openstack
/
tripleo-quickstart
Code Issues Proposed changes
tripleo-quickstart/roles/provision/remote/tasks/main.yml

126 lines
3.7 KiB
YAML
Raw Blame History

# Create `virt_host_key`, which we will use to log in to the target
# host. Note that this tasks runs on the ansible control host
# (because of the `delegate_to: localhost`), and we will later copy
# the public key to the appropriate location.
- name: Create virthost access key
delegate_to: localhost
command: >
ssh-keygen -f {{ virt_host_key }} -N ''
-C 'ansible_generated_virt_host'
-t rsa -b 4096
args:
creates: "{{ virt_host_key }}"
- name: Ensure tuned is installed
package:
name: "tuned"
state: "present"
become: true
- name: Ensure tuned is enabled and started
service:
name: "tuned"
enabled: "yes"
state: "started"
become: true
- name: Retrieve current tuned profile
command: tuned-adm active
register: tuned
changed_when: False
- name: Set tuned profile if not already set
command: tuned-adm profile "{{ tuned_profile }}"
become: true
when: tuned.stdout.find("{{ tuned_profile }}") != 1
# Create a non-root user on the target host. This is the user that
# will own the virtual infrastructure on which we deploy openstack.
- name: Create non-root user
user:
name: "{{ non_root_user }}"
state: present
shell: /bin/bash
become: true
- name: Get the non-root user UID
command: "id {{ non_root_user }} -u"
register: non_root_user_uid_output
changed_when: false
- name: Save the non-root user UID
set_fact:
non_root_user_uid: "{{ non_root_user_uid_output.stdout }}"
# Install the public component of `virt_host_key` in the
# `.ssh/authorized_keys` file for the non-root user.
- name: Configure non-root user authorized_keys
authorized_key:
user: "{{ ssh_user }}"
key: "{{ lookup('file', virt_host_key|quote + '.pub')|default('') }}"
become: true
- name: Ensure polkit packages are installed
package:
name: "polkit"
state: "present"
become: true
# This lets the non-root user access the `qemu://system` endpoint. We
# don't need this with the default configuration (which uses
# `qemu://session`), but this permits things to work if someone
# explicitly passes in `libvirt_uri`.
- name: Grant libvirt privileges to non-root user
template:
src: libvirt.pkla.j2
dest: "/etc/polkit-1/localauthority/50-local.d/50-{{ non_root_user }}-libvirt.pkla"
become: true
- name: Ensure XDG_RUNTIME_DIR is set
blockinfile:
dest: .bashrc
create: true
block: |
# Setting up XDG_RUNTIME_DIR for creating non-essential runtime files and other file objects in accordance with
# https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
if [[ -z "${XDG_RUNTIME_DIR}" && -d "/run/user/${UID}" ]] ; then
export XDG_RUNTIME_DIR="/run/user/${UID}"
fi
become: true
become_user: "{{ non_root_user }}"
# I'm not always root, but when I am it's because of `sudo`.
- name: Grant sudo privileges to non-root user
copy:
content: |
{{ non_root_user }} ALL=(ALL) NOPASSWD:ALL
dest: /etc/sudoers.d/{{ non_root_user }}
owner: root
group: root
mode: 0440
become: true
# This replaces the inventory entry for the virthost. The original
# entry had `ansible_user: root`, but from now on we will connect as
# the non-root user.
- name: Re-add the virthost to the inventory
add_host:
name: "{{ virthost }}"
groups: "virthost"
ansible_fqdn: "{{ virthost }}"
ansible_user: "{{ ssh_user }}"
ansible_host: "{{ virthost }}"
ansible_private_key_file: "{{ virt_host_key }}"
# Create the volume pool directory if it doesn't already exist. This
# will be the target of the libvirt volume pool we create in the next
# task.
- name: Ensure volume pool directory exists
file:
path: "{{ libvirt_volume_path }}"
state: directory
owner: "{{ non_root_user }}"
group: "{{ non_root_group }}"
become: true
View Git Blame Copy Permalink