From 3fa627b6048c4aa17b4cf3d641a4ea60465c7cef Mon Sep 17 00:00:00 2001 From: Yifei Xue Date: Thu, 7 Dec 2017 17:08:26 +0800 Subject: Add CentOS 7.4 support for OpenStack Pike JIRA: COMPASS-565 After this patch merged, compass can deploy OpenStack Pike on CentOS 7.4. Due to some upstream bugs, we add some fixes in this patch, e.g. add libvirt to os-cinder, remove a useless repo after installing Change-Id: Ibc1e6f1ed103daf2d70a8ae1d7c04f77d1545c41 Signed-off-by: Yifei Xue --- .../ansible/roles/config-osa/tasks/fix_rescue.yml | 43 +++++++++++++ .../ansible/roles/config-osa/tasks/main.yml | 18 ++++++ .../config-osa/templates/user_variables.yml.j2 | 2 +- .../ansible/roles/post-osa/tasks/RedHat.yml | 6 ++ .../ansible/roles/setup-host/tasks/Ubuntu.yml | 51 +++++++++++++++ .../ansible/roles/setup-host/tasks/main.yml | 75 ++++++++++++++++++---- 6 files changed, 180 insertions(+), 15 deletions(-) create mode 100644 deploy/adapters/ansible/roles/config-osa/tasks/fix_rescue.yml create mode 100644 deploy/adapters/ansible/roles/setup-host/tasks/Ubuntu.yml (limited to 'deploy') diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/fix_rescue.yml b/deploy/adapters/ansible/roles/config-osa/tasks/fix_rescue.yml new file mode 100644 index 00000000..eea06b48 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/tasks/fix_rescue.yml @@ -0,0 +1,43 @@ +--- + +- name: fix rescue problem for openstack-hosts-setup + blockinfile: + dest: "/opt/openstack-ansible/playbooks/openstack-hosts-setup.yml" + block: | + - hosts: localhost + user: root + tasks: + - name: Mark openstack-hosts-setup completed + shell: echo "Setup openstack-hosts-setup completed!" + +- name: delete max_fail_percentage for openstack-hosts-setup + lineinfile: + dest: "/opt/openstack-ansible/playbooks/openstack-hosts-setup.yml" + regexp: "max_fail_percentage*" + state: absent + +- name: fix rescue problem for security-hardening + blockinfile: + dest: "/opt/openstack-ansible/playbooks/security-hardening.yml" + block: | + - hosts: localhost + user: root + tasks: + - name: Mark security-hardening completed + shell: echo "Setup security-hardening completed!" + +- name: fix rescue problem for lxc-hosts-setup + blockinfile: + dest: "/opt/openstack-ansible/playbooks/lxc-hosts-setup.yml" + block: | + - hosts: localhost + user: root + tasks: + - name: Mark lxc-hosts-setup completed + shell: echo "Setup lxc-hosts-setup completed!" + +- name: delete max_fail_percentage for lxc-hosts-setup + lineinfile: + dest: "/opt/openstack-ansible/playbooks/lxc-hosts-setup.yml" + regexp: "max_fail_percentage*" + state: absent diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml index cdf11421..046b25e5 100755 --- a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml +++ b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml @@ -47,6 +47,22 @@ - offline_deployment is defined and offline_deployment == "Disable" - hostvars[hostvars[inventory_hostname]['groups']['controller'][0]]['local_mirror'] == 'Ubuntu' +- name: add libvirt into cinder packages + lineinfile: + dest: /etc/ansible/roles/os_cinder/vars/redhat-7.yml + insertafter: '^ - qemu-img-ev' + line: ' - libvirt' + +- name: remove CentOS-Base.repo after ceph-osd + blockinfile: + dest: /etc/ansible/roles/ceph-osd/tasks/start_osds.yml + block: | + - name: remove empty yum base repo + shell: | + mv /etc/yum.repos.d/CentOS-Base.repo \ + /etc/yum.repos.d/CentOS-Base.repo.bak; + when: hostvars[hostvars[inventory_hostname]['groups']['controller'][0]]['local_mirror'] == 'CentOS' + - name: add mariadb local repository blockinfile: dest: /etc/openstack_deploy/user_variables.yml @@ -284,3 +300,5 @@ dest: /etc/ansible/roles/os_keystone/defaults/main.yml