diff --git a/skydive/buildSkydive.yml b/skydive/buildSkydive.yml index 8c38af61..0c14a736 100644 --- a/skydive/buildSkydive.yml +++ b/skydive/buildSkydive.yml @@ -22,9 +22,7 @@ - name: Gather facts hosts: skydive_all - tasks: - - name: Gather facts on all hosts - setup: {} + gather_facts: true tags: - always diff --git a/skydive/buildTraefik.yml b/skydive/buildTraefik.yml index d263eb08..66fd0bd2 100644 --- a/skydive/buildTraefik.yml +++ b/skydive/buildTraefik.yml @@ -22,9 +22,7 @@ - name: Gather facts hosts: traefik_all - tasks: - - name: Gather facts on all hosts - setup: {} + gather_facts: true tags: - always diff --git a/skydive/installSkydive.yml b/skydive/installSkydive.yml index fa97e94b..26f6971b 100644 --- a/skydive/installSkydive.yml +++ b/skydive/installSkydive.yml @@ -13,6 +13,42 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Setup localhost + hosts: localhost + connection: local + tags: + - always + + +- name: Configure skydive-service-setup-host + hosts: skydive_all[0] + connection: local + become: yes + tasks: + # NOTE(cloudnull): When the host entry is an IP, these tasks will construct a basic + # host entry for the delegated node, which will ensure facts are + # available for the deployment host. + - name: Add dynamic host entry + add_host: + name: "{{ skydive_service_setup_host }}" + groups: skydive_all + ansible_host: "{{ skydive_service_setup_host }}" + when: + - ((skydive_service_setup_host is defined) and (skydive_service_setup_host | ipaddr)) or + (skydive_service_setup_host not in groups['all']) or + (skydive_service_setup_host not in groups['skydive_all']) + tags: + - always + + +- name: Gather all facts + hosts: skydive_all + become: yes + gather_facts: yes + tags: + - always + + - name: Deploy skydive binaries hosts: skydive_agents:skydive_analyzers become: yes @@ -130,6 +166,8 @@ become: yes roles: - role: skydive_analyzer + vars: + skydive_service_setup_host: "{{ openstack_service_setup_host | default(groups['skydive_analyzers'][0]) }}" tags: - skydive-analyzer-setup @@ -139,6 +177,7 @@ become: yes roles: - role: skydive_agent - skydive_service_setup_host: "{{ openstack_service_setup_host | default(groups['skydive_analyzers'][0]) }}" + vars: + skydive_service_setup_host: "{{ openstack_service_setup_host | default(groups['skydive_analyzers'][0]) }}" tags: - skydive-agent-setup diff --git a/skydive/roles/skydive_analyzer/meta/main.yml b/skydive/roles/skydive_analyzer/meta/main.yml index 84ee0b6f..98d4078a 100644 --- a/skydive/roles/skydive_analyzer/meta/main.yml +++ b/skydive/roles/skydive_analyzer/meta/main.yml @@ -38,7 +38,7 @@ galaxy_info: dependencies: - role: traefik_common traefik_basic_auth_users: "{{ _skydive_basic_auth_users | combine(skydive_basic_auth_users) }}" - traffic_dashboard_bind: "{{ skydive_bind_address | default(hostvars[inventory_hostname]['ansible_' ~ (skydive_network_device | replace('-', '_') | string)]['ipv4']['address']) }}" + traffic_dashboard_bind: "{{ skydive_bind_address | default(hostvars[inventory_hostname]['ansible_' ~ ((skydive_network_device | default(ansible_default_ipv4['interface'])) | replace('-', '_') | string)]['ipv4']['address']) }}" traefik_dashboard_enabled: true