Gitiles
Code Review Sign In
gerrit.lfbroadband.org / platform-install / c989f26c89e1b2e829810bf359da4c59f7db474a^! / . / roles / cord-profile
commitc989f26c89e1b2e829810bf359da4c59f7db474a[log] [tgz]
authorZack Williams <zdw@cs.arizona.edu>Thu May 11 13:02:59 2017 -0700
committerZack Williams <zdw@cs.arizona.edu>Sat Jun 03 18:52:00 2017 -0700
treedd1299a417d9281a33c3577592a02f558e20b64a
parent3e58914dc7fe60fb67c7476489b22a0f23e58849 [diff]
CORD-1151
Make cord_dir and cord_profile_dir local to config node
use head_* and config_* prefixes to avoid hardcoding paths
config-side ssh key generation+
fix frontend & mock builds
[build] group in inventory
fix inventory strangeness
raise privs when creating ssh_pki_dir
move admin-openrc.sh.j2 to cord-profile
add copy-cord-playbook.yml, clarify where it runs
fix paths for head_cord_profile_dir with mock/frontend
use /opt/cord_profile/admin-openrc.sh rather than ~/admin-openrc.sh
install pki
make comment in do-enlist-compute-node accurate, set correct interface
remove hardcoded credential path
logging and ssh key fixes

Change-Id: Ie7560c911dce1558e09806c9997884dfbd475e9c

diff --git a/roles/cord-profile/defaults/main.yml b/roles/cord-profile/defaults/main.yml
index 7c25a49..542ac64 100644
--- a/roles/cord-profile/defaults/main.yml
+++ b/roles/cord-profile/defaults/main.yml

@@ -1,16 +1,22 @@
 ---
 # cord-profile/defaults/main.yml
 
-cord_dir: "{{ ansible_user_dir + '/cord' }}"
-cord_profile_dir: "{{ ansible_user_dir + '/cord_profile' }}"
+# where the cord_profile directory is on the config node
+config_cord_profile_dir: "{{ ansible_user_dir + '/cord_profile' }}"
+
 pki_dir: "{{ playbook_dir }}/pki"
+ssh_pki_dir: "{{ playbook_dir }}/ssh_pki"
 credentials_dir: "{{ playbook_dir }}/credentials"
 
-deploy_docker_registry: ""
+# where cord files are copied to on head node
+head_cord_profile_dir: "/opt/cord_profile"
+head_cord_dir: "/opt/cord"
+
+deploy_docker_registry: "" # was: "localhost:5000/"
 deploy_docker_tag: "candidate"
 
 # name of docker image to use in onboarding synchronizer
-xos_docker_image: "xosproject/xos:candidate"
+xos_docker_image: "{{ deploy_docker_registry }}xosproject/xos{{ deploy_docker_tag }}"
 
 # For storing OpenStack images
 image_dir: /opt/images
@@ -42,10 +48,10 @@
 xos_libraries:
   - "ng-xos-lib"
 
-xos_services: []
-xos_service_sshkeys: []
+# name of master ssh key for this pod
+pod_sshkey_name: "headnode"
 
-xos_images: []
+xos_services: []
 
 xos_tosca_config_templates: []
 
@@ -62,6 +68,9 @@
 xos_dir: /opt/xos
 
 # GUI Config [new GUI], used in app.config.js.j2 and style.config.js.j2
+
+enabled_gui_extensions: []
+
 gw_port: 3000
 gui_api_endpoint: "/xosapi/v1"
 gui_websocket: "/"
@@ -94,6 +103,7 @@
 
 site_name: sitename
 site_humanname: "Site HumanName"
+site_suffix: sitename.test
 
 deployment_type: deploymenttype
 

diff --git a/roles/cord-profile/tasks/main.yml b/roles/cord-profile/tasks/main.yml
index 7a5fffb..2edba24 100644
--- a/roles/cord-profile/tasks/main.yml
+++ b/roles/cord-profile/tasks/main.yml

