388dfa369c
There are a few places where we have a play with one task that uses the group_by module to generate groups that are used in a subsequent play. These plays do not need to gather facts for their target hosts. In particular, the kolla-openstack.yml playbook should really be able to operate without access to remote hosts. This change also adds changed_when: false to all group_by tasks, since they show as changed but haven't really made any changes outside of Ansible. TrivialFix Change-Id: I18f67eda4e48058f3f402b9d0e692d6eeb02855f
76 lines
3.0 KiB
YAML
76 lines
3.0 KiB
YAML
---
|
|
- name: Check whether Ironic is enabled
|
|
hosts: controllers
|
|
gather_facts: False
|
|
tags:
|
|
- introspection-rules
|
|
tasks:
|
|
- name: Create controllers group with ironic enabled
|
|
group_by:
|
|
key: "controllers_for_introspection_rules_{{ kolla_enable_ironic | bool }}"
|
|
changed_when: false
|
|
|
|
- name: Ensure introspection rules are registered in Ironic Inspector
|
|
# Only required to run on a single host.
|
|
hosts: controllers_for_introspection_rules_True[0]
|
|
tags:
|
|
- introspection-rules
|
|
vars:
|
|
venv: "{{ virtualenv_path }}/openstacksdk"
|
|
pre_tasks:
|
|
- name: Validate OpenStack password authentication parameters
|
|
fail:
|
|
msg: >
|
|
Required OpenStack authentication parameter {{ item }} is
|
|
{% if item in openstack_auth %}empty{% else %}not present{% endif %}
|
|
in openstack_auth. Have you sourced the environment file?
|
|
when:
|
|
- openstack_auth_type == 'password'
|
|
- item not in openstack_auth or not openstack_auth[item]
|
|
with_items: "{{ openstack_auth_password_required_params }}"
|
|
tags:
|
|
- config-validation
|
|
|
|
- name: Ensure the openstack client is installed
|
|
include_role:
|
|
name: stackhpc.os-openstackclient
|
|
vars:
|
|
os_openstackclient_venv: "{{ venv }}"
|
|
os_openstackclient_install_epel: "{{ dnf_install_epel }}"
|
|
os_openstackclient_state: latest
|
|
os_openstackclient_upper_constraints_file: "{{ pip_upper_constraints_file }}"
|
|
|
|
- name: Retrieve the IPA kernel Glance image UUID
|
|
shell: >
|
|
. {{ venv }}/bin/activate &&
|
|
openstack image show '{{ ipa_images_kernel_name }}' -f value -c id
|
|
changed_when: False
|
|
register: ipa_kernel_id
|
|
environment: "{{ openstack_auth_env }}"
|
|
|
|
- name: Retrieve the IPA ramdisk Glance image UUID
|
|
shell: >
|
|
. {{ venv }}/bin/activate &&
|
|
openstack image show '{{ ipa_images_ramdisk_name }}' -f value -c id
|
|
changed_when: False
|
|
register: ipa_ramdisk_id
|
|
environment: "{{ openstack_auth_env }}"
|
|
|
|
roles:
|
|
- role: ironic-inspector-rules
|
|
os_openstacksdk_install_epel: "{{ dnf_install_epel }}"
|
|
os_openstacksdk_state: latest
|
|
ironic_inspector_venv: "{{ venv }}"
|
|
ironic_inspector_upper_constraints_file: "{{ pip_upper_constraints_file }}"
|
|
ironic_inspector_auth_type: "{{ openstack_auth_type }}"
|
|
ironic_inspector_auth: "{{ openstack_auth }}"
|
|
ironic_inspector_cacert: "{{ openstack_cacert }}"
|
|
ironic_inspector_interface: "{{ openstack_interface }}"
|
|
ironic_inspector_rules: "{{ inspector_rules }}"
|
|
# These variables may be referenced in the introspection rules.
|
|
inspector_rule_var_ipmi_username: "{{ inspector_ipmi_username }}"
|
|
inspector_rule_var_ipmi_password: "{{ inspector_ipmi_password }}"
|
|
inspector_rule_var_lldp_switch_port_interface: "{{ inspector_lldp_switch_port_interface_default }}"
|
|
inspector_rule_var_deploy_kernel: "{{ ipa_kernel_id.stdout }}"
|
|
inspector_rule_var_deploy_ramdisk: "{{ ipa_ramdisk_id.stdout }}"
|