traefik_destinations: elasticsearch: diff --git a/skydive/roles/skydive_common/defaults/main.yml b/skydive/roles/skydive_common/defaults/main.yml index 91a09909..ecfb769d 100644 --- a/skydive/roles/skydive_common/defaults/main.yml +++ b/skydive/roles/skydive_common/defaults/main.yml @@ -29,7 +29,7 @@ skydive_agent_port: 8081 skydive_flow_protocol: udp # Set a particulare network interface used for skydive traffic -skydive_network_device: "{{ ansible_default_ipv4['interface'] }}" +# skydive_network_device: "{{ ansible_default_ipv4['interface'] }}" # The skydive bind address can also be used to set the specific bind address of # a given node running the skydive analyzer. By default this variable is undefined diff --git a/skydive/roles/skydive_common/tasks/main.yml b/skydive/roles/skydive_common/tasks/main.yml index c3b45e5d..6321a7e1 100644 --- a/skydive/roles/skydive_common/tasks/main.yml +++ b/skydive/roles/skydive_common/tasks/main.yml @@ -112,6 +112,12 @@ when: - clouds_file['content'] is defined +- name: Set network device fact + set_fact: + skydive_network_device: "{{ ansible_default_ipv4['interface'] }}" + when: + - skydive_network_device is undefined + - include_tasks: skydive_setup.yml - include_tasks: skydive_ssl.yml diff --git a/skydive/roles/skydive_common/tasks/skydive_ssl.yml b/skydive/roles/skydive_common/tasks/skydive_ssl.yml index df45c4e0..83eaedbf 100644 --- a/skydive/roles/skydive_common/tasks/skydive_ssl.yml +++ b/skydive/roles/skydive_common/tasks/skydive_ssl.yml @@ -25,6 +25,31 @@ run_once: true delegate_to: "{{ skydive_service_setup_host }}" block: + - name: create the system group + group: + name: "skydive" + state: "present" + system: "yes" + + - name: Create the skydive user + user: + name: "skydive" + group: "skydive" + comment: "skydive user" + shell: "/bin/false" + createhome: "yes" + home: "/usr/share/skydive" + + - name: Create skydive ssl path + file: + path: "{{ item }}" + state: directory + owner: "skydive" + group: "skydive" + mode: "0700" + with_items: + - "/var/lib/skydive/ssl" + - name: Create CNF template: src: "skydive-openssl.cnf.j2" diff --git a/skydive/roles/skydive_common/templates/skydive-openssl.cnf.j2 b/skydive/roles/skydive_common/templates/skydive-openssl.cnf.j2 index a5b5e91b..b3640e7b 100644 --- a/skydive/roles/skydive_common/templates/skydive-openssl.cnf.j2 +++ b/skydive/roles/skydive_common/templates/skydive-openssl.cnf.j2 @@ -24,14 +24,16 @@ subjectAltName = @alt_names {% set ips = [] %} {% set hostnames = [] %} {% for node in groups['skydive_all'] %} -{% set _ansible_interface_name = hostvars[node]['skydive_network_device'] | default(hostvars[node]['ansible_default_ipv4']['interface']) | replace('-', '_') %} -{% set _skydive_ip = hostvars[node]['skydive_bind_address'] | default(hostvars[node]["ansible_" ~ _ansible_interface_name]['ipv4']['address']) %} -{% set _skydive_ansible_domain = hostvars[node]['ansible_domain'] | default(hostvars[node]['ansible_hostname'] ) %} -{% set _skydive_dns_name = ((_skydive_ansible_domain | length) > 0) | ternary(_skydive_ansible_domain, hostvars[node]['ansible_hostname']) %} -{% set _ = ips.append(_skydive_ip) %} -{% set _ = hostnames.append(_skydive_dns_name) %} +{% if