blob: 5beddcd7b6a4e2194d11402afb5a2d5a715e5d88 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
---
# SPDX-license-identifier: Apache-2.0
##############################################################################
# Copyright (c) 2017 Ericsson AB and others.
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
- hosts: opnfv
remote_user: root
vars_files:
- ../var/{{ ansible_os_family }}.yml
- ../var/flavor-vars.yml
- ../var/opnfv.yml
roles:
- role: remove-folders
- { role: clone-repository, project: "opnfv/releng-xci", repo: "{{ OPNFV_RELENG_GIT_URL }}", dest: "{{ OPNFV_RELENG_PATH }}", version: "{{ OPNFV_RELENG_VERSION }}" }
- { role: clone-repository, project: "openstack/openstack-ansible", repo: "{{ OPENSTACK_OSA_GIT_URL }}", dest: "{{ OPENSTACK_OSA_PATH }}", version: "{{ OPENSTACK_OSA_VERSION }}" }
- hosts: opnfv
remote_user: root
vars_files:
- ../var/{{ ansible_os_family }}.yml
- ../var/opnfv.yml
tasks:
- name: Synchronize local development releng-xci repository to XCI paths
synchronize:
src: "{{ OPNFV_RELENG_DEV_PATH }}"
dest: "{{ OPNFV_RELENG_PATH }}"
recursive: yes
delete: yes
when:
- OPNFV_RELENG_DEV_PATH != ""
- name: Synchronize local development openstack-ansible repository to XCI paths
synchronize:
src: "{{ OPENSTACK_OSA_DEV_PATH }}"
dest: "{{ OPENSTACK_OSA_PATH }}"
recursive: yes
delete: yes
when:
- OPENSTACK_OSA_DEV_PATH != ""
- hosts: opnfv
remote_user: root
vars_files:
- ../var/{{ ansible_os_family }}.yml
- ../var/flavor-vars.yml
- ../var/opnfv.yml
roles:
- role: configure-network
tasks:
- name: generate SSH keys
shell: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N ""
args:
creates: /root/.ssh/id_rsa
- name: ensure ssh key storage directory exists
file:
path: "{{ OPNFV_SSH_HOST_KEYS_PATH }}"
state: directory
- name: fetch public key
fetch: src="/root/.ssh/id_rsa.pub" dest="{{ OPNFV_SSH_HOST_KEYS_PATH }}"
- name: copy flavor inventory
shell: "/bin/cp -rf {{XCI_FLAVOR_ANSIBLE_FILE_PATH}}/inventory {{OPNFV_RELENG_PATH}}/xci/playbooks"
- name: copy flavor vars
shell: "/bin/cp -rf {{XCI_FLAVOR_ANSIBLE_FILE_PATH}}/flavor-vars.yml {{OPNFV_RELENG_PATH}}/xci/var"
- name: copy openstack_deploy
shell: "/bin/cp -rf {{OPENSTACK_OSA_PATH}}/etc/openstack_deploy {{OPENSTACK_OSA_ETC_PATH}}"
- name: copy openstack_user_config.yml
shell: "/bin/cp -rf {{XCI_FLAVOR_ANSIBLE_FILE_PATH}}/openstack_user_config.yml {{OPENSTACK_OSA_ETC_PATH}}"
- name: copy user_variables.yml
shell: "/bin/cp -rf {{XCI_FLAVOR_ANSIBLE_FILE_PATH}}/user_variables.yml {{OPENSTACK_OSA_ETC_PATH}}"
- name: copy cinder.yml
shell: "/bin/cp -rf {{OPNFV_RELENG_PATH}}/xci/file/cinder.yml {{OPENSTACK_OSA_ETC_PATH}}/env.d"
# TODO: We need to get rid of this as soon as the issue is fixed upstream
- name: change the haproxy state from disable to enable
replace:
dest: "{{OPENSTACK_OSA_PATH}}/playbooks/os-keystone-install.yml"
regexp: '(\s+)haproxy_state: disabled'
replace: '\1haproxy_state: enabled'
- name: copy OPNFV OpenStack playbook
shell: "/bin/cp -rf {{OPNFV_RELENG_PATH}}/xci/file/setup-openstack.yml {{OPENSTACK_OSA_PATH}}/playbooks"
- name: copy OPNFV role requirements
shell: "/bin/cp -rf {{OPNFV_RELENG_PATH}}/xci/file/ansible-role-requirements.yml {{OPENSTACK_OSA_PATH}}"
- name: bootstrap ansible on opnfv host
command: "/bin/bash ./scripts/bootstrap-ansible.sh"
args:
chdir: "{{OPENSTACK_OSA_PATH}}"
- name: install python Crypto module
package:
name: "{{ python_crypto_package_name }}"
- name: install PyYAML
pip:
name: pyyaml
state: present
- name: generate password token
command: "python pw-token-gen.py --file {{OPENSTACK_OSA_ETC_PATH}}/user_secrets.yml"
args:
chdir: "{{OPENSTACK_OSA_PATH}}/scripts"
- name: create certificate directory /etc/ssl/certs
file:
path: "/etc/ssl/certs"
state: directory
- name: create key directory /etc/ssl/private
file:
path: "/etc/ssl/private"
state: directory
- name: copy certificate to /etc/ssl/certs
copy:
src: "/etc/ssl/certs/xci.crt"
dest: "/etc/ssl/certs/"
become: true
- name: read remote key from /etc/ssl/private
set_fact:
xci_ssl_key: "{{ lookup('pipe', 'sudo cat /etc/ssl/private/xci.key' ) }}"
- name: copy key to /etc/ssl/private
copy:
content: "{{ xci_ssl_key }}"
dest: "/etc/ssl/private/xci.key"
become: true
- hosts: localhost
remote_user: root
vars_files:
- ../var/opnfv.yml
tasks:
- name: Generate authorized_keys
shell: "/bin/cat {{ OPNFV_SSH_HOST_KEYS_PATH }}/opnfv/root/.ssh/id_rsa.pub >> ../file/authorized_keys"
- name: Append public keys to authorized_keys
shell: "/bin/cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub >> ../file/authorized_keys"
- hosts: opnfv
gather_facts: no
remote_user: root
vars_files:
- ../var/{{ ansible_os_family }}.yml
- ../var/flavor-vars.yml
- ../var/opnfv.yml
- "{{ XCI_FLAVOR_ANSIBLE_FILE_PATH }}/user_variables.yml"
roles:
- role: "openstack-ansible-openstack_openrc"
tasks:
- name: add extra insecure flag to generated openrc
blockinfile:
dest: "{{ ansible_env.HOME }}/openrc"
block: |
export OS_INSECURE=true
- name: fetch generated openrc
fetch:
src: "{{ ansible_env.HOME }}/openrc"
dest: "{{ XCI_DEVEL_ROOT }}/"
flat: true
|