aboutsummaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible
diff options
context:
space:
mode:
Diffstat (limited to 'deploy/adapters/ansible')
-rwxr-xr-xdeploy/adapters/ansible/kubernetes/ansible-kubernetes.yml6
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/ha/files/chk_k8s_master.sh9
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/ha/handlers/main.yml14
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/ha/tasks/main.yml83
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/ha/templates/haproxy.cfg48
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/ha/templates/keepalived.conf49
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/ha/vars/Debian.yml11
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/ha/vars/RedHat.yml11
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/ha/vars/main.yml16
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml4
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml1
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/RedHat.yml1
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/main.yml1
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/kargo/files/openssl.conf.j234
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml47
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/kargo/vars/main.yml3
-rw-r--r--deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml2
-rwxr-xr-xdeploy/adapters/ansible/roles/config-osa/files/collect-log.sh17
-rw-r--r--deploy/adapters/ansible/roles/config-osa/files/collect-log.yml32
-rw-r--r--deploy/adapters/ansible/roles/config-osa/files/haproxy.yml11
-rw-r--r--deploy/adapters/ansible/roles/config-osa/files/polling.yaml6
-rw-r--r--deploy/adapters/ansible/roles/config-osa/files/user_ceph.yml10
-rwxr-xr-xdeploy/adapters/ansible/roles/config-osa/tasks/main.yml16
-rw-r--r--deploy/adapters/ansible/roles/config-osa/tasks/meters.yml12
-rw-r--r--deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j25
-rw-r--r--deploy/adapters/ansible/roles/post-openstack/tasks/main.yml1
-rwxr-xr-xdeploy/adapters/ansible/roles/post-osa/handlers/main.yml14
-rwxr-xr-xdeploy/adapters/ansible/roles/post-osa/tasks/ceilometer-upgrade.yml28
-rw-r--r--deploy/adapters/ansible/roles/post-osa/tasks/install_networking_sfc.yml17
-rw-r--r--deploy/adapters/ansible/roles/post-osa/tasks/main.yml16
-rw-r--r--deploy/adapters/ansible/roles/post-osa/tasks/tacker_horizon.yml33
-rw-r--r--deploy/adapters/ansible/roles/post-osa/vars/main.yml23
-rw-r--r--deploy/adapters/ansible/roles/setup-host/tasks/main.yml12
-rw-r--r--deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml2
-rw-r--r--deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml2
-rw-r--r--deploy/adapters/ansible/roles/storage/vars/main.yml2
36 files changed, 576 insertions, 23 deletions
diff --git a/deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml b/deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml
index eb80066e..bfdc8958 100755
--- a/deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml
+++ b/deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml
@@ -25,6 +25,12 @@
roles:
- install-k8s-dependence
+- hosts: ha
+ remote_user: root
+ max_fail_percentage: 0
+ roles:
+ - ha
+
- hosts: localhost
remote_user: root
max_fail_percentage: 0
diff --git a/deploy/adapters/ansible/kubernetes/roles/ha/files/chk_k8s_master.sh b/deploy/adapters/ansible/kubernetes/roles/ha/files/chk_k8s_master.sh
new file mode 100644
index 00000000..62e79b3b
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/ha/files/chk_k8s_master.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+count=`ss -tnl | grep 6443 | wc -l`
+
+if [ $count = 0 ]; then
+ exit 1
+else
+ exit 0
+fi
diff --git a/deploy/adapters/ansible/kubernetes/roles/ha/handlers/main.yml b/deploy/adapters/ansible/kubernetes/roles/ha/handlers/main.yml
new file mode 100644
index 00000000..03ed82ec
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/ha/handlers/main.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart haproxy
+ service: name=haproxy state=restarted enabled=yes
+
+- name: restart keepalived
+ service: name=keepalived state=restarted enabled=yes
diff --git a/deploy/adapters/ansible/kubernetes/roles/ha/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/ha/tasks/main.yml
