Merge "Adapt code in preparation for ansible-lint bump"
This commit is contained in:
Zuul
Gerrit Code Review
commit
f3051816cb
@ -15,7 +15,7 @@
|
|||||||
ln -vsf /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable
|
ln -vsf /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable
|
||||||
args:
|
args:
|
||||||
executable: /bin/bash
|
executable: /bin/bash
|
||||||
become: True
|
become: true
|
||||||
changed_when: true
|
changed_when: true
|
||||||
when:
|
when:
|
||||||
- apparmor_libvirtd_profile.stat.exists
|
- apparmor_libvirtd_profile.stat.exists
|
||||||
|
|||||||
@ -17,17 +17,17 @@ ceph_yum_gpgcheck: true
|
|||||||
ceph_yum_package: "ceph-common"
|
ceph_yum_package: "ceph-common"
|
||||||
epel_yum_package: "epel-release"
|
epel_yum_package: "epel-release"
|
||||||
|
|
||||||
create_kolla_user: False
|
create_kolla_user: false
|
||||||
|
|
||||||
kolla_user: "kolla"
|
kolla_user: "kolla"
|
||||||
kolla_group: "kolla"
|
kolla_group: "kolla"
|
||||||
|
|
||||||
change_selinux: True
|
change_selinux: true
|
||||||
|
|
||||||
selinux_state: "permissive"
|
selinux_state: "permissive"
|
||||||
|
|
||||||
# If true, the host firewall service (firewalld or ufw) will be disabled.
|
# If true, the host firewall service (firewalld or ufw) will be disabled.
|
||||||
disable_firewall: True
|
disable_firewall: true
|
||||||
|
|
||||||
git_http_proxy: ""
|
git_http_proxy: ""
|
||||||
git_https_proxy: ""
|
git_https_proxy: ""
|
||||||
|
|||||||
@ -6,13 +6,13 @@
|
|||||||
file:
|
file:
|
||||||
path: /etc/apt/sources.list.d
|
path: /etc/apt/sources.list.d
|
||||||
state: directory
|
state: directory
|
||||||
recurse: yes
|
recurse: true
|
||||||
|
|
||||||
- name: Ensure apt keyrings directory exists
|
- name: Ensure apt keyrings directory exists
|
||||||
file:
|
file:
|
||||||
path: /etc/apt/keyrings
|
path: /etc/apt/keyrings
|
||||||
state: directory
|
state: directory
|
||||||
recurse: yes
|
recurse: true
|
||||||
|
|
||||||
- name: Install ceph apt gpg key
|
- name: Install ceph apt gpg key
|
||||||
get_url:
|
get_url:
|
||||||
@ -48,7 +48,7 @@
|
|||||||
update_cache: true
|
update_cache: true
|
||||||
|
|
||||||
when: ansible_facts.os_family == 'Debian'
|
when: ansible_facts.os_family == 'Debian'
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: Enable ceph yum repository
|
- name: Enable ceph yum repository
|
||||||
@ -78,4 +78,4 @@
|
|||||||
enablerepo: epel
|
enablerepo: epel
|
||||||
|
|
||||||
when: ansible_facts.os_family == 'RedHat'
|
when: ansible_facts.os_family == 'RedHat'
|
||||||
become: True
|
become: true
|
||||||
|
|||||||
@ -3,12 +3,12 @@
|
|||||||
- block:
|
- block:
|
||||||
- name: Set firewall default policy
|
- name: Set firewall default policy
|
||||||
# noqa ignore-errors
|
# noqa ignore-errors
|
||||||
become: True
|
become: true
|
||||||
ufw:
|
ufw:
|
||||||
state: disabled
|
state: disabled
|
||||||
policy: allow
|
policy: allow
|
||||||
when: ansible_facts.os_family == 'Debian'
|
when: ansible_facts.os_family == 'Debian'
|
||||||
ignore_errors: yes
|
ignore_errors: true
|
||||||
|
|
||||||
- name: Check if firewalld is installed
|
- name: Check if firewalld is installed
|
||||||
# noqa command-instead-of-module
|
# noqa command-instead-of-module
|
||||||
@ -19,7 +19,7 @@
|
|||||||
when: ansible_facts.os_family == 'RedHat'
|
when: ansible_facts.os_family == 'RedHat'
|
||||||
|
|
||||||
- name: Disable firewalld
|
- name: Disable firewalld
|
||||||
become: True
|
become: true
|
||||||
service:
|
service:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|||||||
@ -12,8 +12,8 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ kolla_user if create_kolla_user | bool else omit }}"
|
owner: "{{ kolla_user if create_kolla_user | bool else omit }}"
