kolla-ansible/ansible/roles/prechecks/tasks/service_checks.yml

---
- name: Checking Docker version
  command: docker --version
  register: result
  changed_when: false
  when: inventory_hostname in groups['baremetal']
  failed_when: result | failed
               or result.stdout | regex_replace('.*(\\d+\\.\\d+\\.\\d+).*', '\\1') | version_compare(docker_version_min, '<')

# NOTE(mgoddard): If passwords.yml is encrypted using ansible-vault, this check
# will pass, but only because nothing in the vault file has the format of a
# YAML dict item.
- name: Checking empty passwords in passwords.yml. Run kolla-genpwd if this task fails
  local_action: command grep '^[^#].*:\s*$' "{{ node_config }}/passwords.yml"
  run_once: True
  register: result
  changed_when: false
  failed_when: result.stdout | regex_replace('(.*ssh_key.*)', '') | search(":")

- name: Check if nscd is running
  command: pgrep nscd
  ignore_errors: yes
  failed_when: false
  changed_when: false
  register: nscd_status

- name: Fail if nscd is running
  fail:
    msg: |
      Service nscd is running. This is known to cause issues with Docker's user namespaces in
      Kolla. Please disable it before proceeding.      
  when:
    - nscd_status.rc == 0

- name: Checking internal and external VIP addresses differ
  run_once: True
  local_action: fail msg='kolla_external_vip_address and kolla_internal_vip_address must not be the same when TLS is enabled'
  changed_when: false
  when:
    - kolla_enable_tls_external | bool
    - kolla_external_vip_address == kolla_internal_vip_address