5:36 p.m.
Make lcitool useful outside of the libvirt CI context, even though
doing so openly contradicts its name. We're just savage like that.
Andrea Bolognani (6):
guests: Open vault on demand
guests: Move configuration handling to load_config()
guests: Implement flavors
guests: Implement developer flavor
guests: Hand root password location over to Ansible
guests: Update documentation
guests/README.markdown | 45 ++++++------
guests/group_vars/all/main.yml | 4 +-
guests/host_vars/libvirt-centos-6/main.yml | 2 -
guests/host_vars/libvirt-centos-6/vault.yml | 10 ---
guests/host_vars/libvirt-centos-7/main.yml | 2 -
guests/host_vars/libvirt-centos-7/vault.yml | 10 ---
guests/host_vars/libvirt-debian-8/main.yml | 2 -
guests/host_vars/libvirt-debian-8/vault.yml | 10 ---
guests/host_vars/libvirt-debian-9/main.yml | 2 -
guests/host_vars/libvirt-debian-9/vault.yml | 10 ---
guests/host_vars/libvirt-fedora-25/main.yml | 2 -
guests/host_vars/libvirt-fedora-25/vault.yml | 10 ---
guests/host_vars/libvirt-fedora-26/main.yml | 2 -
guests/host_vars/libvirt-fedora-26/vault.yml | 10 ---
guests/host_vars/libvirt-fedora-rawhide/main.yml | 2 -
guests/host_vars/libvirt-fedora-rawhide/vault.yml | 10 ---
guests/host_vars/libvirt-freebsd-10/main.yml | 3 +-
guests/host_vars/libvirt-freebsd-10/vault.yml | 10 ---
guests/host_vars/libvirt-freebsd-11/main.yml | 3 +-
guests/host_vars/libvirt-freebsd-11/vault.yml | 10 ---
guests/host_vars/libvirt-ubuntu-12/main.yml | 2 -
guests/host_vars/libvirt-ubuntu-12/vault.yml | 8 --
guests/host_vars/libvirt-ubuntu-14/main.yml | 2 -
guests/host_vars/libvirt-ubuntu-14/vault.yml | 8 --
guests/host_vars/libvirt-ubuntu-16/main.yml | 2 -
guests/host_vars/libvirt-ubuntu-16/vault.yml | 8 --
guests/lcitool | 90 +++++++++++++++++------
guests/site.yml | 6 ++
guests/tasks/base.yml | 2 +-
guests/tasks/developer.yml | 21 ++++++
guests/tasks/jenkins.yml | 8 ++
guests/vars/vault.yml | 54 ++++++++++++++
32 files changed, 186 insertions(+), 184 deletions(-)
delete mode 100644 guests/host_vars/libvirt-centos-6/vault.yml
delete mode 100644 guests/host_vars/libvirt-centos-7/vault.yml
delete mode 100644 guests/host_vars/libvirt-debian-8/vault.yml
delete mode 100644 guests/host_vars/libvirt-debian-9/vault.yml
delete mode 100644 guests/host_vars/libvirt-fedora-25/vault.yml
delete mode 100644 guests/host_vars/libvirt-fedora-26/vault.yml
delete mode 100644 guests/host_vars/libvirt-fedora-rawhide/vault.yml
delete mode 100644 guests/host_vars/libvirt-freebsd-10/vault.yml
delete mode 100644 guests/host_vars/libvirt-freebsd-11/vault.yml
delete mode 100644 guests/host_vars/libvirt-ubuntu-12/vault.yml
delete mode 100644 guests/host_vars/libvirt-ubuntu-14/vault.yml
delete mode 100644 guests/host_vars/libvirt-ubuntu-16/vault.yml
create mode 100644 guests/tasks/developer.yml
create mode 100644 guests/vars/vault.yml
--
2.13.6
5:36 p.m.
New subject: [libvirt] [libvirt-jenkins-ci PATCH 1/6] guests: Open vault on demand
By storing the vault out of the inventory, we can open it on
demand rather than automatically. This will eventually make it
possible to use the playbooks even without knowing the vault
password.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
guests/host_vars/libvirt-centos-6/main.yml | 2 -
guests/host_vars/libvirt-centos-6/vault.yml | 10 -----
guests/host_vars/libvirt-centos-7/main.yml | 2 -
guests/host_vars/libvirt-centos-7/vault.yml | 10 -----
guests/host_vars/libvirt-debian-8/main.yml | 2 -
guests/host_vars/libvirt-debian-8/vault.yml | 10 -----
guests/host_vars/libvirt-debian-9/main.yml | 2 -
guests/host_vars/libvirt-debian-9/vault.yml | 10 -----
guests/host_vars/libvirt-fedora-25/main.yml | 2 -
guests/host_vars/libvirt-fedora-25/vault.yml | 10 -----
guests/host_vars/libvirt-fedora-26/main.yml | 2 -
guests/host_vars/libvirt-fedora-26/vault.yml | 10 -----
guests/host_vars/libvirt-fedora-rawhide/main.yml | 2 -
guests/host_vars/libvirt-fedora-rawhide/vault.yml | 10 -----
guests/host_vars/libvirt-freebsd-10/main.yml | 2 -
guests/host_vars/libvirt-freebsd-10/vault.yml | 10 -----
guests/host_vars/libvirt-freebsd-11/main.yml | 2 -
guests/host_vars/libvirt-freebsd-11/vault.yml | 10 -----
guests/host_vars/libvirt-ubuntu-12/main.yml | 2 -
guests/host_vars/libvirt-ubuntu-12/vault.yml | 8 ----
guests/host_vars/libvirt-ubuntu-14/main.yml | 2 -
guests/host_vars/libvirt-ubuntu-14/vault.yml | 8 ----
guests/host_vars/libvirt-ubuntu-16/main.yml | 2 -
guests/host_vars/libvirt-ubuntu-16/vault.yml | 8 ----
guests/tasks/jenkins.yml | 8 ++++
guests/vars/vault.yml | 54 +++++++++++++++++++++++
26 files changed, 62 insertions(+), 138 deletions(-)
delete mode 100644 guests/host_vars/libvirt-centos-6/vault.yml
delete mode 100644 guests/host_vars/libvirt-centos-7/vault.yml
delete mode 100644 guests/host_vars/libvirt-debian-8/vault.yml
delete mode 100644 guests/host_vars/libvirt-debian-9/vault.yml
delete mode 100644 guests/host_vars/libvirt-fedora-25/vault.yml
delete mode 100644 guests/host_vars/libvirt-fedora-26/vault.yml
delete mode 100644 guests/host_vars/libvirt-fedora-rawhide/vault.yml
delete mode 100644 guests/host_vars/libvirt-freebsd-10/vault.yml
delete mode 100644 guests/host_vars/libvirt-freebsd-11/vault.yml
delete mode 100644 guests/host_vars/libvirt-ubuntu-12/vault.yml
delete mode 100644 guests/host_vars/libvirt-ubuntu-14/vault.yml
delete mode 100644 guests/host_vars/libvirt-ubuntu-16/vault.yml
create mode 100644 guests/vars/vault.yml
diff --git a/guests/host_vars/libvirt-centos-6/main.yml
b/guests/host_vars/libvirt-centos-6/main.yml
index 69ef616..d717ae7 100644
--- a/guests/host_vars/libvirt-centos-6/main.yml
+++ b/guests/host_vars/libvirt-centos-6/main.yml
@@ -6,5 +6,3 @@ projects:
- libvirt-cim
- libvirt-perl
- libvirt-python
-
-jenkins_secret: '{{ vault.jenkins_secret }}'
diff --git a/guests/host_vars/libvirt-centos-6/vault.yml
b/guests/host_vars/libvirt-centos-6/vault.yml
deleted file mode 100644
index e28b263..0000000
--- a/guests/host_vars/libvirt-centos-6/vault.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-36623466366139303234633662663431663135396238653132346239306336616463393733343064
-6131386366613438643532353536393435623464333863350a333334616430626361373536363638
-65333633306236343066303165326137626432656439663738383765323862373161363165353936
-3637356536616637390a313135306462353830626438653465343730616437633634363866313432
