From aa9bfe1f95950983d454071d1385f0f58a64e139 Mon Sep 17 00:00:00 2001
From: Neil Hanlon <neil@rockylinux.org>
Date: Wed, 5 Jan 2022 16:57:06 -0500
Subject: [PATCH] Rework config  and add ssh

---
 .gitignore                                    |  1 +
 .../playbooks/files/buffer/infra-id_rsa.pub   |  2 +-
 .../playbooks/files/openstack_user_config.yml | 24 +++++++++++------
 ansible/playbooks/files/user_galera.yml       |  4 +++
 ansible/playbooks/init-nodes.retry            |  1 -
 ansible/playbooks/init-nodes.yml              | 27 ++++++++++++++++++-
 ansible/playbooks/role-infra-host.yml         |  9 ++++---
 7 files changed, 53 insertions(+), 15 deletions(-)
 create mode 100644 ansible/playbooks/files/user_galera.yml
 delete mode 100644 ansible/playbooks/init-nodes.retry

diff --git a/.gitignore b/.gitignore
index 5917e11..c4df9cd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ id_ed25519
 .terraform/
 .envrc
 *.retry
+ansible/*.retry
diff --git a/ansible/playbooks/files/buffer/infra-id_rsa.pub b/ansible/playbooks/files/buffer/infra-id_rsa.pub
index 77d34b7..5573410 100644
--- a/ansible/playbooks/files/buffer/infra-id_rsa.pub
+++ b/ansible/playbooks/files/buffer/infra-id_rsa.pub
@@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD1SYGS4jZOSofKLEuQUiaEcqrr4RTiXm43CvlGVWynqKJ+iUgpfutenu8hrhozZZCKhqJS1Z48RielPzIhRfcCBrcr7a2VeIKAaMnYQiAvu7DDbAXuGwQqhvqnn5F/3VQwGTvJXMqxhe+YQYL+sCihlMcx7baxudJGDkATXFCl3m+vekKhdIkIBv5i5+Dd9P8sUK+c9KFY8IbMNbHIY5CpNcPvtuP12YdBmCn2unPKm7H0aPKqe27OXqTen8ts9MgeVvq+soDOAGH/PD2Ud38O1WzhWlmnhPzP8VXgdz9/zVCOVUZcVzFQkMop+bc0qqPhUaOWIxehV4QQ+mo9y0XIiSOEbq41QFapCRQBHsl5ctp6wvCXmSJ3GVml1L86G+TI+IPyNeVdXQE+9dkeoNqBB8jDFw5xT6boCoIXLCbjsgHIA6Iq//uvGhQiQcH/OJABYm+8LujE3k6Ksu/W9Jad1xs9owNosFyh871ukfgQl7yr681BK/hHWKwgdH/K8Wcuwm0fbuYBJJufLB4dA4trJsnDySxm+tGYbU+HOiGnGkwImKUqIRZ++FBsX8cNvZ5mH4GaGtUOl5WzCgyXClZ5xXtx5swNN2Eeuhlit7jdIwwJc2IAklaA4zJ1rkNoD5l/4tIvpCsyuCLafxSJAQc5vcqrYQOgXfXdiAhhLTqQ/w== ansible-generated on ala-infra1
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDa6BBBJMxOg4ekglpwq/BMe1nZrvCrFs4rh7jCDqXxbpzjwnZuaddLKAcgHrtCAb5LgHrWmglZfwR0PuhMTx0wu59U6FsRTUizX0AQO6zDNAxbrYJ3B8E/vHpvZ9WreejPmRQePuQrICvfAVtJwAK4ZKL+/Y5ZmSIy/7bLvGdyDBRpZdiRKA7nYUHpfmalXWggYESZoryu8BXqVTkmSxMrGGJwtY0qmo/3tXoa2XuIN4TNkJ62+M1HoZhjVdhlzTYZ0VRFm/MFM5HVAlzwcDC1+t7YoNctAPzELijKj8EWhnbUWqCDkFBQ6Ks4q2pb3qNpswhRldk615dOWALqFIGbjdTOaqATIPF6t7mgOSavcQJZMWmnocn3OVAdrAm4xHxhF2RQOmmSWk9a0hPYgiVlZDomjIHxNokjxDAevm0v/vamu0edMjaWAWRCXvtgkyXs6SaDM1nRdssmTlJ99MkiM7VSor68LN7nn6wDj5cpqPeLdiNXFSFz+YXbi7E63UU6BHEoXOs1TZrlu1T06b7WW+eTXuvkfBgGGj2K6Cc5PvWWD+MBuXIzavjXoPXK1e0+pgelIvvByeq/BQJ9to8BVdX49v3lnehfVIWBjSQFeDevjJcDUakVpPaeTT/GoUsy/Xaz8WVrzrbA/Q0q9XWsAdkWjiyyzq7dncTA0AoHqw== ansible-generated on ala-infra1
diff --git a/ansible/playbooks/files/openstack_user_config.yml b/ansible/playbooks/files/openstack_user_config.yml
index e87e29d..583c4e8 100644
--- a/ansible/playbooks/files/openstack_user_config.yml
+++ b/ansible/playbooks/files/openstack_user_config.yml
@@ -66,16 +66,24 @@ x-compute-hosts: &x-compute-hosts
   compute1:
     ip: 172.29.220.6
 x-storage-hosts: &x-storage-hosts
-  infra1:
+  storage1:
     ip: 172.29.220.7
     container_vars:
       cinder_backends:
         limit_container_types: cinder_volume
-        lvm:
-          volume_group: cinder-volumes
-          volume_driver: cinder.volume.drivers.lvm.LVMVolumeDriver
-          volume_backend_name: LVM_iSCSI
-          iscsi_ip_address: "172.29.228.7"
+        nfs_volume:
+          volume_backend_name: NFS_VOLUME1
+          volume_driver: cinder.volume.drivers.nfs.NfsDriver
+          nfs_mount_options: "rsize=65535,wsize=65535,timeo=1200,actimeo=120"
+          nfs_shares_config: /etc/cinder/nfs_shares
+          shares:
+            - ip: "172.29.228.7"
+              share: "/vol/cinder"
+              #lvm:
+              #    volume_group: cinder-volumes
+              #    volume_driver: cinder.volume.drivers.lvm.LVMVolumeDriver
+              #    volume_backend_name: LVM_iSCSI
+              #    iscsi_ip_address: "172.29.228.7"
 
