summaryrefslogtreecommitdiffstats
path: root/lib/ansible
diff options
context:
space:
mode:
authorTim Rozet <trozet@redhat.com>2017-12-04 11:20:23 -0500
committerTim Rozet <trozet@redhat.com>2018-03-16 14:51:33 -0400
commitf6dbb3929d904b4d5a9ee01f8270051e29ac1ec3 (patch)
treef2490665c2febe0ebc463714f5375483bfca9710 /lib/ansible
parenta008f8394e07f1b82d5bf7288f46c63252f6084f (diff)
Enables containerized overcloud deployments
Changes Include: - For upstream deployments, Docker local registry will be updated with latest current RDO containers, regular deployments will use latest stable - Upstream container images will then be patched/modified and then re-uploaded into local docker registry with 'apex' tag - Deployment command modified to deploy with containers - Adds a --no-fetch deployment argument to disable pulling latest from upstream, and instead using what already exists in cache - Moves Undercloud NAT setup to just after undercloud is installed. This provides internet during overcloud install which is now required for upstream container deployments. - Creates loop device for Ceph deployment when no device is provided in deploy settings (for container deployment only) - Updates NIC J2 template to use the new format in OOO since the os-apply-config method is now deprecated in > Queens JIRA: APEX-566 JIRA: APEX-549 Change-Id: I0652c194c059b915a942ac7401936e8f5c69d1fa Signed-off-by: Tim Rozet <trozet@redhat.com>
Diffstat (limited to 'lib/ansible')
-rw-r--r--lib/ansible/playbooks/configure_undercloud.yml32
-rw-r--r--lib/ansible/playbooks/post_deploy_undercloud.yml59
-rw-r--r--lib/ansible/playbooks/prepare_overcloud_containers.yml105
3 files changed, 140 insertions, 56 deletions
diff --git a/lib/ansible/playbooks/configure_undercloud.yml b/lib/ansible/playbooks/configure_undercloud.yml
index 9ef0d883..fbac6eeb 100644
--- a/lib/ansible/playbooks/configure_undercloud.yml
+++ b/lib/ansible/playbooks/configure_undercloud.yml
@@ -143,6 +143,38 @@
- external_network.enabled
- aarch64
become: yes
+ - block:
+ - name: Undercloud NAT - MASQUERADE interface
+ iptables:
+ table: nat
+ chain: POSTROUTING
+ out_interface: eth0
+ jump: MASQUERADE
+ - name: Undercloud NAT - MASQUERADE interface with subnet
+ iptables:
+ table: nat
+ chain: POSTROUTING
+ out_interface: eth0
+ jump: MASQUERADE
+ source: "{{ nat_cidr }}"
+ - name: Undercloud NAT - Allow Forwarding
+ iptables:
+ chain: FORWARD
+ in_interface: eth2
+ jump: ACCEPT
+ - name: Undercloud NAT - Allow Stateful Forwarding
+ iptables:
+ chain: FORWARD
+ in_interface: eth2
+ jump: ACCEPT
+ source: "{{ nat_cidr }}"
+ ctstate: ESTABLISHED,RELATED
+ - name: Undercloud NAT - Save iptables
+ shell: service iptables save
+ become: yes
+ when:
+ - not nat_network_ipv6
+ - virtual_overcloud
- name: fetch storage environment file
fetch:
src: /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml
diff --git a/lib/ansible/playbooks/post_deploy_undercloud.yml b/lib/ansible/playbooks/post_deploy_undercloud.yml
index a8f1cd55..d0206f87 100644
--- a/lib/ansible/playbooks/post_deploy_undercloud.yml
+++ b/lib/ansible/playbooks/post_deploy_undercloud.yml
@@ -26,9 +26,7 @@
group: stack
mode: 0644
become: yes
- with_items:
- - overcloudrc
- - overcloudrc.v3
+ with_items: "{{ overcloudrc_files }}"
- name: Inject OS_PROJECT_ID and OS_TENANT_NAME into overcloudrc
lineinfile:
line: "{{ item }}"
@@ -74,9 +72,7 @@
when: sdn != false
become: yes
become_user: stack
- with_items:
- - overcloudrc
- - overcloudrc.v3
+ with_items: "{{ overcloudrc_files }}"
- name: Register OS Region
shell: "{{ overcloudrc }} && openstack endpoint list -c Region -f json"
register: region
@@ -89,56 +85,7 @@
path: "/home/stack/{{ item }}"
become: yes
become_user: stack
- with_items:
- - overcloudrc
- - overcloudrc.v3
- - name: Undercloud NAT - MASQUERADE interface
- iptables:
- table: nat
- chain: POSTROUTING
- out_interface: eth0
- jump: MASQUERADE
- when:
- - virtual
- - not external_network_ipv6
- become: yes
- - name: Undercloud NAT - MASQUERADE interface with subnet
- iptables:
- table: nat
- chain: POSTROUTING
- out_interface: eth0
- jump: MASQUERADE
- source: "{{ external_cidr }}"
- when:
- - virtual
- - not external_network_ipv6
- become: yes
- - name: Undercloud NAT - Allow Forwarding
- iptables:
- chain: FORWARD
- in_interface: eth2
- jump: ACCEPT
- when:
- - virtual
- - not external_network_ipv6
- become: yes
- - name: Undercloud NAT - Allow Stateful Forwarding
- iptables:
- chain: FORWARD
