openstack/kolla-ansible
Code Issues Proposed changes
6c2bb6b736
kolla-ansible/ansible/roles/ironic/handlers/main.yml
James Kirsch 7c2df87ded Add support for encrypting Ironic API 
This patch introduces an optional backend encryption for the Ironic API
service. When used in conjunction with enabling TLS for service API
endpoints, network communcation will be encrypted end to end, from
client through HAProxy to the Ironic service.

Change-Id: I9edf7545c174ca8839ceaef877bb09f49ef2b451
Partially-Implements: blueprint add-ssl-internal-network
2020-09-24 10:09:13 -07:00

114 lines
3.5 KiB
YAML
Raw Blame History

---
- name: Restart ironic-conductor container
vars:
service_name: "ironic-conductor"
service: "{{ ironic_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
privileged: "{{ service.privileged | default(False) }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
when:
- kolla_action != "config"
- name: Restart ironic-api container
vars:
service_name: "ironic-api"
service: "{{ ironic_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
when:
- kolla_action != "config"
# Due to a bug in the ironic client, ironic inspector fails to start if ironic
# API is not accessible. https://storyboard.openstack.org/#!/story/2006393
# TODO(mgoddard): remove this task when
# https://storyboard.openstack.org/#!/story/2006393 has been fixed.
- name: Wait for ironic-api to be accessible
become: true
kolla_toolbox:
module_name: uri
module_args:
url: "{{ ironic_internal_endpoint }}"
validate_certs: false
register: result
until: result is success
retries: 12
delay: 5
listen: Restart ironic-api container
when:
- kolla_action != "config"
run_once: True
- name: Restart ironic-inspector container
vars:
service_name: "ironic-inspector"
service: "{{ ironic_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
privileged: "{{ service.privileged | default(False) }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
when:
- kolla_action != "config"
- name: Restart ironic-pxe container
vars:
service_name: "ironic-pxe"
service: "{{ ironic_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes }}"
dimensions: "{{ service.dimensions }}"
when:
- kolla_action != "config"
- name: Restart ironic-ipxe container
vars:
service_name: "ironic-ipxe"
service: "{{ ironic_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes }}"
dimensions: "{{ service.dimensions }}"
when:
- kolla_action != "config"
- name: Restart ironic-dnsmasq container
vars:
service_name: "ironic-dnsmasq"
service: "{{ ironic_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes }}"
dimensions: "{{ service.dimensions }}"
cap_add: "{{ service.cap_add }}"
when:
- kolla_action != "config"
View Git Blame Copy Permalink