From nobody Sat Apr 27 11:15:54 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1508427408215182.65267786993593; Thu, 19 Oct 2017 08:36:48 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 23F26C050053; Thu, 19 Oct 2017 15:36:47 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 01EFFA1D48; Thu, 19 Oct 2017 15:36:47 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id BFA863D3D6; Thu, 19 Oct 2017 15:36:46 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v9JFah1u013773 for ; Thu, 19 Oct 2017 11:36:43 -0400 Received: by smtp.corp.redhat.com (Postfix) id 250D3BA218; Thu, 19 Oct 2017 15:36:43 +0000 (UTC) Received: from inaba.usersys.redhat.com (ovpn-204-95.brq.redhat.com [10.40.204.95]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1B7C0BA215 for ; Thu, 19 Oct 2017 15:36:41 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 23F26C050053 Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: Andrea Bolognani To: libvir-list@redhat.com Date: Thu, 19 Oct 2017 17:36:27 +0200 Message-Id: <20171019153632.15016-2-abologna@redhat.com> In-Reply-To: <20171019153632.15016-1-abologna@redhat.com> References: <20171019153632.15016-1-abologna@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [libvirt-jenkins-ci PATCH 1/6] guests: Open vault on demand X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Thu, 19 Oct 2017 15:36:47 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" By storing the vault out of the inventory, we can open it on demand rather than automatically. This will eventually make it possible to use the playbooks even without knowing the vault password. Signed-off-by: Andrea Bolognani Reviewed-by: Pavel Hrdina --- guests/host_vars/libvirt-centos-6/main.yml | 2 - guests/host_vars/libvirt-centos-6/vault.yml | 10 ----- guests/host_vars/libvirt-centos-7/main.yml | 2 - guests/host_vars/libvirt-centos-7/vault.yml | 10 ----- guests/host_vars/libvirt-debian-8/main.yml | 2 - guests/host_vars/libvirt-debian-8/vault.yml | 10 ----- guests/host_vars/libvirt-debian-9/main.yml | 2 - guests/host_vars/libvirt-debian-9/vault.yml | 10 ----- guests/host_vars/libvirt-fedora-25/main.yml | 2 - guests/host_vars/libvirt-fedora-25/vault.yml | 10 ----- guests/host_vars/libvirt-fedora-26/main.yml | 2 - guests/host_vars/libvirt-fedora-26/vault.yml | 10 ----- guests/host_vars/libvirt-fedora-rawhide/main.yml | 2 - guests/host_vars/libvirt-fedora-rawhide/vault.yml | 10 ----- guests/host_vars/libvirt-freebsd-10/main.yml | 2 - guests/host_vars/libvirt-freebsd-10/vault.yml | 10 ----- guests/host_vars/libvirt-freebsd-11/main.yml | 2 - guests/host_vars/libvirt-freebsd-11/vault.yml | 10 ----- guests/host_vars/libvirt-ubuntu-12/main.yml | 2 - guests/host_vars/libvirt-ubuntu-12/vault.yml | 8 ---- guests/host_vars/libvirt-ubuntu-14/main.yml | 2 - guests/host_vars/libvirt-ubuntu-14/vault.yml | 8 ---- guests/host_vars/libvirt-ubuntu-16/main.yml | 2 - guests/host_vars/libvirt-ubuntu-16/vault.yml | 8 ---- guests/tasks/jenkins.yml | 8 ++++ guests/vars/vault.yml | 54 +++++++++++++++++++= ++++ 26 files changed, 62 insertions(+), 138 deletions(-) delete mode 100644 guests/host_vars/libvirt-centos-6/vault.yml delete mode 100644 guests/host_vars/libvirt-centos-7/vault.yml delete mode 100644 guests/host_vars/libvirt-debian-8/vault.yml delete mode 100644 guests/host_vars/libvirt-debian-9/vault.yml delete mode 100644 guests/host_vars/libvirt-fedora-25/vault.yml delete mode 100644 guests/host_vars/libvirt-fedora-26/vault.yml delete mode 100644 guests/host_vars/libvirt-fedora-rawhide/vault.yml delete mode 100644 guests/host_vars/libvirt-freebsd-10/vault.yml delete mode 100644 guests/host_vars/libvirt-freebsd-11/vault.yml delete mode 100644 guests/host_vars/libvirt-ubuntu-12/vault.yml delete mode 100644 guests/host_vars/libvirt-ubuntu-14/vault.yml delete mode 100644 guests/host_vars/libvirt-ubuntu-16/vault.yml create mode 100644 guests/vars/vault.yml diff --git a/guests/host_vars/libvirt-centos-6/main.yml b/guests/host_vars/= libvirt-centos-6/main.yml index 69ef616..d717ae7 100644 --- a/guests/host_vars/libvirt-centos-6/main.yml +++ b/guests/host_vars/libvirt-centos-6/main.yml @@ -6,5 +6,3 @@ projects: - libvirt-cim - libvirt-perl - libvirt-python - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-centos-6/vault.yml b/guests/host_vars= /libvirt-centos-6/vault.yml deleted file mode 100644 index e28b263..0000000 --- a/guests/host_vars/libvirt-centos-6/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -36623466366139303234633662663431663135396238653132346239306336616463393733= 343064 -6131386366613438643532353536393435623464333863350a333334616430626361373536= 363638 -65333633306236343066303165326137626432656439663738383765323862373161363165= 353936 -3637356536616637390a313135306462353830626438653465343730616437633634363866= 313432 -62376634393738373834663939646463626232323235666364653462343435313564333132= 353864 -38643731383435393465393633356466303661323966306431303435366533623062303363= 653364 -31353833336137613832306535303634666138616438616430316434356233666364333864= 646265 -31313163613337613165303862313533303766666135363364653661616663346631613761= 373864 -3338 diff --git a/guests/host_vars/libvirt-centos-7/main.yml b/guests/host_vars/= libvirt-centos-7/main.yml index 2e66a70..30c826a 100644 --- a/guests/host_vars/libvirt-centos-7/main.yml +++ b/guests/host_vars/libvirt-centos-7/main.yml @@ -15,5 +15,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-centos-7/vault.yml b/guests/host_vars= /libvirt-centos-7/vault.yml deleted file mode 100644 index 81b32c4..0000000 --- a/guests/host_vars/libvirt-centos-7/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -35393538623463386331376531613663336438656535663037326364666434613463396233= 