From patchwork Fri Jan 31 20:19:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 13955730 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9BA7B482EB for ; Fri, 31 Jan 2025 20:19:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738354777; cv=none; b=tbzL2DYgzL8hh8f1QCr/psCOI7XeW0OlfayD3ePPcTLV9cxUEuh8aG9b+dC1VzCRst85AnUNWRxzw+y5pq1IJlgcarOQWTZ+Qng8sNL9lY2d/ICHxiDAfnO55b1CIgZa/Z2oNkoKes6rhhPMytZITUIaTzrlXz4nBl3anzGmny8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738354777; c=relaxed/simple; bh=DszmmslPLgkgyPItwtsIaCp20Zkko5qa8sokpQARrVI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rtJ91sSZdAw86qC/2pggQN5+4dVyyLOY7uqEuplVGRhSnyAC9ttCjjibUUOlRcj5ekCqCAbDLihU/ObSnjhY2kbdxztWAze25BFU+RpiDYyDzsHl6F9g+YfkSW91QcowBo0QyElqeQvFP0f0pwlMNOZN7X9TzRXyga2ijSuAh78= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=OdKP10WA; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="OdKP10WA" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C0FB8C4CEE1; Fri, 31 Jan 2025 20:19:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1738354777; bh=DszmmslPLgkgyPItwtsIaCp20Zkko5qa8sokpQARrVI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OdKP10WALacfMyVv/bez+2Aeckdp4/9KKX7VsPTpQ//5T3ntX4/Fh0bJ46o145t6t 6MtF8+/LE0PTpPbCS9fA0vW3oIMZX7wd02DMZlcY3rJ3AT1T6WNxi8oCiyue7Xc2ZQ 4Ghf94q69NALwsZKJHCm8V19UudGffWNZo2PXV2djjeLtIegsANiicP+dLuj3PLicI M1iGfoGn8Yyfk9VGpOdP9ExOtsVmwLfNZLcg2eGRUMRyn9kpuUiEZw1nh1xhTfgyUu KEjlicuYM7nCVYxaf4TTcpQeEItDAStCRy53ZPDCLsLDo/0QSnqUbN731yDMSV5q9Y ksJot04Iuajxg== From: cel@kernel.org To: Cc: Chuck Lever Subject: [RFC PATCH 1/4] guestfs: Rename the update_ssh_config_guestfs role Date: Fri, 31 Jan 2025 15:19:29 -0500 Message-ID: <20250131201932.449083-2-cel@kernel.org> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250131201932.449083-1-cel@kernel.org> References: <20250131201932.449083-1-cel@kernel.org> Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Chuck Lever The update_ssh_config_guestfs role inserts an "Include" directive into the user's .ssh/config file. The included file is managed solely by kdevops. The plan is to use this same mechanism for terraform as well. So give this role a generic name, perform a few clean-ups, and run it during "make deps". This situates the Include directive into the control user's .ssh/config for all virtualization methods. Signed-off-by: Chuck Lever --- .../roles/update_ssh_config/tasks/main.yml | 106 ++++++++++++++++++ .../update_ssh_config_guestfs/tasks/main.yml | 71 ------------ playbooks/update_ssh_config.yml | 5 + playbooks/update_ssh_config_guestfs.yml | 4 - scripts/guestfs.Makefile | 5 - scripts/ssh.Makefile | 13 +++ 6 files changed, 124 insertions(+), 80 deletions(-) create mode 100644 playbooks/roles/update_ssh_config/tasks/main.yml delete mode 100644 playbooks/roles/update_ssh_config_guestfs/tasks/main.yml create mode 100644 playbooks/update_ssh_config.yml delete mode 100644 playbooks/update_ssh_config_guestfs.yml diff --git a/playbooks/roles/update_ssh_config/tasks/main.yml b/playbooks/roles/update_ssh_config/tasks/main.yml new file mode 100644 index 000000000000..583d006c85c3 --- /dev/null +++ b/playbooks/roles/update_ssh_config/tasks/main.yml @@ -0,0 +1,106 @@ +--- +- name: Set the pathname of the controller's .ssh directory + ansible.builtin.set_fact: + sshdir: "{{ lookup('ansible.builtin.env', 'HOME') }}/.ssh" + tags: + - vars + +- name: Check that the user's ssh config file exists + delegate_to: localhost + run_once: true + ansible.builtin.stat: + path: "{{ sshdir }}/config" + register: ssh_config + tags: + - deps + +- name: Check that the kdevops Include directive is present + delegate_to: localhost + run_once: true + ansible.builtin.lineinfile: + path: "{{ sshdir }}/config" + regexp: "Include ~/.ssh/config_kdevops_*" + state: absent + check_mode: true + changed_when: false + register: kdevops_ssh_include + when: + - ssh_config.stat.exists + tags: + - deps + +- name: Check that the Include directive has a kdevops_version comment + delegate_to: localhost + run_once: true + ansible.builtin.lineinfile: + path: "{{ sshdir }}/config" + regexp: "^#(.