-62376634393738373834663939646463626232323235666364653462343435313564333132353864
-38643731383435393465393633356466303661323966306431303435366533623062303363653364
-31353833336137613832306535303634666138616438616430316434356233666364333864646265
-31313163613337613165303862313533303766666135363364653661616663346631613761373864
-3338
diff --git a/guests/host_vars/libvirt-centos-7/main.yml
b/guests/host_vars/libvirt-centos-7/main.yml
index 2e66a70..30c826a 100644
--- a/guests/host_vars/libvirt-centos-7/main.yml
+++ b/guests/host_vars/libvirt-centos-7/main.yml
@@ -15,5 +15,3 @@ projects:
- osinfo-db-tools
- virt-manager
- virt-viewer
-
-jenkins_secret: '{{ vault.jenkins_secret }}'
diff --git a/guests/host_vars/libvirt-centos-7/vault.yml
b/guests/host_vars/libvirt-centos-7/vault.yml
deleted file mode 100644
index 81b32c4..0000000
--- a/guests/host_vars/libvirt-centos-7/vault.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-35393538623463386331376531613663336438656535663037326364666434613463396233633638
-6365326431306637326366366533306630373039356664660a633430633463666462626662313330
-36653364343838333439633561353936646435373236343361623935333634653865333636666132
-3838643263643862370a393265633233633838383333646463353635366336383834633236386632
-65376231353031336463333533646364646162353837393765366462306562376530366161323430
-33353363366361333762653837653830343536643431623262643032653437643663643666616538
-64396639373162383836346563613366633532323363303866373461376239626562633165303239
-34623831396237636462613363626466346561613430643864363065383030616365656330376462
-3134
diff --git a/guests/host_vars/libvirt-debian-8/main.yml
b/guests/host_vars/libvirt-debian-8/main.yml
index a04e2a3..f097792 100644
--- a/guests/host_vars/libvirt-debian-8/main.yml
+++ b/guests/host_vars/libvirt-debian-8/main.yml
@@ -13,5 +13,3 @@ projects:
- osinfo-db-tools
- virt-manager
- virt-viewer
-
-jenkins_secret: '{{ vault.jenkins_secret }}'
diff --git a/guests/host_vars/libvirt-debian-8/vault.yml
b/guests/host_vars/libvirt-debian-8/vault.yml
deleted file mode 100644
index 2db2e2f..0000000
--- a/guests/host_vars/libvirt-debian-8/vault.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-35326166326565616237666638656562366535643534386135356166353330306464663238373037
-6438646238393762396461343836663530653662376632630a636633383264363835626436393264
-31393566356131303332646265393861363832363439336361346532363438383464383363343239
-6132396539643365660a353431316435636333376431386165333766393161636431383865623461
-33383432393866326463386361353865656664376337353734633332643036323666633732313263
-38346431663863623234636162343437613461343134343262643463653730666539633237326230
-63383132633737643865633139656637313666363362336563306335623337333331336633353339
-30323432316332363264623730303739316263356533616538323864356339336165663738663830
-3564
diff --git a/guests/host_vars/libvirt-debian-9/main.yml
b/guests/host_vars/libvirt-debian-9/main.yml
index 3654618..cc7cfa6 100644
--- a/guests/host_vars/libvirt-debian-9/main.yml
+++ b/guests/host_vars/libvirt-debian-9/main.yml
@@ -15,5 +15,3 @@ projects:
- osinfo-db-tools
- virt-manager
- virt-viewer
-
-jenkins_secret: '{{ vault.jenkins_secret }}'
diff --git a/guests/host_vars/libvirt-debian-9/vault.yml
b/guests/host_vars/libvirt-debian-9/vault.yml
deleted file mode 100644
index 70021e2..0000000
--- a/guests/host_vars/libvirt-debian-9/vault.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-34616266316365313033663833656439343165323932613862393336396563663764303134393837
-3430613930356132376233363361623231663430396466610a363930663838306636383664366362
-63306564633864346539373165313730333838393634316235383562393763356565633164353132
-3733633664343638370a656165663663643761313133633462363266623666643761363030386463
-64646233386665623866323538356338316362323935663563343865663930653432643530643630
-34653333643235613464313934623736636165633334303161386462623231356461343239666134
-61333138663830333930313632353735303134666637353834303739626463666332653065323562
-64656331343962633061653763343835623936383332363866616337373933623530666435386231
-6139
diff --git a/guests/host_vars/libvirt-fedora-25/main.yml
b/guests/host_vars/libvirt-fedora-25/main.yml
index 7d7308f..539c111 100644
--- a/guests/host_vars/libvirt-fedora-25/main.yml
+++ b/guests/host_vars/libvirt-fedora-25/main.yml
@@ -16,5 +16,3 @@ projects:
- osinfo-db-tools
- virt-manager
- virt-viewer
-
-jenkins_secret: '{{ vault.jenkins_secret }}'
diff --git a/guests/host_vars/libvirt-fedora-25/vault.yml
b/guests/host_vars/libvirt-fedora-25/vault.yml
deleted file mode 100644
index 9bfd421..0000000
--- a/guests/host_vars/libvirt-fedora-25/vault.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-65326565343861373061323836346135646463376363343162626561343434303966623064306163
-6335363137396236656336303264643964356462633736350a313364386137363566303831303731
-63343132393564303632323130613462353864393364346163613465333238653435376361396332
-3163626161303634370a626564643134316131333530373138616530366133663265626163653565
-32363035323030333236363534396139363233616263383630313431366431633366613339613332
-30643065333261633962626466323561626132643234663137353737646637316436346131656566
-32626433313235636338303162333236386537316663633434306236646332353439653134353933
-36363933663039323631303031653834393763643933623338316365613431636165626135316232
-3166
diff --git a/guests/host_vars/libvirt-fedora-26/main.yml
b/guests/host_vars/libvirt-fedora-26/main.yml
index 7d7308f..539c111 100644
--- a/guests/host_vars/libvirt-fedora-26/main.yml
+++ b/guests/host_vars/libvirt-fedora-26/main.yml
@@ -16,5 +16,3 @@ projects:
- osinfo-db-tools
- virt-manager
- virt-viewer
-
-jenkins_secret: '{{ vault.jenkins_secret }}'
diff --git a/guests/host_vars/libvirt-fedora-26/vault.yml
b/guests/host_vars/libvirt-fedora-26/vault.yml
deleted file mode 100644
index b9956c2..0000000
--- a/guests/host_vars/libvirt-fedora-26/vault.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-61326265373932326662666661393662333661363531366333666464373634383865623663366431
-6234626662323636356638323136353362333664353662330a386438333930366430333965303163
-33373763363439663166306137303238386164303235366363366465306530653861616566363930
-3737386566613034310a643935313539303033346663323433376432313730646665333939303831
-38343662626139623063353935366232306332303061623363313136353765323265396332333231
