From f6dbb3929d904b4d5a9ee01f8270051e29ac1ec3 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Mon, 4 Dec 2017 11:20:23 -0500 Subject: Enables containerized overcloud deployments Changes Include: - For upstream deployments, Docker local registry will be updated with latest current RDO containers, regular deployments will use latest stable - Upstream container images will then be patched/modified and then re-uploaded into local docker registry with 'apex' tag - Deployment command modified to deploy with containers - Adds a --no-fetch deployment argument to disable pulling latest from upstream, and instead using what already exists in cache - Moves Undercloud NAT setup to just after undercloud is installed. This provides internet during overcloud install which is now required for upstream container deployments. - Creates loop device for Ceph deployment when no device is provided in deploy settings (for container deployment only) - Updates NIC J2 template to use the new format in OOO since the os-apply-config method is now deprecated in > Queens JIRA: APEX-566 JIRA: APEX-549 Change-Id: I0652c194c059b915a942ac7401936e8f5c69d1fa Signed-off-by: Tim Rozet --- lib/ansible/playbooks/configure_undercloud.yml | 32 +++++++ lib/ansible/playbooks/post_deploy_undercloud.yml | 59 +----------- .../playbooks/prepare_overcloud_containers.yml | 105 +++++++++++++++++++++ 3 files changed, 140 insertions(+), 56 deletions(-) create mode 100644 lib/ansible/playbooks/prepare_overcloud_containers.yml (limited to 'lib/ansible') diff --git a/lib/ansible/playbooks/configure_undercloud.yml b/lib/ansible/playbooks/configure_undercloud.yml index 9ef0d883..fbac6eeb 100644 --- a/lib/ansible/playbooks/configure_undercloud.yml +++ b/lib/ansible/playbooks/configure_undercloud.yml @@ -143,6 +143,38 @@ - external_network.enabled - aarch64 become: yes + - block: + - name: Undercloud NAT - MASQUERADE interface + iptables: + table: nat + chain: POSTROUTING + out_interface: eth0 + jump: MASQUERADE + - name: Undercloud NAT - MASQUERADE interface with subnet + iptables: + table: nat + chain: POSTROUTING + out_interface: eth0 + jump: MASQUERADE + source: "{{ nat_cidr }}" + - name: Undercloud NAT - Allow Forwarding + iptables: + chain: FORWARD + in_interface: eth2 + jump: ACCEPT + - name: Undercloud NAT - Allow Stateful Forwarding + iptables: + chain: FORWARD + in_interface: eth2 + jump: ACCEPT + source: "{{ nat_cidr }}" + ctstate: ESTABLISHED,RELATED + - name: Undercloud NAT - Save iptables + shell: service iptables save + become: yes + when: + - not nat_network_ipv6 + - virtual_overcloud - name: fetch storage environment file fetch: src: /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml diff --git a/lib/ansible/playbooks/post_deploy_undercloud.yml b/lib/ansible/playbooks/post_deploy_undercloud.yml index a8f1cd55..d0206f87 100644 --- a/lib/ansible/playbooks/post_deploy_undercloud.yml +++ b/lib/ansible/playbooks/post_deploy_undercloud.yml @@ -26,9 +26,7 @@ group: stack mode: 0644 become: yes - with_items: - - overcloudrc - - overcloudrc.v3 + with_items: "{{ overcloudrc_files }}" - name: Inject OS_PROJECT_ID and OS_TENANT_NAME into overcloudrc lineinfile: line: "{{ item }}" @@ -74,9 +72,7 @@ when: sdn != false become: yes become_user: stack - with_items: - - overcloudrc - - overcloudrc.v3 + with_items: "{{ overcloudrc_files }}" - name: Register OS Region shell: "{{ overcloudrc }} && openstack endpoint list -c Region -f json" register: region @@ -89,56 +85,7 @@ path: "/home/stack/{{ item }}" become: yes become_user: stack - with_items: - - overcloudrc - - overcloudrc.v3 - - name: Undercloud NAT - MASQUERADE interface - iptables: - table: nat - chain: POSTROUTING - out_interface: eth0 - jump: MASQUERADE - when: - - virtual - - not external_network_ipv6 - become: yes - - name: Undercloud NAT - MASQUERADE interface with subnet - iptables: - table: nat - chain: POSTROUTING - out_interface: eth0 - jump: MASQUERADE - source: "{{ external_cidr }}" - when: - - virtual - - not external_network_ipv6 - become: yes - - name: Undercloud NAT - Allow Forwarding - iptables: - chain: FORWARD - in_interface: eth2 - jump: ACCEPT - when: - - virtual - - not external_network_ipv6 - become: yes - - name: Undercloud NAT - Allow Stateful Forwarding - iptables: - chain: FORWARD - in_interface: eth2 - jump: ACCEPT - source: "{{ external_cidr }}" - ctstate: ESTABLISHED,RELATED - when: - - virtual - - not external_network_ipv6 - become: yes - - name: Undercloud NAT - Save iptables - shell: service iptables save - become: yes - when: - - virtual - - not external_network_ipv6 + with_items: "{{ overcloudrc_files }}" - name: Create congress datasources shell: "{{ overcloudrc }} && openstack congress datasource create {{ item }}" become: yes diff --git a/lib/ansible/playbooks/prepare_overcloud_containers.yml b/lib/ansible/playbooks/prepare_overcloud_containers.yml new file mode 100644 index 00000000..88a8df1c --- /dev/null +++ b/lib/ansible/playbooks/prepare_overcloud_containers.yml @@ -0,0 +1,105 @@ +--- +- hosts: all + tasks: + - name: Upload container patches archive + copy: + src: "{{ apex_temp_dir }}/docker_patches.tar.gz" + dest: "/home/stack/docker_patches.tar.gz" + owner: stack + group: stack + mode: 0644 + when: patched_docker_services|length > 0 + - name: Unpack container patches archive + unarchive: + src: /home/stack/docker_patches.tar.gz + remote_src: yes + list_files: yes + group: stack + owner: stack + dest: /home/stack/ + when: patched_docker_services|length > 0 + - name: Prepare generic docker registry image file + shell: > + {{ stackrc }} && openstack overcloud container image prepare + --namespace trunk.registry.rdoproject.org/{{ os_version }} + --tag {{ container_tag }} + --push-destination {{ undercloud_ip }}:8787 + -e /usr/share/openstack-tripleo-heat-templates/environments/docker.yaml + --output-images-file overcloud_containers.yml + become: yes + become_user: stack + - name: Prepare SDN docker registry image file + shell: > + {{ stackrc }} && openstack overcloud container image prepare + --namespace trunk.registry.rdoproject.org/{{ os_version }} + --tag {{ container_tag }} + --push-destination {{ undercloud_ip }}:8787 + -e {{ sdn_env_file }} + --output-images-file sdn_containers.yml + become: yes + become_user: stack + when: sdn != false + - name: Upload docker images to local registry + shell: > + {{ stackrc }} && openstack overcloud container image upload + --config-file /home/stack/overcloud_containers.yml + - name: Upload SDN docker images to local registry + shell: > + {{ stackrc }} && openstack overcloud container image upload + --config-file /home/stack/sdn_containers.yml + when: sdn != false + - name: Collect docker images in registry + uri: + url: http://{{ undercloud_ip }}:8787/v2/_catalog + body_format: json + register: response + - name: Patch Docker images + shell: > + cd /home/stack/containers/{{ item }} && docker build + -t {{ undercloud_ip }}:8787/{{ os_version }}/centos-binary-{{ item }}:apex . + when: + - patched_docker_services|length > 0 + - item in (response.json)['repositories']|join(" ") + with_items: "{{ patched_docker_services }}" + - name: Push patched docker images to local registry + shell: docker push {{ undercloud_ip }}:8787/{{ os_version }}/centos-binary-{{ item }}:apex + when: + - patched_docker_services|length > 0 + - item in (response.json)['repositories']|join(" ") + with_items: "{{ patched_docker_services }}" + - name: Prepare deployment generic docker image file + shell: > + {{ stackrc }} && openstack overcloud container image prepare + --namespace {{ undercloud_ip }}:8787/{{ os_version }} + --tag {{ container_tag }} + -e /usr/share/openstack-tripleo-heat-templates/environments/docker.yaml + --output-env-file docker-images.yaml + become: yes + become_user: stack + - name: Prepare deployment SDN docker image file + shell: > + {{ stackrc }} && openstack overcloud container image prepare + --namespace {{ undercloud_ip }}:8787/{{ os_version }} + --tag {{ container_tag }} + -e {{ sdn_env_file }} + --output-env-file sdn-images.yaml + when: sdn != false + become: yes + become_user: stack + - name: Modify Images with Apex tag + replace: + path: "{{ item[0] }}" + regexp: "(\\s*Docker.*?:.*?centos-binary-{{ item[1] }}):.*" + replace: '\1:apex' + with_nested: + - [ '/home/stack/sdn-images.yaml', '/home/stack/docker-images.yaml'] + - "{{ patched_docker_services }}" + - name: Pull Ceph docker image + shell: docker pull {{ ceph_docker_image }} + become: yes + - name: Tag Ceph image for local registry + shell: docker tag {{ ceph_docker_image }} {{ undercloud_ip }}:8787/{{ ceph_docker_image }} + become: yes + - name: Push Ceph docker image to local registry + shell: docker push {{ undercloud_ip }}:8787/{{ ceph_docker_image }} + become: yes -- cgit 1.2.3-korg