new file mode 100644
index 00000000..c7e58376
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/ha/tasks/main.yml
@@ -0,0 +1,83 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: install keepalived haproxy
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: "{{ packages | union(packages_noarch) }}"
+
+- name: generate ha service list
+ lineinfile: dest=/opt/service create=yes line= '{{ item }}'
+ with_items: "{{ services | union(services_noarch) }}"
+
+- name: install pexpect
+ pip: name=pexpect state=present extra_args='--pre'
+
+- name: activate ip_nonlocal_bind
+ sysctl: name=net.ipv4.ip_nonlocal_bind value=1
+ state=present reload=yes
+
+- name: set net.ipv4.tcp_keepalive_intvl
+ sysctl: name=net.ipv4.tcp_keepalive_intvl value=1
+ state=present reload=yes
+
+- name: set net.ipv4.tcp_keepalive_probes
+ sysctl: name=net.ipv4.tcp_keepalive_probes value=5
+ state=present reload=yes
+
+- name: set net.ipv4.tcp_keepalive_time
+ sysctl: name=net.ipv4.tcp_keepalive_time value=5
+ state=present reload=yes
+
+- name: update haproxy cfg
+ template: src=haproxy.cfg dest=/etc/haproxy/haproxy.cfg
+ notify: restart haproxy
+
+- name: set haproxy enable flag
+ lineinfile: dest=/etc/default/haproxy state=present
+ regexp="ENABLED=*"
+ line="ENABLED=1"
+ notify: restart haproxy
+ when: ansible_os_family == "Debian"
+
+- name: set haproxy log
+ lineinfile: dest=/etc/rsyslog.conf state=present
+ regexp="local0.* /var/log/haproxy.log"
+ line="local0.* /var/log/haproxy.log"
+
+- name: set rsyslog udp module
+ lineinfile: dest=/etc/rsyslog.conf state=present
+ regexp="^#$ModLoad imudp"
+ line="$ModLoad imudp"
+
+- name: set rsyslog udp port
+ lineinfile: dest=/etc/rsyslog.conf state=present
+ regexp="^#$UDPServerRun 514"
+ line="$UDPServerRun 514"
+
+- name: set keepalived start param
+ lineinfile: dest=/etc/default/keepalived state=present
+ regexp="^DAEMON_ARGS=*"
+ line="DAEMON_ARGS=\"-D -d -S 1\""
+ when: ansible_os_family == "Debian"
+
+- name: set keepalived log
+ lineinfile: dest=/etc/rsyslog.conf state=present
+ regexp="local1.* /var/log/keepalived.log"
+ line="local1.* /var/log/keepalived.log"
+
+- name: update keepalived info
+ template: src=keepalived.conf dest=/etc/keepalived/keepalived.conf
+ notify: restart keepalived
+
+- name: restart rsyslog
+ shell: service rsyslog restart
+
+- meta: flush_handlers
diff --git a/deploy/adapters/ansible/kubernetes/roles/ha/templates/haproxy.cfg b/deploy/adapters/ansible/kubernetes/roles/ha/templates/haproxy.cfg
new file mode 100644
index 00000000..5cd240c0
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/ha/templates/haproxy.cfg
@@ -0,0 +1,48 @@
+
+global
+ #chroot /var/run/haproxy
+ daemon
+ user haproxy
+ group haproxy
+ maxconn 4000
+ pidfile /var/run/haproxy/haproxy.pid
+ #log 127.0.0.1 local0
+ tune.bufsize 1000000
+ stats socket /var/run/haproxy.sock
+ stats timeout 2m
+
+defaults
+ log global
+ maxconn 8000
+ option redispatch
+ option dontlognull
+ option splice-auto
+ timeout http-request 10s
+ timeout queue 1m
+ timeout connect 10s
+ timeout client 50s
+ timeout server 50s
+ timeout check 10s
+ retries 3
+
+listen kubernetes-apiserver-https
+ bind {{ public_vip.ip }}:8383
+ option ssl-hello-chk
+ mode tcp
+ option tcpka
+ option tcplog
+ timeout client 3h
+ timeout server 3h
+ balance roundrobin
+{% for host,ip in haproxy_hosts.items() %}
+ server {{ host }} {{ ip }}:6443 weight 1 check inter 2000 rise 2 fall 5
+{% endfor %}
+
+listen stats
+ mode http
+ bind 0.0.0.0:9999
+ stats enable
+ stats refresh 30s
+ stats uri /
+ stats realm Global\ statistics
+ stats auth admin:admin
diff --git a/deploy/adapters/ansible/kubernetes/roles/ha/templates/keepalived.conf b/deploy/adapters/ansible/kubernetes/roles/ha/templates/keepalived.conf
new file mode 100644
index 00000000..c649bed5
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/ha/templates/keepalived.conf
@@ -0,0 +1,49 @@
+global_defs {
+ router_id {{ inventory_hostname }}
+}
+
+vrrp_sync_group VG1 {
+ group {
+ internal_vip
+ public_vip
+ }
+}
+
+vrrp_instance internal_vip {
+ interface {{ sys_intf_mappings.mgmt.interface }}
+ virtual_router_id {{ vrouter_id_internal }}
+ state BACKUP
+ nopreempt
+ advert_int 1
