openstack/openstack-ansible-ops
Code Issues Proposed changes
openstack-ansible-ops/mcapi_vexxhost/roles/proxy/tasks/main.yml
Dmitriy Rabotyagov c7b491d4c5 Move variables defenition from playbook level for mcapi proxy 
Spreading variables across multiple places with a different
naming convention adds confusing about their origin and
default values.

This patch aims to align naming convention as well as defaults
defenition on role level rather then partially in playbook and partially
in role.

Change-Id: I8a665a485cb8028ce7aee62cb9107cd6a482e2e4
2025-02-03 12:26:10 +00:00

98 lines
3.5 KiB
YAML
Raw Blame History

---
# Copyright 2023, BBC R&D
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# create virtualenv
- name: Install the python venv
import_role:
name: "python_venv_build"
vars:
venv_python_executable: "{{ openstack_venv_python_executable | default('python3') }}"
venv_build_constraints: "{{ mcapi_vexxhost_proxy_git_constraints }}"
venv_install_destination_path: "{{ mcapi_vexxhost_proxy_bin | dirname }}"
venv_install_distro_package_list:
- haproxy
venv_pip_install_args: "{{ pip_install_options | default('') }}"
venv_pip_packages: "{{ mcapi_vexxhost_proxy_pip_packages }}"
# create user and group
- name: Create the magnum_cluster_api_proxy system group
group:
name: "{{ mcapi_vexxhost_proxy_system_group_name }}"
state: "present"
system: "yes"
- name: Create the magnum_cluster_api_proxy system user
user:
name: "{{ mcapi_vexxhost_proxy_system_user_name }}"
group: "{{ mcapi_vexxhost_proxy_system_group_name }}"
comment: "{{ mcapi_vexxhost_proxy_system_user_comment }}"
shell: "{{ mcapi_vexxhost_proxy_system_user_shell }}"
system: "yes"
createhome: "yes"
home: "{{ mcapi_vexxhost_proxy_system_user_home }}"
- name: Create magnum_cluster_api_proxy directories
file:
path: "{{ item.path }}"
state: "directory"
owner: "{{ item.owner | default(mcapi_vexxhost_proxy_system_user_name) }}"
group: "{{ item.group | default(mcapi_vexxhost_proxy_system_group_name) }}"
mode: "{{ item.mode | default('0750') }}"
with_items:
- path: "{{ mcapi_vexxhost_proxy_etc_directory }}"
- path: "{{ mcapi_vexxhost_proxy_system_user_home }}"
- path: "{{ mcapi_vexxhost_proxy_system_user_home }}/.kube"
- name: Collect admin config from k8s cluster
slurp:
src: "{{ mcapi_vexxhost_k8s_conf_src }}"
register: k8s_admin_conf_slurp
delegate_to: "{{ groups['k8s_all'][0] }}"
run_once: true
- name: Write k8s admin config to capi_proxy home dir
copy:
content: "{{ k8s_admin_conf_slurp.content | b64decode }}"
dest: "{{ mcapi_vexxhost_k8s_conf_dest }}"
owner: "{{ mcapi_vexxhost_proxy_system_user_name }}"
group: "{{ mcapi_vexxhost_proxy_system_group_name }}"
mode: '0600'
- name: Write capi_proxy sudoers config
template:
src: capi_sudoers.j2
dest: /etc/sudoers.d/capi_proxy_sudoers
# create service
- name: Run the systemd service role
import_role:
name: systemd_service
vars:
systemd_user_name: "{{ mcapi_vexxhost_proxy_system_user_name }}"
systemd_group_name: "{{ mcapi_vexxhost_proxy_system_group_name }}"
systemd_tempd_prefix: openstack
systemd_slice_name: magnum-cluster-api-proxy
systemd_lock_path: /var/lock/magnum-cluster-api-proxy
systemd_service_cpu_accounting: true
systemd_service_block_io_accounting: true
systemd_service_memory_accounting: true
systemd_service_tasks_accounting: true
systemd_services:
- service_name: magnum-cluster-api-proxy
execstarts:
- "{{ mcapi_vexxhost_proxy_bin ~ '/magnum-cluster-api-proxy' }}"
start_order: 1
environment: "{{ mcapi_vexxhost_proxy_environment }}"
View Git Blame Copy Permalink