182 lines
5.5 KiB
YAML
182 lines
5.5 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Gather variables for each operating system
|
|
include_vars: "{{ lookup('first_found', params) }}"
|
|
vars:
|
|
params:
|
|
files:
|
|
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml"
|
|
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
|
|
- "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
|
|
- "{{ ansible_facts['distribution'] | lower }}.yml"
|
|
- "{{ ansible_facts['os_family'] | lower }}.yml"
|
|
paths:
|
|
- "{{ role_path }}/vars"
|
|
tags:
|
|
- always
|
|
|
|
- name: Allow the usage of local facts
|
|
file:
|
|
path: /etc/ansible/facts.d/
|
|
state: directory
|
|
tags:
|
|
- openstack_hosts-install
|
|
|
|
# Deploy the release file everywhere
|
|
- import_tasks: openstack_release.yml
|
|
tags:
|
|
- openstack_hosts-install
|
|
|
|
# Proxy configuration applies to all nodes
|
|
- name: Add global_environment_variables to environment file
|
|
blockinfile:
|
|
dest: "/etc/environment"
|
|
state: present
|
|
marker: "# {mark} Managed by OpenStack-Ansible"
|
|
insertbefore: EOF
|
|
block: "{{ lookup('template', 'environment.j2') }}"
|
|
tags:
|
|
- openstack_hosts-config
|
|
|
|
- name: Ensure environement is applied during sudo
|
|
lineinfile:
|
|
path: /etc/pam.d/sudo
|
|
line: "session required pam_env.so readenv=1 user_readenv=0"
|
|
regexp: 'session\s+required\s+pam_env\.so'
|
|
insertbefore: '^@include'
|
|
when: ansible_facts['distribution'] | lower == 'debian'
|
|
|
|
# NOTE(jrosser) Remove this task when https://access.redhat.com/errata/RHBA-2022:4082
|
|
# has a fix merged to Centos-9 as well as RHEL.
|
|
- name: Ensure environement is applied during su
|
|
community.general.pamd:
|
|
name: su
|
|
type: auth
|
|
control: sufficient
|
|
module_path: pam_rootok.so
|
|
new_type: auth
|
|
new_control: required
|
|
new_module_path: pam_env.so
|
|
state: before
|
|
when:
|
|
- ansible_facts['distribution'] == 'CentOS'
|
|
- ansible_facts['distribution_version'] == '9'
|
|
|
|
- name: Create systemd global directory
|
|
file:
|
|
path: /etc/systemd/system.conf.d/
|
|
state: directory
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0755"
|
|
|
|
- name: Add DefaultEnvironment to systemd
|
|
openstack.config_template.config_template:
|
|
src: systemd-environment.j2
|
|
dest: /etc/systemd/system.conf.d/osa-default-environment.conf
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
config_overrides: "{{ openstack_systemd_global_overrides }}"
|
|
config_type: ini
|
|
notify: Systemd daemon reload
|
|
|
|
# Configure host files should apply to all nodes
|
|
- name: Configure etc hosts files
|
|
include_tasks: openstack_update_hosts_file.yml
|
|
args:
|
|
apply:
|
|
tags:
|
|
- openstack_hosts-config
|
|
when:
|
|
- (openstack_host_manage_hosts_file | bool) or (openstack_host_manage_deploy_hosts_file | bool)
|
|
tags:
|
|
- always
|
|
|
|
- name: Remove the blacklisted packages
|
|
package:
|
|
name: "{{ openstack_hosts_package_list | selectattr('state','equalto','absent') | map(attribute='name') | list }}"
|
|
state: absent
|
|
|
|
# This allows to include this role to get all the distro
|
|
# specific configuration for all the nodes.
|
|
# It is also used for installing common packages to
|
|
# all nodes
|
|
- name: Apply package management distro specific configuration
|
|
include_tasks: "openstack_hosts_configure_{{ ansible_facts['pkg_mgr'] | lower }}.yml"
|
|
|
|
# Configure bare metal nodes: Kernel, sysctl, sysstat, hosts files, metal packages
|
|
- include_tasks: configure_metal_hosts.yml
|
|
args:
|
|
apply:
|
|
tags:
|
|
- openstack_hosts-install
|
|
when:
|
|
- is_metal
|
|
tags:
|
|
- always
|
|
|
|
- name: Decreasing tcp_retries2 sysctl
|
|
sysctl:
|
|
name: "net.ipv4.tcp_retries2"
|
|
value: "{{ keepalived_sysctl_tcp_retries | default(8) }}"
|
|
sysctl_set: yes
|
|
state: "{{ (keepalived_sysctl_tcp_retries | default(8) > 0) | ternary('present', 'absent') }}"
|
|
reload: yes
|
|
failed_when: false
|
|
|
|
- name: Install distro packages
|
|
package:
|
|
name: "{{ openstack_host_distro_packages }}"
|
|
state: "{{ openstack_hosts_package_state }}"
|
|
when:
|
|
- openstack_host_distro_packages | length > 0
|
|
register: install_packages
|
|
until: install_packages is success
|
|
retries: 5
|
|
delay: 2
|
|
|
|
- name: Install user defined extra distro packages
|
|
package:
|
|
name: "{{ openstack_host_extra_distro_packages }}"
|
|
state: "{{ openstack_hosts_package_state }}"
|
|
when:
|
|
- openstack_host_extra_distro_packages | length > 0
|
|
register: install_packages
|
|
until: install_packages is success
|
|
retries: 5
|
|
delay: 2
|
|
|
|
- import_tasks: openstack_authorized_keys.yml
|
|
tags:
|
|
- openstack_hosts-config
|
|
|
|
- include_role:
|
|
name: pki
|
|
tasks_from: main_ca_install.yml
|
|
vars:
|
|
pki_dir: "{{ openstack_pki_dir }}"
|
|
pki_install_ca: "{{ openstack_pki_install_ca | default([]) + openstack_host_ca_certificates }}"
|
|
tags:
|
|
- always
|
|
|
|
- include_tasks: openstack_gitconfig.yml
|
|
args:
|
|
apply:
|
|
tags:
|
|
- openstack_hosts-config
|
|
when: ansible_facts['hostname'] != 'aio1'
|