+ priority {{ 50 + (host_index[inventory_hostname] * 50) }}
+
+ authentication {
+ auth_type PASS
+ auth_pass 1234
+ }
+
+
+ virtual_ipaddress {
+ {{ internal_vip.ip }}/{{ internal_vip.netmask }} dev {{ sys_intf_mappings.mgmt.interface }}
+ }
+}
+
+vrrp_instance public_vip {
+ interface {{ sys_intf_mappings.external.interface }}
+ virtual_router_id {{ vrouter_id_public }}
+ state BACKUP
+ nopreempt
+ advert_int 1
+ priority {{ 50 + (host_index[inventory_hostname] * 50) }}
+
+ authentication {
+ auth_type PASS
+ auth_pass 4321
+ }
+
+ virtual_ipaddress {
+ {{ network_cfg.public_vip.ip }}/{{ network_cfg.public_vip.netmask }} dev {{ sys_intf_mappings.external.interface }}
+ }
+
+}
+
diff --git a/deploy/adapters/ansible/kubernetes/roles/ha/vars/Debian.yml b/deploy/adapters/ansible/kubernetes/roles/ha/vars/Debian.yml
new file mode 100644
index 00000000..b9f46bdf
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/ha/vars/Debian.yml
@@ -0,0 +1,11 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+services: []
+packages: []
diff --git a/deploy/adapters/ansible/kubernetes/roles/ha/vars/RedHat.yml b/deploy/adapters/ansible/kubernetes/roles/ha/vars/RedHat.yml
new file mode 100644
index 00000000..b9f46bdf
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/ha/vars/RedHat.yml
@@ -0,0 +1,11 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+services: []
+packages: []
diff --git a/deploy/adapters/ansible/kubernetes/roles/ha/vars/main.yml b/deploy/adapters/ansible/kubernetes/roles/ha/vars/main.yml
new file mode 100644
index 00000000..77735d1e
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/ha/vars/main.yml
@@ -0,0 +1,16 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch:
+ - keepalived
+ - haproxy
+
+services_noarch:
+ - keepalived
+ - haproxy
diff --git a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml
index 6487e4ef..e683a3fe 100644
--- a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml
+++ b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml
@@ -9,6 +9,10 @@
---
- include_vars: "{{ ansible_os_family }}.yml"
+- name: Install yum epel-release
+ command: yum -y install epel-release
+ when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7'
+
- name: Install yum packages
yum:
pkg: "{{ item }}"
diff --git a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml
index e016b855..8ced18b4 100644
--- a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml
+++ b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml
@@ -2,6 +2,7 @@
packages:
- ubuntu-cloud-keyring
- python-dev
+ - python-pip
- openvswitch-switch
- openvswitch-switch-dpdk
- python-memcache
diff --git a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/RedHat.yml b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/RedHat.yml
index 3ec18e7f..b7e1d3dc 100644
--- a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/RedHat.yml
+++ b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/RedHat.yml
@@ -1,6 +1,7 @@
---
packages:
- python-devel
+ - python-pip
- gcc
- redhat-lsb-core
- python-crypto
diff --git a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/main.yml b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/main.yml
index 713b6b5f..7158325a 100644
--- a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/main.yml
+++ b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/main.yml
@@ -8,7 +8,6 @@
##############################################################################
---
packages_noarch:
- - python-pip
- ntp
services_noarch: []
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/files/openssl.conf.j2 b/deploy/adapters/ansible/kubernetes/roles/kargo/files/openssl.conf.j2
new file mode 100644
index 00000000..d998d4cb
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/kargo/files/openssl.conf.j2
@@ -0,0 +1,34 @@
+[req]
+req_extensions = v3_req
+distinguished_name = req_distinguished_name
+[req_distinguished_name]
+[ v3_req ]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = kubernetes
+DNS.2 = kubernetes.default
+DNS.3 = kubernetes.default.svc
+DNS.4 = kubernetes.default.svc.{{ dns_domain }}
+DNS.5 = localhost
+{% for host in groups['kube-master'] %}
+DNS.{{ 5 + loop.index }} = {{ host }}
+{% endfor %}
+{% if loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined %}
