aboutsummaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible/roles/open-contrail/tasks/provision
diff options
context:
space:
mode:
Diffstat (limited to 'deploy/adapters/ansible/roles/open-contrail/tasks/provision')
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/tasks/provision/-node-common.yml20
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/tasks/provision/-rabbitmq-stop.yml30
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/tasks/provision/-redis-setup.yml26
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/tasks/provision/-vrouter-compute-setup.yml95
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-add-nodes.yml39
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-collector.yml98
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-compute.yml175
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-config.yml280
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-control.yml59
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-database.yml190
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-increase-limits.yml52
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-rabbitmq.yml103
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-route.yml42
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-toragent.yml77
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-tsn.yml96
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-webui.yml63
16 files changed, 1445 insertions, 0 deletions
diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-node-common.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-node-common.yml
new file mode 100755
index 00000000..f16a8500
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-node-common.yml
@@ -0,0 +1,20 @@
+---
+- name: "disable ufw"
+ ufw:
+ state: "disabled"
+
+- name: "change value of kernel.core_pattern"
+ sysctl:
+ name: "kernel.core_pattern"
+ value: "/var/crashes/core.%e.%p.%h.%t"
+
+- name: "change value of net.ipv4.ip_forward"
+ sysctl:
+ name: "net.ipv4.ip_forward"
+ value: "1"
+
+- name: "make crashes directory"
+ file:
+ path: "/var/crashes"
+ state: "directory"
+ mode: 0777
diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-rabbitmq-stop.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-rabbitmq-stop.yml
new file mode 100755
index 00000000..ec6b2fe0
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-rabbitmq-stop.yml
@@ -0,0 +1,30 @@
+---
+- name: 'stop rabbitmq server'
+ service:
+ name: 'rabbitmq-server'
+ state: 'stopped'
+
+- name: 'check beam process'
+ shell: 'ps ax | grep -v grep | grep beam'
+ register: beam_process
+ changed_when: no
+ ignore_errors: yes
+
+- name: 'kill beam processes'
+ shell: 'pkill -9 beam'
+ when: beam_process.stdout
+
+- name: 'check epmd process'
+ shell: 'ps ax | grep -v grep | grep epmd'
+ register: epmd_process
+ changed_when: no
+ ignore_errors: yes
+
+- name: 'kill epmd processes'
+ shell: 'pkill -9 epmd'
+ when: epmd_process.stdout
+
+- name: 'remove mnesia directory'
+ file:
+ name: '/var/lib/rabbitmq/mnesia'
+ state: 'absent'
diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-redis-setup.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-redis-setup.yml
new file mode 100755
index 00000000..d7776af2
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-redis-setup.yml
@@ -0,0 +1,26 @@
+---
+- name: "stop redis server"
+ service:
+ name: "redis-server"
+ state: "stopped"
+
+- name: "modify redis server configuration"
+ replace:
+ dest: "/etc/redis/redis.conf"
+ regexp: "{{ item.regexp }}"
+ replace: "{{ item.replace }}"
+ with_items:
+ - { regexp: "^\\s*bind", replace: "#bind" }
+ - { regexp: "^\\s*save", replace: "#save" }
+ - { regexp: "^\\s*dbfilename", replace: "#dbfilename" }
+ - { regexp: "^\\s*lua-time-limit\\s*\\d*", replace: "lua-time-limit 15000" }
+
+- name: "delete redis dump"
+ file:
+ dest: "/var/lib/redis/dump.rdb"
+ state: "absent"
+
+- name: "start redis server"
+ service:
+ name: "redis-server"
+ state: "started"
diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-vrouter-compute-setup.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-vrouter-compute-setup.yml
new file mode 100755
index 00000000..77ee20e3
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-vrouter-compute-setup.yml
@@ -0,0 +1,95 @@
+---
+- name: "change owner nova log directory"
+ file:
+ dest: "/var/log/nova"
+ state: "directory"
+ owner: "nova"
+ group: "nova"
+ recurse: yes
+
+- name: "delete values from nova config"
+ ini_file:
+ dest: "/etc/nova/nova.conf"
+ section: "{{ item.section }}"
+ option: "{{ item.option }}"
+ with_items:
+ - { section: "DEFAULT", option: "sql_connection" }
+ - { section: "DEFAULT", option: "quantum_admin_tenant_name" }
+ - { section: "DEFAULT", option: "quantum_admin_username" }
+ - { section: "DEFAULT", option: "quantum_admin_password" }
+ - { section: "DEFAULT", option: "quantum_admin_auth_url" }
+ - { section: "DEFAULT", option: "quantum_auth_strategy" }
+ - { section: "DEFAULT", option: "quantum_url" }
+
+- name: "set values to nova config"
+ ini_file:
+ dest: "/etc/nova/nova.conf"
+ section: "{{ item.section }}"
+ option: "{{ item.option }}"
+ value: "{{ item.value }}"
+ with_items:
+ - { section: "DEFAULT", option: "auth_strategy", value: "keystone" }
+ - { section: "DEFAULT", option: "libvirt_nonblocking", value: "True" }
+ - { section: "DEFAULT", option: "libvirt_inject_partition", value: "-1" }
+ - { section: "DEFAULT", option: "rabbit_host", value: "{{ hostvars[groups['config'][0]]['contrail_address'] }}" }
+ - { section: "DEFAULT", option: "rabbit_port", value: "5672" }
+ - { section: "DEFAULT", option: "glance_host", value: "{{ hostvars[groups['openstack'][0]]['contrail_address'] }}" }
+ - { section: "DEFAULT", option: "glance_port", value: "9292" }
+ - { section: "DEFAULT", option: "neutron_admin_tenant_name", value: "service" }
+ - { section: "DEFAULT", option: "neutron_admin_username", value: "neutron" }
+ - { section: "DEFAULT", option: "neutron_admin_password", value: "{{ contrail_admin_password }}" }
+ - { section: "DEFAULT", option: "neutron_admin_auth_url", value: "http://{{ hostvars[groups['openstack'][0]]['contrail_address'] }}:35357/v2.0/" }
+ - { section: "DEFAULT", option: "neutron_url", value: "http://{{ hostvars[groups['config'][0]]['contrail_address'] }}:9696/" }
+ - { section: "DEFAULT", option: "neutron_url_timeout", value: "300" }
+ - { section: "DEFAULT", option: "network_api_class", value: "nova.network.neutronv2.api.API" }
+ - { section: "DEFAULT", option: "compute_driver", value: "libvirt.LibvirtDriver" }
