openstack
/
tripleo-ansible
Code Issues Proposed changes
tripleo-ansible/tripleo_ansible/roles/octavia_undercloud/tasks/main.yml

122 lines
4.0 KiB
YAML
Raw Blame History

---
- name: set file if already set by heat variable (backwards-compatibility)
set_fact:
image_filename: "{{ amp_image_filename }}"
when:
- amp_image_filename is defined
- not ((amp_image_filename | length) < 1)
- name: set location if CentOS
set_fact:
image_filename: "/usr/share/openstack-octavia-amphora-images/amphora-x64-haproxy.qcow2"
when:
- ansible_facts['distribution'] == 'CentOS'
- not (image_filename is defined)
- name: set location if Red Hat
set_fact:
image_filename: "/usr/share/openstack-octavia-amphora-images/octavia-amphora.qcow2"
when:
- ansible_facts['distribution'] == 'RedHat'
- not (image_filename is defined)
- name: check if amphora image file exists
stat:
path: "{{ image_filename }}"
follow: true
get_checksum: true
register: image_file_result
- include_tasks: image_mgmt.yml
when:
- image_file_result.stat.exists | bool
- name: use ssh pub key file if provided and is readable
block:
- name: check if pub key file exists
stat: path="{{ amp_ssh_key_path }}"
register: key_file_result
- name: fail if ssh pub key file does not exist or is not readable
fail: msg="{{ amp_ssh_key_path }} does not exist or is not readable by user {{ ansible_user }}"
when:
- (not (key_file_result.stat.exists | bool)) or (not (key_file_result.stat.readable | bool))
- name: Set ssh key path fact
set_fact:
amp_ssh_key_path_final: "{{ amp_ssh_key_path }}"
when:
- amp_ssh_key_path is defined
- (amp_ssh_key_path | length) > 0
- name: Generate ssh public key for Octavia
block:
- name: Create ssh key dir
file:
path: "{{ ssh_key_dir }}"
state: directory
- name: Generate ssh key for Octavia
shell: "ssh-keygen -q -t rsa -N '' -f {{ ssh_key_dir }}/octavia_id_rsa"
args:
creates: "{{ ssh_key_dir }}/octavia_id_rsa"
no_log: "{{ octavia_undercloud_config_hide_sensitive_logs | bool }}"
- name: Set ssh key path fact
set_fact:
amp_ssh_key_path_final: "{{ ssh_key_dir }}/octavia_id_rsa.pub"
vars:
ssh_key_dir: "{{ amp_ssh_key_dir|default('/etc/octavia/ssh/') }}"
when:
- amp_ssh_key_path is not defined or ((amp_ssh_key_path | length) < 1)
- name: get the desired sha-256 public key fingerprint
shell: |
set -o pipefail
ssh-keygen -E sha256 -lf {{ amp_ssh_key_path_final }} | awk '{ print $2 }'
no_log: "{{ octavia_undercloud_config_hide_sensitive_logs | bool }}"
register: ssh_keygen_results
- name: get existing public key sha-256 fingerprint
shell: |
set -o pipefail
openstack keypair show --public-key {{ amp_ssh_key_name }} | \
ssh-keygen -E sha256 -lf - | awk '{ print $2 }'
ignore_errors: true
no_log: "{{ octavia_undercloud_config_hide_sensitive_logs | bool }}"
environment:
OS_USERNAME: "{{ auth_username }}"
OS_PASSWORD: "{{ auth_password }}"
OS_PROJECT_NAME: "{{ auth_project_name }}"
register: os_keypair_results
# os_keypair doesn't allow updating a keypair, we need to remove the previous
# keypair in case we need to update it.
- name: delete previous Octavia ssh key
openstack.cloud.keypair:
state: absent
name: "{{ amp_ssh_key_name }}"
auth:
username: "{{ auth_username }}"
password: "{{ auth_password }}"
project_name: "{{ auth_project_name }}"
no_log: "{{ octavia_undercloud_config_hide_sensitive_logs | bool }}"
when:
- os_keypair_results.stdout != ''
- os_keypair_results.stdout != ssh_keygen_results.stdout
- name: Create keypair
openstack.cloud.keypair:
state: present
name: "{{ amp_ssh_key_name }}"
public_key_file: "{{ amp_ssh_key_path_final }}"
auth:
username: "{{ auth_username }}"
password: "{{ auth_password }}"
project_name: "{{ auth_project_name }}"
no_log: "{{ octavia_undercloud_config_hide_sensitive_logs | bool }}"
register: keypair_fingerprint
when:
- os_keypair_results.stdout == '' or os_keypair_results.stdout != ssh_keygen_results.stdout
View Git Blame Copy Permalink