From 4d155d69cd8b9ac89905d15d278bb651594ff727 Mon Sep 17 00:00:00 2001 From: James Kirsch Date: Fri, 10 Apr 2020 13:53:19 -0700 Subject: [PATCH] Refactor copy certificates task Refactor service configuration to use the copy certificates task. This reduces code duplication and simplifies implementing encrypting backend HAProxy traffic for individual services. Change-Id: I0474324b60a5f792ef5210ab336639edf7a8cd9e --- ansible/roles/aodh/tasks/config.yml | 12 +----------- ansible/roles/aodh/tasks/copy-certs.yml | 6 ++++++ ansible/roles/barbican/tasks/config.yml | 12 +----------- ansible/roles/barbican/tasks/copy-certs.yml | 6 ++++++ ansible/roles/blazar/tasks/config.yml | 12 +----------- ansible/roles/blazar/tasks/copy-certs.yml | 6 ++++++ ansible/roles/ceilometer/tasks/config.yml | 12 +----------- ansible/roles/ceilometer/tasks/copy-certs.yml | 6 ++++++ ansible/roles/cinder/tasks/config.yml | 12 +----------- ansible/roles/cinder/tasks/copy-certs.yml | 6 ++++++ ansible/roles/cloudkitty/tasks/config.yml | 12 +----------- ansible/roles/cloudkitty/tasks/copy-certs.yml | 6 ++++++ ansible/roles/common/tasks/config.yml | 11 +---------- ansible/roles/common/tasks/copy-certs.yml | 6 ++++++ ansible/roles/congress/tasks/config.yml | 12 +----------- ansible/roles/congress/tasks/copy-certs.yml | 6 ++++++ ansible/roles/cyborg/tasks/config.yml | 12 +----------- ansible/roles/cyborg/tasks/copy-certs.yml | 6 ++++++ ansible/roles/designate/tasks/config.yml | 12 +----------- ansible/roles/designate/tasks/copy-certs.yml | 6 ++++++ ansible/roles/elasticsearch/tasks/config.yml | 11 +---------- ansible/roles/elasticsearch/tasks/copy-certs.yml | 6 ++++++ ansible/roles/freezer/tasks/config.yml | 12 +----------- ansible/roles/freezer/tasks/copy-certs.yml | 6 ++++++ ansible/roles/glance/tasks/config.yml | 12 +----------- ansible/roles/glance/tasks/copy-certs.yml | 6 ++++++ ansible/roles/gnocchi/tasks/config.yml | 12 +----------- ansible/roles/gnocchi/tasks/copy-certs.yml | 6 ++++++ ansible/roles/grafana/tasks/config.yml | 11 +---------- ansible/roles/grafana/tasks/copy-certs.yml | 6 ++++++ ansible/roles/haproxy/tasks/config.yml | 12 +----------- ansible/roles/haproxy/tasks/copy-certs.yml | 6 ++++++ ansible/roles/heat/tasks/config.yml | 12 +----------- ansible/roles/heat/tasks/copy-certs.yml | 6 ++++++ ansible/roles/horizon/tasks/config.yml | 12 +----------- ansible/roles/horizon/tasks/copy-certs.yml | 6 ++++++ ansible/roles/ironic/tasks/config.yml | 12 +----------- ansible/roles/ironic/tasks/copy-certs.yml | 6 ++++++ ansible/roles/karbor/tasks/config.yml | 12 +----------- ansible/roles/karbor/tasks/copy-certs.yml | 6 ++++++ ansible/roles/kibana/tasks/config.yml | 12 +----------- ansible/roles/kibana/tasks/copy-certs.yml | 6 ++++++ ansible/roles/kuryr/tasks/config.yml | 12 +----------- ansible/roles/kuryr/tasks/copy-certs.yml | 6 ++++++ ansible/roles/magnum/tasks/config.yml | 12 +----------- ansible/roles/magnum/tasks/copy-certs.yml | 6 ++++++ ansible/roles/manila/tasks/config.yml | 12 +----------- ansible/roles/manila/tasks/copy-certs.yml | 6 ++++++ ansible/roles/mistral/tasks/config.yml | 12 +----------- ansible/roles/mistral/tasks/copy-certs.yml | 6 ++++++ ansible/roles/monasca/tasks/config.yml | 12 +----------- ansible/roles/monasca/tasks/copy-certs.yml | 6 ++++++ ansible/roles/murano/tasks/config.yml | 12 +----------- ansible/roles/murano/tasks/copy-certs.yml | 6 ++++++ ansible/roles/neutron/tasks/config.yml | 12 +----------- ansible/roles/neutron/tasks/copy-certs.yml | 6 ++++++ ansible/roles/nova-cell/tasks/config.yml | 12 +----------- ansible/roles/nova-cell/tasks/copy-certs.yml | 6 ++++++ ansible/roles/nova-hyperv/tasks/config.yml | 9 +-------- ansible/roles/nova-hyperv/tasks/copy-certs.yml | 6 ++++++ ansible/roles/nova/tasks/config.yml | 12 +----------- ansible/roles/nova/tasks/copy-certs.yml | 6 ++++++ ansible/roles/octavia/tasks/config.yml | 12 +----------- ansible/roles/octavia/tasks/copy-certs.yml | 6 ++++++ ansible/roles/panko/tasks/config.yml | 12 +----------- ansible/roles/panko/tasks/copy-certs.yml | 6 ++++++ ansible/roles/placement/tasks/config.yml | 12 +----------- ansible/roles/placement/tasks/copy-certs.yml | 6 ++++++ ansible/roles/prometheus/tasks/config.yml | 12 +----------- ansible/roles/prometheus/tasks/copy-certs.yml | 6 ++++++ ansible/roles/qinling/tasks/config.yml | 12 +----------- ansible/roles/qinling/tasks/copy-certs.yml | 6 ++++++ ansible/roles/rally/tasks/config.yml | 12 +----------- ansible/roles/rally/tasks/copy-certs.yml | 6 ++++++ ansible/roles/sahara/tasks/config.yml | 12 +----------- ansible/roles/sahara/tasks/copy-certs.yml | 6 ++++++ ansible/roles/searchlight/tasks/config.yml | 12 +----------- ansible/roles/searchlight/tasks/copy-certs.yml | 6 ++++++ ansible/roles/senlin/tasks/config.yml | 12 +----------- ansible/roles/senlin/tasks/copy-certs.yml | 6 ++++++ ansible/roles/skydive/tasks/config.yml | 12 +----------- ansible/roles/skydive/tasks/copy-certs.yml | 6 ++++++ ansible/roles/solum/tasks/config.yml | 12 +----------- ansible/roles/solum/tasks/copy-certs.yml | 6 ++++++ ansible/roles/swift/tasks/config.yml | 12 +----------- ansible/roles/swift/tasks/copy-certs.yml | 6 ++++++ ansible/roles/tacker/tasks/config.yml | 12 +----------- ansible/roles/tacker/tasks/copy-certs.yml | 6 ++++++ ansible/roles/telegraf/tasks/config.yml | 12 +----------- ansible/roles/telegraf/tasks/copy-certs.yml | 6 ++++++ ansible/roles/tempest/tasks/config.yml | 12 +----------- ansible/roles/tempest/tasks/copy-certs.yml | 6 ++++++ ansible/roles/trove/tasks/config.yml | 12 +----------- ansible/roles/trove/tasks/copy-certs.yml | 6 ++++++ ansible/roles/vitrage/tasks/config.yml | 12 +----------- ansible/roles/vitrage/tasks/copy-certs.yml | 6 ++++++ ansible/roles/watcher/tasks/config.yml | 12 +----------- ansible/roles/watcher/tasks/copy-certs.yml | 6 ++++++ ansible/roles/zun/tasks/config.yml | 12 +----------- ansible/roles/zun/tasks/copy-certs.yml | 6 ++++++ 100 files changed, 350 insertions(+), 544 deletions(-) create mode 100644 ansible/roles/aodh/tasks/copy-certs.yml create mode 100644 ansible/roles/barbican/tasks/copy-certs.yml create mode 100644 ansible/roles/blazar/tasks/copy-certs.yml create mode 100644 ansible/roles/ceilometer/tasks/copy-certs.yml create mode 100644 ansible/roles/cinder/tasks/copy-certs.yml create mode 100644 ansible/roles/cloudkitty/tasks/copy-certs.yml create mode 100644 ansible/roles/common/tasks/copy-certs.yml create mode 100644 ansible/roles/congress/tasks/copy-certs.yml create mode 100644 ansible/roles/cyborg/tasks/copy-certs.yml create mode 100644 ansible/roles/designate/tasks/copy-certs.yml create mode 100644 ansible/roles/elasticsearch/tasks/copy-certs.yml create mode 100644 ansible/roles/freezer/tasks/copy-certs.yml create mode 100644 ansible/roles/glance/tasks/copy-certs.yml create mode 100644 ansible/roles/gnocchi/tasks/copy-certs.yml create mode 100644 ansible/roles/grafana/tasks/copy-certs.yml create mode 100644 ansible/roles/haproxy/tasks/copy-certs.yml create mode 100644 ansible/roles/heat/tasks/copy-certs.yml create mode 100644 ansible/roles/horizon/tasks/copy-certs.yml create mode 100644 ansible/roles/ironic/tasks/copy-certs.yml create mode 100644 ansible/roles/karbor/tasks/copy-certs.yml create mode 100644 ansible/roles/kibana/tasks/copy-certs.yml create mode 100644 ansible/roles/kuryr/tasks/copy-certs.yml create mode 100644 ansible/roles/magnum/tasks/copy-certs.yml create mode 100644 ansible/roles/manila/tasks/copy-certs.yml create mode 100644 ansible/roles/mistral/tasks/copy-certs.yml create mode 100644 ansible/roles/monasca/tasks/copy-certs.yml create mode 100644 ansible/roles/murano/tasks/copy-certs.yml create mode 100644 ansible/roles/neutron/tasks/copy-certs.yml create mode 100644 ansible/roles/nova-cell/tasks/copy-certs.yml create mode 100644 ansible/roles/nova-hyperv/tasks/copy-certs.yml create mode 100644 ansible/roles/nova/tasks/copy-certs.yml create mode 100644 ansible/roles/octavia/tasks/copy-certs.yml create mode 100644 ansible/roles/panko/tasks/copy-certs.yml create mode 100644 ansible/roles/placement/tasks/copy-certs.yml create mode 100644 ansible/roles/prometheus/tasks/copy-certs.yml create mode 100644 ansible/roles/qinling/tasks/copy-certs.yml create mode 100644 ansible/roles/rally/tasks/copy-certs.yml create mode 100644 ansible/roles/sahara/tasks/copy-certs.yml create mode 100644 ansible/roles/searchlight/tasks/copy-certs.yml create mode 100644 ansible/roles/senlin/tasks/copy-certs.yml create mode 100644 ansible/roles/skydive/tasks/copy-certs.yml create mode 100644 ansible/roles/solum/tasks/copy-certs.yml create mode 100644 ansible/roles/swift/tasks/copy-certs.yml create mode 100644 ansible/roles/tacker/tasks/copy-certs.yml create mode 100644 ansible/roles/telegraf/tasks/copy-certs.yml create mode 100644 ansible/roles/tempest/tasks/copy-certs.yml create mode 100644 ansible/roles/trove/tasks/copy-certs.yml create mode 100644 ansible/roles/vitrage/tasks/copy-certs.yml create mode 100644 ansible/roles/watcher/tasks/copy-certs.yml create mode 100644 ansible/roles/zun/tasks/copy-certs.yml diff --git a/ansible/roles/aodh/tasks/config.yml b/ansible/roles/aodh/tasks/config.yml index 05cd27c6f9..17701d37c9 100644 --- a/ansible/roles/aodh/tasks/config.yml +++ b/ansible/roles/aodh/tasks/config.yml @@ -45,19 +45,9 @@ notify: - "Restart {{ item.key }} container" -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ aodh_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/aodh/tasks/copy-certs.yml b/ansible/roles/aodh/tasks/copy-certs.yml new file mode 100644 index 0000000000..cb71bc4b48 --- /dev/null +++ b/ansible/roles/aodh/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ aodh_services }}" diff --git a/ansible/roles/barbican/tasks/config.yml b/ansible/roles/barbican/tasks/config.yml index 5b739ddaf7..51eb889da7 100644 --- a/ansible/roles/barbican/tasks/config.yml +++ b/ansible/roles/barbican/tasks/config.yml @@ -47,19 +47,9 @@ when: - barbican_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - inventory_hostname in groups[item.value.group] - - item.value.enabled | bool - kolla_copy_ca_into_containers | bool - with_dict: "{{ barbican_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/barbican/tasks/copy-certs.yml b/ansible/roles/barbican/tasks/copy-certs.yml new file mode 100644 index 0000000000..275a5167b5 --- /dev/null +++ b/ansible/roles/barbican/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ barbican_services }}" diff --git a/ansible/roles/blazar/tasks/config.yml b/ansible/roles/blazar/tasks/config.yml index d37d6fd107..ce65ee1ebd 100644 --- a/ansible/roles/blazar/tasks/config.yml +++ b/ansible/roles/blazar/tasks/config.yml @@ -31,19 +31,9 @@ when: - blazar_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - inventory_hostname