7fd3f6bdc7
We shouldn't need root if all of our dependencies are already installed and the config directories are all writeable by our user. Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/920294 Change-Id: I96633904fc54355b51abfc7ea5c85480df8beb76
214 lines
7.2 KiB
YAML
214 lines
7.2 KiB
YAML
---
|
|
# NOTE: We're not looping over the two inventory files to avoid having the file
|
|
# content displayed in the ansible-playbook output.
|
|
|
|
- name: Check whether the legacy Kolla overcloud inventory files exist
|
|
stat:
|
|
path: "{{ item }}"
|
|
get_attributes: no
|
|
get_checksum: no
|
|
get_mime: no
|
|
register: inventory_stat
|
|
with_items:
|
|
- "{{ kolla_seed_inventory_path }}"
|
|
- "{{ kolla_overcloud_inventory_path }}"
|
|
loop_control:
|
|
label: "{{ item | basename }}"
|
|
|
|
- name: Ensure the legacy Kolla overcloud inventory file is absent
|
|
file:
|
|
path: "{{ item.item }}"
|
|
state: absent
|
|
with_items: "{{ inventory_stat.results }}"
|
|
when:
|
|
- item.stat.exists
|
|
- item.stat.isreg
|
|
loop_control:
|
|
label: "{{ item.item | basename }}"
|
|
|
|
- name: Ensure the Kolla Ansible configuration directories exist
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: "{{ ansible_facts.user_uid }}"
|
|
group: "{{ ansible_facts.user_gid }}"
|
|
mode: 0750
|
|
become: "{{ kolla_ansible_control_host_become | bool }}"
|
|
with_items:
|
|
- "{{ kolla_config_path }}"
|
|
- "{{ kolla_seed_inventory_path }}"
|
|
- "{{ kolla_overcloud_inventory_path }}"
|
|
- "{{ kolla_node_custom_config_path }}"
|
|
|
|
- name: Write environment file into Kolla configuration path
|
|
copy:
|
|
dest: "{{ kolla_config_path ~ '/.environment' }}"
|
|
content: |
|
|
{{ kayobe_environment }}
|
|
when: (kayobe_environment | default('')) | length > 0
|
|
|
|
- name: Ensure the Kolla global configuration file exists
|
|
merge_yaml:
|
|
sources: "{{ kolla_globals_paths | product(['/kolla/globals.yml']) | map('join') | unique | list }}"
|
|
dest: "{{ kolla_config_path }}/globals.yml"
|
|
mode: 0640
|
|
|
|
- name: Ensure the Kolla seed inventory file exists
|
|
copy:
|
|
content: "{{ kolla_seed_inventory }}"
|
|
dest: "{{ kolla_seed_inventory_path }}/hosts"
|
|
mode: 0640
|
|
|
|
- name: Ensure the Kolla overcloud inventory file exists
|
|
copy:
|
|
content: "{{ kolla_overcloud_inventory }}"
|
|
dest: "{{ kolla_overcloud_inventory_path }}/hosts"
|
|
mode: 0640
|
|
|
|
- name: Make sure extra-inventories directory exists
|
|
file:
|
|
path: "{{ kolla_extra_inventories_path }}"
|
|
mode: "0750"
|
|
state: directory
|
|
|
|
- name: Copying custom inventory
|
|
vars:
|
|
# This will be the environment name in the case of a kayobe environment
|
|
inventory_name: "{{ (item ~ '/../..') | realpath | basename }}"
|
|
synchronize:
|
|
dest: "{{ kolla_extra_inventories_path }}/{{ inventory_name }}"
|
|
recursive: true
|
|
delete: true
|
|
src: "{{ item }}/"
|
|
rsync_opts:
|
|
- --exclude=kayobe_blank_hosts
|
|
- --exclude=*.j2
|
|
loop: "{{ kolla_overcloud_inventory_search_paths | product(['/kolla/inventory']) | map('join') | select('exists') | unique | list }}"
|
|
loop_control:
|
|
label: "{{ inventory_name }}"
|
|
|
|
- name: Create blank hosts file to prevent ansible warning
|
|
# Silence a benign warning: Unable to parse
|
|
# <kolla-config-path>/extra-inventories/level2/inventory as an inventory source
|
|
# When no hosts are defined. This occurs when you only define group_vars.
|
|
vars:
|
|
inventory_name: "{{ (item ~ '/../..') | realpath | basename }}"
|
|
file:
|
|
path: "{{ kolla_extra_inventories_path }}/{{ inventory_name }}/kayobe_blank_hosts"
|
|
state: touch
|
|
modification_time: preserve
|
|
access_time: preserve
|
|
loop: "{{ kolla_overcloud_inventory_search_paths | product(['/kolla/inventory']) | map('join') | select('exists') | unique | list }}"
|
|
loop_control:
|
|
label: "{{ inventory_name }}"
|
|
|
|
- name: Clean up inventories that no longer exist
|
|
vars:
|
|
inventory_name: "{{ (item ~ '/../..') | realpath | basename }}"
|
|
file:
|
|
path: "{{ kolla_extra_inventories_path }}/{{ inventory_name }}"
|
|
state: absent
|
|
loop: "{{ kolla_overcloud_inventory_search_paths | product(['/kolla/inventory']) | map('join') | reject('exists') | unique | list }}"
|
|
loop_control:
|
|
label: "{{ inventory_name }}"
|
|
|
|
- name: Ensure the Kolla passwords file exists
|
|
vars:
|
|
# NOTE(mgoddard): Use the Python interpreter used to run ansible-playbook,
|
|
# since this has Python dependencies available to it (PyYAML).
|
|
ansible_python_interpreter: "{{ ansible_playbook_python }}"
|
|
kolla_passwords:
|
|
src: "{{ kolla_ansible_passwords_path }}"
|
|
dest: "{{ kolla_ansible_passwords_path }}"
|
|
mode: 0640
|
|
sample: "{{ kolla_ansible_install_dir }}/etc_examples/kolla/passwords.yml"
|
|
overrides: "{{ kolla_ansible_custom_passwords }}"
|
|
vault_password: "{{ kolla_ansible_vault_password }}"
|
|
vault_addr: "{{ kolla_ansible_vault_addr }}"
|
|
vault_mount_point: "{{ kolla_ansible_vault_mount_point }}"
|
|
vault_kv_path: "{{ kolla_ansible_vault_kv_path }}"
|
|
vault_namespace: "{{ kolla_ansible_vault_namespace }}"
|
|
vault_role_id: "{{ kolla_ansible_vault_role_id or omit }}"
|
|
vault_secret_id: "{{ kolla_ansible_vault_secret_id or omit }}"
|
|
vault_token: "{{ kolla_ansible_vault_token or omit }}"
|
|
vault_cacert: "{{ kolla_ansible_vault_cacert }}"
|
|
virtualenv: "{{ kolla_ansible_venv or omit }}"
|
|
|
|
- name: Ensure the Kolla passwords file is copied into place
|
|
copy:
|
|
src: "{{ kolla_ansible_passwords_path }}"
|
|
dest: "{{ kolla_config_path }}/passwords.yml"
|
|
remote_src: True
|
|
|
|
- block:
|
|
- name: Ensure external HAProxy TLS directory exists
|
|
file:
|
|
path: "{{ kolla_external_fqdn_cert | dirname }}"
|
|
state: directory
|
|
recurse: yes
|
|
|
|
- name: Ensure the external HAProxy TLS certificate bundle is copied into place
|
|
copy:
|
|
content: "{{ kolla_external_tls_cert }}"
|
|
dest: "{{ kolla_external_fqdn_cert }}"
|
|
when:
|
|
- kolla_external_tls_cert is not none
|
|
- kolla_external_tls_cert | length > 0
|
|
|
|
- block:
|
|
- name: Ensure internal HAProxy TLS directory exists
|
|
file:
|
|
path: "{{ kolla_internal_fqdn_cert | dirname }}"
|
|
state: directory
|
|
recurse: yes
|
|
|
|
- name: Ensure the internal HAProxy TLS certificate bundle is copied into place
|
|
copy:
|
|
content: "{{ kolla_internal_tls_cert }}"
|
|
dest: "{{ kolla_internal_fqdn_cert }}"
|
|
when:
|
|
- kolla_internal_tls_cert is not none
|
|
- kolla_internal_tls_cert | length > 0
|
|
|
|
# Copy across all certificates in $KAYOBE_CONFIG_PATH/kolla/certificates.
|
|
|
|
- name: Find certificates
|
|
find:
|
|
path: "{{ kolla_ansible_certificates_path }}"
|
|
recurse: true
|
|
register: find_src_result
|
|
|
|
- name: Find previously copied certificates
|
|
find:
|
|
path: "{{ kolla_config_path }}/certificates"
|
|
recurse: true
|
|
register: find_dest_result
|
|
|
|
- name: Ensure certificates exist
|
|
copy:
|
|
src: "{{ kolla_ansible_certificates_path }}/"
|
|
dest: "{{ kolla_config_path }}/certificates"
|
|
mode: 0600
|
|
# If certificates are encrypted, don't decrypt them at the destination.
|
|
decrypt: false
|
|
when: find_src_result.files | length > 0
|
|
|
|
- name: Ensure unnecessary certificates are absent
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: absent
|
|
with_items: "{{ find_dest_result.files }}"
|
|
when:
|
|
- item.path | relpath(kolla_config_path ~ '/certificates/') not in src_files
|
|
- item.path != kolla_external_fqdn_cert
|
|
- item.path != kolla_internal_fqdn_cert
|
|
vars:
|
|
# Find the list of files in the source.
|
|
src_files: >-
|
|
{{ find_src_result.files |
|
|
map(attribute='path') |
|
|
map('relpath', kolla_ansible_certificates_path) |
|
|
list }}
|
|
loop_control:
|
|
label: "{{ item.path }}"
|