From c74cfd33fc3c8274433f153f1d211b7b2657ab54 Mon Sep 17 00:00:00 2001 From: Markos Chandras Date: Wed, 20 Dec 2017 10:12:42 +0000 Subject: xci: OSA: Move all the OSA specific playbooks to the NFVI directory Move all the playbooks that only make sense for OpenStack-Ansible deployments to the NFVI/OSA directory where they belong. This further disassociates XCI from OSA. Change-Id: Iab8b6dc81d9025a1d85608a98fb1eee0f1c6a69f Signed-off-by: Markos Chandras Signed-off-by: Fatih Degirmenci --- xci/nfvi/osa/playbooks/configure-opnfvhost.yml | 185 +++++++++++++++++++++++++ 1 file changed, 185 insertions(+) create mode 100644 xci/nfvi/osa/playbooks/configure-opnfvhost.yml (limited to 'xci/nfvi/osa/playbooks/configure-opnfvhost.yml') diff --git a/xci/nfvi/osa/playbooks/configure-opnfvhost.yml b/xci/nfvi/osa/playbooks/configure-opnfvhost.yml new file mode 100644 index 00000000..656f18e8 --- /dev/null +++ b/xci/nfvi/osa/playbooks/configure-opnfvhost.yml @@ -0,0 +1,185 @@ +--- +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2017 Ericsson AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +- hosts: opnfv + remote_user: root + vars_files: + - "{{ XCI_PATH }}/xci/var/opnfv.yml" + + pre_tasks: + - name: Load distribution variables + include_vars: + file: "{{ item }}" + with_items: + - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml" + - "{{ XCI_PATH }}/xci/file/{{ XCI_FLAVOR }}/flavor-vars.yml" + - name: Set facts for remote deployment + set_fact: + remote_xci_path: "{{ ansible_env.HOME }}/releng-xci" + remote_xci_flavor_files: "{{ ansible_env.HOME }}/releng-xci/xci/file/{{ XCI_FLAVOR }}" + remote_xci_playbooks: "{{ ansible_env.HOME }}/releng-xci/xci/playbooks" + + roles: + - role: configure-network + when: XCI_FLAVOR != "aio" + + tasks: + - name: generate SSH keys + shell: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N "" + args: + creates: "{{ ansible_env.HOME }}/.ssh/id_rsa" + - name: fetch public key + fetch: + src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub" + dest: "{{ XCI_PATH }}/xci/file/authorized_keys" + flat: yes + - name: Copy releng-xci to remote host + synchronize: + src: "{{ XCI_PATH }}/" + dest: "{{ remote_xci_path }}" + recursive: yes + delete: yes + - name: copy flavor inventory + shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/inventory {{ remote_xci_playbooks }}" + - name: copy openstack_deploy + shell: "/bin/cp -rf {{OPENSTACK_OSA_PATH}}/etc/openstack_deploy {{OPENSTACK_OSA_ETC_PATH}}" + - name: copy openstack_user_config.yml + shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/openstack_user_config.yml {{OPENSTACK_OSA_ETC_PATH}}" + failed_when: false + - name: copy all user override files + shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_variables.yml {{OPENSTACK_OSA_ETC_PATH}}" + failed_when: false + - name: copy cinder.yml + shell: "/bin/cp -rf {{ remote_xci_path }}/xci/nfvi/osa/files/cinder.yml {{OPENSTACK_OSA_ETC_PATH}}/env.d" + - name: Configure AIO tempest + lineinfile: + path: "{{ OPENSTACK_OSA_ETC_PATH }}/user_variables.yml" + line: "{{ item }}: {{ RUN_TEMPEST | bool }}" + state: present + with_items: + - "tempest_install" + - "tempest_run" + - block: + - name: copy ceph.yml + shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/ceph.yml {{OPENSTACK_OSA_ETC_PATH}}/conf.d/" + - name: copy user_ceph.yml + shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_ceph.yml {{OPENSTACK_OSA_ETC_PATH}}/user_ceph.yml" + - name: copy user_variables_ceph.yml + shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_variables_ceph.yml {{OPENSTACK_OSA_ETC_PATH}}/user_variables_ceph.yml" + when: XCI_CEPH_ENABLED == "true" + # TODO: We need to get rid of this as soon as the issue is fixed upstream + - name: change the haproxy state from disable to enable + replace: + dest: "{{OPENSTACK_OSA_PATH}}/playbooks/os-keystone-install.yml" + regexp: '(\s+)haproxy_state: disabled' + replace: '\1haproxy_state: enabled' + - name: copy OPNFV OpenStack playbook + shell: "/bin/cp -rf {{ remote_xci_path }}/xci/nfvi/osa/files/setup-openstack.yml {{OPENSTACK_OSA_PATH}}/playbooks" + - name: copy pinned versions of OSA Roles and global requirements + shell: "/bin/cp -rf {{ remote_xci_path }}/xci/nfvi/osa/files/{{ item }} {{OPENSTACK_OSA_PATH}}/{{ item }}" + with_items: + - "ansible-role-requirements.yml" + - "global-requirement-pins.txt" + when: + - OPENSTACK_OSA_VERSION != "master" + - name: copy pinned versions of OpenStack services + shell: "/bin/cp -rf {{ remote_xci_path }}/xci/nfvi/osa/files/openstack_services.yml {{OPENSTACK_OSA_PATH}}/playbooks/defaults/repo_packages/openstack_services.yml" + when: + - OPENSTACK_OSA_VERSION != "master" + - include: bootstrap-scenarios.yml + - name: bootstrap ansible on opnfv host + command: "/bin/bash ./scripts/bootstrap-ansible.sh" + args: + chdir: "{{OPENSTACK_OSA_PATH}}" + - name: install python Crypto module + package: + name: "{{ python_crypto_package_name }}" + - name: install PyYAML + pip: + name: pyyaml + state: present + - name: generate password token + command: "python pw-token-gen.py --file {{OPENSTACK_OSA_ETC_PATH}}/user_secrets.yml" + args: + chdir: "{{OPENSTACK_OSA_PATH}}/scripts" + - name: check if certificate directory /etc/ssl/certs exists already + stat: path=/etc/ssl/certs + register: check_etc_ssl_certs + - name: create certificate directory /etc/ssl/certs + file: + path: "/etc/ssl/certs" + state: directory + when: check_etc_ssl_certs.stat.exists == false + - name: create key directory /etc/ssl/private + file: + path: "/etc/ssl/private" + state: directory + - name: copy certificate to /etc/ssl/certs + copy: + src: "/etc/ssl/certs/xci.crt" + dest: "/etc/ssl/certs/" + - name: read remote key from /etc/ssl/private + set_fact: + xci_ssl_key: "{{ lookup('pipe', 'sudo cat /etc/ssl/private/xci.key' ) }}" + - name: copy key to /etc/ssl/private + copy: + content: "{{ xci_ssl_key }}" + dest: "/etc/ssl/private/xci.key" + become: true + - name: install opnfv required packages + package: + name: "{{ opnfv_required_packages }}" + state: latest + # Docker is needed for functest + - name: Ensure Docker service is started and enabled + service: + name: "{{ docker_service_name }}" + state: started + enabled: yes + - name: install opnfv required pip packages + pip: + name: "{{ opnfv_required_pip }}" + state: present + +- hosts: localhost + remote_user: root + + tasks: + - name: Append public keys to authorized_keys + shell: "/bin/cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub >> {{ XCI_PATH }}/xci/file/authorized_keys" + +- hosts: opnfv + remote_user: root + vars_files: + - "{{ XCI_PATH }}/xci/var/opnfv.yml" + + pre_tasks: + - name: Load distribution variables + include_vars: + file: "{{ item }}" + failed_when: false + with_items: + - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml" + - "{{ XCI_PATH }}/xci/file/{{ XCI_FLAVOR }}/flavor-vars.yml" + - "{{ XCI_PATH }}/xci/file/{{ XCI_FLAVOR }}/user_variables.yml" + roles: + - role: "openstack-ansible-openstack_openrc" + + tasks: + - name: add extra insecure flag to generated openrc + blockinfile: + dest: "{{ ansible_env.HOME }}/openrc" + block: | + export OS_INSECURE=true + + - name: fetch generated openrc + fetch: + src: "{{ ansible_env.HOME }}/openrc" + dest: "{{ XCI_PATH }}/.cache/openrc" + flat: true -- cgit 1.2.3-korg