regexp: '^ - python-ldap' line: ' - python-ldap==2.5.2' + +- include: fix_rescue.yml diff --git a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 index a6e69683..88a3233b 100644 --- a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 +++ b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 @@ -62,4 +62,4 @@ neutron_provider_networks: network_mappings: "{{ ','.join(controller_mappings) }}" {% endif %} -security_sshd_permit_root_login: no +security_sshd_permit_root_login: yes diff --git a/deploy/adapters/ansible/roles/post-osa/tasks/RedHat.yml b/deploy/adapters/ansible/roles/post-osa/tasks/RedHat.yml index ecfd0680..287fd515 100644 --- a/deploy/adapters/ansible/roles/post-osa/tasks/RedHat.yml +++ b/deploy/adapters/ansible/roles/post-osa/tasks/RedHat.yml @@ -14,6 +14,12 @@ dest: /etc/sysconfig/network-scripts/ifcfg-eth0 line: "IPADDR={{ ip_settings[inventory_hostname][\"mgmt\"][\"ip\"] }}" +- name: remove br-mgmt in ifcfg-eth0 + lineinfile: + dest: /etc/sysconfig/network-scripts/ifcfg-eth0 + regexp: "^BRIDGE=br-mgmt" + state: absent + - name: add eth0 netmask lineinfile: dest: /etc/sysconfig/network-scripts/ifcfg-eth0 diff --git a/deploy/adapters/ansible/roles/setup-host/tasks/Ubuntu.yml b/deploy/adapters/ansible/roles/setup-host/tasks/Ubuntu.yml new file mode 100644 index 00000000..00675d9c --- /dev/null +++ b/deploy/adapters/ansible/roles/setup-host/tasks/Ubuntu.yml @@ -0,0 +1,51 @@ +# ############################################################################# +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +# ############################################################################# +--- +- name: setup hosts + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \ + export ANSIBLE_SCP_IF_SSH=y; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible setup-hosts.yml \ + | tee -a /var/log/osa/host.log > /dev/null" + +- name: read the ansible log file + shell: cat /var/log/osa/host.log | tail -n 500 | grep failed=1 |awk '{print $1}' + register: failed_container + +- name: destroy the failed_container + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \ + export ANSIBLE_SCP_IF_SSH=y; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible lxc-containers-destroy.yml \ + -e container_name={{item}} -e force_containers_destroy=yes \ + -e force_containers_data_destroy=yes > /dev/null;" + with_items: + - "{{ failed_container.stdout_lines }}" + ignore_errors: "True" + +- name: retry to setup failed_container + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \ + export ANSIBLE_SCP_IF_SSH=y; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible setup-hosts.yml --limit {{item}} \ + | tee -a /var/log/osa/retry-host.log > /dev/null" + with_items: + - "{{ failed_container.stdout_lines }}" + +- name: read the ansible log file + shell: cat /var/log/osa/retry-host.log | tail -n 500 + register: setup_host_result + +- fail: + msg: "there are some task failed when setup host." + when: setup_host_result.stdout.find('failed=1') != -1 + +- fail: + msg: "some host are unreachable." + when: setup_host_result.stdout.find('unreachable=1') != -1 diff --git a/deploy/adapters/ansible/roles/setup-host/tasks/main.yml b/deploy/adapters/ansible/roles/setup-host/tasks/main.yml index cc943830..4eba3d00 100644 --- a/deploy/adapters/ansible/roles/setup-host/tasks/main.yml +++ b/deploy/adapters/ansible/roles/setup-host/tasks/main.yml @@ -1,21 +1,68 @@ # ############################################################################# -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others. # # All rights reserved. This program and the accompanying materials # are made available under the terms of the Apache