openstack/kolla-ansible
Code Issues Proposed changes

Specify 'become' for only necessary tasks (default roles)

Browse Source 
Add become to only neccesary tasks in roles:
- glance
- heat
- horizon
- keystone
- neutron
- nova
- openvswitch

Gate is also updated to use 'become' feature

Change-Id: I2f3f27306e9f384148e1ad4d54d8da2ebef34d00
Partial-Implements: blueprint ansible-specific-task-become
This commit is contained in:
Duong Ha-Quang 2016-08-23 22:34:21 +07:00
parent d1fe0778f1
commit 2d3866c6a4
15 changed files with 233 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ansible/roles/glance/tasks/ceph.yml
View File

@ -3,6 +3,7 @@
file:
path: "{{ node_config_directory }}/glance-api"
state: "directory"
mode: "0770"
when: inventory_hostname in groups['glance-api']
- name: Copying over ceph.conf(s)
@ -12,6 +13,7 @@
- "{{ node_custom_config }}/ceph.conf"
- "{{ node_custom_config }}/ceph/{{ inventory_hostname }}/ceph.conf"
dest: "{{ node_config_directory }}/glance-api/ceph.conf"
mode: "0660"
when: inventory_hostname in groups['glance-api']
- include: ../../ceph_pools.yml
@ -36,3 +38,14 @@
dest: "{{ node_config_directory }}/glance-api/ceph.client.glance.keyring"
mode: "0600"
when: inventory_hostname in groups['glance-api']
- name: Ensuring config directory has correct owner and permission
become: true
file:
path: "{{ node_config_directory }}/{{ item }}"
recurse: yes
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
when: inventory_hostname in groups['glance-api']
with_items:
- "glance-api"

12
ansible/roles/glance/tasks/config.yml
View File

@ -3,7 +3,10 @@
file:
path: "{{ node_config_directory }}/{{ item.key }}"
state: "directory"
recurse: yes
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
become: true
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
@ -13,6 +16,8 @@
template:
src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
mode: "0660"
become: true
register: glance_config_jsons
when:
- item.value.enabled | bool
@ -33,6 +38,8 @@
- "{{ node_custom_config }}/glance/{{ item.key }}.conf"
- "{{ node_custom_config }}/glance/{{ inventory_hostname }}/{{ item.key }}.conf"
dest: "{{ node_config_directory }}/{{ item.key }}/{{ item.key }}.conf"
mode: "0660"
become: true
register: glance_confs
when:
- item.value.enabled | bool
@ -69,6 +76,8 @@
template:
src: "{{ node_custom_config }}/glance/policy.json"
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
mode: "0660"
become: true
register: glance_policy_jsons
when:
- glance_policy.stat.exists
@ -94,3 +103,4 @@
notify:
- Restart glance-api container
- Restart glance-registry container

13
ansible/roles/glance/tasks/external_ceph.yml
View File

@ -3,11 +3,24 @@
file:
path: "{{ node_config_directory }}/glance-api"
state: "directory"
mode: "0770"
when: inventory_hostname in groups['glance-api']
- name: Copy over ceph files
copy:
src: "{{ item }}"
dest: "{{ node_config_directory }}/glance-api/"
mode: "0660"
with_fileglob:
- "{{ node_custom_config }}/glance/ceph*"
- name: Ensuring config directory has correct owner and permission
become: true
file:
path: "{{ node_config_directory }}/{{ item }}"
recurse: yes
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
when: inventory_hostname in groups['glance-api']
with_items:
- "glance-api"

