diff options
Diffstat (limited to 'xci/installer/osa/playbooks/configure-opnfvhost.yml')
| -rw-r--r-- | xci/installer/osa/playbooks/configure-opnfvhost.yml | 280 |
1 files changed, 147 insertions, 133 deletions
diff --git a/xci/installer/osa/playbooks/configure-opnfvhost.yml b/xci/installer/osa/playbooks/configure-opnfvhost.yml index de922d3c..07ad683b 100644 --- a/xci/installer/osa/playbooks/configure-opnfvhost.yml +++ b/xci/installer/osa/playbooks/configure-opnfvhost.yml @@ -10,176 +10,190 @@ - hosts: opnfv remote_user: root vars_files: - - "{{ XCI_PATH }}/xci/var/opnfv.yml" + - "{{ xci_path }}/xci/var/opnfv.yml" + - "{{ xci_path }}/xci/installer/osa/files/openstack_services.yml" + environment: + http_proxy: "{{ lookup('env','http_proxy') }}" + https_proxy: "{{ lookup('env','https_proxy') }}" + no_proxy: "{{ lookup('env','no_proxy') }}" + HTTP_PROXY: "{{ lookup('env','http_proxy') }}" + HTTPS_PROXY: "{{ lookup('env','https_proxy') }}" + NO_PROXY: "{{ lookup('env','no_proxy') }}" pre_tasks: - name: Load distribution variables include_vars: file: "{{ item }}" with_items: - - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml" - - "{{ XCI_FLAVOR_ANSIBLE_FILE_PATH }}/flavor-vars.yml" + - "{{ xci_path }}/xci/var/{{ ansible_os_family }}.yml" - name: Set facts for remote deployment set_fact: remote_xci_path: "{{ ansible_env.HOME }}/releng-xci" - remote_xci_flavor_files: "{{ ansible_env.HOME }}/releng-xci/xci/installer/{{XCI_INSTALLER}}/files/{{ XCI_FLAVOR }}" + remote_xci_flavor_files: "{{ ansible_env.HOME }}/releng-xci/xci/installer/{{installer_type}}/files/{{ xci_flavor }}" remote_xci_playbooks: "{{ ansible_env.HOME }}/releng-xci/xci/playbooks" roles: - - role: configure-network - when: XCI_FLAVOR != "aio" + - role: bootstrap-host + configure_network: xci_flavor != 'aio' + - role: ruzickap.proxy_settings + proxy_settings_http_proxy: "{{ lookup('env','http_proxy') }}" + proxy_settings_https_proxy: "{{ lookup('env','https_proxy') }}" + proxy_settings_ftp_proxy: "{{ lookup('env','ftp_proxy') }}" + proxy_settings_no_proxy: "{{ lookup('env','no_proxy') }}" tasks: - - name: generate SSH keys - shell: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N "" + - name: Create list of files to copy + shell: | + git ls-tree -r --name-only HEAD > {{ xci_cache }}/releng-xci.files + echo ".git/" >> {{ xci_cache }}/releng-xci.files + echo ".cache/repos/" >> {{ xci_cache }}/releng-xci.files + echo ".cache/xci.env" >> {{ xci_cache }}/releng-xci.files args: - creates: "{{ ansible_env.HOME }}/.ssh/id_rsa" - - name: fetch public key - fetch: - src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub" - dest: "{{ XCI_PATH }}/xci/files/authorized_keys" - flat: yes + executable: /bin/bash + chdir: "{{ xci_path }}" + changed_when: False + delegate_to: 127.0.0.1 + tags: + - skip_ansible_lint + - name: Copy releng-xci to remote host synchronize: - src: "{{ XCI_PATH }}/" + archive: yes + src: "{{ xci_path }}/" dest: "{{ remote_xci_path }}" - recursive: yes delete: yes - - name: copy flavor inventory - shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/inventory {{ remote_xci_playbooks }}" - - name: copy openstack_deploy - shell: "/bin/cp -rf {{OPENSTACK_OSA_PATH}}/etc/openstack_deploy {{OPENSTACK_OSA_ETC_PATH}}" - - name: copy openstack_user_config.yml - shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/openstack_user_config.yml {{OPENSTACK_OSA_ETC_PATH}}" - failed_when: false - - name: copy all user override files - shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_variables.yml {{OPENSTACK_OSA_ETC_PATH}}" - failed_when: false - - name: copy cinder.yml - shell: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/cinder.yml {{OPENSTACK_OSA_ETC_PATH}}/env.d" - - name: Configure AIO tempest + rsync_opts: + - "--recursive" + - "--files-from={{ xci_cache }}/releng-xci.files" + + - name: Re-create OpenStack-Ansible /etc directory + file: + path: "{{ openstack_osa_etc_path }}" + state: "{{ item }}" + with_items: + - absent + - directory + + - name: Remove upstream OpenStack-Ansible files + file: + path: "{{ openstack_osa_path }}/playbooks/{{ item }}" + state: absent + with_items: + - inventory + - setup-openstack.yml + + - name: Copy OpenStack-Ansible configuration files + command: "/bin/cp -rf {{ item.src }} {{ item.dest }}" + args: + creates: "{{ item.dest }}/{{ item.src | basename }}" + with_items: + - { src: "{{ openstack_osa_path }}/etc/openstack_deploy/env.d", dest: "{{ openstack_osa_etc_path }}" } + - { src: "{{ openstack_osa_path }}/etc/openstack_deploy/conf.d", dest: "{{ openstack_osa_etc_path }}" } + - { src: "{{ openstack_osa_path }}/etc/openstack_deploy/user_secrets.yml", dest: "{{ openstack_osa_etc_path }}" } + - { src: "{{ remote_xci_flavor_files }}/openstack_user_config.yml", dest: "{{ openstack_osa_etc_path }}" } + - { src: "{{ remote_xci_flavor_files }}/user_variables.yml", dest: "{{ openstack_osa_etc_path }}" } + - { src: "{{ remote_xci_flavor_files }}/ceph.yml", dest: "{{ openstack_osa_etc_path }}/conf.d/", cond: xci_ceph_enabled } + - { src: "{{ remote_xci_flavor_files }}/user_ceph.yml", dest: "{{ openstack_osa_etc_path }}/user_ceph.yml", cond: xci_ceph_enabled } + - { src: "{{ remote_xci_flavor_files }}/user_variables_ceph.yml", dest: "{{ openstack_osa_etc_path }}/user_variables_ceph.yml", cond: xci_ceph_enabled } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/cinder.yml", dest: "{{ openstack_osa_etc_path }}/env.d" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/user_variables_xci.yml", dest: "{{ openstack_osa_etc_path }}/user_variables_xci.yml" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/user_variables_proxy.yml", dest: "{{ openstack_osa_etc_path }}/user_variables_proxy.yml", cond: "{{ lookup('env', 'http_proxy') != '' }}" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/setup-openstack.yml", dest: "{{ openstack_osa_path }}/playbooks" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/ansible-role-requirements.yml", dest: "{{openstack_osa_path}}/ansible-role-requirements.yml", cond: "{{ openstack_osa_version != 'master' }}" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/global-requirement-pins.txt", dest: "{{openstack_osa_path}}/global-requirement-pins.txt", cond: "{{ openstack_osa_version != 'master' }}" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/openstack_services.yml", dest: "{{ openstack_osa_path }}/playbooks/defaults/repo_packages/openstack_services.yml", cond: "{{ openstack_osa_version != 'master' }}" } + when: item.cond is not defined or (item.cond is defined and item.cond | bool) + loop_control: + label: "{{ item.src }}" + + - name: Configure OpenStack-Ansible components lineinfile: - path: "{{ OPENSTACK_OSA_ETC_PATH }}/user_variables.yml" - line: "{{ item }}: {{ RUN_TEMPEST | bool }}" + path: "{{ openstack_osa_etc_path }}/user_variables.yml" + line: "{{ item.component }}: {{ item.value }}" state: present with_items: - - "tempest_install" - - "tempest_run" - - block: - - name: copy ceph.yml - shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/ceph.yml {{OPENSTACK_OSA_ETC_PATH}}/conf.d/" - - name: copy user_ceph.yml - shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_ceph.yml {{OPENSTACK_OSA_ETC_PATH}}/user_ceph.yml" - - name: copy user_variables_ceph.yml - shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_variables_ceph.yml {{OPENSTACK_OSA_ETC_PATH}}/user_variables_ceph.yml" - when: XCI_CEPH_ENABLED == "true" - # TODO: We need to get rid of this as soon as the issue is fixed upstream - - name: change the haproxy state from disable to enable - replace: - dest: "{{OPENSTACK_OSA_PATH}}/playbooks/os-keystone-install.yml" - regexp: '(\s+)haproxy_state: disabled' - replace: '\1haproxy_state: enabled' - - name: copy OPNFV OpenStack playbook - shell: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/setup-openstack.yml {{OPENSTACK_OSA_PATH}}/playbooks" - - name: copy pinned versions of OSA Roles and global requirements - shell: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/{{ item }} {{OPENSTACK_OSA_PATH}}/{{ item }}" - with_items: - - "ansible-role-requirements.yml" - - "global-requirement-pins.txt" - when: - - OPENSTACK_OSA_VERSION != "master" - - name: copy pinned versions of OpenStack services - shell: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/openstack_services.yml {{OPENSTACK_OSA_PATH}}/playbooks/defaults/repo_packages/openstack_services.yml" + - { component: "tempest_install", value: "{{ run_tempest | bool }}" } + - { component: "tempest_run", value: "{{ run_tempest | bool }}" } + - { component: "core_openstack", value: "{{ core_openstack_install | bool }}" } + + - name: "Configure http_proxy_env_url" + lineinfile: + path: "{{openstack_osa_etc_path}}/user_variables_proxy.yml" + regexp: "^http_proxy_env_url:.