Update playbooks to support os_client_config

In order to support use of Keystone in the future, the playbooks that invoke modules that connect to Ironic needed to be updated in order to pass-through enough authentication data to enable user authentication. Change-Id: I0802b7933303778115a1adca63b64670e1cda4ae
2016-09-30 11:11:26 +00:00 · 2016-09-30 11:11:26 +00:00 · 3e8a84f9b4
commit 3e8a84f9b4
parent 2c60745fba
19 changed files with 162 additions and 19 deletions
--- a/playbooks/roles/bifrost-configdrives-dynamic/README.md
+++ b/playbooks/roles/bifrost-configdrives-dynamic/README.md
@ -58,6 +58,9 @@ node_network_info: Optional: If defined, the contents are written out to the
                   override the network configuration contents based on
                   the inventory data.
 cloud_name: Optional: String value defining a clouds.yaml entry for
            the ansible module to leverage.
 Customizing
 -----------
--- a/playbooks/roles/bifrost-configdrives-dynamic/meta/main.yml
+++ b/playbooks/roles/bifrost-configdrives-dynamic/meta/main.yml
@ -4,7 +4,7 @@ galaxy_info:
  description: Creates a basic configdrive for Bifrost
  company: OpenStack
  license: Apache
-  min_ansible_version: 1.9
+  min_ansible_version: 2.0
  platforms:
  - name: EL
    versions:
--- a/playbooks/roles/bifrost-configdrives-dynamic/tasks/update_facts_from_ironic.yaml
+++ b/playbooks/roles/bifrost-configdrives-dynamic/tasks/update_facts_from_ironic.yaml
@ -12,14 +12,35 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
 - name: "If in noauth mode, set auth parameters accordingly."
  set_fact:
    auth_type: None
    auth: {}
  when: noauth_mode is defined and noauth_mode | bool == true
 - name: "Execute os_client_config to collect facts"
  os_client_config:
  no_log: yes
 # NOTE(TheJulia): The first record returned by os_client_config
 # is utilized as the default. A user can still define the parameters
 # if so desired.
 - name: "Set os_client_config's auth parameters if not already set."
  set_fact:
    auth: "{{ openstack.clouds[0].auth }}"
    auth_type: "{{ openstack.clouds[0].auth_type }}"
  when: auth is undefined
  no_log: yes
 # Note(TheJulia): This step allows us to collect things that
 # ironic knows, that we do not know potentially, such as an UUID
 # should a node have been created without one.
 - name: "Collecting node facts"
  os_ironic_facts:
-    auth_type: None
+    cloud: "{{ cloud_name | default(omit) }}"
-    auth: {}
+    auth_type: "{{ auth_type }}"
-    ironic_url: "{{ ironic_url }}"
+    auth: "{{ auth }}"
    ironic_url: "{{ ironic_url | default(omit) }}"
    uuid: "{{ uuid | default() }}"
    name: "{{ name | default() }}"
    skip_items:
--- a/playbooks/roles/bifrost-deploy-nodes-dynamic/README.md
+++ b/playbooks/roles/bifrost-deploy-nodes-dynamic/README.md
@ -85,6 +85,9 @@ noauth_mode: Controls if the module is called in noauth mode.
             this file format can be found at:
             http://docs.openstack.org/developer/os-client-config/
 cloud_name: Optional: String value defining a clouds.yaml entry for
            the ansible module to leverage.
 inventory_dns: A boolean value, defaulted to false, which causes the role
                to update a template file and reload dnsmasq upon each update
                in order to perform static dns addressing utilizing the
--- a/playbooks/roles/bifrost-deploy-nodes-dynamic/meta/main.yml
+++ b/playbooks/roles/bifrost-deploy-nodes-dynamic/meta/main.yml
@ -4,7 +4,7 @@ galaxy_info:
  description: Deploys the image on to nodes in Ironic
  company: OpenStack
  license: Apache
-  min_ansible_version: 1.9
+  min_ansible_version: 2.0
  platforms:
  - name: EL
    versions:
--- a/playbooks/roles/bifrost-deploy-nodes-dynamic/tasks/main.yml
+++ b/playbooks/roles/bifrost-deploy-nodes-dynamic/tasks/main.yml
@ -21,7 +21,22 @@
  set_fact:
    auth_type: None
    auth: {}
-  when: noauth_mode | bool == true
+  when: noauth_mode is defined and noauth_mode | bool == true
 - name: "Execute os_client_config to collect facts"
  os_client_config:
  no_log: yes
 # NOTE(TheJulia): The first record returned by os_client_config
 # is utilized as the default. A user can still define the parameters
 # if so desired.
 - name: "Set os_client_config's auth parameters if not already set."
  set_fact:
    auth: "{{ openstack.clouds[0].auth }}"
    auth_type: "{{ openstack.clouds[0].auth_type }}"
  when: auth is undefined
  no_log: yes
 - name: "Setup DHCP for nodes."
  template:
    src: dhcp-host.j2
@ -68,9 +83,10 @@
  when: instance_info is not defined and test_deploy_image.stat.exists | bool == false
 - name: "Deploy to hardware - bifrost default"
  os_ironic_node:
    cloud: "{{ cloud_name | default(omit) }}"
    auth_type: "{{ auth_type | default(omit) }}"
    auth: "{{ auth | default(omit) }}"
-    ironic_url: "{{ ironic_url }}"
+    ironic_url: "{{ ironic_url | default(omit) }}"
    uuid: "{{ uuid }}"
    state: present
    config_drive: "{{ deploy_url_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{ file_url_port }}/configdrive-{{ uuid }}.iso.gz"
--- a/playbooks/roles/bifrost-unprovision-node-dynamic/README.md
+++ b/playbooks/roles/bifrost-unprovision-node-dynamic/README.md
@ -26,6 +26,9 @@ noauth_mode: Controls if the module is called in noauth mode.
             this file format can be found at:
             http://docs.openstack.org/developer/os-client-config/
 cloud_name: Optional: String value defining a clouds.yaml entry for
            the ansible module to leverage.
 Dependencies
 ------------
--- a/playbooks/roles/bifrost-unprovision-node-dynamic/meta/main.yml
+++ b/playbooks/roles/bifrost-unprovision-node-dynamic/meta/main.yml
@ -4,7 +4,7 @@ galaxy_info:
  description: Unprovisions nodes in Ironic
  company: OpenStack
  license: Apache
-  min_ansible_version: 1.9
+  min_ansible_version: 2.0
  platforms:
  - name: EL
    versions:
--- a/playbooks/roles/bifrost-unprovision-node-dynamic/tasks/main.yml
+++ b/playbooks/roles/bifrost-unprovision-node-dynamic/tasks/main.yml
@ -16,12 +16,28 @@
  set_fact:
    auth_type: None
    auth: {}
-  when: noauth_mode | bool == true
+  when: noauth_mode is defined and noauth_mode | bool == true
 - name: "Execute os_client_config to collect facts"
  os_client_config:
  no_log: yes
 # NOTE(TheJulia): The first record returned by os_client_config
 # is utilized as the default. A user can still define the parameters
 # if so desired.
 - name: "Set os_client_config's auth parameters if not already set."
  set_fact:
    auth: "{{ openstack.clouds[0].auth }}"
    auth_type: "{{ openstack.clouds[0].auth_type }}"
  when: auth is undefined
  no_log: yes
 - name: "Unprovision node"
  os_ironic_node:
    cloud: "{{ cloud_name | default(omit) }}"
    auth_type: "{{ auth_type | default(omit) }}"
    auth: "{{ auth | default(omit) }}"
-    ironic_url: "{{ ironic_url }}"
+    ironic_url: "{{ ironic_url | default(omit) }}"
    uuid: "{{ uuid | default() }}"
    name: "{{ name | default() }}"
    state: absent
--- a/playbooks/roles/ironic-delete-dynamic/README.md
+++ b/playbooks/roles/ironic-delete-dynamic/README.md
@ -31,6 +31,9 @@ noauth_mode: Controls if the module is called in noauth mode.
             this file format can be found at:
             http://docs.openstack.org/developer/os-client-config/
 cloud_name: Optional: String value defining a clouds.yaml entry for
            the ansible module to leverage.