12
ansible/roles/heat/tasks/config.yml
View File

@ -1,8 +1,12 @@
---
- name: Ensuring config directories exist
become: true
file:
path: "{{ node_config_directory }}/{{ item.key }}"
state: "directory"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
recurse: yes
when:
- inventory_hostname in groups[item.value.group]
@ -10,9 +14,11 @@
with_dict: "{{ heat_services }}"
- name: Copying over config.json files for services
become: true
template:
src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
mode: "0660"
register: heat_config_jsons
when:
- item.value.enabled | bool
@ -24,13 +30,16 @@
- Restart heat-engine container
- name: Copying over the heat-engine environment file
become: true
template:
src: "_deprecated.yaml"
dest: "{{ node_config_directory }}/{{ item }}/_deprecated.yaml"
mode: "0660"
with_items:
- "heat-engine"
- name: Copying over heat.conf
become: true
vars:
service_name: "{{ item.key }}"
merge_configs:
@ -41,6 +50,7 @@
- "{{ node_custom_config }}/heat/{{ item.key }}.conf"
- "{{ node_custom_config }}/heat/{{ inventory_hostname }}/heat.conf"
dest: "{{ node_config_directory }}/{{ item.key }}/heat.conf"
mode: "0660"
register: heat_confs
when:
- item.value.enabled | bool
@ -57,9 +67,11 @@
register: heat_policy
- name: Copying over existing policy.json
become: true
template:
src: "{{ node_custom_config }}/heat/policy.json"
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
mode: "0660"
register: heat_policy_jsons
when:
- heat_policy.stat.exists

14
ansible/roles/horizon/tasks/config.yml
View File

@ -1,20 +1,25 @@
---
- name: Ensuring config directories exist
become: true
file:
path: "{{ node_config_directory }}/{{ item.key }}"
state: "directory"
recurse: yes
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ horizon_services }}"
- name: Copying over config.json files for services
become: true
vars:
horizon: "{{ horizon_services['horizon'] }}"
template:
src: "horizon.json.j2"
dest: "{{ node_config_directory }}/horizon/config.json"
mode: "0660"
register: horizon_config_json
when:
- horizon.enabled | bool
@ -23,11 +28,13 @@
- Restart horizon container
- name: Copying over horizon.conf
become: true
vars:
horizon: "{{ horizon_services['horizon'] }}"
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/horizon/horizon.conf"
mode: "0660"
register: horizon_conf
with_first_found:
- "{{ node_custom_config }}/horizon/{{ inventory_hostname }}/horizon.conf"
@ -40,11 +47,13 @@
- Restart horizon container
- name: Copying over local_settings
become: true
vars:
horizon: "{{ horizon_services['horizon'] }}"
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/horizon/local_settings"
mode: "0660"
with_first_found:
- "{{ node_custom_config }}/horizon/{{ inventory_hostname }}/local_settings"
- "{{ node_custom_config }}/horizon/local_settings"
@ -87,11 +96,13 @@
- { name: "watcher", enabled: "{{ enable_horizon_watcher }}" }
- name: Copying over existing policy.json
become: true
vars:
horizon: "{{ horizon_services['horizon'] }}"
template:
src: "{{ node_custom_config }}/horizon/{{ item.item.name }}_policy.json"
dest: "{{ node_config_directory }}/horizon/{{ item.item.name }}_policy.json"
mode: "0660"
register: policy_jsons
when:
- horizon.enabled | bool
@ -119,3 +130,4 @@
- horizon.enabled | bool
notify:
- Restart horizon container