+ - { section: "DEFAULT", option: "network_api_class", value: " nova_contrail_vif.contrailvif.ContrailNetworkAPI" }
+ - { section: "DEFAULT", option: "ec2_private_dns_show_ip", value: "False" }
+ - { section: "DEFAULT", option: "novncproxy_base_url", value: "http://{{ hostvars[groups['openstack'][0]]['contrail_mgmt_address'] }}:5999/vnc_auto.html" }
+ - { section: "DEFAULT", option: "vncserver_enabled", value: "True" }
+ - { section: "DEFAULT", option: "vncserver_listen", value: "{{ contrail_address }}" }
+ - { section: "DEFAULT", option: "vncserver_proxyclient_address", value: "{{ contrail_address }}" }
+ - { section: "DEFAULT", option: "security_group_api", value: "neutron" }
+ - { section: "DEFAULT", option: "heal_instance_info_cache_interval", value: "0" }
+ - { section: "DEFAULT", option: "image_cache_manager_interval", value: "0" }
+ - { section: "DEFAULT", option: "libvirt_cpu_mode", value: "none" }
+ - { section: "DEFAULT", option: "libvirt_vif_driver", value: "nova_contrail_vif.contrailvif.VRouterVIFDriver" }
+ - { section: "database", option: "connection", value: "mysql://nova:nova@{{ hostvars[groups['openstack'][0]]['contrail_address'] }}/nova?charset=utf8" }
+ - { section: "database", option: "idle_timeout", value: "180" }
+ - { section: "database", option: "max_retries", value: "-1" }
+ - { section: "keystone_authtoken", option: "admin_tenant_name", value: "service" }
+ - { section: "keystone_authtoken", option: "admin_user", value: "nova" }
+ - { section: "keystone_authtoken", option: "admin_password", value: "{{ contrail_admin_password }}" }
+ - { section: "keystone_authtoken", option: "auth_protocol", value: "http" }
+ - { section: "keystone_authtoken", option: "auth_host", value: "{{ hostvars[groups['openstack'][0]]['contrail_address'] }}" }
+ - { section: "keystone_authtoken", option: "signing_dir", value: "/tmp/keystone-signing-nova" }
+
+- name: "change database address if same node as first openstack node"
+ ini_file:
+ dest: "/etc/nova/nova.conf"
+ section: "database"
+ option: "connection"
+ value: "mysql://nova:nova@127.0.0.1/nova?charset=utf8"
+ when: groups['openstack'][0] == inventory_hostname
+
+- name: "add respawn to nova compute config"
+ lineinfile:
+ dest: "/etc/init/nova-compute.conf"
+ line: "respawn"
+ insertbefore: "pre-start script"
+
+- name: "add respawn limit to nova compute config"
+ lineinfile:
+ dest: "/etc/init/nova-compute.conf"
+ line: "respawn limit 10 90"
+ insertafter: "respawn"
+
+- name: "restart nova compute"
+ service:
+ name: "nova-compute"
+ state: "restarted"
+
+- name: "delete nova sqlite database"
+ file:
+ dest: "/var/lib/nova/nova.sqlite"
+ state: "absent"
diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-add-nodes.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-add-nodes.yml
new file mode 100755
index 00000000..8245c046
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-add-nodes.yml
@@ -0,0 +1,39 @@
+---
+- hosts: config
+ sudo: yes
+ tasks:
+ - name: "provision config node"
+ shell: "python /opt/contrail/utils/provision_config_node.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}"
+
+- hosts: database
+ sudo: yes
+ tasks:
+ - name: "provision database node"
+ shell: "python /opt/contrail/utils/provision_database_node.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}"
+
+- hosts: collector
+ sudo: yes
+ tasks:
+ - name: "provision collector node"
+ shell: "python /opt/contrail/utils/provision_analytics_node.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}"
+
+- hosts: control
+ sudo: yes
+ tasks:
+ - name: "provision control node"
+ shell: "python /opt/contrail/utils/provision_control.py --api_server_ip {{ contrail_haproxy_address }} --api_server_port 8082 --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }} --router_asn {{ contrail_router_asn }}"
+
+- hosts: config
+ sudo: yes
+ tasks:
+ - name: "provision metadata services"
+ shell: "python /opt/contrail/utils/provision_linklocal.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --ipfabric_service_ip 10.84.50.1 --ipfabric_service_port 8775 --linklocal_service_name metadata --linklocal_service_ip 169.254.169.254 --linklocal_service_port 80"
+ run_once: yes
+
+
+- hosts: config
+ sudo: yes
+ tasks:
+ - name: "provision encap"
+ shell: "python /opt/contrail/utils/provision_encap.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --oper add --encap_priority MPLSoUDP,MPLSoGRE,VXLAN"
+ run_once: yes
diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-collector.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-collector.yml
new file mode 100755
index 00000000..5dd72d77
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-collector.yml
@@ -0,0 +1,98 @@
+---
+#- hosts: collector
+# sudo: yes
+# tasks:
+
+- name: "enable supervisor analytics"
+ file:
+ path: "/etc/init/supervisor-analytics.override"
+ state: "absent"
+
+
+- name: "redis-setup"
+ include: -redis-setup.yml
+
+
+- name: "node-common"
+ include: -node-common.yml
+
+
+- name: "fix up contrail collector config"
+ template:
+ src: "provision/contrail-collector-conf.j2"
+ dest: "/etc/contrail/contrail-collector.conf"
+
+
+- name: "fix up contrail query engine config"
+ template:
+ src: "provision/contrail-query-engine-conf.j2"
+ dest: "/etc/contrail/contrail-query-engine.conf"
+
+
+- name: "fix up contrail analytics api config"
+ template:
+ src: "provision/contrail-analytics-api-conf.j2"
+ dest: "/etc/contrail/contrail-analytics-api.conf"
+
+
+- name: "modify contrail analytics nodemgr config"
+ ini_file:
+ dest: "/etc/contrail/contrail-analytics-nodemgr.conf"
+ section: "DISCOVERY"
+ option: "server"
+ value: "{{ contrail_haproxy_address }}"
+
+
+- name: "fix up contrail keystone auth config"
+ template:
+ src: "provision/contrail-keystone-auth-conf.j2"
+ dest: "/etc/contrail/contrail-keystone-auth.conf"
+ force: no
+
+
+- name: "delete contrail alarm gen supervisord config file"
+ file:
+ dest: "/etc/contrail/supervisord_analytics_files/contrail-alarm-gen.ini"
+ state: "absent"
+
+
+- name: "modify contrail snmp collector config file"
+ ini_file:
+ dest: "/etc/contrail/contrail-snmp-collector.conf"
+ section: "{{ item.section }}"
+ option: "{{ item.option }}"
+ value: "{{ item.value }}"
+ with_items:
+ - { section: "DEFAULTS", option: "zookeeper", value: "{{ contrail_address }}:2128" }
+ - { section: "DISCOVERY", option: "disc_server_ip", value: "{{ contrail_haproxy_address }}" }
+ - { section: "DISCOVERY", option: "disc_server_port", value: "5998" }
+
+
+- name: "modify contrail snmp collector ini file"
+ ini_file:
+ dest: "/etc/contrail/supervisord_analytics_files/contrail-snmp-collector.ini"
