openstack/openstack-ansible-ops
Code Issues Proposed changes
openstack-ansible-ops/skydive/roles/skydive_common/tasks/main.yml
Kevin Carter 6b92dba1d5
Update skydive to use TLS 
This change implements TLS configurations for skydive. All servers will
get their own certificates signed by the CA as setup on the
`skydive_service_setup_host` node.

> Documentation for TLS configuration can be found here: http://skydive.network/documentation/

Change-Id: I890b4a5d9076b0474ffe5649f9361cb6018c19fe
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2019-01-21 12:43:02 -06:00

118 lines
3.7 KiB
YAML
Raw Blame History

---
# Copyright 2019, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Check for skydive password
fail:
msg: >-
The skydive password is undefined. Set the `skydive_password` option before continuing.
when:
- skydive_password is undefined
tags:
- always
- name: Check for skydive elasticsearch uri
fail:
msg: >-
The elasticsearch backend for skydive is undefined. Set the `skydive_elasticsearch_servers`
option before continuing.
when:
- skydive_elasticsearch_servers is undefined
tags:
- always
- name: Check elasticsearch status
uri:
url: "{{ skydive_elasticsearch_proto }}://{{ skydive_elasticsearch_servers.split(',')[0] }}:{{ skydive_elasticsearch_port }}"
method: GET
status_code: "200"
register: response
changed_when: false
until: response is success
retries: 3
delay: 2
run_once: true
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_distribution | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
- "{{ ansible_os_family | lower }}.yml"
tags:
- always
- name: Ensure distro packages are installed
package:
name: "{{ sykdive_distro_packages }}"
state: "present"
update_cache: "{{ (ansible_pkg_mgr == 'apt') | ternary('yes', omit) }}"
register: _package_task
until: _package_task is success
retries: 3
delay: 2
tags:
- package_install
# NOTE(cloudnull): Locate a clouds.yaml file on the service setup host or localhost.
- name: Check for OpenStack deployment
run_once: true
block:
- name: Slurp clouds file
slurp:
src: "{{ skydive_os_cloud_file }}"
register: clouds_file
delegate_to: "{{ skydive_service_setup_host }}"
rescue:
- name: Slurp clouds file (fallback to localhost)
slurp:
src: "{{ skydive_os_cloud_file }}"
register: clouds_file
delegate_to: "localhost"
ignore_errors: yes
when:
- not (skydive_service_setup_host in ['localhost', '127.0.0.1'])
- name: OpenStack integration notice
debug:
msg: >-
No clouds file found, running without OpenStack integration.
when:
- clouds_file['content'] is undefined
# NOTE(cloudnull): If a clouds file is found the facts for the clouds file will be delegated
# to all hosts throughout the skydive deployment.
- name: Run OpenStack ingetration deployment
run_once: true
block:
- name: Enable OpenStack integration
set_fact:
clouds_yaml: "{{ clouds_file['content'] | b64decode | from_yaml }}"
skydive_auth_type: mykeystone
skydive_openstack_enabled: true
delegate_to: "{{ item }}"
delegate_facts: true
with_items: "{{ ansible_play_hosts }}"
- include_tasks: skydive_keystone.yml
when:
- clouds_file['content'] is defined
- include_tasks: skydive_setup.yml
- include_tasks: skydive_ssl.yml
View Git Blame Copy Permalink