|
||||||
group: "{{ kolla_group if create_kolla_user | bool else omit }}"
|
group: "{{ kolla_group if create_kolla_user | bool else omit }}"
|
||||||
mode: 0755
|
mode: "0755"
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- import_role:
|
- import_role:
|
||||||
name: openstack.kolla.apparmor_libvirt
|
name: openstack.kolla.apparmor_libvirt
|
||||||
|
|||||||
@ -1,9 +1,9 @@
|
|||||||
---
|
---
|
||||||
- name: Reload docker service file
|
- name: Reload docker service file
|
||||||
become: True
|
become: true
|
||||||
systemd:
|
systemd:
|
||||||
name: docker
|
name: docker
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
notify:
|
notify:
|
||||||
- Restart docker
|
- Restart docker
|
||||||
|
|
||||||
@ -11,11 +11,11 @@
|
|||||||
systemd:
|
systemd:
|
||||||
name: docker
|
name: docker
|
||||||
state: "{{ 'reloaded' if docker_systemd_reload | bool else 'restarted' }}"
|
state: "{{ 'reloaded' if docker_systemd_reload | bool else 'restarted' }}"
|
||||||
masked: no
|
masked: false
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Restart containerd
|
- name: Restart containerd
|
||||||
service:
|
service:
|
||||||
name: containerd
|
name: containerd
|
||||||
state: restarted
|
state: restarted
|
||||||
become: True
|
become: true
|
||||||
|
|||||||
@ -3,11 +3,11 @@
|
|||||||
file:
|
file:
|
||||||
path: /etc/docker
|
path: /etc/docker
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: "0755"
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Write docker config
|
- name: Write docker config
|
||||||
become: True
|
become: true
|
||||||
vars:
|
vars:
|
||||||
docker_config_insecure_registries:
|
docker_config_insecure_registries:
|
||||||
insecure-registries:
|
insecure-registries:
|
||||||
@ -48,12 +48,12 @@
|
|||||||
copy:
|
copy:
|
||||||
content: "{{ docker_config | to_nice_json }}"
|
content: "{{ docker_config | to_nice_json }}"
|
||||||
dest: /etc/docker/daemon.json
|
dest: /etc/docker/daemon.json
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
notify:
|
notify:
|
||||||
- Restart docker
|
- Restart docker
|
||||||
|
|
||||||
- name: Remove old docker options file
|
- name: Remove old docker options file
|
||||||
become: True
|
become: true
|
||||||
file:
|
file:
|
||||||
path: /etc/systemd/system/docker.service.d/kolla.conf
|
path: /etc/systemd/system/docker.service.d/kolla.conf
|
||||||
state: absent
|
state: absent
|
||||||
@ -66,11 +66,11 @@
|
|||||||
- Reload docker service file
|
- Reload docker service file
|
||||||
|
|
||||||
- name: Ensure docker service directory exists
|
- name: Ensure docker service directory exists
|
||||||
become: True
|
become: true
|
||||||
file:
|
file:
|
||||||
path: /etc/systemd/system/docker.service.d
|
path: /etc/systemd/system/docker.service.d
|
||||||
state: directory
|
state: directory
|
||||||
recurse: yes
|
recurse: true
|
||||||
when: >
|
when: >
|
||||||
(docker_configure_for_zun | bool and 'zun-compute' in group_names) or
|
(docker_configure_for_zun | bool and 'zun-compute' in group_names) or
|
||||||
docker_http_proxy | length > 0 or
|
docker_http_proxy | length > 0 or
|
||||||
@ -78,11 +78,11 @@
|
|||||||
docker_no_proxy | length > 0
|
docker_no_proxy | length > 0
|
||||||
|
|
||||||
- name: Configure docker service
|
- name: Configure docker service
|
||||||
become: True
|
become: true
|
||||||
template:
|
template:
|
||||||
src: docker_systemd_service.j2
|
src: docker_systemd_service.j2
|
||||||
dest: /etc/systemd/system/docker.service.d/kolla.conf
|
dest: /etc/systemd/system/docker.service.d/kolla.conf
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
when: >
|
when: >
|
||||||
(docker_configure_for_zun | bool and 'zun-compute' in group_names) or
