openstack/kolla-ansible
Code Issues Proposed changes
kolla-ansible/ansible/roles/rabbitmq/tasks/precheck.yml
Mark Goddard 46aeb9843f Fix prechecks in check mode 
When running in check mode, some prechecks previously failed because
they use the command module which is silently not run in check mode.
Other prechecks were not running correctly in check mode due to e.g.
looking for a string in empty command output or not querying which
containers are running.

This change fixes these issues.

Closes-Bug: #2002657
Change-Id: I5219cb42c48d5444943a2d48106dc338aa08fa7c
2023-01-12 14:27:36 +00:00

198 lines
6.3 KiB
YAML
Raw Blame History

---
- import_role:
name: service-precheck
vars:
service_precheck_services: "{{ rabbitmq_services }}"
service_name: "{{ project_name }}"
- name: Get container facts
become: true
kolla_container_facts:
container_engine: "{{ kolla_container_engine }}"
name:
- rabbitmq
- outward_rabbitmq
check_mode: false
register: container_facts
- name: Checking free port for RabbitMQ
wait_for:
host: "{{ api_interface_address }}"
port: "{{ rabbitmq_port }}"
connect_timeout: 1
timeout: 1
state: stopped
when:
- container_facts['rabbitmq'] is not defined
- inventory_hostname in groups['rabbitmq']
- name: Checking free port for RabbitMQ Management
wait_for:
host: "{{ api_interface_address }}"
port: "{{ rabbitmq_management_port }}"
connect_timeout: 1
timeout: 1
state: stopped
when:
- container_facts['rabbitmq'] is not defined
- inventory_hostname in groups['rabbitmq']
- name: Checking free port for RabbitMQ Cluster
wait_for:
host: "{{ api_interface_address }}"
port: "{{ rabbitmq_cluster_port }}"
connect_timeout: 1
timeout: 1
state: stopped
when:
- container_facts['rabbitmq'] is not defined
- inventory_hostname in groups['rabbitmq']
- name: Checking free port for RabbitMQ EPMD
wait_for:
host: "{{ api_interface_address }}"
port: "{{ rabbitmq_epmd_port }}"
connect_timeout: 1
timeout: 1
state: stopped
when:
- container_facts['rabbitmq'] is not defined
- inventory_hostname in groups['rabbitmq']
- name: Check if all rabbit hostnames are resolvable
vars:
nss_database: "{{ 'ahostsv4' if api_address_family == 'ipv4' else 'ahostsv6' }}"
command: "getent {{ nss_database }} {{ hostvars[item].ansible_facts.hostname }}"
changed_when: false
check_mode: false
register: rabbitmq_hostnames
with_items: "{{ groups['rabbitmq'] }}"
- name: Check if each rabbit hostname resolves uniquely to the proper IP address
fail:
msg: Hostname has to resolve uniquely to the IP address of api_interface
with_subelements:
- "{{ rabbitmq_hostnames.results }}"
- stdout_lines
when:
- not item.1 is match('^'+('api' | kolla_address(item.0.item))+'\\b')
- name: Check if TLS certificate exists for RabbitMQ
vars:
cert: "{{ query('first_found', paths, errors='ignore') }}"
paths:
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}/rabbitmq-cert.pem"
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-cert.pem"
- "{{ kolla_certificates_dir }}/rabbitmq-cert.pem"
fail:
msg: No TLS certificate provided for RabbitMQ.
when:
- rabbitmq_enable_tls | bool
- cert | length == 0
- name: Check if TLS key exists for RabbitMQ
vars:
key: "{{ query('first_found', paths, errors='ignore') }}"
paths:
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}/rabbitmq-key.pem"
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-key.pem"
- "{{ kolla_certificates_dir }}/rabbitmq-key.pem"
fail:
msg: No TLS key provided for RabbitMQ.
when:
- rabbitmq_enable_tls | bool
- key | length == 0
- name: Checking free port for outward RabbitMQ
wait_for:
host: "{{ api_interface_address }}"
port: "{{ outward_rabbitmq_port }}"
connect_timeout: 1
state: stopped
when:
- enable_outward_rabbitmq | bool
- inventory_hostname in groups['outward-rabbitmq']
- container_facts['outward_rabbitmq'] is not defined
- name: Checking free port for outward RabbitMQ Management
wait_for:
host: "{{ api_interface_address }}"
port: "{{ outward_rabbitmq_management_port }}"
connect_timeout: 1
state: stopped
when:
- enable_outward_rabbitmq | bool
- inventory_hostname in groups['outward-rabbitmq']
- container_facts['outward_rabbitmq'] is not defined
- name: Checking free port for outward RabbitMQ Cluster
wait_for:
host: "{{ api_interface_address }}"
port: "{{ outward_rabbitmq_cluster_port }}"
connect_timeout: 1
state: stopped
when:
- enable_outward_rabbitmq | bool
- inventory_hostname in groups['outward-rabbitmq']
- container_facts['outward_rabbitmq'] is not defined
- name: Checking free port for outward RabbitMQ EPMD
wait_for:
host: "{{ api_interface_address }}"
port: "{{ outward_rabbitmq_epmd_port }}"
connect_timeout: 1
state: stopped
when:
- enable_outward_rabbitmq | bool
- inventory_hostname in groups['outward-rabbitmq']
- container_facts['outward_rabbitmq'] is not defined
- name: Check if all outward rabbit hostnames are resolvable
vars:
nss_database: "{{ 'ahostsv4' if api_address_family == 'ipv4' else 'ahostsv6' }}"
command: "getent {{ nss_database }} {{ hostvars[item].ansible_facts.hostname }}"
changed_when: false
check_mode: false
register: outward_rabbitmq_hostnames
with_items: "{{ groups['outward-rabbitmq'] }}"
when:
- enable_outward_rabbitmq | bool
- name: Check if each rabbit hostname resolves uniquely to the proper IP address
fail:
msg: Hostname has to resolve uniquely to the IP address of api_interface
with_subelements:
- "{{ outward_rabbitmq_hostnames.results }}"
- stdout_lines
when:
- enable_outward_rabbitmq | bool
- not item.1 is match('^'+('api' | kolla_address(item.0.item))+'\\b')
- name: Check if TLS certificate exists for outward RabbitMQ
vars:
cert: "{{ query('first_found', paths, errors='ignore') }}"
paths:
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}/outward_rabbitmq-cert.pem"
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-cert.pem"
- "{{ kolla_certificates_dir }}/outward_rabbitmq-cert.pem"
fail:
msg: No TLS certificate provided for outward RabbitMQ.
when:
- enable_outward_rabbitmq | bool
- rabbitmq_enable_tls | bool
- cert | length == 0
- name: Check if TLS key exists for outward RabbitMQ
vars:
key: "{{ query('first_found', paths, errors='ignore') }}"
paths:
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}/outward_rabbitmq-key.pem"
- "{{ kolla_certificates_dir }}/{{ inventory_hostname }}-key.pem"
- "{{ kolla_certificates_dir }}/outward_rabbitmq-key.pem"
fail:
msg: No TLS key provided for outward RabbitMQ.
when:
- enable_outward_rabbitmq | bool
- rabbitmq_enable_tls | bool
- key | length == 0
View Git Blame Copy Permalink