4f98f08ffa
1.Fix the invalid value about selinux policy 2.Update description of task about selinux.The permissive mode need enable selinux.The parameter named "disable_selinux" is not good. In order to customize selinux modes, we need a new parameter named "selinux_state". Closes-Bug: #1749046 Change-Id: I20c084cf2e46cc0de149afbd34c6dcb77a1051f4
133 lines
2.6 KiB
YAML
133 lines
2.6 KiB
YAML
---
|
|
- name: Ensure docker service directory exists
|
|
file:
|
|
path: /etc/systemd/system/docker.service.d
|
|
state: directory
|
|
recurse: yes
|
|
become: True
|
|
|
|
- name: Check dockerd exists
|
|
stat: path=/usr/bin/dockerd
|
|
register: dockerd_exists
|
|
|
|
- name: Setting docker daemon name
|
|
set_fact:
|
|
docker_binary_name: "dockerd"
|
|
when:
|
|
dockerd_exists.stat.exists == True
|
|
|
|
- name: Configure docker service
|
|
become: True
|
|
template:
|
|
src: docker_systemd_service.j2
|
|
dest: /etc/systemd/system/docker.service.d/kolla.conf
|
|
register: docker_configured
|
|
|
|
- name: Reload docker service file
|
|
become: True
|
|
command: systemctl daemon-reload
|
|
|
|
- name: Get stat of libvirtd apparmor profile
|
|
stat:
|
|
path: /etc/apparmor.d/usr.sbin.libvirtd
|
|
register: apparmor_libvirtd_profile
|
|
when: ansible_distribution == "Ubuntu"
|
|
|
|
- name: Remove apparmor profile for libvirt
|
|
command: apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd
|
|
become: True
|
|
when:
|
|
- ansible_distribution == "Ubuntu"
|
|
- apparmor_libvirtd_profile.stat.exists
|
|
|
|
- name: Create docker group
|
|
group:
|
|
name: docker
|
|
become: True
|
|
|
|
- name: Add kolla user to docker group
|
|
user:
|
|
name: kolla
|
|
append: yes
|
|
groups: docker
|
|
become: True
|
|
when: create_kolla_user | bool
|
|
|
|
- name: Start docker
|
|
service:
|
|
name: docker
|
|
state: started
|
|
become: True
|
|
|
|
- name: Restart docker
|
|
service:
|
|
name: docker
|
|
state: restarted
|
|
become: True
|
|
when: docker_configured.changed
|
|
|
|
- name: Enable docker
|
|
service:
|
|
name: docker
|
|
enabled: yes
|
|
become: True
|
|
|
|
- name: Stop time service
|
|
service:
|
|
name: ntp
|
|
state: stopped
|
|
become: True
|
|
when:
|
|
- ansible_os_family == "Debian"
|
|
- enable_host_ntp | bool
|
|
|
|
- name: Stop time service
|
|
service:
|
|
name: ntpd
|
|
state: stopped
|
|
become: True
|
|
when:
|
|
- ansible_os_family == "RedHat"
|
|
- enable_host_ntp | bool
|
|
|
|
- name: Synchronizing time one-time
|
|
command: ntpd -gq
|
|
become: True
|
|
when: enable_host_ntp | bool
|
|
|
|
- name: Start time sync service
|
|
service:
|
|
name: ntp
|
|
state: started
|
|
enabled: yes
|
|
become: True
|
|
when:
|
|
- ansible_os_family == "Debian"
|
|
- enable_host_ntp | bool
|
|
|
|
- name: Start time sync service
|
|
service:
|
|
name: ntpd
|
|
state: started
|
|
enabled: yes
|
|
become: True
|
|
when:
|
|
- ansible_os_family == "RedHat"
|
|
- enable_host_ntp | bool
|
|
|
|
- name: Change state of selinux
|
|
selinux:
|
|
policy: targeted
|
|
state: "{{ selinux_state }}"
|
|
become: true
|
|
when:
|
|
- change_selinux | bool
|
|
- ansible_os_family == "RedHat"
|
|
|
|
- name: Reboot
|
|
command: reboot -f
|
|
become: True
|
|
when:
|
|
- reboot_required is defined
|
|
- reboot_required | bool
|