summaryrefslogtreecommitdiffstats
path: root/xci/installer/osa/playbooks
diff options
context:
space:
mode:
Diffstat (limited to 'xci/installer/osa/playbooks')
-rw-r--r--xci/installer/osa/playbooks/bootstrap-scenarios.yml23
-rw-r--r--xci/installer/osa/playbooks/configure-localhost.yml75
-rw-r--r--xci/installer/osa/playbooks/configure-opnfvhost.yml185
-rw-r--r--xci/installer/osa/playbooks/configure-targethosts.yml49
-rw-r--r--xci/installer/osa/playbooks/inventory10
5 files changed, 342 insertions, 0 deletions
diff --git a/xci/installer/osa/playbooks/bootstrap-scenarios.yml b/xci/installer/osa/playbooks/bootstrap-scenarios.yml
new file mode 100644
index 00000000..98acf73b
--- /dev/null
+++ b/xci/installer/osa/playbooks/bootstrap-scenarios.yml
@@ -0,0 +1,23 @@
+---
+#
+# This file is aimed to be used by scenarios to plug into the XCI.
+# Ideally, all they need to do at this point is to include their
+# role using a statement like the following one
+#
+# - name: Include foobar role
+# include_role:
+# name: "foobar"
+# when: DEPLOY_SCENARIO == "foobar"
+
+- name: Prepare everything to run the os-nosdn-nofeature scenario
+ include_role:
+ name: "os-nosdn-nofeature"
+ when: DEPLOY_SCENARIO == 'os-nosdn-nofeature'
+- name: Prepare everything to run the os-odl-nofeature scenario
+ include_role:
+ name: "os-odl-nofeature"
+ when: DEPLOY_SCENARIO == 'os-odl-nofeature'
+- name: Prepare everything to run the os-odl-sfc scenario
+ include_role:
+ name: "os-odl-sfc"
+ when: DEPLOY_SCENARIO == 'os-odl-sfc'
diff --git a/xci/installer/osa/playbooks/configure-localhost.yml b/xci/installer/osa/playbooks/configure-localhost.yml
new file mode 100644
index 00000000..caa5d673
--- /dev/null
+++ b/xci/installer/osa/playbooks/configure-localhost.yml
@@ -0,0 +1,75 @@
+---
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2017 Ericsson AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- hosts: localhost
+ connection: local
+
+ pre_tasks:
+ - name: Load distribution variables
+ include_vars:
+ file: "{{ item }}"
+ failed_when: false
+ with_items:
+ - "{{ XCI_PATH }}/xci/var/opnfv.yml"
+ - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml"
+
+ - name: cleanup leftovers of previous deployment
+ file:
+ path: "{{ item }}"
+ state: absent
+ recurse: no
+ with_items:
+ - "{{ XCI_CACHE }}/repos"
+ - "{{ LOG_PATH }} "
+ - "{{ OPNFV_SSH_HOST_KEYS_PATH }}"
+
+ roles:
+ - role: clone-repository
+ project: "openstack/openstack-ansible-openstack_openrc"
+ repo: "{{ OPENSTACK_OSA_OPENRC_GIT_URL }}"
+ dest: roles/openstack-ansible-openstack_openrc
+ version: "master"
+ - role: clone-repository
+ project: "openstack/openstack-ansible"
+ repo: "{{ OPENSTACK_OSA_GIT_URL }}"
+ dest: "{{ XCI_CACHE }}/repos/openstack-ansible"
+ version: "{{ OPENSTACK_OSA_VERSION }}"
+
+ tasks:
+ - name: create log directory {{LOG_PATH}}
+ file:
+ path: "{{LOG_PATH}}"
+ state: directory
+ recurse: no
+ - name: check if certificate directory /etc/ssl/certs exists already
+ stat: path=/etc/ssl/certs
+ register: check_etc_ssl_certs
+ - name: create certificate directory /etc/ssl/certs
+ become: true
+ file:
+ path: "/etc/ssl/certs"
+ state: directory
+ when: check_etc_ssl_certs.stat.exists == false
+ - name: create key directory /etc/ssl/private
+ become: true
+ file:
+ path: "/etc/ssl/private"
+ state: directory
+ - name: generate self signed certificate
+ command: openssl req -new -nodes -x509 -subj "{{ XCI_SSL_SUBJECT }}" -days 3650 -keyout "/etc/ssl/private/xci.key" -out "/etc/ssl/certs/xci.crt" -extensions v3_ca
+ become: true
+ - name: Synchronize local development OSA repository to XCI paths
+ # command module is much faster than the copy module
+ synchronize:
+ src: "{{ OPENSTACK_OSA_DEV_PATH }}"
+ dest: "{{ XCI_CACHE }}/repos/openstack-ansible"
+ recursive: yes
+ delete: yes
+ when:
+ - OPENSTACK_OSA_DEV_PATH != ""
diff --git a/xci/installer/osa/playbooks/configure-opnfvhost.yml b/xci/installer/osa/playbooks/configure-opnfvhost.yml
new file mode 100644
index 00000000..de922d3c
--- /dev/null
+++ b/xci/installer/osa/playbooks/configure-opnfvhost.yml
@@ -0,0 +1,185 @@
+---
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2017 Ericsson AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- hosts: opnfv
+ remote_user: root
+ vars_files:
+ - "{{ XCI_PATH }}/xci/var/opnfv.yml"
+
+ pre_tasks:
+ - name: Load distribution variables
+ include_vars:
+ file: "{{ item }}"
+ with_items:
+ - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml"
+ - "{{ XCI_FLAVOR_ANSIBLE_FILE_PATH }}/flavor-vars.yml"
+ - name: Set facts for remote deployment
+ set_fact:
+ remote_xci_path: "{{ ansible_env.HOME }}/releng-xci"
+ remote_xci_flavor_files: "{{ ansible_env.HOME }}/releng-xci/xci/installer/{{XCI_INSTALLER}}/files/{{ XCI_FLAVOR }}"
+ remote_xci_playbooks: "{{ ansible_env.HOME }}/releng-xci/xci/playbooks"
+
+ roles:
+ - role: configure-network
+ when: XCI_FLAVOR != "aio"
+
+ tasks:
+ - name: generate SSH keys
+ shell: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N ""
+ args:
+ creates: "{{ ansible_env.HOME }}/.ssh/id_rsa"
+ - name: fetch public key
+ fetch:
+ src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub"
+ dest: "{{ XCI_PATH }}/xci/files/authorized_keys"
+ flat: yes
+ - name: Copy releng-xci to remote host
+ synchronize:
+ src: "{{ XCI_PATH }}/"
+ dest: "{{ remote_xci_path }}"
+ recursive: yes
+ delete: yes
+ - name: copy flavor inventory
+ shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/inventory {{ remote_xci_playbooks }}"
+ - name: copy openstack_deploy
+ shell: "/bin/cp -rf {{OPENSTACK_OSA_PATH}}/etc/openstack_deploy {{OPENSTACK_OSA_ETC_PATH}}"
+ - name: copy openstack_user_config.yml
+ shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/openstack_user_config.yml {{OPENSTACK_OSA_ETC_PATH}}"
+ failed_when: false
+ - name: copy all user override files
+ shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_variables.yml {{OPENSTACK_OSA_ETC_PATH}}"
+ failed_when: false
+ - name: copy cinder.yml
+ shell: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/cinder.yml {{OPENSTACK_OSA_ETC_PATH}}/env.d"
+ - name: Configure AIO tempest
+ lineinfile:
+ path: "{{ OPENSTACK_OSA_ETC_PATH }}/user_variables.yml"
+ line: "{{ item }}: {{ RUN_TEMPEST | bool }}"
+ state: present
+ with_items:
+ - "tempest_install"
+ - "tempest_run"
+ - block:
+ - name: copy ceph.yml
+ shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/ceph.yml {{OPENSTACK_OSA_ETC_PATH}}/conf.d/"
+ - name: copy user_ceph.yml
+ shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_ceph.yml {{OPENSTACK_OSA_ETC_PATH}}/user_ceph.yml"
+ - name: copy user_variables_ceph.yml
+ shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_variables_ceph.yml {{OPENSTACK_OSA_ETC_PATH}}/user_variables_ceph.yml"
+ when: XCI_CEPH_ENABLED == "true"
+ # TODO: We need to get rid of this as soon as the issue is fixed upstream
+ - name: change the haproxy state from disable to enable
+ replace:
+ dest: "{{OPENSTACK_OSA_PATH}}/playbooks/os-keystone-install.yml"
+ regexp: '(\s+)haproxy_state: disabled'
+ replace: '\1haproxy_state: enabled'
+ - name: copy OPNFV OpenStack playbook
+ shell: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/setup-openstack.yml {{OPENSTACK_OSA_PATH}}/playbooks"
+ - name: copy pinned versions of OSA Roles and global requirements
+ shell: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/{{ item }} {{OPENSTACK_OSA_PATH}}/{{ item }}"
+ with_items:
+ - "ansible-role-requirements.yml"
+ - "global-requirement-pins.txt"
+ when:
+ - OPENSTACK_OSA_VERSION != "master"
+ - name: copy pinned versions of OpenStack services
+ shell: "/bin/cp -rf {{ remote_xci_path }}/xci/installer/osa/files/openstack_services.yml {{OPENSTACK_OSA_PATH}}/playbooks/defaults/repo_packages/openstack_services.yml"
+ when:
+ - OPENSTACK_OSA_VERSION != "master"
+ - include: bootstrap-scenarios.yml
+ - name: bootstrap ansible on opnfv host
+ command: "/bin/bash ./scripts/bootstrap-ansible.sh"
+ args:
+ chdir: "{{OPENSTACK_OSA_PATH}}"
+ - name: install python Crypto module
+ package:
+ name: "{{ python_crypto_package_name }}"
+ - name: install PyYAML
+ pip:
+ name: pyyaml
+ state: present
+ - name: generate password token
+ command: "python pw-token-gen.py --file {{OPENSTACK_OSA_ETC_PATH}}/user_secrets.yml"
+ args:
+ chdir: "{{OPENSTACK_OSA_PATH}}/scripts"
+ - name: check if certificate directory /etc/ssl/certs exists already
+ stat: path=/etc/ssl/certs
+ register: check_etc_ssl_certs
+ - name: create certificate directory /etc/ssl/certs
+ file:
+ path: "/etc/ssl/certs"
+ state: directory
+ when: check_etc_ssl_certs.stat.exists == false
+ - name: create key directory /etc/ssl/private
+ file:
+ path: "/etc/ssl/private"
+ state: directory
+ - name: copy certificate to /etc/ssl/certs
+ copy:
+ src: "/etc/ssl/certs/xci.crt"
+ dest: "/etc/ssl/certs/"
+ - name: read remote key from /etc/ssl/private
+ set_fact:
+ xci_ssl_key: "{{ lookup('pipe', 'sudo cat /etc/ssl/private/xci.key' ) }}"
+ - name: copy key to /etc/ssl/private
+ copy:
+ content: "{{ xci_ssl_key }}"
+ dest: "/etc/ssl/private/xci.key"
+ become: true
+ - name: install opnfv required packages
+ package:
+ name: "{{ opnfv_required_packages }}"
+ state: latest
+ # Docker is needed for functest
+ - name: Ensure Docker service is started and enabled
+ service:
+ name: "{{ docker_service_name }}"
+ state: started
+ enabled: yes
+ - name: install opnfv required pip packages
+ pip:
+ name: "{{ opnfv_required_pip }}"
+ state: present
+
+- hosts: localhost
+ remote_user: root
+
+ tasks:
+ - name: Append public keys to authorized_keys
+ shell: "/bin/cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub >> {{ XCI_PATH }}/xci/files/authorized_keys"
+
+- hosts: opnfv
+ remote_user: root
+ vars_files:
+ - "{{ XCI_PATH }}/xci/var/opnfv.yml"
+
+ pre_tasks:
+ - name: Load distribution variables
+ include_vars:
+ file: "{{ item }}"
+ failed_when: false
+ with_items:
+ - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml"
+ - "{{ XCI_FLAVOR_ANSIBLE_FILE_PATH }}/flavor-vars.yml"
+ - "{{ XCI_FLAVOR_ANSIBLE_FILE_PATH }}/user_variables.yml"
+ roles:
+ - role: "openstack-ansible-openstack_openrc"
+
+ tasks:
+ - name: add extra insecure flag to generated openrc
+ blockinfile:
+ dest: "{{ ansible_env.HOME }}/openrc"
+ block: |
+ export OS_INSECURE=true
+
+ - name: fetch generated openrc
+ fetch:
+ src: "{{ ansible_env.HOME }}/openrc"
+ dest: "{{ XCI_PATH }}/.cache/openrc"
+ flat: true
diff --git a/xci/installer/osa/playbooks/configure-targethosts.yml b/xci/installer/osa/playbooks/configure-targethosts.yml
new file mode 100644
index 00000000..fb43a920
--- /dev/null
+++ b/xci/installer/osa/playbooks/configure-targethosts.yml
@@ -0,0 +1,49 @@
+---
+- hosts: all
+ remote_user: root
+ tasks:
+ - name: add public key to host
+ copy:
+ src: "{{ XCI_PATH }}/xci/files/authorized_keys"
+ dest: /root/.ssh/authorized_keys
+
+- hosts: controller
+ remote_user: root
+ vars_files:
+ - "{{ XCI_PATH }}/xci/var/opnfv.yml"
+
+ pre_tasks:
+ - name: Load distribution variables
+ include_vars:
+ file: "{{ item }}"
+ with_items:
+ - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml"
+ - "{{ XCI_FLAVOR_ANSIBLE_FILE_PATH }}/flavor-vars.yml"
+ roles:
+ - role: configure-network
+ # we need to force sync time with ntp or the nodes will be out of sync timewise
+ - role: synchronize-time
+
+- hosts: compute
+ remote_user: root
+ vars_files:
+ - "{{ XCI_PATH }}/xci/var/opnfv.yml"
+
+ pre_tasks:
+ - name: Load distribution variables
+ include_vars:
+ file: "{{ item }}"
+ with_items:
+ - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml"
+ - "{{ XCI_FLAVOR_ANSIBLE_FILE_PATH }}/flavor-vars.yml"
+ roles:
+ - role: configure-network
+ # we need to force sync time with ntp or the nodes will be out of sync timewise
+ - role: synchronize-time
+ - role: configure-ceph
+ when: XCI_CEPH_ENABLED == "true"
+
+- hosts: compute00
+ remote_user: root
+ roles:
+ - role: configure-nfs
diff --git a/xci/installer/osa/playbooks/inventory b/xci/installer/osa/playbooks/inventory
new file mode 100644
index 00000000..fd9af901
--- /dev/null
+++ b/xci/installer/osa/playbooks/inventory
@@ -0,0 +1,10 @@
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2017 Ericsson AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+[opnfv]
+opnfv ansible_ssh_host=192.168.122.2