From b13c4af8af2126540b9beda1a03b5c88f43c44b9 Mon Sep 17 00:00:00 2001 From: David Galloway Date: Tue, 2 Oct 2018 14:42:51 -0400 Subject: [PATCH] testnode: Add support for OpenSUSE Leap 15.0 Some notes: - Setting hostname with ansible fails. It's a known issue. Bug is in the yaml. teuthology sets the hostname after FOG provisioning anyway so NBD. - Leap mounts all of the root subdirs as separate mountpoints so the `zap` tasks had to be modified to not wipe those out - The sshd config is named `sshd_config_opensuse_leap_NA` because the task that installs the SSHD config uses {{ ansible_distribution_major_version }} which isn't set to 15.0 in Leap apparently. Signed-off-by: David Galloway --- roles/testnode/tasks/set_hostname.yml | 2 + roles/testnode/tasks/zap_disks.yml | 12 ++- roles/testnode/tasks/zypper/packages.yml | 10 +- .../ssh/sshd_config_opensuse_leap_NA | 91 +++++++++++++++++++ roles/testnode/vars/opensuse_leap_15.0.yml | 75 +++++++++++++++ roles/testnode/vars/zypper_systems.yml | 2 +- 6 files changed, 185 insertions(+), 7 deletions(-) create mode 100644 roles/testnode/templates/ssh/sshd_config_opensuse_leap_NA create mode 100644 roles/testnode/vars/opensuse_leap_15.0.yml diff --git a/roles/testnode/tasks/set_hostname.yml b/roles/testnode/tasks/set_hostname.yml index 8c51e56..8387d22 100644 --- a/roles/testnode/tasks/set_hostname.yml +++ b/roles/testnode/tasks/set_hostname.yml @@ -6,3 +6,5 @@ - name: "Set the system's hostname" hostname: name: "{{ hostname }}" + # https://github.com/ansible/ansible/issues/42726 + when: ansible_os_family != "Suse" diff --git a/roles/testnode/tasks/zap_disks.yml b/roles/testnode/tasks/zap_disks.yml index 9826161..924fc2d 100644 --- a/roles/testnode/tasks/zap_disks.yml +++ b/roles/testnode/tasks/zap_disks.yml @@ -37,7 +37,17 @@ path: "{{ item.mount }}" state: unmounted with_items: "{{ ansible_mounts }}" - when: item.mount != '/' + when: + - item.mount != '/' and + item.mount != '/var' and + item.mount != '/tmp' and + item.mount != '/root' and + item.mount != '/home' and + '"/boot" not in item.mount' and + item.mount != '/.snapshots' and + item.mount != '/usr/local' and + item.mount != '/srv' and + item.mount != '/opt' ## http://tracker.ceph.com/issues/20533 ## Trusty version of wipefs lacks --force option diff --git a/roles/testnode/tasks/zypper/packages.yml b/roles/testnode/tasks/zypper/packages.yml index 81c2479..b4fb835 100644 --- a/roles/testnode/tasks/zypper/packages.yml +++ b/roles/testnode/tasks/zypper/packages.yml @@ -3,7 +3,7 @@ zypper: name: "{{ item }}" state: absent - with_items: ceph_packages_to_remove + with_items: "{{ ceph_packages_to_remove }}" tags: - remove-ceph @@ -11,7 +11,7 @@ zypper: name: "{{ item }}" state: absent - with_items: ceph_dependency_packages_to_remove + with_items: "{{ ceph_dependency_packages_to_remove }}" tags: - remove-ceph-dependency @@ -19,19 +19,19 @@ zypper: name: "{{ item }}" state: absent - with_items: packages_to_remove + with_items: "{{ packages_to_remove }}" when: packages_to_remove|length > 0 - name: Install packages zypper: name: "{{ item }}" state: present - with_items: packages + with_items: "{{ packages }}" when: packages|length > 0 - name: Upgrade packages zypper: name: "{{ item }}" state: latest - with_items: packages_to_upgrade + with_items: "{{ packages_to_upgrade }}" when: packages_to_upgrade|length > 0 diff --git a/roles/testnode/templates/ssh/sshd_config_opensuse_leap_NA b/roles/testnode/templates/ssh/sshd_config_opensuse_leap_NA new file mode 100644 index 0000000..6e48757 --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_opensuse_leap_NA @@ -0,0 +1,91 @@ +# {{ ansible_managed }} +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 1024 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin without-password +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +#PasswordAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +MaxSessions 1000 diff --git a/roles/testnode/vars/opensuse_leap_15.0.yml b/roles/testnode/vars/opensuse_leap_15.0.yml new file mode 100644 index 0000000..61fb1af --- /dev/null +++ b/roles/testnode/vars/opensuse_leap_15.0.yml @@ -0,0 +1,75 @@ +--- +# vars specific to OpenSuse Leap 15.0 +packages_to_remove: + - gettext-runtime-mini + +packages: + - lsb-release + - sysstat + - gdb + - make + - git + - python-configobj + # for running ceph + - libedit0 +# - libboost_thread1_54_0 + - libboost_thread1_66_0 + - xfsprogs + - gptfdisk + - parted + - libgcrypt20 + - fuse + - fuse-devel + - libfuse2 + ### + # for ceph-deploy + - python-virtualenv + ### + - openssl + - libuuid1 + - btrfsprogs + # used by workunits + - attr + - valgrind + - python-nose + - ant +# - iozone + ### + # used by the xfstests tasks + - libtool + - automake + - gettext-runtime + - libuuid-devel + - libacl-devel + - bc + - xfsdump + - xfsprogs-devel + ### + # for blktrace and seekwatcher + - blktrace + - python-numpy + - python-matplotlib + ### + # for qemu + - qemu-kvm + - usbredir +# - genisoimage + ### + # for apache and rgw + - apache2 + - apache2-devel + - apache2-utils +# - apache2-mod_fastcgi + ### + - libevent-devel + # for pretty-printing xml + - perl-XML-Twig + # for java bindings, hadoop, etc. + - java-1_8_0-openjdk-devel + - junit + # for disk/etc monitoring + - smartmontools + # for nfs + - nfs-kernel-server + # for xfstests + - ncurses-devel diff --git a/roles/testnode/vars/zypper_systems.yml b/roles/testnode/vars/zypper_systems.yml index e6652a6..e849cff 100644 --- a/roles/testnode/vars/zypper_systems.yml +++ b/roles/testnode/vars/zypper_systems.yml @@ -1,5 +1,5 @@ --- -ntp_service_name: ntpd +ntp_service_name: chronyd ssh_service_name: sshd nrpe_service_name: nrpe nrpe_user: nrpe -- 2.39.5