@@ -2,61 +2,57 @@
 # cord-profile/tasks/main.yml
 # Constructs a CORD service profile directory and configuration files
 
-- name: Create and copy XOS admin password
-  copy:
-    content: "{{ xos_admin_pass }}"
-    dest: "{{ cord_dir }}/build/platform-install/credentials/{{ xos_admin_user }}"
-
 - name: Create cord_profile directory
   become: yes
   file:
-    path: "{{ cord_profile_dir }}"
+    path: "{{ config_cord_profile_dir }}"
     state: directory
     mode: 0755
     owner: "{{ ansible_user_id }}"
     group: "{{ ansible_user_gid }}"
 
-- name: Create cord_profile/profile_name, containing profile name
+- name: Create cord_profile/profile_name file containing profile name
   copy:
-    dest: "{{ cord_profile_dir }}/profile_name"
+    dest: "{{ config_cord_profile_dir }}/profile_name"
     content: "{{ cord_profile }}"
     mode: 0644
 
 - name: Create subdirectories inside cord_profile directory
   file:
-    path: "{{ cord_profile_dir }}/{{ item }}"
+    path: "{{ config_cord_profile_dir }}/{{ item }}"
     state: directory
     mode: 0755
   with_items:
     - key_import
-    - onboarding-docker-compose
     - images
 
-# *** This should be revisited. ***
-# Currently the key pair is generated on the head node by the
-# "prep" role in the "maas" repo, invoked during the "deployBase" Gradle task.
-# The keys should probably be generated earlier, in the corddev VM, and copied over.
-# The /opt/credentials directory might be a good place to keep the generated keys.
-#
-# Ensure a keypair exists in case we're not running on MaaS.
-- name: Ensure keypair
-  user:
-    name: "{{ ansible_user_id }}"
-    generate_ssh_key: yes
-
-- name: Copy ssh keys to key_import directory
+- name: Copy ssh private key to node_key file
   copy:
-    # 'expanduser' won't work below, it expands on control machine
-    src: "{{ item.source_path | replace('~', ansible_user_dir, 1) }}"
-    dest: "{{ cord_profile_dir }}/key_import/{{ item.name }}"
+    src: "{{ ssh_pki_dir }}/client_certs/{{ pod_sshkey_name }}_sshkey"
+    dest: "{{ config_cord_profile_dir }}/node_key"
     mode: 0600
     remote_src: True
-  with_items: "{{ xos_service_sshkeys }}"
+
+- name: Copy ssh private key to key_import directory for services that require it
+  copy:
+    src: "{{ ssh_pki_dir }}/client_certs/{{ pod_sshkey_name }}_sshkey"
+    dest: "{{ config_cord_profile_dir }}/key_import/{{ item.keypair }}"
+    mode: 0600
+    remote_src: True
+  with_items: "{{ xos_services | selectattr('keypair', 'defined') | list }}"
+
+- name: Copy ssh public key to key_import directory for services that require it
+  copy:
+    src: "{{ ssh_pki_dir }}/client_certs/{{ pod_sshkey_name }}_sshkey.pub"
+    dest: "{{ config_cord_profile_dir }}/key_import/{{ item.keypair }}.pub"
+    mode: 0644
+    remote_src: True
+  with_items: "{{ xos_services | selectattr('keypair', 'defined') | list }}"
 
 - name: Copy cert chain and core api key and cert
   copy:
     src: "{{ pki_dir }}/{{ item.src }}"
-    dest: "{{ cord_profile_dir }}/{{ item.dest }}"
+    dest: "{{ config_cord_profile_dir }}/{{ item.dest }}"
     mode: 0600
   with_items:
     - src: "{{ site_name }}_im_ca/private/xos-core.{{ site_suffix }}_key.pem"
@@ -66,45 +62,10 @@
     - src: "{{ site_name }}_im_ca/certs/im_cert_chain.pem"
       dest: "im_cert_chain.pem"
 
