blob: 07b82c8e13678e74520e476e4cc53f53c64db5fe (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
|
---
- hosts: all
tasks:
- name: Generate SSH key for stack if missing
shell: test -e ~/.ssh/id_rsa || ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
- name: Fix ssh key for stack
shell: restorecon -r /home/stack
become: yes
- file:
path: /home/stack/nics
state: directory
owner: stack
group: stack
mode: 0775
- copy:
src: /root/.ssh/id_rsa.pub
dest: /home/stack/jumphost_id_rsa.pub
owner: stack
group: stack
mode: 0644
- copy:
src: "{{ apex_temp_dir }}/{{ item }}.yaml"
dest: "/home/stack/nics/{{ item }}.yaml"
owner: stack
group: stack
mode: 0644
with_items:
- controller
- compute
- name: Copy container prep env file to undercloud
copy:
src: "{{ apex_temp_dir }}/containers-prepare-parameter.yaml"
dest: "/home/stack/containers-prepare-parameter.yaml"
owner: stack
group: stack
mode: 0644
- lineinfile:
path: /etc/sudoers
regexp: 'Defaults\s*requiretty'
state: absent
become: yes
- lineinfile:
path: /etc/environment
regexp: '^http_proxy'
line: "http_proxy={{ http_proxy }}"
become: yes
when: http_proxy
- lineinfile:
path: /etc/environment
regexp: '^https_proxy'
line: "https_proxy={{ https_proxy }}"
become: yes
when: https_proxy
- name: openstack-configs undercloud
shell: openstack-config --set undercloud.conf DEFAULT {{ item }}
with_items: "{{ undercloud_config }}"
- name: openstack-configs undercloud network
shell: openstack-config --set undercloud.conf ctlplane-subnet {{ item }}
with_items: "{{ undercloud_network_config }}"
- block:
- name: undercloud install
shell: openstack undercloud install &> apex-undercloud-install.log
become: yes
become_user: stack
rescue:
- name: undercloud install retry
shell: openstack undercloud install >> apex-undercloud-install.log 2>&1
become: yes
become_user: stack
always:
- name: fetch undercloud log
fetch:
src: /home/stack/apex-undercloud-install.log
dest: "{{ apex_temp_dir }}/"
flat: yes
- name: Install ceph-ansible
yum:
name: ceph-ansible
become: yes
- name: openstack-configs nova
shell: openstack-config --set /var/lib/config-data/nova/etc/nova/nova.conf DEFAULT {{ item }}
become: yes
with_items: "{{ nova_config }}"
- name: restart nova services
shell: "{{ container_client }} restart {{ item }}"
with_items:
- nova_conductor
- nova_compute
- nova_api
- nova_scheduler
become: yes
- name: openstack-configs neutron
shell: openstack-config --set /var/lib/config-data/neutron/etc/neutron/neutron.conf DEFAULT {{ item }}
become: yes
with_items: "{{ neutron_config }}"
- name: restart neutron services
shell: "{{ container_client }} restart {{ item }}"
with_items:
- neutron_api
- neutron_dhcp
become: yes
- name: openstack-configs ironic
shell: openstack-config --set /var/lib/config-data/ironic/etc/ironic/ironic.conf {{ item }}
become: yes
with_items: "{{ ironic_config }}"
- name: restart ironic services
shell: "{{ container_client }} restart {{ item }}"
with_items:
- ironic_api
- ironic_conductor
- ironic_inspector
become: yes
- name: configure external network vlan ifcfg
template:
src: external_vlan_ifcfg.yml.j2
dest: "/etc/sysconfig/network-scripts/ifcfg-vlan{{ external_network.vlan }}"
owner: root
group: root
mode: 0644
become: yes
when:
- external_network.vlan != "native"
- external_network.enabled
- name: bring up vlan ifcfg
shell: "ifup vlan{{ external_network.vlan }}"
become: yes
when:
- external_network.vlan != "native"
- external_network.enabled
- name: assign IP to native eth2
shell: ip a a {{ external_network.ip }}/{{ external_network.prefix }} dev eth2
become: yes
when:
- external_network.vlan == "native"
- external_network.enabled
- name: bring up eth2
shell: ip link set up dev eth2
when:
- external_network.vlan == "native"
- external_network.enabled
become: yes
- name: bring up eth0 if aarch64
shell: ip link set up dev eth0
when:
- external_network.vlan == "native"
- external_network.enabled
- aarch64
become: yes
- block:
- name: Undercloud NAT - MASQUERADE interface
iptables:
table: nat
chain: POSTROUTING
out_interface: eth0
jump: MASQUERADE
- name: Undercloud NAT - MASQUERADE interface with subnet
iptables:
table: nat
chain: POSTROUTING
out_interface: eth0
jump: MASQUERADE
source: "{{ nat_cidr }}"
- name: Undercloud NAT - Allow Forwarding
iptables:
chain: FORWARD
in_interface: eth2
jump: ACCEPT
- name: Undercloud NAT - Allow Stateful Forwarding
iptables:
chain: FORWARD
in_interface: eth2
jump: ACCEPT
source: "{{ nat_cidr }}"
ctstate: ESTABLISHED,RELATED
become: yes
when:
- not nat_network_ipv6
- nat
- name: Allow SSH in iptables
iptables:
action: insert
chain: INPUT
rule_num: 1
protocol: tcp
destination_port: 22
jump: ACCEPT
become: yes
- name: Undercloud NAT - Save iptables
shell: service iptables save
become: yes
- name: fetch storage environment file
fetch:
src: /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml
dest: "{{ apex_temp_dir }}/"
flat: yes
- name: fetch sriov environment file
fetch:
src: /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-opendaylight-sriov.yaml
dest: "{{ apex_temp_dir }}/"
flat: yes
- name: Restorecon for root ssh
shell: restorecon -r -v /root/.ssh
become: yes
- include: undercloud_aarch64.yml
when: aarch64
|