diff options
Diffstat (limited to 'deploy/adapters/ansible')
33 files changed, 512 insertions, 151 deletions
diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/ceph-osd/tasks/install_osd.yml b/deploy/adapters/ansible/openstack_mitaka/roles/ceph-osd/tasks/install_osd.yml index 0e476085..35e84cf8 100644 --- a/deploy/adapters/ansible/openstack_mitaka/roles/ceph-osd/tasks/install_osd.yml +++ b/deploy/adapters/ansible/openstack_mitaka/roles/ceph-osd/tasks/install_osd.yml @@ -11,6 +11,11 @@ - name: create osd lv and mount it on /var/local/osd script: create_osd.sh +- name: fetch osd keyring from ceph_adm + fetch: src="/var/lib/ceph/bootstrap-osd/ceph.keyring" dest="/tmp/ceph.osd.keyring" flat=yes + delegate_to: "{{ public_vip.ip }}" + when: compute_expansion + - name: copy osd keyring copy: src="/tmp/ceph.osd.keyring" dest="/var/lib/ceph/bootstrap-osd/ceph.keyring" diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/tacker/files/tacker.conf b/deploy/adapters/ansible/openstack_mitaka/roles/tacker/files/tacker.conf new file mode 100644 index 00000000..0c90dcb9 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka/roles/tacker/files/tacker.conf @@ -0,0 +1,36 @@ +description "OpenStack Tacker Server" +author "Yifei Xue <xueyifei@huawei.com>" + +start on runlevel [2345] +stop on runlevel [!2345] + +chdir /var/run + +respawn +respawn limit 20 5 +limit nofile 65535 65535 + +pre-start script + for i in lock run log lib ; do + mkdir -p /var/$i/tacker + chown root /var/$i/tacker + done +end script + +script + [ -x "/usr/local/bin/tacker-server" ] || exit 0 + DAEMON_ARGS="" + CONFIG_FILE="/usr/local/etc/tacker/tacker.conf" + USE_SYSLOG="" + USE_LOGFILE="" + NO_OPENSTACK_CONFIG_FILE_DAEMON_ARG="" + [ -r /etc/default/openstack ] && . /etc/default/openstack + [ -r /etc/default/$UPSTART_JOB ] && . /etc/default/$UPSTART_JOB + [ "x$USE_SYSLOG" = "xyes" ] && DAEMON_ARGS="$DAEMON_ARGS --use-syslog" + [ "x$USE_LOGFILE" != "xno" ] && DAEMON_ARGS="$DAEMON_ARGS --log-file=/var/log/tacker/tacker.log" + [ -z "$NO_OPENSTACK_CONFIG_FILE_DAEMON_ARG" ] && DAEMON_ARGS="$DAEMON_ARGS --config-file=$CONFIG_FILE" + + exec start-stop-daemon --start --chdir /var/lib/tacker \ + --chuid root:root --make-pidfile --pidfile /var/run/tacker/tacker.pid \ + --exec /usr/local/bin/tacker-server -- ${DAEMON_ARGS} +end script diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/tacker/tasks/tacker_controller.yml b/deploy/adapters/ansible/openstack_mitaka/roles/tacker/tasks/tacker_controller.yml new file mode 100755 index 00000000..cd3b19e8 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka/roles/tacker/tasks/tacker_controller.yml @@ -0,0 +1,215 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: get http server + shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf + register: http_server + +- name: creat tacker_home, tacker_client_home, tacker_horizon_home + shell: > + mkdir -p /opt/tacker + mkdir -p /opt/tacker_client + mkdir -p /opt/tacker_horizon + +- name: download tacker package + get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/tacker/{{ tacker_pkg_name }}" dest=/opt/{{ tacker_pkg_name }} + +- name: download tacker_client package + get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/tacker/{{ tacker_client_pkg_name }}" dest=/opt/{{ tacker_client_pkg_name }} + +- name: download tacker_horizon package + get_url: url="http://{{ http_server.stdout_lines[0] }}/packages/tacker/{{ tacker_horizon_pkg_name }}" dest=/opt/{{ tacker_horizon_pkg_name }} + +- name: extract tacker package + command: su -s /bin/sh -c "tar xzf /opt/{{ tacker_pkg_name }} -C {{ tacker_home }} --strip-components 1 --no-overwrite-dir -k --skip-old-files" + +- name: extract tacker_client package + command: su -s /bin/sh -c "tar xzf /opt/{{ tacker_client_pkg_name }} -C {{ tacker_client_home }} --strip-components 1 --no-overwrite-dir -k --skip-old-files" + +- name: extract tacker_horizon package + command: su -s /bin/sh -c "tar xzf /opt/{{ tacker_horizon_pkg_name }} -C {{ tacker_horizon_home }} --strip-components 1 --no-overwrite-dir -k --skip-old-files" + +- name: edit ml2_conf.ini + shell: crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security; + +- name: Restart neutron-server + service: name=neutron-server state=restarted + +- name: "create haproxy configuration for tacker" + template: + src: "haproxy-tacker-cfg.j2" + dest: "/tmp/haproxy-tacker.cfg" + +- name: get the current haproxy configuration + shell: cat /etc/haproxy/haproxy.cfg + register: ha_cfg + +- name: "combination of the haproxy configuration" + shell: "cat /tmp/haproxy-tacker.cfg >> /etc/haproxy/haproxy.cfg" + when: ha_cfg.stdout.find('8888') == -1 + +- name: "delete temporary configuration file" + file: + dest: "/tmp/haproxy-tacker.cfg" + state: "absent" + +- name: "restart haproxy" + service: + name: "haproxy" + state: "restarted" + +- name: drop and recreate tacker database + shell: mysql -e "drop database if exists tacker;"; + mysql -e "create database tacker character set utf8;"; + mysql -e "grant all on tacker.