Add onap instance configuration role

This change adds a role that configures
deployed onap infrastructure instances. This role is generic
and not openstack dependent.
This role configures instances to reach each other by name, to mutually
authenticate with the given ssh keys, etc. This
mainly makes it easier for developers to do troubleshooting, and
allows offline installer to work smoothly.

Change-Id: I26750b0a8a69f56297f0a5f7ff491463ed2e9e32
Issue-ID: OOM-2042
Signed-off-by: Michal Zegan <m.zegan@samsung.com>

diff --git a/tools/cicdansible/roles/configure_instances/tasks/cicd_registry.yml b/tools/cicdansible/roles/configure_instances/tasks/cicd_registry.yml
new file mode 100644 (file)
index 0000000..f3c54ca
--- /dev/null
+++ b/tools/cicdansible/roles/configure_instances/tasks/cicd_registry.yml
@@ -0,0 +1,10 @@
+#Configure access to cicd docker registry.
+- name: "Ensure that docker config directory exists"
+  file:
+    path: /etc/docker
+    mode: 0700
+    state: directory
+- name: "Allow insecure access to cicd docker registry"
+  template:
+    src: daemon.json.j2
+    dest: /etc/docker/daemon.json

diff --git a/tools/cicdansible/roles/configure_instances/tasks/general.yml b/tools/cicdansible/roles/configure_instances/tasks/general.yml
new file mode 100644 (file)
index 0000000..6ed9982
--- /dev/null
+++ b/tools/cicdansible/roles/configure_instances/tasks/general.yml
@@ -0,0 +1,26 @@
+#General instance configuration.
+#Modify /etc/hosts on every instance to add every instance there including itself.
+- name: "Add hosts to /etc/hosts"
+  lineinfile:
+    path: /etc/hosts
+    insertafter: EOF
+    regexp: "^[^ ]+ {{ item }}$"
+    state: present
+    line: "{{ hostvars[item].ansible_default_ipv4.address }} {{ item }}"
+  loop: "{{ groups['instances'] }}"
+#Copy private ssh key to instances for easy connecting between them.
+- name: "Ensure ssh directory exists"
+  file:
+    path: /root/.ssh
+    owner: root
+    group: root
+    mode: 0700
+    state: directory
+- name: "Install ssh private key"
+  copy:
+    src: "{{ ansible_private_key_file }}"
+    dest: /root/.ssh/id_rsa
+    mode: 0400
+#Add public ssh host keys of all instances to trust them.
+- name: "Add host keys of instances to known_hosts"
+  shell: "ssh-keyscan {{ groups['instances'] | join(' ') }} > /root/.ssh/known_hosts"

diff --git a/tools/cicdansible/roles/configure_instances/tasks/main.yml b/tools/cicdansible/roles/configure_instances/tasks/main.yml
new file mode 100644 (file)
index 0000000..fe5b4b7
--- /dev/null
+++ b/tools/cicdansible/roles/configure_instances/tasks/main.yml
@@ -0,0 +1,5 @@
+#Initial instance configuration.
+- include_tasks: general.yml
+#Configure cicd registry access, but skip installer.
+- include_tasks: cicd_registry.yml
+  when: "inventory_hostname != 'installer'"

diff --git a/tools/cicdansible/roles/configure_instances/templates/daemon.json.j2 b/tools/cicdansible/roles/configure_instances/templates/daemon.json.j2
new file mode 100644 (file)
index 0000000..1c3ca9b
--- /dev/null
+++ b/tools/cicdansible/roles/configure_instances/templates/daemon.json.j2
@@ -0,0 +1,3 @@
+{
+"insecure-registries": ["{{ cicd_docker_registry }}"]
+}