diff --git a/playbooks/roles/octavia-controller-config/meta/main.yml b/playbooks/roles/octavia-controller-config/meta/main.yml index 9d17fb78d..6ff4d2715 100644 --- a/playbooks/roles/octavia-controller-config/meta/main.yml +++ b/playbooks/roles/octavia-controller-config/meta/main.yml @@ -1,2 +1,10 @@ dependencies: - common +galaxy_info: + author: Red Hat + description: octavia-controller-config + license: Apache + min_ansible_version: 2.5 + platforms: + - name: CentOS + - name: Fedora diff --git a/playbooks/roles/octavia-controller-config/tasks/main.yml b/playbooks/roles/octavia-controller-config/tasks/main.yml index 94db72f8a..cc693a849 100644 --- a/playbooks/roles/octavia-controller-config/tasks/main.yml +++ b/playbooks/roles/octavia-controller-config/tasks/main.yml @@ -3,12 +3,18 @@ command: "hostname -f" register: hostname changed_when: False - - set_fact: + + - name: set node_hostname + set_fact: node_hostname: "{{ hostname.stdout }}" + - include_tasks: certificate.yml when: generate_certs + - include_tasks: netport.yml + - include_tasks: netinterface.yml + - name: making sure octavia common configuration directory exists file: path: "{{ octavia_confd_prefix }}/etc/octavia/conf.d/common" diff --git a/playbooks/roles/octavia-controller-config/tasks/netport.yml b/playbooks/roles/octavia-controller-config/tasks/netport.yml index 1f58f1476..d95726828 100644 --- a/playbooks/roles/octavia-controller-config/tasks/netport.yml +++ b/playbooks/roles/octavia-controller-config/tasks/netport.yml @@ -10,48 +10,62 @@ changed_when: "out_mgmt_port.stdout != ''" notify: - octavia config updated + - name: getting management port shell: | openstack port show octavia-health-manager-{{ node_hostname }}-listen-port -f value -c id register: out_mgmt_port_id changed_when: False + - name: setting fact for management network controller port ID set_fact: mgmt_port_id: "{{ out_mgmt_port_id.stdout }}" + - name: get management port mac shell: | openstack port show {{ mgmt_port_id }} -f value -c mac_address register: out_mgmt_port_mac changed_when: False + - name: setting fact for management network controller port MAC set_fact: mgmt_port_mac: "{{ out_mgmt_port_mac.stdout }}" + - name: get management port ip shell: | + set -euo pipefail openstack port show {{ mgmt_port_id }} -f value -c fixed_ips | cut -f1 -d, | cut -f2 -d= | tr -d "'" register: out_mgmt_port_ip changed_when: False + - name: setting fact for management network controller port IP set_fact: mgmt_port_ip: "{{ out_mgmt_port_ip.stdout }}" + - name: get management port net mask shell: | + set -euo pipefail subnet_id=$(openstack port show {{ mgmt_port_id }} -f value -c fixed_ips | cut -f2 -d, | cut -f2 -d= | tr -d "'" 2> /dev/null) openstack subnet show $subnet_id -f value -c cidr 2> /dev/null register: out_mgmt_subnet_cidr + - name: setting fact for management subnet cidr set_fact: mgmt_subnet_cidr: "{{ out_mgmt_subnet_cidr.stdout }}" + - name: setting fact for management network netmask set_fact: mgmt_port_netmask: "{{ mgmt_subnet_cidr | ipaddr('netmask') }}" + - name: get MTU for managment port shell: | openstack network show {{ lb_mgmt_net_name }} -f value -c mtu register: out_mgmt_port_mtu + - name: setting fact for management port MTU set_fact: mgmt_port_mtu: "{{ out_mgmt_port_mtu.stdout }}" + - name: creating fact for management network health manager controller IP set_fact: o_hm_ip: "{{ mgmt_port_ip }}:5555" diff --git a/playbooks/roles/octavia-controller-config/tasks/octavia.yml b/playbooks/roles/octavia-controller-config/tasks/octavia.yml index dd510654c..f113a63ed 100644 --- a/playbooks/roles/octavia-controller-config/tasks/octavia.yml +++ b/playbooks/roles/octavia-controller-config/tasks/octavia.yml @@ -6,6 +6,7 @@ selevel: s0 setype: svirt_sandbox_file_t become: true + - name: setting [controller_worker]/amp_boot_network_list become: true become_user: root @@ -16,6 +17,7 @@ value: "{{ lb_mgmt_net_id }}" selevel: s0 setype: svirt_sandbox_file_t + - name: setting [controller_worker]/amp_secgroup_list become: true become_user: root @@ -26,25 +28,29 @@ value: "{{ lb_mgmt_secgroup_id }}" selevel: s0 setype: svirt_sandbox_file_t + - name: making sure octavia health manager configuration directory exists file: - path: "{{octavia_confd_prefix}}/etc/octavia/conf.d/octavia-health-manager" + path: "{{ octavia_confd_prefix }}/etc/octavia/conf.d/octavia-health-manager" state: directory selevel: s0 setype: svirt_sandbox_file_t become: true + - name: create octavia health manager configuration file become: true become_user: root template: - dest: "{{octavia_confd_prefix}}/etc/octavia/conf.d/octavia-health-manager/manager-post-deploy.conf" + dest: "{{ octavia_confd_prefix }}/etc/octavia/conf.d/octavia-health-manager/manager-post-deploy.conf" src: "manager-post-deploy.conf.j2" selevel: s0 setype: svirt_sandbox_file_t + - name: gather facts about the service project shell: | openstack project show "{{ auth_project_name }}" -c id -f value register: project_id_result + - name: setting [controller_worker]/amp_image_owner_id become: true become_user: root diff --git a/playbooks/roles/octavia-controller-post-config/meta/main.yml b/playbooks/roles/octavia-controller-post-config/meta/main.yml index 9d17fb78d..1871201ed 100644 --- a/playbooks/roles/octavia-controller-post-config/meta/main.yml +++ b/playbooks/roles/octavia-controller-post-config/meta/main.yml @@ -1,2 +1,10 @@ dependencies: - common +galaxy_info: + author: Red Hat + description: octavia-controller-post-config + license: Apache + min_ansible_version: 2.5 + platforms: + - name: CentOS + - name: Fedora diff --git a/playbooks/roles/octavia-controller-post-config/tasks/main.yml b/playbooks/roles/octavia-controller-post-config/tasks/main.yml index 4de482047..31da51072 100644 --- a/playbooks/roles/octavia-controller-post-config/tasks/main.yml +++ b/playbooks/roles/octavia-controller-post-config/tasks/main.yml @@ -5,20 +5,23 @@ - name: create ip list set_fact: o_hm_ip_list: "{% for octavia_node in groups['octavia_nodes'] %}{{ hostvars[octavia_node].o_hm_ip }}, {%endfor%}" - - set_fact: + + - name: create ip list (2) + set_fact: o_hm_ip_list: "{{ o_hm_ip_list[:-2] }}" #remove the last two characters + - name: read the current IP list become: true become_user: root shell: | - awk -F '=' -e '/^controller_ip_port_list/ { print $2; }' "{{octavia_confd_prefix}}/etc/octavia/conf.d/octavia-worker/worker-post-deploy.conf" + awk -F '=' -e '/^controller_ip_port_list/ { print $2; }' "{{ octavia_confd_prefix }}/etc/octavia/conf.d/octavia-worker/worker-post-deploy.conf" register: config_contents failed_when: config_contents.rc != 0 changed_when: false ignore_errors: true - name: retrieve current ip list set_fact: - current_ip_list: "{{config_contents.stdout}}" + current_ip_list: "{{ config_contents.stdout }}" # This isn't perfect as they execution order will make them not match, but we can avoid a restart # if things have stayed the same. @@ -34,7 +37,7 @@ section: "health_manager" option: "controller_ip_port_list" value: "{{ o_hm_ip_list }}" - path: "{{octavia_confd_prefix}}/etc/octavia/conf.d/octavia-worker/worker-post-deploy.conf" + path: "{{ octavia_confd_prefix }}/etc/octavia/conf.d/octavia-worker/worker-post-deploy.conf" selevel: s0 setype: svirt_sandbox_file_t when: octavia_config_updated diff --git a/playbooks/roles/octavia-overcloud-config/meta/main.yml b/playbooks/roles/octavia-overcloud-config/meta/main.yml index 9d17fb78d..03aefc846 100644 --- a/playbooks/roles/octavia-overcloud-config/meta/main.yml +++ b/playbooks/roles/octavia-overcloud-config/meta/main.yml @@ -1,2 +1,10 @@ dependencies: - common +galaxy_info: + author: Red Hat + description: octavia-overcloud-config + license: Apache + min_ansible_version: 2.5 + platforms: + - name: CentOS + - name: Fedora diff --git a/playbooks/roles/octavia-overcloud-config/tasks/certs_gen.yml b/playbooks/roles/octavia-overcloud-config/tasks/certs_gen.yml index 2ebe02a4b..b211ffb28 100644 --- a/playbooks/roles/octavia-overcloud-config/tasks/certs_gen.yml +++ b/playbooks/roles/octavia-overcloud-config/tasks/certs_gen.yml @@ -28,10 +28,16 @@ become: true shell: | openssl genrsa -passout pass:{{ ca_passphrase }} -des3 -out {{ openssl_temp_dir }}/private/cakey.pem 2048 + tags: + - skip_ansible_lint + - name: Reading private key become: true shell: cat {{ openssl_temp_dir }}/private/cakey.pem register: private_key_data + tags: + - skip_ansible_lint + - name: Setting private key fact set_fact: private_key_content: "{{ private_key_data.stdout }}" @@ -43,10 +49,16 @@ -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" \ -days 365 -config {{ openssl_temp_dir }}/openssl.cnf \ -out {{ openssl_temp_dir }}/ca_01.pem + tags: + - skip_ansible_lint + - name: Reading CA certificate become: true shell: cat {{ openssl_temp_dir }}/ca_01.pem register: ca_cert_data + tags: + - skip_ansible_lint + - name: Setting CA certificate fact set_fact: ca_cert_content: "{{ ca_cert_data.stdout }}" diff --git a/playbooks/roles/octavia-overcloud-config/tasks/network.yml b/playbooks/roles/octavia-overcloud-config/tasks/network.yml index 27b6d6c21..52fd25107 100644 --- a/playbooks/roles/octavia-overcloud-config/tasks/network.yml +++ b/playbooks/roles/octavia-overcloud-config/tasks/network.yml @@ -6,14 +6,17 @@ fi register: out_lb_mgmt_net changed_when: "out_lb_mgmt_net.stdout != ''" + - name: getting management network ID shell: | openstack network show {{ lb_mgmt_net_name }} -f value -c id register: out_lb_mgmt_net_id changed_when: False + - name: setting management network ID fact set_fact: lb_mgmt_net_id: "{{ out_lb_mgmt_net_id.stdout }}" + - name: create subnet shell: | if [[ $(openstack subnet show {{ lb_mgmt_subnet_name }} > /dev/null; echo $?) -eq 1 ]]; then @@ -25,6 +28,7 @@ fi register: lb_mgmt_subnet_result changed_when: "lb_mgmt_subnet_result.stdout != ''" + - name: create security group #get the security group id shell: | if [[ $(openstack security group show {{ lb_mgmt_sec_grp_name }} > /dev/null; echo $?) -eq 1 ]]; then @@ -38,8 +42,10 @@ - name: setting fact for management network security group set_fact: lb_mgmt_secgroup_id: "{{ lb_mgmt_secgroup_result.stdout }}" + - name: create security group rule to open amphora management ssh port shell: | + set -euo pipefail if [[ $(openstack security group rule list {{ lb_mgmt_sec_grp_name }} --protocol tcp --ingress -f value 2>&1 | grep "0.0.0.0/0 22:22") == "" ]]; then openstack security group rule create --protocol tcp --dst-port 22 {{ lb_mgmt_sec_grp_name }} fi @@ -49,8 +55,10 @@ OS_USERNAME: "{{ auth_username }}" OS_PASSWORD: "{{ auth_password }}" OS_PROJECT_NAME: "{{ auth_project_name }}" + - name: create security group rule to open amphora management API port shell: | + set -euo pipefail if [[ $(openstack security group rule list {{ lb_mgmt_sec_grp_name }} --protocol tcp --ingress -f value 2>&1 | grep "0.0.0.0/0 9443:9443") == "" ]]; then openstack security group rule create --protocol tcp --dst-port 9443 {{ lb_mgmt_sec_grp_name }} fi @@ -60,6 +68,7 @@ OS_USERNAME: "{{ auth_username }}" OS_PASSWORD: "{{ auth_password }}" OS_PROJECT_NAME: "{{ auth_project_name }}" + - name: create security group for health manager shell: | if [[ $(openstack security group show {{ lb_health_mgr_sec_grp_name }} > /dev/null; echo $?) -eq 1 ]]; then @@ -69,8 +78,10 @@ fi register: lb_health_manager_sec_grp_result changed_when: "lb_health_manager_sec_grp_result.stdout != ''" + - name: create security group rule for health manager shell: | + set -euo pipefail if [[ $(openstack security group rule list {{ lb_health_mgr_sec_grp_name }} --protocol udp --ingress -f value 2>&1 | grep "0.0.0.0/0 5555:5555") == "" ]]; then openstack security group rule create --protocol udp --dst-port 5555 {{ lb_health_mgr_sec_grp_name }} fi diff --git a/playbooks/roles/octavia-undercloud/meta/main.yml b/playbooks/roles/octavia-undercloud/meta/main.yml index 9d17fb78d..9b9a038ee 100644 --- a/playbooks/roles/octavia-undercloud/meta/main.yml +++ b/playbooks/roles/octavia-undercloud/meta/main.yml @@ -1,2 +1,10 @@ dependencies: - common +galaxy_info: + author: Red Hat + description: octavia-undercloud + license: Apache + min_ansible_version: 2.5 + platforms: + - name: CentOS + - name: Fedora diff --git a/playbooks/roles/octavia-undercloud/tasks/main.yml b/playbooks/roles/octavia-undercloud/tasks/main.yml index eaef78d90..425d3abd6 100644 --- a/playbooks/roles/octavia-undercloud/tasks/main.yml +++ b/playbooks/roles/octavia-undercloud/tasks/main.yml @@ -34,9 +34,10 @@ - name: fail if ssh pub key file does not exist or is not readable fail: msg="{{ amp_ssh_key_path }} does not exist or is not readable by user {{ ansible_user }}" - when: key_file_result|failed or key_file_result.stat.exists == False or key_file_result.stat.readable == False + when: key_file_result|failed or not key_file_result.stat.exists or not key_file_result.stat.readable - - set_fact: + - name: set amp_ssh_key_path_final + set_fact: amp_ssh_key_path_final: "{{ amp_ssh_key_path }}" when: amp_ssh_key_path is defined and amp_ssh_key_path != "" @@ -49,7 +50,8 @@ - name: copy ssh public key content to temp file copy: content="{{ amp_ssh_key_data }}" dest="{{ ssh_key_tmp_file.path }}" - - set_fact: + - name: set amp_ssh_key_path_final + set_fact: amp_ssh_key_path_final: "{{ ssh_key_tmp_file.path }}" when: amp_ssh_key_path is not defined or amp_ssh_key_path == "" diff --git a/playbooks/rotate-keys.yaml b/playbooks/rotate-keys.yaml index ad5f51bf3..2558a69fd 100644 --- a/playbooks/rotate-keys.yaml +++ b/playbooks/rotate-keys.yaml @@ -9,13 +9,15 @@ - name: populate service facts service_facts: - - set_fact: + - name: Determine facts + set_fact: is_container: containerized_keystone_dir.stat.isdir is defined and containerized_keystone_dir.stat.isdir podman_enabled: '"tripleo_keystone.service" in ansible_facts.services' - name: Rotate fernet keys for keystone container block: - - set_fact: + - name: set keystone_base + set_fact: keystone_base: /var/lib/config-data/puppet-generated/keystone - name: Remove previous fernet keys @@ -33,12 +35,18 @@ - name: Set permissions to match container's user shell: chown --reference={{ keystone_base }}/etc/keystone/fernet-keys {{ keystone_base }}{{ item.key }} + args: + warn: false with_dict: "{{ fernet_keys }}" no_log: true + tags: + - skip_ansible_lint - name: Restart keystone container with docker shell: docker restart keystone when: not podman_enabled + tags: + - skip_ansible_lint - name: Restart keystone container service: diff --git a/playbooks/swift_ring_rebalance.yaml b/playbooks/swift_ring_rebalance.yaml index a272b39f1..9289e3cb8 100644 --- a/playbooks/swift_ring_rebalance.yaml +++ b/playbooks/swift_ring_rebalance.yaml @@ -40,10 +40,13 @@ - name: Abort playbook run if consistency check fails fail: msg: "object.ring.gz does not match reference checksum" - when: (result.stat.exists == True) and (result_reference.stat.exists == True) and (result_reference.stat.checksum != result.stat.checksum) + when: + - result.stat.exists + - result_reference.stat.exists + - result_reference.stat.checksum != result.stat.checksum - name: Deploy missing Swift rings - when: result.stat.exists == False + when: not result.stat.exists block: - name: Fetch missing Swift rings from undercloud command: swift --insecure download -o /tmp/swift-rings.tar.gz overcloud-swift-rings swift-rings.tar.gz @@ -63,7 +66,9 @@ - name: Check if it is safe to continue rebalancing set_fact: rebalance_is_safe: True - when: (result.stat.exists == True) and ((recon.stdout | from_json).object_replication_last | int) > ((result.stat.mtime) | int) + when: + - result.stat.exists + - ((recon.stdout | from_json).object_replication_last | int) > ((result.stat.mtime) | int) - name: Show warning and stop playbook run if unsafe debug: diff --git a/releasenotes/notes/fix-api-network-rendering-5a65009051a0f464.yaml b/releasenotes/notes/fix-api-network-rendering-5a65009051a0f464.yaml index 0ee5c8487..983e180e6 100644 --- a/releasenotes/notes/fix-api-network-rendering-5a65009051a0f464.yaml +++ b/releasenotes/notes/fix-api-network-rendering-5a65009051a0f464.yaml @@ -4,4 +4,4 @@ fixes: Fixes compatibility between