-37346266326130613864313031396232656361613163373163616331623365396366623333623436
-62653766626238636562656236316537316332383061363964656439656365363764663866613865
-30346363626338353762353763643035366536653664663630613237366164373436386433343236
-3066
diff --git a/guests/host_vars/libvirt-fedora-rawhide/main.yml
b/guests/host_vars/libvirt-fedora-rawhide/main.yml
index 7d7308f..539c111 100644
--- a/guests/host_vars/libvirt-fedora-rawhide/main.yml
+++ b/guests/host_vars/libvirt-fedora-rawhide/main.yml
@@ -16,5 +16,3 @@ projects:
- osinfo-db-tools
- virt-manager
- virt-viewer
-
-jenkins_secret: '{{ vault.jenkins_secret }}'
diff --git a/guests/host_vars/libvirt-fedora-rawhide/vault.yml
b/guests/host_vars/libvirt-fedora-rawhide/vault.yml
deleted file mode 100644
index 0a6315d..0000000
--- a/guests/host_vars/libvirt-fedora-rawhide/vault.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-30393466663562376638343863353566306365616134616434633665343036613862323833656666
-6365366638343031383765373937386163313130323466390a353730333832666138633731383931
-31333166346562343266323232663564656262373237303361396265623539646638326461376239
-6166366665663832640a353036383265356139623437363865663133656638333534363632366539
-62386337386364366664663062383938393233663733636361366133613735366633326637366634
-31643231303738373235303032343532373638386463306136313561656534316534643438656532
-32656661663337306364633637636130386234336662386437383764643137386361616131626161
-61653165383233376238666461373938653630383033303762663530633535643264656166333230
-6662
diff --git a/guests/host_vars/libvirt-freebsd-10/main.yml
b/guests/host_vars/libvirt-freebsd-10/main.yml
index 1547802..80d16d6 100644
--- a/guests/host_vars/libvirt-freebsd-10/main.yml
+++ b/guests/host_vars/libvirt-freebsd-10/main.yml
@@ -21,5 +21,3 @@ projects:
- osinfo-db-tools
- virt-manager
- virt-viewer
-
-jenkins_secret: '{{ vault.jenkins_secret }}'
diff --git a/guests/host_vars/libvirt-freebsd-10/vault.yml
b/guests/host_vars/libvirt-freebsd-10/vault.yml
deleted file mode 100644
index ac437ba..0000000
--- a/guests/host_vars/libvirt-freebsd-10/vault.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-62633664623566363031366662633336313239303035616162353739663063666663366536326162
-6466333764383932646530323730386561656530353430330a636433373638613064643165643536
-32376334653030336334643865396162363061383066326362633165346164303831616464636337
-3861613765393666340a313931663337633762313538316230613536303939343862306532666564
-61313939666564626632363835363238653830633666383337323263326363323766633933633862
-32363166643231613864626263303035303631616665336531633761656335646166656232303936
-66643261356665356363343931653436663666313533656239376535643264653932633335333135
-62323366363834636263386230356238333133623735373730356539323761306237623266363032
-3436
diff --git a/guests/host_vars/libvirt-freebsd-11/main.yml
b/guests/host_vars/libvirt-freebsd-11/main.yml
index 1547802..80d16d6 100644
--- a/guests/host_vars/libvirt-freebsd-11/main.yml
+++ b/guests/host_vars/libvirt-freebsd-11/main.yml
@@ -21,5 +21,3 @@ projects:
- osinfo-db-tools
- virt-manager
- virt-viewer
-
-jenkins_secret: '{{ vault.jenkins_secret }}'
diff --git a/guests/host_vars/libvirt-freebsd-11/vault.yml
b/guests/host_vars/libvirt-freebsd-11/vault.yml
deleted file mode 100644
index e5b9464..0000000
--- a/guests/host_vars/libvirt-freebsd-11/vault.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-35306632666132373834323664613866356638653266396439396465396265613433353032323362
-6333333439343437336634336534646332626165336436300a353266303437303131613536323664
-37343161633537323432303036613165346437643531366638386363346534303164326661643235
-6464356534643734370a633837313661633039666436303664386533363561396232326663366665
-63613334363733303534306564386534303864316364313561333334366365373131303463383962
-61623036656531653238316533653537646533363038636434356636316364316236623131616366
-31303233316563303233306435313665326164643639363735653837616531663139646634633830
-34653736653937323365626630313536363363643631326666613231393330666339356163646535
-3263
diff --git a/guests/host_vars/libvirt-ubuntu-12/main.yml
b/guests/host_vars/libvirt-ubuntu-12/main.yml
index 8ce497e..8873530 100644
--- a/guests/host_vars/libvirt-ubuntu-12/main.yml
+++ b/guests/host_vars/libvirt-ubuntu-12/main.yml
@@ -3,5 +3,3 @@ projects:
- base
- jenkins
- libvirt
-
-jenkins_secret: '{{ vault.jenkins_secret }}'
diff --git a/guests/host_vars/libvirt-ubuntu-12/vault.yml
b/guests/host_vars/libvirt-ubuntu-12/vault.yml
deleted file mode 100644
index 123adf3..0000000
--- a/guests/host_vars/libvirt-ubuntu-12/vault.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-65653737663762386236356537646331656132303761633939613638663463373030373965636361
-3633386437613330316162313531643835616164313430630a333433623432633035616434626564
-32633463366462643435373261373232353837633235626435653037306338356634383733643038
-6633313064326638640a343962343331356239656235366532643038386161613663636338346335
-31653530666566353735396339653837643032353534653238303336333166643264353834646239
-30353864393064663736333036616637396134353763623338396239613430393466616632613566
-336338366261663836373430346664396132
diff --git a/guests/host_vars/libvirt-ubuntu-14/main.yml
b/guests/host_vars/libvirt-ubuntu-14/main.yml
index 463f020..fd1d7ee 100644
--- a/guests/host_vars/libvirt-ubuntu-14/main.yml
+++ b/guests/host_vars/libvirt-ubuntu-14/main.yml
@@ -10,5 +10,3 @@ projects:
- osinfo-db-tools
- virt-manager
- virt-viewer
-
-jenkins_secret: '{{ vault.jenkins_secret }}'
diff --git a/guests/host_vars/libvirt-ubuntu-14/vault.yml
b/guests/host_vars/libvirt-ubuntu-14/vault.yml
deleted file mode 100644
index 05289b7..0000000
--- a/guests/host_vars/libvirt-ubuntu-14/vault.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-35663230626165363938333630343364353261393432623339353931353662363433373633333031
-6464343165626238613234633634303531346133383539370a373432313635626462393864623837
-37343133316366313530316235323261353661333662383234626530613037646235383131666135
-3432646234346634610a393632326132343834646537343332653961663130366537396432303662
-39393165633234386132323831346139396138363638313031346666626130616239396131363466
-32613561383763623735623865343434613236346135653732303561633733333461636366663739
-343531373333633332363037363537346636
