openstack/openstack-ansible-openstack_hosts
Code Issues Proposed changes

Merge "Auto-fix usage of modules via FQCN"

Browse Source
This commit is contained in:
Zuul 2025-02-27 21:48:26 +00:00 committed by Gerrit Code Review
commit c387c1a0ea
12 changed files with 76 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
handlers/main.yml
View File

@ -14,13 +14,13 @@
# limitations under the License.
- name: Restart sysstat
service:
ansible.builtin.service:
name: "sysstat"
state: "restarted"
enabled: "yes"
- name: Restart systemd-journald
service:
ansible.builtin.service:
name: systemd-journald
state: restarted
enabled: true
@ -30,5 +30,5 @@
delay: 2
- name: Systemd daemon reload
systemd:
ansible.builtin.systemd:
daemon_reload: true

20
tasks/configure_metal_hosts.yml
View File

@ -14,7 +14,7 @@
# limitations under the License.
- name: Check Kernel Version
fail:
ansible.builtin.fail:
msg: >
Wrong kernel Version found
[ {{ ansible_facts['kernel'] }} < {{ openstack_host_required_kernel }} ]
@ -23,7 +23,7 @@
- ansible_facts['kernel'] is version(openstack_host_required_kernel, '<')
- name: Install distro packages for bare metal nodes
package:
ansible.builtin.package:
name: "{{ openstack_host_metal_distro_packages }}"
state: "{{ openstack_hosts_package_state }}"
register: install_packages
@ -32,7 +32,7 @@
delay: 2
- name: Install user defined extra distro packages for bare metal nodes
package:
ansible.builtin.package:
name: "{{ openstack_host_extra_metal_distro_packages }}"
state: "{{ openstack_hosts_package_state }}"
when:
@ -43,14 +43,14 @@
delay: 2
- name: Check how kernel modules are implemented (statically builtin, dynamic, not set)
slurp:
ansible.builtin.slurp:
src: "/boot/config-{{ ansible_facts['kernel'] }}"
register: modules
when:
- openstack_host_specific_kernel_modules | length > 0
- name: Fail fast if we can't load a module
fail:
ansible.builtin.fail:
msg: "{{ item.pattern }} is not set"
with_items: "{{ openstack_host_specific_kernel_modules }}"
when:
@ -58,7 +58,7 @@
- (modules.content | b64decode).find(item.pattern + ' is not set') != -1
- name: "Load kernel module(s)"
modprobe:
community.general.modprobe:
name: "{{ item.name }}"
with_items: "{{ openstack_host_kernel_modules + openstack_host_specific_kernel_modules }}"
when:
@ -66,13 +66,13 @@
- item.pattern is undefined or (item.pattern is defined and (modules.content | b64decode).find(item.pattern + '=m') != -1)
- name: Write list of modules to load at boot
template:
ansible.builtin.template:
src: modprobe.conf.j2
dest: "{{ openstack_host_module_file }}"
mode: "0644"
- name: Adding new system tuning
sysctl:
ansible.posix.sysctl:
name: "{{ item.key }}"
value: "{{ item.value }}"
sysctl_set: "{{ item.set | default('yes') }}"
@ -83,12 +83,12 @@
failed_when: false
- name: Configure sysstat
include_tasks: openstack_sysstat.yml
ansible.builtin.include_tasks: openstack_sysstat.yml
when:
- openstack_host_sysstat_enabled | bool
- name: Create a directory to hold systemd journals on disk
file:
ansible.builtin.file:
path: /var/log/journal
state: directory
owner: root

34
tasks/main.yml
View File

@ -14,7 +14,7 @@
# limitations under the License.
- name: Gather variables for each operating system
include_vars: "{{ lookup('first_found', params) }}"
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files:
@ -29,7 +29,7 @@
- always
- name: Allow the usage of local facts
file:
ansible.builtin.file:
path: /etc/ansible/facts.d/
state: directory
mode: "0755"
@ -38,13 +38,13 @@
# Deploy the release file everywhere
- name: Importing openstack_release tasks
import_tasks: openstack_release.yml
ansible.builtin.import_tasks: openstack_release.yml
tags:
- openstack_hosts-install
# Proxy configuration applies to all nodes
- name: Add global_environment_variables to environment file
blockinfile:
ansible.builtin.blockinfile:
dest: "/etc/environment"
state: present
marker: "# {mark} Managed by OpenStack-Ansible"
@ -54,7 +54,7 @@
- openstack_hosts-config
- name: Ensure environement is applied during sudo
lineinfile:
ansible.builtin.lineinfile:
path: /etc/pam.d/sudo
line: "session required pam_env.so readenv=1 user_readenv=0"
regexp: "session\\s+required\\s+pam_env\\.so"
@ -62,7 +62,7 @@
when: ansible_facts['distribution'] | lower == 'debian'
- name: Create systemd global directory
file:
ansible.builtin.file:
path: /etc/systemd/system.conf.d/
state: directory
owner: "root"
@ -82,7 +82,7 @@
# Configure host files should apply to all nodes
- name: Configure etc hosts files
include_tasks: openstack_update_hosts_file.yml
ansible.builtin.include_tasks: openstack_update_hosts_file.yml
args:
apply:
tags:
@ -94,7 +94,7 @@
- always
- name: Remove the blacklisted packages
package:
ansible.builtin.package:
name: "{{ openstack_hosts_package_list | selectattr('state', 'equalto', 'absent') | map(attribute='name') | list }}"
state: absent
@ -103,11 +103,11 @@
# It is also used for installing common packages to
# all nodes
- name: Apply package management distro specific configuration
include_tasks: "openstack_hosts_configure_{{ ansible_facts['pkg_mgr'] | lower }}.yml"
ansible.builtin.include_tasks: "openstack_hosts_configure_{{ ansible_facts['pkg_mgr'] | lower }}.yml"
# Configure bare metal nodes: Kernel, sysctl, sysstat, hosts files, metal packages
- name: Including configure_metal_hosts tasks
include_tasks: configure_metal_hosts.yml
ansible.builtin.include_tasks: configure_metal_hosts.yml
args:
apply:
tags:
@ -118,7 +118,7 @@
- always
- name: Decreasing tcp_retries2 sysctl
sysctl:
ansible.posix.sysctl:
name: "net.ipv4.tcp_retries2"
value: "{{ keepalived_sysctl_tcp_retries | default(8) }}"
sysctl_set: true
@ -128,7 +128,7 @@
failed_when: false
- name: Install distro packages
package:
ansible.builtin.package:
name: "{{ openstack_host_distro_packages }}"
state: "{{ openstack_hosts_package_state }}"
when:
@ -139,7 +139,7 @@
delay: 2
- name: Install user defined extra distro packages
package:
ansible.builtin.package:
name: "{{ openstack_host_extra_distro_packages }}"
state: "{{ openstack_hosts_package_state }}"
when:
@ -150,12 +150,12 @@
delay: 2
- name: Importing openstack_authorized_keys tasks
import_tasks: openstack_authorized_keys.yml
ansible.builtin.import_tasks: openstack_authorized_keys.yml
tags:
- openstack_hosts-config
- name: Including PKI role
include_role:
ansible.builtin.include_role:
name: pki
tasks_from: main_ca_install.yml
apply:
@ -168,14 +168,14 @@
- always
- name: Including openstack_gitconfig tasks
include_tasks: openstack_gitconfig.yml
ansible.builtin.include_tasks: openstack_gitconfig.yml
args:
apply:
tags:
- openstack_hosts-config
- name: Including openstack_hosts_systemd tasks
include_tasks: openstack_hosts_systemd.yml
ansible.builtin.include_tasks: openstack_hosts_systemd.yml
args:
apply:
tags:

4
tasks/openstack_authorized_keys.yml
View File

@ -14,7 +14,7 @@
# limitations under the License.
- name: Ensure ssh directory
file:
ansible.builtin.file:
path: "{{ ansible_facts['env']['HOME'] }}/.ssh"
state: "directory"
group: "{{ ansible_facts['user_id'] }}"
@ -22,7 +22,7 @@
mode: "0700"
- name: Update SSH keys
authorized_key:
ansible.posix.authorized_key:
user: "{{ ansible_facts['user'] }}"
state: present
key: "{{ item }}"

6
tasks/openstack_gitconfig.yml
View File

@ -23,14 +23,14 @@
- skip_ansible_lint
- name: Write git config when git is installed
git_config:
community.general.git_config:
scope: system
name: http.https://opendev.org/.userAgent
value: "{{ 'git/' ~ _git_version.stdout.split(' ')[2] ~ ' (osa/' ~ lookup('env', 'OSA_VERSION') ~ '/' ~ component | default('undefined') ~ ')' }}"
when: _git_version.rc == 0
- name: Configure git safe directories
git_config:
community.general.git_config:
scope: system
name: safe.directory
value: "{{ item }}"
@ -40,7 +40,7 @@
- openstack_hosts_git_safe_directories is defined
- name: Write git config when git is not installed
template:
ansible.builtin.template:
src: gitconfig.j2
dest: /etc/gitconfig
mode: "0644"

10
tasks/openstack_hosts_configure_apt.yml
View File

@ -16,7 +16,7 @@
# APT configuration tasks that apply on all nodes.
- name: Ensure /etc/apt/sources.list.d exists
file:
ansible.builtin.file:
path: /etc/apt/sources.list.d
state: directory
owner: root
@ -36,14 +36,14 @@
openstack_hosts_apt_repo_cleanup:
- uca.list
- osbpo.list
file:
ansible.builtin.file:
path: "/etc/apt/sources.list.d/{{ item }}"
state: absent
register: _cleanup_apt_repositories
with_items: "{{ openstack_hosts_apt_repo_cleanup }}"
- name: Add requirement packages (repositories gpg keys, toolkits...)
apt:
ansible.builtin.apt:
name: "{{ openstack_hosts_package_list | rejectattr('state', 'equalto', 'absent') | map(attribute='name') | list }}"
state: "{{ openstack_hosts_package_state }}"
update_cache: true
@ -81,7 +81,7 @@
register: _manage_apt_repositories
- name: Add apt extra conf
copy:
ansible.builtin.copy:
content: "{{ openstack_hosts_package_manager_default_conf + openstack_hosts_package_manager_extra_conf }}"
dest: /etc/apt/apt.conf.d/99openstack-ansible
mode: "0644"
@ -89,7 +89,7 @@
- openstack_hosts_package_manager_extra_conf | length > 0 or openstack_hosts_package_manager_default_conf | length > 0
- name: Update Apt cache
apt:
ansible.builtin.apt:
update_cache: true
when:
- (_manage_apt_repositories is changed) or (_cleanup_apt_repositories is changed)

29
tasks/openstack_hosts_configure_dnf.yml
View File

@ -14,12 +14,12 @@
# limitations under the License.
- name: Check to see if yum's fastestmirror plugin is present
stat:
ansible.builtin.stat:
path: /etc/yum/pluginconf.d/fastestmirror.conf
register: fastestmirror_plugin_check
- name: Configure yum's fastestmirror plugin
ini_file:
community.general.ini_file:
path: /etc/yum/pluginconf.d/fastestmirror.conf
section: main
option: enabled
@ -30,7 +30,7 @@
- fastestmirror_plugin_check.stat.exists
- name: Disable requiretty for root sudo on centos
template:
ansible.builtin.template:
dest: /etc/sudoers.d/openstack-ansible
owner: root
group: root
@ -41,20 +41,19 @@
# KeyID 764429E6 from https://raw.githubusercontent.com/rdo-infra/centos-release-openstack/ocata-rdo/RPM-GPG-KEY-CentOS-SIG-Cloud
# KeyID 61E8806C from keyserver for rdo-qemu-ev
- name: If a keyfile is provided, copy the gpg keyfile to the key location
copy:
ansible.builtin.copy:
src: "{{ item.keyfile }}"
dest: "{{ item.key }}"
mode: "0644"
with_items: "{{ openstack_hosts_package_repos_keys | selectattr('keyfile', 'defined') | list }}"
- name: Ensure GPG keys have the correct SELinux contexts applied
command: restorecon -Rv /etc/pki/rpm-gpg/
# TODO(evrardjp): Be more idempotent
ansible.builtin.command: restorecon -Rv /etc/pki/rpm-gpg/
changed_when: false
# Handle gpg keys manually
- name: Install gpg keys
rpm_key:
ansible.builtin.rpm_key:
key: "{{ key.key }}"
validate_certs: "{{ key.validate_certs | default(omit) }}"
state: "{{ key.state | default('present') }}"
@ -67,12 +66,12 @@
delay: 2
- name: Add requirement packages (repositories gpg keys packages, toolkits...)
package:
ansible.builtin.package:
name: "{{ openstack_hosts_package_list | rejectattr('state', 'equalto', 'absent') | map(attribute='name') | list }}"
state: "{{ openstack_hosts_package_state }}"
- name: Add yum repositories if they do not exist
yum_repository:
ansible.builtin.yum_repository:
name: "{{ repo.name }}"
file: "{{ repo.file | default(omit) }}"
description: "{{ repo.description | default(omit) }}"
@ -94,7 +93,7 @@
delay: 2
- name: Add dnf extra conf
blockinfile:
ansible.builtin.blockinfile:
block: "{{ openstack_hosts_package_manager_default_conf + openstack_hosts_package_manager_extra_conf }}"
path: /etc/dnf/dnf.conf
marker: "# {mark} OPENSTACK-ANSIBLE-OPENSTACK_HOSTS MANAGED BLOCK"
@ -104,7 +103,7 @@
- openstack_hosts_package_manager_extra_conf | length > 0 or openstack_hosts_package_manager_default_conf | length > 0
- name: Add rdo repositories via url for trunk based installation
get_url:
ansible.builtin.get_url:
url: "{{ openstack_hosts_rdo_repo_url }}/delorean.repo"
dest: /etc/yum.repos.d/rdo.repo
mode: "0640"
@ -117,7 +116,7 @@
- openstack_hosts_rdo_repo_type == 'trunk'
- name: Install centos-release-openstack package for cloudsig based installation
package:
ansible.builtin.package:
name:
- centos-release-openstack-{{ openstack_distrib_code_name | lower }}
when:
@ -125,14 +124,14 @@
- openstack_hosts_rdo_repo_type == 'cloudsig'
- name: Enable CodeReadyBuilder repository
command: dnf config-manager --set-enabled "crb"
ansible.builtin.command: dnf config-manager --set-enabled "crb"
changed_when: false
when:
- openstack_hosts_power_tool_enable | bool
- ansible_facts['distribution_major_version'] == "9"
- name: Create SSL certificate and key directories
file:
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner | default(root) }}"
@ -143,7 +142,7 @@
- { path: "/etc/pki/tls/private", owner: "root", group: "root" }
- name: Create SSL certificate and key directory symlinks
file:
ansible.builtin.file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: "link"

19
tasks/openstack_hosts_configure_yum.yml
View File

@ -14,12 +14,12 @@
# limitations under the License.
- name: Check to see if yum's fastestmirror plugin is present
stat:
ansible.builtin.stat:
path: /etc/yum/pluginconf.d/fastestmirror.conf
register: fastestmirror_plugin_check
- name: Configure yum's fastestmirror plugin
ini_file:
community.general.ini_file:
path: /etc/yum/pluginconf.d/fastestmirror.conf
section: main
option: enabled
@ -30,7 +30,7 @@
- fastestmirror_plugin_check.stat.exists
- name: Disable requiretty for root sudo on centos
template:
ansible.builtin.template:
dest: /etc/sudoers.d/openstack-ansible
owner: root
group: root
@ -41,20 +41,19 @@
# KeyID 764429E6 from https://raw.githubusercontent.com/rdo-infra/centos-release-openstack/ocata-rdo/RPM-GPG-KEY-CentOS-SIG-Cloud
# KeyID 61E8806C from keyserver for rdo-qemu-ev
- name: If a keyfile is provided, copy the gpg keyfile to the key location
copy:
ansible.builtin.copy:
src: "{{ item.keyfile }}"
dest: "{{ item.key }}"
mode: "0644"
with_items: "{{ openstack_hosts_package_repos_keys | selectattr('keyfile', 'defined') | list }}"
- name: Ensure GPG keys have the correct SELinux contexts applied
command: restorecon -Rv /etc/pki/rpm-gpg/
# TODO(evrardjp): Be more idempotent
ansible.builtin.command: restorecon -Rv /etc/pki/rpm-gpg/
changed_when: false
# Handle gpg keys manually
- name: Install gpg keys
rpm_key:
ansible.builtin.rpm_key:
key: "{{ key.key }}"
validate_certs: "{{ key.validate_certs | default(omit) }}"
state: "{{ key.state | default('present') }}"
@ -67,12 +66,12 @@
delay: 2
- name: Add requirement packages (repositories gpg keys packages, toolkits...)
package:
ansible.builtin.package:
name: "{{ openstack_hosts_package_list | rejectattr('state', 'equalto', 'absent') | map(attribute='name') | list }}"
state: "{{ openstack_hosts_package_state }}"
- name: Add yum repositories if they do not exist
yum_repository:
ansible.builtin.yum_repository:
name: "{{ repo.name }}"
file: "{{ repo.file | default(omit) }}"
description: "{{ repo.description | default(omit) }}"
@ -92,7 +91,7 @@
delay: 2
- name: Add yum extra conf
blockinfile:
ansible.builtin.blockinfile:
block: "{{ openstack_hosts_package_manager_default_conf + openstack_hosts_package_manager_extra_conf }}"
path: /etc/yum.conf
marker: "# {mark} OPENSTACK-ANSIBLE-OPENSTACK_HOSTS MANAGED BLOCK"

