* [PATCH V2 1/3] Set kdevops_terraform_ssh_config_privkey_file unconditionally @ 2025-05-05 9:07 Chandan Babu R 2025-05-05 9:07 ` [PATCH V2 2/3] Remove kdevops_terraform_ssh_config_genkey_overwrite Chandan Babu R 2025-05-05 9:07 ` [PATCH V2 3/3] Allow private IP address to be assigned to instances created on OCI Chandan Babu R 0 siblings, 2 replies; 4+ messages in thread From: Chandan Babu R @ 2025-05-05 9:07 UTC (permalink / raw) To: kdevops; +Cc: Chandan Babu R, chuck.lever kdevops_terraform_ssh_config_privkey_file is not set on control systems which use pre-existing ssh keys. Hence, adding entries of provisioned cloud instances to the ephemeral ssh config file fails on such systems. Fix this by setting kdevops_terraform_ssh_config_privkey_file unconditionally. Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Chandan Babu R <chandanbabu@kernel.org> --- scripts/terraform.Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/terraform.Makefile b/scripts/terraform.Makefile index 91469469..b6b26e69 100644 --- a/scripts/terraform.Makefile +++ b/scripts/terraform.Makefile @@ -85,10 +85,10 @@ endif # CONFIG_KDEVOPS_SSH_CONFIG_UPDATE export KDEVOPS_SSH_PUBKEY:=$(shell realpath $(subst ",,$(CONFIG_TERRAFORM_SSH_CONFIG_PUBKEY_FILE))) TERRAFORM_EXTRA_VARS += kdevops_terraform_ssh_config_pubkey_file='$(KDEVOPS_SSH_PUBKEY)' TERRAFORM_EXTRA_VARS += kdevops_terraform_ssh_config_user='$(SSH_CONFIG_USER)' +TERRAFORM_EXTRA_VARS += kdevops_terraform_ssh_config_privkey_file='$(basename $(KDEVOPS_SSH_PUBKEY))' ifeq (y,$(CONFIG_TERRAFORM_SSH_CONFIG_GENKEY)) export KDEVOPS_SSH_PRIVKEY:=$(basename $(KDEVOPS_SSH_PUBKEY)) -TERRAFORM_EXTRA_VARS += kdevops_terraform_ssh_config_privkey_file='$(KDEVOPS_SSH_PRIVKEY)' ifeq (y,$(CONFIG_TERRAFORM_SSH_CONFIG_GENKEY_OVERWRITE)) DEFAULT_DEPS += remove-ssh-key -- 2.45.2 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH V2 2/3] Remove kdevops_terraform_ssh_config_genkey_overwrite 2025-05-05 9:07 [PATCH V2 1/3] Set kdevops_terraform_ssh_config_privkey_file unconditionally Chandan Babu R @ 2025-05-05 9:07 ` Chandan Babu R 2025-05-05 9:07 ` [PATCH V2 3/3] Allow private IP address to be assigned to instances created on OCI Chandan Babu R 1 sibling, 0 replies; 4+ messages in thread From: Chandan Babu R @ 2025-05-05 9:07 UTC (permalink / raw) To: kdevops; +Cc: Chandan Babu R, chuck.lever Adding entries to the ephemeral ssh config file on control systems is being done only when kdevops_terraform_ssh_config_genkey_overwrite evaluates to true. This is incorrect because we need to allow Kdevops to be used with pre-existing ssh keys. Hence remove the conditions in playbooks/roles/terraform/defaults/main.yml which check the value of kdevops_terraform_ssh_config_genkey_overwrite. Also, the value of kdevops_terraform_ssh_config_genkey_overwrite is not checked in any other file. Hence this commit removes the remaining instances of this variable. Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Chandan Babu R <chandanbabu@kernel.org> --- playbooks/roles/terraform/defaults/main.yml | 1 - playbooks/roles/terraform/tasks/main.yml | 8 -------- scripts/terraform.Makefile | 1 - 3 files changed, 10 deletions(-) diff --git a/playbooks/roles/terraform/defaults/main.yml b/playbooks/roles/terraform/defaults/main.yml index f3ef9b18..33bd00e6 100644 --- a/playbooks/roles/terraform/defaults/main.yml +++ b/playbooks/roles/terraform/defaults/main.yml @@ -1,3 +1,2 @@ --- ssh_config_kexalgorithms: "" -kdevops_terraform_ssh_config_genkey_overwrite: false diff --git a/playbooks/roles/terraform/tasks/main.yml b/playbooks/roles/terraform/tasks/main.yml index 272ebf93..d04dc997 