vagrant: generate ssh-config

We further split libvm from vagrant. It no longer does 'vagrant
ssh-config'. Instead, it always assumes that an ssh-config is provided.
We now have complete separation of libvm from vagrant.

We change the ansible provisioner as follows:
  - Allow passing in a VAGRANT_BOX env var to override the default
    CentOS box.
  - No longer assume that the root user account is unlocked and has a
    valid 'vagrant' password. This worked for the centos box but isn't
    sure to work on every box. Instead, we now just run ansible as the
    default vagrant user, and during provisioning set up the root
    account and generate an ssh-config so that libvm can connect
    directly as root.
  - No longer build the buildimg during provisioning. This actually
    stopped working a while ago since the default rsync is disabled. We
    can just let the buildimg get created on the first compilation. In
    practice, the bigger issue isn't creating the buildimg, but being
    able to easily update the host and buildimg pkgs.

Closes: #516
Approved by: jlebon
This commit is contained in:
Jonathan Lebon 2016-10-31 16:26:56 -04:00 committed by Atomic Bot
parent ae108e08a5
commit 313a832d7c
3 changed files with 35 additions and 66 deletions

20
Vagrantfile vendored
View File

@ -3,18 +3,17 @@
# See `HACKING.md` for more information on this.
Vagrant.configure(2) do |config|
config.vm.box = "centos/atomic-host"
config.vm.hostname = "centosah-dev"
config.vm.define "vmcheck" do |vmcheck|
if ENV['VAGRANT_BOX']
config.vm.box = ENV['VAGRANT_BOX']
else
config.vm.box = "centos/atomic-host"
end
# It's just easier to have ssh set up as root from the start so that tests
# don't need to sudo, which can sometimes cause issues. If we need to test
# any unprivileged things, we can still just sudo back into the vagrant
# user.
config.ssh.username = 'root'
config.ssh.password = 'vagrant'
config.ssh.insert_key = 'true'
config.vm.hostname = "centosah-dev"
config.vm.define "vmcheck" do |vmcheck|
end
# turn off the default rsync in the vagrant box (the vm tooling does this
# for use already)
@ -29,7 +28,6 @@ Vagrant.configure(2) do |config|
config.vm.provision "ansible" do |ansible|
ansible.playbook = "vagrant/setup.yml"
ansible.host_key_checking = false
ansible.extra_vars = { ansible_ssh_user: 'root' }
ansible.raw_ssh_args = ['-o ControlMaster=no']
# for debugging the ansible playbook
#ansible.raw_arguments = ['-v']

View File

@ -20,11 +20,11 @@
# prepares the VM and library for action
vm_setup() {
# If there's already an ssh-config, just use that one. The user might have
# created it for a self-provisioned machine. Otherwise, let's just assume
# we're using vagrant and generate an ssh-config.
if [ ! -f ssh-config ]; then
vagrant ssh-config > "${topsrcdir}/ssh-config"
# We assume that there's already a configured ssh-config
# file available to tell us how to connect to the VM.
if [ ! -f "${topsrcdir}/ssh-config" ]; then
echo "ERROR: No ssh-config found."
exit 1
fi
local sshopts="-F ${topsrcdir}/ssh-config \

View File

@ -3,6 +3,9 @@
gather_facts: no
become: yes
tasks:
# if we're not already using the CAHC box, then add the
# remote to make it easier for the user to rebase later
- name: add CAHC ostree remote
command: >
ostree remote add --set=gpg-verify=false centos-atomic-continuous
@ -10,59 +13,27 @@
args:
creates: /etc/ostree/remotes.d/centos-atomic-continuous.conf
# Experimenting with this as a potential new name.
- name: link nxs -> rpm-ostree
file: src=/usr/bin/rpm-ostree dest=/usr/local/bin/nxs owner=0 group=0 state=link
# We generate a valid ssh-config here that libvm.sh can
# make use of. This also requires making sure the root
# user can be ssh'ed in directly.
# add a little bit of storage (default is 3G) or docker save complains
- name: resize root
shell: lvresize -L 4G -r /dev/atomicos/root && touch /root/.resized
args:
creates: /root/.resized
# set up auth key
- file: state=directory mode=0600 path=/root/.ssh
- command: cp .ssh/authorized_keys /root/.ssh
- name: check for builder image
command: docker inspect rpm-ostree-builder
failed_when: False
changed_when: False
register: inspect
# make sure root account is unlocked
- name: unlock root account
command: passwd -u root
- name: check for local cache of builder image
local_action: stat path=vagrant/buildimg.tar.gz
register: cache
# generate ssh config
- name: generate config
local_action: shell vagrant ssh-config > ../ssh-config
become: no
- set_fact:
# the image is available on the guest
on_guest: "{{ inspect.rc == 0 | bool }}"
# the image is available on the host
on_host: "{{ cache.stat.isreg is defined and cache.stat.isreg | bool }}"
# sync them up, building if necessary
# XXX: this is just a stopgap, we should also make it easy to update the
# container without having to rebuild it completely
- name: copy cached builder image
copy: src=buildimg.tar.gz dest=/tmp
when: not on_guest and on_host
- name: import cached builder image
shell: gunzip -c /tmp/buildimg.tar.gz | docker load
when: not on_guest and on_host
- name: build builder image
command: make buildimg
args:
chdir: sync/vagrant
when: not on_guest and not on_host
- name: export builder image
shell: docker save rpm-ostree-builder | gzip -c > /tmp/buildimg.tar.gz
when: not on_host
args:
creates: /tmp/buildimg.tar.gz
- name: fetch cached builder image
fetch: src=/tmp/buildimg.tar.gz dest=. flat=true
when: not on_host
- name: make sure user in config is root
local_action: lineinfile
dest=../ssh-config
regexp='^( *User) .*$'
line='\1 root'
backrefs=yes
become: no