Add sudo package for bootstrap-servers

sudo package is required when we use ubuntu base on centos to deploy. The following tasks belong to the environment check after installation of environment-related software packages. So, move to the post-install module. Create kolla user Add public key to kolla user authorized keys Grant kolla user passwordless sudo Ensure node_config_directory directory exists for user kolla Ensure node_config_directory directory exists Change-Id: I86bf5e1df3d6568c4f1ca6f4757f08a3dd22754d Closes-Bug: #1777571
2018-06-19 14:26:42 +08:00 · 2018-06-19 14:26:42 +08:00 · 9ff5d5483e
commit 9ff5d5483e
parent 29a6a61d97
3 changed files with 53 additions and 45 deletions
--- a/ansible/roles/baremetal/defaults/main.yml
+++ b/ansible/roles/baremetal/defaults/main.yml
@ -37,6 +37,7 @@ redhat_pkg_install:
 - git
 - python-setuptools
 - ntp
+ - sudo

 ubuntu_pkg_removals:
 - lxd
--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@ -1,4 +1,56 @@
 ---
+- name: Create kolla user
+  user:
+    name: "{{ kolla_user }}"
+    state: present
+    group: "{{ kolla_group }}"
+    groups: "sudo"
+  become: True
+  when: create_kolla_user | bool
+
+- name: Add public key to kolla user authorized keys
+  authorized_key:
+    user: "{{ kolla_user }}"
+    key: "{{ kolla_ssh_key.public_key }}"
+  become: True
+  when: create_kolla_user | bool
+
+- name: Create sudoers profile for user kolla
+  file:
+    path: /etc/sudoers.d/kolla-ansible-users
+    state: touch
+  become: True
+  when: create_kolla_user | bool
+
+- name: Grant kolla user passwordless sudo
+  lineinfile:
+    dest: /etc/sudoers.d/kolla-ansible-users
+    state: present
+    regexp: '^{{ kolla_group }}'
+    line: '{{ kolla_group }} ALL=(ALL) NOPASSWD: ALL'
+  become: True
+  when: create_kolla_user | bool
+
+- name: Ensure node_config_directory directory exists for user kolla
+  file:
+    path: "{{ node_config_directory }}"
+    state: directory
+    recurse: yes
+    owner: "{{ kolla_user }}"
+    group: "{{ kolla_group }}"
+    mode: 0755
+  become: True
+  when: create_kolla_user | bool
+
+- name: Ensure node_config_directory directory exists
+  file:
+    path: "{{ node_config_directory }}"
+    state: directory
+    recurse: yes
+    mode: 0644
+  become: True
+  when: not create_kolla_user | bool
+
 - name: Ensure docker service directory exists
  file:
    path: /etc/systemd/system/docker.service.d
--- a/ansible/roles/baremetal/tasks/pre-install.yml
+++ b/ansible/roles/baremetal/tasks/pre-install.yml
@ -47,31 +47,6 @@
  become: True
  when: create_kolla_user | bool

- name: Create kolla user
-  user:
-    name: "{{ kolla_user }}"
-    state: present
-    group: "{{ kolla_group }}"
-    groups: "sudo"
-  become: True
-  when: create_kolla_user | bool
-
- name: Grant kolla user passwordless sudo
-  lineinfile:
-    dest: /etc/sudoers
-    state: present
-    regexp: '^{{ kolla_group }}'
-    line: '{{ kolla_group }} ALL=(ALL) NOPASSWD: ALL'
-  become: True
-  when: create_kolla_user | bool
-
- name: Add public key to kolla user authorized keys
-  authorized_key:
-    user: "{{ kolla_user }}"
-    key: "{{ kolla_ssh_key.public_key }}"
-  become: True
-  when: create_kolla_user | bool
-
 - name: Install apt packages
  apt:
    update_cache: yes
@ -133,23 +108,3 @@
    key: "{{ docker_yum_url }}/gpg"
  become: True
  when: ansible_os_family == 'RedHat'
-
- name: Ensure node_config_directory directory exists
-  file:
-    path: "{{ node_config_directory }}"
-    state: directory
-    recurse: yes
-    owner: "{{ kolla_user }}"
-    group: "{{ kolla_group }}"
-    mode: 0755
-  become: True
-  when: create_kolla_user | bool
-
- name: Ensure node_config_directory directory exists
-  file:
-    path: "{{ node_config_directory }}"
-    state: directory
-    recurse: yes
-    mode: 0644
-  become: True
-  when: not create_kolla_user | bool