*)kdevops_version(.*)" + state: absent + check_mode: true + changed_when: false + register: fixed_ssh_entry + when: + - ssh_config.stat.exists + tags: + - deps + +- name: Check if the correct Include directive is present + ansible.builtin.meta: end_play + when: + - ssh_config.stat.exists + - kdevops_ssh_include.found + - fixed_ssh_entry.found + tags: + - deps + +- name: Remove the stale Include directive + delegate_to: localhost + run_once: true + ansible.builtin.lineinfile: + path: "{{ sshdir }}/config" + line: "Include ~/.ssh/config_kdevops_*" + state: absent + when: + - ssh_config.stat.exists + tags: + - deps + +- name: Remove stale kdevops comments + delegate_to: localhost + run_once: true + ansible.builtin.lineinfile: + path: "{{ sshdir }}/config" + regexp: "^#(.*)kdevops(.*)" + state: absent + when: + - ssh_config.stat.exists + tags: + - deps + +- name: Remove extraneous new lines + delegate_to: localhost + run_once: true + ansible.builtin.replace: + path: "{{ sshdir }}/config" + regexp: '(^\s*$)' + replace: '' + when: + - ssh_config.stat.exists + tags: + - deps + +- name: Add a proper Include directive to ~/.ssh/config + delegate_to: localhost + run_once: true + ansible.builtin.blockinfile: + path: "{{ sshdir }}/config" + insertbefore: BOF + marker: "{mark}" + marker_begin: "# Automatically added by kdevops\n# kdevops_version: {{ kdevops_version }}" + marker_end: "" + create: true + mode: "u=rw,g=r,o=r" + block: | + Include ~/.ssh/config_kdevops_* + tags: + - deps diff --git a/playbooks/roles/update_ssh_config_guestfs/tasks/main.yml b/playbooks/roles/update_ssh_config_guestfs/tasks/main.yml deleted file mode 100644 index 98c86f164612..000000000000 --- a/playbooks/roles/update_ssh_config_guestfs/tasks/main.yml +++ /dev/null @@ -1,71 +0,0 @@ -- name: Check if the ssh config file exists - stat: - path: "~/.ssh/config" - register: ssh_config - -# Check if the include directive is already presetn -- name: Check if the kdevops include directive was used - lineinfile: - path: ~/.ssh/config - regexp: "Include ~/.ssh/config_kdevops_*" - state: absent - check_mode: yes - changed_when: false - register: kdevops_ssh_include - when: ssh_config.stat.exists - -# Check if the the kdevops_version was added in a comment -- name: Check if the new include directive was used with a kdevops_version comment - lineinfile: - path: ~/.ssh/config - regexp: "^#(.*)kdevops_version(.*)" - state: absent - check_mode: yes - changed_when: false - register: fixed_ssh_entry - when: ssh_config.stat.exists - -# If both the include directive was found and kdevops version comment was found -# we bail right away to avoid updating the ssh config file always. -- name: Check if the new fixed include directive was used - meta: end_play - when: - - ssh_config.stat.exists - - kdevops_ssh_include.found - - fixed_ssh_entry.found - -# If we're still running it means the correct include directive following a new -# line was not found. So remove old stale include directives which may be -# buggy. -- name: Remove buggy stale include directive to ~/.ssh/config without a new line - lineinfile: - path: ~/.ssh/config - line: "Include ~/.ssh/config_kdevops_*" - state: absent - when: ssh_config.stat.exists - -- name: Remove any stale kdevops comments - lineinfile: - path: ~/.ssh/config - regexp: "^#(.*)kdevops(.