+ section: "program:contrail-snmp-collector"
+ option: "command"
+ value: "/usr/bin/contrail-snmp-collector --conf_file /etc/contrail/contrail-snmp-collector.conf --conf_file /etc/contrail/contrail-keystone-auth.conf"
+
+
+- name: "modify contrail topology config file"
+ ini_file:
+ dest: "/etc/contrail/contrail-topology.conf"
+ section: "DEFAULTS"
+ option: "zookeeper"
+ value: "{{ contrail_address }}"
+
+
+- name: "modify contrail topology ini file"
+ ini_file:
+ dest: "/etc/contrail/supervisord_analytics_files/contrail-topology.ini"
+ section: "program:contrail-topology"
+ option: "command"
+ value: "/usr/bin/contrail-topology --conf_file /etc/contrail/contrail-topology.conf"
+
+
+- name: "restart supervisor analytics"
+ service:
+ name: "supervisor-analytics"
+ state: "restarted"
diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-compute.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-compute.yml
new file mode 100755
index 00000000..41ea5c25
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-compute.yml
@@ -0,0 +1,175 @@
+---
+#- hosts: compute
+# sudo: yes
+# tasks:
+- name: "enable supervisor vrouter"
+ file:
+ path: "/etc/init/supervisor-vrouter.override"
+ state: "absent"
+
+- include: -node-common.yml
+
+- name: "check cgroup device acl in qemu conf"
+ shell: "grep -q '^\\s*cgroup_device_acl' /etc/libvirt/qemu.conf"
+ register: deviceacl
+ ignore_errors: yes
+ changed_when: no
+
+- name: "create cgroup device acl for qemu conf"
+ template:
+ src: "provision/qemu-device-acl-conf.j2"
+ dest: "/tmp/qemu-device-acl.conf"
+ when: deviceacl | failed
+
+- name: "combination of the qemu configuration"
+ shell: "cat /tmp/qemu-device-acl.conf >> /etc/libvirt/qemu.conf"
+ when: deviceacl | failed
+
+- name: "delete temporary configuration file"
+ file:
+ dest: "/tmp/qemu-device-acl.conf"
+ state: "absent"
+ when: deviceacl | failed
+
+- name: "fix up vrouter nodemgr param"
+ template:
+ src: "provision/vrouter-nodemgr-param.j2"
+ dest: "/etc/contrail/vrouter_nodemgr_param"
+
+- name: "set contrail device name for ansible"
+ set_fact:
+ contrail_ansible_device: "ansible_{{ contrail_device }}"
+
+- name: "fix up default pmac"
+ template:
+ src: "provision/default-pmac.j2"
+ dest: "/etc/contrail/default_pmac"
+
+- name: "copy agent param config from template"
+ shell: "cp /etc/contrail/agent_param.tmpl /etc/contrail/agent_param"
+
+- name: "modify agent param config"
+ lineinfile:
+ dest: "/etc/contrail/agent_param"
+ regexp: "dev=__DEVICE__"
+ line: "dev={{ contrail_device }}"
+
+- name: "fix up contrail vrouter agent config"
+ template:
+ src: "provision/contrail-vrouter-agent-conf.j2"
+ dest: "/etc/contrail/contrail-vrouter-agent.conf"
+
+- name: "delete lines for contrail interface"
+ shell: "{{ item }}"
+ with_items:
+ - "sed -e '/auto {{ contrail_device }}/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top"
+ - "sed -n -e '/auto {{ contrail_device }}/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom"
+ - "sed -i -e '/auto {{ contrail_device }}/d' /tmp/contrail-interfaces-bottom"
+ - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom"
+ - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces"
+
+- name: "delete lines for vrouter interface"
+ shell: "{{ item }}"
+ with_items:
+ - "sed -e '/auto vhost0/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top"
+ - "sed -n -e '/auto vhost0/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom"
+ - "sed -i -e '/auto vhost0/d' /tmp/contrail-interfaces-bottom"
+ - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom"
+ - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces"
+
+- name: "configure interface"
+ lineinfile:
+ dest: "/etc/network/interfaces"
+ line: "{{ item }}"
+ state: "present"
+ with_items:
+ - "auto {{ contrail_device }}"
+ - "iface {{ contrail_device }} inet manual"
+ - "\tpre-up ifconfig {{ contrail_device }} up"
+ - "\tpost-down ifconfig {{ contrail_device }} down"
+ - "auto vhost0"
+ - "iface vhost0 inet static"
+ - "\tpre-up /opt/contrail/bin/if-vhost0"
+ - "\tnetwork_name application"
+ - "\taddress {{ contrail_address }}"
+ - "\tnetmask {{ contrail_netmask }}"
+
+- name: "delete temporary files"
+ file:
+ dest: "{{ item }}"
+ state: "absent"
+ with_items:
+ - "/tmp/contrail-interfaces-top"
+ - "/tmp/contrail-interfaces-bottom"
+
+- name: "fix up contrail vrouter nodemgr config"
+ ini_file:
+ dest: "/etc/contrail/contrail-vrouter-nodemgr.conf"
+ section: "DISCOVERY"
+ option: "server"
+ value: "{{ contrail_haproxy_address }}"
+
+- name: "restart libvirt bin"
+ service:
+ name: "libvirt-bin"
+ state: "restarted"
+
+#- name: "set value of nova to nova config"
+# template:
+# src: "provision/nova.j2"
+# dest: "/etc/nova/nova.conf"
+# when: install_nova
+
+#- name: "delete values from nova config"
+# ini_file:
+# dest: "/etc/nova/nova.conf"
+# section: "{{ item.section }}"
+# option: "{{ item.option }}"
+# with_items:
+# - { section: "DEFAULT", option: "quantum_auth_strategy" }
+# - { section: "DEFAULT", option: "quantum_admin_auth_url" }
+# - { section: "DEFAULT", option: "quantum_admin_tenant_name" }
+# - { section: "DEFAULT", option: "quantum_admin_username" }
+# - { section: "DEFAULT", option: "quantum_admin_password" }
+# - { section: "DEFAULT", option: "quantum_url" }
+
+#- name: "set values of neutron to nova config"
+# ini_file:
+# dest: "/etc/nova/nova.conf"
+# section: "{{ item.section }}"
+# option: "{{ item.option }}"
+# value: "{{ item.value }}"
+# state: "present"
+# with_items:
+# - { section: "DEFAULT", option: "neutron_admin_auth_url", value: "http://{{ contrail_keystone_address }}:5000/v2.0" }
+# - { section: "DEFAULT", option: "neutron_admin_username", value: "neutron" }
+# - { section: "DEFAULT", option: "neutron_admin_password", value: "{{ contrail_admin_password }}" }
+# - { section: "DEFAULT", option: "neutron_admin_tenant_name", value: "service" }
+# - { section: "DEFAULT", option: "neutron_url", value: "http://{{ contrail_haproxy_address }}:9696/" }
+# - { section: "DEFAULT", option: "neutron_url_timeout", value: "300" }
+# - { section: "DEFAULT", option: "network_api_class", value: "nova.network.neutronv2.api.API" }
+# - { section: "DEFAULT", option: "libvirt_vif_driver", value: "nova_contrail_vif.contrailvif.VRouterVIFDriver" }
+
+#- name: "restart nova compute"
+# service:
+# name: "nova-compute"
+# state: "restarted"
+
+#- name: "add vrouter to contrail"
+# shell: "python /opt/contrail/utils/provision_vrouter.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}"
+#
+#- name: "reboot Server"
+# shell: "shutdown -r now"
+# async: 0
+# poll: 0
+# ignore_errors: true
