89e6f9aba9
This patch is removing chrony package
from docker host when containerized chrony is enabled.
It is also fixing issue with chrony container running
under Ubuntu docker host as noted below.
+ exec /usr/sbin/chronyd -d -f /etc/chrony/chrony.conf
2020-06-08T08:19:09Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 -DEBUG)
2020-06-08T08:19:09Z Fatal error : Could not open configuration file /etc/chrony/chrony.conf : Permission denied
Added also removal apparmor profile for ubuntu when
containerized chrony is enabled, as chrony's package
is not removing apparmor profile, and therefore
containerized chrony is not working.
Change-Id: Icf3bbae38b9f5630b69d5c8cf6a8bee11786a836
Closes-Bug: #1882513
(cherry picked from commit 3d747b7200)
207 lines
4.4 KiB
YAML
207 lines
4.4 KiB
YAML
---
|
|
- name: Create kolla user
|
|
user:
|
|
name: "{{ kolla_user }}"
|
|
state: present
|
|
group: "{{ kolla_group }}"
|
|
groups: "sudo"
|
|
append: true
|
|
become: True
|
|
when: create_kolla_user | bool
|
|
|
|
- name: Add public key to kolla user authorized keys
|
|
authorized_key:
|
|
user: "{{ kolla_user }}"
|
|
key: "{{ kolla_ssh_key.public_key }}"
|
|
become: True
|
|
when: create_kolla_user | bool
|
|
|
|
- name: Grant kolla user passwordless sudo
|
|
lineinfile:
|
|
dest: /etc/sudoers.d/kolla-ansible-users
|
|
state: present
|
|
create: yes
|
|
mode: '0640'
|
|
regexp: '^{{ kolla_user }}'
|
|
line: '{{ kolla_user }} ALL=(ALL) NOPASSWD: ALL'
|
|
become: True
|
|
when: create_kolla_user_sudoers | bool
|
|
|
|
- name: Ensure virtualenv has correct ownership
|
|
file:
|
|
path: "{{ virtualenv }}"
|
|
recurse: True
|
|
state: directory
|
|
owner: "{{ kolla_user }}"
|
|
group: "{{ kolla_group }}"
|
|
become: True
|
|
when: virtualenv is not none
|
|
|
|
- name: Ensure node_config_directory directory exists for user kolla
|
|
file:
|
|
path: "{{ node_config_directory }}"
|
|
state: directory
|
|
owner: "{{ kolla_user }}"
|
|
group: "{{ kolla_group }}"
|
|
mode: 0755
|
|
become: True
|
|
when: create_kolla_user | bool
|
|
|
|
- name: Ensure node_config_directory directory exists
|
|
file:
|
|
path: "{{ node_config_directory }}"
|
|
state: directory
|
|
mode: 0755
|
|
become: True
|
|
when: not create_kolla_user | bool
|
|
|
|
- name: Ensure docker service directory exists
|
|
file:
|
|
path: /etc/systemd/system/docker.service.d
|
|
state: directory
|
|
recurse: yes
|
|
become: True
|
|
|
|
- name: Check dockerd exists
|
|
stat: path=/usr/bin/dockerd
|
|
register: dockerd_exists
|
|
|
|
- name: Setting docker daemon name
|
|
set_fact:
|
|
docker_binary_name: "dockerd"
|
|
when:
|
|
dockerd_exists.stat.exists == True
|
|
|
|
- name: Configure docker service
|
|
become: True
|
|
template:
|
|
src: docker_systemd_service.j2
|
|
dest: /etc/systemd/system/docker.service.d/kolla.conf
|
|
register: docker_configured
|
|
|
|
- name: Reload docker service file
|
|
become: True
|
|
systemd:
|
|
name: docker
|
|
daemon_reload: yes
|
|
|
|
- name: Get stat of libvirtd apparmor profile
|
|
stat:
|
|
path: /etc/apparmor.d/usr.sbin.libvirtd
|
|
register: apparmor_libvirtd_profile
|
|
when: ansible_distribution == "Ubuntu"
|
|
|
|
- name: Remove apparmor profile for libvirt
|
|
command: apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd
|
|
become: True
|
|
when:
|
|
- ansible_distribution == "Ubuntu"
|
|
- apparmor_libvirtd_profile.stat.exists
|
|
|
|
- name: Get stat of chronyd apparmor profile
|
|
stat:
|
|
path: /etc/apparmor.d/usr.sbin.chronyd
|
|
register: apparmor_chronyd_profile
|
|
when:
|
|
- ansible_os_family == "Debian"
|
|
- enable_chrony | bool
|
|
|
|
- name: Remove apparmor profile for chrony
|
|
command: apparmor_parser -R /etc/apparmor.d/usr.sbin.chronyd
|
|
become: True
|
|
when:
|
|
- ansible_os_family == "Debian"
|
|
- enable_chrony | bool
|
|
- apparmor_chronyd_profile.stat.exists
|
|
|
|
- name: Create docker group
|
|
group:
|
|
name: docker
|
|
become: True
|
|
|
|
- name: Add kolla user to docker group
|
|
user:
|
|
name: "{{ kolla_user }}"
|
|
append: yes
|
|
groups: docker
|
|
become: True
|
|
when: create_kolla_user | bool
|
|
|
|
- name: Start docker
|
|
service:
|
|
name: docker
|
|
state: started
|
|
become: True
|
|
|
|
- name: Restart docker
|
|
service:
|
|
name: docker
|
|
state: restarted
|
|
become: True
|
|
when: docker_configured.changed
|
|
|
|
- name: Enable docker
|
|
service:
|
|
name: docker
|
|
enabled: yes
|
|
become: True
|
|
|
|
- name: Stop time service
|
|
service:
|
|
name: ntp
|
|
state: stopped
|
|
become: True
|
|
when:
|
|
- ansible_os_family == "Debian"
|
|
- enable_host_ntp | bool
|
|
|
|
- name: Stop time service
|
|
service:
|
|
name: ntpd
|
|
state: stopped
|
|
become: True
|
|
when:
|
|
- ansible_os_family == "RedHat"
|
|
- enable_host_ntp | bool
|
|
|
|
- name: Synchronizing time one-time
|
|
command: ntpd -gq
|
|
become: True
|
|
when: enable_host_ntp | bool
|
|
|
|
- name: Start time sync service
|
|
service:
|
|
name: ntp
|
|
state: started
|
|
enabled: yes
|
|
become: True
|
|
when:
|
|
- ansible_os_family == "Debian"
|
|
- enable_host_ntp | bool
|
|
|
|
- name: Start time sync service
|
|
service:
|
|
name: ntpd
|
|
state: started
|
|
enabled: yes
|
|
become: True
|
|
when:
|
|
- ansible_os_family == "RedHat"
|
|
- enable_host_ntp | bool
|
|
|
|
- name: Change state of selinux
|
|
selinux:
|
|
policy: targeted
|
|
state: "{{ selinux_state }}"
|
|
become: true
|
|
when:
|
|
- change_selinux | bool
|
|
- ansible_os_family == "RedHat"
|
|
|
|
- name: Reboot
|
|
command: reboot -f
|
|
become: True
|
|
when:
|
|
- reboot_required is defined
|
|
- reboot_required | bool
|