34
ansible/roles/keystone/tasks/config.yml
View File

@ -13,17 +13,34 @@
file:
path: "{{ node_config_directory }}/{{ item.key }}"
state: "directory"
recurse: yes
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
become: true
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ keystone_services }}"
- name: Creating Keystone Domain directory
vars:
keystone: "{{ keystone_services.keystone }}"
file:
dest: "{{ node_config_directory }}/keystone/domains/"
state: "directory"
mode: "0770"
become: true
when:
- inventory_hostname in groups[keystone.group]
- keystone.enabled | bool
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
mode: "0660"
register: keystone_config_jsons
become: true
with_dict: "{{ keystone_services }}"
when:
- inventory_hostname in groups[item.value.group]
@ -44,6 +61,8 @@
- "{{ node_custom_config }}/keystone/{{ item.key }}.conf"
- "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/keystone.conf"
dest: "{{ node_config_directory }}/{{ item.key }}/keystone.conf"
mode: "0660"
become: true
register: keystone_confs
with_dict: "{{ keystone_services }}"
when:
@ -60,6 +79,7 @@
file:
dest: "{{ node_config_directory }}/keystone/domains/"
state: "directory"
become: true
when:
- inventory_hostname in groups[keystone.group]
- keystone.enabled | bool
@ -76,6 +96,8 @@
template:
src: "{{ item.path }}"
dest: "{{ node_config_directory }}/keystone/domains/"
mode: "0660"
become: true
register: keystone_domains
when:
- inventory_hostname in groups[keystone.group]
@ -89,6 +111,8 @@
template:
src: "{{ node_custom_config }}/keystone/policy.json"
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
mode: "0660"
become: true
register: keystone_policy_jsons
when:
- inventory_hostname in groups[item.value.group]
@ -106,6 +130,8 @@
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/keystone/wsgi-keystone.conf"
mode: "0660"
become: true
register: keystone_wsgi
when:
- inventory_hostname in groups[keystone.group]
@ -132,6 +158,8 @@
template:
src: "{{ node_custom_config }}/keystone/keystone-paste.ini"
dest: "{{ node_config_directory }}/keystone/keystone-paste.ini"
mode: "0660"
become: true
register: keystone_paste_ini
when:
- inventory_hostname in groups[keystone.group]
@ -156,6 +184,8 @@
template:
src: "{{ item.src }}"
dest: "{{ node_config_directory }}/keystone-fernet/{{ item.dest }}"
mode: "0660"
become: true
register: keystone_fernet_confs
with_items:
- { src: "crontab.j2", dest: "crontab" }
@ -175,6 +205,8 @@
template:
src: "{{ item.src }}"
dest: "{{ node_config_directory }}/keystone-ssh/{{ item.dest }}"
mode: "0660"
become: true
register: keystone_ssh_confs
with_items:
- { src: "sshd_config.j2", dest: "sshd_config" }

19
ansible/roles/neutron/tasks/config-neutron-fake.yml
View File

@ -1,16 +1,20 @@
---
- name: Ensuring config directories exist
become: true
file:
path: "{{ node_config_directory }}/neutron-openvswitch-agent-fake-{{ item }}"
state: "directory"
recurse: yes
mode: "0770"
with_sequence: start=1 end={{ num_nova_fake_per_node }}
when: inventory_hostname in groups['compute']
- name: Copying over config.json files for services
become: true
template:
src: "neutron-openvswitch-agent.json.j2"
dest: "{{ node_config_directory }}/neutron-openvswitch-agent-fake-{{ item }}/config.json"
mode: "0660"
register: fake_config_json
with_sequence: start=1 end={{ num_nova_fake_per_node }}
when:
@ -18,6 +22,7 @@
- neutron_plugin_agent == "openvswitch"
- name: Copying over neutron.conf
become: true
vars:
service_name: "{{ item }}"
merge_configs:
@ -28,6 +33,7 @@
- "{{ node_custom_config }}/neutron/{{ item }}.conf"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/neutron.conf"
dest: "{{ node_config_directory }}/neutron-openvswitch-agent-fake-{{ item }}/neutron.conf"
mode: "0660"
register: fake_neutron_conf
with_sequence: start=1 end={{ num_nova_fake_per_node }}
when:
@ -35,6 +41,7 @@
- neutron_plugin_agent == "openvswitch"
- name: Copying over ml2_conf.ini
become: true
vars:
service_name: "{{ item }}"
merge_configs:
@ -43,6 +50,7 @@
- "{{ node_custom_config }}/neutron/ml2_conf.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/neutron.conf"
dest: "{{ node_config_directory }}/neutron-openvswitch-agent-fake-{{ item }}/ml2_conf.ini"
mode: "0660"
register: fake_neutron_ml2_conf_ini
with_sequence: start=1 end={{ num_nova_fake_per_node }}
when:
@ -68,3 +76,14 @@
with_sequence: "start=1 end={{ num_nova_fake_per_node }}"
notify:
- Restart fake neutron-openvswitch-agent container
- name: Ensuring config directory has correct owner and permission
become: true
file:
path: "{{ node_config_directory }}/neutron-openvswitch-agent-fake-{{ item }}"
recurse: yes
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
when: inventory_hostname in groups['compute']
with_sequence: start=1 end={{ num_nova_fake_per_node }}

