c6e2851819
This change introduces fixes, which allows install Ironic on remote server. This may not complete list of changes required for all operations. Also added group 'target' to inventory file, which is same as localhost by default, and host in this group can be replaced by remote host. Change-Id: I59c942d2556c5e1b7eee661fb8cf13c4ae02b2d1
286 lines
9.2 KiB
YAML
286 lines
9.2 KiB
YAML
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
---
|
|
# NOTE(TheJulia): There is significant commonality between this playbook
|
|
# and the bifrost bootstrap process.
|
|
- name: "If VENV is set in the environment, enable installation into venv"
|
|
set_fact:
|
|
enable_venv: true
|
|
when: lookup('env', 'VENV') | length > 0
|
|
|
|
- name: "Get uwsgi install location"
|
|
shell: echo $(dirname $(which uwsgi))
|
|
register: uwsgi_install_prefix
|
|
environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
|
|
|
|
- name: "Get keystone-wsgi-admin location"
|
|
shell: echo $(dirname $(which keystone-wsgi-admin))
|
|
register: keystone_install_prefix
|
|
environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
|
|
|
|
# NOTE(sean-k-mooney) only the RabbitMQ server and MySQL db are started
|
|
# during bootstrapping. all other services are started in the Start phase.
|
|
- name: "Start database service"
|
|
service: name={{ mysql_service_name }} state=started enabled=yes
|
|
|
|
- name: "Start rabbitmq-server"
|
|
service: name=rabbitmq-server state=started enabled=yes
|
|
|
|
# NOTE(cinerama): on some systems, rabbit may not be ready when we want to
|
|
# make changes to users if we don't wait first
|
|
- name: "Wait for rabbitmq"
|
|
wait_for: port=5672 delay=5
|
|
|
|
- name: "Ensure guest user is removed from rabbitmq"
|
|
rabbitmq_user:
|
|
user: "guest"
|
|
state: absent
|
|
force: yes
|
|
|
|
- name: "Create keystone user in RabbitMQ"
|
|
rabbitmq_user:
|
|
user: "{{ keystone.message_queue.username }}"
|
|
password: "{{ keystone.message_queue.password }}"
|
|
force: yes
|
|
state: present
|
|
configure_priv: ".*"
|
|
write_priv: ".*"
|
|
read_priv: ".*"
|
|
no_log: true
|
|
|
|
- name: "Set mysql_username if environment variable mysql_user is set"
|
|
set_fact:
|
|
mysql_username: "{{ lookup('env', 'mysql_user') }}"
|
|
when: lookup('env', 'mysql_user') | length > 0
|
|
no_log: true
|
|
|
|
- name: "Set mysql_password if environment variable mysql_pass is set"
|
|
set_fact:
|
|
mysql_password: "{{ lookup('env', 'mysql_pass') }}"
|
|
when: lookup('env', 'mysql_pass') | length > 0
|
|
no_log: true
|
|
|
|
- name: "MySQL - Creating DB"
|
|
mysql_db:
|
|
name: "{{ keystone.database.name }}"
|
|
state: present
|
|
encoding: utf8
|
|
login_user: "{{ mysql_username | default(None) }}"
|
|
login_password: "{{ mysql_password | default(None) }}"
|
|
register: test_created_keystone_db
|
|
|
|
- name: "MySQL - Creating user for keystone"
|
|
mysql_user:
|
|
name: "{{ keystone.database.username }}"
|
|
password: "{{ keystone.database.password }}"
|
|
priv: "{{ keystone.database.name }}.*:ALL"
|
|
state: present
|
|
login_user: "{{ mysql_username | default(None) }}"
|
|
login_password: "{{ mysql_password | default(None) }}"
|
|
|
|
- name: "Create an keystone service group"
|
|
group:
|
|
name: "keystone"
|
