vagrant: generate ssh-config
We further split libvm from vagrant. It no longer does 'vagrant ssh-config'. Instead, it always assumes that an ssh-config is provided. We now have complete separation of libvm from vagrant. We change the ansible provisioner as follows: - Allow passing in a VAGRANT_BOX env var to override the default CentOS box. - No longer assume that the root user account is unlocked and has a valid 'vagrant' password. This worked for the centos box but isn't sure to work on every box. Instead, we now just run ansible as the default vagrant user, and during provisioning set up the root account and generate an ssh-config so that libvm can connect directly as root. - No longer build the buildimg during provisioning. This actually stopped working a while ago since the default rsync is disabled. We can just let the buildimg get created on the first compilation. In practice, the bigger issue isn't creating the buildimg, but being able to easily update the host and buildimg pkgs. Closes: #516 Approved by: jlebon
This commit is contained in:
parent
ae108e08a5
commit
313a832d7c
20
Vagrantfile
vendored
20
Vagrantfile
vendored
@ -3,18 +3,17 @@
|
|||||||
# See `HACKING.md` for more information on this.
|
# See `HACKING.md` for more information on this.
|
||||||
|
|
||||||
Vagrant.configure(2) do |config|
|
Vagrant.configure(2) do |config|
|
||||||
config.vm.box = "centos/atomic-host"
|
|
||||||
config.vm.hostname = "centosah-dev"
|
if ENV['VAGRANT_BOX']
|
||||||
config.vm.define "vmcheck" do |vmcheck|
|
config.vm.box = ENV['VAGRANT_BOX']
|
||||||
|
else
|
||||||
|
config.vm.box = "centos/atomic-host"
|
||||||
end
|
end
|
||||||
|
|
||||||
# It's just easier to have ssh set up as root from the start so that tests
|
config.vm.hostname = "centosah-dev"
|
||||||
# don't need to sudo, which can sometimes cause issues. If we need to test
|
|
||||||
# any unprivileged things, we can still just sudo back into the vagrant
|
config.vm.define "vmcheck" do |vmcheck|
|
||||||
# user.
|
end
|
||||||
config.ssh.username = 'root'
|
|
||||||
config.ssh.password = 'vagrant'
|
|
||||||
config.ssh.insert_key = 'true'
|
|
||||||
|
|
||||||
# turn off the default rsync in the vagrant box (the vm tooling does this
|
# turn off the default rsync in the vagrant box (the vm tooling does this
|
||||||
# for use already)
|
# for use already)
|
||||||
@ -29,7 +28,6 @@ Vagrant.configure(2) do |config|
|
|||||||
config.vm.provision "ansible" do |ansible|
|
config.vm.provision "ansible" do |ansible|
|
||||||
ansible.playbook = "vagrant/setup.yml"
|
ansible.playbook = "vagrant/setup.yml"
|
||||||
ansible.host_key_checking = false
|
ansible.host_key_checking = false
|
||||||
ansible.extra_vars = { ansible_ssh_user: 'root' }
|
|
||||||
ansible.raw_ssh_args = ['-o ControlMaster=no']
|
ansible.raw_ssh_args = ['-o ControlMaster=no']
|
||||||
# for debugging the ansible playbook
|
# for debugging the ansible playbook
|
||||||
#ansible.raw_arguments = ['-v']
|
#ansible.raw_arguments = ['-v']
|
||||||
|
@ -20,11 +20,11 @@
|
|||||||
# prepares the VM and library for action
|
# prepares the VM and library for action
|
||||||
vm_setup() {
|
vm_setup() {
|
||||||
|
|
||||||
# If there's already an ssh-config, just use that one. The user might have
|
# We assume that there's already a configured ssh-config
|
||||||
# created it for a self-provisioned machine. Otherwise, let's just assume
|
# file available to tell us how to connect to the VM.
|
||||||
# we're using vagrant and generate an ssh-config.
|
if [ ! -f "${topsrcdir}/ssh-config" ]; then
|
||||||
if [ ! -f ssh-config ]; then
|
echo "ERROR: No ssh-config found."
