openstack/openstack-ansible-os_ironic
Code Issues Proposed changes
openstack-ansible-os_ironic/tasks/ironic_post_install.yml
Dmitriy Rabotyagov 67733c8f0c Define condition for the first play host one time 
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.

Depends-On: https://review.opendev.org/758953
Change-Id: Iab3194322e133282fcb71830f2b94e1279106ebd
2020-12-02 08:41:27 +00:00

149 lines
4.9 KiB
YAML
Raw Blame History

---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Post swift tempURL secret key
command: >
{{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }}
--os-username "service:{{ glance_service_user_name }}"
--os-password "{{ glance_service_password }}"
--os-auth-url {{ keystone_service_internalurl }}
--os-identity-api-version {{ keystone_service_internalurl.split('/v')[-1] }}
post -m temp-url-key:{{ ironic_swift_temp_url_secret_key }}
environment:
OS_ENDPOINT_TYPE: internalURL
when:
- not ironic_enable_web_server_for_images | bool
- _ironic_api_is_first_play_host
- not ironic_standalone | bool
tags:
- always
- name: Get swift account
shell: >
{{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }}
--os-username "service:{{ glance_service_user_name }}"
--os-password "{{ glance_service_password }}"
--os-auth-url {{ keystone_service_internalurl }}
--os-identity-api-version {{ keystone_service_internalurl.split('/v')[-1] }}
stat -v | awk '/StorageURL\:/ {print $2}'
environment:
OS_ENDPOINT_TYPE: internalURL
register: swift_storage_url
when:
- not ironic_enable_web_server_for_images | bool
- (ironic_swift_auth_account is undefined) or (ironic_swift_endpoint is undefined)
- not ironic_standalone | bool
tags:
- always
- name: Validate swift output
fail:
msg: |
No StorageURL output found using the `swift stat` command and either
the ``ironic_swift_auth_account`` or ``ironic_swift_auth_account``
variables are undefined. Ensure swift is functional and/or define
those variables.
when:
- not ironic_enable_web_server_for_images | bool
- (ironic_swift_auth_account is undefined) and (ironic_swift_endpoint is undefined)
- not ironic_standalone | bool
- not swift_storage_url.stdout
tags:
- always
- name: Set the swift auth facts
set_fact:
ironic_swift_auth_account: "{{ swift_storage_url.stdout.split('/v1/')[-1] }}"
when:
- not ironic_enable_web_server_for_images | bool
- ironic_swift_auth_account is undefined
- not ironic_standalone | bool
tags:
- always
- name: Set the swift endpoint facts
set_fact:
ironic_swift_endpoint: "{{ swift_storage_url.stdout.split('/v1/')[0] }}"
when:
- not ironic_enable_web_server_for_images | bool
- ironic_swift_endpoint is undefined
- not ironic_standalone | bool
tags:
- always
- name: Generate ironic config
config_template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner|default(ironic_system_user_name) }}"
group: "{{ item.group|default(ironic_system_group_name) }}"
mode: "0644"
config_overrides: "{{ item.config_overrides }}"
config_type: "{{ item.config_type }}"
when: item.condition | default(True)
with_items:
- src: "ironic.conf.j2"
dest: "/etc/ironic/ironic.conf"
config_overrides: "{{ ironic_ironic_conf_overrides }}"
config_type: "ini"
- src: "rootwrap.conf.j2"
dest: "/etc/ironic/rootwrap.conf"
owner: "root"
group: "root"
config_overrides: "{{ ironic_rootwrap_conf_overrides }}"
config_type: "ini"
- src: "inspector.conf.j2"
dest: "/etc/ironic-inspector/ironic-inspector.conf"
config_overrides: "{{ ironic_inspector_conf_overrides }}"
config_type: "ini"
condition: inventory_hostname in groups['ironic-inspector']
- src: "rootwrap.conf.j2"
dest: "/etc/ironic-inspector/rootwrap.conf"
owner: "root"
group: "root"
config_overrides: "{{ ironic_inspector_rootwrap_conf_overrides }}"
config_type: "ini"
condition: inventory_hostname in groups['ironic-inspector']
notify:
- Restart ironic services
- Restart uwsgi services
- name: Implement policy.json
copy:
content: "{{ ironic_policy_overrides | to_nice_json }}"
dest: "/etc/ironic/policy.json"
when:
- ironic_policy_overrides != {}
- name: Copy rootwrap filters
copy:
src: "{{ item }}"
dest: "/etc/ironic/rootwrap.d/"
owner: "root"
group: "root"
with_fileglob:
- rootwrap.d/*
notify:
- Restart ironic services
- Restart uwsgi services
- name: Include sudoers file
template:
src: "sudoers.j2"
dest: "/etc/sudoers.d/{{ ironic_system_user_name }}_sudoers"
mode: "0440"
owner: "root"
group: "root"
View Git Blame Copy Permalink