a4906506db
The documentation states that kolla_internal_vip_address and kolla_external_vip_address must be different when TLS is enabled. If this is not true, the deploy will be successful but will not function correctly. This change adds a precheck to catch this configuration problem prior to deployment. Change-Id: I6c9e5fd5f434f7225bd0390aff116fa12da96934
42 lines
1.5 KiB
YAML
42 lines
1.5 KiB
YAML
---
|
|
- name: Checking Docker version
|
|
command: docker --version
|
|
register: result
|
|
changed_when: false
|
|
when: inventory_hostname in groups['baremetal']
|
|
failed_when: result | failed
|
|
or result.stdout | regex_replace('.*(\\d+\\.\\d+\\.\\d+).*', '\\1') | version_compare(docker_version_min, '<')
|
|
|
|
# NOTE(mgoddard): If passwords.yml is encrypted using ansible-vault, this check
|
|
# will pass, but only because nothing in the vault file has the format of a
|
|
# YAML dict item.
|
|
- name: Checking empty passwords in passwords.yml. Run kolla-genpwd if this task fails
|
|
local_action: command grep '^[^#].*:\s*$' "{{ CONFIG_DIR | default('/etc/kolla') }}/passwords.yml"
|
|
run_once: True
|
|
register: result
|
|
changed_when: false
|
|
failed_when: result.stdout | regex_replace('(.*ssh_key.*)', '') | search(":")
|
|
|
|
- name: Check if nscd is running
|
|
command: pgrep nscd
|
|
ignore_errors: yes
|
|
failed_when: false
|
|
changed_when: false
|
|
register: nscd_status
|
|
|
|
- name: Fail if nscd is running
|
|
fail:
|
|
msg: |
|
|
Service nscd is running. This is known to cause issues with Docker's user namespaces in
|
|
Kolla. Please disable it before proceeding.
|
|
when:
|
|
- nscd_status.rc == 0
|
|
|
|
- name: Checking internal and external VIP addresses differ
|
|
run_once: True
|
|
local_action: fail msg='kolla_external_vip_address and kolla_internal_vip_address must not be the same when TLS is enabled'
|
|
changed_when: false
|
|
when:
|
|
- kolla_enable_tls_external | bool
|
|
- kolla_external_vip_address == kolla_internal_vip_address
|