From f93fc4fc70694d21f136ae1599b13fd237018b74 Mon Sep 17 00:00:00 2001 From: chigang Date: Tue, 4 Jul 2017 13:21:12 +0800 Subject: Fix keepalived ping address JIRA:- Replace OSA default address with ntp_server address. OSA will use it to check internet connection. Rename some roles that make users confused. Change-Id: I4dd7e242e427e5bc3a611450a3bc436e44a8fefe Signed-off-by: chigang --- .../ansible/roles/config-osa/files/cinder.yml | 13 ++ .../ansible/roles/config-osa/files/http.yml | 17 ++ .../config-osa/files/os-flavor/tasks/main.yml | 17 ++ .../roles/config-osa/files/os-flavor/vars/main.yml | 45 ++++ .../ansible/roles/config-osa/files/setup-ovs.yml | 57 +++++ .../ansible/roles/config-osa/tasks/main.yml | 58 ++++++ .../ansible/roles/config-osa/templates/ansible.cfg | 3 + .../config-osa/templates/create-flavor.yml.j2 | 15 ++ .../config-osa/templates/create-network.yml.j2 | 41 ++++ .../templates/openstack_user_config.yml.j2 | 232 +++++++++++++++++++++ .../config-osa/templates/user_variables.yml.j2 | 48 +++++ 11 files changed, 546 insertions(+) create mode 100755 deploy/adapters/ansible/roles/config-osa/files/cinder.yml create mode 100644 deploy/adapters/ansible/roles/config-osa/files/http.yml create mode 100644 deploy/adapters/ansible/roles/config-osa/files/os-flavor/tasks/main.yml create mode 100644 deploy/adapters/ansible/roles/config-osa/files/os-flavor/vars/main.yml create mode 100644 deploy/adapters/ansible/roles/config-osa/files/setup-ovs.yml create mode 100644 deploy/adapters/ansible/roles/config-osa/tasks/main.yml create mode 100644 deploy/adapters/ansible/roles/config-osa/templates/ansible.cfg create mode 100644 deploy/adapters/ansible/roles/config-osa/templates/create-flavor.yml.j2 create mode 100644 deploy/adapters/ansible/roles/config-osa/templates/create-network.yml.j2 create mode 100644 deploy/adapters/ansible/roles/config-osa/templates/openstack_user_config.yml.j2 create mode 100644 deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 (limited to 'deploy/adapters/ansible/roles/config-osa') diff --git a/deploy/adapters/ansible/roles/config-osa/files/cinder.yml b/deploy/adapters/ansible/roles/config-osa/files/cinder.yml new file mode 100755 index 00000000..3a39935a --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/files/cinder.yml @@ -0,0 +1,13 @@ +--- +# This file contains an example to show how to set +# the cinder-volume service to run in a container. +# +# Important note: +# When using LVM or any iSCSI-based cinder backends, such as NetApp with +# iSCSI protocol, the cinder-volume service *must* run on metal. +# Reference: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1226855 + +container_skel: + cinder_volumes_container: + properties: + is_metal: true diff --git a/deploy/adapters/ansible/roles/config-osa/files/http.yml b/deploy/adapters/ansible/roles/config-osa/files/http.yml new file mode 100644 index 00000000..248fc06d --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/files/http.yml @@ -0,0 +1,17 @@ +--- +- name: change https to http in haproxy configuratio + hosts: network_hosts + gather_facts: "{{ gather_facts | default(True) }}" + max_fail_percentage: 20 + user: root + tasks: + - name: change the haproxy configuration + shell: "sed -i 's/ssl crt.*//g' /etc/haproxy/haproxy.cfg; + sed -i 's/https$/http/g' /etc/haproxy/haproxy.cfg" + when: openstack_service_publicuri_proto == "http" + + - name: restart haproxy service + service: + name: haproxy + state: restarted + when: openstack_service_publicuri_proto == "http" diff --git a/deploy/adapters/ansible/roles/config-osa/files/os-flavor/tasks/main.yml b/deploy/adapters/ansible/roles/config-osa/files/os-flavor/tasks/main.yml new file mode 100644 index 00000000..03b57120 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/files/os-flavor/tasks/main.yml @@ -0,0 +1,17 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- + +- name: create openstack flavors + shell: | + . /root/openrc; + openstack flavor create {{ item.name }} \ + --id {{ item.id }} --ram {{ item.ram }} \ + --disk {{ item.disk }} --vcpus {{ item.vcpus }} || true + with_items: "{{ flavors }}" diff --git a/deploy/adapters/ansible/roles/config-osa/files/os-flavor/vars/main.yml b/deploy/adapters/ansible/roles/config-osa/files/os-flavor/vars/main.yml