4395e4a3ce
Adding the become: true when calling the modules which manage files in /var/lib/tripleo-config, they need root access. Change-Id: Ic3a5f7d079993ca31176df5e460640938495bb7b
350 lines
9.1 KiB
YAML
350 lines
9.1 KiB
YAML
- name: Create and ensure setype for /var/log/containers directory
|
|
become: true
|
|
file:
|
|
path: /var/log/containers
|
|
state: directory
|
|
setype: container_file_t
|
|
selevel: s0
|
|
mode: 0750
|
|
tags:
|
|
- host_config
|
|
|
|
- name: Create ContainerLogStdoutPath directory
|
|
become: true
|
|
file:
|
|
path: "{{ container_log_stdout_path }}"
|
|
state: directory
|
|
selevel: s0
|
|
tags:
|
|
- host_config
|
|
|
|
- name: Create /var/lib/tripleo-config directory
|
|
become: true
|
|
file:
|
|
path: /var/lib/tripleo-config
|
|
state: directory
|
|
setype: container_file_t
|
|
selevel: s0
|
|
recurse: true
|
|
tags:
|
|
- host_config
|
|
- container_config
|
|
- container_config_tasks
|
|
- container_config_scripts
|
|
- container_startup_configs
|
|
|
|
- name: Delete existing /var/lib/tripleo-config/check-mode directory for check mode
|
|
become: true
|
|
file:
|
|
path: /var/lib/tripleo-config/check-mode
|
|
state: absent
|
|
tags:
|
|
- host_config
|
|
- container_config
|
|
- container_config_tasks
|
|
- container_config_scripts
|
|
- container_startup_configs
|
|
when:
|
|
- ansible_check_mode|bool
|
|
check_mode: no
|
|
|
|
- name: Create /var/lib/tripleo-config/check-mode directory for check mode
|
|
become: true
|
|
file:
|
|
path: /var/lib/tripleo-config/check-mode
|
|
state: directory
|
|
setype: container_file_t
|
|
selevel: s0
|
|
recurse: true
|
|
tags:
|
|
- host_config
|
|
- container_config
|
|
- container_config_tasks
|
|
- container_config_scripts
|
|
- container_startup_configs
|
|
when:
|
|
- ansible_check_mode|bool
|
|
check_mode: no
|
|
|
|
# Puppet manifest for baremetal host configuration
|
|
- name: Write the puppet step_config manifest
|
|
become: true
|
|
no_log: True
|
|
copy:
|
|
content: "{{ lookup('file', tripleo_role_name + '/step_config.pp', errors='ignore') | default('', True) }}"
|
|
dest: /var/lib/tripleo-config/{{ ansible_check_mode | bool | ternary('check-mode/', '') }}puppet_step_config.pp
|
|
force: yes
|
|
mode: '0600'
|
|
tags:
|
|
- host_config
|
|
check_mode: no
|
|
diff: no
|
|
|
|
- name: Diff puppet step_config manifest changes for check mode
|
|
command:
|
|
diff -uN /var/lib/tripleo-config/puppet_step_config.pp /var/lib/tripleo-config/check-mode/puppet_step_config.pp
|
|
register: diff_results
|
|
tags:
|
|
- host_config
|
|
check_mode: no
|
|
when:
|
|
- ansible_check_mode|bool
|
|
- ansible_diff_mode
|
|
failed_when: false
|
|
changed_when: diff_results.rc == 1
|
|
|
|
- name: Diff puppet step_config manifest changes for check mode
|
|
debug:
|
|
var: diff_results.stdout_lines
|
|
changed_when: diff_results.rc == 1
|
|
when:
|
|
- ansible_check_mode|bool
|
|
- ansible_diff_mode
|
|
tags:
|
|
- host_config
|
|
|
|
# Puppet Containers Config directory used to generate container configs
|
|
- name: Create /var/lib/container-puppet
|
|
become: true
|
|
file:
|
|
path: /var/lib/container-puppet
|
|
state: directory
|
|
setype: container_file_t
|
|
selevel: s0
|
|
tags:
|
|
- container_config
|
|
- container_config_tasks
|
|
|
|
- name: Delete existing /var/lib/container-puppet/check-mode for check mode
|
|
become: true
