diff options
Diffstat (limited to 'lib/ansible/playbooks')
| -rw-r--r-- | lib/ansible/playbooks/configure_undercloud.yml | 136 | ||||
| -rw-r--r-- | lib/ansible/playbooks/deploy_dependencies.yml | 40 | ||||
| -rw-r--r-- | lib/ansible/playbooks/deploy_overcloud.yml | 93 | ||||
| -rw-r--r-- | lib/ansible/playbooks/fetch_overcloud_logs.yml | 25 | ||||
| -rw-r--r-- | lib/ansible/playbooks/fetch_overcloud_nodes.yml | 13 | ||||
| -rw-r--r-- | lib/ansible/playbooks/k8s_remove_pkgs.yml | 5 | ||||
| -rw-r--r-- | lib/ansible/playbooks/patch_containers.yml | 13 | ||||
| -rw-r--r-- | lib/ansible/playbooks/post_deploy_overcloud.yml | 60 | ||||
| -rw-r--r-- | lib/ansible/playbooks/post_deploy_undercloud.yml | 94 | ||||
| -rw-r--r-- | lib/ansible/playbooks/prepare_overcloud_containers.yml | 50 | ||||
| -rw-r--r-- | lib/ansible/playbooks/undercloud_aarch64.yml | 36 |
11 files changed, 437 insertions, 128 deletions
diff --git a/lib/ansible/playbooks/configure_undercloud.yml b/lib/ansible/playbooks/configure_undercloud.yml index c0e1cd35..07b82c8e 100644 --- a/lib/ansible/playbooks/configure_undercloud.yml +++ b/lib/ansible/playbooks/configure_undercloud.yml @@ -27,26 +27,36 @@ with_items: - controller - compute + - name: Copy container prep env file to undercloud + copy: + src: "{{ apex_temp_dir }}/containers-prepare-parameter.yaml" + dest: "/home/stack/containers-prepare-parameter.yaml" + owner: stack + group: stack + mode: 0644 - lineinfile: path: /etc/sudoers regexp: 'Defaults\s*requiretty' state: absent become: yes + - lineinfile: + path: /etc/environment + regexp: '^http_proxy' + line: "http_proxy={{ http_proxy }}" + become: yes + when: http_proxy + - lineinfile: + path: /etc/environment + regexp: '^https_proxy' + line: "https_proxy={{ https_proxy }}" + become: yes + when: https_proxy - name: openstack-configs undercloud shell: openstack-config --set undercloud.conf DEFAULT {{ item }} with_items: "{{ undercloud_config }}" - - name: openstack-configs ironic - shell: openstack-config --set /etc/ironic/ironic.conf {{ item }} - become: yes - with_items: "{{ ironic_config }}" - - name: openstack-configs undercloud aarch64 - shell: openstack-config --set undercloud.conf DEFAULT ipxe_enabled false - when: aarch64 - - lineinfile: - path: /usr/lib/python2.7/site-packages/ironic/common/pxe_utils.py - regexp: '_link_ip_address_pxe_configs' - line: ' _link_mac_pxe_configs(task)' - when: aarch64 + - name: openstack-configs undercloud network + shell: openstack-config --set undercloud.conf ctlplane-subnet {{ item }} + with_items: "{{ undercloud_network_config }}" - block: - name: undercloud install shell: openstack undercloud install &> apex-undercloud-install.log @@ -63,32 +73,43 @@ src: /home/stack/apex-undercloud-install.log dest: "{{ apex_temp_dir }}/" flat: yes + - name: Install ceph-ansible + yum: + name: ceph-ansible + become: yes - name: openstack-configs nova - shell: openstack-config --set /etc/nova/nova.conf DEFAULT {{ item }} + shell: openstack-config --set /var/lib/config-data/nova/etc/nova/nova.conf DEFAULT {{ item }} become: yes with_items: "{{ nova_config }}" - name: restart nova services - service: - name: "{{ item }}" - state: restarted - enabled: yes + shell: "{{ container_client }} restart {{ item }}" with_items: - - openstack-nova-conductor - - openstack-nova-compute - - openstack-nova-api - - openstack-nova-scheduler + - nova_conductor + - nova_compute + - nova_api + - nova_scheduler + become: yes - name: openstack-configs neutron - shell: openstack-config --set /etc/neutron/neutron.conf DEFAULT {{ item }} + shell: openstack-config --set /var/lib/config-data/neutron/etc/neutron/neutron.conf DEFAULT {{ item }} become: yes with_items: "{{ neutron_config }}" - name: restart neutron services - service: - name: "{{ item }}" - state: restarted - enabled: yes + shell: "{{ container_client }} restart {{ item }}" with_items: - - neutron-server - - neutron-dhcp-agent + - neutron_api + - neutron_dhcp + become: yes + - name: openstack-configs ironic + shell: openstack-config --set /var/lib/config-data/ironic/etc/ironic/ironic.conf {{ item }} + become: yes + with_items: "{{ ironic_config }}" + - name: restart ironic services + shell: "{{ container_client }} restart {{ item }}" + with_items: + - ironic_api + - ironic_conductor + - ironic_inspector + become: yes - name: configure external network vlan ifcfg template: src: external_vlan_ifcfg.yml.j2 @@ -112,21 +133,12 @@ when: - external_network.vlan == "native" - external_network.enabled - - not aarch64 - name: bring up eth2 shell: ip link set up dev eth2 when: - external_network.vlan == "native" - external_network.enabled - - not aarch64 become: yes - - name: assign IP to native eth0 if aarch64 - shell: ip a a {{ external_network.ip }}/{{ external_network.prefix }} dev eth0 - become: yes - when: - - external_network.vlan == "native" - - external_network.enabled - - aarch64 - name: bring up eth0 if aarch64 shell: ip link set up dev eth0 when: @@ -134,11 +146,61 @@ - external_network.enabled - aarch64 become: yes + - block: + - name: Undercloud NAT - MASQUERADE interface + iptables: + table: nat + chain: POSTROUTING + out_interface: eth0 + jump: MASQUERADE + - name: Undercloud NAT - MASQUERADE interface with subnet + iptables: + table: nat + chain: POSTROUTING + out_interface: eth0 + jump: MASQUERADE + source: "{{ nat_cidr }}" + - name: Undercloud NAT - Allow Forwarding + iptables: + chain: FORWARD + in_interface: eth2 + jump: ACCEPT + - name: Undercloud NAT - Allow Stateful Forwarding + iptables: + chain: FORWARD + in_interface: eth2 + jump: ACCEPT + source: "{{ nat_cidr }}" + ctstate: ESTABLISHED,RELATED + become: yes + when: + - not nat_network_ipv6 + - nat + - name: Allow SSH in iptables + iptables: + action: insert + chain: INPUT + rule_num: 1 + protocol: tcp + destination_port: 22 + jump: ACCEPT + become: yes + - name: Undercloud NAT - Save iptables + shell: service iptables save + become: yes - name: fetch storage environment file fetch: src: /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml dest: "{{ apex_temp_dir }}/" flat: yes + - name: fetch sriov environment file + fetch: + src: /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-opendaylight-sriov.yaml + dest: "{{ apex_temp_dir }}/" + flat: yes + - name: Restorecon for root ssh + shell: restorecon -r -v /root/.ssh + become: yes - include: undercloud_aarch64.yml when: aarch64 diff --git a/lib/ansible/playbooks/deploy_dependencies.yml b/lib/ansible/playbooks/deploy_dependencies.yml index 545ee33d..ab09ff6e 100644 --- a/lib/ansible/playbooks/deploy_dependencies.yml +++ b/lib/ansible/playbooks/deploy_dependencies.yml @@ -7,6 +7,26 @@ with_items: - python-lxml - libvirt-python + - libguestfs-tools + - python-netaddr + - python2-pip + when: ansible_distribution == 'CentOS' + - dnf: + name: "{{ item }}" + state: present + with_items: + - libselinux-python + - python-lxml + - libvirt-python + - libguestfs-tools + - python-netaddr + - python2-pip + when: ansible_distribution == 'Fedora' + - pip: + name: ansible-modules-hashivault,hvac,Jinja2 + state: latest + executable: pip2 + when: not snapshot - sysctl: name: net.ipv4.ip_forward state: present @@ -31,20 +51,31 @@ xml: '{{ lookup("template", "virsh_network_default.xml.j2") }}' state: active autostart: yes + when: not snapshot - openvswitch_bridge: bridge: 'br-{{ item }}' state: present with_items: '{{ virsh_enabled_networks }}' + - name: 'Configure IP on bridge' + shell: 'ip addr add 192.0.2.99/24 dev br-{{ item }}' + with_items: '{{ virsh_enabled_networks }}' + when: snapshot + - name: 'Bring up bridge' + shell: 'ip link set up br-{{ item }}' + with_items: '{{ virsh_enabled_networks }}' + when: snapshot - virt_net: state: present name: '{{ item }}' xml: '{{ lookup("template", "virsh_network_ovs.xml.j2") }}' with_items: '{{ virsh_enabled_networks }}' + when: not snapshot - virt_net: state: active name: '{{ item }}' autostart: yes with_items: '{{ virsh_enabled_networks }}' + when: not snapshot - virt_pool: name: default autostart: yes @@ -72,18 +103,27 @@ when: - ansible_architecture == "x86_64" - "'Y' not in nested_result.stdout" + - modprobe: + name: ip6_tables + state: present + - modprobe: + name: ip_tables + state: present - name: Generate SSH key for root if missing shell: test -e ~/.ssh/id_rsa || ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa + when: not snapshot - name: Check that /u/l/python3.4/site-packages/virtualbmc/vbmc.py exists stat: path: /usr/lib/python3.4/site-packages/virtualbmc/vbmc.py register: vbmc_py + when: not snapshot - name: Manually patch vmbc to work with python3.x lineinfile: line: " conn.defineXML(ET.tostring(tree, encoding='unicode'))" regexp: "tostring" path: /usr/lib/python3.4/site-packages/virtualbmc/vbmc.py when: vbmc_py.stat.exists == True + when: not snapshot - name: Add ssh retry to Ansible config ini_file: path: /etc/ansible/ansible.cfg diff --git a/lib/ansible/playbooks/deploy_overcloud.yml b/lib/ansible/playbooks/deploy_overcloud.yml index b2d9234a..9a405814 100644 --- a/lib/ansible/playbooks/deploy_overcloud.yml +++ b/lib/ansible/playbooks/deploy_overcloud.yml @@ -12,10 +12,23 @@ - network-environment.yaml - instackenv.json - overcloud-full.qcow2 + - overcloud-full.vmlinuz + - overcloud-full.initrd + - ironic-python-agent.initramfs + - ironic-python-agent.kernel - deploy_command - virtual-environment.yaml - baremetal-environment.yaml + - kubernetes-environment.yaml - "{{ apex_env_file }}" + - name: Copy ansible.cfg data to undercloud in aarch64 + copy: + src: "{{ apex_temp_dir }}/ansible.cfg" + dest: "/home/stack/ansible.cfg" + owner: stack + group: stack + mode: 0644 + when: aarch64 - name: Copy network data to undercloud copy: src: "{{ apex_temp_dir }}/network_data.yaml" @@ -30,11 +43,12 @@ owner: root group: root mode: 0664 - - systemd: - name: openstack-swift-proxy - state: restarted - enabled: yes - become: yes + - copy: + src: "{{ apex_temp_dir }}/neutron-opendaylight-sriov.yaml" + dest: /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-opendaylight-sriov.yaml + owner: root + group: root + mode: 0664 - name: Remove Ceph OSD from ceph storage role lineinfile: path: /usr/share/openstack-tripleo-heat-templates/roles_data.yaml @@ -51,38 +65,95 @@ owner: root group: root become: yes + - name: Insert Ceph OSDs into Controller role + lineinfile: + path: /usr/share/openstack-tripleo-heat-templates/roles_data.yaml + insertbefore: '^\s*-\sOS::TripleO::Services::CephRbdMirror$' + line: ' - OS::TripleO::Services::CephOSD' + owner: root + group: root + become: yes + - name: Insert External network into Compute role + shell: | + ruby -e ' + require "yaml" + data = YAML.load(File.read("/usr/share/openstack-tripleo-heat-templates/roles_data.yaml")) + if data[1]["networks"].is_a?(Array) + data[1]["networks"].push("External") + elsif data[1]["networks"].is_a?(Hash) + data[1]["networks"].merge!("External"=> { "subnet" => "external_subnet" }) + else + raise "Unable to determine data to modify in roles_data.yaml" + end + data[1]["default_route_networks"] = Array.new(["External"]) + File.open("/usr/share/openstack-tripleo-heat-templates/roles_data.yaml", "w") { |f| f.write(data.to_yaml) } + ' + become: yes - name: Upload glance images shell: "{{ stackrc }} && openstack overcloud image upload" become: yes become_user: stack - name: Import inventory (baremetal) shell: "{{ stackrc }} && openstack overcloud node import instackenv.json" - when: not virtual + when: introspect - name: Introspect inventory (baremetal) shell: "{{ stackrc }} && openstack overcloud node introspect --all-manageable --provide" - when: - - not virtual - - not aarch64 + when: introspect - name: Import inventory (virtual) shell: "{{ stackrc }} && openstack overcloud node import --provide instackenv.json" - when: virtual + when: not introspect - name: Set flavors shell: '{{ stackrc }} && openstack flavor set --property "cpu_arch"="{{ ansible_architecture }}" {{ item }}' with_items: - baremetal - control - compute + - name: Re-enable ceph config for aarch64 + replace: + path: "/usr/share/ceph-ansible/roles/ceph-client/tasks/create_users_keys.yml" + regexp: "x86_64" + replace: "aarch64" + backup: yes + when: aarch64 - name: Configure DNS server for ctlplane network shell: "{{ stackrc }} && openstack subnet set ctlplane-subnet {{ dns_server_args }}" + - name: Update NIC templates before deployment + shell: > + /usr/share/openstack-tripleo-heat-templates/tools/merge-new-params-nic-config-script.py + -n /home/stack/network_data.yaml -t /home/stack/nics/{{ item }}.yaml --discard-comments True + --role-name Controller + become: yes + become_user: stack + with_items: + - controller + - compute - block: - name: Execute Overcloud Deployment shell: "{{ stackrc }} && bash deploy_command" + become: yes + become_user: stack rescue: - name: Show overcloud failures shell: "{{ stackrc }} && openstack stack failures list overcloud --long" + become: yes + become_user: stack + always: + - name: Archive Mistral logs + archive: + path: + - /var/lib/mistral + - /var/log/mistral + dest: /root/mistral_logs.tar.gz + become: yes + - name: Fetch mistral logs + fetch: + src: /root/mistral_logs.tar.gz + dest: "{{ apex_temp_dir }}/" + flat: yes + become: yes - name: Show Keystone output shell: "{{ overcloudrc }} && {{ item }}" - when: debug + when: debug and vim == 'openstack' with_items: - openstack endpoint list - openstack service list diff --git a/lib/ansible/playbooks/fetch_overcloud_logs.yml b/lib/ansible/playbooks/fetch_overcloud_logs.yml new file mode 100644 index 00000000..1ab52475 --- /dev/null +++ b/lib/ansible/playbooks/fetch_overcloud_logs.yml @@ -0,0 +1,25 @@ +--- +- hosts: all + tasks: + - name: Archive logs + archive: + path: + - /var/log + - /etc/puppet + - /etc/nova + - /etc/neutron + - /etc/heat + - /etc/haproxy + - /etc/glance + - /etc/puppet + - /etc/vpp + - /etc/os-net-config + - /opt/opendaylight/data/log + - /opt/opendaylight/etc + dest: /root/logging.tar.gz + become: yes + - name: Fetch /var/log/ + fetch: + src: /root/logging.tar.gz + dest: "{{ apex_temp_dir }}/" + become: yes diff --git a/lib/ansible/playbooks/fetch_overcloud_nodes.yml b/lib/ansible/playbooks/fetch_overcloud_nodes.yml new file mode 100644 index 00000000..bcb5f0f6 --- /dev/null +++ b/lib/ansible/playbooks/fetch_overcloud_nodes.yml @@ -0,0 +1,13 @@ +--- +- hosts: all + tasks: + - name: Get overcloud nodes and IPs + shell: "{{ stackrc }} && openstack server list -f json" + register: nova_list + - name: Write nova list output to file + local_action: copy content="{{ nova_list.stdout }}" dest="{{ apex_temp_dir }}/nova_output" + - name: Get ironic node information + shell: "{{ stackrc }} && openstack server list -f json" + register: ironic_list + - name: Write ironic list output to file + local_action: copy content="{{ ironic_list.stdout }}" dest="{{ apex_temp_dir }}/ironic_output" diff --git a/lib/ansible/playbooks/k8s_remove_pkgs.yml b/lib/ansible/playbooks/k8s_remove_pkgs.yml new file mode 100644 index 00000000..f9fa7787 --- /dev/null +++ b/lib/ansible/playbooks/k8s_remove_pkgs.yml @@ -0,0 +1,5 @@ +--- +- hosts: all + tasks: + - name: Removing existing docker related packages + shell: "rpm -e --nodeps docker docker-common docker-client container-selinux" diff --git a/lib/ansible/playbooks/patch_containers.yml b/lib/ansible/playbooks/patch_containers.yml new file mode 100644 index 00000000..1ef05810 --- /dev/null +++ b/lib/ansible/playbooks/patch_containers.yml @@ -0,0 +1,13 @@ +--- + - name: "Pull docker image to ensure it exists locally: {{ item }}" + shell: "{{ container_client }} pull {{ undercloud_ip }}:8787/tripleo{{ os_version }}/centos-binary-{{ item }}:current-tripleo" + - name: "Find docker image user {{ item }}" + shell: > + {{ container_client }} inspect --format='{{ '{{' }}.ContainerConfig.User{{ '}}' }}' + {{ undercloud_ip }}:8787/tripleo{{ os_version }}/centos-binary-{{ item }}:current-tripleo + register: user_result + - name: "Patch docker image {{ item }}" + shell: > + cd /home/stack/containers/{{ item }} && {{ container_client }} build + --build-arg REAL_USER={{ user_result.stdout }} + -t {{ undercloud_ip }}:8787/tripleo{{ os_version }}/centos-binary-{{ item }}:apex . diff --git a/lib/ansible/playbooks/post_deploy_overcloud.yml b/lib/ansible/playbooks/post_deploy_overcloud.yml index af1c648a..2b90ab1f 100644 --- a/lib/ansible/playbooks/post_deploy_overcloud.yml +++ b/lib/ansible/playbooks/post_deploy_overcloud.yml @@ -13,15 +13,6 @@ - dataplane == 'ovs_dpdk' - "'compute' in ansible_hostname" - sdn == false - - name: SFC config workaround - file: - src: /etc/neutron/networking_sfc.conf - dest: /etc/neutron/conf.d/neutron-server/networking_sfc.conf - state: link - become: yes - when: - - sfc - - "'controller' in ansible_hostname" - name: Ensure ZRPCD is running shell: ps aux | grep zrpcd | grep -v grep ignore_errors: yes @@ -51,3 +42,54 @@ owner: root group: tacker become: yes + when: tacker + - name: Restart Controller Neutron/Nova Services (Pike Workaround) + shell: "systemctl restart {{ item }}" + become: yes + when: + - "'controller' in