|
(docker_configure_for_zun | bool and 'zun-compute' in group_names) or
|
||||||
docker_http_proxy | length > 0 or
|
docker_http_proxy | length > 0 or
|
||||||
@ -96,9 +96,9 @@
|
|||||||
path: "/etc/docker/certs.d/{{ docker_registry }}"
|
path: "/etc/docker/certs.d/{{ docker_registry }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0700
|
mode: "0700"
|
||||||
state: directory
|
state: directory
|
||||||
become: True
|
become: true
|
||||||
when: docker_registry is not none and docker_registry_ca is not none
|
when: docker_registry is not none and docker_registry_ca is not none
|
||||||
|
|
||||||
- name: Ensure the CA file for private registry exists
|
- name: Ensure the CA file for private registry exists
|
||||||
@ -107,8 +107,8 @@
|
|||||||
dest: "/etc/docker/certs.d/{{ docker_registry }}/ca.crt"
|
dest: "/etc/docker/certs.d/{{ docker_registry }}/ca.crt"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0600
|
mode: "0600"
|
||||||
become: True
|
become: true
|
||||||
when: docker_registry is not none and docker_registry_ca is not none
|
when: docker_registry is not none and docker_registry_ca is not none
|
||||||
notify:
|
notify:
|
||||||
- Restart docker
|
- Restart docker
|
||||||
@ -120,6 +120,6 @@
|
|||||||
systemd:
|
systemd:
|
||||||
name: docker
|
name: docker
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
masked: no
|
masked: false
|
||||||
become: True
|
become: true
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
mode: "0770"
|
mode: "0770"
|
||||||
owner: "{{ config_owner_user }}"
|
owner: "{{ config_owner_user }}"
|
||||||
group: "{{ config_owner_group }}"
|
group: "{{ config_owner_group }}"
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Copying CNI config file
|
- name: Copying CNI config file
|
||||||
template:
|
template:
|
||||||
@ -15,7 +15,7 @@
|
|||||||
mode: "0660"
|
mode: "0660"
|
||||||
owner: "{{ config_owner_user }}"
|
owner: "{{ config_owner_user }}"
|
||||||
group: "{{ config_owner_group }}"
|
group: "{{ config_owner_group }}"
|
||||||
become: True
|
become: true
|
||||||
notify:
|
notify:
|
||||||
- Restart containerd
|
- Restart containerd
|
||||||
|
|
||||||
@ -26,14 +26,14 @@
|
|||||||
mode: "0770"
|
mode: "0770"
|
||||||
owner: "{{ config_owner_user }}"
|
owner: "{{ config_owner_user }}"
|
||||||
group: "{{ config_owner_group }}"
|
group: "{{ config_owner_group }}"
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Copy zun-cni script
|
- name: Copy zun-cni script
|
||||||
template:
|
template:
|
||||||
src: "zun-cni.j2"
|
src: "zun-cni.j2"
|
||||||
dest: "{{ cni_bin_dir }}/zun-cni"
|
dest: "{{ cni_bin_dir }}/zun-cni"
|
||||||
mode: "0775"
|
mode: "0775"
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Copying over containerd config
|
- name: Copying over containerd config
|
||||||
template:
|
template:
|
||||||
|
|||||||
@ -35,7 +35,7 @@
|
|||||||
cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
|
cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
|
||||||
update_cache: true
|
update_cache: true
|
||||||
state: present
|
state: present
|
||||||
become: True
|
become: true
|
||||||
register: docker_install_result
|
register: docker_install_result
|
||||||
|
|
||||||
# If any packages were updated, and any containers were running, wait for the
|
# If any packages were updated, and any containers were running, wait for the
|
||||||
@ -48,9 +48,9 @@
|
|||||||
systemd:
|
systemd:
|
||||||
name: docker
|
name: docker
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
masked: no
|
masked: false
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Wait for Docker to start
|
- name: Wait for Docker to start
|
||||||
command: docker info
|
command: docker info
|
||||||
|
|||||||
@ -7,21 +7,21 @@
|
|||||||
cache_valid_time: "{{ apt_cache_valid_time }}"
|
cache_valid_time: "{{ apt_cache_valid_time }}"
|
||||||
update_cache: true
|
update_cache: true
|
||||||
state: present
|
state: present
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Ensure apt sources list directory exists
|
- name: Ensure apt sources list directory exists
|
||||||
file:
|
file:
|
||||||
path: /etc/apt/sources.list.d
|
path: /etc/apt/sources.list.d
|
||||||
state: directory
|
state: directory
|
||||||
recurse: yes
|
recurse: true
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Ensure apt keyrings directory exists
|
- name: Ensure apt keyrings directory exists
|
||||||
file:
|
file:
|
||||||
path: /etc/apt/keyrings
|
path: /etc/apt/keyrings
|
||||||
state: directory
|
state: directory
|
||||||
recurse: yes
|
recurse: true
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Install docker apt gpg key
|
- name: Install docker apt gpg key
|
||||||
get_url:
|
get_url:
|
||||||
@ -29,7 +29,7 @@
|
|||||||
dest: "/etc/apt/keyrings/docker.asc"
|
dest: "/etc/apt/keyrings/docker.asc"
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
force: true
|
force: true
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Install docker apt pin
|
- name: Install docker apt pin
|
||||||
copy:
|
copy:
|
||||||
@ -39,14 +39,14 @@
|
|||||||
Pin: version {{ docker_apt_package_pin }}
|
Pin: version {{ docker_apt_package_pin }}
|
||||||
Pin-Priority: 1000
|
Pin-Priority: 1000
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
become: True
|
become: true
|
||||||
when: docker_apt_package_pin | length > 0
|
when: docker_apt_package_pin | length > 0
|
||||||
|
|
||||||
- name: Ensure old docker repository absent
|
- name: Ensure old docker repository absent
|
||||||
file:
|
file:
|
||||||
path: /etc/apt/sources.list.d/docker.list
|
path: /etc/apt/sources.list.d/docker.list
|
||||||
state: absent
|
state: absent
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
# TODO(mmalchuk): replace with ansible.builtin.deb822_repository module
|
# TODO(mmalchuk): replace with ansible.builtin.deb822_repository module
|
||||||
# when all stable releases moves to the ansible-core >= 2.15
|
# when all stable releases moves to the ansible-core >= 2.15
|
||||||
@ -62,9 +62,9 @@
|
|||||||
Components: stable
|
Components: stable
|
||||||
Signed-by: /etc/apt/keyrings/docker.asc
|
Signed-by: /etc/apt/keyrings/docker.asc
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Update the apt cache
|
- name: Update the apt cache
|
||||||
apt:
|
apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
become: True
|
become: true
|
||||||
|
|||||||
@ -3,8 +3,8 @@
|
|||||||
file:
|
file:
|
||||||
path: /etc/yum.repos.d/
|
path: /etc/yum.repos.d/
|
||||||
state: directory
|
state: directory
|
||||||
recurse: yes
|
recurse: true
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Enable docker yum repository
|
- name: Enable docker yum repository
|
||||||
yum_repository:
|
yum_repository:
|
||||||
@ -17,11 +17,11 @@
|
|||||||
# modular package in CentOS 8 see:
|
# modular package in CentOS 8 see:
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1734081
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1734081
|
||||||
module_hotfixes: true
|
module_hotfixes: true
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Install docker rpm gpg key
|
- name: Install docker rpm gpg key
|
||||||
rpm_key:
|
rpm_key:
|
||||||
state: present
|
state: present
|
||||||
key: "{{ docker_yum_gpgkey }}"
|
key: "{{ docker_yum_gpgkey }}"
|
||||||
become: True
|
become: true
|
||||||
when: docker_yum_gpgcheck | bool
|
when: docker_yum_gpgcheck | bool
|
||||||
|
|||||||
@ -26,9 +26,9 @@ virtualenv:
