[libvirt] [libvirt-jenkins-ci PATCH 0/6] Implement developer flavor
Make lcitool useful outside of the libvirt CI context, even though doing so openly contradicts its name. We're just savage like that. Andrea Bolognani (6): guests: Open vault on demand guests: Move configuration handling to load_config() guests: Implement flavors guests: Implement developer flavor guests: Hand root password location over to Ansible guests: Update documentation guests/README.markdown | 45 ++++++------ guests/group_vars/all/main.yml | 4 +- guests/host_vars/libvirt-centos-6/main.yml | 2 - guests/host_vars/libvirt-centos-6/vault.yml | 10 --- guests/host_vars/libvirt-centos-7/main.yml | 2 - guests/host_vars/libvirt-centos-7/vault.yml | 10 --- guests/host_vars/libvirt-debian-8/main.yml | 2 - guests/host_vars/libvirt-debian-8/vault.yml | 10 --- guests/host_vars/libvirt-debian-9/main.yml | 2 - guests/host_vars/libvirt-debian-9/vault.yml | 10 --- guests/host_vars/libvirt-fedora-25/main.yml | 2 - guests/host_vars/libvirt-fedora-25/vault.yml | 10 --- guests/host_vars/libvirt-fedora-26/main.yml | 2 - guests/host_vars/libvirt-fedora-26/vault.yml | 10 --- guests/host_vars/libvirt-fedora-rawhide/main.yml | 2 - guests/host_vars/libvirt-fedora-rawhide/vault.yml | 10 --- guests/host_vars/libvirt-freebsd-10/main.yml | 3 +- guests/host_vars/libvirt-freebsd-10/vault.yml | 10 --- guests/host_vars/libvirt-freebsd-11/main.yml | 3 +- guests/host_vars/libvirt-freebsd-11/vault.yml | 10 --- guests/host_vars/libvirt-ubuntu-12/main.yml | 2 - guests/host_vars/libvirt-ubuntu-12/vault.yml | 8 -- guests/host_vars/libvirt-ubuntu-14/main.yml | 2 - guests/host_vars/libvirt-ubuntu-14/vault.yml | 8 -- guests/host_vars/libvirt-ubuntu-16/main.yml | 2 - guests/host_vars/libvirt-ubuntu-16/vault.yml | 8 -- guests/lcitool | 90 +++++++++++++++++------ guests/site.yml | 6 ++ guests/tasks/base.yml | 2 +- guests/tasks/developer.yml | 21 ++++++ guests/tasks/jenkins.yml | 8 ++ guests/vars/vault.yml | 54 ++++++++++++++ 32 files changed, 186 insertions(+), 184 deletions(-) delete mode 100644 guests/host_vars/libvirt-centos-6/vault.yml delete mode 100644 guests/host_vars/libvirt-centos-7/vault.yml delete mode 100644 guests/host_vars/libvirt-debian-8/vault.yml delete mode 100644 guests/host_vars/libvirt-debian-9/vault.yml delete mode 100644 guests/host_vars/libvirt-fedora-25/vault.yml delete mode 100644 guests/host_vars/libvirt-fedora-26/vault.yml delete mode 100644 guests/host_vars/libvirt-fedora-rawhide/vault.yml delete mode 100644 guests/host_vars/libvirt-freebsd-10/vault.yml delete mode 100644 guests/host_vars/libvirt-freebsd-11/vault.yml delete mode 100644 guests/host_vars/libvirt-ubuntu-12/vault.yml delete mode 100644 guests/host_vars/libvirt-ubuntu-14/vault.yml delete mode 100644 guests/host_vars/libvirt-ubuntu-16/vault.yml create mode 100644 guests/tasks/developer.yml create mode 100644 guests/vars/vault.yml -- 2.13.6
By storing the vault out of the inventory, we can open it on demand rather than automatically. This will eventually make it possible to use the playbooks even without knowing the vault password. Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- guests/host_vars/libvirt-centos-6/main.yml | 2 - guests/host_vars/libvirt-centos-6/vault.yml | 10 ----- guests/host_vars/libvirt-centos-7/main.yml | 2 - guests/host_vars/libvirt-centos-7/vault.yml | 10 ----- guests/host_vars/libvirt-debian-8/main.yml | 2 - guests/host_vars/libvirt-debian-8/vault.yml | 10 ----- guests/host_vars/libvirt-debian-9/main.yml | 2 - guests/host_vars/libvirt-debian-9/vault.yml | 10 ----- guests/host_vars/libvirt-fedora-25/main.yml | 2 - guests/host_vars/libvirt-fedora-25/vault.yml | 10 ----- guests/host_vars/libvirt-fedora-26/main.yml | 2 - guests/host_vars/libvirt-fedora-26/vault.yml | 10 ----- guests/host_vars/libvirt-fedora-rawhide/main.yml | 2 - guests/host_vars/libvirt-fedora-rawhide/vault.yml | 10 ----- guests/host_vars/libvirt-freebsd-10/main.yml | 2 - guests/host_vars/libvirt-freebsd-10/vault.yml | 10 ----- guests/host_vars/libvirt-freebsd-11/main.yml | 2 - guests/host_vars/libvirt-freebsd-11/vault.yml | 10 ----- guests/host_vars/libvirt-ubuntu-12/main.yml | 2 - guests/host_vars/libvirt-ubuntu-12/vault.yml | 8 ---- guests/host_vars/libvirt-ubuntu-14/main.yml | 2 - guests/host_vars/libvirt-ubuntu-14/vault.yml | 8 ---- guests/host_vars/libvirt-ubuntu-16/main.yml | 2 - guests/host_vars/libvirt-ubuntu-16/vault.yml | 8 ---- guests/tasks/jenkins.yml | 8 ++++ guests/vars/vault.yml | 54 +++++++++++++++++++++++ 26 files changed, 62 insertions(+), 138 deletions(-) delete mode 100644 guests/host_vars/libvirt-centos-6/vault.yml delete mode 100644 guests/host_vars/libvirt-centos-7/vault.yml delete mode 100644 guests/host_vars/libvirt-debian-8/vault.yml delete mode 100644 guests/host_vars/libvirt-debian-9/vault.yml delete mode 100644 guests/host_vars/libvirt-fedora-25/vault.yml delete mode 100644 guests/host_vars/libvirt-fedora-26/vault.yml delete mode 100644 guests/host_vars/libvirt-fedora-rawhide/vault.yml delete mode 100644 guests/host_vars/libvirt-freebsd-10/vault.yml delete mode 100644 guests/host_vars/libvirt-freebsd-11/vault.yml delete mode 100644 guests/host_vars/libvirt-ubuntu-12/vault.yml delete mode 100644 guests/host_vars/libvirt-ubuntu-14/vault.yml delete mode 100644 guests/host_vars/libvirt-ubuntu-16/vault.yml create mode 100644 guests/vars/vault.yml diff --git a/guests/host_vars/libvirt-centos-6/main.yml b/guests/host_vars/libvirt-centos-6/main.yml index 69ef616..d717ae7 100644 --- a/guests/host_vars/libvirt-centos-6/main.yml +++ b/guests/host_vars/libvirt-centos-6/main.yml @@ -6,5 +6,3 @@ projects: - libvirt-cim - libvirt-perl - libvirt-python - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-centos-6/vault.yml b/guests/host_vars/libvirt-centos-6/vault.yml deleted file mode 100644 index e28b263..0000000 --- a/guests/host_vars/libvirt-centos-6/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -36623466366139303234633662663431663135396238653132346239306336616463393733343064 -6131386366613438643532353536393435623464333863350a333334616430626361373536363638 -65333633306236343066303165326137626432656439663738383765323862373161363165353936 -3637356536616637390a313135306462353830626438653465343730616437633634363866313432 -62376634393738373834663939646463626232323235666364653462343435313564333132353864 -38643731383435393465393633356466303661323966306431303435366533623062303363653364 -31353833336137613832306535303634666138616438616430316434356233666364333864646265 -31313163613337613165303862313533303766666135363364653661616663346631613761373864 -3338 diff --git a/guests/host_vars/libvirt-centos-7/main.yml b/guests/host_vars/libvirt-centos-7/main.yml index 2e66a70..30c826a 100644 --- a/guests/host_vars/libvirt-centos-7/main.yml +++ b/guests/host_vars/libvirt-centos-7/main.yml @@ -15,5 +15,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-centos-7/vault.yml b/guests/host_vars/libvirt-centos-7/vault.yml deleted file mode 100644 index 81b32c4..0000000 --- a/guests/host_vars/libvirt-centos-7/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -35393538623463386331376531613663336438656535663037326364666434613463396233633638 -6365326431306637326366366533306630373039356664660a633430633463666462626662313330 -36653364343838333439633561353936646435373236343361623935333634653865333636666132 -3838643263643862370a393265633233633838383333646463353635366336383834633236386632 -65376231353031336463333533646364646162353837393765366462306562376530366161323430 -33353363366361333762653837653830343536643431623262643032653437643663643666616538 -64396639373162383836346563613366633532323363303866373461376239626562633165303239 -34623831396237636462613363626466346561613430643864363065383030616365656330376462 -3134 diff --git a/guests/host_vars/libvirt-debian-8/main.yml b/guests/host_vars/libvirt-debian-8/main.yml index a04e2a3..f097792 100644 --- a/guests/host_vars/libvirt-debian-8/main.yml +++ b/guests/host_vars/libvirt-debian-8/main.yml @@ -13,5 +13,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-debian-8/vault.yml b/guests/host_vars/libvirt-debian-8/vault.yml deleted file mode 100644 index 2db2e2f..0000000 --- a/guests/host_vars/libvirt-debian-8/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -35326166326565616237666638656562366535643534386135356166353330306464663238373037 -6438646238393762396461343836663530653662376632630a636633383264363835626436393264 -31393566356131303332646265393861363832363439336361346532363438383464383363343239 -6132396539643365660a353431316435636333376431386165333766393161636431383865623461 -33383432393866326463386361353865656664376337353734633332643036323666633732313263 -38346431663863623234636162343437613461343134343262643463653730666539633237326230 -63383132633737643865633139656637313666363362336563306335623337333331336633353339 -30323432316332363264623730303739316263356533616538323864356339336165663738663830 -3564 diff --git a/guests/host_vars/libvirt-debian-9/main.yml b/guests/host_vars/libvirt-debian-9/main.yml index 3654618..cc7cfa6 100644 --- a/guests/host_vars/libvirt-debian-9/main.yml +++ b/guests/host_vars/libvirt-debian-9/main.yml @@ -15,5 +15,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-debian-9/vault.yml b/guests/host_vars/libvirt-debian-9/vault.yml deleted file mode 100644 index 70021e2..0000000 --- a/guests/host_vars/libvirt-debian-9/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -34616266316365313033663833656439343165323932613862393336396563663764303134393837 -3430613930356132376233363361623231663430396466610a363930663838306636383664366362 -63306564633864346539373165313730333838393634316235383562393763356565633164353132 -3733633664343638370a656165663663643761313133633462363266623666643761363030386463 -64646233386665623866323538356338316362323935663563343865663930653432643530643630 -34653333643235613464313934623736636165633334303161386462623231356461343239666134 -61333138663830333930313632353735303134666637353834303739626463666332653065323562 -64656331343962633061653763343835623936383332363866616337373933623530666435386231 -6139 diff --git a/guests/host_vars/libvirt-fedora-25/main.yml b/guests/host_vars/libvirt-fedora-25/main.yml index 7d7308f..539c111 100644 --- a/guests/host_vars/libvirt-fedora-25/main.yml +++ b/guests/host_vars/libvirt-fedora-25/main.yml @@ -16,5 +16,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-fedora-25/vault.yml b/guests/host_vars/libvirt-fedora-25/vault.yml deleted file mode 100644 index 9bfd421..0000000 --- a/guests/host_vars/libvirt-fedora-25/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -65326565343861373061323836346135646463376363343162626561343434303966623064306163 -6335363137396236656336303264643964356462633736350a313364386137363566303831303731 -63343132393564303632323130613462353864393364346163613465333238653435376361396332 -3163626161303634370a626564643134316131333530373138616530366133663265626163653565 -32363035323030333236363534396139363233616263383630313431366431633366613339613332 -30643065333261633962626466323561626132643234663137353737646637316436346131656566 -32626433313235636338303162333236386537316663633434306236646332353439653134353933 -36363933663039323631303031653834393763643933623338316365613431636165626135316232 -3166 diff --git a/guests/host_vars/libvirt-fedora-26/main.yml b/guests/host_vars/libvirt-fedora-26/main.yml index 7d7308f..539c111 100644 --- a/guests/host_vars/libvirt-fedora-26/main.yml +++ b/guests/host_vars/libvirt-fedora-26/main.yml @@ -16,5 +16,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-fedora-26/vault.yml b/guests/host_vars/libvirt-fedora-26/vault.yml deleted file mode 100644 index b9956c2..0000000 --- a/guests/host_vars/libvirt-fedora-26/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -61326265373932326662666661393662333661363531366333666464373634383865623663366431 -6234626662323636356638323136353362333664353662330a386438333930366430333965303163 -33373763363439663166306137303238386164303235366363366465306530653861616566363930 -3737386566613034310a643935313539303033346663323433376432313730646665333939303831 -38343662626139623063353935366232306332303061623363313136353765323265396332333231 -37346266326130613864313031396232656361613163373163616331623365396366623333623436 -62653766626238636562656236316537316332383061363964656439656365363764663866613865 -30346363626338353762353763643035366536653664663630613237366164373436386433343236 -3066 diff --git a/guests/host_vars/libvirt-fedora-rawhide/main.yml b/guests/host_vars/libvirt-fedora-rawhide/main.yml index 7d7308f..539c111 100644 --- a/guests/host_vars/libvirt-fedora-rawhide/main.yml +++ b/guests/host_vars/libvirt-fedora-rawhide/main.yml @@ -16,5 +16,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-fedora-rawhide/vault.yml b/guests/host_vars/libvirt-fedora-rawhide/vault.yml deleted file mode 100644 index 0a6315d..0000000 --- a/guests/host_vars/libvirt-fedora-rawhide/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -30393466663562376638343863353566306365616134616434633665343036613862323833656666 -6365366638343031383765373937386163313130323466390a353730333832666138633731383931 -31333166346562343266323232663564656262373237303361396265623539646638326461376239 -6166366665663832640a353036383265356139623437363865663133656638333534363632366539 -62386337386364366664663062383938393233663733636361366133613735366633326637366634 -31643231303738373235303032343532373638386463306136313561656534316534643438656532 -32656661663337306364633637636130386234336662386437383764643137386361616131626161 -61653165383233376238666461373938653630383033303762663530633535643264656166333230 -6662 diff --git a/guests/host_vars/libvirt-freebsd-10/main.yml b/guests/host_vars/libvirt-freebsd-10/main.yml index 1547802..80d16d6 100644 --- a/guests/host_vars/libvirt-freebsd-10/main.yml +++ b/guests/host_vars/libvirt-freebsd-10/main.yml @@ -21,5 +21,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-freebsd-10/vault.yml b/guests/host_vars/libvirt-freebsd-10/vault.yml deleted file mode 100644 index ac437ba..0000000 --- a/guests/host_vars/libvirt-freebsd-10/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -62633664623566363031366662633336313239303035616162353739663063666663366536326162 -6466333764383932646530323730386561656530353430330a636433373638613064643165643536 -32376334653030336334643865396162363061383066326362633165346164303831616464636337 -3861613765393666340a313931663337633762313538316230613536303939343862306532666564 -61313939666564626632363835363238653830633666383337323263326363323766633933633862 -32363166643231613864626263303035303631616665336531633761656335646166656232303936 -66643261356665356363343931653436663666313533656239376535643264653932633335333135 -62323366363834636263386230356238333133623735373730356539323761306237623266363032 -3436 diff --git a/guests/host_vars/libvirt-freebsd-11/main.yml b/guests/host_vars/libvirt-freebsd-11/main.yml index 1547802..80d16d6 100644 --- a/guests/host_vars/libvirt-freebsd-11/main.yml +++ b/guests/host_vars/libvirt-freebsd-11/main.yml @@ -21,5 +21,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-freebsd-11/vault.yml b/guests/host_vars/libvirt-freebsd-11/vault.yml deleted file mode 100644 index e5b9464..0000000 --- a/guests/host_vars/libvirt-freebsd-11/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -35306632666132373834323664613866356638653266396439396465396265613433353032323362 -6333333439343437336634336534646332626165336436300a353266303437303131613536323664 -37343161633537323432303036613165346437643531366638386363346534303164326661643235 -6464356534643734370a633837313661633039666436303664386533363561396232326663366665 -63613334363733303534306564386534303864316364313561333334366365373131303463383962 -61623036656531653238316533653537646533363038636434356636316364316236623131616366 -31303233316563303233306435313665326164643639363735653837616531663139646634633830 -34653736653937323365626630313536363363643631326666613231393330666339356163646535 -3263 diff --git a/guests/host_vars/libvirt-ubuntu-12/main.yml b/guests/host_vars/libvirt-ubuntu-12/main.yml index 8ce497e..8873530 100644 --- a/guests/host_vars/libvirt-ubuntu-12/main.yml +++ b/guests/host_vars/libvirt-ubuntu-12/main.yml @@ -3,5 +3,3 @@ projects: - base - jenkins - libvirt - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-ubuntu-12/vault.yml b/guests/host_vars/libvirt-ubuntu-12/vault.yml deleted file mode 100644 index 123adf3..0000000 --- a/guests/host_vars/libvirt-ubuntu-12/vault.yml +++ /dev/null @@ -1,8 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -65653737663762386236356537646331656132303761633939613638663463373030373965636361 -3633386437613330316162313531643835616164313430630a333433623432633035616434626564 -32633463366462643435373261373232353837633235626435653037306338356634383733643038 -6633313064326638640a343962343331356239656235366532643038386161613663636338346335 -31653530666566353735396339653837643032353534653238303336333166643264353834646239 -30353864393064663736333036616637396134353763623338396239613430393466616632613566 -336338366261663836373430346664396132 diff --git a/guests/host_vars/libvirt-ubuntu-14/main.yml b/guests/host_vars/libvirt-ubuntu-14/main.yml index 463f020..fd1d7ee 100644 --- a/guests/host_vars/libvirt-ubuntu-14/main.yml +++ b/guests/host_vars/libvirt-ubuntu-14/main.yml @@ -10,5 +10,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-ubuntu-14/vault.yml b/guests/host_vars/libvirt-ubuntu-14/vault.yml deleted file mode 100644 index 05289b7..0000000 --- a/guests/host_vars/libvirt-ubuntu-14/vault.yml +++ /dev/null @@ -1,8 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -35663230626165363938333630343364353261393432623339353931353662363433373633333031 -6464343165626238613234633634303531346133383539370a373432313635626462393864623837 -37343133316366313530316235323261353661333662383234626530613037646235383131666135 -3432646234346634610a393632326132343834646537343332653961663130366537396432303662 -39393165633234386132323831346139396138363638313031346666626130616239396131363466 -32613561383763623735623865343434613236346135653732303561633733333461636366663739 -343531373333633332363037363537346636 diff --git a/guests/host_vars/libvirt-ubuntu-16/main.yml b/guests/host_vars/libvirt-ubuntu-16/main.yml index 