openstack/kolla-ansible
Code Issues Proposed changes

Merge "Specify 'become' to necessary tasks (general roles)"

Browse Source
This commit is contained in:
Jenkins 2017-10-03 20:01:04 +00:00 committed by Gerrit Code Review
commit 109328be3e
12 changed files with 105 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ansible/group_vars/all.yml
View File

@ -15,6 +15,10 @@ project: ""
# The directory to store the config files on the destination node # The directory to store the config files on the destination node
node_config_directory: "/etc/kolla/{{ project }}" node_config_directory: "/etc/kolla/{{ project }}"
# The group which own node_config_directory
config_owner_user: "kolla"
config_owner_group: "kolla"
################### ###################
# Kolla options # Kolla options

1
ansible/post-deploy.yml
View File

@ -1,6 +1,7 @@
--- ---
- name: Creating admin openrc file on the deploy node - name: Creating admin openrc file on the deploy node
hosts: localhost hosts: localhost
become: true
tasks: tasks:
- template: - template:
src: "roles/common/templates/admin-openrc.sh.j2" src: "roles/common/templates/admin-openrc.sh.j2"

6
ansible/roles/certificates/tasks/generate.yml
View File

@ -1,5 +1,6 @@
--- ---
- name: Ensuring config directories exist - name: Ensuring config directories exist
become: true
file: file:
path: "{{ node_config_directory }}/{{ item }}" path: "{{ node_config_directory }}/{{ item }}"
state: "directory" state: "directory"
@ -8,6 +9,7 @@
- "certificates/private" - "certificates/private"
- name: Creating SSL configuration file - name: Creating SSL configuration file
become: true
template: template:
src: "{{ item }}.j2" src: "{{ item }}.j2"
dest: "{{ node_config_directory }}/certificates/{{ item }}" dest: "{{ node_config_directory }}/certificates/{{ item }}"
@ -15,11 +17,13 @@
- "openssl-kolla.cnf" - "openssl-kolla.cnf"
- name: Creating Key - name: Creating Key
become: true
command: creates="{{ item }}" openssl genrsa -out {{ item }} command: creates="{{ item }}" openssl genrsa -out {{ item }}
with_items: with_items:
- "{{ node_config_directory }}/certificates/private/haproxy.key" - "{{ node_config_directory }}/certificates/private/haproxy.key"
- name: Creating Server Certificate - name: Creating Server Certificate
become: true
command: creates="{{ item }}" openssl req -new -nodes -sha256 -x509 \ command: creates="{{ item }}" openssl req -new -nodes -sha256 -x509 \
-subj "/C=US/ST=NC/L=RTP/O=kolla/CN={{ kolla_external_fqdn }}" \ -subj "/C=US/ST=NC/L=RTP/O=kolla/CN={{ kolla_external_fqdn }}" \
-config {{ node_config_directory }}/certificates/openssl-kolla.cnf \ -config {{ node_config_directory }}/certificates/openssl-kolla.cnf \
@ -31,11 +35,13 @@
- "{{ node_config_directory }}/certificates/private/haproxy.crt" - "{{ node_config_directory }}/certificates/private/haproxy.crt"
- name: Creating CA Certificate File - name: Creating CA Certificate File
become: true
copy: copy:
src: "{{ node_config_directory }}/certificates/private/haproxy.crt" src: "{{ node_config_directory }}/certificates/private/haproxy.crt"
dest: "{{ node_config_directory }}/certificates/haproxy-ca.crt" dest: "{{ node_config_directory }}/certificates/haproxy-ca.crt"
- name: Creating Server PEM File - name: Creating Server PEM File
become: true
assemble: assemble:
src: "{{ node_config_directory }}/certificates/private" src: "{{ node_config_directory }}/certificates/private"
dest: "{{ node_config_directory }}/certificates/haproxy.pem" dest: "{{ node_config_directory }}/certificates/haproxy.pem"

26
ansible/roles/common/tasks/config.yml
View File

@ -4,6 +4,7 @@
path: "{{ node_config_directory }}/{{ item }}" path: "{{ node_config_directory }}/{{ item }}"
state: "directory" state: "directory"
recurse: yes recurse: yes
become: true
with_items: with_items:
- "kolla-toolbox" - "kolla-toolbox"
- "cron" - "cron"
@ -26,6 +27,8 @@
template: template:
src: "{{ item.key }}.json.j2" src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json" dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
mode: "0660"
become: true
register: common_config_jsons register: common_config_jsons
when: item.value.enabled | bool when: item.value.enabled | bool
with_dict: "{{ common_services }}" with_dict: "{{ common_services }}"
@ -36,6 +39,8 @@
template: template:
src: "conf/input/{{ item }}.conf.j2" src: "conf/input/{{ item }}.conf.j2"
dest: "{{ node_config_directory }}/fluentd/input/{{ item }}.conf" dest: "{{ node_config_directory }}/fluentd/input/{{ item }}.conf"
mode: "0660"
become: true
register: fluentd_input register: fluentd_input
when: enable_fluentd | bool when: enable_fluentd | bool
with_items: with_items:
@ -52,6 +57,8 @@
template: template:
src: "conf/output/{{ item.name }}.conf.j2" src: "conf/output/{{ item.name }}.conf.j2"
dest: "{{ node_config_directory }}/fluentd/output/{{ item.name }}.conf" dest: "{{ node_config_directory }}/fluentd/output/{{ item.name }}.conf"
mode: "0660"
become: true
register: fluentd_output register: fluentd_output
when: when:
- enable_fluentd | bool - enable_fluentd | bool
@ -86,7 +93,9 @@
template: template:
src: "conf/format/{{ item }}.conf.j2" src: "conf/format/{{ item }}.conf.j2"
dest: "{{ node_config_directory }}/fluentd/format/{{ item }}.conf" dest: "{{ node_config_directory }}/fluentd/format/{{ item }}.conf"
mode: "0660"
register: fluentd_format register: fluentd_format
become: true
with_items: with_items:
- "apache_access" - "apache_access"
- "wsgi_access" - "wsgi_access"
@ -98,6 +107,8 @@
template: template:
src: "conf/filter/{{ item }}.conf.j2" src: "conf/filter/{{ item }}.conf.j2"
dest: "{{ node_config_directory }}/fluentd/filter/{{ item }}.conf" dest: "{{ node_config_directory }}/fluentd/filter/{{ item }}.conf"
mode: "0660"
become: true
register: fluentd_filter register: fluentd_filter
with_items: with_items:
- "00-record_transformer" - "00-record_transformer"
@ -110,6 +121,8 @@
template: template:
src: "td-agent.conf.j2" src: "td-agent.conf.j2"
dest: "{{ node_config_directory }}/{{ item }}/td-agent.conf" dest: "{{ node_config_directory }}/{{ item }}/td-agent.conf"
mode: "0660"
become: true
register: fluentd_td_agent register: fluentd_td_agent
with_items: with_items:
- "fluentd" - "fluentd"
@ -121,6 +134,8 @@
template: template:
src: "cron-logrotate-{{ item.name }}.conf.j2" src: "cron-logrotate-{{ item.name }}.conf.j2"
dest: "{{ node_config_directory }}/cron/logrotate/{{ item.name }}.conf" dest: "{{ node_config_directory }}/cron/logrotate/{{ item.name }}.conf"
mode: "0660"
become: true
register: cron_confs register: cron_confs
when: item.enabled | bool when: item.enabled | bool
with_items: with_items:
@ -180,6 +195,17 @@
notify: notify:
- Restart cron container - Restart cron container
- name: Ensuring config directories have correct owner and permission
become: true
file:
path: "{{ node_config_directory }}/{{ item }}"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
with_items:
- "fluentd"
- "cron"
- name: Check common containers - name: Check common containers
kolla_docker: kolla_docker:
action: "compare_container" action: "compare_container"

1
ansible/roles/destroy/tasks/cleanup_host.yml
View File

@ -1,5 +1,6 @@
--- ---
- name: Destroying Kolla host configuration - name: Destroying Kolla host configuration
become: true
command: > command: >
env enable_haproxy={{ enable_haproxy }} env enable_haproxy={{ enable_haproxy }}
enable_swift={{ enable_swift }} enable_swift={{ enable_swift }}

15
ansible/roles/haproxy/tasks/config.yml
View File

@ -1,6 +1,7 @@
--- ---
- name: Setting sysctl values - name: Setting sysctl values
sysctl: name={{ item.name }} value={{ item.value }} sysctl_set=yes sysctl: name={{ item.name }} value={{ item.value }} sysctl_set=yes
become: true
with_items: with_items:
- { name: "net.ipv4.ip_nonlocal_bind", value: 1} - { name: "net.ipv4.ip_nonlocal_bind", value: 1}
- { name: "net.unix.max_dgram_qlen", value: 128} - { name: "net.unix.max_dgram_qlen", value: 128}
@ -10,7 +11,10 @@
file: file:
path: "{{ node_config_directory }}/{{ item.key }}" path: "{{ node_config_directory }}/{{ item.key }}"
state: "directory" state: "directory"
recurse: yes owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
become: true
when: when:
- inventory_hostname in groups[item.value.group] - inventory_hostname in groups[item.value.group]
- item.value.enabled | bool - item.value.enabled | bool
@ -20,6 +24,8 @@
template: template:
src: "{{ item.key }}.json.j2" src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json" dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
mode: "0660"
become: true
register: haproxy_config_jsons register: haproxy_config_jsons
when: when:
- inventory_hostname in groups[item.value.group] - inventory_hostname in groups[item.value.group]
@ -35,6 +41,8 @@
template: template:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ node_config_directory }}/haproxy/haproxy.cfg" dest: "{{ node_config_directory }}/haproxy/haproxy.cfg"
mode: "0660"
become: true
register: haproxy_cfg register: haproxy_cfg
when: when:
- inventory_hostname in groups[service.group] - inventory_hostname in groups[service.group]
@ -53,6 +61,8 @@
template: template:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ node_config_directory }}/keepalived/keepalived.conf" dest: "{{ node_config_directory }}/keepalived/keepalived.conf"
mode: "0660"
become: true
register: keepalived_conf register: keepalived_conf
when: when:
- inventory_hostname in groups[service.group] - inventory_hostname in groups[service.group]
@ -70,6 +80,8 @@
copy: copy:
src: "{{ kolla_external_fqdn_cert }}" src: "{{ kolla_external_fqdn_cert }}"
dest: "{{ node_config_directory }}/haproxy/{{ item }}" dest: "{{ node_config_directory }}/haproxy/{{ item }}"
mode: "0660"
become: true
register: haproxy_pem register: haproxy_pem
when: when:
- kolla_enable_tls_external | bool - kolla_enable_tls_external | bool
@ -97,3 +109,4 @@
with_dict: "{{ haproxy_services }}" with_dict: "{{ haproxy_services }}"
notify: notify:
- "Restart {{ item.key }} container" - "Restart {{ item.key }} container"

12
ansible/roles/mariadb/tasks/config.yml
View File

@ -3,7 +3,10 @@
file: file:
path: "{{ node_config_directory }}/{{ item.key }}" path: "{{ node_config_directory }}/{{ item.key }}"
state: "directory" state: "directory"
recurse: yes owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
become: true
when: when:
- inventory_hostname in groups[item.value.group] - inventory_hostname in groups[item.value.group]
- item.value.enabled | bool - item.value.enabled | bool
@ -16,6 +19,8 @@
template: template:
src: "{{ service_name }}.json.j2" src: "{{ service_name }}.json.j2"
dest: "{{ node_config_directory }}/{{ service_name }}/config.json" dest: "{{ node_config_directory }}/{{ service_name }}/config.json"
mode: "0660"
become: true
register: mariadb_config_json register: mariadb_config_json
when: when:
- inventory_hostname in groups[service.group] - inventory_hostname in groups[service.group]
@ -34,6 +39,8 @@
- "{{ node_custom_config }}/galera.cnf" - "{{ node_custom_config }}/galera.cnf"
- "{{ node_custom_config }}/mariadb/{{ inventory_hostname }}/galera.cnf" - "{{ node_custom_config }}/mariadb/{{ inventory_hostname }}/galera.cnf"
dest: "{{ node_config_directory }}/{{ service_name }}/galera.cnf" dest: "{{ node_config_directory }}/{{ service_name }}/galera.cnf"
mode: "0660"
become: true
register: mariadb_galera_conf register: mariadb_galera_conf
when: when:
- inventory_hostname in groups[service.group] - inventory_hostname in groups[service.group]
@ -46,6 +53,8 @@
template: template:
src: "{{ role_path }}/templates/wsrep-notify.sh.j2" src: "{{ role_path }}/templates/wsrep-notify.sh.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/wsrep-notify.sh" dest: "{{ node_config_directory }}/{{ item.key }}/wsrep-notify.sh"
mode: "0770"
become: true
register: mariadb_wsrep_notify register: mariadb_wsrep_notify
when: when:
- inventory_hostname in groups[item.value.group] - inventory_hostname in groups[item.value.group]
@ -62,6 +71,7 @@
name: "{{ item.value.container_name }}" name: "{{ item.value.container_name }}"
image: "{{ item.value.image }}" image: "{{ item.value.image }}"
volumes: "{{ item.value.volumes }}" volumes: "{{ item.value.volumes }}"
become: true
register: check_mariadb_containers register: check_mariadb_containers
when: when:
- action != "config" - action != "config"

9
ansible/roles/memcached/tasks/config.yml
View File

@ -3,7 +3,10 @@
file: file:
path: "{{ node_config_directory }}/{{ item }}" path: "{{ node_config_directory }}/{{ item }}"
state: "directory" state: "directory"
recurse: yes owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
become: true
with_items: with_items:
- "memcached" - "memcached"
@ -11,7 +14,9 @@
template: template:
src: "{{ item }}.json.j2" src: "{{ item }}.json.j2"
dest: "{{ node_config_directory }}/{{ item }}/config.json" dest: "{{ node_config_directory }}/{{ item }}/config.json"
mode: "0660"
register: memcached_config_json register: memcached_config_json
become: true
with_items: with_items:
- "memcached" - "memcached"
notify: Restart memcached container notify: Restart memcached container
@ -25,9 +30,11 @@
name: "{{ service.container_name }}" name: "{{ service.container_name }}"
image: "{{ service.image }}" image: "{{ service.image }}"
volumes: "{{ service.volumes }}" volumes: "{{ service.volumes }}"
become: true
register: check_memcached_container register: check_memcached_container
when: when:
- inventory_hostname in groups[service.group] - inventory_hostname in groups[service.group]
- service.enabled | bool - service.enabled | bool
- action != "config" - action != "config"
notify: Restart memcached container notify: Restart memcached container

2
ansible/roles/prechecks/tasks/main.yml
View File

@ -4,3 +4,5 @@
- include: service_checks.yml - include: service_checks.yml
- include: package_checks.yml - include: package_checks.yml
- include: user_checks.yml

19
ansible/roles/prechecks/tasks/user_checks.yml Normal file
View File

@ -0,0 +1,19 @@
---
- name: Check if config_owner_user existed
getent:
database: passwd
key: "{{ config_owner_user }}"
- name: Check if config_owner_group existed
getent:
database: group
key: "{{ config_owner_group }}"
register: getent_group
#(duonghq) it's only a basic check, should be refined later
- name: Check if ansible user can do passwordless sudo
shell: sudo -n true
register: result
failed_when: result | failed

9
ansible/roles/rabbitmq/tasks/config.yml
View File

@ -3,7 +3,10 @@
file: file:
path: "{{ node_config_directory }}/{{ project_name }}" path: "{{ node_config_directory }}/{{ project_name }}"
state: "directory" state: "directory"
recurse: yes owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
become: true
when: when:
- inventory_hostname in groups[item.value.group] - inventory_hostname in groups[item.value.group]
- item.value.enabled | bool - item.value.enabled | bool
@ -13,6 +16,8 @@
template: template:
src: "{{ item.key }}.json.j2" src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ project_name }}/config.json" dest: "{{ node_config_directory }}/{{ project_name }}/config.json"
mode: "0770"
become: true
register: rabbitmq_config_jsons register: rabbitmq_config_jsons
when: when:
- inventory_hostname in groups[item.value.group] - inventory_hostname in groups[item.value.group]
@ -27,6 +32,8 @@
template: template:
src: "{{ item }}.j2" src: "{{ item }}.j2"
dest: "{{ node_config_directory }}/{{ project_name }}/{{ item }}" dest: "{{ node_config_directory }}/{{ project_name }}/{{ item }}"
mode: "0770"
become: true
register: rabbitmq_confs register: rabbitmq_confs
when: when:
- inventory_hostname in groups[service.group] - inventory_hostname in groups[service.group]

5
releasenotes/notes/specify-task-become-84f83707f612bcf3.yaml Normal file
View File

@ -0,0 +1,5 @@
---
prelude: >
Specify Ansible "become" for only necessary tasks.
features:
- Add "become" to necessary tasks of general roles.