From 5d2eb42f0a600fc4e262dabdee36e0440cdb2537 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Thu, 11 Jan 2018 10:59:38 +0100 Subject: [openstack] custom user commands for cloud-init Allow to specify additional user commands executed on all Nova servers provisioned via Heat. An example use case is installing and starting os-collect-config agents to put Nova servers under the configuration management driven via the host openstack cloud Heat services. This allows to integrate with another deployment tools like TripleO. Signed-off-by: Bogdan Dobrelya --- playbooks/openstack/advanced-configuration.md | 4 ++++ roles/openshift_openstack/defaults/main.yml | 2 ++ roles/openshift_openstack/templates/user_data.j2 | 7 +++++++ 3 files changed, 13 insertions(+) diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md index e8f4cfc32..fee402b32 100644 --- a/playbooks/openstack/advanced-configuration.md +++ b/playbooks/openstack/advanced-configuration.md @@ -273,6 +273,10 @@ openshift_openstack_cluster_node_labels: mylabel: myvalue ``` +`openshift_openstack_provision_user_commands` allows users to execute +additional post-provisioning commands for all of the created Nova servers in +the Heat stack. It configures the `runcmd` directive via cloud-init. + The `openshift_openstack_nodes_to_remove` allows you to specify the numerical indexes of App nodes that should be removed; for example, ['0', '2'], diff --git a/roles/openshift_openstack/defaults/main.yml b/roles/openshift_openstack/defaults/main.yml index 2bdb81632..4e3b7939a 100644 --- a/roles/openshift_openstack/defaults/main.yml +++ b/roles/openshift_openstack/defaults/main.yml @@ -94,6 +94,8 @@ openshift_openstack_etcd_volume_size: 2 openshift_openstack_lb_volume_size: 5 openshift_openstack_ephemeral_volumes: false +# User commands for cloud-init executed on all Nova servers provisioned +openshift_openstack_provision_user_commands: [] # cloud-config openshift_openstack_disable_root: true diff --git a/roles/openshift_openstack/templates/user_data.j2 b/roles/openshift_openstack/templates/user_data.j2 index ccaa5d464..e8185edfb 100644 --- a/roles/openshift_openstack/templates/user_data.j2 +++ b/roles/openshift_openstack/templates/user_data.j2 @@ -11,3 +11,10 @@ write_files: permissions: 440 content: | Defaults:openshift !requiretty + +{% if openshift_openstack_provision_user_commands %} +runcmd: +{% for cmd in openshift_openstack_provision_user_commands %} + - {{ cmd }} +{% endfor %} +{% endif %} -- cgit v1.2.1 From c9cce6db686588b977968bc65a10dc5039a08a23 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Thu, 11 Jan 2018 10:59:38 +0100 Subject: Fix openstack cloud-init runcmd templating Signed-off-by: Bogdan Dobrelya --- roles/openshift_openstack/templates/user_data.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openshift_openstack/templates/user_data.j2 b/roles/openshift_openstack/templates/user_data.j2 index e8185edfb..b8692b1ae 100644 --- a/roles/openshift_openstack/templates/user_data.j2 +++ b/roles/openshift_openstack/templates/user_data.j2 @@ -15,6 +15,6 @@ write_files: {% if openshift_openstack_provision_user_commands %} runcmd: {% for cmd in openshift_openstack_provision_user_commands %} - - {{ cmd }} + - {{ cmd|map('string')|list|tojson }} {% endfor %} {% endif %} -- cgit v1.2.1 From 5c1850b43582f8449070399df5c32c3fcd8688e2 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Fri, 12 Jan 2018 16:24:49 +0100 Subject: Clarify the ansible playbook vs cloud-init Document use cases for custom post-provision ansible hooks vs cloud-init runcmd shell commands. Rename to openshift_openstack_cloud_init_runcmd. Signed-off-by: Bogdan Dobrelya --- playbooks/openstack/advanced-configuration.md | 30 +++++++++++++++++++++--- roles/openshift_openstack/templates/user_data.j2 | 4 ++-- 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md index fee402b32..788a74f45 100644 --- a/playbooks/openstack/advanced-configuration.md +++ b/playbooks/openstack/advanced-configuration.md @@ -273,9 +273,33 @@ openshift_openstack_cluster_node_labels: mylabel: myvalue ``` -`openshift_openstack_provision_user_commands` allows users to execute -additional post-provisioning commands for all of the created Nova servers in -the Heat stack. It configures the `runcmd` directive via cloud-init. +`openshift_openstack_cloud_init_runcmd` allows users to execute +shell commands via cloud-init for all of the created Nova servers in +the Heat stack, before they are available for SSH connections. +Note that you should better off using custom ansible playbooks whenever +possible, like this `provision_install_custom.yml` example playbook: +``` +- import_playbook: openshift-ansible/playbooks/openstack/openshift-cluster/provision.yml + +- name: My custom actions + hosts: cluster_hosts + tasks: + - do whatever you want here + +- import_playbook: openshift-ansible/playbooks/openstack/openshift-cluster/install.yml +``` +The playbook leverages a two existing provider interfaces: `provision.yml` and +`install.yml`. For some cases, like SSH keys configuration and coordinated reboots of +servers, the cloud-init runcmd directive may be a better choice though. User specified +shell commands for cloud-init need to be lists, for example: +``` +- openshift_openstack_cloud_init_runcmd: + - ['echo', 'foo'] + - ['reboot'] +``` +The commands should not use JSON escaped characters: `> < & '`. So the command +`['foo', '>', '"bar"', '<', "'baz'", "&"]` is a bad one, while +`['echo', '"${HOME}"']` is OK. The `openshift_openstack_nodes_to_remove` allows you to specify the numerical indexes of App nodes that should be removed; for example, ['0', '2'], diff --git a/roles/openshift_openstack/templates/user_data.j2 b/roles/openshift_openstack/templates/user_data.j2 index b8692b1ae..e130e71c3 100644 --- a/roles/openshift_openstack/templates/user_data.j2 +++ b/roles/openshift_openstack/templates/user_data.j2 @@ -12,9 +12,9 @@ write_files: content: | Defaults:openshift !requiretty -{% if openshift_openstack_provision_user_commands %} +{% if openshift_openstack_cloud_init_runcmd %} runcmd: -{% for cmd in openshift_openstack_provision_user_commands %} +{% for cmd in openshift_openstack_cloud_init_runcmd %} - {{ cmd|map('string')|list|tojson }} {% endfor %} {% endif %} -- cgit v1.2.1 From 16bdfc74b34277cccb62935cc361ff7c486ae92d Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Fri, 12 Jan 2018 17:55:28 +0100 Subject: Note ignored Heat user data changes for openstack Signed-off-by: Bogdan Dobrelya --- playbooks/openstack/advanced-configuration.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md index 788a74f45..6fbfca3dc 100644 --- a/playbooks/openstack/advanced-configuration.md +++ b/playbooks/openstack/advanced-configuration.md @@ -301,6 +301,10 @@ The commands should not use JSON escaped characters: `> < & '`. So the command `['foo', '>', '"bar"', '<', "'baz'", "&"]` is a bad one, while `['echo', '"${HOME}"']` is OK. +**Note** To protect Nova servers from recreating when the user-data changes via +`openshift_openstack_cloud_init_runcmd`, the +`user_data_update_policy` parameter configured to `IGNORE` for Heat resources. + The `openshift_openstack_nodes_to_remove` allows you to specify the numerical indexes of App nodes that should be removed; for example, ['0', '2'], -- cgit v1.2.1 From d03e39704e8148fa1cf1869c0e5003ecf48c4f57 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Mon, 15 Jan 2018 09:45:14 +0100 Subject: Fix cloud init runcmd templating Signed-off-by: Bogdan Dobrelya --- playbooks/openstack/advanced-configuration.md | 12 ++++++------ roles/openshift_openstack/templates/user_data.j2 | 13 +++++++++++-- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md index 6fbfca3dc..df53f3681 100644 --- a/playbooks/openstack/advanced-configuration.md +++ b/playbooks/openstack/advanced-configuration.md @@ -291,15 +291,15 @@ possible, like this `provision_install_custom.yml` example playbook: The playbook leverages a two existing provider interfaces: `provision.yml` and `install.yml`. For some cases, like SSH keys configuration and coordinated reboots of servers, the cloud-init runcmd directive may be a better choice though. User specified -shell commands for cloud-init need to be lists, for example: +shell commands for cloud-init need to be either strings or lists, for example: ``` - openshift_openstack_cloud_init_runcmd: - - ['echo', 'foo'] - - ['reboot'] + - set -vx + - systemctl stop sshd # fences off ansible playbooks as we want to reboot later + - ['echo', 'foo', '>', '/tmp/foo'] + - [ ls, /tmp/foo, '||', true ] + - reboot # unfences ansible playbooks to continue after reboot ``` -The commands should not use JSON escaped characters: `> < & '`. So the command -`['foo', '>', '"bar"', '<', "'baz'", "&"]` is a bad one, while -`['echo', '"${HOME}"']` is OK. **Note** To protect Nova servers from recreating when the user-data changes via `openshift_openstack_cloud_init_runcmd`, the diff --git a/roles/openshift_openstack/templates/user_data.j2 b/roles/openshift_openstack/templates/user_data.j2 index e130e71c3..352744285 100644 --- a/roles/openshift_openstack/templates/user_data.j2 +++ b/roles/openshift_openstack/templates/user_data.j2 @@ -13,8 +13,17 @@ write_files: Defaults:openshift !requiretty {% if openshift_openstack_cloud_init_runcmd %} -runcmd: + - path: /root/ansible_install.sh + permissions: '0544' + content: | {% for cmd in openshift_openstack_cloud_init_runcmd %} - - {{ cmd|map('string')|list|tojson }} +{% if cmd is string %} + {{ cmd }} +{% elif cmd is iterable %} + {{ cmd|join(' ') }} +{% endif %} {% endfor %} + +runcmd: + - /root/ansible_install.sh {% endif %} -- cgit v1.2.1 From b9bbcca63fe9bd6cc89846ecfdac548384489fce Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Wed, 17 Jan 2018 13:33:08 +0100 Subject: Fix wording Signed-off-by: Bogdan Dobrelya --- playbooks/openstack/advanced-configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md index df53f3681..a690f2d45 100644 --- a/playbooks/openstack/advanced-configuration.md +++ b/playbooks/openstack/advanced-configuration.md @@ -276,7 +276,7 @@ openshift_openstack_cluster_node_labels: `openshift_openstack_cloud_init_runcmd` allows users to execute shell commands via cloud-init for all of the created Nova servers in the Heat stack, before they are available for SSH connections. -Note that you should better off using custom ansible playbooks whenever +Note that you should use custom ansible playbooks whenever possible, like this `provision_install_custom.yml` example playbook: ``` - import_playbook: openshift-ansible/playbooks/openstack/openshift-cluster/provision.yml -- cgit v1.2.1 From aafbd31f00f48ee9e3e1aaea8f5f316669262872 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Mon, 12 Feb 2018 15:39:23 +0100 Subject: Fix openshift_openstack_provision_user_commands Signed-off-by: Bogdan Dobrelya --- playbooks/openstack/advanced-configuration.md | 6 +++--- roles/openshift_openstack/templates/user_data.j2 | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md index a690f2d45..8df3c40b0 100644 --- a/playbooks/openstack/advanced-configuration.md +++ b/playbooks/openstack/advanced-configuration.md @@ -273,7 +273,7 @@ openshift_openstack_cluster_node_labels: mylabel: myvalue ``` -`openshift_openstack_cloud_init_runcmd` allows users to execute +`openshift_openstack_provision_user_commands` allows users to execute shell commands via cloud-init for all of the created Nova servers in the Heat stack, before they are available for SSH connections. Note that you should use custom ansible playbooks whenever @@ -293,7 +293,7 @@ The playbook leverages a two existing provider interfaces: `provision.yml` and servers, the cloud-init runcmd directive may be a better choice though. User specified shell commands for cloud-init need to be either strings or lists, for example: ``` -- openshift_openstack_cloud_init_runcmd: +- openshift_openstack_provision_user_commands: - set -vx - systemctl stop sshd # fences off ansible playbooks as we want to reboot later - ['echo', 'foo', '>', '/tmp/foo'] @@ -302,7 +302,7 @@ shell commands for cloud-init need to be either strings or lists, for example: ``` **Note** To protect Nova servers from recreating when the user-data changes via -`openshift_openstack_cloud_init_runcmd`, the +`openshift_openstack_provision_user_commands`, the `user_data_update_policy` parameter configured to `IGNORE` for Heat resources. The `openshift_openstack_nodes_to_remove` allows you to specify the numerical indexes diff --git a/roles/openshift_openstack/templates/user_data.j2 b/roles/openshift_openstack/templates/user_data.j2 index 352744285..1ca87a429 100644 --- a/roles/openshift_openstack/templates/user_data.j2 +++ b/roles/openshift_openstack/templates/user_data.j2 @@ -12,11 +12,11 @@ write_files: content: | Defaults:openshift !requiretty -{% if openshift_openstack_cloud_init_runcmd %} +{% if openshift_openstack_provision_user_commands %} - path: /root/ansible_install.sh permissions: '0544' content: | -{% for cmd in openshift_openstack_cloud_init_runcmd %} +{% for cmd in openshift_openstack_provision_user_commands %} {% if cmd is string %} {{ cmd }} {% elif cmd is iterable %} -- cgit v1.2.1