100644 --- a/playbooks/roles/terraform/tasks/main.yml +++ b/playbooks/roles/terraform/tasks/main.yml @@ -15,8 +15,6 @@ cmd: "terraform output -json public_ip_map" register: terraform_output changed_when: false - when: - - kdevops_terraform_ssh_config_genkey_overwrite|bool tags: - ssh @@ -25,8 +23,6 @@ run_once: true ansible.builtin.set_fact: public_ip_map: "{{ terraform_output.stdout | from_json }}" - when: - - kdevops_terraform_ssh_config_genkey_overwrite|bool tags: - ssh @@ -40,8 +36,6 @@ insertafter: "EOF" marker: "# {mark} host configuration for {{ inventory_hostname }}" mode: "u=rw,g=r,o=r" - when: - - kdevops_terraform_ssh_config_genkey_overwrite|bool tags: - ssh @@ -55,8 +49,6 @@ marker: "# {mark} Managed by kdevops" mode: "u=rw,g=r,o=r" block: "Include {{ kdevops_ssh_config_prefix }}*" - when: - - kdevops_terraform_ssh_config_genkey_overwrite|bool tags: - ssh diff --git a/scripts/terraform.Makefile b/scripts/terraform.Makefile index b6b26e69..865c84c3 100644 --- a/scripts/terraform.Makefile +++ b/scripts/terraform.Makefile @@ -92,7 +92,6 @@ export KDEVOPS_SSH_PRIVKEY:=$(basename $(KDEVOPS_SSH_PUBKEY)) ifeq (y,$(CONFIG_TERRAFORM_SSH_CONFIG_GENKEY_OVERWRITE)) DEFAULT_DEPS += remove-ssh-key -TERRAFORM_EXTRA_VARS += kdevops_terraform_ssh_config_genkey_overwrite='True' endif DEFAULT_DEPS += $(KDEVOPS_SSH_PRIVKEY) -- 2.45.2 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH V2 3/3] Allow private IP address to be assigned to instances created on OCI 2025-05-05 9:07 [PATCH V2 1/3] Set kdevops_terraform_ssh_config_privkey_file unconditionally Chandan Babu R 2025-05-05 9:07 ` [PATCH V2 2/3] Remove kdevops_terraform_ssh_config_genkey_overwrite Chandan Babu R @ 2025-05-05 9:07 ` Chandan Babu R 2025-05-05 12:52 ` Chuck Lever 1 sibling, 1 reply; 4+ messages in thread From: Chandan Babu R @ 2025-05-05 9:07 UTC (permalink / raw) To: kdevops; +Cc: Chandan Babu R, chuck.lever The OCI tenancy available to kernel developers from Oracle allows only private IP addresses to be assigned to compute instances. Hence this commit brings back the ability to work with OCI instances having private IP addresses. The variable "public_ip_map" defined in terraform/*/output.tf files has also been renamed to "controller_ip_map" in order to abstract away the type of the IP address being used. Signed-off-by: Chandan Babu R <chandanbabu@kernel.org> --- Changelog: V1 -> V2: 1. Rename ansible_ip_map to controller_ip_map. 2. Update documentation of controller_ip_map variable. playbooks/roles/terraform/tasks/main.yml | 8 ++++---- playbooks/roles/terraform/templates/ssh_config.j2 | 4 ++-- scripts/status_terraform.sh | 2 +- terraform/aws/output.tf | 9 +++++---- terraform/azure/output.tf | 9 +++++---- terraform/gce/output.tf | 9 +++++---- terraform/oci/output.tf | 14 +++++++++----- terraform/openstack/output.tf | 9 +++++---- 8 files changed, 36 insertions(+), 28 deletions(-) diff --git a/playbooks/roles/terraform/tasks/main.yml b/playbooks/roles/terraform/tasks/main.yml index d04dc997..419831e8 100644 --- a/playbooks/roles/terraform/tasks/main.yml +++ b/playbooks/roles/terraform/tasks/main.yml @@ -7,22 +7,22 @@ tags: - bringup -- name: Retrieve the public_ip_map from terraform +- name: Retrieve the controller_ip_map from terraform delegate_to: localhost run_once: true ansible.builtin.command: chdir: "{{ topdir_path }}/terraform/{{ kdevops_terraform_provider }}" - cmd: "terraform output -json public_ip_map" + cmd: "terraform output -json controller_ip_map" register: terraform_output changed_when: false tags: - ssh -- name: Convert the retrieved public_ip_map into a dictionary +- name: Convert the retrieved