kolla-ansible/ansible/roles/prechecks/tasks/service_checks.yml

---
- name: Checking Docker version
  become: true
  command: "{{ kolla_container_engine }} --version"
  register: result
  changed_when: false
  when: inventory_hostname in groups['baremetal']
  failed_when: result is failed
               or result.stdout | regex_replace('.*\\b(\\d+\\.\\d+\\.\\d+)\\b.*', '\\1') is version(docker_version_min, '<')

# NOTE(mgoddard): If passwords.yml is encrypted using ansible-vault, this check
# will pass, but only because nothing in the vault file has the format of a
# YAML dict item.
- name: Checking empty passwords in passwords.yml. Run kolla-genpwd if this task fails
  command:
    cmd: grep '^[^#].*:\s*$' "{{ node_config }}/passwords.yml"
  delegate_to: localhost
  run_once: True
  register: result
  changed_when: false
  failed_when: result.stdout | regex_replace('(.*ssh_key.*)', '') is search(":")

- name: Check if nscd is running
  command: pgrep nscd
  ignore_errors: yes
  failed_when: false
  changed_when: false
  register: nscd_status

- name: Fail if nscd is running
  fail:
    msg: |
      Service nscd is running. This is known to cause issues with Docker's user namespaces in
      Kolla. Please disable it before proceeding.      
  when:
    - nscd_status.rc == 0

- name: Validate that internal and external vip address are different when TLS is enabled only on either the internal and external network
  run_once: True
  fail:
    msg: 'kolla_external_vip_address and kolla_internal_vip_address must not be the same when only one network has TLS enabled'
  changed_when: false
  when:
    - kolla_enable_tls_external | bool or kolla_enable_tls_internal | bool
    - not (kolla_enable_tls_external | bool and kolla_enable_tls_internal | bool)
    - kolla_same_external_internal_vip | bool

- name: Validate that enable_ceph is disabled
  run_once: True
  fail:
    msg: "We are sorry but enable_ceph is no longer supported. Please use external ceph support."
  when:
    - (enable_ceph | default()) | bool