dest: "{{ lookup('env', 'PWD') }}/inventory"
+    state: link
diff --git a/roles/post_install/tripleo_inventory/tasks/overcloud_nodes.yml b/roles/post_install/tripleo_inventory/tasks/overcloud_nodes.yml
@@ -0,0 +1,67 @@
+---
+
+- name: Gather Undercloud facts
+  setup:
+  delegate_to: "{{ groups['undercloud'][0] }}"
+  delegate_facts: True
+
+- name: Install python-virtualenv, gcc, python-devel for the pip tasks
+  yum:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - 'python-virtualenv'
+    - 'python-devel'
+    - 'git'
+    - 'wget'
+    - 'gcc'
+    - 'libffi-devel'
+    - 'libxml2-devel'
+    - 'libxslt-devel'
+    - 'openssl-devel'
+  become: true
+
+- name: Install required pip packages
+  pip:
+    name: "{{ item }}"
+    virtualenv: "/tmp/ansible_venv"
+    extra_args: '--upgrade'
+  with_items:
+    - 'pip'
+    - 'setuptools'
+    - 'pytz'
+    - 'shade'
+    - 'requests'
+
+- name: Fetch private key from the undercloud host
+  fetch:
+    src: "/home/stack/.ssh/id_rsa"
+    dest: "{{ overcloud_private_key }}"
+    flat: yes
+
+- name: Set SSH key permissions
+  file:
+    path: "{{ overcloud_private_key }}"
+    mode: 0600
+  delegate_to: localhost
+
+- name: Grab auth data from stackrc file and publish it as YAML
+  ### ToDo(MaximB): Convert the task to more generic execution.
+  ###               Implement reuse.
+  shell: |
+      source "{{ rc_file_path | default('/home/stack/stackrc') }}"
+      echo "
+      auth_url: $OS_AUTH_URL
+      username: $OS_USERNAME
+      password: $OS_PASSWORD
+      project_name: $OS_TENANT_NAME
+      "
+  register: creds
+
+- name: Gather Overcloud nodes data
+  vars:
+    ansible_python_interpreter: "/tmp/ansible_venv/bin/python"
+  os_server_facts:
+    auth: "{{ creds.stdout | from_yaml }}"
+    # Required for SSL
+    validate_certs: no