*)" - state: absent - when: ssh_config.stat.exists - -- name: Remove any extra new lines - replace: - path: ~/.ssh/config - regexp: '(^\s*$)' - replace: '' - when: ssh_config.stat.exists - -# ssh include directives must follow a new line. -- name: Add Include directive to ~/.ssh/config - blockinfile: - path: ~/.ssh/config - insertbefore: BOF - marker: "{mark}" - marker_begin: "# Automatically added by kdevops\n# kdevops_version: {{ kdevops_version }}" - marker_end: "" - create: true - block: | - Include ~/.ssh/config_kdevops_* diff --git a/playbooks/update_ssh_config.yml b/playbooks/update_ssh_config.yml new file mode 100644 index 000000000000..e2603df526d4 --- /dev/null +++ b/playbooks/update_ssh_config.yml @@ -0,0 +1,5 @@ +--- +- hosts: all + gather_facts: false + roles: + - role: update_ssh_config diff --git a/playbooks/update_ssh_config_guestfs.yml b/playbooks/update_ssh_config_guestfs.yml deleted file mode 100644 index 346b90245637..000000000000 --- a/playbooks/update_ssh_config_guestfs.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: localhost - roles: - - role: update_ssh_config_guestfs diff --git a/scripts/guestfs.Makefile b/scripts/guestfs.Makefile index 03909641aac4..8d3f01c35758 100644 --- a/scripts/guestfs.Makefile +++ b/scripts/guestfs.Makefile @@ -62,11 +62,6 @@ libvirt_pcie_passthrough_permissions: $(KDEVOPS_PROVISIONED_SSH): $(Q)if [[ "$(CONFIG_KDEVOPS_SSH_CONFIG_UPDATE)" == "y" ]]; then \ - ansible-playbook $(ANSIBLE_VERBOSE) --connection=local \ - --inventory localhost, \ - playbooks/update_ssh_config_guestfs.yml \ - --extra-vars=@./extra_vars.yaml \ - -e 'ansible_python_interpreter=/usr/bin/python3' ;\ LIBVIRT_DEFAULT_URI=$(CONFIG_LIBVIRT_URI) $(TOPDIR)/scripts/update_ssh_config_guestfs.py; \ fi $(Q)ansible $(ANSIBLE_VERBOSE) -i hosts all -e 'ansible_python_interpreter=/usr/bin/python3' -m wait_for_connection diff --git a/scripts/ssh.Makefile b/scripts/ssh.Makefile index 3ee9437b1b4c..aee58e4bcef3 100644 --- a/scripts/ssh.Makefile +++ b/scripts/ssh.Makefile @@ -21,3 +21,16 @@ $(KDEVOPS_SSH_PRIVKEY): .config $(NQ) Generating new private key: $(KDEVOPS_SSH_PRIVKEY) $(NQ) Generating new public key: $(KDEVOPS_SSH_PUBKEY) $(Q)$(TOPDIR)/scripts/gen_ssh_key.sh + +PHONY += update-ssh-config +update-ssh-config: + $(Q)ansible-playbook $(ANSIBLE_VERBOSE) --connection=local \ + --inventory localhost, \ + playbooks/update_ssh_config.yml \ + --extra-vars=@./extra_vars.yaml \ + -e 'ansible_python_interpreter=/usr/bin/python3' \ + --tags vars,deps + +ifeq (y,$(CONFIG_KDEVOPS_SSH_CONFIG_UPDATE)) +LOCALHOST_SETUP_WORK += update-ssh-config +endif From patchwork Fri Jan 31 20:19:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 13955731 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ADABF15D5B6 for ; Fri, 31 Jan 2025 20:19:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738354777; cv=none; b=GipuQ+++tu7RwO0FGcvi4HL1T8tRDCno/OOuUB6IyMRazKktIZ7YuAigLU0LRJWIQ9+C0hq2O2i2j/wHtLvSjL8FSaqsRPs+wm6fVJpbdvikN3HO7JqLDQtl0BAgJ/4ApiMsbstMTz5TziObFROPd+8qnCJDT8HoLf1PVw8rpYs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738354777; c=relaxed/simple; bh=905WGgIZzeSbKQnIF+DI6dvqAF3TPeEJu0g1SPmmmsg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ttHTKMNxCKcBC7Z/uJL2pHwn3tdl/DBSsQa4SeRJhlf1S14J6pjZmsr9QX6+F1NbGUd9chercrTHt+uLBsF46RXPQG9LFfclGwlnozcFBe6netAHwaNaMXKGmSKM215rIyd2R4Nnn7hRlr4ungMXB/u4H5f7DBOxE5Yev6PUaD8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Zz9/dnGe; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Zz9/dnGe" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4A070C4CED1; Fri, 31 Jan 2025 20:19:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1738354777; bh=905WGgIZzeSbKQnIF+DI6dvqAF3TPeEJu0g1SPmmmsg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Zz9/dnGeIiTWuwkdNvBaKVn3h2iVYxRFiK6s+z0Yax6qZ1fZta3DNwhJ0BUMXqDgF 7V4iO0ou1adsQGM0/srbzAg/SSHsv8ShnQEoEk7CCQyD7kVy0TonBp+E4Pzt4IME7e dkY4+hmxTz1f3ZGGUPMTciUmPlsl5opJWY+gxYRQ9BOXn67rNkS8PKnggdntJHZ8ff