-- name: Get localhost facts (to get local uid and gid)
-  setup:
-  delegate_to: localhost
-  delegate_facts: True
-
-- name: Make local images directory
-  delegate_to: localhost
-  become: yes
-  file:
-    path: "{{ image_dir }}"
-    state: directory
-    mode: 0755
-    owner: "{{ hostvars['localhost']['ansible_user_id'] }}"
-    group: "{{ hostvars['localhost']['ansible_user_gid'] }}"
-
-- name: Download Glance VM images
-  when: use_openstack
-  delegate_to: localhost
-  get_url:
-    url: "{{ item.url }}"
-    checksum: "{{ item.checksum }}"
-    dest: "{{ image_dir }}/{{ item.name }}.qcow2"
-  with_items: "{{ xos_images }}"
-  register: glance_vm_result
-  until: glance_vm_result|success
-  retries: 5
-  delay: 10
-
-- name: Copy Glance VM images to profile directory
-  when: use_openstack
-  copy:
-    src: "{{ image_dir }}/{{ item.name }}.qcow2"
-    dest: "{{ cord_profile_dir }}/images/{{ item.name }}.qcow2"
-  with_items: "{{ xos_images }}"
-
 - name: Copy over commonly used and utility TOSCA files
   copy:
     src: "{{ item }}"
-    dest: "{{ cord_profile_dir }}/{{ item }}"
+    dest: "{{ config_cord_profile_dir }}/{{ item }}"
   with_items:
     - fixtures.yaml
     - enable-onboarding.yaml
@@ -113,7 +74,7 @@
 - name: Create templated XOS configuration files
   template:
     src: "{{ item }}.j2"
-    dest: "{{ cord_profile_dir }}/{{ item }}"
+    dest: "{{ config_cord_profile_dir }}/{{ item }}"
     mode: 0644
   with_items:
     - xos_common_config
@@ -130,36 +91,21 @@
 - name: Create profile specific templated TOSCA config files
   template:
     src: "{{ item }}.j2"
-    dest: "{{ cord_profile_dir }}/{{ item }}"
+    dest: "{{ config_cord_profile_dir }}/{{ item }}"
   with_items: "{{ xos_tosca_config_templates }}"
 
 - name: Create profile specific templated non-TOSCA files
   template:
     src: "{{ item }}.j2"
-    dest: "{{ cord_profile_dir }}/{{ item }}"
+    dest: "{{ config_cord_profile_dir }}/{{ item }}"
   with_items: "{{ xos_other_templates }}"
 
-- name: Copy node key
-  when: not on_maas and use_openstack
-  copy:
-    src: "{{ ansible_user_dir }}/.ssh/id_rsa"
-    dest: "{{ item }}/node_key"
-    owner: "{{ ansible_user }}"
-    mode: 0600
-    remote_src: True
+- name: Create OpenStack config and TOSCA onboarding
+  when: use_openstack
+  template:
+    src: "{{ item }}.j2"
+    dest: "{{ config_cord_profile_dir }}/{{ item }}"
   with_items:
-    - "{{ ansible_user_dir }}"
-    - "{{ cord_profile_dir }}"
+    - openstack.yaml
+    - admin-openrc.sh
 
-- name: Copy node key (MaaS)
-  when: on_maas and use_openstack
-  become: yes
-  copy:
-    src: "{{ maas_node_key }}"
-    dest: "{{ item }}/node_key"
-    owner: "{{ ansible_user }}"
-    mode: 0600
-    remote_src: True
-  with_items:
-    - "{{ ansible_user_dir }}"
-    - "{{ cord_profile_dir }}"

diff --git a/roles/cord-profile/templates/admin-openrc.sh.j2 b/roles/cord-profile/templates/admin-openrc.sh.j2
new file mode 100644
index 0000000..86eb230
--- /dev/null
+++ b/roles/cord-profile/templates/admin-openrc.sh.j2

