lib/ansible/playbooks/configure_undercloud.yml

   1 ---
   2 - hosts: all
   3   tasks:
   4     - name: Generate SSH key for stack if missing
   5       shell: test -e ~/.ssh/id_rsa || ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
   6     - name: Fix ssh key for stack
   7       shell: restorecon -r /home/stack
   8       become: yes
   9     - file:
  10         path: /home/stack/nics
  11         state: directory
  12         owner: stack
  13         group: stack
  14         mode: 0775
  15     - copy:
  16         src: /root/.ssh/id_rsa.pub
  17         dest: /home/stack/jumphost_id_rsa.pub
  18         owner: stack
  19         group: stack
  20         mode: 0644
  21     - copy:
  22         src: "{{ apex_temp_dir }}/{{ item }}.yaml"
  23         dest: "/home/stack/nics/{{ item }}.yaml"
  24         owner: stack
  25         group: stack
  26         mode: 0644
  27       with_items:
  28         - controller
  29         - compute
  30     - lineinfile:
  31         path: /etc/sudoers
  32         regexp: 'Defaults\s*requiretty'
  33         state: absent
  34       become: yes
  35     - lineinfile:
  36         path: /etc/environment
  37         regexp: '^http_proxy'
  38         line: "http_proxy={{ http_proxy }}"
  39       become: yes
  40       when: http_proxy
  41     - lineinfile:
  42         path: /etc/environment
  43         regexp: '^https_proxy'
  44         line: "https_proxy={{ https_proxy }}"
  45       become: yes
  46       when: https_proxy
  47     - name: openstack-configs undercloud
  48       shell: openstack-config --set undercloud.conf DEFAULT {{ item }}
  49       with_items: "{{ undercloud_config }}"
  50     - name: Add ironic packages
  51       yum:
  52         name: openstack-ironic-api,openstack-ironic-common,
  53               openstack-ironic-inspector
  54       become: yes
  55     - name: openstack-configs ironic
  56       shell: openstack-config --set /etc/ironic/ironic.conf {{ item }}
  57       become: yes
  58       with_items: "{{ ironic_config }}"
  59     - lineinfile:
  60         path: /usr/lib/python2.7/site-packages/ironic/common/pxe_utils.py
  61         regexp: '_link_ip_address_pxe_configs'
  62         line: '        _link_mac_pxe_configs(task)'
  63       when: aarch64
  64     - block:
  65         - name: undercloud install
  66           shell: openstack undercloud install --use-heat False &> apex-undercloud-install.log
  67           become: yes
  68           become_user: stack
  69       rescue:
  70         - name: undercloud install retry
  71           shell: openstack undercloud install >> apex-undercloud-install.log 2>&1
  72           become: yes
  73           become_user: stack
  74       always:
  75         - name: fetch undercloud log
  76           fetch:
  77             src: /home/stack/apex-undercloud-install.log
  78             dest: "{{ apex_temp_dir }}/"
  79             flat: yes
  80     - name: openstack-configs nova
  81       shell: openstack-config --set /etc/nova/nova.conf DEFAULT {{ item }}
  82       become: yes
  83       with_items: "{{ nova_config }}"
  84     - name: change nova filters
  85       shell: openstack-config --set /etc/nova/nova.conf filter_scheduler {{ item }}
  86       become: yes
  87       with_items: "enabled_filters RetryFilter,TripleOCapabilitiesFilter,ComputeCapabilitiesFilter,AvailabilityZoneFilter,ComputeFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter"
  88     - name: restart nova services
  89       service:
  90         name: "{{ item }}"
  91         state: restarted
  92         enabled: yes
  93       with_items:
  94         - openstack-nova-conductor
  95         - openstack-nova-compute
  96         - openstack-nova-api
  97         - openstack-nova-scheduler
  98     - name: openstack-configs neutron
  99       shell: openstack-config --set /etc/neutron/neutron.conf DEFAULT {{ item }}
 100       become: yes
 101       with_items: "{{ neutron_config }}"
 102     - name: restart neutron services
 103       service:
 104         name: "{{ item }}"
 105         state: restarted
 106         enabled: yes
 107       with_items:
 108         - neutron-server
 109         - neutron-dhcp-agent
 110     - name: Configure workaround for mariadb long blob (LP#1768913)
 111       shell: openstack-config --set /etc/my.cnf.d/galera.cnf mysqld innodb_log_file_size 256M
 112       become: yes
 113     - name: restart mariadb service
 114       service:
 115         name: mariadb
 116         state: restarted
 117         enabled: yes
 118       become: yes
 119     - name: configure external network vlan ifcfg
 120       template:
 121         src: external_vlan_ifcfg.yml.j2
 122         dest: "/etc/sysconfig/network-scripts/ifcfg-vlan{{ external_network.vlan }}"
 123         owner: root
 124         group: root
 125         mode: 0644
 126       become: yes
 127       when:
 128         - external_network.vlan != "native"
 129         - external_network.enabled
 130     - name: bring up vlan ifcfg
 131       shell: "ifup vlan{{ external_network.vlan }}"
 132       become: yes
 133       when:
 134         - external_network.vlan != "native"
 135         - external_network.enabled
 136     - name: assign IP to native eth2
 137       shell: ip a a {{ external_network.ip }}/{{ external_network.prefix }} dev eth2
 138       become: yes
 139       when:
 140         - external_network.vlan == "native"
 141         - external_network.enabled
 142         - not aarch64
 143     - name: bring up eth2
 144       shell: ip link set up dev eth2
 145       when:
 146         - external_network.vlan == "native"
 147         - external_network.enabled
 148         - not aarch64
 149       become: yes
 150     - name: assign IP to native eth0 if aarch64
 151       shell: ip a a {{ external_network.ip }}/{{ external_network.prefix }} dev eth0
 152       become: yes
 153       when:
 154         - external_network.vlan == "native"
 155         - external_network.enabled
 156         - aarch64
 157     - name: bring up eth0 if aarch64
 158       shell: ip link set up dev eth0
 159       when:
 160         - external_network.vlan == "native"
 161         - external_network.enabled
 162         - aarch64
 163       become: yes
 164     - block:
 165         - name: Undercloud NAT - MASQUERADE interface
 166           iptables:
 167             table: nat
 168             chain: POSTROUTING
 169             out_interface: eth0
 170             jump: MASQUERADE
 171         - name: Undercloud NAT - MASQUERADE interface with subnet
 172           iptables:
 173             table: nat
 174             chain: POSTROUTING
 175             out_interface: eth0
 176             jump: MASQUERADE
 177             source: "{{ nat_cidr }}"
 178         - name: Undercloud NAT - Allow Forwarding
 179           iptables:
 180             chain: FORWARD
 181             in_interface: eth2
 182             jump: ACCEPT
 183         - name: Undercloud NAT - Allow Stateful Forwarding
 184           iptables:
 185             chain: FORWARD
 186             in_interface: eth2
 187             jump: ACCEPT
 188             source: "{{ nat_cidr }}"
 189             ctstate: ESTABLISHED,RELATED
 190         - name: Undercloud NAT - Save iptables
 191           shell: service iptables save
 192       become: yes
 193       when:
 194         - not nat_network_ipv6
 195         - nat
 196     - name: fetch storage environment file
 197       fetch:
 198         src: /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml
 199         dest: "{{ apex_temp_dir }}/"
 200         flat: yes
 201     - name: fetch sriov environment file
 202       fetch:
 203         src: /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-opendaylight-sriov.yaml
 204         dest: "{{ apex_temp_dir }}/"
 205         flat: yes
 206
 207 - include: undercloud_aarch64.yml
 208   when: aarch64