toallab-openstack/devstack_setup.yml

---
- name: Update packages on compute and control nodes
  hosts: control, compute
  become: true

  tasks:
#    - name: Add RDO Antelope repo to dnf
#      ansible.builtin.dnf:
#        name: 'https://www.rdoproject.org/repos/rdo-release.el9.rpm'
#        state: present
#        disable_gpg_check: true

    - name: Update all packages
      ansible.builtin.package:
        name: '*'
        state: latest

    - name: Install full curl package with allowerasing
      ansible.builtin.dnf:
        name: curl
        state: present
        allowerasing: true

    - name: Packages installed
      ansible.builtin.dnf:
        name: "{{ install_packages }}"
        state: present
        allowerasing: true

# TODO: Properly handle getting kmod from centos-kmod-rebuild

# TODO: Restart NetworkManager service if NetworkManager-ovs package is updated

    - name: Create stack user for admin
      ansible.builtin.user:
        name: stack
        shell: /bin/bash
        home: /opt/stack
        comment: Openstack Administration

    - name: Give passwordless sudo access to stack user
      community.general.sudoers:
        name: stack
        commands: ALL
        runas: root
        user: stack
        state: present

    # - name: OpenVSwitch Service enabled and started
    #   ansible.builtin.service:
    #     name: openvswitch
    #     state: started
    #     enabled: true

- name: Bootstrap Network configuration
  hosts: all
  become: true

  roles:
    - fedora.linux_system_roles.network

 # TODO: Fix this
    # - name: Install openstack admin ssh key
    #   ansible.posix.authorized_key:
    #     user: root
    #     key: "{{ lookup('file', '{{ item }}') }}"
    #     state: present
    #   with_fileglob:
    #     - openstack_admin.pub


- name: Prepare for openstack-ansible deployment
  hosts: control
  become: true

  tasks:
    - name: Disable and mask firewalld
      ansible.builtin.systemd:
        name: firewalld
        enabled: false
        masked: true
        state: stopped

    - name: Enable SELinux
      ansible.posix.selinux:
        state: permissive
        policy: targeted

    # Fix this
    # - name: Copy ssh key to .ssh directory
    #   ansible.builtin.copy:
    #     content: "{{ openssh_private_key }}"
    #     dest: /root/.ssh/openstack_admin
    #     owner: root
    #     group: root
    #     mode: '0600'

    # - name: Copy public key to .ssh directory
    #   ansible.builtin.copy:
    #     src: openstack_admin.pub
    #     dest: /root/.ssh/id_rsa.pub
    #     owner: root
    #     group: root
    #     mode: '0600'

    - name: Add /usr/local/bin to bashrc PATH
      ansible.builtin.lineinfile:
        path: /etc/bashrc
        line: PATH="${PATH}:/usr/local/sbin:/usr/local/bin"
        state: present
        insertafter: EOF
        create: true

    - name: Clone openstack-ansible repo into /opt/openstack-ansible
      ansible.builtin.git:
        repo: https://opendev.org/openstack/openstack-ansible
        dest: /opt/openstack-ansible
        version: "{{ openstack_ansible_version }}"
        force: true

    - name: Execute bootstrap script
      ansible.builtin.command:
        cmd: '/opt/openstack-ansible/scripts/bootstrap-ansible.sh'
        creates: /usr/local/bin/openstack-ansible

    - name: /etc/openstack_deploy exists
      ansible.builtin.file:
        path: /etc/openstack_deploy
        state: directory
        mode: '0755'
        owner: stack
        group: stack

    - name: Copy files to /etc/openstack_deploy directory
      ansible.builtin.copy:
        src: '{{ item }}'
        dest: /etc/openstack_deploy/{{ item }}
        mode: '0600'
        owner: stack
        group: stack
      with_items:
        - openstack_user_config.yml
        - user_secrets.yml
        - user_variables.yml

- name: Prepare compute hosts
  hosts: compute
  become: true