diff options
author | Rodolfo Alonso Hernandez <rodolfo.alonso.hernandez@intel.com> | 2018-04-26 09:23:10 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@opnfv.org> | 2018-04-26 09:23:10 +0000 |
commit | fd54ab5c79b16cdc1765517057b8eb0c988f60c8 (patch) | |
tree | d19878aeacf2c150e98da6259b8bee5d7b152a63 /ansible | |
parent | 0aae33539c4790a3fd1ffeac1fd266d8d00ad70d (diff) | |
parent | 7cf8184eca909dc4d4cddff38ae457ab7e01f053 (diff) |
Merge "OpenStack deployment using kolla"
Diffstat (limited to 'ansible')
17 files changed, 854 insertions, 14 deletions
diff --git a/ansible/infra_deploy.yml b/ansible/infra_deploy.yml index 029879502..8cf5dffef 100644 --- a/ansible/infra_deploy.yml +++ b/ansible/infra_deploy.yml @@ -17,8 +17,33 @@ rs_file: "{{ RS_FILE }}" clean_up: "{{ CLEAN_UP | default(False) }}" # If True will be delete all VMs, networks, disk images + tasks: + - set_fact: + proxy_host: "{{ lookup('env', 'http_proxy') | urlsplit('hostname') }}" + proxy_proto: "{{ lookup('env', 'http_proxy') | urlsplit('scheme') }}" + proxy_port: "{{ lookup('env', 'http_proxy') | urlsplit('port') }}" + + - set_fact: + proxy_host_ip: "{{ lookup('dig', proxy_host) }}" + roles: - infra_destroy_previous_configuration - infra_check_requirements - infra_create_network - infra_create_vms + - infra_prepare_vms + +- hosts: deploy,regular,yardstickG + gather_facts: no + become: yes + + roles: + - infra_rampup_stack_nodes + + +- hosts: deploy + become: yes + environment: "{{ proxy_env }}" + + roles: + - infra_deploy_openstack diff --git a/ansible/roles/infra_check_requirements/tasks/main.yml b/ansible/roles/infra_check_requirements/tasks/main.yml index a11bc56a1..991bd7383 100644 --- a/ansible/roles/infra_check_requirements/tasks/main.yml +++ b/ansible/roles/infra_check_requirements/tasks/main.yml @@ -12,27 +12,30 @@ # See the License for the specific language governing permissions and # limitations under the License. --- +- name: Reread system properties + setup: + - name: Include include_vars: - file: "{{rs_file}}" + file: "{{ rs_file }}" name: infra_deploy_vars - name: Store total CPU, RAM, Disk requested resources set_fact: - vcpu_t: "{{item.vcpus|int + vcpu_t|int}}" - vram_t: "{{item.ram|int + vram_t|int}}" - disk_t: "{{item.disk|int + disk_t|int}}" - with_items: "{{infra_deploy_vars.nodes}}" + vcpu_t: "{{ item.vcpus|int + vcpu_t | int }}" + vram_t: "{{ item.ram|int + vram_t | int }}" + disk_t: "{{ item.disk|int + disk_t | int }}" + with_items: "{{ infra_deploy_vars.nodes }}" - name: Fail if not enough RAM fail: msg: "Failed, not enough RAM, required: {{ vram_t }}, available {{ ansible_memory_mb.nocache.free }}" - when: ansible_memory_mb.nocache.free < vram_t|int + when: ansible_memory_mb.nocache.free < vram_t | int - name: Fail if not enough CPU fail: msg: "Failed, not enough CPU, required: {{ vcpu_t }}, available {{ ansible_processor_vcpus }}" - when: ansible_processor_vcpus < vcpu_t|int + when: ansible_processor_vcpus < vcpu_t | int - name: Define default network counter set_fact: @@ -40,20 +43,38 @@ - name: Increment counter for every default network detected set_fact: - num_default_network_detected: "{{ num_default_network_detected|int + 1 }}" + num_default_network_detected: "{{ num_default_network_detected | int + 1 }}" when: - item.default_gateway is defined - item.default_gateway == True - with_items: "{{infra_deploy_vars.networks}}" + with_items: "{{ infra_deploy_vars.networks }}" - name: Fail if more than 1 or 0 default networks fail: msg: "Failed, there must be 1 default network: {{ num_default_network_detected }} detected" - when: num_default_network_detected|int != 1 + when: num_default_network_detected | int != 1 - name: Fail if not enough Disk space set_fact: - disk_avail: "{% for mount in ansible_mounts if mount.mount == '/' %}{{ (mount.size_available/1024/1024)|int }}{% endfor %}" + disk_avail: "{% for mount in ansible_mounts if mount.mount == '/' %}{{ (mount.size_available/1024/1024) | int }}{% endfor %}" - fail: msg: "Failed, not enough disk space, required {{ disk_t }}, available: {{ disk_avail }}" - when: disk_avail|int < disk_t|int + when: disk_avail|int < disk_t | int + +- set_fact: + ostack_nodes: "{{ ostack_nodes | default([]) + [item.openstack_node] }}" + when: item.openstack_node is defined + with_items: "{{ infra_deploy_vars.nodes }}" + +# all-in-one node node type must be controller, multinode requires at least one controller and one compute node +- fail: + msg: "OpenStack node types currently supported: controller, compute. Check input VMs file." + when: ostack_nodes is undefined or ostack_nodes | length < 1 + +- fail: + msg: "In all-in-one configuration OpenStack node type must be controller." + when: ostack_nodes | length == 1 and 'controller' not in ostack_nodes + +- fail: + msg: "At least one controller and one compute node expected when total number of OpenStack nodes is more than one." + when: ostack_nodes | length > 1 and not ('compute' in ostack_nodes and 'controller' in ostack_nodes) diff --git a/ansible/roles/infra_create_vms/tasks/configure_vm.yml b/ansible/roles/infra_create_vms/tasks/configure_vm.yml index c20a0b175..a6a5e0618 100644 --- a/ansible/roles/infra_create_vms/tasks/configure_vm.yml +++ b/ansible/roles/infra_create_vms/tasks/configure_vm.yml @@ -47,8 +47,6 @@ output: all: ">> /var/log/cloud-init.log" ssh_pwauth: True - bootcmd: - - echo 127.0.0.1 {{ node_item.hostname }} >> /etc/hosts users: - name: {{ node_item.user }} lock-passwd: False diff --git a/ansible/roles/infra_deploy_openstack/tasks/configure_kolla.yml b/ansible/roles/infra_deploy_openstack/tasks/configure_kolla.yml new file mode 100644 index 000000000..9713c0d1e --- /dev/null +++ b/ansible/roles/infra_deploy_openstack/tasks/configure_kolla.yml @@ -0,0 +1,40 @@ +# Copyright (c) 2018 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Modify globals.yml + replace: + path: /etc/kolla/globals.yml + regexp: "{{ item.find }}" + replace: "{{ item.insert_after }}" + with_items: + - { find: '^#kolla_base_distro:.*', insert_after: 'kolla_base_distro: "ubuntu"' } + - { find: '^#kolla_install_type:.*', insert_after: 'kolla_install_type: "source"' } + - { find: '^#openstack_release:.*', insert_after: 'openstack_release: "pike"' } + - { find: 'kolla_internal_vip_address:.*', insert_after: 'kolla_internal_vip_address: "{{ deployvm_ip }}"' } + - { find: '^#network_interface:.*', insert_after: 'network_interface: "{{ hostvars[ansible_host].ansible_default_ipv4.interface }}"' } + - { find: '^#neutron_external_interface:.*', insert_after: 'neutron_external_interface: "{{ neutron_iface }}"' } + - { find: '^#enable_haproxy:.*', insert_after: 'enable_haproxy: "no"'} + - { find: '^#enable_heat:.*' , insert_after: 'enable_heat: "yes"'} + - { find: '^#docker_registry:.*', insert_after: 'docker_registry: "{{ ansible_host }}:4000"' } + +- name: Generate multinode from inventory + template: + src: templates/multinode.j2 + dest: "{{ git_repos_path + 'multinode' }}" + +- set_fact: + path2multinode: "{{ git_repos_path + kolla_ans_path + '/ansible/inventory/multinode' }}" + +- name: Append rest groups to multinode file + shell: line=`grep -n '\[deployment\]' {{ path2multinode }} | cut -d ':' -f1` && tail -n +$line {{ path2multinode }} >> "{{ git_repos_path + 'multinode' }}" diff --git a/ansible/roles/infra_deploy_openstack/tasks/configure_openstack.yml