32
ansible/roles/neutron/tasks/config.yml
View File

@ -1,5 +1,6 @@
---
- name: Setting sysctl values
become: true
vars:
neutron_l3_agent: "{{ neutron_services['neutron-l3-agent'] }}"
neutron_vpnaas_agent: "{{ neutron_services['neutron-vpnaas-agent'] }}"
@ -14,19 +15,24 @@
or (neutron_vpnaas_agent.enabled | bool and neutron_vpnaas_agent.host_in_groups | bool)
- name: Ensuring config directories exist
become: true
file:
path: "{{ node_config_directory }}/{{ item.key }}"
state: "directory"
recurse: yes
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
when:
- item.value.enabled | bool
- item.value.host_in_groups | bool
with_dict: "{{ neutron_services }}"
- name: Copying over config.json files for services
become: true
template:
src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
mode: "0770"
register: neutron_config_jsons
when:
- item.value.enabled | bool
@ -36,6 +42,7 @@
- "Restart {{ item.key }} container"
- name: Copying over neutron.conf
become: true
vars:
service_name: "{{ item.key }}"
services_need_neutron_conf:
@ -56,6 +63,7 @@
- "{{ node_custom_config }}/neutron/{{ item.key }}.conf"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/neutron.conf"
dest: "{{ node_config_directory }}/{{ item.key }}/neutron.conf"
mode: "0660"
register: neutron_confs
when:
- item.value.enabled | bool
@ -66,6 +74,7 @@
- "Restart {{ item.key }} container"
- name: Copying over neutron_lbaas.conf
become: true
vars:
service_name: "{{ item.key }}"
services_need_neutron_lbaas_conf:
@ -87,6 +96,7 @@
- "Restart {{ item.key }} container"
- name: Copying over neutron_vpnaas.conf
become: true
vars:
service_name: "{{ item.key }}"
services_need_neutron_vpnaas_conf:
@ -108,6 +118,7 @@
- "Restart {{ item.key }} container"
- name: Copying over ml2_conf.ini
become: true
vars:
service_name: "{{ item.key }}"
services_need_ml2_conf_ini:
@ -120,6 +131,7 @@
- "{{ node_custom_config }}/neutron/ml2_conf.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/ml2_conf.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/ml2_conf.ini"
mode: "0660"
register: neutron_ml2_confs
when:
- item.key in services_need_ml2_conf_ini
@ -130,6 +142,7 @@
- "Restart {{ item.key }} container"
- name: Copying over dhcp_agent.ini
become: true
vars:
service_name: "neutron-dhcp-agent"
neutron_dhcp_agent: "{{ neutron_services[service_name] }}"
@ -139,6 +152,7 @@
- "{{ node_custom_config }}/neutron/dhcp_agent.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/dhcp_agent.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/dhcp_agent.ini"
mode: "0660"
register: dhcp_agent_ini
when:
- neutron_dhcp_agent.enabled | bool
@ -147,12 +161,14 @@
- "Restart {{ service_name }} container"
- name: Copying over dnsmasq.conf
become: true
vars:
service_name: "neutron-dhcp-agent"
neutron_dhcp_agent: "{{ neutron_services[service_name] }}"
template:
src: "dnsmasq.conf.j2"
dest: "{{ node_config_directory }}/{{ service_name }}/dnsmasq.conf"
mode: "0660"
register: dnsmasq_conf
when:
- neutron_dhcp_agent.enabled | bool
@ -161,6 +177,7 @@
- "Restart {{ service_name }} container"
