From 5ea6f419c748cbc7f1c526d1045fb20f767fef11 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Tue, 20 Jun 2023 20:44:40 +0200 Subject: [PATCH] Fix linters to satisfy ansible-lint 6.18 With update of ansible-lint to version >=6.0.0 a lot of new linters were added, that enabled by default. In order to comply with linter rules we're applying changes to the role. Update of linters version is required for bumping ansible-core version. Change-Id: Icb7d9906bdc3dcb50c44c67881c2078ade8b72f2 --- playbooks/ceph-install.yml | 7 +- playbooks/ceph-nfs-install.yml | 2 +- playbooks/ceph-rgw-install.yml | 6 +- playbooks/ceph-rgw-keystone-setup.yml | 3 +- playbooks/common-playbooks/cinder.yml | 13 +- .../haproxy-service-config.yml | 8 +- playbooks/common-playbooks/neutron.yml | 9 +- playbooks/common-playbooks/nova.yml | 11 +- playbooks/common-tasks/ceph-server.yml | 2 +- playbooks/common-tasks/unbound-clients.yml | 6 +- playbooks/containers-deploy.yml | 6 +- playbooks/containers-lxc-destroy.yml | 3 +- playbooks/containers-lxc-host.yml | 4 +- playbooks/defaults/healthchecks-vars.yml | 2 +- playbooks/galera-install.yml | 12 +- playbooks/haproxy-install.yml | 10 +- playbooks/healthcheck-hosts.yml | 3 +- playbooks/healthcheck-infrastructure.yml | 11 +- playbooks/healthcheck-openstack.yml | 25 ++-- playbooks/listening-port-report.yml | 3 +- playbooks/memcached-install.yml | 6 +- playbooks/os-adjutant-install.yml | 11 +- playbooks/os-aodh-install.yml | 6 +- playbooks/os-barbican-install.yml | 6 +- playbooks/os-blazar-install.yml | 6 +- playbooks/os-ceilometer-install.yml | 6 +- playbooks/os-cloudkitty-install.yml | 12 +- playbooks/os-designate-install.yml | 6 +- playbooks/os-glance-install.yml | 9 +- playbooks/os-gnocchi-install.yml | 6 +- playbooks/os-heat-install.yml | 6 +- playbooks/os-horizon-install.yml | 6 +- playbooks/os-ironic-install.yml | 6 +- playbooks/os-keystone-install.yml | 15 ++- playbooks/os-magnum-install.yml | 6 +- playbooks/os-manila-install.yml | 16 ++- playbooks/os-masakari-install.yml | 12 +- playbooks/os-mistral-install.yml | 6 +- playbooks/os-murano-install.yml | 6 +- playbooks/os-neutron-install.yml | 3 +- playbooks/os-octavia-install.yml | 6 +- playbooks/os-placement-install.yml | 6 +- playbooks/os-rally-install.yml | 3 +- playbooks/os-sahara-install.yml | 6 +- playbooks/os-senlin-install.yml | 11 +- playbooks/os-swift-install.yml | 6 +- playbooks/os-tacker-install.yml | 3 +- playbooks/os-trove-install.yml | 6 +- playbooks/os-zun-install.yml | 12 +- playbooks/qdrouterd-install.yml | 6 +- playbooks/rabbitmq-install.yml | 14 +- playbooks/repo-install.yml | 6 +- playbooks/setup-everything.yml | 11 +- playbooks/setup-hosts.yml | 23 +++- playbooks/setup-infrastructure.yml | 46 +++++-- playbooks/setup-openstack.yml | 126 +++++++++++++----- playbooks/unbound-install.yml | 9 +- playbooks/utility-install.yml | 16 ++- playbooks/zookeeper-install.yml | 6 +- 59 files changed, 423 insertions(+), 201 deletions(-) diff --git a/playbooks/ceph-install.yml b/playbooks/ceph-install.yml index 0b3c8ffc7a..5f1b7b6d9a 100644 --- a/playbooks/ceph-install.yml +++ b/playbooks/ceph-install.yml @@ -65,7 +65,8 @@ tags: - always - - import_tasks: common-tasks/ceph-server.yml + - name: Importing ceph-server tasks + import_tasks: common-tasks/ceph-server.yml - name: Create systemd service directory file: @@ -84,6 +85,7 @@ content: | [Service] PrivateDevices=false + mode: "0640" when: - ansible_facts['pkg_mgr'] == 'dnf' - ansible_facts['service_mgr'] == 'systemd' @@ -145,7 +147,8 @@ tags: - always - - import_tasks: common-tasks/ceph-server.yml + - name: Importing ceph-server tasks + import_tasks: common-tasks/ceph-server.yml roles: - role: ceph-defaults diff --git a/playbooks/ceph-nfs-install.yml b/playbooks/ceph-nfs-install.yml index e51b4e3fad..dfdaad41ac 100644 --- a/playbooks/ceph-nfs-install.yml +++ b/playbooks/ceph-nfs-install.yml @@ -42,7 +42,7 @@ path: /var/log/ganesha owner: root group: root - mode: 0755 + mode: "0755" state: directory roles: - role: ceph-defaults diff --git a/playbooks/ceph-rgw-install.yml b/playbooks/ceph-rgw-install.yml index eeba71da99..58b04fbeb5 100644 --- a/playbooks/ceph-rgw-install.yml +++ b/playbooks/ceph-rgw-install.yml @@ -13,7 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -- import_playbook: ceph-rgw-keystone-setup.yml +- name: Importing ceph-rgw-keystone-setup playbook + import_playbook: ceph-rgw-keystone-setup.yml when: (groups[rgw_group_name] is defined and groups[rgw_group_name] | length > 0) or (ceph_rgws | length > 0) - name: Gather ceph-rgw facts @@ -30,7 +31,8 @@ - "defaults/{{ install_method }}_install.yml" pre_tasks: - - import_tasks: common-tasks/ceph-server.yml + - name: Importing ceph-server tasks + import_tasks: common-tasks/ceph-server.yml - name: Gather ceph-mon facts action: setup diff --git a/playbooks/ceph-rgw-keystone-setup.yml b/playbooks/ceph-rgw-keystone-setup.yml index c427a5ed25..e725c1a53f 100644 --- a/playbooks/ceph-rgw-keystone-setup.yml +++ b/playbooks/ceph-rgw-keystone-setup.yml @@ -21,7 +21,8 @@ vars: ansible_python_interpreter: >- {{ openstack_service_setup_host_python_interpreter | - default((openstack_service_setup_host | default('localhost') == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }} + default((openstack_service_setup_host | + default('localhost') == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }} tags: - ceph-rgw - ceph-rgw-setup diff --git a/playbooks/common-playbooks/cinder.yml b/playbooks/common-playbooks/cinder.yml index 7b0421ec75..a7ff4b8a62 100644 --- a/playbooks/common-playbooks/cinder.yml +++ b/playbooks/common-playbooks/cinder.yml @@ -29,7 +29,8 @@ # config file changes which causes a container/service # restart do not cause an unexpected outage, we drain # the load balancer back end for this container. - - include_tasks: ../common-tasks/haproxy-endpoint-manage.yml + - name: Disabling haproxy backends + include_tasks: ../common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: cinder_api-back haproxy_state: disabled @@ -64,11 +65,12 @@ - "not is_metal" - "not ( 'cinder_volume' in group_names and cinder_backend_lvm_inuse | bool )" - - include_tasks: ../common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: ../common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool - - name: Add volume group block device to cinder + - name: Add volume group block device to cinder # noqa: no-changed-when shell: | set -o pipefail {% if item.value.volume_group is defined %} @@ -89,7 +91,7 @@ - cinder_backend_lvm_inuse | bool delegate_to: "{{ physical_host }}" - - name: udevadm trigger + - name: Trigger udevadm # noqa: no-changed-when command: udevadm trigger delegate_to: "{{ physical_host }}" when: cinder_backend_lvm_inuse | bool @@ -106,7 +108,8 @@ # Now that container changes are done, we can set # the load balancer back end for this container # to available again. - - include_tasks: ../common-tasks/haproxy-endpoint-manage.yml + - name: Enabling haproxy backends + include_tasks: ../common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: cinder_api-back haproxy_state: enabled diff --git a/playbooks/common-playbooks/haproxy-service-config.yml b/playbooks/common-playbooks/haproxy-service-config.yml index 09dfde02e6..9926a8c8d4 100644 --- a/playbooks/common-playbooks/haproxy-service-config.yml +++ b/playbooks/common-playbooks/haproxy-service-config.yml @@ -22,17 +22,19 @@ # After haproxy is configured, refresh_inventory is triggered to restore the # original inventory state. -- hosts: "{{ service_group }}" +- name: Adding hosts haproxy_service variables to haproxy + hosts: "{{ service_group }}" gather_facts: false run_once: true tasks: - - name: "Temporarily copy haproxy_service_configs value from {{ service_group }} to haproxy_all" + - name: "Temporarily copy haproxy_service_configs value to haproxy_all from {{ service_group }}" add_host: name: "{{ item }}" haproxy_service_configs: "{{ hostvars[inventory_hostname][service_variable] }}" with_items: "{{ groups['haproxy_all'] }}" -- hosts: haproxy_all +- name: Configuring haproxy for the service + hosts: haproxy_all serial: "{{ haproxy_serial | default('50%') }}" tasks: - name: Configure haproxy for the service diff --git a/playbooks/common-playbooks/neutron.yml b/playbooks/common-playbooks/neutron.yml index 21d3f3f3eb..8dcb1b603c 100644 --- a/playbooks/common-playbooks/neutron.yml +++ b/playbooks/common-playbooks/neutron.yml @@ -29,7 +29,8 @@ # config file changes which causes a container/service # restart do not cause an unexpected outage, we drain # the load balancer back end for this container. - - include_tasks: ../common-tasks/haproxy-endpoint-manage.yml + - name: Disabling haproxy backends + include_tasks: ../common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: neutron_server-back haproxy_state: disabled @@ -64,7 +65,8 @@ - "not is_metal" - "'neutron_agent' not in group_names" - - include_tasks: ../common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: ../common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool @@ -79,7 +81,8 @@ # Now that container changes are done, we can set # the load balancer back end for this container # to available again. - - include_tasks: ../common-tasks/haproxy-endpoint-manage.yml + - name: Enabling haproxy backends + include_tasks: ../common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: neutron_server-back haproxy_state: enabled diff --git a/playbooks/common-playbooks/nova.yml b/playbooks/common-playbooks/nova.yml index 497ff1d6c7..89d0cbaf14 100644 --- a/playbooks/common-playbooks/nova.yml +++ b/playbooks/common-playbooks/nova.yml @@ -43,7 +43,8 @@ # config file changes which causes a container/service # restart do not cause an unexpected outage, we drain # the load balancer back end for this container. - - include_tasks: ../common-tasks/haproxy-endpoint-manage.yml + - name: Disabling haproxy backends + include_tasks: ../common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: "{{ backend_name }}-back" haproxy_state: disabled @@ -64,7 +65,8 @@ extra_container_config_no_restart: - "lxc.start.order=39" - - include_tasks: ../common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: ../common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool @@ -85,7 +87,7 @@ tags: - always - - name: Add net/tun device to the compute + - name: Add net/tun device to the compute # noqa: no-changed-when command: | lxc-device -n {{ container_name }} add /dev/net/tun /dev/net/tun delegate_to: "{{ physical_host }}" @@ -137,7 +139,8 @@ # Now that container changes are done, we can set # the load balancer back end for this container # to available again. - - include_tasks: ../common-tasks/haproxy-endpoint-manage.yml + - name: Enabling haproxy backends + include_tasks: ../common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: "{{ backend_name }}-back" haproxy_state: enabled diff --git a/playbooks/common-tasks/ceph-server.yml b/playbooks/common-tasks/ceph-server.yml index 332738fa25..ae17a91856 100644 --- a/playbooks/common-tasks/ceph-server.yml +++ b/playbooks/common-tasks/ceph-server.yml @@ -22,7 +22,7 @@ when: - hostvars['localhost']['resolvconf_enabled'] | bool -#TODO: mgariepy, revisit to use include_role when https://github.com/ansible/ansible/issues/20077 is fixed +# TODO: mgariepy, revisit to use include_role when https://github.com/ansible/ansible/issues/20077 is fixed - name: Ensure Ansible can work with SELinux package: name: libselinux-python3 diff --git a/playbooks/common-tasks/unbound-clients.yml b/playbooks/common-tasks/unbound-clients.yml index dd2d77c2b9..0d7d4bc4a1 100644 --- a/playbooks/common-tasks/unbound-clients.yml +++ b/playbooks/common-tasks/unbound-clients.yml @@ -13,8 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -#create a sorted resolver list with affinity toward unbound container(s) -#on the same physical_host +# create a sorted resolver list with affinity toward unbound container(s) +# on the same physical_host - name: Apply resolver sorting set_fact: resolver_list: |- @@ -51,7 +51,7 @@ - resolver_list is defined - resolver_list | length > 0 -#rotate is only used when no physical_host affinity is defined +# rotate is only used when no physical_host affinity is defined - name: Set resolver rotate when physical_host is not an unbound host set_fact: resolvconf_options: diff --git a/playbooks/containers-deploy.yml b/playbooks/containers-deploy.yml index 6b6014beef..7a6d14c833 100644 --- a/playbooks/containers-deploy.yml +++ b/playbooks/containers-deploy.yml @@ -13,5 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -- import_playbook: "containers-lxc-host.yml" -- import_playbook: "containers-lxc-create.yml" +- name: Import container hosts playbook + import_playbook: "containers-lxc-host.yml" +- name: Import containers create playbook + import_playbook: "containers-lxc-create.yml" diff --git a/playbooks/containers-lxc-destroy.yml b/playbooks/containers-lxc-destroy.yml index f96bdef478..b8cd695e89 100644 --- a/playbooks/containers-lxc-destroy.yml +++ b/playbooks/containers-lxc-destroy.yml @@ -49,7 +49,8 @@ when: - force_containers_destroy | bool - - include_tasks: "common-tasks/remove_container_journal.yml" + - name: Including remove_container_journal tasks + include_tasks: "common-tasks/remove_container_journal.yml" vars: container_machine_id: "{{ ((_container_machine_id.content | default('bm9uZQo=')) | b64decode).strip() }}" diff --git a/playbooks/containers-lxc-host.yml b/playbooks/containers-lxc-host.yml index 3768603b0f..7be88c8a20 100644 --- a/playbooks/containers-lxc-host.yml +++ b/playbooks/containers-lxc-host.yml @@ -38,8 +38,9 @@ file: path: "/openstack/log" state: directory + mode: "0755" - name: Move the existing folder to the log aggregation parent - command: "mv /var/log/lxc /openstack/log/{{ inventory_hostname }}-lxc" + command: "mv /var/log/lxc /openstack/log/{{ inventory_hostname }}-lxc" # noqa: no-changed-when when: - _lxc_log_dir.stat.isdir is defined - _lxc_log_dir.stat.isdir | bool @@ -47,6 +48,7 @@ file: path: "/openstack/log/{{ inventory_hostname }}-lxc" state: directory + mode: "0755" - name: Create the LXC service log aggregation link file: src: "/openstack/log/{{ inventory_hostname }}-lxc" diff --git a/playbooks/defaults/healthchecks-vars.yml b/playbooks/defaults/healthchecks-vars.yml index 210db06e82..fad5b21089 100644 --- a/playbooks/defaults/healthchecks-vars.yml +++ b/playbooks/defaults/healthchecks-vars.yml @@ -14,7 +14,7 @@ # limitations under the License. # # (c) 2018, Jean-Philippe Evrard -#ansible_python_interpreter: "{{ ansible_playbook_python }}" +# ansible_python_interpreter: "{{ ansible_playbook_python }}" glance_images: - url: "https://download.cirros-cloud.net/0.5.1/cirros-0.5.1-x86_64-disk.img" dest: "/tmp/cirros-0.5.1.img" diff --git a/playbooks/galera-install.yml b/playbooks/galera-install.yml index 4d8209295f..0fd85898c8 100644 --- a/playbooks/galera-install.yml +++ b/playbooks/galera-install.yml @@ -38,16 +38,19 @@ serial: "{{ galera_serial | default(1) }}" user: root pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal vars: list_of_bind_mounts: "{{ galera_container_bind_mounts }}" extra_container_config_no_restart: - "lxc.start.order=10" - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool - - include_tasks: common-tasks/haproxy-endpoint-manage.yml + - name: Disabling haproxy backends + include_tasks: common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: galera-back haproxy_state: drain @@ -62,7 +65,8 @@ tags: - crontab post_tasks: - - include_tasks: common-tasks/haproxy-endpoint-manage.yml + - name: Enabling haproxy backends + include_tasks: common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: galera-back haproxy_state: enabled diff --git a/playbooks/haproxy-install.yml b/playbooks/haproxy-install.yml index 6264697842..877ddc23a3 100644 --- a/playbooks/haproxy-install.yml +++ b/playbooks/haproxy-install.yml @@ -23,15 +23,17 @@ tags: - always -- name: haproxy base config +- name: HAProxy base config hosts: haproxy gather_facts: false serial: "{{ haproxy_serial | default('50%') }}" user: root pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool - name: Remove legacy haproxy configuration files @@ -44,7 +46,7 @@ - name: "heat_api_cloudwatch" when: "yes" when: - - "item.when | bool" + - "item.when | bool" tags: - haproxy-config # this tag is present because the task is ONLY a config task diff --git a/playbooks/healthcheck-hosts.yml b/playbooks/healthcheck-hosts.yml index 59695c6cb1..d8bae2acd6 100644 --- a/playbooks/healthcheck-hosts.yml +++ b/playbooks/healthcheck-hosts.yml @@ -53,6 +53,7 @@ get_url: url: https://opendev.org/openstack/openstack-ansible/raw/ansible-role-requirements.yml dest: /tmp/osa-master-requirements + mode: "0600" environment: "{{ deployment_environment_variables | default({}) }}" # Test extra settings before setup-infrastructure @@ -120,7 +121,7 @@ - "'ebtables' in modules_content" - "'vm.swappiness' in sysctl_content" - "'172.29.236.100 {{ ansible_facts['fqdn'] }} {{ ansible_facts['hostname'] }}' in hosts_content" - - "'{{ hostvars[groups['galera_all'][0]]['management_address'] }} {{ hostvars[groups['galera_all'][0]]['ansible_facts']['hostname'] }}.openstack.local {{ hostvars[groups['galera_all'][0]]['ansible_facts']['hostname'] ~ ((hostvars[groups['galera_all'][0]]['ansible_facts']['hostname'] != groups['galera_all'][0]) | ternary(' ' ~ groups['galera_all'][0], '')) }}' in hosts_content" + - "'{{ hostvars[groups['galera_all'][0]]['management_address'] }} {{ hostvars[groups['galera_all'][0]]['ansible_facts']['hostname'] }}.openstack.local {{ hostvars[groups['galera_all'][0]]['ansible_facts']['hostname'] ~ ((hostvars[groups['galera_all'][0]]['ansible_facts']['hostname'] != groups['galera_all'][0]) | ternary(' ' ~ groups['galera_all'][0], '')) }}' in hosts_content" # noqa: yaml[line-length] - "release_file.stat.exists" - "systat_file.stat.exists" - "'PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' in environment_content" diff --git a/playbooks/healthcheck-infrastructure.yml b/playbooks/healthcheck-infrastructure.yml index 621e5d69dc..687848b869 100644 --- a/playbooks/healthcheck-infrastructure.yml +++ b/playbooks/healthcheck-infrastructure.yml @@ -55,7 +55,8 @@ changed_when: false when: groups['haproxy'] | length > 1 - - package: + - name: Install netcat + package: name: "{% if ansible_facts['os_family'] | lower == 'redhat' %}nmap-ncat{% else %}netcat-openbsd{% endif %}" state: present @@ -126,12 +127,13 @@ delegate_facts: true with_items: "{{ groups['memcached'] }}" - - package: + - name: Install netcat + package: name: "{% if ansible_facts['os_family'] | lower == 'redhat' %}nmap-ncat{% else %}netcat-openbsd{% endif %}" state: present - name: Connect to remote memcache servers (full mesh testing) - shell: "echo stats | nc -w 3 {{ hostvars[memcached_host]['management_address'] }} {{ memcached_port }}" + shell: "echo stats | nc -w 3 {{ hostvars[memcached_host]['management_address'] }} {{ memcached_port }}" changed_when: false register: memcache_stats with_items: "{{ groups['memcached'] }}" @@ -265,6 +267,7 @@ -u osa-tester \ OSA-test \ -e "SHOW TABLES;" + changed_when: false when: inventory_hostname == groups['galera_all'][-1] - name: Remove created user @@ -335,7 +338,7 @@ copy: src: "../scripts/rabbitmq-test.py" dest: "{{ venv_path }}/rabbitmq-test.py" - mode: 0755 + mode: "0755" - name: Connect to rabbitmq command: "{{ venv_path }}/bin/python {{ venv_path }}/rabbitmq-test.py {{ hostvars[groups['rabbitmq_all'][0]]['management_address'] }}" changed_when: false diff --git a/playbooks/healthcheck-openstack.yml b/playbooks/healthcheck-openstack.yml index f6778b16cd..2c29f05f28 100644 --- a/playbooks/healthcheck-openstack.yml +++ b/playbooks/healthcheck-openstack.yml @@ -56,6 +56,7 @@ url: "{{ item.url }}" dest: "{{ item.dest }}" checksum: "{{ item.checksum | default(omit) }}" + mode: "0640" with_items: "{{ glance_images }}" register: fetch_url until: fetch_url is success @@ -98,7 +99,7 @@ display_name: "{{ item.name }}" size: "{{ item.size }}" snapshot_id: "{{ item.snapshot_id | default(omit) }}" - timeout: "{{ item.timeout | default(600) }}" #By default it's 180 but that's low. + timeout: "{{ item.timeout | default(600) }}" # By default it's 180 but that's low. volume: "{{ item.volume | default(omit) }}" volume_type: "{{ item.volume_type | default(omit) }}" with_items: "{{ cinder_volumes }}" @@ -125,7 +126,8 @@ with_dict: "{{ neutron_networks }}" register: _create_net - - fail: + - name: Fail if network was not created successfully + fail: msg: "Creating network failure" with_items: "{{ _create_net.results }}" when: @@ -155,7 +157,7 @@ cidr: "{{ item[1].cidr }}" gateway_ip: "{{ item[1].gateway_ip | default(omit) }}" enable_dhcp: "{{ item[1].enable_dhcp | default(false) }}" - allocation_pool_start: "{{ item[1].allocation_pool_start | default(omit) }}" + allocation_pool_start: "{{ item[1].allocation_pool_start | default(omit) }}" allocation_pool_end: "{{ item[1].allocation_pool_end | default(omit) }}" dns_nameservers: "{{ item[1].dns_nameservers | default([]) }}" project: "{{ item[0].project | default(omit) }}" @@ -186,6 +188,7 @@ get_url: url: "{{ heat_stack['source_url'] }}" dest: "{{ heat_stack['dest_file'] }}" + mode: "0640" - name: Create heat stack ignore_errors: True @@ -307,6 +310,7 @@ - name: Ensure connection to node works command: "scp -o StrictHostKeyChecking=no -i {{ ssh_key }} cirros@{{ _floating_ip[0] }}:/etc/fstab /tmp/fstab" + changed_when: false when: - "groups['nova_all'] | length > 0" @@ -381,7 +385,8 @@ vars_files: - defaults/healthchecks-vars.yml tasks: - - block: + - name: Teardown images tests + block: - name: Remove glance downloads file: state: absent @@ -402,7 +407,8 @@ tags: - healthchecks-teardown-glance - - block: + - name: Teardown volumes tests + block: - name: Detach volume if attached when: "groups['nova_all'] | length > 0" openstack.cloud.server_volume: @@ -427,7 +433,8 @@ tags: - healthchecks-teardown-cinder - - block: + - name: Teardown heat tests + block: - name: Remove heat downloads file: path: "{{ heat_stack['dest_file'] }}" @@ -452,7 +459,8 @@ tags: - healthchecks-teardown-heat - - block: + - name: Teardown nova tests + block: - name: Remove nova flavor openstack.cloud.compute_flavor: cloud: default @@ -493,7 +501,8 @@ tags: - healthchecks-teardown-nova - - block: + - name: Teardown swift tests + block: - name: Teardown swift data openstack.cloud.object: cloud: default diff --git a/playbooks/listening-port-report.yml b/playbooks/listening-port-report.yml index c7df18ca79..b8a7e4f3f7 100644 --- a/playbooks/listening-port-report.yml +++ b/playbooks/listening-port-report.yml @@ -21,7 +21,7 @@ register: listening_ports changed_when: false - - name: create report + - name: Create report copy: content: | {% for host in ansible_play_hosts %} @@ -33,5 +33,6 @@ {% endfor %} dest: /tmp/listening_port_report.txt + mode: "0640" delegate_to: localhost run_once: true diff --git a/playbooks/memcached-install.yml b/playbooks/memcached-install.yml index c893b375cc..b88de23985 100644 --- a/playbooks/memcached-install.yml +++ b/playbooks/memcached-install.yml @@ -25,9 +25,11 @@ serial: "{{ memcached_serial | default(['1','100%']) }}" user: root pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: diff --git a/playbooks/os-adjutant-install.yml b/playbooks/os-adjutant-install.yml index b080430ba6..93fb4b2306 100644 --- a/playbooks/os-adjutant-install.yml +++ b/playbooks/os-adjutant-install.yml @@ -47,7 +47,8 @@ # config file changes which causes a container/service # restart do not cause an unexpected outage, we drain # the load balancer back end for this container. - - include_tasks: common-tasks/haproxy-endpoint-manage.yml + - name: Disabling haproxy backends + include_tasks: common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: adjutant_api-back haproxy_state: disabled @@ -55,18 +56,20 @@ - "'adjutant_api' in group_names" - "groups['adjutant_api'] | length > 1" - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: - - role: "os_adjutant" + - role: "os_adjutant" post_tasks: # Now that container changes are done, we can set # the load balancer back end for this container # to available again. - - include_tasks: common-tasks/haproxy-endpoint-manage.yml + - name: Enabling haproxy backends + include_tasks: common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: adjutant_api-back haproxy_state: enabled diff --git a/playbooks/os-aodh-install.yml b/playbooks/os-aodh-install.yml index 8e49b96716..9fdc7dc018 100644 --- a/playbooks/os-aodh-install.yml +++ b/playbooks/os-aodh-install.yml @@ -43,10 +43,12 @@ tags: - aodh pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool diff --git a/playbooks/os-barbican-install.yml b/playbooks/os-barbican-install.yml index e119e68aca..6cf6cfc745 100644 --- a/playbooks/os-barbican-install.yml +++ b/playbooks/os-barbican-install.yml @@ -43,10 +43,12 @@ tags: - barbican pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: diff --git a/playbooks/os-blazar-install.yml b/playbooks/os-blazar-install.yml index 27781393ab..05dce8f0b4 100644 --- a/playbooks/os-blazar-install.yml +++ b/playbooks/os-blazar-install.yml @@ -43,10 +43,12 @@ tags: - blazar pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool diff --git a/playbooks/os-ceilometer-install.yml b/playbooks/os-ceilometer-install.yml index b427a5a368..fc74b56517 100644 --- a/playbooks/os-ceilometer-install.yml +++ b/playbooks/os-ceilometer-install.yml @@ -31,10 +31,12 @@ vars_files: - "defaults/{{ install_method }}_install.yml" pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: diff --git a/playbooks/os-cloudkitty-install.yml b/playbooks/os-cloudkitty-install.yml index 34b5461e1e..9b7a0a5063 100644 --- a/playbooks/os-cloudkitty-install.yml +++ b/playbooks/os-cloudkitty-install.yml @@ -48,7 +48,8 @@ # config file changes which causes a container/service # restart do not cause an unexpected outage, we drain # the load balancer back end for this container. - - include_tasks: common-tasks/haproxy-endpoint-manage.yml + - name: Disabling haproxy backends + include_tasks: common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: cloudkitty_api-back haproxy_state: disabled @@ -56,22 +57,23 @@ - "'cloudkitty_api' in group_names" - "groups['cloudkitty_api'] | length > 1" - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: - - role: "os_cloudkitty" + - role: "os_cloudkitty" post_tasks: # Now that container changes are done, we can set # the