older deployments with Heat resource network "InternalNetwork" and corrected "InternalApiNetwork". Upgrades from previous versions will still use the old naming scheme, while new - deployments will use the correct name of "InternalApiNetwork". + deployments will use the correct name of "InternalApiNetwork". diff --git a/roles/tripleo-container-tag/tasks/main.yaml b/roles/tripleo-container-tag/tasks/main.yaml index 0e6b05e54..f6ddf35e9 100644 --- a/roles/tripleo-container-tag/tasks/main.yaml +++ b/roles/tripleo-container-tag/tasks/main.yaml @@ -1,7 +1,7 @@ --- - name: Pull {{ container_image }} image - shell: "{{ container_cli }} pull {{container_image}}" + shell: "{{ container_cli }} pull {{ container_image }}" when: pull_image|bool - name: Tag {{ container_image_latest }} to latest {{ container_image }} image - shell: "{{ container_cli }} tag {{container_image}} {{container_image_latest}}" + shell: "{{ container_cli }} tag {{ container_image }} {{ container_image_latest }}" diff --git a/roles/tripleo-create-admin/README.md b/roles/tripleo-create-admin/README.md index 025563a89..c9c78380b 100644 --- a/roles/tripleo-create-admin/README.md +++ b/roles/tripleo-create-admin/README.md @@ -42,7 +42,7 @@ None - import_role: name: tripleo-create-admin tasks_from: create_user.yml - vars: + vars: tripleo_admin_generate_key: true ### Authorize existing user ### diff --git a/roles/tripleo-hieradata/defaults/main.yaml b/roles/tripleo-hieradata/defaults/main.yaml index 3f26d5191..d04998661 100644 --- a/roles/tripleo-hieradata/defaults/main.yaml +++ b/roles/tripleo-hieradata/defaults/main.yaml @@ -1,4 +1,5 @@ hieradata_template: "" -hieradata_variable_start_string: "{{" -hieradata_variable_end_string: "}}" +# jinja2 escape trick for simple {{ and }} strings: +hieradata_variable_start_string: "{{ '{{' }}" +hieradata_variable_end_string: "{{ '}}' }}" hieradata_per_host: false diff --git a/roles/tripleo-hieradata/test-playbook.yaml b/roles/tripleo-hieradata/test-playbook.yaml index e9b14083c..df5ab543f 100644 --- a/roles/tripleo-hieradata/test-playbook.yaml +++ b/roles/tripleo-hieradata/test-playbook.yaml @@ -5,5 +5,6 @@ name: tripleo-hieradata vars: hieradata_template: hieradata.j2.yaml - variable_start_string: "{{" - variable_end_string: "}}" + # jinja2 escape trick for simple {{ and }} strings: + variable_start_string: "{{ '{{' }}" + variable_end_string: "{{ '}}' }}" diff --git a/roles/tripleo-persist/tasks/cleanup.yml b/roles/tripleo-persist/tasks/cleanup.yml index 2fad5cabb..52e0f8806 100644 --- a/roles/tripleo-persist/tasks/cleanup.yml +++ b/roles/tripleo-persist/tasks/cleanup.yml @@ -1,6 +1,6 @@ - name: ensure tripleo_persist storage directory is removed file: - path: "{{tripleo_persist_storage_root_dir}}" + path: "{{ tripleo_persist_storage_root_dir }}" state: absent delegate_to: localhost - become: "{{tripleo_persist_storage_root_become}}" + become: "{{ tripleo_persist_storage_root_become }}" diff --git a/roles/tripleo-persist/tasks/persist.yml b/roles/tripleo-persist/tasks/persist.yml index 67f8ea8ba..05044d62e 100644 --- a/roles/tripleo-persist/tasks/persist.yml +++ b/roles/tripleo-persist/tasks/persist.yml @@ -1,12 +1,12 @@ - name: ensure local storage directory exists and has correct permissions file: - path: "{{tripleo_persist_storage_root_dir}}" + path: "{{ tripleo_persist_storage_root_dir }}" # Attempting to set an owner fails with "chown failed: failed to # look up user" so we at least ensure the permissions. mode: 0700 state: directory delegate_to: localhost - become: "{{tripleo_persist_storage_root_become}}" + become: "{{ tripleo_persist_storage_root_become }}" - name: create tempfile for the archive tempfile: @@ -15,7 +15,7 @@ - name: make sure we don't have a trailing forward slash set_fact: - tripleo_persist_dir_safe: "{{tripleo_persist_dir|regex_replace('\\/$', '')}}" + tripleo_persist_dir_safe: "{{ tripleo_persist_dir|regex_replace('\\/$', '') }}" cacheable: no # Using the "archive" module lists lists all tarred files in module @@ -23,15 +23,15 @@ # "no_log: true". - name: create the archive shell: | - tar -czf "{{tripleo_persist_tempfile.path}}" -C "{{tripleo_persist_dir_safe|dirname}}" "{{tripleo_persist_dir_safe|basename}}" + tar -czf "{{ tripleo_persist_tempfile.path }}" -C "{{ tripleo_persist_dir_safe|dirname }}" "{{ tripleo_persist_dir_safe|basename }}" - name: fetch the archive fetch: - src: "{{tripleo_persist_tempfile.path}}" - dest: "{{tripleo_persist_storage_root_dir}}/{{inventory_hostname}}{{tripleo_persist_dir_safe}}.tar.gz" + src: "{{ tripleo_persist_tempfile.path }}" + dest: "{{ tripleo_persist_storage_root_dir }}/{{ inventory_hostname }}{{ tripleo_persist_dir_safe }}.tar.gz" flat: yes - name: remove tempfile file: - name: "{{tripleo_persist_tempfile.path}}" + name: "{{ tripleo_persist_tempfile.path }}" state: absent diff --git a/roles/tripleo-persist/tasks/restore.yml b/roles/tripleo-persist/tasks/restore.yml index 6951154be..ff0e4e111 100644 --- a/roles/tripleo-persist/tasks/restore.yml +++ b/roles/tripleo-persist/tasks/restore.yml @@ -1,14 +1,14 @@ - name: make sure we don't have a trailing forward slash set_fact: - tripleo_persist_dir_safe: "{{tripleo_persist_dir|regex_replace('\\/$', '')}}" + tripleo_persist_dir_safe: "{{ tripleo_persist_dir|regex_replace('\\/$', '') }}" cacheable: no - name: make sure the parent directory is present file: - path: "{{tripleo_persist_dir_safe|dirname}}" + path: "{{ tripleo_persist_dir_safe|dirname }}" state: directory - name: push and extract the archive unarchive: - src: "{{tripleo_persist_storage_root_dir}}/{{inventory_hostname}}{{tripleo_persist_dir_safe}}.tar.gz" - dest: "{{tripleo_persist_dir_safe|dirname}}" + src: "{{ tripleo_persist_storage_root_dir }}/{{ inventory_hostname }}{{ tripleo_persist_dir_safe }}.tar.gz" + dest: "{{ tripleo_persist_dir_safe|dirname }}" diff --git a/roles/tripleo-transfer/tasks/cleanup.yml b/roles/tripleo-transfer/tasks/cleanup.yml index 616689cbc..3b70d3b55 100644 --- a/roles/tripleo-transfer/tasks/cleanup.yml +++ b/roles/tripleo-transfer/tasks/cleanup.yml @@ -1,6 +1,6 @@ - name: ensure tripleo_transfer storage directory is removed file: - path: "{{tripleo_transfer_storage_root_dir}}" + path: "{{ tripleo_transfer_storage_root_dir }}" state: absent delegate_to: localhost - become: "{{tripleo_transfer_storage_root_become}}" + become: "{{ tripleo_transfer_storage_root_become }}" diff --git a/roles/tripleo-transfer/tasks/main.yml b/roles/tripleo-transfer/tasks/main.yml index d33329951..8fa16a826 100644 --- a/roles/tripleo-transfer/tasks/main.yml +++ b/roles/tripleo-transfer/tasks/main.yml @@ -1,77 +1,78 @@ - name: make sure we don't have a trailing forward slash in the src set_fact: - tripleo_transfer_src_dir_safe: "{{tripleo_transfer_src_dir|regex_replace('\\/$', '')}}" + tripleo_transfer_src_dir_safe: "{{ tripleo_transfer_src_dir|regex_replace('\\/$', '') }}" cacheable: no - name: make sure we don't have a trailing forward slash in the dst set_fact: - tripleo_transfer_dest_dir_safe: "{{tripleo_transfer_dest_dir|regex_replace('\\/$', '')}}" + tripleo_transfer_dest_dir_safe: "{{ tripleo_transfer_dest_dir|regex_replace('\\/$', '') }}" cacheable: no - name: ensure local storage directory exists and has correct permissions file: - path: "{{tripleo_transfer_storage_root_dir}}" + path: "{{ tripleo_transfer_storage_root_dir }}" # Attempting to set an owner fails with "chown failed: failed to # look up user" so we at least ensure the permissions. mode: 0700 state: directory delegate_to: localhost - become: "{{tripleo_transfer_storage_root_become}}" + become: "{ {tripleo_transfer_storage_root_become }}" - name: create tempfile for the archive tempfile: prefix: ansible.tripleo-transfer. register: tripleo_transfer_tempfile - become: "{{tripleo_transfer_src_become}}" - delegate_to: "{{tripleo_transfer_src_host}}" + become: "{{ tripleo_transfer_src_become }}" + delegate_to: "{{ tripleo_transfer_src_host }}" # Using the "archive" module lists lists all tarred files in module # output, if there's too many files, it can crash ansible even with # "no_log: true". - name: create the archive shell: | - tar --transform "s|^{{tripleo_transfer_src_dir_safe|basename}}|{{tripleo_transfer_dest_dir_safe|basename}}|" -czf "{{tripleo_transfer_tempfile.path}}" -C "{{tripleo_transfer_src_dir_safe|dirname}}" "{{tripleo_transfer_src_dir_safe|basename}}" - become: "{{tripleo_transfer_src_become}}" - delegate_to: "{{tripleo_transfer_src_host}}" + set -euo pipefail + tar --transform "s|^{{ tripleo_transfer_src_dir_safe|basename }}|{{ tripleo_transfer_dest_dir_safe|basename }}|" -czf "{{ tripleo_transfer_tempfile.path }}" -C "{{ tripleo_transfer_src_dir_safe|dirname }}" "{{ tripleo_transfer_src_dir_safe|basename }}" + become: "{{ tripleo_transfer_src_become }}" + delegate_to: "{{ tripleo_transfer_src_host }}" - name: fetch the archive fetch: - src: "{{tripleo_transfer_tempfile.path}}" - dest: "{{tripleo_transfer_storage_root_dir}}/{{tripleo_transfer_dest_host}}{{tripleo_transfer_dest_dir_safe}}.tar.gz" + src: "{{ tripleo_transfer_tempfile.path }}" + dest: "{{ tripleo_transfer_storage_root_dir }}/{{ tripleo_transfer_dest_host }}{{ tripleo_transfer_dest_dir_safe }}.tar.gz" flat: yes - become: "{{tripleo_transfer_src_become}}" - delegate_to: "{{tripleo_transfer_src_host}}" + become: "{{ tripleo_transfer_src_become }}" + delegate_to: "{{ tripleo_transfer_src_host }}" - name: remove tempfile file: - name: "{{tripleo_transfer_tempfile.path}}" + name: "{{ tripleo_transfer_tempfile.path }}" state: absent - become: "{{tripleo_transfer_src_become}}" - delegate_to: "{{tripleo_transfer_src_host}}" + become: "{{ tripleo_transfer_src_become }}" + delegate_to: "{{ tripleo_transfer_src_host }}" - name: wipe the destination directory file: - path: "{{tripleo_transfer_dest_dir_safe}}" + path: "{{ tripleo_transfer_dest_dir_safe }}" state: absent - become: "{{tripleo_transfer_dest_become}}" - delegate_to: "{{tripleo_transfer_dest_host}}" + become: "{{ tripleo_transfer_dest_become }}" + delegate_to: "{{ tripleo_transfer_dest_host }}" when: tripleo_transfer_dest_wipe|bool - name: make sure the destination parent directory is present file: - path: "{{tripleo_transfer_dest_dir_safe|dirname}}" + path: "{{ tripleo_transfer_dest_dir_safe|dirname }}" state: directory - become: "{{tripleo_transfer_dest_become}}" - delegate_to: "{{tripleo_transfer_dest_host}}" + become: "{{ tripleo_transfer_dest_become }}" + delegate_to: "{{ tripleo_transfer_dest_host }}" - name: push and extract the archive unarchive: - src: "{{tripleo_transfer_storage_root_dir}}/{{tripleo_transfer_dest_host}}{{tripleo_transfer_dest_dir_safe}}.tar.gz" - dest: "{{tripleo_transfer_dest_dir_safe|dirname}}" - become: "{{tripleo_transfer_dest_become}}" - delegate_to: "{{tripleo_transfer_dest_host}}" + src: "{{ tripleo_transfer_storage_root_dir }}/{{ tripleo_transfer_dest_host }}{{ tripleo_transfer_dest_dir_safe }}.tar.gz" + dest: "{{ tripleo_transfer_dest_dir_safe|dirname }}" + become: "{{ tripleo_transfer_dest_become }}" + delegate_to: "{{ tripleo_transfer_dest_host }}" - name: remove the local archive file: - path: "{{tripleo_transfer_storage_root_dir}}/{{tripleo_transfer_dest_host}}{{tripleo_transfer_dest_dir_safe}}.tar.gz" + path: "{{ tripleo_transfer_storage_root_dir }}/{{ tripleo_transfer_dest_host }}{{ tripleo_transfer_dest_dir_safe }}.tar.gz" state: absent diff --git a/roles/tripleo-upgrade-hiera/tasks/create-tripleo-upgrade-file.yml b/roles/tripleo-upgrade-hiera/tasks/create-tripleo-upgrade-file.yml index 077253a89..9026e4727 100644 --- a/roles/tripleo-upgrade-hiera/tasks/create-tripleo-upgrade-file.yml +++ b/roles/tripleo-upgrade-hiera/tasks/create-tripleo-upgrade-file.yml @@ -1,6 +1,6 @@ - name: create the directory for hiera file file: - path: "{{tripleo_upgrade_hiera_file|dirname}}" + path: "{{ tripleo_upgrade_hiera_file|dirname }}" owner: "root" group: "root" mode: 0755 @@ -9,19 +9,19 @@ - name: check if the upgrade file exists. stat: - path: "{{tripleo_upgrade_hiera_file}}" + path: "{{ tripleo_upgrade_hiera_file }}" register: _tripleo_upgrade_hiera_file become: yes - name: check if the