diff --git a/guests/host_vars/libvirt-ubuntu-16/main.yml
b/guests/host_vars/libvirt-ubuntu-16/main.yml
index 460dca3..f00a9d5 100644
--- a/guests/host_vars/libvirt-ubuntu-16/main.yml
+++ b/guests/host_vars/libvirt-ubuntu-16/main.yml
@@ -14,5 +14,3 @@ projects:
- osinfo-db-tools
- virt-manager
- virt-viewer
-
-jenkins_secret: '{{ vault.jenkins_secret }}'
diff --git a/guests/host_vars/libvirt-ubuntu-16/vault.yml
b/guests/host_vars/libvirt-ubuntu-16/vault.yml
deleted file mode 100644
index 3a7e20f..0000000
--- a/guests/host_vars/libvirt-ubuntu-16/vault.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-64643937346239616133653565336161393362303266393030636239653636623037343833643762
-6565656331373339653233383465626635303136353634310a643830643737643164633737346166
-34643637333665666239346162613435633062616366313638643232336536356464343161303632
-3937386534306465370a326535306263343036646333396665363832373137326231393630366131
-64323636396331303730336631346565643235666163353132633833636637386136323736646665
-64626635313935333565336130366661393161366331346634636233363931373137306439343131
-393039363138386236316431393264343464
diff --git a/guests/tasks/jenkins.yml b/guests/tasks/jenkins.yml
index a1b8f46..d4adbb1 100644
--- a/guests/tasks/jenkins.yml
+++ b/guests/tasks/jenkins.yml
@@ -1,4 +1,12 @@
---
+- name: Open vault
+ include_vars:
+ file: vars/vault.yml
+
+- name: Look up Jenkins secret
+ set_fact:
+ jenkins_secret: '{{ vault.jenkins_secrets[inventory_hostname] }}'
+
- name: Create Jenkins user account
user:
name: jenkins
diff --git a/guests/vars/vault.yml b/guests/vars/vault.yml
new file mode 100644
index 0000000..d085d8b
--- /dev/null
+++ b/guests/vars/vault.yml
@@ -0,0 +1,54 @@
+$ANSIBLE_VAULT;1.1;AES256
+38366334396263313937363332633936616365643464396133623830616239663536643662353630
+3565336236323934613932376331613766656136376436360a386664373035306232323761363665
+39336365333833373661653932323566306564666635656631616638303734616561643630633034
+3765353961313134320a613931646361643835636365343965366564333765353839356566656465
+35336236346133656237363235376433313665643039613036666637643332316634623235316136
+63646566393366656138393033313731323362306166643538666331656663646332373339623535
+33396630333838376232633038346366653830396331353230633164376130333431306631323034
+31396466303539343037336164626230633964313064383561323961613161363333656366653764
+65363263316135663137363632616532626535346565633064653030333165326131656463353065
+66636631326566366266316137626661313366363333363333343563363332613564313361316439
+64316262646138346364646437343531343635393764633937346239663732353063666333653434
+61653734343737376338363336326637303237393565303165633839356562393230386535336163
+63643565336432663039626363353266653837343230343663333735356665663537646365633865
+66383330333336336664376365633633653730353032366264343237366231386436343863663663
+63643831326262333066663166303661343033656234306137636135343433656163316266326361
+63663834343332396633386636373766396566313630656130666339306634363064363739383936
+64393533363063366530333164623235326263386266613534393436333933663338653636626131
+31323764386538653530626134623239316634663965326262653661343231616332303461376632
+33326636373831343137653030313939623964353937636337383963643064313833646334326637
+32393332323262633737626265363065626531313233306237303033343561623935356133363137
+66343963303232303562373936356230326433353765326265316334383436383462613265613534
+62316162656161353262633563323364343835633562613863303830306137656336393535353136
+39626662663063333331646535363332666662363662373634656662623965383035336435356462
+39316465316166366363396336333134616636363937613836636365306237306464653339643664
+35653238336530303965633630616139376230336533306364626266323165653036346139656239
+30323665316136613239663863636630353230396366333063353663373865376239616261333137
+35636364383639316436333634343534386530656430323031303761353531663832383865363939
+66613034653737366134326462306233316535666439386366356163383430346263343131616133
+33343162666539366364356235613939303537666561363839343164313162333335623932326432
+30396263333965613261653736366463656662303762313736316666386662613233333333353666
+32373761653566383735646261366630346436643531626338333333613465613364636331313564
+64393366373166353666323034343030323062353366633265393062653061663866643134623034
+62373939336363333664373939323139323964383832323564666561393031323964333064643630
+37613132393366663337363461653231303161626263333362616332633461316465343663666565
+39633931313931303337363333616533303263616233616365336631653637353862633632643631
+36346336373735303166333063326537623532396464386232623765326136626639393331343436
+35616332323264316266303531643162373061313437623133656332343964383063623638636434
+66656138656666343936346139633535306339616463386437313063336436613364306536393633
+39303134313766306231663030666238373530373563643434643833666132343662306136366361
+34343835623830333961616463373464313538373365346438393138636432386233663136303033
+30363362333265666662333736353330376430633838306662373136616566643037373730316238
+32303763386233653464643039616234653562623431303863306135396466396461633263666239
+38626665653463356631396266356135376635353035343931626566323661346464613763306162
+38623065633966656332343137303330613861376163623036343833623132343461646338343338
+65666336316431646531626563666134386633336562383635656661656662326535366538646133
+66353938386161626433336331623532336466613663663033356138663039633865363566626662
+64376264343130636134613835306365313164373333333866613439326164653965616534323763
+65656538643865656331346438303233393536663465353936306132386363636265623833303234
+65633434336262363664373064376463616232646465346163396431333430643535613436666133
+30343636306535613364303630666234396662323665306631383964636433343637633939666233
+33616662653866656666356439373837633030656565373031333561326131373030653363393932
+32303039373266613561353336386531343938376162323234363130353934336635313439633338
+3633
--
2.13.6
9:13 a.m.
New subject: [libvirt] [libvirt-jenkins-ci PATCH 1/6] guests: Open vault on demand
On Thu, Oct 19, 2017 at 05:36:27PM +0200, Andrea Bolognani wrote:
By storing the vault out of the inventory, we can open it on
demand rather than automatically. This will eventually make it
possible to use the playbooks even without knowing the vault
password.
