tripleo

Configure ssh admin with custom user/key for deployed servers doesn't work

Bug #1734298 reported by Bogdan Dobrelya
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Low
Unassigned
tripleo train-2

Bug Description

The quickstart template for deployed servers prepare http://git.openstack.org/cgit/openstack/tripleo-quickstart-extras/tree/roles/overcloud-deploy/templates/deployed_server_prepare.sh.j2
is missing OVERCLOUD_SSH_KEY OVERCLOUD_SSH_USER arguments passed by the calling task. These might provide custom user and key.

Additionally, the overcloud deploy role should perhaps specify
--overcloud-ssh-user --overcloud-ssh-key params as well, see https://git.openstack.org/cgit/openstack/python-tripleoclient/tree/tripleoclient/v1/overcloud_deploy.py#n735

IT would be also nice to add these to the prepare script to make it working when invoked manually, w/o/ ansible.

Additionally, tripleo dynamic inventory can't be used with ansible-playbook given a custom ansible_ssh_user as well.

Otherwise, custom user and key can't be used for deployed servers and breaks deployments on openstack clouds, like rdo cloud.

See original description
Bogdan Dobrelya (bogdando)
tags: added: quickstart
Changed in tripleo:
milestone: none → queens-2
importance: Undecided → Medium
tags: added: ux
Changed in tripleo:
status: New → In Progress
assignee: nobody → Bogdan Dobrelya (bogdando)
description: updated
description: updated
description: updated
Bogdan Dobrelya (bogdando)
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to tripleo-quickstart-extras (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/522771

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-quickstart-extras (master)

Fix proposed to branch: master
Review: https://review.openstack.org/522776

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on tripleo-quickstart-extras (master)

Change abandoned by Bogdan Dobrelya (<email address hidden>) on branch: master
Review: https://review.openstack.org/522771

Revision history for this message
Bogdan Dobrelya (bogdando) wrote :

Related change https://review.openstack.org/#/c/522874/

description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to tripleo-validations (master)

Reviewed: https://review.openstack.org/522874
Committed: https://git.openstack.org/cgit/openstack/tripleo-validations/commit/?id=fde797ca14b194f588a46256c809729c2ef0135d
Submitter: Zuul
Branch: master

commit fde797ca14b194f588a46256c809729c2ef0135d
Author: Bogdan Dobrelya <email address hidden>
Date: Fri Nov 24 17:56:40 2017 +0100

    Add env var for custom ssh user

    W/o an env var, a dynamic inventory can't be invoked for a custom
    user. Ansible uses the same ANSIBLE_SSH_USER so the value will
    be aligned to both.

    Related-bug: #1734298

    Change-Id: Ieddbb4c87d88888f78d494ff670db907bce4fd78
    Signed-off-by: Bogdan Dobrelya <email address hidden>

Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: queens-2 → queens-3
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on tripleo-quickstart-extras (master)

Change abandoned by Bogdan Dobrelya (<email address hidden>) on branch: master
Review: https://review.openstack.org/522776

Bogdan Dobrelya (bogdando)
Changed in tripleo:
status: In Progress → Triaged
assignee: Bogdan Dobrelya (bogdando) → nobody
tags: removed: ux
Revision history for this message
Bogdan Dobrelya (bogdando) wrote :

As a w/a for quickstart, you can create a custom overcloud deploy playbook and export OVERCLOUD_SSH_KEY for the overcloud-deploy role's environment param, like https://github.com/bogdando/oooq-warp/blob/master/playbooks/oooq-traas-over.yaml

Changed in tripleo:
importance: Medium → Low
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to tripleo-validations (stable/pike)

Related fix proposed to branch: stable/pike
Review: https://review.openstack.org/527031

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to tripleo-validations (stable/pike)

Reviewed: https://review.openstack.org/527031
Committed: https://git.openstack.org/cgit/openstack/tripleo-validations/commit/?id=9209c8e088a8ce0aef7b458477e27a6559939e43
Submitter: Zuul
Branch: stable/pike

commit 9209c8e088a8ce0aef7b458477e27a6559939e43
Author: Bogdan Dobrelya <email address hidden>
Date: Fri Nov 24 17:56:40 2017 +0100

    Add env var for custom ssh user

    W/o an env var, a dynamic inventory can't be invoked for a custom
    user. Ansible uses the same ANSIBLE_SSH_USER so the value will
    be aligned to both.

    Related-bug: #1734298

    Change-Id: Ieddbb4c87d88888f78d494ff670db907bce4fd78
    Signed-off-by: Bogdan Dobrelya <email address hidden>
    (cherry picked from commit fde797ca14b194f588a46256c809729c2ef0135d)

tags: added: in-stable-pike
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: queens-3 → queens-rc1
Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: queens-rc1 → rocky-1
Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: rocky-1 → rocky-2
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: rocky-2 → rocky-3
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: rocky-3 → rocky-rc1
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: rocky-rc1 → stein-1
Juan Antonio Osorio Robles (juan-osorio-robles)
Changed in tripleo:
milestone: stein-1 → stein-2
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: stein-2 → stein-3
Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: stein-3 → train-1
Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: train-1 → train-2
Revision history for this message
Jiří Stránský (jistr) wrote :

I think deployed server with custom users on OOOQ now works, e.g. in CI we have a 'zuul' user that we initally connect as. Closing as fixed, please reopen if i'm incorrect.

Changed in tripleo:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.