summaryrefslogtreecommitdiffstats
path: root/lib/ansible/playbooks/configure_undercloud.yml
blob: 578ab13c8b0ef96e57349d65fdcf677792527e37 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
---
- hosts: all
  tasks:
    - name: Generate SSH key for stack if missing
      shell: test -e ~/.ssh/id_rsa || ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
    - name: Fix ssh key for stack
      shell: restorecon -r /home/stack
      become: yes
    - file:
        path: /home/stack/nics
        state: directory
        owner: stack
        group: stack
        mode: 0775
    - copy:
        src: /root/.ssh/id_rsa.pub
        dest: /home/stack/jumphost_id_rsa.pub
        owner: stack
        group: stack
        mode: 0644
    - copy:
        src: "{{ apex_temp_dir }}/{{ item }}.yaml"
        dest: "/home/stack/nics/{{ item }}.yaml"
        owner: stack
        group: stack
        mode: 0644
      with_items:
        - controller
        - compute
    - lineinfile:
        path: /etc/sudoers
        regexp: 'Defaults\s*requiretty'
        state: absent
      become: yes
    - lineinfile:
        path: /etc/environment
        regexp: '^http_proxy'
        line: "http_proxy={{ http_proxy }}"
      become: yes
      when: http_proxy
    - lineinfile:
        path: /etc/environment
        regexp: '^https_proxy'
        line: "https_proxy={{ https_proxy }}"
      become: yes
      when: https_proxy
    - name: openstack-configs undercloud
      shell: openstack-config --set undercloud.conf DEFAULT {{ item }}
      with_items: "{{ undercloud_config }}"
    - name: Add ironic packages
      yum:
        name: openstack-ironic-api,openstack-ironic-common,
              openstack-ironic-inspector
      become: yes
    - name: openstack-configs ironic
      shell: openstack-config --set /etc/ironic/ironic.conf {{ item }}
      become: yes
      with_items: "{{ ironic_config }}"
    - lineinfile:
        path: /usr/lib/python2.7/site-packages/ironic/common/pxe_utils.py
        regexp: '_link_ip_address_pxe_configs'
        line: '        _link_mac_pxe_configs(task)'
      when: aarch64
    - block:
        - name: undercloud install
          shell: openstack undercloud install --use-heat False &> apex-undercloud-install.log
          become: yes
          become_user: stack
      rescue:
        - name: undercloud install retry
          shell: openstack undercloud install >> apex-undercloud-install.log 2>&1
          become: yes
          become_user: stack
      always:
        - name: fetch undercloud log
          fetch:
            src: /home/stack/apex-undercloud-install.log
            dest: "{{ apex_temp_dir }}/"
            flat: yes
    - name: openstack-configs nova
      shell: openstack-config --set /etc/nova/nova.conf DEFAULT {{ item }}
      become: yes
      with_items: "{{ nova_config }}"
    - name: restart nova services
      service:
        name: "{{ item }}"
        state: restarted
        enabled: yes
      with_items:
        - openstack-nova-conductor
        - openstack-nova-compute
        - openstack-nova-api
        - openstack-nova-scheduler
    - name: openstack-configs neutron
      shell: openstack-config --set /etc/neutron/neutron.conf DEFAULT {{ item }}
      become: yes
      with_items: "{{ neutron_config }}"
    - name: restart neutron services
      service:
        name: "{{ item }}"
        state: restarted
        enabled: yes
      with_items:
        - neutron-server
        - neutron-dhcp-agent
    - name: Configure workaround for mariadb long blob (LP#1768913)
      shell: openstack-config --set /etc/my.cnf.d/galera.cnf mysqld innodb_log_file_size 256M
      become: yes
    - name: restart mariadb service
      service:
        name: mariadb
        state: restarted
        enabled: yes
      become: yes
    - name: configure external network vlan ifcfg
      template:
        src: external_vlan_ifcfg.yml.j2
        dest: "/etc/sysconfig/network-scripts/ifcfg-vlan{{ external_network.vlan }}"
        owner: root
        group: root
        mode: 0644
      become: yes
      when:
        - external_network.vlan != "native"
        - external_network.enabled
    - name: bring up vlan ifcfg
      shell: "ifup vlan{{ external_network.vlan }}"
      become: yes
      when:
        - external_network.vlan != "native"
        - external_network.enabled
    - name: assign IP to native eth2
      shell: ip a a {{ external_network.ip }}/{{ external_network.prefix }} dev eth2
      become: yes
      when:
        - external_network.vlan == "native"
        - external_network.enabled
        - not aarch64
    - name: bring up eth2
      shell: ip link set up dev eth2
      when:
        - external_network.vlan == "native"
        - external_network.enabled
        - not aarch64
      become: yes
    - name: assign IP to native eth0 if aarch64
      shell: ip a a {{ external_network.ip }}/{{ external_network.prefix }} dev eth0
      become: yes
      when:
        - external_network.vlan == "native"
        - external_network.enabled
        - aarch64
    - name: bring up eth0 if aarch64
      shell: ip link set up dev eth0
      when:
        - external_network.vlan == "native"
        - external_network.enabled
        - aarch64
      become: yes
    - block:
        - name: Undercloud NAT - MASQUERADE interface
          iptables:
            table: nat
            chain: POSTROUTING
            out_interface: eth0
            jump: MASQUERADE
        - name: Undercloud NAT - MASQUERADE interface with subnet
          iptables:
            table: nat
            chain: POSTROUTING
            out_interface: eth0
            jump: MASQUERADE
            source: "{{ nat_cidr }}"
        - name: Undercloud NAT - Allow Forwarding
          iptables:
            chain: FORWARD
            in_interface: eth2
            jump: ACCEPT
        - name: Undercloud NAT - Allow Stateful Forwarding
          iptables:
            chain: FORWARD
            in_interface: eth2
            jump: ACCEPT
            source: "{{ nat_cidr }}"
            ctstate: ESTABLISHED,RELATED
        - name: Undercloud NAT - Save iptables
          shell: service iptables save
      become: yes
      when:
        - not nat_network_ipv6
        - nat
    - name: fetch storage environment file
      fetch:
        src: /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml
        dest: "{{ apex_temp_dir }}/"
        flat: yes
    - name: fetch sriov environment file
      fetch:
        src: /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-opendaylight-sriov.yaml
        dest: "{{ apex_temp_dir }}/"
        flat: yes

- include: undercloud_aarch64.yml
  when: aarch64