controller_ip_map into a dictionary delegate_to: localhost run_once: true ansible.builtin.set_fact: - public_ip_map: "{{ terraform_output.stdout | from_json }}" + controller_ip_map: "{{ terraform_output.stdout | from_json }}" tags: - ssh diff --git a/playbooks/roles/terraform/templates/ssh_config.j2 b/playbooks/roles/terraform/templates/ssh_config.j2 index d9b057b1..3f6d6191 100644 --- a/playbooks/roles/terraform/templates/ssh_config.j2 +++ b/playbooks/roles/terraform/templates/ssh_config.j2 @@ -1,5 +1,5 @@ -Host {{ inventory_hostname }} {{ public_ip_map[inventory_hostname] }} - HostName {{ public_ip_map[inventory_hostname] }} +Host {{ inventory_hostname }} {{ controller_ip_map[inventory_hostname] }} + HostName {{ controller_ip_map[inventory_hostname] }} User {{ kdevops_terraform_ssh_config_user }} Port 22 IdentityFile {{ kdevops_terraform_ssh_config_privkey_file }} diff --git a/scripts/status_terraform.sh b/scripts/status_terraform.sh index dc82d79e..9b016498 100755 --- a/scripts/status_terraform.sh +++ b/scripts/status_terraform.sh @@ -13,5 +13,5 @@ if [[ ${COUNT} -eq 1 ]]; then else echo "There are ${COUNT} active terraform resources on '$1'." fi -terraform output public_ip_map +terraform output controller_ip_map exit 0 diff --git a/terraform/aws/output.tf b/terraform/aws/output.tf index ab18bc55..b4150268 100644 --- a/terraform/aws/output.tf +++ b/terraform/aws/output.tf @@ -1,10 +1,11 @@ # All generic output goes here -# Each provider's output.tf needs to define a public_ip_map. This +# Each provider's output.tf needs to define a controller_ip_map. This # map is used to build the Ansible controller's ssh configuration. -# Each map entry contains the node's hostname and public IP address. -output "public_ip_map" { - description = "The public IP addresses assigned to each instance" +# Each map entry contains the node's hostname and public/private IP +# address. +output "controller_ip_map" { + description = "The IP addresses assigned to each instance" value = zipmap(var.kdevops_nodes[*], aws_eip.kdevops_eip[*].public_ip) } diff --git a/terraform/azure/output.tf b/terraform/azure/output.tf index 38104c90..a654717b 100644 --- a/terraform/azure/output.tf +++ b/terraform/azure/output.tf @@ -1,7 +1,8 @@ -# Each provider's output.tf needs to define a public_ip_map. This +# Each provider's output.tf needs to define a controller_ip_map. This # map is used to build the Ansible controller's ssh configuration. -# Each map entry contains the node's hostname and public IP address. -output "public_ip_map" { - description = "The public IP addresses assigned to each instance" +# Each map entry contains the node's hostname and public/private IP +# address. +output "controller_ip_map" { + description = "The IP addresses assigned to each instance" value = zipmap(var.kdevops_nodes[*], azurerm_public_ip.kdevops_publicip[*].ip_address) } diff --git a/terraform/gce/output.tf b/terraform/gce/output.tf index 15889cc4..358f1b15 100644 --- a/terraform/gce/output.tf +++ b/terraform/gce/output.tf @@ -1,10 +1,11 @@ # All generic output goes here -# Each provider's output.tf needs to define a public_ip_map. This +# Each provider's output.tf needs to define a controller_ip_map. This # map is used to build the Ansible controller's ssh configuration. -# Each map entry contains the node's hostname and public IP address. -output "public_ip_map" { - description = "The public IP addresses assigned to each instance" +# Each map entry contains the node's hostname and public/private IP +# address. +output "controller_ip_map" { + description = "The IP addresses assigned to each instance" value = zipmap(var.kdevops_nodes[*], google_compute_instance.kdevops_instance[*].network_interface[0].access_config[0].nat_ip) } diff --git a/terraform/oci/output.tf b/terraform/oci/output.tf index 1657b804..e2dc6c4a 100644 --- a/terraform/oci/output.tf +++ b/terraform/oci/output.tf @@ -1,9 +1,13 @@ # All generic output goes here -# Each provider's output.tf needs to define a public_ip_map. This +# Each provider's output.tf needs to define a controller_ip_map. This # map is used to build the Ansible controller's ssh configuration. -# Each map entry contains the node's hostname and public IP address. -output "public_ip_map" { - description = "The public IP addresses assigned to each instance" - value = zipmap(var.kdevops_nodes[*], oci_core_instance.kdevops_instance.*.public_ip) +# Each map entry contains the node's hostname and public/private IP +# address. +output "controller_ip_map" { + description = "The IP addresses assigned to each instance" + value = zipmap(var.kdevops_nodes[*], + var.oci_assign_public_ip ? + oci_core_instance.kdevops_instance.*.public_ip : + oci_core_instance.kdevops_instance.*.private_ip) } diff --git a/terraform/openstack/output.tf b/terraform/openstack/output.tf index d5d3a6b1..1667521a 100644 --- a/terraform/openstack/output.tf +++ b/terraform/openstack/output.tf @@ -18,10 +18,11 @@ output "kdevops_hosts_and_ipv4" { value = data.null_data_source.group_hostnames_and_ips.*.outputs } -# Each provider's output.tf needs to define a public_ip_map. This +# Each provider's output.tf needs to define a controller_ip_map. This # map is used to build the Ansible controller's ssh configuration. -# Each map entry contains the node's hostname and public IP address. -output "public_ip_map" { - description = "The public IP addresses assigned to each instance" +# Each map entry contains the node's hostname and public/private IP +# address. +output "controller_ip_map" { + description = "The IP addresses assigned to each instance" value = zipmap(var.kdevops_nodes[*], openstack_compute_instance_v2.kdevops_instances[*].access_ip_v4) } -- 2.45.2 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH V2 3/3] Allow private IP address to be assigned to instances created on OCI 2025-05-05 9:07 ` [PATCH V2 3/3] Allow private IP address to be assigned to instances created on OCI Chandan Babu R @ 2025-05-05 12:52 ` Chuck Lever 0 siblings, 0 replies; 4+ messages in thread From: Chuck Lever @ 2025-05-05 12:52 UTC (permalink / raw) To: Chandan Babu R, kdevops On 5/5/25 5:07 AM, Chandan Babu R wrote: > The OCI tenancy available to kernel developers from Oracle allows only private > IP addresses to be assigned to compute instances. Hence this commit brings > back the ability to work with OCI instances having private IP addresses. > > The variable "public_ip_map" defined in terraform/*/output.tf files has also > been renamed to "controller_ip_map" in order to abstract away the type of the > IP address being used. > > Signed-off-by: Chandan Babu R <chandanbabu@kernel.org> > --- > Changelog: > V1 -> V2: > 1. Rename ansible_ip_map to controller_ip_map. > 2. Update documentation of controller_ip_map variable. > > playbooks/roles/terraform/tasks/main.yml | 8 ++++---- > playbooks/roles/terraform/templates/ssh_config.j2 | 4 ++-- > scripts/status_terraform.sh | 2 +- > terraform/aws/output.tf | 9 +++++---- > terraform/azure/output.tf | 9 +++++---- > terraform/gce/output.tf | 9 +++++---- > terraform/oci/output.tf | 14 +++++++++----- > terraform/openstack/output.tf | 9 +++++---- > 8 files changed, 36 insertions(+), 28 deletions(-) > > diff --git a/playbooks/roles/terraform/tasks/main.yml