+{% set idx = groups['kube-master'] | length | int + 5 + 1 %}
+DNS.{{ idx | string }} = {{ apiserver_loadbalancer_domain_name }}
+{% endif %}
+{% for host in groups['kube-master'] %}
+IP.{{ 2 * loop.index - 1 }} = {{ hostvars[host]['access_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
+IP.{{ 2 * loop.index }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
+{% endfor %}
+{% set idx = groups['kube-master'] | length | int * 2 + 1 %}
+IP.{{ idx }} = {{ kube_apiserver_ip }}
+IP.{{ idx + 1 }} = 127.0.0.1
+{% if supplementary_addresses_in_ssl_keys is defined %}
+{% set is = idx + 1 %}
+{% for addr in supplementary_addresses_in_ssl_keys %}
+IP.{{ is + loop.index }} = {{ addr }}
+{% endfor %}
+{% endif %}
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml
index 2763e53e..af52ad04 100644
--- a/deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml
+++ b/deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml
@@ -67,7 +67,7 @@
- name: copy inventoriy.json file
copy:
- src: /var/ansible/run/kubernetes-opnfv2/inventories/inventory.json
+ src: "{{ run_dir }}/inventories/inventory.json"
dest: /tmp/inventory.json
tags:
- ansible
@@ -96,6 +96,51 @@
regexp: '^helm_enabled:'
line: 'helm_enabled: {{ helm_flag }}'
+- name: enable external lb | set lb domain_nam
+ lineinfile:
+ dest: /opt/kargo_k8s/inventory/group_vars/all.yml
+ regexp: '^## apiserver_loadbalancer_domain_name:'
+ line: 'apiserver_loadbalancer_domain_name: {{ apiserver_loadbalancer_domain_name }}'
+
+- name: enable external lb |
+ lineinfile:
+ dest: /opt/kargo_k8s/inventory/group_vars/all.yml
+ regexp: '^#loadbalancer_apiserver:'
+ line: 'loadbalancer_apiserver:'
+
+- name: enable external lb | set vip address
+ lineinfile:
+ dest: /opt/kargo_k8s/inventory/group_vars/all.yml
+ regexp: '^# address: 1.2.3.4'
+ line: ' address: {{ vipaddress }}'
+
+- name: enable external lb | set vip port
+ lineinfile:
+ dest: /opt/kargo_k8s/inventory/group_vars/all.yml
+ regexp: '^# port: 1234'
+ line: ' port: {{ exlb_port }}'
+
+- name: enable internal lb
+ lineinfile:
+ dest: /opt/kargo_k8s/inventory/group_vars/all.yml
+ regexp: '^#loadbalancer_apiserver_localhost: true'
+ line: 'loadbalancer_apiserver_localhost: true'
+
+- name: add vip to ssl keys
+ lineinfile:
+ dest: /opt/kargo_k8s/inventory/group_vars/k8s-cluster.yml
+ line: 'supplementary_addresses_in_ssl_keys: [{{ vipaddress }}]'
+
+- name: rm openssl file
+ file:
+ path: /opt/kargo_k8s/roles/kubernetes/secrets/templates/openssl.conf.j2
+ state: absent
+
+- name: copy openssl.conf.j2
+ copy:
+ src: openssl.conf.j2
+ dest: /opt/kargo_k8s/roles/kubernetes/secrets/templates/openssl.conf.j2
+
- name: copy overrided variables
copy:
src: "{{ item }}"
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/vars/main.yml b/deploy/adapters/ansible/kubernetes/roles/kargo/vars/main.yml
index 2d396d06..b73056e5 100644
--- a/deploy/adapters/ansible/kubernetes/roles/kargo/vars/main.yml
+++ b/deploy/adapters/ansible/kubernetes/roles/kargo/vars/main.yml
@@ -1,2 +1,5 @@
---
helm_flag: true
+apiserver_loadbalancer_domain_name: "{{ public_vip.ip }}"
+vipaddress: "{{ public_vip.ip }}"
+exlb_port: 8383
diff --git a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml
index 178acc3d..6ea57c04 100644
--- a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml
+++ b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml
@@ -45,6 +45,8 @@
- compute
- utility
- neutron_server
+ - ceilometer_all
+ - horizon_all
remote_user: root
roles:
- post-osa
diff --git a/deploy/adapters/ansible/roles/config-osa/files/collect-log.sh b/deploy/adapters/ansible/roles/config-osa/files/collect-log.sh
new file mode 100755
index 00000000..7f51a2c3
--- /dev/null
+++ b/deploy/adapters/ansible/roles/config-osa/files/collect-log.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+##############################################################################
+# Copyright (c) 2018 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+SCRIPT_PATH="$(dirname $(realpath ${BASH_SOURCE[0]}))"
+
+openstack-ansible $SCRIPT_PATH/collect-log.yml
diff --git a/deploy/adapters/ansible/roles/config-osa/files/collect-log.yml b/deploy/adapters/ansible/roles/config-osa/files/collect-log.yml
new file mode 100644
index 00000000..6e6f9e5a
--- /dev/null
+++ b/deploy/adapters/ansible/roles/config-osa/files/collect-log.yml
@@ -0,0 +1,32 @@
+---
+##############################################################################
+# Copyright (c) 2018 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+- name: Collect log
+ hosts: rsyslog[0]
+ user: root
+ tasks:
+ - name: ensure log directory exist
+ stat:
+ path: /var/log/log-storage
+ register: log_dir
+
+ - name: compress log directory
+ archive:
+ path: "{{ log_dir.stat.path }}"
+ dest: "{{ log_dir.stat.path }}/log.tar.gz"
+ format: gz
+ when: log_dir.stat.exists is defined and log_dir.stat.exists
+
+ - name: fetch the log tarball
+ fetch:
+ src: "{{ log_dir.stat.path }}/log.tar.gz"
+ dest: /opt/log.tar.gz
+ flat: "yes"
+ when: log_dir.stat.exists is defined and log_dir.stat.exists
diff --git a/deploy/adapters/ansible/roles/config-osa/files/haproxy.yml b/deploy/adapters/ansible/roles/config-osa/files/haproxy.yml
index 3085f6aa..a0a09e49 100644
--- a/deploy/adapters/ansible/roles/config-osa/files/haproxy.yml
+++ b/deploy/adapters/ansible/roles/config-osa/files/haproxy.yml
@@ -261,3 +261,14 @@ haproxy_default_services:
haproxy_backend_options:
- "httpchk GET /"
haproxy_whitelist_networks: "{{ haproxy_octavia_whitelist_networks }}"
+
+ - service:
+ haproxy_service_name: tacker
+ haproxy_backend_nodes: "{{ groups['tacker_all'] | default([]) }}"
+ haproxy_ssl: "{{ haproxy_ssl }}"
+ haproxy_port: 9890
+ haproxy_balance_type: http
+ haproxy_backend_options:
+ - "forwardfor"
+ - "httpchk"
+ - "httplog"
diff --git a/deploy/adapters/ansible/roles/config-osa/files/polling.yaml b/deploy/adapters/ansible/roles/config-osa/files/polling.yaml
new file mode 100644
index 00000000..631e3687
--- /dev/null
+++ b/deploy/adapters/ansible/roles/config-osa/files/polling.yaml
@@ -0,0 +1,6 @@
+---
+sources:
+ - name: all_pollsters
+ interval: 300
+ meters:
+ - "*"
diff --git a/deploy/adapters/ansible/roles/config-osa/files/user_ceph.yml b/deploy/adapters/ansible/roles/config-osa/files/user_ceph.yml
index 9d5f13a9..6daa1436 100644
--- a/deploy/adapters/ansible/roles/config-osa/files/user_ceph.yml
+++ b/deploy/adapters/ansible/roles/config-osa/files/user_ceph.yml
@@ -14,3 +14,13 @@ cinder_backends:
rbd_user: cinder
rbd_secret_uuid: "{{ cinder_ceph_client_uuid }}"
report_discard_supported: true
+
+gnocchi_storage_driver: ceph
+gnocchi_ceph_pool: "metrics"
+ceph_extra_components:
+ - component: gnocchi_api
+ package:
+ - "{{ python_ceph_package }}"
+ client:
+ - '{{ gnocchi_ceph_client }}'
+ service: '{{ ceph_gnocchi_service_names }}'
diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml
index f9eef749..8bb56656 100755
--- a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml
@@ -332,6 +332,16 @@
when:
- "{{ hostvars[inventory_hostname]['groups']['controller'] | length < 2 }}"
+- name: copy collect-log.sh to /opt
+ copy:
+ src: collect-log.sh
+ dest: /opt/collect-log.sh
+
+- name: copy collect-log.yml to /opt
+ copy:
+ src: collect-log.yml
+ dest: /opt/collect-log.yml
+
# - name: change repore build
# lineinfile:
# dest: /etc/ansible/roles/repo_build/tasks/main.yml
@@ -345,3 +355,9 @@
- include: fix_pip_version.yml
- include: fix_rescue.yml
+
+- name: include tacker in setup-openstack
+ lineinfile:
+ dest: /opt/openstack-ansible/playbooks/setup-openstack.yml
+ insertafter: "^- include: os-trove"
+ line: "- include: os-tacker-install.yml"
diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/meters.yml b/deploy/adapters/ansible/roles/config-osa/tasks/meters.yml
index 8f06a884..2b3bce5f 100644
--- a/deploy/adapters/ansible/roles/config-osa/tasks/meters.yml
+++ b/deploy/adapters/ansible/roles/config-osa/tasks/meters.yml
@@ -69,3 +69,15 @@
[database]{% raw %}
connection = mysql+pymysql://{{ ceilometer_galera_user }}:{{ ceilometer_container_db_password }}@{{ceilometer_galera_address }}/{{ ceilometer_galera_database }}?charset=utf86{% endraw %}
# yamllint enable rule:line-length
+
+- name: make sure the directory exist
+ file:
+ dest: /etc/openstack_deploy/ceilometer
+ state: directory
+ mode: 0755
+
+- name: copy the polling.yml
+ copy:
+ dest: /etc/openstack_deploy/ceilometer/polling.yaml
+ src: polling.yaml
+ mode: 0644
diff --git a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2
index 130b5ad1..03e3a2af 100644
--- a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2
+++ b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2
@@ -45,6 +45,11 @@ neutron_plugin_type: ml2.ovs
neutron_ml2_drivers_type: "local,flat,{{ tenant_net_info['type'] }}"
+neutron_plugin_base:
+ - router
+ - metering
+ - trunk
+
neutron_provider_networks:
network_flat_networks: "*"
network_types: "{{ tenant_net_info['type'] }}"
diff --git a/deploy/adapters/ansible/roles/post-openstack/tasks/main.yml b/deploy/adapters/ansible/roles/post-openstack/tasks/main.yml
index 7022a4b5..fb0dc67d 100644
--- a/deploy/adapters/ansible/roles/post-openstack/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/post-openstack/tasks/main.yml
@@ -40,6 +40,7 @@
--subnet-range "{{ public_net_info.floating_ip_cidr }}" \
"{{ public_net_info.subnet }}"
when:
+ - public_net_info.enable == "True"
- inventory_hostname == groups['utility_all'][0]
- name: create openstack flavors
diff --git a/deploy/adapters/ansible/roles/post-osa/handlers/main.yml b/deploy/adapters/ansible/roles/post-osa/handlers/main.yml
index 3d979e6a..d685edca 100755
--- a/deploy/adapters/ansible/roles/post-osa/handlers/main.yml
+++ b/deploy/adapters/ansible/roles/post-osa/handlers/main.yml
@@ -9,3 +9,17 @@
- name: restart network service
shell: "/sbin/ifconfig eth0 0 &&/sbin/ifdown -a && \
/sbin/ifup --ignore-errors -a"
+
+- name: Restart ceilometer services
+ service:
+ name: "{{ item.0.service_name }}"
+ enabled: "yes"
+ state: "restarted"
+ with_subelements:
+ - "{{ ceilometer_services }}"
+ - group
+ when: inventory_hostname in groups[item.1]
+ register: _restart
+ until: _restart | success
+ retries: 5
+ delay: 2
diff --git a/deploy/adapters/ansible/roles/post-osa/tasks/ceilometer-upgrade.yml b/deploy/adapters/ansible/roles/post-osa/tasks/ceilometer-upgrade.yml
new file mode 100755
index 00000000..3d991b74
--- /dev/null
+++ b/deploy/adapters/ansible/roles/post-osa/tasks/ceilometer-upgrade.yml
@@ -0,0 +1,28 @@
+#############################################################################
+# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: check for gnocchi resource file
+ stat:
+ path: "/etc/ceilometer/gnocchi_resources.yaml"
+ register: gnocchi_resource_file
+
+- name: get the path of ceilometer-upgrade
+ shell: "find / -name ceilometer-upgrade 2>/dev/null || true"
+ register: ceilometer_upgrade_path
+
+- name: Initialize Gnocchi database by creating ceilometer resources
+ command: "{{ ceilometer_upgrade_path.stdout }} --skip-metering-database"
+ become: "yes"
+ when: gnocchi_resource_file.stat.exists
+ register: _upgrade
+ until: _upgrade | success
+ retries: 10
+ delay: 2
+ notify:
+ - Restart ceilometer services
diff --git a/deploy/adapters/ansible/roles/post-osa/tasks/install_networking_sfc.yml b/deploy/adapters/ansible/roles/post-osa/tasks/install_networking_sfc.yml
index fbed5815..d5a04e78 100644
--- a/deploy/adapters/ansible/roles/post-osa/tasks/install_networking_sfc.yml
+++ b/deploy/adapters/ansible/roles/post-osa/tasks/install_networking_sfc.yml
@@ -3,7 +3,7 @@
- name: install networking-sfc
pip:
name: networking-sfc
- virtualenv: /openstack/venvs/neutron-15.1.4
+ virtualenv: /openstack/venvs/neutron-{{ os_ver }}
when:
- inventory_hostname in groups['neutron_server']
@@ -11,14 +11,12 @@
package:
name: crudini
state: latest
- when:
- - inventory_hostname in groups['neutron_server']
- name: Install networking-sfc for CLI
pip:
name: networking-sfc
when:
- - inventory_hostname in groups['utility']
+ - inventory_hostname not in groups['neutron_server']
- name: turn off neutron-server on control node
service: name=neutron-server state=stopped
@@ -35,13 +33,18 @@
shell: crudini --merge /etc/neutron/neutron.conf < /opt/sfc.conf
when: inventory_hostname in groups['neutron_server']
+- name: Configure SFC extension on compute nodes
+ shell: crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini \
+ agent extensions sfc;
+ when: inventory_hostname in groups['compute']
+
- name: delete sfc.conf
shell: rm -rf {{ sfc_plugins.dst }}
when: inventory_hostname in groups['neutron_server']
- name: Perform a Neutron DB online upgrade
command: |
