From 9ff5d5483ee5fd04dc4a11316b56175f7b299954 Mon Sep 17 00:00:00 2001
From: fan_guiju <fanguiju1992@163.com>
Date: Tue, 19 Jun 2018 14:26:42 +0800
Subject: [PATCH] Add sudo package for bootstrap-servers

sudo package is required when we use ubuntu base on centos to deploy.

The following tasks belong to the environment check after
installation of environment-related software packages.
So, move to the post-install module.

    Create kolla user
    Add public key to kolla user authorized keys
    Grant kolla user passwordless sudo
    Ensure node_config_directory directory exists for user kolla
    Ensure node_config_directory directory exists

Change-Id: I86bf5e1df3d6568c4f1ca6f4757f08a3dd22754d
Closes-Bug: #1777571
---
 ansible/roles/baremetal/defaults/main.yml     |  1 +
 .../roles/baremetal/tasks/post-install.yml    | 52 +++++++++++++++++++
 ansible/roles/baremetal/tasks/pre-install.yml | 45 ----------------
 3 files changed, 53 insertions(+), 45 deletions(-)

diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml
index 9548acc227..36ff1f2241 100644
--- a/ansible/roles/baremetal/defaults/main.yml
+++ b/ansible/roles/baremetal/defaults/main.yml
@@ -37,6 +37,7 @@ redhat_pkg_install:
  - git
  - python-setuptools
  - ntp
+ - sudo
 
 ubuntu_pkg_removals:
  - lxd
diff --git a/ansible/roles/baremetal/tasks/post-install.yml b/ansible/roles/baremetal/tasks/post-install.yml
index 04d44c3485..fa208018bd 100644
--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@@ -1,4 +1,56 @@
 ---
+- name: Create kolla user
+  user:
+    name: "{{ kolla_user }}"
+    state: present
+    group: "{{ kolla_group }}"
+    groups: "sudo"
+  become: True
+  when: create_kolla_user | bool
+
+- name: Add public key to kolla user authorized keys
+  authorized_key:
+    user: "{{ kolla_user }}"
+    key: "{{ kolla_ssh_key.public_key }}"
+  become: True
+  when: create_kolla_user | bool
+
+- name: Create sudoers profile for user kolla
+  file:
+    path: /etc/sudoers.d/kolla-ansible-users
+    state: touch
+  become: True
+  when: create_kolla_user | bool
+
+- name: Grant kolla user passwordless sudo
+  lineinfile:
+    dest: /etc/sudoers.d/kolla-ansible-users
+    state: present
+    regexp: '^{{ kolla_group }}'
+    line: '{{ kolla_group }} ALL=(ALL) NOPASSWD: ALL'
+  become: True
+  when: create_kolla_user | bool
+
+- name: Ensure node_config_directory directory exists for user kolla
+  file:
+    path: "{{ node_config_directory }}"
+    state: directory
+    recurse: yes
+    owner: "{{ kolla_user }}"
+    group: "{{ kolla_group }}"
+    mode: 0755
+  become: True
+  when: create_kolla_user | bool
+
+- name: Ensure node_config_directory directory exists
+  file:
+    path: "{{ node_config_directory }}"
+    state: directory
+    recurse: yes
+    mode: 0644
+  become: True
+  when: not create_kolla_user | bool
+
 - name: Ensure docker service directory exists
   file:
     path: /etc/systemd/system/docker.service.d
diff --git a/ansible/roles/baremetal/tasks/pre-install.yml b/ansible/roles/baremetal/tasks/pre-install.yml
index a471a7da57..8e5065646f 100644
--- a/ansible/roles/baremetal/tasks/pre-install.yml
+++ b/ansible/roles/baremetal/tasks/pre-install.yml
@@ -47,31 +47,6 @@
   become: True
   when: create_kolla_user | bool
 
-- name: Create kolla user
-  user:
-    name: "{{ kolla_user }}"
-    state: present
-    group: "{{ kolla_group }}"
-    groups: "sudo"
-  become: True
-  when: create_kolla_user | bool
-
-- name: Grant kolla user passwordless sudo
-  lineinfile:
-    dest: /etc/sudoers
-    state: present
-    regexp: '^{{ kolla_group }}'
-    line: '{{ kolla_group }} ALL=(ALL) NOPASSWD: ALL'
-  become: True
-  when: create_kolla_user | bool
-
-- name: Add public key to kolla user authorized keys
-  authorized_key:
-    user: "{{ kolla_user }}"
-    key: "{{ kolla_ssh_key.public_key }}"
-  become: True
-  when: create_kolla_user | bool
-
 - name: Install apt packages
   apt:
     update_cache: yes
@@ -133,23 +108,3 @@
     key: "{{ docker_yum_url }}/gpg"
   become: True
   when: ansible_os_family == 'RedHat'
-
-- name: Ensure node_config_directory directory exists
-  file:
-    path: "{{ node_config_directory }}"
-    state: directory
-    recurse: yes
-    owner: "{{ kolla_user }}"
-    group: "{{ kolla_group }}"
-    mode: 0755
-  become: True
-  when: create_kolla_user | bool
-
-- name: Ensure node_config_directory directory exists
-  file:
-    path: "{{ node_config_directory }}"
-    state: directory
-    recurse: yes
-    mode: 0644
-  become: True
-  when: not create_kolla_user | bool