b/playbooks/roles/terraform/tasks/main.yml > index d04dc997..419831e8 100644 > --- a/playbooks/roles/terraform/tasks/main.yml > +++ b/playbooks/roles/terraform/tasks/main.yml > @@ -7,22 +7,22 @@ > tags: > - bringup > > -- name: Retrieve the public_ip_map from terraform > +- name: Retrieve the controller_ip_map from terraform > delegate_to: localhost > run_once: true > ansible.builtin.command: > chdir: "{{ topdir_path }}/terraform/{{ kdevops_terraform_provider }}" > - cmd: "terraform output -json public_ip_map" > + cmd: "terraform output -json controller_ip_map" > register: terraform_output > changed_when: false > tags: > - ssh > > -- name: Convert the retrieved public_ip_map into a dictionary > +- name: Convert the retrieved controller_ip_map into a dictionary > delegate_to: localhost > run_once: true > ansible.builtin.set_fact: > - public_ip_map: "{{ terraform_output.stdout | from_json }}" > + controller_ip_map: "{{ terraform_output.stdout | from_json }}" > tags: > - ssh > > diff --git a/playbooks/roles/terraform/templates/ssh_config.j2 b/playbooks/roles/terraform/templates/ssh_config.j2 > index d9b057b1..3f6d6191 100644 > --- a/playbooks/roles/terraform/templates/ssh_config.j2 > +++ b/playbooks/roles/terraform/templates/ssh_config.j2 > @@ -1,5 +1,5 @@ > -Host {{ inventory_hostname }} {{ public_ip_map[inventory_hostname] }} > - HostName {{ public_ip_map[inventory_hostname] }} > +Host {{ inventory_hostname }} {{ controller_ip_map[inventory_hostname] }} > + HostName {{ controller_ip_map[inventory_hostname] }} > User {{ kdevops_terraform_ssh_config_user }} > Port 22 > IdentityFile {{ kdevops_terraform_ssh_config_privkey_file }} > diff --git a/scripts/status_terraform.sh b/scripts/status_terraform.sh > index dc82d79e..9b016498 100755 > --- a/scripts/status_terraform.sh > +++ b/scripts/status_terraform.sh > @@ -13,5 +13,5 @@ if [[ ${COUNT} -eq 1 ]]; then > else > echo "There are ${COUNT} active terraform resources on '$1'." > fi > -terraform output public_ip_map > +terraform output controller_ip_map > exit 0 > diff --git a/terraform/aws/output.tf b/terraform/aws/output.tf > index ab18bc55..b4150268 100644 > --- a/terraform/aws/output.tf > +++ b/terraform/aws/output.tf > @@ -1,10 +1,11 @@ > # All generic output goes here > > -# Each provider's output.tf needs to define a public_ip_map. This > +# Each provider's output.tf needs to define a controller_ip_map. This > # map is used to build the Ansible controller's ssh configuration. > -# Each map entry contains the node's hostname and public IP address. > -output "public_ip_map" { > - description = "The public IP addresses assigned to each instance" > +# Each map entry contains the node's hostname and public/private IP > +# address. > +output "controller_ip_map" { > + description = "The IP addresses assigned to each instance" > value = zipmap(var.kdevops_nodes[*], aws_eip.kdevops_eip[*].public_ip) > } > > diff --git a/terraform/azure/output.tf b/terraform/azure/output.tf > index 38104c90..a654717b 100644 > --- a/terraform/azure/output.tf > +++ b/terraform/azure/output.tf > @@ -1,7 +1,8 @@ > -# Each provider's output.tf needs to define a public_ip_map. This > +# Each provider's output.tf needs to define a controller_ip_map. This > # map is used to build the Ansible controller's ssh configuration. > -# Each map entry contains the node's hostname and public IP address. > -output "public_ip_map" { > - description = "The public IP addresses assigned to each instance" > +# Each map entry contains the node's hostname and public/private IP > +# address. > +output "controller_ip_map" { > + description = "The IP addresses assigned to each