1 files changed, 185 insertions, 0 deletions

diff --git a/xci/nfvi/osa/playbooks/configure-opnfvhost.yml b/xci/nfvi/osa/playbooks/configure-opnfvhost.yml
new file mode 100644
index 00000000..656f18e8
--- /dev/null
+++ b/xci/nfvi/osa/playbooks/configure-opnfvhost.yml
@@ -0,0 +1,185 @@
+---
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2017 Ericsson AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- hosts: opnfv
+  remote_user: root
+  vars_files:
+    - "{{ XCI_PATH }}/xci/var/opnfv.yml"
+
+  pre_tasks:
+    - name: Load distribution variables
+      include_vars:
+        file: "{{ item }}"
+      with_items:
+        - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml"
+        - "{{ XCI_PATH }}/xci/file/{{ XCI_FLAVOR }}/flavor-vars.yml"
+    - name: Set facts for remote deployment
+      set_fact:
+        remote_xci_path: "{{ ansible_env.HOME }}/releng-xci"
+        remote_xci_flavor_files: "{{ ansible_env.HOME }}/releng-xci/xci/file/{{ XCI_FLAVOR }}"
+        remote_xci_playbooks: "{{ ansible_env.HOME }}/releng-xci/xci/playbooks"
+
+  roles:
+    - role: configure-network
+      when: XCI_FLAVOR != "aio"
+
+  tasks:
+    - name: generate SSH keys
+      shell: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N ""
+      args:
+        creates: "{{ ansible_env.HOME }}/.ssh/id_rsa"
+    - name: fetch public key
+      fetch:
+        src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub"
+        dest: "{{ XCI_PATH }}/xci/file/authorized_keys"
+        flat: yes
+    - name: Copy releng-xci to remote host
+      synchronize:
+        src: "{{ XCI_PATH }}/"
+        dest: "{{ remote_xci_path }}"
+        recursive: yes
+        delete: yes
+    - name: copy flavor inventory
+      shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/inventory {{ remote_xci_playbooks }}"
+    - name: copy openstack_deploy
+      shell: "/bin/cp -rf {{OPENSTACK_OSA_PATH}}/etc/openstack_deploy {{OPENSTACK_OSA_ETC_PATH}}"
+    - name: copy openstack_user_config.yml
+      shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/openstack_user_config.yml {{OPENSTACK_OSA_ETC_PATH}}"
+      failed_when: false
+    - name: copy all user override files
+      shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_variables.yml {{OPENSTACK_OSA_ETC_PATH}}"
+      failed_when: false
+    - name: copy cinder.yml
+      shell: "/bin/cp -rf {{ remote_xci_path }}/xci/nfvi/osa/files/cinder.yml {{OPENSTACK_OSA_ETC_PATH}}/env.d"
+    - name: Configure AIO tempest
+      lineinfile:
+        path: "{{ OPENSTACK_OSA_ETC_PATH }}/user_variables.yml"
+        line: "{{ item }}: {{ RUN_TEMPEST | bool }}"
+        state: present
+      with_items:
+        - "tempest_install"
+        - "tempest_run"
+    - block:
+        - name: copy ceph.yml
+          shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/ceph.yml {{OPENSTACK_OSA_ETC_PATH}}/conf.d/"
+        - name: copy user_ceph.yml
+          shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_ceph.yml {{OPENSTACK_OSA_ETC_PATH}}/user_ceph.yml"
+        - name: copy user_variables_ceph.yml
+          shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_variables_ceph.yml {{OPENSTACK_OSA_ETC_PATH}}/user_variables_ceph.yml"
+      when: XCI_CEPH_ENABLED == "true"
+    # TODO: We need to get rid of this as soon as the issue is fixed upstream
+    - name: change the haproxy state from disable to enable
+      replace:
+        dest: "{{OPENSTACK_OSA_PATH}}/playbooks/os-keystone-install.yml"
+        regexp: '(\s+)haproxy_state: disabled'
+        replace: '\1haproxy_state: enabled'
+    - name: copy OPNFV OpenStack playbook
+      shell: "/bin/cp -rf {{ remote_xci_path }}/xci/nfvi/osa/files/setup-openstack.yml {{OPENSTACK_OSA_PATH}}/playbooks"
+    - name: copy pinned versions of OSA Roles and global requirements
+      shell: "/bin/cp -rf {{ remote_xci_path }}/xci/nfvi/osa/files/{{ item }} {{OPENSTACK_OSA_PATH}}/{{ item }}"
+      with_items:
+        - "ansible-role-requirements.yml"
+        - "global-requirement-pins.txt"
+      when:
+        - OPENSTACK_OSA_VERSION != "master"
+    - name: copy pinned versions of OpenStack services
+      shell: "/bin/cp -rf {{ remote_xci_path }}/xci/nfvi/osa/files/openstack_services.yml {{OPENSTACK_OSA_PATH}}/playbooks/defaults/repo_packages/openstack_services.yml"
+      when:
+        - OPENSTACK_OSA_VERSION != "master"
+    - include: bootstrap-scenarios.yml
+    - name: bootstrap ansible on opnfv host
+      command: "/bin/bash ./scripts/bootstrap-ansible.sh"
+      args:
+        chdir: "{{OPENSTACK_OSA_PATH}}"
+    - name: install python Crypto module
+      package:
+        name: "{{ python_crypto_package_name }}"
+    - name: install PyYAML
+      pip:
+        name: pyyaml
+        state: present
+    - name: generate password token
+      command: "python pw-token-gen.py --file {{OPENSTACK_OSA_ETC_PATH}}/user_secrets.yml"
+      args:
+        chdir: "{{OPENSTACK_OSA_PATH}}/scripts"
+    - name: check if certificate directory /etc/ssl/certs exists already
+      stat: path=/etc/ssl/certs
+      register: check_etc_ssl_certs
+    - name: create certificate directory /etc/ssl/certs
+      file:
+        path: "/etc/ssl/certs"
+        state: directory
+      when: check_etc_ssl_certs.stat.exists == false
+    - name: create key directory /etc/ssl/private
+      file:
+        path: "/etc/ssl/private"
+        state: directory
+    - name: copy certificate to /etc/ssl/certs
+      copy:
+        src: "/etc/ssl/certs/xci.crt"
+        dest: "/etc/ssl/certs/"
+    - name: read remote key from /etc/ssl/private
+      set_fact:
+        xci_ssl_key: "{{ lookup('pipe', 'sudo cat /etc/ssl/private/xci.key' ) }}"
+    - name: copy key to /etc/ssl/private
+      copy:
+        content: "{{ xci_ssl_key }}"
+        dest: "/etc/ssl/private/xci.key"
+      become: true
+    - name: install opnfv required packages
+      package:
+        name: "{{ opnfv_required_packages }}"
+        state: latest
+    # Docker is needed for functest
+    - name: Ensure Docker service is started and enabled
+      service:
+        name: "{{ docker_service_name }}"
+        state: started
+        enabled: yes
+    - name: install opnfv required pip packages
+      pip:
+        name: "{{ opnfv_required_pip }}"
+        state: present
+
+- hosts: localhost
+  remote_user: root
+
+  tasks:
+    - name: Append public keys to authorized_keys
+      shell: "/bin/cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub >> {{ XCI_PATH }}/xci/file/authorized_keys"
+
+- hosts: opnfv
+  remote_user: root
+  vars_files:
+    - "{{ XCI_PATH }}/xci/var/opnfv.yml"
+
+  pre_tasks:
+    - name: Load distribution variables
+      include_vars:
+        file: "{{ item }}"
+      failed_when: false
+      with_items:
+        - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml"
+        - "{{ XCI_PATH }}/xci/file/{{ XCI_FLAVOR }}/flavor-vars.yml"
+        - "{{ XCI_PATH }}/xci/file/{{ XCI_FLAVOR }}/user_variables.yml"
+  roles:
+    - role: "openstack-ansible-openstack_openrc"
+
+  tasks:
+    - name: add extra insecure flag to generated openrc
+      blockinfile:
+          dest: "{{ ansible_env.HOME }}/openrc"
+          block: |
+              export OS_INSECURE=true
+
+    - name: fetch generated openrc
+      fetch:
+        src: "{{ ansible_env.HOME }}/openrc"
+        dest: "{{ XCI_PATH }}/.cache/openrc"
+        flat: true