41 lines
1.5 KiB
YAML
41 lines
1.5 KiB
YAML
---
|
|
- include_tasks: register.yml
|
|
when: enable_keystone | bool and
|
|
(inventory_hostname in groups['ironic-api'] or
|
|
inventory_hostname in groups['ironic-inspector'])
|
|
|
|
- include_tasks: config.yml
|
|
when: inventory_hostname in groups['ironic-api'] or
|
|
inventory_hostname in groups['ironic-conductor'] or
|
|
inventory_hostname in groups['ironic-inspector'] or
|
|
inventory_hostname in groups['ironic-pxe'] or
|
|
inventory_hostname in groups['ironic-ipxe']
|
|
|
|
- include_tasks: clone.yml
|
|
when: ironic_dev_mode | bool
|
|
|
|
- include_tasks: bootstrap.yml
|
|
when: inventory_hostname in groups['ironic-api'] or
|
|
inventory_hostname in groups['ironic-inspector'] or
|
|
inventory_hostname in groups['ironic-pxe']
|
|
|
|
- name: Flush handlers
|
|
meta: flush_handlers
|
|
|
|
# NOTE(mgoddard): If inspector was previously configured to use the iptables
|
|
# PXE filter, it may leave rules in place that block inspection. Clean them up.
|
|
# The iptables Ansible module is not idempotent - it fails if the chain does
|
|
# not exist, so use a command instead.
|
|
- name: Flush and delete ironic-inspector iptables chain
|
|
become: true
|
|
command: iptables --{{ item }} ironic-inspector
|
|
register: ironic_inspector_chain
|
|
with_items:
|
|
- flush
|
|
- delete-chain
|
|
when: ironic_inspector_pxe_filter != 'iptables'
|
|
changed_when: ironic_inspector_chain.rc == 0
|
|
failed_when:
|
|
- ironic_inspector_chain.rc != 0
|
|
- "'No chain/target/match by that name' not in ironic_inspector_chain.stderr"
|