633638 -6365326431306637326366366533306630373039356664660a633430633463666462626662= 313330 -36653364343838333439633561353936646435373236343361623935333634653865333636= 666132 -3838643263643862370a393265633233633838383333646463353635366336383834633236= 386632 -65376231353031336463333533646364646162353837393765366462306562376530366161= 323430 -33353363366361333762653837653830343536643431623262643032653437643663643666= 616538 -64396639373162383836346563613366633532323363303866373461376239626562633165= 303239 -34623831396237636462613363626466346561613430643864363065383030616365656330= 376462 -3134 diff --git a/guests/host_vars/libvirt-debian-8/main.yml b/guests/host_vars/= libvirt-debian-8/main.yml index a04e2a3..f097792 100644 --- a/guests/host_vars/libvirt-debian-8/main.yml +++ b/guests/host_vars/libvirt-debian-8/main.yml @@ -13,5 +13,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-debian-8/vault.yml b/guests/host_vars= /libvirt-debian-8/vault.yml deleted file mode 100644 index 2db2e2f..0000000 --- a/guests/host_vars/libvirt-debian-8/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -35326166326565616237666638656562366535643534386135356166353330306464663238= 373037 -6438646238393762396461343836663530653662376632630a636633383264363835626436= 393264 -31393566356131303332646265393861363832363439336361346532363438383464383363= 343239 -6132396539643365660a353431316435636333376431386165333766393161636431383865= 623461 -33383432393866326463386361353865656664376337353734633332643036323666633732= 313263 -38346431663863623234636162343437613461343134343262643463653730666539633237= 326230 -63383132633737643865633139656637313666363362336563306335623337333331336633= 353339 -30323432316332363264623730303739316263356533616538323864356339336165663738= 663830 -3564 diff --git a/guests/host_vars/libvirt-debian-9/main.yml b/guests/host_vars/= libvirt-debian-9/main.yml index 3654618..cc7cfa6 100644 --- a/guests/host_vars/libvirt-debian-9/main.yml +++ b/guests/host_vars/libvirt-debian-9/main.yml @@ -15,5 +15,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-debian-9/vault.yml b/guests/host_vars= /libvirt-debian-9/vault.yml deleted file mode 100644 index 70021e2..0000000 --- a/guests/host_vars/libvirt-debian-9/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -34616266316365313033663833656439343165323932613862393336396563663764303134= 393837 -3430613930356132376233363361623231663430396466610a363930663838306636383664= 366362 -63306564633864346539373165313730333838393634316235383562393763356565633164= 353132 -3733633664343638370a656165663663643761313133633462363266623666643761363030= 386463 -64646233386665623866323538356338316362323935663563343865663930653432643530= 643630 -34653333643235613464313934623736636165633334303161386462623231356461343239= 666134 -61333138663830333930313632353735303134666637353834303739626463666332653065= 323562 -64656331343962633061653763343835623936383332363866616337373933623530666435= 386231 -6139 diff --git a/guests/host_vars/libvirt-fedora-25/main.yml b/guests/host_vars= /libvirt-fedora-25/main.yml index 7d7308f..539c111 100644 --- a/guests/host_vars/libvirt-fedora-25/main.yml +++ b/guests/host_vars/libvirt-fedora-25/main.yml @@ -16,5 +16,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-fedora-25/vault.yml b/guests/host_var= s/libvirt-fedora-25/vault.yml deleted file mode 100644 index 9bfd421..0000000 --- a/guests/host_vars/libvirt-fedora-25/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -65326565343861373061323836346135646463376363343162626561343434303966623064= 306163 -6335363137396236656336303264643964356462633736350a313364386137363566303831= 303731 -63343132393564303632323130613462353864393364346163613465333238653435376361= 396332 -3163626161303634370a626564643134316131333530373138616530366133663265626163= 653565 -32363035323030333236363534396139363233616263383630313431366431633366613339= 613332 -30643065333261633962626466323561626132643234663137353737646637316436346131= 656566 -32626433313235636338303162333236386537316663633434306236646332353439653134= 353933 -36363933663039323631303031653834393763643933623338316365613431636165626135= 316232 -3166 diff --git a/guests/host_vars/libvirt-fedora-26/main.yml b/guests/host_vars= /libvirt-fedora-26/main.yml index 7d7308f..539c111 100644 --- a/guests/host_vars/libvirt-fedora-26/main.yml +++ b/guests/host_vars/libvirt-fedora-26/main.yml @@ -16,5 +16,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-fedora-26/vault.yml b/guests/host_var= s/libvirt-fedora-26/vault.yml deleted file mode 100644 index b9956c2..0000000 --- a/guests/host_vars/libvirt-fedora-26/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -61326265373932326662666661393662333661363531366333666464373634383865623663= 366431 -6234626662323636356638323136353362333664353662330a386438333930366430333965= 303163 -33373763363439663166306137303238386164303235366363366465306530653861616566= 363930 -3737386566613034310a643935313539303033346663323433376432313730646665333939= 303831 -38343662626139623063353935366232306332303061623363313136353765323265396332= 333231 -37346266326130613864313031396232656361613163373163616331623365396366623333= 623436 -62653766626238636562656236316537316332383061363964656439656365363764663866= 613865 -30346363626338353762353763643035366536653664663630613237366164373436386433= 343236 -3066 diff --git a/guests/host_vars/libvirt-fedora-rawhide/main.yml b/guests/host= _vars/libvirt-fedora-rawhide/main.yml index 7d7308f..539c111 100644 --- a/guests/host_vars/libvirt-fedora-rawhide/main.yml +++ b/guests/host_vars/libvirt-fedora-rawhide/main.yml @@ -16,5 +16,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-fedora-rawhide/vault.yml