+# notify: Wait for server to come back
+#
+#handlers:
+#- name: "Wait for server to come back"
+# local_action:
+# module: wait_for
+# host={{ inventory_hostname }}
+# port=22
+# delay=30
+# timeout=600
diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-config.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-config.yml
new file mode 100755
index 00000000..8aa8f43b
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-config.yml
@@ -0,0 +1,280 @@
+---
+#- hosts: config
+# sudo: yes
+# tasks:
+- name: "enable supervisor config"
+ file:
+ path: "/etc/init/supervisor-config.override"
+ state: "absent"
+
+- name: "enable neutron server"
+ file:
+ path: "/etc/init/neutron-server.override"
+ state: "absent"
+
+# Compass is using this
+#- name: "enable haproxy"
+# replace:
+# dest: "/etc/default/haproxy"
+# regexp: "^ENABLED\\s*=.*$"
+# replace: "ENABLED=1"
+
+# Compass is using this
+#- name: "modify haproxy global configuration"
+# lineinfile:
+# dest: "/etc/haproxy/haproxy.cfg"
+# regexp: "{{ item.regexp }}"
+# line: "{{ item.line }}"
+# insertafter: "^global"
+# with_items:
+# - { regexp: "^\\s*tune.bufsize", line: "\ttune.bufsize 16384" }
+# - { regexp: "^\\s*tune.maxrewrite", line: "\ttune.maxrewrite 1024" }
+
+- name: "delete haproxy configuration for contrail"
+ shell: "sed -i -e '/^#contrail-marker-start/,/^#contrail-marker-end/d' /etc/haproxy/haproxy.cfg"
+
+- name: "create haproxy configuration for contrail"
+ template:
+ src: "provision/haproxy-contrail-cfg.j2"
+ dest: "/tmp/haproxy-contrail.cfg"
+
+- name: "combination of the haproxy configuration"
+ shell: "cat /tmp/haproxy-contrail.cfg >> /etc/haproxy/haproxy.cfg"
+
+- name: "delete temporary configuration file"
+ file:
+ dest: "/tmp/haproxy-contrail.cfg"
+ state: "absent"
+
+- name: "restart haproxy"
+ service:
+ name: "haproxy"
+ state: "restarted"
+
+# Compass is using this
+#- name: "create keepalived configuration"
+# template:
+# src: "provision/keepalived-conf.j2"
+# dest: "/etc/keepalived/keepalived.conf"
+# with_indexed_items: groups['opencontrail_config']
+# when: contrail_keepalived and item.1 == inventory_hostname
+
+#- name: "restart keepalived"
+# service:
+# name: "keepalived"
+# state: "restarted"
+# when: contrail_keepalived
+
+- name: "node-common"
+ include: -node-common.yml
+
+- name: "fix up contrail keystone auth config"
+ template:
+ src: "provision/contrail-keystone-auth-conf.j2"
+ dest: "/etc/contrail/contrail-keystone-auth.conf"
+
+- name: "fix up ifmap server log4j properties"
+ template:
+ src: "provision/ifmap-log4j-properties.j2"
+ dest: "/etc/ifmap-server/log4j.properties"
+
+- name: "fix up ifmap server authorization properties"
+ template:
+ src: "provision/ifmap-authorization-properties.j2"
+ dest: "/etc/ifmap-server/authorization.properties"
+
+- name: "fix up ifmap server basicauthusers properties"
+ template:
+ src: "provision/ifmap-basicauthusers-properties.j2"
+ dest: "/etc/ifmap-server/basicauthusers.properties"
+
+- name: "fix up ifmap server publisher properties"
+ template:
+ src: "provision/ifmap-publisher-properties.j2"
+ dest: "/etc/ifmap-server/publisher.properties"
+
+- name: "fix up contrail api config"
+ template:
+ src: "provision/contrail-api-conf.j2"
+ dest: "/etc/contrail/contrail-api.conf"
+
+- name: "fix up contrail api supervisord config"
+ template:
+ src: "provision/contrail-api-supervisord-conf.j2"
+ dest: "/etc/contrail/supervisord_config_files/contrail-api.ini"
+
+- name: "modify contrail api init script"
+ lineinfile:
+ dest: "/etc/init.d/contrail-api"
+ regexp: "supervisorctl -s unix:///tmp/supervisord_config.sock"
+ line: "supervisorctl -s unix:///tmp/supervisord_config.sock ${1} `basename ${0}:0`"
+
+- name: "fix up contrail schema config"
+ template:
+ src: "provision/contrail-schema-conf.j2"
+ dest: "/etc/contrail/contrail-schema.conf"
+
+- name: "fix up contrail device manager config"
+ template:
+ src: "provision/contrail-device-manager-conf.j2"
+ dest: "/etc/contrail/contrail-device-manager.conf"
+
+- name: "fix up contrail svc monitor config"
+ template:
+ src: "provision/contrail-svc-monitor-conf.j2"
+ dest: "/etc/contrail/contrail-svc-monitor.conf"
+
+- name: "fix up contrail discovery supervisord config"
+ template:
+ src: "provision/contrail-discovery-supervisord-conf.j2"
+ dest: "/etc/contrail/supervisord_config_files/contrail-discovery.ini"
+
+- name: "fix up contrail discovery config"
+ template:
+ src: "provision/contrail-discovery-conf.j2"
+ dest: "/etc/contrail/contrail-discovery.conf"
+
+- name: "modify contrail discovery init script"
+ lineinfile:
+ dest: "/etc/init.d/contrail-discovery"
+ regexp: "supervisorctl -s unix:///tmp/supervisord_config.sock"
+ line: "supervisorctl -s unix:///tmp/supervisord_config.sock ${1} `basename ${0}:0`"
+
+- name: "fix up contrail vnc api library config"
+ template:
+ src: "provision/contrail-vnc-api-lib-ini.j2"
+ dest: "/etc/contrail/vnc_api_lib.ini"
+
+- name: "fix up contrail config nodemgr config"
+ ini_file:
+ dest: "/etc/contrail/contrail-config-nodemgr.conf"
+ section: "DISCOVERY"
+ option: "server"
+ value: "{{ contrail_haproxy_address }}"
+
+- name: "fix up contrail sudoers"
+ template:
+ src: "provision/contrail-sudoers.j2"
+ dest: "/etc/sudoers.d/contrail_sudoers"
+ mode: 0440
+
+- name: "create directory for neutron plugins"
+ file:
+ dest: "/etc/neutron/plugins/opencontrail"
+ state: "directory"
+
+- name: "fix up contrail plugin for nuetron"
+ template:
+ src: "provision/neutron-contrail-plugin-ini.j2"
+ dest: "/etc/neutron/plugins/opencontrail/ContrailPlugin.ini"
+
+- name: "modify neutron server configuration"
+ lineinfile:
+ dest: "/etc/default/neutron-server"
+ regexp: "NEUTRON_PLUGIN_CONFIG="
+ line: "NEUTRON_PLUGIN_CONFIG=\"/etc/neutron/plugins/opencontrail/ContrailPlugin.ini\""
+
+#- name: "change owner neutron log directory"
+# file:
+# dest: "/var/log/neutron"
+# state: "directory"
+# owner: "neutron"
+# group: "neutron"
+# recurse: yes
+
+#- name: "set values to neutron config"
+# ini_file:
+# dest: "/etc/neutron/neutron.conf"
+# section: "{{ item.section }}"
+# option: "{{ item.option }}"
+# value: "{{ item.value }}"
+# with_items:
+# - { section: "DEFAULT", option: "bind_port", value: "9697" }
+# - { section: "DEFAULT", option: "auth_strategy", value: "keystone" }
+# - { section: "DEFAULT", option: "allow_overlapping_ips", value: "True" }
+# - { section: "DEFAULT", option: "core_plugin", value: "neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2" }
+# - { section: "DEFAULT", option: "api_extensions_path", value: "extensions:/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/extensions" }