*" + line: "{{ 'http_proxy_env_url: ' + lookup('env','http_proxy') }}" when: - - OPENSTACK_OSA_VERSION != "master" - - include: bootstrap-scenarios.yml + - lookup('env','http_proxy') != "" + + - name: Reload XCI deployment host facts + setup: + filter: ansible_local + gather_subset: "!all" + delegate_to: 127.0.0.1 + + - name: Prepare everything to run the {{ deploy_scenario }} role + include_role: + name: "{{ hostvars['opnfv'].ansible_local.xci.scenarios.role }}" + - name: bootstrap ansible on opnfv host command: "/bin/bash ./scripts/bootstrap-ansible.sh" args: - chdir: "{{OPENSTACK_OSA_PATH}}" - - name: install python Crypto module - package: - name: "{{ python_crypto_package_name }}" - - name: install PyYAML + creates: "/usr/local/bin/openstack-ansible" + chdir: "{{openstack_osa_path}}" + + - name: install opnfv pip required packages pip: - name: pyyaml + name: "{{ item }}" state: present - - name: generate password token - command: "python pw-token-gen.py --file {{OPENSTACK_OSA_ETC_PATH}}/user_secrets.yml" - args: - chdir: "{{OPENSTACK_OSA_PATH}}/scripts" - - name: check if certificate directory /etc/ssl/certs exists already - stat: path=/etc/ssl/certs - register: check_etc_ssl_certs - - name: create certificate directory /etc/ssl/certs + extra_args: '-c https://raw.githubusercontent.com/openstack/requirements/{{ requirements_git_install_branch }}/upper-constraints.txt' + with_items: + - pyyaml + - python-neutronclient + - python-openstackclient + - name: Install ARA callback plugin in OSA virtualenv + pip: + name: ara + version: 0.16.4 + state: present + extra_args: '-c https://raw.githubusercontent.com/openstack/requirements/{{ requirements_git_install_branch }}/upper-constraints.txt' + executable: '/opt/ansible-runtime/bin/pip' + - name: Determine ARA callback location + command: "/opt/ansible-runtime/bin/python -c 'import os,ara; print(os.path.dirname(ara.__file__))'" + changed_when: False + register: _ara_install_dir + - name: Create local Ansible plugins directory file: - path: "/etc/ssl/certs" + path: "{{ ansible_env.HOME }}/.ansible/plugins/callback/ara" state: directory - when: check_etc_ssl_certs.stat.exists == false - - name: create key directory /etc/ssl/private + - name: Configure ARA callback file: - path: "/etc/ssl/private" - state: directory - - name: copy certificate to /etc/ssl/certs - copy: - src: "/etc/ssl/certs/xci.crt" - dest: "/etc/ssl/certs/" - - name: read remote key from /etc/ssl/private - set_fact: - xci_ssl_key: "{{ lookup('pipe', 'sudo cat /etc/ssl/private/xci.key' ) }}" - - name: copy key to /etc/ssl/private - copy: - content: "{{ xci_ssl_key }}" - dest: "/etc/ssl/private/xci.key" - become: true - - name: install opnfv required packages - package: - name: "{{ opnfv_required_packages }}" - state: latest - # Docker is needed for functest - - name: Ensure Docker service is started and enabled - service: - name: "{{ docker_service_name }}" - state: started - enabled: yes - - name: install opnfv required pip packages - pip: - name: "{{ opnfv_required_pip }}" - state: present - -- hosts: localhost - remote_user: root - - tasks: - - name: Append public keys to authorized_keys - shell: "/bin/cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub >> {{ XCI_PATH }}/xci/files/authorized_keys" + path: "{{ ansible_env.HOME }}/.ansible/plugins/callback/ara/callbacks" + src: "{{ _ara_install_dir.stdout }}/plugins/callbacks" + force: yes + state: link + - name: generate password token + command: "python pw-token-gen.py --file {{openstack_osa_etc_path}}/user_secrets.yml" + args: + chdir: "{{openstack_osa_path}}/scripts" + changed_when: True -- hosts: opnfv - remote_user: root - vars_files: - - "{{ XCI_PATH }}/xci/var/opnfv.yml" + - name: fetch xci environment + copy: + src: "{{ xci_path }}/.cache/xci.env" + dest: /root/xci.env - pre_tasks: - - name: Load distribution variables + - name: Reload OpenStack-Ansible variables include_vars: - file: "{{ item }}" - failed_when: false - with_items: - - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml" - - "{{ XCI_FLAVOR_ANSIBLE_FILE_PATH }}/flavor-vars.yml" - - "{{ XCI_FLAVOR_ANSIBLE_FILE_PATH }}/user_variables.yml" - roles: - - role: "openstack-ansible-openstack_openrc" + file: "{{ xci_flavor_ansible_file_path }}/user_variables.yml" - tasks: - - name: add extra insecure flag to generated openrc - blockinfile: - dest: "{{ ansible_env.HOME }}/openrc" - block: | - export OS_INSECURE=true + - name: Generate openrc + include_role: + name: "openstack-ansible-openstack_openrc" - name: fetch generated openrc fetch: src: "{{ ansible_env.HOME }}/openrc" - dest: "{{ XCI_PATH }}/.cache/openrc" + dest: "{{ xci_path }}/.cache/openrc" flat: true + + - name: Manage SSH keys + include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssh-keys.yml" |