Enables containerized overcloud deployments
[apex.git] / lib / ansible / playbooks / configure_undercloud.yml
1 ---
2 - hosts: all
3   tasks:
4     - name: Generate SSH key for stack if missing
5       shell: test -e ~/.ssh/id_rsa || ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
6     - name: Fix ssh key for stack
7       shell: restorecon -r /home/stack
8       become: yes
9     - file:
10         path: /home/stack/nics
11         state: directory
12         owner: stack
13         group: stack
14         mode: 0775
15     - copy:
16         src: /root/.ssh/id_rsa.pub
17         dest: /home/stack/jumphost_id_rsa.pub
18         owner: stack
19         group: stack
20         mode: 0644
21     - copy:
22         src: "{{ apex_temp_dir }}/{{ item }}.yaml"
23         dest: "/home/stack/nics/{{ item }}.yaml"
24         owner: stack
25         group: stack
26         mode: 0644
27       with_items:
28         - controller
29         - compute
30     - lineinfile:
31         path: /etc/sudoers
32         regexp: 'Defaults\s*requiretty'
33         state: absent
34       become: yes
35     - lineinfile:
36         path: /etc/environment
37         regexp: '^http_proxy'
38         line: "http_proxy={{ http_proxy }}"
39       become: yes
40       when: http_proxy
41     - lineinfile:
42         path: /etc/environment
43         regexp: '^https_proxy'
44         line: "https_proxy={{ https_proxy }}"
45       become: yes
46       when: https_proxy
47     - name: openstack-configs undercloud
48       shell: openstack-config --set undercloud.conf DEFAULT {{ item }}
49       with_items: "{{ undercloud_config }}"
50     - name: openstack-configs ironic
51       shell: openstack-config --set /etc/ironic/ironic.conf {{ item }}
52       become: yes
53       with_items: "{{ ironic_config }}"
54     - lineinfile:
55         path: /usr/lib/python2.7/site-packages/ironic/common/pxe_utils.py
56         regexp: '_link_ip_address_pxe_configs'
57         line: '        _link_mac_pxe_configs(task)'
58       when: aarch64
59     - block:
60         - name: undercloud install
61           shell: openstack undercloud install &> apex-undercloud-install.log
62           become: yes
63           become_user: stack
64       rescue:
65         - name: undercloud install retry
66           shell: openstack undercloud install >> apex-undercloud-install.log 2>&1
67           become: yes
68           become_user: stack
69       always:
70         - name: fetch undercloud log
71           fetch:
72             src: /home/stack/apex-undercloud-install.log
73             dest: "{{ apex_temp_dir }}/"
74             flat: yes
75     - name: openstack-configs nova
76       shell: openstack-config --set /etc/nova/nova.conf DEFAULT {{ item }}
77       become: yes
78       with_items: "{{ nova_config }}"
79     - name: restart nova services
80       service:
81         name: "{{ item }}"
82         state: restarted
83         enabled: yes
84       with_items:
85         - openstack-nova-conductor
86         - openstack-nova-compute
87         - openstack-nova-api
88         - openstack-nova-scheduler
89     - name: openstack-configs neutron
90       shell: openstack-config --set /etc/neutron/neutron.conf DEFAULT {{ item }}
91       become: yes
92       with_items: "{{ neutron_config }}"
93     - name: restart neutron services
94       service:
95         name: "{{ item }}"
96         state: restarted
97         enabled: yes
98       with_items:
99         - neutron-server
100         - neutron-dhcp-agent
101     - name: configure external network vlan ifcfg
102       template:
103         src: external_vlan_ifcfg.yml.j2
104         dest: "/etc/sysconfig/network-scripts/ifcfg-vlan{{ external_network.vlan }}"
105         owner: root
106         group: root
107         mode: 0644
108       become: yes
109       when:
110         - external_network.vlan != "native"
111         - external_network.enabled
112     - name: bring up vlan ifcfg
113       shell: "ifup vlan{{ external_network.vlan }}"
114       become: yes
115       when:
116         - external_network.vlan != "native"
117         - external_network.enabled
118     - name: assign IP to native eth2
119       shell: ip a a {{ external_network.ip }}/{{ external_network.prefix }} dev eth2
120       become: yes
121       when:
122         - external_network.vlan == "native"
123         - external_network.enabled
124         - not aarch64
125     - name: bring up eth2
126       shell: ip link set up dev eth2
127       when:
128         - external_network.vlan == "native"
129         - external_network.enabled
130         - not aarch64
131       become: yes
132     - name: assign IP to native eth0 if aarch64
133       shell: ip a a {{ external_network.ip }}/{{ external_network.prefix }} dev eth0
134       become: yes
135       when:
136         - external_network.vlan == "native"
137         - external_network.enabled
138         - aarch64
139     - name: bring up eth0 if aarch64
140       shell: ip link set up dev eth0
141       when:
142         - external_network.vlan == "native"
143         - external_network.enabled
144         - aarch64
145       become: yes
146     - block:
147         - name: Undercloud NAT - MASQUERADE interface
148           iptables:
149             table: nat
150             chain: POSTROUTING
151             out_interface: eth0
152             jump: MASQUERADE
153         - name: Undercloud NAT - MASQUERADE interface with subnet
154           iptables:
155             table: nat
156             chain: POSTROUTING
157             out_interface: eth0
158             jump: MASQUERADE
159             source: "{{ nat_cidr }}"
160         - name: Undercloud NAT - Allow Forwarding
161           iptables:
162             chain: FORWARD
163             in_interface: eth2
164             jump: ACCEPT
165         - name: Undercloud NAT - Allow Stateful Forwarding
166           iptables:
167             chain: FORWARD
168             in_interface: eth2
169             jump: ACCEPT
170             source: "{{ nat_cidr }}"
171             ctstate: ESTABLISHED,RELATED
172         - name: Undercloud NAT - Save iptables
173           shell: service iptables save
174       become: yes
175       when:
176         - not nat_network_ipv6
177         - virtual_overcloud
178     - name: fetch storage environment file
179       fetch:
180         src: /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml
181         dest: "{{ apex_temp_dir }}/"
182         flat: yes
183     - name: fetch sriov environment file
184       fetch:
185         src: /usr/share/openstack-tripleo-heat-templates/environments/neutron-opendaylight-sriov.yaml
186         dest: "{{ apex_temp_dir }}/"
187         flat: yes
188
189 - include: undercloud_aarch64.yml
190   when: aarch64