2603e8de6a
This change makes is intended to simplify the the ironic.conf file so that we only carry what is needed. In the file we're setting the swift configuration section when not in stand alone mode and the keystone_auth section has been updated for the options that ironic requires. URI testing for ironic's rest API has been updated to run the tests using a header for the authentication token. This is required now that the keystone_auth section is filled in. Co-Authored-By: Michael Davies <michael@the-davies.net> Change-Id: Ic6bd466e6fa03c2382424666588c306bad473e99 Partially-implements: blueprint role-ironic Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
176 lines
5.7 KiB
YAML
176 lines
5.7 KiB
YAML
---
|
|
# Copyright 2015, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Setup ironic for standalone usage
|
|
set_fact:
|
|
ironic_driver_list: "{{ ironic_standalone_driver_list }}"
|
|
ironic_auth_strategy: "{{ ironic_standalone_auth_strategy }}"
|
|
ironic_api_url: "{{ ironic_standalone_api_url }}"
|
|
ironic_dhcp_provider: "{{ ironic_standalone_dhcp_provider }}"
|
|
ironic_sync_power_state_interval: "{{ ironic_standalone_sync_power_state_interval }}"
|
|
ironic_db_connection_string: "{{ ironic_standalone_db_connection_string }}"
|
|
when: ironic_standalone | bool
|
|
tags:
|
|
- always
|
|
|
|
- name: Setup ironic for integrated Openstack usage
|
|
set_fact:
|
|
ironic_driver_list: "{{ ironic_openstack_driver_list }}"
|
|
ironic_auth_strategy: "{{ ironic_openstack_auth_strategy }}"
|
|
ironic_api_url: "{{ ironic_openstack_api_url }}"
|
|
ironic_dhcp_provider: "{{ ironic_openstack_dhcp_provider }}"
|
|
ironic_sync_power_state_interval: "{{ ironic_openstack_sync_power_state_interval }}"
|
|
ironic_db_connection_string: "{{ ironic_openstack_db_connection_string }}"
|
|
when: not ironic_standalone | bool
|
|
tags:
|
|
- always
|
|
|
|
- name: Get ironic command path
|
|
command: which ironic
|
|
register: ironic_command_path
|
|
when:
|
|
- not ironic_venv_enabled | bool
|
|
tags:
|
|
- ironic-command-bin
|
|
|
|
- name: Set ironic command path
|
|
set_fact:
|
|
ironic_bin: "{{ ironic_command_path.stdout | dirname }}"
|
|
when:
|
|
- not ironic_venv_enabled | bool
|
|
tags:
|
|
- ironic-command-bin
|
|
|
|
- name: Post swift tempURL secret key
|
|
shell: |
|
|
. ~/openrc
|
|
{{ ironic_bin }}/swift \
|
|
--os-username "service:{{ glance_service_user_name }}" \
|
|
--os-password {{ glance_service_password }} \
|
|
--os-auth-url {{ keystone_service_internalurl }} \
|
|
--os-identity-api-version {{ keystone_service_internalurl.split('/v')[-1] }} \
|
|
post -m temp-url-key:{{ ironic_swift_temp_url_secret_key }}
|
|
when:
|
|
- inventory_hostname == groups['ironic_all'][0]
|
|
- not ironic_standalone | bool
|
|
tags:
|
|
- ironic-swift-auth
|
|
- always
|
|
|
|
- name: Get swift account
|
|
shell: |
|
|
. ~/openrc
|
|
{{ ironic_bin }}/swift \
|
|
--os-username "service:{{ glance_service_user_name }}" \
|
|
--os-password {{ glance_service_password }} \
|
|
--os-auth-url {{ keystone_service_internalurl }} \
|
|
--os-identity-api-version {{ keystone_service_internalurl.split('/v')[-1] }} \
|
|
stat -v | awk '/StorageURL\:/ {print $2}'
|
|
register: swift_storage_url
|
|
when:
|
|
- (ironic_swift_auth_account is undefined) or (ironic_swift_endpoint is undefined)
|
|
- not ironic_standalone | bool
|
|
tags:
|
|
- ironic-swift-auth
|
|
- always
|
|
|
|
- name: Validate swift output
|
|
fail:
|
|
msg: |
|
|
No StorageURL output found using the `swift stat` command and either
|
|
the ``ironic_swift_auth_account`` or ``ironic_swift_auth_account``
|
|
variables are undefined. Ensure swift is functional and/or define
|
|
those variables.
|
|
when:
|
|
- (ironic_swift_auth_account is undefined) and (ironic_swift_endpoint is undefined)
|
|
- not ironic_standalone | bool
|
|
- not swift_storage_url.stdout
|
|
tags:
|
|
- ironic-swift-auth
|
|
- always
|
|
|
|
- name: Set the swift auth facts
|
|
set_fact:
|
|
ironic_swift_auth_account: "{{ swift_storage_url.stdout.split('/v1/')[-1] }}"
|
|
when:
|
|
- ironic_swift_auth_account is undefined
|
|
- not ironic_standalone | bool
|
|
tags:
|
|
- always
|
|
|
|
- name: Set the swift endpoint facts
|
|
set_fact:
|
|
ironic_swift_endpoint: "{{ swift_storage_url.stdout.split('/v1/')[0] }}"
|
|
when:
|
|
- ironic_swift_endpoint is undefined
|
|
- not ironic_standalone | bool
|
|
tags:
|
|
- always
|
|
|
|
- name: Generate ironic config
|
|
config_template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: "{{ item.owner|default(ironic_system_user_name) }}"
|
|
group: "{{ item.group|default(ironic_system_group_name) }}"
|
|
mode: "0644"
|
|
config_overrides: "{{ item.config_overrides }}"
|
|
config_type: "{{ item.config_type }}"
|
|
with_items:
|
|
- src: "ironic.conf.j2"
|
|
dest: "/etc/ironic/ironic.conf"
|
|
config_overrides: "{{ ironic_ironic_conf_overrides }}"
|
|
config_type: "ini"
|
|
- src: "rootwrap.conf.j2"
|
|
dest: "/etc/ironic/rootwrap.conf"
|
|
owner: "root"
|
|
group: "root"
|
|
config_overrides: "{{ ironic_rootwrap_conf_overrides }}"
|
|
config_type: "ini"
|
|
- src: "policy.json.j2"
|
|
dest: "/etc/ironic/policy.json"
|
|
config_overrides: "{{ ironic_policy_overrides }}"
|
|
config_type: "json"
|
|
notify: Restart ironic services
|
|
tags:
|
|
- ironic-config
|
|
- ironic-post-install
|
|
|
|
- name: Copy ironic rootwrap filter config
|
|
copy:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: "root"
|
|
group: "root"
|
|
with_items:
|
|
- { src: "rootwrap.d/ironic-images.filters", dest: "/etc/ironic/rootwrap.d/ironic-images.filters" }
|
|
- { src: "rootwrap.d/ironic-lib.filters", dest: "/etc/ironic/rootwrap.d/ironic-lib.filters" }
|
|
- { src: "rootwrap.d/ironic-utils.filters", dest: "/etc/ironic/rootwrap.d/ironic-utils.filters" }
|
|
notify: Restart ironic services
|
|
tags:
|
|
- ironic-config
|
|
- ironic-post-install
|
|
|
|
- name: Include sudoers file
|
|
template:
|
|
src: "sudoers.j2"
|
|
dest: "/etc/sudoers.d/{{ ironic_system_user_name }}_sudoers"
|
|
mode: "0440"
|
|
owner: "root"
|
|
group: "root"
|
|
tags:
|
|
- ironic-api
|
|
- ironic-conductor
|