+# - { section: "DEFAULT", option: "rabbit_host", value: "{{ contrail_haproxy_address }}" }
+# - { section: "DEFAULT", option: "rabbit_port", value: "5673" }
+# - { section: "DEFAULT", option: "service_plugins", value: "neutron_plugin_contrail.plugins.opencontrail.loadbalancer.plugin.LoadBalancerPlugin" }
+# - { section: "service_providers", option: "service_provider", value: "LOADBALANCER:Opencontrail:neutron_plugin_contrail.plugins.opencontrail.loadbalancer.driver.OpencontrailLoadbalancerDriver:default" }
+# - { section: "quotas", option: "quota_driver", value: "neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver" }
+# - { section: "quotas", option: "quota_network", value: "-1" }
+# - { section: "quotas", option: "quota_subnet", value: "-1" }
+# - { section: "quotas", option: "quota_port", value: "-1" }
+# - { section: "keystone_authtoken", option: "admin_tenant_name", value: "admin" }
+# - { section: "keystone_authtoken", option: "admin_user", value: "{{ contrail_admin_user }}" }
+# - { section: "keystone_authtoken", option: "admin_password", value: "{{ contrail_admin_password }}" }
+# - { section: "keystone_authtoken", option: "auth_host", value: "{{ contrail_keystone_address }}" }
+# - { section: "keystone_authtoken", option: "auth_protocol", value: "http" }
+
+#- name: "add respawn to neutron server config"
+# lineinfile:
+# dest: "/etc/init/neutron-server.conf"
+# line: "respawn"
+# insertbefore: "pre-start script"
+
+#- name: "add respawn limit to neutron server config"
+# lineinfile:
+# dest: "/etc/init/neutron-server.conf"
+# line: "respawn limit 10 90"
+# insertafter: "respawn"
+
+- name: "restart supervisor config"
+ service:
+ name: "supervisor-config"
+ state: "restarted"
+
+
+#- name: "restart neutron-server"
+# service:
+# name: "neutron-server"
+# state: "restarted"
+
+# Compass configured
+#- name: "add neutron service"
+# shell: "keystone service-get 'neutron' || keystone service-create --name 'neutron' --type 'network' --description 'Neutron Network Service'"
+# environment:
+# OS_AUTH_URL: "http://{{ contrail_keystone_address }}:35357/v2.0"
+# OS_USERNAME: "{{ contrail_admin_user }}"
+# OS_PASSWORD: "{{ contrail_admin_password }}"
+# OS_TENANT_NAME: "admin"
+# run_once: yes
+# when: keystone_provision
+#
+#
+# Compass configured
+#- name: "add neutron endpoint"
+# shell: "keystone endpoint-list | grep -q $(keystone service-get 'neutron' | grep '| *id *|' | awk '{print $4}') || keystone endpoint-create --region 'RegionOne' --service 'neutron' --publicurl 'http://{{ contrail_haproxy_address }}:9696' --internal 'http://{{ contrail_haproxy_address }}:9696' --adminurl 'http://{{ contrail_haproxy_address }}:9696'"
+# environment:
+# OS_AUTH_URL: "http://{{ contrail_keystone_address }}:35357/v2.0"
+# OS_USERNAME: "{{ contrail_admin_user }}"
+# OS_PASSWORD: "{{ contrail_admin_password }}"
+# OS_TENANT_NAME: "admin"
+# run_once: yes
+# when: keystone_provision
+#
+#- name: "add neutron user"
+# keystone_user:
+# user: "neutron"
+# password: "{{ contrail_admin_password }}"
+# email: "neutron@example.com"
+# tenant: "service"
+# endpoint: "http://{{ contrail_keystone_address }}:35357/v2.0"
+# login_user: "{{ contrail_admin_user }}"
+# login_password: "{{ contrail_admin_password }}"
+# login_tenant_name: "admin"
+# run_once: yes
+# when: keystone_provision
+#
+#- name: "apply role to user"
+# keystone_user:
+# tenant: "service"
+# user: "neutron"
+# role: "admin"
+# endpoint: "http://{{ contrail_keystone_address }}:35357/v2.0"
+# login_user: "{{ contrail_admin_user }}"
+# login_password: "{{ contrail_admin_password }}"
+# login_tenant_name: "admin"
+# run_once: yes
+# when: keystone_provision
diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-control.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-control.yml
new file mode 100755
index 00000000..e36d8f22
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-control.yml
@@ -0,0 +1,59 @@
+---
+#- hosts: control
+# sudo: yes
+# tasks:
+- name: "enable supervisor control"
+ file:
+ path: "/etc/init/supervisor-control.override"
+ state: "absent"
+
+- name: "enable supervisor dns"
+ file:
+ path: "/etc/init/supervisor-dns.override"
+ state: "absent"
+
+- name: "modify ifmap server basicauthusers properties for control"
+ lineinfile:
+ dest: "/etc/ifmap-server/basicauthusers.properties"
+ line: "{{ hostvars[item]['contrail_address' ] }}:{{ hostvars[item]['contrail_address' ] }}"
+ with_items: groups['opencontrail_control']
+
+- name: "modify ifmap server basicauthusers properties for dns"
+ lineinfile:
+ dest: "/etc/ifmap-server/basicauthusers.properties"
+ line: "{{ hostvars[item]['contrail_address' ] }}.dns:{{ hostvars[item]['contrail_address' ] }}.dns"
+ with_items: groups['opencontrail_control']
+
+- name: "node-common"
+ include: -node-common.yml
+
+- name: "fix up contrail control config"
+ template:
+ src: "provision/contrail-control-conf.j2"
+ dest: "/etc/contrail/contrail-control.conf"
+
+- name: "fix up contrail dns config"
+ template:
+ src: "provision/contrail-dns-conf.j2"
+ dest: "/etc/contrail/contrail-dns.conf"
+
+- name: "fix up contrail control nodemgr config"
+ ini_file:
+ dest: "/etc/contrail/contrail-control-nodemgr.conf"
+ section: "DISCOVERY"
+ option: "server"
+ value: "{{ contrail_haproxy_address }}"
+
+- name: "modify dns configuration"
+ replace:
+ dest: "/etc/contrail/dns/{{ item }}"
+ regexp: "secret \"secret123\""
+ replace: "secret \"xvysmOR8lnUQRBcunkC6vg==\""
+ with_items:
+ - "contrail-rndc.conf"
+ - "contrail-named.conf"
+
+- name: "restart supervisor control"
+ service:
+ name: "supervisor-control"
+ state: "restarted"
diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-database.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-database.yml
new file mode 100755
index 00000000..6807d7d4
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-database.yml
@@ -0,0 +1,190 @@
+---
+#- hosts: database
+# sudo: yes
+# tasks:
+
+
+- name: "enable supervisor database"
+# sudo: True
+ file:
+ path: "/etc/init/supervisor-database.override"
+ state: "absent"
+
+
+- name: "-node-common"
+# sudo: True
+ include: -node-common.yml
+
+
+- name: "update hosts"
+# sudo: True
+ lineinfile:
+ dest: "/etc/hosts"
+ regexp: "^{{ contrail_address }}\t{{ ansible_hostname }}( .*)?$"
+ line: "{{ contrail_address }}\t{{ ansible_hostname }}\\1"
+ backrefs: yes
+
+
+- name: "make directory for contrail analytics"
+# sudo: True
+ file:
+ path: "/var/lib/cassandra/data/ContrailAnalytics"
+ state: "directory"
+
+
+- name: "modify cassandra conf"
+# sudo: True
+ lineinfile:
+ dest: "/etc/cassandra/cassandra.yaml"