|
|
|
- name: "Create an keystone service user"
|
|
user:
|
|
name: "keystone"
|
|
group: "keystone"
|
|
|
|
- name: "Ensure /etc/keystone exists"
|
|
file:
|
|
name: "/etc/keystone"
|
|
state: directory
|
|
owner: "keystone"
|
|
group: "keystone"
|
|
mode: 0755
|
|
|
|
- name: "Write keystone configuration from template"
|
|
template:
|
|
src: keystone.conf.j2
|
|
dest: "/etc/keystone/keystone.conf"
|
|
owner: "keystone"
|
|
group: "keystone"
|
|
mode: 0755
|
|
|
|
- name: "Copy policy.json to /etc/keystone"
|
|
copy:
|
|
src: "{{ keystone_git_folder }}/etc/policy.json"
|
|
dest: "/etc/keystone/"
|
|
remote_src: true
|
|
owner: "keystone"
|
|
group: "keystone"
|
|
mode: 0644
|
|
|
|
- name: "Copy keystone-paste.ini to /etc/keystone"
|
|
copy:
|
|
src: "{{ keystone_git_folder }}/etc/keystone-paste.ini"
|
|
dest: "/etc/keystone/"
|
|
remote_src: true
|
|
owner: "keystone"
|
|
group: "keystone"
|
|
mode: 0644
|
|
|
|
- name: "Apply/Update keystone DB Schema"
|
|
command: keystone-manage db_sync
|
|
environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
|
|
|
|
- name: "Setup Keystone Credentials"
|
|
command: >
|
|
keystone-manage credential_setup
|
|
--keystone-user=keystone --keystone-group=keystone
|
|
|
|
- name: "Bootstrap Keystone Database"
|
|
command: >
|
|
keystone-manage bootstrap
|
|
--bootstrap-username="{{ keystone.bootstrap.username }}"
|
|
--bootstrap-password="{{ keystone.bootstrap.password }}"
|
|
--bootstrap-project-name="{{ keystone.bootstrap.project_name }}"
|
|
--bootstrap-service-name="keystone"
|
|
--bootstrap-admin-url="{{ keystone.bootstrap.admin_url }}"
|
|
--bootstrap-public-url="{{ keystone.bootstrap.public_url }}"
|
|
--bootstrap-internal-url="{{ keystone.bootstrap.internal_url }}"
|
|
--bootstrap-region-id="{{ keystone.bootstrap.region_name }}"
|
|
environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
|
|
when: >
|
|
test_created_keystone_db.changed | bool == true and
|
|
keystone.bootstrap.enabled | bool == true
|
|
|
|
- name: "Reserve keystone admin port"
|
|
sysctl:
|
|
name: "net.ipv4.ip_local_reserved_ports"
|
|
value: 35357
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
|
|
- name: "Ensure /var/www/keystone exists"
|
|
file:
|
|
name: "/var/www/keystone"
|
|
state: directory
|
|
owner: "keystone"
|
|
group: "{{ nginx_user }}" # TODO(TheJulia): Split webserver user/group.
|
|
mode: 0755
|
|
|
|
- name: "Add keystone to web server group"
|
|
user:
|
|
name: "keystone"
|
|
append: yes
|
|
groups: "{{nginx_user}}" # TODO(TheJulia): Split webserver user/group.
|
|
|
|
- name: "Make folder for keystone logs"
|
|
file:
|
|
name: "/var/log/nginx/keystone"
|
|
state: directory
|
|
owner: "{{ nginx_user }}"
|
|
group: "{{ nginx_user }}" # TODO(TheJulia): Split webserver user/group.
|
|
mode: 0755
|
|
|
|
# Note(ashestakov): "copy" module in ansible doesn't support recursive
|
|
# copying on remote host. "cp" command used instead.
|
|
- name: "Copy keystone-wsgi-public to /var/www/keystone/public"
|
|
command: cp -r "{{ keystone_install_prefix.stdout }}/keystone-wsgi-public" /var/www/keystone/public
|
|
|
|
- name: "Ensure owner and mode of keystone-wsgi-public"
|
|
file:
|
|
path: /var/www/keystone/public
|
|
owner: "keystone"
|
|
group: "{{nginx_user}}"