in groups[item.value.group] - - item.value.enabled | bool - kolla_copy_ca_into_containers | bool - with_dict: "{{ blazar_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/blazar/tasks/copy-certs.yml b/ansible/roles/blazar/tasks/copy-certs.yml new file mode 100644 index 0000000000..d941bc77ec --- /dev/null +++ b/ansible/roles/blazar/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ blazar_services }}" diff --git a/ansible/roles/ceilometer/tasks/config.yml b/ansible/roles/ceilometer/tasks/config.yml index 36fa58d42c..90395f8ba3 100644 --- a/ansible/roles/ceilometer/tasks/config.yml +++ b/ansible/roles/ceilometer/tasks/config.yml @@ -136,19 +136,9 @@ when: - ceilometer_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - inventory_hostname in groups[item.value.group] - - item.value.enabled | bool - kolla_copy_ca_into_containers | bool - with_dict: "{{ ceilometer_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/ceilometer/tasks/copy-certs.yml b/ansible/roles/ceilometer/tasks/copy-certs.yml new file mode 100644 index 0000000000..8d51048ed1 --- /dev/null +++ b/ansible/roles/ceilometer/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ ceilometer_services }}" diff --git a/ansible/roles/cinder/tasks/config.yml b/ansible/roles/cinder/tasks/config.yml index 3c44c8f0c9..a5e557d464 100644 --- a/ansible/roles/cinder/tasks/config.yml +++ b/ansible/roles/cinder/tasks/config.yml @@ -37,19 +37,9 @@ when: - cinder_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - inventory_hostname in groups[item.value.group] - - item.value.enabled | bool - kolla_copy_ca_into_containers | bool - with_dict: "{{ cinder_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/cinder/tasks/copy-certs.yml b/ansible/roles/cinder/tasks/copy-certs.yml new file mode 100644 index 0000000000..eeb2c67952 --- /dev/null +++ b/ansible/roles/cinder/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ cinder_services }}" diff --git a/ansible/roles/cloudkitty/tasks/config.yml b/ansible/roles/cloudkitty/tasks/config.yml index 45a7dd60fa..a55961f2e1 100644 --- a/ansible/roles/cloudkitty/tasks/config.yml +++ b/ansible/roles/cloudkitty/tasks/config.yml @@ -55,19 +55,9 @@ set_fact: cloudkitty_custom_metrics_used: "{{ cloudkitty_custom_metrics_file.stat.exists }}" -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ cloudkitty_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/cloudkitty/tasks/copy-certs.yml b/ansible/roles/cloudkitty/tasks/copy-certs.yml new file mode 100644 index 0000000000..84ec218507 --- /dev/null +++ b/ansible/roles/cloudkitty/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ cloudkitty_services }}" diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml index dd7197cf4e..ecbfee9ad9 100644 --- a/ansible/roles/common/tasks/config.yml +++ b/ansible/roles/common/tasks/config.yml @@ -52,18 +52,9 @@ fluentd_binary: "{{ fluentd_labels.images.0.ContainerConfig.Labels.fluentd_binary }}" when: enable_fluentd | bool -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - kolla_copy_ca_into_containers | bool - with_dict: "{{ common_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/common/tasks/copy-certs.yml b/ansible/roles/common/tasks/copy-certs.yml new file mode 100644 index 0000000000..2d7815b282 --- /dev/null +++ b/ansible/roles/common/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ common_services }}" diff --git a/ansible/roles/congress/tasks/config.yml b/ansible/roles/congress/tasks/config.yml index 3f240501a0..1508a0edb9 100644 --- a/ansible/roles/congress/tasks/config.yml +++ b/ansible/roles/congress/tasks/config.yml @@ -31,19 +31,9 @@ when: - congress_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ congress_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/congress/tasks/copy-certs.yml b/ansible/roles/congress/tasks/copy-certs.yml new file mode 100644 index 0000000000..40b67c323d --- /dev/null +++ b/ansible/roles/congress/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ congress_services }}" diff --git a/ansible/roles/cyborg/tasks/config.yml b/ansible/roles/cyborg/tasks/config.yml index 76b4612076..b1a8cc0840 100644 --- a/ansible/roles/cyborg/tasks/config.yml +++ b/ansible/roles/cyborg/tasks/config.yml @@ -45,19 +45,9 @@ notify: - Restart {{ item.key }} container -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ cyborg_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/cyborg/tasks/copy-certs.yml b/ansible/roles/cyborg/tasks/copy-certs.yml new file mode 100644 index 0000000000..526bbb12de --- /dev/null +++ b/ansible/roles/cyborg/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ cyborg_services }}" diff --git a/ansible/roles/designate/tasks/config.yml b/ansible/roles/designate/tasks/config.yml index 6eaed5b2f1..cbceed2491 100644 --- a/ansible/roles/designate/tasks/config.yml +++ b/ansible/roles/designate/tasks/config.yml @@ -31,19 +31,9 @@ when: - designate_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ designate_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/designate/tasks/copy-certs.yml b/ansible/roles/designate/tasks/copy-certs.yml new file mode 100644 index 0000000000..bb2eafd476 --- /dev/null +++ b/ansible/roles/designate/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ designate_services }}" diff --git a/ansible/roles/elasticsearch/tasks/config.yml b/ansible/roles/elasticsearch/tasks/config.yml index 