@@ -0,0 +1,6 @@
+export OS_USERNAME=admin
+export OS_PASSWORD={{ keystone_admin_password }}
+export OS_TENANT_NAME=admin
+export OS_AUTH_URL=https://keystone.{{ site_suffix }}:5000/v2.0
+export OS_REGION_NAME=RegionOne
+export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt

diff --git a/roles/cord-profile/templates/docker-compose.yml.j2 b/roles/cord-profile/templates/docker-compose.yml.j2
index 29fa893..b64e837 100644
--- a/roles/cord-profile/templates/docker-compose.yml.j2
+++ b/roles/cord-profile/templates/docker-compose.yml.j2

@@ -1,7 +1,7 @@
 version: '2'
 
 # XOS docker compose
-# generated by platform-install/roles/cord-profile
+# generated by cord-profile/templates/docker-compose.yml.j2
 
 networks:
 {% for network in xos_docker_networks %}
@@ -94,8 +94,8 @@
       - xos_ws
       - xos_chameleon
     volumes:
-      - {{ cord_profile_dir }}/style.config.js:/var/www/dist/style.config.js
-      - {{ cord_profile_dir }}/app.config.js:/var/www/dist/app.config.js
+      - {{ head_cord_profile_dir }}/style.config.js:/var/www/dist/style.config.js
+      - {{ head_cord_profile_dir }}/app.config.js:/var/www/dist/app.config.js
     volumes_from:
       - gui_extensions_store
     logging:
@@ -171,7 +171,7 @@
       - xos_redis
 {% endif %}
     volumes:
-      - {{ cord_profile_dir }}/gateway-config.yml:/var/www/src/config/gateway-config.yml
+      - {{ head_cord_profile_dir }}/gateway-config.yml:/var/www/src/config/gateway-config.yml
     logging:
       driver: "json-file"
       options:
@@ -204,11 +204,11 @@
       - xos_redis
 {% endif %}
     volumes:
-      - {{ cord_profile_dir }}/xos_common_config:/opt/xos/xos_configuration/xos_common_config:ro
-      - {{ cord_profile_dir }}/xos_config.yaml:/opt/xos/xos_config.yaml:ro
-      - {{ cord_profile_dir }}:/opt/cord_profile:ro
-      - {{ cord_dir }}/orchestration/xos_libraries/ng-xos-lib:/opt/xos_libraries/ng-xos-lib:ro
-      - {{ cord_profile_dir }}/im_cert_chain.pem:/usr/local/share/ca-certificates/local_certs.crt:ro
+      - {{ head_cord_profile_dir }}/xos_common_config:/opt/xos/xos_configuration/xos_common_config:ro
+      - {{ head_cord_profile_dir }}/xos_config.yaml:/opt/xos/xos_config.yaml:ro
+      - {{ head_cord_profile_dir }}:/opt/cord_profile:ro
+      - {{ head_cord_dir }}/orchestration/xos_libraries/ng-xos-lib:/opt/xos_libraries/ng-xos-lib:ro
+      - {{ head_cord_profile_dir }}/im_cert_chain.pem:/usr/local/share/ca-certificates/local_certs.crt:ro
     logging:
       driver: "json-file"
       options:
@@ -243,11 +243,11 @@
       - xos_redis
 {% endif %}
     volumes:
-      - {{ cord_profile_dir }}/xos_common_config:/opt/xos/xos_configuration/xos_common_config:ro
-      - {{ cord_profile_dir }}/xos_config.yaml:/opt/xos/xos_config.yaml:ro
-      - {{ cord_profile_dir }}:/opt/cord_profile:ro
-      - {{ cord_dir }}/orchestration/xos_libraries/ng-xos-lib:/opt/xos_libraries/ng-xos-lib:ro
-      - {{ cord_profile_dir }}/im_cert_chain.pem:/usr/local/share/ca-certificates/local_certs.crt:ro
+      - {{ head_cord_profile_dir }}/xos_common_config:/opt/xos/xos_configuration/xos_common_config:ro
+      - {{ head_cord_profile_dir }}/xos_config.yaml:/opt/xos/xos_config.yaml:ro
+      - {{ head_cord_profile_dir }}:/opt/cord_profile:ro
+      - {{ head_cord_dir }}/orchestration/xos_libraries/ng-xos-lib:/opt/xos_libraries/ng-xos-lib:ro
+      - {{ head_cord_profile_dir }}/im_cert_chain.pem:/usr/local/share/ca-certificates/local_certs.crt:ro
       - /var/run/docker.sock:/var/run/docker.sock
     logging:
       driver: "json-file"
@@ -280,7 +280,7 @@
 
