update

2023-05-30 14:44:26 +09:00
parent 9a3174deef
commit 4c32a7239d
2598 changed files with 164595 additions and 487 deletions
--- a/kubespray/roles/bastion-ssh-config/defaults/main.yml
+++ b/kubespray/roles/bastion-ssh-config/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+ssh_bastion_confing__name: ssh-bastion.conf
--- a/kubespray/roles/bastion-ssh-config/molecule/default/converge.yml
+++ b/kubespray/roles/bastion-ssh-config/molecule/default/converge.yml
@@ -0,0 +1,15 @@
+---
+- name: Converge
+  hosts: all
+  become: true
+  gather_facts: false
+  roles:
+    - role: bastion-ssh-config
+  tasks:
+    - name: Copy config to remote host
+      copy:
+        src: "{{ playbook_dir }}/{{ ssh_bastion_confing__name }}"
+        dest: "{{ ssh_bastion_confing__name }}"
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+        mode: 0644
--- a/kubespray/roles/bastion-ssh-config/molecule/default/molecule.yml
+++ b/kubespray/roles/bastion-ssh-config/molecule/default/molecule.yml
@@ -0,0 +1,35 @@
+---
+dependency:
+  name: galaxy
+lint: |
+  set -e
+  yamllint -c ../../.yamllint .
+driver:
+  name: vagrant
+  provider:
+    name: libvirt
+platforms:
+  - name: bastion-01
+    box: generic/ubuntu2004
+    cpus: 1
+    memory: 512
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      callbacks_enabled: profile_tasks
+      timeout: 120
+  lint:
+    name: ansible-lint
+  inventory:
+    hosts:
+      all:
+        hosts:
+        children:
+          bastion:
+            hosts:
+              bastion-01:
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
--- a/kubespray/roles/bastion-ssh-config/molecule/default/tests/test_default.py
+++ b/kubespray/roles/bastion-ssh-config/molecule/default/tests/test_default.py
@@ -0,0 +1,34 @@
+import os
+import yaml
+import glob
+import testinfra.utils.ansible_runner
+from ansible.playbook import Playbook
+from ansible.cli.playbook import PlaybookCLI
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+def read_playbook(playbook):
+    cli_args = [os.path.realpath(playbook), testinfra_hosts]
+    cli = PlaybookCLI(cli_args)
+    cli.parse()
+    loader, inventory, variable_manager = cli._play_prereqs()
+
+    pb = Playbook.load(cli.args[0], variable_manager, loader)
+
+    for play in pb.get_plays():
+        yield variable_manager.get_vars(play)
+
+def get_playbook():
+    with open(os.path.realpath(' '.join(map(str,glob.glob('molecule.*')))), 'r') as yamlfile:
+        data = yaml.load(yamlfile, Loader=yaml.FullLoader)
+        if 'playbooks' in data['provisioner'].keys():
+            if 'converge' in data['provisioner']['playbooks'].keys():
+                return data['provisioner']['playbooks']['converge']
+        else:
+            return ' '.join(map(str,glob.glob('converge.*')))
+
+def test_ssh_config(host):
+    for vars in read_playbook(get_playbook()):
+        assert host.file(vars['ssh_bastion_confing__name']).exists
+        assert host.file(vars['ssh_bastion_confing__name']).is_file
--- a/kubespray/roles/bastion-ssh-config/tasks/main.yml
+++ b/kubespray/roles/bastion-ssh-config/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+- name: set bastion host IP and port
+  set_fact:
+    bastion_ip: "{{ hostvars[groups['bastion'][0]]['ansible_host'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_host']) }}"
+    bastion_port: "{{ hostvars[groups['bastion'][0]]['ansible_port'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_port']) | d(22) }}"
+  delegate_to: localhost
+  connection: local
+
+# As we are actually running on localhost, the ansible_ssh_user is your local user when you try to use it directly
+# To figure out the real ssh user, we delegate this task to the bastion and store the ansible_user in real_user
+- name: Store the current ansible_user in the real_user fact
+  set_fact:
+    real_user: "{{ ansible_user }}"
+
+- name: create ssh bastion conf
+  become: false
+  delegate_to: localhost
+  connection: local
+  template:
+    src: "{{ ssh_bastion_confing__name }}.j2"
+    dest: "{{ playbook_dir }}/{{ ssh_bastion_confing__name }}"
+    mode: 0640
--- a/kubespray/roles/bastion-ssh-config/templates/ssh-bastion.conf.j2
+++ b/kubespray/roles/bastion-ssh-config/templates/ssh-bastion.conf.j2
@@ -0,0 +1,18 @@
+{% set vars={'hosts': ''} %}
+{% set user='' %}
+
+{% for h in groups['all'] %}
+{% if h not in groups['bastion'] %}
+{% if vars.update({'hosts': vars['hosts'] + ' ' + (hostvars[h].get('ansible_ssh_host') or hostvars[h]['ansible_host'])}) %}{% endif %}
+{% endif %}
+{% endfor %}
+
+Host {{ bastion_ip }}
+  Hostname {{ bastion_ip }}
+  StrictHostKeyChecking no
+  ControlMaster auto
+  ControlPath ~/.ssh/ansible-%r@%h:%p
+  ControlPersist 5m
+
+Host {{ vars['hosts'] }}
+  ProxyCommand ssh -F /dev/null -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p -p {{ bastion_port }} {{ real_user }}@{{ bastion_ip }} {% if ansible_ssh_private_key_file is defined %}-i {{ ansible_ssh_private_key_file }}{% endif %}