10
tasks/openstack_hosts_systemd.yml
View File

@ -14,7 +14,7 @@
# limitations under the License.
- name: Run the systemd-networkd role
include_role:
ansible.builtin.include_role:
name: systemd_networkd
vars:
systemd_networkd_prefix: "{{ openstack_hosts_systemd_networkd_prefix }}"
@ -27,7 +27,7 @@
- is_metal
- name: Run the systemd-service role
include_role:
ansible.builtin.include_role:
name: systemd_service
vars:
systemd_slice_name: "{{ openstack_hosts_systemd_slice }}"
@ -36,7 +36,7 @@
- openstack_hosts_systemd_services
- name: Run the systemd mount role
include_role:
ansible.builtin.include_role:
name: systemd_mount
vars:
systemd_mounts: "{{ openstack_hosts_systemd_mounts }}"
@ -47,7 +47,7 @@
when: openstack_hosts_journald_config
block:
- name: Create /etc/systemd/journald.conf.d directory
file:
ansible.builtin.file:
path: /etc/systemd/journald.conf.d
state: directory
owner: root
@ -55,7 +55,7 @@
mode: "0755"
- name: Define journald configuration
copy:
ansible.builtin.copy:
content: |-
[Journal]
{% for key, value in openstack_hosts_journald_config.items() %}

4
tasks/openstack_release.yml
View File

@ -14,7 +14,7 @@
# limitations under the License.
- name: Drop openstack release file
template:
ansible.builtin.template:
src: "openstack-release.j2"
dest: "{{ openstack_distrib_file_path }}"
owner: "root"
@ -24,7 +24,7 @@
- openstack_distrib_file | bool
- name: Remove legacy openstack release file
file:
ansible.builtin.file:
path: "{{ openstack_distrib_file_path }}"
state: absent
when:

6
tasks/openstack_sysstat.yml
View File

@ -14,7 +14,7 @@
# limitations under the License.
- name: Enable sysstat config
template:
ansible.builtin.template:
src: "sysstat.default.j2"
dest: "{{ openstack_host_sysstat_file }}"
mode: "0644"
@ -23,14 +23,14 @@
notify: Restart sysstat
- name: Enable sysstat cron
template:
ansible.builtin.template:
src: "{{ openstack_host_cron_template }}"
dest: "{{ openstack_host_sysstat_cron_file }}"
mode: "{{ openstack_host_sysstat_cron_mode }}"
setype: "{{ (ansible_facts['selinux']['status'] == 'enabled') | ternary('system_cron_spool_t', omit) }}"
- name: Start and enable the sysstat service
service:
ansible.builtin.service:
name: sysstat
state: started
enabled: true

6
tasks/openstack_update_hosts_file.yml
View File

@ -15,7 +15,7 @@
- name: Generate hosts file records
run_once: true
set_fact:
ansible.builtin.set_fact:
_etc_hosts_content: |-
{% set records = [] %}
{% set _groups = groups['all'] %}
@ -40,7 +40,7 @@
{{ records }}
- name: Update hosts file
blockinfile:
ansible.builtin.blockinfile:
dest: /etc/hosts
block: "{{ (_etc_hosts_content + openstack_host_custom_hosts_records) | join('\n') }}"
marker: "### {mark} OPENSTACK-ANSIBLE MANAGED BLOCK ###"
@ -48,7 +48,7 @@
- openstack_host_manage_hosts_file | bool
- name: Update hosts file on deploy host
blockinfile:
ansible.builtin.blockinfile:
dest: /etc/hosts
block: "{{ (_etc_hosts_content + openstack_host_custom_hosts_records) | join('\n') }}"
marker: "### {mark} OPENSTACK-ANSIBLE {{ lookup('env', 'OSA_CONFIG_DIR') }} MANAGED BLOCK ###"