summaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible/roles
diff options
context:
space:
mode:
authorYifei Xue <xueyifei@huawei.com>2017-12-07 17:08:26 +0800
committerYifei Xue <xueyifei@huawei.com>2017-12-08 09:01:58 +0800
commit3fa627b6048c4aa17b4cf3d641a4ea60465c7cef (patch)
treed1b8aee4968dafbc07bc96ddf5abd8093bbb2a86 /deploy/adapters/ansible/roles
parent51ce441ca60cd115d9e8a932203ccc9d3cebcf82 (diff)
Add CentOS 7.4 support for OpenStack Pike
JIRA: COMPASS-565 After this patch merged, compass can deploy OpenStack Pike on CentOS 7.4. Due to some upstream bugs, we add some fixes in this patch, e.g. add libvirt to os-cinder, remove a useless repo after installing Change-Id: Ibc1e6f1ed103daf2d70a8ae1d7c04f77d1545c41 Signed-off-by: Yifei Xue <xueyifei@huawei.com>
Diffstat (limited to 'deploy/adapters/ansible/roles')
-rw-r--r--deploy/adapters/ansible/roles/config-osa/tasks/fix_rescue.yml43
-rwxr-xr-xdeploy/adapters/ansible/roles/config-osa/tasks/main.yml18
-rw-r--r--deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j22
-rw-r--r--deploy/adapters/ansible/roles/post-osa/tasks/RedHat.yml6
-rw-r--r--deploy/adapters/ansible/roles/setup-host/tasks/Ubuntu.yml51
-rw-r--r--deploy/adapters/ansible/roles/setup-host/tasks/main.yml75
6 files changed, 180 insertions, 15 deletions
diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/fix_rescue.yml b/deploy/adapters/ansible/roles/config-osa/tasks/fix_rescue.yml
new file mode 100644
index 00000000..eea06b48
--- /dev/null
+++ b/deploy/adapters/ansible/roles/config-osa/tasks/fix_rescue.yml
@@ -0,0 +1,43 @@
+---
+
+- name: fix rescue problem for openstack-hosts-setup
+ blockinfile:
+ dest: "/opt/openstack-ansible/playbooks/openstack-hosts-setup.yml"
+ block: |
+ - hosts: localhost
+ user: root
+ tasks:
+ - name: Mark openstack-hosts-setup completed
+ shell: echo "Setup openstack-hosts-setup completed!"
+
+- name: delete max_fail_percentage for openstack-hosts-setup
+ lineinfile:
+ dest: "/opt/openstack-ansible/playbooks/openstack-hosts-setup.yml"
+ regexp: "max_fail_percentage*"
+ state: absent
+
+- name: fix rescue problem for security-hardening
+ blockinfile:
+ dest: "/opt/openstack-ansible/playbooks/security-hardening.yml"
+ block: |
+ - hosts: localhost
+ user: root
+ tasks:
+ - name: Mark security-hardening completed
+ shell: echo "Setup security-hardening completed!"
+
+- name: fix rescue problem for lxc-hosts-setup
+ blockinfile:
+ dest: "/opt/openstack-ansible/playbooks/lxc-hosts-setup.yml"
+ block: |
+ - hosts: localhost
+ user: root
+ tasks:
+ - name: Mark lxc-hosts-setup completed
+ shell: echo "Setup lxc-hosts-setup completed!"