You will need to update the libvirt-freebsd-10 secret in the
guests/vars/vault.yml
Pavel
9:26 a.m.
New subject: [libvirt] [libvirt-jenkins-ci PATCH 1/6] guests: Open vault on demand
On Mon, 2017-10-23 at 09:13 +0200, Pavel Hrdina wrote:
On Thu, Oct 19, 2017 at 05:36:27PM +0200, Andrea Bolognani wrote:
> By storing the vault out of the inventory, we can open it on
> demand rather than automatically. This will eventually make it
> possible to use the playbooks even without knowing the vault
> password.
You will need to update the libvirt-freebsd-10 secret in the
guests/vars/vault.yml
It's already done in my local branch :)
--
Andrea Bolognani / Red Hat / Virtualization
5:36 p.m.
New subject: [libvirt] [libvirt-jenkins-ci PATCH 2/6] guests: Move configuration handling to load_config()
Just a code move. We'll be adding more logic soon, and it'll
be nice not to pollute the do_prepare() function too much
because of it. Rename the existing load_config() function to
load_install_config() accordingly.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
guests/lcitool | 54 +++++++++++++++++++++++++++++++-----------------------
1 file changed, 31 insertions(+), 23 deletions(-)
diff --git a/guests/lcitool b/guests/lcitool
index 4578327..883e0eb 100755
--- a/guests/lcitool
+++ b/guests/lcitool
@@ -34,12 +34,12 @@ yaml_var() {
grep "^$2:\\s*" "$1" 2>/dev/null | tail -1 | sed
"s/$2:\\s*//g"
}
-# load_config FILE
+# load_install_config FILE
#
# Read all known configuration variables from $FILE and set them in the
# environment. Configuration variables that have already been set in
# the environment will not be updated.
-load_config() {
+load_install_config() {
INSTALL_URL=${INSTALL_URL:-$(yaml_var "$1" install_url)}
INSTALL_CONFIG=${INSTALL_CONFIG:-$(yaml_var "$1" install_config)}
INSTALL_VIRT_TYPE=${INSTALL_VIRT_TYPE:-$(yaml_var "$1" install_virt_type)}
@@ -53,6 +53,32 @@ load_config() {
INSTALL_NETWORK=${INSTALL_NETWORK:-$(yaml_var "$1" install_network)}
}
+# load_config
+#
+# Read tool configuration and perform the necessary validation.
+load_config() {
+ CONFIG_DIR="$HOME/.config/$PROGRAM_NAME"
+
+ VAULT_PASS_FILE="$CONFIG_DIR/vault-password"
+ ROOT_PASS_FILE="$CONFIG_DIR/root-password"
+
+ # Make sure required passwords exist and are not invalid (empty)
+ test -f "$VAULT_PASS_FILE" && test "$(cat
"$VAULT_PASS_FILE")" || {
+ die "$PROGRAM_NAME: $VAULT_PASS_FILE: Missing or invalid password"
+ }
+ test -f "$ROOT_PASS_FILE" && test "$(cat
"$ROOT_PASS_FILE")" || {
+ die "$PROGRAM_NAME: $ROOT_PASS_FILE: Missing or invalid password"
+ }
+
+ ROOT_HASH_FILE="$CONFIG_DIR/.root-password.hash"
+
+ # Regenerate root password hash. Ansible expects passwords as hashes but
+ # doesn't provide a built-in facility to generate one from plain text
+ hash_file "$ROOT_PASS_FILE" >"$ROOT_HASH_FILE" || {
+ die "$PROGRAM_NAME: Failure while hashing root password"
+ }
+}
+
# ----------------------
# User-visible actions
# ----------------------
@@ -92,8 +118,8 @@ do_install()
# Load configuration files. Values don't get overwritten after being
# set the first time, so loading the host-specific configuration before
# the group configuration ensures overrides work as expected
- load_config "host_vars/$GUEST/install.yml"
- load_config "group_vars/all/install.yml"
+ load_install_config "host_vars/$GUEST/install.yml"
+ load_install_config "group_vars/all/install.yml"
# Both memory size and disk size use GiB as unit, but virt-install wants
# disk size in GiB and memory size in *MiB*, so perform conversion here
@@ -136,24 +162,7 @@ do_prepare() {
die "$PROGRAM_NAME: $GUEST: Unknown guest"
}
- VAULT_PASS_FILE="$CONFIG_DIR/vault-password"
- ROOT_PASS_FILE="$CONFIG_DIR/root-password"
-
- # Make sure required passwords exist and are not invalid (empty)
- test -f "$VAULT_PASS_FILE" && test "$(cat
"$VAULT_PASS_FILE")" || {
- die "$PROGRAM_NAME: $VAULT_PASS_FILE: Missing or invalid password"
- }
- test -f "$ROOT_PASS_FILE" && test "$(cat
"$ROOT_PASS_FILE")" || {
- die "$PROGRAM_NAME: $ROOT_PASS_FILE: Missing or invalid password"
- }
-
- ROOT_HASH_FILE="$CONFIG_DIR/.root-password.hash"
-
- # Regenerate root password hash. Ansible expects passwords as hashes but
- # doesn't provide a built-in facility to generate one from plain text
- hash_file "$ROOT_PASS_FILE" >"$ROOT_HASH_FILE" || {
- die "$PROGRAM_NAME: Failure while hashing root password"
- }
+ load_config
ansible-playbook \
--vault-password-file "$VAULT_PASS_FILE" \
@@ -167,7 +176,6 @@ do_prepare() {
CALL_NAME="$0"
PROGRAM_NAME="${0##*/}"
-CONFIG_DIR="$HOME/.config/$PROGRAM_NAME"
test -f "$PROGRAM_NAME" || {
die "$PROGRAM_NAME: Must be run from the source directory"
--
2.13.6
5:36 p.m.
New subject: [libvirt] [libvirt-jenkins-ci PATCH 3/6] guests: Implement flavors
Our CI infrastructure and developers have different requirements,
but really the overlap is almost complete and it's a shame that
we require developers to perform manual steps before we can use
our tools.
Flavors are a very simple and effective way to deal with the
issue: we'll be able to configure guests differently based on
whether they will be used for CI or development.
