Merge pull request #6699 from bogdando/heat_user_data

Automatic merge from submit-queue.

[openstack] custom user commands for cloud-init

Allow to specify additional user commands executed on all Nova servers
provisioned via Heat.

An example use case is installing and starting os-collect-config agents
to put Nova servers under the configuration management driven via the
host openstack cloud Heat services. This allows to integrate with another
deployment tools like TripleO.

Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>

3 files changed, 50 insertions, 0 deletions

diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md
index e8f4cfc32..8df3c40b0 100644
--- a/playbooks/openstack/advanced-configuration.md
+++ b/playbooks/openstack/advanced-configuration.md
@@ -273,6 +273,38 @@ openshift_openstack_cluster_node_labels:
     mylabel: myvalue
 ```
 
+`openshift_openstack_provision_user_commands` allows users to execute
+shell commands via cloud-init for all of the created Nova servers in
+the Heat stack, before they are available for SSH connections.
+Note that you should use custom ansible playbooks whenever
+possible, like this `provision_install_custom.yml` example playbook:
+```
+- import_playbook: openshift-ansible/playbooks/openstack/openshift-cluster/provision.yml
+
+- name: My custom actions
+  hosts: cluster_hosts
+  tasks:
+  - do whatever you want here
+
+- import_playbook: openshift-ansible/playbooks/openstack/openshift-cluster/install.yml
+```
+The playbook leverages a two existing provider interfaces: `provision.yml` and
+`install.yml`. For some cases, like SSH keys configuration and coordinated reboots of
+servers, the cloud-init runcmd directive may be a better choice though. User specified
+shell commands for cloud-init need to be either strings or lists, for example:
+```
+- openshift_openstack_provision_user_commands:
+  - set -vx
+  - systemctl stop sshd # fences off ansible playbooks as we want to reboot later
+  - ['echo', 'foo', '>', '/tmp/foo']
+  - [ ls, /tmp/foo, '||', true ]
+  - reboot # unfences ansible playbooks to continue after reboot
+```
+
+**Note** To protect Nova servers from recreating when the user-data changes via
+`openshift_openstack_provision_user_commands`, the
+`user_data_update_policy` parameter configured to `IGNORE` for Heat resources.
+
 The `openshift_openstack_nodes_to_remove` allows you to specify the numerical indexes
 of App nodes that should be removed; for example, ['0', '2'],
 
diff --git a/roles/openshift_openstack/defaults/main.yml b/roles/openshift_openstack/defaults/main.yml
index 75bed96f0..75f1300e1 100644
--- a/roles/openshift_openstack/defaults/main.yml
+++ b/roles/openshift_openstack/defaults/main.yml
@@ -96,6 +96,8 @@ openshift_openstack_etcd_volume_size: 2
 openshift_openstack_lb_volume_size: 5
 openshift_openstack_ephemeral_volumes: false
 
+# User commands for cloud-init executed on all Nova servers provisioned
+openshift_openstack_provision_user_commands: []
 
 # cloud-config
 openshift_openstack_disable_root: true
diff --git a/roles/openshift_openstack/templates/user_data.j2 b/roles/openshift_openstack/templates/user_data.j2
index ccaa5d464..1ca87a429 100644
--- a/roles/openshift_openstack/templates/user_data.j2
+++ b/roles/openshift_openstack/templates/user_data.j2
@@ -11,3 +11,19 @@ write_files:
     permissions: 440
     content: |
       Defaults:openshift !requiretty
+
+{% if openshift_openstack_provision_user_commands %}
+  - path: /root/ansible_install.sh
+    permissions: '0544'
+    content: |
+{% for cmd in openshift_openstack_provision_user_commands %}
+{% if cmd is string %}
+      {{ cmd }}
+{% elif cmd is iterable %}
+      {{ cmd|join(' ') }}
+{% endif %}
+{% endfor %}
+
+runcmd:
+  - /root/ansible_install.sh
+{% endif %}