Allow operator access to the cluster

This patch creates operator keypair and deploys its public key to all
machines in the cluster. Previously cluster could be accessed from
OpenStack admin machine only.

Additional information added to the "all.yml*" group variables allowed
keeping current roles generic and flexible.

Issue-ID: INT-1601
Change-Id: I6b289ff9a8c9ebe04562671b8f4b4468b543723f
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>

diff --git a/deployment/noheat/infra-openstack/ansible/create.yml b/deployment/noheat/infra-openstack/ansible/create.yml
index 38f2f9d..3885f0e 100644 (file)
--- a/deployment/noheat/infra-openstack/ansible/create.yml
+++ b/deployment/noheat/infra-openstack/ansible/create.yml
@@ -8,3 +8,24 @@
     - openstack/create_devstack_securitygroup
     - openstack/create_devstack_keypair
     - openstack/create_devstack_hosts
+- name: Create cluster operator access keypair
+  hosts: "operator0"
+  gather_facts: False
+  tasks:
+    - name: Wait for system to become reachable
+      wait_for_connection:
+    - name: Generate an OpenSSH keypair with the default values (4096 bits, rsa)
+      community.crypto.openssh_keypair:
+        path: "~/.ssh/{{ keypair.name }}"
+      register: key
+- name: Deploy cluster operator public key
+  hosts: "cluster0"
+  gather_facts: False
+  tasks:
+    - name: Wait for system to become reachable
+      wait_for_connection:
+    - name: Add authorized key
+      ansible.posix.authorized_key:
+        user: "{{ image.user }}"
+        state: present
+        key: "{{ hostvars['operator0']['key']['public_key'] }}"

diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
index 5a7defe..c2d551d 100644 (file)
--- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
+++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
@@ -10,11 +10,24 @@ securitygroup:
   name: &securitygroup_name "onap_ci_lab"
   remote_ip_prefix: "172.24.4.0/24"
 
-hosts:
-  - name: "operator0"
-    image: "Ubuntu_18.04"
-    flavor: "m1.tiny"
-    keypair: *keypair_name
-    network: *network_name
-    securitygroup: *securitygroup_name
-    volume_size: 5
+image:
+  name: &image_name "Ubuntu_18.04"
+  user: "ubuntu"
+
+cluster:
+  name: "cluster0"
+  hosts:
+    - name: "operator0"
+      image: *image_name
+      flavor: "m1.tiny"
+      keypair: *keypair_name
+      network: *network_name
+      securitygroup: *securitygroup_name
+      volume_size: 5
+    - name: "worker0"
+      image: *image_name
+      flavor: "m1.tiny"
+      keypair: *keypair_name
+      network: *network_name
+      securitygroup: *securitygroup_name
+      volume_size: 5

diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
index fac94c5..c6ded56 100644 (file)
--- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
+++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
@@ -10,50 +10,56 @@ securitygroup:
   name: &securitygroup_name "onap_ci_lab"
   remote_ip_prefix: "0.0.0.0/0"
 
