From 99b41501961f3da0775e102d69f8018c89d10988 Mon Sep 17 00:00:00 2001 From: Ricardo Noriega Date: Tue, 18 Sep 2018 16:11:15 +0200 Subject: Adding support for containerized undercloud Master code only supports containerized undercloud now, so this migration is needed. - Containerized services in undercloud We can still apply patches to THT and other non-docker services, but we will need to add support for patching openstack services on undercloud. Change-Id: I1ca4c6108f144efef7b5889503af265ef0fff8b2 Signed-off-by: Ricardo Noriega Signed-off-by: Tim Rozet --- apex/tests/test_apex_undercloud.py | 4 +- apex/undercloud/undercloud.py | 12 ++-- lib/ansible/playbooks/configure_undercloud.yml | 80 +++++++++++++------------- lib/ansible/playbooks/deploy_overcloud.yml | 7 +-- 4 files changed, 51 insertions(+), 52 deletions(-) diff --git a/apex/tests/test_apex_undercloud.py b/apex/tests/test_apex_undercloud.py index 5c33bf03..2d0dffcb 100644 --- a/apex/tests/test_apex_undercloud.py +++ b/apex/tests/test_apex_undercloud.py @@ -276,7 +276,8 @@ class TestUndercloud(unittest.TestCase): {'--upload': '/root/.ssh/id_rsa.pub:/root/.ssh/authorized_keys'}, {'--run-command': 'chmod 600 /root/.ssh/authorized_keys'}, - {'--run-command': 'restorecon /root/.ssh/authorized_keys'}, + {'--run-command': 'restorecon ' + '-R -v /root/.ssh'}, {'--run-command': 'cp /root/.ssh/authorized_keys /home/stack/.ssh/'}, {'--run-command': @@ -293,6 +294,7 @@ class TestUndercloud(unittest.TestCase): ns_dict = { 'apex': MagicMock(), 'dns-domain': 'dns', + 'ntp': 'pool.ntp.org', 'networks': {'admin': {'cidr': ipaddress.ip_network('192.0.2.0/24'), 'installer_vm': {'ip': '192.0.2.1', diff --git a/apex/undercloud/undercloud.py b/apex/undercloud/undercloud.py index 56087695..1658801d 100644 --- a/apex/undercloud/undercloud.py +++ b/apex/undercloud/undercloud.py @@ -199,7 +199,7 @@ class Undercloud: '/root/.ssh/id_rsa.pub:/root/.ssh/authorized_keys'}) run_cmds = [ 'chmod 600 /root/.ssh/authorized_keys', - 'restorecon /root/.ssh/authorized_keys', + 'restorecon -R -v /root/.ssh', 'cp /root/.ssh/authorized_keys /home/stack/.ssh/', 'chown stack:stack /home/stack/.ssh/authorized_keys', 'chmod 600 /home/stack/.ssh/authorized_keys' @@ -234,12 +234,16 @@ class Undercloud: "undercloud_hostname undercloud.{}".format(ns['dns-domain']), "local_ip {}/{}".format(str(ns_admin['installer_vm']['ip']), str(ns_admin['cidr']).split('/')[1]), - "network_gateway {}".format(str(ns_admin['installer_vm']['ip'])), - "network_cidr {}".format(str(ns_admin['cidr'])), + "generate_service_certificate false", + "undercloud_ntp_servers {}".format(str(ns['ntp'][0])) + ] + + config['undercloud_network_config'] = [ + "gateway {}".format(str(ns_admin['installer_vm']['ip'])), + "cidr {}".format(str(ns_admin['cidr'])), "dhcp_start {}".format(str(ns_admin['dhcp_range'][0])), "dhcp_end {}".format(str(ns_admin['dhcp_range'][1])), "inspection_iprange {}".format(','.join(intro_range)), - "generate_service_certificate false" ] config['ironic_config'] = [ diff --git a/lib/ansible/playbooks/configure_undercloud.yml b/lib/ansible/playbooks/configure_undercloud.yml index 1fb2283b..96080e5f 100644 --- a/lib/ansible/playbooks/configure_undercloud.yml +++ b/lib/ansible/playbooks/configure_undercloud.yml @@ -47,23 +47,12 @@ - name: openstack-configs undercloud shell: openstack-config --set undercloud.conf DEFAULT {{ item }} with_items: "{{ undercloud_config }}" - - name: Add ironic packages - yum: - name: openstack-ironic-api,openstack-ironic-common, - openstack-ironic-inspector - become: yes - - name: openstack-configs ironic - shell: openstack-config --set /etc/ironic/ironic.conf {{ item }} - become: yes - with_items: "{{ ironic_config }}" - - lineinfile: - path: /usr/lib/python2.7/site-packages/ironic/common/pxe_utils.py - regexp: '_link_ip_address_pxe_configs' - line: ' _link_mac_pxe_configs(task)' - when: aarch64 + - name: openstack-configs undercloud network + shell: openstack-config --set undercloud.conf ctlplane-subnet {{ item }} + with_items: "{{ undercloud_network_config }}" - block: - name: undercloud install - shell: openstack undercloud install --use-heat False &> apex-undercloud-install.log + shell: openstack undercloud install &> apex-undercloud-install.log become: yes become_user: stack rescue: @@ -78,44 +67,50 @@ dest: "{{ apex_temp_dir }}/" flat: yes - name: openstack-configs nova - shell: openstack-config --set /etc/nova/nova.conf DEFAULT {{ item }} + shell: openstack-config --set /var/lib/config-data/nova/etc/nova/nova.conf DEFAULT {{ item }} become: yes with_items: "{{ nova_config }}" - - name: change nova filters - shell: openstack-config --set /etc/nova/nova.conf filter_scheduler {{ item }} - become: yes - with_items: "enabled_filters RetryFilter,TripleOCapabilitiesFilter,ComputeCapabilitiesFilter,AvailabilityZoneFilter,ComputeFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter" - name: restart nova services - service: + docker_container: name: "{{ item }}" - state: restarted - enabled: yes + state: started + restart: yes with_items: - - openstack-nova-conductor - - openstack-nova-compute - - openstack-nova-api - - openstack-nova-scheduler + - nova_conductor + - nova_compute + - nova_api + - nova_scheduler - name: openstack-configs neutron - shell: openstack-config --set /etc/neutron/neutron.conf DEFAULT {{ item }} + shell: openstack-config --set /var/lib/config-data/neutron/etc/neutron/neutron.conf DEFAULT {{ item }} become: yes with_items: "{{ neutron_config }}" - name: restart neutron services - service: + docker_container: name: "{{ item }}" - state: restarted - enabled: yes + state: started + restart: yes with_items: - - neutron-server - - neutron-dhcp-agent - - name: Configure workaround for mariadb long blob (LP#1768913) - shell: openstack-config --set /etc/my.cnf.d/galera.cnf mysqld innodb_log_file_size 256M - become: yes - - name: restart mariadb service - service: - name: mariadb - state: restarted - enabled: yes + - neutron_api + - neutron_dhcp + - name: openstack-configs ironic + shell: openstack-config --set /var/lib/config-data/ironic/etc/ironic/ironic.conf {{ item }} become: yes + with_items: "{{ ironic_config }}" + - name: restart ironic services + docker_container: + name: "{{ item }}" + state: started + restart: yes + with_items: + - ironic_api + - ironic_conductor + - ironic_inspector + # will need to modify the below to patch the container + - lineinfile: + path: /usr/lib/python2.7/site-packages/ironic/common/pxe_utils.py + regexp: '_link_ip_address_pxe_configs' + line: ' _link_mac_pxe_configs(task)' + when: aarch64 - name: configure external network vlan ifcfg template: src: external_vlan_ifcfg.yml.j2 @@ -203,6 +198,9 @@ src: /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-opendaylight-sriov.yaml dest: "{{ apex_temp_dir }}/" flat: yes + - name: Restorecon for root ssh + shell: restorecon -r -v /root/.ssh + become: yes - include: undercloud_aarch64.yml when: aarch64 diff --git a/lib/ansible/playbooks/deploy_overcloud.yml b/lib/ansible/playbooks/deploy_overcloud.yml index dd2b189d..90c3ad1d 100644 --- a/lib/ansible/playbooks/deploy_overcloud.yml +++ b/lib/ansible/playbooks/deploy_overcloud.yml @@ -37,11 +37,6 @@ owner: root group: root mode: 0664 - - systemd: - name: openstack-swift-proxy - state: restarted - enabled: yes - become: yes - name: Remove Ceph OSD from ceph storage role lineinfile: path: /usr/share/openstack-tripleo-heat-templates/roles_data.yaml @@ -67,7 +62,7 @@ group: root become: yes - name: Upload glance images - shell: "{{ stackrc }} && openstack overcloud image upload --http-boot /httpboot" + shell: "{{ stackrc }} && openstack overcloud image upload" become: yes become_user: stack - name: Import inventory (baremetal) -- cgit 1.2.3-korg