Commit Graph

12 Commits

Author SHA1 Message Date
Dmitry Tantsur ba9ddfea6a Stop passing ironic_url to ansible modules
The ansible collection team wants to deprecate ironic_url in favour of
auth.endpoint. This has been supported for a long time, adjust
the no-auth code to use it.

This leave os_ironic_node_info, which should be replaced by the upstream
baremetal_node_info instead.

Change-Id: Icec366a4a5b66e77cc5ee9cf92248be68bd41807
2022-07-05 18:20:28 +02:00
Dmitry Tantsur ddafc94e30 TLS support for API services
Change-Id: I084da313eda17435c095ade7cb1b92981f5341dc
2020-09-02 18:23:40 +02:00
Dmitry Tantsur d6f0551eee Dynamic roles: consolidate auth parameters in one place
Adds a new role bifrost-cloud-config and moves all cloud configuration
handling there, fixing a few inconsistencies in the way modules are used.

Also handles bare metal endpoint overrides until we can fully switch
to cloud-based authentication handling.

Change-Id: I8bcbc5bc8f206a98d547953b5e902d86b817a302
2020-08-06 10:54:06 +02:00
Iury Gregory Melo Ferreira 90ec3890fe Switch bifrost to openstack.cloud collections
The following changes were made:
- `os_client_config` is `openstack.cloud.config`
- `os_ironic` is `openstack.cloud.baremetal_node`
- `os_ironic_inspect` is `openstack.cloud.baremetal_inspect`
- `os_ironic_node` is `openstack.cloud.baremetal_node_action`
- `os_keystone_role` is `openstack.cloud.identity_role`
- `os_keystone_service` is `openstack.cloud.catalog_service`
- `os_user` is `openstack.cloud.identity_user`
- `os_user_role` is `openstack.cloud.role_assignment`

Change-Id: Id8e2f9c735c6c9d4b7ab2a7e902cd8f9d389d568
2020-07-25 14:54:58 +02:00
Dmitry Tantsur d5b49bd498 Enable metadata cleaning by default
We used to disable cleaning because only full disk cleaning was
available. Enable metadata cleaning by default and add an option
to enable full cleaning.

Change-Id: Ie1198768889bd468176cd68c8ccb48791c724262
2020-07-17 16:53:12 +02:00
Markos Chandras fab12fe57a playbooks: roles: Drop explicit 'delegate_to' options
Bifrost instructions suggest to use 'connection: local' when calling any
of the roles. However, there are scenarios which the roles can be
delegated to some other host. The explicit 'delegate_to' statements
prevent us from doing that and they are not necessary if we use
'connection: local' anyway. As such we drop the explicit statements to
make the roles a bit more flexible.

Change-Id: Ifc983992125d203899d74b8bf997f9f58f528978
2018-06-21 10:07:37 +01:00
Leif Madsen cadc107384
Add `when` to skip os_client_config in noauth mode
When noauth_mode=true, the os_client_config Ansible module will still execute
and then fails due to a missing clouds.yaml file (which is only generated
when keystone is enabled and installed).

This change will skip over the os_client_config module when noauth_mode
is set to true.

Change-Id: Iff3f33fe5e1f7d952c982fa377af0ff415ec2831
Closes-Bug: #1693309
Signed-off-by: Leif Madsen <lmadsen@redhat.com>
2017-05-26 08:34:14 -04:00
Julia Kreger 3e8a84f9b4 Update playbooks to support os_client_config
In order to support use of Keystone in the future, the playbooks
that invoke modules that connect to Ironic needed to be updated
in order to pass-through enough authentication data to enable
user authentication.

Change-Id: I0802b7933303778115a1adca63b64670e1cda4ae
2016-11-22 14:23:24 +00:00
Julia Kreger 2c60745fba Update Ansible version to stable-2.1
Updated the version to be installed to stable-2.1 as well
as updated some of the playbooks that were incorrectly
passing string arguments instead of dictionary arguments
for authentication since Ansible 2.1 has checks that
detect this.

Additionally, updated the task labels used for unsetting
authentiction parameters to be more consistent with the
state of the code.

Change-Id: I8c50cd2a722f2c8fee91fb6ef0761969dd3da138
2016-11-22 14:23:13 +00:00
Julia Kreger 625a628887 Role support for authentication
Bifrost was built around utilizing noauth authenticaiton mode.
However the roles can easilly be re-utilized by users consuming
only part of bifrost, or that are wishing to utilize the roles as
examples to create their own playbooks.

To allow re-consumption of roles interacting with ironic, addition
of logic to allow for os-client-config to be utilized for module
authentication

Change-Id: I072791613cdf99723c567d24dbd3aee935e2e068
Implements: blueprint bifrost-role-auth-support
2016-01-05 11:34:54 -05:00
Julia Kreger 59cd99261a Pass name to os_ironic and os_ironic_node modules
The original playbooks did not pass the name field, and since UUID
is essentially optional on the initial request, this change ensures
that name, if available, is added, and passed into the ironic
ansible modules.

Change-Id: I860d9377a411f398f6fe0c47035e0de2330a137b
Depends-On: I23e902c8637e142fba23d71467225d48ee265253
Partial-Bug: #1499057
2015-09-27 12:57:53 +00:00
Julia Kreger 7d6ba6a295 Add dynamic node unprovision role
Addition of an node-unprovision role that leverages
dynamic inventory style path.

Change-Id: Iec5b8e14af6e3f1ab3f48e40129d6f021b5e3338
2015-06-24 15:55:10 -04:00