* to 'tacker'@'%' identified by 'TACKER_DBPASS';"; + when: inventory_hostname == haproxy_hosts.keys()[0] + +- name: get the openstack user info + shell: . /opt/admin-openrc.sh; openstack user list + register: user_info + +- name: get the openstack service info + shell: . /opt/admin-openrc.sh; openstack service list + register: service_info + +- name: get the openstack endpoint info + shell: . /opt/admin-openrc.sh; openstack endpoint list + register: endpoint_info + +- name: delete the existed tacker endpoint + shell: . /opt/admin-openrc.sh; openstack endpoint delete $(openstack endpoint list | grep tacker | awk '{print $2}') + when: endpoint_info.stdout.find('tacker') != -1 and inventory_hostname == haproxy_hosts.keys()[0] + +- name: delete the existed tacker service + shell: . /opt/admin-openrc.sh; openstack service delete tacker + when: service_info.stdout.find('tacker') != -1 and inventory_hostname == haproxy_hosts.keys()[0] + +- name: delete the existed tacker user + shell: . /opt/admin-openrc.sh; openstack user delete tacker + when: user_info.stdout.find('tacker') != -1 and inventory_hostname == haproxy_hosts.keys()[0] + +- name: create tacker user with admin privileges + shell: . /opt/admin-openrc.sh; openstack user create --password console tacker; openstack role add --project service --user tacker admin; + when: inventory_hostname == haproxy_hosts.keys()[0] + +- name: creat tacker service + shell: > + . /opt/admin-openrc.sh; openstack service create --name tacker --description "Tacker Project" nfv-orchestration + when: inventory_hostname == haproxy_hosts.keys()[0] + +- name: provide an endpoint to tacker service + shell: > + . /opt/admin-openrc.sh; openstack endpoint create --region RegionOne \ + --publicurl 'http://{{ public_vip.ip }}:8888/' \ + --adminurl 'http://{{ internal_vip.ip }}:8888/' \ + --internalurl 'http://{{ internal_vip.ip }}:8888/' tacker + when: inventory_hostname == haproxy_hosts.keys()[0] + +- name: install pip package + pip: name=Babel state=present version=2.3.4 + +- name: install pip packages + shell: > + pip install tosca-parser heat-translator oslosphinx; + +- name: install tacker + shell: > + . /opt/admin-openrc.sh; cd {{ tacker_home }}; python setup.py install + +- name: create 'tacker' directory in '/var/cache', set ownership and permissions + shell: > + mkdir -p /var/cache/tacker +# sudo chown <LOGIN_USER>:root /var/cache/tacker +# chmod 700 /var/cache/tacker + +- name: create 'tacker' directory in '/var/log' + shell: mkdir -p /var/log/tacker + +- name: copy tacker configs + template: src={{ item.src }} dest=/opt/os_templates + with_items: "{{ tacker_configs_templates }}" + +- name: edit tacker configuration file + shell: crudini --merge /usr/local/etc/tacker/tacker.conf < /opt/os_templates/tacker.j2 + +- name: populate tacker database + shell: > + . /opt/admin-openrc.sh; /usr/local/bin/tacker-db-manage --config-file /usr/local/etc/tacker/tacker.conf upgrade head + when: inventory_hostname == haproxy_hosts.keys()[0] + +- name: install tacker client + shell: > + . /opt/admin-openrc.sh; cd {{ tacker_client_home }}; python setup.py install + +- name: install tacker horizon + shell: > + . /opt/admin-openrc.sh; cd {{ tacker_horizon_home }}; python setup.py install + +- name: enable tacker horizon in dashboard + shell: > + cp {{ tacker_horizon_home }}/openstack_dashboard_extensions/* /usr/share/openstack-dashboard/openstack_dashboard/enabled/ + +- name: restart apache server + shell: service apache2 restart + +- name: create tacker service + copy: src=tacker.conf dest=/etc/init + +- name: create tacker service work dir + file: path=/var/lib/tacker state=directory + +- name: link the tacker service + file: + src: /etc/init/tacker.conf + dest: /etc/init.d/tacker + state: link + +- name: start tacker service + shell: service tacker start + +- name: create tackerc file + template: src=tackerc.sh dest=/opt/tackerc.sh mode=777 + +- name: get the nfv_user info + shell: . /opt/tackerc.sh; openstack user list + register: nfvuser_info + +- name: delete the existed nfv user + shell: . /opt/tackerc.sh; openstack user delete nfv_user + when: nfvuser_info.stdout.find('nfv') != -1 and inventory_hostname == haproxy_hosts.keys()[0] + +- name: get the openstack project info + shell: . /opt/tackerc.sh; openstack project list + register: nfvproject_info + +- name: delete the existed nfv project + shell: . /opt/tackerc.sh; openstack project delete $(openstack project list | grep nfv | awk '{print $2}') + when: nfvproject_info.stdout.find('nfv') != -1 and inventory_hostname == haproxy_hosts.keys()[0] + +- name: create an nfv project + shell: . /opt/tackerc.sh; openstack project create --description "NFV Project" nfv + when: inventory_hostname == haproxy_hosts.keys()[0] + +- name: create nfv user with admin privileges + shell: . /opt/tackerc.sh; openstack user create --password console nfv_user; openstack role add --project nfv --user nfv_user admin; + when: inventory_hostname == haproxy_hosts.keys()[0] + +- name: create config.yml + template: src=config.yaml dest=/opt/config.yaml + +- name: check if tacker running + shell: . /opt/tackerc.sh; while (!