The default flavor is developer, which doesn't require the vault
password and as such can be used by anyone out of the box: the
Jenkins setup is skipped in this case.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
guests/lcitool | 35 ++++++++++++++++++++++++++++++++---
guests/site.yml | 1 +
2 files changed, 33 insertions(+), 3 deletions(-)
diff --git a/guests/lcitool b/guests/lcitool
index 883e0eb..bf270f1 100755
--- a/guests/lcitool
+++ b/guests/lcitool
@@ -59,13 +59,39 @@ load_install_config() {
load_config() {
CONFIG_DIR="$HOME/.config/$PROGRAM_NAME"
+ mkdir -p "$CONFIG_DIR" >/dev/null 2>&1 || {
+ die "$PROGRAM_NAME: $CONFIG_DIR: Unable to create config directory"
+ }
+
+ FLAVOR_FILE="$CONFIG_DIR/flavor"
VAULT_PASS_FILE="$CONFIG_DIR/vault-password"
ROOT_PASS_FILE="$CONFIG_DIR/root-password"
- # Make sure required passwords exist and are not invalid (empty)
- test -f "$VAULT_PASS_FILE" && test "$(cat
"$VAULT_PASS_FILE")" || {
- die "$PROGRAM_NAME: $VAULT_PASS_FILE: Missing or invalid password"
+ # Two flavors are supported: developer (default) and ci. Read the
+ # flavor from configuration, validate it and write it back in case
+ # it was not present
+ FLAVOR="$(cat "$FLAVOR_FILE" 2>/dev/null)"
+ FLAVOR=${FLAVOR:-developer}
+ test "$FLAVOR" = developer || test "$FLAVOR" = ci || {
+ die "$PROGRAM_NAME: Invalid flavor '$FLAVOR'"
}
+ echo "$FLAVOR" >"$FLAVOR_FILE" || {
+ die "$PROGRAM_NAME: $FLAVOR_FILE: Unable to save flavor"
+ }
+
+ test "$FLAVOR" = ci && {
+ # The vault password is only needed for the ci flavor, so only
+ # validate it in that case
+ test -f "$VAULT_PASS_FILE" && test "$(cat
"$VAULT_PASS_FILE")" || {
+ die "$PROGRAM_NAME: $VAULT_PASS_FILE: Missing or invalid password"
+ }
+ } || {
+ # For other flavors, undefine the variable so that Ansible
+ # will not try to read the file at all
+ VAULT_PASS_FILE=
+ }
+
+ # Make sure the root password has been configured properly
test -f "$ROOT_PASS_FILE" && test "$(cat
"$ROOT_PASS_FILE")" || {
die "$PROGRAM_NAME: $ROOT_PASS_FILE: Missing or invalid password"
}
@@ -164,8 +190,11 @@ do_prepare() {
load_config
+ EXTRA_VARS="flavor=$FLAVOR"
+
ansible-playbook \
--vault-password-file "$VAULT_PASS_FILE" \
+ --extra-vars "$EXTRA_VARS" \
-l "$GUEST" \
site.yml
}
diff --git a/guests/site.yml b/guests/site.yml
index 9c75dcb..35e3220 100644
--- a/guests/site.yml
+++ b/guests/site.yml
@@ -30,6 +30,7 @@
# Configure the Jenkins agent
- include: tasks/jenkins.yml
when:
+ - flavor == 'ci'
- projects is defined
# jenkins is a pseudo-project
- ( 'jenkins' in projects )
--
2.13.6
5:36 p.m.
New subject: [libvirt] [libvirt-jenkins-ci PATCH 4/6] guests: Implement developer flavor
The developer is given key-based SSH access to the guest and
granted passwordless sudo privilege for maximum convenience.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
guests/group_vars/all/main.yml | 4 +++-
guests/host_vars/libvirt-freebsd-10/main.yml | 1 +
guests/host_vars/libvirt-freebsd-11/main.yml | 1 +
guests/lcitool | 9 ++++++++-
guests/site.yml | 5 +++++
guests/tasks/developer.yml | 21 +++++++++++++++++++++
6 files changed, 39 insertions(+), 2 deletions(-)
create mode 100644 guests/tasks/developer.yml
diff --git a/guests/group_vars/all/main.yml b/guests/group_vars/all/main.yml
index d24af59..410077f 100644
--- a/guests/group_vars/all/main.yml
+++ b/guests/group_vars/all/main.yml
@@ -8,8 +8,10 @@ ansible_ssh_pass: root
jenkins_url: https://ci.centos.org/computer/{{ inventory_hostname }}/slave-agent.jnlp
-# Paths to various command. Can be overridden on a per-host basis
+# Paths to various commands and files that might be OS-dependent. Can
+# be overridden on a per-host basis
bash: /bin/bash
java: /usr/bin/java
make: /usr/bin/make
sudo: /usr/bin/sudo
+sudoers: /etc/sudoers
diff --git a/guests/host_vars/libvirt-freebsd-10/main.yml
b/guests/host_vars/libvirt-freebsd-10/main.yml
index 80d16d6..4f33c53 100644
--- a/guests/host_vars/libvirt-freebsd-10/main.yml
+++ b/guests/host_vars/libvirt-freebsd-10/main.yml
@@ -5,6 +5,7 @@ bash: /usr/local/bin/bash
java: /usr/local/bin/java
make: /usr/local/bin/gmake
sudo: /usr/local/bin/sudo
+sudoers: /usr/local/etc/sudoers
projects:
- base
diff --git a/guests/host_vars/libvirt-freebsd-11/main.yml
b/guests/host_vars/libvirt-freebsd-11/main.yml
index 80d16d6..4f33c53 100644
--- a/guests/host_vars/libvirt-freebsd-11/main.yml
+++ b/guests/host_vars/libvirt-freebsd-11/main.yml
@@ -5,6 +5,7 @@ bash: /usr/local/bin/bash
java: /usr/local/bin/java
make: /usr/local/bin/gmake
sudo: /usr/local/bin/sudo
+sudoers: /usr/local/etc/sudoers
projects:
- base
diff --git a/guests/lcitool b/guests/lcitool
index bf270f1..018640b 100755
--- a/guests/lcitool
+++ b/guests/lcitool
@@ -141,6 +141,8 @@ do_install()
die "$PROGRAM_NAME: $GUEST: Missing configuration, guest must be installed
manually"
}
+ load_config
+
# Load configuration files. Values don't get overwritten after being
# set the first time, so loading the host-specific configuration before
# the group configuration ensures overrides work as expected
@@ -158,6 +160,11 @@ do_install()
*kickstart*|*ks*) EXTRA_ARGS="ks=file:/${INSTALL_CONFIG##*/}" ;;
esac
+ # Only configure autostart for the guest for the ci flavor
+ test "$FLAVOR" = ci && {
+ AUTOSTART="--autostart"
+ }
+
virt-install \
--name "$GUEST" \
--location "$INSTALL_URL" \
@@ -174,7 +181,7 @@ do_install()
--sound none \
--initrd-inject "$INSTALL_CONFIG" \
--extra-args "console=ttyS0 $EXTRA_ARGS" \
- --autostart \
+ $AUTOSTART \
--wait 0
}
diff --git a/guests/site.yml b/guests/site.yml
index 35e3220..76437bb 100644
--- a/guests/site.yml
+++ b/guests/site.yml
@@ -34,3 +34,8 @@
- projects is defined
# jenkins is a pseudo-project
- ( 'jenkins' in projects )
+
+ # Configure the developer account
+ - include: tasks/developer.yml
+ when:
+ - flavor == 'developer'
diff --git a/guests/tasks/developer.yml b/guests/tasks/developer.yml
new file mode 100644
index 0000000..1dad8fc
--- /dev/null
+++ b/guests/tasks/developer.yml
@@ -0,0 +1,21 @@
+---
+- name: Create developer user account
+ user:
+ name: developer
+ comment: Developer
+ password:
$6$YEzeb0A3t7jn/IwW$oMPH0mpKPPeuABH3gKDom08rLccOKBm6CrXT/deBsdP77MjBHxwHQ5EJM0MAc/sOsGKCNX0zjYYjlXP.KNUmP0
+ shell: '{{ bash }}'
+
+- name: Configure ssh access for the developer
+ authorized_key:
+ user: developer
+ key: '{{ lookup("file", lookup("env", "HOME") +
"/.ssh/id_rsa.pub") }}'
+ state: present
+
+- name: Grant passwordless sudo access to the developer
+ lineinfile:
+ path: '{{ sudoers }}'
+ line: 'developer ALL=(ALL) NOPASSWD: ALL'
+ state: present
+ backup: yes
+ validate: 'visudo -cf %s'
--
2.13.6
9:20 a.m.