8ba746cfb7..4b73ecfc66 100644 --- a/ansible/roles/elasticsearch/tasks/config.yml +++ b/ansible/roles/elasticsearch/tasks/config.yml @@ -12,18 +12,9 @@ - item.value.enabled | bool with_dict: "{{ elasticsearch_services }}" -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - kolla_copy_ca_into_containers | bool - with_dict: "{{ elasticsearch_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/elasticsearch/tasks/copy-certs.yml b/ansible/roles/elasticsearch/tasks/copy-certs.yml new file mode 100644 index 0000000000..38cd3476f3 --- /dev/null +++ b/ansible/roles/elasticsearch/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ elasticsearch_services }}" diff --git a/ansible/roles/freezer/tasks/config.yml b/ansible/roles/freezer/tasks/config.yml index 58069a3fbe..2153172f7e 100644 --- a/ansible/roles/freezer/tasks/config.yml +++ b/ansible/roles/freezer/tasks/config.yml @@ -31,19 +31,9 @@ when: - freezer_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ freezer_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/freezer/tasks/copy-certs.yml b/ansible/roles/freezer/tasks/copy-certs.yml new file mode 100644 index 0000000000..861d2ed118 --- /dev/null +++ b/ansible/roles/freezer/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ freezer_services }}" diff --git a/ansible/roles/glance/tasks/config.yml b/ansible/roles/glance/tasks/config.yml index c19b434eff..0874a2576c 100644 --- a/ansible/roles/glance/tasks/config.yml +++ b/ansible/roles/glance/tasks/config.yml @@ -35,19 +35,9 @@ when: - glance_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ glance_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/glance/tasks/copy-certs.yml b/ansible/roles/glance/tasks/copy-certs.yml new file mode 100644 index 0000000000..f2bab6ab5f --- /dev/null +++ b/ansible/roles/glance/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ glance_services }}" diff --git a/ansible/roles/gnocchi/tasks/config.yml b/ansible/roles/gnocchi/tasks/config.yml index 0dba36a368..b4cd7f892c 100644 --- a/ansible/roles/gnocchi/tasks/config.yml +++ b/ansible/roles/gnocchi/tasks/config.yml @@ -35,19 +35,9 @@ when: - gnocchi_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ gnocchi_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/gnocchi/tasks/copy-certs.yml b/ansible/roles/gnocchi/tasks/copy-certs.yml new file mode 100644 index 0000000000..d43554f389 --- /dev/null +++ b/ansible/roles/gnocchi/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ gnocchi_services }}" diff --git a/ansible/roles/grafana/tasks/config.yml b/ansible/roles/grafana/tasks/config.yml index 0a0e056cd9..8e75ff2188 100644 --- a/ansible/roles/grafana/tasks/config.yml +++ b/ansible/roles/grafana/tasks/config.yml @@ -20,18 +20,9 @@ run_once: True register: check_extra_conf_grafana -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - kolla_copy_ca_into_containers | bool - with_dict: "{{ grafana_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files template: diff --git a/ansible/roles/grafana/tasks/copy-certs.yml b/ansible/roles/grafana/tasks/copy-certs.yml new file mode 100644 index 0000000000..24abec227f --- /dev/null +++ b/ansible/roles/grafana/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ grafana_services }}" diff --git a/ansible/roles/haproxy/tasks/config.yml b/ansible/roles/haproxy/tasks/config.yml index 70cc542adf..2ff6263794 100644 --- a/ansible/roles/haproxy/tasks/config.yml +++ b/ansible/roles/haproxy/tasks/config.yml @@ -125,19 +125,9 @@ notify: - Restart haproxy container -- name: Copying over extra CA certificates - vars: - service: "{{ haproxy_services['haproxy'] }}" - become: true - copy: - src: "{{ kolla_certificates_dir }}/ca/" - dest: "{{ node_config_directory }}/haproxy/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - inventory_hostname in groups[service.group] - kolla_copy_ca_into_containers | bool - notify: - - Restart haproxy container - name: Copying over haproxy start script vars: diff --git a/ansible/roles/haproxy/tasks/copy-certs.yml b/ansible/roles/haproxy/tasks/copy-certs.yml new file mode 100644 index 0000000000..486fa7b00f --- /dev/null +++ b/ansible/roles/haproxy/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ haproxy_services }}" diff --git a/ansible/roles/heat/tasks/config.yml b/ansible/roles/heat/tasks/config.yml index 5f434278e4..844c2027bf 100644 --- a/ansible/roles/heat/tasks/config.yml +++ b/ansible/roles/heat/tasks/config.yml @@ -31,19 +31,9 @@ when: - heat_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - inventory_hostname in groups[item.value.group] - - item.value.enabled | bool - kolla_copy_ca_into_containers | bool - with_dict: "{{ heat_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services become: true diff --git a/ansible/roles/heat/tasks/copy-certs.yml b/ansible/roles/heat/tasks/copy-certs.yml new file mode 100644 index 0000000000..c13b4a8c31 --- /dev/null +++ b/ansible/roles/heat/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ heat_services }}" diff --git a/ansible/roles/horizon/tasks/config.yml b/ansible/roles/horizon/tasks/config.yml index 93c230f4fc..9a49e329f9 100644 --- a/ansible/roles/horizon/tasks/config.yml +++ b/ansible/roles/horizon/tasks/config.yml @@ -133,19 +133,9 @@ notify: - Restart horizon container -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - inventory_hostname in groups[item.value.group] - - item.value.enabled | bool - kolla_copy_ca_into_containers | bool - with_dict: "{{ horizon_services }}" - notify: - - "Restart {{ item.key }} container" - include_tasks: check-containers.yml when: kolla_action != "config" diff --git a/ansible/roles/horizon/tasks/copy-certs.yml b/ansible/roles/horizon/tasks/copy-certs.yml new file mode 100644 index 0000000000..89c9d88d11 --- /dev/null +++ b/ansible/roles/horizon/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ horizon_services }}" diff --git a/ansible/roles/ironic/tasks/config.yml b/ansible/roles/ironic/tasks/config.yml index e359e47917..508b56b686 100644 --- a/ansible/roles/ironic/tasks/config.yml +++ b/ansible/roles/ironic/tasks/config.yml @@ -31,19 +31,9 @@ when: - ironic_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ ironic_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/ironic/tasks/copy-certs.yml b/ansible/roles/ironic/tasks/copy-certs.yml new file mode 100644 index 0000000000..c7c611e065 --- /dev/null +++ b/ansible/roles/ironic/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ ironic_services }}" diff --git a/ansible/roles/karbor/tasks/config.yml b/ansible/roles/karbor/tasks/config.yml index 67ff39bb35..84be0847e2 100644 --- a/ansible/roles/karbor/tasks/config.yml +++ b/ansible/roles/karbor/tasks/config.yml @@ -12,19 +12,9 @@ - item.value.enabled | bool with_dict: "{{ karbor_services }}" -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ karbor_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/karbor/tasks/copy-certs.yml b/ansible/roles/karbor/tasks/copy-certs.yml new file mode 100644 index 0000000000..a8c1ce9824 --- /dev/null +++ b/ansible/roles/karbor/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ karbor_services }}" diff --git a/ansible/roles/kibana/tasks/config.yml b/ansible/roles/kibana/tasks/config.yml index 2eb63ea031..aacc6e25ee 100644 --- a/ansible/roles/kibana/tasks/config.yml +++ b/ansible/roles/kibana/tasks/config.yml @@ -12,19 +12,9 @@ - item.value.enabled | bool with_dict: "{{ kibana_services }}" -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ kibana_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/kibana/tasks/copy-certs.yml b/ansible/roles/kibana/tasks/copy-certs.yml new file mode 100644 index 0000000000..ab73c673a9 --- /dev/null +++ b/ansible/roles/kibana/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ kibana_services }}" diff --git a/ansible/roles/kuryr/tasks/config.yml b/ansible/roles/kuryr/tasks/config.yml index 54c25119d5..18aa6705a1 100644 --- a/ansible/roles/kuryr/tasks/config.yml +++ b/ansible/roles/kuryr/tasks/config.yml @@ -31,19 +31,9 @@ when: - kuryr_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ kuryr_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/kuryr/tasks/copy-certs.yml b/ansible/roles/kuryr/tasks/copy-certs.yml new file mode 100644 index 0000000000..c41ed0da94 --- /dev/null +++ b/ansible/roles/kuryr/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ kuryr_services }}" diff --git a/ansible/roles/magnum/tasks/config.yml b/ansible/roles/magnum/tasks/config.yml index 68eb83bdf1..257dae7599 100644 --- a/ansible/roles/magnum/tasks/config.yml +++ b/ansible/roles/magnum/tasks/config.yml @@ -31,19 +31,9 @@ when: - magnum_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ magnum_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/magnum/tasks/copy-certs.yml b/ansible/roles/magnum/tasks/copy-certs.yml new file mode 100644 index 0000000000..c4a1757d78 --- /dev/null +++ b/ansible/roles/magnum/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ magnum_services }}" diff --git a/ansible/roles/manila/tasks/config.yml b/ansible/roles/manila/tasks/config.yml index cfc31b8ec1..eee11ebd98 100644 --- a/ansible/roles/manila/tasks/config.yml +++ b/ansible/roles/manila/tasks/config.yml @@ -36,19 +36,9 @@ when: - manila_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ manila_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/manila/tasks/copy-certs.yml b/ansible/roles/manila/tasks/copy-certs.yml new file mode 100644 index 0000000000..483d8077bb --- /dev/null +++ b/ansible/roles/manila/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ manila_services }}" diff --git a/ansible/roles/mistral/tasks/config.yml b/ansible/roles/mistral/tasks/config.yml index 3ce2656f9f..64346b6b5d 100644 --- a/ansible/roles/mistral/tasks/config.yml +++ b/ansible/roles/mistral/tasks/config.yml @@ -31,19 +31,9 @@ when: - mistral_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ mistral_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/mistral/tasks/copy-certs.yml b/ansible/roles/mistral/tasks/copy-certs.yml new file mode 100644 index 0000000000..4d83133aa5 --- /dev/null +++ b/ansible/roles/mistral/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ mistral_services }}" diff --git a/ansible/roles/monasca/tasks/config.yml b/ansible/roles/monasca/tasks/config.yml index 4c2820609f..df12ddd49d 100644 --- a/ansible/roles/monasca/tasks/config.yml +++ b/ansible/roles/monasca/tasks/config.yml @@ -12,19 +12,9 @@ - item.value.enabled | bool with_dict: "{{ monasca_services }}" -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ monasca_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/monasca/tasks/copy-certs.yml b/ansible/roles/monasca/tasks/copy-certs.yml new file mode 100644 index 0000000000..ccb4ee44c1 --- /dev/null +++ b/ansible/roles/monasca/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ monasca_services }}" diff --git a/ansible/roles/murano/tasks/config.yml b/ansible/roles/murano/tasks/config.yml index fb449dbbe9..b9761fe6de 100644 --- a/ansible/roles/murano/tasks/config.yml +++ b/ansible/roles/murano/tasks/config.yml @@ -31,19 +31,9 @@ when: - murano_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ murano_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/murano/tasks/copy-certs.yml b/ansible/roles/murano/tasks/copy-certs.yml new file mode 100644 index 0000000000..f3dcc6dd6b --- /dev/null +++ b/ansible/roles/murano/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ murano_services }}" diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml index bf8b3bcb4d..f95d9b8de7 100644 --- a/ansible/roles/neutron/tasks/config.yml +++ b/ansible/roles/neutron/tasks/config.yml @@ -20,19 +20,9 @@ changed_when: False register: check_extra_ml2_plugins -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - item.value.host_in_groups | bool - kolla_copy_ca_into_containers | bool - with_dict: "{{ neutron_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services become: true diff --git a/ansible/roles/neutron/tasks/copy-certs.yml b/ansible/roles/neutron/tasks/copy-certs.yml new file mode 100644 index 0000000000..dcbe9cf169 --- /dev/null +++ b/ansible/roles/neutron/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ neutron_services }}" diff --git a/ansible/roles/nova-cell/tasks/config.yml b/ansible/roles/nova-cell/tasks/config.yml index ca64b96aa5..dd0988ba0a 100644 --- a/ansible/roles/nova-cell/tasks/config.yml +++ b/ansible/roles/nova-cell/tasks/config.yml @@ -12,19 +12,9 @@ - item.value.enabled | bool with_dict: "{{ nova_cell_services }}" -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ nova_cell_services }}" - notify: - - "Restart {{ item.key }} container" - include_tasks: external_ceph.yml when: diff --git a/ansible/roles/nova-cell/tasks/copy-certs.yml b/ansible/roles/nova-cell/tasks/copy-certs.yml new file mode 100644 index 0000000000..57ad1d1350 --- /dev/null +++ b/ansible/roles/nova-cell/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ nova_cell_services }}" diff --git a/ansible/roles/nova-hyperv/tasks/config.yml b/ansible/roles/nova-hyperv/tasks/config.yml index f50cb9a3d8..cfe3b73ed1 100644 --- a/ansible/roles/nova-hyperv/tasks/config.yml +++ b/ansible/roles/nova-hyperv/tasks/config.yml @@ -34,13 +34,6 @@ - "wsgate.ini.j2" notify: Restart FreeRDP-WebConnect -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_custom_config }}/nova-hyperv/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool diff --git a/ansible/roles/nova-hyperv/tasks/copy-certs.yml b/ansible/roles/nova-hyperv/tasks/copy-certs.yml new file mode 100644 index 0000000000..ee01137018 --- /dev/null +++ b/ansible/roles/nova-hyperv/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ nova_hyperv_services }}" diff --git a/ansible/roles/nova/tasks/config.yml b/ansible/roles/nova/tasks/config.yml index 6eedd9c9ea..a976ed9cc2 100644 --- a/ansible/roles/nova/tasks/config.yml +++ b/ansible/roles/nova/tasks/config.yml @@ -31,19 +31,9 @@ when: - nova_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ nova_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services become: true diff --git a/ansible/roles/nova/tasks/copy-certs.yml b/ansible/roles/nova/tasks/copy-certs.yml new file mode 100644 index 0000000000..5d6b69f6c1 --- /dev/null +++ b/ansible/roles/nova/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ nova_services }}" diff --git a/ansible/roles/octavia/tasks/config.yml b/ansible/roles/octavia/tasks/config.yml index d962f21151..a60991d808 100644 --- a/ansible/roles/octavia/tasks/config.yml +++ b/ansible/roles/octavia/tasks/config.yml @@ -45,19 +45,9 @@ notify: - "Restart {{ item.key }} container" -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ octavia_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/octavia/tasks/copy-certs.yml b/ansible/roles/octavia/tasks/copy-certs.yml new file mode 100644 index 0000000000..f39ca44ebd --- /dev/null +++ b/ansible/roles/octavia/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ octavia_services }}" diff --git a/ansible/roles/panko/tasks/config.yml b/ansible/roles/panko/tasks/config.yml index 49debb5439..8cc4239483 100644 --- a/ansible/roles/panko/tasks/config.yml +++ b/ansible/roles/panko/tasks/config.yml @@ -31,19 +31,9 @@ when: - panko_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ panko_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/panko/tasks/copy-certs.yml b/ansible/roles/panko/tasks/copy-certs.yml new file mode 100644 index 0000000000..29ae844575 --- /dev/null +++ b/ansible/roles/panko/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ panko_services }}" diff --git a/ansible/roles/placement/tasks/config.yml b/ansible/roles/placement/tasks/config.yml index e338850079..2f42c13c72 100644 --- a/ansible/roles/placement/tasks/config.yml +++ b/ansible/roles/placement/tasks/config.yml @@ -31,19 +31,9 @@ when: - placement_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ placement_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services become: true diff --git a/ansible/roles/placement/tasks/copy-certs.yml b/ansible/roles/placement/tasks/copy-certs.yml new file mode 100644 index 0000000000..add0ac17de --- /dev/null +++ b/ansible/roles/placement/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ placement_services }}" diff --git a/ansible/roles/prometheus/tasks/config.yml b/ansible/roles/prometheus/tasks/config.yml index ad97984746..bbc7d2b568 100644 --- a/ansible/roles/prometheus/tasks/config.yml +++ b/ansible/roles/prometheus/tasks/config.yml @@ -12,19 +12,9 @@ - item.value.enabled | bool with_dict: "{{ prometheus_services }}" -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ prometheus_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files become: true diff --git a/ansible/roles/prometheus/tasks/copy-certs.yml b/ansible/roles/prometheus/tasks/copy-certs.yml new file mode 100644 index 0000000000..6749428397 --- /dev/null +++ b/ansible/roles/prometheus/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ prometheus_services }}" diff --git a/ansible/roles/qinling/tasks/config.yml b/ansible/roles/qinling/tasks/config.yml index 17fcb18036..96ef350cd2 100644 --- a/ansible/roles/qinling/tasks/config.yml +++ b/ansible/roles/qinling/tasks/config.yml @@ -36,19 +36,9 @@ when: - qinling_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ qinling_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/qinling/tasks/copy-certs.yml b/ansible/roles/qinling/tasks/copy-certs.yml new file mode 100644 index 0000000000..ee25f1d265 --- /dev/null +++ b/ansible/roles/qinling/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ qinling_services }}" diff --git a/ansible/roles/rally/tasks/config.yml b/ansible/roles/rally/tasks/config.yml index d615fae3cf..238533dcf6 100644 --- a/ansible/roles/rally/tasks/config.yml +++ b/ansible/roles/rally/tasks/config.yml @@ -31,19 +31,9 @@ when: - rally_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ rally_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/rally/tasks/copy-certs.yml b/ansible/roles/rally/tasks/copy-certs.yml new file mode 100644 index 0000000000..6b2f3220a4 --- /dev/null +++ b/ansible/roles/rally/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ rally_services }}" diff --git a/ansible/roles/sahara/tasks/config.yml b/ansible/roles/sahara/tasks/config.yml index af70380b39..99eec60935 100644 --- a/ansible/roles/sahara/tasks/config.yml +++ b/ansible/roles/sahara/tasks/config.yml @@ -31,19 +31,9 @@ when: - sahara_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ sahara_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/sahara/tasks/copy-certs.yml b/ansible/roles/sahara/tasks/copy-certs.yml new file mode 100644 index 0000000000..e407b87540 --- /dev/null +++ b/ansible/roles/sahara/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ sahara_services }}" diff --git a/ansible/roles/searchlight/tasks/config.yml b/ansible/roles/searchlight/tasks/config.yml index 0dd7cb721d..55b8d70aef 100644 --- a/ansible/roles/searchlight/tasks/config.yml +++ b/ansible/roles/searchlight/tasks/config.yml @@ -31,19 +31,9 @@ when: - searchlight_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ searchlight_config_jsons }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/searchlight/tasks/copy-certs.yml b/ansible/roles/searchlight/tasks/copy-certs.yml new file mode 100644 index 0000000000..39d605bcd2 --- /dev/null +++ b/ansible/roles/searchlight/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ searchlight_services }}" diff --git a/ansible/roles/senlin/tasks/config.yml b/ansible/roles/senlin/tasks/config.yml index 65f8d6643b..98ec0bd682 100644 --- a/ansible/roles/senlin/tasks/config.yml +++ b/ansible/roles/senlin/tasks/config.yml @@ -31,19 +31,9 @@ when: - senlin_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ senlin_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/senlin/tasks/copy-certs.yml b/ansible/roles/senlin/tasks/copy-certs.yml new file mode 100644 index 0000000000..0614aac758 --- /dev/null +++ b/ansible/roles/senlin/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ senlin_services }}" diff --git a/ansible/roles/skydive/tasks/config.yml b/ansible/roles/skydive/tasks/config.yml index 9ad2c60074..fe08155964 100644 --- a/ansible/roles/skydive/tasks/config.yml +++ b/ansible/roles/skydive/tasks/config.yml @@ -12,19 +12,9 @@ - item.value.enabled | bool with_dict: "{{ skydive_services }}" -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ skydive_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over default config.json files template: diff --git a/ansible/roles/skydive/tasks/copy-certs.yml b/ansible/roles/skydive/tasks/copy-certs.yml new file mode 100644 index 0000000000..99a2333cac --- /dev/null +++ b/ansible/roles/skydive/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ skydive_services }}" diff --git a/ansible/roles/solum/tasks/config.yml b/ansible/roles/solum/tasks/config.yml index 79a81145e0..0c222acfe0 100644 --- a/ansible/roles/solum/tasks/config.yml +++ b/ansible/roles/solum/tasks/config.yml @@ -12,19 +12,9 @@ - item.value.enabled | bool with_dict: "{{ solum_services }}" -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ solum_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/solum/tasks/copy-certs.yml b/ansible/roles/solum/tasks/copy-certs.yml new file mode 100644 index 0000000000..ff86842c5c --- /dev/null +++ b/ansible/roles/solum/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ solum_services }}" diff --git a/ansible/roles/swift/tasks/config.yml b/ansible/roles/swift/tasks/config.yml index a62c4c0d68..4479a0c140 100644 --- a/ansible/roles/swift/tasks/config.yml +++ b/ansible/roles/swift/tasks/config.yml @@ -28,19 +28,9 @@ - "swift-proxy-server" - "swift-rsyncd" -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ swift_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/swift/tasks/copy-certs.yml b/ansible/roles/swift/tasks/copy-certs.yml new file mode 100644 index 0000000000..dad345f189 --- /dev/null +++ b/ansible/roles/swift/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ swift_services }}" diff --git a/ansible/roles/tacker/tasks/config.yml b/ansible/roles/tacker/tasks/config.yml index ede26d7cf0..261dd3bcf0 100644 --- a/ansible/roles/tacker/tasks/config.yml +++ b/ansible/roles/tacker/tasks/config.yml @@ -31,19 +31,9 @@ when: - tacker_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ tacker_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/tacker/tasks/copy-certs.yml b/ansible/roles/tacker/tasks/copy-certs.yml new file mode 100644 index 0000000000..2da5828235 --- /dev/null +++ b/ansible/roles/tacker/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ tacker_services }}" diff --git a/ansible/roles/telegraf/tasks/config.yml b/ansible/roles/telegraf/tasks/config.yml index 40a2b19ac1..cf318706fb 100644 --- a/ansible/roles/telegraf/tasks/config.yml +++ b/ansible/roles/telegraf/tasks/config.yml @@ -12,19 +12,9 @@ - item.value.enabled | bool with_dict: "{{ telegraf_services }}" -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ telegraf_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over default config.json files template: diff --git a/ansible/roles/telegraf/tasks/copy-certs.yml b/ansible/roles/telegraf/tasks/copy-certs.yml new file mode 100644 index 0000000000..c73a4313a3 --- /dev/null +++ b/ansible/roles/telegraf/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ telegraf_services }}" diff --git a/ansible/roles/tempest/tasks/config.yml b/ansible/roles/tempest/tasks/config.yml index b9ad20eb39..784de54840 100644 --- a/ansible/roles/tempest/tasks/config.yml +++ b/ansible/roles/tempest/tasks/config.yml @@ -12,19 +12,9 @@ - item.value.enabled | bool with_dict: "{{ tempest_services }}" -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ tempest_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/tempest/tasks/copy-certs.yml b/ansible/roles/tempest/tasks/copy-certs.yml new file mode 100644 index 0000000000..f3c4ebca0d --- /dev/null +++ b/ansible/roles/tempest/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ tempest_services }}" diff --git a/ansible/roles/trove/tasks/config.yml b/ansible/roles/trove/tasks/config.yml index a5156667bf..54a18f8e07 100644 --- a/ansible/roles/trove/tasks/config.yml +++ b/ansible/roles/trove/tasks/config.yml @@ -31,19 +31,9 @@ when: - trove_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ trove_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/trove/tasks/copy-certs.yml b/ansible/roles/trove/tasks/copy-certs.yml new file mode 100644 index 0000000000..bac43d727a --- /dev/null +++ b/ansible/roles/trove/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ trove_services }}" diff --git a/ansible/roles/vitrage/tasks/config.yml b/ansible/roles/vitrage/tasks/config.yml index 7eb09b4ec0..977b8e9579 100644 --- a/ansible/roles/vitrage/tasks/config.yml +++ b/ansible/roles/vitrage/tasks/config.yml @@ -31,19 +31,9 @@ when: - vitrage_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ vitrage_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/vitrage/tasks/copy-certs.yml b/ansible/roles/vitrage/tasks/copy-certs.yml new file mode 100644 index 0000000000..bdd8fe3581 --- /dev/null +++ b/ansible/roles/vitrage/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ vitrage_services }}" diff --git a/ansible/roles/watcher/tasks/config.yml b/ansible/roles/watcher/tasks/config.yml index fc9bca31a7..b05ceefefb 100644 --- a/ansible/roles/watcher/tasks/config.yml +++ b/ansible/roles/watcher/tasks/config.yml @@ -31,19 +31,9 @@ when: - watcher_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ watcher_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/watcher/tasks/copy-certs.yml b/ansible/roles/watcher/tasks/copy-certs.yml new file mode 100644 index 0000000000..434d085732 --- /dev/null +++ b/ansible/roles/watcher/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ watcher_services }}" diff --git a/ansible/roles/zun/tasks/config.yml b/ansible/roles/zun/tasks/config.yml index 244d66f2bd..8394e2f993 100644 --- a/ansible/roles/zun/tasks/config.yml +++ b/ansible/roles/zun/tasks/config.yml @@ -31,19 +31,9 @@ when: - zun_policy.results -- name: Copying over extra CA certificates - become: true - copy: - src: "{{ node_config }}/certificates/ca/" - dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates" - mode: "0644" +- include_tasks: copy-certs.yml when: - - item.value.enabled | bool - - inventory_hostname in groups[item.value.group] - kolla_copy_ca_into_containers | bool - with_dict: "{{ zun_services }}" - notify: - - "Restart {{ item.key }} container" - name: Copying over config.json files for services template: diff --git a/ansible/roles/zun/tasks/copy-certs.yml b/ansible/roles/zun/tasks/copy-certs.yml new file mode 100644 index 0000000000..3ca082669f --- /dev/null +++ b/ansible/roles/zun/tasks/copy-certs.yml @@ -0,0 +1,6 @@ +--- +- name: "Copy certificates and keys for {{ project_name }}" + import_role: + role: service-cert-copy + vars: + project_services: "{{ zun_services }}"