load balancer back end for this container # to available again. - - include_tasks: common-tasks/haproxy-endpoint-manage.yml + - name: Enabling haproxy backends + include_tasks: common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: cloudkitty_api-back haproxy_state: enabled when: - "'cloudkitty_api' in group_names" - "groups['cloudkitty_api'] | length > 1" - diff --git a/playbooks/os-designate-install.yml b/playbooks/os-designate-install.yml index 658f4707a0..db709b2538 100644 --- a/playbooks/os-designate-install.yml +++ b/playbooks/os-designate-install.yml @@ -46,10 +46,12 @@ tags: - designate pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: diff --git a/playbooks/os-glance-install.yml b/playbooks/os-glance-install.yml index 7a3cd7281a..1e0441c167 100644 --- a/playbooks/os-glance-install.yml +++ b/playbooks/os-glance-install.yml @@ -47,7 +47,8 @@ # config file changes which causes a container/service # restart do not cause an unexpected outage, we drain # the load balancer back end for this container. - - include_tasks: common-tasks/haproxy-endpoint-manage.yml + - name: Disabling haproxy backends + include_tasks: common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: glance_api-back haproxy_state: disabled @@ -70,7 +71,8 @@ - not is_metal - (glance_default_store != "file") or (glance_remote_client is defined) - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool @@ -84,7 +86,8 @@ # Now that container changes are done, we can set # the load balancer back end for this container # to available again. - - include_tasks: common-tasks/haproxy-endpoint-manage.yml + - name: Enabling haproxy backends + include_tasks: common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: glance_api-back haproxy_state: enabled diff --git a/playbooks/os-gnocchi-install.yml b/playbooks/os-gnocchi-install.yml index 5f3feca631..ae56c2f9d8 100644 --- a/playbooks/os-gnocchi-install.yml +++ b/playbooks/os-gnocchi-install.yml @@ -43,14 +43,16 @@ tags: - gnocchi pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" vars: list_of_bind_mounts: "{{ gnocchi_container_bind_mounts }}" when: - not is_metal - (gnocchi_storage_driver | default('file')) != "file" - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: diff --git a/playbooks/os-heat-install.yml b/playbooks/os-heat-install.yml index 05854725d7..bfe9c709f5 100644 --- a/playbooks/os-heat-install.yml +++ b/playbooks/os-heat-install.yml @@ -43,10 +43,12 @@ vars_files: - "defaults/{{ install_method }}_install.yml" pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: diff --git a/playbooks/os-horizon-install.yml b/playbooks/os-horizon-install.yml index a15a152dcc..69e87cc797 100644 --- a/playbooks/os-horizon-install.yml +++ b/playbooks/os-horizon-install.yml @@ -43,9 +43,11 @@ tags: - horizon pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: diff --git a/playbooks/os-ironic-install.yml b/playbooks/os-ironic-install.yml index e254c88160..8d3f20c6a2 100644 --- a/playbooks/os-ironic-install.yml +++ b/playbooks/os-ironic-install.yml @@ -43,10 +43,12 @@ tags: - ironic pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: diff --git a/playbooks/os-keystone-install.yml b/playbooks/os-keystone-install.yml index 3c56aadac0..faacb44c15 100644 --- a/playbooks/os-keystone-install.yml +++ b/playbooks/os-keystone-install.yml @@ -75,7 +75,8 @@ # config file changes which causes a container/service # restart do not cause an unexpected outage, we drain # the load balancer back end for this container. - - include_tasks: common-tasks/haproxy-endpoint-manage.yml + - name: Disabling haproxy backends + include_tasks: common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: "keystone_service-back" haproxy_state: disabled @@ -88,7 +89,8 @@ - "lxc.start.order=19" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool @@ -102,7 +104,8 @@ # Now that container changes are done, we can set # the load balancer back end for this container # to available again. - - include_tasks: common-tasks/haproxy-endpoint-manage.yml + - name: Enabling haproxy backends + include_tasks: common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: "keystone_service-back" haproxy_state: enabled @@ -122,7 +125,7 @@ tags: - keystone tasks: - - name: refresh local facts + - name: Refresh local facts setup: filter: ansible_local gather_subset: "!all" @@ -157,7 +160,7 @@ run_once: yes - name: Perform a Keystone DB sync contract - command: "{{ keystone_bin }}/keystone-manage db_sync --contract" + command: "{{ keystone_bin }}/keystone-manage db_sync --contract" # noqa: no-changed-when become: yes become_user: "{{ keystone_system_user_name | default('keystone') }}" when: @@ -172,6 +175,7 @@ section: keystone option: "need_db_contract" value: "False" + mode: "0644" when: - "dbsync_contract is succeeded" @@ -191,4 +195,3 @@ include_role: name: os_keystone tasks_from: main_keystone_federation_sp_idp_setup.yml - diff --git a/playbooks/os-magnum-install.yml b/playbooks/os-magnum-install.yml index c155e636a3..78a32cf005 100644 --- a/playbooks/os-magnum-install.yml +++ b/playbooks/os-magnum-install.yml @@ -46,10 +46,12 @@ tags: - magnum pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool diff --git a/playbooks/os-manila-install.yml b/playbooks/os-manila-install.yml index 7d3a04e804..381ce9d095 100644 --- a/playbooks/os-manila-install.yml +++ b/playbooks/os-manila-install.yml @@ -55,7 +55,8 @@ # config file changes which causes a container/service # restart do not cause an unexpected outage, we drain # the load balancer back end for this container. - - include_tasks: common-tasks/haproxy-endpoint-manage.yml + - name: Disabling haproxy backends + include_tasks: common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: manila-back haproxy_state: disabled @@ -63,18 +64,20 @@ - "'manila_api' in group_names" - "groups['manila_api'] | length > 1" - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: - - role: "os_manila" + - role: "os_manila" post_tasks: # Now that container changes are done, we can set # the load balancer back end for this container # to available again. - - include_tasks: common-tasks/haproxy-endpoint-manage.yml + - name: Enabling haproxy backends + include_tasks: common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: manila-back haproxy_state: enabled @@ -93,9 +96,10 @@ - manila pre_tasks: - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: - - role: "os_manila" + - role: "os_manila" diff --git a/playbooks/os-masakari-install.yml b/playbooks/os-masakari-install.yml index c51179525b..515b729db0 100644 --- a/playbooks/os-masakari-install.yml +++ b/playbooks/os-masakari-install.yml @@ -74,7 +74,8 @@ # config file changes which causes a container/service # restart do not cause an unexpected outage, we drain # the load balancer back end for this container. - - include_tasks: common-tasks/haproxy-endpoint-manage.yml + - name: Disabling haproxy backends + include_tasks: common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: masakari_api-back haproxy_state: disabled @@ -82,10 +83,12 @@ - "'masakari_api' in group_names" - "groups['masakari_api'] | length > 1" - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool @@ -96,7 +99,8 @@ # Now that container changes are done, we can set # the load balancer back end for this container # to available again. - - include_tasks: common-tasks/haproxy-endpoint-manage.yml + - name: Enabling haproxy backends + include_tasks: common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: masakari_api-back haproxy_state: enabled diff --git a/playbooks/os-mistral-install.yml b/playbooks/os-mistral-install.yml index 7c47ef6e0c..d698ae5142 100644 --- a/playbooks/os-mistral-install.yml +++ b/playbooks/os-mistral-install.yml @@ -43,10 +43,12 @@ tags: - mistral pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool diff --git a/playbooks/os-murano-install.yml b/playbooks/os-murano-install.yml index 66e58f4c04..50bb5653d2 100644 --- a/playbooks/os-murano-install.yml +++ b/playbooks/os-murano-install.yml @@ -43,10 +43,12 @@ tags: - murano pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool diff --git a/playbooks/os-neutron-install.yml b/playbooks/os-neutron-install.yml index b80f686f09..bb525a1468 100644 --- a/playbooks/os-neutron-install.yml +++ b/playbooks/os-neutron-install.yml @@ -38,7 +38,8 @@ tags: - neutron tasks: - - import_tasks: common-tasks/dynamic-grouping.yml + - name: Importing dynamic-grouping tasks + import_tasks: common-tasks/dynamic-grouping.yml vars: src_group: "nova_compute" dest_group: "neutron_l3_agent, neutron_metadata_agent" diff --git a/playbooks/os-octavia-install.yml b/playbooks/os-octavia-install.yml index 34038dac25..541e74d01a 100644 --- a/playbooks/os-octavia-install.yml +++ b/playbooks/os-octavia-install.yml @@ -43,10 +43,12 @@ tags: - octavia pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: diff --git a/playbooks/os-placement-install.yml b/playbooks/os-placement-install.yml index 70a38c5cc6..f266612fa2 100644 --- a/playbooks/os-placement-install.yml +++ b/playbooks/os-placement-install.yml @@ -43,10 +43,12 @@ tags: - placement pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: diff --git a/playbooks/os-rally-install.yml b/playbooks/os-rally-install.yml index 18f769de2d..7d6f6582a6 100644 --- a/playbooks/os-rally-install.yml +++ b/playbooks/os-rally-install.yml @@ -33,7 +33,8 @@ meta: end_play when: - (not (rally_install | default(false)) | bool) - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: diff --git a/playbooks/os-sahara-install.yml b/playbooks/os-sahara-install.yml index 9e1f2c7ddd..16d8fbccd7 100644 --- a/playbooks/os-sahara-install.yml +++ b/playbooks/os-sahara-install.yml @@ -41,10 +41,12 @@ tags: - sahara pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: diff --git a/playbooks/os-senlin-install.yml b/playbooks/os-senlin-install.yml index 006bf0f9a5..2c146db835 100644 --- a/playbooks/os-senlin-install.yml +++ b/playbooks/os-senlin-install.yml @@ -47,7 +47,8 @@ # config file changes which causes a container/service # restart do not cause an unexpected outage, we drain # the load balancer back end for this container. - - include_tasks: common-tasks/haproxy-endpoint-manage.yml + - name: Disabling haproxy backends + include_tasks: common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: senlin_api-back haproxy_state: disabled @@ -55,18 +56,20 @@ - "'senlin_api' in group_names" - "groups['senlin_api'] | length > 1" - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: - - role: "os_senlin" + - role: "os_senlin" post_tasks: # Now that container changes are done, we can set # the load balancer back end for this container # to available again. - - include_tasks: common-tasks/haproxy-endpoint-manage.yml + - name: Enabling haproxy backends + include_tasks: common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: senlin_api-back haproxy_state: enabled diff --git a/playbooks/os-swift-install.yml b/playbooks/os-swift-install.yml index 250eb291dd..e84f0016a8 100644 --- a/playbooks/os-swift-install.yml +++ b/playbooks/os-swift-install.yml @@ -39,13 +39,15 @@ vars_files: - "defaults/{{ install_method }}_install.yml" pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" vars: extra_container_config_no_restart: - "lxc.start.order=39" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool diff --git a/playbooks/os-tacker-install.yml b/playbooks/os-tacker-install.yml index 9be2bed0ae..fc3fa8c6b4 100644 --- a/playbooks/os-tacker-install.yml +++ b/playbooks/os-tacker-install.yml @@ -43,7 +43,8 @@ tags: - tacker pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal roles: - role: "os_tacker" diff --git a/playbooks/os-trove-install.yml b/playbooks/os-trove-install.yml index cd69a6a438..83b9517ba7 100644 --- a/playbooks/os-trove-install.yml +++ b/playbooks/os-trove-install.yml @@ -46,10 +46,12 @@ tags: - trove pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: diff --git a/playbooks/os-zun-install.yml b/playbooks/os-zun-install.yml index c4f0009a01..062f3cfb35 100644 --- a/playbooks/os-zun-install.yml +++ b/playbooks/os-zun-install.yml @@ -61,7 +61,8 @@ # config file changes which causes a container/service # restart do not cause an unexpected outage, we drain # the load balancer back end for this container. - - include_tasks: common-tasks/haproxy-endpoint-manage.yml + - name: Disabling haproxy backends + include_tasks: common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: zun_api-back haproxy_state: disabled @@ -69,10 +70,12 @@ - "'zun_api' in group_names" - "groups['zun_api'] | length > 1" - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool @@ -83,7 +86,8 @@ # Now that container changes are done, we can set # the load balancer back end for this container # to available again. - - include_tasks: common-tasks/haproxy-endpoint-manage.yml + - name: Enabling haproxy backends + include_tasks: common-tasks/haproxy-endpoint-manage.yml vars: haproxy_backend: zun_api-back haproxy_state: enabled diff --git a/playbooks/qdrouterd-install.yml b/playbooks/qdrouterd-install.yml index b80a7b38db..7b01d63af8 100644 --- a/playbooks/qdrouterd-install.yml +++ b/playbooks/qdrouterd-install.yml @@ -28,13 +28,15 @@ tags: - qdrouterd pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" vars: extra_container_config_no_restart: - "lxc.start.order=19" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: diff --git a/playbooks/rabbitmq-install.yml b/playbooks/rabbitmq-install.yml index e77531ff05..14be919df5 100644 --- a/playbooks/rabbitmq-install.yml +++ b/playbooks/rabbitmq-install.yml @@ -25,13 +25,15 @@ gather_facts: false user: root pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" vars: extra_container_config_no_restart: - "lxc.start.order=19" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool roles: @@ -80,10 +82,10 @@ tasks: - name: Create rabbitmq user for monitoring GUI rabbitmq_user: - user: "{{ rabbitmq_monitoring_userid|default('monitoring') }}" - password: "{{ rabbitmq_monitoring_password }}" - tags: "{{ rabbitmq_monitoring_tag | default('monitoring') }}" - state: "present" + user: "{{ rabbitmq_monitoring_userid | default('monitoring') }}" + password: "{{ rabbitmq_monitoring_password }}" + tags: "{{ rabbitmq_monitoring_tag | default('monitoring') }}" + state: "present" no_log: true when: rabbitmq_monitoring_password is defined environment: "{{ deployment_environment_variables | default({}) }}" diff --git a/playbooks/repo-install.yml b/playbooks/repo-install.yml index 38dba3b2e2..429f462be7 100644 --- a/playbooks/repo-install.yml +++ b/playbooks/repo-install.yml @@ -30,12 +30,14 @@ when: - (install_method | default('source')) != "source" - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" vars: list_of_bind_mounts: "{{ repo_container_bind_mounts }}" when: not is_metal - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool environment: "{{ deployment_environment_variables | default({}) }}" diff --git a/playbooks/setup-everything.yml b/playbooks/setup-everything.yml index 9b60558aef..69be0d60ec 100644 --- a/playbooks/setup-everything.yml +++ b/playbooks/setup-everything.yml @@ -13,6 +13,11 @@ # See the License for the specific language governing permissions and # limitations under the License. -- import_playbook: setup-hosts.yml -- import_playbook: setup-infrastructure.yml -- import_playbook: setup-openstack.yml +- name: Importing setup-hosts playbook + import_playbook: setup-hosts.yml + +- name: Importing setup-infrastructure playbook + import_playbook: setup-infrastructure.yml + +- name: Importing setup-openstack playbook + import_playbook: setup-openstack.yml diff --git a/playbooks/setup-hosts.yml b/playbooks/setup-hosts.yml index ea6f607861..b124a872b3 100644 --- a/playbooks/setup-hosts.yml +++ b/playbooks/setup-hosts.yml @@ -13,9 +13,20 @@ # See the License for the specific language governing permissions and # limitations under the License. -- import_playbook: certificate-authority.yml -- import_playbook: certificate-ssh-authority.yml -- import_playbook: certificate-generate.yml -- import_playbook: openstack-hosts-setup.yml -- import_playbook: containers-deploy.yml -- import_playbook: security-hardening.yml +- name: Importing certificate-authority playbook + import_playbook: certificate-authority.yml + +- name: Importing certificate-ssh-authority playbook + import_playbook: certificate-ssh-authority.yml + +- name: Importing certificate-generate playbook + import_playbook: certificate-generate.yml + +- name: Importing openstack-hosts-setup playbook + import_playbook: openstack-hosts-setup.yml + +- name: Importing containers-deploy playbook + import_playbook: containers-deploy.yml + +- name: Importing security-hardening playbook + import_playbook: security-hardening.yml diff --git a/playbooks/setup-infrastructure.yml b/playbooks/setup-infrastructure.yml index 58f85e8db5..ef39c6f719 100644 --- a/playbooks/setup-infrastructure.yml +++ b/playbooks/setup-infrastructure.yml @@ -13,20 +13,42 @@ # See the License for the specific language governing permissions and # limitations under the License. -- import_playbook: unbound-install.yml -- import_playbook: haproxy-install.yml -- import_playbook: repo-install.yml -- import_playbook: memcached-install.yml -- import_playbook: galera-install.yml -- import_playbook: qdrouterd-install.yml -- import_playbook: rabbitmq-install.yml -- import_playbook: utility-install.yml -- import_playbook: zookeeper-install.yml -- import_playbook: ceph-install.yml -- import_playbook: ceph-nfs-install.yml +- name: Importing unbound-install playbook + import_playbook: unbound-install.yml + +- name: Importing haproxy-install playbook + import_playbook: haproxy-install.yml + +- name: Importing repo-install playbook + import_playbook: repo-install.yml + +- name: Importing memcached-install playbook + import_playbook: memcached-install.yml + +- name: Importing galera-install playbook + import_playbook: galera-install.yml + +- name: Importing qdrouterd-install playbook + import_playbook: qdrouterd-install.yml + +- name: Importing rabbitmq-install playbook + import_playbook: rabbitmq-install.yml + +- name: Importing utility-install playbook + import_playbook: utility-install.yml + +- name: Importing zookeeper-install playbook + import_playbook: zookeeper-install.yml + +- name: Importing ceph-install playbook + import_playbook: ceph-install.yml + +- name: Importing ceph-nfs-install playbook + import_playbook: ceph-nfs-install.yml # The journald-remote should be disabled by default until # https://github.com/systemd/systemd/issues/2376 has been # incorporated in current systemd packages -- import_playbook: infra-journal-remote.yml +- name: Importing infra-journal-remote playbook + import_playbook: infra-journal-remote.yml when: journald_remote_enabled | default (false) | bool diff --git a/playbooks/setup-openstack.yml b/playbooks/setup-openstack.yml index a5d1e37f14..065a9bdc80 100644 --- a/playbooks/setup-openstack.yml +++ b/playbooks/setup-openstack.yml @@ -13,38 +13,100 @@ # See the License for the specific language governing permissions and # limitations under the License. -- import_playbook: os-keystone-install.yml -- import_playbook: os-barbican-install.yml -- import_playbook: os-placement-install.yml -- import_playbook: os-glance-install.yml -- import_playbook: os-cinder-install.yml -- import_playbook: os-nova-install.yml -- import_playbook: os-neutron-install.yml -- import_playbook: os-heat-install.yml -- import_playbook: os-horizon-install.yml -- import_playbook: os-designate-install.yml -- import_playbook: os-swift-install.yml -- import_playbook: os-adjutant-install.yml -- import_playbook: os-gnocchi-install.yml -- import_playbook: os-ceilometer-install.yml -- import_playbook: os-aodh-install.yml -- import_playbook: os-cloudkitty-install.yml -- import_playbook: os-ironic-install.yml -- import_playbook: os-magnum-install.yml -- import_playbook: os-trove-install.yml -- import_playbook: os-sahara-install.yml -- import_playbook: os-senlin-install.yml -- import_playbook: os-octavia-install.yml -- import_playbook: os-tacker-install.yml -- import_playbook: os-blazar-install.yml -- import_playbook: os-masakari-install.yml -- import_playbook: os-manila-install.yml -- import_playbook: os-mistral-install.yml -- import_playbook: os-murano-install.yml -- import_playbook: os-zun-install.yml +- name: Importing os-keystone-install playbook + import_playbook: os-keystone-install.yml + +- name: Importing os-barbican-install playbook + import_playbook: os-barbican-install.yml + +- name: Importing os-placement-install playbook + import_playbook: os-placement-install.yml + +- name: Importing os-glance-install playbook + import_playbook: os-glance-install.yml + +- name: Importing os-cinder-install playbook + import_playbook: os-cinder-install.yml + +- name: Importing os-nova-install playbook + import_playbook: os-nova-install.yml + +- name: Importing os-neutron-install playbook + import_playbook: os-neutron-install.yml + +- name: Importing os-heat-install playbook + import_playbook: os-heat-install.yml + +- name: Importing os-horizon-install playbook + import_playbook: os-horizon-install.yml + +- name: Importing os-designate-install playbook + import_playbook: os-designate-install.yml + +- name: Importing os-swift-install playbook + import_playbook: os-swift-install.yml + +- name: Importing os-adjutant-install playbook + import_playbook: os-adjutant-install.yml + +- name: Importing os-gnocchi-install playbook + import_playbook: os-gnocchi-install.yml + +- name: Importing os-ceilometer-install playbook + import_playbook: os-ceilometer-install.yml + +- name: Importing os-aodh-install playbook + import_playbook: os-aodh-install.yml + +- name: Importing os-cloudkitty-install playbook + import_playbook: os-cloudkitty-install.yml + +- name: Importing os-ironic-install playbook + import_playbook: os-ironic-install.yml + +- name: Importing os-magnum-install playbook + import_playbook: os-magnum-install.yml + +- name: Importing os-trove-install playbook + import_playbook: os-trove-install.yml + +- name: Importing os-sahara-install playbook + import_playbook: os-sahara-install.yml + +- name: Importing os-senlin-install playbook + import_playbook: os-senlin-install.yml + +- name: Importing os-octavia-install playbook + import_playbook: os-octavia-install.yml + +- name: Importing os-tacker-install playbook + import_playbook: os-tacker-install.yml + +- name: Importing os-blazar-install playbook + import_playbook: os-blazar-install.yml + +- name: Importing os-masakari-install playbook + import_playbook: os-masakari-install.yml + +- name: Importing os-manila-install playbook + import_playbook: os-manila-install.yml + +- name: Importing os-mistral-install playbook + import_playbook: os-mistral-install.yml + +- name: Importing os-murano-install playbook + import_playbook: os-murano-install.yml + +- name: Importing os-zun-install playbook + import_playbook: os-zun-install.yml # This is not an OpenStack service, but integrates with Keystone and must be # deployed afterward. -- import_playbook: ceph-rgw-install.yml -- import_playbook: os-tempest-install.yml -- import_playbook: os-rally-install.yml +- name: Importing ceph-rgw-install playbook + import_playbook: ceph-rgw-install.yml + +- name: Importing os-tempest-install playbook + import_playbook: os-tempest-install.yml + +- name: Importing os-rally-install playbook + import_playbook: os-rally-install.yml diff --git a/playbooks/unbound-install.yml b/playbooks/unbound-install.yml index e2d362ca5d..e42bcf515c 100644 --- a/playbooks/unbound-install.yml +++ b/playbooks/unbound-install.yml @@ -25,8 +25,10 @@ serial: "{{ unbound_serial | default(['1','100%']) }}" user: root pre_tasks: - - include_tasks: common-tasks/os-log-dir-setup.yml - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including os-log-dir-setup tasks + include_tasks: common-tasks/os-log-dir-setup.yml + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal roles: - role: "unbound" @@ -42,7 +44,8 @@ - "{{ openstack_host_group|default('hosts') }}" user: root tasks: - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool environment: "{{ deployment_environment_variables | default({}) }}" diff --git a/playbooks/utility-install.yml b/playbooks/utility-install.yml index 883d6f8de4..eb8fc67bf8 100644 --- a/playbooks/utility-install.yml +++ b/playbooks/utility-install.yml @@ -40,7 +40,7 @@ mode: "0755" listen: - "venv changed" - - name: Create openstack client bash_completion script + - name: Create openstack client bash_completion script # noqa: no-changed-when shell: >- openstack complete > /etc/bash_completion.d/openstack_client args: @@ -48,16 +48,19 @@ listen: - "venv changed" pre_tasks: - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - - include_tasks: common-tasks/os-log-dir-setup.yml + - name: Including os-log-dir-setup tasks + include_tasks: common-tasks/os-log-dir-setup.yml vars: log_dirs: - src: "/openstack/log/{{ inventory_hostname }}-utility" dest: "/var/log/utility" - - include_tasks: common-tasks/unbound-clients.yml + - name: Including unbound-clients tasks + include_tasks: common-tasks/unbound-clients.yml when: - hostvars['localhost']['resolvconf_enabled'] | bool @@ -66,6 +69,7 @@ dest: "/var/log/utility" state: "directory" force: "yes" + mode: "0755" when: not is_metal | bool roles: @@ -98,7 +102,7 @@ copy: content: "{{ utility_ssh_private_key }}" dest: /root/.ssh/id_rsa - mode: 0600 + mode: "0600" owner: root group: root when: utility_ssh_private_key is defined @@ -149,7 +153,7 @@ - name: Create list of binaries to symlink set_fact: - _openstack_client_to_symlink: >- + _openstack_client_to_symlink: |- {%- set binary_list = [] %} {%- for l in _openstack_client_list %} {%- set _ = binary_list.append(l | regex_replace('^(?:python-)?(\w*)(?:client)$', '\\1')) %} diff --git a/playbooks/zookeeper-install.yml b/playbooks/zookeeper-install.yml index f7d3583ad0..2b536a56c8 100644 --- a/playbooks/zookeeper-install.yml +++ b/playbooks/zookeeper-install.yml @@ -26,8 +26,10 @@ user: root environment: "{{ deployment_environment_variables | default({}) }}" pre_tasks: - - include_tasks: common-tasks/os-log-dir-setup.yml - - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" + - name: Including os-log-dir-setup tasks + include_tasks: common-tasks/os-log-dir-setup.yml + - name: Including container-setup tasks + include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal vars: list_of_bind_mounts: "{{ zookeeper_container_bind_mounts }}"