 ##
 ## Infrastructure
@@ -107,8 +115,8 @@ network_hosts:
   <<: *x-infra-hosts
 compute_hosts:
   <<: *x-compute-hosts
-#storage_hosts:
-#  <<: *x-storage-hosts
+storage_hosts:
+  <<: *x-storage-hosts
 
 ###
 ### Infrastructure
diff --git a/ansible/playbooks/files/user_galera.yml b/ansible/playbooks/files/user_galera.yml
new file mode 100644
index 0000000..f77eb09
--- /dev/null
+++ b/ansible/playbooks/files/user_galera.yml
@@ -0,0 +1,4 @@
+---
+# Set max connections to 500 to support running all services
+#
+galera_max_connections: 500
diff --git a/ansible/playbooks/init-nodes.retry b/ansible/playbooks/init-nodes.retry
deleted file mode 100644
index 752fb32..0000000
--- a/ansible/playbooks/init-nodes.retry
+++ /dev/null
@@ -1 +0,0 @@
-infra1
diff --git a/ansible/playbooks/init-nodes.yml b/ansible/playbooks/init-nodes.yml
index 8427759..7875b81 100644
--- a/ansible/playbooks/init-nodes.yml
+++ b/ansible/playbooks/init-nodes.yml
@@ -36,7 +36,7 @@
     - name: Set SELinux to permissive
       ansible.posix.selinux:
         policy: targeted
-        state: permissive
+        state: disabled
       tags: services
 
     - name: Ensure packages are upgraded
@@ -45,6 +45,31 @@
         state: latest
       tags: packages
 
+    - name: Generate SSH key
+      block:
+        - name: Create ssh key for root
+          ansible.builtin.user:
+            name: root
+            generate_ssh_key: yes
+            ssh_key_bits: 4096
+            ssh_key_file: .ssh/id_rsa
+          register: sshkey_register
+          tags: sshkey
+
+        - name: fetch_keys
+          tags: sshkey
+          fetch:
+            src: "~/.ssh/id_rsa.pub"
+            dest: "files/buffer/infra-id_rsa.pub"
+            flat: yes
+          when: sshkey_register.ssh_public_key != ""
+          register: sshkey_fetch
+
+      when: tag.find("infra") != -1
+      tags:
+        - infra
+        - sshkey
+
     - name: Disable SSH Agent Forwarding
       lineinfile:
         dest: /etc/ssh/sshd_config
diff --git a/ansible/playbooks/role-infra-host.yml b/ansible/playbooks/role-infra-host.yml
index 01004e3..b4f4722 100644
--- a/ansible/playbooks/role-infra-host.yml
+++ b/ansible/playbooks/role-infra-host.yml
@@ -47,8 +47,8 @@
         - name: Copy template to etc
           ansible.builtin.copy:
             remote_src: yes
-            src: /opt/openstack-ansible/etc/openstack_deploy
-            dest: /etc/
+            src: /opt/openstack-ansible/etc/openstack_deploy/
+            dest: /etc/openstack_deploy/
             directory_mode: yes
 
         - name: Copy our openstack configs
@@ -59,6 +59,7 @@
           with_items:
             - openstack_user_config
             - user_lxc
+            - user_galera
 
         - name: Create secrets
           become: true
@@ -73,10 +74,10 @@
       tags: syntax
       become: true
       ansible.builtin.shell:
-        cmd: openstack-ansible --syntax-check ${item}.yml
+        cmd: "openstack-ansible --syntax-check setup-{{ item }}.yml"
       args:
         chdir: /opt/openstack-ansible/playbooks/
-      with_items:
+      loop:
         - hosts
         - infrastructure
         - openstack