--- - hosts: all tasks: - name: Generate SSH key for stack if missing shell: test -e ~/.ssh/id_rsa || ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa - name: Fix ssh key for stack shell: restorecon -r /home/stack become: yes - file: path: /home/stack/nics state: directory owner: stack group: stack mode: 0775 - copy: src: /root/.ssh/id_rsa.pub dest: /home/stack/jumphost_id_rsa.pub owner: stack group: stack mode: 0644 - copy: src: "{{ apex_temp_dir }}/{{ item }}.yaml" dest: "/home/stack/nics/{{ item }}.yaml" owner: stack group: stack mode: 0644 with_items: - controller - compute - lineinfile: path: /etc/sudoers regexp: 'Defaults\s*requiretty' state: absent become: yes - lineinfile: path: /etc/environment regexp: '^http_proxy' line: "http_proxy={{ http_proxy }}" become: yes when: http_proxy - lineinfile: path: /etc/environment regexp: '^https_proxy' line: "https_proxy={{ https_proxy }}" become: yes when: https_proxy - name: openstack-configs undercloud shell: openstack-config --set undercloud.conf DEFAULT {{ item }} with_items: "{{ undercloud_config }}" - name: openstack-configs ironic shell: openstack-config --set /etc/ironic/ironic.conf {{ item }} become: yes with_items: "{{ ironic_config }}" - lineinfile: path: /usr/lib/python2.7/site-packages/ironic/common/pxe_utils.py regexp: '_link_ip_address_pxe_configs' line: ' _link_mac_pxe_configs(task)' when: aarch64 - block: - name: undercloud install shell: openstack undercloud install &> apex-undercloud-install.log become: yes become_user: stack rescue: - name: undercloud install retry shell: openstack undercloud install >> apex-undercloud-install.log 2>&1 become: yes become_user: stack always: - name: fetch undercloud log fetch: src: /home/stack/apex-undercloud-install.log dest: "{{ apex_temp_dir }}/" flat: yes - name: openstack-configs nova shell: openstack-config --set /etc/nova/nova.conf DEFAULT {{ item }} become: yes with_items: "{{ nova_config }}" - name: restart nova services service: name: "{{ item }}" state: restarted enabled: yes with_items: - openstack-nova-conductor - openstack-nova-compute - openstack-nova-api - openstack-nova-scheduler - name: openstack-configs neutron shell: openstack-config --set /etc/neutron/neutron.conf DEFAULT {{ item }} become: yes with_items: "{{ neutron_config }}" - name: restart neutron services service: name: "{{ item }}" state: restarted enabled: yes with_items: - neutron-server - neutron-dhcp-agent - name: configure external network vlan ifcfg template: src: external_vlan_ifcfg.yml.j2 dest: "/etc/sysconfig/network-scripts/ifcfg-vlan{{ external_network.vlan }}" owner: root group: root mode: 0644 become: yes when: - external_network.vlan != "native" - external_network.enabled - name: bring up vlan ifcfg shell: "ifup vlan{{ external_network.vlan }}" become: yes when: - external_network.vlan != "native" - external_network.enabled - name: assign IP to native eth2 shell: ip a a {{ external_network.ip }}/{{ external_network.prefix }} dev eth2 become: yes when: - external_network.vlan == "native" - external_network.enabled - not aarch64 - name: bring up eth2 shell: ip link set up dev eth2 when: - external_network.vlan == "native" - external_network.enabled - not aarch64 become: yes - name: assign IP to native eth0 if aarch64 shell: ip a a {{ external_network.ip }}/{{ external_network.prefix }} dev eth0 become: yes when: - external_network.vlan == "native" - external_network.enabled - aarch64 - name: bring up eth0 if aarch64 shell: ip link set up dev eth0 when: - external_network.vlan == "native" - external_network.enabled - aarch64 become: yes - block: - name: Undercloud NAT - MASQUERADE interface iptables: table: nat chain: POSTROUTING out_interface: eth0 jump: MASQUERADE - name: Undercloud NAT - MASQUERADE interface with subnet iptables: table: nat chain: POSTROUTING out_interface: eth0 jump: MASQUERADE source: "{{ nat_cidr }}" - name: Undercloud NAT - Allow Forwarding iptables: chain: FORWARD in_interface: eth2 jump: ACCEPT - name: Undercloud NAT - Allow Stateful Forwarding iptables: chain: FORWARD in_interface: eth2 jump: ACCEPT source: "{{ nat_cidr }}" ctstate: ESTABLISHED,RELATED - name: Undercloud NAT - Save iptables shell: service iptables save become: yes when: - not nat_network_ipv6 - virtual_overcloud - name: fetch storage environment file fetch: src: /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml dest: "{{ apex_temp_dir }}/" flat: yes - name: fetch sriov environment file fetch: src: /usr/share/openstack-tripleo-heat-templates/environments/neutron-opendaylight-sriov.yaml dest: "{{ apex_temp_dir }}/" flat: yes - include: undercloud_aarch64.yml when: aarch64