new file mode 100644 index 00000000..d9c36d42 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/files/os-flavor/vars/main.yml @@ -0,0 +1,45 @@ +############################################################################## +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +flavors: + - id: 0 + name: m1.nano + vcpus: 1 + ram: 64 + disk: 1 + + - id: 1 + name: m1.tiny + vcpus: 1 + ram: 512 + disk: 1 + + - id: 2 + name: m1.small + vcpus: 1 + ram: 2048 + disk: 20 + + - id: 3 + name: m1.medium + vcpus: 2 + ram: 4096 + disk: 40 + + - id: 4 + name: m1.large + vcpus: 4 + ram: 8192 + disk: 80 + + - id: 5 + name: m1.xlarge + vcpus: 8 + ram: 16384 + disk: 160 diff --git a/deploy/adapters/ansible/roles/config-osa/files/setup-ovs.yml b/deploy/adapters/ansible/roles/config-osa/files/setup-ovs.yml new file mode 100644 index 00000000..57bc5ef1 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/files/setup-ovs.yml @@ -0,0 +1,57 @@ +--- +- name: Installation and setup of Neutron + hosts: neutron_openvswitch_agent + gather_facts: "{{ gather_facts | default(True) }}" + max_fail_percentage: 20 + user: root + tasks: + - name: stop neutron-openvswitch-agent + service: + name: neutron-openvswitch-agent + state: stopped + + # yamllint disable rule:line-length + - name: change the openvswitch_agent.ini + lineinfile: + dest: /etc/neutron/plugins/ml2/openvswitch_agent.ini + insertafter: '^bridge_mappings' + line: "local_ip = {{ hostvars[inventory_hostname]['container_networks']['tunnel_address']['address'] }}" + when: + - inventory_hostname not in groups['nova_compute'] + + - name: change the openvswitch_agent.ini + lineinfile: + dest: /etc/neutron/plugins/ml2/openvswitch_agent.ini + regexp: '^bridge_mappings' + insertafter: '^bridge_mappings' + line: "local_ip = {{hostvars[inventory_hostname]['ansible_br_vxlan']['ipv4']['address']}}" + notify: + - Restart neutron-openvswitch-agent + when: + - inventory_hostname in groups['nova_compute'] + # yamllint enable rule:line-length + + - name: Setup br-provider + openvswitch_bridge: + bridge: br-provider + state: present + notify: + - Restart neutron-openvswitch-agent + when: + - inventory_hostname not in groups['nova_compute'] + + - name: Add port to br-provider + openvswitch_port: + bridge: br-provider + port: "eth12" + state: present + notify: + - Restart neutron-openvswitch-agent + when: + - inventory_hostname not in groups['nova_compute'] + + handlers: + - name: Restart neutron-openvswitch-agent + service: + name: neutron-openvswitch-agent + state: restarted diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml new file mode 100644 index 00000000..8246d6e7 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml @@ -0,0 +1,58 @@ +# ############################################################################# +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +# ############################################################################# +--- +- name: create osa log directory + file: + path: /var/log/osa/ + state: directory + +- name: copy openstack_user_config + template: + src: openstack_user_config.yml.j2 + dest: /etc/openstack_deploy/openstack_user_config.yml + +- name: copy user_variables + template: + src: user_variables.yml.j2 + dest: /etc/openstack_deploy/user_variables.yml + +- name: copy cinder.yml + copy: + src: cinder.yml + dest: /etc/openstack_deploy/env.d/cinder.yml + +- name: copy ansible.cfg + template: + src: ansible.cfg + dest: /opt/openstack-ansible/playbooks/ + +- name: copy setup-ovs.yml + copy: + src: setup-ovs.yml + dest: /opt/openstack-ansible/playbooks + +- name: copy flavor roles + copy: + src: os-flavor + dest: /etc/ansible/roles/ + +- name: generate create-network.yml + template: + src: create-network.yml.j2 + dest: /opt/openstack-ansible/playbooks/create-network.yml + +- name: generate create-flavor.yml + template: + src: create-flavor.yml.j2 + dest: /opt/openstack-ansible/playbooks/create-flavor.yml + +- name: copy http.yml + copy: + src: http.yml + dest: /opt/openstack-ansible/playbooks/http.yml diff --git a/deploy/adapters/ansible/roles/config-osa/templates/ansible.cfg b/deploy/adapters/ansible/roles/config-osa/templates/ansible.cfg new file mode 100644 index 00000000..41502fbf --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/templates/ansible.cfg @@ -0,0 +1,3 @@ +[ssh_connection] +retries = 5 +scp_if_ssh = True diff --git a/deploy/adapters/ansible/roles/config-osa/templates/create-flavor.yml.j2 b/deploy/adapters/ansible/roles/config-osa/templates/create-flavor.yml.j2 new file mode 100644 index 00000000..b33cd414 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/templates/create-flavor.yml.j2 @@ -0,0 +1,15 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: Create flavor + hosts: utility_container[0] + max_fail_percentage: 20 + user: root + roles: + - os-flavor diff --git a/deploy/adapters/ansible/roles/config-osa/templates/create-network.yml.j2 b/deploy/adapters/ansible/roles/config-osa/templates/create-network.yml.j2 new file mode 100644 index 00000000..419b9b18 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/templates/create-network.yml.j2 @@ -0,0 +1,41 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: Create external network + hosts: utility_container[0] + max_fail_percentage: 20 + user: root + tasks: + - name: create external net + shell: | + . /root/openrc; + openstack network create --share --external \ + --provider-physical-network {{ public_net_info.provider_network }} \ + --provider-network-type {{ public_net_info.type }} {{ public_net_info.network }}; + when: {{ public_net_info.enable }} == True + and "{{ public_net_info.type }}" == "flat" + + - name: create external net + shell: | + . /root/openrc; + openstack network create --share --external \ + --network-segment {{ public_net_info.segment_id }} \ + --provider-network-type {{ public_net_info.type }} {{ public_net_info.network }}; + when: {{public_net_info.enable}} == True + and "{{ public_net_info.type }}" != "flat" + + - name: create external subnet + shell: | + . /root/openrc; + openstack subnet create --network "{{ public_net_info.network }}" \ + --allocation-pool \ + start={{ public_net_info.floating_ip_start }},end={{ public_net_info.floating_ip_end }} \ + --gateway "{{ public_net_info.external_gw }}" \ + --subnet-range "{{ public_net_info.floating_ip_cidr }}" \ + "{{ public_net_info.subnet }}" diff --git a/deploy/adapters/ansible/roles/config-osa/templates/openstack_user_config.yml.j2 b/deploy/adapters/ansible/roles/config-osa/templates/openstack_user_config.yml.j2 new file mode 100644 index 00000000..2a24113b --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/templates/openstack_user_config.yml.j2 @@ -0,0 +1,232 @@ +--- +cidr_networks: + container: 10.1.0.0/24 + tunnel: 172.29.240.0/22 + storage: 172.16.2.0/24 + +used_ips: + - "10.1.0.1,10.1.0.55" + - "10.1.0.100,10.1.0.110" + - "172.29.240.1,172.29.240.50" + - "172.16.2.1,172.16.2.50" + - "172.29.248.1,172.29.248.50" + +global_overrides: + internal_lb_vip_address: 10.1.0.22 + external_lb_vip_address: {{ public_vip.ip }} + tunnel_bridge: "br-vxlan" + management_bridge: "br-mgmt" + provider_networks: + - network: + container_bridge: "br-mgmt" + container_type: "veth" + container_interface: "eth1" + ip_from_q: "container" + type: "raw" + group_binds: + - all_containers + - hosts + is_container_address: true + is_ssh_address: true + - network: + container_bridge: "br-vxlan" + container_type: "veth" + container_interface: "eth10" + ip_from_q: "tunnel" + type: "vxlan" + range: "1:1000" + net_name: "vxlan" + group_binds: +{% if "linuxbridge" == NEUTRON_MECHANISM_DRIVERS[0] %} + - neutron_linuxbridge_agent +{% else %} + - neutron_openvswitch_agent +{% endif %} + - network: + container_bridge: "br-vlan" + container_type: "veth" + container_interface: "eth12" + host_bind_override: "eth12" + type: "flat" + net_name: "{{ public_net_info.provider_network }}" + group_binds: +{% if "linuxbridge" == NEUTRON_MECHANISM_DRIVERS[0] %} + - neutron_linuxbridge_agent +{% else %} + - neutron_openvswitch_agent +{% endif %} + - network: + container_bridge: "br-vlan" + container_type: "veth" + container_interface: "eth11" + type: "vlan" + range: "1:1" + net_name: "vlan" + group_binds: +{% if "linuxbridge" == NEUTRON_MECHANISM_DRIVERS[0] %} + - neutron_linuxbridge_agent +{% else %} + - neutron_openvswitch_agent +{% endif %} + - network: + container_bridge: "br-storage" + container_type: "veth" + container_interface: "eth2" + ip_from_q: "storage" + type: "raw" + group_binds: + - glance_api + - cinder_api + - cinder_volume + - nova_compute + +### +### Infrastructure +### + +# galera, memcache, rabbitmq, utility +shared-infra_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# repository (apt cache, python packages, etc) +repo-infra_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# load balancer +# Ideally the load balancer should not use the Infrastructure hosts. +# Dedicated hardware is best for improved performance and security. +haproxy_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# rsyslog server +#log_hosts: + # log1: + # ip: 10.1.0.53 + +### +### OpenStack +### + +# keystone +identity_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# cinder api services +storage-infra_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# glance +# The settings here are repeated for each infra host. +# They could instead be applied as global settings in +# user_variables, but are left here to illustrate that +# each container could have different storage targets. +image_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} + container_vars: + limit_container_types: glance + glance_nfs_client: + - server: "{{ip_settings[groups.compute[0]]['storage']['ip']}}" + remote_path: "/images" + local_path: "/var/lib/glance/images" + type: "nfs" + options: "_netdev,auto" +{% endfor %} + +# nova api, conductor, etc services +compute-infra_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# heat +orchestration_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# horizon +dashboard_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# neutron server, agents (L3, etc) +network_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# ceilometer (telemetry API) +metering-infra_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# aodh (telemetry alarm service) +metering-alarm_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# gnocchi (telemetry metrics storage) +metrics_hosts: +{% for host in groups.controller%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# nova hypervisors +compute_hosts: +{% for host in groups.compute%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# ceilometer compute agent (telemetry) +metering-compute_hosts: +{% for host in groups.compute%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} +{% endfor %} + +# cinder volume hosts (NFS-backed) +# The settings here are repeated for each infra host. +# They could instead be applied as global settings in +# user_variables, but are left here to illustrate that +# each container could have different storage targets. +storage_hosts: +{% for host in groups.compute%} + {{host}}: + ip: {{ hostvars[host]['ansible_ssh_host'] }} + container_vars: + cinder_backends: + limit_container_types: cinder_volume + lvm: + volume_group: cinder-volumes + volume_driver: cinder.volume.drivers.lvm.LVMVolumeDriver + volume_backend_name: LVM_iSCSI + iscsi_ip_address: "{{ip_settings[host]['storage']['ip']}}" +{% endfor %} diff --git a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 new file mode 100644 index 00000000..5157f758 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 @@ -0,0 +1,48 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# ## +# ## This file contains commonly used overrides for convenience. Please inspect +# ## the defaults for each role to find additional override options. +# ## + +# # Debug and Verbose options. +debug: false + +openstack_service_publicuri_proto: http +haproxy_keepalived_external_vip_cidr: "{{ public_vip.ip }}/32" +haproxy_keepalived_internal_vip_cidr: "10.1.0.22/32" +haproxy_keepalived_external_interface: br-vlan +haproxy_keepalived_internal_interface: br-mgmt +keepalived_ping_address: "{{ ntp_server }}" + +{% if "openvswitch" == NEUTRON_MECHANISM_DRIVERS[0] or + "opendaylight" == NEUTRON_MECHANISM_DRIVERS[0] +%} +openstack_host_specific_kernel_modules: + - name: "openvswitch" + pattern: "CONFIG_OPENVSWITCH=" + group: "network_hosts" + +neutron_plugin_type: ml2.ovs + +neutron_ml2_drivers_type: "local,flat,vlan,vxlan" + +neutron_provider_networks: + network_flat_networks: "*" + network_types: "vxlan" + network_vxlan_ranges: "1:1000" + network_mappings: "physnet:br-provider" +{% endif %} -- cgit 1.2.3-korg