Allow role to run in a serial playbook
When a playbook runs os_keystone in serial, the SSH and fernet key distribution are broken. This fixes both items allowing the role to be run in a serialized playbook. Change-Id: Ief28c6bed8daa38120207de61aba327c9fe49d3a
This commit is contained in:
parent
15725b7128
commit
86c42e0697
@ -16,6 +16,7 @@
|
|||||||
- name: Create authorized keys file from host vars
|
- name: Create authorized keys file from host vars
|
||||||
authorized_key:
|
authorized_key:
|
||||||
user: "{{ keystone_system_user_name }}"
|
user: "{{ keystone_system_user_name }}"
|
||||||
key: "{{ hostvars[item]['keystone_pubkey'] | b64decode }}"
|
key: "{{ keystone_pubkey | b64decode }}"
|
||||||
when: hostvars[item]['keystone_pubkey'] is defined
|
when: keystone_pubkey is defined
|
||||||
with_items: "{{ groups['keystone_all'] }}"
|
delegate_to: "{{ item }}"
|
||||||
|
with_items: "{{ ansible_play_hosts }}"
|
||||||
|
@ -18,23 +18,33 @@
|
|||||||
name: "{{ keystone_system_group_name }}"
|
name: "{{ keystone_system_group_name }}"
|
||||||
state: "present"
|
state: "present"
|
||||||
system: "yes"
|
system: "yes"
|
||||||
|
delegate_to: "{{ item }}"
|
||||||
|
with_items: "{{ ansible_play_hosts }}"
|
||||||
|
when: "{{ inventory_hostname == ansible_play_hosts[0] }}"
|
||||||
|
|
||||||
- name: create additional groups
|
- name: create additional groups
|
||||||
group:
|
group:
|
||||||
name: "{{ item }}"
|
name: "{{ item[1] }}"
|
||||||
state: "present"
|
state: "present"
|
||||||
system: "yes"
|
system: "yes"
|
||||||
with_items: "{{ keystone_system_additional_groups }}"
|
with_nested:
|
||||||
|
- "{{ ansible_play_hosts }}"
|
||||||
|
- "{{ keystone_system_additional_groups }}"
|
||||||
|
delegate_to: "{{ item[0] }}"
|
||||||
|
when: "{{ inventory_hostname == ansible_play_hosts[0] }}"
|
||||||
|
|
||||||
- name: Remove old key file(s) if found
|
- name: Remove old key file(s) if found
|
||||||
file:
|
file:
|
||||||
path: "{{ item }}"
|
path: "{{ item[1] }}"
|
||||||
state: "absent"
|
state: "absent"
|
||||||
with_items:
|
with_nested:
|
||||||
- "{{ keystone_system_user_home }}/.ssh/authorized_keys"
|
- "{{ ansible_play_hosts }}"
|
||||||
|
- - "{{ keystone_system_user_home }}/.ssh/authorized_keys"
|
||||||
- "{{ keystone_system_user_home }}/.ssh/id_rsa"
|
- "{{ keystone_system_user_home }}/.ssh/id_rsa"
|
||||||
- "{{ keystone_system_user_home }}/.ssh/id_rsa.pub"
|
- "{{ keystone_system_user_home }}/.ssh/id_rsa.pub"
|
||||||
when: keystone_recreate_keys | bool
|
when: keystone_recreate_keys | bool
|
||||||
|
delegate_to: "{{ item[0] }}"
|
||||||
|
when: "{{ inventory_hostname == ansible_play_hosts[0] }}"
|
||||||
|
|
||||||
- name: Create the keystone system user
|
- name: Create the keystone system user
|
||||||
user:
|
user:
|
||||||
@ -47,16 +57,22 @@
|
|||||||
createhome: "yes"
|
createhome: "yes"
|
||||||
home: "{{ keystone_system_user_home }}"
|
home: "{{ keystone_system_user_home }}"
|
||||||
generate_ssh_key: "yes"
|
generate_ssh_key: "yes"
|
||||||
|
delegate_to: "{{ item }}"
|
||||||
|
with_items: "{{ ansible_play_hosts }}"
|
||||||
|
when: "{{ inventory_hostname == ansible_play_hosts[0] }}"
|
||||||
|
|
||||||
|
# The fernet key repository is needed on all hosts even if only running against
|
||||||
|
# one host, so the delegation preps the directories on all hosts at once.
|
||||||
- name: Create keystone dir
|
- name: Create keystone dir
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item[1].path }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ item.owner|default(keystone_system_user_name) }}"
|
owner: "{{ item[1].owner|default(keystone_system_user_name) }}"
|
||||||
group: "{{ item.group|default(keystone_system_group_name) }}"
|
group: "{{ item[1].group|default(keystone_system_group_name) }}"
|
||||||
mode: "{{ item.mode|default(0755) }}"
|
mode: "{{ item[1].mode|default(0755) }}"
|
||||||
with_items:
|
with_nested:
|
||||||
- { path: "/openstack", mode: "0755", owner: "root", group: "root" }
|
- "{{ ansible_play_hosts }}"
|
||||||
|
- - { path: "/openstack", mode: "0755", owner: "root", group: "root" }
|
||||||
- { path: "/etc/keystone", mode: "0750" }
|
- { path: "/etc/keystone", mode: "0750" }
|
||||||
- { path: "{{ keystone_ldap_domain_config_dir }}", mode: "0750" }
|
- { path: "{{ keystone_ldap_domain_config_dir }}", mode: "0750" }
|
||||||
- { path: "/etc/keystone/ssl" }
|
- { path: "/etc/keystone/ssl" }
|
||||||
@ -64,6 +80,8 @@
|
|||||||
- { path: "{{ keystone_system_user_home }}" }
|
- { path: "{{ keystone_system_user_home }}" }
|
||||||
- { path: "/var/www/cgi-bin", owner: root, group: root }
|
- { path: "/var/www/cgi-bin", owner: root, group: root }
|
||||||
- { path: "/var/www/cgi-bin/keystone" }
|
- { path: "/var/www/cgi-bin/keystone" }
|
||||||
|
delegate_to: "{{ item[0] }}"
|
||||||
|
when: "{{ inventory_hostname == ansible_play_hosts[0] }}"
|
||||||
|
|
||||||
- name: Test for log directory or link
|
- name: Test for log directory or link
|
||||||
shell: |
|
shell: |
|
||||||
|
Loading…
Reference in New Issue
Block a user