{"id":411,"sha1":"02b68458047573275af84827093ade507b260544","playbook":{"id":4,"items":{"plays":32,"tasks":1505,"results":1497,"hosts":12,"files":487,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":4,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-openstack.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:57:07.871967Z","ended":"2025-12-08T14:21:54.049657Z","duration":"00:24:46.177690","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.11","server_version":"1.7.4","status":"failed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2014, Rackspace US, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n\n# The openstack_openrc role gets executed on a designated service\n# host which will handle all service/user/domain/project/role\n# management for the roles. It is executed here as this is the\n# first role which will use it and the implementation of the\n# clouds.yaml file is useless until keystone is in place.\n- name: Implement openrc/clouds.yaml on the designated service host\n hosts: \"{{ openstack_service_setup_host | default('localhost') }}\"\n gather_facts: \"{{ osa_gather_facts | default(true) }}\"\n module_defaults:\n ansible.builtin.setup:\n gather_subset: \"{{ osa_gather_subset | default(lookup('ansible.builtin.env', 'ANSIBLE_GATHER_SUBSET', default='!all,min')) }}\"\n become: true\n tags:\n - openrc\n pre_tasks:\n - name: Setup installation variables\n ansible.builtin.include_role:\n name: openstack.osa.install_defaults\n defaults_from: \"{{ install_method }}\"\n public: true\n apply:\n tags:\n - always\n tags:\n - always\n roles:\n - role: \"openstack_openrc\"\n\n- name: Gather keystone facts\n hosts: keystone_all\n gather_facts: \"{{ osa_gather_facts | default(true) }}\"\n module_defaults:\n ansible.builtin.setup:\n gather_subset: \"{{ osa_gather_subset | default(lookup('ansible.builtin.env', 'ANSIBLE_GATHER_SUBSET', default='!all,min')) }}\"\n tasks:\n - name: Gather additional facts\n ansible.builtin.include_role:\n name: openstack.osa.gather_extra_facts\n when: osa_gather_facts | default(true)\n tags:\n - always\n\n- name: Pre-service deployment\n hosts: keystone_all\n gather_facts: false\n environment: \"{{ deployment_environment_variables | default({}) }}\"\n tasks:\n - name: \"Pre-service deployment tasks from os_keystone role\"\n ansible.builtin.include_role:\n name: os_keystone\n tasks_from: main_pre.yml\n\n- name: Configure haproxy services\n ansible.builtin.import_playbook: openstack.osa.haproxy_service_config\n vars:\n service_group: keystone_all\n service_variable: \"keystone_haproxy_services\"\n when:\n - groups[service_group] | length > 0\n - groups['haproxy'] | length > 0\n tags:\n - haproxy-service-config\n\n- name: Installation and setup of Keystone\n hosts: keystone_all\n serial: \"{{ keystone_serial | default(['1', '100%']) }}\"\n gather_facts: false\n user: root\n environment: \"{{ deployment_environment_variables | default({}) }}\"\n pre_tasks:\n - name: Setup installation variables\n ansible.builtin.include_role:\n name: openstack.osa.install_defaults\n defaults_from: \"{{ install_method }}\"\n public: true\n apply:\n tags:\n - always\n tags:\n - always\n\n # In order to ensure that any container, software or\n # config file changes which causes a container/service\n # restart do not cause an unexpected outage, we drain\n # the load balancer back end for this container.\n - name: Disabling haproxy backends\n ansible.builtin.include_role:\n name: openstack.osa.haproxy_endpoint_manage\n apply:\n tags:\n - always\n vars:\n haproxy_backend: \"keystone_service-back\"\n haproxy_state: disabled\n when:\n - \"'keystone_all' in group_names\"\n - \"groups['keystone_all'] | length > 1\"\n tags:\n - always\n\n - name: Configure container\n ansible.builtin.include_role:\n name: \"openstack.osa.{{ container_tech | default('lxc') }}_container_setup\"\n vars:\n extra_container_config_no_restart:\n - \"lxc.start.order=19\"\n when: not is_metal\n\n - name: Including unbound-clients tasks\n ansible.builtin.include_role:\n name: openstack.osa.unbound_clients\n when:\n - hostvars['localhost']['resolvconf_enabled'] | bool\n\n roles:\n - role: \"os_keystone\"\n - role: \"openstack.osa.system_crontab_coordination\"\n tags:\n - crontab\n\n post_tasks:\n # Now that container changes are done, we can set\n # the load balancer back end for this container\n # to available again.