diff --git a/tasks/db_setup.yml b/tasks/db_setup.yml deleted file mode 100644 index 09b01f82..00000000 --- a/tasks/db_setup.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -# Copyright 2019, VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# WARNING: -# This file is maintained in the openstack-ansible-tests repository. -# https://git.openstack.org/cgit/openstack/openstack-ansible-tests/tree/sync/tasks/db_setup.yml -# If you need to modify this file, update the one in the openstack-ansible-tests -# repository. Once it merges there, the changes will automatically be proposed to -# all the repositories which use it. - -- name: Setup Database Service (MariaDB) - delegate_to: "{{ _oslodb_setup_host }}" - vars: - ansible_python_interpreter: "{{ _oslodb_ansible_python_interpreter }}" - tags: - - common-mariadb - block: - - name: Create database for service - community.mysql.mysql_db: - name: "{{ item.name }}" - login_host: "{{ _oslodb_setup_endpoint | default(omit) }}" - login_port: "{{ _oslodb_setup_port | default(omit) }}" - loop: "{{ _oslodb_databases }}" - no_log: true - - - name: Grant access to the database for the service - community.mysql.mysql_user: - name: "{{ item.1.username }}" - password: "{{ item.1.password }}" - host: "{{ item.1.host | default('%') }}" - priv: "{{ item.0.name }}.*:{{ item.1.priv | default('ALL') }}" - append_privs: yes - login_host: "{{ _oslodb_setup_endpoint | default(omit) }}" - login_port: "{{ _oslodb_setup_port | default(omit) }}" - loop: "{{ _oslodb_databases | subelements('users') }}" - no_log: true diff --git a/tasks/main.yml b/tasks/main.yml index 64ea11fd..8e3dd54b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -53,7 +53,12 @@ tags: - always -- import_tasks: db_setup.yml +- include_role: + name: openstack.osa.db_setup + apply: + tags: + - common-db + - nova-config when: - _nova_is_first_play_host vars: @@ -75,10 +80,14 @@ - username: "{{ nova_api_galera_user }}" password: "{{ nova_api_container_mysql_password }}" tags: - - common-db - - nova-config + - always -- import_tasks: mq_setup.yml +- include_role: + name: openstack.osa.mq_setup + apply: + tags: + - common-mq + - nova-config when: - _nova_is_first_play_host vars: @@ -93,8 +102,7 @@ _oslomsg_notify_vhost: "{{ nova_oslomsg_notify_vhost }}" _oslomsg_notify_transport: "{{ nova_oslomsg_notify_transport }}" tags: - - common-mq - - nova-config + - always - import_tasks: nova_virt_detect.yml when: @@ -161,7 +169,12 @@ tags: - nova-config -- import_tasks: service_setup.yml +- include_role: + name: openstack.osa.service_setup + apply: + tags: + - common-service + - nova-config vars: _service_adminuri_insecure: "{{ keystone_service_adminuri_insecure }}" _service_in_ldap: "{{ nova_service_in_ldap }}" @@ -190,7 +203,7 @@ when: - _nova_is_first_play_host tags: - - nova-config + - always - import_tasks: nova_db_setup.yml when: diff --git a/tasks/mq_setup.yml b/tasks/mq_setup.yml deleted file mode 100644 index 655519e0..00000000 --- a/tasks/mq_setup.yml +++ /dev/null @@ -1,115 +0,0 @@ ---- -# Copyright 2018, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# WARNING: -# This file is maintained in the openstack-ansible-tests repository. -# https://opendev.org/openstack/openstack-ansible-tests/src/sync/tasks/mq_setup.yml -# If you need to modify this file, update the one in the openstack-ansible-tests -# repository. Once it merges there, the changes will automatically be proposed to -# all the repositories which use it. - -- name: Setup RPC MQ Service (RabbitMQ) - delegate_to: "{{ _oslomsg_rpc_setup_host }}" - when: - - "(_oslomsg_configure_rpc | default(_oslomsg_rpc_transport is defined))" - - "(_oslomsg_rpc_transport is defined) and (_oslomsg_rpc_transport == 'rabbit')" - tags: - - common-rabbitmq - block: - - name: Add RPC RabbitMQ vhost - community.rabbitmq.rabbitmq_vhost: - name: "{{ _oslomsg_rpc_vhost }}" - state: "present" - - - name: Apply RPC RabbitMQ vhost policies - community.rabbitmq.rabbitmq_policy: - name: "{{ item.name }}" - pattern: "{{ item.pattern }}" - priority: "{{ item.priority | default(0) }}" - tags: "{{ item.tags }}" - state: "{{ item.state | default(omit) }}" - vhost: "{{ _oslomsg_rpc_vhost }}" - loop: "{{ _oslomsg_rpc_policies | default([]) + oslomsg_rpc_policies }}" - - - name: Add RPC RabbitMQ user - community.rabbitmq.rabbitmq_user: - user: "{{ _oslomsg_rpc_userid }}" - password: "{{ _oslomsg_rpc_password }}" - update_password: always - vhost: "{{ _oslomsg_rpc_vhost }}" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" - no_log: true - -- name: Setup Notify MQ Service (RabbitMQ) - delegate_to: "{{ _oslomsg_notify_setup_host }}" - when: - - "(_oslomsg_configure_notify | default(_oslomsg_notify_transport is defined))" - - "(_oslomsg_notify_transport is defined) and (_oslomsg_notify_transport == 'rabbit')" - tags: - - common-rabbitmq - block: - - name: Add Notify RabbitMQ vhost - community.rabbitmq.rabbitmq_vhost: - name: "{{ _oslomsg_notify_vhost }}" - state: "present" - when: - - (_oslomsg_rpc_vhost is undefined) or - (_oslomsg_notify_vhost != _oslomsg_rpc_vhost) or - (_oslomsg_notify_setup_host != _oslomsg_rpc_setup_host) - - - name: Apply Notify RabbitMQ vhost policies - community.rabbitmq.rabbitmq_policy: - name: "{{ item.name }}" - pattern: "{{ item.pattern }}" - priority: "{{ item.priority | default(0) }}" - tags: "{{ item.tags }}" - state: "{{ item.state | default(omit) }}" - vhost: "{{ _oslomsg_notify_vhost }}" - loop: "{{ _oslomsg_notify_policies | default([]) + oslomsg_notify_policies }}" - when: - - (_oslomsg_rpc_vhost is undefined) or - (_oslomsg_notify_vhost != _oslomsg_rpc_vhost) or - (_oslomsg_notify_setup_host != _oslomsg_rpc_setup_host) - - - name: Add Notify RabbitMQ user - community.rabbitmq.rabbitmq_user: - user: "{{ _oslomsg_notify_userid }}" - password: "{{ _oslomsg_notify_password }}" - update_password: always - vhost: "{{ _oslomsg_notify_vhost }}" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" - no_log: true - when: - - (_oslomsg_rpc_userid is undefined) or - (_oslomsg_notify_userid != _oslomsg_rpc_userid) or - (_oslomsg_notify_setup_host != _oslomsg_rpc_setup_host) - -- name: Setup RPC MQ Service (Qdrouterd) - delegate_to: "{{ _oslomsg_rpc_setup_host }}" - when: - - "(_oslomsg_configure_rpc | default(_oslomsg_rpc_transport is defined))" - - "(_oslomsg_rpc_transport is defined) and (_oslomsg_rpc_transport == 'amqp')" - tags: - - common-qdrouterd - block: - - name: Add RPC Qdrouterd user - shell: "echo {{ _oslomsg_rpc_password }} | saslpasswd2 -c -p -f /var/lib/qdrouterd/qdrouterd.sasldb -u AMQP {{ _oslomsg_rpc_userid }}" - no_log: true diff --git a/tasks/service_setup.yml b/tasks/service_setup.yml deleted file mode 100644 index f9200c28..00000000 --- a/tasks/service_setup.yml +++ /dev/null @@ -1,162 +0,0 @@ ---- -# Copyright 2019, VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# WARNING: -# This file is maintained in the openstack-ansible-tests repository. -# https://opendev.org/openstack/openstack-ansible-tests/src/sync/tasks/service_setup.yml -# If you need to modify this file, update the one in the openstack-ansible-tests -# repository. Once it merges there, the changes will automatically be proposed to -# all the repositories which use it. - -# We set the python interpreter to the ansible runtime venv if -# the delegation is to localhost so that we get access to the -# appropriate python libraries in that venv. If the delegation -# is to another host, we assume that it is accessible by the -# system python instead. - -- name: Setup the OS service - delegate_to: "{{ _service_setup_host }}" - vars: - ansible_python_interpreter: "{{ _service_setup_host_python_interpreter }}" - block: - - name: Add keystone domain - openstack.cloud.identity_domain: - cloud: default - state: present - description: "{{ _domain_name_description | default(omit) }}" - name: "{{ _domain_name }}" - endpoint_type: admin - verify: "{{ not _service_adminuri_insecure }}" - register: add_domain - when: _domain_name is defined - until: add_domain is success - retries: 5 - delay: 10 - - - name: Add service project - openstack.cloud.project: - cloud: default - state: present - name: "{{ _project_name }}" - description: "{{ _project_description | default(omit) }}" - domain_id: "{{ _project_domain | default('default') }}" - endpoint_type: admin - validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" - register: add_service - when: - - not (_service_in_ldap | default(False) | bool) - - _project_name is defined - until: add_service is success - retries: 5 - delay: 10 - - - name: Add services to the keystone service catalog - openstack.cloud.catalog_service: - cloud: default - state: "{{ item.state | default('present') }}" - name: "{{ item.name }}" - service_type: "{{ item.type }}" - description: "{{ item.description | default('') }}" - endpoint_type: admin - validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" - register: add_service - with_items: "{{ _service_catalog }}" - when: _service_catalog is defined - until: add_service is success - retries: 5 - delay: 10 - - - name: Add keystone roles - openstack.cloud.identity_role: - cloud: default - state: present - name: "{{ item.role }}" - endpoint_type: admin - validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" - register: add_service - when: - - not (_service_in_ldap | default(False) | bool) - - _service_users is defined - - "'role' in item" - - (item.condition | default(True)) | bool - until: add_service is success - with_items: "{{ _service_users }}" - retries: 5 - delay: 10 - no_log: True - - - name: Add service users - openstack.cloud.identity_user: - cloud: default - state: present - name: "{{ item.name }}" - password: "{{ item.password }}" - domain: "{{ item.domain | default('default') }}" - default_project: "{{ item.project | default(_service_project_name) }}" - endpoint_type: admin - validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" - update_password: always - register: add_service - when: - - not (_service_in_ldap | default(False) | bool) - - _service_users is defined - - "'name' in item" - - "'password' in item" - - (item.condition | default(True)) | bool - until: add_service is success - with_items: "{{ _service_users }}" - retries: 5 - delay: 10 - no_log: True - - - name: Add service users to the role - openstack.cloud.role_assignment: - cloud: default - state: present - user: "{{ item.name }}" - role: "{{ item.role }}" - project: "{{ item.project | default(_service_project_name) }}" - domain: "{{ item.domain | default(omit) }}" - endpoint_type: admin - validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" - register: add_service - when: - - not (_service_in_ldap | default(False) | bool) - - _service_users is defined - - "'name' in item" - - "'role' in item" - - (item.condition | default(True)) | bool - until: add_service is success - with_items: "{{ _service_users }}" - retries: 5 - delay: 10 - no_log: True - - - name: Add endpoints to keystone endpoint catalog - openstack.cloud.endpoint: - cloud: default - state: "{{ item.state | default('present') }}" - service: "{{ item.service }}" - endpoint_interface: "{{ item.interface }}" - url: "{{ item.url }}" - region: "{{ _service_region | default('RegionOne') }}" - endpoint_type: admin - validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" - register: add_service - until: add_service is success - retries: 5 - delay: 10 - with_items: "{{ _service_endpoints }}" - when: _service_endpoints is defined