openstack/openstack-ansible-os_keystone
Code Issues Proposed changes
6976701fc4
openstack-ansible-os_keystone/tasks/main_pre.yml
Dmitriy Rabotyagov a51651213d Install distro_packages in pre-main 
Main tasks are executed in a serial manner, so all keystone containers
except the first one end up not having rsync and sshd isntalled, while
we attempt to distribute fernet tokens once running against first host.

So we move installation of distro_packages to pre-main step
that is run in advance without serial approach.

This is alternative approach to [1].

[1] https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/889936

Needed-By: https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/889945
Change-Id: Ia53932f60d271b8f2843b880e024caacc7ae5c3f
2023-09-05 06:30:42 +00:00

109 lines
3.6 KiB
YAML
Raw Blame History

---
# Copyright 2022, BBC R&D
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Gather variables for each operating system
include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml"
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
- "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
- "{{ ansible_facts['distribution'] | lower }}.yml"
- "{{ ansible_facts['os_family'] | lower }}.yml"
paths:
- "{{ role_path }}/vars"
tags:
- always
- name: Create system groups
group:
name: "{{ item }}"
state: "present"
system: "yes"
with_items: "{{ [keystone_system_group_name] + keystone_system_additional_groups }}"
- name: Create the keystone system user
user:
name: "{{ keystone_system_user_name }}"
group: "{{ keystone_system_group_name }}"
groups: "{{ keystone_system_additional_groups | join(',') }}"
comment: "{{ keystone_system_comment }}"
shell: "{{ keystone_system_shell }}"
system: "yes"
createhome: "yes"
home: "{{ keystone_system_user_home }}"
- name: Create keystone dir
file:
path: "{{ item.path | default(omit) }}"
src: "{{ item.src | default(omit) }}"
dest: "{{ item.dest | default(omit) }}"
state: "{{ item.state | default('directory') }}"
owner: "{{ item.owner | default(keystone_system_user_name) }}"
group: "{{ item.group | default(keystone_system_group_name) }}"
mode: "{{ item.mode | default(omit) }}"
force: "{{ item.force | default(omit) }}"
with_items:
- path: "/openstack"
mode: "0755"
owner: "root"
group: "root"
- dest: "/etc/keystone"
mode: "0755"
- path: "{{ keystone_credential_key_repository }}"
mode: "0750"
- path: "{{ keystone_ldap_domain_config_dir }}"
mode: "0750"
- path: "/etc/keystone/ssl"
- path: "{{ keystone_fernet_tokens_key_repository }}"
mode: "2750"
- path: "{{ keystone_system_user_home }}"
- path: "/var/www/cgi-bin"
owner: root
group: root
- path: "/var/www/cgi-bin/keystone"
- path: "/etc/ansible/facts.d"
owner: root
group: root
- name: Install distro packages
package:
name: "{{ keystone_distro_packages }}"
state: "{{ keystone_package_state }}"
update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}"
cache_valid_time: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary(cache_timeout, omit) }}"
register: install_packages
until: install_packages is success
retries: 5
delay: 2
notify:
- Restart ssh
- name: Adjust sshd configuration in container
lineinfile:
dest: "/etc/ssh/sshd_config"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items: "{{ keystone_ssh_extra_configuration }}"
notify:
- Restart ssh
- name: Importing keystone_key_setup tasks
import_tasks: keystone_key_setup.yml
tags:
- keystone-install
View Git Blame Copy Permalink