Make kolla ansible user and group configurable
In some cases it is useful to use a user other than the default 'kolla' to perform kolla ansible remote execution. Kolla is adding support for this in the Rocky release, we should use it. It is now possible to configure a different user via the kolla_ansible_user and kolla_ansible_group variables. Depends-On: https://review.openstack.org/581330 Change-Id: I280fb8f70eacd31fff0ae5671ddd6608cd02ae6e Story: 2002914 Task: 22892
This commit is contained in:
parent
bb28786069
commit
41740f9752
@ -294,6 +294,16 @@ kolla_openstack_logging_debug: "False"
|
|||||||
# Upper constraints file for installation of Kolla.
|
# Upper constraints file for installation of Kolla.
|
||||||
kolla_upper_constraints_file: "https://raw.githubusercontent.com/openstack/requirements/stable/queens/upper-constraints.txt"
|
kolla_upper_constraints_file: "https://raw.githubusercontent.com/openstack/requirements/stable/queens/upper-constraints.txt"
|
||||||
|
|
||||||
|
# User account to use for Kolla SSH access.
|
||||||
|
kolla_ansible_user: kolla
|
||||||
|
|
||||||
|
# Primary group of Kolla SSH user.
|
||||||
|
kolla_ansible_group: kolla
|
||||||
|
|
||||||
|
# Whether to use privilege escalation for all operations performed via Kolla
|
||||||
|
# Ansible.
|
||||||
|
kolla_ansible_become: true
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Kolla feature flag configuration.
|
# Kolla feature flag configuration.
|
||||||
|
|
||||||
|
@ -39,7 +39,7 @@
|
|||||||
path: "{{ kolla_ansible_target_venv }}"
|
path: "{{ kolla_ansible_target_venv }}"
|
||||||
recurse: True
|
recurse: True
|
||||||
state: directory
|
state: directory
|
||||||
owner: kolla
|
owner: "{{ kolla_ansible_user }}"
|
||||||
group: kolla
|
group: "{{ kolla_ansible_group }}"
|
||||||
become: True
|
become: True
|
||||||
when: kolla_ansible_target_venv is not none
|
when: kolla_ansible_target_venv is not none
|
||||||
|
@ -35,6 +35,16 @@ kolla_node_custom_config_path:
|
|||||||
# Path to kolla-ansible passwords.yml input file.
|
# Path to kolla-ansible passwords.yml input file.
|
||||||
kolla_ansible_passwords_path:
|
kolla_ansible_passwords_path:
|
||||||
|
|
||||||
|
# User account to use for Kolla SSH access.
|
||||||
|
kolla_ansible_user: kolla
|
||||||
|
|
||||||
|
# Primary group of Kolla SSH user.
|
||||||
|
kolla_ansible_group: kolla
|
||||||
|
|
||||||
|
# Whether to use privilege escalation for all operations performed via Kolla
|
||||||
|
# Ansible.
|
||||||
|
kolla_ansible_become: true
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Kolla-ansible inventory configuration.
|
# Kolla-ansible inventory configuration.
|
||||||
|
|
||||||
|
@ -48,6 +48,12 @@ kolla_external_vip_address: "{{ kolla_external_vip_address }}"
|
|||||||
# kolla_external_vip_address.
|
# kolla_external_vip_address.
|
||||||
kolla_external_fqdn: "{{ kolla_external_fqdn }}"
|
kolla_external_fqdn: "{{ kolla_external_fqdn }}"
|
||||||
|
|
||||||
|
# User account to use for Kolla SSH access.
|
||||||
|
kolla_user: "{{ kolla_ansible_user }}"
|
||||||
|
|
||||||
|
# Primary group of Kolla SSH user.
|
||||||
|
kolla_group: "{{ kolla_ansible_group }}"
|
||||||
|
|
||||||
################
|
################
|
||||||
# Docker options
|
# Docker options
|
||||||
################
|
################
|
||||||
|
@ -28,8 +28,10 @@
|
|||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
[overcloud:vars]
|
[overcloud:vars]
|
||||||
ansible_user=kolla
|
ansible_user={{ kolla_ansible_user }}
|
||||||
|
{% if kolla_ansible_become | bool %}
|
||||||
ansible_become=true
|
ansible_become=true
|
||||||
|
{% endif %}
|
||||||
{% if kolla_ansible_target_venv is not none %}
|
{% if kolla_ansible_target_venv is not none %}
|
||||||
# Execute ansible modules on the remote target hosts using a virtualenv.
|
# Execute ansible modules on the remote target hosts using a virtualenv.
|
||||||
ansible_python_interpreter={{ kolla_ansible_target_venv }}/bin/python
|
ansible_python_interpreter={{ kolla_ansible_target_venv }}/bin/python
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
[seed:vars]
|
[seed:vars]
