b73f06684f
Considering the safety, 644 is enough other user is not necessary to having write permission. adding 'su' in where needs writing permissions is a good practice this operation is safer. Change-Id: I45d0c6e5ef7338f93db21cf4ef58b4a4fd831210
138 lines
3.4 KiB
YAML
138 lines
3.4 KiB
YAML
---
|
|
# NOTE: raw install is required to support cloud images which do not have python installed
|
|
- name: "Install python2 and python-simplejson"
|
|
become: True
|
|
raw: "yum install -y python python-simplejson || (apt-get update && apt-get install -y python2.7 python-simplejson)"
|
|
|
|
- name: Gather facts
|
|
setup:
|
|
|
|
- name: Ensure localhost in /etc/hosts
|
|
lineinfile:
|
|
dest: /etc/hosts
|
|
regexp: "^127.0.0.1.*"
|
|
line: "127.0.0.1 localhost"
|
|
state: present
|
|
become: True
|
|
when: customize_etc_hosts | bool
|
|
|
|
- name: Generate /etc/hosts for all of the nodes
|
|
blockinfile:
|
|
dest: /etc/hosts
|
|
marker: "# {mark} ANSIBLE GENERATED HOSTS"
|
|
block: |
|
|
{% for host in groups['all'] %}
|
|
{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }} {{ hostvars[host]['ansible_hostname'] }}
|
|
{% endfor %}
|
|
become: True
|
|
when: customize_etc_hosts | bool
|
|
|
|
- name: Ensure sudo group is present
|
|
group: name=sudo state=present
|
|
become: True
|
|
|
|
- name: Ensure kolla group is present
|
|
group: name=kolla state=present
|
|
become: True
|
|
when: create_kolla_user | bool
|
|
|
|
- name: Create kolla user
|
|
user:
|
|
name: kolla
|
|
state: present
|
|
group: kolla
|
|
groups: "sudo"
|
|
become: True
|
|
when: create_kolla_user | bool
|
|
|
|
- name: Grant kolla user passwordless sudo
|
|
lineinfile:
|
|
dest: /etc/sudoers
|
|
state: present
|
|
regexp: '^kolla'
|
|
line: 'kolla ALL=(ALL) NOPASSWD: ALL'
|
|
become: True
|
|
when: create_kolla_user | bool
|
|
|
|
- name: Add public key to kolla user authorized keys
|
|
authorized_key:
|
|
user: kolla
|
|
key: "{{ kolla_ssh_key.public_key }}"
|
|
become: True
|
|
when: create_kolla_user | bool
|
|
|
|
- name: Install apt packages
|
|
command: apt-get update
|
|
become: True
|
|
when: ansible_os_family == 'Debian'
|
|
|
|
- name: Install ubuntu ca certs
|
|
package: name={{item}} state=latest
|
|
become: True
|
|
with_items:
|
|
- ca-certificates
|
|
- apt-transport-https
|
|
when:
|
|
- ansible_os_family == 'Debian'
|
|
|
|
- name: Ensure apt sources list directory exists
|
|
file: path=/etc/apt/sources.list.d state=directory recurse=yes
|
|
become: True
|
|
when: ansible_os_family == 'Debian'
|
|
|
|
- name: Enable docker repo apt
|
|
template:
|
|
src: docker_apt_repo.j2
|
|
dest: /etc/apt/sources.list.d/docker.list
|
|
become: True
|
|
when: ansible_os_family == 'Debian'
|
|
|
|
- name: Install docker apt gpg key
|
|
apt_key:
|
|
url: "{{ docker_apt_url }}/gpg"
|
|
id: "{{ docker_apt_key_id }}"
|
|
state: present
|
|
become: True
|
|
when:
|
|
- ansible_os_family == 'Debian'
|
|
- ansible_distribution == 'Ubuntu'
|
|
|
|
- name: Ensure yum repos directory exists
|
|
file: path=/etc/yum.repos.d/ state=directory recurse=yes
|
|
become: True
|
|
when: ansible_os_family == 'RedHat'
|
|
|
|
- name: Enable docker repo yum
|
|
become: True
|
|
template:
|
|
src: docker_yum_repo.j2
|
|
dest: /etc/yum.repos.d/docker.repo
|
|
when: ansible_os_family == 'RedHat'
|
|
|
|
- name: Install docker rpm gpg key
|
|
rpm_key:
|
|
state: present
|
|
key: "{{ docker_yum_url }}/gpg"
|
|
become: True
|
|
when: ansible_os_family == 'RedHat'
|
|
|
|
- name: Ensure node_config_directory directory exists
|
|
file:
|
|
path: "{{ node_config_directory }}"
|
|
state: directory
|
|
recurse: yes
|
|
owner: kolla
|
|
group: kolla
|
|
mode: 0755
|
|
become: True
|
|
when: create_kolla_user | bool
|
|
|
|
- name: Ensure node_config_directory directory exists
|
|
file:
|
|
path: "{{ node_config_directory }}"
|
|
state: directory
|
|
recurse: yes
|
|
mode: 0644
|
|
become: True
|
|
when: create_kolla_user | bool == False
|