New subject: [libvirt] [libvirt-jenkins-ci PATCH 4/6] guests: Implement developer flavor
On Thu, Oct 19, 2017 at 05:36:30PM +0200, Andrea Bolognani wrote:
The developer is given key-based SSH access to the guest and
granted passwordless sudo privilege for maximum convenience.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
guests/group_vars/all/main.yml | 4 +++-
guests/host_vars/libvirt-freebsd-10/main.yml | 1 +
guests/host_vars/libvirt-freebsd-11/main.yml | 1 +
guests/lcitool | 9 ++++++++-
guests/site.yml | 5 +++++
guests/tasks/developer.yml | 21 +++++++++++++++++++++
6 files changed, 39 insertions(+), 2 deletions(-)
create mode 100644 guests/tasks/developer.yml
diff --git a/guests/group_vars/all/main.yml b/guests/group_vars/all/main.yml
index d24af59..410077f 100644
--- a/guests/group_vars/all/main.yml
+++ b/guests/group_vars/all/main.yml
@@ -8,8 +8,10 @@ ansible_ssh_pass: root
jenkins_url: https://ci.centos.org/computer/{{ inventory_hostname }}/slave-agent.jnlp
-# Paths to various command. Can be overridden on a per-host basis
+# Paths to various commands and files that might be OS-dependent. Can
+# be overridden on a per-host basis
bash: /bin/bash
java: /usr/bin/java
make: /usr/bin/make
sudo: /usr/bin/sudo
+sudoers: /etc/sudoers
diff --git a/guests/host_vars/libvirt-freebsd-10/main.yml
b/guests/host_vars/libvirt-freebsd-10/main.yml
index 80d16d6..4f33c53 100644
--- a/guests/host_vars/libvirt-freebsd-10/main.yml
+++ b/guests/host_vars/libvirt-freebsd-10/main.yml
@@ -5,6 +5,7 @@ bash: /usr/local/bin/bash
java: /usr/local/bin/java
make: /usr/local/bin/gmake
sudo: /usr/local/bin/sudo
+sudoers: /usr/local/etc/sudoers
projects:
- base
diff --git a/guests/host_vars/libvirt-freebsd-11/main.yml
b/guests/host_vars/libvirt-freebsd-11/main.yml
index 80d16d6..4f33c53 100644
--- a/guests/host_vars/libvirt-freebsd-11/main.yml
+++ b/guests/host_vars/libvirt-freebsd-11/main.yml
@@ -5,6 +5,7 @@ bash: /usr/local/bin/bash
java: /usr/local/bin/java
make: /usr/local/bin/gmake
sudo: /usr/local/bin/sudo
+sudoers: /usr/local/etc/sudoers
projects:
- base
diff --git a/guests/lcitool b/guests/lcitool
index bf270f1..018640b 100755
--- a/guests/lcitool
+++ b/guests/lcitool
@@ -141,6 +141,8 @@ do_install()
die "$PROGRAM_NAME: $GUEST: Missing configuration, guest must be installed
manually"
}
+ load_config
+
# Load configuration files. Values don't get overwritten after being
# set the first time, so loading the host-specific configuration before
# the group configuration ensures overrides work as expected
@@ -158,6 +160,11 @@ do_install()
*kickstart*|*ks*) EXTRA_ARGS="ks=file:/${INSTALL_CONFIG##*/}" ;;
esac
+ # Only configure autostart for the guest for the ci flavor
+ test "$FLAVOR" = ci && {
+ AUTOSTART="--autostart"
+ }
+
virt-install \
--name "$GUEST" \
--location "$INSTALL_URL" \
@@ -174,7 +181,7 @@ do_install()
--sound none \
--initrd-inject "$INSTALL_CONFIG" \
--extra-args "console=ttyS0 $EXTRA_ARGS" \
- --autostart \
+ $AUTOSTART \
--wait 0
}
diff --git a/guests/site.yml b/guests/site.yml
index 35e3220..76437bb 100644
--- a/guests/site.yml
+++ b/guests/site.yml
@@ -34,3 +34,8 @@
- projects is defined
# jenkins is a pseudo-project
- ( 'jenkins' in projects )
+
+ # Configure the developer account
+ - include: tasks/developer.yml
+ when:
+ - flavor == 'developer'
diff --git a/guests/tasks/developer.yml b/guests/tasks/developer.yml
new file mode 100644
index 0000000..1dad8fc
--- /dev/null
+++ b/guests/tasks/developer.yml
@@ -0,0 +1,21 @@
+---
+- name: Create developer user account
+ user:
+ name: developer
+ comment: Developer
+ password:
$6$YEzeb0A3t7jn/IwW$oMPH0mpKPPeuABH3gKDom08rLccOKBm6CrXT/deBsdP77MjBHxwHQ5EJM0MAc/sOsGKCNX0zjYYjlXP.KNUmP0
How about using "test:test" account? "developer" is longer then
"test"
if you need to type it or you don't want to configure your SSH config.
Is it possible to use plain password here? There is no need to
encrypt it.
Pavel
+ shell: '{{ bash }}'
+
+- name: Configure ssh access for the developer
+ authorized_key:
+ user: developer
+ key: '{{ lookup("file", lookup("env", "HOME") +
"/.ssh/id_rsa.pub") }}'
+ state: present
+
+- name: Grant passwordless sudo access to the developer
+ lineinfile:
+ path: '{{ sudoers }}'
+ line: 'developer ALL=(ALL) NOPASSWD: ALL'
+ state: present
+ backup: yes
+ validate: 'visudo -cf %s'
--
2.13.6
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
10:09 a.m.
New subject: [libvirt] [libvirt-jenkins-ci PATCH 4/6] guests: Implement developer flavor
On Mon, 2017-10-23 at 09:20 +0200, Pavel Hrdina wrote:
> +- name: Create developer user account
> + user:
> + name: developer
> + comment: Developer
How about using "test:test" account? "developer" is longer then
"test"
if you need to type it or you don't want to configure your SSH config.
I expect people who use this more than once will have something like
Host libvirt-*
User developer
GSSAPIAuthentication no
StrictHostKeyChecking no
CheckHostIP no
UserKnownHostsFile /dev/null
in their ~/.ssh/config to avoid being bothered by SSH when they're
dealing with throwaway guests. It might actually be a good idea to
include this information in the README file.
