Install distro_packages in pre-main
Main tasks are executed in a serial manner, so all keystone containers except the first one end up not having rsync and sshd isntalled, while we attempt to distribute fernet tokens once running against first host. So we move installation of distro_packages to pre-main step that is run in advance without serial approach. This is alternative approach to [1]. [1] https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/889936 Needed-By: https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/889945 Change-Id: Ia53932f60d271b8f2843b880e024caacc7ae5c3f
This commit is contained in:
parent
f66934de35
commit
a51651213d
|
@ -681,3 +681,15 @@ keystone_ssh_keypairs_install_ca: "{{ openstack_ssh_keypairs_authorities }}"
|
|||
keystone_ssh_keypairs_principals:
|
||||
- user: "{{ keystone_system_user_name }}"
|
||||
principals: "{{ keystone_ssh_key_principals | default(['keystone']) }}"
|
||||
|
||||
keystone_ssh_extra_configuration:
|
||||
- regexp: "^PermitRootLogin"
|
||||
line: "PermitRootLogin prohibit-password"
|
||||
- regexp: "^TCPKeepAlive"
|
||||
line: "TCPKeepAlive yes"
|
||||
- regexp: "^UseDNS"
|
||||
line: "UseDNS no"
|
||||
- regexp: "^X11Forwarding"
|
||||
line: "X11Forwarding no"
|
||||
- regexp: "^PasswordAuthentication"
|
||||
line: "PasswordAuthentication no"
|
||||
|
|
|
@ -95,6 +95,11 @@
|
|||
retries: 5
|
||||
delay: 2
|
||||
|
||||
- name: Restart ssh
|
||||
service:
|
||||
name: "sshd"
|
||||
state: "restarted"
|
||||
|
||||
- name: Flush all of the cache in memcached
|
||||
vars:
|
||||
nc_command:
|
||||
|
|
|
@ -13,6 +13,21 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Gather variables for each operating system
|
||||
include_vars: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml"
|
||||
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
|
||||
- "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
|
||||
- "{{ ansible_facts['distribution'] | lower }}.yml"
|
||||
- "{{ ansible_facts['os_family'] | lower }}.yml"
|
||||
paths:
|
||||
- "{{ role_path }}/vars"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: Create system groups
|
||||
group:
|
||||
name: "{{ item }}"
|
||||
|
@ -64,6 +79,29 @@
|
|||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Install distro packages
|
||||
package:
|
||||
name: "{{ keystone_distro_packages }}"
|
||||
state: "{{ keystone_package_state }}"
|
||||
update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}"
|
||||
cache_valid_time: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary(cache_timeout, omit) }}"
|
||||
register: install_packages
|
||||
until: install_packages is success
|
||||
retries: 5
|
||||
delay: 2
|
||||
notify:
|
||||
- Restart ssh
|
||||
|
||||
- name: Adjust sshd configuration in container
|
||||
lineinfile:
|
||||
dest: "/etc/ssh/sshd_config"
|
||||
regexp: "{{ item.regexp }}"
|
||||
line: "{{ item.line }}"
|
||||
state: present
|
||||
with_items: "{{ keystone_ssh_extra_configuration }}"
|
||||
notify:
|
||||
- Restart ssh
|
||||
|
||||
- name: Importing keystone_key_setup tasks
|
||||
import_tasks: keystone_key_setup.yml
|
||||
tags:
|
||||
|
|
Loading…
Reference in New Issue