From f6dbb3929d904b4d5a9ee01f8270051e29ac1ec3 Mon Sep 17 00:00:00 2001
From: Tim Rozet <trozet@redhat.com>
Date: Mon, 4 Dec 2017 11:20:23 -0500
Subject: Enables containerized overcloud deployments
Changes Include:
- For upstream deployments, Docker local registry will be updated with
latest current RDO containers, regular deployments will use latest
stable
- Upstream container images will then be patched/modified and then
re-uploaded into local docker registry with 'apex' tag
- Deployment command modified to deploy with containers
- Adds a --no-fetch deployment argument to disable pulling latest
from upstream, and instead using what already exists in cache
- Moves Undercloud NAT setup to just after undercloud is installed.
This provides internet during overcloud install which is now
required for upstream container deployments.
- Creates loop device for Ceph deployment when no device is
provided in deploy settings (for container deployment only)
- Updates NIC J2 template to use the new format in OOO since
the os-apply-config method is now deprecated in > Queens
JIRA: APEX-566
JIRA: APEX-549
Change-Id: I0652c194c059b915a942ac7401936e8f5c69d1fa
Signed-off-by: Tim Rozet <trozet@redhat.com>
---
lib/ansible/playbooks/configure_undercloud.yml | 32 +++++++
lib/ansible/playbooks/post_deploy_undercloud.yml | 59 +-----------
.../playbooks/prepare_overcloud_containers.yml | 105 +++++++++++++++++++++
3 files changed, 140 insertions(+), 56 deletions(-)
create mode 100644 lib/ansible/playbooks/prepare_overcloud_containers.yml
(limited to 'lib')
diff --git a/lib/ansible/playbooks/configure_undercloud.yml b/lib/ansible/playbooks/configure_undercloud.yml
index 9ef0d883..fbac6eeb 100644
--- a/lib/ansible/playbooks/configure_undercloud.yml
+++ b/lib/ansible/playbooks/configure_undercloud.yml
@@ -143,6 +143,38 @@
- external_network.enabled
- aarch64
become: yes
+ - block:
+ - name: Undercloud NAT - MASQUERADE interface
+ iptables:
+ table: nat
+ chain: POSTROUTING
+ out_interface: eth0
+ jump: MASQUERADE
+ - name: Undercloud NAT - MASQUERADE interface with subnet
+ iptables:
+ table: nat
+ chain: POSTROUTING
+ out_interface: eth0
+ jump: MASQUERADE
+ source: "{{ nat_cidr }}"
+ - name: Undercloud NAT - Allow Forwarding
+ iptables:
+ chain: FORWARD
+ in_interface: eth2
+ jump: ACCEPT
+ - name: Undercloud NAT - Allow Stateful Forwarding
+ iptables:
+ chain: FORWARD
+ in_interface: eth2
+ jump: ACCEPT
+ source: "{{ nat_cidr }}"
+ ctstate: ESTABLISHED,RELATED
+ - name: Undercloud NAT - Save iptables
+ shell: service iptables save
+ become: yes
+ when:
+ - not nat_network_ipv6
+ - virtual_overcloud
- name: fetch storage environment file
fetch:
src: /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml
diff --git a/lib/ansible/playbooks/post_deploy_undercloud.yml b/lib/ansible/playbooks/post_deploy_undercloud.yml
index a8f1cd55..d0206f87 100644
--- a/lib/ansible/playbooks/post_deploy_undercloud.yml
+++ b/lib/ansible/playbooks/post_deploy_undercloud.yml
@@ -26,9 +26,7 @@
group: stack
mode: 0644
become: yes
- with_items:
- - overcloudrc
- - overcloudrc.v3
+ with_items: "{{ overcloudrc_files }}"
- name: Inject OS_PROJECT_ID and OS_TENANT_NAME into overcloudrc
lineinfile:
line: "{{ item }}"
@@ -74,9 +72,7 @@
when: sdn != false
become: yes
become_user: stack
- with_items:
- - overcloudrc
- - overcloudrc.v3
+ with_items: "{{ overcloudrc_files }}"
- name: Register OS Region
shell: "{{ overcloudrc }} && openstack endpoint list -c Region -f json"
register: region
@@ -89,56 +85,7 @@
path: "/home/stack/{{ item }}"
become: yes
become_user: stack
- with_items:
- - overcloudrc
- - overcloudrc.v3
- - name: Undercloud NAT - MASQUERADE interface
- iptables:
- table: nat
- chain: POSTROUTING
- out_interface: eth0
- jump: MASQUERADE
- when:
- - virtual
- - not external_network_ipv6
- become: yes
- - name: Undercloud NAT - MASQUERADE interface with subnet
- iptables:
- table: nat
- chain: POSTROUTING
- out_interface: eth0
- jump: MASQUERADE
- source: "{{ external_cidr }}"
- when:
- - virtual
- - not external_network_ipv6
- become: yes
- - name: Undercloud NAT - Allow Forwarding
- iptables:
- chain: FORWARD
- in_interface: eth2
- jump: ACCEPT
- when:
- - virtual
- - not external_network_ipv6
- become: yes
- - name: Undercloud NAT - Allow Stateful Forwarding
- iptables:
- chain: FORWARD
- in_interface: eth2
- jump: ACCEPT
- source: "{{ external_cidr }}"
- ctstate: ESTABLISHED,RELATED
