diff --git a/common/deploy-steps-tasks-step-1.yaml b/common/deploy-steps-tasks-step-1.yaml index 5d1a3cb00e..9835557009 100644 --- a/common/deploy-steps-tasks-step-1.yaml +++ b/common/deploy-steps-tasks-step-1.yaml @@ -1,343 +1,343 @@ - - name: Write config data at the start of step 1 - block: - - name: Create and ensure setype for /var/log/containers directory - file: - path: /var/log/containers - state: directory - setype: container_file_t - selevel: s0 - mode: 0750 - tags: - - host_config - - name: Create ContainerLogStdoutPath directory - file: - path: "{{ container_log_stdout_path }}" - state: directory - selevel: s0 - tags: - - host_config - - name: Create /var/lib/tripleo-config directory - file: - path: /var/lib/tripleo-config - state: directory - setype: svirt_sandbox_file_t - selevel: s0 - recurse: true - tags: - - host_config - - container_config - - container_config_tasks - - container_config_scripts - - container_startup_configs +- name: Create and ensure setype for /var/log/containers directory + file: + path: /var/log/containers + state: directory + setype: container_file_t + selevel: s0 + mode: 0750 + tags: + - host_config - - name: Delete existing /var/lib/tripleo-config/check-mode directory for check mode - file: - path: /var/lib/tripleo-config/check-mode - state: absent - tags: - - host_config - - container_config - - container_config_tasks - - container_config_scripts - - container_startup_configs - when: - - ansible_check_mode|bool - ignore_errors: true - check_mode: no +- name: Create ContainerLogStdoutPath directory + file: + path: "{{ container_log_stdout_path }}" + state: directory + selevel: s0 + tags: + - host_config - - name: Create /var/lib/tripleo-config/check-mode directory for check mode - file: - path: /var/lib/tripleo-config/check-mode - state: directory - setype: svirt_sandbox_file_t - selevel: s0 - recurse: true - tags: - - host_config - - container_config - - container_config_tasks - - container_config_scripts - - container_startup_configs - when: - - ansible_check_mode|bool - check_mode: no +- name: Create /var/lib/tripleo-config directory + file: + path: /var/lib/tripleo-config + state: directory + setype: svirt_sandbox_file_t + selevel: s0 + recurse: true + tags: + - host_config + - container_config + - container_config_tasks + - container_config_scripts + - container_startup_configs - # Puppet manifest for baremetal host configuration - - name: Write the puppet step_config manifest - no_log: True - copy: - content: "{{ lookup('file', tripleo_role_name + '/step_config.pp', errors='ignore') | default('', True) }}" - dest: /var/lib/tripleo-config/{{ ansible_check_mode | bool | ternary('check-mode/', '') }}puppet_step_config.pp - force: yes - mode: '0600' - tags: - - host_config - check_mode: no - diff: no +- name: Delete existing /var/lib/tripleo-config/check-mode directory for check mode + file: + path: /var/lib/tripleo-config/check-mode + state: absent + tags: + - host_config + - container_config + - container_config_tasks + - container_config_scripts + - container_startup_configs + when: + - ansible_check_mode|bool + ignore_errors: true + check_mode: no - - name: Diff puppet step_config manifest changes for check mode - command: - diff -uN /var/lib/tripleo-config/puppet_step_config.pp /var/lib/tripleo-config/check-mode/puppet_step_config.pp - register: diff_results - tags: - - host_config - check_mode: no - when: - - ansible_check_mode|bool - - ansible_diff_mode - failed_when: false - changed_when: diff_results.rc == 1 +- name: Create /var/lib/tripleo-config/check-mode directory for check mode + file: + path: /var/lib/tripleo-config/check-mode + state: directory + setype: svirt_sandbox_file_t + selevel: s0 + recurse: true + tags: + - host_config + - container_config + - container_config_tasks + - container_config_scripts + - container_startup_configs + when: + - ansible_check_mode|bool + check_mode: no - - name: Diff puppet step_config manifest changes for check mode - debug: - var: diff_results.stdout_lines - changed_when: diff_results.rc == 1 - when: - - ansible_check_mode|bool - - ansible_diff_mode - tags: - - host_config +# Puppet manifest for baremetal host configuration +- name: Write the puppet step_config manifest + no_log: True + copy: + content: "{{ lookup('file', tripleo_role_name + '/step_config.pp', errors='ignore') | default('', True) }}" + dest: /var/lib/tripleo-config/{{ ansible_check_mode | bool | ternary('check-mode/', '') }}puppet_step_config.pp + force: yes + mode: '0600' + tags: + - host_config + check_mode: no + diff: no - # Config file for our container-puppet.py script, used to generate container configs - - name: Create /var/lib/container-puppet - file: - path: /var/lib/container-puppet - state: directory - setype: svirt_sandbox_file_t - selevel: s0 - tags: - - container_config - - container_config_tasks +- name: Diff puppet step_config manifest changes for check mode + command: + diff -uN /var/lib/tripleo-config/puppet_step_config.pp /var/lib/tripleo-config/check-mode/puppet_step_config.pp + register: diff_results + tags: + - host_config + check_mode: no + when: + - ansible_check_mode|bool + - ansible_diff_mode + failed_when: false + changed_when: diff_results.rc == 1 - - name: Delete existing /var/lib/container-puppet/check-mode for check mode - file: - path: /var/lib/container-puppet/check-mode - state: absent - tags: - - container_config - ignore_errors: true - check_mode: no - when: - - ansible_check_mode|bool +- name: Diff puppet step_config manifest changes for check mode + debug: + var: diff_results.stdout_lines + changed_when: diff_results.rc == 1 + when: + - ansible_check_mode|bool + - ansible_diff_mode + tags: + - host_config - - name: Create /var/lib/container-puppet/check-mode for check mode - file: - path: /var/lib/container-puppet/check-mode - state: directory - setype: svirt_sandbox_file_t - selevel: s0 - tags: - - container_config - check_mode: no - when: - - ansible_check_mode|bool +# Config file for our container-puppet.py script, used to generate container configs +- name: Create /var/lib/container-puppet + file: + path: /var/lib/container-puppet + state: directory + setype: svirt_sandbox_file_t + selevel: s0 + tags: + - container_config + - container_config_tasks - - name: Write container-puppet.json file - no_log: True - copy: - content: "{{ lookup('file', tripleo_role_name + '/puppet_config.yaml', errors='ignore') | default([], True) | from_yaml | to_nice_json }}" - dest: /var/lib/container-puppet/{{ ansible_check_mode | bool | ternary('check-mode/', '') }}container-puppet.json - force: yes - mode: '0600' - tags: - - container_config - check_mode: no - diff: no +- name: Delete existing /var/lib/container-puppet/check-mode for check mode + file: + path: /var/lib/container-puppet/check-mode + state: absent + tags: + - container_config + ignore_errors: true + check_mode: no + when: + - ansible_check_mode|bool - - name: Diff container-puppet.json changes for check mode - command: - diff -uN /var/lib/container-puppet/container-puppet.json /var/lib/container-puppet/check-mode/container-puppet.json - register: diff_results - tags: - - container_config - check_mode: no - when: - - ansible_check_mode|bool - - ansible_diff_mode - failed_when: false - changed_when: diff_results.rc == 1 +- name: Create /var/lib/container-puppet/check-mode for check mode + file: + path: /var/lib/container-puppet/check-mode + state: directory + setype: svirt_sandbox_file_t + selevel: s0 + tags: + - container_config + check_mode: no + when: + - ansible_check_mode|bool - - name: Diff container-puppet.json changes for check mode - debug: - var: diff_results.stdout_lines - changed_when: diff_results.rc == 1 - when: - - ansible_check_mode|bool - - ansible_diff_mode - tags: - - container_config +- name: Write container-puppet.json file + no_log: True + copy: + content: "{{ lookup('file', tripleo_role_name + '/puppet_config.yaml', errors='ignore') | default([], True) | from_yaml | to_nice_json }}" + dest: /var/lib/container-puppet/{{ ansible_check_mode | bool | ternary('check-mode/', '') }}container-puppet.json + force: yes + mode: '0600' + tags: + - container_config + check_mode: no + diff: no - - name: Create /var/lib/container-config-scripts - file: - path: /var/lib/container-config-scripts - state: directory - setype: svirt_sandbox_file_t - tags: - - container_config_scripts +- name: Diff container-puppet.json changes for check mode + command: + diff -uN /var/lib/container-puppet/container-puppet.json /var/lib/container-puppet/check-mode/container-puppet.json + register: diff_results + tags: + - container_config + check_mode: no + when: + - ansible_check_mode|bool + - ansible_diff_mode + failed_when: false + changed_when: diff_results.rc == 1 - # The container config files - # /var/lib/container-startup-configs.json is removed as we now write - # per-step files instead - - name: Clean old /var/lib/container-startup-configs.json file - file: - path: /var/lib/container-startup-configs.json - state: absent - tags: - - container_startup_configs +- name: Diff container-puppet.json changes for check mode + debug: + var: diff_results.stdout_lines + changed_when: diff_results.rc == 1 + when: + - ansible_check_mode|bool + - ansible_diff_mode + tags: + - container_config - # For legacy, can be removed in Train cycle - - name: Clean old /var/lib/docker-container-startup-configs.json file - file: - path: /var/lib/docker-container-startup-configs.json - state: absent - tags: - - container_startup_configs +- name: Create /var/lib/container-config-scripts + file: + path: /var/lib/container-config-scripts + state: directory + setype: svirt_sandbox_file_t + tags: + - container_config_scripts + +# The container config files +# /var/lib/container-startup-configs.json is removed as we now write +# per-step files instead +- name: Clean old /var/lib/container-startup-configs.json file + file: + path: /var/lib/container-startup-configs.json + state: absent + tags: + - container_startup_configs + +# For legacy, can be removed in Train cycle +- name: Clean old /var/lib/docker-container-startup-configs.json file + file: + path: /var/lib/docker-container-startup-configs.json + state: absent + tags: + - container_startup_configs - - name: Write container config scripts - no_log: True - copy: - content: "{{ item[1].content }}" - dest: "/var/lib/container-config-scripts/{{ item[0] }}" - force: yes - mode: "{{ item[1].mode | default('0600', true) }}" - setype: svirt_sandbox_file_t - loop: "{{ role_data_container_config_scripts | dictsort }}" - loop_control: - label: "{{ item[0] }}" - vars: - role_data_container_config_scripts: "{{ lookup('file', tripleo_role_name + '/container_config_scripts.yaml', errors='ignore') | default({}, True) | from_yaml }}" - tags: - - container_config_scripts +- name: Write container config scripts + no_log: True + copy: + content: "{{ item[1].content }}" + dest: "/var/lib/container-config-scripts/{{ item[0] }}" + force: yes + mode: "{{ item[1].mode | default('0600', true) }}" + setype: svirt_sandbox_file_t + loop: "{{ role_data_container_config_scripts | dictsort }}" + loop_control: + label: "{{ item[0] }}" + vars: + role_data_container_config_scripts: "{{ lookup('file', tripleo_role_name + '/container_config_scripts.yaml', errors='ignore') | default({}, True) | from_yaml }}" + tags: + - container_config_scripts - # Here we are dumping all the container startup configuration data - # so that we can have access to how they are started outside of heat - # and container cmd. This lets us create command line tools to test containers. - - name: Set container_config_default fact - no_log: True - set_fact: - container_config_default: "{{ container_config_default | default({}) | combine( {'step_' + item: {}} ) }}" - with_sequence: count={{ deploy_steps_max }} - tags: - - container_startup_configs +# Here we are dumping all the container startup configuration data +# so that we can have access to how they are started outside of heat +# and container cmd. This lets us create command line tools to test