\n - name: Enabling haproxy backends\n ansible.builtin.include_role:\n name: openstack.osa.haproxy_endpoint_manage\n apply:\n tags:\n - always\n vars:\n haproxy_backend: \"keystone_service-back\"\n haproxy_state: enabled\n when:\n - \"'keystone_all' in group_names\"\n - \"groups['keystone_all'] | length > 1\"\n tags:\n - always\n\n# These facts are set against the deployment host to ensure that\n# they are fast to access. This is done in preference to setting\n# them against each target as the hostvars extraction will take\n# a long time if executed against a large inventory.\n- name: Finalise data migrations if required\n hosts: keystone_all\n gather_facts: false\n user: root\n environment: \"{{ deployment_environment_variables | default({}) }}\"\n tasks:\n - name: Setup installation variables\n ansible.builtin.include_role:\n name: openstack.osa.install_defaults\n defaults_from: \"{{ install_method }}\"\n public: true\n apply:\n tags:\n - always\n tags:\n - always\n\n - name: Refresh local facts\n ansible.builtin.setup:\n filter: ansible_local\n gather_subset: \"!all\"\n\n # This variable contains the values of the local fact set for the keystone\n # venv tag for all hosts in the 'keystone_all' host group.\n - name: Gather software version list\n ansible.builtin.set_fact:\n keystone_all_software_versions: \"{{ (groups['keystone_all'] |\n map('extract', hostvars, ['ansible_local', 'openstack_ansible', 'keystone', 'venv_tag'])) |\n list }}\"\n delegate_to: localhost\n run_once: true\n\n # This variable outputs a boolean value which is True when\n # keystone_all_software_versions contains a list of defined\n # values. If they are not defined, it means that not all\n # hosts have their software deployed yet.\n - name: Set software deployed fact\n ansible.builtin.set_fact:\n keystone_all_software_deployed: \"{{ (keystone_all_software_versions | select('defined')) | list == keystone_all_software_versions }}\"\n delegate_to: localhost\n run_once: true\n\n # This variable outputs a boolean when all the values in\n # keystone_all_software_versions are the same and the software\n # has been deployed to all hosts in the group.\n - name: Set software updated fact\n ansible.builtin.set_fact:\n keystone_all_software_updated: \"{{ ((keystone_all_software_versions | unique) | length == 1) and (keystone_all_software_deployed | bool) }}\"\n delegate_to: localhost\n run_once: true\n\n - name: Perform a Keystone DB sync contract\n ansible.builtin.command: \"{{ keystone_bin }}/keystone-manage db_sync --contract\" # noqa: no-changed-when\n become: true\n become_user: \"{{ keystone_system_user_name | default('keystone') }}\"\n when:\n - \"keystone_all_software_updated | bool\"\n - \"ansible_local['openstack_ansible']['keystone']['need_db_contract'] | bool\"\n register: dbsync_contract\n run_once: true\n\n - name: Disable the need for any further db sync\n community.general.ini_file:\n dest: \"/etc/ansible/facts.d/openstack_ansible.fact\"\n section: keystone\n option: \"need_db_contract\"\n value: \"False\"\n mode: \"0644\"\n when:\n - \"dbsync_contract is succeeded\"\n\n# note(jrosser) this can only be done once the DB contract has completed so we must put it as\n# the last part of the keystone setup\n- name: SP/IDP setup\n hosts: keystone_all\n gather_facts: false\n user: root\n environment: \"{{ deployment_environment_variables | default({}) }}\"\n tasks:\n - name: Setup installation variables\n include_role:\n name: openstack.osa.install_defaults\n defaults_from: \"{{ install_method }}\"\n public: true\n\n - name: \"Post configure SP/IDP\"\n include_role:\n name: os_keystone\n tasks_from: main_keystone_federation_sp_idp_setup.yml\n","created":"2025-12-08T13:57:08.268534Z","updated":"2025-12-08T13:57:08.268547Z","path":"/etc/ansible/ansible_collections/openstack/osa/playbooks/keystone.yml"}