ansible_hostname" + - os_version == 'pike' + with_items: + - neutron-server + - openstack-nova-api + - openstack-nova-scheduler + - openstack-nova-conductor + - name: Restart Compute Nova Compute (workaround for NFS) + shell: "{{ container_client }} restart nova_compute" + become: yes + when: "'compute' in ansible_hostname or all_in_one" + - name: Update ODL container restart policy to always + shell: "{{ container_client }} update --restart=always opendaylight_api" + become: yes + when: + - sdn == 'opendaylight' + - "'controller' in ansible_hostname" + - name: Open port 8101 (karaf shell) for ODL + iptables: + chain: INPUT + action: insert + protocol: tcp + destination_port: 8101 + jump: ACCEPT + rule_num: 1 + become: yes + when: + - sdn == 'opendaylight' + - "'controller' in ansible_hostname" + - name: save iptables + command: service iptables save + become: yes + - name: Modify nova metadata host to be IP + shell: > + crudini --set /var/lib/config-data/puppet-generated/neutron/etc/neutron/metadata_agent.ini + DEFAULT nova_metadata_host $(hiera -c /etc/puppet/hiera.yaml nova_metadata_vip) + become: yes + when: + - "'controller' in ansible_hostname" + - sdn != 'ovn' + - name: Restart metadata service + shell: "{{ container_client }} restart neutron_metadata_agent" + become: yes + when: + - "'controller' in ansible_hostname" + - sdn != 'ovn' diff --git a/lib/ansible/playbooks/post_deploy_undercloud.yml b/lib/ansible/playbooks/post_deploy_undercloud.yml index 2e1bf0f3..8cdfedfe 100644 --- a/lib/ansible/playbooks/post_deploy_undercloud.yml +++ b/lib/ansible/playbooks/post_deploy_undercloud.yml @@ -9,6 +9,7 @@ - name: Configure external network shell: "{{ overcloudrc }} && {{ item }}" with_items: "{{ external_network_cmds }}" + when: vim == 'openstack' - name: Configure gluon networks shell: "{{ overcloudrc }} && {{ item }}" when: gluon @@ -26,9 +27,7 @@ group: stack mode: 0644 become: yes - with_items: - - overcloudrc - - overcloudrc.v3 + with_items: "{{ overcloudrc_files }}" - name: Inject OS_PROJECT_ID and OS_TENANT_NAME into overcloudrc lineinfile: line: "{{ item }}" @@ -74,56 +73,45 @@ when: sdn != false become: yes become_user: stack - with_items: - - overcloudrc - - overcloudrc.v3 - - name: Undercloud NAT - MASQUERADE interface - iptables: - table: nat - chain: POSTROUTING - out_interface: eth0 - jump: MASQUERADE - when: - - virtual - - not external_network_ipv6 - become: yes - - name: Undercloud NAT - MASQUERADE interface with subnet - iptables: - table: nat - chain: POSTROUTING - out_interface: eth0 - jump: MASQUERADE - source: "{{ external_cidr }}" - when: - - virtual - - not external_network_ipv6 + with_items: "{{ overcloudrc_files }}" + - name: Write SDN WEB and REST PORT to overcloudrc + lineinfile: + line: "export {{ item[0] }}=8081" + regexp: "{{ item[0] }}" + path: "/home/stack/{{ item[1] }}" + when: sdn != false become: yes - - name: Undercloud NAT - Allow Forwarding - iptables: - chain: FORWARD - in_interface: eth2 - jump: ACCEPT - when: - - virtual - - not external_network_ipv6 + become_user: stack + with_nested: + - [ 'SDN_CONTROLLER_WEBPORT', 'SDN_CONTROLLER_RESTCONFPORT' ] + - "{{ overcloudrc_files }}" + - name: Grab Heat Environment variables + shell: "{{ stackrc }} && openstack stack environment show overcloud -f json" + register: heat_env become: yes - - name: Undercloud NAT - Allow Stateful Forwarding - iptables: - chain: FORWARD - in_interface: eth2 - jump: ACCEPT - source: "{{ external_cidr }}" - ctstate: ESTABLISHED,RELATED - when: - - virtual - - not external_network_ipv6 + become_user: stack + - name: Write SDN controller password to overcloudrc for ODL + lineinfile: + line: "export SDN_CONTROLLER_PASSWORD={{(heat_env.stdout|from_json)['parameter_defaults']['OpenDaylightPassword']}}" + regexp: 'SDN_CONTROLLER_PASSWORD' + path: "/home/stack/{{ item }}" + when: sdn == 'opendaylight' become: yes - - name: Undercloud NAT - Save iptables - shell: service iptables save + become_user: stack + with_items: "{{ overcloudrc_files }}" + - name: Register OS Region + shell: "{{ overcloudrc }} && openstack endpoint list -c Region -f json" + register: region + when: vim == 'openstack' + - name: Write Region into overcloudrc + lineinfile: + line: "export OS_REGION_NAME={{(region.stdout|from_json)[1]['Region']}}" + regexp: 'OS_REGION_NAME' + path: "/home/stack/{{ item }}" become: yes - when: - - virtual - - not external_network_ipv6 + become_user: stack + with_items: "{{ overcloudrc_files }}" + when: vim == 'openstack' - name: Create congress datasources shell: "{{ overcloudrc }} && openstack congress datasource create {{ item }}" become: yes @@ -133,6 +121,10 @@ ignore_errors: yes - name: Configure Calipso block: + - name: Install pip3 + yum: + name: python34-pip + state: present - name: Install Calipso dependencies pip: name: "{{ item }}" @@ -153,6 +145,8 @@ - docker-common - docker-selinux - docker-engine + - name: Add Docker CE repo + shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo - name: Install Docker CE package: name: docker-ce @@ -166,6 +160,6 @@ command: > python3 /root/calipso-installer.py --command start-all --copy q --hostname {{ calipso_ip }} --dbport 37017 --webport 81 - --apiport 8001 --rabbitmport 15673 + --apiport 8001 --rabbitmport 15673 --home /root become: yes when: calipso diff --git a/lib/ansible/playbooks/prepare_overcloud_containers.yml b/lib/ansible/playbooks/prepare_overcloud_containers.yml new file mode 100644 index 00000000..ebf081dc --- /dev/null +++ b/lib/ansible/playbooks/prepare_overcloud_containers.yml @@ -0,0 +1,50 @@ +--- +- hosts: all + tasks: + - name: Upload container patches archive + copy: + src: "{{ apex_temp_dir }}/docker_patches.tar.gz" + dest: "/home/stack/docker_patches.tar.gz" + owner: stack + group: stack + mode: 0644 + when: patched_docker_services|length > 0 + - name: Unpack container patches archive + unarchive: + src: /home/stack/docker_patches.tar.gz + remote_src: yes + list_files: yes + group: stack + owner: stack + dest: /home/stack/ + when: patched_docker_services|length > 0 + - name: Prepare generic docker registry image file + shell: > + sudo openstack tripleo container image prepare + -e /home/stack/containers-prepare-parameter.yaml + --output-env-file docker-images.yaml + - name: Collect docker images in registry + uri: + url: http://{{ undercloud_ip }}:8787/v2/_catalog + body_format: json + register: response + - include_tasks: patch_containers.yml + with_items: "{{ patched_docker_services }}" + loop_control: + loop_var: item + when: + - patched_docker_services|length > 0 + - item in (response.json)['repositories']|join(" ") + - name: Push patched docker images to local registry + shell: "{{ container_client }} push {{ undercloud_ip }}:8787/tripleo{{ os_version }}/centos-binary-{{ item }}:apex" + when: + - patched_docker_services|length > 0 + - item in (response.json)['repositories']|join(" ") + with_items: "{{ patched_docker_services }}" + - name: Modify Images with Apex tag + replace: + path: "/home/stack/docker-images.yaml" + regexp: "(\\s*Docker.