 {% if not frontend_only %}
 {% for svc in xos_services %}
-{% if svc.synchronizer is defined and svc.synchronizer %}
+{% if svc.synchronizer is not defined or svc.synchronizer %}
   {{ svc.name }}-synchronizer:
     image: {{ deploy_docker_registry }}xosproject/{{ svc.name }}-synchronizer:{{ deploy_docker_tag }}
     networks:
@@ -298,14 +298,14 @@
       - xos_redis:redis
 {% endif %}
     volumes:
-      - {{ cord_profile_dir }}/node_key:/opt/cord_profile/node_key:ro
-      - {{ cord_dir }}/build/platform-install/credentials/xosadmin@opencord.org:/opt/xos/services/{{ svc.name }}/credentials/xosadmin@opencord.org:ro
-      - {{ cord_profile_dir }}/im_cert_chain.pem:/usr/local/share/ca-certificates/local_certs.crt:ro
+      - {{ head_cord_profile_dir }}/node_key:/opt/cord_profile/node_key:ro
+      - /opt/credentials:/opt/xos/services/{{ svc.name }}/credentials:ro
+      - {{ head_cord_profile_dir }}/im_cert_chain.pem:/usr/local/share/ca-certificates/local_certs.crt:ro
 {% if svc.keypair is defined %}
-      - {{ cord_profile_dir }}/key_import/{{ svc.keypair }}:/opt/xos/services/{{ svc.name }}/keys/{{ svc.keypair }}:ro
+      - {{ head_cord_profile_dir }}/key_import/{{ svc.keypair }}:/opt/xos/services/{{ svc.name }}/keys/{{ svc.keypair }}:ro
 {% endif %}
 {% if svc.name == "openstack" %}
-      - {{ cord_profile_dir }}/images:/opt/xos/images:ro
+      - {{ head_cord_profile_dir }}/images:/opt/xos/images:ro
 {% endif %}
     logging:
       driver: "json-file"

diff --git a/roles/cord-profile/templates/xos-bootstrap-docker-compose.yaml.j2 b/roles/cord-profile/templates/xos-bootstrap-docker-compose.yaml.j2
deleted file mode 100644
index 06c20d2..0000000
--- a/roles/cord-profile/templates/xos-bootstrap-docker-compose.yaml.j2
+++ /dev/null

