diff options
Diffstat (limited to 'xci/installer/osa/playbooks')
-rw-r--r-- | xci/installer/osa/playbooks/bootstrap-scenarios.yml | 23 | ||||
-rw-r--r-- | xci/installer/osa/playbooks/configure-localhost.yml | 75 | ||||
-rw-r--r-- | xci/installer/osa/playbooks/configure-opnfvhost.yml | 185 | ||||
-rw-r--r-- | xci/installer/osa/playbooks/configure-targethosts.yml | 49 | ||||
-rw-r--r-- | xci/installer/osa/playbooks/inventory | 10 |
5 files changed, 342 insertions, 0 deletions
diff --git a/xci/installer/osa/playbooks/bootstrap-scenarios.yml b/xci/installer/osa/playbooks/bootstrap-scenarios.yml new file mode 100644 index 00000000..98acf73b --- /dev/null +++ b/xci/installer/osa/playbooks/bootstrap-scenarios.yml @@ -0,0 +1,23 @@ +--- +# +# This file is aimed to be used by scenarios to plug into the XCI. +# Ideally, all they need to do at this point is to include their +# role using a statement like the following one +# +# - name: Include foobar role +# include_role: +# name: "foobar" +# when: DEPLOY_SCENARIO == "foobar" + +- name: Prepare everything to run the os-nosdn-nofeature scenario + include_role: + name: "os-nosdn-nofeature" + when: DEPLOY_SCENARIO == 'os-nosdn-nofeature' +- name: Prepare everything to run the os-odl-nofeature scenario + include_role: + name: "os-odl-nofeature" + when: DEPLOY_SCENARIO == 'os-odl-nofeature' +- name: Prepare everything to run the os-odl-sfc scenario + include_role: + name: "os-odl-sfc" + when: DEPLOY_SCENARIO == 'os-odl-sfc' diff --git a/xci/installer/osa/playbooks/configure-localhost.yml b/xci/installer/osa/playbooks/configure-localhost.yml new file mode 100644 index 00000000..caa5d673 --- /dev/null +++ b/xci/installer/osa/playbooks/configure-localhost.yml @@ -0,0 +1,75 @@ +--- +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2017 Ericsson AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +- hosts: localhost + connection: local + + pre_tasks: + - name: Load distribution variables + include_vars: + file: "{{ item }}" + failed_when: false + with_items: + - "{{ XCI_PATH }}/xci/var/opnfv.yml" + - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml" + + - name: cleanup leftovers of previous deployment + file: + path: "{{ item }}" + state: absent + recurse: no + with_items: + - "{{ XCI_CACHE }}/repos" + - "{{ LOG_PATH }} " + - "{{ OPNFV_SSH_HOST_KEYS_PATH }}" + + roles: + - role: clone-repository + project: "openstack/openstack-ansible-openstack_openrc" + repo: "{{ OPENSTACK_OSA_OPENRC_GIT_URL }}" + dest: roles/openstack-ansible-openstack_openrc + version: "master" + - role: clone-repository + project: "openstack/openstack-ansible" + repo: "{{ OPENSTACK_OSA_GIT_URL }}" + dest: "{{ XCI_CACHE }}/repos/openstack-ansible" + version: "{{ OPENSTACK_OSA_VERSION }}" + + tasks: + - name: create log directory {{LOG_PATH}} + file: + path: "{{LOG_PATH}}" + state: directory + recurse: no + - name: check if certificate directory /etc/ssl/certs exists already + stat: path=/etc/ssl/certs + register: check_etc_ssl_certs + - name: create certificate directory /etc/ssl/certs + become: true + file: + path: "/etc/ssl/certs" + state: directory + when: check_etc_ssl_certs.stat.exists == false + - name: create key directory /etc/ssl/private + become: true + file: + path: "/etc/ssl/private" + state: directory + - name: generate self signed certificate + command: openssl req -new -nodes -x509 -subj "{{ XCI_SSL_SUBJECT }}" -days 3650 -keyout "/etc/ssl/private/xci.key" -out "/etc/ssl/certs/xci.crt" -extensions v3_ca + become: true + - name: Synchronize local development OSA repository to XCI paths + # command module is much faster than the copy module + synchronize: + src: "{{ OPENSTACK_OSA_DEV_PATH }}" + dest: "{{ XCI_CACHE }}/repos/openstack-ansible" + recursive: yes + delete: yes + when: + - OPENSTACK_OSA_DEV_PATH != "" diff --git a/xci/installer/osa/playbooks/configure-opnfvhost.yml b/xci/installer/osa/playbooks/configure-opnfvhost.yml new file mode 100644 index 00000000..de922d3c --- /dev/null +++ b/xci/installer/osa/playbooks/configure-opnfvhost.yml @@ -0,0 +1,185 @@ +--- +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2017 Ericsson AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +- hosts: opnfv + remote_user: root + vars_files: + - "{{ XCI_PATH }}/xci/var/opnfv.yml" + + pre_tasks: + - name: Load distribution variables + include_vars: + file: "{{ item }}" + with_items: + - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml" + - "{{ XCI_FLAVOR_ANSIBLE_FILE_PATH }}/flavor-vars.yml" + - name: Set facts for remote deployment + set_fact: + remote_xci_path: "{{ ansible_env.HOME }}/releng-xci" + remote_xci_flavor_files: "{{ ansible_env.HOME }}/releng-xci/xci/installer/{{XCI_INSTALLER}}/files/{{ XCI_FLAVOR }}" + remote_xci_playbooks: "{{ ansible_env.HOME }}/releng-xci/xci/playbooks" + + roles: + - role: configure-network + when: XCI_FLAVOR != "aio" + + tasks: + - name: generate SSH keys + shell: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N "" + args: + creates: "{{ ansible_env.HOME }}/.ssh/id_rsa" + - name: fetch public key + fetch: + src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub" + dest: "{{ XCI_PATH }}/xci/files/authorized_keys" + flat: yes + - name: Copy releng-xci to remote host + synchronize: + src: "{{ XCI_PATH }}/" + dest: "{{ remote_xci_path }}" + recursive: yes + delete: yes + - name: copy flavor inventory + shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/inventory {{ remote_xci_playbooks }}" + - name: copy openstack_deploy + shell: "/bin/cp -rf {{OPENSTACK_OSA_PATH}}/etc/openstack_deploy {{OPENSTACK_OSA_ETC_PATH}}" + - name: copy openstack_user_config.yml + shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/openstack_user_config.yml {{OPENSTACK_OSA_ETC_PATH}}" + failed_when: false + - name: copy all user override files + shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_variables.yml {{OPENSTACK_OSA_ETC_PATH}}" + failed_when: false + - name: copy cinder.yml + shell: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/cinder.yml {{OPENSTACK_OSA_ETC_PATH}}/env.d" + - name: Configure AIO tempest + lineinfile: + path: "{{ OPENSTACK_OSA_ETC_PATH }}/user_variables.yml" + line: "{{ item }}: {{ RUN_TEMPEST | bool }}" + state: present + with_items: + - "tempest_install" + - "tempest_run" + - block: + - name: copy ceph.yml + shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/ceph.yml {{OPENSTACK_OSA_ETC_PATH}}/conf.d/" + - name: copy user_ceph.yml + shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_ceph.yml {{OPENSTACK_OSA_ETC_PATH}}/user_ceph.yml" + - name: copy user_variables_ceph.yml + shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_variables_ceph.yml {{OPENSTACK_OSA_ETC_PATH}}/user_variables_ceph.yml" + when: XCI_CEPH_ENABLED == "true" + # TODO: We need to get rid of this as soon as the issue is fixed upstream + - name: change the haproxy state from disable to enable + replace: + dest: "{{OPENSTACK_OSA_PATH}}/playbooks/os-keystone-install.yml" + regexp: '(\s+)haproxy_state: disabled' + replace: '\1haproxy_state: enabled' + - name: copy OPNFV OpenStack playbook + shell: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/setup-openstack.yml {{OPENSTACK_OSA_PATH}}/playbooks" + - name: copy pinned versions of OSA Roles and global requirements + shell: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/{{ item }} {{OPENSTACK_OSA_PATH}}/{{ item }}" + with_items: + - "ansible-role-requirements.yml" + - "global-requirement-pins.txt" + when: + - OPENSTACK_OSA_VERSION != "master" + - name: copy pinned versions of OpenStack services + shell: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/openstack_services.yml {{OPENSTACK_OSA_PATH}}/playbooks/defaults/repo_packages/openstack_services.yml" + when: + - OPENSTACK_OSA_VERSION != "master" + - include: bootstrap-scenarios.yml + - name: bootstrap ansible on opnfv host + command: "/bin/bash ./scripts/bootstrap-ansible.sh" + args: + chdir: "{{OPENSTACK_OSA_PATH}}" + - name: install python Crypto module + package: + name: "{{ python_crypto_package_name }}" + - name: install PyYAML + pip: + name: pyyaml + state: present + - name: generate password token + command: "python pw-token-gen.py --file {{OPENSTACK_OSA_ETC_PATH}}/user_secrets.yml" + args: + chdir: "{{OPENSTACK_OSA_PATH}}/scripts" + - name: check if certificate directory /etc/ssl/certs exists already + stat: path=/etc/ssl/certs + register: check_etc_ssl_certs + - name: create certificate directory /etc/ssl/certs + file: + path: "/etc/ssl/certs" + state: directory + when: check_etc_ssl_certs.stat.exists == false + - name: create key directory /etc/ssl/private + file: + path: "/etc/ssl/private" + state: directory + - name: copy certificate to /etc/ssl/certs + copy: + src: "/etc/ssl/certs/xci.crt" + dest: "/etc/ssl/certs/" + - name: read remote key from /etc/ssl/private + set_fact: + xci_ssl_key: "{{ lookup('pipe', 'sudo cat /etc/ssl/private/xci.key' ) }}" + - name: copy key to /etc/ssl/private + copy: + content: "{{ xci_ssl_key }}" + dest: "/etc/ssl/private/xci.key" + become: true + - name: install opnfv required packages + package: + name: "{{ opnfv_required_packages }}" + state: latest + # Docker is needed for functest + - name: Ensure Docker service is started and enabled + service: + name: "{{ docker_service_name }}" + state: started + enabled: yes + - name: install opnfv required pip packages + pip: + name: "{{ opnfv_required_pip }}" + state: present + +- hosts: localhost + remote_user: root + + tasks: + - name: Append public keys to authorized_keys + shell: "/bin/cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub >> {{ XCI_PATH }}/xci/files/authorized_keys" + +- hosts: opnfv + remote_user: root + vars_files: + - "{{ XCI_PATH }}/xci/var/opnfv.yml" + + pre_tasks: + - name: Load distribution variables + include_vars: + file: "{{ item }}" + failed_when: false + with_items: + - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml" + - "{{ XCI_FLAVOR_ANSIBLE_FILE_PATH }}/flavor-vars.yml" + - "{{ XCI_FLAVOR_ANSIBLE_FILE_PATH }}/user_variables.yml" + roles: + - role: "openstack-ansible-openstack_openrc" + + tasks: + - name: add extra insecure flag to generated openrc + blockinfile: + dest: "{{ ansible_env.HOME }}/openrc" + block: | + export OS_INSECURE=true + + - name: fetch generated openrc + fetch: + src: "{{ ansible_env.HOME }}/openrc" + dest: "{{ XCI_PATH }}/.cache/openrc" + flat: true diff --git a/xci/installer/osa/playbooks/configure-targethosts.yml b/xci/installer/osa/playbooks/configure-targethosts.yml new file mode 100644 index 00000000..fb43a920 --- /dev/null +++ b/xci/installer/osa/playbooks/configure-targethosts.yml @@ -0,0 +1,49 @@ +--- +- hosts: all + remote_user: root + tasks: + - name: add public key to host + copy: + src: "{{ XCI_PATH }}/xci/files/authorized_keys" + dest: /root/.ssh/authorized_keys + +- hosts: controller + remote_user: root + vars_files: + - "{{ XCI_PATH }}/xci/var/opnfv.yml" + + pre_tasks: + - name: Load distribution variables + include_vars: + file: "{{ item }}" + with_items: + - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml" + - "{{ XCI_FLAVOR_ANSIBLE_FILE_PATH }}/flavor-vars.yml" + roles: + - role: configure-network + # we need to force sync time with ntp or the nodes will be out of sync timewise + - role: synchronize-time + +- hosts: compute + remote_user: root + vars_files: + - "{{ XCI_PATH }}/xci/var/opnfv.yml" + + pre_tasks: + - name: Load distribution variables + include_vars: + file: "{{ item }}" + with_items: + - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml" + - "{{ XCI_FLAVOR_ANSIBLE_FILE_PATH }}/flavor-vars.yml" + roles: + - role: configure-network + # we need to force sync time with ntp or the nodes will be out of sync timewise + - role: synchronize-time + - role: configure-ceph + when: XCI_CEPH_ENABLED == "true" + +- hosts: compute00 + remote_user: root + roles: + - role: configure-nfs diff --git a/xci/installer/osa/playbooks/inventory b/xci/installer/osa/playbooks/inventory new file mode 100644 index 00000000..fd9af901 --- /dev/null +++ b/xci/installer/osa/playbooks/inventory @@ -0,0 +1,10 @@ +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2017 Ericsson AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +[opnfv] +opnfv ansible_ssh_host=192.168.122.2 |