- when:
- - virtual
- - not external_network_ipv6
- become: yes
- - name: Undercloud NAT - Save iptables
- shell: service iptables save
- become: yes
- when:
- - virtual
- - not external_network_ipv6
+ with_items: "{{ overcloudrc_files }}"
- name: Create congress datasources
shell: "{{ overcloudrc }} && openstack congress datasource create {{ item }}"
become: yes
diff --git a/lib/ansible/playbooks/prepare_overcloud_containers.yml b/lib/ansible/playbooks/prepare_overcloud_containers.yml
new file mode 100644
index 00000000..88a8df1c
--- /dev/null
+++ b/lib/ansible/playbooks/prepare_overcloud_containers.yml
@@ -0,0 +1,105 @@
+---
+- hosts: all
+ tasks:
+ - name: Upload container patches archive
+ copy:
+ src: "{{ apex_temp_dir }}/docker_patches.tar.gz"
+ dest: "/home/stack/docker_patches.tar.gz"
+ owner: stack
+ group: stack
+ mode: 0644
+ when: patched_docker_services|length > 0
+ - name: Unpack container patches archive
+ unarchive:
+ src: /home/stack/docker_patches.tar.gz
+ remote_src: yes
+ list_files: yes
+ group: stack
+ owner: stack
+ dest: /home/stack/
+ when: patched_docker_services|length > 0
+ - name: Prepare generic docker registry image file
+ shell: >
+ {{ stackrc }} && openstack overcloud container image prepare
+ --namespace trunk.registry.rdoproject.org/{{ os_version }}
+ --tag {{ container_tag }}
+ --push-destination {{ undercloud_ip }}:8787
+ -e /usr/share/openstack-tripleo-heat-templates/environments/docker.yaml
+ --output-images-file overcloud_containers.yml
+ become: yes
+ become_user: stack
+ - name: Prepare SDN docker registry image file
+ shell: >
+ {{ stackrc }} && openstack overcloud container image prepare
+ --namespace trunk.registry.rdoproject.org/{{ os_version }}
+ --tag {{ container_tag }}
+ --push-destination {{ undercloud_ip }}:8787
+ -e {{ sdn_env_file }}
+ --output-images-file sdn_containers.yml
+ become: yes
+ become_user: stack
+ when: sdn != false
+ - name: Upload docker images to local registry
+ shell: >
+ {{ stackrc }} && openstack overcloud container image upload
+ --config-file /home/stack/overcloud_containers.yml
+ - name: Upload SDN docker images to local registry
+ shell: >
+ {{ stackrc }} && openstack overcloud container image upload
+ --config-file /home/stack/sdn_containers.yml
+ when: sdn != false
+ - name: Collect docker images in registry
+ uri:
+ url: http://{{ undercloud_ip }}:8787/v2/_catalog
+ body_format: json
+ register: response
+ - name: Patch Docker images
+ shell: >
+ cd /home/stack/containers/{{ item }} && docker build
+ -t {{ undercloud_ip }}:8787/{{ os_version }}/centos-binary-{{ item }}:apex .
+ when:
+ - patched_docker_services|length > 0
+ - item in (response.json)['repositories']|join(" ")
+ with_items: "{{ patched_docker_services }}"
+ - name: Push patched docker images to local registry
+ shell: docker push {{ undercloud_ip }}:8787/{{ os_version }}/centos-binary-{{ item }}:apex
+ when:
+ - patched_docker_services|length > 0
+ - item in (response.json)['repositories']|join(" ")
+ with_items: "{{ patched_docker_services }}"
+ - name: Prepare deployment generic docker image file
+ shell: >
+ {{ stackrc }} && openstack overcloud container image prepare
+ --namespace {{ undercloud_ip }}:8787/{{ os_version }}
+ --tag {{ container_tag }}
+ -e /usr/share/openstack-tripleo-heat-templates/environments/docker.yaml
+ --output-env-file docker-images.yaml
+ become: yes
+ become_user: stack
+ - name: Prepare deployment SDN docker image file
+ shell: >
+ {{ stackrc }} && openstack overcloud container image prepare
+ --namespace {{ undercloud_ip }}:8787/{{ os_version }}
+ --tag {{ container_tag }}
+ -e {{ sdn_env_file }}
+ --output-env-file sdn-images.yaml
+ when: sdn != false
+ become: yes
+ become_user: stack
+ - name: Modify Images with Apex tag
+ replace:
+ path: "{{ item[0] }}"
+ regexp: "(\\s*Docker.*?:.*?centos-binary-{{ item[1] }}):.*"
+ replace: '\1:apex'
+ with_nested:
+ - [ '/home/stack/sdn-images.yaml', '/home/stack/docker-images.yaml']
+ - "{{ patched_docker_services }}"
+ - name: Pull Ceph docker image
+ shell: docker pull {{ ceph_docker_image }}
+ become: yes
+ - name: Tag Ceph image for local registry
+ shell: docker tag {{ ceph_docker_image }} {{ undercloud_ip }}:8787/{{ ceph_docker_image }}
+ become: yes
+ - name: Push Ceph docker image to local registry
+ shell: docker push {{ undercloud_ip }}:8787/{{ ceph_docker_image }}
+ become: yes
--
cgit