c75a32e72f
Previously, we only supported passing through group_vars. Passing through the inventory as is allows you to use other features of ansible inventory such as host vars. It also simplifies the logic of merging multiple inventories as we can just pass the inventory to ansible and let ansible take care of the rest. This is useful for the multiple environments feature. Change-Id: I28f5d73d414d405d67f5fc92ab371aa2e28a4ce3 Story: 2002009 Task: 42910 Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/802863
214 lines
7.1 KiB
YAML
214 lines
7.1 KiB
YAML
---
|
|
# NOTE: We're not looping over the two inventory files to avoid having the file
|
|
# content displayed in the ansible-playbook output.
|
|
|
|
- name: Check whether the legacy Kolla overcloud inventory files exist
|
|
stat:
|
|
path: "{{ item }}"
|
|
get_attributes: no
|
|
get_checksum: no
|
|
get_mime: no
|
|
register: inventory_stat
|
|
with_items:
|
|
- "{{ kolla_seed_inventory_path }}"
|
|
- "{{ kolla_overcloud_inventory_path }}"
|
|
loop_control:
|
|
label: "{{ item | basename }}"
|
|
|
|
- name: Ensure the legacy Kolla overcloud inventory file is absent
|
|
file:
|
|
path: "{{ item.item }}"
|
|
state: absent
|
|
with_items: "{{ inventory_stat.results }}"
|
|
when:
|
|
- item.stat.exists
|
|
- item.stat.isreg
|
|
loop_control:
|
|
label: "{{ item.item | basename }}"
|
|
|
|
- name: Ensure the Kolla Ansible configuration directories exist
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: "{{ ansible_facts.user_uid }}"
|
|
group: "{{ ansible_facts.user_gid }}"
|
|
mode: 0750
|
|
become: True
|
|
with_items:
|
|
- "{{ kolla_config_path }}"
|
|
- "{{ kolla_seed_inventory_path }}"
|
|
- "{{ kolla_overcloud_inventory_path }}"
|
|
- "{{ kolla_node_custom_config_path }}"
|
|
|
|
- name: Write environment file into Kolla configuration path
|
|
copy:
|
|
dest: "{{ kolla_config_path ~ '/.environment' }}"
|
|
content: |
|
|
{{ kayobe_environment }}
|
|
when: (kayobe_environment | default('')) | length > 0
|
|
|
|
- name: Ensure the Kolla global configuration file exists
|
|
merge_yaml:
|
|
sources: "{{ kolla_globals_paths | product(['/kolla/globals.yml']) | map('join') | unique | list }}"
|
|
dest: "{{ kolla_config_path }}/globals.yml"
|
|
mode: 0640
|
|
|
|
- name: Ensure the Kolla seed inventory file exists
|
|
copy:
|
|
content: "{{ kolla_seed_inventory }}"
|
|
dest: "{{ kolla_seed_inventory_path }}/hosts"
|
|
mode: 0640
|
|
|
|
- name: Ensure the Kolla overcloud inventory file exists
|
|
copy:
|
|
content: "{{ kolla_overcloud_inventory }}"
|
|
dest: "{{ kolla_overcloud_inventory_path }}/hosts"
|
|
mode: 0640
|
|
|
|
- name: Make sure extra-inventories directory exists
|
|
file:
|
|
path: "{{ kolla_extra_inventories_path }}"
|
|
mode: "0750"
|
|
state: directory
|
|
|
|
- name: Copying custom inventory
|
|
vars:
|
|
# This will be the environment name in the case of a kayobe environment
|
|
inventory_name: "{{ (item ~ '/../..') | realpath | basename }}"
|
|
synchronize:
|
|
dest: "{{ kolla_extra_inventories_path }}/{{ inventory_name }}"
|
|
recursive: true
|
|
delete: true
|
|
src: "{{ item }}/"
|
|
rsync_opts:
|
|
- --exclude=kayobe_blank_hosts
|
|
- --exclude=*.j2
|
|
loop: "{{ kolla_overcloud_inventory_search_paths | product(['/kolla/inventory']) | map('join') | select('exists') | unique | list }}"
|
|
loop_control:
|
|
label: "{{ inventory_name }}"
