summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichal Zegan <m.zegan@samsung.com>2019-08-22 14:50:22 +0200
committerMichal Zegan <m.zegan@samsung.com>2019-09-04 11:24:52 +0200
commit8944150190575aaa2925b68fad0678719d2baffe (patch)
tree957386659b7f57a7cd82098e954ba3abde4bfb77
parent02105a9808c5443542150df8e2b561ec98ebaa9e (diff)
Add onap instance configuration role
This change adds a role that configures deployed onap infrastructure instances. This role is generic and not openstack dependent. This role configures instances to reach each other by name, to mutually authenticate with the given ssh keys, etc. This mainly makes it easier for developers to do troubleshooting, and allows offline installer to work smoothly. Change-Id: I26750b0a8a69f56297f0a5f7ff491463ed2e9e32 Issue-ID: OOM-2042 Signed-off-by: Michal Zegan <m.zegan@samsung.com>
-rw-r--r--tools/cicdansible/roles/configure_instances/tasks/cicd_registry.yml10
-rw-r--r--tools/cicdansible/roles/configure_instances/tasks/general.yml26
-rw-r--r--tools/cicdansible/roles/configure_instances/tasks/main.yml5
-rw-r--r--tools/cicdansible/roles/configure_instances/templates/daemon.json.j23
4 files changed, 44 insertions, 0 deletions
diff --git a/tools/cicdansible/roles/configure_instances/tasks/cicd_registry.yml b/tools/cicdansible/roles/configure_instances/tasks/cicd_registry.yml
new file mode 100644
index 00000000..f3c54ca3
--- /dev/null
+++ b/tools/cicdansible/roles/configure_instances/tasks/cicd_registry.yml
@@ -0,0 +1,10 @@
+#Configure access to cicd docker registry.
+- name: "Ensure that docker config directory exists"
+ file:
+ path: /etc/docker
+ mode: 0700
+ state: directory
+- name: "Allow insecure access to cicd docker registry"
+ template:
+ src: daemon.json.j2
+ dest: /etc/docker/daemon.json
diff --git a/tools/cicdansible/roles/configure_instances/tasks/general.yml b/tools/cicdansible/roles/configure_instances/tasks/general.yml
new file mode 100644
index 00000000..6ed9982e
--- /dev/null
+++ b/tools/cicdansible/roles/configure_instances/tasks/general.yml
@@ -0,0 +1,26 @@
+#General instance configuration.
+#Modify /etc/hosts on every instance to add every instance there including itself.
+- name: "Add hosts to /etc/hosts"
+ lineinfile:
+ path: /etc/hosts
+ insertafter: EOF
+ regexp: "^[^ ]+ {{ item }}$"
+ state: present
+ line: "{{ hostvars[item].ansible_default_ipv4.address }} {{ item }}"
+ loop: "{{ groups['instances'] }}"
+#Copy private ssh key to instances for easy connecting between them.
+- name: "Ensure ssh directory exists"
+ file:
+ path: /root/.ssh
+ owner: root
+ group: root
+ mode: 0700
+ state: directory
+- name: "Install ssh private key"
+ copy:
+ src: "{{ ansible_private_key_file }}"
+ dest: /root/.ssh/id_rsa
+ mode: 0400
+#Add public ssh host keys of all instances to trust them.
+- name: "Add host keys of instances to known_hosts"
+ shell: "ssh-keyscan {{ groups['instances'] | join(' ') }} > /root/.ssh/known_hosts"
diff --git a/tools/cicdansible/roles/configure_instances/tasks/main.yml b/tools/cicdansible/roles/configure_instances/tasks/main.yml
new file mode 100644
index 00000000..fe5b4b7d
--- /dev/null
+++ b/tools/cicdansible/roles/configure_instances/tasks/main.yml
@@ -0,0 +1,5 @@
+#Initial instance configuration.
+- include_tasks: general.yml
+#Configure cicd registry access, but skip installer.
+- include_tasks: cicd_registry.yml
+ when: "inventory_hostname != 'installer'"
diff --git a/tools/cicdansible/roles/configure_instances/templates/daemon.json.j2 b/tools/cicdansible/roles/configure_instances/templates/daemon.json.j2
new file mode 100644
index 00000000..1c3ca9bb
--- /dev/null
+++ b/tools/cicdansible/roles/configure_instances/templates/daemon.json.j2
@@ -0,0 +1,3 @@
+{
+"insecure-registries": ["{{ cicd_docker_registry }}"]
+}