diff options
Diffstat (limited to 'deploy/adapters/ansible/roles/open-contrail/tasks/provision')
16 files changed, 1445 insertions, 0 deletions
diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-node-common.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-node-common.yml new file mode 100755 index 00000000..f16a8500 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-node-common.yml @@ -0,0 +1,20 @@ +--- +- name: "disable ufw" + ufw: + state: "disabled" + +- name: "change value of kernel.core_pattern" + sysctl: + name: "kernel.core_pattern" + value: "/var/crashes/core.%e.%p.%h.%t" + +- name: "change value of net.ipv4.ip_forward" + sysctl: + name: "net.ipv4.ip_forward" + value: "1" + +- name: "make crashes directory" + file: + path: "/var/crashes" + state: "directory" + mode: 0777 diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-rabbitmq-stop.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-rabbitmq-stop.yml new file mode 100755 index 00000000..ec6b2fe0 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-rabbitmq-stop.yml @@ -0,0 +1,30 @@ +--- +- name: 'stop rabbitmq server' + service: + name: 'rabbitmq-server' + state: 'stopped' + +- name: 'check beam process' + shell: 'ps ax | grep -v grep | grep beam' + register: beam_process + changed_when: no + ignore_errors: yes + +- name: 'kill beam processes' + shell: 'pkill -9 beam' + when: beam_process.stdout + +- name: 'check epmd process' + shell: 'ps ax | grep -v grep | grep epmd' + register: epmd_process + changed_when: no + ignore_errors: yes + +- name: 'kill epmd processes' + shell: 'pkill -9 epmd' + when: epmd_process.stdout + +- name: 'remove mnesia directory' + file: + name: '/var/lib/rabbitmq/mnesia' + state: 'absent' diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-redis-setup.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-redis-setup.yml new file mode 100755 index 00000000..d7776af2 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-redis-setup.yml @@ -0,0 +1,26 @@ +--- +- name: "stop redis server" + service: + name: "redis-server" + state: "stopped" + +- name: "modify redis server configuration" + replace: + dest: "/etc/redis/redis.conf" + regexp: "{{ item.regexp }}" + replace: "{{ item.replace }}" + with_items: + - { regexp: "^\\s*bind", replace: "#bind" } + - { regexp: "^\\s*save", replace: "#save" } + - { regexp: "^\\s*dbfilename", replace: "#dbfilename" } + - { regexp: "^\\s*lua-time-limit\\s*\\d*", replace: "lua-time-limit 15000" } + +- name: "delete redis dump" + file: + dest: "/var/lib/redis/dump.rdb" + state: "absent" + +- name: "start redis server" + service: + name: "redis-server" + state: "started" diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-vrouter-compute-setup.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-vrouter-compute-setup.yml new file mode 100755 index 00000000..77ee20e3 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-vrouter-compute-setup.yml @@ -0,0 +1,95 @@ +--- +- name: "change owner nova log directory" + file: + dest: "/var/log/nova" + state: "directory" + owner: "nova" + group: "nova" + recurse: yes + +- name: "delete values from nova config" + ini_file: + dest: "/etc/nova/nova.conf" + section: "{{ item.section }}" + option: "{{ item.option }}" + with_items: + - { section: "DEFAULT", option: "sql_connection" } + - { section: "DEFAULT", option: "quantum_admin_tenant_name" } + - { section: "DEFAULT", option: "quantum_admin_username" } + - { section: "DEFAULT", option: "quantum_admin_password" } + - { section: "DEFAULT", option: "quantum_admin_auth_url" } + - { section: "DEFAULT", option: "quantum_auth_strategy" } + - { section: "DEFAULT", option: "quantum_url" } + +- name: "set values to nova config" + ini_file: + dest: "/etc/nova/nova.conf" + section: "{{ item.section }}" + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - { section: "DEFAULT", option: "auth_strategy", value: "keystone" } + - { section: "DEFAULT", option: "libvirt_nonblocking", value: "True" } + - { section: "DEFAULT", option: "libvirt_inject_partition", value: "-1" } + - { section: "DEFAULT", option: "rabbit_host", value: "{{ hostvars[groups['config'][0]]['contrail_address'] }}" } + - { section: "DEFAULT", option: "rabbit_port", value: "5672" } + - { section: "DEFAULT", option: "glance_host", value: "{{ hostvars[groups['openstack'][0]]['contrail_address'] }}" } + - { section: "DEFAULT", option: "glance_port", value: "9292" } + - { section: "DEFAULT", option: "neutron_admin_tenant_name", value: "service" } + - { section: "DEFAULT", option: "neutron_admin_username", value: "neutron" } + - { section: "DEFAULT", option: "neutron_admin_password", value: "{{ contrail_admin_password }}" } + - { section: "DEFAULT", option: "neutron_admin_auth_url", value: "http://{{ hostvars[groups['openstack'][0]]['contrail_address'] }}:35357/v2.0/" } + - { section: "DEFAULT", option: "neutron_url", value: "http://{{ hostvars[groups['config'][0]]['contrail_address'] }}:9696/" } + - { section: "DEFAULT", option: "neutron_url_timeout", value: "300" } + - { section: "DEFAULT", option: "network_api_class", value: "nova.network.neutronv2.api.API" } + - { section: "DEFAULT", option: "compute_driver", value: "libvirt.LibvirtDriver" } + - { section: "DEFAULT", option: "network_api_class", value: " nova_contrail_vif.contrailvif.ContrailNetworkAPI" } + - { section: "DEFAULT", option: "ec2_private_dns_show_ip", value: "False" } + - { section: "DEFAULT", option: "novncproxy_base_url", value: "http://{{ hostvars[groups['openstack'][0]]['contrail_mgmt_address'] }}:5999/vnc_auto.html" } + - { section: "DEFAULT", option: "vncserver_enabled", value: "True" } + - { section: "DEFAULT", option: "vncserver_listen", value: "{{ contrail_address }}" } + - { section: "DEFAULT", option: "vncserver_proxyclient_address", value: "{{ contrail_address }}" } + - { section: "DEFAULT", option: "security_group_api", value: "neutron" } + - { section: "DEFAULT", option: "heal_instance_info_cache_interval", value: "0" } + - { section: "DEFAULT", option: "image_cache_manager_interval", value: "0" } + - { section: "DEFAULT", option: "libvirt_cpu_mode", value: "none" } + - { section: "DEFAULT", option: "libvirt_vif_driver", value: "nova_contrail_vif.contrailvif.VRouterVIFDriver" } + - { section: "database", option: "connection", value: "mysql://nova:nova@{{ hostvars[groups['openstack'][0]]['contrail_address'] }}/nova?charset=utf8" } + - { section: "database", option: "idle_timeout", value: "180" } + - { section: "database", option: "max_retries", value: "-1" } + - { section: "keystone_authtoken", option: "admin_tenant_name", value: "service" } + - { section: "keystone_authtoken", option: "admin_user", value: "nova" } + - { section: "keystone_authtoken", option: "admin_password", value: "{{ contrail_admin_password }}" } + - { section: "keystone_authtoken", option: "auth_protocol", value: "http" } + - { section: "keystone_authtoken", option: "auth_host", value: "{{ hostvars[groups['openstack'][0]]['contrail_address'] }}" } + - { section: "keystone_authtoken", option: "signing_dir", value: "/tmp/keystone-signing-nova" } + +- name: "change database address if same node as first openstack node" + ini_file: + dest: "/etc/nova/nova.conf" + section: "database" + option: "connection" + value: "mysql://nova:nova@127.0.0.1/nova?charset=utf8" + when: groups['openstack'][0] == inventory_hostname + +- name: "add respawn to nova compute config" + lineinfile: + dest: "/etc/init/nova-compute.conf" + line: "respawn" + insertbefore: "pre-start script" + +- name: "add respawn limit to nova compute config" + lineinfile: + dest: "/etc/init/nova-compute.conf" + line: "respawn limit 10 90" + insertafter: "respawn" + +- name: "restart nova compute" + service: + name: "nova-compute" + state: "restarted" + +- name: "delete nova sqlite database" + file: + dest: "/var/lib/nova/nova.sqlite" + state: "absent" diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-add-nodes.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-add-nodes.yml new file mode 100755 index 00000000..8245c046 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-add-nodes.yml @@ -0,0 +1,39 @@ +--- +- hosts: config + sudo: yes + tasks: + - name: "provision config node" + shell: "python /opt/contrail/utils/provision_config_node.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}" + +- hosts: database + sudo: yes + tasks: + - name: "provision database node" + shell: "python /opt/contrail/utils/provision_database_node.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}" + +- hosts: collector + sudo: yes + tasks: + - name: "provision collector node" + shell: "python /opt/contrail/utils/provision_analytics_node.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}" + +- hosts: control + sudo: yes + tasks: + - name: "provision control node" + shell: "python /opt/contrail/utils/provision_control.py --api_server_ip {{ contrail_haproxy_address }} --api_server_port 8082 --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }} --router_asn {{ contrail_router_asn }}" + +- hosts: config + sudo: yes + tasks: + - name: "provision metadata services" + shell: "python /opt/contrail/utils/provision_linklocal.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --ipfabric_service_ip 10.84.50.1 --ipfabric_service_port 8775 --linklocal_service_name metadata --linklocal_service_ip 169.254.169.254 --linklocal_service_port 80" + run_once: yes + + +- hosts: config + sudo: yes + tasks: + - name: "provision encap" + shell: "python /opt/contrail/utils/provision_encap.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --oper add --encap_priority MPLSoUDP,MPLSoGRE,VXLAN" + run_once: yes diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-collector.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-collector.yml new file mode 100755 index 00000000..5dd72d77 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-collector.yml @@ -0,0 +1,98 @@ +--- +#- hosts: collector +# sudo: yes +# tasks: + +- name: "enable supervisor analytics" + file: + path: "/etc/init/supervisor-analytics.override" + state: "absent" + + +- name: "redis-setup" + include: -redis-setup.yml + + +- name: "node-common" + include: -node-common.yml + + +- name: "fix up contrail collector config" + template: + src: "provision/contrail-collector-conf.j2" + dest: "/etc/contrail/contrail-collector.conf" + + +- name: "fix up contrail query engine config" + template: + src: "provision/contrail-query-engine-conf.j2" + dest: "/etc/contrail/contrail-query-engine.conf" + + +- name: "fix up contrail analytics api config" + template: + src: "provision/contrail-analytics-api-conf.j2" + dest: "/etc/contrail/contrail-analytics-api.conf" + + +- name: "modify contrail analytics nodemgr config" + ini_file: + dest: "/etc/contrail/contrail-analytics-nodemgr.conf" + section: "DISCOVERY" + option: "server" + value: "{{ contrail_haproxy_address }}" + + +- name: "fix up contrail keystone auth config" + template: + src: "provision/contrail-keystone-auth-conf.j2" + dest: "/etc/contrail/contrail-keystone-auth.conf" + force: no + + +- name: "delete contrail alarm gen supervisord config file" + file: + dest: "/etc/contrail/supervisord_analytics_files/contrail-alarm-gen.ini" + state: "absent" + + +- name: "modify contrail snmp collector config file" + ini_file: + dest: "/etc/contrail/contrail-snmp-collector.conf" + section: "{{ item.section }}" + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - { section: "DEFAULTS", option: "zookeeper", value: "{{ contrail_address }}:2128" } + - { section: "DISCOVERY", option: "disc_server_ip", value: "{{ contrail_haproxy_address }}" } + - { section: "DISCOVERY", option: "disc_server_port", value: "5998" } + + +- name: "modify contrail snmp collector ini file" + ini_file: + dest: "/etc/contrail/supervisord_analytics_files/contrail-snmp-collector.ini" + section: "program:contrail-snmp-collector" + option: "command" + value: "/usr/bin/contrail-snmp-collector --conf_file /etc/contrail/contrail-snmp-collector.conf --conf_file /etc/contrail/contrail-keystone-auth.conf" + + +- name: "modify contrail topology config file" + ini_file: + dest: "/etc/contrail/contrail-topology.conf" + section: "DEFAULTS" + option: "zookeeper" + value: "{{ contrail_address }}" + + +- name: "modify contrail topology ini file" + ini_file: + dest: "/etc/contrail/supervisord_analytics_files/contrail-topology.ini" + section: "program:contrail-topology" + option: "command" + value: "/usr/bin/contrail-topology --conf_file /etc/contrail/contrail-topology.conf" + + +- name: "restart supervisor analytics" + service: + name: "supervisor-analytics" + state: "restarted" diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-compute.