Allow role to run in a serial playbook

When a playbook runs os_keystone in serial, the SSH and fernet key distribution are broken. This fixes both items allowing the role to be run in a serialized playbook. Change-Id: Ief28c6bed8daa38120207de61aba327c9fe49d3a
2017-02-25 19:21:38 -06:00 · 2017-02-25 19:21:38 -06:00 · 86c42e0697
commit 86c42e0697
parent 15725b7128
2 changed files with 42 additions and 23 deletions
--- a/tasks/keystone_key_distribute.yml
+++ b/tasks/keystone_key_distribute.yml
@ -16,6 +16,7 @@
 - name: Create authorized keys file from host vars
  authorized_key:
    user: "{{ keystone_system_user_name }}"
-    key: "{{ hostvars[item]['keystone_pubkey'] | b64decode }}"
-  when: hostvars[item]['keystone_pubkey'] is defined
-  with_items: "{{ groups['keystone_all'] }}"
+    key: "{{ keystone_pubkey | b64decode }}"
+  when: keystone_pubkey is defined
+  delegate_to: "{{ item }}"
+  with_items: "{{ ansible_play_hosts }}"
--- a/tasks/keystone_pre_install.yml
+++ b/tasks/keystone_pre_install.yml
@ -18,23 +18,33 @@
    name: "{{ keystone_system_group_name }}"
    state: "present"
    system: "yes"
+  delegate_to: "{{ item }}"
+  with_items: "{{ ansible_play_hosts }}"
+  when: "{{ inventory_hostname == ansible_play_hosts[0] }}"

 - name: create additional groups
  group:
-    name: "{{ item }}"
+    name: "{{ item[1] }}"
    state: "present"
    system: "yes"
-  with_items: "{{ keystone_system_additional_groups }}"
+  with_nested:
+    - "{{ ansible_play_hosts }}"
+    - "{{ keystone_system_additional_groups }}"
+  delegate_to: "{{ item[0] }}"
+  when: "{{ inventory_hostname == ansible_play_hosts[0] }}"

 - name: Remove old key file(s) if found
  file:
-    path: "{{ item }}"
+    path: "{{ item[1] }}"
    state: "absent"
-  with_items:
-    - "{{ keystone_system_user_home }}/.ssh/authorized_keys"
-    - "{{ keystone_system_user_home }}/.ssh/id_rsa"
-    - "{{ keystone_system_user_home }}/.ssh/id_rsa.pub"
+  with_nested:
+    - "{{ ansible_play_hosts }}"
+    - - "{{ keystone_system_user_home }}/.ssh/authorized_keys"
+      - "{{ keystone_system_user_home }}/.ssh/id_rsa"
+      - "{{ keystone_system_user_home }}/.ssh/id_rsa.pub"
  when: keystone_recreate_keys | bool
+  delegate_to: "{{ item[0] }}"
+  when: "{{ inventory_hostname == ansible_play_hosts[0] }}"

 - name: Create the keystone system user
  user:
@ -47,23 +57,31 @@
    createhome: "yes"
    home: "{{ keystone_system_user_home }}"
    generate_ssh_key: "yes"
+  delegate_to: "{{ item }}"
+  with_items: "{{ ansible_play_hosts }}"
+  when: "{{ inventory_hostname == ansible_play_hosts[0] }}"

+# The fernet key repository is needed on all hosts even if only running against
+# one host, so the delegation preps the directories on all hosts at once.
 - name: Create keystone dir
  file:
-    path: "{{ item.path }}"
+    path: "{{ item[1].path }}"
    state: directory
-    owner: "{{ item.owner|default(keystone_system_user_name) }}"
-    group: "{{ item.group|default(keystone_system_group_name) }}"
-    mode: "{{ item.mode|default(0755) }}"
-  with_items:
-    - { path: "/openstack", mode: "0755", owner: "root", group: "root" }
-    - { path: "/etc/keystone", mode: "0750" }
-    - { path: "{{ keystone_ldap_domain_config_dir }}", mode: "0750" }
-    - { path: "/etc/keystone/ssl" }
-    - { path: "{{ keystone_fernet_tokens_key_repository }}", mode: "2750"}
-    - { path: "{{ keystone_system_user_home }}" }
-    - { path: "/var/www/cgi-bin", owner: root, group: root }
-    - { path: "/var/www/cgi-bin/keystone" }
+    owner: "{{ item[1].owner|default(keystone_system_user_name) }}"
+    group: "{{ item[1].group|default(keystone_system_group_name) }}"
+    mode: "{{ item[1].mode|default(0755) }}"
+  with_nested:
+    - "{{ ansible_play_hosts }}"
+    - - { path: "/openstack", mode: "0755", owner: "root", group: "root" }
+      - { path: "/etc/keystone", mode: "0750" }
+      - { path: "{{ keystone_ldap_domain_config_dir }}", mode: "0750" }
+      - { path: "/etc/keystone/ssl" }
+      - { path: "{{ keystone_fernet_tokens_key_repository }}", mode: "2750"}
+      - { path: "{{ keystone_system_user_home }}" }
+      - { path: "/var/www/cgi-bin", owner: root, group: root }
+      - { path: "/var/www/cgi-bin/keystone" }
+  delegate_to: "{{ item[0] }}"
+  when: "{{ inventory_hostname == ansible_play_hosts[0] }}"

 - name: Test for log directory or link
  shell: |