- /openstack/venvs/neutron-15.1.4/bin/neutron-db-manage
+ /openstack/venvs/neutron-{{ os_ver }}/bin/neutron-db-manage
--config-file /etc/neutron/neutron.conf
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini
upgrade --expand
@@ -51,7 +54,7 @@
- name: Perform a Neutron DB offline upgrade
command: |
- /openstack/venvs/neutron-15.1.4/bin/neutron-db-manage
+ /openstack/venvs/neutron-{{ os_ver }}/bin/neutron-db-manage
--config-file /etc/neutron/neutron.conf
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini
upgrade --contract
@@ -61,7 +64,7 @@
- name: SFC DB upgrade
command: |
- /openstack/venvs/neutron-15.1.4/bin/neutron-db-manage
+ /openstack/venvs/neutron-{{ os_ver }}/bin/neutron-db-manage
--subproject networking-sfc
upgrade head
become: "yes"
diff --git a/deploy/adapters/ansible/roles/post-osa/tasks/main.yml b/deploy/adapters/ansible/roles/post-osa/tasks/main.yml
index bd83b50f..fed3842f 100644
--- a/deploy/adapters/ansible/roles/post-osa/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/post-osa/tasks/main.yml
@@ -13,13 +13,19 @@
- ansible_distribution == 'Ubuntu'
# install networking-sfc for non odl scenarios
-# - include: install_networking_sfc.yml
-# when:
-# - odl_sfc is not defined or odl_sfc == "Disable"
-# - inventory_hostname not in groups['compute']
-# when: ansible_distribution == 'Ubuntu'
+- include: install_networking_sfc.yml
+ when:
+ - opendaylight is not defined or opendaylight == "Disable"
+ - inventory_hostname not in groups['horizon_all']
- include: "{{ ansible_os_family }}.yml"
when:
- ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7'
- inventory_hostname in groups['compute']
+
+- include: ceilometer-upgrade.yml
+ when:
+ - inventory_hostname in groups['ceilometer_all']
+
+- include: tacker_horizon.yml
+ when: inventory_hostname in groups['horizon_all']
diff --git a/deploy/adapters/ansible/roles/post-osa/tasks/tacker_horizon.yml b/deploy/adapters/ansible/roles/post-osa/tasks/tacker_horizon.yml
new file mode 100644
index 00000000..2c1d2d87
--- /dev/null
+++ b/deploy/adapters/ansible/roles/post-osa/tasks/tacker_horizon.yml
@@ -0,0 +1,33 @@
+---
+
+- name: remove tacker-horizon directory
+ file:
+ path: "{{ tacker_horizon_dir }}"
+ state: absent
+
+- name: get tacker horizon (online)
+ git:
+ repo: "{{ tacker_horizon_repo }}"
+ dest: "{{ tacker_horizon_dir }}"
+ version: "{{ tacker_horizon_branch }}"
+ when: offline_deployment is defined and offline_deployment == "Disable"
+
+- name: copy installation script (offline)
+ get_url:
+ url: "http://{{ offline_repo_ip }}:{{ offline_repo_port }}/tacker-horizon.tar.gz"
+ dest: "/opt/"
+ when: offline_deployment is defined and offline_deployment == "Enable"
+
+- name: untar tacker-horizon tarball
+ command: su -s /bin/sh -c "tar xzf /opt/tacker-horizon.tar.gz -C /opt/"
+ when: offline_deployment is defined and offline_deployment == "Enable"
+
+- name: install tacker-horizon
+ shell: |
+ cd /opt/tacker-horizon/;
+ pip install -r requirements.txt;
+ sleep 30;
+ python setup.py install;
+ cp tacker_horizon/enabled/* \
+ {{ tacker_horizon_enable_path }}/;
+ service apache2 restart
diff --git a/deploy/adapters/ansible/roles/post-osa/vars/main.yml b/deploy/adapters/ansible/roles/post-osa/vars/main.yml
index da886028..95f51530 100644
--- a/deploy/adapters/ansible/roles/post-osa/vars/main.yml
+++ b/deploy/adapters/ansible/roles/post-osa/vars/main.yml
@@ -1,5 +1,17 @@
---
+os_ver: 16.0.5
+os_name: pike
+
+# yamllint disable rule:line-length
+tacker_horizon_repo: https://github.com/openstack/tacker-horizon.git
+tacker_horizon_dir: /opt/tacker-horizon
+tacker_horizon_branch: "stable/{{ os_name }}"
+openstack_release: "{{ os_ver }}"
+tacker_horizon_venv: "/openstack/venvs/horizon-{{ openstack_release }}"
+tacker_horizon_enable_path: "{{ tacker_horizon_venv }}/lib/python2.7/site-packages/openstack_dashboard/enabled"
+# yamllint enable rule:line-length
+
sfc_plugins:
src: sfc.conf
dst: /opt/sfc.conf
@@ -24,3 +36,14 @@ intf_storage: |-
{%- set intf_storage = intf_storage + '.' + compu_sys_mappings["storage"]["vlan_tag"]|string %}
{%- endif %}
{{- intf_storage }}
+
+ceilometer_services:
+ ceilometer-agent-notification:
+ group:
+ - ceilometer_agent_notification
+ service_name: ceilometer-agent-notification