- name: Copying over l3_agent.ini
become: true
vars:
service_name: "{{ item.key }}"
services_need_l3_agent_ini:
@ -172,6 +189,7 @@
- "{{ node_custom_config }}/neutron/l3_agent.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/l3_agent.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/l3_agent.ini"
mode: "0660"
register: neutron_l3_agent_inis
when:
- item.key in services_need_l3_agent_ini
@ -182,6 +200,7 @@
- "Restart {{ item.key }} container"
- name: Copying over fwaas_driver.ini
become: true
vars:
service_name: "{{ item.key }}"
services_need_fwaas_driver_ini:
@ -193,6 +212,7 @@
- "{{ role_path }}/templates/fwaas_driver.ini.j2"
- "{{ node_custom_config }}/neutron/fwaas_driver.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/fwaas_driver.ini"
mode: "0660"
register: neutron_fwaas_driver_inis
when:
- item.key in services_need_fwaas_driver_ini
@ -203,6 +223,7 @@
- "Restart {{ item.key }} container"
- name: Copying over metadata_agent.ini
become: true
vars:
service_name: "neutron-metadata-agent"
neutron_metadata_agent: "{{ neutron_services[service_name] }}"
@ -211,6 +232,7 @@
- "{{ role_path }}/templates/metadata_agent.ini.j2"
- "{{ node_custom_config }}/neutron/metadata_agent.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/metadata_agent.ini"
mode: "0660"
register: neutron_metadata_agent_ini
when:
- neutron_metadata_agent.enabled | bool
@ -219,6 +241,7 @@
- "Restart {{ service_name }} container"
- name: Copying over lbaas_agent.ini
become: true
vars:
service_name: "neutron-lbaas-agent"
neutron_lbaas_agent: "{{ neutron_services[service_name] }}"
@ -227,6 +250,7 @@
- "{{ role_path }}/templates/lbaas_agent.ini.j2"
- "{{ node_custom_config }}/neutron/lbaas_agent.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/lbaas_agent.ini"
mode: "0660"
register: neutron_lbaas_agent_ini
when:
- neutron_lbaas_agent.enabled | bool
@ -235,6 +259,7 @@
- "Restart {{ service_name }} container"
- name: Copying over vpnaas_agent.ini
become: true
vars:
service_name: "neutron-vpnaas-agent"
neutron_vpnaas_agent: "{{ neutron_services[service_name] }}"
@ -243,6 +268,7 @@
- "{{ role_path }}/templates/vpnaas_agent.ini.j2"
- "{{ node_custom_config }}/neutron/vpnaas_agent.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/vpnaas_agent.ini"
mode: "0660"
register: neutron_vpnaas_agent_ini
when:
- neutron_vpnaas_agent.enabled | bool
@ -251,6 +277,7 @@
- "Restart {{ service_name }} container"
- name: Copying over bgp_dragent.ini
become: true
vars:
service_name: "neutron-bgp-dragent"
neutron_bgp_dragent: "{{ neutron_services[service_name] }}"
@ -290,6 +317,7 @@
- "Restart {{ service_name }} container"
- name: Copying over existing policy.json
become: true
vars:
service_name: "{{ item.key }}"
services_need_policy_json:
@ -305,6 +333,7 @@
template:
src: "{{ node_custom_config }}/neutron/policy.json"
dest: "{{ node_config_directory }}/{{ service_name }}/policy.json"
mode: "0660"
register: policy_jsons
when:
- neutron_policy.stat.exists
@ -359,3 +388,4 @@
with_dict: "{{ neutron_services }}"
notify:
- "Restart {{ item.key }} container"

