54 lines
1.9 KiB
YAML
54 lines
1.9 KiB
YAML
---
|
|
- name: register undercloud public endpoint
|
|
shell: |
|
|
source {{ undercloud_rc }}
|
|
openstack catalog list | grep -Po 'https.*13000'
|
|
register: keystone_endpoint
|
|
|
|
- name: register first controller ip address
|
|
shell: |
|
|
source {{ undercloud_rc }}
|
|
openstack server list -f json | jq -r -c '.[] | select(.Name | contains("controller","ctrl")) | .Networks' | grep -oP '[0-9.]+' | head -1
|
|
register: ctrl_ip
|
|
|
|
- name: test undercloud keystone reachability
|
|
vars:
|
|
oc_user: "{{ (overcloud_ssh_user == '') | ternary('heat-admin', overcloud_ssh_user) }}"
|
|
shell: |
|
|
ssh -q -o StrictHostKeyChecking=no {{ oc_user }}@{{ ctrl_ip.stdout }} curl --silent {{ keystone_endpoint.stdout }}
|
|
register: uc_keystone_conn
|
|
ignore_errors: true
|
|
|
|
- block:
|
|
- name: register ssl certificate location
|
|
shell: |
|
|
grep 13000 /etc/haproxy/haproxy.cfg | awk {'print $6'}
|
|
become: true
|
|
become_user: root
|
|
register: undercloudcert
|
|
|
|
- name: make a local copy of the certificate
|
|
copy:
|
|
src: "{{ undercloudcert.stdout }}"
|
|
dest: "{{ working_dir }}/undercloud.pem"
|
|
owner: stack
|
|
remote_src: true
|
|
become: true
|
|
become_user: root
|
|
|
|
- name: register overcloud nodes ip address
|
|
shell: |
|
|
source {{ undercloud_rc }}
|
|
openstack server list -f json | jq -r -c '.[] | .Networks' | grep -oP '[0-9.]+'
|
|
register: node_ip
|
|
|
|
- name: copy certificate to the overcloud nodes and update the trusted store
|
|
vars:
|
|
oc_user: "{{ (overcloud_ssh_user == '') | ternary('heat-admin', overcloud_ssh_user) }}"
|
|
shell: |
|
|
scp -q -o StrictHostKeyChecking=no {{ working_dir }}/undercloud.pem {{ oc_user }}@{{ item }}:
|
|
ssh -q -o StrictHostKeyChecking=no {{ oc_user }}@{{ item }} 'sudo cp undercloud.pem /etc/pki/ca-trust/source/anchors/; sudo update-ca-trust extract'
|
|
with_items:
|
|
- "{{ node_ip.stdout_lines }}"
|
|
when: uc_keystone_conn|failed
|