 Dependencies
 ------------
--- a/playbooks/roles/ironic-delete-dynamic/meta/main.yml
+++ b/playbooks/roles/ironic-delete-dynamic/meta/main.yml
@ -4,7 +4,7 @@ galaxy_info:
  description: Removes enrolled nodes from Ironic
  company: OpenStack
  license: Apache
-  min_ansible_version: 1.9
+  min_ansible_version: 2.0
  platforms:
  - name: EL
    versions:
--- a/playbooks/roles/ironic-delete-dynamic/tasks/main.yml
+++ b/playbooks/roles/ironic-delete-dynamic/tasks/main.yml
@ -16,12 +16,28 @@
  set_fact:
    auth_type: None
    auth: {}
-  when: noauth_mode | bool == true
+  when: noauth_mode is defined and noauth_mode | bool == true
 - name: "Execute os_client_config to collect facts"
  os_client_config:
  no_log: yes
 # NOTE(TheJulia): The first record returned by os_client_config
 # is utilized as the default. A user can still define the parameters
 # if so desired.
 - name: "Set os_client_config's auth parameters if not already set."
  set_fact:
    auth: "{{ openstack.clouds[0].auth }}"
    auth_type: "{{ openstack.clouds[0].auth_type }}"
  when: auth is undefined
  no_log: yes
 - name: "Delete hardware"
  os_ironic:
    cloud: "{{ cloud_name | default(omit) }}"
    auth_type: "{{ auth_type | default(omit) }}"
    auth: "{{ auth | default(omit) }}"
-    ironic_url: "{{ ironic_url }}"
+    ironic_url: "{{ ironic_url | default(omit) }}"
    driver: ""
    uuid: "{{ uuid | default() }}"
    name: "{{ name | default() }}"
--- a/playbooks/roles/ironic-enroll-dynamic/README.md
+++ b/playbooks/roles/ironic-enroll-dynamic/README.md
@ -40,6 +40,9 @@ noauth_mode: Controls if the module is called in noauth mode.
             this file format can be found at:
             http://docs.openstack.org/developer/os-client-config/
 cloud_name: Optional: String value defining a clouds.yaml entry for
            the ansible module to leverage.
 This role expects a data structure similar to the one below, however it should
 be understood that the individual entries under power can vary based on power
 driver required.
--- a/playbooks/roles/ironic-enroll-dynamic/meta/main.yml
+++ b/playbooks/roles/ironic-enroll-dynamic/meta/main.yml
@ -4,7 +4,7 @@ galaxy_info:
  description: Enrolls nodes into Ironic
  company: OpenStack
  license: Apache
-  min_ansible_version: 1.9
+  min_ansible_version: 2.0
  platforms:
  - name: EL
    versions:
--- a/playbooks/roles/ironic-enroll-dynamic/tasks/main.yml
+++ b/playbooks/roles/ironic-enroll-dynamic/tasks/main.yml
@ -16,12 +16,28 @@
  set_fact:
    auth_type: None
    auth: {}
-  when: noauth_mode | bool == true
+  when: noauth_mode is defined and noauth_mode | bool == true
 - name: "Execute os_client_config to collect facts"
  os_client_config:
  no_log: yes
 # NOTE(TheJulia): The first record returned by os_client_config
 # is utilized as the default. A user can still define the parameters
 # if so desired.
 - name: "Set os_client_config's auth parameters if not already set."
  set_fact:
    auth: "{{ openstack.clouds[0].auth }}"
    auth_type: "{{ openstack.clouds[0].auth_type }}"
  when: auth is undefined
  no_log: yes
 - name: "Dynamic enrollment"
  os_ironic:
    cloud: "{{ cloud_name | default(omit) }}"
    auth_type: "{{ auth_type | default(omit) }}"
    auth: "{{ auth | default(omit) }}"
-    ironic_url: "{{ ironic_url }}"
+    ironic_url: "{{ ironic_url | default(omit) }}"
    driver: "{{ driver }}"
    uuid: "{{ uuid | default() }}"
    name: "{{ name | default() }}"
--- a/playbooks/roles/ironic-inspect-node/README.md
+++ b/playbooks/roles/ironic-inspect-node/README.md
@ -25,6 +25,9 @@ noauth_mode: Controls if the module is called in noauth mode.
             this file format can be found at:
             http://docs.openstack.org/developer/os-client-config/
 cloud_name: Optional: String value defining a clouds.yaml entry for
            the ansible module to leverage.
 Dependencies
 ------------
--- a/playbooks/roles/ironic-inspect-node/meta/main.yml
+++ b/playbooks/roles/ironic-inspect-node/meta/main.yml
@ -4,7 +4,7 @@ galaxy_info:
  description: Invoke ironic node hardware introspection.
  company: OpenStack
  license: Apache
-  min_ansible_version: 1.9
+  min_ansible_version: 2.0
  platforms:
  - name: EL
    versions:
--- a/playbooks/roles/ironic-inspect-node/tasks/main.yml
+++ b/playbooks/roles/ironic-inspect-node/tasks/main.yml
@ -16,11 +16,27 @@
  set_fact:
    auth_type: None
    auth: {}
-  when: noauth_mode | bool == true
+  when: noauth_mode is defined and noauth_mode | bool == true
 - name: "Execute os_client_config to collect facts"
  os_client_config:
  no_log: yes
 # NOTE(TheJulia): The first record returned by os_client_config
 # is utilized as the default. A user can still define the parameters
 # if so desired.
 - name: "Set os_client_config's auth parameters if not already set."
  set_fact:
    auth: "{{ openstack.clouds[0].auth }}"
    auth_type: "{{ openstack.clouds[0].auth_type }}"
  when: auth is undefined
  no_log: yes
 - name: "Execute node introspection - NoAuth Mode"
  os_ironic_inspect:
    cloud: "{{ cloud_name | default(omit) }}"
    auth_type: "{{ auth_type | default(omit) }}"
    auth: "{{ auth | default(omit) }}"
-    ironic_url: "{{ ironic_url }}"
+    ironic_url: "{{ ironic_url | default(omit) }}"
    uuid: "{{ uuid }}"
  delegate_to: localhost
--- a/releasenotes/notes/os_client_config-support-b1073062d842febb.yaml
+++ b/releasenotes/notes/os_client_config-support-b1073062d842febb.yaml
@ -0,0 +1,24 @@
 ---
 features:
  - The capability for Bifrost to read directly from
    the os-client-config data has been added. While shade
    can do this for us to a degree, bifrost also allows
    a user to directly choose the server which they are
    connecting to via the ``ironic_url`` parameter.
    Instead of duplicate code and retool, if no global
    ``auth`` parameter is detected, the authentication
    parameters from the ``os_client_config`` module is
    utilized to set the parameters.
  - An optional parameter has been added to the roles
    that interact with ironic that defines a ``cloud_name``.
    This cloud name is utilized by the roles to determine
    the entry from os-client-config to utilize.
 issues:
  - The addition of support for os-client-config does
    not allow a user to choose their ``cloud``
    directly. Only the first entry returned is utilized.
  - Log entries where authentication data is read and
    stored have been masked with the ``no_log`` parameter.
    Troubleshooting non-standard authentication configurations
    may require modifying the playbooks so users can debug their
    input OR pass data directly in a different way.