summaryrefslogtreecommitdiffstats
path: root/lib/ansible/playbooks/configure_undercloud.yml
blob: 07b82c8e13678e74520e476e4cc53f53c64db5fe (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
---
- hosts: all
  tasks:
    - name: Generate SSH key for stack if missing
      shell: test -e ~/.ssh/id_rsa || ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
    - name: Fix ssh key for stack
      shell: restorecon -r /home/stack
      become: yes
    - file:
        path: /home/stack/nics
        state: directory
        owner: stack
        group: stack
        mode: 0775
    - copy:
        src: /root/.ssh/id_rsa.pub
        dest: /home/stack/jumphost_id_rsa.pub
        owner: stack
        group: stack
        mode: 0644
    - copy:
        src: "{{ apex_temp_dir }}/{{ item }}.yaml"
        dest: "/home/stack/nics/{{ item }}.yaml"
        owner: stack
        group: stack
        mode: 0644
      with_items:
        - controller
        - compute
    - name: Copy container prep env file to undercloud
      copy:
        src: "{{ apex_temp_dir }}/containers-prepare-parameter.yaml"
        dest: "/home/stack/containers-prepare-parameter.yaml"
        owner: stack
        group: stack
        mode: 0644
    - lineinfile:
        path: /etc/sudoers
        regexp: 'Defaults\s*requiretty'
        state: absent
      become: yes
    - lineinfile:
        path: /etc/environment
        regexp: '^http_proxy'
        line: "http_proxy={{ http_proxy }}"
      become: yes
      when: http_proxy
    - lineinfile:
        path: /etc/environment
        regexp: '^https_proxy'
        line: "https_proxy={{ https_proxy }}"
      become: yes
      when: https_proxy
    - name: openstack-configs undercloud
      shell: openstack-config --set undercloud.conf DEFAULT {{ item }}
      with_items: "{{ undercloud_config }}"
    - name: openstack-configs undercloud network
      shell: openstack-config --set undercloud.conf ctlplane-subnet {{ item }}
      with_items: "{{ undercloud_network_config }}"
    - block:
        - name: undercloud install
          shell: openstack undercloud install &> apex-undercloud-install.log
          become: yes
          become_user: stack
      rescue:
        - name: undercloud install retry
          shell: openstack undercloud install >> apex-undercloud-install.log 2>&1
          become: yes
          become_user: stack
      always:
        - name: fetch undercloud log
          fetch:
            src: /home/stack/apex-undercloud-install.log
            dest: "{{ apex_temp_dir }}/"
            flat: yes
    - name: Install ceph-ansible
      yum:
        name: ceph-ansible
      become: yes
    - name: openstack-configs nova
      shell: openstack-config --set /var/lib/config-data/nova/etc/nova/nova.conf DEFAULT {{ item }}
      become: yes
      with_items: "{{ nova_config }}"
    - name: restart nova services
      shell: "{{ container_client }} restart {{ item }}"
      with_items:
        - nova_conductor
        - nova_compute
        - nova_api
        - nova_scheduler
      become: yes
    - name: openstack-configs neutron
      shell: openstack-config --set /var/lib/config-data/neutron/etc/neutron/neutron.conf DEFAULT {{ item }}
      become: yes
      with_items: "{{ neutron_config }}"
    - name: restart neutron services
      shell: "{{ container_client }} restart {{ item }}"
      with_items:
        - neutron_api
        - neutron_dhcp
      become: yes
    - name: openstack-configs ironic
      shell: openstack-config --set /var/lib/config-data/ironic/etc/ironic/ironic.conf {{ item }}
      become: yes
      with_items: "{{ ironic_config }}"
    - name: restart ironic services
      shell: "{{ container_client }} restart {{ item }}"
      with_items:
        - ironic_api
        - ironic_conductor
        - ironic_inspector
      become: yes
    - name: configure external network vlan ifcfg
      template:
        src: external_vlan_ifcfg.yml.j2
        dest: "/etc/sysconfig/network-scripts/ifcfg-vlan{{ external_network.vlan }}"
        owner: root
        group: root
        mode: 0644
      become: yes
      when:
        - external_network.vlan != "native"
        - external_network.enabled
    - name: bring up vlan ifcfg
      shell: "ifup vlan{{ external_network.vlan }}"
      become: yes
      when:
        - external_network.vlan != "native"
        - external_network.enabled
    - name: assign IP to native eth2
      shell: ip a a {{ external_network.ip }}/{{ external_network.prefix }} dev eth2
      become: yes
      when:
        - external_network.vlan == "native"
        - external_network.enabled
    - name: bring up eth2
      shell: ip link set up dev eth2
      when:
        - external_network.vlan == "native"
        - external_network.enabled
      become: yes
    - name: bring up eth0 if aarch64
      shell: ip link set up dev eth0
      when:
        - external_network.vlan == "native"
        - external_network.enabled
        - aarch64
      become: yes
    - block:
        - name: Undercloud NAT - MASQUERADE interface
          iptables:
            table: nat
            chain: POSTROUTING
            out_interface: eth0
            jump: MASQUERADE
        - name: Undercloud NAT - MASQUERADE interface with subnet
          iptables:
            table: nat
            chain: POSTROUTING
            out_interface: eth0
            jump: MASQUERADE
            source: "{{ nat_cidr }}"
        - name: Undercloud NAT - Allow Forwarding
          iptables:
            chain: FORWARD
            in_interface: eth2
            jump: ACCEPT
        - name: Undercloud NAT - Allow Stateful Forwarding
          iptables:
            chain: FORWARD
            in_interface: eth2
            jump: ACCEPT
            source: "{{ nat_cidr }}"
            ctstate: ESTABLISHED,RELATED
      become: yes
      when:
        - not nat_network_ipv6
        - nat
    - name: Allow SSH in iptables
      iptables:
        action: insert
        chain: INPUT
        rule_num: 1
        protocol: tcp
        destination_port: 22
        jump: ACCEPT
      become: yes
    - name: Undercloud NAT - Save iptables
      shell: service iptables save
      become: yes
    - name: fetch storage environment file
      fetch:
        src: /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml
        dest: "{{ apex_temp_dir }}/"
        flat: yes
    - name: fetch sriov environment file
      fetch:
        src: /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-opendaylight-sriov.yaml
        dest: "{{ apex_temp_dir }}/"
        flat: yes
    - name: Restorecon for root ssh
      shell: restorecon -r -v /root/.ssh
      become: yes

- include: undercloud_aarch64.yml
  when: aarch64