openstack/kayobe
Code Issues Proposed changes

Merge "Make kolla ansible user and group configurable"

Browse Source
This commit is contained in:
Zuul 2018-08-02 20:51:08 +00:00 committed by Gerrit Code Review
commit 6afc0cb07f
11 changed files with 61 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ansible/group_vars/all/kolla
View File

@ -298,6 +298,16 @@ kolla_openstack_logging_debug: "False"
# Upper constraints file for installation of Kolla. # Upper constraints file for installation of Kolla.
kolla_upper_constraints_file: "https://raw.githubusercontent.com/openstack/requirements/stable/queens/upper-constraints.txt" kolla_upper_constraints_file: "https://raw.githubusercontent.com/openstack/requirements/stable/queens/upper-constraints.txt"
# User account to use for Kolla SSH access.
kolla_ansible_user: kolla
# Primary group of Kolla SSH user.
kolla_ansible_group: kolla
# Whether to use privilege escalation for all operations performed via Kolla
# Ansible.
kolla_ansible_become: true
############################################################################### ###############################################################################
# Kolla feature flag configuration. # Kolla feature flag configuration.

4
ansible/kolla-target-venv.yml
View File

@ -39,7 +39,7 @@
path: "{{ kolla_ansible_target_venv }}" path: "{{ kolla_ansible_target_venv }}"
recurse: True recurse: True
state: directory state: directory
owner: kolla owner: "{{ kolla_ansible_user }}"
group: kolla group: "{{ kolla_ansible_group }}"
become: True become: True
when: kolla_ansible_target_venv is not none when: kolla_ansible_target_venv is not none

10
ansible/roles/kolla-ansible/defaults/main.yml
View File

@ -38,6 +38,16 @@ kolla_node_custom_config_path:
# Path to kolla-ansible passwords.yml input file. # Path to kolla-ansible passwords.yml input file.
kolla_ansible_passwords_path: kolla_ansible_passwords_path:
# User account to use for Kolla SSH access.
kolla_ansible_user: kolla
# Primary group of Kolla SSH user.
kolla_ansible_group: kolla
# Whether to use privilege escalation for all operations performed via Kolla
# Ansible.
kolla_ansible_become: true
############################################################################### ###############################################################################
# Kolla-ansible inventory configuration. # Kolla-ansible inventory configuration.

6
ansible/roles/kolla-ansible/templates/globals.yml.j2
View File

@ -48,6 +48,12 @@ kolla_external_vip_address: "{{ kolla_external_vip_address }}"
# kolla_external_vip_address. # kolla_external_vip_address.
kolla_external_fqdn: "{{ kolla_external_fqdn }}" kolla_external_fqdn: "{{ kolla_external_fqdn }}"
# User account to use for Kolla SSH access.
kolla_user: "{{ kolla_ansible_user }}"
# Primary group of Kolla SSH user.
kolla_group: "{{ kolla_ansible_group }}"
################ ################
# Docker options # Docker options
################ ################

4
ansible/roles/kolla-ansible/templates/overcloud-top-level.j2
View File

@ -28,8 +28,10 @@
{% endfor %} {% endfor %}
[overcloud:vars] [overcloud:vars]
ansible_user=kolla ansible_user={{ kolla_ansible_user }}
{% if kolla_ansible_become | bool %}
ansible_become=true ansible_become=true
{% endif %}
{% if kolla_ansible_target_venv is not none %} {% if kolla_ansible_target_venv is not none %}
# Execute ansible modules on the remote target hosts using a virtualenv. # Execute ansible modules on the remote target hosts using a virtualenv.
ansible_python_interpreter={{ kolla_ansible_target_venv }}/bin/python ansible_python_interpreter={{ kolla_ansible_target_venv }}/bin/python

2
ansible/roles/kolla-ansible/templates/seed.j2
View File

@ -6,7 +6,7 @@
{% endfor %} {% endfor %}
[seed:vars] [seed:vars]
ansible_user=kolla ansible_user={{ kolla_ansible_user }}
{% if kolla_ansible_target_venv is not none %} {% if kolla_ansible_target_venv is not none %}
# Execute ansible modules on the remote target hosts using a virtualenv. # Execute ansible modules on the remote target hosts using a virtualenv.
ansible_python_interpreter={{ kolla_ansible_target_venv }}/bin/python ansible_python_interpreter={{ kolla_ansible_target_venv }}/bin/python

