diff options
Diffstat (limited to 'lib/ansible/playbooks/configure_undercloud.yml')
-rw-r--r-- | lib/ansible/playbooks/configure_undercloud.yml | 136 |
1 files changed, 99 insertions, 37 deletions
diff --git a/lib/ansible/playbooks/configure_undercloud.yml b/lib/ansible/playbooks/configure_undercloud.yml index c0e1cd35..07b82c8e 100644 --- a/lib/ansible/playbooks/configure_undercloud.yml +++ b/lib/ansible/playbooks/configure_undercloud.yml @@ -27,26 +27,36 @@ with_items: - controller - compute + - name: Copy container prep env file to undercloud + copy: + src: "{{ apex_temp_dir }}/containers-prepare-parameter.yaml" + dest: "/home/stack/containers-prepare-parameter.yaml" + owner: stack + group: stack + mode: 0644 - lineinfile: path: /etc/sudoers regexp: 'Defaults\s*requiretty' state: absent become: yes + - lineinfile: + path: /etc/environment + regexp: '^http_proxy' + line: "http_proxy={{ http_proxy }}" + become: yes + when: http_proxy + - lineinfile: + path: /etc/environment + regexp: '^https_proxy' + line: "https_proxy={{ https_proxy }}" + become: yes + when: https_proxy - name: openstack-configs undercloud shell: openstack-config --set undercloud.conf DEFAULT {{ item }} with_items: "{{ undercloud_config }}" - - name: openstack-configs ironic - shell: openstack-config --set /etc/ironic/ironic.conf {{ item }} - become: yes - with_items: "{{ ironic_config }}" - - name: openstack-configs undercloud aarch64 - shell: openstack-config --set undercloud.conf DEFAULT ipxe_enabled false - when: aarch64 - - lineinfile: - path: /usr/lib/python2.7/site-packages/ironic/common/pxe_utils.py - regexp: '_link_ip_address_pxe_configs' - line: ' _link_mac_pxe_configs(task)' - when: aarch64 + - name: openstack-configs undercloud network + shell: openstack-config --set undercloud.conf ctlplane-subnet {{ item }} + with_items: "{{ undercloud_network_config }}" - block: - name: undercloud install shell: openstack undercloud install &> apex-undercloud-install.log @@ -63,32 +73,43 @@ src: /home/stack/apex-undercloud-install.log dest: "{{ apex_temp_dir }}/" flat: yes + - name: Install ceph-ansible + yum: + name: ceph-ansible + become: yes - name: openstack-configs nova - shell: openstack-config --set /etc/nova/nova.conf DEFAULT {{ item }} + shell: openstack-config --set /var/lib/config-data/nova/etc/nova/nova.conf DEFAULT {{ item }} become: yes with_items: "{{ nova_config }}" - name: restart nova services - service: - name: "{{ item }}" - state: restarted - enabled: yes + shell: "{{ container_client }} restart {{ item }}" with_items: - - openstack-nova-conductor - - openstack-nova-compute - - openstack-nova-api - - openstack-nova-scheduler + - nova_conductor + - nova_compute + - nova_api + - nova_scheduler + become: yes - name: openstack-configs neutron - shell: openstack-config --set /etc/neutron/neutron.conf DEFAULT {{ item }} + shell: openstack-config --set /var/lib/config-data/neutron/etc/neutron/neutron.conf DEFAULT {{ item }} become: yes with_items: "{{ neutron_config }}" - name: restart neutron services - service: - name: "{{ item }}" - state: restarted - enabled: yes + shell: "{{ container_client }} restart {{ item }}" with_items: - - neutron-server - - neutron-dhcp-agent + - neutron_api + - neutron_dhcp + become: yes + - name: openstack-configs ironic + shell: openstack-config --set /var/lib/config-data/ironic/etc/ironic/ironic.conf {{ item }} + become: yes + with_items: "{{ ironic_config }}" + - name: restart ironic services + shell: "{{ container_client }} restart {{ item }}" + with_items: + - ironic_api + - ironic_conductor + - ironic_inspector + become: yes - name: configure external network vlan ifcfg template: src: external_vlan_ifcfg.yml.j2 @@ -112,21 +133,12 @@ when: - external_network.vlan == "native" - external_network.enabled - - not aarch64 - name: bring up eth2 shell: ip link set up dev eth2 when: - external_network.vlan == "native" - external_network.enabled - - not aarch64 become: yes - - name: assign IP to native eth0 if aarch64 - shell: ip a a {{ external_network.ip }}/{{ external_network.prefix }} dev eth0 - become: yes - when: - - external_network.vlan == "native" - - external_network.enabled - - aarch64 - name: bring up eth0 if aarch64 shell: ip link set up dev eth0 when: @@ -134,11 +146,61 @@ - external_network.enabled - aarch64 become: yes + - block: + - name: Undercloud NAT - MASQUERADE interface + iptables: + table: nat + chain: POSTROUTING + out_interface: eth0 + jump: MASQUERADE + - name: Undercloud NAT - MASQUERADE interface with subnet + iptables: + table: nat + chain: POSTROUTING + out_interface: eth0 + jump: MASQUERADE + source: "{{ nat_cidr }}" + - name: Undercloud NAT - Allow Forwarding + iptables: + chain: FORWARD + in_interface: eth2 + jump: ACCEPT + - name: Undercloud NAT - Allow Stateful Forwarding + iptables: + chain: FORWARD + in_interface: eth2 + jump: ACCEPT + source: "{{ nat_cidr }}" + ctstate: ESTABLISHED,RELATED + become: yes + when: + - not nat_network_ipv6 + - nat + - name: Allow SSH in iptables + iptables: + action: insert + chain: INPUT + rule_num: 1 + protocol: tcp + destination_port: 22 + jump: ACCEPT + become: yes + - name: Undercloud NAT - Save iptables + shell: service iptables save + become: yes - name: fetch storage environment file fetch: src: /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml dest: "{{ apex_temp_dir }}/" flat: yes + - name: fetch sriov environment file + fetch: + src: /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-opendaylight-sriov.yaml + dest: "{{ apex_temp_dir }}/" + flat: yes + - name: Restorecon for root ssh + shell: restorecon -r -v /root/.ssh + become: yes - include: undercloud_aarch64.yml when: aarch64 |