|
|
|
|
- name: Create blank hosts file to prevent ansible warning
|
|
# Silence a benign warning: Unable to parse
|
|
# <kolla-config-path>/extra-inventories/level2/inventory as an inventory source
|
|
# When no hosts are defined. This occurs when you only define group_vars.
|
|
vars:
|
|
inventory_name: "{{ (item ~ '/../..') | realpath | basename }}"
|
|
file:
|
|
path: "{{ kolla_extra_inventories_path }}/{{ inventory_name }}/kayobe_blank_hosts"
|
|
state: touch
|
|
modification_time: preserve
|
|
access_time: preserve
|
|
loop: "{{ kolla_overcloud_inventory_search_paths | product(['/kolla/inventory']) | map('join') | select('exists') | unique | list }}"
|
|
loop_control:
|
|
label: "{{ inventory_name }}"
|
|
|
|
- name: Clean up inventories that no longer exist
|
|
vars:
|
|
inventory_name: "{{ (item ~ '/../..') | realpath | basename }}"
|
|
file:
|
|
path: "{{ kolla_extra_inventories_path }}/{{ inventory_name }}"
|
|
state: absent
|
|
loop: "{{ kolla_overcloud_inventory_search_paths | product(['/kolla/inventory']) | map('join') | reject('exists') | unique | list }}"
|
|
loop_control:
|
|
label: "{{ inventory_name }}"
|
|
|
|
- name: Ensure the Kolla passwords file exists
|
|
vars:
|
|
# NOTE(mgoddard): Use the Python interpreter used to run ansible-playbook,
|
|
# since this has Python dependencies available to it (PyYAML).
|
|
ansible_python_interpreter: "{{ ansible_playbook_python }}"
|
|
kolla_passwords:
|
|
src: "{{ kolla_ansible_passwords_path }}"
|
|
dest: "{{ kolla_ansible_passwords_path }}"
|
|
mode: 0640
|
|
sample: "{{ kolla_ansible_install_dir }}/etc_examples/kolla/passwords.yml"
|
|
overrides: "{{ kolla_ansible_custom_passwords }}"
|
|
vault_password: "{{ kolla_ansible_vault_password }}"
|
|
vault_addr: "{{ kolla_ansible_vault_addr }}"
|
|
vault_mount_point: "{{ kolla_ansible_vault_mount_point }}"
|
|
vault_kv_path: "{{ kolla_ansible_vault_kv_path }}"
|
|
vault_namespace: "{{ kolla_ansible_vault_namespace }}"
|
|
vault_role_id: "{{ kolla_ansible_vault_role_id or omit }}"
|
|
vault_secret_id: "{{ kolla_ansible_vault_secret_id or omit }}"
|
|
vault_token: "{{ kolla_ansible_vault_token or omit }}"
|
|
vault_cacert: "{{ kolla_ansible_vault_cacert }}"
|
|
virtualenv: "{{ kolla_ansible_venv or omit }}"
|
|
|
|
- name: Ensure the Kolla passwords file is copied into place
|
|
copy:
|
|
src: "{{ kolla_ansible_passwords_path }}"
|
|
dest: "{{ kolla_config_path }}/passwords.yml"
|
|
remote_src: True
|
|
|
|
- block:
|
|
- name: Ensure external HAProxy TLS directory exists
|
|
file:
|
|
path: "{{ kolla_external_fqdn_cert | dirname }}"
|
|
state: directory
|
|
recurse: yes
|
|
|
|
- name: Ensure the external HAProxy TLS certificate bundle is copied into place
|
|
copy:
|
|
content: "{{ kolla_external_tls_cert }}"
|
|
dest: "{{ kolla_external_fqdn_cert }}"
|
|
when:
|
|
- kolla_external_tls_cert is not none
|
|
- kolla_external_tls_cert | length > 0
|
|
|
|
- block:
|
|
- name: Ensure internal HAProxy TLS directory exists
|
|
file:
|
|
path: "{{ kolla_internal_fqdn_cert | dirname }}"
|
|
state: directory
|
|
recurse: yes
|
|
|
|
- name: Ensure the internal HAProxy TLS certificate bundle is copied into place
|
|
copy:
|
|
content: "{{ kolla_internal_tls_cert }}"
|
|
dest: "{{ kolla_internal_fqdn_cert }}"
|
|
when:
|
|
- kolla_internal_tls_cert is not none
|
|
- kolla_internal_tls_cert | length > 0
|
|
|
|
# Copy across all certificates in $KAYOBE_CONFIG_PATH/kolla/certificates.
|
|
|
|
- name: Find certificates
|
|
find:
|
|
path: "{{ kolla_ansible_certificates_path }}"
|
|
recurse: true
|
|
register: find_src_result
|
|
|
|
- name: Find previously copied certificates
|
|
find:
|
|
path: "{{ kolla_config_path }}/certificates"
|
|
recurse: true
|
|
register: find_dest_result
|
|
|
|
- name: Ensure certificates exist
|
|
copy:
|
|
src: "{{ kolla_ansible_certificates_path }}/"
|
|
dest: "{{ kolla_config_path }}/certificates"
|
|
mode: 0600
|
|
# If certificates are encrypted, don't decrypt them at the destination.
|
|
decrypt: false
|
|
when: find_src_result.files | length > 0
|
|
|
|
- name: Ensure unnecessary certificates are absent
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: absent
|
|
with_items: "{{ find_dest_result.files }}"
|
|
when:
|
|
- item.path | relpath(kolla_config_path ~ '/certificates/') not in src_files
|
|
- item.path != kolla_external_fqdn_cert
|
|
- item.path != kolla_internal_fqdn_cert
|
|
vars:
|
|
# Find the list of files in the source.
|
|
src_files: >-
|
|
{{ find_src_result.files |
|
|
map(attribute='path') |
|
|
map('relpath', kolla_ansible_certificates_path) |
|
|
list }}
|
|
loop_control:
|
|
label: "{{ item.path }}"
|