Merge pull request stackhpc#18 from stackhpc/group-resources-wip

oneswig · web-flow · commit b74145adcf61 · 2019-01-14T21:31:48.000Z
Group resources wip
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -46,6 +46,48 @@
   when: cluster_venv != None
 
 - block:
+    - name: Extract node objects
+      set_fact:
+        cluster_nodes: "{{ cluster_group.output_value | sum(attribute='nodes', start=[]) }}"
+
+    - name: Prepare access via intermediate gateway
+      block:
+
+        - name: Extract gateway host username and ip
+          set_fact:
+            cluster_gw_user: "{{ cluster_params.cluster_groups | selectattr('name', 'equalto', cluster_gw_group) | map(attribute='user') | join }}"
+            cluster_gw_ip: "{{ (cluster_group.output_value | selectattr('group', 'equalto', cluster_gw_group) | first).nodes | map(attribute='ip') | first }}"
+
+        - name: Add gateway to dynamic inventory
+          add_host:
+            hostname: "{{ cluster_gw_ip }}"
+            ansible_host: "{{ cluster_gw_ip }}"
+            ansible_user: "{{ cluster_gw_user }}"
+
+        - name: Wait for direct SSH access to the designated gateway
+          wait_for:
+            host: "{{ cluster_gw_ip }}"
+            port: 22
+            state: started
+            timeout: "{{ cluster_ssh_timeout }}"
+
+        - name: Scan for SSH keys
+          command: ssh-keyscan {{ cluster_gw_ip }}
+          register: keyscan_cluster_gw
+          changed_when: False
+
+        - name: Ensure gateway is in SSH known hosts
+          blockinfile:
+            block: |
+              {% for key in keyscan_cluster_gw.stdout_lines %}
+              {{ key }}
+              {% endfor %}
+            create: true
+            marker: "# P3-APPLIANCES MANAGED BLOCK FOR {{ cluster_name }}"
+            path: "~/.ssh/known_hosts"
+
+      when: cluster_gw_group is defined
+
     - name: Ensure cluster inventory directory exists
       file:
         path: "{{ cluster_inventory | dirname }}"
@@ -56,17 +98,14 @@
         src: cluster_inventory.j2
         dest: "{{ cluster_inventory }}"
 
-    - name: Extract node objects
-      set_fact:
-        cluster_nodes: "{{ cluster_group.output_value | map(attribute='nodes') | list }}" 
-
     - name: Wait for SSH access to the nodes
-      local_action:
-        module: wait_for
+      wait_for:
         host: "{{ item.ip }}"
         port: 22
         state: started
         timeout: "{{ cluster_ssh_timeout }}"
-      with_flattened:
+      with_items:
         - "{{ cluster_nodes }}"
+      delegate_to: "{{ cluster_gw_ip | default('localhost') }}"
+
   when: cluster_state != 'absent'
diff --git a/templates/cluster_inventory.j2 b/templates/cluster_inventory.j2
@@ -16,9 +16,17 @@ cluster
 {% for group_data in cluster_group.output_value %}
 [{{ cluster_name }}_{{ group_data.group }}]
 {% for node_data in group_data.nodes %}
-{{ node_data.name }} ansible_host={{ node_data.ip }} ansible_user={{ cluster_params.cluster_groups | selectattr("name", "equalto", group_data.group) | map(attribute='user') | join }}
+{{ node_data.name }} ansible_host={{ node_data.ip }}
 {% endfor %}
 
+[{{ cluster_name }}_{{ group_data.group }}:vars]
+ansible_user={{ cluster_params.cluster_groups | selectattr("name", "equalto", group_data.group) | map(attribute='user') | join }}
+{% if cluster_gw_group is defined %}
+{% if cluster_gw_group != group_data.group %}
+ansible_ssh_common_args='-o ProxyJump={{ cluster_gw_user }}@{{ cluster_gw_ip }}'
+{% endif %}
+{% endif %}
+
 {% endfor %}
 # Specific roles for cluster deployment assignments
 {% for role in cluster_roles %}