b/guests/hos= t_vars/libvirt-fedora-rawhide/vault.yml deleted file mode 100644 index 0a6315d..0000000 --- a/guests/host_vars/libvirt-fedora-rawhide/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -30393466663562376638343863353566306365616134616434633665343036613862323833= 656666 -6365366638343031383765373937386163313130323466390a353730333832666138633731= 383931 -31333166346562343266323232663564656262373237303361396265623539646638326461= 376239 -6166366665663832640a353036383265356139623437363865663133656638333534363632= 366539 -62386337386364366664663062383938393233663733636361366133613735366633326637= 366634 -31643231303738373235303032343532373638386463306136313561656534316534643438= 656532 -32656661663337306364633637636130386234336662386437383764643137386361616131= 626161 -61653165383233376238666461373938653630383033303762663530633535643264656166= 333230 -6662 diff --git a/guests/host_vars/libvirt-freebsd-10/main.yml b/guests/host_var= s/libvirt-freebsd-10/main.yml index 1547802..80d16d6 100644 --- a/guests/host_vars/libvirt-freebsd-10/main.yml +++ b/guests/host_vars/libvirt-freebsd-10/main.yml @@ -21,5 +21,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-freebsd-10/vault.yml b/guests/host_va= rs/libvirt-freebsd-10/vault.yml deleted file mode 100644 index ac437ba..0000000 --- a/guests/host_vars/libvirt-freebsd-10/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -62633664623566363031366662633336313239303035616162353739663063666663366536= 326162 -6466333764383932646530323730386561656530353430330a636433373638613064643165= 643536 -32376334653030336334643865396162363061383066326362633165346164303831616464= 636337 -3861613765393666340a313931663337633762313538316230613536303939343862306532= 666564 -61313939666564626632363835363238653830633666383337323263326363323766633933= 633862 -32363166643231613864626263303035303631616665336531633761656335646166656232= 303936 -66643261356665356363343931653436663666313533656239376535643264653932633335= 333135 -62323366363834636263386230356238333133623735373730356539323761306237623266= 363032 -3436 diff --git a/guests/host_vars/libvirt-freebsd-11/main.yml b/guests/host_var= s/libvirt-freebsd-11/main.yml index 1547802..80d16d6 100644 --- a/guests/host_vars/libvirt-freebsd-11/main.yml +++ b/guests/host_vars/libvirt-freebsd-11/main.yml @@ -21,5 +21,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-freebsd-11/vault.yml b/guests/host_va= rs/libvirt-freebsd-11/vault.yml deleted file mode 100644 index e5b9464..0000000 --- a/guests/host_vars/libvirt-freebsd-11/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -35306632666132373834323664613866356638653266396439396465396265613433353032= 323362 -6333333439343437336634336534646332626165336436300a353266303437303131613536= 323664 -37343161633537323432303036613165346437643531366638386363346534303164326661= 643235 -6464356534643734370a633837313661633039666436303664386533363561396232326663= 366665 -63613334363733303534306564386534303864316364313561333334366365373131303463= 383962 -61623036656531653238316533653537646533363038636434356636316364316236623131= 616366 -31303233316563303233306435313665326164643639363735653837616531663139646634= 633830 -34653736653937323365626630313536363363643631326666613231393330666339356163= 646535 -3263 diff --git a/guests/host_vars/libvirt-ubuntu-12/main.yml b/guests/host_vars= /libvirt-ubuntu-12/main.yml index 8ce497e..8873530 100644 --- a/guests/host_vars/libvirt-ubuntu-12/main.yml +++ b/guests/host_vars/libvirt-ubuntu-12/main.yml @@ -3,5 +3,3 @@ projects: - base - jenkins - libvirt - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-ubuntu-12/vault.yml b/guests/host_var= s/libvirt-ubuntu-12/vault.yml deleted file mode 100644 index 123adf3..0000000 --- a/guests/host_vars/libvirt-ubuntu-12/vault.yml +++ /dev/null @@ -1,8 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -65653737663762386236356537646331656132303761633939613638663463373030373965= 636361 -3633386437613330316162313531643835616164313430630a333433623432633035616434= 626564 -32633463366462643435373261373232353837633235626435653037306338356634383733= 643038 -6633313064326638640a343962343331356239656235366532643038386161613663636338= 346335 -31653530666566353735396339653837643032353534653238303336333166643264353834= 646239 -30353864393064663736333036616637396134353763623338396239613430393466616632= 613566 -336338366261663836373430346664396132 diff --git a/guests/host_vars/libvirt-ubuntu-14/main.yml b/guests/host_vars= /libvirt-ubuntu-14/main.yml index 463f020..fd1d7ee 100644 --- a/guests/host_vars/libvirt-ubuntu-14/main.yml +++ b/guests/host_vars/libvirt-ubuntu-14/main.yml @@ -10,5 +10,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-ubuntu-14/vault.yml b/guests/host_var= s/libvirt-ubuntu-14/vault.yml deleted file mode 100644 index 05289b7..0000000 --- a/guests/host_vars/libvirt-ubuntu-14/vault.yml +++ /dev/null @@ -1,8 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -35663230626165363938333630343364353261393432623339353931353662363433373633= 333031 -6464343165626238613234633634303531346133383539370a373432313635626462393864= 623837 -37343133316366313530316235323261353661333662383234626530613037646235383131= 666135 -3432646234346634610a393632326132343834646537343332653961663130366537396432= 303662 -39393165633234386132323831346139396138363638313031346666626130616239396131= 363466 -32613561383763623735623865343434613236346135653732303561633733333461636366= 663739 -343531373333633332363037363537346636 diff --git a/guests/host_vars/libvirt-ubuntu-16/main.yml b/guests/host_vars= /libvirt-ubuntu-16/main.yml index 460dca3..f00a9d5 100644 --- a/guests/host_vars/libvirt-ubuntu-16/main.yml +++ b/guests/host_vars/libvirt-ubuntu-16/main.yml @@ -14,5 +14,3 @@ projects: - osinfo-db-tools - virt-manager - virt-viewer - -jenkins_secret: '{{ vault.jenkins_secret }}' diff --git a/guests/host_vars/libvirt-ubuntu-16/vault.yml b/guests/host_var= s/libvirt-ubuntu-16/vault.yml deleted file mode 100644 index 3a7e20f..0000000 --- a/guests/host_vars/libvirt-ubuntu-16/vault.yml +++ /dev/null @@ -1,8 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -64643937346239616133653565336161393362303266393030636239653636623037343833= 643762 -6565656331373339653233383465626635303136353634310a643830643737643164633737= 346166 -34643637333665666239346162613435633062616366313638643232336536356464343161= 303632 -3937386534306465370a326535306263343036646333396665363832373137326231393630= 366131 -64323636396331303730336631346565643235666163353132633833636637386136323736= 646665 -64626635313935333565336130366661393161366331346634636233363931373137306439= 343131 -393039363138386236316431393264343464 diff --git a/guests/tasks/jenkins.yml b/guests/tasks/jenkins.yml index a1b8f46..d4adbb1 100644 --- a/guests/tasks/jenkins.yml +++ b/guests/tasks/jenkins.yml @@ -1,4 +1,12 @@ --- +- name: Open vault + include_vars: + file: vars/vault.yml + +- name: Look up Jenkins secret + set_fact: + jenkins_secret: '{{ vault.jenkins_secrets[inventory_hostname] }}' + - name: Create Jenkins user account user: name: jenkins diff --git a/guests/vars/vault.yml b/guests/vars/vault.yml new file mode 100644 index 0000000..d085d8b --- /dev/null +++ b/guests/vars/vault.yml @@ -0,0 +1,54 @@ +$ANSIBLE_VAULT;1.1;AES256 +38366334396263313937363332633936616365643464396133623830616239663536643662= 353630 +3565336236323934613932376331613766656136376436360a386664373035306232323761= 363665 +39336365333833373661653932323566306564666635656631616638303734616561643630= 633034 +3765353961313134320a613931646361643835636365343965366564333765353839356566= 656465 +35336236346133656237363235376433313665643039613036666637643332316634623235= 316136 +63646566393366656138393033313731323362306166643538666331656663646332373339= 623535 +33396630333838376232633038346366653830396331353230633164376130333431306631= 323034 +31396466303539343037336164626230633964313064383561323961613161363333656366= 653764 +65363263316135663137363632616532626535346565633064653030333165326131656463= 353065 +66636631326566366266316137626661313366363333363333343563363332613564313361= 316439 +64316262646138346364646437343531343635393764633937346239663732353063666333= 653434 +61653734343737376338363336326637303237393565303165633839356562393230386535= 336163 +63643565336432663039626363353266653837343230343663333735356665663537646365= 633865 +66383330333336336664376365633633653730353032366264343237366231386436343863= 663663 +63643831326262333066663166303661343033656234306137636135343433656163316266= 326361 +63663834343332396633386636373766396566313630656130666339306634363064363739= 383936 +64393533363063366530333164623235326263386266613534393436333933663338653636= 626131 +31323764386538653530626134623239316634663965326262653661343231616332303461= 376632 +33326636373831343137653030313939623964353937636337383963643064313833646334= 326637 +32393332323262633737626265363065626531313233306237303033343561623935356133= 363137 +66343963303232303562373936356230326433353765326265316334383436383462613265= 613534 +62316162656161353262633563323364343835633562613863303830306137656336393535= 353136 +39626662663063333331646535363332666662363662373634656662623965383035336435= 356462 +39316465316166366363396336333134616636363937613836636365306237306464653339= 643664 +35653238336530303965633630616139376230336533306364626266323165653036346139= 656239 +30323665316136613239663863636630353230396366333063353663373865376239616261= 333137 +35636364383639316436333634343534386530656430323031303761353531663832383865= 363939 +66613034653737366134326462306233316535666439386366356163383430346263343131= 616133 +33343162666539366364356235613939303537666561363839343164313162333335623932= 326432 +30396263333965613261653736366463656662303762313736316666386662613233333333= 353666 +32373761653566383735646261366630346436643531626338333333613465613364636331= 313564 +64393366373166353666323034343030323062353366633265393062653061663866643134= 623034 +62373939336363333664373939323139323964383832323564666561393031323964333064= 643630 +37613132393366663337363461653231303161626263333362616332633461316465343663= 666565 +39633931313931303337363333616533303263616233616365336631653637353862633632= 643631 +36346336373735303166333063326537623532396464386232623765326136626639393331= 343436 +35616332323264316266303531643162373061313437623133656332343964383063623638= 636434 +66656138656666343936346139633535306339616463386437313063336436613364306536= 393633 +39303134313766306231663030666238373530373563643434643833666132343662306136= 366361 +34343835623830333961616463373464313538373365346438393138636432386233663136= 303033 +30363362333265666662333736353330376430633838306662373136616566643037373730= 316238 +32303763386233653464643039616234653562623431303863306135396466396461633263= 666239 +38626665653463356631396266356135376635353035343931626566323661346464613763= 306162 +38623065633966656332343137303330613861376163623036343833623132343461646338= 343338 +65666336316431646531626563666134386633336562383635656661656662326535366538= 646133 +66353938386161626433336331623532336466613663663033356138663039633865363566= 626662 +64376264343130636134613835306365313164373333333866613439326164653965616534= 323763 +65656538643865656331346438303233393536663465353936306132386363636265623833= 303234 +65633434336262363664373064376463616232646465346163396431333430643535613436= 