+
+- name: delete max_fail_percentage for lxc-hosts-setup
+ lineinfile:
+ dest: "/opt/openstack-ansible/playbooks/lxc-hosts-setup.yml"
+ regexp: "max_fail_percentage*"
+ state: absent
diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml
index cdf11421..046b25e5 100755
--- a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml
@@ -47,6 +47,22 @@
- offline_deployment is defined and offline_deployment == "Disable"
- hostvars[hostvars[inventory_hostname]['groups']['controller'][0]]['local_mirror'] == 'Ubuntu'
+- name: add libvirt into cinder packages
+ lineinfile:
+ dest: /etc/ansible/roles/os_cinder/vars/redhat-7.yml
+ insertafter: '^ - qemu-img-ev'
+ line: ' - libvirt'
+
+- name: remove CentOS-Base.repo after ceph-osd
+ blockinfile:
+ dest: /etc/ansible/roles/ceph-osd/tasks/start_osds.yml
+ block: |
+ - name: remove empty yum base repo
+ shell: |
+ mv /etc/yum.repos.d/CentOS-Base.repo \
+ /etc/yum.repos.d/CentOS-Base.repo.bak;
+ when: hostvars[hostvars[inventory_hostname]['groups']['controller'][0]]['local_mirror'] == 'CentOS'
+
- name: add mariadb local repository
blockinfile:
dest: /etc/openstack_deploy/user_variables.yml
@@ -284,3 +300,5 @@
dest: /etc/ansible/roles/os_keystone/defaults/main.yml
regexp: '^ - python-ldap'
line: ' - python-ldap==2.5.2'
+
+- include: fix_rescue.yml
diff --git a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2
index a6e69683..88a3233b 100644
--- a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2
+++ b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2
@@ -62,4 +62,4 @@ neutron_provider_networks:
network_mappings: "{{ ','.join(controller_mappings) }}"
{% endif %}
-security_sshd_permit_root_login: no
+security_sshd_permit_root_login: yes
diff --git a/deploy/adapters/ansible/roles/post-osa/tasks/RedHat.yml b/deploy/adapters/ansible/roles/post-osa/tasks/RedHat.yml
index ecfd0680..287fd515 100644
--- a/deploy/adapters/ansible/roles/post-osa/tasks/RedHat.yml
+++ b/deploy/adapters/ansible/roles/post-osa/tasks/RedHat.yml
@@ -14,6 +14,12 @@
dest: /etc/sysconfig/network-scripts/ifcfg-eth0
line: "IPADDR={{ ip_settings[inventory_hostname][\"mgmt\"][\"ip\"] }}"
+- name: remove br-mgmt in ifcfg-eth0
+ lineinfile:
+ dest: /etc/sysconfig/network-scripts/ifcfg-eth0
+ regexp: "^BRIDGE=br-mgmt"
+ state: absent
+
- name: add eth0 netmask
lineinfile:
dest: /etc/sysconfig/network-scripts/ifcfg-eth0
diff --git a/deploy/adapters/ansible/roles/setup-host/tasks/Ubuntu.yml b/deploy/adapters/ansible/roles/setup-host/tasks/Ubuntu.yml
new file mode 100644
index 00000000..00675d9c
--- /dev/null
+++ b/deploy/adapters/ansible/roles/setup-host/tasks/Ubuntu.yml
@@ -0,0 +1,51 @@
+# #############################################################################
+# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+# #############################################################################
+---
+- name: setup hosts
+ shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
+ export ANSIBLE_SCP_IF_SSH=y; \
+ cd /opt/openstack-ansible/playbooks; \
+ openstack-ansible setup-hosts.yml \
+ | tee -a /var/log/osa/host.log > /dev/null"
+
+- name: read the ansible log file
+ shell: cat /var/log/osa/host.log | tail -n 500 | grep failed=1 |awk '{print $1}'
+ register: failed_container
+
+- name: destroy the failed_container
+ shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
+ export ANSIBLE_SCP_IF_SSH=y; \
+ cd /opt/openstack-ansible/playbooks; \
+ openstack-ansible lxc-containers-destroy.yml \
+ -e container_name={{item}} -e force_containers_destroy=yes \
+ -e force_containers_data_destroy=yes > /dev/null;"
+ with_items:
+ - "{{ failed_container.stdout_lines }}"
+ ignore_errors: "True"
+
+- name: retry to setup failed_container
+ shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
+ export ANSIBLE_SCP_IF_SSH=y; \
+ cd /opt/openstack-ansible/playbooks; \
+ openstack-ansible setup-hosts.yml --limit {{item}} \
+ | tee -a /var/log/osa/retry-host.log > /dev/null"
+ with_items:
+ - "{{ failed_container.stdout_lines }}"
+
+- name: read the ansible log file
+ shell: cat /var/log/osa/retry-host.log | tail -n 500
+ register: setup_host_result
+
+- fail:
+ msg: "there are some task failed when setup host."
+ when: setup_host_result.stdout.find('failed=1') != -1
+
+- fail:
+ msg: "some host are unreachable."