- in_interface: eth2
- jump: ACCEPT
- source: "{{ external_cidr }}"
- ctstate: ESTABLISHED,RELATED
- when:
- - virtual
- - not external_network_ipv6
- become: yes
- - name: Undercloud NAT - Save iptables
- shell: service iptables save
- become: yes
- when:
- - virtual
- - not external_network_ipv6
+ with_items: "{{ overcloudrc_files }}"
- name: Create congress datasources
shell: "{{ overcloudrc }} && openstack congress datasource create {{ item }}"
become: yes
diff --git a/lib/ansible/playbooks/prepare_overcloud_containers.yml b/lib/ansible/playbooks/prepare_overcloud_containers.yml
new file mode 100644
index 00000000..88a8df1c
--- /dev/null
+++ b/lib/ansible/playbooks/prepare_overcloud_containers.yml
@@ -0,0 +1,105 @@
+---
+- hosts: all
+ tasks:
+ - name: Upload container patches archive
+ copy:
+ src: "{{ apex_temp_dir }}/docker_patches.tar.gz"
+ dest: "/home/stack/docker_patches.tar.gz"
+ owner: stack
+ group: stack
+ mode: 0644
+ when: patched_docker_services|length > 0
+ - name: Unpack container patches archive
+ unarchive:
+ src: /home/stack/docker_patches.tar.gz
+ remote_src: yes
+ list_files: yes
+ group: stack
+ owner: stack
+ dest: /home/stack/
+ when: patched_docker_services|length > 0
+ - name: Prepare generic docker registry image file
+ shell: >
+ {{ stackrc }} && openstack overcloud container image prepare
+ --namespace trunk.registry.rdoproject.org/{{ os_version }}
+ --tag {{ container_tag }}
+ --push-destination {{ undercloud_ip }}:8787
+ -e /usr/share/openstack-tripleo-heat-templates/environments/docker.yaml
+ --output-images-file overcloud_containers.yml
+ become: yes
+ become_user: stack
+ - name: Prepare SDN docker registry image file
+ shell: >
+ {{ stackrc }} && openstack overcloud container image prepare
+ --namespace trunk.registry.rdoproject.org/{{ os_version }}
+ --tag {{ container_tag }}
+ --push-destination {{ undercloud_ip }}:8787
+ -e {{ sdn_env_file }}
+ --output-images-file sdn_containers.yml
+ become: yes
+ become_user: stack
+ when: sdn != false
+ - name: Upload docker images to local registry
+ shell: >
+ {{ stackrc }} && openstack overcloud container image upload
+ --config-file /home/stack/overcloud_containers.yml
+ - name: Upload SDN docker images to local registry
+ shell: >
+ {{ stackrc }} && openstack overcloud container image upload
+ --config-file /home/stack/sdn_containers.yml
+ when: sdn != false
+ - name: Collect docker images in registry
+ uri:
+ url: http://{{ undercloud_ip }}:8787/v2/_catalog
+ body_format: json
+ register: response
+ - name: Patch Docker images
+ shell: >
+ cd /home/stack/containers/{{ item }} && docker build
+ -t {{ undercloud_ip }}:8787/{{ os_version }}/centos-binary-{{ item }}:apex .
+ when:
+ - patched_docker_services|length > 0
+ - item in (response.json)['repositories']|join(" ")
+ with_items: "{{ patched_docker_services }}"
+ - name: Push patched docker images to local registry
+ shell: docker push {{ undercloud_ip }}:8787/{{ os_version }}/centos-binary-{{ item }}:apex
+ when:
+ - patched_docker_services|length > 0
+ - item in (response.json)['repositories']|join(" ")
+ with_items: "{{ patched_docker_services }}"
+ - name: Prepare deployment generic docker image file
+ shell: >
+ {{ stackrc }} && openstack overcloud container image prepare
+ --namespace {{ undercloud_ip }}:8787/{{ os_version }}
+ --tag {{ container_tag }}
+ -e /usr/share/openstack-tripleo-heat-templates/environments/docker.yaml
+ --output-env-file docker-images.yaml
+ become: yes
+ become_user: stack
+ - name: Prepare deployment SDN docker image file
+ shell: >
+ {{ stackrc }} && openstack overcloud container image prepare
+ --namespace {{ undercloud_ip }}:8787/{{ os_version }}
+ --tag {{ container_tag }}
+ -e {{ sdn_env_file }}
+ --output-env-file sdn-images.yaml
+ when: sdn != false
+ become: yes
+ become_user: stack
+ - name: Modify Images with Apex tag
+ replace:
+ path: "{{ item[0] }}"
+ regexp: "(\\s*Docker.*?:.*?centos-binary-{{ item[1] }}):.*"
+ replace: '\1:apex'
+ with_nested:
+ - [ '/home/stack/sdn-images.yaml', '/home/stack/docker-images.yaml']
+ - "{{ patched_docker_services }}"
+ - name: Pull Ceph docker image
+ shell: docker pull {{ ceph_docker_image }}
+ become: yes
+ - name: Tag Ceph image for local registry
+ shell: docker tag {{ ceph_docker_image }} {{ undercloud_ip }}:8787/{{ ceph_docker_image }}
+ become: yes
+ - name: Push Ceph docker image to local registry
+ shell: docker push {{ undercloud_ip }}:8787/{{ ceph_docker_image }}
+ become: yes