666133 +30343636306535613364303630666234396662323665306631383964636433343637633939= 666233 +33616662653866656666356439373837633030656565373031333561326131373030653363= 393932 +32303039373266613561353336386531343938376162323234363130353934336635313439= 633338 +3633 --=20 2.13.6 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 11:15:54 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1508427410990733.3875311677983; Thu, 19 Oct 2017 08:36:50 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E43764ACAC; Thu, 19 Oct 2017 15:36:49 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A8882EEF5B; Thu, 19 Oct 2017 15:36:49 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6D71B260; Thu, 19 Oct 2017 15:36:49 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v9JFajAj013786 for ; Thu, 19 Oct 2017 11:36:45 -0400 Received: by smtp.corp.redhat.com (Postfix) id 68B65BA216; Thu, 19 Oct 2017 15:36:45 +0000 (UTC) Received: from inaba.usersys.redhat.com (ovpn-204-95.brq.redhat.com [10.40.204.95]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BC119BA224 for ; Thu, 19 Oct 2017 15:36:43 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com E43764ACAC Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: Andrea Bolognani To: libvir-list@redhat.com Date: Thu, 19 Oct 2017 17:36:28 +0200 Message-Id: <20171019153632.15016-3-abologna@redhat.com> In-Reply-To: <20171019153632.15016-1-abologna@redhat.com> References: <20171019153632.15016-1-abologna@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [libvirt-jenkins-ci PATCH 2/6] guests: Move configuration handling to load_config() X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Thu, 19 Oct 2017 15:36:50 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Just a code move. We'll be adding more logic soon, and it'll be nice not to pollute the do_prepare() function too much because of it. Rename the existing load_config() function to load_install_config() accordingly. Signed-off-by: Andrea Bolognani Reviewed-by: Pavel Hrdina --- guests/lcitool | 54 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 31 insertions(+), 23 deletions(-) diff --git a/guests/lcitool b/guests/lcitool index 4578327..883e0eb 100755 --- a/guests/lcitool +++ b/guests/lcitool @@ -34,12 +34,12 @@ yaml_var() { grep "^$2:\\s*" "$1" 2>/dev/null | tail -1 | sed "s/$2:\\s*//g" } =20 -# load_config FILE +# load_install_config FILE # # Read all known configuration variables from $FILE and set them in the # environment. Configuration variables that have already been set in # the environment will not be updated. -load_config() { +load_install_config() { INSTALL_URL=3D${INSTALL_URL:-$(yaml_var "$1" install_url)} INSTALL_CONFIG=3D${INSTALL_CONFIG:-$(yaml_var "$1" install_config)} INSTALL_VIRT_TYPE=3D${INSTALL_VIRT_TYPE:-$(yaml_var "$1" install_virt_= type)} @@ -53,6 +53,32 @@ load_config() { INSTALL_NETWORK=3D${INSTALL_NETWORK:-$(yaml_var "$1" install_network)} } =20 +# load_config +# +# Read tool configuration and perform the necessary validation. +load_config() { + CONFIG_DIR=3D"$HOME/.config/$PROGRAM_NAME" + + VAULT_PASS_FILE=3D"$CONFIG_DIR/vault-password" + ROOT_PASS_FILE=3D"$CONFIG_DIR/root-password" + + # Make sure required passwords exist and are not invalid (empty) + test -f "$VAULT_PASS_FILE" && test "$(cat "$VAULT_PASS_FILE")" || { + die "$PROGRAM_NAME: $VAULT_PASS_FILE: Missing or invalid password" + } + test -f "$ROOT_PASS_FILE" && test "$(cat "$ROOT_PASS_FILE")" || { + die "$PROGRAM_NAME: $ROOT_PASS_FILE: Missing or invalid password" + } + + ROOT_HASH_FILE=3D"$CONFIG_DIR/.root-password.hash" + + # Regenerate root password hash. Ansible expects passwords as hashes b= ut + # doesn't provide a built-in facility to generate one from plain text + hash_file "$ROOT_PASS_FILE" >"$ROOT_HASH_FILE" || { + die "$PROGRAM_NAME: Failure while hashing root password" + } +} + # ---------------------- # User-visible actions # ---------------------- @@ -92,8 +118,8 @@ do_install() # Load configuration files. Values don't get overwritten after being # set the first time, so loading the host-specific configuration before # the group configuration ensures overrides work as expected - load_config "host_vars/$GUEST/install.yml" - load_config "group_vars/all/install.yml" + load_install_config "host_vars/$GUEST/install.yml" + load_install_config "group_vars/all/install.yml" =20 # Both memory size and disk size use GiB as unit, but virt-install wan= ts # disk size in GiB and memory size in *MiB*, so perform conversion here @@ -136,24 +162,7 @@ do_prepare() { die "$PROGRAM_NAME: $GUEST: Unknown guest" } =20 - VAULT_PASS_FILE=3D"$CONFIG_DIR/vault-password" - ROOT_PASS_FILE=3D"$CONFIG_DIR/root-password" - - # Make sure required passwords exist and are not invalid (empty) - test -f "$VAULT_PASS_FILE" && test "$(cat "$VAULT_PASS_FILE")" || { - die "$PROGRAM_NAME: $VAULT_PASS_FILE: Missing or invalid password" - } - test -f "$ROOT_PASS_FILE" && test "$(cat "$ROOT_PASS_FILE")" || { - die "$PROGRAM_NAME: $ROOT_PASS_FILE: Missing or invalid password" - } - - ROOT_HASH_FILE=3D"$CONFIG_DIR/.root-password.hash" - - # Regenerate root password hash. Ansible expects passwords as hashes b= ut - # doesn't provide a built-in facility to generate one from plain text - hash_file "$ROOT_PASS_FILE" >"$ROOT_HASH_FILE" || { - die "$PROGRAM_NAME: Failure while hashing root password" - } + load_config =20 ansible-playbook \ --vault-password-file "$VAULT_PASS_FILE" \ @@ -167,7 +176,6 @@ do_prepare() { =20 CALL_NAME=3D"$0" PROGRAM_NAME=3D"${0##*/}" -CONFIG_DIR=3D"$HOME/.config/$PROGRAM_NAME" =20 test -f "$PROGRAM_NAME" || { die "$PROGRAM_NAME: Must be run from the source directory" --=20 2.13.6 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 