+ ceilometer-polling:
+ group:
+ - ceilometer_agent_central
+ - ceilometer_agent_compute
+ service_name: ceilometer-polling
diff --git a/deploy/adapters/ansible/roles/setup-host/tasks/main.yml b/deploy/adapters/ansible/roles/setup-host/tasks/main.yml
index 4eba3d00..0a63f7f5 100644
--- a/deploy/adapters/ansible/roles/setup-host/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/setup-host/tasks/main.yml
@@ -10,7 +10,7 @@
---
- name: openstack-hosts-setup
- shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
+ shell: "export ANSIBLE_LOG_PATH={{ run_dir }}/ansible.log; \
export ANSIBLE_SCP_IF_SSH=y; \
cd /opt/openstack-ansible/playbooks; \
openstack-ansible openstack-hosts-setup.yml \
@@ -25,7 +25,7 @@
when: openstack_hosts_setup_result.stdout.find('Mark openstack-hosts-setup completed') == -1
- name: security-hardening
- shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
+ shell: "export ANSIBLE_LOG_PATH={{ run_dir }}/ansible.log; \
export ANSIBLE_SCP_IF_SSH=y; \
cd /opt/openstack-ansible/playbooks; \
openstack-ansible security-hardening.yml \
@@ -40,7 +40,7 @@
when: security_hardening_result.stdout.find('Mark security-hardening completed') == -1
- name: lxc-hosts-setup
- shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
+ shell: "export ANSIBLE_LOG_PATH={{ run_dir }}/ansible.log; \
export ANSIBLE_SCP_IF_SSH=y; \
cd /opt/openstack-ansible/playbooks; \
openstack-ansible lxc-hosts-setup.yml \
@@ -55,7 +55,7 @@
when: lxc_hosts_setup_result.stdout.find('Mark lxc-hosts-setup completed') == -1
- name: lxc-containers-create
- shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
+ shell: "export ANSIBLE_LOG_PATH={{ run_dir }}/ansible.log; \
export ANSIBLE_SCP_IF_SSH=y; \
cd /opt/openstack-ansible/playbooks; \
openstack-ansible lxc-containers-create.yml \
@@ -66,7 +66,7 @@
register: failed_container
- name: destroy the failed_container
- shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
+ shell: "export ANSIBLE_LOG_PATH={{ run_dir }}/ansible.log; \
export ANSIBLE_SCP_IF_SSH=y; \
cd /opt/openstack-ansible/playbooks; \
openstack-ansible lxc-containers-destroy.yml \
@@ -77,7 +77,7 @@
ignore_errors: "True"
- name: retry to setup failed_container
- shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
+ shell: "export ANSIBLE_LOG_PATH={{ run_dir }}/ansible.log; \
export ANSIBLE_SCP_IF_SSH=y; \
cd /opt/openstack-ansible/playbooks; \
openstack-ansible lxc-containers-create.yml --limit {{item}} \
diff --git a/deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml b/deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml
index 7cf5c86f..4e3a926f 100644
--- a/deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/setup-infrastructure/tasks/main.yml
@@ -8,7 +8,7 @@
##############################################################################
---
- name: setup infrastructure
- shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
+ shell: "export ANSIBLE_LOG_PATH={{ run_dir }}/ansible.log; \
export ANSIBLE_SCP_IF_SSH=y; \
cd /opt/openstack-ansible/playbooks; \
openstack-ansible setup-infrastructure.yml \
diff --git a/deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml b/deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml
index a6ecb82f..c572936d 100644
--- a/deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/setup-openstack/tasks/main.yml
@@ -8,7 +8,7 @@
##############################################################################
---
- name: setup openstack
- shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
+ shell: "export ANSIBLE_LOG_PATH={{ run_dir }}/ansible.log; \
export ANSIBLE_SCP_IF_SSH=y; \
cd /opt/openstack-ansible/playbooks; \
openstack-ansible setup-openstack.yml \
diff --git a/deploy/adapters/ansible/roles/storage/vars/main.yml b/deploy/adapters/ansible/roles/storage/vars/main.yml
index cbee9c1e..d6c5961a 100644
--- a/deploy/adapters/ansible/roles/storage/vars/main.yml
+++ b/deploy/adapters/ansible/roles/storage/vars/main.yml
@@ -7,7 +7,7 @@
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
---
-host_loopback_ceph_size: "100G"
+host_loopback_ceph_size: "500G"
rc_local_insert_before: "^exit 0$"
bootstrap_host_data_disk_device: null
bootstrap_host_data_disk_device_force: "no"