containers. +- name: Set container_config_default fact + no_log: True + set_fact: + container_config_default: "{{ container_config_default | default({}) | combine( {'step_' + item: {}} ) }}" + with_sequence: count={{ deploy_steps_max }} + tags: + - container_startup_configs - - name: Set container_startup_configs_with_default fact - no_log: True - set_fact: - container_config_with_default: "{{ container_config_default | combine(role_data_container_config) }}" - vars: - role_data_container_config: "{{ lookup('file', tripleo_role_name + '/docker_config.yaml', errors='ignore') | default({}, True) | from_yaml }}" - tags: - - container_startup_configs +- name: Set container_startup_configs_with_default fact + no_log: True + set_fact: + container_config_with_default: "{{ container_config_default | combine(role_data_container_config) }}" + vars: + role_data_container_config: "{{ lookup('file', tripleo_role_name + '/docker_config.yaml', errors='ignore') | default({}, True) | from_yaml }}" + tags: + - container_startup_configs - # This file location is deprecated and the new location is now: - # /var/lib/tripleo-config/container-startup-config/step_X/.json - # Can be removed in V cycle - - name: Write /var/lib/tripleo-config/container-startup-config-readme.txt - no_log: True - copy: - content: "Container startup configs moved to /var/lib/tripleo-config/container-startup-config" - dest: /var/lib/tripleo-config/container-startup-config-readme.txt - force: yes - mode: '0600' - tags: - - container_startup_configs +# This file location is deprecated and the new location is now: +# /var/lib/tripleo-config/container-startup-config/step_X/.json +# Can be removed in V cycle +- name: Write /var/lib/tripleo-config/container-startup-config-readme.txt + no_log: True + copy: + content: "Container startup configs moved to /var/lib/tripleo-config/container-startup-config" + dest: /var/lib/tripleo-config/container-startup-config-readme.txt + force: yes + mode: '0600' + tags: + - container_startup_configs - - name: Generate startup configs files per step and per container - no_log: True - include_tasks: container_startup_configs_tasks.yaml - loop: "{{ container_config_with_default | dictsort }}" - tags: - - container_startup_configs +- name: Generate startup configs files per step and per container + no_log: True + include_tasks: container_startup_configs_tasks.yaml + loop: "{{ container_config_with_default | dictsort }}" + tags: + - container_startup_configs - - name: Create /var/lib/kolla/config_files directory - file: - path: /var/lib/kolla/config_files - state: directory - setype: svirt_sandbox_file_t - selevel: s0 - recurse: true - tags: - - container_startup_configs +- name: Create /var/lib/kolla/config_files directory + file: + path: /var/lib/kolla/config_files + state: directory + setype: svirt_sandbox_file_t + selevel: s0 + recurse: true + tags: + - container_startup_configs - - name: Create /var/lib/config-data directory - file: - path: /var/lib/config-data - state: directory - setype: svirt_sandbox_file_t - selevel: s0 +- name: Create /var/lib/config-data directory + file: + path: /var/lib/config-data + state: directory + setype: svirt_sandbox_file_t + selevel: s0 - - name: Write kolla config json files - no_log: True - copy: - content: "{{ item[1] | to_nice_json }}" - dest: "{{ item[0] }}" - force: yes - mode: '0600' - setype: svirt_sandbox_file_t - loop: "{{ lookup('file', tripleo_role_name + '/kolla_config.yaml', errors='ignore') | default([], True) | from_yaml | dictsort }}" - loop_control: - label: "{{ item[0] }}" - tags: - - container_startup_configs +- name: Write kolla config json files + no_log: True + copy: + content: "{{ item[1] | to_nice_json }}" + dest: "{{ item[0] }}" + force: yes + mode: '0600' + setype: svirt_sandbox_file_t + loop: "{{ lookup('file', tripleo_role_name + '/kolla_config.yaml', errors='ignore') | default([], True) | from_yaml | dictsort }}" + loop_control: + label: "{{ item[0] }}" + tags: + - container_startup_configs - - name: gather facts