(tacker ext-list)); do sleep 30; done + +- name: register VIM to tacker + shell: . /opt/tackerc.sh; tacker vim-register --config-file /opt/config.yaml --description "OpenStack" --name VIM0 + when: inventory_hostname == haproxy_hosts.keys()[0] + +- name: restart tacker service + shell: service tacker stop; service tacker start + diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/tacker/templates/config.yaml b/deploy/adapters/ansible/openstack_mitaka/roles/tacker/templates/config.yaml new file mode 100644 index 00000000..8f73e907 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka/roles/tacker/templates/config.yaml @@ -0,0 +1,4 @@ +auth_url: 'http://{{ public_vip.ip }}:5000/v2.0' +username: 'nfv_user' +password: 'console' +project_name: 'nfv' diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/tacker/templates/tackerc.sh b/deploy/adapters/ansible/openstack_mitaka/roles/tacker/templates/tackerc.sh new file mode 100644 index 00000000..c673e7f1 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka/roles/tacker/templates/tackerc.sh @@ -0,0 +1,12 @@ +#!/bin/sh +export LC_ALL=C +export OS_NO_CACHE=true +export OS_TENANT_NAME=service +export OS_PROJECT_NAME=service +export OS_USERNAME=tacker +export OS_PASSWORD=console +export OS_AUTH_URL=http://{{ internal_vip.ip }}:5000/v2.0 +export OS_DEFAULT_DOMAIN=default +export OS_AUTH_STRATEGY=keystone +export OS_REGION_NAME=RegionOne +export TACKER_ENDPOINT_TYPE=internalurl diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/ceph-osd/tasks/install_osd.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/ceph-osd/tasks/install_osd.yml index 16f261ef..363e5e6d 100644 --- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/ceph-osd/tasks/install_osd.yml +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/ceph-osd/tasks/install_osd.yml @@ -11,6 +11,11 @@ - name: create osd lv and mount it on /var/local/osd script: create_osd.sh +- name: fetch osd keyring from ceph_adm + fetch: src="/var/lib/ceph/bootstrap-osd/ceph.keyring" dest="/tmp/ceph.osd.keyring" flat=yes + delegate_to: "{{ public_vip.ip }}" + when: compute_expansion + - name: copy osd keyring copy: src="/tmp/ceph.osd.keyring" dest="/var/lib/ceph/bootstrap-osd/ceph.keyring" diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 index 89a70686..664af687 100755 --- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 @@ -1,6 +1,6 @@ {% set work_threads = (ansible_processor_vcpus + 1) // 2 %} {% if work_threads > 10 %} - set work_threads = 10 +{% set work_threads = 10 %} {% endif %} <VirtualHost {{ internal_ip }}:80> diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 index f5f9d339..55c89839 100644 --- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 @@ -1,6 +1,6 @@ {% set work_threads = (ansible_processor_vcpus + 1) // 2 %} {% if work_threads > 10 %} - set work_threads = 10 +{% set work_threads = 10 %} {% endif %} <VirtualHost {{ internal_ip }}:5000> diff --git a/deploy/adapters/ansible/openstack_newton_xenial/HA-ansible-multinodes.yml b/deploy/adapters/ansible/openstack_newton_xenial/HA-ansible-multinodes.yml index 25847ce5..236035e0 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/HA-ansible-multinodes.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/HA-ansible-multinodes.yml @@ -74,7 +74,7 @@ - ceilometer_controller - dashboard - heat -# - aodh + - aodh - hosts: all remote_user: root diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/tasks/aodh_install.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/tasks/aodh_install.yml index eb51fbea..d8a82270 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/tasks/aodh_install.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/tasks/aodh_install.yml @@ -14,12 +14,9 @@ with_items: packages | union(packages_noarch) - name: update aodh conf - template: src={{ item }} dest=/etc/aodh/aodh.conf - backup=yes + template: src={{ item }} dest=/etc/aodh/aodh.conf backup=yes with_items: - aodh.conf.j2 -# - api_paste.ini.j2 -# - policy.json.j2 notify: - restart aodh services diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/templates/aodh.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/templates/aodh.conf.j2 index b580d78c..d9eb0599 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/templates/aodh.conf.j2 +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/templates/aodh.conf.j2 @@ -5,17 +5,16 @@ {% set memcached_servers = memcached_servers|join(',') %} [DEFAULT] +transport_url = rabbit://{{ RABBIT_USER }}:{{ RABBIT_PASS }}@{{ rabbit_host }} +rpc_backend = rabbit + bind_host = {{ internal_ip }} bind_port = 8042 -rpc_backend = rabbit auth_strategy = keystone debug = True -[oslo_messaging_rabbit] -rabbit_hosts = {{ internal_vip.ip }} -rabbit_userid = {{ RABBIT_USER }} -rabbit_password = {{ RABBIT_PASS }} -#rabbit_use_ssl = false +[api] +host = {{ internal_ip }} [database] connection = mysql://aodh:{{ AODH_DBPASS }}@{{ db_host }}/aodh @@ -23,25 +22,27 @@ connection = mysql://aodh:{{ AODH_DBPASS }}@{{ db_host }}/aodh [keystone_authtoken] auth_uri = http://{{ internal_vip.ip }}:5000 auth_url = http://{{ internal_vip.ip }}:35357 +memcached_servers = {{ memcached_servers }} +auth_type = password +project_domain_name = default +user_domain_name = default +project_name = service +username = aodh +password = {{ AODH_PASS }} + identity_uri = http://{{ internal_vip.ip }}:35357 auth_plugin = password project_domain_id = default user_domain_id = default -project_name = service -username = aodh -password = {{ AODH_PASS }} -memcached_servers = {{ memcached_servers }} token_cache_time = 300 revocation_cache_time = 60 -[service_credentials] -os_auth_url = http://{{ internal_vip.ip }}:5000/v3 -os_username = aodh -os_tenant_name = service -os_password = {{ AODH_PASS }} -os_endpoint_type = internalURL -os_region_name = RegionOne +[oslo_messaging_rabbit] +rabbit_hosts = {{ internal_vip.ip }} +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} +[service_credentials] auth_type = password auth_url = http://{{ internal_vip.ip }}:5000/v3 project_domain_name = default @@ -52,5 +53,4 @@ password = {{ AODH_PASS }} interface = internalURL region_name = RegionOne -[api] -host = {{ internal_ip }} +endpoint_type = internalURL diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/templates/api_paste.ini.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/templates/api_paste.ini.j2 deleted file mode 100644 index 151789c4..00000000 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/templates/api_paste.ini.j2 +++ /dev/null @@ -1,22 +0,0 @@ -# aodh API WSGI Pipeline -# Define the filters that make up the pipeline for processing WSGI requests -# Note: This pipeline is PasteDeploy's term rather than aodh's pipeline -# used for processing samples - -# Remove authtoken from the pipeline if you don't want to use keystone authentication -[pipeline:main] -pipeline = cors request_id authtoken api-server - -[app:api-server] -paste.app_factory = aodh.api.app:app_factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory -oslo_config_project = aodh - -[filter:request_id] -paste.filter_factory = oslo_middleware:RequestId.factory - -[filter:cors] -paste.filter_factory = oslo_middleware.cors:filter_factory -oslo_config_project = aodh diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/templates/policy.json.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/templates/policy.json.j2 deleted file mode 100644 index 4fd873e9..00000000 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/templates/policy.json.j2 +++ /dev/null @@ -1,20 +0,0 @@ -{ - "context_is_admin": "role:admin", - "segregation": "rule:context_is_admin", - "admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s", - "default": "rule:admin_or_owner", - - "telemetry:get_alarm": "rule:admin_or_owner", - "telemetry:get_alarms": "rule:admin_or_owner", - "telemetry:query_alarm": "rule:admin_or_owner", - - "telemetry:create_alarm": "", - "telemetry:change_alarm": "rule:admin_or_owner", - "telemetry:delete_alarm": "rule:admin_or_owner", - - "telemetry:get_alarm_state": "rule:admin_or_owner", - "telemetry:change_alarm_state": "rule:admin_or_owner", - - "telemetry:alarm_history": "rule:admin_or_owner", - "telemetry:query_alarm_history": "rule:admin_or_owner" -} diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/vars/Debian.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/vars/Debian.yml index bdf4655e..9bf4ad7a 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/vars/Debian.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/vars/Debian.yml @@ -13,7 +13,7 @@ packages: - aodh-notifier - aodh-listener - aodh-expirer - - python-ceilometerclient + - python-aodhclient services: - aodh-api diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/vars/RedHat.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/vars/RedHat.yml index a0381c6b..3d25bd6c 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/vars/RedHat.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/aodh/vars/RedHat.yml @@ -13,7 +13,7 @@ packages: - openstack-aodh-notifier - openstack-aodh-listener - openstack-aodh-expirer - - python-ceilometerclient + - python-aodhclient services: - openstack-aodh-api diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/templates/ceilometer.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/templates/ceilometer.conf.j2 index f388df41..bffd6068 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/templates/ceilometer.conf.j2 +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_compute/templates/ceilometer.conf.j2 @@ -1,9 +1,3 @@ -{% set memcached_servers = [] %} -{% for host in haproxy_hosts.values() %} -{% set _ = memcached_servers.append('%s:11211'% host) %} -{% endfor %} -{% set memcached_servers = memcached_servers|join(',') %} - [DEFAULT] verbose = True rpc_backend = rabbit @@ -15,7 +9,6 @@ metering_secret = {{ metering_secret }} [keystone_authtoken] auth_uri = http://{{ internal_vip.ip }}:5000 auth_url = http://{{ internal_vip.ip }}:35357 -memcached_servers = {{ memcached_servers }} auth_type = password project_domain_name = default user_domain_name = default diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/wsgi-ceilometer.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/wsgi-ceilometer.conf.j2 index a6fd6840..9909f800 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/wsgi-ceilometer.conf.j2 +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceilometer_controller/templates/wsgi-ceilometer.conf.j2 @@ -1,6 +1,6 @@ {% set work_threads = (ansible_processor_vcpus + 1) // 2 %} {% if work_threads > 10 %} - set work_threads = 10 +{% set work_threads = 10 %} {% endif %} <VirtualHost {{ internal_ip }}:8777> diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceph-osd/tasks/install_osd.