+ regexp: "{{ item.regexp }}"
+ line: "{{ item.line }}"
+ with_items:
+ - { regexp: "^(#(\\s*)?)?listen_address:", line: "listen_address: {{ contrail_address }}"}
+ - { regexp: "^(#(\\s*)?)?cluster_name:", line: "cluster_name: \"Contrail\"" }
+ - { regexp: "^(#(\\s*)?)?rpc_address:", line: "rpc_address: {{ contrail_address }}" }
+ - { regexp: "^(#(\\s*)?)?num_tokens:", line: "num_tokens: 256" }
+ - { regexp: "^(#(\\s*)?)?initial_token:", line: "# initial_token:" }
+
+
+- name: "set first database host seed"
+# sudo: True
+ set_fact:
+ dbseeds: "{{ hostvars[item.1]['contrail_address'] }}"
+ with_indexed_items: groups['database']
+ when: item.0 == 0
+
+
+- name: "set second database host seed"
+# sudo: True
+ set_fact:
+ dbseeds: "{{ dbseeds }},{{ hostvars[item.1]['contrail_address'] }}"
+ with_indexed_items: groups['database']
+ when: item.0 == 1
+
+
+- name: "modify seeds list in cassandra conf"
+# sudo: True
+ replace:
+ dest: "/etc/cassandra/cassandra.yaml"
+ regexp: "- seeds:.*$"
+ replace: "- seeds: {{ dbseeds }}"
+
+
+- name: "modify cassandra env"
+# sudo: True
+ replace:
+ dest: "/etc/cassandra/cassandra-env.sh"
+ regexp: "{{ item.regexp }}"
+ replace: "{{ item.replace }}"
+ with_items:
+ - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintGCDetails\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintGCDetails\"" }
+ - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -Xss\\d+k\"", replace: "JVM_OPTS=\"$JVM_OPTS -Xss512k\"" }
+ - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintGCDateStamps\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintGCDateStamps\"" }
+ - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintHeapAtGC\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintHeapAtGC\"" }
+ - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintTenuringDistribution\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintTenuringDistribution\"" }
+ - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintGCApplicationStoppedTime\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintGCApplicationStoppedTime\"" }
+ - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintPromotionFailure\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintPromotionFailure\"" }
+ - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:PrintFLSStatistics=1\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:PrintFLSStatistics=1\"" }
+ - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -Xloggc:/var/log/cassandra/gc-`date \\+%s`\\.log\"", replace: "JVM_OPTS=\"$JVM_OPTS -Xloggc:/var/log/cassandra/gc-`date +%s`.log\"" }
+
+
+- name: "modify zookeeper conf"
+# sudo: True
+ lineinfile:
+ dest: "/etc/zookeeper/conf/zoo.cfg"
+ line: "{{ item }}"
+ with_items:
+ - "maxSessionTimeout=120000"
+ - "autopurge.purgeInterval=3"
+
+
+- name: "modify zookeeper log4j properties"
+# sudo: True
+ lineinfile:
+ dest: "/etc/zookeeper/conf/log4j.properties"
+ regexp: "(log4j.appender.ROLLINGFILE.MaxBackupIndex=.*)$"
+ line: "\\1"
+ backrefs: yes
+
+
+- name: "add server addresses to zookeeper config"
+# sudo: True
+ lineinfile:
+ dest: "/etc/zookeeper/conf/zoo.cfg"
+ regexp: "server.{{ item.0 + 1 }}="
+ line: "server.{{ item.0 + 1 }}={{ hostvars[item.1]['contrail_address'] }}:2888:3888"
+ with_indexed_items: groups['database']
+
+
+- name: "set zookeeper unique id"
+# sudo: True
+ template:
+ src: "templates/zookeeper-unique-id.j2"
+ dest: "/var/lib/zookeeper/myid"
+ with_indexed_items: groups['database']
+ when: item.1 == inventory_hostname
+
+
+- name: "remove kafka ini file"
+# sudo: True
+ file:
+ path: "/etc/contrail/supervisord_database_files/kafka.ini"
+ state: "absent"
+
+
+- name: "set first zookeeper host address"
+# sudo: True
+ set_fact:
+ zkaddrs: "{{ hostvars[item.1]['contrail_address'] }}:2181"
+ with_indexed_items: groups['database']
+ when: item.0 == 0
+
+
+- name: "set second or more zookeeper host addresses"
+# sudo: True
+ set_fact:
+ zkaddrs: "{{ zkaddrs }},{{ hostvars[item.1]['contrail_address'] }}:2181"
+ with_indexed_items: groups['database']
+ when: item.0 > 0
+
+
+- name: "modify zookeeper host addresses in kafka properties"
+# sudo: True
+ lineinfile:
+ dest: "/usr/share/kafka/config/server.properties"
+ regexp: "zookeeper.connect="
+ line: "zookeeper.connect={{ zkaddrs }}"
+
+
+- name: "modify kafka properties"
+# sudo: True
+ lineinfile:
+ dest: "/usr/share/kafka/config/server.properties"
+ regexp: "default.replication.factor="
+ line: "default.replication.factor=2"
+
+
+- name: "fix up contrail database nodemgr config"
+# sudo: True
+ ini_file:
+ dest: "/etc/contrail/contrail-database-nodemgr.conf"
+ section: "{{ item.section }}"
+ option: "{{ item.option }}"
+ value: "{{ item.value }}"
+ with_items:
+ - { section: "DEFAULT", option: "hostip", value: "{{ contrail_address }}" }
+ - { section: "DISCOVERY", option: "server", value: "{{ contrail_haproxy_address }}" }
+
+
+- name: "restart zookeeper"
+# sudo: True
+ service:
+ name: "zookeeper"
+ state: "restarted"
+
+
+- name: "restart supervisor database"
+# sudo: True
+ service:
+ name: "supervisor-database"
+ state: "restarted"
diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-increase-limits.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-increase-limits.yml
new file mode 100755
index 00000000..1a78e832
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-increase-limits.yml
@@ -0,0 +1,52 @@
+---
+#- hosts: [database, config, control, collector]
+# sudo: yes
+# tasks:
+- name: "delete line"
+# sudo: True
+ lineinfile:
+ dest: "/etc/limits.conf"
+ regexp: "^root\\s*soft\\s*nproc\\s*.*"
+ state: "absent"
+
+- name: "check EOF"
+# sudo: True
+ lineinfile:
+ dest: "/etc/security/limits.conf"
+ regexp: "^# End of file"
+ line: "# End of file"
+
+- name: "add lines"
+# sudo: True
+ lineinfile:
+ dest: "/etc/security/limits.conf"
+ regexp: "{{ item.regexp }}"
+ line: "{{ item.line }}"
+ insertbefore: "^# End of file"
+ with_items:
+ - { regexp: "^root\\s*hard\\s*nofile\\s*.*", line: "root hard nofile 65535" }
+ - { regexp: "^root\\s*soft\\s*nofile\\s*.*", line: "root soft nofile 65535" }
+ - { regexp: "^\\*\\s*hard\\s*nofile\\s*.*", line: "* hard nofile 65535" }
+ - { regexp: "^\\*\\s*soft\\s*nofile\\s*.*", line: "* soft nofile 65535" }
+ - { regexp: "^\\*\\s*hard\\s*nproc\\s*.*", line: "* hard nproc 65535" }
+ - { regexp: "^\\*\\s*soft\\s*nproc\\s*.*", line: "* soft nproc 65535" }
+
+- name: change value of sysctl fs.file-max
+# sudo: True
+ sysctl:
+ name: "fs.file-max"
+ value: "65535"
+
+- name: "find supervisord conf files"
+# sudo: True
+ shell: "find /etc/contrail -name supervisor*.conf -type f"
