Closed sluetze closed 3 years ago
Thanks for this! I will test it out and provide some feedback soon.
Thanks again, I have started testing this but I think it's uncovered a few more issues. For example, virt_infra_user
defaults to the env user, not ansible_user
which means you can't log onto the machine if they are different. I've fixed that up on my local copy and pushed it here, if you want to take a look and test it? If you're happy, then I'll test some more and then squash that commit down with yours and re-write the commit message.
sorry for delay, quite busy atm. will test tomorrow and provide feedback. From the code it looks good to me.
Another thing (maybe separate issue) There is a lot going on with kvmhost[0] which seems to always be the controller node/ the node where all the SSH magic is done. Also I was planning to rollout several KVMHosts + vms on them and not sure how to place the vms on different hosts :-). will also look at this (mayb sa/su)
will test next week sry.
ok. i tested. looks good to me.
Edit: The cloud init still only works, if the remote host (delegate_to) has the private_key for the SSH connection. otherwise it fails with permission denied.
This seems to be because the id_rsa_virt-infra-ansible key is not added to the .ssh\authorized_keys, if
virt_infra_ssh_keys` is defined.
ansible@10.x.x.x: Permission denied (publickey,password)
Thanks, I'll try and take a look over the weekend.
The cloud init still
OK I'll double check that, I thought I'd fixed it, thanks.
@sluetze ok I need to test some more cause the cloud init remote connection to the host works for me using a fresh user and the key being generated...
# check no local keys
[15:40 testing ~/code/virt-infra-ansible (master *)]$ ls -l ~/.ssh/
total 4
-rw-r--r--. 1 testing testing 179 Feb 7 15:38 known_hosts
# no keys on remote host as our user
[15:39 testing ~/code/virt-infra-ansible (master *)]$ ssh dev ls -l .ssh/
testing@dev password:
total 4
-rw-r--r--. 1 testing testing 171 Feb 7 15:39 known_hosts
# run the ansible
[15:40 testing ~/code/virt-infra-ansible (master *)]$ ./run.sh -l kvmhost,simple -k
SSH password:
BECOME password[defaults to SSH password]:
...
TASK [ansible-role-virt-infra : Add guest fingerprint to SSH known_hosts] *****************************************************************************************************************************************
skipping: [dev] => (item=dev)
changed: [dev -> dev] => (item=test-simple-centos-7-0)
changed: [dev -> dev] => (item=test-simple-centos-7-1)
changed: [dev -> dev] => (item=test-simple-centos-7-2)
TASK [ansible-role-virt-infra : Wait for cloud-init to finish] ****************************************************************************************************************************************************
skipping: [dev]
changed: [test-simple-centos-7-2 -> dev]
changed: [test-simple-centos-7-1 -> dev]
changed: [test-simple-centos-7-0 -> dev]
TASK [ansible-role-virt-infra : Advise if SSH key was created] ****************************************************************************************************************************************************
skipping: [test-simple-centos-7-0] => (item=SSH key created at /home/testing/.ssh/id_rsa-virt-infra-ansible)
skipping: [test-simple-centos-7-0]
skipping: [test-simple-centos-7-1] => (item=SSH key created at /home/testing/.ssh/id_rsa-virt-infra-ansible)
skipping: [test-simple-centos-7-1]
skipping: [test-simple-centos-7-2] => (item=SSH key created at /home/testing/.ssh/id_rsa-virt-infra-ansible)
ok: [dev] => (item=SSH key created at /home/testing/.ssh/id_rsa-virt-infra-ansible) => {
"msg": "item"
}
skipping: [test-simple-centos-7-2]
PLAY RECAP ********************************************************************************************************************************************************************************************************
dev : ok=67 changed=4 unreachable=0 failed=0 skipped=78 rescued=0 ignored=0
test-simple-centos-7-0 : ok=39 changed=11 unreachable=0 failed=0 skipped=87 rescued=0 ignored=0
test-simple-centos-7-1 : ok=39 changed=11 unreachable=0 failed=0 skipped=87 rescued=0 ignored=0
test-simple-centos-7-2 : ok=39 changed=11 unreachable=0 failed=0 skipped=87 rescued=0 ignored=0
# check no local keys
[15:41 testing ~/code/virt-infra-ansible (master *)]$ ls -l ~/.ssh/
total 4
-rw-r--r--. 1 testing testing 179 Feb 7 15:38 known_hosts
# check keys created on remote
[15:42 testing ~/code/virt-infra-ansible (master *)]$ ssh dev ls -l .ssh/
testing@dev's password:
total 20
-rw-------. 1 testing testing 853 Feb 7 15:41 config
-rw-------. 1 testing testing 1799 Feb 7 15:40 id_rsa-virt-infra-ansible
-rw-r--r--. 1 testing testing 382 Feb 7 15:40 id_rsa-virt-infra-ansible.pub
-rw-------. 1 testing testing 4671 Feb 7 15:41 known_hosts
@sluetze ok I've tested this with kvm host localhost
and also a remote machine, dev
:
-u
user specified)-u
)virt_infra_user
which differs to my local and remote userIt seems to all work...
@sluetze I've added my changes into your commit and merged with https://github.com/csmart/ansible-role-virt-infra/commit/70e138f76fd57eb1c7982dc6994545401d660363
Thanks for your contribution!
fixes #35 this MAY break other cases. I'm not sure, but it should be sufficient.
Please especially take a look at the removal of cloud-init. This is the last task, nothing else (but a info) happens afterwards. This might be bad for playbooks which come after.
When using a remote host the task fails anyway, since you can't connect to a NAT network from outside the KVM Host. the task can also just be set onto ingore_failure.