baremetal: refactor kolla user & group creation into a separate role

Change-Id: I1f8d19a97479cc3a780fd33bb509003bc835c2bc
This commit is contained in:
Mark Goddard 2021-11-17 14:25:55 +00:00 committed by Radosław Piliszek
parent 09c276638c
commit 6c81058e74
5 changed files with 49 additions and 65 deletions

View File

@ -38,7 +38,6 @@ epel_yum_package: "epel-release"
customize_etc_hosts: True
create_kolla_user: True
create_kolla_user_sudoers: "{{ create_kolla_user }}"
kolla_user: "kolla"
kolla_group: "kolla"

View File

@ -1,32 +1,8 @@
---
- name: Create kolla user
user:
name: "{{ kolla_user }}"
state: present
group: "{{ kolla_group }}"
groups: "sudo"
append: true
become: True
- import_role:
name: openstack.kolla.kolla_user
when: create_kolla_user | bool
- name: Add public key to kolla user authorized keys
authorized_key:
user: "{{ kolla_user }}"
key: "{{ kolla_ssh_key.public_key }}"
become: True
when: create_kolla_user | bool
- name: Grant kolla user passwordless sudo
lineinfile:
dest: /etc/sudoers.d/kolla-ansible-users
state: present
create: yes
mode: '0640'
regexp: '^{{ kolla_user }}'
line: '{{ kolla_user }} ALL=(ALL) NOPASSWD: ALL'
become: True
when: create_kolla_user_sudoers | bool
- name: Ensure virtualenv has correct ownership
file:
path: "{{ virtualenv }}"
@ -35,25 +11,18 @@
owner: "{{ kolla_user }}"
group: "{{ kolla_group }}"
become: True
when: virtualenv is not none
- name: Ensure node_config_directory directory exists for user kolla
file:
path: "{{ node_config_directory }}"
state: directory
owner: "{{ kolla_user }}"
group: "{{ kolla_group }}"
mode: 0755
become: True
when: create_kolla_user | bool
when:
- create_kolla_user | bool
- virtualenv is not none
- name: Ensure node_config_directory directory exists
file:
path: "{{ node_config_directory }}"
state: directory
owner: "{{ kolla_user if create_kolla_user | bool else omit }}"
group: "{{ kolla_group if create_kolla_user | bool else omit }}"
mode: 0755
become: True
when: not create_kolla_user | bool
- name: Ensure docker config directory exists
file:
@ -212,19 +181,6 @@
- apparmor_libvirtd_profile.stat.exists
- not apparmor_libvirtd_disable_profile.stat.exists
- name: Create docker group
group:
name: docker
become: True
- name: Add kolla user to docker group
user:
name: "{{ kolla_user }}"
append: yes
groups: docker
become: True
when: create_kolla_user | bool
- name: Start docker
systemd:
name: docker

View File

@ -70,19 +70,6 @@
become: True
when: customize_etc_hosts | bool
- name: Ensure sudo group is present
group:
name: sudo
state: present
become: True
- name: Ensure kolla group is present
group:
name: "{{ kolla_group }}"
state: present
become: True
when: create_kolla_user | bool
- block:
- block:
- name: Install apt packages

View File

@ -0,0 +1,4 @@
---
create_kolla_user_sudoers: true
kolla_user: "kolla"
kolla_group: "kolla"

View File

@ -0,0 +1,38 @@
---
- name: Ensure groups are present
group:
name: "{{ item }}"
state: present
become: True
loop:
- docker
- sudo
- "{{ kolla_group }}"
- name: Create kolla user
user:
name: "{{ kolla_user }}"
state: present
group: "{{ kolla_group }}"
groups:
- docker
- sudo
append: true
become: True
- name: Add public key to kolla user authorized keys
authorized_key:
user: "{{ kolla_user }}"
key: "{{ kolla_ssh_key.public_key }}"
become: True
- name: Grant kolla user passwordless sudo
lineinfile:
dest: /etc/sudoers.d/kolla-ansible-users
state: present
create: yes
mode: '0640'
regexp: '^{{ kolla_user }}'
line: '{{ kolla_user }} ALL=(ALL) NOPASSWD: ALL'
become: True
when: create_kolla_user_sudoers | bool