+ register: supervisordconfs
+ changed_when: no
+
+- name: "modify supervisord conf"
+# sudo: True
+ replace:
+ dest: "{{ item }}"
+ regexp: "^minfds=\\d*"
+ replace: "minfds=10240"
+ with_items: supervisordconfs.stdout_lines
diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-rabbitmq.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-rabbitmq.yml
new file mode 100755
index 00000000..b2785d8f
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-rabbitmq.yml
@@ -0,0 +1,103 @@
+---
+#- hosts: config
+# sudo: yes
+# tasks:
+- name: "start supervisor support service"
+# sudo: True
+ service:
+ name: "supervisor-support-service"
+ state: "started"
+
+
+
+- name: "stop rabbitmq server via supervisor"
+# sudo: True
+ supervisorctl:
+ name: "rabbitmq-server"
+ state: "stopped"
+ server_url: "unix:///tmp/supervisord_support_service.sock"
+
+
+
+- name: "-rabbitmq-stop"
+# sudo: True
+ include: -rabbitmq-stop.yml
+
+
+
+- name: "update hosts"
+# sudo: True
+ lineinfile:
+ dest: "/etc/hosts"
+ line: "{{ hostvars[item]['contrail_address'] }}\t{{ hostvars[item]['ansible_hostname'] }} {{ hostvars[item]['ansible_hostname'] }}-ctrl"
+ with_items: groups['opencontrail_config']
+
+
+
+- name: "fix up rabbitmq env"
+# sudo: True
+ template:
+ src: "provision/rabbitmq-env-conf.j2"
+ dest: "/etc/rabbitmq/rabbitmq-env.conf"
+
+
+
+- name: "fix up rabbitmq config for single node"
+# sudo: True
+ template:
+ src: "provision/rabbitmq-conf-single.j2"
+ dest: "/etc/rabbitmq/rabbitmq.config"
+ when: groups['opencontrail_config'][1] is not defined
+
+
+
+- name: fix up rabbitmq config for multi nodes
+# sudo: True
+ template:
+ src: "provision/rabbitmq-conf.j2"
+ dest: "/etc/rabbitmq/rabbitmq.config"
+ when: groups['opencontrail_config'][1] is defined
+
+
+
+- name: "-rabbitmq-stop"
+# sudo: True
+ include: -rabbitmq-stop.yml
+
+
+
+- name: "create cookie uuid temporary"
+# sudo: True
+ local_action:
+ module: "template"
+ src: "provision/rabbitmq-cookie.j2"
+ dest: "/tmp/tmp-rabbitmq-cookie"
+ run_once: yes
+
+
+- name: "update cookie uuid"
+# sudo: True
+ copy:
+ src: "/tmp/tmp-rabbitmq-cookie"
+ dest: "/var/lib/rabbitmq/.erlang.cookie"
+ owner: "rabbitmq"
+ group: "rabbitmq"
+ mode: 0400
+
+
+
+- name: "delete temporary cookie uuid"
+# sudo: True
+ local_action:
+ module: "file"
+ dest: "/tmp/tmp-rabbitmq-cookie"
+ state: "absent"
+ run_once: yes
+
+
+
+- name: "start rabbitmq server"
+# sudo: True
+ service:
+ name: "rabbitmq-server"
+ state: "started"
diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-route.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-route.yml
new file mode 100755
index 00000000..edf829ec
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-route.yml
@@ -0,0 +1,42 @@
+---
+#- hosts: all
+# sudo: yes
+# tasks:
+- name: "delete existing route file"
+# sudo: True
+ file:
+ path: "/etc/network/if-up.d/routes"
+ state: absent
+ when: contrail_route
+
+- name: "create route file"
+# sudo: True
+ file:
+ path: "/etc/network/if-up.d/routes"
+ owner: "root"
+ mode: 0755
+ state: touch
+ when: contrail_route
+
+
+- name: "add template"
+# sudo: True
+ lineinfile:
+ dest: "/etc/network/if-up.d/routes"
+ line: "{{ item }}"
+ with_items:
+ - "#!/bin/bash"
+ - "[ \"$IFACE\" != {{ contrail_route[0].device }} ] && exit 0"
+ when: contrail_route
+
+
+- name: "add static route"
+# sudo: True
+ lineinfile:
+ dest: "/etc/network/if-up.d/routes"
+ line: "ip route add {{ item.ip }} via {{ item.gw }} dev {{ item.device }}"
+ state: "present"
+ with_items:
+ - "{{ contrail_route }}"
+ when: contrail_route
+
diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-toragent.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-toragent.yml
new file mode 100755
index 00000000..87810732
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-toragent.yml
@@ -0,0 +1,77 @@
+---
+#- hosts: tsn
+# sudo: yes
+# tasks:
+- name: "create temporary directory for ssl files"
+ local_action:
+ module: "file"
+ dest: "/tmp/tmp-toragent-{{ item }}"
+ state: "directory"
+ with_items:
+ - "certs"
+ - "private"
+ run_once: yes
+
+- name: "create ssl files"
+ local_action: "shell openssl req -new -x509 -days 3650 -text -sha256 -newkey rsa:4096 -nodes -subj \"/C=US/ST=Global/O={{ item.1.vendor_name }}/CN={{ ansible_fqdn }}\" -keyout /tmp/tmp-toragent-private/tor.{{ item.0 }}.privkey.pem -out /tmp/tmp-toragent-certs/tor.{{ item.0 }}.cert.pem"
+ with_indexed_items: contrail_tor_agents
+ run_once: yes
+
+- name: "set tor agent list"
+ set_fact:
+ toragent_index: "{{ item.0 }}"
+ toragent_params: "{{ item.1 }}"
+ register: contrail_toragent_list
+ with_indexed_items: contrail_tor_agents
+ when: inventory_hostname in item.1.tsn_names
+
+- name: "fix up tor agent conf"
+ template:
+ src: "templates/contrail-tor-agent-conf.j2"
+ dest: "/etc/contrail/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}.conf"
+ with_items: contrail_toragent_list.results
+
+- name: "fix up tor agent ini"
+ template:
+ src: "provision/contrail-tor-agent-ini.j2"
+ dest: "/etc/contrail/supervisord_vrouter_files/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}.ini"
+ with_items: contrail_toragent_list.results
+
+- name: "copy init script"
+ shell: "cp /etc/init.d/contrail-vrouter-agent /etc/init.d/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}"
+ with_items: contrail_toragent_list.results
+
+- name: "copy ssl certs"
+ copy:
+ src: "/tmp/tmp-toragent-certs/tor.{{ item.ansible_facts.toragent_index }}.cert.pem"
+ dest: "/etc/contrail/ssl/certs/tor.{{ item.ansible_facts.toragent_index }}.cert.pem"
+ with_items: contrail_toragent_list.results
+
+- name: "copy ssl private"
+ copy:
+ src: "/tmp/tmp-toragent-private/tor.{{ item.ansible_facts.toragent_index }}.privkey.pem"
+ dest: "/etc/contrail/ssl/private/tor.{{ item.ansible_facts.toragent_index }}.privkey.pem"
+ with_items: contrail_toragent_list.results
+
+- name: "copy ca cert"
+ copy:
+ src: "files/cacert.pem"
+ dest: "/etc/contrail/ssl/certs/cacert.pem"
+
+- name: "delete temporary directory"
+ local_action:
+ module: "file"
+ dest: "/tmp/tmp-toragent-{{ item }}"
+ state: "absent"
+ with_items:
+ - "certs"
+ - "private"
+ run_once: yes
+
+- name: "add tor agent to contrail"
+ shell: "python /opt/contrail/utils/provision_vrouter.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --host_name {{ ansible_hostname }}-{{ item.ansible_facts.toragent_index }} --host_ip {{ contrail_address }} --router_type tor-agent"
+ with_items: contrail_toragent_list.results
+
+- name: "add device to contrail"