+ when: setup_host_result.stdout.find('unreachable=1') != -1
diff --git a/deploy/adapters/ansible/roles/setup-host/tasks/main.yml b/deploy/adapters/ansible/roles/setup-host/tasks/main.yml
index cc943830..4eba3d00 100644
--- a/deploy/adapters/ansible/roles/setup-host/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/setup-host/tasks/main.yml
@@ -1,21 +1,68 @@
# #############################################################################
-# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others.
#
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
# #############################################################################
+
---
-- name: setup hosts
+
+- name: openstack-hosts-setup
shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
export ANSIBLE_SCP_IF_SSH=y; \
cd /opt/openstack-ansible/playbooks; \
- openstack-ansible setup-hosts.yml \
- | tee -a /var/log/osa/host.log > /dev/null"
+ openstack-ansible openstack-hosts-setup.yml \
+ | tee -a /var/log/osa/openstack-hosts-setup.log > /dev/null"
-- name: read the ansible log file
- shell: cat /var/log/osa/host.log | tail -n 500 | grep failed=1 |awk '{print $1}'
+- name: read openstack-hosts-setup.log
+ shell: cat /var/log/osa/openstack-hosts-setup.log | tail -n 1000
+ register: openstack_hosts_setup_result
+
+- fail:
+ msg: "there are some task failed when run openstack-hosts-setup."
+ when: openstack_hosts_setup_result.stdout.find('Mark openstack-hosts-setup completed') == -1
+
+- name: security-hardening
+ shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
+ export ANSIBLE_SCP_IF_SSH=y; \
+ cd /opt/openstack-ansible/playbooks; \
+ openstack-ansible security-hardening.yml \
+ | tee -a /var/log/osa/security-hardening.log > /dev/null"
+
+- name: read security-hardening.log
+ shell: cat /var/log/osa/security-hardening.log | tail -n 1000
+ register: security_hardening_result
+
+- fail:
+ msg: "there are some task failed when run security-hardening."
+ when: security_hardening_result.stdout.find('Mark security-hardening completed') == -1
+
+- name: lxc-hosts-setup
+ shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
+ export ANSIBLE_SCP_IF_SSH=y; \
+ cd /opt/openstack-ansible/playbooks; \
+ openstack-ansible lxc-hosts-setup.yml \
+ | tee -a /var/log/osa/lxc-hosts-setup.log > /dev/null"
+
+- name: read lxc-hosts-setup.log
+ shell: cat /var/log/osa/lxc-hosts-setup.log | tail -n 1000
+ register: lxc_hosts_setup_result
+
+- fail:
+ msg: "there are some task failed when run lxc-hosts-setup."
+ when: lxc_hosts_setup_result.stdout.find('Mark lxc-hosts-setup completed') == -1
+
+- name: lxc-containers-create
+ shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
+ export ANSIBLE_SCP_IF_SSH=y; \
+ cd /opt/openstack-ansible/playbooks; \
+ openstack-ansible lxc-containers-create.yml \
+ | tee -a /var/log/osa/lxc-containers-create.log > /dev/null"
+
+- name: read lxc-containers-create.log
+ shell: cat /var/log/osa/lxc-containers-create.log | tail -n 500 | grep failed=1 |awk '{print $1}'
register: failed_container
- name: destroy the failed_container
@@ -33,19 +80,19 @@
shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
export ANSIBLE_SCP_IF_SSH=y; \
cd /opt/openstack-ansible/playbooks; \
- openstack-ansible setup-hosts.yml --limit {{item}} \
- | tee -a /var/log/osa/retry-host.log > /dev/null"
+ openstack-ansible lxc-containers-create.yml --limit {{item}} \
+ | tee -a /var/log/osa/retry-container.log > /dev/null"
with_items:
- "{{ failed_container.stdout_lines }}"
- name: read the ansible log file
- shell: cat /var/log/osa/retry-host.log | tail -n 500
- register: setup_host_result
+ shell: cat /var/log/osa/retry-container.log | tail -n 500
+ register: retry_container_result
- fail:
- msg: "there are some task failed when setup host."
- when: setup_host_result.stdout.find('failed=1') != -1
+ msg: "there are some tasks failed when create containers."
+ when: retry_container_result.stdout.find('failed=1') != -1
- fail:
- msg: "some host are unreachable."
- when: setup_host_result.stdout.find('unreachable=1') != -1
+ msg: "some containers are unreachable."
+ when: retry_container_result.stdout.find('unreachable=1') != -1