@@ -1,104 +0,0 @@
-version: '2'
-
-# XOS bootstrap docker compose
-# generated by platform-install/roles/cord-profile
-
-networks:
-{% for network in xos_docker_networks %}
-  {{ network }}:
-    external: true
-{% endfor %}
-
-services:
-  xos_db:
-    image: {{ deploy_docker_registry }}xosproject/xos-postgres:{{ deploy_docker_tag }}
-    networks:
-{% for network in xos_docker_networks %}
-      - {{ network }}
-{% endfor %}
-    expose:
-      - "5432"
-
-{% if use_redis %}
-  xos_redis:
-    image: {{ deploy_docker_registry }}redis:{{ deploy_docker_tag }}
-    networks:
-{% for network in xos_docker_networks %}
-     - {{ network }}
-{% endfor %}
-    logging:
-      driver: "json-file"
-      options:
-        max-size: "1000k"
-        max-file: "5"
-{% endif %}
-
-  xos_bootstrap_ui:
-    image: {{ deploy_docker_registry }}xosproject/xos:{{ deploy_docker_tag }}
-    command: python /opt/xos/manage.py runserver 0.0.0.0:{{ xos_bootstrap_ui_port }} --insecure --makemigrations
-    networks:
-{% for network in xos_docker_networks %}
-     - {{ network }}
-{% endfor %}
-    labels:
-      org.xosproject.kind: userinterface
-      org.xosproject.target: bootstrap
-    links:
-      - xos_db
-{% if use_redis %}
-      - xos_redis:redis
-{% endif %}
-    volumes:
-      - .:/opt/cord_profile:ro
-      - ./xos_common_config:/opt/xos/xos_configuration/xos_common_config:ro
-{% for service in xos_services %}
-      - {{ cord_dir }}/{{ service.path }}:/opt/xos_services/{{ service.path | basename }}:ro
-{% endfor %}
-{% for library in xos_libraries %}
-      - {{ cord_dir }}/orchestration/xos_libraries/{{ library }}:/opt/xos_libraries/{{ library }}:ro
-{% endfor %}
-{% for volume in xos_docker_volumes %}
-      - {{ volume.host }}:{{ volume.container }}{{ ":rw" if (volume.read_only is defined and not volume.read_only ) else ":ro" }}
-{% endfor %}
-    ports:
-      - "{{ xos_bootstrap_ui_port }}:{{ xos_bootstrap_ui_port }}"
-    logging:
-      driver: "json-file"
-      options:
-        max-size: "1000k"
-        max-file: "5"
-    depends_on:
-      - xos_db
-{% if use_redis %}
-      - xos_redis
-{% endif %}
-
-  xos_synchronizer_onboarding:
-    image: {{ deploy_docker_registry }}xosproject/xos:{{ deploy_docker_tag }}
-    command: bash -c "cd /opt/xos/synchronizers/onboarding; ./run.sh"
-    networks:
-{% for network in xos_docker_networks %}
-     - {{ network }}
-{% endfor %}
-    labels:
-      org.xosproject.kind: synchronizer
-      org.xosproject.target: onboarding
-    links:
-      - xos_db
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - ./key_import:/opt/xos/key_import:ro
-      - ./onboarding-docker-compose:/opt/xos/synchronizers/onboarding/docker-compose
-{% for service in xos_services %}
-      - {{ cord_dir }}/{{ service.path }}:/opt/xos_services/{{ service.path | basename }}:ro
-{% endfor %}
-{% for library in xos_libraries %}
-      - {{ cord_dir }}/orchestration/xos_libraries/{{ library }}:/opt/xos_libraries/{{ library }}:ro
-{% endfor %}
-    logging:
-      driver: "json-file"
-      options:
-        max-size: "1000k"
-        max-file: "5"
-    depends_on:
-      - xos_db

diff --git a/roles/cord-profile/templates/xos.yaml.j2 b/roles/cord-profile/templates/xos.yaml.j2
index 4bd792f..553f9b1 100644
--- a/roles/cord-profile/templates/xos.yaml.j2
+++ b/roles/cord-profile/templates/xos.yaml.j2

@@ -11,4 +11,3 @@
     xos:
       type: tosca.nodes.XOS
 
-

diff --git a/roles/cord-profile/templates/xos_common_config.j2 b/roles/cord-profile/templates/xos_common_config.j2
index 175be92..ba67acd 100644
--- a/roles/cord-profile/templates/xos_common_config.j2
+++ b/roles/cord-profile/templates/xos_common_config.j2

@@ -41,7 +41,7 @@
 dependency_graph=/opt/xos/model-deps
 logfile=/var/log/xos_backend.log
 save_ansible_output=True
-node_key={{ cord_profile_dir }}/node_key
+node_key={{ head_cord_profile_dir }}/node_key
 
 [gui]
 disable_minidashboard={{ disable_minidashboard }}