Merge pull request #217 from stackhpc/infra-vm-followups

Backport Infra VM followups (wallaby)

Author: markgoddard

ansible/infra-vm-provision.yml

@@ -29,16 +29,12 @@
   tags:
     - infra-vm-provision
   tasks:
-    - name: Wait for a connection to VM with bootstrap user
-      wait_for_connection:
+    - name: Wait for SSH access to the infra VM
+      wait_for:
+        host: "{{ hostvars[inventory_hostname].ansible_host }}"
+        port: 22
+        state: started
         # NOTE: Ensure we exceed the 5 minute DHCP timeout of the eth0
         # interface if necessary.
-        timeout: 600
-      vars:
-        # NOTE(wszumski): ansible_host_key_checking variable doesn't seem to
-        # work, But it would be nice not to fail if the host_key changes.
-        # We check the hostkey during host configure.
-        # https://github.com/ansible/ansible/blob/1c34492413dec09711c430745034db0c108227a9/lib/ansible/plugins/connection/ssh.py#L49
-        # https://github.com/ansible/ansible/issues/49254
-        ansible_ssh_extra_args: '{{ infra_vm_wait_connection_ssh_extra_args }}'
-        ansible_user: "{{ bootstrap_user }}"
+        timeout: 360
+      delegate_to: localhost

ansible/roles/infra-vms/tasks/deploy.yml

@@ -49,6 +49,26 @@
     mime: False
   register: stat_result
 
+# NOTE(mgoddard): Prior to the Xena release, the seed VM was provisioned using
+# the stackhpc.livirt-vm role with become=true. This resulted in the cached
+# image being owned by root. Since Xena, we execute the role without
+# become=true. Correct the image ownership to avoid a permission denied error
+# when downloading a new image of the same name.
+- name: "[{{ vm_name }}] Stat image files"
+  stat:
+    path: "{{ image_cache_path }}/{{ item.image | basename }}"
+  with_items: "{{ vm_hostvars.infra_vm_volumes | selectattr('image', 'defined') }}"
+  register: image_stat_result
+
+- name: "[{{ vm_name }}] Fix image ownership"
+  file:
+    path: "{{ image_cache_path }}/{{ item.item.image | basename }}"
+    owner: "{{ ansible_facts.user_uid }}"
+    group: "{{ ansible_facts.user_gid }}"
+  with_items: "{{ image_stat_result.results }}"
+  when: item.stat.exists
+  become: true
+
 - name: "[{{ vm_name }}] Ensure that the VM is provisioned"
   include_role:
     name: stackhpc.libvirt-vm

ansible/seed-vm-provision.yml

@@ -29,6 +29,26 @@
         group: "{{ ansible_facts.user_gid }}"
       become: True
 
+    # NOTE(mgoddard): Prior to the Xena release, the seed VM was provisioned
+    # using the stackhpc.livirt-vm role with become=true. This resulted in the
+    # cached image being owned by root. Since Xena, we execute the role without
+    # become=true. Correct the image ownership to avoid a permission denied
+    # error when downloading a new image of the same name.
+    - name: Stat image files
+      stat:
+        path: "{{ image_cache_path }}/{{ item.image | basename }}"
+      with_items: "{{ hostvars[seed_host].seed_vm_volumes | selectattr('image', 'defined') }}"
+      register: image_stat_result
+
+    - name: Fix image ownership
+      file:
+        path: "{{ image_cache_path }}/{{ item.item.image | basename }}"
+        owner: "{{ ansible_facts.user_uid }}"
+        group: "{{ ansible_facts.user_gid }}"
+      with_items: "{{ image_stat_result.results }}"
+      when: item.stat.exists
+      become: true
+
   roles:
     - role: jriguera.configdrive
       # For now assume the VM OS family is the same as the hypervisor's.
@@ -99,7 +119,6 @@
           volumes: "{{ hostvars[seed_host].seed_vm_volumes + [seed_vm_configdrive_volume] }}"
           interfaces: "{{ hostvars[seed_host].seed_vm_interfaces }}"
           console_log_enabled: true
-      become: True
 
   tasks:
     - name: Wait for SSH access to the seed VM

releasenotes/notes/story-2009277-84c381a562244fab.yaml

@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes an issue where cached seed VM images are unnecessarily owned by root.
+    See `story 2009277 <https://storyboard.openstack.org/#!/story/2009277>`__
+    for details.