# Copyright (c) 2015 Hewlett-Packard Development Company, L.P. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or # implied. # See the License for the specific language governing permissions and # limitations under the License. --- - name: Setting MySQL socket fact set_fact: mysql_socket_path: "/var/run/{% if ansible_distribution | lower is search('suse') %}mysql/mysql.sock{% else %}mysqld/mysqld.sock{% endif %}" when: ansible_version.full is version_compare('2.6.5', '>=') - name: "MySQL - Create database" mysql_db: login_unix_socket: "{{ mysql_socket_path | default(omit) }}" login_user: "{{ mysql_username }}" login_password: "{{ mysql_password }}" name: "{{ ironic_inspector.database.name }}" state: present encoding: utf8 when: ironic_inspector.database.host == 'localhost' - name: "MySQL - Create user for inspector" mysql_user: login_unix_socket: "{{ mysql_socket_path | default(omit) }}" login_user: "{{ mysql_username }}" login_password: "{{ mysql_password }}" name: "{{ ironic_inspector.database.username }}" password: "{{ ironic_inspector.database.password }}" priv: "{{ ironic_inspector.database.name }}.*:ALL" state: present when: ironic_inspector.database.host == 'localhost' - name: "Inspector - Ensure /etc/ironic-inspector/ exists" file: dest=/etc/ironic-inspector owner=ironic group=ironic mode=0755 state=directory # Note(TheJulia): The rootwrap copies will need to be re-tooled # to possibly directly retreive current files if a source install # is not utilized. - name: "Copy rootwrap.conf from ironic-inspector source folder" copy: src: "{{ ironicinspector_git_folder }}/rootwrap.conf" dest: "/etc/ironic-inspector/rootwrap.conf" remote_src: yes mode: 0644 owner: root group: root # Note(ashestakov): "copy" module in ansible doesn't support recursive # copying on remote host. "cp" command used instead. - name: "Copy rootwrap.d contents from ironic-inspector source folder" command: cp -r "{{ ironicinspector_git_folder }}/rootwrap.d/" "/etc/ironic-inspector/rootwrap.d" - name: "Populate keystone for ironic-inspector " include: keystone_setup_inspector.yml when: enable_keystone is defined and enable_keystone | bool == true - name: "Inspector - Place Configuration" template: src=ironic-inspector.conf.j2 dest=/etc/ironic-inspector/inspector.conf owner=ironic group=ironic mode=0740 - name: "Inspector - create data folder" file: name="{{ inspector_data_dir }}" state=directory owner=ironic group=ironic mode=0755 - name: "Inspector - create log folder" file: name="{{ inspector_data_dir }}/log" state=directory owner=ironic group=ironic mode=0755 - name: "Upgrade inspector DB Schema" shell: ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade become: true environment: "{{ bifrost_venv_env if enable_venv else {} }}" - name: "Inspector - Get ironic-inspector install location" shell: echo $(dirname $(which ironic-inspector)) register: ironic_install_prefix environment: "{{ bifrost_venv_env if enable_venv else {} }}" - name: "Inspector - Place service" template: src={{ init_template }} dest={{ init_dest_dir }}{{item.service_name}}{{ init_ext }} owner=root group=root with_items: - { service_path: "{{ ironic_install_prefix.stdout | default('') }}", service_name: 'ironic-inspector', username: 'ironic', args: '--config-file /etc/ironic-inspector/inspector.conf'} - name: "Inspector - Explicitly permit TCP/5050 for ironic-inspector callback" command: iptables -I INPUT -p tcp --dport 5050 -i {{network_interface}} -j ACCEPT