46df30d871
Follow up for I0c7e9a28876a1d4278fb2ed8555c2b08472864b9 which added a ironic_enable_keystone_integration variable to support Ironic in multi-region environments. This change skips Keystone service registration based on ironic_enable_keystone_integration rather than enable_keystone. It also updates the ironic-inspector.conf template to use the new variable. Change-Id: I2ecba4999e194766258ac5beed62877d43829313
35 lines
1.0 KiB
YAML
35 lines
1.0 KiB
YAML
---
|
|
- import_tasks: register.yml
|
|
when: ironic_enable_keystone_integration | bool
|
|
|
|
- import_tasks: config-host.yml
|
|
|
|
- import_tasks: config.yml
|
|
|
|
- import_tasks: check-containers.yml
|
|
|
|
- include_tasks: clone.yml
|
|
when: ironic_dev_mode | bool
|
|
|
|
- import_tasks: bootstrap.yml
|
|
|
|
- name: Flush handlers
|
|
meta: flush_handlers
|
|
|
|
# NOTE(mgoddard): If inspector was previously configured to use the iptables
|
|
# PXE filter, it may leave rules in place that block inspection. Clean them up.
|
|
# The iptables Ansible module is not idempotent - it fails if the chain does
|
|
# not exist, so use a command instead.
|
|
- name: Flush and delete ironic-inspector iptables chain
|
|
become: true
|
|
command: iptables --{{ item }} ironic-inspector
|
|
register: ironic_inspector_chain
|
|
with_items:
|
|
- flush
|
|
- delete-chain
|
|
when: ironic_inspector_pxe_filter != 'iptables'
|
|
changed_when: ironic_inspector_chain.rc == 0
|
|
failed_when:
|
|
- ironic_inspector_chain.rc != 0
|
|
- "'No chain/target/match by that name' not in ironic_inspector_chain.stderr"
|