diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml index 9548acc227..36ff1f2241 100644 --- a/ansible/roles/baremetal/defaults/main.yml +++ b/ansible/roles/baremetal/defaults/main.yml @@ -37,6 +37,7 @@ redhat_pkg_install: - git - python-setuptools - ntp + - sudo ubuntu_pkg_removals: - lxd diff --git a/ansible/roles/baremetal/tasks/post-install.yml b/ansible/roles/baremetal/tasks/post-install.yml index 04d44c3485..fa208018bd 100644 --- a/ansible/roles/baremetal/tasks/post-install.yml +++ b/ansible/roles/baremetal/tasks/post-install.yml @@ -1,4 +1,56 @@ --- +- name: Create kolla user + user: + name: "{{ kolla_user }}" + state: present + group: "{{ kolla_group }}" + groups: "sudo" + become: True + when: create_kolla_user | bool + +- name: Add public key to kolla user authorized keys + authorized_key: + user: "{{ kolla_user }}" + key: "{{ kolla_ssh_key.public_key }}" + become: True + when: create_kolla_user | bool + +- name: Create sudoers profile for user kolla + file: + path: /etc/sudoers.d/kolla-ansible-users + state: touch + become: True + when: create_kolla_user | bool + +- name: Grant kolla user passwordless sudo + lineinfile: + dest: /etc/sudoers.d/kolla-ansible-users + state: present + regexp: '^{{ kolla_group }}' + line: '{{ kolla_group }} ALL=(ALL) NOPASSWD: ALL' + become: True + when: create_kolla_user | bool + +- name: Ensure node_config_directory directory exists for user kolla + file: + path: "{{ node_config_directory }}" + state: directory + recurse: yes + owner: "{{ kolla_user }}" + group: "{{ kolla_group }}" + mode: 0755 + become: True + when: create_kolla_user | bool + +- name: Ensure node_config_directory directory exists + file: + path: "{{ node_config_directory }}" + state: directory + recurse: yes + mode: 0644 + become: True + when: not create_kolla_user | bool + - name: Ensure docker service directory exists file: path: /etc/systemd/system/docker.service.d diff --git a/ansible/roles/baremetal/tasks/pre-install.yml b/ansible/roles/baremetal/tasks/pre-install.yml index a471a7da57..8e5065646f 100644 --- a/ansible/roles/baremetal/tasks/pre-install.yml +++ b/ansible/roles/baremetal/tasks/pre-install.yml @@ -47,31 +47,6 @@ become: True when: create_kolla_user | bool -- name: Create kolla user - user: - name: "{{ kolla_user }}" - state: present - group: "{{ kolla_group }}" - groups: "sudo" - become: True - when: create_kolla_user | bool - -- name: Grant kolla user passwordless sudo - lineinfile: - dest: /etc/sudoers - state: present - regexp: '^{{ kolla_group }}' - line: '{{ kolla_group }} ALL=(ALL) NOPASSWD: ALL' - become: True - when: create_kolla_user | bool - -- name: Add public key to kolla user authorized keys - authorized_key: - user: "{{ kolla_user }}" - key: "{{ kolla_ssh_key.public_key }}" - become: True - when: create_kolla_user | bool - - name: Install apt packages apt: update_cache: yes @@ -133,23 +108,3 @@ key: "{{ docker_yum_url }}/gpg" become: True when: ansible_os_family == 'RedHat' - -- name: Ensure node_config_directory directory exists - file: - path: "{{ node_config_directory }}" - state: directory - recurse: yes - owner: "{{ kolla_user }}" - group: "{{ kolla_group }}" - mode: 0755 - become: True - when: create_kolla_user | bool - -- name: Ensure node_config_directory directory exists - file: - path: "{{ node_config_directory }}" - state: directory - recurse: yes - mode: 0644 - become: True - when: not create_kolla_user | bool