460dca3..f00a9d5 100644 --- a/guests/host_vars/libvirt-ubuntu-16/main.yml +++ b/guests/host_vars/libvirt-ubuntu-16/main.yml @@ -14,5 +14,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-ubuntu-16/vault.yml b/guests/host_vars/libvirt-ubuntu-16/vault.yml deleted file mode 100644 index 3a7e20f..0000000 --- a/guests/host_vars/libvirt-ubuntu-16/vault.yml +++ /dev/null @@ -1,8 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -64643937346239616133653565336161393362303266393030636239653636623037343833643762 -6565656331373339653233383465626635303136353634310a643830643737643164633737346166 -34643637333665666239346162613435633062616366313638643232336536356464343161303632 -3937386534306465370a326535306263343036646333396665363832373137326231393630366131 -64323636396331303730336631346565643235666163353132633833636637386136323736646665 -64626635313935333565336130366661393161366331346634636233363931373137306439343131 -393039363138386236316431393264343464 diff --git a/guests/tasks/jenkins.yml b/guests/tasks/jenkins.yml index a1b8f46..d4adbb1 100644 --- a/guests/tasks/jenkins.yml +++ b/guests/tasks/jenkins.yml @@ -1,4 +1,12 @@ --- +- name: Open vault + include_vars: + file: vars/vault.yml + +- name: Look up Jenkins secret + set_fact: + jenkins_secret: '{{ vault.jenkins_secrets[inventory_hostname] }}' + - name: Create Jenkins user account user: name: jenkins diff --git a/guests/vars/vault.yml b/guests/vars/vault.yml new file mode 100644 index 0000000..d085d8b --- /dev/null +++ b/guests/vars/vault.yml @@ -0,0 +1,54 @@ +$ANSIBLE_VAULT;1.1;AES256 +38366334396263313937363332633936616365643464396133623830616239663536643662353630 +3565336236323934613932376331613766656136376436360a386664373035306232323761363665 +39336365333833373661653932323566306564666635656631616638303734616561643630633034 +3765353961313134320a613931646361643835636365343965366564333765353839356566656465 +35336236346133656237363235376433313665643039613036666637643332316634623235316136 +63646566393366656138393033313731323362306166643538666331656663646332373339623535 +33396630333838376232633038346366653830396331353230633164376130333431306631323034 +31396466303539343037336164626230633964313064383561323961613161363333656366653764 +65363263316135663137363632616532626535346565633064653030333165326131656463353065 +66636631326566366266316137626661313366363333363333343563363332613564313361316439 +64316262646138346364646437343531343635393764633937346239663732353063666333653434 +61653734343737376338363336326637303237393565303165633839356562393230386535336163 +63643565336432663039626363353266653837343230343663333735356665663537646365633865 +66383330333336336664376365633633653730353032366264343237366231386436343863663663 +63643831326262333066663166303661343033656234306137636135343433656163316266326361 +63663834343332396633386636373766396566313630656130666339306634363064363739383936 +64393533363063366530333164623235326263386266613534393436333933663338653636626131 +31323764386538653530626134623239316634663965326262653661343231616332303461376632 +33326636373831343137653030313939623964353937636337383963643064313833646334326637 +32393332323262633737626265363065626531313233306237303033343561623935356133363137 +66343963303232303562373936356230326433353765326265316334383436383462613265613534 +62316162656161353262633563323364343835633562613863303830306137656336393535353136 +39626662663063333331646535363332666662363662373634656662623965383035336435356462 +39316465316166366363396336333134616636363937613836636365306237306464653339643664 +35653238336530303965633630616139376230336533306364626266323165653036346139656239 +30323665316136613239663863636630353230396366333063353663373865376239616261333137 +35636364383639316436333634343534386530656430323031303761353531663832383865363939 +66613034653737366134326462306233316535666439386366356163383430346263343131616133 +33343162666539366364356235613939303537666561363839343164313162333335623932326432 +30396263333965613261653736366463656662303762313736316666386662613233333333353666 +32373761653566383735646261366630346436643531626338333333613465613364636331313564 +64393366373166353666323034343030323062353366633265393062653061663866643134623034 +62373939336363333664373939323139323964383832323564666561393031323964333064643630 +37613132393366663337363461653231303161626263333362616332633461316465343663666565 +39633931313931303337363333616533303263616233616365336631653637353862633632643631 +36346336373735303166333063326537623532396464386232623765326136626639393331343436 +35616332323264316266303531643162373061313437623133656332343964383063623638636434 +66656138656666343936346139633535306339616463386437313063336436613364306536393633 +39303134313766306231663030666238373530373563643434643833666132343662306136366361 +34343835623830333961616463373464313538373365346438393138636432386233663136303033 +30363362333265666662333736353330376430633838306662373136616566643037373730316238 +32303763386233653464643039616234653562623431303863306135396466396461633263666239 +38626665653463356631396266356135376635353035343931626566323661346464613763306162 +38623065633966656332343137303330613861376163623036343833623132343461646338343338 +65666336316431646531626563666134386633336562383635656661656662326535366538646133 +66353938386161626433336331623532336466613663663033356138663039633865363566626662 +64376264343130636134613835306365313164373333333866613439326164653965616534323763 +65656538643865656331346438303233393536663465353936306132386363636265623833303234 +65633434336262363664373064376463616232646465346163396431333430643535613436666133 +30343636306535613364303630666234396662323665306631383964636433343637633939666233 +33616662653866656666356439373837633030656565373031333561326131373030653363393932 +32303039373266613561353336386531343938376162323234363130353934336635313439633338 +3633 -- 2.13.6
On Thu, Oct 19, 2017 at 05:36:27PM +0200, Andrea Bolognani wrote:
By storing the vault out of the inventory, we can open it on demand rather than automatically. This will eventually make it possible to use the playbooks even without knowing the vault password.