|
||||||
vagrant ssh-config > "${topsrcdir}/ssh-config"
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local sshopts="-F ${topsrcdir}/ssh-config \
|
local sshopts="-F ${topsrcdir}/ssh-config \
|
||||||
|
@ -3,6 +3,9 @@
|
|||||||
gather_facts: no
|
gather_facts: no
|
||||||
become: yes
|
become: yes
|
||||||
tasks:
|
tasks:
|
||||||
|
|
||||||
|
# if we're not already using the CAHC box, then add the
|
||||||
|
# remote to make it easier for the user to rebase later
|
||||||
- name: add CAHC ostree remote
|
- name: add CAHC ostree remote
|
||||||
command: >
|
command: >
|
||||||
ostree remote add --set=gpg-verify=false centos-atomic-continuous
|
ostree remote add --set=gpg-verify=false centos-atomic-continuous
|
||||||
@ -10,59 +13,27 @@
|
|||||||
args:
|
args:
|
||||||
creates: /etc/ostree/remotes.d/centos-atomic-continuous.conf
|
creates: /etc/ostree/remotes.d/centos-atomic-continuous.conf
|
||||||
|
|
||||||
# Experimenting with this as a potential new name.
|
# We generate a valid ssh-config here that libvm.sh can
|
||||||
- name: link nxs -> rpm-ostree
|
# make use of. This also requires making sure the root
|
||||||
file: src=/usr/bin/rpm-ostree dest=/usr/local/bin/nxs owner=0 group=0 state=link
|
# user can be ssh'ed in directly.
|
||||||
|
|
||||||
# add a little bit of storage (default is 3G) or docker save complains
|
# set up auth key
|
||||||
- name: resize root
|
- file: state=directory mode=0600 path=/root/.ssh
|
||||||
shell: lvresize -L 4G -r /dev/atomicos/root && touch /root/.resized
|
- command: cp .ssh/authorized_keys /root/.ssh
|
||||||
args:
|
|
||||||
creates: /root/.resized
|
|
||||||
|
|
||||||
- name: check for builder image
|
# make sure root account is unlocked
|
||||||
command: docker inspect rpm-ostree-builder
|
- name: unlock root account
|
||||||
failed_when: False
|
command: passwd -u root
|
||||||
changed_when: False
|
|
||||||
register: inspect
|
|
||||||
|
|
||||||
- name: check for local cache of builder image
|
# generate ssh config
|
||||||
local_action: stat path=vagrant/buildimg.tar.gz
|
- name: generate config
|
||||||
register: cache
|
local_action: shell vagrant ssh-config > ../ssh-config
|
||||||
become: no
|
become: no
|
||||||
|
|
||||||
- set_fact:
|
- name: make sure user in config is root
|
||||||
# the image is available on the guest
|
local_action: lineinfile
|
||||||
on_guest: "{{ inspect.rc == 0 | bool }}"
|
dest=../ssh-config
|
||||||
# the image is available on the host
|
regexp='^( *User) .*$'
|
||||||
on_host: "{{ cache.stat.isreg is defined and cache.stat.isreg | bool }}"
|
line='\1 root'
|
||||||
|
backrefs=yes
|
||||||
# sync them up, building if necessary
|
|
||||||
|
|
||||||
# XXX: this is just a stopgap, we should also make it easy to update the
|
|
||||||
# container without having to rebuild it completely
|
|
||||||
|
|
||||||
- name: copy cached builder image
|
|
||||||
copy: src=buildimg.tar.gz dest=/tmp
|
|
||||||
when: not on_guest and on_host
|
|
||||||
|
|
||||||
- name: import cached builder image
|
|
||||||
shell: gunzip -c /tmp/buildimg.tar.gz | docker load
|
|
||||||
when: not on_guest and on_host
|
|
||||||
|
|
||||||
- name: build builder image
|
|
||||||
command: make buildimg
|
|
||||||
args:
|
|
||||||
chdir: sync/vagrant
|
|
||||||
when: not on_guest and not on_host
|
|
||||||
|
|
||||||
- name: export builder image
|
|
||||||
shell: docker save rpm-ostree-builder | gzip -c > /tmp/buildimg.tar.gz
|
|
||||||
when: not on_host
|
|
||||||
args:
|
|
||||||
creates: /tmp/buildimg.tar.gz
|
|
||||||
|
|
||||||
- name: fetch cached builder image
|
|
||||||
fetch: src=/tmp/buildimg.tar.gz dest=. flat=true
|
|
||||||
when: not on_host
|
|
||||||
become: no
|
become: no
|
||||||
|
Loading…
Reference in New Issue
Block a user