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-compute.yml new file mode 100755 index 00000000..41ea5c25 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-compute.yml @@ -0,0 +1,175 @@ +--- +#- hosts: compute +# sudo: yes +# tasks: +- name: "enable supervisor vrouter" + file: + path: "/etc/init/supervisor-vrouter.override" + state: "absent" + +- include: -node-common.yml + +- name: "check cgroup device acl in qemu conf" + shell: "grep -q '^\\s*cgroup_device_acl' /etc/libvirt/qemu.conf" + register: deviceacl + ignore_errors: yes + changed_when: no + +- name: "create cgroup device acl for qemu conf" + template: + src: "provision/qemu-device-acl-conf.j2" + dest: "/tmp/qemu-device-acl.conf" + when: deviceacl | failed + +- name: "combination of the qemu configuration" + shell: "cat /tmp/qemu-device-acl.conf >> /etc/libvirt/qemu.conf" + when: deviceacl | failed + +- name: "delete temporary configuration file" + file: + dest: "/tmp/qemu-device-acl.conf" + state: "absent" + when: deviceacl | failed + +- name: "fix up vrouter nodemgr param" + template: + src: "provision/vrouter-nodemgr-param.j2" + dest: "/etc/contrail/vrouter_nodemgr_param" + +- name: "set contrail device name for ansible" + set_fact: + contrail_ansible_device: "ansible_{{ contrail_device }}" + +- name: "fix up default pmac" + template: + src: "provision/default-pmac.j2" + dest: "/etc/contrail/default_pmac" + +- name: "copy agent param config from template" + shell: "cp /etc/contrail/agent_param.tmpl /etc/contrail/agent_param" + +- name: "modify agent param config" + lineinfile: + dest: "/etc/contrail/agent_param" + regexp: "dev=__DEVICE__" + line: "dev={{ contrail_device }}" + +- name: "fix up contrail vrouter agent config" + template: + src: "provision/contrail-vrouter-agent-conf.j2" + dest: "/etc/contrail/contrail-vrouter-agent.conf" + +- name: "delete lines for contrail interface" + shell: "{{ item }}" + with_items: + - "sed -e '/auto {{ contrail_device }}/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top" + - "sed -n -e '/auto {{ contrail_device }}/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom" + - "sed -i -e '/auto {{ contrail_device }}/d' /tmp/contrail-interfaces-bottom" + - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom" + - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces" + +- name: "delete lines for vrouter interface" + shell: "{{ item }}" + with_items: + - "sed -e '/auto vhost0/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top" + - "sed -n -e '/auto vhost0/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom" + - "sed -i -e '/auto vhost0/d' /tmp/contrail-interfaces-bottom" + - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom" + - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces" + +- name: "configure interface" + lineinfile: + dest: "/etc/network/interfaces" + line: "{{ item }}" + state: "present" + with_items: + - "auto {{ contrail_device }}" + - "iface {{ contrail_device }} inet manual" + - "\tpre-up ifconfig {{ contrail_device }} up" + - "\tpost-down ifconfig {{ contrail_device }} down" + - "auto vhost0" + - "iface vhost0 inet static" + - "\tpre-up /opt/contrail/bin/if-vhost0" + - "\tnetwork_name application" + - "\taddress {{ contrail_address }}" + - "\tnetmask {{ contrail_netmask }}" + +- name: "delete temporary files" + file: + dest: "{{ item }}" + state: "absent" + with_items: + - "/tmp/contrail-interfaces-top" + - "/tmp/contrail-interfaces-bottom" + +- name: "fix up contrail vrouter nodemgr config" + ini_file: + dest: "/etc/contrail/contrail-vrouter-nodemgr.conf" + section: "DISCOVERY" + option: "server" + value: "{{ contrail_haproxy_address }}" + +- name: "restart libvirt bin" + service: + name: "libvirt-bin" + state: "restarted" + +#- name: "set value of nova to nova config" +# template: +# src: "provision/nova.j2" +# dest: "/etc/nova/nova.conf" +# when: install_nova + +#- name: "delete values from nova config" +# ini_file: +# dest: "/etc/nova/nova.conf" +# section: "{{ item.section }}" +# option: "{{ item.option }}" +# with_items: +# - { section: "DEFAULT", option: "quantum_auth_strategy" } +# - { section: "DEFAULT", option: "quantum_admin_auth_url" } +# - { section: "DEFAULT", option: "quantum_admin_tenant_name" } +# - { section: "DEFAULT", option: "quantum_admin_username" } +# - { section: "DEFAULT", option: "quantum_admin_password" } +# - { section: "DEFAULT", option: "quantum_url" } + +#- name: "set values of neutron to nova config" +# ini_file: +# dest: "/etc/nova/nova.conf" +# section: "{{ item.section }}" +# option: "{{ item.option }}" +# value: "{{ item.value }}" +# state: "present" +# with_items: +# - { section: "DEFAULT", option: "neutron_admin_auth_url", value: "http://{{ contrail_keystone_address }}:5000/v2.0" } +# - { section: "DEFAULT", option: "neutron_admin_username", value: "neutron" } +# - { section: "DEFAULT", option: "neutron_admin_password", value: "{{ contrail_admin_password }}" } +# - { section: "DEFAULT", option: "neutron_admin_tenant_name", value: "service" } +# - { section: "DEFAULT", option: "neutron_url", value: "http://{{ contrail_haproxy_address }}:9696/" } +# - { section: "DEFAULT", option: "neutron_url_timeout", value: "300" } +# - { section: "DEFAULT", option: "network_api_class", value: "nova.network.neutronv2.api.API" } +# - { section: "DEFAULT", option: "libvirt_vif_driver", value: "nova_contrail_vif.contrailvif.VRouterVIFDriver" } + +#- name: "restart nova compute" +# service: +# name: "nova-compute" +# state: "restarted" + +#- name: "add vrouter to contrail" +# shell: "python /opt/contrail/utils/provision_vrouter.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}" +# +#- name: "reboot Server" +# shell: "shutdown -r now" +# async: 0 +# poll: 0 +# ignore_errors: true +# notify: Wait for server to come back +# +#handlers: +#- name: "Wait for server to come back" +# local_action: +# module: wait_for +# host={{ inventory_hostname }} +# port=22 +# delay=30 +# timeout=600 diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-config.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-config.yml new file mode 100755 index 00000000..8aa8f43b --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-config.yml @@ -0,0 +1,280 @@ +--- +#- hosts: config +# sudo: yes +# tasks: +- name: "enable supervisor config" + file: + path: "/etc/init/supervisor-config.override" + state: "absent" + +- name: "enable neutron server" + file: + path: "/etc/init/neutron-server.override" + state: "absent" + +# Compass is using this +#- name: "enable haproxy" +# replace: +# dest: "/etc/default/haproxy" +# regexp: "^ENABLED\\s*=.*$" +# replace: "ENABLED=1" + +# Compass is using this +#- name: "modify haproxy global configuration" +# lineinfile: +# dest: "/etc/haproxy/haproxy.cfg" +# regexp: "{{ item.regexp }}" +# line: "{{ item.line }}" +# insertafter: "^global" +# with_items: +# - { regexp: "^\\s*tune.bufsize", line: "\ttune.bufsize 16384" } +# - { regexp: "^\\s*tune.maxrewrite", line: "\ttune.maxrewrite 1024" } + +- name: "delete haproxy configuration for contrail" + shell: "sed -i -e '/^#contrail-marker-start/,/^#contrail-marker-end/d' /etc/haproxy/haproxy.cfg" + +- name: "create haproxy configuration for contrail" + template: + src: "provision/haproxy-contrail-cfg.j2" + dest: "/tmp/haproxy-contrail.cfg" + +- name: "combination of the haproxy configuration" + shell: "cat /tmp/haproxy-contrail.cfg >> /etc/haproxy/haproxy.cfg" + +- name: "delete temporary configuration file" + file: + dest: "/tmp/haproxy-contrail.cfg" + state: "absent" + +- name: "restart haproxy" + service: + name: "haproxy" + state: "restarted" + +# Compass is using this +#- name: "create keepalived configuration" +# template: +# src: "provision/keepalived-conf.j2" +# dest: "/etc/keepalived/keepalived.conf" +# with_indexed_items: groups['opencontrail_config'] +# when: contrail_keepalived and item.1 == inventory_hostname + +#- name: "restart keepalived" +# service: +# name: "keepalived" +# state: "restarted" +# when: contrail_keepalived + +- name: "node-common" + include: -node-common.yml + +- name: "fix up contrail keystone auth config" + template: + src: "provision/contrail-keystone-auth-conf.j2" + dest: "/etc/contrail/contrail-keystone-auth.conf" + +- name: "fix up ifmap server log4j properties" + template: + src: "provision/ifmap-log4j-properties.j2" + dest: "/etc/ifmap-server/log4j.properties" + +- name: "fix up ifmap server authorization properties" + template: + src: "provision/ifmap-authorization-properties.j2" + dest: "/etc/ifmap-server/authorization.properties" + +- name: "fix up ifmap server basicauthusers properties" + template: + src: "provision/ifmap-basicauthusers-properties.j2" + dest: "/etc/ifmap-server/basicauthusers.properties" + +- name: "fix up ifmap server publisher properties" + template: + src: "provision/ifmap-publisher-properties.j2" + dest: "/etc/ifmap-server/publisher.properties" + +- name: "fix up contrail api config" + template: + src: "provision/contrail-api-conf.j2" + dest: "/etc/contrail/contrail-api.conf" + +- name: "fix up contrail api supervisord config" + template: + src: "provision/contrail-api-supervisord-conf.j2" + dest: "/etc/contrail/supervisord_config_files/contrail-api.ini" + +- name: "modify contrail api init script" + lineinfile: + dest: "/etc/init.d/contrail-api" + regexp: "supervisorctl -s unix:///tmp/supervisord_config.sock" + line: "supervisorctl -s unix:///tmp/supervisord_config.sock ${1} `basename ${0}:0`" + +- name: "fix up contrail schema config" + template: + src: "provision/contrail-schema-conf.j2" + dest: "/etc/contrail/contrail-schema.conf" + +- name: "fix up contrail device manager config" + template: + src: "provision/contrail-device-manager-conf.j2" + dest: "/etc/contrail/contrail-device-manager.conf" + +- name: "fix up contrail svc monitor config" + template: + src: "provision/contrail-svc-monitor-conf.j2" + dest: "/etc/contrail/contrail-svc-monitor.conf" + +- name: "fix up contrail discovery supervisord config" + template: + src: "provision/contrail-discovery-supervisord-conf.j2" + dest: "/etc/contrail/supervisord_config_files/contrail-discovery.ini" + +- name: "fix up contrail discovery config" + template: + src: "provision/contrail-discovery-conf.j2" + dest: "/etc/contrail/contrail-discovery.conf" + +- name: "modify contrail discovery init script" + lineinfile: + dest: "/etc/init.d/contrail-discovery" + regexp: "supervisorctl -s unix:///tmp/supervisord_config.sock" + line: "supervisorctl -s unix:///tmp/supervisord_config.sock ${1} `basename ${0}:0`" + +- name: "fix up contrail vnc api library config" + template: + src: "provision/contrail-vnc-api-lib-ini.j2" + dest: "/etc/contrail/vnc_api_lib.ini" + +- name: "fix up contrail config nodemgr config" + ini_file: + dest: "/etc/contrail/contrail-config-nodemgr.conf" + section: "DISCOVERY" + option: "server" + value: "{{ contrail_haproxy_address }}" + +- name: "fix up contrail sudoers" + template: + src: "provision/contrail-sudoers.j2" + dest: "/etc/sudoers.d/contrail_sudoers" + mode: 0440 + +- name: "create directory for neutron plugins" + file: + dest: "/etc/neutron/plugins/opencontrail" + state: "directory" + +- name: "fix up contrail plugin for nuetron" + template: + src: "provision/neutron-contrail-plugin-ini.j2" + dest: "/etc/neutron/plugins/opencontrail/ContrailPlugin.ini" + +- name: "modify neutron server configuration" + lineinfile: + dest: "/etc/default/neutron-server" + regexp: "NEUTRON_PLUGIN_CONFIG=" + line: "NEUTRON_PLUGIN_CONFIG=\"/etc/neutron/plugins/opencontrail/ContrailPlugin.ini\"" + +#- name: "change owner neutron log directory" +# file: +# dest: "/var/log/neutron" +# state: "directory" +# owner: "neutron" +# group: "neutron" +# recurse: yes + +#- name: "set values to neutron config" +# ini_file: +# dest: "/etc/neutron/neutron.conf" +# section: "{{ item.section }}" +# option: "{{ item.option }}" +# value: "{{ item.value }}" +# with_items: +# - { section: "DEFAULT", option: "bind_port", value: "9697" } +# - { section: "DEFAULT", option: "auth_strategy", value: "keystone" } +# - { section: "DEFAULT", option: "allow_overlapping_ips", value: "True" } +# - { section: "DEFAULT", option: "core_plugin", value: "neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2" } +# - { section: "DEFAULT", option: "api_extensions_path", value: "extensions:/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/extensions" } +# - { section: "DEFAULT", option: "rabbit_host", value: "{{ contrail_haproxy_address }}" } +# - { section: "DEFAULT", option: "rabbit_port", value: "5673" } +# - { section: "DEFAULT", option: "service_plugins", value: "neutron_plugin_contrail.plugins.opencontrail.loadbalancer.plugin.LoadBalancerPlugin" } +# - { section: "service_providers", option: "service_provider", value: "LOADBALANCER:Opencontrail:neutron_plugin_contrail.plugins.opencontrail.loadbalancer.driver.OpencontrailLoadbalancerDriver:default" } +# - { section: "quotas", option: "quota_driver", value: "neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver" } +# - { section: "quotas", option: "quota_network", value: "-1" } +# - { section: "quotas", option: "quota_subnet", value: "-1" } +# - { section: "quotas", option: "quota_port", value: "-1" } +# - { section: "keystone_authtoken", option: "admin_tenant_name", value: "admin" } +# - { section: "keystone_authtoken", option: "admin_user", value: "{{ contrail_admin_user }}" } +# - { section: "keystone_authtoken", option: "admin_password", value: "{{ contrail_admin_password }}" } +# - { section: "keystone_authtoken", option: "auth_host", value: "{{ contrail_keystone_address }}" } +# - { section: "keystone_authtoken", option: "auth_protocol", value: "http" } + +#- name: "add respawn to neutron server config" +# lineinfile: +# dest: "/etc/init/neutron-server.conf" +# line: "respawn" +# insertbefore: "pre-start script" + +#- name: "add respawn limit to neutron server config" +# lineinfile: +# dest: "/etc/init/neutron-server.conf" +# line: "respawn limit 10 90" +# insertafter: "respawn" + +- name: "restart supervisor config" + service: + name: "supervisor-config" + state: "restarted" + + +#- name: "restart neutron-server" +# service: +# name: "neutron-server" +# state: "restarted" + +# Compass configured +#- name: "add neutron service" +# shell: "keystone service-get 'neutron' || keystone service-create --name 'neutron' --type 'network' --description 'Neutron Network Service'" +# environment: +# OS_AUTH_URL: "http://{{ contrail_keystone_address }}:35357/v2.0" +# OS_USERNAME: "{{ contrail_admin_user }}" +# OS_PASSWORD: "{{ contrail_admin_password }}" +# OS_TENANT_NAME: "admin" +# run_once: yes +# when: keystone_provision +# +# +# Compass configured +#- name: "add neutron endpoint" +# shell: "keystone endpoint-list | grep -q $(keystone service-get 'neutron' | grep '| *id *|' | awk '{print $4}') || keystone endpoint-create --region 'RegionOne' --service 'neutron' --publicurl 'http://{{ contrail_haproxy_address }}:9696' --internal 'http://{{ contrail_haproxy_address }}:9696' --adminurl 'http://{{ contrail_haproxy_address }}:9696'" +# environment: +# OS_AUTH_URL: "http://{{ contrail_keystone_address }}:35357/v2.0" +# OS_USERNAME: "{{ contrail_admin_user }}" +# OS_PASSWORD: "{{ contrail_admin_password }}" +# OS_TENANT_NAME: "admin" +# run_once: yes +# when: keystone_provision +# +#- name: "add neutron user" +# keystone_user: +# user: "neutron" +# password: "{{ contrail_admin_password }}" +# email: "neutron@example.com" +# tenant: "service" +# endpoint: "http://{{ contrail_keystone_address }}:35357/v2.0" +# login_user: "{{ contrail_admin_user }}" +# login_password: "{{ contrail_admin_password }}" +# login_tenant_name: "admin" +# run_once: yes +# when: keystone_provision +# +#- name: "apply role to user" +# keystone_user: +# tenant: "service" +# user: "neutron" +# role: "admin" +# endpoint: "http://{{ contrail_keystone_address }}:35357/v2.0" +# login_user: "{{ contrail_admin_user }}" +# login_password: "{{ contrail_admin_password }}" +# login_tenant_name: "admin" +# run_once: yes +# when: keystone_provision diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-control.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-control.yml new file mode 100755 index 00000000..e36d8f22 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-control.yml @@ -0,0 +1,59 @@ +--- +#- hosts: control +# sudo: yes +# tasks: +- name: "enable supervisor control" + file: + path: "/etc/init/supervisor-control.override" + state: "absent" + +- name: "enable supervisor dns" + file: + path: "/etc/init/supervisor-dns.override" + state: "absent" + +- name: "modify ifmap server basicauthusers properties for control" + lineinfile: + dest: "/etc/ifmap-server/basicauthusers.properties" + line: "{{ hostvars[item]['contrail_address' ] }}:{{ hostvars[item]['contrail_address' ] }}" + with_items: groups['opencontrail_control'] + +- name: "modify ifmap server basicauthusers properties for dns" + lineinfile: + dest: "/etc/ifmap-server/basicauthusers.properties" + line: "{{ hostvars[item]['contrail_address' ] }}.dns:{{ hostvars[item]['contrail_address' ] }}.dns" + with_items: groups['opencontrail_control'] + +- name: "node-common" + include: -node-common.yml + +- name: "fix up contrail control config" + template: + src: "provision/contrail-control-conf.j2" + dest: "/etc/contrail/contrail-control.conf" + +- name: "fix up contrail dns config" + template: + src: "provision/contrail-dns-conf.j2" + dest: "/etc/contrail/contrail-dns.conf" + +- name: "fix up contrail control nodemgr config" + ini_file: + dest: "/etc/contrail/contrail-control-nodemgr.conf" + section: "DISCOVERY" + option: "server" + value: "{{ contrail_haproxy_address }}" + +- name: "modify dns configuration" + replace: + dest: "/etc/contrail/dns/{{ item }}" + regexp: "secret \"secret123\"" + replace: "secret \"xvysmOR8lnUQRBcunkC6vg==\"" + with_items: + - "contrail-rndc.conf" + - "contrail-named.conf" + +- name: "restart supervisor control" + service: + name: "supervisor-control" + state: "restarted" diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-database.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-database.yml new file mode 100755 index 00000000..6807d7d4 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-database.yml @@ -0,0 +1,190 @@ +--- +#- hosts: database +# sudo: yes +# tasks: + + +- name: "enable supervisor database" +# sudo: True + file: + path: "/etc/init/supervisor-database.override" + state: "absent" + + +- name: "-node-common" +# sudo: True + include: -node-common.yml + + +- name: "update hosts" +# sudo: True + lineinfile: + dest: "/etc/hosts" + regexp: "^{{ contrail_address }}\t{{ ansible_hostname }}( .*)?$" + line: "{{ contrail_address }}\t{{ ansible_hostname }}\\1" + backrefs: yes + + +- name: "make directory for contrail analytics" +# sudo: True + file: + path: "/var/lib/cassandra/data/ContrailAnalytics" + state: "directory" + + +- name: "modify cassandra conf" +# sudo: True + lineinfile: + dest: "/etc/cassandra/cassandra.yaml" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: "^(#(\\s*)?)?listen_address:", line: "listen_address: {{ contrail_address }}"} + - { regexp: "^(#(\\s*)?)?cluster_name:", line: "cluster_name: \"Contrail\"" } + - { regexp: "^(#(\\s*)?)?rpc_address:", line: "rpc_address: {{ contrail_address }}" } + - { regexp: "^(#(\\s*)?)?num_tokens:", line: "num_tokens: 256" } + - { regexp: "^(#(\\s*)?)?initial_token:", line: "# initial_token:" } + + +- name: "set first database host seed" +# sudo: True + set_fact: + dbseeds: "{{ hostvars[item.1]['contrail_address'] }}" + with_indexed_items: groups['database'] + when: item.0 == 0 + + +- name: "set second database host seed" +# sudo: True + set_fact: + dbseeds: "{{ dbseeds }},{{ hostvars[item.1]['contrail_address'] }}" + with_indexed_items: groups['database'] + when: item.0 == 1 + + +- name: "modify seeds list in cassandra conf" +# sudo: True + replace: + dest: "/etc/cassandra/cassandra.yaml" + regexp: "- seeds:.*$" + replace: "- seeds: {{ dbseeds }}" + + +- name: "modify cassandra env" +# sudo: True + replace: + dest: "/etc/cassandra/cassandra-env.sh" + regexp: "{{ item.regexp }}" + replace: "{{ item.replace }}" + with_items: + - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintGCDetails\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintGCDetails\"" } + - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -Xss\\d+k\"", replace: "JVM_OPTS=\"$JVM_OPTS -Xss512k\"" } + - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintGCDateStamps\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintGCDateStamps\"" } + - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintHeapAtGC\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintHeapAtGC\"" } + - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintTenuringDistribution\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintTenuringDistribution\"" } + - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintGCApplicationStoppedTime\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintGCApplicationStoppedTime\"" } + - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintPromotionFailure\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintPromotionFailure\"" } + - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:PrintFLSStatistics=1\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:PrintFLSStatistics=1\"" } + - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -Xloggc:/var/log/cassandra/gc-`date \\+%s`\\.log\"", replace: "JVM_OPTS=\"$JVM_OPTS -Xloggc:/var/log/cassandra/gc-`date +%s`.log\"" } + + +- name: "modify zookeeper conf" +# sudo: True + lineinfile: + dest: "/etc/zookeeper/conf/zoo.cfg" + line: "{{ item }}" + with_items: + - "maxSessionTimeout=120000" + - "autopurge.purgeInterval=3" + + +- name: "modify zookeeper log4j properties" +# sudo: True + lineinfile: + dest: "/etc/zookeeper/conf/log4j.properties" + regexp: "(log4j.appender.ROLLINGFILE.MaxBackupIndex=.*)$" + line: "\\1" + backrefs: yes + + +- name: "add server addresses to zookeeper config" +# sudo: True + lineinfile: + dest: "/etc/zookeeper/conf/zoo.cfg" + regexp: "server.{{ item.0 + 1 }}=" + line: "server.{{ item.0 + 1 }}={{ hostvars[item.1]['contrail_address'] }}:2888:3888" + with_indexed_items: groups['database'] + + +- name: "set zookeeper unique id" +# sudo: True + template: + src: "templates/zookeeper-unique-id.j2" + dest: "/var/lib/zookeeper/myid" + with_indexed_items: groups['database'] + when: item.1 == inventory_hostname + + +- name: "remove kafka ini file" +# sudo: True + file: + path: "/etc/contrail/supervisord_database_files/kafka.ini" + state: "absent" + + +- name: "set first zookeeper host address" +# sudo: True + set_fact: + zkaddrs: "{{ hostvars[item.1]['contrail_address'] }}:2181" + with_indexed_items: groups['database'] + when: item.0 == 0 + + +- name: "set second or more zookeeper host addresses" +# sudo: True + set_fact: + zkaddrs: "{{ zkaddrs }},{{ hostvars[item.1]['contrail_address'] }}:2181" + with_indexed_items: groups['database'] + when: item.0 > 0 + + +- name: "modify zookeeper host addresses in kafka properties" +# sudo: True + lineinfile: + dest: "/usr/share/kafka/config/server.properties" + regexp: "zookeeper.connect=" + line: "zookeeper.connect={{ zkaddrs }}" + + +- name: "modify kafka properties" +# sudo: True + lineinfile: + dest: "/usr/share/kafka/config/server.properties" + regexp: "default.replication.factor=" + line: "default.replication.factor=2" + + +- name: "fix up contrail database nodemgr config" +# sudo: True + ini_file: + dest: "/etc/contrail/contrail-database-nodemgr.conf" + section: "{{ item.section }}" + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - { section: "DEFAULT", option: "hostip", value: "{{ contrail_address }}" } + - { section: "DISCOVERY", option: "server", value: "{{ contrail_haproxy_address }}" } + + +- name: "restart zookeeper" +# sudo: True + service: + name: "zookeeper" + state: "restarted" + + +- name: "restart supervisor database" +# sudo: True + service: + name: "supervisor-database" + state: "restarted" diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-increase-limits.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-increase-limits.yml new file mode 100755 index 00000000..1a78e832 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-increase-limits.yml @@ -0,0 +1,52 @@ +--- +#- hosts: [database, config, control, collector] +# sudo: yes +# tasks: +- name: "delete line" +# sudo: True + lineinfile: + dest: "/etc/limits.conf" + regexp: "^root\\s*soft\\s*nproc\\s*.*" + state: "absent" + +- name: "check EOF" +# sudo: True + lineinfile: + dest: "/etc/security/limits.conf" + regexp: "^# End of file" + line: "# End of file" + +- name: "add lines" +# sudo: True + lineinfile: + dest: "/etc/security/limits.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + insertbefore: "^# End of file" + with_items: + - { regexp: "^root\\s*hard\\s*nofile\\s*.*", line: "root hard nofile 65535" } + - { regexp: "^root\\s*soft\\s*nofile\\s*.*", line: "root soft nofile 65535" } + - { regexp: "^\\*\\s*hard\\s*nofile\\s*.*", line: "* hard nofile 65535" } + - { regexp: "^\\*\\s*soft\\s*nofile\\s*.*", line: "* soft nofile 65535" } + - { regexp: "^\\*\\s*hard\\s*nproc\\s*.*", line: "* hard nproc 65535" } + - { regexp: "^\\*\\s*soft\\s*nproc\\s*.*", line: "* soft nproc 65535" } + +- name: change value of sysctl fs.file-max +# sudo: True + sysctl: + name: "fs.file-max" + value: "65535" + +- name: "find supervisord conf files" +# sudo: True + shell: "find /etc/contrail -name supervisor*.conf -type f" + register: supervisordconfs + changed_when: no + +- name: "modify supervisord conf" +# sudo: True + replace: + dest: "{{ item }}" + regexp: "^minfds=\\d*" + replace: "minfds=10240" + with_items: supervisordconfs.stdout_lines diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-rabbitmq.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-rabbitmq.yml new file mode 100755 index 00000000..b2785d8f --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-rabbitmq.yml @@ -0,0 +1,103 @@ +--- +#- hosts: config +# sudo: yes +# tasks: +- name: "start supervisor support service" +# sudo: True + service: + name: "supervisor-support-service" + state: "started" + + + +- name: "stop rabbitmq server via supervisor" +# sudo: True + supervisorctl: + name: "rabbitmq-server" + state: "stopped" + server_url: "unix:///tmp/supervisord_support_service.sock" + + + +- name: "-rabbitmq-stop" +# sudo: True + include: -rabbitmq-stop.yml + + + +- name: "update hosts" +# sudo: True + lineinfile: + dest: "/etc/hosts" + line: "{{ hostvars[item]['contrail_address'] }}\t{{ hostvars[item]['ansible_hostname'] }} {{ hostvars[item]['ansible_hostname'] }}-ctrl" + with_items: groups['opencontrail_config'] + + + +- name: "fix up rabbitmq env" +# sudo: True + template: + src: "provision/rabbitmq-env-conf.j2" + dest: "/etc/rabbitmq/rabbitmq-env.conf" + + + +- name: "fix up rabbitmq config for single node" +# sudo: True + template: + src: "provision/rabbitmq-conf-single.j2" + dest: "/etc/rabbitmq/rabbitmq.config" + when: groups['opencontrail_config'][1] is not defined + + + +- name: fix up rabbitmq config for multi nodes +# sudo: True + template: + src: "provision/rabbitmq-conf.j2" + dest: "/etc/rabbitmq/rabbitmq.config" + when: groups['opencontrail_config'][1] is defined + + + +- name: "-rabbitmq-stop" +# sudo: True + include: -rabbitmq-stop.yml + + + +- name: "create cookie uuid temporary" +# sudo: True + local_action: + module: "template" + src: "provision/rabbitmq-cookie.j2" + dest: "/tmp/tmp-rabbitmq-cookie" + run_once: yes + + +- name: "update cookie uuid" +# sudo: True + copy: + src: "/tmp/tmp-rabbitmq-cookie" + dest: "/var/lib/rabbitmq/.erlang.cookie" + owner: "rabbitmq" + group: "rabbitmq" + mode: 0400 + + + +- name: "delete temporary cookie uuid" +# sudo: True + local_action: + module: "file" + dest: "/tmp/tmp-rabbitmq-cookie" + state: "absent" + run_once: yes + + + +- name: "start rabbitmq server" +# sudo: True + service: + name: "rabbitmq-server" + state: "started" diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-route.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-route.yml new file mode 100755 index 00000000..edf829ec --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-route.yml @@ -0,0 +1,42 @@ +--- +#- hosts: all +# sudo: yes +# tasks: +- name: "delete existing route file" +# sudo: True + file: + path: "/etc/network/if-up.d/routes" + state: absent + when: contrail_route + +- name: "create route file" +# sudo: True + file: + path: "/etc/network/if-up.d/routes" + owner: "root" + mode: 0755 + state: touch + when: contrail_route + + +- name: "add template" +# sudo: True + lineinfile: + dest: "/etc/network/if-up.d/routes" + line: "{{ item }}" + with_items: + - "#!/bin/bash" + - "[ \"$IFACE\" != {{ contrail_route[0].device }} ] && exit 0" + when: contrail_route + + +- name: "add static route" +# sudo: True + lineinfile: + dest: "/etc/network/if-up.d/routes" + line: "ip route add {{ item.ip }} via {{ item.gw }} dev {{ item.device }}" + state: "present" + with_items: + - "{{ contrail_route }}" + when: contrail_route + diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-toragent.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-toragent.yml new file mode 100755 index 00000000..87810732 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-toragent.yml @@ -0,0 +1,77 @@ +--- +#- hosts: tsn +# sudo: yes +# tasks: +- name: "create temporary directory for ssl files" + local_action: + module: "file" + dest: "/tmp/tmp-toragent-{{ item }}" + state: "directory" + with_items: + - "certs" + - "private" + run_once: yes + +- name: "create ssl files" + local_action: "shell openssl req -new -x509 -days 3650 -text -sha256 -newkey rsa:4096 -nodes -subj \"/C=US/ST=Global/O={{ item.1.vendor_name }}/CN={{ ansible_fqdn }}\" -keyout /tmp/tmp-toragent-private/tor.{{ item.0 }}.privkey.pem -out /tmp/tmp-toragent-certs/tor.{{ item.0 }}.cert.pem" + with_indexed_items: contrail_tor_agents + run_once: yes + +- name: "set tor agent list" + set_fact: + toragent_index: "{{ item.0 }}" + toragent_params: "{{ item.1 }}" + register: contrail_toragent_list + with_indexed_items: contrail_tor_agents + when: inventory_hostname in item.1.tsn_names + +- name: "fix up tor agent conf" + template: + src: "templates/contrail-tor-agent-conf.j2" + dest: "/etc/contrail/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}.conf" + with_items: contrail_toragent_list.results + +- name: "fix up tor agent ini" + template: + src: "provision/contrail-tor-agent-ini.j2" + dest: "/etc/contrail/supervisord_vrouter_files/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}.ini" + with_items: contrail_toragent_list.results + +- name: "copy init script" + shell: "cp /etc/init.d/contrail-vrouter-agent /etc/init.d/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}" + with_items: contrail_toragent_list.results + +- name: "copy ssl certs" + copy: + src: "/tmp/tmp-toragent-certs/tor.{{ item.ansible_facts.toragent_index }}.cert.pem" + dest: "/etc/contrail/ssl/certs/tor.{{ item.ansible_facts.toragent_index }}.cert.pem" + with_items: contrail_toragent_list.results + +- name: "copy ssl private" + copy: + src: "/tmp/tmp-toragent-private/tor.{{ item.ansible_facts.toragent_index }}.privkey.pem" + dest: "/etc/contrail/ssl/private/tor.{{ item.ansible_facts.toragent_index }}.privkey.pem" + with_items: contrail_toragent_list.results + +- name: "copy ca cert" + copy: + src: "files/cacert.pem" + dest: "/etc/contrail/ssl/certs/cacert.pem" + +- name: "delete temporary directory" + local_action: + module: "file" + dest: "/tmp/tmp-toragent-{{ item }}" + state: "absent" + with_items: + - "certs" + - "private" + run_once: yes + +- name: "add tor agent to contrail" + shell: "python /opt/contrail/utils/provision_vrouter.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --host_name {{ ansible_hostname }}-{{ item.ansible_facts.toragent_index }} --host_ip {{ contrail_address }} --router_type tor-agent" + with_items: contrail_toragent_list.results + +- name: "add device to contrail" + shell: "python /opt/contrail/utils/provision_physical_device.