baremetal: refactor kolla user & group creation into a separate role

Change-Id: I1f8d19a97479cc3a780fd33bb509003bc835c2bc

roles/baremetal/defaults/main.yml

@@ -38,7 +38,6 @@ epel_yum_package: "epel-release"
 customize_etc_hosts: True
 
 create_kolla_user: True
-create_kolla_user_sudoers: "{{ create_kolla_user }}"
 
 kolla_user: "kolla"
 kolla_group: "kolla"

roles/baremetal/tasks/post-install.yml

@@ -1,32 +1,8 @@
 ---
-- name: Create kolla user
-  user:
-    name: "{{ kolla_user }}"
-    state: present
-    group: "{{ kolla_group }}"
-    groups: "sudo"
-    append: true
-  become: True
+- import_role:
+    name: openstack.kolla.kolla_user
   when: create_kolla_user | bool
 
-- name: Add public key to kolla user authorized keys
-  authorized_key:
-    user: "{{ kolla_user }}"
-    key: "{{ kolla_ssh_key.public_key }}"
-  become: True
-  when: create_kolla_user | bool
-
-- name: Grant kolla user passwordless sudo
-  lineinfile:
-    dest: /etc/sudoers.d/kolla-ansible-users
-    state: present
-    create: yes
-    mode: '0640'
-    regexp: '^{{ kolla_user }}'
-    line: '{{ kolla_user }} ALL=(ALL) NOPASSWD: ALL'
-  become: True
-  when: create_kolla_user_sudoers | bool
-
 - name: Ensure virtualenv has correct ownership
   file:
     path: "{{ virtualenv }}"
@@ -35,25 +11,18 @@
     owner: "{{ kolla_user }}"
     group: "{{ kolla_group }}"
   become: True
-  when: virtualenv is not none
-
-- name: Ensure node_config_directory directory exists for user kolla
-  file:
-    path: "{{ node_config_directory }}"
-    state: directory
-    owner: "{{ kolla_user }}"
-    group: "{{ kolla_group }}"
-    mode: 0755
-  become: True
-  when: create_kolla_user | bool
+  when:
+    - create_kolla_user | bool
+    - virtualenv is not none
 
 - name: Ensure node_config_directory directory exists
   file:
     path: "{{ node_config_directory }}"
     state: directory
+    owner: "{{ kolla_user if create_kolla_user | bool else omit }}"
+    group: "{{ kolla_group if create_kolla_user | bool else omit }}"
     mode: 0755
   become: True
-  when: not create_kolla_user | bool
 
 - name: Ensure docker config directory exists
   file:
@@ -212,19 +181,6 @@
     - apparmor_libvirtd_profile.stat.exists
     - not apparmor_libvirtd_disable_profile.stat.exists
 
-- name: Create docker group
-  group:
-    name: docker
-  become: True
-
-- name: Add kolla user to docker group
-  user:
-    name: "{{ kolla_user }}"
-    append: yes
-    groups: docker
-  become: True
-  when: create_kolla_user | bool
-
 - name: Start docker
   systemd:
     name: docker

roles/baremetal/tasks/pre-install.yml

@@ -70,19 +70,6 @@
   become: True
   when: customize_etc_hosts | bool
 
-- name: Ensure sudo group is present
-  group:
-    name: sudo
-    state: present
-  become: True
-
-- name: Ensure kolla group is present
-  group:
-    name: "{{ kolla_group }}"
-    state: present
-  become: True
-  when: create_kolla_user | bool
-
 - block:
     - block:
         - name: Install apt packages

roles/kolla_user/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+create_kolla_user_sudoers: true
+kolla_user: "kolla"
+kolla_group: "kolla"

roles/kolla_user/tasks/main.yml

@@ -0,0 +1,38 @@
+---
+- name: Ensure groups are present
+  group:
+    name: "{{ item }}"
+    state: present
+  become: True
+  loop:
+    - docker
+    - sudo
+    - "{{ kolla_group }}"
+
+- name: Create kolla user
+  user:
+    name: "{{ kolla_user }}"
+    state: present
+    group: "{{ kolla_group }}"
+    groups:
+      - docker
+      - sudo
+    append: true
+  become: True
+
+- name: Add public key to kolla user authorized keys
+  authorized_key:
+    user: "{{ kolla_user }}"
+    key: "{{ kolla_ssh_key.public_key }}"
+  become: True
+
+- name: Grant kolla user passwordless sudo
+  lineinfile:
+    dest: /etc/sudoers.d/kolla-ansible-users
+    state: present
+    create: yes
+    mode: '0640'
+    regexp: '^{{ kolla_user }}'
+    line: '{{ kolla_user }} ALL=(ALL) NOPASSWD: ALL'
+  become: True
+  when: create_kolla_user_sudoers | bool