Remote deployment

* no frontend node * only launcher in the terraform

Remote deployment
b69bdee8 · František Dvořák · d87ddb0a · b69bdee8 · b69bdee8
Commit b69bdee8 authored Mar 23, 2021 by František Dvořák
--- a/deploy.tf
+++ b/deploy.tf
@@ -118,6 +118,7 @@ bootcmd:
  - cloud-init-per once manifests-dir mkdir -p /etc/puppet/code/environments/production/manifests
 packages:
+  - ansible
  - puppet-master
 puppet:
@@ -141,6 +142,9 @@ write_files:
 bootcmd:
  - cloud-init-per once puppet-start systemctl mask puppet
+packages:
+  - ansible
 puppet:
  conf:
    agent:
@@ -229,11 +233,15 @@ eval $(ssh-agent -s)
 trap "kill $SSH_AGENT_PID" INT TERM
 ssh-add ${local_file.localkey.filename}
+ip=${openstack_compute_floatingip_associate_v2.server-fip-1.floating_ip}
+remote="ssh -o PreferredAuthentications=publickey deployadm@$ip"
+while ! ping -c 1 -i 2 -q $ip; do sleep 5; done
+ssh-keygen -R $ip
+while ! $remote -o ConnectTimeout=5 -o StrictHostKeyChecking=no :; do sleep 5; done
 if [ -z "$NO_DEPLOYMENT" ]; then
-	./orchestrate.py -c ${local_file.output.filename}
+	git archive HEAD | $remote 'rm -rf terraform; mkdir terraform; cd terraform; tar x'
-else
+	scp -o PreferredAuthentications=publickey -p ${local_file.output.filename} deployadm@$ip:~/terraform/
-	./orchestrate.py -c ${local_file.output.filename} files ping init wait
+	$remote -o ForwardAgent=yes "cd terraform; SENSITIVE=$SENSITIVE ./orchestrate.py -c ${local_file.output.filename}"
-	./orchestrate.py -c ${local_file.output.filename} -n deployment
 fi
 kill $SSH_AGENT_PID


--- a/orchestrate.py
+++ b/orchestrate.py
@@ -130,14 +130,13 @@ ff02::2 ip6-allrouters
 [all:vars]
 ansible_become=true
 ansible_user=%s
-ansible_ssh_common_args=\'%s -o ForwardAgent=yes -o ProxyCommand="ssh -W {{ ansible_host }}:22 -q \
+ansible_ssh_common_args=\'%s -o ForwardAgent=yes\'
-{{ ansible_user }}@%s"\'
 [masters]
 %s ansible_host=%s
 [nodes]
-''' % (user, args.ssh_opts, master_ip, master_hostname, hosts[master_hostname]))
+''' % (user, args.ssh_opts, master_hostname, hosts[master_hostname]))
            for h, ip in hosts.items():
                if h == master_hostname:
                    continue
@@ -148,19 +147,12 @@ ansible_ssh_common_args=\'%s -o ForwardAgent=yes -o ProxyCommand="ssh -W {{ ansi
 if 'ping' in args.actions:
    print('== ping ==', flush=True)
-    cmd = ['ping', '-c', '1', '-i', '2', '-q', master_ip]
-    perform_command(cmd, 0)
-    cmd = ['ssh-keygen', '-R', master_ip]
-    perform_command(cmd)
-    cmd = ssh + ['-o', 'ConnectTimeout=5', '-o', 'StrictHostKeyChecking=no', '%s@%s'
-                                                 % (user, master_ip), ':']
-    perform_command(cmd, 0)
    for ip in hosts.values():
-        cmd = ssh + ['%s@%s' % (user, master_ip), 'ping', '-c', '1', '-i', '2', '-q', ip]
+        cmd = ['ping', '-c', '1', '-i', '2', '-q', ip]
        perform_command(cmd, 0)
    for ip in hosts.values():
-        remote_cmd = ' '.join(ssh) + ' -o ConnectTimeout=5 -o StrictHostKeyChecking=no %s :' % ip
+        cmd = ssh + ['-o', 'ConnectTimeout=5', '-o', 'StrictHostKeyChecking=no',
-        cmd = ssh + ['-o', 'ForwardAgent=yes', '%s@%s' % (user, master_ip), remote_cmd]
+                     '%s@%s' % (user, ip), ':']
        perform_command(cmd, 0)
    if component:
        component.action('ping')
@@ -171,27 +163,19 @@ if 'init' in args.actions:
    h = list(hosts.keys()) + ['%s.%s.' % (host, d) for host in hosts.keys()] + \
        ['%s.%s' % (host, d) for host in hosts.keys()] + list(hosts.values())
-    cycle_all = ('echo -n At:; uname -n; for h in %s; do ' % ' '.join(h)) + ' '.join(ssh) \
-        + ' -o StrictHostKeyChecking=no $h :; done'
    commands = [
-        ['scp', '-p', 'hosts', '%s@%s:/tmp/' % (user, master_ip)],
+        ['sudo', 'cp', '-vp', 'hosts', '/etc/hosts'],
-        ssh + ['%s@%s' % (user, master_ip), 'sudo mv -v /tmp/hosts /etc/hosts'],
-        # the frontend to all nodes
-        ssh + ['-o', 'ForwardAgent=yes', '%s@%s' % (user, master_ip), cycle_all]
    ]
-    for ip in hosts.values():
+    # the frontend to all nodes
-        # check the special case if it is not already frontend ('ssh-keygen -R' would be a problem)
+    for i in h:
-        if ip == master_ip:
-            continue
        commands += [
-            ['ssh-keygen', '-R', ip],
+            ssh + ['-o', 'StrictHostKeyChecking=no', '%s@%s' % (user, i), ':'],
-            ssh + ['-o', 'ForwardAgent=yes', '-o', 'ProxyCommand=ssh -W %s:22 -q %s@%s'
-                   % (ip, user, master_ip), '-o', 'StrictHostKeyChecking=no', '%s@%s' % (user, ip),
-                   ':']
        ]
    commands += [
        ['ansible', '-i', './inventory', '-m', 'copy', '-a', 'src=hosts dest=/etc/hosts', 'nodes'],
    ]
+    cycle_all = ('echo -n At:; uname -n; for h in %s; do ' % ' '.join(h)) + ' '.join(ssh) \
+        + ' -o StrictHostKeyChecking=no %s@$h :; done' % user
    # node to node ssh keys
    # (after the /etc/hosts is distributed)
    for node in hosts.keys():
@@ -200,8 +184,7 @@ if 'init' in args.actions:
            continue
        # the node to all nodes
        commands += [
-            ssh + ['-o', 'ForwardAgent=yes', '%s@%s' % (user, master_ip), ' '.join(ssh)
+            ssh + ['-o', 'ForwardAgent=yes', '%s.%s' % (node, d), '%s' % cycle_all],
-                   + ' -o ForwardAgent=yes %s \'%s\'' % ('%s.%s' % (node, d), cycle_all)],
        ]
    perform_action('init', commands)