kayobe/ansible/overcloud-introspection-rules.yml

---
- name: Check whether Ironic is enabled
  hosts: controllers
  tags:
    - introspection-rules
  tasks:
    - name: Create controllers group with ironic enabled
      group_by:
        key: "controllers_for_introspection_rules_{{ kolla_enable_ironic | bool }}"

- name: Ensure introspection rules are registered in Ironic Inspector
  # Only required to run on a single host.
  hosts: controllers_for_introspection_rules_True[0]
  gather_facts: False
  tags:
    - introspection-rules
  vars:
    venv: "{{ virtualenv_path }}/shade"
  pre_tasks:
    - name: Validate OpenStack password authentication parameters
      fail:
        msg: >
          Required OpenStack authentication parameter {{ item }} is
          {% if item in openstack_auth %}empty{% else %}not present{% endif %}
          in openstack_auth. Have you sourced the environment file?          
      when:
        - openstack_auth_type == 'password'
        - item not in openstack_auth or not openstack_auth[item]
      with_items: "{{ openstack_auth_password_required_params }}"
      tags:
        - config-validation

    - name: Ensure the openstack client is installed
      include_role:
        name: stackhpc.os-openstackclient
      vars:
        os_openstackclient_venv: "{{ venv }}"
        os_openstackclient_install_epel: "{{ yum_install_epel }}"
        os_openstackclient_state: latest
        os_openstackclient_upper_constraints_file: "{{ pip_upper_constraints_file }}"

    - name: Retrieve the IPA kernel Glance image UUID
      shell: >
        source {{ venv }}/bin/activate &&
        openstack image show '{{ ipa_images_kernel_name }}' -f value -c id        
      changed_when: False
      register: ipa_kernel_id
      environment: "{{ openstack_auth_env }}"

    - name: Retrieve the IPA ramdisk Glance image UUID
      shell: >
        source {{ venv }}/bin/activate &&
        openstack image show '{{ ipa_images_ramdisk_name }}' -f value -c id        
      changed_when: False
      register: ipa_ramdisk_id
      environment: "{{ openstack_auth_env }}"

  roles:
    - role: ironic-inspector-rules
      os_shade_install_epel: "{{ yum_install_epel }}"
      os_shade_state: latest
      ironic_inspector_venv: "{{ venv }}"
      ironic_inspector_upper_constraints_file: "{{ pip_upper_constraints_file }}"
      ironic_inspector_auth_type: "{{ openstack_auth_type }}"
      ironic_inspector_auth: "{{ openstack_auth }}"
      ironic_inspector_cacert: "{{ openstack_cacert }}"
      ironic_inspector_interface: "{{ openstack_interface }}"
      ironic_inspector_rules: "{{ inspector_rules }}"
      # These variables may be referenced in the introspection rules.
      inspector_rule_var_ipmi_username: "{{ inspector_ipmi_username }}"
      inspector_rule_var_ipmi_password: "{{ inspector_ipmi_password }}"
      inspector_rule_var_lldp_switch_port_interface: "{{ inspector_lldp_switch_port_interface_default }}"
      inspector_rule_var_deploy_kernel: "{{ ipa_kernel_id.stdout }}"
      inspector_rule_var_deploy_ramdisk: "{{ ipa_ramdisk_id.stdout }}"