instance" > value = zipmap(var.kdevops_nodes[*], azurerm_public_ip.kdevops_publicip[*].ip_address) > } > diff --git a/terraform/gce/output.tf b/terraform/gce/output.tf > index 15889cc4..358f1b15 100644 > --- a/terraform/gce/output.tf > +++ b/terraform/gce/output.tf > @@ -1,10 +1,11 @@ > # All generic output goes here > > -# Each provider's output.tf needs to define a public_ip_map. This > +# Each provider's output.tf needs to define a controller_ip_map. This > # map is used to build the Ansible controller's ssh configuration. > -# Each map entry contains the node's hostname and public IP address. > -output "public_ip_map" { > - description = "The public IP addresses assigned to each instance" > +# Each map entry contains the node's hostname and public/private IP > +# address. > +output "controller_ip_map" { > + description = "The IP addresses assigned to each instance" > value = zipmap(var.kdevops_nodes[*], > google_compute_instance.kdevops_instance[*].network_interface[0].access_config[0].nat_ip) > } > diff --git a/terraform/oci/output.tf b/terraform/oci/output.tf > index 1657b804..e2dc6c4a 100644 > --- a/terraform/oci/output.tf > +++ b/terraform/oci/output.tf > @@ -1,9 +1,13 @@ > # All generic output goes here > > -# Each provider's output.tf needs to define a public_ip_map. This > +# Each provider's output.tf needs to define a controller_ip_map. This > # map is used to build the Ansible controller's ssh configuration. > -# Each map entry contains the node's hostname and public IP address. > -output "public_ip_map" { > - description = "The public IP addresses assigned to each instance" > - value = zipmap(var.kdevops_nodes[*], oci_core_instance.kdevops_instance.*.public_ip) > +# Each map entry contains the node's hostname and public/private IP > +# address. > +output "controller_ip_map" { > + description = "The IP addresses assigned to each instance" > + value = zipmap(var.kdevops_nodes[*], > + var.oci_assign_public_ip ? > + oci_core_instance.kdevops_instance.*.public_ip : > + oci_core_instance.kdevops_instance.*.private_ip) > } > diff --git a/terraform/openstack/output.tf b/terraform/openstack/output.tf > index d5d3a6b1..1667521a 100644 > --- a/terraform/openstack/output.tf > +++ b/terraform/openstack/output.tf > @@ -18,10 +18,11 @@ output "kdevops_hosts_and_ipv4" { > value = data.null_data_source.group_hostnames_and_ips.*.outputs > } > > -# Each provider's output.tf needs to define a public_ip_map. This > +# Each provider's output.tf needs to define a controller_ip_map. This > # map is used to build the Ansible controller's ssh configuration. > -# Each map entry contains the node's hostname and public IP address. > -output "public_ip_map" { > - description = "The public IP addresses assigned to each instance" > +# Each map entry contains the node's hostname and public/private IP > +# address. > +output "controller_ip_map" { > + description = "The IP addresses assigned to each instance" > value = zipmap(var.kdevops_nodes[*], openstack_compute_instance_v2.kdevops_instances[*].access_ip_v4) > } Reviewed-by: Chuck Lever <chuck.lever@oracle.com> -- Chuck Lever ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-05-05 12:53 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-05-05 9:07 [PATCH V2 1/3] Set kdevops_terraform_ssh_config_privkey_file unconditionally Chandan Babu R 2025-05-05 9:07 ` [PATCH V2 2/3] Remove kdevops_terraform_ssh_config_genkey_overwrite Chandan Babu R 2025-05-05 9:07 ` [PATCH V2 3/3] Allow private IP address to be assigned to instances created on OCI Chandan Babu R 2025-05-05 12:52 ` Chuck Lever
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox