forked from openstack/kayobe
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #74 from stackhpc/yoga-backports
Yoga: backport bifrost auth & TLS, ubuntu firewalld
- Loading branch information
Showing
22 changed files
with
116 additions
and
91 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,26 +1,16 @@ | ||
--- | ||
- name: Ensure required Python packages are installed | ||
pip: | ||
name: "{{ item.name }}" | ||
version: "{{ item.version | default(omit) }}" | ||
state: latest | ||
virtualenv: "{{ ironic_inspector_venv }}" | ||
extra_args: "{% if ironic_inspector_upper_constraints_file %}-c {{ ironic_inspector_upper_constraints_file }}{% endif %}" | ||
with_items: | ||
- name: python-ironic-inspector-client | ||
|
||
- name: Ensure introspection rules exist | ||
vars: | ||
ansible_python_interpreter: "{{ ironic_inspector_venv }}/bin/python" | ||
os_ironic_inspector_rule: | ||
auth_type: "{{ ironic_inspector_auth_type }}" | ||
auth: "{{ ironic_inspector_auth }}" | ||
cacert: "{{ ironic_inspector_cacert | default(omit, true) }}" | ||
cloud: "{{ ironic_inspector_cloud | default(omit, true) }}" | ||
interface: "{{ ironic_inspector_interface | default(omit, true) }}" | ||
conditions: "{{ item.conditions }}" | ||
actions: "{{ item.actions }}" | ||
description: "{{ item.description | default(omit) }}" | ||
uuid: "{{ item.uuid | default(item.description | to_uuid) | default(omit) }}" | ||
state: present | ||
inspector_url: "{{ ironic_inspector_url }}" | ||
with_items: "{{ ironic_inspector_rules }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
--- | ||
# Copy the Bifrost clouds.yaml file and CA certificate (if one is in use) to | ||
# the host. This allows us to access the Ironic and Inspector APIs outside of | ||
# the Bifrost container. | ||
- name: Ensure credentials are available on the host | ||
hosts: seed | ||
tags: | ||
- seed-credentials | ||
vars: | ||
openstack_config_dir: "{{ ansible_facts.env.HOME }}/.config/openstack" | ||
tasks: | ||
- name: Ensure OpenStack config directory exists | ||
file: | ||
path: "{{ openstack_config_dir }}" | ||
state: directory | ||
mode: 0700 | ||
|
||
- name: Get clouds.yaml from Bifrost container | ||
command: | ||
cmd: docker exec bifrost_deploy cat /root/.config/openstack/clouds.yaml | ||
changed_when: false | ||
register: clouds_yaml | ||
no_log: true | ||
|
||
- name: Write clouds.yaml | ||
copy: | ||
content: | | ||
{%- set clouds = clouds_yaml.stdout | from_yaml -%} | ||
{%- for cloud in clouds.clouds.keys() | list -%} | ||
{%- if 'cacert' in clouds.clouds[cloud] -%} | ||
{%- set _ = clouds.clouds[cloud].update({'cacert': openstack_config_dir ~ '/bifrost.crt'}) -%} | ||
{%- endif -%} | ||
{%- endfor -%} | ||
{{ clouds | to_nice_yaml }} | ||
dest: "{{ openstack_config_dir }}/clouds.yaml" | ||
mode: 0600 | ||
|
||
- name: Copy CA certificate from Bifrost container | ||
vars: | ||
clouds: "{{ clouds_yaml.stdout | from_yaml }}" | ||
cacerts: "{{ clouds.clouds.values() | selectattr('cacert', 'defined') | map(attribute='cacert') | list }}" | ||
command: | ||
cmd: docker cp bifrost_deploy:{{ cacerts[0] }} {{ openstack_config_dir }}/bifrost.crt | ||
changed_when: false | ||
when: cacerts | length > 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.