From c7b491d4c5271cefdba8d28490ef0b5ff9a6bc03 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Sun, 26 Jan 2025 15:40:50 +0100 Subject: [PATCH] Move variables defenition from playbook level for mcapi proxy Spreading variables across multiple places with a different naming convention adds confusing about their origin and default values. This patch aims to align naming convention as well as defaults defenition on role level rather then partially in playbook and partially in role. Change-Id: I8a665a485cb8028ce7aee62cb9107cd6a482e2e4 --- mcapi_vexxhost/playbooks/mcapi_proxy.yml | 14 +------ mcapi_vexxhost/roles/proxy/defaults/main.yml | 15 +++++++ mcapi_vexxhost/roles/proxy/tasks/main.yml | 40 +++++++++---------- .../roles/proxy/templates/capi_sudoers.j2 | 6 +-- ...st_variables_renamed-14d4f423b2db450d.yaml | 16 ++++++++ 5 files changed, 55 insertions(+), 36 deletions(-) create mode 100644 releasenotes/notes/mcapi_vexxhost_variables_renamed-14d4f423b2db450d.yaml diff --git a/mcapi_vexxhost/playbooks/mcapi_proxy.yml b/mcapi_vexxhost/playbooks/mcapi_proxy.yml index a160de5d..6a54f76e 100644 --- a/mcapi_vexxhost/playbooks/mcapi_proxy.yml +++ b/mcapi_vexxhost/playbooks/mcapi_proxy.yml @@ -20,19 +20,7 @@ # OVN it must be installed to all computes. Override the target hosts # for this play as required - name: Install magnum-cluster-api-proxy - hosts: "{{ magnum_cluster_api_proxy_hosts | default('network_hosts') }}" - vars: - _venv_tag: "{{ venv_tag | default('untagged') }}" - _bin: "/openstack/venvs/magnum-cluster-api-proxy-{{ _venv_tag }}/bin" - magnum_cluster_api_proxy_system_group_name: 'capi_proxy' - magnum_cluster_api_proxy_system_user_name: 'capi_proxy' - magnum_cluster_api_proxy_system_user_comment: 'Magnum Cluster API Proxy System User' - magnum_cluster_api_proxy_system_user_home: '/var/lib/{{ magnum_cluster_api_proxy_system_user_name }}' - magnum_cluster_api_proxy_system_user_shell: '/bin/false' - magnum_cluster_api_proxy_etc_directory: '/etc/capi_proxy' - - k8s_admin_conf_src: "/etc/kubernetes/admin.conf" - k8s_admin_conf_dest: "{{ magnum_cluster_api_proxy_system_user_home }}/.kube/config" + hosts: "{{ mcapi_vexxhost_proxy_hosts | default('network_hosts') }}" environment: "{{ deployment_environment_variables | default({}) }}" tasks: diff --git a/mcapi_vexxhost/roles/proxy/defaults/main.yml b/mcapi_vexxhost/roles/proxy/defaults/main.yml index ed02f18b..ecbc04f5 100644 --- a/mcapi_vexxhost/roles/proxy/defaults/main.yml +++ b/mcapi_vexxhost/roles/proxy/defaults/main.yml @@ -13,6 +13,13 @@ # See the License for the specific language governing permissions and # limitations under the License. +mcapi_vexxhost_proxy_system_group_name: 'capi_proxy' +mcapi_vexxhost_proxy_system_user_name: 'capi_proxy' +mcapi_vexxhost_proxy_system_user_comment: 'Magnum Cluster API Proxy System User' +mcapi_vexxhost_proxy_system_user_home: '/var/lib/{{ mcapi_vexxhost_proxy_system_user_name }}' +mcapi_vexxhost_proxy_system_user_shell: '/bin/false' +mcapi_vexxhost_proxy_etc_directory: '/etc/capi_proxy' + mcapi_vexxhost_proxy_upper_constraints_url: >- {{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }} mcapi_vexxhost_proxy_git_constraints: @@ -24,3 +31,11 @@ mcapi_vexxhost_proxy_git_repo: >- mcapi_vexxhost_proxy_pip_packages: - "{{ 'git+' ~ mcapi_vexxhost_proxy_git_repo ~ '@' ~ mcapi_vexxhost_proxy_install_branch ~ '#egg=magnum-cluster-api' }}" + +mcapi_vexxhost_proxy_venv_tag: "{{ venv_tag | default('untagged') }}" +mcapi_vexxhost_proxy_bin: "/openstack/venvs/magnum-cluster-api-proxy-{{ mcapi_vexxhost_proxy_venv_tag }}/bin" + +mcapi_vexxhost_k8s_conf_src: "{{ k8s_admin_conf_src | default('/etc/kubernetes/admin.conf') }}" +mcapi_vexxhost_k8s_conf_dest: "{{ k8s_admin_conf_dest | default(mcapi_vexxhost_proxy_system_user_home ~ '/.kube/config') }}" + +mcapi_vexxhost_proxy_environment: {} diff --git a/mcapi_vexxhost/roles/proxy/tasks/main.yml b/mcapi_vexxhost/roles/proxy/tasks/main.yml index 71106208..836cae28 100644 --- a/mcapi_vexxhost/roles/proxy/tasks/main.yml +++ b/mcapi_vexxhost/roles/proxy/tasks/main.yml @@ -20,7 +20,7 @@ vars: venv_python_executable: "{{ openstack_venv_python_executable | default('python3') }}" venv_build_constraints: "{{ mcapi_vexxhost_proxy_git_constraints }}" - venv_install_destination_path: "{{ _bin | dirname }}" + venv_install_destination_path: "{{ mcapi_vexxhost_proxy_bin | dirname }}" venv_install_distro_package_list: - haproxy venv_pip_install_args: "{{ pip_install_options | default('') }}" @@ -29,35 +29,35 @@ # create user and group - name: Create the magnum_cluster_api_proxy system group group: - name: "{{ magnum_cluster_api_proxy_system_group_name }}" + name: "{{ mcapi_vexxhost_proxy_system_group_name }}" state: "present" system: "yes" - name: Create the magnum_cluster_api_proxy system user user: - name: "{{ magnum_cluster_api_proxy_system_user_name }}" - group: "{{ magnum_cluster_api_proxy_system_group_name }}" - comment: "{{ magnum_cluster_api_proxy_system_user_comment }}" - shell: "{{ magnum_cluster_api_proxy_system_user_shell }}" + name: "{{ mcapi_vexxhost_proxy_system_user_name }}" + group: "{{ mcapi_vexxhost_proxy_system_group_name }}" + comment: "{{ mcapi_vexxhost_proxy_system_user_comment }}" + shell: "{{ mcapi_vexxhost_proxy_system_user_shell }}" system: "yes" createhome: "yes" - home: "{{ magnum_cluster_api_proxy_system_user_home }}" + home: "{{ mcapi_vexxhost_proxy_system_user_home }}" - name: Create magnum_cluster_api_proxy directories file: path: "{{ item.path }}" state: "directory" - owner: "{{ item.owner | default(magnum_cluster_api_proxy_system_user_name) }}" - group: "{{ item.group | default(magnum_cluster_api_proxy_system_group_name) }}" + owner: "{{ item.owner | default(mcapi_vexxhost_proxy_system_user_name) }}" + group: "{{ item.group | default(mcapi_vexxhost_proxy_system_group_name) }}" mode: "{{ item.mode | default('0750') }}" with_items: - - path: "{{ magnum_cluster_api_proxy_etc_directory }}" - - path: "{{ magnum_cluster_api_proxy_system_user_home }}" - - path: "{{ magnum_cluster_api_proxy_system_user_home }}/.kube" + - path: "{{ mcapi_vexxhost_proxy_etc_directory }}" + - path: "{{ mcapi_vexxhost_proxy_system_user_home }}" + - path: "{{ mcapi_vexxhost_proxy_system_user_home }}/.kube" - name: Collect admin config from k8s cluster slurp: - src: "{{ k8s_admin_conf_src }}" + src: "{{ mcapi_vexxhost_k8s_conf_src }}" register: k8s_admin_conf_slurp delegate_to: "{{ groups['k8s_all'][0] }}" run_once: true @@ -65,9 +65,9 @@ - name: Write k8s admin config to capi_proxy home dir copy: content: "{{ k8s_admin_conf_slurp.content | b64decode }}" - dest: "{{ k8s_admin_conf_dest }}" - owner: "{{ magnum_cluster_api_proxy_system_user_name }}" - group: "{{ magnum_cluster_api_proxy_system_group_name }}" + dest: "{{ mcapi_vexxhost_k8s_conf_dest }}" + owner: "{{ mcapi_vexxhost_proxy_system_user_name }}" + group: "{{ mcapi_vexxhost_proxy_system_group_name }}" mode: '0600' - name: Write capi_proxy sudoers config @@ -80,8 +80,8 @@ import_role: name: systemd_service vars: - systemd_user_name: "{{ magnum_cluster_api_proxy_system_user_name }}" - systemd_group_name: "{{ magnum_cluster_api_proxy_system_group_name }}" + systemd_user_name: "{{ mcapi_vexxhost_proxy_system_user_name }}" + systemd_group_name: "{{ mcapi_vexxhost_proxy_system_group_name }}" systemd_tempd_prefix: openstack systemd_slice_name: magnum-cluster-api-proxy systemd_lock_path: /var/lock/magnum-cluster-api-proxy @@ -92,6 +92,6 @@ systemd_services: - service_name: magnum-cluster-api-proxy execstarts: - - "{{ _bin ~ '/magnum-cluster-api-proxy' }}" + - "{{ mcapi_vexxhost_proxy_bin ~ '/magnum-cluster-api-proxy' }}" start_order: 1 - environment: "{{ magnum_cluster_api_proxy_environment | default({}) }}" + environment: "{{ mcapi_vexxhost_proxy_environment }}" diff --git a/mcapi_vexxhost/roles/proxy/templates/capi_sudoers.j2 b/mcapi_vexxhost/roles/proxy/templates/capi_sudoers.j2 index 9f0863e4..6309357d 100644 --- a/mcapi_vexxhost/roles/proxy/templates/capi_sudoers.j2 +++ b/mcapi_vexxhost/roles/proxy/templates/capi_sudoers.j2 @@ -1,6 +1,6 @@ # {{ ansible_managed }} -Defaults:{{ magnum_cluster_api_proxy_system_user_name }} !requiretty -Defaults:{{ magnum_cluster_api_proxy_system_user_name }} secure_path="{{ _bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +Defaults:{{ mcapi_vexxhost_proxy_system_user_name }} !requiretty +Defaults:{{ mcapi_vexxhost_proxy_system_user_name }} secure_path="{{ mcapi_vexxhost_proxy_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -{{ magnum_cluster_api_proxy_system_user_name }} ALL = (root) NOPASSWD: {{ _bin }}/privsep-helper +{{ mcapi_vexxhost_proxy_system_user_name }} ALL = (root) NOPASSWD: {{ mcapi_vexxhost_proxy_bin }}/privsep-helper diff --git a/releasenotes/notes/mcapi_vexxhost_variables_renamed-14d4f423b2db450d.yaml b/releasenotes/notes/mcapi_vexxhost_variables_renamed-14d4f423b2db450d.yaml new file mode 100644 index 00000000..00543774 --- /dev/null +++ b/releasenotes/notes/mcapi_vexxhost_variables_renamed-14d4f423b2db450d.yaml @@ -0,0 +1,16 @@ +--- +upgrade: + - | + In order to align variable names for ``osa_ops.mcapi_vexxhost.proxy`` role, + following variables were renamed: + + * _venv_tag -> mcapi_vexxhost_proxy_venv_tag + * _bin -> mcapi_vexxhost_proxy_bin + * magnum_cluster_api_proxy_hosts -> mcapi_vexxhost_proxy_hosts + * magnum_cluster_api_proxy_system_group_name -> mcapi_vexxhost_proxy_system_group_name + * magnum_cluster_api_proxy_system_user_name -> mcapi_vexxhost_proxy_system_user_name + * magnum_cluster_api_proxy_system_user_comment -> mcapi_vexxhost_proxy_system_user_comment + * magnum_cluster_api_proxy_system_user_home -> mcapi_vexxhost_proxy_system_user_home + * magnum_cluster_api_proxy_system_user_shell -> mcapi_vexxhost_proxy_system_user_shell + * magnum_cluster_api_proxy_etc_directory -> mcapi_vexxhost_proxy_etc_directory + * magnum_cluster_api_proxy_environment -> mcapi_vexxhost_proxy_environment