needed by role - setup: - gather_subset: "!min,python" - when: ansible_python is not defined - tags: - - container_config_tasks +- name: gather facts needed by role + setup: + gather_subset: "!min,python" + when: ansible_python is not defined + tags: + - container_config_tasks - - name: set python_cmd - set_fact: - python_cmd: "python{{ ansible_python.version.major }}" - cacheable: true - when: python_cmd is not defined - tags: - - container_config_tasks +- name: set python_cmd + set_fact: + python_cmd: "python{{ ansible_python.version.major }}" + cacheable: true + when: python_cmd is not defined + tags: + - container_config_tasks - - name: Set host puppet debugging fact string - set_fact: - host_puppet_config_debug: "--debug --verbose" - when: - - enable_puppet | bool - - enable_debug | bool - tags: - - host_config +- name: Set host puppet debugging fact string + set_fact: + host_puppet_config_debug: "--debug --verbose" + when: + - enable_puppet | bool + - enable_debug | bool + tags: + - host_config - - name: Check for /etc/puppet/check-mode directory for check mode - stat: - path: /etc/puppet/check-mode - register: check_mode_dir - when: ansible_check_mode|bool - tags: - - host_config - - container_config +- name: Check for /etc/puppet/check-mode directory for check mode + stat: + path: /etc/puppet/check-mode + register: check_mode_dir + when: ansible_check_mode|bool + tags: + - host_config + - container_config - - name: Create /etc/puppet/check-mode/hieradata directory for check mode - file: - path: /etc/puppet/check-mode/hieradata - state: directory - setype: svirt_sandbox_file_t - selevel: s0 - recurse: true - check_mode: no - when: - - ansible_check_mode|bool - - not check_mode_dir.stat.exists - tags: - - host_config - - container_config +- name: Create /etc/puppet/check-mode/hieradata directory for check mode + file: + path: /etc/puppet/check-mode/hieradata + state: directory + setype: svirt_sandbox_file_t + selevel: s0 + recurse: true + check_mode: no + when: + - ansible_check_mode|bool + - not check_mode_dir.stat.exists + tags: + - host_config + - container_config - - name: Create puppet check-mode files if they don't exist for check mode - shell: | - cp -a /etc/puppet/hiera.yaml /etc/puppet/check-mode/hiera.yaml - cp -a /etc/puppet/hieradata/* /etc/puppet/check-mode/hieradata/ - sed -i 's/\/etc\/puppet\/hieradata/\/etc\/puppet\/check-mode\/hieradata/' /etc/puppet/check-mode/hiera.yaml - when: - - ansible_check_mode|bool - - not check_mode_dir.stat.exists - check_mode: no - tags: - - host_config - - container_config +- name: Create puppet check-mode files if they don't exist for check mode + shell: | + cp -a /etc/puppet/hiera.yaml /etc/puppet/check-mode/hiera.yaml + cp -a /etc/puppet/hieradata/* /etc/puppet/check-mode/hieradata/ + sed -i 's/\/etc\/puppet\/hieradata/\/etc\/puppet\/check-mode\/hieradata/' /etc/puppet/check-mode/hiera.yaml + when: + - ansible_check_mode|bool + - not check_mode_dir.stat.exists + check_mode: no + tags: + - host_config + - container_config diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2 index 1b05a4a2a7..013c0c2c9a 100644 --- a/common/deploy-steps.j2 +++ b/common/deploy-steps.j2 @@ -834,7 +834,8 @@ outputs: stat: path: "/var/lib/tripleo-config/container-startup-config/step_{{step}}" register: container_startup_configs_json_stat - - include_tasks: common_deploy_steps_tasks_step_1.yaml + - name: Write config data at the start of step 1 + include_tasks: common_deploy_steps_tasks_step_1.yaml when: - ((deploy_identifier is defined and deploy_identifier != "" and deploy_identifier is not none) or not container_startup_configs_json_stat.stat.exists) tags: @@ -1020,7 +1021,8 @@ outputs: - import_tasks: deploy_steps_tasks_step_0.yaml vars: step: 0 - - import_tasks: common_deploy_steps_tasks_step_1.yaml + - name: Write config data at the start of step 1 + import_tasks: common_deploy_steps_tasks_step_1.yaml - include_tasks: common_deploy_steps_tasks.yaml with_sequence: start=1 end={{deploy_steps_max-1}} loop_control: