[cifmw_setup] Fix deploy-edpm.yml crash on unpreprovisioned baremetal computes

rebtoor · rebtoor · commit 5d3e12c12970 · 2026-05-14T22:22:39.000+02:00
The NFS and Ceph plays in deploy-edpm.yml target the computes
group with gather_facts enabled (the default). In architecture
deployments with preProvisioned=false, compute nodes are bare
libvirt domains with no OS until Ironic provisions them during
the kustomize_deploy stages. Ansible's implicit fact gathering
tries to SSH into these unreachable hosts, aborting the entire
playbook before the architecture deployment can run.

Add gather_facts: false to both the NFS and Ceph plays. For the
NFS play, insert an end_play guard when cifmw_architecture_scenario
is defined and move fact gathering after that guard. Architecture
deploys handle NFS via a post_stage hook instead (see the companion
nfs-on-computes.yml hook playbook). The Ceph play already had an
end_play guard but Ansible was crashing on fact gathering before
reaching it.

Similarly, the "Fetch network facts" task in deploy_architecture.yml
delegates setup to every host in the inventory, including
unprovisioned computes. Skip computes when
cifmw_edpm_deploy_pre_provisioned is false.

The nfs-on-computes.yml hook playbook adds a controller inventory
alias so that the cifmw_nfs role's delegate_to: controller resolves
correctly in the nested ansible-playbook context.

This fixes all architecture-uni03gamma-deploy-bm-* jobs which have
been consistently failing since the deploy-bm variant was introduced.

Related-Issue: ANVIL-109
Co-authored-by: Cursor &lt;cursoragent@cursor.com&gt;

Signed-off-by: Roberto Alfieri &lt;ralfieri@redhat.com&gt;
diff --git a/deploy-edpm.yml b/deploy-edpm.yml
@@ -87,21 +87,30 @@
 
 - name: Deploy NFS server on target nodes
   become: true
+  gather_facts: false
   hosts: "{{ groups[cifmw_nfs_target | default('computes')][0] | default([]) }}"
   tasks:
+    - name: End play early for architecture deploys
+      when:
+        - cifmw_architecture_scenario is defined
+      ansible.builtin.meta: end_play
+
+    - name: Gather facts for NFS deployment
+      ansible.builtin.setup:
+
     - name: Run cifmw_nfs role
       vars:
         nftables_path: /etc/nftables
         nftables_conf: /etc/sysconfig/nftables.conf
       when:
         - cifmw_edpm_deploy_nfs | default(false) | bool
-      ansible.builtin.import_role:
+      ansible.builtin.include_role:
         name: cifmw_nfs
 
 - name: Clear ceph target hosts facts to force refreshing in HCI deployments
+  gather_facts: false
   hosts: "{{ cifmw_ceph_target | default('computes')  }}"
   tasks:
-    # end_play will end only current play, not the main edpm-deploy.yml
     - name: Early end if architecture deploy
       when:
         - cifmw_architecture_scenario is defined
diff --git a/hooks/playbooks/nfs-on-computes.yml b/hooks/playbooks/nfs-on-computes.yml
@@ -0,0 +1,53 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# Deploy NFS on compute nodes for architecture-based deployments.
+#
+# In architecture flows with preProvisioned=false (baremetal/Ironic),
+# compute nodes are not reachable until the architecture stages
+# provision them. The standard NFS play in deploy-edpm.yml runs
+# before the architecture stages, so it must be skipped. This hook
+# playbook is designed to run as a post_stage_run hook after the
+# EDPM DataPlaneDeployment completes (SSH keys authorized on computes).
+#
+# The cifmw_nfs role delegates oc commands to a host named "controller".
+# In the hook inventory that host may be called "controller-0" or
+# "localhost", so we add it explicitly.
+
+- name: Ensure controller alias exists in inventory
+  hosts: localhost
+  gather_facts: false
+  tasks:
+    - name: Add controller alias pointing to localhost
+      ansible.builtin.add_host:
+        name: controller
+        ansible_connection: local
+
+- name: Deploy NFS on compute nodes (architecture hook)
+  become: true
+  hosts: "{{ groups[cifmw_nfs_target | default('computes')][0] | default([]) }}"
+  tasks:
+    - name: Skip if NFS deployment is not requested
+      when:
+        - not (cifmw_edpm_deploy_nfs | default(false) | bool)
+      ansible.builtin.meta: end_play
+
+    - name: Run cifmw_nfs role
+      vars:
+        nftables_path: /etc/nftables
+        nftables_conf: /etc/sysconfig/nftables.conf
+      ansible.builtin.include_role:
+        name: cifmw_nfs
diff --git a/roles/cifmw_setup/tasks/deploy_architecture.yml b/roles/cifmw_setup/tasks/deploy_architecture.yml
@@ -11,6 +11,9 @@
     - always
   when:
     - "not item.startswith('ocp-')"
+    - >-
+      item not in groups.get('computes', []) or
+      (cifmw_edpm_deploy_pre_provisioned | default(true) | bool)
   ansible.builtin.setup:
     gather_subset: network
   delegate_facts: true