11:15:54 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1508427413560970.3521815667763; Thu, 19 Oct 2017 08:36:53 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 79BC64DAFB; Thu, 19 Oct 2017 15:36:52 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5551FD63CA; Thu, 19 Oct 2017 15:36:52 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 17A3B1800C9B; Thu, 19 Oct 2017 15:36:52 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v9JFakth013794 for ; Thu, 19 Oct 2017 11:36:46 -0400 Received: by smtp.corp.redhat.com (Postfix) id 772B9BA224; Thu, 19 Oct 2017 15:36:46 +0000 (UTC) Received: from inaba.usersys.redhat.com (ovpn-204-95.brq.redhat.com [10.40.204.95]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CD189BA21C for ; Thu, 19 Oct 2017 15:36:45 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 79BC64DAFB Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: Andrea Bolognani To: libvir-list@redhat.com Date: Thu, 19 Oct 2017 17:36:29 +0200 Message-Id: <20171019153632.15016-4-abologna@redhat.com> In-Reply-To: <20171019153632.15016-1-abologna@redhat.com> References: <20171019153632.15016-1-abologna@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [libvirt-jenkins-ci PATCH 3/6] guests: Implement flavors X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Thu, 19 Oct 2017 15:36:53 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Our CI infrastructure and developers have different requirements, but really the overlap is almost complete and it's a shame that we require developers to perform manual steps before we can use our tools. Flavors are a very simple and effective way to deal with the issue: we'll be able to configure guests differently based on whether they will be used for CI or development. The default flavor is developer, which doesn't require the vault password and as such can be used by anyone out of the box: the Jenkins setup is skipped in this case. Signed-off-by: Andrea Bolognani Reviewed-by: Pavel Hrdina --- guests/lcitool | 35 ++++++++++++++++++++++++++++++++--- guests/site.yml | 1 + 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/guests/lcitool b/guests/lcitool index 883e0eb..bf270f1 100755 --- a/guests/lcitool +++ b/guests/lcitool @@ -59,13 +59,39 @@ load_install_config() { load_config() { CONFIG_DIR=3D"$HOME/.config/$PROGRAM_NAME" =20 + mkdir -p "$CONFIG_DIR" >/dev/null 2>&1 || { + die "$PROGRAM_NAME: $CONFIG_DIR: Unable to create config directory" + } + + FLAVOR_FILE=3D"$CONFIG_DIR/flavor" VAULT_PASS_FILE=3D"$CONFIG_DIR/vault-password" ROOT_PASS_FILE=3D"$CONFIG_DIR/root-password" =20 - # Make sure required passwords exist and are not invalid (empty) - test -f "$VAULT_PASS_FILE" && test "$(cat "$VAULT_PASS_FILE")" || { - die "$PROGRAM_NAME: $VAULT_PASS_FILE: Missing or invalid password" + # Two flavors are supported: developer (default) and ci. Read the + # flavor from configuration, validate it and write it back in case + # it was not present + FLAVOR=3D"$(cat "$FLAVOR_FILE" 2>/dev/null)" + FLAVOR=3D${FLAVOR:-developer} + test "$FLAVOR" =3D developer || test "$FLAVOR" =3D ci || { + die "$PROGRAM_NAME: Invalid flavor '$FLAVOR'" } + echo "$FLAVOR" >"$FLAVOR_FILE" || { + die "$PROGRAM_NAME: $FLAVOR_FILE: Unable to save flavor" + } + + test "$FLAVOR" =3D ci && { + # The vault password is only needed for the ci flavor, so only + # validate it in that case + test -f "$VAULT_PASS_FILE" && test "$(cat "$VAULT_PASS_FILE")" || { + die "$PROGRAM_NAME: $VAULT_PASS_FILE: Missing or invalid passw= ord" + } + } || { + # For other flavors, undefine the variable so that Ansible + # will not try to read the file at all + VAULT_PASS_FILE=3D + } + + # Make sure the root password has been configured properly test -f "$ROOT_PASS_FILE" && test "$(cat "$ROOT_PASS_FILE")" || { die "$PROGRAM_NAME: $ROOT_PASS_FILE: Missing or invalid password" } @@ -164,8 +190,11 @@ do_prepare() { =20 load_config =20 + EXTRA_VARS=3D"flavor=3D$FLAVOR" + ansible-playbook \ --vault-password-file "$VAULT_PASS_FILE" \ + --extra-vars "$EXTRA_VARS" \ -l "$GUEST" \ site.yml } diff --git a/guests/site.yml b/guests/site.yml index 9c75dcb..35e3220 100644 --- a/guests/site.yml +++ b/guests/site.yml @@ -30,6 +30,7 @@ # Configure the Jenkins agent - include: tasks/jenkins.yml when: + - flavor =3D=3D 'ci' - projects is defined # jenkins is a pseudo-project - ( 'jenkins' in projects ) --=20 2.13.6 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 11:15:54 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 150842741263511.049445645920173; Thu, 19 Oct 2017 08:36:52 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8C5FE82106; Thu, 19 Oct 2017 15:36:51 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E7A6CD63CA; Thu, 19 Oct 2017 15:36:50 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9F0D1180BACF; Thu, 19 Oct 2017 15:36:50 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v9JFanP2013822 for ; Thu, 19 Oct 2017 11:36:49 -0400 Received: by smtp.corp.redhat.com (Postfix) id 2C817BA213; Thu, 19 Oct 2017 15:36:49 +0000 (UTC) Received: from inaba.usersys.redhat.com (ovpn-204-95.brq.redhat.com [10.40.204.95]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8A0D4BA233 for ; Thu, 19 Oct 2017 15:36:46 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 8C5FE82106 Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: Andrea Bolognani To: libvir-list@redhat.com Date: Thu, 19 Oct 2017 17:36:30 +0200 Message-Id: <20171019153632.15016-5-abologna@redhat.com> In-Reply-To: <20171019153632.15016-1-abologna@redhat.com> References: <20171019153632.15016-1-abologna@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [libvirt-jenkins-ci PATCH 4/6] guests: Implement developer flavor X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Thu, 19 Oct 2017 15:36:52 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The developer is given key-based SSH access to the guest and granted passwordless sudo privilege for maximum convenience. Signed-off-by: Andrea Bolognani Reviewed-by: Pavel Hrdina --- guests/group_vars/all/main.yml | 4 +++- guests/host_vars/libvirt-freebsd-10/main.yml | 1 + guests/host_vars/libvirt-freebsd-11/main.yml | 1 + guests/lcitool | 9 ++++++++- guests/site.yml | 5 +++++ guests/tasks/developer.yml | 21 +++++++++++++++++++++ 6 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 guests/tasks/developer.yml diff --git a/guests/group_vars/all/main.yml b/guests/group_vars/all/main.yml index d24af59..410077f 100644 --- a/guests/group_vars/all/main.yml +++ b/guests/group_vars/all/main.yml @@ -8,8 +8,10 @@ ansible_ssh_pass: root =20 jenkins_url: https://ci.centos.org/computer/{{ inventory_hostname }}/slave= -agent.jnlp =20 -# Paths to various command. Can be overridden on a per-host basis +# Paths to various commands and files that might be OS-dependent. Can +# be overridden on a per-host basis bash: /bin/bash java: /usr/bin/java make: /usr/bin/make sudo: /usr/bin/sudo +sudoers: /etc/sudoers diff --git a/guests/host_vars/libvirt-freebsd-10/main.yml b/guests/host_var= s/libvirt-freebsd-10/main.yml index 80d16d6..4f33c53 100644 --- a/guests/host_vars/libvirt-freebsd-10/main.yml +++ b/guests/host_vars/libvirt-freebsd-10/main.yml @@ -5,6 +5,7 @@ bash: /usr/local/bin/bash java: /usr/local/bin/java make: /usr/local/bin/gmake sudo: /usr/local/bin/sudo +sudoers: /usr/local/etc/sudoers =20 projects: - base diff --git a/guests/host_vars/libvirt-freebsd-11/main.yml b/guests/host_var= s/libvirt-freebsd-11/main.yml index 80d16d6..4f33c53 100644 --- a/guests/host_vars/libvirt-freebsd-11/main.yml +++ b/guests/host_vars/libvirt-freebsd-11/main.yml @@ -5,6 +5,7 @@ bash: /usr/local/bin/bash java: /usr/local/bin/java make: /usr/local/bin/gmake sudo: /usr/local/bin/sudo +sudoers: /usr/local/etc/sudoers =20 projects: - base diff --git a/guests/lcitool b/guests/lcitool index bf270f1..018640b 100755 --- a/guests/lcitool +++ b/guests/lcitool @@ -141,6 +141,8 @@ do_install() die "$PROGRAM_NAME: $GUEST: Missing configuration, guest must be i= nstalled manually" } =20 + load_config + # Load configuration files. Values don't get overwritten after being # set the first time, so loading the host-specific configuration before # the group configuration ensures overrides work as expected @@ -158,6 +160,11 @@ do_install() *kickstart*|*ks*) EXTRA_ARGS=3D"ks=3Dfile:/${INSTALL_CONFIG##*/}" = ;; esac =20 + # Only configure autostart for the guest for the ci flavor + test "$FLAVOR" =3D ci && { + AUTOSTART=3D"--autostart" + } + virt-install \ --name "$GUEST" \ --location "$INSTALL_URL" \ @@ -174,7 +181,7 @@ do_install() --sound none \ --initrd-inject "$INSTALL_CONFIG" \ --extra-args "console=3DttyS0 $EXTRA_ARGS" \ - --autostart \ + $AUTOSTART \ --wait 0 } =20 diff --git a/guests/site.yml b/guests/site.yml index 35e3220..76437bb 100644 --- a/guests/site.yml +++ b/guests/site.yml @@ -34,3 +34,8 @@ - projects is defined # jenkins is a pseudo-project - ( 'jenkins' in projects ) + + # Configure the developer account + - include: tasks/developer.yml + when: + - flavor =3D=3D 'developer' diff --git a/guests/tasks/developer.yml b/guests/tasks/developer.yml new file mode 100644 index 0000000..1dad8fc --- /dev/null +++ b/guests/tasks/developer.yml @@ -0,0 +1,21 @@ +--- +- name: Create developer user account + user: + name: developer + comment: Developer + password: $6$YEzeb0A3t7jn/IwW$oMPH0mpKPPeuABH3gKDom08rLccOKBm6CrXT/deB= sdP77MjBHxwHQ5EJM0MAc/sOsGKCNX0zjYYjlXP.KNUmP0 + shell: '{{ bash }}' + +- name: Configure ssh access for the developer + authorized_key: + user: developer + key: '{{ lookup("file", lookup("env", "HOME") + "/.ssh/id_rsa.pub") }}' + state: present + +- name: Grant passwordless sudo access to the developer + lineinfile: + path: '{{ sudoers }}' + line: 'developer ALL=3D(ALL) NOPASSWD: ALL' + state: present + backup: yes + validate: 'visudo -cf %s' --=20 2.13.6 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 11:15:54 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1508427416132445.10231310091865; Thu, 19 Oct 2017 08:36:56 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0433913A5F; Thu, 19 Oct 2017 15:36:54 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CE02DD9555; Thu, 19 Oct 2017 15:36:53 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 90EC81800C9D; Thu, 19 Oct 2017 15:36:53 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v9JFaoBW013832 for ; Thu, 19 Oct 2017 11:36:50 -0400 Received: by smtp.corp.redhat.com (Postfix) id 38168BA215; Thu, 19 Oct 2017 15:36:50 +0000 (UTC) Received: from inaba.usersys.redhat.com (ovpn-204-95.brq.redhat.com [10.40.204.95]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9190DBA213 for ; Thu, 19 Oct 2017 15:36:49 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 0433913A5F Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: Andrea Bolognani To: libvir-list@redhat.com Date: Thu, 19 Oct 2017 17:36:31 +0200 Message-Id: <20171019153632.15016-6-abologna@redhat.com> In-Reply-To: <20171019153632.15016-1-abologna@redhat.com> References: <20171019153632.15016-1-abologna@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [libvirt-jenkins-ci PATCH 5/6] guests: Hand root password location over to Ansible X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Thu, 19 Oct 2017 15:36:54 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Instead of hard-coding the location in the playbook, we hand it over at runtime when calling ansible-playbook, ensuring better separation of concerns. Signed-off-by: Andrea Bolognani Reviewed-by: Pavel Hrdina --- guests/lcitool | 2 +- guests/tasks/base.