|
|||||||
# Whether the virtualenv will inherit packages from the global site-packages
|
# Whether the virtualenv will inherit packages from the global site-packages
|
||||||
# directory. This is typically required for modules such as yum and apt which
|
# directory. This is typically required for modules such as yum and apt which
|
||||||
# are not available on PyPI.
|
# are not available on PyPI.
|
||||||
virtualenv_site_packages: True
|
virtualenv_site_packages: true
|
||||||
|
|
||||||
create_kolla_user: False
|
create_kolla_user: false
|
||||||
kolla_user: "kolla"
|
kolla_user: "kolla"
|
||||||
|
|
||||||
# Owner of the virtualenv.
|
# Owner of the virtualenv.
|
||||||
|
|||||||
@ -2,7 +2,8 @@
|
|||||||
- name: Handling for Python3.10+ externally managed environments
|
- name: Handling for Python3.10+ externally managed environments
|
||||||
block:
|
block:
|
||||||
- name: Get Python
|
- name: Get Python
|
||||||
ansible.builtin.command: "{{ ansible_facts.python.executable }} -c 'import sysconfig; print(sysconfig.get_path(\"stdlib\", sysconfig.get_default_scheme()))'"
|
ansible.builtin.command:
|
||||||
|
cmd: "{{ ansible_facts.python.executable }} -c 'import sysconfig; print(sysconfig.get_path(\"stdlib\", sysconfig.get_default_scheme()))'"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: python_default_scheme_path
|
register: python_default_scheme_path
|
||||||
|
|
||||||
@ -24,28 +25,28 @@
|
|||||||
file:
|
file:
|
||||||
path: /etc/apt/sources.list.d
|
path: /etc/apt/sources.list.d
|
||||||
state: directory
|
state: directory
|
||||||
recurse: yes
|
recurse: true
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Ensure apt keyrings directory exists
|
- name: Ensure apt keyrings directory exists
|
||||||
file:
|
file:
|
||||||
path: /etc/apt/keyrings
|
path: /etc/apt/keyrings
|
||||||
state: directory
|
state: directory
|
||||||
recurse: yes
|
recurse: true
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Install osbpo apt gpg key
|
- name: Install osbpo apt gpg key
|
||||||
template:
|
template:
|
||||||
src: osbpo_pubkey.gpg.j2
|
src: osbpo_pubkey.gpg.j2
|
||||||
dest: /etc/apt/keyrings/osbpo.asc
|
dest: /etc/apt/keyrings/osbpo.asc
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Enable osbpo apt repository
|
- name: Enable osbpo apt repository
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: "{{ docker_sdk_osbpo_apt_repo }}"
|
repo: "{{ docker_sdk_osbpo_apt_repo }}"
|
||||||
filename: osbpo
|
filename: osbpo
|
||||||
become: True
|
become: true
|
||||||
when:
|
when:
|
||||||
- ansible_facts.distribution == 'Debian'
|
- ansible_facts.distribution == 'Debian'
|
||||||
- docker_sdk_python_externally_managed | default(false)
|
- docker_sdk_python_externally_managed | default(false)
|
||||||
|
|||||||
@ -5,9 +5,9 @@
|
|||||||
regexp: "^127.0.0.1.*"
|
regexp: "^127.0.0.1.*"
|
||||||
line: "127.0.0.1 localhost"
|
line: "127.0.0.1 localhost"
|
||||||
create: true
|
create: true
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
state: present
|
state: present
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
# NOTE(mgoddard): Ubuntu may include a line in /etc/hosts that makes the local
|
# NOTE(mgoddard): Ubuntu may include a line in /etc/hosts that makes the local
|
||||||
# hostname and fqdn point to 127.0.1.1. This can break
|
# hostname and fqdn point to 127.0.1.1. This can break
|
||||||
@ -20,7 +20,7 @@
|
|||||||
dest: /etc/hosts
|
dest: /etc/hosts
|
||||||
regexp: "^127.0.1.1\\b.*\\s{{ ansible_facts.hostname }}\\b"
|
regexp: "^127.0.1.1\\b.*\\s{{ ansible_facts.hostname }}\\b"
|
||||||
state: absent
|
state: absent
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Generate /etc/hosts for all of the nodes