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceph-osd/tasks/install_osd.yml index 16f261ef..363e5e6d 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/ceph-osd/tasks/install_osd.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ceph-osd/tasks/install_osd.yml @@ -11,6 +11,11 @@ - name: create osd lv and mount it on /var/local/osd script: create_osd.sh +- name: fetch osd keyring from ceph_adm + fetch: src="/var/lib/ceph/bootstrap-osd/ceph.keyring" dest="/tmp/ceph.osd.keyring" flat=yes + delegate_to: "{{ public_vip.ip }}" + when: compute_expansion + - name: copy osd keyring copy: src="/tmp/ceph.osd.keyring" dest="/var/lib/ceph/bootstrap-osd/ceph.keyring" diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/cinder-volume/templates/cinder.conf b/deploy/adapters/ansible/openstack_newton_xenial/roles/cinder-volume/templates/cinder.conf index e4f98e82..e7946b5c 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/cinder-volume/templates/cinder.conf +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/cinder-volume/templates/cinder.conf @@ -1,9 +1,3 @@ -{% set memcached_servers = [] %} -{% for host in haproxy_hosts.values() %} -{% set _ = memcached_servers.append('%s:11211'% host) %} -{% endfor %} -{% set memcached_servers = memcached_servers|join(',') %} - [DEFAULT] rootwrap_config = /etc/cinder/rootwrap.conf api_paste_confg = /etc/cinder/api-paste.ini @@ -59,7 +53,6 @@ idle_timeout = 30 [keystone_authtoken] auth_uri = http://{{ internal_vip.ip }}:5000 auth_url = http://{{ internal_vip.ip }}:35357 -memcached_servers = {{ memcached_servers }} auth_type = password project_domain_name = default user_domain_name = default diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 index 89a70686..664af687 100755 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 @@ -1,6 +1,6 @@ {% set work_threads = (ansible_processor_vcpus + 1) // 2 %} {% if work_threads > 10 %} - set work_threads = 10 +{% set work_threads = 10 %} {% endif %} <VirtualHost {{ internal_ip }}:80> diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml index 3fea6e28..ea211470 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/tasks/keystone_config.yml @@ -92,10 +92,5 @@ - meta: flush_handlers - name: wait for keystone ready - wait_for: port=35357 delay=10 timeout=60 host={{ internal_ip }} + wait_for: port=35357 delay=15 timeout=60 host={{ internal_ip }} -- name: cron job to purge expired tokens hourly - cron: - name: 'purge expired tokens' - special_time: hourly - job: '/usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1' diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 index f5f9d339..55c89839 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 @@ -1,6 +1,6 @@ {% set work_threads = (ansible_processor_vcpus + 1) // 2 %} {% if work_threads > 10 %} - set work_threads = 10 +{% set work_threads = 10 %} {% endif %} <VirtualHost {{ internal_ip }}:5000> diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/neutron-compute/tasks/main.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/neutron-compute/tasks/main.yml index fd3e51d3..375e325d 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/neutron-compute/tasks/main.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/neutron-compute/tasks/main.yml @@ -63,7 +63,7 @@ file: src=/etc/neutron/plugins/ml2/ml2_conf.ini dest=/etc/neutron/plugin.ini state=link - name: config neutron - template: src=templates/neutron.conf + template: src=neutron.conf dest=/etc/neutron/neutron.conf backup=yes notify: - restart neutron compute service diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/neutron-compute/templates/neutron.conf b/deploy/adapters/ansible/openstack_newton_xenial/roles/neutron-compute/templates/neutron.conf new file mode 100644 index 00000000..a676e951 --- /dev/null +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/neutron-compute/templates/neutron.conf @@ -0,0 +1,105 @@ +[DEFAULT] +verbose = {{ VERBOSE }} +debug = {{ VERBOSE }} +state_path = /var/lib/neutron +lock_path = $state_path/lock +notify_nova_on_port_status_changes = True +notify_nova_on_port_data_changes = True +log_dir = /var/log/neutron +bind_host = {{ network_server_host }} +bind_port = 9696 +core_plugin = ml2 +service_plugins = router +api_paste_config = api-paste.ini +auth_strategy = keystone +dhcp_lease_duration = 86400 +allow_overlapping_ips = True +rpc_backend = rabbit +rpc_thread_pool_size = 240 +rpc_conn_pool_size = 100 +rpc_response_timeout = 300 +rpc_cast_timeout = 300 +notification_driver = neutron.openstack.common.notifier.rpc_notifier +default_notification_level = INFO +notification_topics = notifications +agent_down_time = 75 +network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler +router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler +api_workers = 8 +rpc_workers = 8 +notify_nova_on_port_status_changes = True +notify_nova_on_port_data_changes = True +nova_url = http://{{ internal_vip.ip }}:8774/v3 +nova_region_name = RegionOne +nova_admin_username = nova +nova_admin_password = {{ NOVA_PASS }} +nova_admin_auth_url = http://{{ internal_vip.ip }}:35357/v3 +send_events_interval = 2 + +[quotas] +quota_driver = neutron.db.quota_db.DbQuotaDriver +quota_items = network,subnet,port +default_quota = -1 +quota_network = 100 +quota_subnet = 100 +quota_port = 8000 +quota_security_group = 1000 +quota_security_group_rule = 1000 + +[agent] +root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf" +report_interval = 30 + +[keystone_authtoken] +auth_uri = http://{{ internal_vip.ip }}:5000 +auth_url = http://{{ internal_vip.ip }}:35357 +auth_type = password +project_domain_name = default +user_domain_name = default +project_name = service +username = neutron +password = {{ NEUTRON_PASS }} + +identity_uri = http://{{ internal_vip.ip }}:35357 +admin_tenant_name = service +admin_user = neutron +admin_password = {{ NEUTRON_PASS }} +signing_dir = $state_path/keystone-signing + +[database] +connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron +slave_connection = +max_retries = 10 +retry_interval = 10 +min_pool_size = 1 +max_pool_size = 100 +idle_timeout = 30 +use_db_reconnect = True +max_overflow = 100 +connection_debug = 0 +connection_trace = False +pool_timeout = 10 + +[service_providers] +service_provider=FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewllDriver:default + +{% if enable_fwaas %} +[fwaas] +driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver +enabled = True +{% endif %} + +[nova] +auth_url = http://{{ internal_vip.ip }}:35357 +auth_type = password +project_domain_name = default +user_domain_name = default +project_name = service +username = nova +password = {{ NOVA_PASS }} + +[oslo_messaging_rabbit] +rabbit_host = {{ rabbit_host }} +rabbit_password = {{ RABBIT_PASS }} +rabbit_port = 5672 +rabbit_userid = {{ RABBIT_USER }} diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/nova-compute/tasks/main.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/nova-compute/tasks/main.yml index 7bb4f347..16315b36 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/nova-compute/tasks/main.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/nova-compute/tasks/main.yml @@ -30,13 +30,6 @@ state=absent when: ansible_os_family == "Debian" -- name: update nova-compute conf - template: src=templates/{{ item }} dest=/etc/nova/{{ item }} - with_items: - - nova.conf - notify: - - restart nova-compute services - - name: get number of cpu support virtualization shell: egrep -c '(vmx|svm)' /proc/cpuinfo register: kvm_cpu_num @@ -44,6 +37,7 @@ - name: update nova-compute conf template: src={{ item }} dest=/etc/nova/{{ item }} with_items: + - nova.conf - nova-compute.conf notify: - restart nova-compute services diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/nova-compute/templates/nova.conf b/deploy/adapters/ansible/openstack_newton_xenial/roles/nova-compute/templates/nova.conf index 5f8fb887..8d7e9a5f 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/nova-compute/templates/nova.conf +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/nova-compute/templates/nova.conf @@ -1,10 +1,10 @@ -{% set memcached_servers = [] %} -{% for host in haproxy_hosts.values() %} -{% set _ = memcached_servers.append('%s:11211'% host) %} -{% endfor %} -{% set memcached_servers = memcached_servers|join(',') %} - [DEFAULT] +transport_url = rabbit://{{ RABBIT_USER }}:{{ RABBIT_PASS }}@{{ rabbit_host }} +auth_strategy = keystone +my_ip = {{ internal_ip }} +use_neutron = True +firewall_driver = nova.virt.firewall.NoopFirewallDriver + dhcpbridge_flagfile=/etc/nova/nova.conf dhcpbridge=/usr/bin/nova-dhcpbridge log-dir=/var/log/nova @@ -13,25 +13,15 @@ force_dhcp_release=True verbose={{ VERBOSE }} ec2_private_dns_show_ip=True enabled_apis=osapi_compute,metadata - -auth_strategy = keystone -my_ip = {{ internal_ip }} -use_neutron = True -firewall_driver = nova.virt.firewall.NoopFirewallDriver -transport_url = rabbit://openstack:{{ RABBIT_PASS }}@{{ rabbit_host }} default_floating_pool={{ public_net_info.network }} metadata_listen={{ internal_ip }} linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver - iscsi_helper=tgtadm connection_type=libvirt root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf debug={{ DEBUG }} volumes_path=/var/lib/nova/volumes rpc_backend = rabbit -rabbit_host = {{ rabbit_host }} -rabbit_userid = {{ RABBIT_USER }} -rabbit_password = {{ RABBIT_PASS }} osapi_compute_listen={{ internal_ip }} network_api_class = nova.network.neutronv2.api.API security_group_api = neutron @@ -40,34 +30,26 @@ instance_usage_audit_period = hour notify_on_state_change = vm_and_task_state notification_driver = nova.openstack.common.notifier.rpc_notifier notification_driver = ceilometer.compute.nova_notifier -memcached_servers = {{ memcached_servers }} -[database] -# The SQLAlchemy connection string used to connect to the database -connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova +[api_database] +connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova_api idle_timeout = 30 pool_timeout = 10 use_db_reconnect = True -[api_database] -connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova_api +[database] +connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova idle_timeout = 30 pool_timeout = 10 use_db_reconnect = True -[oslo_concurrency] -lock_path=/var/lib/nova/tmp - -[libvirt] -use_virtio_for_bridges=True - -[wsgi] -api_paste_config=/etc/nova/api-paste.ini +[glance] +api_servers = http://{{ internal_vip.ip }}:9292 +host = {{ internal_vip.ip }} [keystone_authtoken] auth_uri = http://{{ internal_vip.ip }}:5000 auth_url = http://{{ internal_vip.ip }}:35357 -memcached_servers = {{ memcached_servers }} auth_type = password project_domain_name = default user_domain_name = default @@ -80,17 +62,8 @@ admin_tenant_name = service admin_user = nova admin_password = {{ NOVA_PASS }} -[vnc] -enabled = True -vncserver_listen = {{ internal_ip }} -vncserver_proxyclient_address = {{ internal_ip }} -novncproxy_base_url = http://{{ public_vip.ip }}:6080/vnc_auto.html -novncproxy_host = {{ internal_ip }} -novncproxy_port = 6080 - -[glance] -api_servers = http://{{ internal_vip.ip }}:9292 -host = {{ internal_vip.ip }} +[libvirt] +use_virtio_for_bridges=True [neutron] url = http://{{ internal_vip.ip }}:9696 @@ -111,3 +84,21 @@ admin_username = neutron admin_password = {{ NEUTRON_PASS }} admin_auth_url = http://{{ internal_vip.ip }}:35357/v3 +[oslo_concurrency] +lock_path=/var/lib/nova/tmp + +[oslo_messaging_rabbit] +rabbit_host = {{ rabbit_host }} +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} + +[vnc] +enabled = True +vncserver_listen = {{ internal_ip }} +vncserver_proxyclient_address = {{ internal_ip }} +novncproxy_base_url = http://{{ public_vip.ip }}:6080/vnc_auto.html +novncproxy_host = {{ internal_ip }} +novncproxy_port = 6080 + +[wsgi] +api_paste_config=/etc/nova/api-paste.ini diff --git a/deploy/adapters/ansible/openstack_osp9/roles/ceph-osd/tasks/install_osd.yml b/deploy/adapters/ansible/openstack_osp9/roles/ceph-osd/tasks/install_osd.yml index 0e476085..35e84cf8 100755 --- a/deploy/adapters/ansible/openstack_osp9/roles/ceph-osd/tasks/install_osd.yml +++ b/deploy/adapters/ansible/openstack_osp9/roles/ceph-osd/tasks/install_osd.yml @@ -11,6 +11,11 @@ - name: create osd lv and mount it on /var/local/osd script: create_osd.sh +- name: fetch osd keyring from ceph_adm + fetch: src="/var/lib/ceph/bootstrap-osd/ceph.keyring" dest="/tmp/ceph.osd.keyring" flat=yes + delegate_to: "{{ public_vip.ip }}" + when: compute_expansion + - name: copy osd keyring copy: src="/tmp/ceph.osd.keyring" dest="/var/lib/ceph/bootstrap-osd/ceph.keyring" diff --git a/deploy/adapters/ansible/roles/ceph-config/tasks/create_config.yml b/deploy/adapters/ansible/roles/ceph-config/tasks/create_config.yml index 891e23e0..771fb6ab 100755 --- a/deploy/adapters/ansible/roles/ceph-config/tasks/create_config.yml +++ b/deploy/adapters/ansible/roles/ceph-config/tasks/create_config.yml @@ -18,6 +18,11 @@ dest: "/tmp/ceph.conf" when: inventory_hostname in groups['ceph_adm'] +- name: fetch ceph conf from ceph_adm + fetch: src="/etc/ceph/ceph.conf" dest="/tmp/ceph.conf" flat=yes + delegate_to: "{{ public_vip.ip }}" + when: compute_expansion + - name: "make directory for ceph config file" file: path="/etc/ceph" state="directory" @@ -53,10 +58,20 @@ fetch: src="/tmp/ceph.mon.keyring" dest="/tmp/ceph.mon.keyring" flat=yes when: inventory_hostname in groups['ceph_adm'] +- name: fetch mon.keyring from ceph_adm + fetch: src="/tmp/ceph.mon.keyring" dest="/tmp/ceph.mon.keyring" flat=yes + delegate_to: "{{ public_vip.ip }}" + when: compute_expansion + - name: fetch client.admin.keyring to local fetch: src="/etc/ceph/ceph.client.admin.keyring" dest="/tmp/ceph.client.admin.keyring" flat=yes when: inventory_hostname in groups['ceph_adm'] +- name: fetch mon.keyring from ceph_adm + fetch: src="/etc/ceph/ceph.client.admin.keyring" dest="/tmp/ceph.client.admin.keyring" flat=yes + delegate_to: "{{ public_vip.ip }}" + when: compute_expansion + - name: copy mon.keyring to remote nodes copy: src="/tmp/ceph.mon.keyring" dest="/tmp/ceph.mon.keyring" diff --git a/deploy/adapters/ansible/roles/ceph-openstack/tasks/ceph_openstack_conf.yml b/deploy/adapters/ansible/roles/ceph-openstack/tasks/ceph_openstack_conf.yml index d7c414ee..0496ba97 100755 --- a/deploy/adapters/ansible/roles/ceph-openstack/tasks/ceph_openstack_conf.yml +++ b/deploy/adapters/ansible/roles/ceph-openstack/tasks/ceph_openstack_conf.yml @@ -28,13 +28,13 @@ ignore_errors: True - name: modify cinder.conf for ceph - shell: sed -i 's/^\(volume_driver\).*/\1 = cinder.volume.drivers.rbd.RBDDriver/g' /etc/cinder/cinder.conf && sed -i 's/^\(rbd_secret_uuid\).*/\1 = {{ ceph_uuid.stdout_lines[0] }}/g' /etc/cinder/cinder.conf && sed -i '/^\[DEFAULT/a rbd_pool = volumes\nrbd_ceph_conf = /etc/ceph/ceph.conf\nrbd_flatten_volume_from_snapshot = false\nrbd_max_clone_depth = 5\nrbd_store_chunk_size = 4\nrados_connect_timeout = -1\nglance_api_version = 2\nrbd_user = cinder\nrbd_secret_uuid = {{ ceph_uuid.stdout_lines[0] }}' /etc/cinder/cinder.conf && service {{ cinder_service }} restart + shell: sed -i 's/^\(volume_driver\).*/\1 = cinder.volume.drivers.rbd.RBDDriver/g' /etc/cinder/cinder.conf && sed -i 's/^\(rbd_secret_uuid\).*/\1 = {{ ceph_uuid }}/g' /etc/cinder/cinder.conf && sed -i '/^\[DEFAULT/a rbd_pool = volumes\nrbd_ceph_conf = /etc/ceph/ceph.conf\nrbd_flatten_volume_from_snapshot = false\nrbd_max_clone_depth = 5\nrbd_store_chunk_size = 4\nrados_connect_timeout = -1\nglance_api_version = 2\nrbd_user = cinder\nrbd_secret_uuid = {{ ceph_uuid }}' /etc/cinder/cinder.conf && service {{ cinder_service }} restart when: inventory_hostname in groups['compute'] tags: - ceph_conf_cinder - name: modify nova.conf for ceph - shell: sed -i 's/^\(images_type\).*/\1 = rbd/g' /etc/nova/nova-compute.conf && sed -i 's/^\(rbd_secret_uuid\).*/\1 = {{ ceph_uuid.stdout_lines[0] }}/g' /etc/nova/nova-compute.conf && sed -i '/^\[libvirt/a images_rbd_pool = vms\nimages_rbd_ceph_conf = /etc/ceph/ceph.conf\nrbd_user = cinder\nrbd_secret_uuid = {{ ceph_uuid.stdout_lines[0] }}\ndisk_cachemodes=\"network=writeback\"\nlive_migration_flag=\"VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_PERSIST_DEST,VIR_MIGRATE_TUNNELLED\"' /etc/nova/nova-compute.conf && service {{ nova_service }} restart + shell: sed -i 's/^\(images_type\).*/\1 = rbd/g' /etc/nova/nova-compute.conf && sed -i 's/^\(rbd_secret_uuid\).*/\1 = {{ ceph_uuid }}/g' /etc/nova/nova-compute.conf && sed -i '/^\[libvirt/a images_rbd_pool = vms\nimages_rbd_ceph_conf = /etc/ceph/ceph.conf\nrbd_user = cinder\nrbd_secret_uuid = {{ ceph_uuid }}\ndisk_cachemodes=\"network=writeback\"\nlive_migration_flag=\"VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_PERSIST_DEST,VIR_MIGRATE_TUNNELLED\"' /etc/nova/nova-compute.conf && service {{ nova_service }} restart when: inventory_hostname in groups['compute'] tags: - ceph_conf_nova diff --git a/deploy/adapters/ansible/roles/ceph-openstack/tasks/ceph_openstack_pre.yml b/deploy/adapters/ansible/roles/ceph-openstack/tasks/ceph_openstack_pre.yml index 78b71ec0..ece4154f 100755 --- a/deploy/adapters/ansible/roles/ceph-openstack/tasks/ceph_openstack_pre.yml +++ b/deploy/adapters/ansible/roles/ceph-openstack/tasks/ceph_openstack_pre.yml @@ -9,11 +9,39 @@ --- - name: gen ceph uuid shell: uuidgen - register: ceph_uuid + register: ceph_uuid_out run_once: true tags: - ceph_copy_secret +- name: set ceph uuid var + set_fact: + ceph_uuid: "{{ ceph_uuid_out.stdout_lines[0] }}" + when: not compute_expansion + tags: + - ceph_copy_secret + +- name: save ceph uuid for expansion + copy: content="{{ ceph_uuid }}" dest=/etc/ceph/ceph.uuid.libvirt + when: not compute_expansion and inventory_hostname in groups['controller'] + tags: + - ceph_copy_secret + +- name: fetch ceph uuid from controller node for expansion + shell: cat /etc/ceph/ceph.uuid.libvirt + register: ceph_uuid_out + delegate_to: "{{ public_vip.ip }}" + when: compute_expansion and inventory_hostname in groups['compute'] + tags: + - ceph_copy_secret + +- name: set ceph uuid var for expansion + set_fact: + ceph_uuid: "{{ ceph_uuid_out.stdout_lines[0] }}" + when: compute_expansion and inventory_hostname in groups['compute'] + tags: + - ceph_copy_secret + - name: gen template secret.xml local_action: module: "template" @@ -68,7 +96,7 @@ - name: create key for libvirt on compute nodes - shell: "virsh secret-define --file ~/secret.xml && virsh secret-set-value --secret {{ ceph_uuid.stdout_lines[0] }} --base64 $(cat client.cinder.key)" + shell: "virsh secret-define --file ~/secret.xml && virsh secret-set-value --secret {{ ceph_uuid }} --base64 $(cat client.cinder.key)" when: inventory_hostname in groups['compute'] tags: - ceph_copy_secret diff --git a/deploy/adapters/ansible/roles/ceph-openstack/templates/secret.j2 b/deploy/adapters/ansible/roles/ceph-openstack/templates/secret.j2 index a0ffc6e3..0195e099 100644 --- a/deploy/adapters/ansible/roles/ceph-openstack/templates/secret.j2 +++ b/deploy/adapters/ansible/roles/ceph-openstack/templates/secret.j2 @@ -1,5 +1,5 @@ <secret ephemeral='no' private='no'> - <uuid>{{ ceph_uuid.stdout_lines[0] }}</uuid> + <uuid>{{ ceph_uuid }}</uuid> <usage type='ceph'> <name>client.cinder secret</name> </usage> diff --git a/deploy/adapters/ansible/roles/ceph-osd/tasks/install_osd.yml b/deploy/adapters/ansible/roles/ceph-osd/tasks/install_osd.yml index e7e4a242..ff99d68a 100644 --- a/deploy/adapters/ansible/roles/ceph-osd/tasks/install_osd.yml +++ b/deploy/adapters/ansible/roles/ceph-osd/tasks/install_osd.yml @@ -11,6 +11,11 @@ - name: create osd lv and mount it on /var/local/osd script: create_osd.sh +- name: fetch osd keyring from ceph_adm + fetch: src="/var/lib/ceph/bootstrap-osd/ceph.keyring" dest="/tmp/ceph.osd.keyring" flat=yes + delegate_to: "{{ public_vip.ip }}" + when: compute_expansion + - name: copy osd keyring copy: src="/tmp/ceph.osd.keyring" dest="/var/lib/ceph/bootstrap-osd/ceph.keyring" diff --git a/deploy/adapters/ansible/roles/common/tasks/main.yml b/deploy/adapters/ansible/roles/common/tasks/main.yml index 8da5603c..1fa0de84 100644 --- a/deploy/adapters/ansible/roles/common/tasks/main.yml +++ b/deploy/adapters/ansible/roles/common/tasks/main.yml @@ -46,15 +46,15 @@ - name: make config template dir exist file: path=/opt/os_templates state=directory mode=0755 -- name: upgrade pip - pip: name=pip state=latest - - name: create pip config directory file: path=~/.pip state=directory - name: update pip.conf template: src=pip.conf dest=~/.pip/{{ pip_conf }} +- name: upgrade pip + pip: name=pip state=latest + - name: install pip packages pip: name={{ item }} state=present extra_args='--pre' with_items: pip_packages |