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/guests/lcitool b/guests/lcitool index 018640b..1efe7e5 100755 --- a/guests/lcitool +++ b/guests/lcitool @@ -197,7 +197,7 @@ do_prepare() { =20 load_config =20 - EXTRA_VARS=3D"flavor=3D$FLAVOR" + EXTRA_VARS=3D"flavor=3D$FLAVOR root_password_file=3D$ROOT_HASH_FILE" =20 ansible-playbook \ --vault-password-file "$VAULT_PASS_FILE" \ diff --git a/guests/tasks/base.yml b/guests/tasks/base.yml index b220bb0..8949632 100644 --- a/guests/tasks/base.yml +++ b/guests/tasks/base.yml @@ -99,7 +99,7 @@ - name: Configure root password and shell user: name: root - password: '{{ lookup("file", lookup("env", "HOME") + "/.config/lcitool= /.root-password.hash") }}' + password: '{{ lookup("file", root_password_file) }}' shell: '{{ bash }}' =20 - name: Configure ssh access for the root user --=20 2.13.6 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 11:15:54 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1508427417489749.4618725336469; Thu, 19 Oct 2017 08:36:57 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7B6EEC059B6F; Thu, 19 Oct 2017 15:36:56 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4D8CCBA215; Thu, 19 Oct 2017 15:36:56 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 138513FA5F; Thu, 19 Oct 2017 15:36:56 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v9JFapSa013841 for ; Thu, 19 Oct 2017 11:36:51 -0400 Received: by smtp.corp.redhat.com (Postfix) id 43A04BA226; Thu, 19 Oct 2017 15:36:51 +0000 (UTC) Received: from inaba.usersys.redhat.com (ovpn-204-95.brq.redhat.com [10.40.204.95]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9C774BA213 for ; Thu, 19 Oct 2017 15:36:50 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 7B6EEC059B6F Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: Andrea Bolognani To: libvir-list@redhat.com Date: Thu, 19 Oct 2017 17:36:32 +0200 Message-Id: <20171019153632.15016-7-abologna@redhat.com> In-Reply-To: <20171019153632.15016-1-abologna@redhat.com> References: <20171019153632.15016-1-abologna@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Subject: [libvirt] [libvirt-jenkins-ci PATCH 6/6] guests: Update documentation X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Thu, 19 Oct 2017 15:36:57 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Signed-off-by: Andrea Bolognani Reviewed-by: Pavel Hrdina --- guests/README.markdown | 45 ++++++++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/guests/README.markdown b/guests/README.markdown index 100ca31..51d9012 100644 --- a/guests/README.markdown +++ b/guests/README.markdown @@ -11,8 +11,7 @@ There are two steps to bringing up a guest: section below; =20 * `./lcitool prepare $guest` will go through all the post-installation - configuration steps required to make the newly-created guest usable as - part of the Jenkins CI setup. + configuration steps required to make the newly-created guest usable; =20 Once those steps have been performed, maintainance will involve running: =20 @@ -46,14 +45,6 @@ along the lines of in your crontab. =20 =20 -Adding new guests ------------------ - -Adding new guests will require tweaking the inventory and host variables, -but it should be very easy to eg. use the Fedora 26 configuration to come -up with a working Fedora 27 configuration. - - Development use --------------- =20 @@ -61,22 +52,26 @@ If you are a developer trying to reproduce a bug on som= e OS you don't have easy access to, you can use these tools to create a suitable test environment. =20 -Since the tools are intended mainly for CI use, you'll have to tweak them -a bit first, including: +The `developer` flavor is used by default, so you don't need to do +anything special in order to use it: just follow the steps outlined +above. Once a guest has been prepared, you'll be able to log in as +`developer` either via SSH (your public key will have been authorized) +or on the serial console (password: `developer`). =20 -* trimming down the `inventory` file to just the guest you're interested i= n; +Once logged in, you'll be able to perform administrative tasks using +`sudo`. Regular root access will still be available, either through +SSH or on the serial console. =20 -* removing any references to the `jenkins` pseudo-project from - `host_vars/$guest/main.yml`, along with any references to projects you're - not interested to (this will cut down on the number of packages installe= d) - and any references to `jenkins_secret`; =20 -* deleting `host_vars/$guest/vault.yml` altogether. +CI use +------ =20 -After performing these tweaks, you should be able to use the same steps -outlined above. +You'll need to configure `lcitool` to use the `ci` flavor for guests: +to do so, just write `ci` in the `~/.config/lcitool/flavor` file. =20 -A better way to deal with this use case will be provided in the future. +Once a guest has been prepared, you'll be able to log in as root either +via SSH (your public key will have been authorized) or on the serial +console (using the password configured earlier). =20 =20 FreeBSD @@ -95,3 +90,11 @@ Some manual tweaking will be needed, in particular: =20 Once these steps have been performed, FreeBSD guests can be managed just like all other guests. + + +Adding new guests +----------------- + +Adding new guests will require tweaking the inventory and host variables, +but it should be very easy to eg. use the Fedora 26 configuration to come +up with a working Fedora 27 configuration. --=20 2.13.6 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list