--- # Copyright 2015, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Post swift tempURL secret key command: > {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure', '--os-cacert ' ~ _ironic_ssl_truststore_location) }} --os-username "service:{{ glance_service_user_name }}" --os-password "{{ glance_service_password }}" --os-auth-url {{ keystone_service_internalurl }} --os-identity-api-version {{ keystone_service_internalurl.split('/v')[-1] }} post -m temp-url-key:{{ ironic_swift_temp_url_secret_key }} environment: OS_ENDPOINT_TYPE: internalURL when: - not ironic_enable_web_server_for_images | bool - _ironic_api_is_first_play_host - not ironic_standalone | bool tags: - always - name: Get swift account shell: > {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure', '--os-cacert ' ~ _ironic_ssl_truststore_location) }} --os-username "service:{{ glance_service_user_name }}" --os-password "{{ glance_service_password }}" --os-auth-url {{ keystone_service_internalurl }} --os-identity-api-version {{ keystone_service_internalurl.split('/v')[-1] }} stat -v | awk '/StorageURL\:/ {print $2}' environment: OS_ENDPOINT_TYPE: internalURL register: swift_storage_url when: - not ironic_enable_web_server_for_images | bool - (ironic_swift_auth_account is undefined) or (ironic_swift_endpoint is undefined) - not ironic_standalone | bool tags: - always - name: Validate swift output fail: msg: | No StorageURL output found using the `swift stat` command and either the ``ironic_swift_auth_account`` or ``ironic_swift_auth_account`` variables are undefined. Ensure swift is functional and/or define those variables. when: - not ironic_enable_web_server_for_images | bool - (ironic_swift_auth_account is undefined) and (ironic_swift_endpoint is undefined) - not ironic_standalone | bool - not swift_storage_url.stdout tags: - always - name: Set the swift auth facts set_fact: ironic_swift_auth_account: "{{ swift_storage_url.stdout.split('/v1/')[-1] }}" when: - not ironic_enable_web_server_for_images | bool - ironic_swift_auth_account is undefined - not ironic_standalone | bool tags: - always - name: Set the swift endpoint facts set_fact: ironic_swift_endpoint: "{{ swift_storage_url.stdout.split('/v1/')[0] }}" when: - not ironic_enable_web_server_for_images | bool - ironic_swift_endpoint is undefined - not ironic_standalone | bool tags: - always - name: Generate ironic config openstack.config_template.config_template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: "{{ item.owner|default(ironic_system_user_name) }}" group: "{{ item.group|default(ironic_system_group_name) }}" mode: "0644" config_overrides: "{{ item.config_overrides }}" config_type: "{{ item.config_type }}" when: item.condition | default(True) with_items: - src: "ironic.conf.j2" dest: "/etc/ironic/ironic.conf" config_overrides: "{{ ironic_ironic_conf_overrides }}" config_type: "ini" - src: "rootwrap.conf.j2" dest: "/etc/ironic/rootwrap.conf" owner: "root" group: "root" config_overrides: "{{ ironic_rootwrap_conf_overrides }}" config_type: "ini" - src: "inspector.conf.j2" dest: "/etc/ironic-inspector/ironic-inspector.conf" config_overrides: "{{ ironic_inspector_conf_overrides }}" config_type: "ini" condition: inventory_hostname in groups['ironic-inspector'] - src: "rootwrap.conf.j2" dest: "/etc/ironic-inspector/rootwrap.conf" owner: "root" group: "root" config_overrides: "{{ ironic_inspector_rootwrap_conf_overrides }}" config_type: "ini" condition: inventory_hostname in groups['ironic-inspector'] notify: - Restart ironic services - Restart uwsgi services - name: Implement policy.yaml openstack.config_template.config_template: content: "{{ ironic_policy_overrides }}" dest: "/etc/ironic/policy.yaml" owner: "{{ ironic_system_user_name }}" group: "{{ ironic_system_group_name }}" mode: "0644" config_type: yaml when: - ironic_policy_overrides | length > 0 tags: - ironic-policy-override - name: Remove legacy policy.yaml file file: path: "/etc/ironic/policy.yaml" state: absent when: - ironic_policy_overrides | length == 0 tags: - ironic-policy-override - name: Copy rootwrap filters copy: src: "{{ item }}" dest: "/etc/ironic/rootwrap.d/" owner: "root" group: "root" with_fileglob: - rootwrap.d/* notify: - Restart ironic services - Restart uwsgi services - name: Include sudoers file template: src: "sudoers.j2" dest: "/etc/sudoers.d/{{ ironic_system_user_name }}_sudoers" mode: "0440" owner: "root" group: "root"