openstack/kolla-ansible
Code Issues Proposed changes
kolla-ansible/ansible/roles/ironic/handlers/main.yml
James Kirsch 316b0496b3 Add support for encrypting Ironic API 
This patch introduces an optional backend encryption for the Ironic API
and Ironic Inspector service. When used in conjunction with enabling
TLS for service API endpoints, network communcation will be encrypted
end to end, from client through HAProxy to the Ironic service.

Change-Id: I3e82c8ec112e53f907e89fea0c8c849072dcf957
Partially-Implements: blueprint add-ssl-internal-network
Depends-On: https://review.opendev.org/#/c/742776/
2020-08-29 15:25:49 +00:00

114 lines
3.5 KiB
YAML
Raw Blame History

---
- name: Restart ironic-conductor container
vars:
service_name: "ironic-conductor"
service: "{{ ironic_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
privileged: "{{ service.privileged | default(False) }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
when:
- kolla_action != "config"
- name: Restart ironic-api container
vars:
service_name: "ironic-api"
service: "{{ ironic_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
when:
- kolla_action != "config"
# Due to a bug in the ironic client, ironic inspector fails to start if ironic
# API is not accessible. https://storyboard.openstack.org/#!/story/2006393
# TODO(mgoddard): remove this task when
# https://storyboard.openstack.org/#!/story/2006393 has been fixed.
- name: Wait for ironic-api to be accessible
become: true
kolla_toolbox:
module_name: uri
module_args:
url: "{{ ironic_internal_endpoint }}"
validate_certs: false
register: result
until: result is success
retries: 12
delay: 5
listen: Restart ironic-api container
when:
- kolla_action != "config"
run_once: True
- name: Restart ironic-inspector container
vars:
service_name: "ironic-inspector"
service: "{{ ironic_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
privileged: "{{ service.privileged | default(False) }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
dimensions: "{{ service.dimensions }}"
when:
- kolla_action != "config"
- name: Restart ironic-pxe container
vars:
service_name: "ironic-pxe"
service: "{{ ironic_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes }}"
dimensions: "{{ service.dimensions }}"
when:
- kolla_action != "config"
- name: Restart ironic-ipxe container
vars:
service_name: "ironic-ipxe"
service: "{{ ironic_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes }}"
dimensions: "{{ service.dimensions }}"
when:
- kolla_action != "config"
- name: Restart ironic-dnsmasq container
vars:
service_name: "ironic-dnsmasq"
service: "{{ ironic_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes }}"
dimensions: "{{ service.dimensions }}"
cap_add: "{{ service.cap_add }}"
when:
- kolla_action != "config"
View Git Blame Copy Permalink