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --device_name {{ item.ansible_facts.toragent_params.name }} --vendor_name {{ item.ansible_facts.toragent_params.vendor_name }} --product_name {{ item.ansible_facts.toragent_params.product_name }} --device_mgmt_ip {{ item.ansible_facts.toragent_params.address }} --device_tunnel_ip {{ item.ansible_facts.toragent_params.tunnel_address }} --device_tor_agent {{ ansible_hostname }}-{{ item.ansible_facts.toragent_index }} --device_tsn {{ ansible_hostname }}" + with_items: contrail_toragent_list.results diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-tsn.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-tsn.yml new file mode 100755 index 00000000..058be18a --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-tsn.yml @@ -0,0 +1,96 @@ +--- +#- hosts: tsn +# sudo: yes +# tasks: + +- name: "enable supervisor vrouter" + file: + path: "/etc/init/supervisor-vrouter.override" + state: "absent" + +- include: -node-common.yml + +- name: "fix up vrouter nodemgr param" + template: + src: "provision/vrouter-nodemgr-param.j2" + dest: "/etc/contrail/vrouter_nodemgr_param" + +- name: "set contrail device name for ansible" + set_fact: + contrail_ansible_device: "ansible_{{ contrail_device }}" + +- name: "fix up default pmac" + template: + src: "provision/default-pmac.j2" + dest: "/etc/contrail/default_pmac" + +- name: "copy agent param config from template" + shell: "cp /etc/contrail/agent_param.tmpl /etc/contrail/agent_param" + +- name: "modify agent param config" + lineinfile: + dest: "/etc/contrail/agent_param" + regexp: "dev=__DEVICE__" + line: "dev={{ contrail_device }}" + +- name: "set vrouter agent mode" + set_fact: + contrail_vrouter_mode: "tsn" + +- name: "fix up contrail vrouter agent config" + template: + src: "provision/contrail-vrouter-agent-conf.j2" + dest: "/etc/contrail/contrail-vrouter-agent.conf" + +- name: "delete lines for contrail interface" + shell: "{{ item }}" + with_items: + - "sed -e '/auto {{ contrail_device }}/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top" + - "sed -n -e '/auto {{ contrail_device }}/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom" + - "sed -i -e '/auto {{ contrail_device }}/d' /tmp/contrail-interfaces-bottom" + - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom" + - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces" + +- name: "delete lines for vrouter interface" + shell: "{{ item }}" + with_items: + - "sed -e '/auto vhost0/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top" + - "sed -n -e '/auto vhost0/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom" + - "sed -i -e '/auto vhost0/d' /tmp/contrail-interfaces-bottom" + - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom" + - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces" + +- name: "configure interface" + lineinfile: + dest: "/etc/network/interfaces" + line: "{{ item }}" + state: "present" + with_items: + - "auto {{ contrail_device }}" + - "iface {{ contrail_device }} inet manual" + - "\tpre-up ifconfig {{ contrail_device }} up" + - "\tpost-down ifconfig {{ contrail_device }} down" + - "auto vhost0" + - "iface vhost0 inet static" + - "\tpre-up /opt/contrail/bin/if-vhost0" + - "\tnetwork_name application" + - "\taddress {{ contrail_address }}" + - "\tnetmask {{ contrail_netmask }}" + +- name: "delete temporary files" + file: + dest: "{{ item }}" + state: "absent" + with_items: + - "/tmp/contrail-interfaces-top" + - "/tmp/contrail-interfaces-bottom" + +- name: "fix up contrail vrouter nodemgr config" + ini_file: + dest: "/etc/contrail/contrail-vrouter-nodemgr.conf" + section: "DISCOVERY" + option: "server" + value: "{{ contrail_haproxy_address }}" + +- name: "add tsn to contrail" + shell: "python /opt/contrail/utils/provision_vrouter.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }} --router_type tor-service-node" diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-webui.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-webui.yml new file mode 100755 index 00000000..eb6301b2 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-webui.yml @@ -0,0 +1,63 @@ +--- +#- hosts: webui +# sudo: yes +# tasks: + +- name: "enable supervisor webui" + file: + path: "/etc/init/supervisor-webui.override" + state: "absent" + +- name: "redis-setup" + include: -redis-setup.yml + +- name: "node-common" + include: -node-common.yml + +- name: "set first cassandra host address" + set_fact: + cassandra_addrs: "'{{ hostvars[item.1]['contrail_address'] }}'" + with_indexed_items: groups['opencontrail_database'] + when: item.0 == 0 + +- name: "set second or more cassandra host addresses" + set_fact: + cassandra_addrs: "{{ cassandra_addrs }}, '{{ hostvars[item.1]['contrail_address'] }}'" + with_indexed_items: groups['opencontrail_database'] + when: item.0 > 0 + +- name: "modify webui global js" + lineinfile: + dest: "/etc/contrail/config.global.js" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: "^\\s*config.networkManager.ip", line: "config.networkManager.ip = '{{ contrail_haproxy_address }}';" } + - { regexp: "^\\s*config.imageManager.ip", line: "config.imageManager.ip = '{{ contrail_keystone_address }}';" } + - { regexp: "^\\s*config.computeManager.ip", line: "config.computeManager.ip = '{{ contrail_keystone_address }}';" } + - { regexp: "^\\s*config.identityManager.ip", line: "config.identityManager.ip = '{{ contrail_keystone_address }}';" } + - { regexp: "^\\s*config.storageManager.ip", line: "config.storageManager.ip = '{{ contrail_keystone_address }}';" } + - { regexp: "^\\s*config.cnfg.server_ip", line: "config.cnfg.server_ip = '{{ contrail_haproxy_address }}';" } + - { regexp: "^\\s*config.analytics.server_ip", line: "config.analytics.server_ip = '{{ contrail_haproxy_address }}';" } + - { regexp: "^\\s*config.cassandra.server_ips", line: "config.cassandra.server_ips = [{{ cassandra_addrs }}];" } + +- name: "modify webui userauth js" + lineinfile: + dest: "/etc/contrail/contrail-webui-userauth.js" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: "^\\s*auth.admin_user", line: "auth.admin_user = '{{ contrail_admin_user }}';" } + - { regexp: "^\\s*auth.admin_password", line: "auth.admin_password = '{{ contrail_admin_password }}';" } + - { regexp: "^\\s*auth.admin_tenant_name", line: "auth.admin_tenant_name = 'admin';" } + +- name: "create symbolic link from nodejs to node" + file: + src: "/usr/bin/node" + dest: "/usr/bin/nodejs" + state: "link" + +- name: "restart supervisor webui" + service: + name: "supervisor-webui" + state: "restarted" |