dev-install/playbooks/local_os_client.yaml at 6f49eab811e4271bca5f78e3d9ae8681ca196e99 · shiftstack/dev-install · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
---
- hosts: standalone
  become: true
  become_user: stack
  gather_facts: false
  vars_files: vars/defaults.yaml
  name: Grab the remote clouds.yaml
  tasks:
    - name: Read clouds.yaml from standalone host
      ansible.builtin.slurp:
        src: /home/stack/.config/openstack/clouds.yaml
      register: cloudsyaml

    - name: Create fact for cloudsyaml
      ansible.builtin.set_fact:
        cloudsyaml: "{{ cloudsyaml['content'] | b64decode | from_yaml }}"

    - name: Grab the CA certificate
      when: ssl_enabled
      block:
        - name: Read CA certificate
          ansible.builtin.slurp:
            src: "{{ ssl_ca_cert_path }}"
          register: ssl_ca_cert_output
        - name: Set fact for CA cert
          ansible.builtin.set_fact:
            ssl_ca_cert: "{{ ssl_ca_cert_output['content'] | b64decode }}"
        - name: Copy CA cert into PKI
          when: update_local_pki
          become: true
          become_user: root
          delegate_to: localhost
          ansible.builtin.copy:
            dest: "{{ ssl_ca_cert_path }}"
            content: "{{ ssl_ca_cert }}"
            mode: '444'
            owner: root
            group: root
        - name: Update CA trust # noqa no-changed-when
          when: update_local_pki
          become: true
          become_user: root
          delegate_to: localhost
          ansible.builtin.command: update-ca-trust extract

- hosts: localhost
  gather_facts: false
  vars_files: vars/defaults.yaml
  name: Configure the local clouds.yaml
  tasks:
    - name: Load Ansible env
      ansible.builtin.setup:
        filter: ansible_env

    - name: Ensure ~/.config/openstack dir exists
      ansible.builtin.file:
        path: "{{ ansible_env.HOME }}/.config/openstack"
        state: directory
        mode: '755'

    - name: Set path of local clouds.yaml
      ansible.builtin.set_fact:
        cloudsyamlpath: "{{ ansible_env.HOME }}/.config/openstack/clouds.yaml"

    - name: Initialise cloudsyaml
      block:
        - name: Read local cloudsyaml
          ansible.builtin.set_fact:
            cloudsyaml: "{{ lookup('file', cloudsyamlpath) | from_yaml }}"
      rescue:
        - name: Initialise empty cloudsyaml
          ansible.builtin.set_fact:
            cloudsyaml: "{{ {'clouds': {}} }}"

    - name: Configure cacert locally
      when: ssl_enabled
      block:
        - name: Set local path of cacert
          ansible.builtin.set_fact:
            cacert_path: "{{ ansible_env.HOME }}/.config/openstack/{{ local_cloudname }}-ca.crt"

        - name: Copy CA cert into local config directory
          ansible.builtin.copy:
            dest: "{{ cacert_path }}"
            content: "{{ hostvars['standalone']['ssl_ca_cert'] }}"
            mode: '644'

        - name: Set cacert in clouds.yaml
          ansible.builtin.set_fact:
            set_cacert: "{{ {'cacert': cacert_path} }}"

    - name: Don't set cacert in clouds.yaml
      when: not ssl_enabled
      ansible.builtin.set_fact:
      vars:
        set_cacert: {}

    - name: Merge standalone from remote clouds.yaml into local clouds.yaml entry {{ local_cloudname }}
      ansible.builtin.set_fact:
        cloudsyaml: "{{ cloudsyaml | combine({'clouds': {local_cloudname + '-admin': standalone}}, recursive=true) }}"
      vars:
        standalone: "{{ hostvars['standalone']['cloudsyaml']['clouds']['standalone'] | combine(set_cacert) }}"
      when: "'standalone' in hostvars['standalone']['cloudsyaml']['clouds']"

    - name: Merge openshift from remote clouds.yaml into local clouds.yaml entry {{ local_cloudname }}
      ansible.builtin.set_fact:
        cloudsyaml: "{{ cloudsyaml | combine({'clouds': {local_cloudname: openshift}}, set_cacert, recursive=true) }}"
      vars:
        openshift: "{{ hostvars['standalone']['cloudsyaml']['clouds']['openshift'] | combine(set_cacert) }}"
      when: "'openshift' in hostvars['standalone']['cloudsyaml']['clouds']"

    - name: Update local clouds.yaml
      ansible.builtin.copy:
        dest: "{{ cloudsyamlpath }}"
        content: "{{ cloudsyaml | to_nice_yaml }}"
        mode: '0755'

    - name: Install openstack client locally
      become: true
      ansible.builtin.package:
        name: python-openstackclient

    - name: Create the scripts if it does not exist
      ansible.builtin.file:
        path: ../scripts
        state: directory
        mode: '755'

    - name: Write sshuttle script
      ansible.builtin.template:
        src: sshuttle-standalone.sh.j2
        dest: ../scripts/sshuttle-standalone.sh
        mode: '0755'

    - name: Write openstack environment script
      ansible.builtin.template:
        src: env.sh.j2
        dest: ../scripts/env.sh
        mode: '0644'

    - name: Print useful infos
      ansible.builtin.debug:
        msg:
          - "{{ cloudsyamlpath }} has been updated."
          - "To connect to your cloud set OS_CLOUD={{ local_cloudname }} and update your local routes."
          - "For convenience:"
          - "  `scripts/sshuttle-standalone.sh` will start a correctly configure sshuttle."
          - "  `source scripts/env.sh` will set OS_CLOUD correctly."