Update playbooks to support os_client_config
In order to support use of Keystone in the future, the playbooks that invoke modules that connect to Ironic needed to be updated in order to pass-through enough authentication data to enable user authentication. Change-Id: I0802b7933303778115a1adca63b64670e1cda4ae
This commit is contained in:
parent
2c60745fba
commit
3e8a84f9b4
@ -58,6 +58,9 @@ node_network_info: Optional: If defined, the contents are written out to the
|
||||
override the network configuration contents based on
|
||||
the inventory data.
|
||||
|
||||
cloud_name: Optional: String value defining a clouds.yaml entry for
|
||||
the ansible module to leverage.
|
||||
|
||||
Customizing
|
||||
-----------
|
||||
|
||||
|
@ -4,7 +4,7 @@ galaxy_info:
|
||||
description: Creates a basic configdrive for Bifrost
|
||||
company: OpenStack
|
||||
license: Apache
|
||||
min_ansible_version: 1.9
|
||||
min_ansible_version: 2.0
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
|
@ -12,14 +12,35 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
---
|
||||
- name: "If in noauth mode, set auth parameters accordingly."
|
||||
set_fact:
|
||||
auth_type: None
|
||||
auth: {}
|
||||
when: noauth_mode is defined and noauth_mode | bool == true
|
||||
|
||||
- name: "Execute os_client_config to collect facts"
|
||||
os_client_config:
|
||||
no_log: yes
|
||||
|
||||
# NOTE(TheJulia): The first record returned by os_client_config
|
||||
# is utilized as the default. A user can still define the parameters
|
||||
# if so desired.
|
||||
- name: "Set os_client_config's auth parameters if not already set."
|
||||
set_fact:
|
||||
auth: "{{ openstack.clouds[0].auth }}"
|
||||
auth_type: "{{ openstack.clouds[0].auth_type }}"
|
||||
when: auth is undefined
|
||||
no_log: yes
|
||||
|
||||
# Note(TheJulia): This step allows us to collect things that
|
||||
# ironic knows, that we do not know potentially, such as an UUID
|
||||
# should a node have been created without one.
|
||||
- name: "Collecting node facts"
|
||||
os_ironic_facts:
|
||||
auth_type: None
|
||||
auth: {}
|
||||
ironic_url: "{{ ironic_url }}"
|
||||
cloud: "{{ cloud_name | default(omit) }}"
|
||||
auth_type: "{{ auth_type }}"
|
||||
auth: "{{ auth }}"
|
||||
ironic_url: "{{ ironic_url | default(omit) }}"
|
||||
uuid: "{{ uuid | default() }}"
|
||||
name: "{{ name | default() }}"
|
||||
skip_items:
|
||||
|
@ -85,6 +85,9 @@ noauth_mode: Controls if the module is called in noauth mode.
|
||||
this file format can be found at:
|
||||
http://docs.openstack.org/developer/os-client-config/
|
||||
|
||||
cloud_name: Optional: String value defining a clouds.yaml entry for
|
||||
the ansible module to leverage.
|
||||
|
||||
inventory_dns: A boolean value, defaulted to false, which causes the role
|
||||
to update a template file and reload dnsmasq upon each update
|
||||
in order to perform static dns addressing utilizing the
|
||||
|
@ -4,7 +4,7 @@ galaxy_info:
|
||||
description: Deploys the image on to nodes in Ironic
|
||||
company: OpenStack
|
||||
license: Apache
|
||||
min_ansible_version: 1.9
|
||||
min_ansible_version: 2.0
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
|
@ -21,7 +21,22 @@
|
||||
set_fact:
|
||||
auth_type: None
|
||||
auth: {}
|
||||
when: noauth_mode | bool == true
|
||||
when: noauth_mode is defined and noauth_mode | bool == true
|
||||
|
||||
- name: "Execute os_client_config to collect facts"
|
||||
os_client_config:
|
||||
no_log: yes
|
||||
|
||||
# NOTE(TheJulia): The first record returned by os_client_config
|
||||
# is utilized as the default. A user can still define the parameters
|
||||
# if so desired.
|
||||
- name: "Set os_client_config's auth parameters if not already set."
|
||||
set_fact:
|
||||
auth: "{{ openstack.clouds[0].auth }}"
|
||||
auth_type: "{{ openstack.clouds[0].auth_type }}"
|
||||
when: auth is undefined
|
||||
no_log: yes
|
||||
|
||||
- name: "Setup DHCP for nodes."
|
||||
template:
|
||||
src: dhcp-host.j2
|
||||
@ -68,9 +83,10 @@
|
||||
when: instance_info is not defined and test_deploy_image.stat.exists | bool == false
|
||||
- name: "Deploy to hardware - bifrost default"
|
||||
os_ironic_node:
|
||||
cloud: "{{ cloud_name | default(omit) }}"
|
||||
auth_type: "{{ auth_type | default(omit) }}"
|
||||
auth: "{{ auth | default(omit) }}"
|
||||
ironic_url: "{{ ironic_url }}"
|
||||
ironic_url: "{{ ironic_url | default(omit) }}"
|
||||
uuid: "{{ uuid }}"
|
||||
state: present
|
||||
config_drive: "{{ deploy_url_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{ file_url_port }}/configdrive-{{ uuid }}.iso.gz"
|
||||
|
@ -26,6 +26,9 @@ noauth_mode: Controls if the module is called in noauth mode.
|
||||
this file format can be found at:
|
||||
http://docs.openstack.org/developer/os-client-config/
|
||||
|
||||
cloud_name: Optional: String value defining a clouds.yaml entry for
|
||||
the ansible module to leverage.