file contains valid json - command: "jq . {{tripleo_upgrade_hiera_file}}" + command: "jq . {{ tripleo_upgrade_hiera_file }}" register: _tripleo_upgrade_hiera_test become: yes when: _tripleo_upgrade_hiera_file.stat.exists - name: create the hiera file when no file or empty file. copy: - dest: "{{tripleo_upgrade_hiera_file}}" + dest: "{{ tripleo_upgrade_hiera_file }}" owner: "root" group: "root" mode: 0644 @@ -30,6 +30,6 @@ when: not _tripleo_upgrade_hiera_file.stat.exists or _tripleo_upgrade_hiera_test.stdout == "" - name: load the json hiera data - command: "jq . {{tripleo_upgrade_hiera_file}}" + command: "jq . {{ tripleo_upgrade_hiera_file }}" register: tripleo_upgrade_hiera_command become: yes diff --git a/roles/tripleo-upgrade-hiera/tasks/remove-all.yml b/roles/tripleo-upgrade-hiera/tasks/remove-all.yml index 056c4aa28..c56aa61ef 100644 --- a/roles/tripleo-upgrade-hiera/tasks/remove-all.yml +++ b/roles/tripleo-upgrade-hiera/tasks/remove-all.yml @@ -1,6 +1,6 @@ --- - name: delete the upgrade hiera file file: - path: "{{tripleo_upgrade_hiera_file}}" + path: "{{ tripleo_upgrade_hiera_file }}" state: absent become: yes diff --git a/roles/tripleo-upgrade-hiera/tasks/remove.yml b/roles/tripleo-upgrade-hiera/tasks/remove.yml index b48e76d80..e51d7b5f3 100644 --- a/roles/tripleo-upgrade-hiera/tasks/remove.yml +++ b/roles/tripleo-upgrade-hiera/tasks/remove.yml @@ -18,5 +18,5 @@ - name: write the updated tripleo-upgrade hiera data copy: content: "{{ tripleo_upgrade_hiera_data_del | to_nice_json }}" - dest: "{{tripleo_upgrade_hiera_file}}" + dest: "{{ tripleo_upgrade_hiera_file }}" become: yes diff --git a/roles/tripleo-upgrade-hiera/tasks/set.yml b/roles/tripleo-upgrade-hiera/tasks/set.yml index 60e4cbe05..9011f5ddc 100644 --- a/roles/tripleo-upgrade-hiera/tasks/set.yml +++ b/roles/tripleo-upgrade-hiera/tasks/set.yml @@ -10,6 +10,6 @@ - name: write the updated tripleo-upgrade hiera data copy: content: "{{ tripleo_upgrade_hiera_data_add | to_nice_json }}" - dest: "{{tripleo_upgrade_hiera_file}}" + dest: "{{ tripleo_upgrade_hiera_file }}" become: yes diff --git a/tripleo_common/templates/deployments.yaml b/tripleo_common/templates/deployments.yaml index 0b1e3f639..5c02d8357 100644 --- a/tripleo_common/templates/deployments.yaml +++ b/tripleo_common/templates/deployments.yaml @@ -1,10 +1,10 @@ - name: Lookup deployment UUID set_fact: - deployment_uuid: "{{ lookup('file', tripleo_role_name ~ '/' ~ ansible_hostname | lower ~ '/' ~ item) | from_yaml | json_query(item ~ '.id')}}" + deployment_uuid: "{{ lookup('file', tripleo_role_name ~ '/' ~ ansible_hostname | lower ~ '/' ~ item) | from_yaml | json_query(item ~ '.id') }}" - name: Lookup deployment group set_fact: - deployment_group: "{{ lookup('file', tripleo_role_name ~ '/' ~ ansible_hostname | lower ~ '/' ~ item) | from_yaml | json_query(item ~ '.group')}}" + deployment_group: "{{ lookup('file', tripleo_role_name ~ '/' ~ ansible_hostname | lower ~ '/' ~ item) | from_yaml | json_query(item ~ '.group') }}" - name: Hiera check and diff mode diff --git a/tripleo_common/tests/utils/data/config_data.yaml b/tripleo_common/tests/utils/data/config_data.yaml index 0f92db7c8..8218a5e05 100644 --- a/tripleo_common/tests/utils/data/config_data.yaml +++ b/tripleo_common/tests/utils/data/config_data.yaml @@ -119,19 +119,15 @@ servers: - physical_resource_id: 00b3a5e1-5e8e-4b55-878b-2fa2271f15ad name: overcloud-controller-0 OS::stack_id: 00b3a5e1-5e8e-4b55-878b-2fa2271f15ad - name: overcloud-controller-0 - physical_resource_id: a7db3010-a51f-4ae0-a791-2364d629d20d name: overcloud-novacompute-0 OS::stack_id: a7db3010-a51f-4ae0-a791-2364d629d20d - name: overcloud-novacompute-0 - physical_resource_id: 8b07cd31-3083-4b88-a433-955f72039e2c name: overcloud-novacompute-1 OS::stack_id: 8b07cd31-3083-4b88-a433-955f72039e2c - name: overcloud-novacompute-1 - physical_resource_id: 169b46f8-1965-4d90-a7de-f36fb4a830fe name: overcloud-novacompute-2 OS::stack_id: 169b46f8-1965-4d90-a7de-f36fb4a830fe - name: overcloud-novacompute-2 server_id_data: Controller: