diff options
author | Yifei Xue <xueyifei@huawei.com> | 2017-12-20 15:03:35 +0800 |
---|---|---|
committer | Yifei Xue <xueyifei@huawei.com> | 2017-12-20 19:22:32 +0800 |
commit | 751c0889380ee85d8cb1436e1c5a8c5ac3568dce (patch) | |
tree | c61fdcba147d24a1de36cae745c040b53639d264 /deploy/adapters/ansible/roles | |
parent | 4f3401e17a3a0ac2eb4bc7ab242b33f2ab6ff3e8 (diff) |
Bug fix for chrony configuration
JIRA: -
Set "security_ntp_servers" to use only one server;
Correct the path of chrony key for centos deployment.
Change-Id: I3050018fe07c51912e0b52a1c5c7ce2dd4d3f6ce
Signed-off-by: Yifei Xue <xueyifei@huawei.com>
Diffstat (limited to 'deploy/adapters/ansible/roles')
4 files changed, 16 insertions, 2 deletions
diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml index 75e89b06..49e4e26d 100755 --- a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml +++ b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml @@ -88,6 +88,13 @@ delay: 10 when: hostvars[hostvars[inventory_hostname]['groups']['controller'][0]]['local_mirror'] == 'CentOS' +- name: update the directory of chrony key + lineinfile: + dest: /etc/ansible/roles/ansible-hardening/templates/chrony.conf.j2 + regexp: '^keyfile' + line: 'keyfile /etc/chrony.keys' + when: hostvars[hostvars[inventory_hostname]['groups']['controller'][0]]['local_mirror'] == 'CentOS' + - name: add mariadb local repository blockinfile: dest: /etc/openstack_deploy/user_variables.yml diff --git a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 index 88a3233b..5fa999a5 100644 --- a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 +++ b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 @@ -63,3 +63,6 @@ neutron_provider_networks: {% endif %} security_sshd_permit_root_login: yes + +security_ntp_servers: + - 45.79.111.114 diff --git a/deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml b/deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml index 6ac191a3..d423ed04 100644 --- a/deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml +++ b/deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml @@ -90,7 +90,9 @@ dest: /etc/modules-load.d/openstack-ansible.conf - name: restart ntp service - shell: "systemctl enable ntpd.service && systemctl start ntpd.service" + shell: | + systemctl stop ntpd.service; + systemctl disable ntpd.service; - name: change the MaxSessions lineinfile: diff --git a/deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml b/deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml index 5bb77485..2433ac17 100644 --- a/deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml +++ b/deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml @@ -55,7 +55,9 @@ state: absent - name: restart ntp service - shell: "service ntp restart" + shell: | + service ntp stop; + systemctl disable ntp; - name: add the appropriate kernel modules copy: |