*?:.*?centos-binary-{{ item }}):.*" + replace: '\1:apex' + with_items: "{{ patched_docker_services }}" + become: yes diff --git a/lib/ansible/playbooks/undercloud_aarch64.yml b/lib/ansible/playbooks/undercloud_aarch64.yml index 040831c5..efcbdabd 100644 --- a/lib/ansible/playbooks/undercloud_aarch64.yml +++ b/lib/ansible/playbooks/undercloud_aarch64.yml @@ -3,13 +3,12 @@ tasks: - name: aarch64 configuration block: - - shell: yum -y reinstall grub2-efi shim - copy: src: /boot/efi/EFI/centos/grubaa64.efi - dest: /tftpboot/grubaa64.efi + dest: /var/lib/config-data/puppet-generated/ironic/var/lib/ironic/tftpboot/grubaa64.efi remote_src: yes - file: - path: /tftpboot/EFI/centos + path: /var/lib/config-data/puppet-generated/ironic/var/lib/ironic/tftpboot/EFI/centos state: directory mode: 0755 - copy: @@ -18,30 +17,25 @@ set timeout=5 set hidden_timeout_quiet=false menuentry "local" { - configfile (hd0,gpt3)/boot/grub2/grub.cfg + configfile /var/lib/ironic/tftpboot/$net_default_mac.conf } - dest: /tftpboot/EFI/centos/grub.cfg + dest: /var/lib/config-data/puppet-generated/ironic/var/lib/ironic/tftpboot/EFI/centos/grub.cfg mode: 0644 - - shell: 'openstack-config --set /etc/ironic/ironic.conf pxe uefi_pxe_bootfile_name grubaa64.efi' - - systemd: - name: openstack-ironic-conductor - state: restarted - enabled: yes - - replace: - path: /usr/lib/python2.7/site-packages/ironic/drivers/modules/pxe_grub_config.template - regexp: 'linuxefi' - replace: 'linux' - - replace: - path: /usr/lib/python2.7/site-packages/ironic/drivers/modules/pxe_grub_config.template - regexp: 'initrdefi' - replace: 'initrd' + - shell: 'sudo crudini --set /var/lib/config-data/puppet-generated/ironic/etc/ironic/ironic.conf pxe pxe_bootfile_name_by_arch aarch64:grubaa64.efi' + - shell: 'sudo crudini --set /var/lib/config-data/puppet-generated/ironic/etc/ironic/ironic.conf pxe pxe_config_template_by_arch aarch64:\$pybasedir/drivers/modules/pxe_grub_config.template' + - shell: 'docker exec -u root ironic_conductor sed -i "s/initrdefi/initrd/g" /usr/lib/python2.7/site-packages/ironic/drivers/modules/pxe_grub_config.template' + - shell: 'docker exec -u root ironic_conductor sed -i "s/linuxefi/linux/g" /usr/lib/python2.7/site-packages/ironic/drivers/modules/pxe_grub_config.template' - lineinfile: - path: /tftpboot/map-file + path: /var/lib/config-data/puppet-generated/ironic/var/lib/ironic/tftpboot/map-file insertafter: EOF state: present line: '' - - shell: "echo 'r ^/EFI/centos/grub.cfg-(.*) /tftpboot/pxelinux.cfg/\\1' | sudo tee --append /tftpboot/map-file" - - shell: "echo 'r ^/EFI/centos/grub.cfg /tftpboot/EFI/centos/grub.cfg' | sudo tee --append /tftpboot/map-file" + - shell: "echo 'r ^/EFI/centos/grub.cfg-(.*) /var/lib/ironic/tftpboot/pxelinux.cfg/\\1' | sudo tee --append /var/lib/config-data/puppet-generated/ironic/var/lib/ironic/tftpboot/map-file" + - shell: "echo 'r ^/EFI/centos/grub.cfg /var/lib/ironic/tftpboot/EFI/centos/grub.cfg' | sudo tee --append /var/lib/config-data/puppet-generated/ironic/var/lib/ironic/tftpboot/map-file" + - shell: "docker restart {{ item }}" + with_items: + - ironic_conductor + - ironic_pxe_tftp - systemd: name: xinetd state: restarted |