we use octavia user to upload image currently, so it is better to
create a octavia openrc file for user
Implements: blueprint implement-automatic-deploy-of-octavia
Change-Id: Ib53d00fa4a6ee59b8a0b2245f83786a6af0cbf53
Previously the post-deploy.yml playbook was executed with become: true,
and the admin-openrc.sh file templated without an owner or mode
specified. This resulted in admin-openrc.sh being owned by root with 644
permissions.
This change creates the file without become: true, and explicitly sets
the owner to the user executing Ansible, and the mode to 600.
Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Closes-Bug: #1891704
Change-Id: Iadf43383a7f2bf377d4666a55a38d92bd70711aa
This fix was premature as it completely ignores
the previously-respected umask.
Let's discuss a proper fix and revert this one
since CI is fixed elsewhere [1].
[1] https://review.opendev.org/743502
This reverts commit 87efdce24bc802777d4da58f9f63c8d0838e7120.
Change-Id: If38adbf124e793574a21ae986f9ee146d587f820
Ansible changed the default mode for files, even in stable
releases. [1]
This change restores the previous default (with the common
umask).
[1] https://github.com/ansible/ansible/pull/70221
Change-Id: I0f81214b4f95fe8a378844745ebc77f3c43027ab
Closes-Bug: #1891145
The variable {{ node_config_directory }} is used for the configuration
directory on the remote hosts, and should not be used for paths on the
deploy host (localhost).
This changes the default value of the TLS certificate and CA file to
reference {{ CONFIG_DIR }}, in line with the directory used for
admin-openrc.sh (as of I0709482ead4b7a67e82796e17f85bde151e71bc0).
This change also introduces a variable, {{ node_config }}, that
references {{ CONFIG_DIR | default('/etc/kolla') }}, to remove
duplication.
Change-Id: Ibd82ac78630ebfff5824c329d7399e1e900c0ee0
Closes-Bug: #1804025
kolla-ansible can take globals.yml from any directory by using
--config-dir argument. So store admin credentials there as well.
Not everyone runs kolla-ansible as a root.
Change-Id: I0709482ead4b7a67e82796e17f85bde151e71bc0
Add config_owner_user and config_owner_group to group_vars/all,
which is user and group of Kolla configuration files in /etc/kolla.
Add become to post-deploy playbook.
Add become to only neccesary tasks in roles:
- certificate
- common
- destroy
- haproxy
- mariadb
- memcached
- rabbitmq
Change-Id: I2aba745a6e3928c52642f64551470fd08cbfd058
Partial-Implements: blueprint ansible-specific-task-become
The admin-openrc.sh should copy to where the python-openstackclient was installed.
whatever multinode and all-in-one, the place where python-openstackclient was
installed is localhost, So admin-openrc.sh should copy to localhost.
The purpose of "connection: local" in ansible playbook is that make sure this script
can copy to localhost.In all-in-one, Writting as this is ok, it will copy to localhost,
but in multinode, this will make a bug, add ansible_connection=ssh in inventory file
the admin-openrc.sh will not copy to the localhost,the "connection:local" in post-deploy.yml
will be covered by "ansible_connection=ssh" in inventory file, then the script will be copied
to target node. So we should modify the hosts to localhost to avoid this bug.
Change-Id: I054717cc2b4adc600808282034a10a58c1184a38
Closes-Bug: #1666808