b/ansible/roles/infra_deploy_openstack/tasks/configure_openstack.yml new file mode 100644 index 000000000..3963cb64c --- /dev/null +++ b/ansible/roles/infra_deploy_openstack/tasks/configure_openstack.yml @@ -0,0 +1,67 @@ +# Copyright (c) 2018 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Create folders + file: + path: "{{ item }}" + state: directory + with_items: + - /etc/kolla/config/nova + - /etc/kolla/config/neutron + +- set_fact: + filter_ops: RetryFilter,AvailabilityZoneFilter,RamFilter,DiskFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,SameHostFilter + +- name: Configure OpenStack Nova + copy: + content: | + [filter_scheduler] + enabled_filters = {{ filter_ops }} + [libvirt] + cpu_mode = host-passthrough + dest: /etc/kolla/config/nova.conf + +- name: Configure OpenStack Neutron + copy: + content: | + [DEFAULT] + service_plugins=neutron.services.l3_router.l3_router_plugin.L3RouterPlugin + [securitygroup] + firewall_driver = neutron.agent.firewall.NoopFirewallDriver + [ml2] + extension_drivers=port_security + [agent] + extensions=port_security + dest: /etc/kolla/config/neutron.conf + +- name: Configure OpenStack ml2_plugin.ini + copy: + content: | + [ml2] + tenant_network_types = vxlan + extension_drivers = port_security + type_drivers = vlan,flat,local,vxlan + mechanism_drivers = openvswitch + [ml2_type_flat] + flat_networks = physnet1 + [ml2_type_vlan] + network_vlan_ranges = physnet1 + [securitygroup] + firewall_driver = iptables_hybrid + [ovs] + datapath_type = system + bridge_mappings = physnet1:br-ex + tunnel_bridge = br-tun + local_ip = {{ deployvm_ip }} + dest: /etc/kolla/config/neutron/ml2_plugin.ini diff --git a/ansible/roles/infra_deploy_openstack/tasks/install_kolla.yml b/ansible/roles/infra_deploy_openstack/tasks/install_kolla.yml new file mode 100644 index 000000000..38c163c6c --- /dev/null +++ b/ansible/roles/infra_deploy_openstack/tasks/install_kolla.yml @@ -0,0 +1,54 @@ +# Copyright (c) 2018 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Download kolla and kolla-ansible from git repos + git: + repo: "{{ item.repo }}" + dest: "{{ git_repos_path + item.dir }}" + version: stable/pike + with_items: + - { dir: "{{ kolla_path }}", repo: 'https://git.openstack.org/openstack/kolla'} + - { dir: "{{ kolla_ans_path }}", repo: 'https://git.openstack.org/openstack/kolla-ansible' } + +- name: Copy kolla-ansible password.yml and globals.yml + shell: cp -r "{{ git_repos_path + kolla_ans_path + '/etc/kolla/' }}" /etc/ + +- name: Copy kolla-ansible all-in-one, multinode + shell: cp * "{{ git_repos_path }}" + args: + chdir: "{{ git_repos_path + kolla_ans_path + '/ansible/inventory/' }}" + +- name: Install requirements + pip: + chdir: "{{ item[0] }}" + requirements: "{{ item[1] }}" + with_nested: + - [ "{{ git_repos_path + kolla_path }}", "{{ git_repos_path + kolla_ans_path }}" ] + - [ 'requirements.txt', 'test-requirements.txt' ] + +- name: pip install . + pip: + chdir: "{{ item }}" + name: '.' + with_items: + - "{{ git_repos_path + kolla_path }}" + - "{{ git_repos_path + kolla_ans_path }}" + +- name: Run setup.py + shell: "python setup.py install" + args: + chdir: "{{ item }}" + with_items: + - "{{ git_repos_path + kolla_path }}" + - "{{ git_repos_path + kolla_ans_path }}" diff --git a/ansible/roles/infra_deploy_openstack/tasks/main.yml b/ansible/roles/infra_deploy_openstack/tasks/main.yml new file mode 100644 index 000000000..ba5d5bc54 --- /dev/null +++ b/ansible/roles/infra_deploy_openstack/tasks/main.yml @@ -0,0 +1,125 @@ +# Copyright (c) 2018 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +# This script is based on https://docs.openstack.org/kolla-ansible/pike/user/quickstart.html +- name: Include variables + include_vars: + file: "{{ rs_file }}" + name: infra_deploy_vars + +- set_fact: + traffic_ip: "{{ item.interfaces[1].ip }}" + when: item.hostname == ansible_host + with_items: "{{ infra_deploy_vars.nodes }}" + +- name: Get neutron iface + set_fact: + neutron_iface: "{{ item }}" + when: + - hostvars[ansible_host]['ansible_' + item.replace('-', '_')].ipv4 is defined + - hostvars[ansible_host]['ansible_' + item.replace('-', '_')].ipv4.address is defined + - hostvars[ansible_host]['ansible_' + item.replace('-', '_')].ipv4.address == traffic_ip + with_items: "{{ hostvars[ansible_host].ansible_interfaces }}" + +- name: Create a registry container + docker_container: + name: registry + image: registry:2 + restart_policy: always + ports: + - "4000:5000" + +- name: Download and install Kolla + include_tasks: install_kolla.yml + +- name: Configure Kolla + include_tasks: configure_kolla.yml + +- name: Configure Open Stack + include_tasks: configure_openstack.yml + +- name: Ramp up Open Stack + include_tasks: rampup_openstack.yml + +- name: Update admin-openrc.sh + lineinfile: + path: /etc/kolla/admin-openrc.sh + regexp: "{{ item.find }}" + line: "{{ item.add }}" + with_items: + - { find: 'EXTERNAL_NETWORK', add: 'export EXTERNAL_NETWORK=public' } + - { find: 'OS_AUTH_TYPE', add: 'export OS_AUTH_TYPE=password' } + +- name: Copy env file + shell: cp /etc/kolla/admin-openrc.sh /tmp/admin-openrc.yaml + +- name: Rework as env vars + replace: + path: /tmp/admin-openrc.yaml + regexp: 'export\s+(.*)=(.*)' + replace: '\1: \2' + +- name: Download OpenStack env file + fetch: + src: /tmp/admin-openrc.yaml + dest: /tmp/ + flat: yes + +- include_vars: + file: /tmp/admin-openrc.yaml + name: ostack_env + +- name: Re-assign IP address + shell: ip address show {{ neutron_iface }} | awk '/inet/ {print $2}' + when: neutron_iface is defined + register: ip_netmask + +- shell: > + ip addr del dev {{ neutron_iface }} {{ ip_netmask.stdout }} && + ip addr add dev br-ex {{ infra_deploy_vars.networks[1].host_ip }}/{{ ip_netmask.stdout_lines[0].split('/')[1] }} + when: + - neutron_iface is defined + - ip_netmask.stdout | length > 0 + +- name: Create external network + os_network: + name: public + external: yes + provider_physical_network: physnet1 + provider_network_type: flat + environment: + - no_proxy: "{{ lookup('env', 'no_proxy') + ',' + ansible_host + ',' + hostvars[ansible_host].ansible_default_ipv4.address }}" + - "{{ ostack_env }}" + +- name: Create sub-network + os_subnet: + name: public-subnet + network_name: public + cidr: "{{ ip_netmask.stdout }}" + allocation_pool_start: "{{ infra_deploy_vars.networks[1].dhcp_ip_start }}" + allocation_pool_end: "{{ infra_deploy_vars.networks[1].dhcp_ip_stop }}" + gateway_ip: "{{ infra_deploy_vars.networks[1].host_ip }}" + enable_dhcp: no + environment: + - no_proxy: "{{ lookup('env', 'no_proxy') + ',' + ansible_host + ',' + hostvars[ansible_host].ansible_default_ipv4.address }}" + - "{{ ostack_env }}" + +- name: Upload OpenStack env file to Yardstick VM + copy: + src: /etc/kolla/admin-openrc.sh + dest: '/tmp/admin-openrc.sh' + delegate_to: "{{ item }}" + when: "groups['yardstickG'] is defined" + with_items: + - "{{ groups['yardstickG'] }}" diff --git a/ansible/roles/infra_deploy_openstack/tasks/rampup_openstack.yml b/ansible/roles/infra_deploy_openstack/tasks/rampup_openstack.yml new file mode 100644 index 000000000..c75bec685 --- /dev/null +++ b/ansible/roles/infra_deploy_openstack/tasks/rampup_openstack.yml @@ -0,0 +1,43 @@ +# Copyright (c) 2018 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Generate passwords + shell: kolla-genpwd + +- name: Generate the kolla-build.conf + shell: tox -e genconfig + args: + chdir: "{{ git_repos_path + kolla_path }}" + +- set_fact: + target: "{{ git_repos_path + 'all-in-one' }}" + +- set_fact: + target: "{{ git_repos_path + 'multinode' }}" + when: "groups['ostack'] | length > 1" + +- name: Run kolla-ansible precheck + shell: kolla-ansible prechecks -i "{{ target }}" + +- name: Build kolla-ansible + shell: kolla-build -b ubuntu -t source --profile default --tag pike --registry {{ ansible_host }}:4000 --push + +- name: Pull images from registry + shell: kolla-ansible pull -i "{{ target }}" + +- name: Run kolla-ansible deploy + shell: kolla-ansible deploy -i "{{ target }}" + +- name: Create an openrc file + shell: kolla-ansible post-deploy diff --git a/ansible/roles/infra_deploy_openstack/templates/multinode.j2 b/ansible/roles/infra_deploy_openstack/templates/multinode.j2 new file mode 100644 index 000000000..57f87b521 --- /dev/null +++ b/ansible/roles/infra_deploy_openstack/templates/multinode.j2 @@ -0,0 +1,39 @@ +{% set control_dict = {} %} +{% set compute_dict = {} %} +{% for host in groups['ostack'] %} +{% if hostvars[host].node_type is defined and hostvars[host].node_type == 'controller' %} +{% set control_dict = control_dict.update({hostvars[host].ansible_host: hostvars[host].ansible_default_ipv4.interface}) %} +{% endif %} +{% endfor %} +{% for host in groups['ostack'] %} +{% if hostvars[host].node_type is defined and hostvars[host].node_type == 'compute' %} +{% for iface in hostvars[host].ansible_interfaces %} +{%- if ((hostvars[host]['ansible_' + iface.replace('-', '_')].ipv4 is defined) and + (hostvars[host]['ansible_' + iface.replace('-', '_')].ipv4.address is defined) and + (hostvars[host]['ansible_' + iface.replace('-', '_')].ipv4.address == hostvars[host].secondary_ip)) -%} +{% set compute_dict = compute_dict.update({hostvars[host].ansible_host: iface}) %} +{% endif %} +{% endfor %} +{% endif %} +{% endfor %} +{% macro print_node(in_dict, iface_str='', cnt=1) %} +{%- for host, iface in in_dict | dictsort -%} +{% if loop.index <= cnt %} +{% if iface_str %} +{{ host }} ansible_ssh_user={{ hostvars[host].ansible_user }} ansible_private_key_file=/root/.ssh/id_rsa ansible_become=True {{ iface_str }}={{ iface }} +{% else %} +{{ host }} ansible_ssh_user={{ hostvars[host].ansible_user }} ansible_private_key_file=/root/.ssh/id_rsa ansible_become=True +{% endif %} +{% endif %} +{% endfor %} +{% endmacro %} +[control] +{{ print_node(control_dict, iface_str='network_interface', cnt=control_dict | length) }} +[compute] +{{ print_node(compute_dict, iface_str='network_interface', cnt=compute_dict | length) }} +[network] +{{ print_node(control_dict, iface_str='', cnt=control_dict | length) }} +[monitoring] +{{ print_node(control_dict) }} +[storage] +{{ print_node(control_dict, iface_str='', cnt=control_dict | length) }} diff --git a/ansible/roles/infra_deploy_openstack/vars/main.yml b/ansible/roles/infra_deploy_openstack/vars/main.yml new file mode 100644 index 000000000..bbea56847 --- /dev/null +++ b/ansible/roles/infra_deploy_openstack/vars/main.yml @@ -0,0 +1,18 @@ +# Copyright (c) 2018 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +kolla_path: "{{ 'https://git.openstack.org/openstack/kolla' | urlsplit('path') | basename }}" +kolla_ans_path: "{{ 'https://git.openstack.org/openstack/kolla-ansible' | urlsplit('path') | basename }}" +deployvm_ip: "{{ hostvars[ansible_host].host_ip }}" +git_repos_path: '/tmp/repos/' diff --git a/ansible/roles/infra_prepare_vms/tasks/main.yml b/ansible/roles/infra_prepare_vms/tasks/main.yml new file mode 100644 index 000000000..d7ed08511 --- /dev/null +++ b/ansible/roles/infra_prepare_vms/tasks/main.yml @@ -0,0 +1,105 @@ +# Copyright (c) 2018 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Include input file + include_vars: + file: "{{ rs_file }}" + name: infra_deploy_vars + +- name: Install setuptools + apt: + name: python-setuptools + +- name: Install pip + shell: easy_install pip + environment: "{{ proxy_env }}" + +- name: Install dependency for dns dig + pip: + name: dnspython + state: latest + +- set_fact: + block_str: "{{ block_str | default('') + item.interfaces[0].ip + ' ' + item.hostname + '\n'}}" + with_items: "{{ infra_deploy_vars.nodes }}" + +- name: Delete hosts between markers + blockinfile: + path: /etc/hosts + marker: "# {mark} generated hosts file" + content: "" + +- name: Update /etc/hosts + blockinfile: + path: /etc/hosts + block: | + {{ block_str }} + marker: "# {mark} generated hosts file" + +- name: Clear known hosts + shell: > + ssh-keygen -f /root/.ssh/known_hosts -R "{{ item.interfaces[0].ip }}"; + ssh-keygen -f /root/.ssh/known_hosts -R "{{ item.hostname }}" + with_items: "{{ infra_deploy_vars.nodes }}" + +- set_fact: + controllers: "{{ controllers | default([]) + [item.hostname] }}" + when: + - item.openstack_node is defined + - item.openstack_node == 'controller' + with_items: "{{ infra_deploy_vars.nodes }}" + +- name: Add host controller as deploy + add_host: + hostname: "{{ item.hostname }}" + host_ip: "{{ item.interfaces[0].ip }}" + groups: deploy, ostack + ansible_host: "{{ item.hostname }}" + ansible_user: "{{ item.user }}" + ansible_ssh_pass: "{{ item.password }}" + node_type: "{{ item.openstack_node }}" + secondary_ip: "{{ item.interfaces[1].ip }}" + when: item.hostname == controllers[0] + with_items: "{{ infra_deploy_vars.nodes }}" + +- name: Add hosts others as controller, compute + add_host: + hostname: "{{ item.hostname }}" + host_ip: "{{ item.interfaces[0].ip }}" + groups: regular,ostack + ansible_host: "{{ item.hostname }}" + ansible_user: "{{ item.user }}" + ansible_ssh_pass: "{{ item.password }}" + node_type: "{{ item.openstack_node }}" + secondary_ip: "{{ item.interfaces[1].ip }}" + when: + - item.openstack_node is defined + - item.openstack_node == 'controller' or item.openstack_node == 'compute' + - item.hostname != controllers[0] + with_items: "{{ infra_deploy_vars.nodes }}" + +- name: Add yardstick host to group + add_host: + hostname: "{{ item.hostname }}" + host_ip: "{{ item.interfaces[0].ip }}" + groups: yardstickG + ansible_host: "{{ item.hostname }}" + ansible_user: "{{ item.user }}" + ansible_ssh_pass: "{{ item.password }}" + secondary_ip: "{{ item.interfaces[1].ip }}" + when: item.hostname == 'yardstickvm' + with_items: "{{ infra_deploy_vars.nodes }}" + +- name: Workaround, not all VMs are ready by that time + pause: seconds=20 diff --git a/ansible/roles/infra_rampup_stack_nodes/tasks/configure_docker.yml b/ansible/roles/infra_rampup_stack_nodes/tasks/configure_docker.yml new file mode 100644 index 000000000..a6ae00e51 --- /dev/null +++ b/ansible/roles/infra_rampup_stack_nodes/tasks/configure_docker.yml @@ -0,0 +1,48 @@ +# Copyright (c) 2018 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- file: + path: /lib/systemd/system/docker.service.d + state: directory + +- copy: + content: | + [Service] + MountFlags=shared + dest: /lib/systemd/system/docker.service.d/kolla.conf + +- set_fact: + ostack_hosts: "{{ ostack_hosts | default([]) + [hostvars[item].ansible_host] }}" + with_items: "{{ groups['ostack'] }}" + +- name: Create proxy configuration for docker + copy: + content: | + [Service] + Environment="HTTP_PROXY={{ lookup('env', 'http_proxy') }}" + Environment="HTTPS_PROXY={{ lookup('env', 'https_proxy') }}" + Environment="FTP_PROXY={{ lookup('env', 'ftp_proxy') }}" + Environment="NO_PROXY={{ lookup('env', 'no_proxy') }},{{ hostvars[ansible_host].ansible_default_ipv4.address }},{{ ostack_hosts | join(',') }}" + dest: /lib/systemd/system/docker.service.d/http-proxy.conf + +- name: Update /etc/default/docker + lineinfile: + path: /etc/default/docker + line: 'DOCKER_OPTS="--dns {{ hostvars[ansible_host].ansible_default_ipv4.gateway }} --insecure-registry {{ deploy_host }}:4000"' + +- name: reload restart docker + systemd: + state: restarted + daemon_reload: yes + name: docker diff --git a/ansible/roles/infra_rampup_stack_nodes/tasks/install_packets.yml b/ansible/roles/infra_rampup_stack_nodes/tasks/install_packets.yml new file mode 100644 index 000000000..d22e8155a --- /dev/null +++ b/ansible/roles/infra_rampup_stack_nodes/tasks/install_packets.yml @@ -0,0 +1,85 @@ +# Copyright (c) 2018 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Update apt cache + apt: + update_cache: yes + upgrade: yes + cache_valid_time: 36000 + environment: "{{ proxy_env }}" + +- name: Install packets + apt: + name: "{{ item }}" + with_items: + - python-tox + - python-dev + - libffi-dev + - libssl-dev + - python3-dev + - ethtool + - ipmitool + - git + - ntp + - apparmor-utils + - docker.io + - libvirt-bin + - python-setuptools + - build-essential + environment: "{{ proxy_env }}" + +- name: Install pip + shell: easy_install pip + environment: "{{ proxy_env }}" + +- name: Update pip ansible docker + pip: + name: "{{ item }}" + state: latest + with_items: + - ansible + - docker + - tox + - shade + environment: "{{ proxy_env }}" + +- name: Remove conflicting packages + apt: + name: "{{ item }}" + state: absent + with_items: + - lxd + - lxc + +- name: Stop and disable libvirt + systemd: + state: stopped + enabled: no + name: libvirt-bin.service + +- name: Stop and disable apparmor service + systemd: + name: apparmor + state: stopped + enabled: no + +- name: Get stat of libvirtd apparmor profile + stat: + path: /etc/apparmor.d/disable/usr.sbin.libvirtd + register: apparmor_libvirtd_profile + +- name: Remove apparmor profile for libvirt + shell: ln -s /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable/ && apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd + when: + - apparmor_libvirtd_profile.stat.exists == False diff --git a/ansible/roles/infra_rampup_stack_nodes/tasks/main.yml b/ansible/roles/infra_rampup_stack_nodes/tasks/main.yml new file mode 100644 index 000000000..65d5e59d8 --- /dev/null +++ b/ansible/roles/infra_rampup_stack_nodes/tasks/main.yml @@ -0,0 +1,39 @@ +# Copyright (c) 2018 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +# Configure proxy and install python to support ansible +- name: Create apt.conf proxy config + raw: > + echo 'Acquire::http::proxy "{{ hostvars[groups['jumphost'][0]].proxy_proto + '://' + hostvars[groups['jumphost'][0]].proxy_host_ip + ':' + hostvars[groups['jumphost'][0]].proxy_port }}";' + > /etc/apt/apt.conf.d/22proxy + +- name: Install python which is required to run ansible mudules + raw: apt-get update && apt-get install -y python + +- name: Gather facts + setup: + +- name: Update configuration files + include_tasks: update_conf_files.yml + +- name: Install packets + include_tasks: install_packets.yml + when: ansible_hostname in groups['ostack'] + +- name: Configure docker settings + include_tasks: configure_docker.yml + when: ansible_hostname in groups['ostack'] + +- name: generate and apply SSH keys + include_tasks: update_keys.yml diff --git a/ansible/roles/infra_rampup_stack_nodes/tasks/update_conf_files.yml b/ansible/roles/infra_rampup_stack_nodes/tasks/update_conf_files.yml new file mode 100644 index 000000000..424fb543b --- /dev/null +++ b/ansible/roles/infra_rampup_stack_nodes/tasks/update_conf_files.yml @@ -0,0 +1,69 @@ +# Copyright (c) 2018 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Set hostname + shell: hostname {{ ansible_hostname }} + +- name: Delete hosts between markers + blockinfile: + path: /etc/hosts + marker: "# {mark} generated hosts file" + content: "" + +- set_fact: + block_str: "{{ block_str | default('') + hostvars[item].host_ip + ' ' + hostvars[item].ansible_host + '\n'}}" + with_items: "{{ groups['ostack'] }}" + +- name: Update /etc/hosts + blockinfile: + path: /etc/hosts + block: | + {{ block_str }} + marker: "# {mark} generated hosts file" + +- name: Update /etc/hosts + lineinfile: + path: /etc/hosts + regexp: ".*{{ hostvars[groups['jumphost'][0]].proxy_host }}.*" + line: "{{ hostvars[groups['jumphost'][0]].proxy_host_ip }} {{ hostvars[groups['jumphost'][0]].proxy_host }}" + +- name: Turn off IPv6 + lineinfile: + path: /etc/sysctl.conf + regexp: '^{{ item }}.*' + line: "{{ item }} = 1" + with_items: + - 'net.ipv6.conf.all.disable_ipv6' + - 'net.ipv6.conf.default.disable_ipv6' + - 'net.ipv6.conf.lo.disable_ipv6' + +- name: Update IP configuration + shell: sysctl -p + +- name: Update resolv.conf + shell: echo "{{ 'nameserver ' + hostvars[ansible_host].ansible_default_ipv4.gateway }}" > /etc/resolvconf/resolv.conf.d/base + +- name: Update name servers + shell: resolvconf -u + +- name: Update /etc/environment + lineinfile: + path: /etc/environment + regexp: "{{ item.find }}" + line: "{{ item.add }}" + with_items: + - { find: 'http_proxy=', add: "{{ 'export http_proxy=' + lookup('env', 'http_proxy') }}" } + - { find: 'https_proxy=', add: "{{ 'export https_proxy=' + lookup('env', 'https_proxy') }}" } + - { find: 'ftp_proxy=', add: "{{ 'export ftp_proxy=' + lookup('env', 'ftp_proxy') }}" } + - { find: 'no_proxy=', add: "{{ 'export no_proxy=' + lookup('env', 'no_proxy') + ',' + ansible_host + ',' + hostvars[ansible_host].ansible_default_ipv4.address }}" } diff --git a/ansible/roles/infra_rampup_stack_nodes/tasks/update_keys.yml b/ansible/roles/infra_rampup_stack_nodes/tasks/update_keys.yml new file mode 100644 index 000000000..816f7cbca --- /dev/null +++ b/ansible/roles/infra_rampup_stack_nodes/tasks/update_keys.yml @@ -0,0 +1,48 @@ +# Copyright (c) 2018 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Generate keys + user: + name: "{{ hostvars[ansible_host].ansible_user }}" + generate_ssh_key: yes + state: present + ssh_key_file: "/root/.ssh/id_rsa" + +- name: Get remote files + fetch: + src: "/root/.ssh/id_rsa.pub" + dest: "/tmp" + +- name: Update authorized_key + authorized_key: + key: "{{ lookup('file', '/tmp/{{ hostvars[item].ansible_host }}/root/.ssh/id_rsa.pub') }}" + state: present + user: "{{ hostvars[item].ansible_user }}" + with_items: + - "{{ groups['ostack'] }}" + - "{{ groups['yardstickG'] }}" + +- name: Make sure the known hosts file exists + file: + path: "{{ ssh_known_hosts_file }}" + state: touch + +- name: Add key to known hosts + known_hosts: + name: "{{ hostvars[item].ansible_host }}" + key: "{{ lookup('pipe', 'ssh-keyscan -t rsa {{ hostvars[item].ansible_host }}') }}" + path: "{{ ssh_known_hosts_file }}" + with_items: + - "{{ groups['ostack'] }}" + - "{{ groups['yardstickG'] }}" diff --git a/ansible/roles/infra_rampup_stack_nodes/vars/main.yml b/ansible/roles/infra_rampup_stack_nodes/vars/main.yml new file mode 100644 index 000000000..252eb86b3 --- /dev/null +++ b/ansible/roles/infra_rampup_stack_nodes/vars/main.yml @@ -0,0 +1,16 @@ +# Copyright (c) 2018 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +ssh_known_hosts_file: "/root/.ssh/known_hosts" +deploy_host: "{{ hostvars[groups['deploy'][0]].ansible_host }}" |