l7P0POCnsGDkCaOWv99ha/LEwDySvdjYRvVCFSYqD8jhwKG8Ifq5vzLIVG531syyPH EtMsfzptBsLA7Tk73+FPo9E6mCj5ujOLSD+yCMZVcIEKMAf7iZI4UJccxVUWYdGTk6 Nnncnu8q2BU0Q== From: cel@kernel.org To: Cc: Chuck Lever Subject: [RFC PATCH 2/4] update_ssh_config: Add always-run ssh clean-up steps Date: Fri, 31 Jan 2025 15:19:30 -0500 Message-ID: <20250131201932.449083-3-cel@kernel.org> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250131201932.449083-1-cel@kernel.org> References: <20250131201932.449083-1-cel@kernel.org> Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Chuck Lever This common bit of logic is by the "make destroy" target, so it affects all virtualization methods. Signed-off-by: Chuck Lever --- .../roles/update_ssh_config/tasks/main.yml | 44 +++++++++++++++++++ scripts/bringup.Makefile | 7 +++ scripts/destroy_guestfs.sh | 6 --- scripts/guestfs.Makefile | 1 - scripts/terraform.Makefile | 1 - 5 files changed, 51 insertions(+), 8 deletions(-) diff --git a/playbooks/roles/update_ssh_config/tasks/main.yml b/playbooks/roles/update_ssh_config/tasks/main.yml index 583d006c85c3..1ccbf1563269 100644 --- a/playbooks/roles/update_ssh_config/tasks/main.yml +++ b/playbooks/roles/update_ssh_config/tasks/main.yml @@ -5,6 +5,22 @@ tags: - vars +- name: Set the pathname of the ephemeral ssh config file + ansible.builtin.set_fact: + kdevops_ssh_config: "{{ sshdir }}/config_kdevops_{{ topdir_path_sha256sum }}" + when: + - topdir_path_sha256sum is defined + tags: + - vars + +- name: Set the pathname of the ephemeral ssh config file + ansible.builtin.set_fact: + kdevops_ssh_config: "{{ sshdir }}/config_kdevops_{{ kdevops_host_prefix }}" + when: + - topdir_path_sha256sum is not defined + tags: + - vars + - name: Check that the user's ssh config file exists delegate_to: localhost run_once: true @@ -104,3 +120,31 @@ Include ~/.ssh/config_kdevops_* tags: - deps + +- name: Remove saved keys for the target nodes + delegate_to: localhost + throttle: 1 + ansible.builtin.command: + argv: + - "ssh-keygen" + - "-q" + - "-f" + - "{{ sshdir }}/known_hosts" + - "-R" + - "{{ inventory_hostname }}" + register: result + failed_when: false + changed_when: + - result is success + - not "not found in" in result.stderr + tags: + - clean + +- name: Remove the ephemeral ssh config file on the control host + delegate_to: localhost + run_once: true + ansible.builtin.file: + path: "{{ kdevops_ssh_config }}" + state: absent + tags: + - clean diff --git a/scripts/bringup.Makefile b/scripts/bringup.Makefile index 148547c0644a..1d1f916eaf63 100644 --- a/scripts/bringup.Makefile +++ b/scripts/bringup.Makefile @@ -23,6 +23,13 @@ endif bringup: $(KDEVOPS_BRING_UP_DEPS) destroy: $(KDEVOPS_DESTROY_DEPS) + $(Q)ansible-playbook $(ANSIBLE_VERBOSE) --connection=local \ + -i hosts \ + playbooks/update_ssh_config.yml \ + --extra-vars=@./extra_vars.yaml \ + -e 'ansible_python_interpreter=/usr/bin/python3' \ + --tags vars,clean + $(Q)rm -f $(KDEVOPS_PROVISIONED_SSH) $(KDEVOPS_PROVISIONED_DEVCONFIG) bringup-help-menu: @echo "Bringup targets:" diff --git a/scripts/destroy_guestfs.sh b/scripts/destroy_guestfs.sh index ae31b0cc251e..e40dea9361f0 100755 --- a/scripts/destroy_guestfs.sh +++ b/scripts/destroy_guestfs.sh @@ -23,14 +23,8 @@ if [ -f "$GUESTFSDIR/kdevops_nodes.yaml" ]; then fi rm -rf "$GUESTFSDIR/$name" rm -rf "$STORAGEDIR/$name" - ssh-keygen -q -f ~/.ssh/known_hosts -R $name 1> /dev/null 2>&1 done fi -if [[ "$CONFIG_TOPDIR_PATH_HAS_SHA256SUM" == "y" ]]; then - rm -f ~/.ssh/config_kdevops_$CONFIG_TOPDIR_PATH_SHA256SUM -else - rm -f ~/.ssh/config_kdevops_$CONFIG_KDEVOPS_HOSTS_PREFIX -fi rm -f $GUESTFSDIR/.provisioned_once rm -f $GUESTFSDIR/kdevops_nodes.yaml diff --git a/scripts/guestfs.Makefile b/scripts/guestfs.Makefile index 8d3f01c35758..dd78c1c8d4aa 100644 --- a/scripts/guestfs.Makefile +++ b/scripts/guestfs.Makefile @@ -85,7 +85,6 @@ PHONY += bringup_guestfs destroy_guestfs: $(Q)$(TOPDIR)/scripts/destroy_guestfs.sh - $(Q)rm -f $(KDEVOPS_PROVISIONED_SSH) $(KDEVOPS_PROVISIONED_DEVCONFIG) PHONY += destroy_guestfs diff --git a/scripts/terraform.Makefile b/scripts/terraform.Makefile index a2a2f8f73961..58eadd9cd9a0 100644 --- a/scripts/terraform.Makefile +++ b/scripts/terraform.Makefile @@ -166,7 +166,6 @@ bringup_terraform: destroy_terraform: $(Q)$(TOPDIR)/scripts/destroy_terraform.sh - $(Q)rm -f $(KDEVOPS_PROVISIONED_DEVCONFIG) $(KDEVOPS_TFVARS): $(KDEVOPS_TFVARS_TEMPLATE) .config $(Q)ansible-playbook $(ANSIBLE_VERBOSE) --connection=local \ From patchwork Fri Jan 31 20:19:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 13955732 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 547EA482EB for ; Fri, 31 Jan 2025 20:19:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738354778; cv=none; b=SWcxuS/UZNgCQSS2LLi/uR/L/NbgtxtLSY94Gx1Y8815daniAVkp3qq81C53X7La/YlyLciA94oZ8TJJW8EY67M2YlCzzEq91k+v8TDO0zZ7YlNDkyc1wIj31FoaSvZn+GGXoLXYs5O4TAoL0PlrNwtuPtsPL9RUbJBho871wIU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738354778; c=relaxed/simple; bh=nAJCyqielSVXeW0LEsPkXeSftLvAwQv7nwtygy9jJ5Y=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=sg7/LxZqS7xthKInW0Kwmmtx15k//lIYi2AYc2I4clvM9mZ+T4ioa2lkoxUSTefdW9IKy5H7BsV2kSOXNBYY9WeTEp4cUc7lwVQNRrZcNwdLYTEhICOsQ30W5TZ1R9wk/9z6ilwpaQ+r0ThSN2WmY7q3NGTaX4FersYqZubxlMU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=dSWqvHJ+; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="dSWqvHJ+" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C77AAC4CEE1; Fri, 31 Jan 2025 20:19:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1738354778; bh=nAJCyqielSVXeW0LEsPkXeSftLvAwQv7nwtygy9jJ5Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dSWqvHJ+7bGbP1ZS3a+Y+EoXIzd80++/ziqIUO2sB6ZNVTvKfPq1XxFtolONnW9IN HRzz4Nw781UNhN2NbePBaKnxvVxDlfmuB/Cw2tVxNPnUB/jbZE4wkVR1jDovS5An+c UaPqZpDUsLJCQ1i5E8r9OCJt/6j3/zUrBUSXtLJtTL0cme5flx3tJpwPLvJJay8AQE CbmmJFSnUiCiJRpJD0F1QXsf/cNK+BmjPONf111hNN7iBKa3HSpZCEndq3xo4XEo4/ YTn9l5GrL+BUotdfLBW0tAkMmTaDT29dbsnmnNCTGEUTIN0EB83MS3wVWh5Ci5f0+e ZzH2WbWzSMlRQ== From: cel@kernel.org To: Cc: Chuck Lever , Luis Chamberlain Subject: [RFC PATCH 3/4] terraform: Add ssh hosts to ~/.ssh/config_kdevops_{{ sha1sum }} Date: Fri, 31 Jan 2025 15:19:31 -0500 Message-ID: <20250131201932.449083-4-cel@kernel.org> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250131201932.449083-1-cel@kernel.org> References: <20250131201932.449083-1-cel@kernel.org> Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Chuck Lever The fixed update_ssh_config module is still not removing ssh Host configuration information with "make destroy". Also, we want to have more control over how the control host's ssh config is managed. Updating a separate terraform module is getting awkward. Let's replace the independent terraform module that handles ssh configuration with a playbook that operates the same as guestfs: the host config is stuffed into a common file under ~/.ssh that is included in ~/.ssh/config, and is easily located and deleted by "make destroy". XXX: I'm not 100% sold on this organization: it might be better to fold the new playbook into scripts/bringup_terraform.sh somehow. Suggested-by: Luis Chamberlain Signed-off-by: Chuck Lever --- playbooks/add_ssh_hosts_terraform.yml | 5 ++ .../add_ssh_hosts_terraform/defaults/main.yml | 2 + .../add_ssh_hosts_terraform/tasks/main.yml | 57 +++++++++++++++++++ .../templates/ssh_config.j2 | 15 +++++ scripts/terraform.Makefile | 5 ++ terraform/aws/output.tf | 7 +++ 6 files changed, 91 insertions(+) create mode 100644 playbooks/add_ssh_hosts_terraform.yml create mode 100644 playbooks/roles/add_ssh_hosts_terraform/defaults/main.yml create mode 100644 