kayobe/ansible/overcloud-introspection-rules.yml
Mark Goddard 388dfa369c Avoid fact gathering for group_by
There are a few places where we have a play with one task that uses the
group_by module to generate groups that are used in a subsequent play.
These plays do not need to gather facts for their target hosts.

In particular, the kolla-openstack.yml playbook should really be able to
operate without access to remote hosts.

This change also adds changed_when: false to all group_by tasks, since
they show as changed but haven't really made any changes outside of
Ansible.

TrivialFix

Change-Id: I18f67eda4e48058f3f402b9d0e692d6eeb02855f
2021-03-04 17:32:15 +00:00

76 lines
3.0 KiB
YAML

---
- name: Check whether Ironic is enabled
hosts: controllers
gather_facts: False
tags:
- introspection-rules
tasks:
- name: Create controllers group with ironic enabled
group_by:
key: "controllers_for_introspection_rules_{{ kolla_enable_ironic | bool }}"
changed_when: false
- name: Ensure introspection rules are registered in Ironic Inspector
# Only required to run on a single host.
hosts: controllers_for_introspection_rules_True[0]
tags:
- introspection-rules
vars:
venv: "{{ virtualenv_path }}/openstacksdk"
pre_tasks:
- name: Validate OpenStack password authentication parameters
fail:
msg: >
Required OpenStack authentication parameter {{ item }} is
{% if item in openstack_auth %}empty{% else %}not present{% endif %}
in openstack_auth. Have you sourced the environment file?
when:
- openstack_auth_type == 'password'
- item not in openstack_auth or not openstack_auth[item]
with_items: "{{ openstack_auth_password_required_params }}"
tags:
- config-validation
- name: Ensure the openstack client is installed
include_role:
name: stackhpc.os-openstackclient
vars:
os_openstackclient_venv: "{{ venv }}"
os_openstackclient_install_epel: "{{ dnf_install_epel }}"
os_openstackclient_state: latest
os_openstackclient_upper_constraints_file: "{{ pip_upper_constraints_file }}"
- name: Retrieve the IPA kernel Glance image UUID
shell: >
. {{ venv }}/bin/activate &&
openstack image show '{{ ipa_images_kernel_name }}' -f value -c id
changed_when: False
register: ipa_kernel_id
environment: "{{ openstack_auth_env }}"
- name: Retrieve the IPA ramdisk Glance image UUID
shell: >
. {{ venv }}/bin/activate &&
openstack image show '{{ ipa_images_ramdisk_name }}' -f value -c id
changed_when: False
register: ipa_ramdisk_id
environment: "{{ openstack_auth_env }}"
roles:
- role: ironic-inspector-rules
os_openstacksdk_install_epel: "{{ dnf_install_epel }}"
os_openstacksdk_state: latest
ironic_inspector_venv: "{{ venv }}"
ironic_inspector_upper_constraints_file: "{{ pip_upper_constraints_file }}"
ironic_inspector_auth_type: "{{ openstack_auth_type }}"
ironic_inspector_auth: "{{ openstack_auth }}"
ironic_inspector_cacert: "{{ openstack_cacert }}"
ironic_inspector_interface: "{{ openstack_interface }}"
ironic_inspector_rules: "{{ inspector_rules }}"
# These variables may be referenced in the introspection rules.
inspector_rule_var_ipmi_username: "{{ inspector_ipmi_username }}"
inspector_rule_var_ipmi_password: "{{ inspector_ipmi_password }}"
inspector_rule_var_lldp_switch_port_interface: "{{ inspector_lldp_switch_port_interface_default }}"
inspector_rule_var_deploy_kernel: "{{ ipa_kernel_id.stdout }}"
inspector_rule_var_deploy_ramdisk: "{{ ipa_ramdisk_id.stdout }}"