You will need to update the libvirt-freebsd-10 secret in the guests/vars/vault.yml Pavel
On Mon, 2017-10-23 at 09:13 +0200, Pavel Hrdina wrote:
On Thu, Oct 19, 2017 at 05:36:27PM +0200, Andrea Bolognani wrote:
By storing the vault out of the inventory, we can open it on demand rather than automatically. This will eventually make it possible to use the playbooks even without knowing the vault password.
You will need to update the libvirt-freebsd-10 secret in the guests/vars/vault.yml
It's already done in my local branch :) -- Andrea Bolognani / Red Hat / Virtualization
Just a code move. We'll be adding more logic soon, and it'll be nice not to pollute the do_prepare() function too much because of it. Rename the existing load_config() function to load_install_config() accordingly. Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- guests/lcitool | 54 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 31 insertions(+), 23 deletions(-) diff --git a/guests/lcitool b/guests/lcitool index 4578327..883e0eb 100755 --- a/guests/lcitool +++ b/guests/lcitool @@ -34,12 +34,12 @@ yaml_var() { grep "^$2:\\s*" "$1" 2>/dev/null | tail -1 | sed "s/$2:\\s*//g" } -# load_config FILE +# load_install_config FILE # # Read all known configuration variables from $FILE and set them in the # environment. Configuration variables that have already been set in # the environment will not be updated. -load_config() { +load_install_config() { INSTALL_URL=${INSTALL_URL:-$(yaml_var "$1" install_url)} INSTALL_CONFIG=${INSTALL_CONFIG:-$(yaml_var "$1" install_config)} INSTALL_VIRT_TYPE=${INSTALL_VIRT_TYPE:-$(yaml_var "$1" install_virt_type)} @@ -53,6 +53,32 @@ load_config() { INSTALL_NETWORK=${INSTALL_NETWORK:-$(yaml_var "$1" install_network)} } +# load_config +# +# Read tool configuration and perform the necessary validation. +load_config() { + CONFIG_DIR="$HOME/.config/$PROGRAM_NAME" + + VAULT_PASS_FILE="$CONFIG_DIR/vault-password" + ROOT_PASS_FILE="$CONFIG_DIR/root-password" + + # Make sure required passwords exist and are not invalid (empty) + test -f "$VAULT_PASS_FILE" && test "$(cat "$VAULT_PASS_FILE")" || { + die "$PROGRAM_NAME: $VAULT_PASS_FILE: Missing or invalid password" + } + test -f "$ROOT_PASS_FILE" && test "$(cat "$ROOT_PASS_FILE")" || { + die "$PROGRAM_NAME: $ROOT_PASS_FILE: Missing or invalid password" + } + + ROOT_HASH_FILE="$CONFIG_DIR/.root-password.hash" + + # Regenerate root password hash. Ansible expects passwords as hashes but + # doesn't provide a built-in facility to generate one from plain text + hash_file "$ROOT_PASS_FILE" >"$ROOT_HASH_FILE" || { + die "$PROGRAM_NAME: Failure while hashing root password" + } +} + # ---------------------- # User-visible actions # ---------------------- @@ -92,8 +118,8 @@ do_install() # Load configuration files. Values don't get overwritten after being # set the first time, so loading the host-specific configuration before # the group configuration ensures overrides work as expected - load_config "host_vars/$GUEST/install.yml" - load_config "group_vars/all/install.yml" + load_install_config "host_vars/$GUEST/install.yml" + load_install_config "group_vars/all/install.yml" # Both memory size and disk size use GiB as unit, but virt-install wants # disk size in GiB and memory size in *MiB*, so perform conversion here @@ -136,24 +162,7 @@ do_prepare() { die "$PROGRAM_NAME: $GUEST: Unknown guest" } - VAULT_PASS_FILE="$CONFIG_DIR/vault-password" - ROOT_PASS_FILE="$CONFIG_DIR/root-password" - - # Make sure required passwords exist and are not invalid (empty) - test -f "$VAULT_PASS_FILE" && test "$(cat "$VAULT_PASS_FILE")" || { - die "$PROGRAM_NAME: $VAULT_PASS_FILE: Missing or invalid password" - } - test -f "$ROOT_PASS_FILE" && test "$(cat "$ROOT_PASS_FILE")" || { - die "$PROGRAM_NAME: $ROOT_PASS_FILE: Missing or invalid password" - } - - ROOT_HASH_FILE="$CONFIG_DIR/.root-password.hash" - - # Regenerate root password hash. Ansible expects passwords as hashes but - # doesn't provide a built-in facility to generate one from plain text - hash_file "$ROOT_PASS_FILE" >"$ROOT_HASH_FILE" || { - die "$PROGRAM_NAME: Failure while hashing root password" - } + load_config ansible-playbook \ --vault-password-file "$VAULT_PASS_FILE" \ @@ -167,7 +176,6 @@ do_prepare() { CALL_NAME="$0" PROGRAM_NAME="${0##*/}" -CONFIG_DIR="$HOME/.config/$PROGRAM_NAME" test -f "$PROGRAM_NAME" || { die "$PROGRAM_NAME: Must be run from the source directory" -- 2.13.6
Our CI infrastructure and developers have different requirements, but really the overlap is almost complete and it's a shame that we require developers to perform manual steps before we can use our tools. Flavors are a very simple and effective way to deal with the issue: we'll be able to configure guests differently based on whether they will be used for CI or development. The default flavor is developer, which doesn't require the vault password and as such can be used by anyone out of the box: the Jenkins setup is skipped in this case. Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- guests/lcitool | 35 ++++++++++++++++++++++++++++++++--- guests/site.yml | 1 + 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/guests/lcitool b/guests/lcitool index 883e0eb..bf270f1 100755 --- a/guests/lcitool +++ b/guests/lcitool @@ -59,13 +59,39 @@ load_install_config() { load_config() { CONFIG_DIR="$HOME/.config/$PROGRAM_NAME" + mkdir -p "$CONFIG_DIR" >/dev/null 2>&1 || { + die "$PROGRAM_NAME: $CONFIG_DIR: Unable to create config directory" + } + + FLAVOR_FILE="$CONFIG_DIR/flavor" VAULT_PASS_FILE="$CONFIG_DIR/vault-password" ROOT_PASS_FILE="$CONFIG_DIR/root-password" - # Make sure required passwords exist and are not invalid (empty) - test -f "$VAULT_PASS_FILE" && test "$(cat "$VAULT_PASS_FILE")" || { - die "$PROGRAM_NAME: $VAULT_PASS_FILE: Missing or invalid password" + # Two flavors are supported: developer (default) and ci. Read the + # flavor from configuration, validate it and write it back in case + # it was not present + FLAVOR="$(cat "$FLAVOR_FILE" 2>/dev/null)" + FLAVOR=${FLAVOR:-developer} + test "$FLAVOR" = developer || test "$FLAVOR" = ci || { + die "$PROGRAM_NAME: Invalid flavor '$FLAVOR'" } + echo "$FLAVOR" >"$FLAVOR_FILE" || { + die "$PROGRAM_NAME: $FLAVOR_FILE: Unable to save flavor" + } + + test "$FLAVOR" = ci && { + # The vault password is only needed for the ci flavor, so only + # validate it in that case + test -f "$VAULT_PASS_FILE" && test "$(cat "$VAULT_PASS_FILE")" || { + die "$PROGRAM_NAME: $VAULT_PASS_FILE: Missing or invalid password" + } + } || { + # For other flavors, undefine the variable so that Ansible + # will not try to read the file at all + VAULT_PASS_FILE= + } + + # Make sure the root password has been configured properly test -f "$ROOT_PASS_FILE" && test "$(cat "$ROOT_PASS_FILE")" || { die "$PROGRAM_NAME: $ROOT_PASS_FILE: Missing or invalid password" } @@ -164,8 +190,11 @@ do_prepare() { load_config + EXTRA_VARS="flavor=$FLAVOR" + ansible-playbook \ --vault-password-file "$VAULT_PASS_FILE" \ + --extra-vars "$EXTRA_VARS" \ -l "$GUEST" \ site.yml } diff --git a/guests/site.yml b/guests/site.yml index 9c75dcb..35e3220 100644 --- a/guests/site.yml +++ b/guests/site.yml @@ -30,6 +30,7 @@ # Configure the Jenkins agent - include: tasks/jenkins.yml when: + - flavor == 'ci' - projects is defined # jenkins is a pseudo-project - ( 'jenkins' in projects ) -- 2.13.6
The developer is given key-based SSH access to the guest and granted passwordless sudo privilege for maximum convenience. Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- guests/group_vars/all/main.yml | 4 +++- guests/host_vars/libvirt-freebsd-10/main.yml | 1 + guests/host_vars/libvirt-freebsd-11/main.yml | 1 + guests/lcitool | 9 ++++++++- guests/site.yml | 5 +++++ guests/tasks/developer.yml | 21 +++++++++++++++++++++ 6 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 guests/tasks/developer.yml diff --git a/guests/group_vars/all/main.yml b/guests/group_vars/all/main.yml index d24af59..410077f 100644 --- a/guests/group_vars/all/main.yml +++ b/guests/group_vars/all/main.yml @@ -8,8 +8,10 @@ ansible_ssh_pass: root jenkins_url: https://ci.centos.org/computer/{{ inventory_hostname }}/slave-agent.jnlp -# Paths to various command. Can be overridden on a per-host basis +# Paths to various commands and files that might be OS-dependent. Can +# be overridden on a per-host basis bash: /bin/bash java: /usr/bin/java make: /usr/bin/make sudo: /usr/bin/sudo +sudoers: /etc/sudoers diff --git a/guests/host_vars/libvirt-freebsd-10/main.yml b/guests/host_vars/libvirt-freebsd-10/main.yml index 80d16d6..4f33c53 100644 --- a/guests/host_vars/libvirt-freebsd-10/main.yml +++ b/guests/host_vars/libvirt-freebsd-10/main.yml @@ -5,6 +5,7 @@ bash: /usr/local/bin/bash java: /usr/local/bin/java make: /usr/local/bin/gmake sudo: /usr/local/bin/sudo +sudoers: /usr/local/etc/sudoers projects: - base diff --git a/guests/host_vars/libvirt-freebsd-11/main.yml b/guests/host_vars/libvirt-freebsd-11/main.yml index 80d16d6..4f33c53 100644 --- a/guests/host_vars/libvirt-freebsd-11/main.yml +++ b/guests/host_vars/libvirt-freebsd-11/main.yml @@ -5,6 +5,7 @@ bash: /usr/local/bin/bash java: /usr/local/bin/java make: /usr/local/bin/gmake sudo: /usr/local/bin/sudo +sudoers: /usr/local/etc/sudoers projects: - base diff --git a/guests/lcitool b/guests/lcitool index bf270f1..018640b 100755 --- a/guests/lcitool +++ b/guests/lcitool @@ -141,6 +141,8 @@ do_install() die "$PROGRAM_NAME: $GUEST: Missing configuration, guest must be installed manually" } + load_config + # Load configuration files. Values don't get overwritten after being # set the first time, so loading the host-specific configuration before # the group configuration ensures overrides work as expected @@ -158,6 +160,11 @@ do_install() *kickstart*|*ks*) EXTRA_ARGS="ks=file:/${INSTALL_CONFIG##*/}" ;; esac + # Only configure autostart for the guest for the ci flavor + test "$FLAVOR" = ci && { + AUTOSTART="--autostart" + } + virt-install \ --name "$GUEST" \ --location "$INSTALL_URL" \ @@ -174,7 +181,7 @@ do_install() --sound none \ --initrd-inject "$INSTALL_CONFIG" \ --extra-args "console=ttyS0 $EXTRA_ARGS" \ - --autostart \ + $AUTOSTART \ --wait 0 } diff --git a/guests/site.yml b/guests/site.yml index 35e3220..76437bb 100644 --- a/guests/site.yml +++ b/guests/site.yml @@ -34,3 +34,8 @@ - projects is defined # jenkins is a pseudo-project - ( 'jenkins' in projects ) + + # Configure the developer account + - include: tasks/developer.yml + when: + - flavor == 'developer' diff --git a/guests/tasks/developer.yml b/guests/tasks/developer.yml new file mode 100644 index 0000000..1dad8fc --- /dev/null +++ b/guests/tasks/developer.yml @@ -0,0 +1,21 @@ +--- +- name: Create developer user account + user: + name: developer + comment: Developer + password: $6$YEzeb0A3t7jn/IwW$oMPH0mpKPPeuABH3gKDom08rLccOKBm6CrXT/deBsdP77MjBHxwHQ5EJM0MAc/sOsGKCNX0zjYYjlXP.KNUmP0 + shell: '{{ bash }}' + +- name: Configure ssh access for the developer + authorized_key: + user: developer + key: '{{ lookup("file", lookup("env", "HOME") + "/.ssh/id_rsa.pub") }}' + state: present + +- name: Grant passwordless sudo access to the developer + lineinfile: + path: '{{ sudoers }}' + line: 'developer ALL=(ALL) NOPASSWD: ALL' + state: present + backup: yes + validate: 'visudo -cf %s' -- 2.13.6
