Add bastion deployment on pre-installed libvirt server #29
Conversation
kononovn
commented
Jan 16, 2025
kononovn
commented
- Added playbooks/infra/deploy-vm-bastion-libvirt.yml playbook
- Added infra/deploy-vm-bastion-libvirt.yml inventory
- Fixed 'Reload NetworkManager connections' task in playbooks/infra/deploy-bm-hypervisor.yml playbook
- Changed executors group to bastions in inventories/infra/deploy-bm-hypervisor.yml
kononovn
force-pushed
the
deployment_bastion
branch
3 times, most recently
from
5c36ba8 to
18e9b44
Compare
| ansible.builtin.shell: > | ||
| nmcli con down {{ (net_config | from_yaml)['interface_name'] }} && | ||
| nmcli con up {{ (net_config | from_yaml)['interface_name'] }} && | ||
| nmcli con up bridge-baremetal && nmcli con up {{ (net_config | from_yaml)['interface_name'] }} |
There was a problem hiding this comment.
nmcli con up {{ (net_config | from_yaml)['interface_name'] }} looks like this part is already happening on line 204. perhaps you meant con down on 204?
There was a problem hiding this comment.
And maybe this line:
nmcli con up bridge-baremetal && nmcli con up {{ (net_config | from_yaml)['interface_name'] }}
should be split into two:
nmcli con up bridge-baremetal &&
nmcli con up {{ (net_config | from_yaml)['interface_name'] }}
There was a problem hiding this comment.
@ccardenosa Thanks lines are formatted.
There was a problem hiding this comment.
@shaior No, we need to bring this interface up 2 times due to some weird bridge interface behavior. It helps bring bridge up
| force: true | ||
| mode: '0640' | ||
|
|
||
| - name: Resize VM hard disk |
There was a problem hiding this comment.
Why do we need to resize the disk?
Doesn't create_vms handle the disk creation?
There was a problem hiding this comment.
Yes, the creates_vms role creates an empty HDD, but in this case, we don't need an empty disk because I pre-pull the QCOW2 cloud image with the same name. As a result, the creates_vms role simply reuses my QCOW2 HDD image without any additional modifications
| cmd: partprobe | ||
| changed_when: true | ||
|
|
||
| - name: Setup bastion host |
There was a problem hiding this comment.
Looks like we might need another user for connecting in the pipeline, currently it was passwordless sudo and ssh key.
Maybe we can add the option to the playbook?
There was a problem hiding this comment.
It's OK. We can always modify it once we have use case for multiple users. WDYT?
There was a problem hiding this comment.
I think the use case is to have a different user for CI than the one for management
- Added playbooks/infra/deploy-vm-bastion-libvirt.yml playbook - Added infra/deploy-vm-bastion-libvirt.yml inventory - Fixed 'Reload NetworkManager connections' task in playbooks/infra/deploy-bm-hypervisor.yml playbook - Changed executors group to bastions in inventories/infra/deploy-bm-hypervisor.yml
kononovn
force-pushed
the
deployment_bastion
branch
from
18e9b44 to
ac65b8b
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: shaior The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