playbooks/roles/add_ssh_hosts_terraform/tasks/main.yml create mode 100644 playbooks/roles/add_ssh_hosts_terraform/templates/ssh_config.j2 diff --git a/playbooks/add_ssh_hosts_terraform.yml b/playbooks/add_ssh_hosts_terraform.yml new file mode 100644 index 000000000000..b5ef86d09ac9 --- /dev/null +++ b/playbooks/add_ssh_hosts_terraform.yml @@ -0,0 +1,5 @@ +--- +- hosts: all + gather_facts: false + roles: + - role: add_ssh_hosts_terraform diff --git a/playbooks/roles/add_ssh_hosts_terraform/defaults/main.yml b/playbooks/roles/add_ssh_hosts_terraform/defaults/main.yml new file mode 100644 index 000000000000..33bd00e6d1a4 --- /dev/null +++ b/playbooks/roles/add_ssh_hosts_terraform/defaults/main.yml @@ -0,0 +1,2 @@ +--- +ssh_config_kexalgorithms: "" diff --git a/playbooks/roles/add_ssh_hosts_terraform/tasks/main.yml b/playbooks/roles/add_ssh_hosts_terraform/tasks/main.yml new file mode 100644 index 000000000000..4d85e29c596b --- /dev/null +++ b/playbooks/roles/add_ssh_hosts_terraform/tasks/main.yml @@ -0,0 +1,57 @@ +--- +- name: Set the pathname of the control host's .ssh directory + delegate_to: localhost + run_once: true + ansible.builtin.set_fact: + sshdir: "{{ lookup('ansible.builtin.env', 'HOME') }}/.ssh" + +- name: Set the pathname of the ephemeral ssh config file + delegate_to: localhost + run_once: true + ansible.builtin.set_fact: + host_config: "{{ sshdir }}/config_kdevops_{{ topdir_path_sha256sum }}" + when: + - topdir_path_sha256sum is defined + +- name: Set the pathname of the ephemeral ssh config file + delegate_to: localhost + run_once: true + ansible.builtin.set_fact: + host_config: "{{ sshdir }}/config_kdevops_{{ kdevops_host_prefix }}" + when: + - topdir_path_sha256sum is not defined + +- name: Retrieve the public_ip_map + delegate_to: localhost + run_once: true + ansible.builtin.command: + chdir: "{{ topdir_path }}/terraform/{{ kdevops_terraform_provider }}" + cmd: "terraform output -json public_ip_map" + register: terraform_output + changed_when: false + +- name: Build public_ip_map dict + delegate_to: localhost + run_once: true + ansible.builtin.set_fact: + public_ip_map: "{{ terraform_output.stdout | from_json }}" + +- name: Insert or update a ssh Host entry on the control host for the target node + vars: + hostname: "{{ inventory_hostname }}" + ipaddr: "{{ public_ip_map[inventory_hostname] }}" + port: "22" + user: "{{ kdevops_terraform_ssh_config_user }}" + sshkey: "{{ sshdir }}/{{ kdevops_terraform_ssh_config_pubkey_file|basename|replace('.pub', '') }}" + strict: "{{ kdevops_terraform_ssh_config_update_strict|bool }}" + kexalgorithms: "{{ ssh_config_kexalgorithms }}" + throttle: 1 + ansible.builtin.blockinfile: + block: "{{ lookup('template', 'ssh_config.j2') }}" + create: true + dest: "{{ host_config }}" + insertafter: "EOF" + marker: "# {mark} host configuration for {{ inventory_hostname }}" + marker_begin: "begin" + marker_end: "end" + mode: "u=rw,g=r,o=r" diff --git a/playbooks/roles/add_ssh_hosts_terraform/templates/ssh_config.j2 b/playbooks/roles/add_ssh_hosts_terraform/templates/ssh_config.j2 new file mode 100644 index 000000000000..f212e6e48607 --- /dev/null +++ b/playbooks/roles/add_ssh_hosts_terraform/templates/ssh_config.j2 @@ -0,0 +1,15 @@ +Host {{ hostname }} {{ ipaddr }} + HostName {{ ipaddr }} + User {{ user }} + Port {{ port }} + IdentityFile {{ sshkey }} +{% if kexalgorithms %} + KexAlgorithms {{ kexalgorithms }} +{% endif %} +{% if strict %} + UserKnownHostsFile /dev/null + StrictHostKeyChecking no + PasswordAuthentication no + IdentitiesOnly yes + LogLevel FATAL +{% endif %} diff --git a/scripts/terraform.Makefile b/scripts/terraform.Makefile index 58eadd9cd9a0..fd9716887ac9 100644 --- a/scripts/terraform.Makefile +++ b/scripts/terraform.Makefile @@ -163,6 +163,11 @@ ANSIBLE_EXTRA_ARGS += $(TERRAFORM_EXTRA_VARS) bringup_terraform: $(Q)$(TOPDIR)/scripts/bringup_terraform.sh + $(Q)ansible-playbook $(ANSIBLE_VERBOSE) --connection=local \ + --inventory hosts \ + playbooks/add_ssh_hosts_terraform.yml \ + --extra-vars=@./extra_vars.yaml \ + -e 'ansible_python_interpreter=/usr/bin/python3' destroy_terraform: $(Q)$(TOPDIR)/scripts/destroy_terraform.sh diff --git a/terraform/aws/output.tf b/terraform/aws/output.tf index 6ff195be2515..cb8cab4afcdd 100644 --- a/terraform/aws/output.tf +++ b/terraform/aws/output.tf @@ -25,3 +25,10 @@ output "login_using" { value = data.null_data_source.group_hostnames_and_ips.*.outputs } +# Each provider's output.tf needs to define a public_ip_map. This +# map is used to build the Ansible controller's ssh configuration. +# Each map entry contains the node's hostname and public IP address. +output "public_ip_map" { + description = "The public IP addresses assigned to each instance" + value = "${zipmap(var.kdevops_nodes[*], aws_eip.kdevops_eip[*].public_ip)}" +} From patchwork Fri Jan 31 20:19:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 13955733 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 30C94482EB for ; Fri, 31 Jan 2025 20:19:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738354779; cv=none; b=YOozuTChMWgQOPsV16h9rtkDI8GzMcUh0p8UJhJoU8ZcKvTYct3czqZEf0sWwuZ5I09HqGMvWCdLkSCZAxTb+SGjOFubIzBj1CWU9yV7JpfRyKVdHfDgdyr6Fj0qVrso4Hmgw8JvfibbtWI2iuOrCD5RGGMg0jEVoNhEBnH7Br0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738354779; c=relaxed/simple; bh=sztP2b8jFH24uMDTxaJAc/gmAuYSeP0atPRS3oJwkzM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=EA3z1vPzAbj8S+O7+KJWazNaB8RSm34Pfh5ZuswcTbxpmH8hKyx7DEGrgnetAoWcLDed5ovVq2LziUWvUknR99phaPmB6ZwNoi2I/X8598pHOpr4LT7uEqAPul3C+mMCyGWcj8V1scvxkR1n8UPq6widmOqoSVQCqb9rm6S8kPE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=gOggW1/u; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="gOggW1/u" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 68215C4CEE2; Fri, 31 Jan 2025 20:19:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1738354778; bh=sztP2b8jFH24uMDTxaJAc/gmAuYSeP0atPRS3oJwkzM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gOggW1/uIkRE4MiNzhJl2mEZWdRZCmlbKR+eK54Oxmb9wqoFINMz5Uhe8JoqLAdBQ 2QQYkdBfNu9ujTXdzCWGfC+SnM4Q2+8qY5W1NtFcBe9MvcpFcYKOoUG8nsZ+puvvxZ mOinPFp76/AexbLAP6OwS1lY2pQgFDUox4uWW4/svtyANkA6uOWVbv8L7Z8SsTIrZx tI9x5VJ+xBIrUZqyMBJnEAab7daYi1cAQ3cPquXMWYu9N/22lwPjU1XBZpzIQ95UuL KbXYC307+YINodxfTDigWEoIQOgvb99AjJM28a+qpafkteJwK1a3LHlPm9Z4CxJAAU Z8EnIcC7JrNVA== From: cel@kernel.org To: Cc: Chuck Lever Subject: [RFC PATCH 4/4] terraform: Remove the terrraform update_ssh_config module Date: Fri, 31 Jan 2025 15:19:32 -0500 Message-ID: <20250131201932.449083-5-cel@kernel.org> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250131201932.449083-1-cel@kernel.org> References: <20250131201932.449083-1-cel@kernel.org> Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Chuck Lever The add_ssh_hosts_terraform playbook has taken its place. XXX: Need to add a public_ip_map output for all cloud providers before removing the update_ssh_config terraform module. Signed-off-by: Chuck Lever --- Makefile | 1 + terraform/aws/output.tf | 25 ------------------------ terraform/aws/update_ssh_config.tf | 1 - terraform/azure/update_ssh_config.tf | 1 - terraform/gce/update_ssh_config.tf | 1 - terraform/oci/update_ssh_config.tf | 1 - terraform/openstack/update_ssh_config.tf | 1 - terraform/update_ssh_config.tf | 17 ---------------- 8 files changed, 1 insertion(+), 47 deletions(-) delete mode 120000 terraform/aws/update_ssh_config.tf delete mode 120000 terraform/azure/update_ssh_config.tf delete mode 120000 terraform/gce/update_ssh_config.tf delete mode 120000 terraform/oci/update_ssh_config.tf delete mode 120000 terraform/openstack/update_ssh_config.tf