diff --git a/playbooks/releasenotes/notes/bifrost-role-auth-support-ea6b5571cd339aa2.yaml b/playbooks/releasenotes/notes/bifrost-role-auth-support-ea6b5571cd339aa2.yaml new file mode 100644 index 000000000..c5e5cfd69 --- /dev/null +++ b/playbooks/releasenotes/notes/bifrost-role-auth-support-ea6b5571cd339aa2.yaml @@ -0,0 +1,13 @@ +--- +features: + - Allows to choose to leverage authenticaiton with roles that + interact with ironic services via ansible modules. This is + limited to sessions that obtain authentication information + via os-client-config. The role defaults ultimately remain + unchanged and default to noauth mode. More information on + os-client-config can be found at: + http://docs.openstack.org/developer/os-client-config/ +issues: + - Users wishing to utilize authentication without leveraging + os-client-config, will need to manually update the playbooks + in order to set the appropriate module settings. diff --git a/playbooks/roles/bifrost-deploy-nodes-dynamic/README.md b/playbooks/roles/bifrost-deploy-nodes-dynamic/README.md index 2c542d51f..e159d32ff 100644 --- a/playbooks/roles/bifrost-deploy-nodes-dynamic/README.md +++ b/playbooks/roles/bifrost-deploy-nodes-dynamic/README.md @@ -60,6 +60,14 @@ inventory_dhcp: A boolean value, defaulted to false, which causes the role to update a template file and reload dhsmasq upon each update in order to perform static dhcp assignments utilizing the ipv4_address parameter. + +noauth_mode: Controls if the module is called in noauth mode. + By default, this is the standard mode of operation, + however if set to false, the role utilizes os_client_config + which expects a clouds.yml file. More information about + this file format can be found at: + http://docs.openstack.org/developer/os-client-config/ + Dependencies ------------ diff --git a/playbooks/roles/bifrost-deploy-nodes-dynamic/defaults/main.yml b/playbooks/roles/bifrost-deploy-nodes-dynamic/defaults/main.yml index 039cc117d..6a78bae81 100644 --- a/playbooks/roles/bifrost-deploy-nodes-dynamic/defaults/main.yml +++ b/playbooks/roles/bifrost-deploy-nodes-dynamic/defaults/main.yml @@ -8,5 +8,5 @@ http_boot_folder: "/httpboot" deploy_image_filename: "deployment_image.qcow2" deploy_image: "{{http_boot_folder}}/{{deploy_image_filename}}" inventory_dhcp: false - deploy_url_protocol: "http" +noauth_mode: true diff --git a/playbooks/roles/bifrost-deploy-nodes-dynamic/tasks/main.yml b/playbooks/roles/bifrost-deploy-nodes-dynamic/tasks/main.yml index 46653d10b..8161869aa 100644 --- a/playbooks/roles/bifrost-deploy-nodes-dynamic/tasks/main.yml +++ b/playbooks/roles/bifrost-deploy-nodes-dynamic/tasks/main.yml @@ -17,6 +17,11 @@ # the pass-through could mean that the user could deploy # things that are not directly accessible or reasonable # to be inspected. +- name: "If in noauth mode, set Auth parameters to None" + set_fact: + auth_type: None + auth: None + when: noauth_mode | bool == true - name: "Setup DHCP for nodes." template: src=dhcp-host.j2 dest=/etc/dnsmasq.d/bifrost.dhcp-hosts.d/{{ inventory_hostname }} owner=root group=root mode=0644 delegate_to: localhost @@ -28,10 +33,10 @@ command: killall -HUP dnsmasq become: yes when: inventory_dhcp | bool -- name: "Deploy to hardware - Using custom instance_info." +- name: "Deploy to hardware - Using custom instance_info" os_ironic_node: - auth_type: None - auth: None + auth_type: "{{ auth_type | default(omit) }}" + auth: "{{ auth | default(omit) }}" ironic_url: "{{ ironic_url }}" uuid: "{{ uuid }}" state: present @@ -48,8 +53,8 @@ when: instance_info is not defined and test_deploy_image.stat.exists | bool == false - name: "Deploy to hardware - bifrost default" os_ironic_node: - auth_type: None - auth: None + auth_type: "{{ auth_type | default(omit) }}" + auth: "{{ auth | default(omit) }}" ironic_url: "{{ ironic_url }}" uuid: "{{ uuid }}" state: present diff --git a/playbooks/roles/bifrost-unprovision-node-dynamic/README.md b/playbooks/roles/bifrost-unprovision-node-dynamic/README.md index 5bcd4796e..9ad1999d6 100644 --- a/playbooks/roles/bifrost-unprovision-node-dynamic/README.md +++ b/playbooks/roles/bifrost-unprovision-node-dynamic/README.md @@ -19,6 +19,13 @@ uuid: The UUID value for the node, at the host level. ironic_url: The setting defining the URL to the Ironic API. Presently defaulted to: "http://localhost:6385/" +noauth_mode: Controls if the module is called in noauth mode. + By default, this is the standard mode of operation, + however if set to false, the role utilizes os_client_config + which expects a clouds.yml file. More information about + this file format can be found at: + http://docs.openstack.org/developer/os-client-config/ + Dependencies ------------ diff --git a/playbooks/roles/bifrost-unprovision-node-dynamic/defaults/main.yml b/playbooks/roles/bifrost-unprovision-node-dynamic/defaults/main.yml index 44445bba9..55c8c7cc1 100644 --- a/playbooks/roles/bifrost-unprovision-node-dynamic/defaults/main.yml +++ b/playbooks/roles/bifrost-unprovision-node-dynamic/defaults/main.yml @@ -1,2 +1,3 @@ --- ironic_url: "http://localhost:6385/" +noauth_mode: true diff --git a/playbooks/roles/bifrost-unprovision-node-dynamic/tasks/main.yml b/playbooks/roles/bifrost-unprovision-node-dynamic/tasks/main.yml index b6fd98371..a9535860b 100644 --- a/playbooks/roles/bifrost-unprovision-node-dynamic/tasks/main.yml +++ b/playbooks/roles/bifrost-unprovision-node-dynamic/tasks/main.yml @@ -12,10 +12,15 @@ # See the License for the specific language governing permissions and # limitations under the License. --- -- name: "Unprovision node" - os_ironic_node: +- name: "If in noauth mode, set Auth parameters to None" + set_fact: auth_type: None auth: None + when: noauth_mode | bool == true +- name: "Unprovision node" + os_ironic_node: + auth_type: "{{ auth_type | default(omit) }}" + auth: "{{ auth | default(omit) }}" ironic_url: "{{ ironic_url }}" uuid: "{{ uuid | default() }}" name: "{{ name | default() }}" diff --git a/playbooks/roles/ironic-delete-dynamic/README.md b/playbooks/roles/ironic-delete-dynamic/README.md index fb2642aa7..e5e8ecd4b 100644 --- a/playbooks/roles/ironic-delete-dynamic/README.md +++ b/playbooks/roles/ironic-delete-dynamic/README.md @@ -24,6 +24,13 @@ nics: A list of dictionary key-value pairs in the format of a key value [{'mac':'01:02:03:04:05:06'},{'mac':'01:02:03:04:05:07'}] +noauth_mode: Controls if the module is called in noauth mode. + By default, this is the standard mode of operation, + however if set to false, the role utilizes os_client_config + which expects a clouds.yml file. More information about + this file format can be found at: + http://docs.openstack.org/developer/os-client-config/ + Dependencies ------------ diff --git a/playbooks/roles/ironic-delete-dynamic/defaults/main.yml b/playbooks/roles/ironic-delete-dynamic/defaults/main.yml index 44445bba9..55c8c7cc1 100644 --- a/playbooks/roles/ironic-delete-dynamic/defaults/main.yml +++ b/playbooks/roles/ironic-delete-dynamic/defaults/main.yml @@ -1,2 +1,3 @@ --- ironic_url: "http://localhost:6385/" +noauth_mode: true diff --git a/playbooks/roles/ironic-delete-dynamic/tasks/main.yml b/playbooks/roles/ironic-delete-dynamic/tasks/main.yml index d3197ec9b..07283d0d8 100644 --- a/playbooks/roles/ironic-delete-dynamic/tasks/main.yml +++ b/playbooks/roles/ironic-delete-dynamic/tasks/main.yml @@ -12,10 +12,15 @@ # See the License for the specific language governing permissions and # limitations under the License. --- -- name: "Delete hardware" - os_ironic: +- name: "If in noauth mode, set Auth parameters to None" + set_fact: auth_type: None auth: None + when: noauth_mode | bool == true +- name: "Delete hardware" + os_ironic: + auth_type: "{{ auth_type | default(omit) }}" + auth: "{{ auth | default(omit) }}" ironic_url: "{{ ironic_url }}" driver: "" uuid: "{{ uuid | default() }}" diff --git a/playbooks/roles/ironic-enroll-dynamic/README.md b/playbooks/roles/ironic-enroll-dynamic/README.md index a9570f442..2f928d04d 100644 --- a/playbooks/roles/ironic-enroll-dynamic/README.md +++ b/playbooks/roles/ironic-enroll-dynamic/README.md @@ -33,6 +33,13 @@ ipa_file_protocol: The protocol to utilize to access IPA files. The default is Do note, that a user wishing to utilize HTTPS may wish to review the iPXE documentation: http://ipxe.org/crypto +noauth_mode: Controls if the module is called in noauth mode. + By default, this is the standard mode of operation, + however if set to false, the role utilizes os_client_config + which expects a clouds.yml file. More information about + this file format can be found at: + http://docs.openstack.org/developer/os-client-config/ + This role expects a data structure similar to the one below, however it should be understood that the individual entries under power can vary based on power driver required. diff --git a/playbooks/roles/ironic-enroll-dynamic/defaults/main.yml b/playbooks/roles/ironic-enroll-dynamic/defaults/main.yml index 445f7c90a..23857665b 100644 --- a/playbooks/roles/ironic-enroll-dynamic/defaults/main.yml +++ b/playbooks/roles/ironic-enroll-dynamic/defaults/main.yml @@ -15,3 +15,5 @@ ipa_file_protocol: "http" ipa_kernel_url: "{{ ipa_file_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.vmlinuz" ipa_ramdisk_url: "{{ ipa_file_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{nginx_port}}/ipa.initramfs" + +noauth_mode: true diff --git a/playbooks/roles/ironic-enroll-dynamic/tasks/main.yml b/playbooks/roles/ironic-enroll-dynamic/tasks/main.yml index 94fe69301..4be2694d6 100644 --- a/playbooks/roles/ironic-enroll-dynamic/tasks/main.yml +++ b/playbooks/roles/ironic-enroll-dynamic/tasks/main.yml @@ -12,10 +12,15 @@ # See the License for the specific language governing permissions and # limitations under the License. --- -- name: "Dynamic enrollment" - os_ironic: +- name: "If in noauth mode, set Auth parameters to None" + set_fact: auth_type: None auth: None + when: noauth_mode | bool == true +- name: "Dynamic enrollment" + os_ironic: + auth_type: "{{ auth_type | default(omit) }}" + auth: "{{ auth | default(omit) }}" ironic_url: "{{ ironic_url }}" driver: "{{ driver }}" uuid: "{{ uuid | default() }}" diff --git a/playbooks/roles/ironic-inspect-node/README.md b/playbooks/roles/ironic-inspect-node/README.md index 60ba30e29..ae240b307 100644 --- a/playbooks/roles/ironic-inspect-node/README.md +++ b/playbooks/roles/ironic-inspect-node/README.md @@ -18,6 +18,13 @@ uuid: The UUID of the node to invoke ironic node introspection upon. name: A node name to invoke inspection upon. This variable is not required if the node uuid value is supplied. +noauth_mode: Controls if the module is called in noauth mode. + By default, this is the standard mode of operation, + however if set to false, the role utilizes os_client_config + which expects a clouds.yml file. More information about + this file format can be found at: + http://docs.openstack.org/developer/os-client-config/ + Dependencies ------------ diff --git a/playbooks/roles/ironic-inspect-node/defaults/main.yml b/playbooks/roles/ironic-inspect-node/defaults/main.yml index 8ee09e96e..7e350926e 100644 --- a/playbooks/roles/ironic-inspect-node/defaults/main.yml +++ b/playbooks/roles/ironic-inspect-node/defaults/main.yml @@ -1,2 +1,3 @@ --- # defaults file for ironic-inspect-node +noauth_mode: true diff --git a/playbooks/roles/ironic-inspect-node/tasks/main.yml b/playbooks/roles/ironic-inspect-node/tasks/main.yml index 452585ce3..3c4dbef40 100644 --- a/playbooks/roles/ironic-inspect-node/tasks/main.yml +++ b/playbooks/roles/ironic-inspect-node/tasks/main.yml @@ -12,10 +12,15 @@ # See the License for the specific language governing permissions and # limitations under the License. --- -- name: "Execute node introspection" - os_ironic_inspect: +- name: "If in noauth mode, set Auth parameters to None" + set_fact: auth_type: None auth: None + when: noauth_mode | bool == true +- name: "Execute node introspection - NoAuth Mode" + os_ironic_inspect: + auth_type: "{{ auth_type | default(omit) }}" + auth: "{{ auth | default(omit) }}" ironic_url: "{{ ironic_url }}" uuid: "{{ uuid }}" delegate_to: localhost