This is an automated email from the ASF dual-hosted git repository. vatamane pushed a commit to branch add-asf-mini-vm in repository https://gitbox.apache.org/repos/asf/couchdb-infra-cm.git
commit 64e6011ec404a05e19ae9a1c916cdef58861307b Author: Nick Vatamaniuc <[email protected]> AuthorDate: Fri Jan 16 00:16:57 2026 -0500 Add asfminidebian worker (thanks, Jan!) It's a Debian 13 arm64 host. Managed to added it to the CI node list and put it under Ansible management. To do that had to harmonize some packages between Ubuntu and Debian Also had to introduce an idea that extra hosts (those are non-IBM ones) also can have a bastion entry. So that added some complications to setup but the chances are we'll see much such cases in the future. The list was generated with `./tools/gen-config` The input list `~/.couchdb-infra-cm.cfg` was updated with ``` [extra.asfmini] user = administrator ip_addr = 207.254.28.245 [extra.asfminidebian] user = couchdb ip_addr = 192.168.66.3 arch = arm64 num_cpus = 4 ram = 4 proxyjump = asfmini ``` --- host_vars/asfminidebian.yml | 12 ++++++ production | 22 +++++++++++ roles/ci_agent/tasks/main.yml | 2 +- roles/common/tasks/main.yml | 3 +- ssh.cfg | 32 ++++++++++++---- tools/gen-config | 85 ++++++++++++++++++++++++++++++++++++------- 6 files changed, 132 insertions(+), 24 deletions(-) diff --git a/host_vars/asfminidebian.yml b/host_vars/asfminidebian.yml new file mode 100644 index 0000000..e940ade --- /dev/null +++ b/host_vars/asfminidebian.yml @@ -0,0 +1,12 @@ +jenkins_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33343462643836636134363234383764356135656437316238373232343465653636613866666338 + 3232633731313861623063366263636136636263383133620a326131303831663036353835353161 + 66653834353539393338346563356665363630326533346336616630646334343836306364663962 + 6664323933613931650a636231343166333232383830373765376262303166633064633630613234 + 35373735326266376334373363323361646262656334383038323430633537613264616638316531 + 33313333626461613435303933313633383930656534636531383939333065343165333334613430 + 66346639623231373061626164343463613432623164303936343937663465633461653338396565 + 38636330623532383931 + + diff --git a/production b/production index ba612c0..ad9cf68 100644 --- a/production +++ b/production @@ -2,7 +2,15 @@ all: children: bastions: hosts: + asfmini: + extra: true + instance: + name: asfmini + ip_addrs: + public: 207.254.28.245 + user: administrator couchdb-bastion-x86-64-ubuntu-dal-1-01: + extra: false instance: created_at: '2024-12-03T06:27:13Z' id: 0717_d4657905-4dcd-488f-9305-a7e1722ee2bf @@ -21,6 +29,20 @@ all: user: ubuntu ci_agents: hosts: + asfminidebian: + instance: + id: asfminidebian + name: asfminidebian + subnet: null + ip_addrs: + bastion_host: null + bastion_ip: null + public: 192.168.66.3 + system: + arch: arm64 + num_cpus: 4 + ram: 4 + user: couchdb couchdb-worker-x86-64-ubuntu-dal-1-01: instance: created_at: '2024-05-21T03:39:16Z' diff --git a/roles/ci_agent/tasks/main.yml b/roles/ci_agent/tasks/main.yml index 41a2a56..0201875 100644 --- a/roles/ci_agent/tasks/main.yml +++ b/roles/ci_agent/tasks/main.yml @@ -18,7 +18,7 @@ state: latest vars: packages: - - openjdk-17-jre-headless + - openjdk-21-jre-headless - name: Setup Docker APT repository become: yes diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 