delete mode 100644 terraform/update_ssh_config.tf diff --git a/Makefile b/Makefile index a0441b2c7bb8..e0e5d8f962d2 100644 --- a/Makefile +++ b/Makefile @@ -252,6 +252,7 @@ mrproper: $(Q)$(MAKE) -f scripts/build.Makefile $@ $(Q)rm -f $(KDEVOPS_DEPCHECK) $(Q)rm -f terraform/*/terraform.tfvars + $(Q)rm -rf terraform/*/.terraform $(Q)rm -f $(KDEVOPS_NODES) $(Q)rm -f $(KDEVOPS_HOSTFILE) $(KDEVOPS_MRPROPER) $(Q)rm -f .config .config.old extra_vars.yaml $(KCONFIG_YAMLCFG) diff --git a/terraform/aws/output.tf b/terraform/aws/output.tf index cb8cab4afcdd..83a85a388055 100644 --- a/terraform/aws/output.tf +++ b/terraform/aws/output.tf @@ -1,30 +1,5 @@ # All generic output goes here -locals { - ssh_key_i = format( - " %s%s ", - var.ssh_config_pubkey_file != "" ? "-i " : "", - var.ssh_config_pubkey_file != "" ? replace(var.ssh_config_pubkey_file, ".pub", "") : "", - ) -} - -data "null_data_source" "group_hostnames_and_ips" { - count = local.kdevops_num_boxes - inputs = { - value = format( - "%30s : ssh %s@%s %s ", - element(var.kdevops_nodes, count.index), - var.ssh_config_user, - element(aws_eip.kdevops_eip.*.public_ip, count.index), - local.ssh_key_i, - ) - } -} - -output "login_using" { - value = data.null_data_source.group_hostnames_and_ips.*.outputs -} - # Each provider's output.tf needs to define a public_ip_map. This # map is used to build the Ansible controller's ssh configuration. # Each map entry contains the node's hostname and public IP address. diff --git a/terraform/aws/update_ssh_config.tf b/terraform/aws/update_ssh_config.tf deleted file mode 120000 index 03cd77a65841..000000000000 --- a/terraform/aws/update_ssh_config.tf +++ /dev/null @@ -1 +0,0 @@ -../update_ssh_config.tf \ No newline at end of file diff --git a/terraform/azure/update_ssh_config.tf b/terraform/azure/update_ssh_config.tf deleted file mode 120000 index 03cd77a65841..000000000000 --- a/terraform/azure/update_ssh_config.tf +++ /dev/null @@ -1 +0,0 @@ -../update_ssh_config.tf \ No newline at end of file diff --git a/terraform/gce/update_ssh_config.tf b/terraform/gce/update_ssh_config.tf deleted file mode 120000 index 03cd77a65841..000000000000 --- a/terraform/gce/update_ssh_config.tf +++ /dev/null @@ -1 +0,0 @@ -../update_ssh_config.tf \ No newline at end of file diff --git a/terraform/oci/update_ssh_config.tf b/terraform/oci/update_ssh_config.tf deleted file mode 120000 index 03cd77a65841..000000000000 --- a/terraform/oci/update_ssh_config.tf +++ /dev/null @@ -1 +0,0 @@ -../update_ssh_config.tf \ No newline at end of file diff --git a/terraform/openstack/update_ssh_config.tf b/terraform/openstack/update_ssh_config.tf deleted file mode 120000 index 03cd77a65841..000000000000 --- a/terraform/openstack/update_ssh_config.tf +++ /dev/null @@ -1 +0,0 @@ -../update_ssh_config.tf \ No newline at end of file diff --git a/terraform/update_ssh_config.tf b/terraform/update_ssh_config.tf deleted file mode 100644 index 03f0cbed424a..000000000000 --- a/terraform/update_ssh_config.tf +++ /dev/null @@ -1,17 +0,0 @@ -module "ssh_config_update_host_entries" { - source = "linux-kdevops/add-host-ssh-config/kdevops" - version = "3.0.0" - - ssh_config = var.ssh_config - update_ssh_config_enable = var.ssh_config_update - cmd = "update" - shorthosts = join(",", slice(local.shorthosts, 0, local.kdevops_num_boxes)) - hostnames = join(",", slice(local.ipv4s, 0, local.kdevops_num_boxes)) - ports = "22" - user = var.ssh_config_user == "" ? "" : var.ssh_config_user - id = replace(var.ssh_config_pubkey_file, ".pub", "") - strict = var.ssh_config_use_strict_settings ? "true" : "" - use_backup = !var.ssh_config_backup || var.ssh_config == "/dev/null" ? "" : "true" - backup_postfix = "kdevops" - kexalgorithms = var.ssh_config_kexalgorithms == "" ? "" : var.ssh_config_kexalgorithms -}