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
|
@ -4,7 +4,7 @@ galaxy_info:
|
||||
description: Unprovisions nodes in Ironic
|
||||
company: OpenStack
|
||||
license: Apache
|
||||
min_ansible_version: 1.9
|
||||
min_ansible_version: 2.0
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
|
@ -16,12 +16,28 @@
|
||||
set_fact:
|
||||
auth_type: None
|
||||
auth: {}
|
||||
when: noauth_mode | bool == true
|
||||
when: noauth_mode is defined and noauth_mode | bool == true
|
||||
|
||||
- name: "Execute os_client_config to collect facts"
|
||||
os_client_config:
|
||||
no_log: yes
|
||||
|
||||
# NOTE(TheJulia): The first record returned by os_client_config
|
||||
# is utilized as the default. A user can still define the parameters
|
||||
# if so desired.
|
||||
- name: "Set os_client_config's auth parameters if not already set."
|
||||
set_fact:
|
||||
auth: "{{ openstack.clouds[0].auth }}"
|
||||
auth_type: "{{ openstack.clouds[0].auth_type }}"
|
||||
when: auth is undefined
|
||||
no_log: yes
|
||||
|
||||
- name: "Unprovision node"
|
||||
os_ironic_node:
|
||||
cloud: "{{ cloud_name | default(omit) }}"
|
||||
auth_type: "{{ auth_type | default(omit) }}"
|
||||
auth: "{{ auth | default(omit) }}"
|
||||
ironic_url: "{{ ironic_url }}"
|
||||
ironic_url: "{{ ironic_url | default(omit) }}"
|
||||
uuid: "{{ uuid | default() }}"
|
||||
name: "{{ name | default() }}"
|
||||
state: absent
|
||||
|
@ -31,6 +31,9 @@ noauth_mode: Controls if the module is called in noauth mode.
|
||||
this file format can be found at:
|
||||
http://docs.openstack.org/developer/os-client-config/
|
||||
|
||||
cloud_name: Optional: String value defining a clouds.yaml entry for
|
||||
the ansible module to leverage.
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
|
@ -4,7 +4,7 @@ galaxy_info:
|
||||
description: Removes enrolled nodes from Ironic
|
||||
company: OpenStack
|
||||
license: Apache
|
||||
min_ansible_version: 1.9
|
||||
min_ansible_version: 2.0
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
|
@ -16,12 +16,28 @@
|
||||
set_fact:
|
||||
auth_type: None
|
||||
auth: {}
|
||||
when: noauth_mode | bool == true
|
||||
when: noauth_mode is defined and noauth_mode | bool == true
|
||||
|
||||
- name: "Execute os_client_config to collect facts"
|
||||
os_client_config:
|
||||
no_log: yes
|
||||
|
||||
# NOTE(TheJulia): The first record returned by os_client_config
|
||||
# is utilized as the default. A user can still define the parameters
|
||||
# if so desired.
|
||||
- name: "Set os_client_config's auth parameters if not already set."
|
||||
set_fact:
|
||||
auth: "{{ openstack.clouds[0].auth }}"
|
||||
auth_type: "{{ openstack.clouds[0].auth_type }}"
|
||||
when: auth is undefined
|
||||
no_log: yes
|
||||
|
||||
- name: "Delete hardware"
|
||||
os_ironic:
|
||||
cloud: "{{ cloud_name | default(omit) }}"
|
||||
auth_type: "{{ auth_type | default(omit) }}"
|
||||
auth: "{{ auth | default(omit) }}"
|
||||
ironic_url: "{{ ironic_url }}"
|
||||
ironic_url: "{{ ironic_url | default(omit) }}"
|
||||
driver: ""
|
||||
uuid: "{{ uuid | default() }}"
|
||||
name: "{{ name | default() }}"
|
||||
|
@ -40,6 +40,9 @@ noauth_mode: Controls if the module is called in noauth mode.
|
||||
this file format can be found at:
|
||||
http://docs.openstack.org/developer/os-client-config/
|
||||
|
||||
cloud_name: Optional: String value defining a clouds.yaml entry for
|
||||
the ansible module to leverage.
|
||||
|
||||
This role expects a data structure similar to the one below, however it should
|
||||
be understood that the individual entries under power can vary based on power
|
||||
driver required.
|
||||
|
@ -4,7 +4,7 @@ galaxy_info:
|
||||
description: Enrolls nodes into Ironic
|
||||
company: OpenStack
|
||||
license: Apache
|
||||
min_ansible_version: 1.9
|
||||
min_ansible_version: 2.0
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
|
@ -16,12 +16,28 @@
|
||||
set_fact:
|
||||
auth_type: None
|
||||
auth: {}
|
||||
when: noauth_mode | bool == true
|
||||
when: noauth_mode is defined and noauth_mode | bool == true
|
||||
|
||||
- name: "Execute os_client_config to collect facts"
|
||||
os_client_config:
|
||||
no_log: yes
|
||||
|
||||
# NOTE(TheJulia): The first record returned by os_client_config
|
||||
# is utilized as the default. A user can still define the parameters
|
||||
# if so desired.
|
||||
- name: "Set os_client_config's auth parameters if not already set."
|
||||
set_fact:
|
||||
auth: "{{ openstack.clouds[0].auth }}"
|
||||
auth_type: "{{ openstack.clouds[0].auth_type }}"
|
||||
when: auth is undefined
|
||||
no_log: yes
|
||||
|
||||
- name: "Dynamic enrollment"
|
||||
os_ironic:
|
||||
cloud: "{{ cloud_name | default(omit) }}"
|
||||
auth_type: "{{ auth_type | default(omit) }}"
|
||||
auth: "{{ auth | default(omit) }}"
|
||||
ironic_url: "{{ ironic_url }}"
|
||||
ironic_url: "{{ ironic_url | default(omit) }}"
|
||||
driver: "{{ driver }}"
|
||||
uuid: "{{ uuid | default() }}"
|
||||
name: "{{ name | default() }}"
|
||||
|
@ -25,6 +25,9 @@ noauth_mode: Controls if the module is called in noauth mode.
|
||||
this file format can be found at:
|
||||
http://docs.openstack.org/developer/os-client-config/
|
||||
|
||||
cloud_name: Optional: String value defining a clouds.yaml entry for
|
||||
the ansible module to leverage.
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
|
@ -4,7 +4,7 @@ galaxy_info:
|
||||
description: Invoke ironic node hardware introspection.
|
||||
company: OpenStack
|
||||
license: Apache
|
||||
min_ansible_version: 1.9
|
||||
min_ansible_version: 2.0
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
|
@ -16,11 +16,27 @@
|
||||
set_fact:
|
||||
auth_type: None
|
||||
auth: {}
|
||||
when: noauth_mode | bool == true
|
||||
when: noauth_mode is defined and noauth_mode | bool == true
|
||||
|
||||
- name: "Execute os_client_config to collect facts"
|
||||
os_client_config:
|
||||
no_log: yes
|
||||
|
||||
# NOTE(TheJulia): The first record returned by os_client_config
|
||||
# is utilized as the default. A user can still define the parameters
|
||||
# if so desired.
|
||||
- name: "Set os_client_config's auth parameters if not already set."
|
||||
set_fact:
|
||||
auth: "{{ openstack.clouds[0].auth }}"
|
||||
auth_type: "{{ openstack.clouds[0].auth_type }}"
|
||||
when: auth is undefined
|
||||
no_log: yes
|
||||
|
||||
- name: "Execute node introspection - NoAuth Mode"
|
||||
os_ironic_inspect:
|
||||
cloud: "{{ cloud_name | default(omit) }}"
|
||||
auth_type: "{{ auth_type | default(omit) }}"
|
||||
auth: "{{ auth | default(omit) }}"
|
||||
ironic_url: "{{ ironic_url }}"
|
||||
ironic_url: "{{ ironic_url | default(omit) }}"
|
||||
uuid: "{{ uuid }}"
|
||||
delegate_to: localhost
|
||||
|
@ -0,0 +1,24 @@
|
||||
---
|
||||
features:
|
||||
- The capability for Bifrost to read directly from
|
||||
the os-client-config data has been added. While shade
|
||||
can do this for us to a degree, bifrost also allows
|
||||
a user to directly choose the server which they are
|
||||
connecting to via the ``ironic_url`` parameter.
|
||||
Instead of duplicate code and retool, if no global
|
||||
``auth`` parameter is detected, the authentication
|
||||
parameters from the ``os_client_config`` module is
|
||||
utilized to set the parameters.
|
||||
- An optional parameter has been added to the roles
|
||||
that interact with ironic that defines a ``cloud_name``.
|
||||
This cloud name is utilized by the roles to determine
|
||||
the entry from os-client-config to utilize.
|
||||
issues:
|
||||
- The addition of support for os-client-config does
|
||||
not allow a user to choose their ``cloud``
|
||||
directly. Only the first entry returned is utilized.
|
||||
- Log entries where authentication data is read and
|
||||
stored have been masked with the ``no_log`` parameter.
|
||||
Troubleshooting non-standard authentication configurations
|
||||
may require modifying the playbooks so users can debug their
|
||||
input OR pass data directly in a different way.
|
Loading…
Reference in New Issue
Block a user