|
|
file:
|
|
path: /var/lib/container-puppet/check-mode
|
|
state: absent
|
|
tags:
|
|
- container_config
|
|
check_mode: no
|
|
when:
|
|
- ansible_check_mode|bool
|
|
|
|
- name: Create /var/lib/container-puppet/check-mode for check mode
|
|
become: true
|
|
file:
|
|
path: /var/lib/container-puppet/check-mode
|
|
state: directory
|
|
setype: container_file_t
|
|
selevel: s0
|
|
tags:
|
|
- container_config
|
|
check_mode: no
|
|
when:
|
|
- ansible_check_mode|bool
|
|
|
|
- name: Write container-puppet.json file
|
|
become: true
|
|
no_log: True
|
|
copy:
|
|
content: "{{ lookup('file', tripleo_role_name + '/puppet_config.yaml', errors='ignore') | default([], True) | from_yaml | to_nice_json }}"
|
|
dest: /var/lib/container-puppet/{{ ansible_check_mode | bool | ternary('check-mode/', '') }}container-puppet.json
|
|
force: yes
|
|
mode: '0600'
|
|
tags:
|
|
- container_config
|
|
check_mode: no
|
|
diff: no
|
|
|
|
- name: Diff container-puppet.json changes for check mode
|
|
command:
|
|
diff -uN /var/lib/container-puppet/container-puppet.json /var/lib/container-puppet/check-mode/container-puppet.json
|
|
register: diff_results
|
|
tags:
|
|
- container_config
|
|
check_mode: no
|
|
when:
|
|
- ansible_check_mode|bool
|
|
- ansible_diff_mode
|
|
failed_when: false
|
|
changed_when: diff_results.rc == 1
|
|
|
|
- name: Diff container-puppet.json changes for check mode
|
|
debug:
|
|
var: diff_results.stdout_lines
|
|
changed_when: diff_results.rc == 1
|
|
when:
|
|
- ansible_check_mode|bool
|
|
- ansible_diff_mode
|
|
tags:
|
|
- container_config
|
|
|
|
- name: Create /var/lib/container-config-scripts
|
|
become: true
|
|
file:
|
|
path: /var/lib/container-config-scripts
|
|
state: directory
|
|
setype: container_file_t
|
|
tags:
|
|
- container_config_scripts
|
|
|
|
# The container config files
|
|
# /var/lib/container-startup-configs.json is removed as we now write
|
|
# per-step files instead
|
|
- name: Clean old /var/lib/container-startup-configs.json file
|
|
become: true
|
|
file:
|
|
path: /var/lib/container-startup-configs.json
|
|
state: absent
|
|
tags:
|
|
- container_startup_configs
|
|
|
|
# For legacy, can be removed in Train cycle
|
|
- name: Clean old /var/lib/docker-container-startup-configs.json file
|
|
become: true
|
|
file:
|
|
path: /var/lib/docker-container-startup-configs.json
|
|
state: absent
|
|
tags:
|
|
- container_startup_configs
|
|
|
|
|
|
- name: Write container config scripts
|
|
become: true
|
|
no_log: True
|
|
copy:
|
|
content: "{{ item[1].content }}"
|
|
dest: "/var/lib/container-config-scripts/{{ item[0] }}"
|
|
force: yes
|
|
mode: "{{ item[1].mode | default('0600', true) }}"
|
|
setype: container_file_t
|
|
loop: "{{ role_data_container_config_scripts | dictsort }}"
|
|
loop_control:
|
|
label: "{{ item[0] }}"
|
|
vars:
|
|
role_data_container_config_scripts: "{{ lookup('file', tripleo_role_name + '/container_config_scripts.yaml', errors='ignore') | default({}, True) | from_yaml }}"
|
|
tags:
|
|
- container_config_scripts
|
|
|
|
# This file location is deprecated and the new location is now:
|
|
# /var/lib/tripleo-config/container-startup-config/step_X/<container_name>.json
|
|
# Can be removed in V cycle
|
|
- name: Write /var/lib/tripleo-config/container-startup-config-readme.txt
|
|
become: true
|
|
no_log: True
|
|
copy:
|
|
