openstack
/
tripleo-validations
Code Issues Proposed changes

Merge "Remove references to novajoin-server and novajoin-notifier"

This commit is contained in:
Zuul 2022-01-15 05:02:08 +00:00 committed by Gerrit Code Review
parent 140a82b966 52f3fbd75a
commit b1ef04a5b1
4 changed files with 19 additions and 451 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

181
roles/tls_everywhere/tasks/pre-deployment-containerized.yaml
View File

@ -1,55 +1,11 @@
---
### join.conf check ###
- name: Verify that join.conf exists (containzerized)
command: "{{ command_prefix }} exec novajoin_server test -e /etc/novajoin/join.conf"
register: containerized_join_conf_st
changed_when: false
become: true
- name: Fail if join.conf is not present (containerized)
fail:
msg: join.conf is necessary to continue the validations
when: containerized_join_conf_st.rc != 0
- name: Set join.conf location (containerized)
set_fact:
joinconf_location: "/var/lib/config-data/puppet-generated/novajoin/etc/novajoin/join.conf"
- name: Get novajoin keytab path from join.conf
become: true
validations_read_ini:
path: "{{ joinconf_location }}"
section: DEFAULT
key: keytab
ignore_missing_file: true
register: novajoin_keytab_path
check_mode: false
- name: Get novajoin server port from join.conf
become: true
validations_read_ini:
path: "{{ joinconf_location }}"
section: DEFAULT
key: join_listen_port
ignore_missing_file: true
register: novajoin_server_port
check_mode: false
- name: Get novajoin server host from join.conf
become: true
validations_read_ini:
path: "{{ joinconf_location }}"
section: DEFAULT
key: join_listen
ignore_missing_file: true
register: novajoin_server_host
check_mode: false
### verify that the keytab and principal are usable ###
# TODO(alee): We need to move this to a subfile so we can run
# this against novajoin_server and novajoin_notifier
- name: Verify the novajoin keytab is usable (containerized)
- name: Set the novajoin keytab path
set_fact:
novajoin_keytab_path: '/etc/novajoin/krb5.keytab'
- name: Verify the novajoin keytab is usable (non-containerized)
become: true
block:
- name: Set fact for novajoin user principal
@ -57,24 +13,23 @@
novajoin_principal: "nova/{{ host_entry }}"
- name: Check for novajoin kerberos host keytab
command: "{{ command_prefix }} exec novajoin_server test -e /etc/novajoin/krb5.keytab"
register: containerized_novajoin_krb5_keytab_stat
become: true
stat:
path: "{{ novajoin_keytab_path }}"
register: non_containerized_novajoin_krb5_keytab_stat
- name: Test if novajoin principal in novajoin keytab is usable
command: "{{ command_prefix }} exec novajoin_server kinit -kt {{ novajoin_keytab_path.value }} -c /tmp/my_novajoin_krb5_ccache {{ novajoin_principal }}"
register: containerized_novajoin_principal_usable_result
command: kinit -kt "{{ novajoin_keytab_path }}" -c /tmp/my_novajoin_krb5_ccache "{{ novajoin_principal }}"
become: true
register: non_containerized_novajoin_principal_usable_result
ignore_errors: true
when:
- containerized_novajoin_krb5_keytab_stat.rc == 0
when: non_containerized_novajoin_krb5_keytab_stat.stat.exists
- name: Set facts for novajoin principal is usable skipped
set_fact:
principal_usable_status: "{{ helper_status_skipped }}"
principal_usable_reason: "skipped checking if the novajoin principal is usable for host {{ ansible_host }} because there is no keytab file"
principal_usable_recommendations: null
when:
- not containerized_novajoin_krb5_keytab_stat.rc == 0
when: not non_containerized_novajoin_krb5_keytab_stat.stat.exists
- name: Set facts for novajoin principal is usable success
set_fact:
@ -84,18 +39,10 @@
temp_krb_caches: "{{ novajoin_temp_krb_caches + [ '/tmp/my_novajoin_krb5_ccache' ] }}"
changed_when: true
when:
- containerized_novajoin_krb5_keytab_stat.rc == 0
- containerized_novajoin_principal_usable_result is succeeded
- name: Clean up temporary kerberos cache on novajoin_server container
command: "{{ command_prefix }} exec novajoin_server kdestroy -c {{ item }}"
with_items: "{{ temp_krb_caches }}"
ignore_errors: false
changed_when: false
become: true
when:
- containerized_novajoin_krb5_keytab_stat.rc == 0
- containerized_novajoin_principal_usable_result is succeeded
- non_containerized_novajoin_krb5_keytab_stat.stat.exists
- non_containerized_novajoin_principal_usable_result is succeeded
notify: # (hrybacki): novajoin server running on the undercloud -- it's okay to use this handler
- clean_up_temp_krb_caches
- name: Set facts for principal is usable failure
set_fact:
@ -103,101 +50,11 @@
principal_usable_reason: "Tho principal {{ novajoin_principal }} is unable to obtain a kerberos ticket"
principal_usable_recommendations: null
when:
- containerized_novajoin_krb5_keytab_stat.rc == 0
- containerized_novajoin_principal_usable_result is failed
- non_containerized_novajoin_krb5_keytab_stat.stat.exists
- non_containerized_novajoin_principal_usable_result is failed
- name: Report on Kerberos principal in novajoin keytab is usable check
reportentry:
report_status: "{{ principal_usable_status }}"
report_reason: "{{ principal_usable_reason }}"
report_recommendations: "{{ principal_usable_recommendations }}"
- name: Verify that novajoin_server is running (containerized)
block:
- name: Check if novajoin_server is runing
shell: "{{ command_prefix }} ps | grep novajoin_server"
register: novajoin_server_status_result
become: true
ignore_errors: true
- name: Set facts for novajoin-server is running success
set_fact:
service_running_status: "{{ helper_status_ok }}"
service_running_reason: "The novajoin_server container is running"
service_running_recommendations: null
when: novajoin_server_status_result.rc == 0
- name: Set facts for novajoin_server is running failure
set_fact:
service_running_status: "{{ helper_status_error }}"
service_running_reason: "The novajoin_server container is not running"
service_running_recommendations:
- "Start the novajoin_server service with {{ command_prefix }} ... TBD"
when: novajoin_server_status_result.rc != 0
- name: Report on is novajoin_server running check
reportentry:
report_status: "{{ service_running_status }}"
report_reason: "{{ service_running_reason }}"
report_recommendations: "{{ service_running_recommendations }}"
- name: Verify that novajoin_server is reachable (containerized)
when: novajoin_server_status_result is success
block:
- name: Check if novajoin_server port is reachable
wait_for:
port: "{{ novajoin_server_port.value }}"
host: "{{ novajoin_server_host.value }}"
timeout: 20
register: novajoin_server_port_status
ignore_errors: true
- name: Set facts for novajoin_server port status success
set_fact:
port_reachable_status: "{{ helper_status_ok }}"
port_reachable_reason: "The novajoin_server container is reachable on {{ novajoin_server_port.value }}"
port_reachable_recommendations: null
when: novajoin_server_port_status is success
- name: Set facts for novajoin_server port status failure
set_fact:
port_reachable_status: "{{ helper_status_error }}"
port_reachable_reason: "The novajoin_server container is started, but not reachable locally on {{ novajoin_server_port.value }}"
port_reachable_recommendations:
- "Check the novajoin-server logs and journal entry"
when: novajoin_server_port_status is failed
- name: Report on is novajoin_server port reachable check
reportentry:
report_status: "{{ port_reachable_status }}"
report_reason: "{{ port_reachable_reason }}"
report_recommendations: "{{ port_reachable_recommendations }}"
- name: Verify that novajoin-notify is running (containerized)
block:
- name: Check if novajoin-notify is running
shell: "{{ command_prefix }} ps | grep novajoin_notifier"
register: novajoin_notify_status_result
become: true
ignore_errors: true
- name: Set facts for novajoin-notify is running success
set_fact:
service_running_status: "{{ helper_status_ok }}"
service_running_reason: "The novajoin_notifier container is running"
service_running_recommendations: null
when: novajoin_notify_status_result.rc == 0
- name: Set facts for novajoin-notify is running failure
set_fact:
service_running_status: "{{ helper_status_error }}"
service_running_reason: "The novajoin_notifier container is not running"
service_running_recommendations:
- "Start the novajoin-notify service with {{ command_prefix }} ... TBD"
when: novajoin_notify_status_result.rc != 0
- name: Report on is novajoin-notify running check
reportentry:
report_status: "{{ service_running_status }}"
report_reason: "{{ service_running_reason }}"
report_recommendations: "{{ service_running_recommendations }}"

193
roles/tls_everywhere/tasks/pre-deployment-non-containerized.yaml
View File

@ -1,193 +0,0 @@
---
### join.conf check ###
- name: Verify that join.conf exists
stat:
path: /etc/novajoin/join.conf
register: non_containerized_join_conf_st
- name: Fail if join.conf is not present
fail:
msg: join.conf is necessary to continue the validations
when: not non_containerized_join_conf_st.stat.exists|bool
- name: Set containzerized join.conf location
set_fact:
joinconf_location: "/etc/novajoin/join.conf"
- name: Get novajoin keytab path from join.conf
become: true
validations_read_ini:
path: "{{ joinconf_location }}"
section: DEFAULT
key: keytab
ignore_missing_file: true
register: novajoin_keytab_path
check_mode: false
- name: Get novajoin server port from join.conf
become: true
validations_read_ini:
path: "{{ joinconf_location }}"
section: DEFAULT
key: join_listen_port
ignore_missing_file: true
register: novajoin_server_port
check_mode: false
- name: Get novajoin server host from join.conf
become: true
validations_read_ini:
path: "{{ joinconf_location }}"
section: DEFAULT
key: join_listen
ignore_missing_file: true
register: novajoin_server_host
check_mode: false
### verify that the keytab and principal are usable ###
# TODO(alee): We need to move this to a subfile so we can run
# this against novajoin_server and novajoin_notifier
- name: Verify the novajoin keytab is usable (non-containerized)
become: true
block:
- name: Set fact for novajoin user principal
set_fact:
novajoin_principal: "nova/{{ host_entry }}"
- name: Check for novajoin kerberos host keytab
stat:
path: "{{ novajoin_keytab_path.value }}"
register: non_containerized_novajoin_krb5_keytab_stat
- name: Test if novajoin principal in novajoin keytab is usable
command: kinit -kt "{{ novajoin_keytab_path.value }}" -c /tmp/my_novajoin_krb5_ccache "{{ novajoin_principal }}"
become: true
register: non_containerized_novajoin_principal_usable_result
ignore_errors: true
when: non_containerized_novajoin_krb5_keytab_stat.stat.exists
- name: Set facts for novajoin principal is usable skipped
set_fact:
principal_usable_status: "{{ helper_status_skipped }}"
principal_usable_reason: "skipped checking if the novajoin principal is usable for host {{ ansible_host }} because there is no keytab file"
principal_usable_recommendations: null
when: not non_containerized_novajoin_krb5_keytab_stat.stat.exists
- name: Set facts for novajoin principal is usable success
set_fact:
principal_usable_status: "{{ helper_status_ok }}"
principal_usable_reason: "The principal {{ novajoin_principal }} is able to obtain a kerberos ticket"
principal_usable_recommendations: null
temp_krb_caches: "{{ novajoin_temp_krb_caches + [ '/tmp/my_novajoin_krb5_ccache' ] }}"
changed_when: true
when:
- non_containerized_novajoin_krb5_keytab_stat.stat.exists
- non_containerized_novajoin_principal_usable_result is succeeded
notify: # (hrybacki): novajoin server running on the undercloud -- it's okay to use this handler
- clean_up_temp_krb_caches
- name: Set facts for principal is usable failure
set_fact:
principal_usable_status: "{{ helper_status_error }}"
principal_usable_reason: "Tho principal {{ novajoin_principal }} is unable to obtain a kerberos ticket"
principal_usable_recommendations: null
when:
- non_containerized_novajoin_krb5_keytab_stat.stat.exists
- non_containerized_novajoin_principal_usable_result is failed
- name: Report on Kerberos principal in novajoin keytab is usable check
reportentry:
report_status: "{{ principal_usable_status }}"
report_reason: "{{ principal_usable_reason }}"
report_recommendations: "{{ principal_usable_recommendations }}"
### verify servers are running ###
- name: Verify that novajoin-server is running (non-containerized)
block:
- name: Check if novajoin-server is running
command: systemctl status novajoin-server
register: novajoin_server_status_result
ignore_errors: true
- name: Set facts for novajoin-server is running success
set_fact:
service_running_status: "{{ helper_status_ok }}"
service_running_reason: "The novajoin-server service is running"
service_running_recommendations: null
when: novajoin_server_status_result is success
- name: Set facts for novajoin-server is running failure
set_fact:
service_running_status: "{{ helper_status_error }}"
service_running_reason: "The novajoin-server service is not running"
service_running_recommendations:
- "Start the novajoin-server service with systemctl start novajoin-server"
when: novajoin_server_status_result is failed
- name: Report on is novajoin-server running check
reportentry:
report_status: "{{ service_running_status }}"
report_reason: "{{ service_running_reason }}"
report_recommendations: "{{ service_running_recommendations }}"
- name: Verify that novajoin-server is reachable (non-containerized)
when: novajoin_server_status_result is success
block:
- name: Check if novajoin-server port is reachable
wait_for:
port: "{{ novajoin_server_port.value }}"
host: "{{ novajoin_server_host.value }}"
timeout: 20
register: novajoin_server_port_status
ignore_errors: true
- name: Set facts for novajoin-server port status success
set_fact:
port_reachable_status: "{{ helper_status_ok }}"
port_reachable_reason: "The novajoin-server service is reachable on {{ novajoin_server_port.value }}"
port_reachable_recommendations: null
when: novajoin_server_port_status is success
- name: Set facts for novajoin-server port status failure
set_fact:
port_reachable_status: "{{ helper_status_error }}"
port_reachable_reason: "The novajoin-server service is started, but not reachable locally on {{ novajoin_server_port.value }}"
port_reachable_recommendations:
- "iCheck the novajoin-server logs and journal entry"
when: novajoin_server_port_status is failed
- name: Report on is novajoin-server port reachable check
reportentry:
report_status: "{{ port_reachable_status }}"
report_reason: "{{ port_reachable_reason }}"
report_recommendations: "{{ port_reachable_recommendations }}"
- name: Verify that novajoin-notify is running (non-containerized)
block:
- name: Check if novajoin-notify is running
command: systemctl status novajoin-notify
register: novajoin_notify_status_result
ignore_errors: true
- name: Set facts for novajoin-notify is running success
set_fact:
service_running_status: "{{ helper_status_ok }}"
service_running_reason: "The novajoin-notify service is running"
service_running_recommendations: null
when: novajoin_notify_status_result is success
- name: Set facts for novajoin-notify is running failure
set_fact:
service_running_status: "{{ helper_status_error }}"
service_running_reason: "The novajoin-notify service is not running"
service_running_recommendations:
- "Start the novajoin-notify service with systemctl start novajoin-notify"
when: novajoin_notify_status_result is failed
- name: Report on is novajoin-notify running check
reportentry:
report_status: "{{ service_running_status }}"
report_reason: "{{ service_running_reason }}"
report_recommendations: "{{ service_running_recommendations }}"