+ shell: "python /opt/contrail/utils/provision_physical_device.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --device_name {{ item.ansible_facts.toragent_params.name }} --vendor_name {{ item.ansible_facts.toragent_params.vendor_name }} --product_name {{ item.ansible_facts.toragent_params.product_name }} --device_mgmt_ip {{ item.ansible_facts.toragent_params.address }} --device_tunnel_ip {{ item.ansible_facts.toragent_params.tunnel_address }} --device_tor_agent {{ ansible_hostname }}-{{ item.ansible_facts.toragent_index }} --device_tsn {{ ansible_hostname }}"
+ with_items: contrail_toragent_list.results
diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-tsn.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-tsn.yml
new file mode 100755
index 00000000..058be18a
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-tsn.yml
@@ -0,0 +1,96 @@
+---
+#- hosts: tsn
+# sudo: yes
+# tasks:
+
+- name: "enable supervisor vrouter"
+ file:
+ path: "/etc/init/supervisor-vrouter.override"
+ state: "absent"
+
+- include: -node-common.yml
+
+- name: "fix up vrouter nodemgr param"
+ template:
+ src: "provision/vrouter-nodemgr-param.j2"
+ dest: "/etc/contrail/vrouter_nodemgr_param"
+
+- name: "set contrail device name for ansible"
+ set_fact:
+ contrail_ansible_device: "ansible_{{ contrail_device }}"
+
+- name: "fix up default pmac"
+ template:
+ src: "provision/default-pmac.j2"
+ dest: "/etc/contrail/default_pmac"
+
+- name: "copy agent param config from template"
+ shell: "cp /etc/contrail/agent_param.tmpl /etc/contrail/agent_param"
+
+- name: "modify agent param config"
+ lineinfile:
+ dest: "/etc/contrail/agent_param"
+ regexp: "dev=__DEVICE__"
+ line: "dev={{ contrail_device }}"
+
+- name: "set vrouter agent mode"
+ set_fact:
+ contrail_vrouter_mode: "tsn"
+
+- name: "fix up contrail vrouter agent config"
+ template:
+ src: "provision/contrail-vrouter-agent-conf.j2"
+ dest: "/etc/contrail/contrail-vrouter-agent.conf"
+
+- name: "delete lines for contrail interface"
+ shell: "{{ item }}"
+ with_items:
+ - "sed -e '/auto {{ contrail_device }}/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top"
+ - "sed -n -e '/auto {{ contrail_device }}/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom"
+ - "sed -i -e '/auto {{ contrail_device }}/d' /tmp/contrail-interfaces-bottom"
+ - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom"
+ - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces"
+
+- name: "delete lines for vrouter interface"
+ shell: "{{ item }}"
+ with_items:
+ - "sed -e '/auto vhost0/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top"
+ - "sed -n -e '/auto vhost0/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom"
+ - "sed -i -e '/auto vhost0/d' /tmp/contrail-interfaces-bottom"
+ - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom"
+ - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces"
+
+- name: "configure interface"
+ lineinfile:
+ dest: "/etc/network/interfaces"
+ line: "{{ item }}"
+ state: "present"
+ with_items:
+ - "auto {{ contrail_device }}"
+ - "iface {{ contrail_device }} inet manual"
+ - "\tpre-up ifconfig {{ contrail_device }} up"
+ - "\tpost-down ifconfig {{ contrail_device }} down"
+ - "auto vhost0"
+ - "iface vhost0 inet static"
+ - "\tpre-up /opt/contrail/bin/if-vhost0"
+ - "\tnetwork_name application"
+ - "\taddress {{ contrail_address }}"
+ - "\tnetmask {{ contrail_netmask }}"
+
+- name: "delete temporary files"
+ file:
+ dest: "{{ item }}"
+ state: "absent"
+ with_items:
+ - "/tmp/contrail-interfaces-top"
+ - "/tmp/contrail-interfaces-bottom"
+
+- name: "fix up contrail vrouter nodemgr config"
+ ini_file:
+ dest: "/etc/contrail/contrail-vrouter-nodemgr.conf"
+ section: "DISCOVERY"
+ option: "server"
+ value: "{{ contrail_haproxy_address }}"
+
+- name: "add tsn to contrail"
+ shell: "python /opt/contrail/utils/provision_vrouter.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }} --router_type tor-service-node"
diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-webui.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-webui.yml
new file mode 100755
index 00000000..eb6301b2
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-webui.yml
@@ -0,0 +1,63 @@
+---
+#- hosts: webui
+# sudo: yes
+# tasks:
+
+- name: "enable supervisor webui"
+ file:
+ path: "/etc/init/supervisor-webui.override"
+ state: "absent"
+
+- name: "redis-setup"
+ include: -redis-setup.yml
+
+- name: "node-common"
+ include: -node-common.yml
+
+- name: "set first cassandra host address"
+ set_fact:
+ cassandra_addrs: "'{{ hostvars[item.1]['contrail_address'] }}'"
+ with_indexed_items: groups['opencontrail_database']
+ when: item.0 == 0
+
+- name: "set second or more cassandra host addresses"
+ set_fact:
+ cassandra_addrs: "{{ cassandra_addrs }}, '{{ hostvars[item.1]['contrail_address'] }}'"
+ with_indexed_items: groups['opencontrail_database']
+ when: item.0 > 0
+
+- name: "modify webui global js"
+ lineinfile:
+ dest: "/etc/contrail/config.global.js"
+ regexp: "{{ item.regexp }}"
+ line: "{{ item.line }}"
+ with_items:
+ - { regexp: "^\\s*config.networkManager.ip", line: "config.networkManager.ip = '{{ contrail_haproxy_address }}';" }
+ - { regexp: "^\\s*config.imageManager.ip", line: "config.imageManager.ip = '{{ contrail_keystone_address }}';" }
+ - { regexp: "^\\s*config.computeManager.ip", line: "config.computeManager.ip = '{{ contrail_keystone_address }}';" }
+ - { regexp: "^\\s*config.identityManager.ip", line: "config.identityManager.ip = '{{ contrail_keystone_address }}';" }
+ - { regexp: "^\\s*config.storageManager.ip", line: "config.storageManager.ip = '{{ contrail_keystone_address }}';" }
+ - { regexp: "^\\s*config.cnfg.server_ip", line: "config.cnfg.server_ip = '{{ contrail_haproxy_address }}';" }
+ - { regexp: "^\\s*config.analytics.server_ip", line: "config.analytics.server_ip = '{{ contrail_haproxy_address }}';" }
+ - { regexp: "^\\s*config.cassandra.server_ips", line: "config.cassandra.server_ips = [{{ cassandra_addrs }}];" }
+
+- name: "modify webui userauth js"
+ lineinfile:
+ dest: "/etc/contrail/contrail-webui-userauth.js"
+ regexp: "{{ item.regexp }}"
+ line: "{{ item.line }}"
+ with_items:
+ - { regexp: "^\\s*auth.admin_user", line: "auth.admin_user = '{{ contrail_admin_user }}';" }
+ - { regexp: "^\\s*auth.admin_password", line: "auth.admin_password = '{{ contrail_admin_password }}';" }
+ - { regexp: "^\\s*auth.admin_tenant_name", line: "auth.admin_tenant_name = 'admin';" }
+
+- name: "create symbolic link from nodejs to node"
+ file:
+ src: "/usr/bin/node"
+ dest: "/usr/bin/nodejs"
+ state: "link"
+
+- name: "restart supervisor webui"
+ service:
+ name: "supervisor-webui"
+ state: "restarted"