We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.
Change-Id: Iac06d3f02b1c9ee5e3bfbd28043fbb70d8b1d328
When delegating with the authorized_key module, writes of multiple keys
against the same host's file can occur at the same time, leading to
missing keys.[0]
To avoid conflicting delegation between hosts, the registered
'keystone_pubkey' fact now contains a list of SSH keys of all hosts the
current batch of the play, rather than only the key of the current host.
The first host within each batch will handle distribution of that
batch's keys to all hosts within the play.
[0] https://github.com/ansible/ansible/issues/29693
Change-Id: I386e84eba46aa164db22618b7a6ac53b86eeeaf0
The numerous tags within the role have been condensed
to two tags: keystone-install and keystone-config
These tags have been chosen as they are namespaced
and cover the two major functions of the role.
Documentation has been updated to inform how each tag
influences the function of the role.
Change-Id: Iea4bff944ce0a35a4b1bc044171472ea44eda323
Extracting the ssh public key using cat and storing the result in a
fact has resulted in periodic failures in the collection of the key,
and thereafter the failure to appropriately place that key into the
authorised_keys file.
This patch changes the collection method to use the Ansible slurp
module which has been found to be more reliable.
Change-Id: Iac61518129536ce613e91ac894883440a8704998
This patch ensures that the authorized_keys ansible module, as well as
the built in "generate_ssh_keys" flag for user creation, so that we can
avoid using shell out commands.
Additionally, this moves the key synchronisation to use ansible
variables instead of the memcache server.
Change-Id: I0072b8d0977ab9aea10dd95080756f6864612013
Closes-Bug: #1477512
Jonathan Rosser