Update playbooks to support os_client_config

In order to support use of Keystone in the future, the playbooks
that invoke modules that connect to Ironic needed to be updated
in order to pass-through enough authentication data to enable
user authentication.

Change-Id: I0802b7933303778115a1adca63b64670e1cda4ae
This commit is contained in:
Julia Kreger 2016-09-30 11:11:26 +00:00
parent 2c60745fba
commit 3e8a84f9b4
19 changed files with 162 additions and 19 deletions

View File

@ -58,6 +58,9 @@ node_network_info: Optional: If defined, the contents are written out to the
override the network configuration contents based on
the inventory data.
cloud_name: Optional: String value defining a clouds.yaml entry for
the ansible module to leverage.
Customizing
-----------

View File

@ -4,7 +4,7 @@ galaxy_info:
description: Creates a basic configdrive for Bifrost
company: OpenStack
license: Apache
min_ansible_version: 1.9
min_ansible_version: 2.0
platforms:
- name: EL
versions:

View File

@ -12,14 +12,35 @@
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: "If in noauth mode, set auth parameters accordingly."
set_fact:
auth_type: None
auth: {}
when: noauth_mode is defined and noauth_mode | bool == true
- name: "Execute os_client_config to collect facts"
os_client_config:
no_log: yes
# NOTE(TheJulia): The first record returned by os_client_config
# is utilized as the default. A user can still define the parameters
# if so desired.
- name: "Set os_client_config's auth parameters if not already set."
set_fact:
auth: "{{ openstack.clouds[0].auth }}"
auth_type: "{{ openstack.clouds[0].auth_type }}"
when: auth is undefined
no_log: yes
# Note(TheJulia): This step allows us to collect things that
# ironic knows, that we do not know potentially, such as an UUID
# should a node have been created without one.
- name: "Collecting node facts"
os_ironic_facts:
auth_type: None
auth: {}
ironic_url: "{{ ironic_url }}"
cloud: "{{ cloud_name | default(omit) }}"
auth_type: "{{ auth_type }}"
auth: "{{ auth }}"
ironic_url: "{{ ironic_url | default(omit) }}"
uuid: "{{ uuid | default() }}"
name: "{{ name | default() }}"
skip_items:

View File

@ -85,6 +85,9 @@ noauth_mode: Controls if the module is called in noauth mode.
this file format can be found at:
http://docs.openstack.org/developer/os-client-config/
cloud_name: Optional: String value defining a clouds.yaml entry for
the ansible module to leverage.
inventory_dns: A boolean value, defaulted to false, which causes the role
to update a template file and reload dnsmasq upon each update
in order to perform static dns addressing utilizing the

View File

@ -4,7 +4,7 @@ galaxy_info:
description: Deploys the image on to nodes in Ironic
company: OpenStack
license: Apache
min_ansible_version: 1.9
min_ansible_version: 2.0
platforms:
- name: EL
versions:

View File

@ -21,7 +21,22 @@
set_fact:
auth_type: None
auth: {}
when: noauth_mode | bool == true
when: noauth_mode is defined and noauth_mode | bool == true
- name: "Execute os_client_config to collect facts"
os_client_config:
no_log: yes
# NOTE(TheJulia): The first record returned by os_client_config
# is utilized as the default. A user can still define the parameters
# if so desired.
- name: "Set os_client_config's auth parameters if not already set."
set_fact:
auth: "{{ openstack.clouds[0].auth }}"
auth_type: "{{ openstack.clouds[0].auth_type }}"
when: auth is undefined
no_log: yes
- name: "Setup DHCP for nodes."
template:
src: dhcp-host.j2
@ -68,9 +83,10 @@
when: instance_info is not defined and test_deploy_image.stat.exists | bool == false
- name: "Deploy to hardware - bifrost default"
os_ironic_node:
cloud: "{{ cloud_name | default(omit) }}"
auth_type: "{{ auth_type | default(omit) }}"
auth: "{{ auth | default(omit) }}"
ironic_url: "{{ ironic_url }}"
ironic_url: "{{ ironic_url | default(omit) }}"
uuid: "{{ uuid }}"
state: present
config_drive: "{{ deploy_url_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{ file_url_port }}/configdrive-{{ uuid }}.iso.gz"

View File

@ -26,6 +26,9 @@ noauth_mode: Controls if the module is called in noauth mode.
this file format can be found at:
http://docs.openstack.org/developer/os-client-config/
cloud_name: Optional: String value defining a clouds.yaml entry for
the ansible module to leverage.
Dependencies
------------

View File

@ -4,7 +4,7 @@ galaxy_info:
description: Unprovisions nodes in Ironic
company: OpenStack
license: Apache
min_ansible_version: 1.9
min_ansible_version: 2.0
platforms:
- name: EL
versions:

View File

@ -16,12 +16,28 @@
set_fact:
auth_type: None
auth: {}
when: noauth_mode | bool == true
when: noauth_mode is defined and noauth_mode | bool == true
- name: "Execute os_client_config to collect facts"
os_client_config:
no_log: yes
# NOTE(TheJulia): The first record returned by os_client_config
# is utilized as the default. A user can still define the parameters
# if so desired.
- name: "Set os_client_config's auth parameters if not already set."
set_fact:
auth: "{{ openstack.clouds[0].auth }}"
auth_type: "{{ openstack.clouds[0].auth_type }}"
when: auth is undefined
no_log: yes
- name: "Unprovision node"
os_ironic_node:
cloud: "{{ cloud_name | default(omit) }}"
auth_type: "{{ auth_type | default(omit) }}"
auth: "{{ auth | default(omit) }}"
ironic_url: "{{ ironic_url }}"
ironic_url: "{{ ironic_url | default(omit) }}"
uuid: "{{ uuid | default() }}"
name: "{{ name | default() }}"
state: absent

View File

@ -31,6 +31,9 @@ noauth_mode: Controls if the module is called in noauth mode.
this file format can be found at:
http://docs.openstack.org/developer/os-client-config/
cloud_name: Optional: String value defining a clouds.yaml entry for
the ansible module to leverage.
Dependencies
------------

View File

@ -4,7 +4,7 @@ galaxy_info:
description: Removes enrolled nodes from Ironic
company: OpenStack
license: Apache
min_ansible_version: 1.9
min_ansible_version: 2.0
platforms:
- name: EL
versions:

View File

@ -16,12 +16,28 @@
set_fact:
auth_type: None
auth: {}
when: noauth_mode | bool == true
when: noauth_mode is defined and noauth_mode | bool == true
- name: "Execute os_client_config to collect facts"
os_client_config:
no_log: yes
# NOTE(TheJulia): The first record returned by os_client_config
# is utilized as the default. A user can still define the parameters
# if so desired.
- name: "Set os_client_config's auth parameters if not already set."
set_fact:
auth: "{{ openstack.clouds[0].auth }}"
auth_type: "{{ openstack.clouds[0].auth_type }}"
when: auth is undefined
no_log: yes
- name: "Delete hardware"
os_ironic:
cloud: "{{ cloud_name | default(omit) }}"
auth_type: "{{ auth_type | default(omit) }}"
auth: "{{ auth | default(omit) }}"
ironic_url: "{{ ironic_url }}"
ironic_url: "{{ ironic_url | default(omit) }}"
driver: ""
uuid: "{{ uuid | default() }}"
name: "{{ name | default() }}"

View File

@ -40,6 +40,9 @@ noauth_mode: Controls if the module is called in noauth mode.
this file format can be found at:
http://docs.openstack.org/developer/os-client-config/
cloud_name: Optional: String value defining a clouds.yaml entry for
the ansible module to leverage.
This role expects a data structure similar to the one below, however it should
be understood that the individual entries under power can vary based on power
driver required.

View File

@ -4,7 +4,7 @@ galaxy_info:
description: Enrolls nodes into Ironic
company: OpenStack
license: Apache
min_ansible_version: 1.9
min_ansible_version: 2.0
platforms:
- name: EL
versions:

View File

@ -16,12 +16,28 @@
set_fact:
auth_type: None
auth: {}
when: noauth_mode | bool == true
when: noauth_mode is defined and noauth_mode | bool == true
- name: "Execute os_client_config to collect facts"
os_client_config:
no_log: yes
# NOTE(TheJulia): The first record returned by os_client_config
# is utilized as the default. A user can still define the parameters
# if so desired.
- name: "Set os_client_config's auth parameters if not already set."
set_fact:
auth: "{{ openstack.clouds[0].auth }}"
auth_type: "{{ openstack.clouds[0].auth_type }}"
when: auth is undefined
no_log: yes
- name: "Dynamic enrollment"
os_ironic:
cloud: "{{ cloud_name | default(omit) }}"
auth_type: "{{ auth_type | default(omit) }}"
auth: "{{ auth | default(omit) }}"
ironic_url: "{{ ironic_url }}"
ironic_url: "{{ ironic_url | default(omit) }}"
driver: "{{ driver }}"
uuid: "{{ uuid | default() }}"
name: "{{ name | default() }}"

View File

@ -25,6 +25,9 @@ noauth_mode: Controls if the module is called in noauth mode.
this file format can be found at:
http://docs.openstack.org/developer/os-client-config/
cloud_name: Optional: String value defining a clouds.yaml entry for
the ansible module to leverage.
Dependencies
------------

View File

@ -4,7 +4,7 @@ galaxy_info:
description: Invoke ironic node hardware introspection.
company: OpenStack
license: Apache
min_ansible_version: 1.9
min_ansible_version: 2.0
platforms:
- name: EL
versions:

View File

@ -16,11 +16,27 @@
set_fact:
auth_type: None
auth: {}
when: noauth_mode | bool == true
when: noauth_mode is defined and noauth_mode | bool == true
- name: "Execute os_client_config to collect facts"
os_client_config:
no_log: yes
# NOTE(TheJulia): The first record returned by os_client_config
# is utilized as the default. A user can still define the parameters
# if so desired.
- name: "Set os_client_config's auth parameters if not already set."
set_fact:
auth: "{{ openstack.clouds[0].auth }}"
auth_type: "{{ openstack.clouds[0].auth_type }}"
when: auth is undefined
no_log: yes
- name: "Execute node introspection - NoAuth Mode"
os_ironic_inspect:
cloud: "{{ cloud_name | default(omit) }}"
auth_type: "{{ auth_type | default(omit) }}"
auth: "{{ auth | default(omit) }}"
ironic_url: "{{ ironic_url }}"
ironic_url: "{{ ironic_url | default(omit) }}"
uuid: "{{ uuid }}"
delegate_to: localhost

View File

@ -0,0 +1,24 @@
---
features:
- The capability for Bifrost to read directly from
the os-client-config data has been added. While shade
can do this for us to a degree, bifrost also allows
a user to directly choose the server which they are
connecting to via the ``ironic_url`` parameter.
Instead of duplicate code and retool, if no global
``auth`` parameter is detected, the authentication
parameters from the ``os_client_config`` module is
utilized to set the parameters.
- An optional parameter has been added to the roles
that interact with ironic that defines a ``cloud_name``.
This cloud name is utilized by the roles to determine
the entry from os-client-config to utilize.
issues:
- The addition of support for os-client-config does
not allow a user to choose their ``cloud``
directly. Only the first entry returned is utilized.
- Log entries where authentication data is read and
stored have been masked with the ``no_log`` parameter.
Troubleshooting non-standard authentication configurations
may require modifying the playbooks so users can debug their
input OR pass data directly in a different way.