diff options
Diffstat (limited to 'deploy/adapters/ansible')
34 files changed, 533 insertions, 68 deletions
diff --git a/deploy/adapters/ansible/openstack_pike/README.md b/deploy/adapters/ansible/openstack_pike/README.md new file mode 100644 index 00000000..7682d325 --- /dev/null +++ b/deploy/adapters/ansible/openstack_pike/README.md @@ -0,0 +1 @@ +# keep for openstack pike diff --git a/deploy/adapters/ansible/roles/config-compute/tasks/RedHat.yml b/deploy/adapters/ansible/roles/config-compute/tasks/RedHat.yml index 4c6d2465..3ec1659f 100644 --- a/deploy/adapters/ansible/roles/config-compute/tasks/RedHat.yml +++ b/deploy/adapters/ansible/roles/config-compute/tasks/RedHat.yml @@ -15,20 +15,20 @@ echo 'nfs 2049/udp' >> /etc/services" # yamllint disable rule:line-length -- name: generate ifcfg-if.vxlan +- name: generate ifcfg-if.tenant template: - src: ifcfg-if.vxlan - dest: /etc/sysconfig/network-scripts/ifcfg-{{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} + src: ifcfg-if.tenant + dest: /etc/sysconfig/network-scripts/ifcfg-{{compu_sys_mappings["tenant"]["interface"]}}.{{compu_sys_mappings["tenant"]["vlan_tag"]}} - name: generate ifcfg-if.storage template: src: ifcfg-if.storage - dest: /etc/sysconfig/network-scripts/ifcfg-{{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} + dest: /etc/sysconfig/network-scripts/ifcfg-{{compu_sys_mappings["storage"]["interface"]}}.{{compu_sys_mappings["storage"]["vlan_tag"]}} -- name: add br-vlan to interface script +- name: add br-external to interface script lineinfile: - dest: /etc/sysconfig/network-scripts/ifcfg-{{ network_cfg["provider_net_mappings"][0]["interface"] }} - line: "BRIDGE=br-vlan" + dest: /etc/sysconfig/network-scripts/ifcfg-{{compu_sys_mappings["external"]["interface"]}} + line: "BRIDGE=br-external" - name: remove eth0 ip addresss lineinfile: @@ -49,13 +49,13 @@ - name: add br-vlan to interface script lineinfile: - dest: /etc/sysconfig/network-scripts/ifcfg-{{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} + dest: /etc/sysconfig/network-scripts/ifcfg-{{compu_sys_mappings["storage"]["interface"]}}.{{compu_sys_mappings["storage"]["vlan_tag"]}} line: "BRIDGE=br-storage" -- name: add br-vxlan to interface script +- name: add br-tenant to interface script lineinfile: - dest: /etc/sysconfig/network-scripts/ifcfg-{{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} - line: "BRIDGE=br-vxlan" + dest: /etc/sysconfig/network-scripts/ifcfg-{{compu_sys_mappings["tenant"]["interface"]}}.{{compu_sys_mappings["tenant"]["vlan_tag"]}} + line: "BRIDGE=br-tenant" # yamllint enable rule:line-length - name: generate ifcfg-br-mgmt script @@ -63,9 +63,9 @@ src: ifcfg-br-mgmt dest: /etc/sysconfig/network-scripts/ -- name: generate ifcfg-br-vlan script +- name: generate ifcfg-br-external script template: - src: ifcfg-br-vlan + src: ifcfg-br-external dest: /etc/sysconfig/network-scripts/ - name: generate ifcfg-br-storage script @@ -73,15 +73,15 @@ src: ifcfg-br-storage dest: /etc/sysconfig/network-scripts/ -- name: generate ifcfg-br-vxlan script +- name: generate ifcfg-br-tenant script template: - src: ifcfg-br-vxlan + src: ifcfg-br-tenant dest: /etc/sysconfig/network-scripts/ - name: restart the network shell: systemctl restart network -- name: Install apt packages +- name: Install yum packages yum: pkg: "{{item}}" state: "present" diff --git a/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-external b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-external new file mode 100644 index 00000000..511c0db8 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-external @@ -0,0 +1,11 @@ +DEVICE=br-external +TYPE=Bridge +IPADDR={{ ip_settings[inventory_hostname]["external"]["ip"] }} +PREFIX=24 +GATEWAY={{ ip_settings[inventory_hostname]["external"]["gw"] }} +BOOTPROTO=none +ONBOOT=yes +DELAY=0 +DEFROUTE="yes" +DNS1=8.8.8.8 +DNS2=8.8.4.4 diff --git a/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-mgmt b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-mgmt index 7f1931c8..2e958cc7 100644 --- a/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-mgmt +++ b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-mgmt @@ -1,6 +1,6 @@ DEVICE=br-mgmt TYPE=Bridge -IPADDR={{host_info[inventory_hostname].MGMT_IP}} +IPADDR={{ip_settings[inventory_hostname]["mgmt"]["ip"]}} PREFIX=24 BOOTPROTO=none ONBOOT=yes diff --git a/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-tenant b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-tenant new file mode 100644 index 00000000..96aeb9c1 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-br-tenant @@ -0,0 +1,8 @@ +DEVICE=br-tenant +TYPE=Bridge +IPADDR={{ip_settings[inventory_hostname]["tenant"]["ip"]}} +NETMASK=255.255.252.0 +BOOTPROTO=none +DEFROUTE="no" +ONBOOT=yes +DELAY=0 diff --git a/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-if.storage b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-if.storage index 96afb1bd..2e409205 100644 --- a/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-if.storage +++ b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-if.storage @@ -1,4 +1,4 @@ -DEVICE={{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} +DEVICE={{compu_sys_mappings["storage"]["interface"]}}.