2
ansible/roles/kolla-ansible/tests/test-defaults.yml
View File

@ -97,6 +97,8 @@
kolla_enable_tls_external: False kolla_enable_tls_external: False
kolla_external_fqdn_cert: "fake-cert" kolla_external_fqdn_cert: "fake-cert"
openstack_logging_debug: False openstack_logging_debug: False
kolla_user: "kolla"
kolla_group: "kolla"
- name: Validate variables are absent from globals.yml - name: Validate variables are absent from globals.yml
assert: assert:

4
ansible/roles/kolla-ansible/tests/test-extras.yml
View File

@ -23,6 +23,8 @@
kolla_node_custom_config_path: "{{ temp_path }}/etc/kolla/config" kolla_node_custom_config_path: "{{ temp_path }}/etc/kolla/config"
kolla_ansible_passwords_path: "{{ temp_path }}/passwords.yml" kolla_ansible_passwords_path: "{{ temp_path }}/passwords.yml"
# Config. # Config.
kolla_ansible_user: "fake-user"
kolla_ansible_group: "fake-group"
kolla_base_distro: "fake-distro" kolla_base_distro: "fake-distro"
kolla_install_type: "fake-install-type" kolla_install_type: "fake-install-type"
kolla_docker_namespace: "fake-namespace" kolla_docker_namespace: "fake-namespace"
@ -167,6 +169,8 @@
globals_yml: "{{ lookup('file', temp_path ~ '/etc/kolla/globals.yml') | from_yaml }}" globals_yml: "{{ lookup('file', temp_path ~ '/etc/kolla/globals.yml') | from_yaml }}"
expected_variables: expected_variables:
config_strategy: "COPY_ALWAYS" config_strategy: "COPY_ALWAYS"
kolla_user: "fake-user"
kolla_group: "fake-group"
kolla_base_distro: "fake-distro" kolla_base_distro: "fake-distro"
kolla_install_type: "fake-install-type" kolla_install_type: "fake-install-type"
openstack_release: "fake-release" openstack_release: "fake-release"

4
ansible/roles/swift-setup/tasks/rings.yml
View File

@ -55,8 +55,8 @@
src: "{{ swift_ring_build_path }}/{{ item[0] }}.{{ item[1] }}" src: "{{ swift_ring_build_path }}/{{ item[0] }}.{{ item[1] }}"
dest: "{{ kolla_config_path }}/config/swift/{{ item[0] }}.{{ item[1] }}" dest: "{{ kolla_config_path }}/config/swift/{{ item[0] }}.{{ item[1] }}"
remote_src: True remote_src: True
owner: kolla owner: "{{ ansible_user_uid }}"
group: kolla group: "{{ ansible_user_gid }}"
mode: 0644 mode: 0644
with_nested: with_nested:
- "{{ swift_service_names }}" - "{{ swift_service_names }}"

13
etc/kayobe/kolla.yml
View File

@ -141,6 +141,19 @@
# Whether debug logging is enabled. # Whether debug logging is enabled.
#kolla_openstack_logging_debug: #kolla_openstack_logging_debug:
# Upper constraints file for installation of Kolla.
#kolla_upper_constraints_file:
# User account to use for Kolla SSH access.
#kolla_ansible_user:
# Primary group of Kolla SSH user.
#kolla_ansible_group:
# Whether to use privilege escalation for all operations performed via Kolla
# Ansible.
#kolla_ansible_become:
############################################################################### ###############################################################################
# Kolla feature flag configuration. # Kolla feature flag configuration.

8
releasenotes/notes/kolla-user-group-85bbe8038c3f719c.yaml Normal file
View File

@ -0,0 +1,8 @@
---
features:
- |
Adds support for configuration of the user used by Kolla Ansible for remote
execution. The user is configured via ``kolla_ansible_user``, its primary
group via ``kolla_ansible_group``, and ``kolla_ansible_become`` determines
whether privilege escalation is used by Kolla Ansible for all tasks or only
required tasks.