I'd rather stick with 'developer', as I feel it's more appropriate
given the intended use case, but I'm not really adamant about it.
> + password:
$6$YEzeb0A3t7jn/IwW$oMPH0mpKPPeuABH3gKDom08rLccOKBm6CrXT/deBsdP77MjBHxwHQ5EJM0MAc/sOsGKCNX0zjYYjlXP.KNUmP0
Is it possible to use plain password here? There is no need to
encrypt it.
Unfortunately the 'user' Ansible module expects the encrypted
password :(
--
Andrea Bolognani / Red Hat / Virtualization
10:18 a.m.
New subject: [libvirt] [libvirt-jenkins-ci PATCH 4/6] guests: Implement developer flavor
On Mon, Oct 23, 2017 at 10:09:42AM +0200, Andrea Bolognani wrote:
On Mon, 2017-10-23 at 09:20 +0200, Pavel Hrdina wrote:
> > +- name: Create developer user account
> > + user:
> > + name: developer
> > + comment: Developer
>
> How about using "test:test" account? "developer" is longer then
"test"
> if you need to type it or you don't want to configure your SSH config.
I expect people who use this more than once will have something like
Host libvirt-*
User developer
GSSAPIAuthentication no
StrictHostKeyChecking no
CheckHostIP no
UserKnownHostsFile /dev/null
in their ~/.ssh/config to avoid being bothered by SSH when they're
dealing with throwaway guests. It might actually be a good idea to
include this information in the README file.
That would be helpful to document.
I'd rather stick with 'developer', as I feel it's
more appropriate
given the intended use case, but I'm not really adamant about it.
The only reason why I've suggested "test:test" is that someone may not
prefer to put that into their ssh config.
> > + password:
$6$YEzeb0A3t7jn/IwW$oMPH0mpKPPeuABH3gKDom08rLccOKBm6CrXT/deBsdP77MjBHxwHQ5EJM0MAc/sOsGKCNX0zjYYjlXP.KNUmP0
>
> Is it possible to use plain password here? There is no need to
> encrypt it.
Unfortunately the 'user' Ansible module expects the encrypted
password :(
I was afraid of that.
Pavel
5:36 p.m.
New subject: [libvirt] [libvirt-jenkins-ci PATCH 5/6] guests: Hand root password location over to Ansible
Instead of hard-coding the location in the playbook, we hand it
over at runtime when calling ansible-playbook, ensuring better
separation of concerns.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
guests/lcitool | 2 +-
guests/tasks/base.yml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/guests/lcitool b/guests/lcitool
index 018640b..1efe7e5 100755
--- a/guests/lcitool
+++ b/guests/lcitool
@@ -197,7 +197,7 @@ do_prepare() {
load_config
- EXTRA_VARS="flavor=$FLAVOR"
+ EXTRA_VARS="flavor=$FLAVOR root_password_file=$ROOT_HASH_FILE"
ansible-playbook \
--vault-password-file "$VAULT_PASS_FILE" \
diff --git a/guests/tasks/base.yml b/guests/tasks/base.yml
index b220bb0..8949632 100644
--- a/guests/tasks/base.yml
+++ b/guests/tasks/base.yml
@@ -99,7 +99,7 @@
- name: Configure root password and shell
user:
name: root
- password: '{{ lookup("file", lookup("env", "HOME")
+ "/.config/lcitool/.root-password.hash") }}'
+ password: '{{ lookup("file", root_password_file) }}'
shell: '{{ bash }}'
- name: Configure ssh access for the root user
--
2.13.6
5:36 p.m.
New subject: [libvirt] [libvirt-jenkins-ci PATCH 6/6] guests: Update documentation
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
guests/README.markdown | 45 ++++++++++++++++++++++++---------------------
1 file changed, 24 insertions(+), 21 deletions(-)
diff --git a/guests/README.markdown b/guests/README.markdown
index 100ca31..51d9012 100644
--- a/guests/README.markdown
+++ b/guests/README.markdown
@@ -11,8 +11,7 @@ There are two steps to bringing up a guest:
section below;
* `./lcitool prepare $guest` will go through all the post-installation
- configuration steps required to make the newly-created guest usable as
- part of the Jenkins CI setup.
+ configuration steps required to make the newly-created guest usable;
Once those steps have been performed, maintainance will involve running:
@@ -46,14 +45,6 @@ along the lines of
in your crontab.
-Adding new guests
------------------
-
-Adding new guests will require tweaking the inventory and host variables,
-but it should be very easy to eg. use the Fedora 26 configuration to come
-up with a working Fedora 27 configuration.
-
-
Development use
---------------
@@ -61,22 +52,26 @@ If you are a developer trying to reproduce a bug on some OS you
don't
have easy access to, you can use these tools to create a suitable test
environment.
-Since the tools are intended mainly for CI use, you'll have to tweak them
-a bit first, including:
+The `developer` flavor is used by default, so you don't need to do
+anything special in order to use it: just follow the steps outlined
+above. Once a guest has been prepared, you'll be able to log in as
+`developer` either via SSH (your public key will have been authorized)
+or on the serial console (password: `developer`).
-* trimming down the `inventory` file to just the guest you're interested in;
+Once logged in, you'll be able to perform administrative tasks using
+`sudo`. Regular root access will still be available, either through
+SSH or on the serial console.
-* removing any references to the `jenkins` pseudo-project from
- `host_vars/$guest/main.yml`, along with any references to projects you're
- not interested to (this will cut down on the number of packages installed)
- and any references to `jenkins_secret`;
-* deleting `host_vars/$guest/vault.yml` altogether.
+CI use
+------
-After performing these tweaks, you should be able to use the same steps
-outlined above.
+You'll need to configure `lcitool` to use the `ci` flavor for guests:
+to do so, just write `ci` in the `~/.config/lcitool/flavor` file.
-A better way to deal with this use case will be provided in the future.
+Once a guest has been prepared, you'll be able to log in as root either
+via SSH (your public key will have been authorized) or on the serial
+console (using the password configured earlier).
FreeBSD
@@ -95,3 +90,11 @@ Some manual tweaking will be needed, in particular:
Once these steps have been performed, FreeBSD guests can be managed just
like all other guests.
+
+
+Adding new guests
+-----------------
+
+Adding new guests will require tweaking the inventory and host variables,
+but it should be very easy to eg. use the Fedora 26 configuration to come
+up with a working Fedora 27 configuration.
--
2.13.6
1:50 p.m.
On Thu, Oct 19, 2017 at 05:36:26PM +0200, Andrea Bolognani wrote:
Make lcitool useful outside of the libvirt CI context, even though
doing so openly contradicts its name. We're just savage like that.
Andrea Bolognani (6):
guests: Open vault on demand
guests: Move configuration handling to load_config()
guests: Implement flavors
guests: Implement developer flavor
guests: Hand root password location over to Ansible
guests: Update documentation
I'll leave it up to you to change "developer" to "test".
Reviewed-by: Pavel Hrdina <phrdina(a)redhat.com>
2523
days inactive
2527
days old
12 comments
2 participants
participants (2)
-
Andrea Bolognani -
Pavel Hrdina