vagrant: generate ssh-config

We further split libvm from vagrant. It no longer does 'vagrant
ssh-config'. Instead, it always assumes that an ssh-config is provided.
We now have complete separation of libvm from vagrant.

We change the ansible provisioner as follows:
  - Allow passing in a VAGRANT_BOX env var to override the default
    CentOS box.
  - No longer assume that the root user account is unlocked and has a
    valid 'vagrant' password. This worked for the centos box but isn't
    sure to work on every box. Instead, we now just run ansible as the
    default vagrant user, and during provisioning set up the root
    account and generate an ssh-config so that libvm can connect
    directly as root.
  - No longer build the buildimg during provisioning. This actually
    stopped working a while ago since the default rsync is disabled. We
    can just let the buildimg get created on the first compilation. In
    practice, the bigger issue isn't creating the buildimg, but being
    able to easily update the host and buildimg pkgs.

Closes: #516
Approved by: jlebon
This commit is contained in:
Jonathan Lebon 2016-10-31 16:26:56 -04:00 committed by Atomic Bot
parent ae108e08a5
commit 313a832d7c
3 changed files with 35 additions and 66 deletions

20
Vagrantfile vendored
View File

@ -3,18 +3,17 @@
# See `HACKING.md` for more information on this. # See `HACKING.md` for more information on this.
Vagrant.configure(2) do |config| Vagrant.configure(2) do |config|
config.vm.box = "centos/atomic-host"
config.vm.hostname = "centosah-dev" if ENV['VAGRANT_BOX']
config.vm.define "vmcheck" do |vmcheck| config.vm.box = ENV['VAGRANT_BOX']
else
config.vm.box = "centos/atomic-host"
end end
# It's just easier to have ssh set up as root from the start so that tests config.vm.hostname = "centosah-dev"
# don't need to sudo, which can sometimes cause issues. If we need to test
# any unprivileged things, we can still just sudo back into the vagrant config.vm.define "vmcheck" do |vmcheck|
# user. end
config.ssh.username = 'root'
config.ssh.password = 'vagrant'
config.ssh.insert_key = 'true'
# turn off the default rsync in the vagrant box (the vm tooling does this # turn off the default rsync in the vagrant box (the vm tooling does this
# for use already) # for use already)
@ -29,7 +28,6 @@ Vagrant.configure(2) do |config|
config.vm.provision "ansible" do |ansible| config.vm.provision "ansible" do |ansible|
ansible.playbook = "vagrant/setup.yml" ansible.playbook = "vagrant/setup.yml"
ansible.host_key_checking = false ansible.host_key_checking = false
ansible.extra_vars = { ansible_ssh_user: 'root' }
ansible.raw_ssh_args = ['-o ControlMaster=no'] ansible.raw_ssh_args = ['-o ControlMaster=no']
# for debugging the ansible playbook # for debugging the ansible playbook
#ansible.raw_arguments = ['-v'] #ansible.raw_arguments = ['-v']

View File

@ -20,11 +20,11 @@
# prepares the VM and library for action # prepares the VM and library for action
vm_setup() { vm_setup() {
# If there's already an ssh-config, just use that one. The user might have # We assume that there's already a configured ssh-config
# created it for a self-provisioned machine. Otherwise, let's just assume # file available to tell us how to connect to the VM.
# we're using vagrant and generate an ssh-config. if [ ! -f "${topsrcdir}/ssh-config" ]; then
if [ ! -f ssh-config ]; then echo "ERROR: No ssh-config found."
vagrant ssh-config > "${topsrcdir}/ssh-config" exit 1
fi fi
local sshopts="-F ${topsrcdir}/ssh-config \ local sshopts="-F ${topsrcdir}/ssh-config \

View File

@ -3,6 +3,9 @@
gather_facts: no gather_facts: no
become: yes become: yes
tasks: tasks:
# if we're not already using the CAHC box, then add the
# remote to make it easier for the user to rebase later
- name: add CAHC ostree remote - name: add CAHC ostree remote
command: > command: >
ostree remote add --set=gpg-verify=false centos-atomic-continuous ostree remote add --set=gpg-verify=false centos-atomic-continuous
@ -10,59 +13,27 @@
args: args:
creates: /etc/ostree/remotes.d/centos-atomic-continuous.conf creates: /etc/ostree/remotes.d/centos-atomic-continuous.conf
# Experimenting with this as a potential new name. # We generate a valid ssh-config here that libvm.sh can
- name: link nxs -> rpm-ostree # make use of. This also requires making sure the root
file: src=/usr/bin/rpm-ostree dest=/usr/local/bin/nxs owner=0 group=0 state=link # user can be ssh'ed in directly.
# add a little bit of storage (default is 3G) or docker save complains # set up auth key
- name: resize root - file: state=directory mode=0600 path=/root/.ssh
shell: lvresize -L 4G -r /dev/atomicos/root && touch /root/.resized - command: cp .ssh/authorized_keys /root/.ssh
args:
creates: /root/.resized
- name: check for builder image # make sure root account is unlocked
command: docker inspect rpm-ostree-builder - name: unlock root account
failed_when: False command: passwd -u root
changed_when: False
register: inspect
- name: check for local cache of builder image # generate ssh config
local_action: stat path=vagrant/buildimg.tar.gz - name: generate config
register: cache local_action: shell vagrant ssh-config > ../ssh-config
become: no become: no
- set_fact: - name: make sure user in config is root
# the image is available on the guest local_action: lineinfile
on_guest: "{{ inspect.rc == 0 | bool }}" dest=../ssh-config
# the image is available on the host regexp='^( *User) .*$'
on_host: "{{ cache.stat.isreg is defined and cache.stat.isreg | bool }}" line='\1 root'
backrefs=yes
# sync them up, building if necessary
# XXX: this is just a stopgap, we should also make it easy to update the
# container without having to rebuild it completely
- name: copy cached builder image
copy: src=buildimg.tar.gz dest=/tmp
when: not on_guest and on_host
- name: import cached builder image
shell: gunzip -c /tmp/buildimg.tar.gz | docker load
when: not on_guest and on_host
- name: build builder image
command: make buildimg
args:
chdir: sync/vagrant
when: not on_guest and not on_host
- name: export builder image
shell: docker save rpm-ostree-builder | gzip -c > /tmp/buildimg.tar.gz
when: not on_host
args:
creates: /tmp/buildimg.tar.gz
- name: fetch cached builder image
fetch: src=/tmp/buildimg.tar.gz dest=. flat=true
when: not on_host
become: no become: no