diff --git a/ansible/install/connmon.yml b/ansible/install/connmon.yml index d66ed2c41..cae83e710 100644 --- a/ansible/install/connmon.yml +++ b/ansible/install/connmon.yml @@ -6,7 +6,6 @@ - hosts: undercloud remote_user: "{{ local_remote_user }}" vars: - ansible_become: true undercloud: true roles: - common @@ -15,7 +14,6 @@ - hosts: controller remote_user: "{{ host_remote_user }}" vars: - ansible_become: true undercloud: false roles: - common diff --git a/ansible/install/roles/cinder/handlers/main.yml b/ansible/install/roles/cinder/handlers/main.yml index 277125ae8..5fb094553 100644 --- a/ansible/install/roles/cinder/handlers/main.yml +++ b/ansible/install/roles/cinder/handlers/main.yml @@ -5,6 +5,7 @@ - name: unmanage cinder services command: pcs resource unmanage {{ item }} + become: true with_items: - openstack-cinder-api - openstack-cinder-scheduler @@ -13,6 +14,7 @@ - name: restart cinder services service: name={{ item }} state=restarted + become: true with_items: - openstack-cinder-api - openstack-cinder-scheduler @@ -20,6 +22,7 @@ - name: manage cinder services command: pcs resource manage {{ item }} + become: true with_items: - openstack-cinder-api - openstack-cinder-scheduler @@ -28,6 +31,7 @@ - name: cleanup cinder services command: pcs resource cleanup {{ item }} + become: true with_items: - openstack-cinder-api - openstack-cinder-scheduler diff --git a/ansible/install/roles/cinder/tasks/main.yml b/ansible/install/roles/cinder/tasks/main.yml index 300253943..57249fd1e 100644 --- a/ansible/install/roles/cinder/tasks/main.yml +++ b/ansible/install/roles/cinder/tasks/main.yml @@ -6,12 +6,14 @@ - name: Check for connmon in cinder.conf shell: grep -Eq 'connection\s?=\s?mysql:' /etc/cinder/cinder.conf register: cinder_mysql + become: true ignore_errors: true changed_when: false - name: Enable Connmon in cinder.conf shell: sed -i 's/mysql:/mysql+connmon:/g' /etc/cinder/cinder.conf when: cinder_mysql.rc == 0 + become: true notify: - unmanage cinder services - restart cinder services diff --git a/ansible/install/roles/connmon/tasks/main.yml b/ansible/install/roles/connmon/tasks/main.yml index e245334ec..da0ffcae0 100644 --- a/ansible/install/roles/connmon/tasks/main.yml +++ b/ansible/install/roles/connmon/tasks/main.yml @@ -5,9 +5,11 @@ - name: Install pip easy_install: name=pip + become: true - name: Install connmon pip: name=connmon + become: true # # Connmon Setup @@ -20,9 +22,11 @@ owner: root group: root mode: 0644 + become: true - name: Install Screen for connmon yum: name=screen state=latest + become: true when: undercloud # To remove the screen session: screen -X -S connmond kill @@ -31,12 +35,6 @@ when: undercloud changed_when: false -- name: Change connmon result owner - command: chown "{{ local_remote_user }}":"{{ local_remote_user }}" /tmp/connmon_results.csv - when: undercloud - changed_when: false - ignore_errors: true - ### begin firewall ### # we need TCP/5555 open # determine firewall status and take action @@ -76,8 +74,9 @@ - name: (connmon) check firewall rules for TCP/{{connmon_port}} (iptables-services) shell: grep "dport {{connmon_port}} \-j ACCEPT" /etc/sysconfig/iptables | wc -l ignore_errors: true + become: true register: iptables_tcp5800_exists - failed_when: iptables_tcp{{connmon_port}}_exists == 127 + failed_when: iptables_tcp{{connmon_port}}_exists == 127i no_log: true - name: (connmon) Add firewall rule for TCP/{{connmon_port}} (iptables-services) @@ -87,12 +86,14 @@ regexp: '^INPUT -i lo -j ACCEPT' insertbefore: '-A INPUT -i lo -j ACCEPT' backup: yes + become: true when: firewalld_in_use.rc != 0 and firewalld_is_active.rc != 0 and iptables_tcp5800_exists.stdout|int == 0 register: iptables_needs_restart - name: (connmon) Restart iptables-services for TCP/{{connmon_port}} (iptables-services) shell: systemctl restart iptables.service ignore_errors: true + become: true when: iptables_needs_restart != 0 and firewalld_in_use.rc != 0 and firewalld_is_active.rc != 0 ### end firewall ### diff --git a/ansible/install/roles/heat/handlers/main.yml b/ansible/install/roles/heat/handlers/main.yml index 5e7ef5ab5..87d49e135 100644 --- a/ansible/install/roles/heat/handlers/main.yml +++ b/ansible/install/roles/heat/handlers/main.yml @@ -5,6 +5,7 @@ # - name: unmanage heat services command: pcs resource unmanage {{ item }} + become: true with_items: - openstack-heat-api - openstack-heat-engine @@ -12,12 +13,14 @@ - name: restart heat services service: name={{ item }} state=restarted + become: true with_items: - openstack-heat-api - openstack-heat-engine - name: manage heat services command: pcs resource manage {{ item }} + become: true with_items: - openstack-heat-api - openstack-heat-engine @@ -25,6 +28,7 @@ - name: cleanup heat services command: pcs resource cleanup {{ item }} + become: true with_items: - openstack-heat-api - openstack-heat-engine diff --git a/ansible/install/roles/heat/tasks/main.yml b/ansible/install/roles/heat/tasks/main.yml index 11c26ec88..4210ec991 100644 --- a/ansible/install/roles/heat/tasks/main.yml +++ b/ansible/install/roles/heat/tasks/main.yml @@ -5,12 +5,14 @@ - name: Check for connmon in heat.conf shell: grep -Eq 'connection\s?