{{compu_sys_mappings["storage"]["vlan_tag"]}} BOOTPROTO=none ONBOOT=yes VLAN=yes diff --git a/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-if.tenant b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-if.tenant new file mode 100644 index 00000000..2a114f7c --- /dev/null +++ b/deploy/adapters/ansible/roles/config-compute/templates/ifcfg-if.tenant @@ -0,0 +1,4 @@ +DEVICE={{compu_sys_mappings["tenant"]["interface"]}}.{{compu_sys_mappings["tenant"]["vlan_tag"]}} +BOOTPROTO=none +ONBOOT=yes +VLAN=yes diff --git a/deploy/adapters/ansible/roles/config-controller/tasks/RedHat.yml b/deploy/adapters/ansible/roles/config-controller/tasks/RedHat.yml index 728dc559..cc14347a 100644 --- a/deploy/adapters/ansible/roles/config-controller/tasks/RedHat.yml +++ b/deploy/adapters/ansible/roles/config-controller/tasks/RedHat.yml @@ -8,30 +8,30 @@ ############################################################################## --- # yamllint disable rule:line-length -- name: generate vxlan vlan ifcfg-if script +- name: generate tenant vlan ifcfg-if script template: - src: ifcfg-if.vxlan - dest: /etc/sysconfig/network-scripts/ifcfg-{{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} + src: ifcfg-if.tenant + dest: /etc/sysconfig/network-scripts/ifcfg-{{contr_sys_mappings["tenant"]["interface"]}}.{{contr_sys_mappings["tenant"]["vlan_tag"]}} - name: generate storage vlan ifcfg-if script template: src: ifcfg-if.storage - dest: /etc/sysconfig/network-scripts/ifcfg-{{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} + dest: /etc/sysconfig/network-scripts/ifcfg-{{contr_sys_mappings["storage"]["interface"]}}.{{contr_sys_mappings["storage"]["vlan_tag"]}} -- name: add br-vlan to interface script +- name: add br-external to interface script lineinfile: - dest: /etc/sysconfig/network-scripts/ifcfg-{{ network_cfg["provider_net_mappings"][0]["interface"] }} - line: "BRIDGE=br-vlan" + dest: /etc/sysconfig/network-scripts/ifcfg-{{contr_sys_mappings["external"]["interface"]}} + line: "BRIDGE=br-external" - name: add br-storage to interface script lineinfile: - dest: /etc/sysconfig/network-scripts/ifcfg-{{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} + dest: /etc/sysconfig/network-scripts/ifcfg-{{contr_sys_mappings["storage"]["interface"]}}.{{contr_sys_mappings["storage"]["vlan_tag"]}} line: "BRIDGE=br-storage" -- name: add br-vxlan to interface script +- name: add br-tenant to interface script lineinfile: - dest: /etc/sysconfig/network-scripts/ifcfg-{{sys_intf_mappings["mgmt"]["interface"]}}.{{sys_intf_mappings["mgmt"]["vlan_tag"]}} - line: "BRIDGE=br-vxlan" + dest: /etc/sysconfig/network-scripts/ifcfg-{{contr_sys_mappings["tenant"]["interface"]}}.{{contr_sys_mappings["tenant"]["vlan_tag"]}} + line: "BRIDGE=br-tenant" # yamllint enable rule:line-length - name: remove eth0 ip addresss @@ -56,9 +56,9 @@ src: ifcfg-br-mgmt dest: /etc/sysconfig/network-scripts/ -- name: generate ifcfg-br-vlan script +- name: generate ifcfg-br-external script template: - src: ifcfg-br-vlan + src: ifcfg-br-external dest: /etc/sysconfig/network-scripts/ - name: generate ifcfg-br-storag script @@ -66,9 +66,9 @@ src: ifcfg-br-storage dest: /etc/sysconfig/network-scripts/ -- name: generate ifcfg-br-vxlan script +- name: generate ifcfg-br-tenant script template: - src: ifcfg-br-vxlan + src: ifcfg-br-tenant dest: /etc/sysconfig/network-scripts/ - name: restart the network diff --git a/deploy/adapters/ansible/roles/config-controller/tasks/main.yml b/deploy/adapters/ansible/roles/config-controller/tasks/main.yml index 674c80cc..9f390307 100644 --- a/deploy/adapters/ansible/roles/config-controller/tasks/main.yml +++ b/deploy/adapters/ansible/roles/config-controller/tasks/main.yml @@ -12,3 +12,7 @@ - include: "{{ ansible_os_family }}.yml" when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7' + +- name: set fact for local mirror + set_fact: + local_mirror: "{{ ansible_distribution }}" diff --git a/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-external b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-external new file mode 100644 index 00000000..adf29127 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-external @@ -0,0 +1,11 @@ +DEVICE=br-external +TYPE=Bridge +IPADDR={{ ip_settings[inventory_hostname]["external"]["ip"] }} +PREFIX=24 +BOOTPROTO=none +ONBOOT=yes +DELAY=0 +DEFROUTE="yes" +GATEWAY={{ ip_settings[inventory_hostname]["external"]["gw"] }} +DNS1=8.8.8.8 +DNS2=8.8.4.4 diff --git a/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-mgmt b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-mgmt index 7f1931c8..2e958cc7 100644 --- a/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-mgmt +++ b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-mgmt @@ -1,6 +1,6 @@ DEVICE=br-mgmt TYPE=Bridge -IPADDR={{host_info[inventory_hostname].MGMT_IP}} +IPADDR={{ip_settings[inventory_hostname]["mgmt"]["ip"]}} PREFIX=24 BOOTPROTO=none ONBOOT=yes diff --git a/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-tenant b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-tenant new file mode 100644 index 00000000..1f8344e6 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-br-tenant @@ -0,0 +1,6 @@ +DEVICE=br-tenant +TYPE=Bridge +BOOTPROTO=none +DEFROUTE="no" +ONBOOT=yes +DELAY=0 diff --git a/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-if.storage b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-if.storage index 96afb1bd..b71a80cf 100644 --- a/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-if.storage +++ b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-if.storage @@ -1,4 +1,4 @@ -DEVICE={{sys_intf_mappings["storage"]["interface"]}}.{{sys_intf_mappings["storage"]["vlan_tag"]}} +DEVICE={{contr_sys_mappings["storage"]["interface"]}}.{{contr_sys_mappings["storage"]["vlan_tag"]}} BOOTPROTO=none ONBOOT=yes VLAN=yes diff --git a/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-if.tenant b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-if.tenant new file mode 100644 index 00000000..bc9f2a57 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-controller/templates/ifcfg-if.tenant @@ -0,0 +1,4 @@ +DEVICE={{contr_sys_mappings["tenant"]["interface"]}}.{{contr_sys_mappings["tenant"]["vlan_tag"]}} +BOOTPROTO=none +ONBOOT=yes +VLAN=yes diff --git a/deploy/adapters/ansible/roles/config-osa/files/haproxy.yml b/deploy/adapters/ansible/roles/config-osa/files/haproxy.yml new file mode 100644 index 00000000..3085f6aa --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/files/haproxy.yml @@ -0,0 +1,263 @@ +--- +haproxy_default_services: + - service: + haproxy_service_name: galera + haproxy_backend_nodes: "{{ [groups['galera_all'][0]] | default([]) }}" # list expected + haproxy_backup_nodes: "{{ groups['galera_all'][1:] | default([]) }}" + haproxy_bind: "{{ [internal_lb_vip_address] }}" + haproxy_port: 3306 + haproxy_balance_type: tcp + haproxy_timeout_client: 5000s + haproxy_timeout_server: 5000s + haproxy_backend_options: + - "mysql-check user {{ galera_monitoring_user }}" + haproxy_whitelist_networks: "{{ haproxy_galera_whitelist_networks }}" + - service: + haproxy_service_name: repo_git + haproxy_backend_nodes: "{{ groups['repo_all'] | default([]) }}" + haproxy_bind: "{{ [internal_lb_vip_address] }}" + haproxy_port: 9418 + haproxy_balance_type: tcp + haproxy_backend_options: + - tcp-check + haproxy_whitelist_networks: "{{ haproxy_repo_git_whitelist_networks }}" + - service: + haproxy_service_name: repo_all + haproxy_backend_nodes: "{{ groups['repo_all'] | default([]) }}" + haproxy_bind: "{{ [internal_lb_vip_address] }}" + haproxy_port: 8181 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: repo_cache + haproxy_backend_nodes: "{{ [groups['repo_all'][0]] | default([]) }}" # list expected + haproxy_backup_nodes: "{{ groups['repo_all'][1:] | default([]) }}" + haproxy_bind: "{{ [internal_lb_vip_address] }}" + haproxy_port: "{{ repo_pkg_cache_port }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /acng-report.html" + haproxy_whitelist_networks: "{{ haproxy_repo_cache_whitelist_networks }}" + - service: + haproxy_service_name: glance_api + haproxy_backend_nodes: "{{ groups['glance_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 9292 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk /healthcheck" + - service: + haproxy_service_name: glance_registry + haproxy_backend_nodes: "{{ groups['glance_registry'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 9191 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk /healthcheck" + haproxy_whitelist_networks: "{{ haproxy_glance_registry_whitelist_networks }}" + - service: + haproxy_service_name: gnocchi + haproxy_backend_nodes: "{{ groups['gnocchi_all'] | default([]) }}" + haproxy_port: 8041 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk /healthcheck" + - service: + haproxy_service_name: heat_api_cfn + haproxy_backend_nodes: "{{ groups['heat_api_cfn'] | default([]) }}" + haproxy_port: 8000 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: heat_api_cloudwatch + haproxy_backend_nodes: "{{ groups['heat_api_cloudwatch'] | default([]) }}" + haproxy_port: 8003 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: heat_api + haproxy_backend_nodes: "{{ groups['heat_api'] | default([]) }}" + haproxy_port: 8004 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: keystone_service + haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}" + haproxy_port: 5000 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_type: "http" + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: keystone_admin + haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}" + haproxy_port: 35357 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_type: "http" + haproxy_backend_options: + - "httpchk HEAD /" + haproxy_whitelist_networks: "{{ haproxy_keystone_admin_whitelist_networks }}" + - service: + haproxy_service_name: neutron_server + haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}" + haproxy_port: 9696 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET /" + - service: + haproxy_service_name: nova_api_metadata + haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}" + haproxy_port: 8775 + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + haproxy_whitelist_networks: "{{ haproxy_nova_metadata_whitelist_networks }}" + - service: + haproxy_service_name: nova_api_os_compute + haproxy_backend_nodes: "{{ groups['nova_api_os_compute'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 8774 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: nova_api_placement + haproxy_backend_nodes: "{{ groups['nova_api_placement'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 8780 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + haproxy_backend_httpcheck_options: + - "expect status 401" + - service: + haproxy_service_name: nova_console + haproxy_backend_nodes: "{{ groups['nova_console'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: "{{ nova_console_port }}" + haproxy_balance_type: http + haproxy_timeout_client: 60m + haproxy_timeout_server: 60m + haproxy_balance_alg: source + haproxy_backend_options: + - "httpchk HEAD /" + haproxy_backend_httpcheck_options: + - "expect status 404" + - service: + haproxy_service_name: cinder_api + haproxy_backend_nodes: "{{ groups['cinder_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 8776 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: horizon + haproxy_backend_nodes: "{{ groups['horizon_all'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_ssl_all_vips: true + haproxy_port: "{{ haproxy_ssl | ternary(443,80) }}" + haproxy_backend_port: 80 + haproxy_redirect_http_port: 80 + haproxy_balance_type: http + haproxy_balance_alg: source + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: sahara_api + haproxy_backend_nodes: "{{ groups['sahara_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_alg: source + haproxy_port: 8386 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk /healthcheck" + - service: + haproxy_service_name: swift_proxy + haproxy_backend_nodes: "{{ groups['swift_proxy'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_balance_alg: source + haproxy_port: 8080 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk /healthcheck" + - service: + haproxy_service_name: aodh_api + haproxy_backend_nodes: "{{ groups['aodh_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 8042 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + haproxy_backend_httpcheck_options: + - "expect status 200" + - service: + haproxy_service_name: ironic_api + haproxy_backend_nodes: "{{ groups['ironic_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 6385 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET /" + - service: + haproxy_service_name: rabbitmq_mgmt + haproxy_backend_nodes: "{{ groups['rabbitmq'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 15672 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + haproxy_whitelist_networks: "{{ haproxy_rabbitmq_management_whitelist_networks }}" + - service: + haproxy_service_name: magnum + haproxy_backend_nodes: "{{ groups['magnum_all'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 9511 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET /" + - service: + haproxy_service_name: trove + haproxy_backend_nodes: "{{ groups['trove_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 8779 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk HEAD /" + - service: + haproxy_service_name: barbican + haproxy_backend_nodes: "{{ groups['barbican_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 9311 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET /" + - service: + haproxy_service_name: designate_api + haproxy_backend_nodes: "{{ groups['designate_api'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 9001 + haproxy_balance_type: http + haproxy_backend_options: + - "forwardfor" + - "httpchk /versions" + - "httplog" + - service: + haproxy_service_name: octavia + haproxy_backend_nodes: "{{ groups['octavia_all'] | default([]) }}" + haproxy_ssl: "{{ haproxy_ssl }}" + haproxy_port: 9876 + haproxy_balance_type: http + haproxy_backend_options: + - "httpchk GET /" + haproxy_whitelist_networks: "{{ haproxy_octavia_whitelist_networks }}" diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml index d96a83da..2f6186fc 100755 --- a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml +++ b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml @@ -34,6 +34,7 @@ register: checkresult ignore_errors: "true" +# yamllint disable rule:line-length - name: add mariadb local repository blockinfile: dest: /etc/openstack_deploy/user_variables.yml @@ -44,8 +45,8 @@ when: - checkresult.rc == 0 - offline_deployment is defined and offline_deployment == "Disable" + - hostvars[hostvars[inventory_hostname]['groups']['controller'][0]]['local_mirror'] == 'Ubuntu' -# yamllint disable rule:line-length - name: add mariadb local repository blockinfile: dest: /etc/openstack_deploy/user_variables.yml @@ -96,7 +97,7 @@ - name: remove repo_build_pip_no_binary lineinfile: - dest: /opt/openstack-ansible/playbooks/inventory/group_vars/repo_all.yml + dest: /opt/openstack-ansible/group_vars/repo_all.yml state: absent regexp: "{{ item }}" with_items: ['^repo_build_pip_no_binary:', '^ - libvirt-python'] @@ -139,10 +140,10 @@ when: offline_deployment is defined and offline_deployment == "Enable" # This is a bug in ocata, will be removed in the future -- name: limit the version of networking-sfc in os_tacker - shell: | - sed -i 's/networking-sfc$/networking-sfc=={{ networking_sfc_version }}/g' \ - /etc/ansible/roles/os_tacker/defaults/main.yml +# - name: limit the version of networking-sfc in os_tacker +# shell: | +# sed -i 's/networking-sfc$/networking-sfc=={{ networking_sfc_version }}/g' \ +# /etc/ansible/roles/os_tacker/defaults/main.yml - name: add rally and tempest to requirement.txt blockinfile: @@ -270,10 +271,10 @@ src: repo_fix_pandas.yml dest: /etc/ansible/roles/repo_build/tasks/repo_fix_pandas.yml -- name: change repore build - lineinfile: - dest: /etc/ansible/roles/repo_build/tasks/main.yml - insertafter: "^- include: repo_post_build.yml" - line: "- include: repo_fix_pandas.yml" +# - name: change repore build +# lineinfile: +# dest: /etc/ansible/roles/repo_build/tasks/main.yml +# insertafter: "^- include: repo_post_build.yml" +# line: "- include: repo_fix_pandas.yml" - include: meters.yml diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/meters.yml b/deploy/adapters/ansible/roles/config-osa/tasks/meters.yml index 163fc69d..8f06a884 100644 --- a/deploy/adapters/ansible/roles/config-osa/tasks/meters.yml +++ b/deploy/adapters/ansible/roles/config-osa/tasks/meters.yml @@ -8,10 +8,10 @@ # ############################################################################# --- - name: modify the aodh haproxy config - replace: - dest: /opt/openstack-ansible/playbooks/vars/configs/haproxy_config.yml - regexp: '- "expect status 401"' - replace: '- "expect status 200"' + copy: + dest: /opt/openstack-ansible/group_vars/all/haproxy.yml + src: haproxy.yml + mode: 0664 - name: add OS_AUTH_TYPE in openrc lineinfile: diff --git a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 index ebd8ff09..a6e69683 100644 --- a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 +++ b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 @@ -38,7 +38,7 @@ nfs_file_gw: False %} openstack_host_specific_kernel_modules: - name: "openvswitch" - pattern: "CONFIG_OPENVSWITCH=" + pattern: "CONFIG_OPENVSWITCH" group: "network_hosts" neutron_plugin_type: ml2.ovs @@ -61,3 +61,5 @@ neutron_provider_networks: {% endfor %} network_mappings: "{{ ','.join(controller_mappings) }}" {% endif %} + +security_sshd_permit_root_login: no diff --git a/deploy/adapters/ansible/roles/post-osa/tasks/RedHat.yml b/deploy/adapters/ansible/roles/post-osa/tasks/RedHat.yml new file mode 100644 index 00000000..ecfd0680 --- /dev/null +++ b/deploy/adapters/ansible/roles/post-osa/tasks/RedHat.yml @@ -0,0 +1,79 @@ +############################################################################## +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- + +# yamllint disable rule:line-length +- name: add eth0 ip addresss + lineinfile: + dest: /etc/sysconfig/network-scripts/ifcfg-eth0 + line: "IPADDR={{ ip_settings[inventory_hostname][\"mgmt\"][\"ip\"] }}" + +- name: add eth0 netmask + lineinfile: + dest: /etc/sysconfig/network-scripts/ifcfg-eth0 + line: "NETMASK=255.255.255.0" + +- name: Disable default gw in eth0 + lineinfile: + dest: /etc/sysconfig/network-scripts/ifcfg-eth0 + line: "DEFROUTE=\"no\"" + +- name: generate ifcfg-external + template: + src: ifcfg-external.j2 + dest: /etc/sysconfig/network-scripts/ifcfg-{{compu_sys_mappings["external"]["interface"]}} + +- name: generate ifcfg-storage + template: + src: ifcfg-storage.j2 + dest: /etc/sysconfig/network-scripts/ifcfg-{{compu_sys_mappings["storage"]["interface"]}}.{{compu_sys_mappings["storage"]["vlan_tag"]}} + +- name: generate ifcfg-tenant + template: + src: ifcfg-tenant.j2 + dest: /etc/sysconfig/network-scripts/ifcfg-{{compu_sys_mappings["tenant"]["interface"]}}.{{compu_sys_mappings["tenant"]["vlan_tag"]}} + +# yamllint enable rule:line-length + +- name: remove ifcfg-br-mgmt script + file: + path: /etc/sysconfig/network-scripts/ifcfg-br-mgmt + state: absent + +- name: remove ifcfg-br-external script + file: + path: /etc/sysconfig/network-scripts/ifcfg-br-external + state: absent + +- name: remove ifcfg-br-storage script + file: + path: /etc/sysconfig/network-scripts/ifcfg-br-storage + state: absent + +- name: remove ifcfg-br-tenant script + file: + path: /etc/sysconfig/network-scripts/ifcfg-br-tenant + state: absent + +- name: restart the network + shell: systemctl restart network + +- name: fix mapping in compute + shell: | + {% set compute_mappings = [] %} + {% for key, value in compu_prv_mappings.iteritems() %} + {% set mapping = key + ":" + value["bridge"] %} + {% set _ = compute_mappings.append(mapping) %} + {% endfor %} + {% if compute_mappings | length != 0 %} + sed -i "s/^\(bridge_mappings\).*/\1 = {{ ','.join(compute_mappings) }}/g" \ + /etc/neutron/plugins/ml2/openvswitch_agent.ini + {% else %} + sed -i "/bridge_mappings/d" /etc/neutron/plugins/ml2/openvswitch_agent.ini + {% endif %} diff --git a/deploy/adapters/ansible/roles/post-osa/tasks/main.yml b/deploy/adapters/ansible/roles/post-osa/tasks/main.yml index f7f7a6cc..bd83b50f 100644 --- a/deploy/adapters/ansible/roles/post-osa/tasks/main.yml +++ b/deploy/adapters/ansible/roles/post-osa/tasks/main.yml @@ -8,10 +8,18 @@ ############################################################################## --- - include: "{{ ansible_distribution }}.yml" - when: inventory_hostname in groups['compute'] + when: + - inventory_hostname in groups['compute'] + - ansible_distribution == 'Ubuntu' # install networking-sfc for non odl scenarios -- include: install_networking_sfc.yml +# - include: install_networking_sfc.yml +# when: +# - odl_sfc is not defined or odl_sfc == "Disable" +# - inventory_hostname not in groups['compute'] +# when: ansible_distribution == 'Ubuntu' + +- include: "{{ ansible_os_family }}.yml" when: - - odl_sfc is not defined or odl_sfc == "Disable" - - inventory_hostname not in groups['compute'] + - ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7' + - inventory_hostname in groups['compute'] diff --git a/deploy/adapters/ansible/roles/post-osa/templates/ifcfg-external.j2 b/deploy/adapters/ansible/roles/post-osa/templates/ifcfg-external.j2 new file mode 100644 index 00000000..0154b944 --- /dev/null +++ b/deploy/adapters/ansible/roles/post-osa/templates/ifcfg-external.j2 @@ -0,0 +1,7 @@ +DEVICE={{compu_sys_mappings["external"]["interface"]}} +ONBOOT=yes +BOOTPROTO=static +TYPE=Ethernet +IPADDR={{ ip_settings[inventory_hostname]["external"]["ip"] }} +GATEWAY={{ ip_settings[inventory_hostname]["external"]["gw"] }} +NETMASK=255.255.255.0 diff --git a/deploy/adapters/ansible/roles/post-osa/templates/ifcfg-storage.j2 b/deploy/adapters/ansible/roles/post-osa/templates/ifcfg-storage.j2 new file mode 100644 index 00000000..338da8c4 --- /dev/null +++ b/deploy/adapters/ansible/roles/post-osa/templates/ifcfg-storage.j2 @@ -0,0 +1,7 @@ +DEVICE={{compu_sys_mappings["storage"]["interface"]}}.{{compu_sys_mappings["storage"]["vlan_tag"]}} +BOOTPROTO=none +ONBOOT=yes +VLAN=yes +IPADDR={{ ip_settings[inventory_hostname]["storage"]["ip"] }} +NETMASK=255.255.255.0 +DEFROUTE="no" diff --git a/deploy/adapters/ansible/roles/post-osa/templates/ifcfg-tenant.j2 b/deploy/adapters/ansible/roles/post-osa/templates/ifcfg-tenant.j2 new file mode 100644 index 00000000..15230c96 --- /dev/null +++ b/deploy/adapters/ansible/roles/post-osa/templates/ifcfg-tenant.j2 @@ -0,0 +1,7 @@ +DEVICE={{compu_sys_mappings["tenant"]["interface"]}}.{{compu_sys_mappings["tenant"]["vlan_tag"]}} +BOOTPROTO=none +ONBOOT=yes +VLAN=yes +IPADDR={{ ip_settings[inventory_hostname]["tenant"]["ip"] }} +NETMASK=255.255.255.0 +DEFROUTE="no" diff --git a/deploy/adapters/ansible/roles/setup-host/tasks/main.yml b/deploy/adapters/ansible/roles/setup-host/tasks/main.yml index 73f572ea..cc943830 100644 --- a/deploy/adapters/ansible/roles/setup-host/tasks/main.yml +++ b/deploy/adapters/ansible/roles/setup-host/tasks/main.yml @@ -8,7 +8,7 @@ # ############################################################################# --- - name: setup hosts - shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \ + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \ export ANSIBLE_SCP_IF_SSH=y; \ cd /opt/openstack-ansible/playbooks; \ openstack-ansible setup-hosts.yml \ @@ -19,7 +19,7 @@ register: failed_container - name: destroy the failed_container - shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \ + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \ export ANSIBLE_SCP_IF_SSH=y; \ cd /opt/openstack-ansible/playbooks; \ openstack-ansible lxc-containers-destroy.yml \ @@ -30,7 +30,7 @@ ignore_errors: "True" - name: retry to setup failed_container - shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \ + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \ export ANSIBLE_SCP_IF_SSH=y; \ cd /opt/openstack-ansible/playbooks; \ openstack-ansible setup-hosts.yml --limit {{item}} \ diff --git a/deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml b/deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml index 478c4d48..7cf5c86f 100644 --- a/deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml +++ b/deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml @@ -8,7 +8,7 @@ ############################################################################## --- - name: setup infrastructure - shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \ + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \ export ANSIBLE_SCP_IF_SSH=y; \ cd /opt/openstack-ansible/playbooks; \ openstack-ansible setup-infrastructure.yml \ @@ -19,10 +19,9 @@ register: setup_infrastructure_result - fail: - msg: "there are some task failed when setup infrastructure." - when: setup_infrastructure_result.stdout.find('failed={{item}}') != -1 - with_sequence: start=1 end={{ max_failed_times }} stride=1 - -- fail: msg: "some host are unreachable." when: setup_infrastructure_result.stdout.find('unreachable=1') != -1 + +- fail: + msg: "there are some task failed when setup infrastructure." + when: setup_infrastructure_result.stdout.find('Mark setup-infrastructure completed') == -1 diff --git a/deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml b/deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml index b71612f7..a55b1a01 100644 --- a/deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml +++ b/deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml @@ -8,7 +8,7 @@ ############################################################################## --- - name: setup openstack - shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_ocata-opnfv2/ansible.log; \ + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \ export ANSIBLE_SCP_IF_SSH=y; \ cd /opt/openstack-ansible/playbooks; \ openstack-ansible setup-openstack.yml \ diff --git a/deploy/adapters/ansible/roles/setup-openvswitch/tasks/compute.yml b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/compute.yml index b7a8fbcb..43c6689f 100644 --- a/deploy/adapters/ansible/roles/setup-openvswitch/tasks/compute.yml +++ b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/compute.yml @@ -7,11 +7,18 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################# --- +- include_vars: "{{ ansible_os_family }}.yml" + - name: stop neutron-openvswitch-agent service: name: neutron-openvswitch-agent state: stopped +- name: restart openvswitch service + service: + name: "{{ ovs_service }}" + state: restarted + - name: remove tunnel_types when vlan lineinfile: dest: /etc/neutron/plugins/ml2/openvswitch_agent.ini @@ -43,7 +50,7 @@ when: - compute in item["role"] -- name: stop neutron-openvswitch-agent +- name: start neutron-openvswitch-agent service: name: neutron-openvswitch-agent state: started diff --git a/deploy/adapters/ansible/roles/setup-openvswitch/tasks/controller.yml b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/controller.yml index 258a39e2..3637d1db 100644 --- a/deploy/adapters/ansible/roles/setup-openvswitch/tasks/controller.yml +++ b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/controller.yml @@ -7,11 +7,18 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################# --- +- include_vars: "{{ ansible_os_family }}.yml" + - name: stop neutron-openvswitch-agent service: name: neutron-openvswitch-agent state: stopped +- name: restart openvswitch service + service: + name: "{{ ovs_service }}" + state: restarted + - name: remove tunnel_types when vlan lineinfile: dest: /etc/neutron/plugins/ml2/openvswitch_agent.ini @@ -43,7 +50,7 @@ when: - controller in item["role"] -- name: stop neutron-openvswitch-agent +- name: start neutron-openvswitch-agent service: name: neutron-openvswitch-agent state: started diff --git a/deploy/adapters/ansible/roles/setup-openvswitch/vars/Debian.yml b/deploy/adapters/ansible/roles/setup-openvswitch/vars/Debian.yml new file mode 100644 index 00000000..b6bd95a8 --- /dev/null +++ b/deploy/adapters/ansible/roles/setup-openvswitch/vars/Debian.yml @@ -0,0 +1,3 @@ +--- + +ovs_service: openvswitch-switch diff --git a/deploy/adapters/ansible/roles/setup-openvswitch/vars/RedHat.yml b/deploy/adapters/ansible/roles/setup-openvswitch/vars/RedHat.yml new file mode 100644 index 00000000..c6a9e43b --- /dev/null +++ b/deploy/adapters/ansible/roles/setup-openvswitch/vars/RedHat.yml @@ -0,0 +1,3 @@ +--- + +ovs_service: openvswitch diff --git a/deploy/adapters/ansible/roles/storage/tasks/ceph.yml b/deploy/adapters/ansible/roles/storage/tasks/ceph.yml index 50476c7b..0fc7c80b 100644 --- a/deploy/adapters/ansible/roles/storage/tasks/ceph.yml +++ b/deploy/adapters/ansible/roles/storage/tasks/ceph.yml @@ -12,6 +12,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +- include_vars: "{{ ansible_os_family }}.yml" + - name: Create sparse ceph OSD files command: truncate -s {{ host_loopback_ceph_size }} /var/{{ item }}.img args: @@ -43,6 +45,7 @@ line: "losetup -f /var/{{ item }}.img" insertbefore: "{{ rc_local_insert_before }}" with_items: "{{ ceph_osd_images }}" + when: ansible_os_family == 'Debian' - name: Create ceph partitions at boot time lineinfile: @@ -50,3 +53,18 @@ line: "partprobe -s {{ item }}" insertbefore: "{{ rc_local_insert_before }}" with_items: "{{ ceph_loopback.results | map(attribute='stdout') | list }}" + when: ansible_os_family == 'Debian' + +- name: Create ceph loopback at boot time + lineinfile: + dest: "{{ rc_local }}" + line: "losetup -f /var/{{ item }}.img" + with_items: "{{ ceph_osd_images }}" + when: ansible_os_family == 'RedHat' + +- name: Create ceph partitions at boot time + lineinfile: + dest: "{{ rc_local }}" + line: "partprobe -s {{ item }}" + with_items: "{{ ceph_loopback.results | map(attribute='stdout') | list }}" + when: ansible_os_family == 'RedHat' diff --git a/deploy/adapters/ansible/roles/storage/vars/Debian.yml b/deploy/adapters/ansible/roles/storage/vars/Debian.yml new file mode 100644 index 00000000..c1141f7b --- /dev/null +++ b/deploy/adapters/ansible/roles/storage/vars/Debian.yml @@ -0,0 +1,3 @@ +--- + +rc_local: /etc/rc.local diff --git a/deploy/adapters/ansible/roles/storage/vars/RedHat.yml b/deploy/adapters/ansible/roles/storage/vars/RedHat.yml new file mode 100644 index 00000000..ef59e1b4 --- /dev/null +++ b/deploy/adapters/ansible/roles/storage/vars/RedHat.yml @@ -0,0 +1,3 @@ +--- + +rc_local: /etc/rc.d/rc.local diff --git a/deploy/adapters/ansible/roles/storage/vars/main.yml b/deploy/adapters/ansible/roles/storage/vars/main.yml index 28e2ad06..cbee9c1e 100644 --- a/deploy/adapters/ansible/roles/storage/vars/main.yml +++ b/deploy/adapters/ansible/roles/storage/vars/main.yml @@ -8,7 +8,6 @@ ############################################################################## --- host_loopback_ceph_size: "100G" -rc_local: /etc/rc.local rc_local_insert_before: "^exit 0$" bootstrap_host_data_disk_device: null bootstrap_host_data_disk_device_force: "no" |