summaryrefslogtreecommitdiffstats
path: root/deploy
diff options
context:
space:
mode:
authorYifei Xue <xueyifei@huawei.com>2017-12-20 15:03:35 +0800
committerYifei Xue <xueyifei@huawei.com>2017-12-20 19:22:32 +0800
commit751c0889380ee85d8cb1436e1c5a8c5ac3568dce (patch)
treec61fdcba147d24a1de36cae745c040b53639d264 /deploy
parent4f3401e17a3a0ac2eb4bc7ab242b33f2ab6ff3e8 (diff)
Bug fix for chrony configuration
JIRA: - Set "security_ntp_servers" to use only one server; Correct the path of chrony key for centos deployment. Change-Id: I3050018fe07c51912e0b52a1c5c7ce2dd4d3f6ce Signed-off-by: Yifei Xue <xueyifei@huawei.com>
Diffstat (limited to 'deploy')
-rwxr-xr-xdeploy/adapters/ansible/roles/config-osa/tasks/main.yml7
-rw-r--r--deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j23
-rw-r--r--deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml4
-rw-r--r--deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml4
4 files changed, 16 insertions, 2 deletions
diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml
index 75e89b06..49e4e26d 100755
--- a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml
@@ -88,6 +88,13 @@
delay: 10
when: hostvars[hostvars[inventory_hostname]['groups']['controller'][0]]['local_mirror'] == 'CentOS'
+- name: update the directory of chrony key
+ lineinfile:
+ dest: /etc/ansible/roles/ansible-hardening/templates/chrony.conf.j2
+ regexp: '^keyfile'
+ line: 'keyfile /etc/chrony.keys'
+ when: hostvars[hostvars[inventory_hostname]['groups']['controller'][0]]['local_mirror'] == 'CentOS'
+
- name: add mariadb local repository
blockinfile:
dest: /etc/openstack_deploy/user_variables.yml
diff --git a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2
index 88a3233b..5fa999a5 100644
--- a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2
+++ b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2
@@ -63,3 +63,6 @@ neutron_provider_networks:
{% endif %}
security_sshd_permit_root_login: yes
+
+security_ntp_servers:
+ - 45.79.111.114
diff --git a/deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml b/deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml
index 6ac191a3..d423ed04 100644
--- a/deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml
+++ b/deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml
@@ -90,7 +90,9 @@
dest: /etc/modules-load.d/openstack-ansible.conf
- name: restart ntp service
- shell: "systemctl enable ntpd.service && systemctl start ntpd.service"
+ shell: |
+ systemctl stop ntpd.service;
+ systemctl disable ntpd.service;
- name: change the MaxSessions
lineinfile:
diff --git a/deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml b/deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml
index 5bb77485..2433ac17 100644
--- a/deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml
+++ b/deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml
@@ -55,7 +55,9 @@
state: absent
- name: restart ntp service
- shell: "service ntp restart"
+ shell: |
+ service ntp stop;
+ systemctl disable ntp;
- name: add the appropriate kernel modules
copy: