diff options
Diffstat (limited to 'deploy/adapters/ansible')
22 files changed, 837 insertions, 235 deletions
diff --git a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml index f328d959..2a3e649a 100644 --- a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml +++ b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml @@ -10,250 +10,23 @@ --- - hosts: all remote_user: root - pre_tasks: - - name: make sure ssh dir exist - file: - path: '{{ item.path }}' - owner: '{{ item.owner }}' - group: '{{ item.group }}' - state: directory - mode: 0755 - with_items: - - path: /root/.ssh - owner: root - group: root - - - name: write ssh config - copy: - content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no" - dest: '{{ item.dest }}' - owner: '{{ item.owner }}' - group: '{{ item.group }}' - mode: 0600 - with_items: - - dest: /root/.ssh/config - owner: root - group: root - - - name: generate ssh keys - shell: if [ ! -f ~/.ssh/id_rsa.pub ]; \ - then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; \ - else echo "already gen ssh key!"; fi; - - - name: fetch ssh keys - fetch: - src: /root/.ssh/id_rsa.pub - dest: /tmp/ssh-keys-{{ ansible_hostname }} - flat: "yes" - - - authorized_key: - user: root - key: "{{ lookup('file', item) }}" - with_fileglob: - - /tmp/ssh-keys-* - max_fail_percentage: 0 - roles: - - common - -- hosts: all - remote_user: root - max_fail_percentage: 0 - roles: - - setup-network - -- hosts: ha - remote_user: root - max_fail_percentage: 0 roles: - - ha + - pre-prepare - hosts: controller remote_user: root - max_fail_percentage: 0 roles: - - memcached - - apache - - database - - mq - - keystone - - nova-controller - - neutron-controller - - cinder-controller - - glance - - neutron-common - - neutron-network - - ceilometer_controller - - dashboard - - heat - - aodh - - congress - -- hosts: all - remote_user: root - max_fail_percentage: 0 - roles: - - storage + - config-controller - hosts: compute remote_user: root - max_fail_percentage: 0 - roles: - - nova-compute - - neutron-compute - - cinder-volume - - ceilometer_compute - -- hosts: all - remote_user: root - max_fail_percentage: 0 - roles: [] -# - moon - -- hosts: all - remote_user: root - max_fail_percentage: 0 roles: - - secgroup - -- hosts: ceph_adm - remote_user: root - max_fail_percentage: 0 - roles: [] -# - ceph-deploy - -- hosts: ceph - remote_user: root - max_fail_percentage: 0 - roles: - - ceph-purge - - ceph-config - -- hosts: ceph_mon - remote_user: root - max_fail_percentage: 0 - roles: - - ceph-mon - -- hosts: ceph_osd - remote_user: root - max_fail_percentage: 0 - roles: - - ceph-osd - -- hosts: ceph - remote_user: root - max_fail_percentage: 0 - roles: - - ceph-openstack - -- hosts: all - remote_user: root - max_fail_percentage: 0 - roles: - - monitor - -- hosts: all - remote_user: root - max_fail_percentage: 0 - tasks: - - name: set bash to nova - user: - name: nova - shell: /bin/bash + - config-compute - - name: make sure ssh dir exist - file: - path: '{{ item.path }}' - owner: '{{ item.owner }}' - group: '{{ item.group }}' - state: directory - mode: 0755 - with_items: - - path: /var/lib/nova/.ssh - owner: nova - group: nova - - - name: copy ssh keys for nova - shell: cp -rf /root/.ssh/id_rsa /var/lib/nova/.ssh; - - - name: write ssh config - copy: - content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no" - dest: '{{ item.dest }}' - owner: '{{ item.owner }}' - group: '{{ item.group }}' - mode: 0600 - with_items: - - dest: /var/lib/nova/.ssh/config - owner: nova - group: nova - - - authorized_key: - user: nova - key: "{{ lookup('file', item) }}" - with_fileglob: - - /tmp/ssh-keys-* - - - name: chown ssh file - shell: chown -R nova:nova /var/lib/nova/.ssh; - -- hosts: all - remote_user: root - max_fail_percentage: 0 - roles: - - odl_cluster - -- hosts: all - remote_user: root - max_fail_percentage: 0 - roles: - - onos_cluster - -- hosts: all - remote_user: root - serial: 1 - max_fail_percentage: 0 - roles: - - odl_cluster_neutron - -- hosts: all - remote_user: root - max_fail_percentage: 0 - roles: - - odl_cluster_post - -- hosts: controller - remote_user: root - max_fail_percentage: 0 - roles: - - ext-network - -- hosts: controller - remote_user: root - max_fail_percentage: 0 - roles: -# - tacker - -- hosts: controller - remote_user: root - max_fail_percentage: 0 - roles: - - openstack-post - -- hosts: controller - remote_user: root - max_fail_percentage: 0 - roles: - - boot-recovery - -- hosts: controller - remote_user: root - max_fail_percentage: 0 - roles: - - controller-recovery - -- hosts: compute +- hosts: localhost remote_user: root - max_fail_percentage: 0 roles: - - compute-recovery + - config-deployment + - setup-host + - setup-infrastructure + - setup-openstack diff --git a/deploy/adapters/ansible/openstack_newton/.gitkeep b/deploy/adapters/ansible/openstack_ocata/.gitkeep index e69de29b..e69de29b 100644 --- a/deploy/adapters/ansible/openstack_newton/.gitkeep +++ b/deploy/adapters/ansible/openstack_ocata/.gitkeep diff --git a/deploy/adapters/ansible/roles/config-compute/handlers/main.yml b/deploy/adapters/ansible/roles/config-compute/handlers/main.yml new file mode 100644 index 00000000..c565498f --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/handlers/main.yml @@ -0,0 +1,14 @@ +############################################################################## +## Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +## All rights reserved. This program and the accompanying materials +## are made available under the terms of the Apache License, Version 2.0 +## which accompanies this distribution, and is available at +## http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: restart network service + shell: "/sbin/ifconfig eth0 0 &&/sbin/ifdown -a && \ + /sbin/ifup --ignore-errors -a" + +- name: restart nfs service + service: name=nfs-kernel-server state=restarted diff --git a/deploy/adapters/ansible/roles/config-compute/tasks/main.yml b/deploy/adapters/ansible/roles/config-compute/tasks/main.yml new file mode 100644 index 00000000..1c5b4865 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/tasks/main.yml @@ -0,0 +1,36 @@ +############################################################################## +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: configure network + template: + src: compute.j2 + dest: /etc/network/interfaces + notify: + - restart network service + +- name: Install apt packages + apt: + pkg: "nfs-kernel-server" + state: "present" + +- name: make nfs dircetory + file: "dest=/images mode=0777 state=directory" + +- name: configure service + shell: "echo 'nfs 2049/tcp' >> /etc/services; \ + echo 'nfs 2049/udp' >> /etc/services" + +- name: configure NFS + template: + src: exports + dest: /etc/exports + notify: + - restart nfs service + +- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/config-compute/templates/compute.j2 b/deploy/adapters/ansible/roles/config-compute/templates/compute.j2 new file mode 100644 index 00000000..8337fbcb --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/templates/compute.j2 @@ -0,0 +1,81 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +# The loopback network interface +auto lo +iface lo inet loopback + + +# Physical interface +auto eth0 +iface eth0 inet manual + + +# OpenStack Networking VXLAN (tunnel/overlay) VLAN interface +auto {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} +iface {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} inet manual + vlan-raw-device {{sys_intf_mappings["mgmt"]["interface"]}} + +# Storage network VLAN interface (optional) +auto {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} +iface {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} inet manual + vlan-raw-device {{sys_intf_mappings["storage"]["interface"]}} + +# Container/Host management bridge +auto br-mgmt +iface br-mgmt inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports eth0 + address {{host_info[inventory_hostname].MGMT_IP}} + netmask 255.255.255.0 + +# compute1 VXLAN (tunnel/overlay) bridge config +auto br-vxlan +iface br-vxlan inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} + address {{host_info[inventory_hostname].VXLAN_IP}} + netmask 255.255.252.0 + +# OpenStack Networking VLAN bridge +auto br-vlan +iface br-vlan inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{ network_cfg["provider_net_mappings"][0]["interface"] }} + address {{ip_settings[inventory_hostname]["br-prv"]["ip"]}} + netmask 255.255.255.0 + gateway {{ip_settings[inventory_hostname]["br-prv"]["gw"]}} + offload-sg off + # Create veth pair, don't bomb if already exists + pre-up ip link add br-vlan-veth type veth peer name eth12 || true + # Set both ends UP + pre-up ip link set br-vlan-veth up + pre-up ip link set eth12 up + # Delete veth pair on DOWN + post-down ip link del br-vlan-veth || true + bridge_ports br-vlan-veth + +# Add an additional address to br-vlan +iface br-vlan inet static + # Flat network default gateway + # -- This needs to exist somewhere for network reachability + # -- from the router namespace for floating IP paths. + # -- Putting this here is primarily for tempest to work. + address {{host_info[inventory_hostname].VLAN_IP_SECOND}} + netmask 255.255.252.0 + +# compute1 Storage bridge +auto br-storage +iface br-storage inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} + address {{ip_settings[inventory_hostname]["storage"]["ip"]}} + netmask 255.255.252.0 diff --git a/deploy/adapters/ansible/roles/config-compute/templates/exports b/deploy/adapters/ansible/roles/config-compute/templates/exports new file mode 100644 index 00000000..c2749c85 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/templates/exports @@ -0,0 +1,11 @@ +# /etc/exports: the access control list for filesystems which may be exported +# to NFS clients. See exports(5). +# +# Example for NFSv2 and NFSv3: +# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check) +# +# Example for NFSv4: +# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check) +# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check) +# +/images *(rw,sync,no_subtree_check,no_root_squash) diff --git a/deploy/adapters/ansible/roles/config-controller/controller.j2 b/deploy/adapters/ansible/roles/config-controller/controller.j2 new file mode 100755 index 00000000..a4f073f0 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/controller.j2 @@ -0,0 +1,66 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +# The loopback network interface +auto lo +iface lo inet loopback + +# Physical interface +auto eth0 +iface eth0 inet manual + +# OpenStack Networking VXLAN (tunnel/overlay) VLAN interface +auto {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} +iface {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} inet manual + vlan-raw-device {{sys_intf_mappings["mgmt"]["interface"]}} + +# Storage network VLAN interface (optional) +auto {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} +iface {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} inet manual + vlan-raw-device {{sys_intf_mappings["storage"]["interface"]}} + +# Container/Host management bridge +auto br-mgmt +iface br-mgmt inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports eth0 + address {{host_info[inventory_hostname].MGMT_IP}} + netmask 255.255.255.0 + +# OpenStack Networking VXLAN (tunnel/overlay) bridge +# +# Only the COMPUTE and NETWORK nodes must have an IP address +# on this bridge. When used by infrastructure nodes, the +# IP addresses are assigned to containers which use this +# bridge. +# +auto br-vxlan +iface br-vxlan inet manual + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} + +# OpenStack Networking VLAN bridge +auto br-vlan +iface br-vlan inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{ network_cfg["provider_net_mappings"][0]["interface"] }} + address {{ ip_settings[inventory_hostname]["br-prv"]["ip"] }} + netmask 255.255.255.0 + gateway {{ ip_settings[inventory_hostname]["br-prv"]["gw"] }} + dns-nameserver 8.8.8.8 8.8.4.4 + +# compute1 Storage bridge +auto br-storage +iface br-storage inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} + address {{ ip_settings[inventory_hostname]["storage"]["ip"] }} + netmask 255.255.252.0 diff --git a/deploy/adapters/ansible/roles/config-controller/handlers/main.yml b/deploy/adapters/ansible/roles/config-controller/handlers/main.yml new file mode 100644 index 00000000..3d979e6a --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/handlers/main.yml @@ -0,0 +1,11 @@ +############################################################################## +## Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +## All rights reserved. This program and the accompanying materials +## are made available under the terms of the Apache License, Version 2.0 +## which accompanies this distribution, and is available at +## http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: restart network service + shell: "/sbin/ifconfig eth0 0 &&/sbin/ifdown -a && \ + /sbin/ifup --ignore-errors -a" diff --git a/deploy/adapters/ansible/roles/config-controller/tasks/main.yml b/deploy/adapters/ansible/roles/config-controller/tasks/main.yml new file mode 100644 index 00000000..54e4bf1e --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/tasks/main.yml @@ -0,0 +1,17 @@ +############################################################################## +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: configure controller network + template: + src: controller.j2 + dest: /etc/network/interfaces + notify: + - restart network service + +- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/config-controller/templates/controller.j2 b/deploy/adapters/ansible/roles/config-controller/templates/controller.j2 new file mode 100755 index 00000000..a4f073f0 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/templates/controller.j2 @@ -0,0 +1,66 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +# The loopback network interface +auto lo +iface lo inet loopback + +# Physical interface +auto eth0 +iface eth0 inet manual + +# OpenStack Networking VXLAN (tunnel/overlay) VLAN interface +auto {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} +iface {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} inet manual + vlan-raw-device {{sys_intf_mappings["mgmt"]["interface"]}} + +# Storage network VLAN interface (optional) +auto {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} +iface {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} inet manual + vlan-raw-device {{sys_intf_mappings["storage"]["interface"]}} + +# Container/Host management bridge +auto br-mgmt +iface br-mgmt inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports eth0 + address {{host_info[inventory_hostname].MGMT_IP}} + netmask 255.255.255.0 + +# OpenStack Networking VXLAN (tunnel/overlay) bridge +# +# Only the COMPUTE and NETWORK nodes must have an IP address +# on this bridge. When used by infrastructure nodes, the +# IP addresses are assigned to containers which use this +# bridge. +# +auto br-vxlan +iface br-vxlan inet manual + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} + +# OpenStack Networking VLAN bridge +auto br-vlan +iface br-vlan inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{ network_cfg["provider_net_mappings"][0]["interface"] }} + address {{ ip_settings[inventory_hostname]["br-prv"]["ip"] }} + netmask 255.255.255.0 + gateway {{ ip_settings[inventory_hostname]["br-prv"]["gw"] }} + dns-nameserver 8.8.8.8 8.8.4.4 + +# compute1 Storage bridge +auto br-storage +iface br-storage inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} + address {{ ip_settings[inventory_hostname]["storage"]["ip"] }} + netmask 255.255.252.0 diff --git a/deploy/adapters/ansible/roles/config-deployment/files/cinder.yml b/deploy/adapters/ansible/roles/config-deployment/files/cinder.yml new file mode 100755 index 00000000..3a39935a --- /dev/null +++ b/deploy/adapters/ansible/roles/config-deployment/files/cinder.yml @@ -0,0 +1,13 @@ +--- +# This file contains an example to show how to set +# the cinder-volume service to run in a container. +# +# Important note: +# When using LVM or any iSCSI-based cinder backends, such as NetApp with +# iSCSI protocol, the cinder-volume service *must* run on metal. +# Reference: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1226855 + +container_skel: + cinder_volumes_container: + properties: + is_metal: true diff --git a/deploy/adapters/ansible/roles/config-deployment/tasks/main.yml b/deploy/adapters/ansible/roles/config-deployment/tasks/main.yml new file mode 100644 index 00000000..b0696010 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-deployment/tasks/main.yml @@ -0,0 +1,33 @@ +############################################################################## +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: create osa log directory + file: + path: /var/log/osa/ + state: directory + +- name: copy openstack_user_config + template: + src: openstack_user_config.yml.j2 + dest: /etc/openstack_deploy/openstack_user_config.yml + +- name: copy user_variables + template: + src: user_variables.yml + dest: /etc/openstack_deploy/user_variables.yml + +- name: copy cinder.yml + copy: + src: cinder.yml + dest: /etc/openstack_deploy/env.d/cinder.yml + +- name: copy ansible.cfg + template: + src: ansible.cfg + dest: /opt/openstack-ansible/playbooks/ diff --git a/deploy/adapters/ansible/roles/config-deployment/templates/ansible.cfg b/deploy/adapters/ansible/roles/config-deployment/templates/ansible.cfg new file mode 100644 index 00000000..41502fbf --- /dev/null +++ b/deploy/adapters/ansible/roles/config-deployment/templates/ansible.cfg @@ -0,0 +1,3 @@ +[ssh_connection] +retries = 5 +scp_if_ssh = True diff --git a/deploy/adapters/ansible/roles/config-deployment/templates/openstack_user_config.yml.j2 b/deploy/adapters/ansible/roles/config-deployment/templates/openstack_user_config.yml.j2 new file mode 100644 index 00000000..38e14784 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-deployment/templates/openstack_user_config.yml.j2 @@ -0,0 +1,220 @@ +--- +cidr_networks: + container: 10.1.0.0/24 + tunnel: 172.29.240.0/22 + storage: 172.16.2.0/24 + +used_ips: + - "10.1.0.1,10.1.0.55" + - "10.1.0.100,10.1.0.110" + - "172.29.240.1,172.29.240.50" + - "172.16.2.1,172.16.2.50" + - "172.29.248.1,172.29.248.50" + +global_overrides: + internal_lb_vip_address: 10.1.0.22 + external_lb_vip_address: {{ public_vip.ip }} + tunnel_bridge: "br-vxlan" + management_bridge: "br-mgmt" + provider_networks: + - network: + container_bridge: "br-mgmt" + container_type: "veth" + container_interface: "eth1" + ip_from_q: "container" + type: "raw" + group_binds: + - all_containers + - hosts + is_container_address: true + is_ssh_address: true + - network: + container_bridge: "br-vxlan" + container_type: "veth" + container_interface: "eth10" + ip_from_q: "tunnel" + type: "vxlan" + range: "1:1000" + net_name: "vxlan" + group_binds: + - neutron_linuxbridge_agent + - network: + container_bridge: "br-vlan" + container_type: "veth" + container_interface: "eth12" + host_bind_override: "eth12" + type: "flat" + net_name: "flat" + group_binds: + - neutron_linuxbridge_agent + - network: + container_bridge: "br-vlan" + container_type: "veth" + container_interface: "eth11" + type: "vlan" + range: "1:1" + net_name: "vlan" + group_binds: + - neutron_linuxbridge_agent + - network: + container_bridge: "br-storage" + container_type: "veth" + container_interface: "eth2" + ip_from_q: "storage" + type: "raw" + group_binds: + - glance_api + - cinder_api + - cinder_volume + - nova_compute + +### +### Infrastructure +### + +# galera, memcache, rabbitmq, utility +shared-infra_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# repository (apt cache, python packages, etc) +repo-infra_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# load balancer +# Ideally the load balancer should not use the Infrastructure hosts. +# Dedicated hardware is best for improved performance and security. +haproxy_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# rsyslog server +#log_hosts: + # log1: + # ip: 10.1.0.53 + +### +### OpenStack +### + +# keystone +identity_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# cinder api services +storage-infra_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# glance +# The settings here are repeated for each infra host. +# They could instead be applied as global settings in +# user_variables, but are left here to illustrate that +# each container could have different storage targets. +image_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} + container_vars: + limit_container_types: glance + glance_nfs_client: + - server: "{{ip_settings[groups.compute[0]]['storage']['ip']}}" + remote_path: "/images" + local_path: "/var/lib/glance/images" + type: "nfs" + options: "_netdev,auto" +{% endfor %} + +# nova api, conductor, etc services +compute-infra_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# heat +orchestration_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# horizon +dashboard_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# neutron server, agents (L3, etc) +network_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# ceilometer (telemetry API) +metering-infra_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# aodh (telemetry alarm service) +metering-alarm_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# gnocchi (telemetry metrics storage) +metrics_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# nova hypervisors +compute_hosts: +{% for host in groups.compute%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# ceilometer compute agent (telemetry) +metering-compute_hosts: +{% for host in groups.compute%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# cinder volume hosts (NFS-backed) +# The settings here are repeated for each infra host. +# They could instead be applied as global settings in +# user_variables, but are left here to illustrate that +# each container could have different storage targets. +storage_hosts: +{% for host in groups.compute%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} + container_vars: + cinder_backends: + limit_container_types: cinder_volume + lvm: + volume_group: cinder-volumes + volume_driver: cinder.volume.drivers.lvm.LVMVolumeDriver + volume_backend_name: LVM_iSCSI + iscsi_ip_address: "{{ip_settings[host]['storage']['ip']}}" +{% endfor %} diff --git a/deploy/adapters/ansible/roles/config-deployment/templates/user_variables.yml b/deploy/adapters/ansible/roles/config-deployment/templates/user_variables.yml new file mode 100644 index 00000000..30b2c6b2 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-deployment/templates/user_variables.yml @@ -0,0 +1,27 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# ## +# ## This file contains commonly used overrides for convenience. Please inspect +# ## the defaults for each role to find additional override options. +# ## + +# # Debug and Verbose options. +debug: false + +haproxy_keepalived_external_vip_cidr: "{{ public_vip.ip }}/32" +haproxy_keepalived_internal_vip_cidr: "10.1.0.22/32" +haproxy_keepalived_external_interface: br-vlan +haproxy_keepalived_internal_interface: br-mgmt diff --git a/deploy/adapters/ansible/roles/pre-prepare/files/modules b/deploy/adapters/ansible/roles/pre-prepare/files/modules new file mode 100644 index 00000000..c73925e6 --- /dev/null +++ b/deploy/adapters/ansible/roles/pre-prepare/files/modules @@ -0,0 +1,7 @@ +# /etc/modules: kernel modules to load at boot time. +# This file contains the names of kernel modules that should be loaded +# at boot time, one per line. Lines beginning with "#" are ignored. +# Parameters can be specified after the module name. + +bonding +8021q diff --git a/deploy/adapters/ansible/roles/pre-prepare/tasks/main.yml b/deploy/adapters/ansible/roles/pre-prepare/tasks/main.yml new file mode 100644 index 00000000..5bd38f12 --- /dev/null +++ b/deploy/adapters/ansible/roles/pre-prepare/tasks/main.yml @@ -0,0 +1,74 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: make sure ssh dir exist + file: + path: '{{ item.path }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + state: directory + mode: 0755 + with_items: + - path: /root/.ssh + owner: root + group: root + +- name: write ssh config + copy: + content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no" + dest: '{{ item.dest }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + mode: 0600 + with_items: + - dest: /root/.ssh/config + owner: root + group: root + +- name: generate ssh keys + shell: if [ ! -f ~/.ssh/id_rsa.pub ]; \ + then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; \ + else echo "already gen ssh key!"; fi; + +- name: fetch ssh keys + fetch: + src: /root/.ssh/id_rsa.pub + dest: /tmp/ssh-keys-{{ ansible_hostname }} + flat: "yes" + +- authorized_key: + user: root + key: "{{ lookup('file', item) }}" + with_fileglob: + - /tmp/ssh-keys-* + - /root/.ssh/id_rsa.pub + +- name: change sources list + template: + src: sources.list + dest: /etc/apt/sources.list + +- name: rm apt.conf + file: + path: /etc/apt/apt.conf + state: absent + +- name: Install apt packages + apt: + pkg: "{{ item }}" + state: "present" + with_items: "{{ packages }}" + +- name: restart ntp service + shell: "service ntp restart" + +- name: add the appropriate kernel modules + copy: + src: modules + dest: /etc/modules diff --git a/deploy/adapters/ansible/roles/pre-prepare/templates/sources.list b/deploy/adapters/ansible/roles/pre-prepare/templates/sources.list new file mode 100644 index 00000000..1c3ab410 --- /dev/null +++ b/deploy/adapters/ansible/roles/pre-prepare/templates/sources.list @@ -0,0 +1,56 @@ +# + +# deb cdrom:[Ubuntu-Server 16.04.1 LTS _Xenial Xerus_ - Release amd64 (20160719)]/ xenial main restricted + +#deb cdrom:[Ubuntu-Server 16.04.1 LTS _Xenial Xerus_ - Release amd64 (20160719)]/ xenial main restricted + +# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to +# newer versions of the distribution. +deb http://hk.archive.ubuntu.com/ubuntu/ xenial main restricted +# deb-src http://hk.archive.ubuntu.com/ubuntu/ xenial main restricted + +## Major bug fix updates produced after the final release of the +## distribution. +deb http://hk.archive.ubuntu.com/ubuntu/ xenial-updates main restricted +# deb-src http://hk.archive.ubuntu.com/ubuntu/ xenial-updates main restricted + +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team. Also, please note that software in universe WILL NOT receive any +## review or updates from the Ubuntu security team. +deb http://hk.archive.ubuntu.com/ubuntu/ xenial universe +# deb-src http://hk.archive.ubuntu.com/ubuntu/ xenial universe +deb http://hk.archive.ubuntu.com/ubuntu/ xenial-updates universe +# deb-src http://hk.archive.ubuntu.com/ubuntu/ xenial-updates universe + +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team, and may not be under a free licence. Please satisfy yourself as to +## your rights to use the software. Also, please note that software in +## multiverse WILL NOT receive any review or updates from the Ubuntu +## security team. +deb http://hk.archive.ubuntu.com/ubuntu/ xenial multiverse +# deb-src http://hk.archive.ubuntu.com/ubuntu/ xenial multiverse +deb http://hk.archive.ubuntu.com/ubuntu/ xenial-updates multiverse +# deb-src http://hk.archive.ubuntu.com/ubuntu/ xenial-updates multiverse + +## N.B. software from this repository may not have been tested as +## extensively as that contained in the main release, although it includes +## newer versions of some applications which may provide useful features. +## Also, please note that software in backports WILL NOT receive any review +## or updates from the Ubuntu security team. +deb http://hk.archive.ubuntu.com/ubuntu/ xenial-backports main restricted universe multiverse +# deb-src http://hk.archive.ubuntu.com/ubuntu/ xenial-backports main restricted universe multiverse + +## Uncomment the following two lines to add software from Canonical's +## 'partner' repository. +## This software is not part of Ubuntu, but is offered by Canonical and the +## respective vendors as a service to Ubuntu users. +# deb http://archive.canonical.com/ubuntu xenial partner +# deb-src http://archive.canonical.com/ubuntu xenial partner + +deb http://security.ubuntu.com/ubuntu xenial-security main restricted +# deb-src http://security.ubuntu.com/ubuntu xenial-security main restricted +deb http://security.ubuntu.com/ubuntu xenial-security universe +# deb-src http://security.ubuntu.com/ubuntu xenial-security universe +deb http://security.ubuntu.com/ubuntu xenial-security multiverse +# deb-src http://security.ubuntu.com/ubuntu xenial-security multiverse + diff --git a/deploy/adapters/ansible/roles/pre-prepare/vars/main.yml b/deploy/adapters/ansible/roles/pre-prepare/vars/main.yml new file mode 100644 index 00000000..66cf66bf --- /dev/null +++ b/deploy/adapters/ansible/roles/pre-prepare/vars/main.yml @@ -0,0 +1,13 @@ +--- +packages: +- bridge-utils +- debootstrap +- ifenslave +- ifenslave-2.6 +- lsof +- lvm2 +- ntp +- ntpdate +- sudo +- vlan +- tcpdump diff --git a/deploy/adapters/ansible/roles/setup-host/tasks/main.yml b/deploy/adapters/ansible/roles/setup-host/tasks/main.yml new file mode 100644 index 00000000..f0b1051c --- /dev/null +++ b/deploy/adapters/ansible/roles/setup-host/tasks/main.yml @@ -0,0 +1,27 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: setup hosts + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \ + export ANSIBLE_SCP_IF_SSH=y; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible setup-hosts.yml \ + | tee -a /var/log/osa/host.log > /dev/null" + +- name: read the ansible log file + shell: cat /var/log/osa/host.log | tail -n 1000 + register: setup_host_result + +- fail: + msg: "there are some task failed when setup host." + when: setup_host_result.stdout.find('failed=1') != -1 + +- fail: + msg: "some host are unreachable." + when: setup_host_result.stdout.find('unreachable=1') != -1 diff --git a/deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml b/deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml new file mode 100644 index 00000000..5b70aeef --- /dev/null +++ b/deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml @@ -0,0 +1,27 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: setup infrastructure + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \ + export ANSIBLE_SCP_IF_SSH=y; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible setup-infrastructure.yml \ + | tee -a /var/log/osa/infrastructure.log > /dev/null" + +- name: read the ansible log file + shell: cat /var/log/osa/infrastructure.log | tail -n 1000 + register: setup_infrastructure_result + +- fail: + msg: "there are some task failed when setup host." + when: setup_infrastructure_result.stdout.find('failed=1') != -1 + +- fail: + msg: "some host are unreachable." + when: setup_infrastructure_result.stdout.find('unreachable=1') != -1 diff --git a/deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml b/deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml new file mode 100644 index 00000000..e5770245 --- /dev/null +++ b/deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml @@ -0,0 +1,27 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: setup openstack + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \ + export ANSIBLE_SCP_IF_SSH=y; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible setup-openstack.yml \ + | tee -a /var/log/osa/openstack.log > /dev/null" + +- name: read the ansible log file + shell: cat /var/log/osa/openstack.log | tail -n 1000 + register: setup_openstack_result + +- fail: + msg: "some task failed when setup host." + when: setup_openstack_result.stdout.find('failed=1') != -1 + +- fail: + msg: "some host are unreachable." + when: setup_openstack_result.stdout.find('unreachable=1') != -1 |