content: "Container startup configs moved to /var/lib/tripleo-config/container-startup-config"
|
|
dest: /var/lib/tripleo-config/container-startup-config-readme.txt
|
|
force: yes
|
|
mode: '0600'
|
|
tags:
|
|
- container_startup_configs
|
|
|
|
- name: Generate startup configs files per step and per container
|
|
become: true
|
|
container_startup_config:
|
|
config_base_dir: /var/lib/tripleo-config/container-startup-config
|
|
config_data: "{{ lookup('file', (tripleo_role_name + '/docker_config.yaml'), errors='ignore') | default({}, True) | from_yaml }}"
|
|
tags:
|
|
- container_startup_configs
|
|
|
|
- name: Ensure config hashes are up-to-date for container startup configs
|
|
become: true
|
|
container_puppet_config:
|
|
update_config_hash_only: true
|
|
tags:
|
|
- container_startup_configs
|
|
|
|
- name: Create /var/lib/kolla/config_files directory
|
|
become: true
|
|
file:
|
|
path: /var/lib/kolla/config_files
|
|
state: directory
|
|
setype: container_file_t
|
|
selevel: s0
|
|
recurse: true
|
|
tags:
|
|
- container_startup_configs
|
|
|
|
- name: Create /var/lib/config-data directory
|
|
become: true
|
|
file:
|
|
path: /var/lib/config-data
|
|
state: directory
|
|
setype: container_file_t
|
|
selevel: s0
|
|
|
|
- name: Write kolla config json files
|
|
become: true
|
|
no_log: True
|
|
copy:
|
|
content: "{{ item[1] | to_nice_json }}"
|
|
dest: "{{ item[0] }}"
|
|
force: yes
|
|
mode: '0600'
|
|
setype: container_file_t
|
|
loop: "{{ lookup('file', tripleo_role_name + '/kolla_config.yaml', errors='ignore') | default([], True) | from_yaml | dictsort }}"
|
|
loop_control:
|
|
label: "{{ item[0] }}"
|
|
tags:
|
|
- container_startup_configs
|
|
|
|
- name: gather facts needed by role
|
|
setup:
|
|
gather_subset: "!min,python"
|
|
when: ansible_python is not defined
|
|
tags:
|
|
- container_config_tasks
|
|
|
|
- name: set python_cmd
|
|
set_fact:
|
|
python_cmd: "python{{ ansible_python.version.major }}"
|
|
cacheable: true
|
|
when: python_cmd is not defined
|
|
tags:
|
|
- container_config_tasks
|
|
|
|
- name: Set host puppet debugging fact string
|
|
set_fact:
|
|
host_puppet_config_debug: "--debug --verbose"
|
|
when:
|
|
- enable_puppet | bool
|
|
- enable_debug | bool
|
|
tags:
|
|
- host_config
|
|
|
|
- name: Check for /etc/puppet/check-mode directory for check mode
|
|
stat:
|
|
path: /etc/puppet/check-mode
|
|
register: check_mode_dir
|
|
when: ansible_check_mode|bool
|
|
tags:
|
|
- host_config
|
|
- container_config
|
|
|
|
- name: Create /etc/puppet/check-mode/hieradata directory for check mode
|
|
become: true
|
|
file:
|
|
path: /etc/puppet/check-mode/hieradata
|
|
state: directory
|
|
setype: container_file_t
|
|
selevel: s0
|
|
recurse: true
|
|
check_mode: no
|
|
when:
|
|
- ansible_check_mode|bool
|
|
- not check_mode_dir.stat.exists
|
|
tags:
|
|
- host_config
|
|
- container_config
|
|
|
|
- name: Create puppet check-mode files if they don't exist for check mode
|
|
become: true
|
|
shell: |
|
|
cp -a /etc/puppet/hiera.yaml /etc/puppet/check-mode/hiera.yaml
|
|
cp -a /etc/puppet/hieradata/* /etc/puppet/check-mode/hieradata/
|
|
sed -i 's/\/etc\/puppet\/hieradata/\/etc\/puppet\/check-mode\/hieradata/' /etc/puppet/check-mode/hiera.yaml
|
|
when:
|
|
- ansible_check_mode|bool
|
|
- not check_mode_dir.stat.exists
|
|
check_mode: no
|
|
tags:
|
|
- host_config
|
|
- container_config
|