14
ansible/roles/nova/tasks/ceph.yml
View File

@ -3,6 +3,7 @@
file:
path: "{{ node_config_directory }}/{{ item }}"
state: "directory"
mode: "0770"
with_items:
- "nova-compute"
- "nova-libvirt/secrets"
@ -17,6 +18,7 @@
- "{{ node_custom_config }}/ceph.conf"
- "{{ node_custom_config }}/ceph/{{ inventory_hostname }}/ceph.conf"
dest: "{{ node_config_directory }}/{{ item }}/ceph.conf"
mode: "0660"
with_items:
- "nova-compute"
- "nova-libvirt"
@ -94,3 +96,15 @@
- uuid: "{{ cinder_rbd_secret_uuid }}"
content: "{{ cinder_cephx_raw_key.stdout|default('') }}"
enabled: "{{ enable_cinder | bool and cinder_backend_ceph | bool}}"
- name: Ensuring config directory has correct owner and permission
become: true
file:
path: "{{ node_config_directory }}/{{ item }}"
recurse: yes
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
with_items:
- "nova-compute"
- "nova-libvirt/secrets"
when: inventory_hostname in groups['compute']

16
ansible/roles/nova/tasks/config-nova-fake.yml
View File

@ -1,5 +1,6 @@
---
- name: Ensuring config directories exist
become: true
file:
path: "{{ node_config_directory }}/nova-compute-fake-{{ item }}"
state: "directory"
@ -9,14 +10,17 @@
- Restart nova-compute-fake containers
- name: Copying over config.json files for services
become: true
template:
src: "nova-compute.json.j2"
dest: "{{ node_config_directory }}/nova-compute-fake-{{ item }}/config.json"
mode: "0660"
with_sequence: start=1 end={{ num_nova_fake_per_node }}
notify:
- Restart nova-compute-fake containers
- name: Copying over nova.conf
become: true
vars:
service_name: "{{ item }}"
merge_configs:
@ -27,6 +31,17 @@
- "{{ node_custom_config }}/nova/{{ item }}.conf"
- "{{ node_custom_config }}/nova/{{ inventory_hostname }}/nova.conf"
dest: "{{ node_config_directory }}/nova-compute-fake-{{ item }}/nova.conf"
mode: "0660"
with_sequence: start=1 end={{ num_nova_fake_per_node }}
- name: Ensuring config directory has correct owner and permission
become: true
file:
path: "{{ node_config_directory }}/nova-compute-fake-{{ item }}"
recurse: yes
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
become: true
with_sequence: start=1 end={{ num_nova_fake_per_node }}
notify:
- Restart nova-compute-fake containers
@ -44,6 +59,7 @@
- "/lib/modules:/lib/modules:ro"
- "/run:/run:shared"
- "kolla_logs:/var/log/kolla/"
become: true
with_sequence: start=1 end={{ num_nova_fake_per_node }}
when:
- action != "config"

18
ansible/roles/nova/tasks/config.yml
View File

@ -1,5 +1,6 @@
---
- name: Setting sysctl values
become: true
sysctl: name={{ item.name }} value={{ item.value }} sysctl_set=yes
with_items:
- { name: "net.bridge.bridge-nf-call-iptables", value: 1}
@ -11,19 +12,24 @@
- inventory_hostname in groups['compute']
- name: Ensuring config directories exist
become: true
file:
path: "{{ node_config_directory }}/{{ item.key }}"
state: "directory"
recurse: yes
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ nova_services }}"
- name: Copying over config.json files for services
become: true
template:
src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
mode: "0770"
register: config_jsons
when:
- inventory_hostname in groups[item.value.group]
@ -33,6 +39,7 @@
- "Restart {{ item.key }} container"
- name: Copying over nova.conf
become: true
vars:
services_require_nova_conf:
- placement-api
@ -54,6 +61,7 @@
- "{{ node_custom_config }}/nova/{{ item.key }}.conf"
- "{{ node_custom_config }}/nova/{{ inventory_hostname }}/nova.conf"
dest: "{{ node_config_directory }}/{{ item.key }}/nova.conf"
mode: "0660"
register: nova_confs
when:
- inventory_hostname in groups[item.value.group]
@ -64,11 +72,13 @@
- "Restart {{ item.key }} container"
- name: Copying over libvirt configuration
become: true
vars:
service: "{{ nova_services['nova-libvirt'] }}"
template:
src: "{{ item.src }}"
dest: "{{ node_config_directory }}/nova-libvirt/{{ item.dest }}"
mode: "0660"
register: nova_libvirt_confs
when:
- inventory_hostname in groups[service.group]
@ -80,6 +90,7 @@
- Restart nova-libvirt container
- name: Copying over placement-api wsgi configuration
become: true
vars:
service: "{{ nova_services['placement-api'] }}"
template:
@ -93,11 +104,13 @@
- Restart placement-api container
- name: Copying files for nova-ssh
become: true
vars:
service: "{{ nova_services['nova-ssh'] }}"
template:
src: "{{ item.src }}"
dest: "{{ node_config_directory }}/nova-ssh/{{ item.dest }}"
mode: "0660"
register: nova_ssh_confs
when:
- inventory_hostname in groups[service.group]
@ -131,6 +144,7 @@
register: nova_policy
- name: Copying over existing policy.json
become: true
vars:
services_require_policy_json:
- placement-api
@ -158,6 +172,7 @@
# check whether the containers parameter is changed. If yes, trigger the handler
- name: Check nova containers
become: true
kolla_docker:
action: "compare_container"
common_options: "{{ docker_common_options }}"
@ -175,3 +190,4 @@
with_dict: "{{ nova_services }}"
notify:
- "Restart {{ item.key }} container"