On Thu, Oct 19, 2017 at 05:36:30PM +0200, Andrea Bolognani wrote:
The developer is given key-based SSH access to the guest and granted passwordless sudo privilege for maximum convenience.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- guests/group_vars/all/main.yml | 4 +++- guests/host_vars/libvirt-freebsd-10/main.yml | 1 + guests/host_vars/libvirt-freebsd-11/main.yml | 1 + guests/lcitool | 9 ++++++++- guests/site.yml | 5 +++++ guests/tasks/developer.yml | 21 +++++++++++++++++++++ 6 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 guests/tasks/developer.yml
diff --git a/guests/group_vars/all/main.yml b/guests/group_vars/all/main.yml index d24af59..410077f 100644 --- a/guests/group_vars/all/main.yml +++ b/guests/group_vars/all/main.yml @@ -8,8 +8,10 @@ ansible_ssh_pass: root
jenkins_url: https://ci.centos.org/computer/{{ inventory_hostname }}/slave-agent.jnlp
-# Paths to various command. Can be overridden on a per-host basis +# Paths to various commands and files that might be OS-dependent. Can +# be overridden on a per-host basis bash: /bin/bash java: /usr/bin/java make: /usr/bin/make sudo: /usr/bin/sudo +sudoers: /etc/sudoers diff --git a/guests/host_vars/libvirt-freebsd-10/main.yml b/guests/host_vars/libvirt-freebsd-10/main.yml index 80d16d6..4f33c53 100644 --- a/guests/host_vars/libvirt-freebsd-10/main.yml +++ b/guests/host_vars/libvirt-freebsd-10/main.yml @@ -5,6 +5,7 @@ bash: /usr/local/bin/bash java: /usr/local/bin/java make: /usr/local/bin/gmake sudo: /usr/local/bin/sudo +sudoers: /usr/local/etc/sudoers
projects: - base diff --git a/guests/host_vars/libvirt-freebsd-11/main.yml b/guests/host_vars/libvirt-freebsd-11/main.yml index 80d16d6..4f33c53 100644 --- a/guests/host_vars/libvirt-freebsd-11/main.yml +++ b/guests/host_vars/libvirt-freebsd-11/main.yml @@ -5,6 +5,7 @@ bash: /usr/local/bin/bash java: /usr/local/bin/java make: /usr/local/bin/gmake sudo: /usr/local/bin/sudo +sudoers: /usr/local/etc/sudoers
projects: - base diff --git a/guests/lcitool b/guests/lcitool index bf270f1..018640b 100755 --- a/guests/lcitool +++ b/guests/lcitool @@ -141,6 +141,8 @@ do_install() die "$PROGRAM_NAME: $GUEST: Missing configuration, guest must be installed manually" }
+ load_config + # Load configuration files. Values don't get overwritten after being # set the first time, so loading the host-specific configuration before # the group configuration ensures overrides work as expected @@ -158,6 +160,11 @@ do_install() *kickstart*|*ks*) EXTRA_ARGS="ks=file:/${INSTALL_CONFIG##*/}" ;; esac
+ # Only configure autostart for the guest for the ci flavor + test "$FLAVOR" = ci && { + AUTOSTART="--autostart" + } + virt-install \ --name "$GUEST" \ --location "$INSTALL_URL" \ @@ -174,7 +181,7 @@ do_install() --sound none \ --initrd-inject "$INSTALL_CONFIG" \ --extra-args "console=ttyS0 $EXTRA_ARGS" \ - --autostart \ + $AUTOSTART \ --wait 0 }
diff --git a/guests/site.yml b/guests/site.yml index 35e3220..76437bb 100644 --- a/guests/site.yml +++ b/guests/site.yml @@ -34,3 +34,8 @@ - projects is defined # jenkins is a pseudo-project - ( 'jenkins' in projects ) + + # Configure the developer account + - include: tasks/developer.yml + when: + - flavor == 'developer' diff --git a/guests/tasks/developer.yml b/guests/tasks/developer.yml new file mode 100644 index 0000000..1dad8fc --- /dev/null +++ b/guests/tasks/developer.yml @@ -0,0 +1,21 @@ +--- +- name: Create developer user account + user: + name: developer + comment: Developer + password: $6$YEzeb0A3t7jn/IwW$oMPH0mpKPPeuABH3gKDom08rLccOKBm6CrXT/deBsdP77MjBHxwHQ5EJM0MAc/sOsGKCNX0zjYYjlXP.KNUmP0
How about using "test:test" account? "developer" is longer then "test" if you need to type it or you don't want to configure your SSH config. Is it possible to use plain password here? There is no need to encrypt it. Pavel
+ shell: '{{ bash }}' + +- name: Configure ssh access for the developer + authorized_key: + user: developer + key: '{{ lookup("file", lookup("env", "HOME") + "/.ssh/id_rsa.pub") }}' + state: present + +- name: Grant passwordless sudo access to the developer + lineinfile: + path: '{{ sudoers }}' + line: 'developer ALL=(ALL) NOPASSWD: ALL' + state: present + backup: yes + validate: 'visudo -cf %s' -- 2.13.6
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Mon, 2017-10-23 at 09:20 +0200, Pavel Hrdina wrote:
+- name: Create developer user account + user: + name: developer + comment: Developer
How about using "test:test" account? "developer" is longer then "test" if you need to type it or you don't want to configure your SSH config.
