diff --git a/playbooks/roles/bifrost-cloud-config/README.md b/playbooks/roles/bifrost-cloud-config/README.md new file mode 100644 index 000000000..500cb907a --- /dev/null +++ b/playbooks/roles/bifrost-cloud-config/README.md @@ -0,0 +1,89 @@ +bifrost-cloud-config +==================== + +This role generate authentication parameters suitable for bare metal ansible +modules. It is designed to be included from other roles and is of little use +otherwise. + +Requirements +------------ + +None + +Role Variables +-------------- + +This role supports one variable: + +`noauth_mode` + +Whether bifrost has been installed in no-authentication mode. +Defaults to `true`. + +This role sets several facts: + +`openstack` + +OpenStack configuration as returned by the `openstack.cloud.config` +module. May be missing in no-auth mode. + +`openstack_cloud` + +The cloud to use for authentication. May be missing in no-auth mode. + +`auth` + +An object with authentication information. If the fact is already defined, +it is only overridden in no-auth mode. + +`auth_type` + +Authentication plugin to use. If `auth` is already defined, it is only +overridden in no-auth mode. + +`ironic_url` + +Ironic endpoint to use. If the fact is already defined, it is not overridden. + +Notes +----- + +None + +Dependencies +------------ + +None at this time. + +Example Playbook +---------------- + +``` +- hosts: localhost + connection: local + become: no + gather_facts: no + roles: + - role: bifrost-cloud-config + noauth_mode: true +``` + +License +------- + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +Author Information +------------------ + +Ironic Developers diff --git a/playbooks/roles/bifrost-cloud-config/defaults/main.yml b/playbooks/roles/bifrost-cloud-config/defaults/main.yml new file mode 100644 index 000000000..02d3c60af --- /dev/null +++ b/playbooks/roles/bifrost-cloud-config/defaults/main.yml @@ -0,0 +1,2 @@ +--- +noauth_mode: true diff --git a/playbooks/roles/bifrost-cloud-config/tasks/main.yml b/playbooks/roles/bifrost-cloud-config/tasks/main.yml new file mode 100644 index 000000000..5b4052dc1 --- /dev/null +++ b/playbooks/roles/bifrost-cloud-config/tasks/main.yml @@ -0,0 +1,62 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- + +- name: "If in noauth mode, unset authentication parameters." + set_fact: + auth_type: None + auth: {} + when: noauth_mode | bool + +- name: "Execute openstack.cloud.config to collect facts" + openstack.cloud.config: + no_log: yes + # NOTE(dtantsur): Allow missing clouds.yaml only in no-auth mode + ignore_errors: "{{ noauth_mode | bool }}" + +- name: "Set openstack_cloud if possible" + set_fact: + # TODO(dtantsur): support looking up by cloud_name + openstack_cloud: "{{ openstack.clouds[0] }}" + when: + - openstack is defined + - openstack.clouds | length > 0 + no_log: yes + +# NOTE(TheJulia): The first record returned by openstack.cloud.config +# is utilized as the default. A user can still define the parameters +# if so desired. +- name: "Set openstack.cloud.config auth parameters if not already set." + set_fact: + auth: "{{ openstack_cloud.auth }}" + auth_type: "{{ openstack_cloud.auth_type }}" + when: + - auth is undefined + - openstack_cloud is defined + no_log: yes + +# FIXME(dtantsur): this should work by simply passing the cloud to ansible +# modules, but it does not because of some issues there. +- name: "Provide ironic_url if there is an endpoint override" + set_fact: + ironic_url: "{{ openstack_cloud.baremetal_endpoint_override }}" + when: + - ironic_url | default("") == "" + - openstack_cloud is defined + - openstack_cloud.baremetal_endpoint_override is defined + +- name: "Provide ironic_url for no-auth mode if there is no override" + set_fact: + ironic_url: "http://localhost:6385/" + when: + - ironic_url | default("") == "" + - noauth_mode | bool diff --git a/playbooks/roles/bifrost-configdrives-dynamic/defaults/main.yml b/playbooks/roles/bifrost-configdrives-dynamic/defaults/main.yml index 1025fa026..4d6b4f56f 100644 --- a/playbooks/roles/bifrost-configdrives-dynamic/defaults/main.yml +++ b/playbooks/roles/bifrost-configdrives-dynamic/defaults/main.yml @@ -19,9 +19,6 @@ ipv4_gateway: 192.168.1.1 ipv4_nameserver: 8.8.8.8 network_mtu: 1500 -# Default URL to Ironic -ironic_url: "http://localhost:6385/" - # Default ISO generation utility iso_gen_utility: "mkisofs" diff --git a/playbooks/roles/bifrost-configdrives-dynamic/tasks/update_facts_from_ironic.yaml b/playbooks/roles/bifrost-configdrives-dynamic/tasks/update_facts_from_ironic.yaml index 19a90d593..652eb0ba4 100644 --- a/playbooks/roles/bifrost-configdrives-dynamic/tasks/update_facts_from_ironic.yaml +++ b/playbooks/roles/bifrost-configdrives-dynamic/tasks/update_facts_from_ironic.yaml @@ -12,26 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. --- -- name: "If in noauth mode, set auth parameters accordingly." - set_fact: - auth_type: None - auth: {} - when: noauth_mode is defined and noauth_mode | bool == true - -- name: "Execute openstack.cloud.config to collect facts" - openstack.cloud.config: - no_log: yes - when: noauth_mode is defined and noauth_mode | bool == false - -# NOTE(TheJulia): The first record returned by openstack.cloud.config -# is utilized as the default. A user can still define the parameters -# if so desired. -- name: "Set openstack.cloud.config auth parameters if not already set." - set_fact: - auth: "{{ openstack.clouds[0].auth }}" - auth_type: "{{ openstack.clouds[0].auth_type }}" - when: auth is undefined - no_log: yes +- import_role: + name: bifrost-cloud-config # Note(TheJulia): This step allows us to collect things that # ironic knows, that we do not know potentially, such as an UUID @@ -39,8 +21,8 @@ - name: "Collecting node facts" os_ironic_node_info: cloud: "{{ cloud_name | default(omit) }}" - auth_type: "{{ auth_type }}" - auth: "{{ auth }}" + auth_type: "{{ auth_type | default(omit) }}" + auth: "{{ auth | default(omit) }}" ironic_url: "{{ ironic_url | default(omit) }}" uuid: "{{ uuid | default() }}" name: "{{ name | default() }}" diff --git a/playbooks/roles/bifrost-deploy-nodes-dynamic/defaults/main.yml b/playbooks/roles/bifrost-deploy-nodes-dynamic/defaults/main.yml index 494a5758b..2af21fc51 100644 --- a/playbooks/roles/bifrost-deploy-nodes-dynamic/defaults/main.yml +++ b/playbooks/roles/bifrost-deploy-nodes-dynamic/defaults/main.yml @@ -1,6 +1,5 @@ --- # defaults file for bifrost-deploy-nodes-dynamic -ironic_url: "http://localhost:6385/" file_url_port: "8080" network_interface: "virbr0" ans_network_interface: "{{ network_interface | replace('-', '_') }}" @@ -12,7 +11,6 @@ inventory_dhcp: false inventory_dhcp_static_ip: true inventory_dns: false deploy_url_protocol: "http" -noauth_mode: true # Under normal circumstances, the os_ironic_node module does not wait for # the node to reach active state before continuing with the deployment diff --git a/playbooks/roles/bifrost-deploy-nodes-dynamic/tasks/main.yml b/playbooks/roles/bifrost-deploy-nodes-dynamic/tasks/main.yml index f81182c13..53072832e 100644 --- a/playbooks/roles/bifrost-deploy-nodes-dynamic/tasks/main.yml +++ b/playbooks/roles/bifrost-deploy-nodes-dynamic/tasks/main.yml @@ -21,26 +21,8 @@ setup: gather_timeout: "{{ fact_gather_timeout }}" -- name: "If in noauth mode, unset authentication parameters." - set_fact: - auth_type: None - auth: {} - when: noauth_mode is defined and noauth_mode | bool == true - -- name: "Execute openstack.cloud.config to collect facts" - openstack.cloud.config: - no_log: yes - when: noauth_mode is defined and noauth_mode | bool == false - -# NOTE(TheJulia): The first record returned by openstack.cloud.config -# is utilized as the default. A user can still define the parameters -# if so desired. -- name: "Set openstack.cloud.config auth parameters if not already set." - set_fact: - auth: "{{ openstack.clouds[0].auth }}" - auth_type: "{{ openstack.clouds[0].auth_type }}" - when: auth is undefined - no_log: yes +- import_role: + name: bifrost-cloud-config - name: "Setup DHCP for nodes." template: @@ -71,9 +53,10 @@ - name: "Deploy to hardware - Using custom instance_info." openstack.cloud.baremetal_node_action: + cloud: "{{ cloud_name | default(omit) }}" auth_type: "{{ auth_type | default(omit) }}" auth: "{{ auth | default(omit) }}" - ironic_url: "{{ ironic_url }}" + ironic_url: "{{ ironic_url | default(omit) }}" uuid: "{{ uuid }}" state: present config_drive: "{{ deploy_url_protocol }}://{{ internal_ip }}:{{ file_url_port }}/configdrive-{{ uuid }}.iso.gz" diff --git a/playbooks/roles/bifrost-unprovision-node-dynamic/defaults/main.yml b/playbooks/roles/bifrost-unprovision-node-dynamic/defaults/main.yml index 9fe3f8d58..fccc92815 100644 --- a/playbooks/roles/bifrost-unprovision-node-dynamic/defaults/main.yml +++ b/playbooks/roles/bifrost-unprovision-node-dynamic/defaults/main.yml @@ -1,5 +1,4 @@ --- -ironic_url: "http://localhost:6385/" noauth_mode: true wait_for_node_undeploy: false diff --git a/playbooks/roles/bifrost-unprovision-node-dynamic/tasks/main.yml b/playbooks/roles/bifrost-unprovision-node-dynamic/tasks/main.yml index d67775a88..f0d8a780a 100644 --- a/playbooks/roles/bifrost-unprovision-node-dynamic/tasks/main.yml +++ b/playbooks/roles/bifrost-unprovision-node-dynamic/tasks/main.yml @@ -12,26 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. --- -- name: "If in noauth mode, unset authentication parameters." - set_fact: - auth_type: None - auth: {} - when: noauth_mode is defined and noauth_mode | bool == true - -- name: "Execute openstack.cloud.config to collect facts" - openstack.cloud.config: - no_log: yes - -# NOTE(TheJulia): The first record returned by openstack.cloud.config -# is utilized as the default. A user can still define the parameters -# if so desired. -- name: "Set openstack.cloud.config auth parameters if not already set." - set_fact: - auth: "{{ openstack.clouds[0].auth }}" - auth_type: "{{ openstack.clouds[0].auth_type }}" - when: auth is undefined - no_log: yes - when: noauth_mode is defined and noauth_mode | bool == false +- import_role: + name: bifrost-cloud-config - name: "Unprovision node" openstack.cloud.baremetal_node_action: diff --git a/playbooks/roles/ironic-delete-dynamic/defaults/main.yml b/playbooks/roles/ironic-delete-dynamic/defaults/main.yml index bfee2399a..b418c84d6 100644 --- a/playbooks/roles/ironic-delete-dynamic/defaults/main.yml +++ b/playbooks/roles/ironic-delete-dynamic/defaults/main.yml @@ -1,7 +1,4 @@ --- -ironic_url: "http://localhost:6385/" -noauth_mode: true - # Ensure that Ansible is using python interpreter and dependencies inside the bifrost virtual environment enable_venv: true bifrost_venv_dir: "{{ lookup('env', 'VENV') or '/opt/stack/bifrost' }}" diff --git a/playbooks/roles/ironic-delete-dynamic/tasks/main.yml b/playbooks/roles/ironic-delete-dynamic/tasks/main.yml index 4b5ad10a0..4e3ab467d 100644 --- a/playbooks/roles/ironic-delete-dynamic/tasks/main.yml +++ b/playbooks/roles/ironic-delete-dynamic/tasks/main.yml @@ -12,26 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. --- -- name: "If in noauth mode, unset authentication parameters." - set_fact: - auth_type: None - auth: {} - when: noauth_mode is defined and noauth_mode | bool == true - -- name: "Execute openstack.cloud.config to collect facts" - openstack.cloud.config: - no_log: yes - when: noauth_mode is defined and noauth_mode | bool == false - -# NOTE(TheJulia): The first record returned by openstack.cloud.config -# is utilized as the default. A user can still define the parameters -# if so desired. -- name: "Set openstack.cloud.config auth parameters if not already set." - set_fact: - auth: "{{ openstack.clouds[0].auth }}" - auth_type: "{{ openstack.clouds[0].auth_type }}" - when: auth is undefined - no_log: yes +- import_role: + name: bifrost-cloud-config - name: "Delete hardware" openstack.cloud.baremetal_node: diff --git a/playbooks/roles/ironic-enroll-dynamic/defaults/main.yml b/playbooks/roles/ironic-enroll-dynamic/defaults/main.yml index 40a7ae895..28dfcf06e 100644 --- a/playbooks/roles/ironic-enroll-dynamic/defaults/main.yml +++ b/playbooks/roles/ironic-enroll-dynamic/defaults/main.yml @@ -1,5 +1,4 @@ --- -ironic_url: "http://localhost:6385/" file_url_port: "8080" # Default network interface that bifrost will be attached