License, Version 2.0 # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 # ############################################################################# + --- -- name: setup hosts + +- name: openstack-hosts-setup shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \ export ANSIBLE_SCP_IF_SSH=y; \ cd /opt/openstack-ansible/playbooks; \ - openstack-ansible setup-hosts.yml \ - | tee -a /var/log/osa/host.log > /dev/null" + openstack-ansible openstack-hosts-setup.yml \ + | tee -a /var/log/osa/openstack-hosts-setup.log > /dev/null" -- name: read the ansible log file - shell: cat /var/log/osa/host.log | tail -n 500 | grep failed=1 |awk '{print $1}' +- name: read openstack-hosts-setup.log + shell: cat /var/log/osa/openstack-hosts-setup.log | tail -n 1000 + register: openstack_hosts_setup_result + +- fail: + msg: "there are some task failed when run openstack-hosts-setup." + when: openstack_hosts_setup_result.stdout.find('Mark openstack-hosts-setup completed') == -1 + +- name: security-hardening + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \ + export ANSIBLE_SCP_IF_SSH=y; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible security-hardening.yml \ + | tee -a /var/log/osa/security-hardening.log > /dev/null" + +- name: read security-hardening.log + shell: cat /var/log/osa/security-hardening.log | tail -n 1000 + register: security_hardening_result + +- fail: + msg: "there are some task failed when run security-hardening." + when: security_hardening_result.stdout.find('Mark security-hardening completed') == -1 + +- name: lxc-hosts-setup + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \ + export ANSIBLE_SCP_IF_SSH=y; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible lxc-hosts-setup.yml \ + | tee -a /var/log/osa/lxc-hosts-setup.log > /dev/null" + +- name: read lxc-hosts-setup.log + shell: cat /var/log/osa/lxc-hosts-setup.log | tail -n 1000 + register: lxc_hosts_setup_result + +- fail: + msg: "there are some task failed when run lxc-hosts-setup." + when: lxc_hosts_setup_result.stdout.find('Mark lxc-hosts-setup completed') == -1 + +- name: lxc-containers-create + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \ + export ANSIBLE_SCP_IF_SSH=y; \ + cd /opt/openstack-ansible/playbooks; \ + openstack-ansible lxc-containers-create.yml \ + | tee -a /var/log/osa/lxc-containers-create.log > /dev/null" + +- name: read lxc-containers-create.log + shell: cat /var/log/osa/lxc-containers-create.log | tail -n 500 | grep failed=1 |awk '{print $1}' register: failed_container - name: destroy the failed_container @@ -33,19 +80,19 @@ shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \ export ANSIBLE_SCP_IF_SSH=y; \ cd /opt/openstack-ansible/playbooks; \ - openstack-ansible setup-hosts.yml --limit {{item}} \ - | tee -a /var/log/osa/retry-host.log > /dev/null" + openstack-ansible lxc-containers-create.yml --limit {{item}} \ + | tee -a /var/log/osa/retry-container.log > /dev/null" with_items: - "{{ failed_container.stdout_lines }}" - name: read the ansible log file - shell: cat /var/log/osa/retry-host.log | tail -n 500 - register: setup_host_result + shell: cat /var/log/osa/retry-container.log | tail -n 500 + register: retry_container_result - fail: - msg: "there are some task failed when setup host." - when: setup_host_result.stdout.find('failed=1') != -1 + msg: "there are some tasks failed when create containers." + when: retry_container_result.stdout.find('failed=1') != -1 - fail: - msg: "some host are unreachable." - when: setup_host_result.stdout.find('unreachable=1') != -1 + msg: "some containers are unreachable." + when: retry_container_result.stdout.find('unreachable=1') != -1 -- cgit 1.2.3-korg