|
- name: Generate /etc/hosts for all of the nodes
|
||||||
blockinfile:
|
blockinfile:
|
||||||
@ -28,13 +28,13 @@
|
|||||||
marker: "# {mark} ANSIBLE GENERATED HOSTS"
|
marker: "# {mark} ANSIBLE GENERATED HOSTS"
|
||||||
block: |
|
block: |
|
||||||
{% for host in groups['baremetal'] %}
|
{% for host in groups['baremetal'] %}
|
||||||
{% set api_interface = (hostvars[host]['api_interface'] | replace('-', '_')) %}
|
{% set api_interface = hostvars[host]['api_interface'] | replace('-', '_') %}
|
||||||
{% if host not in groups['bifrost'] or api_interface in hostvars[host].ansible_facts %}
|
{% if host not in groups['bifrost'] or api_interface in hostvars[host].ansible_facts %}
|
||||||
{% set hostnames = [hostvars[host].ansible_facts.nodename, hostvars[host].ansible_facts.hostname] %}
|
{% set hostnames = [hostvars[host].ansible_facts.nodename, hostvars[host].ansible_facts.hostname] %}
|
||||||
{{ 'api' | kolla_address(host) }} {{ hostnames | unique | join(' ') }}
|
{{ 'api' | kolla_address(host) }} {{ hostnames | unique | join(' ') }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
become: True
|
become: true
|
||||||
when:
|
when:
|
||||||
# Skip hosts in the bifrost group that do not have a valid api_interface.
|
# Skip hosts in the bifrost group that do not have a valid api_interface.
|
||||||
- inventory_hostname not in groups['bifrost'] or
|
- inventory_hostname not in groups['bifrost'] or
|
||||||
@ -57,4 +57,4 @@
|
|||||||
dest: /etc/cloud/cloud.cfg.d/99-kolla.cfg
|
dest: /etc/cloud/cloud.cfg.d/99-kolla.cfg
|
||||||
mode: "0660"
|
mode: "0660"
|
||||||
when: cloud_init.stat.exists
|
when: cloud_init.stat.exists
|
||||||
become: True
|
become: true
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
group:
|
group:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
become: True
|
become: true
|
||||||
loop:
|
loop:
|
||||||
- docker
|
- docker
|
||||||
- sudo
|
- sudo
|
||||||
@ -18,21 +18,21 @@
|
|||||||
- docker
|
- docker
|
||||||
- sudo
|
- sudo
|
||||||
append: true
|
append: true
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Add public key to kolla user authorized keys
|
- name: Add public key to kolla user authorized keys
|
||||||
authorized_key:
|
authorized_key:
|
||||||
user: "{{ kolla_user }}"
|
user: "{{ kolla_user }}"
|
||||||
key: "{{ kolla_ssh_key.public_key }}"
|
key: "{{ kolla_ssh_key.public_key }}"
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Grant kolla user passwordless sudo
|
- name: Grant kolla user passwordless sudo
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/sudoers.d/kolla-ansible-users
|
dest: /etc/sudoers.d/kolla-ansible-users
|
||||||
state: present
|
state: present
|
||||||
create: yes
|
create: true
|
||||||
mode: '0640'
|
mode: '0640'
|
||||||
regexp: '^{{ kolla_user }}'
|
regexp: '^{{ kolla_user }}'
|
||||||
line: '{{ kolla_user }} ALL=(ALL) NOPASSWD: ALL'
|
line: '{{ kolla_user }} ALL=(ALL) NOPASSWD: ALL'
|
||||||
become: True
|
become: true
|
||||||
when: create_kolla_user_sudoers | bool
|
when: create_kolla_user_sudoers | bool
|
||||||
|
|||||||
@ -3,15 +3,15 @@
|
|||||||
file:
|
file:
|
||||||
path: /etc/containers/{{ item }}
|
path: /etc/containers/{{ item }}
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: "0755"
|
||||||
become: True
|
become: true
|
||||||
with_items:
|
with_items:
|
||||||
- "containers.conf.d"
|
- "containers.conf.d"
|
||||||
- "registries.conf.d"
|
- "registries.conf.d"
|
||||||
- "storage.conf.d"
|
- "storage.conf.d"
|
||||||
|
|
||||||
- name: Write registries config
|
- name: Write registries config
|
||||||
become: True
|
become: true
|
||||||
vars:
|
vars:
|
||||||
registry: |
|
registry: |
|
||||||
[[registry]]
|
[[registry]]
|
||||||
@ -20,11 +20,11 @@
|
|||||||
copy:
|
copy:
|
||||||
content: "{{ registry }}"
|
content: "{{ registry }}"
|
||||||
dest: /etc/containers/registries.conf.d/registries.conf
|
dest: /etc/containers/registries.conf.d/registries.conf
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
when: podman_registry is not none
|
when: podman_registry is not none
|
||||||
|
|
||||||
- name: Write registry mirror config
|
- name: Write registry mirror config
|
||||||
become: True
|
become: true
|
||||||
vars:
|
vars:
|
||||||
registry_mirror: |
|
registry_mirror: |
|
||||||
[[registry.mirror]]
|
[[registry.mirror]]
|
||||||
@ -33,11 +33,11 @@
|
|||||||
copy:
|
copy:
|
||||||
content: "{{ registry_mirror }}"
|
content: "{{ registry_mirror }}"
|
||||||
dest: /etc/containers/registries.conf.d/registry-mirror.conf
|
dest: /etc/containers/registries.conf.d/registry-mirror.conf
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
when: podman_registry_mirror is not none
|
when: podman_registry_mirror is not none
|
||||||
|
|
||||||
- name: Write storage config
|
- name: Write storage config
|
||||||
become: True
|
become: true
|
||||||
vars:
|
vars:
|
||||||
config: |
|
config: |
|
||||||
{% if podman_storage_driver is not none %}
|
{% if podman_storage_driver is not none %}
|
||||||
@ -49,7 +49,7 @@
|
|||||||
copy:
|
copy:
|
||||||
content: "{{ config }}"
|
content: "{{ config }}"
|
||||||
dest: /etc/containers/storage.conf.d/storage.conf
|
dest: /etc/containers/storage.conf.d/storage.conf
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
when: podman_storage_driver is not none or podman_runtime_directory is not none
|
when: podman_storage_driver is not none or podman_runtime_directory is not none
|
||||||
|
|
||||||
- name: Ensure the path for CA file for podman registry exists
|
- name: Ensure the path for CA file for podman registry exists
|
||||||
@ -57,9 +57,9 @@
|
|||||||
path: "/etc/containers/certs.d/{{ podman_registry }}"
|
path: "/etc/containers/certs.d/{{ podman_registry }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0700
|
mode: "0700"
|
||||||
state: directory
|
state: directory
|
||||||
become: True
|
become: true
|
||||||
when:
|
when:
|
||||||
- podman_registry is not none
|
- podman_registry is not none
|
||||||
- podman_registry_ca is not none
|
- podman_registry_ca is not none
|
||||||
@ -70,8 +70,8 @@
|
|||||||
dest: "/etc/containers/certs.d/{{ private_registry }}/ca.crt"
|
dest: "/etc/containers/certs.d/{{ private_registry }}/ca.crt"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0600
|
mode: "0600"
|
||||||
become: True
|
become: true
|
||||||
when:
|
when:
|
||||||
- podman_registry is not none
|
- podman_registry is not none
|
||||||
- podman_registry_ca is not none
|
- podman_registry_ca is not none
|
||||||
|
|||||||
@ -15,7 +15,7 @@
|
|||||||
cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
|
cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
|
||||||
update_cache: true
|
update_cache: true
|
||||||
state: present
|
state: present
|
||||||
become: True
|
become: true
|
||||||
register: podman_install_result
|
register: podman_install_result
|
||||||
|
|
||||||
# If any packages were updated, and any containers were running, wait for the
|
# If any packages were updated, and any containers were running, wait for the
|
||||||
@ -26,7 +26,7 @@
|
|||||||
service:
|
service:
|
||||||
name: podman.socket
|
name: podman.socket
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: Wait for Podman to start
|
- name: Wait for Podman to start
|
||||||
|
|||||||
@ -25,9 +25,9 @@ virtualenv:
|
|||||||
# Whether the virtualenv will inherit packages from the global site-packages
|
# Whether the virtualenv will inherit packages from the global site-packages
|
||||||
# directory. This is typically required for modules such as yum and apt which
|
# directory. This is typically required for modules such as yum and apt which
|
||||||
# are not available on PyPI.
|
# are not available on PyPI.
|
||||||
virtualenv_site_packages: True
|
virtualenv_site_packages: true
|
||||||
|
|
||||||
create_kolla_user: False
|
create_kolla_user: false
|
||||||
kolla_user: "kolla"
|
kolla_user: "kolla"
|
||||||
|
|
||||||
# Owner of the virtualenv.
|
# Owner of the virtualenv.
|
||||||
|
|||||||
@ -2,7 +2,8 @@
|
|||||||
- name: Handling for Python3.10+ externally managed environments
|
- name: Handling for Python3.10+ externally managed environments
|
||||||
block:
|
block:
|
||||||
- name: Get Python
|
- name: Get Python
|
||||||
ansible.builtin.command: "{{ ansible_facts.python.executable }} -c 'import sysconfig; print(sysconfig.get_path(\"stdlib\", sysconfig.get_default_scheme()))'"
|
ansible.builtin.command:
|
||||||
|
cmd: "{{ ansible_facts.python.executable }} -c 'import sysconfig; print(sysconfig.get_path(\"stdlib\", sysconfig.get_default_scheme()))'"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: python_default_scheme_path
|
register: python_default_scheme_path
|
||||||
|
|
||||||
@ -24,13 +25,13 @@
|
|||||||
file:
|
file:
|
||||||
path: /etc/apt/sources.list.d
|
path: /etc/apt/sources.list.d
|
||||||
state: directory
|
state: directory
|
||||||
recurse: yes
|
recurse: true
|
||||||
|
|
||||||
- name: Ensure apt keyrings directory exists
|
- name: Ensure apt keyrings directory exists
|
||||||
file:
|
file:
|
||||||
path: /etc/apt/keyrings
|
path: /etc/apt/keyrings
|
||||||
state: directory
|
state: directory
|
||||||
recurse: yes
|
recurse: true
|
||||||
|
|
||||||
- name: Install osbpo apt gpg key
|
- name: Install osbpo apt gpg key
|
||||||
template:
|
template:
|
||||||
@ -65,13 +66,13 @@
|
|||||||
- ansible_facts.distribution == 'Debian'
|
- ansible_facts.distribution == 'Debian'
|
||||||
- podman_sdk_python_externally_managed | default(false)
|
- podman_sdk_python_externally_managed | default(false)
|
||||||
- virtualenv is none
|
- virtualenv is none
|
||||||
become: True
|
become: true
|
||||||
|
|
||||||
- name: Install packages
|
- name: Install packages
|
||||||
package:
|
package:
|
||||||
name: "{{ podman_sdk_packages | select | list }}"
|
name: "{{ podman_sdk_packages | select | list }}"
|
||||||
cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
|
cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
|
||||||
update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
|
update_cache: "{{ true if ansible_facts.os_family == 'Debian' else omit }}"
|
||||||
state: present
|
state: present
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user