=\s?mysql:' /etc/heat/heat.conf register: heat_mysql + become: true ignore_errors: true changed_when: false - name: Enable Connmon in heat.conf shell: sed -i 's/mysql:/mysql+connmon:/g' /etc/heat/heat.conf when: heat_mysql.rc == 0 + become: true notify: - unmanage heat services - restart heat services diff --git a/ansible/install/roles/keystone/handlers/main.yml b/ansible/install/roles/keystone/handlers/main.yml index 76070420b..35cd5f602 100644 --- a/ansible/install/roles/keystone/handlers/main.yml +++ b/ansible/install/roles/keystone/handlers/main.yml @@ -10,6 +10,7 @@ - name: restart httpd service: name=httpd state=restarted when: "'httpd' == '{{ keystone_deployment }}'" + become: true # # Restart keystone when in eventlet @@ -18,18 +19,22 @@ - name: unmanage keystone command: pcs resource unmanage openstack-keystone when: "'eventlet' == '{{ keystone_deployment }}'" + become: true ignore_errors: true - name: restart keystone service: name=openstack-keystone state=restarted when: "'eventlet' == '{{ keystone_deployment }}'" + become: true - name: manage keystone command: pcs resource manage openstack-keystone when: "'eventlet' == '{{ keystone_deployment }}'" + become: true ignore_errors: true - name: cleanup keystone command: pcs resource cleanup openstack-keystone when: "'eventlet' == '{{ keystone_deployment }}'" + become: true ignore_errors: true diff --git a/ansible/install/roles/keystone/tasks/main.yml b/ansible/install/roles/keystone/tasks/main.yml index 765fbdab2..f82d9f8b3 100644 --- a/ansible/install/roles/keystone/tasks/main.yml +++ b/ansible/install/roles/keystone/tasks/main.yml @@ -24,12 +24,14 @@ - name: Check for connmon in keystone.conf shell: grep -Eq 'connection\s?=\s?mysql:' /etc/keystone/keystone.conf register: keystone_mysql + become: true ignore_errors: true changed_when: false - name: Enable connmon in keystone.conf shell: sed -i 's/mysql:/mysql+connmon:/g' /etc/keystone/keystone.conf when: keystone_mysql.rc == 0 + become: true notify: - restart httpd - unmanage keystone diff --git a/ansible/install/roles/neutron/handlers/main.yml b/ansible/install/roles/neutron/handlers/main.yml index 1da13ab5b..36907ffa2 100644 --- a/ansible/install/roles/neutron/handlers/main.yml +++ b/ansible/install/roles/neutron/handlers/main.yml @@ -5,15 +5,19 @@ - name: unmanage neutron-server command: pcs resource unmanage neutron-server + become: true ignore_errors: true - name: restart neutron-server service: name=neutron-server state=restarted + become: true - name: manage neutron-server command: pcs resource manage neutron-server + become: true ignore_errors: true - name: cleanup neutron-server command: pcs resource cleanup neutron-server + become: true ignore_errors: true diff --git a/ansible/install/roles/neutron/tasks/main.yml b/ansible/install/roles/neutron/tasks/main.yml index 14b6e680d..81df216bf 100644 --- a/ansible/install/roles/neutron/tasks/main.yml +++ b/ansible/install/roles/neutron/tasks/main.yml @@ -6,12 +6,14 @@ - name: Check for connmon in neutron.conf shell: grep -Eq 'connection\s?=\s?mysql:' /etc/neutron/neutron.conf register: neutron_mysql + become: true ignore_errors: true changed_when: false - name: Enable Connmon in neutron.conf shell: sed -i 's/mysql:/mysql+connmon:/g' /etc/neutron/neutron.conf when: neutron_mysql.rc == 0 + become: true notify: - unmanage neutron-server - restart neutron-server diff --git a/ansible/install/roles/nova/handlers/main.yml b/ansible/install/roles/nova/handlers/main.yml index b8cd3aa68..f3b45ce40 100644 --- a/ansible/install/roles/nova/handlers/main.yml +++ b/ansible/install/roles/nova/handlers/main.yml @@ -5,6 +5,7 @@ - name: unmanage nova services command: pcs resource unmanage {{ item }} + become: true with_items: - openstack-nova-api - openstack-nova-scheduler @@ -13,6 +14,7 @@ - name: restart nova services service: name={{ item }} state=restarted + become: true with_items: - openstack-nova-api - openstack-nova-scheduler @@ -20,6 +22,7 @@ - name: manage nova services command: pcs resource manage {{ item }} + become: true with_items: - openstack-nova-api - openstack-nova-scheduler @@ -28,6 +31,7 @@ - name: cleanup nova services command: pcs resource cleanup {{ item }} + become: true with_items: - openstack-nova-api - openstack-nova-scheduler diff --git a/ansible/install/roles/nova/tasks/main.yml b/ansible/install/roles/nova/tasks/main.yml index 7e31f1464..27fee5636 100644 --- a/ansible/install/roles/nova/tasks/main.yml +++ b/ansible/install/roles/nova/tasks/main.yml @@ -6,12 +6,14 @@ - name: Check for connmon in nova.conf shell: grep -Eq 'connection\s?=\s?mysql:' /etc/nova/nova.conf register: nova_mysql + become: true ignore_errors: true changed_when: false - name: Enable Connmon in nova.conf shell: sed -i 's/mysql:/mysql+connmon:/g' /etc/nova/nova.conf when: nova_mysql.rc == 0 + become: true notify: - unmanage nova services - restart nova services