I expect people who use this more than once will have something like Host libvirt-* User developer GSSAPIAuthentication no StrictHostKeyChecking no CheckHostIP no UserKnownHostsFile /dev/null in their ~/.ssh/config to avoid being bothered by SSH when they're dealing with throwaway guests. It might actually be a good idea to include this information in the README file. I'd rather stick with 'developer', as I feel it's more appropriate given the intended use case, but I'm not really adamant about it.
+ password: $6$YEzeb0A3t7jn/IwW$oMPH0mpKPPeuABH3gKDom08rLccOKBm6CrXT/deBsdP77MjBHxwHQ5EJM0MAc/sOsGKCNX0zjYYjlXP.KNUmP0
Is it possible to use plain password here? There is no need to encrypt it.
Unfortunately the 'user' Ansible module expects the encrypted password :( -- Andrea Bolognani / Red Hat / Virtualization
On Mon, Oct 23, 2017 at 10:09:42AM +0200, Andrea Bolognani wrote:
On Mon, 2017-10-23 at 09:20 +0200, Pavel Hrdina wrote:
+- name: Create developer user account + user: + name: developer + comment: Developer
How about using "test:test" account? "developer" is longer then "test" if you need to type it or you don't want to configure your SSH config.
I expect people who use this more than once will have something like
Host libvirt-* User developer GSSAPIAuthentication no StrictHostKeyChecking no CheckHostIP no UserKnownHostsFile /dev/null
in their ~/.ssh/config to avoid being bothered by SSH when they're dealing with throwaway guests. It might actually be a good idea to include this information in the README file.
That would be helpful to document.
I'd rather stick with 'developer', as I feel it's more appropriate given the intended use case, but I'm not really adamant about it.
The only reason why I've suggested "test:test" is that someone may not prefer to put that into their ssh config.
+ password: $6$YEzeb0A3t7jn/IwW$oMPH0mpKPPeuABH3gKDom08rLccOKBm6CrXT/deBsdP77MjBHxwHQ5EJM0MAc/sOsGKCNX0zjYYjlXP.KNUmP0
Is it possible to use plain password here? There is no need to encrypt it.
Unfortunately the 'user' Ansible module expects the encrypted password :(
I was afraid of that. Pavel
Instead of hard-coding the location in the playbook, we hand it over at runtime when calling ansible-playbook, ensuring better separation of concerns. Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- guests/lcitool | 2 +- guests/tasks/base.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/guests/lcitool b/guests/lcitool index 018640b..1efe7e5 100755 --- a/guests/lcitool +++ b/guests/lcitool @@ -197,7 +197,7 @@ do_prepare() { load_config - EXTRA_VARS="flavor=$FLAVOR" + EXTRA_VARS="flavor=$FLAVOR root_password_file=$ROOT_HASH_FILE" ansible-playbook \ --vault-password-file "$VAULT_PASS_FILE" \ diff --git a/guests/tasks/base.yml b/guests/tasks/base.yml index b220bb0..8949632 100644 --- a/guests/tasks/base.yml +++ b/guests/tasks/base.yml @@ -99,7 +99,7 @@ - name: Configure root password and shell user: name: root - password: '{{ lookup("file", lookup("env", "HOME") + "/.config/lcitool/.root-password.hash") }}' + password: '{{ lookup("file", root_password_file) }}' shell: '{{ bash }}' - name: Configure ssh access for the root user -- 2.13.6
Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- guests/README.markdown | 45 ++++++++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/guests/README.markdown b/guests/README.markdown index 100ca31..51d9012 100644 --- a/guests/README.markdown +++ b/guests/README.markdown @@ -11,8 +11,7 @@ There are two steps to bringing up a guest: section below; * `./lcitool prepare $guest` will go through all the post-installation - configuration steps required to make the newly-created guest usable as - part of the Jenkins CI setup. + configuration steps required to make the newly-created guest usable; Once those steps have been performed, maintainance will involve running: @@ -46,14 +45,6 @@ along the lines of in your crontab. -Adding new guests ------------------ - -Adding new guests will require tweaking the inventory and host variables, -but it should be very easy to eg. use the Fedora 26 configuration to come -up with a working Fedora 27 configuration. - - Development use --------------- @@ -61,22 +52,26 @@ If you are a developer trying to reproduce a bug on some OS you don't have easy access to, you can use these tools to create a suitable test environment. -Since the tools are intended mainly for CI use, you'll have to tweak them -a bit first, including: +The `developer` flavor is used by default, so you don't need to do +anything special in order to use it: just follow the steps outlined +above. Once a guest has been prepared, you'll be able to log in as +`developer` either via SSH (your public key will have been authorized) +or on the serial console (password: `developer`). -* trimming down the `inventory` file to just the guest you're interested in; +Once logged in, you'll be able to perform administrative tasks using +`sudo`. Regular root access will still be available, either through +SSH or on the serial console. -* removing any references to the `jenkins` pseudo-project from - `host_vars/$guest/main.yml`, along with any references to projects you're - not interested to (this will cut down on the number of packages installed) - and any references to `jenkins_secret`; -* deleting `host_vars/$guest/vault.yml` altogether. +CI use +------ -After performing these tweaks, you should be able to use the same steps -outlined above. +You'll need to configure `lcitool` to use the `ci` flavor for guests: +to do so, just write `ci` in the `~/.config/lcitool/flavor` file. -A better way to deal with this use case will be provided in the future. +Once a guest has been prepared, you'll be able to log in as root either +via SSH (your public key will have been authorized) or on the serial +console (using the password configured earlier). FreeBSD @@ -95,3 +90,11 @@ Some manual tweaking will be needed, in particular: Once these steps have been performed, FreeBSD guests can be managed just like all other guests. + + +Adding new guests +----------------- + +Adding new guests will require tweaking the inventory and host variables, +but it should be very easy to eg. use the Fedora 26 configuration to come +up with a working Fedora 27 configuration. -- 2.13.6
On Thu, Oct 19, 2017 at 05:36:26PM +0200, Andrea Bolognani wrote:
Make lcitool useful outside of the libvirt CI context, even though doing so openly contradicts its name. We're just savage like that.
Andrea Bolognani (6): guests: Open vault on demand guests: Move configuration handling to load_config() guests: Implement flavors guests: Implement developer flavor guests: Hand root password location over to Ansible guests: Update documentation
I'll leave it up to you to change "developer" to "test". Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
participants (2)
-
Andrea Bolognani -
Pavel Hrdina