Merge "Make kolla ansible user and group configurable"
This commit is contained in:
Zuul
Gerrit Code Review
commit
6afc0cb07f
@ -298,6 +298,16 @@ kolla_openstack_logging_debug: "False"
|
||||
# Upper constraints file for installation of Kolla.
|
||||
kolla_upper_constraints_file: "https://raw.githubusercontent.com/openstack/requirements/stable/queens/upper-constraints.txt"
|
||||
|
||||
# User account to use for Kolla SSH access.
|
||||
kolla_ansible_user: kolla
|
||||
|
||||
# Primary group of Kolla SSH user.
|
||||
kolla_ansible_group: kolla
|
||||
|
||||
# Whether to use privilege escalation for all operations performed via Kolla
|
||||
# Ansible.
|
||||
kolla_ansible_become: true
|
||||
|
||||
###############################################################################
|
||||
# Kolla feature flag configuration.
|
||||
|
||||
|
||||
@ -39,7 +39,7 @@
|
||||
path: "{{ kolla_ansible_target_venv }}"
|
||||
recurse: True
|
||||
state: directory
|
||||
owner: kolla
|
||||
group: kolla
|
||||
owner: "{{ kolla_ansible_user }}"
|
||||
group: "{{ kolla_ansible_group }}"
|
||||
become: True
|
||||
when: kolla_ansible_target_venv is not none
|
||||
|
||||
@ -38,6 +38,16 @@ kolla_node_custom_config_path:
|
||||
# Path to kolla-ansible passwords.yml input file.
|
||||
kolla_ansible_passwords_path:
|
||||
|
||||
# User account to use for Kolla SSH access.
|
||||
kolla_ansible_user: kolla
|
||||
|
||||
# Primary group of Kolla SSH user.
|
||||
kolla_ansible_group: kolla
|
||||
|
||||
# Whether to use privilege escalation for all operations performed via Kolla
|
||||
# Ansible.
|
||||
kolla_ansible_become: true
|
||||
|
||||
###############################################################################
|
||||
# Kolla-ansible inventory configuration.
|
||||
|
||||
|
||||
@ -48,6 +48,12 @@ kolla_external_vip_address: "{{ kolla_external_vip_address }}"
|
||||
# kolla_external_vip_address.
|
||||
kolla_external_fqdn: "{{ kolla_external_fqdn }}"
|
||||
|
||||
# User account to use for Kolla SSH access.
|
||||
kolla_user: "{{ kolla_ansible_user }}"
|
||||
|
||||
# Primary group of Kolla SSH user.
|
||||
kolla_group: "{{ kolla_ansible_group }}"
|
||||
|
||||
################
|
||||
# Docker options
|
||||
################
|
||||
|
||||
@ -28,8 +28,10 @@
|
||||
{% endfor %}
|
||||
|
||||
[overcloud:vars]
|
||||
ansible_user=kolla
|
||||
ansible_user={{ kolla_ansible_user }}
|
||||
{% if kolla_ansible_become | bool %}
|
||||
ansible_become=true
|
||||
{% endif %}
|
||||
{% if kolla_ansible_target_venv is not none %}
|
||||
# Execute ansible modules on the remote target hosts using a virtualenv.
|
||||
ansible_python_interpreter={{ kolla_ansible_target_venv }}/bin/python
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
{% endfor %}
|
||||
|
||||
[seed:vars]
|
||||
ansible_user=kolla
|
||||
ansible_user={{ kolla_ansible_user }}
|
||||
{% if kolla_ansible_target_venv is not none %}
|
||||
# Execute ansible modules on the remote target hosts using a virtualenv.
|
||||
ansible_python_interpreter={{ kolla_ansible_target_venv }}/bin/python
|
||||
|
||||
@ -97,6 +97,8 @@
|
||||
kolla_enable_tls_external: False
|
||||
kolla_external_fqdn_cert: "fake-cert"
|
||||
openstack_logging_debug: False
|
||||
kolla_user: "kolla"
|
||||
kolla_group: "kolla"
|
||||
|
||||
- name: Validate variables are absent from globals.yml
|
||||
assert:
|
||||
|
||||
@ -23,6 +23,8 @@
|
||||
kolla_node_custom_config_path: "{{ temp_path }}/etc/kolla/config"
|
||||
kolla_ansible_passwords_path: "{{ temp_path }}/passwords.yml"
|
||||
# Config.
|
||||
kolla_ansible_user: "fake-user"
|
||||
kolla_ansible_group: "fake-group"
|
||||
kolla_base_distro: "fake-distro"
|
||||
kolla_install_type: "fake-install-type"
|
||||
kolla_docker_namespace: "fake-namespace"
|
||||
@ -167,6 +169,8 @@
|
||||
globals_yml: "{{ lookup('file', temp_path ~ '/etc/kolla/globals.yml') | from_yaml }}"
|
||||
expected_variables:
|
||||
config_strategy: "COPY_ALWAYS"
|
||||
kolla_user: "fake-user"
|
||||
kolla_group: "fake-group"
|
||||
kolla_base_distro: "fake-distro"
|
||||
kolla_install_type: "fake-install-type"
|
||||
openstack_release: "fake-release"
|
||||
|
||||
@ -55,8 +55,8 @@
|
||||
src: "{{ swift_ring_build_path }}/{{ item[0] }}.{{ item[1] }}"
|
||||
dest: "{{ kolla_config_path }}/config/swift/{{ item[0] }}.{{ item[1] }}"
|
||||
remote_src: True
|
||||
owner: kolla
|
||||
group: kolla
|
||||
owner: "{{ ansible_user_uid }}"
|
||||
group: "{{ ansible_user_gid }}"
|
||||
mode: 0644
|
||||
with_nested:
|
||||
- "{{ swift_service_names }}"
|
||||
|
||||
@ -141,6 +141,19 @@
|
||||
# Whether debug logging is enabled.
|
||||
#kolla_openstack_logging_debug:
|
||||
|
||||
# Upper constraints file for installation of Kolla.
|
||||
#kolla_upper_constraints_file:
|
||||
|
||||
# User account to use for Kolla SSH access.
|
||||
#kolla_ansible_user:
|
||||
|
||||
# Primary group of Kolla SSH user.
|
||||
#kolla_ansible_group:
|
||||
|
||||
# Whether to use privilege escalation for all operations performed via Kolla
|
||||
# Ansible.
|
||||
#kolla_ansible_become:
|
||||
|
||||
###############################################################################
|
||||
# Kolla feature flag configuration.
|
||||
|
||||
|
||||
@ -0,0 +1,8 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Adds support for configuration of the user used by Kolla Ansible for remote
|
||||
execution. The user is configured via ``kolla_ansible_user``, its primary
|
||||
group via ``kolla_ansible_group``, and ``kolla_ansible_become`` determines
|
||||
whether privilege escalation is used by Kolla Ansible for all tasks or only
|
||||
required tasks.
|
||||
Loading…
Reference in New Issue
Block a user