5ac76a9..bba9d4d 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -67,11 +67,10 @@ - gnupg2 - mtr-tiny - nload - - ntp + - chrony - python3 - runit - screen - - software-properties-common - strace - sudo - tcpdump diff --git a/ssh.cfg b/ssh.cfg index 4e22947..66dc7d5 100644 --- a/ssh.cfg +++ b/ssh.cfg @@ -1,3 +1,12 @@ +Host asfmini + Hostname 207.254.28.245 + User administrator + ForwardAgent yes + StrictHostKeyChecking no + ControlMaster auto + ControlPath /tmp/ansible-%r@%h:%p + ControlPersist 30m + Host couchdb-bastion-x86-64-ubuntu-dal-1-01 Hostname 52.118.184.106 User ubuntu @@ -7,53 +16,60 @@ Host couchdb-bastion-x86-64-ubuntu-dal-1-01 ControlPath /tmp/ansible-%r@%h:%p ControlPersist 30m +Host asfminidebian + Hostname 192.168.66.3 + User couchdb + ForwardAgent yes + StrictHostKeyChecking no + ProxyJump asfmini + Host couchdb-worker-x86-64-ubuntu-dal-1-01 Hostname 10.240.0.4 User ubuntu StrictHostKeyChecking no - ProxyCommand /usr/bin/ssh -W %h:%p -q ubuntu@couchdb-bastion-x86-64-ubuntu-dal-1-01 + ProxyJump couchdb-bastion-x86-64-ubuntu-dal-1-01 Host couchdb-worker-x86-64-ubuntu-dal-1-02 Hostname 10.240.0.5 User ubuntu StrictHostKeyChecking no - ProxyCommand /usr/bin/ssh -W %h:%p -q ubuntu@couchdb-bastion-x86-64-ubuntu-dal-1-01 + ProxyJump couchdb-bastion-x86-64-ubuntu-dal-1-01 Host couchdb-worker-x86-64-ubuntu-dal-1-03 Hostname 10.240.0.6 User ubuntu StrictHostKeyChecking no - ProxyCommand /usr/bin/ssh -W %h:%p -q ubuntu@couchdb-bastion-x86-64-ubuntu-dal-1-01 + ProxyJump couchdb-bastion-x86-64-ubuntu-dal-1-01 Host couchdb-worker-x86-64-ubuntu-dal-1-04 Hostname 10.240.0.7 User ubuntu StrictHostKeyChecking no - ProxyCommand /usr/bin/ssh -W %h:%p -q ubuntu@couchdb-bastion-x86-64-ubuntu-dal-1-01 + ProxyJump couchdb-bastion-x86-64-ubuntu-dal-1-01 Host couchdb-worker-x86-64-ubuntu-dal-1-05 Hostname 10.240.0.8 User ubuntu StrictHostKeyChecking no - ProxyCommand /usr/bin/ssh -W %h:%p -q ubuntu@couchdb-bastion-x86-64-ubuntu-dal-1-01 + ProxyJump couchdb-bastion-x86-64-ubuntu-dal-1-01 Host couchdb-worker-x86-64-ubuntu-dal-1-06 Hostname 10.240.0.9 User ubuntu StrictHostKeyChecking no - ProxyCommand /usr/bin/ssh -W %h:%p -q ubuntu@couchdb-bastion-x86-64-ubuntu-dal-1-01 + ProxyJump couchdb-bastion-x86-64-ubuntu-dal-1-01 Host couchdb-worker-x86-64-ubuntu-dal-1-07 Hostname 10.240.0.10 User ubuntu StrictHostKeyChecking no - ProxyCommand /usr/bin/ssh -W %h:%p -q ubuntu@couchdb-bastion-x86-64-ubuntu-dal-1-01 + ProxyJump couchdb-bastion-x86-64-ubuntu-dal-1-01 Host couchdb-worker-x86-64-ubuntu-dal-1-08 Hostname 10.240.0.11 User ubuntu StrictHostKeyChecking no - ProxyCommand /usr/bin/ssh -W %h:%p -q ubuntu@couchdb-bastion-x86-64-ubuntu-dal-1-01 + ProxyJump couchdb-bastion-x86-64-ubuntu-dal-1-01 Host linux1 Hostname 148.100.74.32 diff --git a/tools/gen-config b/tools/gen-config index 24c0c78..33462da 100755 --- a/tools/gen-config +++ b/tools/gen-config @@ -53,10 +53,12 @@ def load_environment(): "instance_id" : parser.get(section, "id", fallback=name), "ip_addr": parser.get(section, "ip_addr"), "user": parser.get(section, "user"), + "proxyjump": parser.get(section, "proxyjump", fallback = None), + "is_proxy": False, "system": { - "arch": parser.get(section, "arch"), - "num_cpus": int(parser.get(section, "num_cpus")), - "ram": int(parser.get(section, "ram")) + "arch": parser.get(section, "arch", fallback = None), + "num_cpus": int(parser.get(section, "num_cpus", fallback = 0)), + "ram": int(parser.get(section, "ram", fallback = 0)) } } @@ -86,7 +88,13 @@ def load_environment(): "instance_id" : parser.get(section, "instance_id", fallback=None) } - + for k in EXTRA: + proxy = EXTRA[k]["proxyjump"] + if proxy: + if proxy not in EXTRA: + print(f"Proxy jump host {proxy} not found in extras") + exit(1) + EXTRA[proxy]["is_proxy"] = True def load_iam_tokens(): for env in ENV: @@ -167,6 +175,7 @@ def load_bastion(bastions, instance): ip_addr = floating_ips[0]["address"] bastions[name] = { + "extra": False, "instance": { "id": instance["id"], "name": instance["name"], @@ -188,6 +197,22 @@ def load_bastion(bastions, instance): "user": "ubuntu" } +def load_extra_bastion(bastions, instance): + name = instance["name"] + if name in bastions: + print(f"Duplicate bastion found {name}") + exit(2) + + bastions[name] = { + "extra": True, + "instance": { + "name": instance["name"] + }, + "ip_addrs": { + "public": instance["ip_addr"] + }, + "user": instance["user"] + } def load_ci_agent(ci_agents, instance): if instance["status"] != "running": @@ -258,6 +283,8 @@ def get_private_ip(instance): def assign_bastions(bastions, ci_agents): subnets = {} for (host, bastion) in bastions.items(): + if bastion["extra"]: + continue subnet = bastion["instance"]["subnet"] ip_addr = bastion["ip_addrs"]["public"] assert subnet not in subnets @@ -301,12 +328,32 @@ def write_ssh_cfg(filename, bastions, ci_agents): ControlPersist 30m """) + extra_ci_agent_tmpl = textwrap.dedent("""\ + Host {host} + Hostname {ip_addr} + User {user} + ForwardAgent yes + StrictHostKeyChecking no + ControlMaster auto + ControlPath /tmp/ansible-%r@%h:%p + ControlPersist 30m + + """) + extra_ci_agent_with_proxy_tmpl = textwrap.dedent("""\ + Host {host} + Hostname {ip_addr} + User {user} + ForwardAgent yes + StrictHostKeyChecking no + ProxyJump {proxy} + + """) ci_agent_tmpl = textwrap.dedent("""\ Host {host} Hostname {ip_addr} User {user} StrictHostKeyChecking no - ProxyCommand /usr/bin/ssh -W %h:%p -q ubuntu@{bastion_host} + ProxyJump {bastion_host} """) with open(filename, "w") as handle: @@ -321,13 +368,22 @@ def write_ssh_cfg(filename, bastions, ci_agents): for host, info in sorted(ci_agents.items()): user = info["user"] if host in EXTRA: - # extra CI agent use an external IP directly - args = { - "user": user, - "host": host, - "ip_addr": info["ip_addrs"]["public"] - } - entry = bastion_tmpl.format(**args) + proxy = EXTRA[host]["proxyjump"] + if proxy: + args = { + "user": user, + "host": host, + "ip_addr": info["ip_addrs"]["public"], + "proxy": proxy + } + entry = extra_ci_agent_with_proxy_tmpl.format(**args) + else: + args = { + "user": user, + "host": host, + "ip_addr": info["ip_addrs"]["public"] + } + entry = extra_ci_agent_tmpl.format(**args) else: bastion_ip = info["ip_addrs"]["bastion_ip"] bastion_host = info["ip_addrs"]["bastion_host"] @@ -375,7 +431,10 @@ def main(): elif instance["name"].startswith("couchdb-worker"): load_ci_agent(ci_agents, instance) elif instance["name"] in EXTRA: - load_extra_ci_agent(ci_agents, instance) + if not EXTRA[instance["name"]]["is_proxy"]: + load_extra_ci_agent(ci_agents, instance) + else: + load_extra_bastion(bastions, instance) assign_bastions(bastions, ci_agents)
