148 lines
5.0 KiB
YAML
148 lines
5.0 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Check to see if yum's fastestmirror plugin is present
|
|
stat:
|
|
path: /etc/yum/pluginconf.d/fastestmirror.conf
|
|
register: fastestmirror_plugin_check
|
|
|
|
- name: Configure yum's fastestmirror plugin
|
|
ini_file:
|
|
path: /etc/yum/pluginconf.d/fastestmirror.conf
|
|
section: main
|
|
option: enabled
|
|
value: "{{ (openstack_hosts_enable_yum_fastestmirror | bool) | ternary('1', '0') }}"
|
|
no_extra_spaces: yes
|
|
when:
|
|
- fastestmirror_plugin_check.stat.exists
|
|
|
|
- name: Disable requiretty for root sudo on centos
|
|
template:
|
|
dest: /etc/sudoers.d/openstack-ansible
|
|
owner: root
|
|
group: root
|
|
mode: "0440"
|
|
src: sudoers.j2
|
|
|
|
# Copy all factored-in GPG keys.
|
|
# KeyID 764429E6 from https://raw.githubusercontent.com/rdo-infra/centos-release-openstack/ocata-rdo/RPM-GPG-KEY-CentOS-SIG-Cloud
|
|
# KeyID 61E8806C from keyserver for rdo-qemu-ev
|
|
- name: If a keyfile is provided, copy the gpg keyfile to the key location
|
|
copy:
|
|
src: "{{ item.keyfile }}"
|
|
dest: "{{ item.key }}"
|
|
mode: '0644'
|
|
with_items: "{{ openstack_hosts_package_repos_keys | selectattr('keyfile','defined') | list }}"
|
|
|
|
- name: Ensure GPG keys have the correct SELinux contexts applied
|
|
command: restorecon -Rv /etc/pki/rpm-gpg/
|
|
# TODO(evrardjp): Be more idempotent
|
|
changed_when: false
|
|
|
|
# Handle gpg keys manually
|
|
- name: Install gpg keys
|
|
rpm_key:
|
|
key: "{{ key.key }}"
|
|
validate_certs: "{{ key.validate_certs | default(omit) }}"
|
|
state: "{{ key.state | default('present') }}"
|
|
with_items: "{{ openstack_hosts_package_repos_keys }}"
|
|
loop_control:
|
|
loop_var: key
|
|
register: _add_yum_keys
|
|
until: _add_yum_keys is success
|
|
retries: 5
|
|
delay: 2
|
|
|
|
- name: Add requirement packages (repositories gpg keys packages, toolkits...)
|
|
package:
|
|
name: "{{ openstack_hosts_package_list | rejectattr('state','equalto','absent') | map(attribute='name') | list }}"
|
|
state: "{{ openstack_hosts_package_state }}"
|
|
|
|
- name: Add yum repositories if they do not exist
|
|
yum_repository:
|
|
name: "{{ repo.name }}"
|
|
file: "{{ repo.file | default(omit) }}"
|
|
description: "{{ repo.description | default(omit) }}"
|
|
baseurl: "{{ repo.baseurl | default(omit) }}"
|
|
mirrorlist: "{{ repo.mirrorlist | default(omit) }}"
|
|
gpgkey: "{{ repo.gpgkey | default(omit) }}"
|
|
gpgcheck: "{{ repo.gpgcheck | default(omit) }}"
|
|
enabled: "{{ repo.enabled | default('yes') }}"
|
|
exclude: "{{ repo.exclude | default(omit) }}"
|
|
priority: "{{ repo.priority | default(99) }}"
|
|
state: "{{ repo.state | default(omit) }}"
|
|
module_hotfixes: "{{ repo.module_hotfixes | default(omit) }}"
|
|
with_items: "{{ openstack_hosts_package_repos }}"
|
|
loop_control:
|
|
loop_var: repo
|
|
register: _adding_repo
|
|
until: _adding_repo is success
|
|
retries: 5
|
|
delay: 2
|
|
|
|
- name: Add dnf extra conf
|
|
blockinfile:
|
|
block: "{{ openstack_hosts_package_manager_default_conf + openstack_hosts_package_manager_extra_conf }}"
|
|
path: /etc/dnf/dnf.conf
|
|
marker: "# {mark} OPENSTACK-ANSIBLE-OPENSTACK_HOSTS MANAGED BLOCK"
|
|
create: yes
|
|
when:
|
|
- openstack_hosts_package_manager_extra_conf | length > 0 or openstack_hosts_package_manager_default_conf | length > 0
|
|
|
|
- name: Add rdo repositories via url
|
|
get_url:
|
|
url: "{{ openstack_hosts_rdo_repo_url }}/delorean.repo"
|
|
dest: /etc/yum.repos.d/rdo.repo
|
|
register: _get_repo
|
|
until: _get_repo is success
|
|
retries: 5
|
|
delay: 2
|
|
when:
|
|
- (install_method | default('source')) == 'distro'
|
|
|
|
- name: Enable PowerTools repository
|
|
command: dnf config-manager --set-enabled "[Pp]ower[Tt]ools"
|
|
changed_when: false
|
|
when:
|
|
- openstack_hosts_power_tool_enable | bool
|
|
- ansible_facts['distribution_major_version'] == "8"
|
|
|
|
- name: Enable CodeReadyBuilder repository
|
|
command: dnf config-manager --set-enabled "crb"
|
|
changed_when: false
|
|
when:
|
|
- openstack_hosts_power_tool_enable | bool
|
|
- ansible_facts['distribution_major_version'] == "9"
|
|
|
|
- name: Create SSL certificate and key directories
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
owner: "{{ item.owner|default(root) }}"
|
|
group: "{{ item.group|default(root) }}"
|
|
mode: "{{ item.mode|default('0755') }}"
|
|
with_items:
|
|
- { path: "/etc/pki/tls/certs", owner: "root", group: "root" }
|
|
- { path: "/etc/pki/tls/private", owner: "root", group: "root" }
|
|
|
|
- name: Create SSL certificate and key directory symlinks
|
|
file:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
state: "link"
|
|
with_items:
|
|
- { src: "/etc/pki/tls/certs", dest: "/etc/ssl/certs" }
|
|
- { src: "/etc/pki/tls/private", dest: "/etc/ssl/private" }
|