Added block and always exception handling

8e91e5b4 · Weise, Martin · fbc4359b · 8e91e5b4 · 8e91e5b4 · 8e91e5b4
Verified Commit 8e91e5b4 authored 3 years ago by Weise, Martin
--- a/create-user.yml
+++ b/create-user.yml
@@ -11,11 +11,7 @@
 ### ARGS:
 ###     username    The user common name, cannot contain spaces,
 ###                     is only lowercase alphanumeric (e.g. client1, foobar).
-###     fullname    The full name, e.g. Foo Bar
-###     email       The e-mail address of the user.
-###     phone       The telephone number of the user.
 ###     role_type   The role type of the user, must be one of sysadmin, dbadmin, owner, analyst, provider
-###     pubkey      The path to the public key.
 ###
 ### SIDE EFFECTS:
 ###     - Creates new credentials on the identity node.

--- a/roles/setup_node/templates/identity.cfg.j2
+++ b/roles/setup_node/templates/identity.cfg.j2
@@ -28,18 +28,16 @@ packages:
 runcmd:
  - /root/rsyslog-init && logger "Configured rsyslog"
  - /root/firewall-init && logger "Configured firewalld"
-  - /root/idp-init && logger "Configured identity provider"
+  - /root/idm-init && logger "Configured identity provider"
 write_files:
  - path: /root/firewall-init
    permissions: '0744'
    content: |
      #!/bin/bash
      logger "Configuring firewalld ..."
-      /bin/firewall-offline-cmd --add-service=http
+      /bin/firewall-offline-cmd --add-service=ntp
-      /bin/firewall-offline-cmd --add-service=https
+      /bin/firewall-offline-cmd --add-service=dns
-      /bin/firewall-offline-cmd --add-service=ldap
+      /bin/firewall-offline-cmd --add-service=freeipa-4
-      /bin/firewall-offline-cmd --add-service=ldaps
-      /bin/firewall-offline-cmd --add-service=kerberos
      /bin/firewall-offline-cmd --add-service=syslog
      /bin/firewall-offline-cmd --add-port=53/tcp
      /bin/firewall-offline-cmd --add-port=53/udp
@@ -56,15 +54,15 @@ write_files:
      /bin/systemctl enable rsyslog
      /bin/systemctl start rsyslog
-  - path: /root/idp-init
+  - path: /root/idm-init
    permissions: '0744'
    content: |
      #!/bin/bash
      logger "Configuring FreeIPA ..."
-      /usr/bin/hostnamectl set-hostname idp.ossdip.at
+      /usr/bin/hostnamectl set-hostname idm.ossdip.at
-      echo "172.27.48.8 idp.ossdip.at idp" | tee -a /etc/hosts
+      echo "172.27.48.8 idm.ossdip.at idm" | tee -a /etc/hosts
      logger "Installing Identity Management server with integrated DNS"
      dnf module install -y idm:DL1/dns
-      ipa-server-install --realm idp.ossdip.at --domain idp.ossdip.at --ds-password {{ idp_dm_passwd }} \
+      ipa-server-install --realm idm.ossdip.at --domain idm.ossdip.at --ds-password {{ idp_dm_passwd }} \
        --admin-password {{ idp_adm_passwd }} --no-forwarders --no-ntp --setup-dns --no-ui-redirect \
        --unattended
--- a/roles/setup_node/vars/main.yml
+++ b/roles/setup_node/vars/main.yml
@@ -31,6 +31,8 @@ vms:
        name: vnc
      - ip: 172.27.49.142
        name: owner
+      - ip: 172.27.48.9
+        name: provider
  gate:
    networks:
      - ip: 172.27.48.141 # is deactivated after install

--- a/roles/teardown_port/tasks/main.yml
+++ b/roles/teardown_port/tasks/main.yml
@@ -10,26 +10,28 @@
      locked: true
  register: vm_locked
- name: Unlock node
+- name: Port
-  openstack.cloud.server_action:
+  block:
-    server: "OSSDIP {{ instance }}"
+    - name: Unlock node
-    action: unlock
+      openstack.cloud.server_action:
-  when: vm_locked.openstack_servers | length > 0
+        server: "OSSDIP {{ instance }}"
+        action: unlock
- name: Delete port
+      when: vm_locked.openstack_servers | length > 0
-  openstack.cloud.port:
-    name: "ossdip-{{ type }}-{{ node }}-{{ network }}"
-    state: absent
-  when: type is defined
- name: Delete port
+    - name: Delete port
-  openstack.cloud.port:
+      openstack.cloud.port:
-    name: "ossdip-{{ node }}-{{ network }}"
+        name: "ossdip-{{ type }}-{{ node }}-{{ network }}"
-    state: absent
+        state: absent
-  when: type is undefined
+      when: type is defined
- name: Lock node
+    - name: Delete port
-  openstack.cloud.server_action:
+      openstack.cloud.port:
-    server: "OSSDIP {{ instance }}"
+        name: "ossdip-{{ node }}-{{ network }}"
-    action: lock
+        state: absent
-  when: vm_locked.openstack_servers | length > 0
+      when: type is undefined
\ No newline at end of file
+  always:
+    - name: Lock node
+      openstack.cloud.server_action:
+        server: "OSSDIP {{ instance }}"
+        action: lock
+      when: vm_locked.openstack_servers | length > 0
\ No newline at end of file