openstack/openstack-ansible-os_ironic
Code Issues Proposed changes
master
openstack-ansible-os_ironic/tasks/ironic_post_install.yml
Dmitriy Rabotyagov 7226653ad9 Fix linters and metadata 
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I1ab9664505068c20924370790322caa67cc6e022
2023-07-14 18:07:30 +02:00

167 lines
5.5 KiB
YAML
Raw Permalink Blame History

---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Post swift tempURL secret key
command: >
{{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure', '--os-cacert ' ~ _ironic_ssl_truststore_location) }}
--os-username "service:{{ glance_service_user_name }}"
--os-password "{{ glance_service_password }}"
--os-auth-url {{ keystone_service_internalurl }}
--os-identity-api-version {{ keystone_service_internalurl.split('/v')[-1] }}
post -m temp-url-key:{{ ironic_swift_temp_url_secret_key }}
environment:
OS_ENDPOINT_TYPE: internalURL
changed_when: false
when:
- not ironic_enable_web_server_for_images | bool
- _ironic_api_is_first_play_host
- not ironic_standalone | bool
tags:
- always
- name: Get swift account
shell: >
{{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure', '--os-cacert ' ~ _ironic_ssl_truststore_location) }}
--os-username "service:{{ glance_service_user_name }}"
--os-password "{{ glance_service_password }}"
--os-auth-url {{ keystone_service_internalurl }}
--os-identity-api-version {{ keystone_service_internalurl.split('/v')[-1] }}
stat -v | awk '/StorageURL\:/ {print $2}'
environment:
OS_ENDPOINT_TYPE: internalURL
changed_when: false
register: swift_storage_url
when:
- not ironic_enable_web_server_for_images | bool
- (ironic_swift_auth_account is undefined) or (ironic_swift_endpoint is undefined)
- not ironic_standalone | bool
tags:
- always
- name: Validate swift output
fail:
msg: |
No StorageURL output found using the `swift stat` command and either
the ``ironic_swift_auth_account`` or ``ironic_swift_auth_account``
variables are undefined. Ensure swift is functional and/or define
those variables.
when:
- not ironic_enable_web_server_for_images | bool
- (ironic_swift_auth_account is undefined) and (ironic_swift_endpoint is undefined)
- not ironic_standalone | bool
- not swift_storage_url.stdout
tags:
- always
- name: Set the swift auth facts
set_fact:
ironic_swift_auth_account: "{{ swift_storage_url.stdout.split('/v1/')[-1] }}"
when:
- not ironic_enable_web_server_for_images | bool
- ironic_swift_auth_account is undefined
- not ironic_standalone | bool
tags:
- always
- name: Set the swift endpoint facts
set_fact:
ironic_swift_endpoint: "{{ swift_storage_url.stdout.split('/v1/')[0] }}"
when:
- not ironic_enable_web_server_for_images | bool
- ironic_swift_endpoint is undefined
- not ironic_standalone | bool
tags:
- always
- name: Generate ironic config
openstack.config_template.config_template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner | default(ironic_system_user_name) }}"
group: "{{ item.group | default(ironic_system_group_name) }}"
mode: "0644"
config_overrides: "{{ item.config_overrides }}"
config_type: "{{ item.config_type }}"
when: item.condition | default(True)
with_items:
- src: "ironic.conf.j2"
dest: "/etc/ironic/ironic.conf"
config_overrides: "{{ ironic_ironic_conf_overrides }}"
config_type: "ini"
- src: "rootwrap.conf.j2"
dest: "/etc/ironic/rootwrap.conf"
owner: "root"
group: "root"
config_overrides: "{{ ironic_rootwrap_conf_overrides }}"
config_type: "ini"
- src: "inspector.conf.j2"
dest: "/etc/ironic-inspector/ironic-inspector.conf"
config_overrides: "{{ ironic_inspector_conf_overrides }}"
config_type: "ini"
condition: inventory_hostname in groups['ironic-inspector']
- src: "rootwrap.conf.j2"
dest: "/etc/ironic-inspector/rootwrap.conf"
owner: "root"
group: "root"
config_overrides: "{{ ironic_inspector_rootwrap_conf_overrides }}"
config_type: "ini"
condition: inventory_hostname in groups['ironic-inspector']
notify:
- Restart ironic services
- Restart uwsgi services
- name: Implement policy.yaml
openstack.config_template.config_template:
content: "{{ ironic_policy_overrides }}"
dest: "/etc/ironic/policy.yaml"
owner: "{{ ironic_system_user_name }}"
group: "{{ ironic_system_group_name }}"
mode: "0644"
config_type: yaml
when:
- ironic_policy_overrides | length > 0
tags:
- ironic-policy-override
- name: Remove legacy policy.yaml file
file:
path: "/etc/ironic/policy.yaml"
state: absent
when:
- ironic_policy_overrides | length == 0
tags:
- ironic-policy-override
- name: Copy rootwrap filters
copy:
src: "{{ item }}"
dest: "/etc/ironic/rootwrap.d/"
owner: "root"
group: "root"
mode: "0644"
with_fileglob:
- rootwrap.d/*
notify:
- Restart ironic services
- Restart uwsgi services
- name: Include sudoers file
template:
src: "sudoers.j2"
dest: "/etc/sudoers.d/{{ ironic_system_user_name }}_sudoers"
mode: "0440"
owner: "root"
group: "root"
View Git Blame Copy Permalink