kayobe/ansible/overcloud-ipa-images.yml
Mark Goddard e83c57f233 Add support for CA certificate parameter
When using Ansible OpenStack modules, if OS_CACERT is defined, then this
will be passed as the cacert module argument.

This ensures that non-standard CA certificate paths can be used.

Change-Id: I2a2575b1fb0f149cc13c44526fc0167e68e07aab
Story: 2004911
Task: 29261
2019-01-31 15:38:52 +00:00

109 lines
4.0 KiB
YAML

---
- name: Check whether Ironic is enabled
hosts: controllers
tags:
- ipa-images
tasks:
- name: Create controllers group with ironic enabled
group_by:
key: "controllers_for_ipa_images_{{ kolla_enable_ironic | bool }}"
- name: Ensure Ironic Python Agent (IPA) images are downloaded and registered
hosts: controllers_for_ipa_images_True[0]
gather_facts: False
tags:
- ipa-images
vars:
# These are the filenames generated by overcloud-ipa-build.yml.
ipa_image_name: "ipa"
ipa_images:
- "{{ ipa_image_name }}.vmlinuz"
- "{{ ipa_image_name }}.initramfs"
pre_tasks:
- name: Validate OpenStack password authentication parameters
fail:
msg: >
Required OpenStack authentication parameter {{ item }} is
{% if item in openstack_auth %}empty{% else %}not present{% endif %}
in openstack_auth. Have you sourced the environment file?
when:
- openstack_auth_type == 'password'
- item not in openstack_auth or not openstack_auth[item]
with_items: "{{ openstack_auth_password_required_params }}"
tags:
- config-validation
- block:
- name: Check for the presence of locally built Ironic Python Agent (IPA) images
stat:
path: "{{ image_cache_path }}/{{ ipa_image_name }}/{{ item }}"
get_md5: False
get_checksum: False
mime: False
with_items: "{{ ipa_images }}"
register: ipa_image_stat
- name: Validate the presence of locally built Ironic Python Agent (IPA) images
fail:
msg: >
Expected locally built Ironic Python Agent (IPA) image
{{ item.item }} was not present in {{ image_cache_path }}.
with_items: "{{ ipa_image_stat.results }}"
when: not item.stat.exists
when: ipa_build_images | bool
tags:
- config-validation
- name: Set fact containing the Ironic Python Agent (IPA) image URLs
set_fact:
# Don't pass the kernel and ramdisk image URLs if using built images.
ipa_images_kernel_url: "{{ ipa_kernel_upstream_url }}"
ipa_images_kernel_checksum_url: "{{ ipa_kernel_checksum_url }}"
ipa_images_kernel_checksum_algorithm: "{{ ipa_kernel_checksum_algorithm }}"
ipa_images_ramdisk_url: "{{ ipa_ramdisk_upstream_url }}"
ipa_images_ramdisk_checksum_url: "{{ ipa_ramdisk_checksum_url }}"
ipa_images_ramdisk_checksum_algorithm: "{{ ipa_ramdisk_checksum_algorithm }}"
when: not ipa_build_images | bool
- name: Check whether the image cache directory exists
stat:
path: "{{ image_cache_path }}"
get_md5: False
get_checksum: False
mime: False
register: image_cache_stat
- name: Ensure the image cache directory exists
file:
path: "{{ image_cache_path }}"
state: directory
owner: "{{ ansible_user_uid }}"
group: "{{ ansible_user_gid }}"
become: True
when: >-
not image_cache_stat.stat.exists or
not image_cache_stat.stat.writeable
- name: Ensure locally built Ironic Python Agent (IPA) images are copied
copy:
src: "{{ image_cache_path }}/{{ ipa_image_name }}/{{ item.src }}"
dest: "{{ image_cache_path }}/{{ ipa_image_name }}/{{ item.dest }}"
remote_src: True
with_items:
- src: "{{ ipa_images[0] }}"
dest: "{{ ipa_images_kernel_name }}"
- src: "{{ ipa_images[1] }}"
dest: "{{ ipa_images_ramdisk_name }}"
when:
- ipa_build_images | bool
- item.src != item.dest
roles:
- role: ipa-images
os_shade_install_epel: "{{ yum_install_epel }}"
ipa_images_venv: "{{ virtualenv_path }}/shade"
ipa_images_openstack_auth_type: "{{ openstack_auth_type }}"
ipa_images_openstack_auth: "{{ openstack_auth }}"
ipa_images_openstack_auth_env: "{{ openstack_auth_env }}"
ipa_images_openstack_cacert: "{{ openstack_cacert }}"
ipa_images_cache_path: "{{ image_cache_path }}/{{ ipa_image_name }}"