hostvars[node]['ansible_default_ipv4'] is defined %} +{% set _ansible_interface_name = hostvars[node]['skydive_network_device'] | default(hostvars[node]['ansible_default_ipv4']['interface']) | replace('-', '_') %} +{% set _skydive_ip = hostvars[node]['skydive_bind_address'] | default(hostvars[node]["ansible_" ~ _ansible_interface_name]['ipv4']['address']) %} +{% set _skydive_ansible_domain = hostvars[node]['ansible_fqdn'] | default(hostvars[node]['ansible_hostname'] ) %} +{% set _skydive_dns_name = ((_skydive_ansible_domain | length) > 0) | ternary(_skydive_ansible_domain, hostvars[node]['ansible_hostname']) %} +{% set _ = ips.append(_skydive_ip) %} +{% set _ = hostnames.append(_skydive_dns_name) %} IP.{{ loop.index }} = {{ _skydive_ip }} DNS.{{ loop.index }} = {{ _skydive_dns_name }} +{% endif %} {% endfor %} {% set localhost_index = (groups['skydive_all'] | length) + 1 %} diff --git a/skydive/roles/skydive_common/vars/debian.yml b/skydive/roles/skydive_common/vars/debian.yml index ec63a97d..6b34a580 100644 --- a/skydive/roles/skydive_common/vars/debian.yml +++ b/skydive/roles/skydive_common/vars/debian.yml @@ -18,3 +18,4 @@ sykdive_distro_packages: - python3-openssl - python-openssl - python-passlib + - python-virtualenv diff --git a/skydive/roles/skydive_common/vars/main.yml b/skydive/roles/skydive_common/vars/main.yml index c46c727c..ac9508dc 100644 --- a/skydive/roles/skydive_common/vars/main.yml +++ b/skydive/roles/skydive_common/vars/main.yml @@ -50,7 +50,7 @@ skydive_ssl_cnf: "/var/lib/skydive/ssl/skydive-openssl.cnf" skydive_ssl_key: "/var/lib/skydive/ssl/skydive.key" skydive_ssl_csr: "/var/lib/skydive/ssl/skydive.csr" skydive_ssl_cert: "/var/lib/skydive/ssl/skydive-{{ inventory_hostname | replace('_', '-') | replace(' ', '-') }}.crt" -skydive_ssl_signed_subject: "/C=XX/L=OpenStack-Cloud/O=OpenStack/OU=IT/CN={{ ((ansible_domain | length) > 0) | ternary(ansible_domain, ansible_hostname) }}" +skydive_ssl_signed_subject: "/C=XX/L=OpenStack-Cloud/O=OpenStack/OU=IT/CN={{ ((ansible_fqdn | length) > 0) | ternary(ansible_fqdn, ansible_hostname) }}" skydive_ssl_ca_key: "/var/lib/skydive/ssl/skydive-ca.key" skydive_ssl_ca_cert: "/var/lib/skydive/ssl/skydive-ca.crt" diff --git a/skydive/roles/skydive_common/vars/redhat.yml b/skydive/roles/skydive_common/vars/redhat.yml index 9f8879b4..fc10cc6e 100644 --- a/skydive/roles/skydive_common/vars/redhat.yml +++ b/skydive/roles/skydive_common/vars/redhat.yml @@ -17,3 +17,4 @@ sykdive_distro_packages: - openssl - python2-passlib - pyOpenSSL + - python-virtualenv diff --git a/skydive/roles/skydive_common/vars/suse.yml b/skydive/roles/skydive_common/vars/suse.yml index 80c5e764..3fa7f4eb 100644 --- a/skydive/roles/skydive_common/vars/suse.yml +++ b/skydive/roles/skydive_common/vars/suse.yml @@ -18,3 +18,4 @@ sykdive_distro_packages: - python2-pyOpenSSL - python3-pyOpenSSL - python-passlib + - python2-virtualenv diff --git a/skydive/validateSkydive.yml b/skydive/validateSkydive.yml index 1076aa39..0c6987d6 100644 --- a/skydive/validateSkydive.yml +++ b/skydive/validateSkydive.yml @@ -27,4 +27,5 @@ delay: 10 - name: Show Skydive client - debug: var=skydive_client + debug: + msg: "{{ skydive_client.stdout | from_json }}"