e924c99c52
One way to improve the performance of Ansible is through fact caching. Rather than gather facts in every play, we can configure Ansible to cache them in a persistent store. An example Ansible configuration for doing this is as follows: [defaults] gathering = smart fact_caching = jsonfile fact_caching_connection = ./facts fact_caching_timeout = 86400 While this mostly just works, there are a few places where we unconditionally gather facts using the setup module. This change modifies these to only gather facts when necessary. We no longer execute the MichaelRigart.interfaces role using become: true, since it may gather facts and we do not want it to do so as root. The role uses become where necessary. Change-Id: I9984a187fc6c0496ada489bb8eef36e44d695aac Story: 2007492 Task: 39216
83 lines
2.8 KiB
YAML
83 lines
2.8 KiB
YAML
---
|
|
# NOTE(mgoddard): The bootstrap user may be used to create the kayobe user
|
|
# account and configure passwordless sudo. We can't assume that the bootstrap
|
|
# user account will exist after the initial bootstrapping, or that the
|
|
# current operator's key is authorised for the bootstrap user. We therefore
|
|
# attempt to access the kayobe user account via SSH, and only perform the
|
|
# bootstrap process if the account is inaccessible.
|
|
|
|
- name: Determine whether user bootstrapping is required
|
|
hosts: seed-hypervisor:seed:overcloud
|
|
gather_facts: false
|
|
tags:
|
|
- kayobe-ansible-user
|
|
tasks:
|
|
- name: Check whether the host is accessible via SSH
|
|
local_action:
|
|
module: command ssh -o BatchMode=yes -p {{ ssh_port }} {{ ssh_user }}@{{ ssh_host }} hostname
|
|
failed_when: false
|
|
changed_when: false
|
|
register: ssh_result
|
|
vars:
|
|
ssh_user: "{{ ansible_user }}"
|
|
ssh_host: "{{ ansible_host | default(inventory_hostname) }}"
|
|
ssh_port: "{{ ansible_ssh_port | default('22') }}"
|
|
|
|
- name: Group hosts requiring kayobe user bootstrapping
|
|
group_by:
|
|
key: kayobe_user_bootstrap_required_{{ ssh_result.rc != 0 }}
|
|
|
|
- name: Display a message when bootstrapping is required
|
|
debug:
|
|
msg: >
|
|
Cannot access host via SSH using Kayobe Ansible user account -
|
|
attempting bootstrap
|
|
when: ssh_result.rc != 0
|
|
|
|
- name: Ensure the Kayobe Ansible user account exists
|
|
hosts: kayobe_user_bootstrap_required_True
|
|
gather_facts: false
|
|
tags:
|
|
- kayobe-ansible-user
|
|
vars:
|
|
ansible_user: "{{ bootstrap_user }}"
|
|
# We can't assume that a virtualenv exists at this point, so use the system
|
|
# python interpreter.
|
|
ansible_python_interpreter: /usr/libexec/platform-python
|
|
roles:
|
|
- role: singleplatform-eng.users
|
|
users:
|
|
- username: "{{ kayobe_ansible_user }}"
|
|
name: Kayobe deployment user
|
|
append: True
|
|
ssh_key:
|
|
- "{{ lookup('file', ssh_public_key_path) }}"
|
|
become: True
|
|
|
|
post_tasks:
|
|
- name: Ensure the Kayobe Ansible user has passwordless sudo
|
|
copy:
|
|
content: "{{ kayobe_ansible_user }} ALL=(ALL) NOPASSWD: ALL"
|
|
dest: "/etc/sudoers.d/kayobe-ansible-user"
|
|
mode: 0440
|
|
become: True
|
|
|
|
- name: Verify that the Kayobe Ansible user account is accessible
|
|
hosts: seed-hypervisor:seed:overcloud
|
|
gather_facts: false
|
|
tags:
|
|
- kayobe-ansible-user
|
|
vars:
|
|
# We can't assume that a virtualenv exists at this point, so use the system
|
|
# python interpreter.
|
|
ansible_python_interpreter: /usr/libexec/platform-python
|
|
tasks:
|
|
- name: Verify that a command can be executed
|
|
command: hostname
|
|
changed_when: false
|
|
|
|
- name: Verify that a command can be executed with become
|
|
command: hostname
|
|
changed_when: false
|
|
become: true
|