From 6c81058e74fe0c8eb313a83dfdb973de7bf7b83b Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Wed, 17 Nov 2021 14:25:55 +0000 Subject: [PATCH] baremetal: refactor kolla user & group creation into a separate role Change-Id: I1f8d19a97479cc3a780fd33bb509003bc835c2bc --- roles/baremetal/defaults/main.yml | 1 - roles/baremetal/tasks/post-install.yml | 58 ++++---------------------- roles/baremetal/tasks/pre-install.yml | 13 ------ roles/kolla_user/defaults/main.yml | 4 ++ roles/kolla_user/tasks/main.yml | 38 +++++++++++++++++ 5 files changed, 49 insertions(+), 65 deletions(-) create mode 100644 roles/kolla_user/defaults/main.yml create mode 100644 roles/kolla_user/tasks/main.yml diff --git a/roles/baremetal/defaults/main.yml b/roles/baremetal/defaults/main.yml index cf349e5..cc380b6 100644 --- a/roles/baremetal/defaults/main.yml +++ b/roles/baremetal/defaults/main.yml @@ -38,7 +38,6 @@ epel_yum_package: "epel-release" customize_etc_hosts: True create_kolla_user: True -create_kolla_user_sudoers: "{{ create_kolla_user }}" kolla_user: "kolla" kolla_group: "kolla" diff --git a/roles/baremetal/tasks/post-install.yml b/roles/baremetal/tasks/post-install.yml index 591e255..2e47f22 100644 --- a/roles/baremetal/tasks/post-install.yml +++ b/roles/baremetal/tasks/post-install.yml @@ -1,32 +1,8 @@ --- -- name: Create kolla user - user: - name: "{{ kolla_user }}" - state: present - group: "{{ kolla_group }}" - groups: "sudo" - append: true - become: True +- import_role: + name: openstack.kolla.kolla_user when: create_kolla_user | bool -- name: Add public key to kolla user authorized keys - authorized_key: - user: "{{ kolla_user }}" - key: "{{ kolla_ssh_key.public_key }}" - become: True - when: create_kolla_user | bool - -- name: Grant kolla user passwordless sudo - lineinfile: - dest: /etc/sudoers.d/kolla-ansible-users - state: present - create: yes - mode: '0640' - regexp: '^{{ kolla_user }}' - line: '{{ kolla_user }} ALL=(ALL) NOPASSWD: ALL' - become: True - when: create_kolla_user_sudoers | bool - - name: Ensure virtualenv has correct ownership file: path: "{{ virtualenv }}" @@ -35,25 +11,18 @@ owner: "{{ kolla_user }}" group: "{{ kolla_group }}" become: True - when: virtualenv is not none - -- name: Ensure node_config_directory directory exists for user kolla - file: - path: "{{ node_config_directory }}" - state: directory - owner: "{{ kolla_user }}" - group: "{{ kolla_group }}" - mode: 0755 - become: True - when: create_kolla_user | bool + when: + - create_kolla_user | bool + - virtualenv is not none - name: Ensure node_config_directory directory exists file: path: "{{ node_config_directory }}" state: directory + owner: "{{ kolla_user if create_kolla_user | bool else omit }}" + group: "{{ kolla_group if create_kolla_user | bool else omit }}" mode: 0755 become: True - when: not create_kolla_user | bool - name: Ensure docker config directory exists file: @@ -212,19 +181,6 @@ - apparmor_libvirtd_profile.stat.exists - not apparmor_libvirtd_disable_profile.stat.exists -- name: Create docker group - group: - name: docker - become: True - -- name: Add kolla user to docker group - user: - name: "{{ kolla_user }}" - append: yes - groups: docker - become: True - when: create_kolla_user | bool - - name: Start docker systemd: name: docker diff --git a/roles/baremetal/tasks/pre-install.yml b/roles/baremetal/tasks/pre-install.yml index 97308cf..ad42268 100644 --- a/roles/baremetal/tasks/pre-install.yml +++ b/roles/baremetal/tasks/pre-install.yml @@ -70,19 +70,6 @@ become: True when: customize_etc_hosts | bool -- name: Ensure sudo group is present - group: - name: sudo - state: present - become: True - -- name: Ensure kolla group is present - group: - name: "{{ kolla_group }}" - state: present - become: True - when: create_kolla_user | bool - - block: - block: - name: Install apt packages diff --git a/roles/kolla_user/defaults/main.yml b/roles/kolla_user/defaults/main.yml new file mode 100644 index 0000000..4cc7196 --- /dev/null +++ b/roles/kolla_user/defaults/main.yml @@ -0,0 +1,4 @@ +--- +create_kolla_user_sudoers: true +kolla_user: "kolla" +kolla_group: "kolla" diff --git a/roles/kolla_user/tasks/main.yml b/roles/kolla_user/tasks/main.yml new file mode 100644 index 0000000..301c6e4 --- /dev/null +++ b/roles/kolla_user/tasks/main.yml @@ -0,0 +1,38 @@ +--- +- name: Ensure groups are present + group: + name: "{{ item }}" + state: present + become: True + loop: + - docker + - sudo + - "{{ kolla_group }}" + +- name: Create kolla user + user: + name: "{{ kolla_user }}" + state: present + group: "{{ kolla_group }}" + groups: + - docker + - sudo + append: true + become: True + +- name: Add public key to kolla user authorized keys + authorized_key: + user: "{{ kolla_user }}" + key: "{{ kolla_ssh_key.public_key }}" + become: True + +- name: Grant kolla user passwordless sudo + lineinfile: + dest: /etc/sudoers.d/kolla-ansible-users + state: present + create: yes + mode: '0640' + regexp: '^{{ kolla_user }}' + line: '{{ kolla_user }} ALL=(ALL) NOPASSWD: ALL' + become: True + when: create_kolla_user_sudoers | bool