d8fe45b3d8
Having tagged plays allows us to easily run a subset of the plays for a command, and perform targeted operations with less risk of unintended consequences. The tags are typically named after the playbook, although some of the overcloud playbooks have been tagged without an overcloud- prefix.
28 lines
834 B
YAML
28 lines
834 B
YAML
---
|
|
- name: Ensure the Kayobe Ansible user account exists
|
|
hosts: seed:overcloud
|
|
tags:
|
|
- kayobe-ansible-user
|
|
vars:
|
|
ansible_user: "{{ bootstrap_user }}"
|
|
# We can't assume that a virtualenv exists at this point, so use the system
|
|
# python interpreter.
|
|
ansible_python_interpreter: /usr/bin/python
|
|
roles:
|
|
- role: singleplatform-eng.users
|
|
users:
|
|
- username: "{{ kayobe_ansible_user }}"
|
|
name: Kayobe deployment user
|
|
append: True
|
|
ssh_key:
|
|
- "{{ lookup('file', ssh_public_key_path) }}"
|
|
become: True
|
|
|
|
post_tasks:
|
|
- name: Ensure the Kayobe Ansible user has passwordless sudo
|
|
copy:
|
|
content: "{{ kayobe_ansible_user }} ALL=(ALL) NOPASSWD: ALL"
|
|
dest: "/etc/sudoers.d/kayobe-ansible-user"
|
|
mode: 0440
|
|
become: True
|