Migrate ring distribution to SSHCA

This also changes all checks to use /etc/swift/*.builder and
removes copying /etc/swift/ring_build_files/ to all nodes.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/949647
Change-Id: Ibec76f4f5d11f0a3970e16e3ae5401fff66c30df

tasks/main.yml

@@ -59,6 +59,13 @@
   tags:
     - swift-install
 
+- name: Importing swift_key_setup tasks
+  ansible.builtin.import_tasks: swift_key_setup.yml
+  when:
+    - "swift_do_sync | bool"
+  tags:
+    - swift-config
+
 - name: Importing swift_install tasks
   ansible.builtin.import_tasks: swift_install.yml
   when:
@@ -99,13 +106,6 @@
   tags:
     - swift-config
 
-- name: Importing swift_key_setup tasks
-  ansible.builtin.import_tasks: swift_key_setup.yml
-  when:
-    - "swift_do_sync | bool"
-  tags:
-    - swift-config
-
 - name: Importing swift_rings tasks
   ansible.builtin.import_tasks: swift_rings.yml
   when:

tasks/swift_key_setup.yml

@@ -37,3 +37,6 @@
     ssh_keypairs_principals: "{{ swift_ssh_keypairs_principals }}"
   tags:
     - always
+
+- name: Ensure SSH is restarted
+  ansible.builtin.meta: flush_handlers

tasks/swift_rings_check.yml

@@ -15,7 +15,7 @@
 
 - name: Get md5sum of local builder files
   ansible.builtin.shell: |
-    cat /etc/swift/ring_build_files/*.builder 2>/dev/null | md5sum | cut -d " " -f1
+    cat /etc/swift/*.builder 2>/dev/null | md5sum | cut -d " " -f1
   changed_when: false
   register: md5sum
 

tasks/swift_rings_distribute.yml

@@ -13,18 +13,16 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- name: Pull swift rings to localhost
+- name: Distribute rings
-  ansible.posix.synchronize:
+  command: >
-    src: /etc/swift/ring_build_files/
+    rsync -e 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'
-    dest: "{{ lookup('env', 'OSA_CONFIG_DIR') }}/ring_build_files/"
+          -avz
-    mode: pull
+          /etc/swift/ring_build_files/
+          {{ swift_system_user_name }}@{{ hostvars[item]['ansible_host'] | default(item) }}:/etc/swift/
+  become: true
+  become_user: "{{ swift_system_user_name }}"
+  changed_when: false
+  with_items: "{{ groups['swift_all'] }}"
   when: _swift_is_first_play_host
-
+  tags:
-- name: Upload swift rings
+    - skip_ansible_lint
-  ansible.posix.synchronize:
-    src: "{{ lookup('env', 'OSA_CONFIG_DIR') }}/ring_build_files/"
-    dest: "{{ item }}"
-    mode: push
-  with_items:
-    - /etc/swift/
-    - /etc/swift/ring_build_files/

tasks/swift_rings_post_distribution_check.yml

@@ -15,7 +15,7 @@
 
 - name: Get md5sum of local builder files
   ansible.builtin.shell: |
-    cat /etc/swift/ring_build_files/*.builder 2>/dev/null | md5sum | cut -d " " -f1
+    cat /etc/swift/*.builder 2>/dev/null | md5sum | cut -d " " -f1
   changed_when: false
   register: md5sum
 
@@ -48,7 +48,7 @@
   become: true
   become_user: "{{ swift_system_user_name }}"
   args:
-    chdir: /etc/swift/ring_build_files/
+    chdir: /etc/swift/
 
 - name: "Ensure contents file matches ring after ring sync for storage policies"
   ansible.builtin.command: >-
@@ -60,4 +60,4 @@
   become: true
   become_user: "{{ swift_system_user_name }}"
   args:
-    chdir: /etc/swift/ring_build_files/
+    chdir: /etc/swift/