vagrant: generate ssh-config
We further split libvm from vagrant. It no longer does 'vagrant ssh-config'. Instead, it always assumes that an ssh-config is provided. We now have complete separation of libvm from vagrant. We change the ansible provisioner as follows: - Allow passing in a VAGRANT_BOX env var to override the default CentOS box. - No longer assume that the root user account is unlocked and has a valid 'vagrant' password. This worked for the centos box but isn't sure to work on every box. Instead, we now just run ansible as the default vagrant user, and during provisioning set up the root account and generate an ssh-config so that libvm can connect directly as root. - No longer build the buildimg during provisioning. This actually stopped working a while ago since the default rsync is disabled. We can just let the buildimg get created on the first compilation. In practice, the bigger issue isn't creating the buildimg, but being able to easily update the host and buildimg pkgs. Closes: #516 Approved by: jlebon
This commit is contained in:
parent
ae108e08a5
commit
313a832d7c
20
Vagrantfile
vendored
20
Vagrantfile
vendored
@ -3,18 +3,17 @@
|
||||
# See `HACKING.md` for more information on this.
|
||||
|
||||
Vagrant.configure(2) do |config|
|
||||
config.vm.box = "centos/atomic-host"
|
||||
config.vm.hostname = "centosah-dev"
|
||||
config.vm.define "vmcheck" do |vmcheck|
|
||||
|
||||
if ENV['VAGRANT_BOX']
|
||||
config.vm.box = ENV['VAGRANT_BOX']
|
||||
else
|
||||
config.vm.box = "centos/atomic-host"
|
||||
end
|
||||
|
||||
# It's just easier to have ssh set up as root from the start so that tests
|
||||
# don't need to sudo, which can sometimes cause issues. If we need to test
|
||||
# any unprivileged things, we can still just sudo back into the vagrant
|
||||
# user.
|
||||
config.ssh.username = 'root'
|
||||
config.ssh.password = 'vagrant'
|
||||
config.ssh.insert_key = 'true'
|
||||
config.vm.hostname = "centosah-dev"
|
||||
|
||||
config.vm.define "vmcheck" do |vmcheck|
|
||||
end
|
||||
|
||||
# turn off the default rsync in the vagrant box (the vm tooling does this
|
||||
# for use already)
|
||||
@ -29,7 +28,6 @@ Vagrant.configure(2) do |config|
|
||||
config.vm.provision "ansible" do |ansible|
|
||||
ansible.playbook = "vagrant/setup.yml"
|
||||
ansible.host_key_checking = false
|
||||
ansible.extra_vars = { ansible_ssh_user: 'root' }
|
||||
ansible.raw_ssh_args = ['-o ControlMaster=no']
|
||||
# for debugging the ansible playbook
|
||||
#ansible.raw_arguments = ['-v']
|
||||
|
@ -20,11 +20,11 @@
|
||||
# prepares the VM and library for action
|
||||
vm_setup() {
|
||||
|
||||
# If there's already an ssh-config, just use that one. The user might have
|
||||
# created it for a self-provisioned machine. Otherwise, let's just assume
|
||||
# we're using vagrant and generate an ssh-config.
|
||||
if [ ! -f ssh-config ]; then
|
||||
vagrant ssh-config > "${topsrcdir}/ssh-config"
|
||||
# We assume that there's already a configured ssh-config
|
||||
# file available to tell us how to connect to the VM.
|
||||
if [ ! -f "${topsrcdir}/ssh-config" ]; then
|
||||
echo "ERROR: No ssh-config found."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
local sshopts="-F ${topsrcdir}/ssh-config \
|
||||
|
@ -3,6 +3,9 @@
|
||||
gather_facts: no
|
||||
become: yes
|
||||
tasks:
|
||||
|
||||
# if we're not already using the CAHC box, then add the
|
||||
# remote to make it easier for the user to rebase later
|
||||
- name: add CAHC ostree remote
|
||||
command: >
|
||||
ostree remote add --set=gpg-verify=false centos-atomic-continuous
|
||||
@ -10,59 +13,27 @@
|
||||
args:
|
||||
creates: /etc/ostree/remotes.d/centos-atomic-continuous.conf
|
||||
|
||||
# Experimenting with this as a potential new name.
|
||||
- name: link nxs -> rpm-ostree
|
||||
file: src=/usr/bin/rpm-ostree dest=/usr/local/bin/nxs owner=0 group=0 state=link
|
||||
# We generate a valid ssh-config here that libvm.sh can
|
||||
# make use of. This also requires making sure the root
|
||||
# user can be ssh'ed in directly.
|
||||
|
||||
# add a little bit of storage (default is 3G) or docker save complains
|
||||
- name: resize root
|
||||
shell: lvresize -L 4G -r /dev/atomicos/root && touch /root/.resized
|
||||
args:
|
||||
creates: /root/.resized
|
||||
# set up auth key
|
||||
- file: state=directory mode=0600 path=/root/.ssh
|
||||
- command: cp .ssh/authorized_keys /root/.ssh
|
||||
|
||||
- name: check for builder image
|
||||
command: docker inspect rpm-ostree-builder
|
||||
failed_when: False
|
||||
changed_when: False
|
||||
register: inspect
|
||||
# make sure root account is unlocked
|
||||
- name: unlock root account
|
||||
command: passwd -u root
|
||||
|
||||
- name: check for local cache of builder image
|
||||
local_action: stat path=vagrant/buildimg.tar.gz
|
||||
register: cache
|
||||
# generate ssh config
|
||||
- name: generate config
|
||||
local_action: shell vagrant ssh-config > ../ssh-config
|
||||
become: no
|
||||
|
||||
- set_fact:
|
||||
# the image is available on the guest
|
||||
on_guest: "{{ inspect.rc == 0 | bool }}"
|
||||
# the image is available on the host
|
||||
on_host: "{{ cache.stat.isreg is defined and cache.stat.isreg | bool }}"
|
||||
|
||||
# sync them up, building if necessary
|
||||
|
||||
# XXX: this is just a stopgap, we should also make it easy to update the
|
||||
# container without having to rebuild it completely
|
||||
|
||||
- name: copy cached builder image
|
||||
copy: src=buildimg.tar.gz dest=/tmp
|
||||
when: not on_guest and on_host
|
||||
|
||||
- name: import cached builder image
|
||||
shell: gunzip -c /tmp/buildimg.tar.gz | docker load
|
||||
when: not on_guest and on_host
|
||||
|
||||
- name: build builder image
|
||||
command: make buildimg
|
||||
args:
|
||||
chdir: sync/vagrant
|
||||
when: not on_guest and not on_host
|
||||
|
||||
- name: export builder image
|
||||
shell: docker save rpm-ostree-builder | gzip -c > /tmp/buildimg.tar.gz
|
||||
when: not on_host
|
||||
args:
|
||||
creates: /tmp/buildimg.tar.gz
|
||||
|
||||
- name: fetch cached builder image
|
||||
fetch: src=/tmp/buildimg.tar.gz dest=. flat=true
|
||||
when: not on_host
|
||||
- name: make sure user in config is root
|
||||
local_action: lineinfile
|
||||
dest=../ssh-config
|
||||
regexp='^( *User) .*$'
|
||||
line='\1 root'
|
||||
backrefs=yes
|
||||
become: no
|
||||
|
Loading…
Reference in New Issue
Block a user