-hosts:
-  - name: "operator0"
-    image: "Ubuntu_18.04"
-    flavor: "m1.xlarge"
-    keypair: *keypair_name
-    network: *network_name
-    securitygroup: *securitygroup_name
-    volume_size: 20
-  - name: "control0"
-    image: "Ubuntu_18.04"
-    flavor: "m1.xlarge"
-    keypair: *keypair_name
-    network: *network_name
-    securitygroup: *securitygroup_name
-    volume_size: 50
-  - name: "worker0a"
-    image: "Ubuntu_18.04"
-    flavor: "m1.2xlarge"
-    keypair: *keypair_name
-    network: *network_name
-    auto_ip: false
-    securitygroup: *securitygroup_name
-    volume_size: 80
-  - name: "worker0b"
-    image: "Ubuntu_18.04"
-    flavor: "m1.2xlarge"
-    keypair: *keypair_name
-    network: *network_name
-    auto_ip: false
-    securitygroup: *securitygroup_name
-    volume_size: 80
-  - name: "worker0c"
-    image: "Ubuntu_18.04"
-    flavor: "m1.2xlarge"
-    keypair: *keypair_name
-    network: *network_name
-    auto_ip: false
-    securitygroup: *securitygroup_name
-    volume_size: 80
-  - name: "nfs0"
-    image: "Ubuntu_18.04"
-    flavor: "m1.large"
-    keypair: *keypair_name
-    network: *network_name
-    auto_ip: false
-    securitygroup: *securitygroup_name
-    volume_size: 150
+image:
+  name: &image_name "Ubuntu_18.04"
+  user: "ubuntu"
+
+cluster:
+  name: "cluster0"
+  hosts:
+    - name: "operator0"
+      image: *image_name
+      flavor: "m1.xlarge"
+      keypair: *keypair_name
+      network: *network_name
+      securitygroup: *securitygroup_name
+      volume_size: 20
+    - name: "control0"
+      image: *image_name
+      flavor: "m1.xlarge"
+      keypair: *keypair_name
+      network: *network_name
+      securitygroup: *securitygroup_name
+      volume_size: 50
+    - name: "worker0a"
+      image: *image_name
+      flavor: "m1.2xlarge"
+      keypair: *keypair_name
+      network: *network_name
+      auto_ip: false
+      securitygroup: *securitygroup_name
+      volume_size: 80
+    - name: "worker0b"
+      image: *image_name
+      flavor: "m1.2xlarge"
+      keypair: *keypair_name
+      network: *network_name
+      auto_ip: false
+      securitygroup: *securitygroup_name
+      volume_size: 80
+    - name: "worker0c"
+      image: *image_name
+      flavor: "m1.2xlarge"
+      keypair: *keypair_name
+      network: *network_name
+      auto_ip: false
+      securitygroup: *securitygroup_name
+      volume_size: 80
+    - name: "nfs0"
+      image: *image_name
+      flavor: "m1.large"
+      keypair: *keypair_name
+      network: *network_name
+      auto_ip: false
+      securitygroup: *securitygroup_name
+      volume_size: 150

diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_hosts/tasks/create_host.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_hosts/tasks/create_host.yml
index 2a78e82..7fed578 100644 (file)
--- a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_hosts/tasks/create_host.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_hosts/tasks/create_host.yml
@@ -13,3 +13,13 @@
     boot_from_volume: true
     terminate_volume: true
     volume_size: "{{ host.volume_size | default(10) }}"
+  register: new_host
+
+- name: Add host to inventory
+  add_host:
+    hostname: "{{ new_host.server.name }}"
+    groups: "{{ cluster.name }}"
+    ansible_ssh_host: "{{ new_host.server.public_v4 }}"
+    ansible_ssh_user: "{{ image.user }}"
+    ansible_ssh_extra_args: "-o StrictHostKeyChecking=no"
+    ansible_ssh_private_key_file: "~/.ssh/{{ keypair.key.name }}"

diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_hosts/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_hosts/tasks/main.yml
index 731bca0..f8a64cb 100644 (file)
--- a/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_hosts/tasks/main.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/create_devstack_hosts/tasks/main.yml
@@ -1,3 +1,3 @@
 ---
 - include: create_host.yml host={{ item }}
-  loop: "{{ hosts }}"
+  loop: "{{ cluster.hosts }}"

diff --git a/deployment/noheat/infra-openstack/ansible/roles/openstack/destroy_devstack_hosts/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/openstack/destroy_devstack_hosts/tasks/main.yml
index 5ce130d..a27e6a2 100644 (file)
--- a/deployment/noheat/infra-openstack/ansible/roles/openstack/destroy_devstack_hosts/tasks/main.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/openstack/destroy_devstack_hosts/tasks/main.yml
@@ -1,3 +1,3 @@
 ---
 - include: destroy_host.yml host={{ item }}
-  loop: "{{ hosts }}"
+  loop: "{{ cluster.hosts }}"