to. network_interface: "virbr0" @@ -14,8 +13,6 @@ ipa_file_protocol: "http" ipa_kernel_url: "{{ ipa_file_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + network_interface | replace('-', '_')]['ipv4']['address'] }}:{{file_url_port}}/ipa.kernel" ipa_ramdisk_url: "{{ ipa_file_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + network_interface | replace('-', '_')]['ipv4']['address'] }}:{{file_url_port}}/ipa.initramfs" -noauth_mode: true - # Timeout for gathering facts. fact_gather_timeout: "{{ lookup('config', 'DEFAULT_GATHER_TIMEOUT', on_missing='skip') | default(omit, true) }}" diff --git a/playbooks/roles/ironic-enroll-dynamic/tasks/main.yml b/playbooks/roles/ironic-enroll-dynamic/tasks/main.yml index b5659bf62..527e11bb6 100644 --- a/playbooks/roles/ironic-enroll-dynamic/tasks/main.yml +++ b/playbooks/roles/ironic-enroll-dynamic/tasks/main.yml @@ -16,26 +16,8 @@ setup: gather_timeout: "{{ fact_gather_timeout }}" -- name: "If in noauth mode, unset authentication parameters." - set_fact: - auth_type: None - auth: {} - when: noauth_mode is defined and noauth_mode | bool == true - -- name: "Execute openstack.cloud.config to collect facts" - openstack.cloud.config: - no_log: yes - when: noauth_mode is defined and noauth_mode | bool == false - -# NOTE(TheJulia): The first record returned by openstack.cloud.config -# is utilized as the default. A user can still define the parameters -# if so desired. -- name: "Set openstack.cloud.config auth parameters if not already set." - set_fact: - auth: "{{ openstack.clouds[0].auth }}" - auth_type: "{{ openstack.clouds[0].auth_type }}" - when: auth is undefined - no_log: yes +- import_role: + name: bifrost-cloud-config - name: "Dynamic enrollment" openstack.cloud.baremetal_node: diff --git a/playbooks/roles/ironic-inspect-node/tasks/main.yml b/playbooks/roles/ironic-inspect-node/tasks/main.yml index be32aa2aa..0bce756f5 100644 --- a/playbooks/roles/ironic-inspect-node/tasks/main.yml +++ b/playbooks/roles/ironic-inspect-node/tasks/main.yml @@ -16,26 +16,8 @@ setup: gather_timeout: "{{ fact_gather_timeout }}" -- name: "If in noauth mode, unset authentication parameters." - set_fact: - auth_type: None - auth: {} - when: noauth_mode is defined and noauth_mode | bool == true - -- name: "Execute openstack.cloud.config to collect facts" - openstack.cloud.config: - no_log: yes - when: noauth_mode is defined and noauth_mode | bool == false - -# NOTE(TheJulia): The first record returned by openstack.cloud.config -# is utilized as the default. A user can still define the parameters -# if so desired. -- name: "Set openstack.cloud.config auth parameters if not already set." - set_fact: - auth: "{{ openstack.clouds[0].auth }}" - auth_type: "{{ openstack.clouds[0].auth_type }}" - when: auth is undefined - no_log: yes +- import_role: + name: bifrost-cloud-config - name: "Setup DHCP for nodes." template: @@ -62,7 +44,7 @@ become: yes when: (inventory_dhcp | bool == true) or (inventory_dns | bool == true) -- name: "Execute node introspection - noauth_mode" +- name: "Execute node introspection" openstack.cloud.baremetal_inspect: cloud: "{{ cloud_name | default(omit) }}" auth_type: "{{ auth_type | default(omit) }}" @@ -71,19 +53,3 @@ uuid: "{{ uuid | default('') }}" name: "{{ name | default('') }}" timeout: "{{ inspection_wait_timeout }}" - when: noauth_mode is not defined or noauth_mode | bool == True - -# NOTE(TheJulia): Some behavior appears to have changed in ansible at -# some point where arguments are passed that are part of the spec for, -# which raises a bug in the inspection module where auth_type must be -# defined, as it is otherwise always sent as a null value. -- name: "Execute node introspection" - openstack.cloud.baremetal_inspect: - cloud: "{{ cloud_name | default(omit) }}" - auth_type: "{{ auth_type | default('password') }}" - auth: "{{ auth | default(omit) }}" - ironic_url: "{{ ironic_url | default(omit) }}" - uuid: "{{ uuid | default('') }}" - name: "{{ name | default('') }}" - timeout: "{{ inspection_wait_timeout }}" - when: noauth_mode is defined and noauth_mode | bool == False