65
roles/tls_everywhere/tasks/pre-deployment.yaml
View File

@ -1,71 +1,6 @@
---
- name: Ensure we get needed facts
setup:
gather_subset:
- '!all'
- '!any'
- '!min'
- env
- name: Set facts for undercloud handlers to clean up
set_fact:
novajoin_temp_krb_caches: []
- name: Get the Container CLI from the undercloud.conf file (stein+)
become: true
validations_read_ini:
path: "{{ ansible_env.HOME }}/undercloud.conf"
section: DEFAULT
key: container_cli
register: container_cli
- name: Set container facts (Stein+)
set_fact:
podman_install: "{{ container_cli.value|default('', true) == 'podman' }}"
docker_install: "{{ container_cli.value|default('', true) == 'docker' }}"
when: not container_cli|default('')|length == 0
- name: Determine undercloud type (Rocky and earlier)
when:
- not podman_install|bool
- not docker_install|bool
block:
- name: Determine if Docker is enabled and has containers running
command: docker ps -q
register: docker_ps
become: true
ignore_errors: true
- name: Set container facts
set_fact:
docker_install: true
when: not docker_ps.stdout|length == 0
- name: Set container facts
set_fact:
docker_install: false
when: docker_ps.stdout|length == 0
- name: Set container facts
set_fact:
podman_install: false
- name: Set podman command prefix
set_fact:
command_prefix: "podman"
when: podman_install|bool
- name: Set docker command prefix
set_fact:
command_prefix: "docker"
when: docker_install|bool
- name: Set containerized_undercloud boolean
set_fact:
containerized_undercloud: "{{ podman_install|bool or docker_install|bool }}"
- include: pre-deployment-containerized.yaml
when: containerized_undercloud|bool
- include: pre-deployment-non-containerized.yaml
when: not containerized_undercloud|bool

31
roles/tls_everywhere/tasks/prep.yaml
View File

@ -91,34 +91,3 @@
report_status: "{{ undercloud_conf_domain_status }}"
report_reason: "{{ undercloud_conf_domain_reason }}"
report_recommendations: "{{ undercloud_conf_domain_recommendations }}"
- name: Get enable_novajoin flag from undercloud.conf
become: true
validations_read_ini:
path: "{{ ansible_env.HOME }}/undercloud.conf"
section: DEFAULT
key: enable_novajoin
ignore_missing_file: false
register: undercloud_enable_novajoin
check_mode: false
- name: Set facts undercloud.conf enable novajoin is disabled
set_fact:
undercloud_conf_enable_novajoin_status: "{{ helper_status_error }}"
undercloud_conf_enable_novajoin_reason: "enable_novajoin is not enabled undercloud.conf"
undercloud_conf_enable_novajoin_recommendations:
- "Please set 'enable_novajoin' to True in undercloud.conf"
when: not undercloud_enable_novajoin.value|bool
- name: Set facts undercloud.conf enable novajoin is enabled
set_fact:
undercloud_conf_enable_novajoin_status: "{{ helper_status_ok }}"
undercloud_conf_enable_novajoin_reason: "enable_novajoin is enabled undercloud.conf"
undercloud_conf_enable_novajoin_recommendations: null
when: undercloud_enable_novajoin.value|bool
- name: Report on enable novajoin setup in undercloud.conf check
reportentry:
report_status: "{{ undercloud_conf_enable_novajoin_status }}"
report_reason: "{{ undercloud_conf_enable_novajoin_reason }}"
report_recommendations: "{{ undercloud_conf_enable_novajoin_recommendations }}"