diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml
index 9548acc22748d0192a0e9d571e526eeb982b32c6..36ff1f2241e9af50f1875ff66e9b3c7ccf5dc49b 100644
--- a/ansible/roles/baremetal/defaults/main.yml
+++ b/ansible/roles/baremetal/defaults/main.yml
@@ -37,6 +37,7 @@ redhat_pkg_install:
- git
- python-setuptools
- ntp
+ - sudo
ubuntu_pkg_removals:
- lxd
diff --git a/ansible/roles/baremetal/tasks/post-install.yml b/ansible/roles/baremetal/tasks/post-install.yml
index 04d44c3485aa813fe053534aa649d32499260673..fa208018bd9a8d0a31ec89c0331b667023733ac5 100644
--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@@ -1,4 +1,56 @@
---
+- name: Create kolla user
+ user:
+ name: "{{ kolla_user }}"
+ state: present
+ group: "{{ kolla_group }}"
+ groups: "sudo"
+ become: True
+ when: create_kolla_user | bool
+
+- name: Add public key to kolla user authorized keys
+ authorized_key:
+ user: "{{ kolla_user }}"
+ key: "{{ kolla_ssh_key.public_key }}"
+ become: True
+ when: create_kolla_user | bool
+
+- name: Create sudoers profile for user kolla
+ file:
+ path: /etc/sudoers.d/kolla-ansible-users
+ state: touch
+ become: True
+ when: create_kolla_user | bool
+
+- name: Grant kolla user passwordless sudo
+ lineinfile:
+ dest: /etc/sudoers.d/kolla-ansible-users
+ state: present
+ regexp: '^{{ kolla_group }}'
+ line: '{{ kolla_group }} ALL=(ALL) NOPASSWD: ALL'
+ become: True
+ when: create_kolla_user | bool
+
+- name: Ensure node_config_directory directory exists for user kolla
+ file:
+ path: "{{ node_config_directory }}"
+ state: directory
+ recurse: yes
+ owner: "{{ kolla_user }}"
+ group: "{{ kolla_group }}"
+ mode: 0755
+ become: True
+ when: create_kolla_user | bool
+
+- name: Ensure node_config_directory directory exists
+ file:
+ path: "{{ node_config_directory }}"
+ state: directory
+ recurse: yes
+ mode: 0644
+ become: True
+ when: not create_kolla_user | bool
+
- name: Ensure docker service directory exists
file:
path: /etc/systemd/system/docker.service.d
diff --git a/ansible/roles/baremetal/tasks/pre-install.yml b/ansible/roles/baremetal/tasks/pre-install.yml
index a471a7da57c37259bdf1ae449b9f598ac4a1d99b..8e5065646f6861f2135c98a3b8086f56c4b4791d 100644
--- a/ansible/roles/baremetal/tasks/pre-install.yml
+++ b/ansible/roles/baremetal/tasks/pre-install.yml
@@ -47,31 +47,6 @@
become: True
when: create_kolla_user | bool
-- name: Create kolla user
- user:
- name: "{{ kolla_user }}"
- state: present
- group: "{{ kolla_group }}"
- groups: "sudo"
- become: True
- when: create_kolla_user | bool
-
-- name: Grant kolla user passwordless sudo
- lineinfile:
- dest: /etc/sudoers
- state: present
- regexp: '^{{ kolla_group }}'
- line: '{{ kolla_group }} ALL=(ALL) NOPASSWD: ALL'
- become: True
- when: create_kolla_user | bool
-
-- name: Add public key to kolla user authorized keys
- authorized_key:
- user: "{{ kolla_user }}"
- key: "{{ kolla_ssh_key.public_key }}"
- become: True
- when: create_kolla_user | bool
-
- name: Install apt packages
apt:
update_cache: yes
@@ -133,23 +108,3 @@
key: "{{ docker_yum_url }}/gpg"
become: True
when: ansible_os_family == 'RedHat'
-
-- name: Ensure node_config_directory directory exists
- file:
- path: "{{ node_config_directory }}"
- state: directory
- recurse: yes
- owner: "{{ kolla_user }}"
- group: "{{ kolla_group }}"
- mode: 0755
- become: True
- when: create_kolla_user | bool
-
-- name: Ensure node_config_directory directory exists
- file:
- path: "{{ node_config_directory }}"
- state: directory
- recurse: yes
- mode: 0644
- become: True
- when: not create_kolla_user | bool