|
||||||
ansible_user=kolla
|
ansible_user={{ kolla_ansible_user }}
|
||||||
{% if kolla_ansible_target_venv is not none %}
|
{% if kolla_ansible_target_venv is not none %}
|
||||||
# Execute ansible modules on the remote target hosts using a virtualenv.
|
# Execute ansible modules on the remote target hosts using a virtualenv.
|
||||||
ansible_python_interpreter={{ kolla_ansible_target_venv }}/bin/python
|
ansible_python_interpreter={{ kolla_ansible_target_venv }}/bin/python
|
||||||
|
@ -95,6 +95,8 @@
|
|||||||
kolla_enable_tls_external: False
|
kolla_enable_tls_external: False
|
||||||
kolla_external_fqdn_cert: "fake-cert"
|
kolla_external_fqdn_cert: "fake-cert"
|
||||||
openstack_logging_debug: False
|
openstack_logging_debug: False
|
||||||
|
kolla_user: "kolla"
|
||||||
|
kolla_group: "kolla"
|
||||||
|
|
||||||
- name: Validate variables are absent from globals.yml
|
- name: Validate variables are absent from globals.yml
|
||||||
assert:
|
assert:
|
||||||
|
@ -23,6 +23,8 @@
|
|||||||
kolla_node_custom_config_path: "{{ temp_path }}/etc/kolla/config"
|
kolla_node_custom_config_path: "{{ temp_path }}/etc/kolla/config"
|
||||||
kolla_ansible_passwords_path: "{{ temp_path }}/passwords.yml"
|
kolla_ansible_passwords_path: "{{ temp_path }}/passwords.yml"
|
||||||
# Config.
|
# Config.
|
||||||
|
kolla_ansible_user: "fake-user"
|
||||||
|
kolla_ansible_group: "fake-group"
|
||||||
kolla_base_distro: "fake-distro"
|
kolla_base_distro: "fake-distro"
|
||||||
kolla_install_type: "fake-install-type"
|
kolla_install_type: "fake-install-type"
|
||||||
kolla_docker_namespace: "fake-namespace"
|
kolla_docker_namespace: "fake-namespace"
|
||||||
@ -165,6 +167,8 @@
|
|||||||
globals_yml: "{{ lookup('file', temp_path ~ '/etc/kolla/globals.yml') | from_yaml }}"
|
globals_yml: "{{ lookup('file', temp_path ~ '/etc/kolla/globals.yml') | from_yaml }}"
|
||||||
expected_variables:
|
expected_variables:
|
||||||
config_strategy: "COPY_ALWAYS"
|
config_strategy: "COPY_ALWAYS"
|
||||||
|
kolla_user: "fake-user"
|
||||||
|
kolla_group: "fake-group"
|
||||||
kolla_base_distro: "fake-distro"
|
kolla_base_distro: "fake-distro"
|
||||||
kolla_install_type: "fake-install-type"
|
kolla_install_type: "fake-install-type"
|
||||||
openstack_release: "fake-release"
|
openstack_release: "fake-release"
|
||||||
|
@ -55,8 +55,8 @@
|
|||||||
src: "{{ swift_ring_build_path }}/{{ item[0] }}.{{ item[1] }}"
|
src: "{{ swift_ring_build_path }}/{{ item[0] }}.{{ item[1] }}"
|
||||||
dest: "{{ kolla_config_path }}/config/swift/{{ item[0] }}.{{ item[1] }}"
|
dest: "{{ kolla_config_path }}/config/swift/{{ item[0] }}.{{ item[1] }}"
|
||||||
remote_src: True
|
remote_src: True
|
||||||
owner: kolla
|
owner: "{{ ansible_user_uid }}"
|
||||||
group: kolla
|
group: "{{ ansible_user_gid }}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
with_nested:
|
with_nested:
|
||||||
- "{{ swift_service_names }}"
|
- "{{ swift_service_names }}"
|
||||||
|
@ -141,6 +141,19 @@
|
|||||||
# Whether debug logging is enabled.
|
# Whether debug logging is enabled.
|
||||||
#kolla_openstack_logging_debug:
|
#kolla_openstack_logging_debug:
|
||||||
|
|
||||||
|
# Upper constraints file for installation of Kolla.
|
||||||
|
#kolla_upper_constraints_file:
|
||||||
|
|
||||||
|
# User account to use for Kolla SSH access.
|
||||||
|
#kolla_ansible_user:
|
||||||
|
|
||||||
|
# Primary group of Kolla SSH user.
|
||||||
|
#kolla_ansible_group:
|
||||||
|
|
||||||
|
# Whether to use privilege escalation for all operations performed via Kolla
|
||||||
|
# Ansible.
|
||||||
|
#kolla_ansible_become:
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Kolla feature flag configuration.
|
# Kolla feature flag configuration.
|
||||||
|
|
||||||
|
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Adds support for configuration of the user used by Kolla Ansible for remote
|
||||||
|
execution. The user is configured via ``kolla_ansible_user``, its primary
|
||||||
|
group via ``kolla_ansible_group``, and ``kolla_ansible_become`` determines
|
||||||
|
whether privilege escalation is used by Kolla Ansible for all tasks or only
|
||||||
|
required tasks.
|
Loading…
Reference in New Issue
Block a user