|
|
mode: 0754
|
|
|
|
# Note(ashestakov): "copy" module in ansible doesn't support recursive
|
|
# copying on remote host. "cp" command used instead.
|
|
- name: "Copy keystone-wsgi-admin to /var/www/keystone/admin"
|
|
command: cp -r "{{ keystone_install_prefix.stdout }}/keystone-wsgi-admin" /var/www/keystone/admin
|
|
|
|
- name: "Ensure owner and mode of keystone-wsgi-admin"
|
|
file:
|
|
path: /var/www/keystone/admin
|
|
owner: "keystone"
|
|
group: "{{nginx_user}}"
|
|
mode: 0754
|
|
|
|
- name: "Ensure /etc/uwsgi exists"
|
|
file:
|
|
name: "/etc/uwsgi"
|
|
state: directory
|
|
owner: "{{ nginx_user }}"
|
|
group: "{{ nginx_user }}" # TODO(TheJulia): Split webserver user/group.
|
|
mode: 0755
|
|
|
|
- name: "Place keystone public uwsgi config"
|
|
template:
|
|
src: keystone-public.ini.j2
|
|
dest: /etc/uwsgi/apps-available/keystone-public.ini
|
|
owner: "{{ nginx_user }}"
|
|
group: "{{ nginx_user }}" # TODO(TheJulia): Split webserver user/group.
|
|
mode: 0755
|
|
|
|
- name: "Place keystone admin uwsgi config"
|
|
template:
|
|
src: keystone-admin.ini.j2
|
|
dest: /etc/uwsgi/apps-available/keystone-admin.ini
|
|
owner: "{{ nginx_user }}"
|
|
group: "{{ nginx_user }}" # TODO(TheJulia): Split webserver user/group.
|
|
mode: 0755
|
|
|
|
- name: "Enable keystone-public in uwsgi"
|
|
file:
|
|
src: "/etc/uwsgi/apps-available/keystone-public.ini"
|
|
dest: "/etc/uwsgi/apps-enabled/keystone-public.ini"
|
|
state: link
|
|
|
|
- name: "Enable keystone-admin in uwsgi"
|
|
file:
|
|
src: "/etc/uwsgi/apps-available/keystone-admin.ini"
|
|
dest: "/etc/uwsgi/apps-enabled/keystone-admin.ini"
|
|
state: link
|
|
|
|
- name: "Place nginx core configuration"
|
|
# TODO(TheJulia): Refactor this out so we don't have anything related to
|
|
# bifrost it's self in the main config file.
|
|
template:
|
|
src: nginx.conf.j2
|
|
dest: /etc/nginx/nginx.conf
|
|
owner: "{{ nginx_user }}"
|
|
group: "{{ nginx_user }}" # TODO(TheJulia): Split webserver user/group.
|
|
mode: 0755
|
|
|
|
- name: "Place nginx configuration for keystone"
|
|
# TODO(TheJulia): Refactor this so we use sites-enabled, but bifrost's
|
|
# handling of co-existence needs to be cleaned up first.
|
|
template:
|
|
src: nginx_conf.d_bifrost-keystone.conf.j2
|
|
dest: /etc/nginx/conf.d/bifrost-keystone.conf
|
|
owner: "{{ nginx_user }}"
|
|
group: "{{ nginx_user }}" # TODO(TheJulia): Split webserver user/group.
|
|
mode: 0755
|
|
|
|
- name: "Place uwsgi services"
|
|
template:
|
|
src: "{{ init_template }}"
|
|
dest: "{{ init_dest_dir }}{{ item.service_name }}{{ init_ext }}"
|
|
owner: "root"
|
|
group: "root"
|
|
with_items:
|
|
- { service_path: "{{ uwsgi_install_prefix.stdout | default('') }}",
|
|
service_name: 'uwsgi',
|
|
username: "{{ nginx_user }}",
|
|
exec_start_pre: "/usr/bin/install -m 755 -o {{ nginx_user }} -g {{ nginx_user }} -d /run/uwsgi",
|
|
args: '--master --emperor /etc/uwsgi/apps-enabled'} # TODO(TheJulia): Split webserver user/group.
|
|
|
|
# NOTE(ashestakov) https://github.com/ansible/ansible-modules-core/issues/3764
|
|
- name: "Remove uwsgi sysvinit init script"
|
|
command: update-rc.d -f uwsgi remove
|
|
ignore_errors: yes
|