15
ansible/roles/nova/tasks/external_ceph.yml
View File

@ -3,6 +3,7 @@
file:
path: "{{ node_config_directory }}/{{ item }}"
state: "directory"
mode: "0770"
with_items:
- "nova-compute"
- "nova-libvirt/secrets"
@ -29,6 +30,7 @@
copy:
src: "{{ nova_cephx_keyring_file.stat.path }}"
dest: "{{ node_config_directory }}/{{ item }}/"
mode: "0660"
with_items:
- nova-compute
- nova-libvirt
@ -40,6 +42,7 @@
copy:
src: "{{ node_custom_config }}/nova/ceph.conf"
dest: "{{ node_config_directory }}/{{ item }}/"
mode: "0660"
with_items:
- nova-compute
- nova-libvirt
@ -91,3 +94,15 @@
- uuid: "{{ cinder_rbd_secret_uuid }}"
content: "{{ cinder_cephx_raw_key.stdout }}"
enabled: "{{ cinder_backend_ceph }}"
- name: Ensuring config directory has correct owner and permission
become: true
file:
path: "{{ node_config_directory }}/{{ item }}"
recurse: yes
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
with_items:
- "nova-compute"
- "nova-libvirt/secrets"
when: inventory_hostname in groups['compute']

8
ansible/roles/openvswitch/tasks/config.yml
View File

@ -1,18 +1,23 @@
---
- name: Ensuring config directories exist
become: true
file:
path: "{{ node_config_directory }}/{{ item.key }}"
state: "directory"
recurse: yes
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
when:
- item.value.enabled | bool
- item.value.host_in_groups | bool
with_dict: "{{ openvswitch_services }}"
- name: Copying over config.json files for services
become: true
template:
src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
mode: "0770"
register: openvswitch_config_jsons
when:
- item.value.enabled | bool
@ -63,3 +68,4 @@
with_dict: "{{ openvswitch_services }}"
notify:
- "Restart {{ item.key }} container"

1
releasenotes/notes/specify-task-become-84f83707f612bcf3.yaml
View File

@ -3,3 +3,4 @@ prelude: >
Specify Ansible "become" for only necessary tasks.
features:
- Add "become" to necessary tasks of general roles.
- Add "become" to necessary tasks of default roles.

18
tools/playbook-setup-nodes.yml
View File

@ -10,6 +10,24 @@
- name: Install wget package
package: name=wget
- name: Add sudo group
group:
name: sudo
state: present
- name: Allow 'sudo' group to have passwordless sudo
lineinfile:
dest: /etc/sudoers
state: present
line: "%sudo ALL=(ALL) NOPASSWD: ALL"
- name: Add jenkins to sudo group
user:
name: jenkins
append: yes
groups: "sudo"
- hosts: all
become: true