From 0c0977367f213791f0840e42c3d2e5a361b79050 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Tue, 22 Aug 2017 21:14:46 +0000
Subject: [PATCH] Only run the roles on the masters

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 playbooks/groups/os-cluster.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/playbooks/groups/os-cluster.yml b/playbooks/groups/os-cluster.yml
index a167f7bc4d..3fc7f3fcb8 100644
--- a/playbooks/groups/os-cluster.yml
+++ b/playbooks/groups/os-cluster.yml
@@ -159,6 +159,18 @@
   tasks:
     - name: enable nrpe for monitoring (noc01)
       iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.41 state=present jump=ACCEPT
+
+- name: Post-Install master setup
+  hosts: os-masters-stg:os-masters
+  tags:
+    - os-post-install
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - /srv/private/ansible/vars.yml
+    - /srv/private/ansible/files/openstack/passwords.yml
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
     - name: Disallow users from provisioning
       command: oadm policy remove-cluster-role-from-group self-provisioner system:authenticated system:authenticated:oauth
       changed_when: false