CORD-912
OpenCloud support
Change-Id: I170597cacd76c84c795a7bf4c8e77e068ebcd72a
diff --git a/roles/compute-prep/defaults/main.yml b/roles/compute-prep/defaults/main.yml
new file mode 100644
index 0000000..dc0af11
--- /dev/null
+++ b/roles/compute-prep/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+# compute-prep/defaults/main.yml
+
+ssh_pki_dir: "{{ playbook_dir }}/ssh_pki"
+
+pod_sshkey_name: "headnode"
+
diff --git a/roles/compute-prep/handlers/main.yml b/roles/compute-prep/handlers/main.yml
index d7e4f7b..881dee7 100644
--- a/roles/compute-prep/handlers/main.yml
+++ b/roles/compute-prep/handlers/main.yml
@@ -1,9 +1,5 @@
---
# file: roles/compute-prep/handlers/main.yml
-- name: run rc.local
- command: /etc/rc.local
-
-- name: update-ca-certifictes on compute node
+- name: update-ca-certificates
command: update-ca-certificates
-
diff --git a/roles/compute-prep/tasks/main.yml b/roles/compute-prep/tasks/main.yml
index 1607e5f..0a5274b 100644
--- a/roles/compute-prep/tasks/main.yml
+++ b/roles/compute-prep/tasks/main.yml
@@ -1,62 +1,52 @@
---
-# file: roles/compute-prep/tasks/main.yml
+# file: compute-prep/tasks/main.yml
- name: Install packages
apt:
name: "{{ item }}"
- state: present
update_cache: yes
cache_valid_time: 3600
with_items:
- python-yaml
+ - python-pip
- name: Add ubuntu user
user:
name: ubuntu
groups: adm
-- name: Copy over CA certs
+- name: Add pod public key to user accounts
+ when: not on_maas
+ authorized_key:
+ user: "{{ item }}"
+ key: "{{ lookup('file', '{{ ssh_pki_dir }}/client_certs/{{ pod_sshkey_name }}_sshkey.pub') }}"
+ with_items:
+ - root
+ - ubuntu
+
+- name: Add pod public key to user accounts (MaaS)
+ when: on_maas
+ authorized_key:
+ user: "{{ item }}"
+ key: "{{ lookup('file', '/opt/cord_profile/node_key.pub') }}"
+ with_items:
+ - root
+ - ubuntu
+
+- name: Copy over CA certs from head node (MaaS)
+ when: on_maas
synchronize:
src: "/usr/local/share/ca-certificates/"
dest: "/usr/local/share/ca-certificates/"
notify:
- - update-ca-certifictes on compute node
-
-- name: List certs in /usr/local/share/ca-certificates/
- command: "ls -la /usr/local/share/ca-certificates/"
- register: certs_on_compute
- tags:
- - skip_ansible_lint # diagnostics
-
-- name: Output from listing certs
- debug: var=certs_on_compute
-
-- name: Add head node ubuntu user key
- authorized_key:
- user: ubuntu
- key: "{{ hostvars[groups['head'][0]]['sshkey']['stdout'] }}"
-
-- name: Add head node root user key
- authorized_key:
- user: root
- key: "{{ hostvars[groups['head'][0]]['sshkey']['stdout'] }}"
-
-- name: Add route via /etc/rc.local
- when: not on_maas
- template:
- src=rc.local.j2
- dest=/etc/rc.local
- mode=0755
- notify:
- - run rc.local
+ - update-ca-certificates
- name: Create /var/lib/nova dir
file:
- path=/var/lib/nova
- state=directory
+ path: /var/lib/nova
+ state: directory
-- name: Remove superfluous requests package
+- name: Remove requests package which causes SSL errors
pip:
- name=requests
- state=absent
-
+ name: "requests"
+ state: absent
diff --git a/roles/compute-prep/templates/rc.local.j2 b/roles/compute-prep/templates/rc.local.j2
deleted file mode 100644
index 85d9dec..0000000
--- a/roles/compute-prep/templates/rc.local.j2
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh -e
-#
-# rc.local
-#
-# This script is executed at the end of each multiuser runlevel.
-# Make sure that the script will "exit 0" on success or any other
-# value on error.
-#
-# In order to enable or disable this script just change the execution
-# bits.
-
-{% set head_host = groups['head'][0] -%}
-{% set head_ip = hostvars[head_host]['ansible_default_ipv4']['address'] -%}
-{% set virt_network = virt_nets[0]['ipv4_prefix'] ~ '.0' -%}
-{% set virt_netmask = "255.255.255.0" -%}
-
-route add -net {{ virt_network }} netmask {{ virt_netmask }} gw {{ head_ip }} || true
-
-exit 0