lib/ansible/playbooks/configure_undercloud.yml

   1 ---
   2 - hosts: all
   3   tasks:
   4     - name: Generate SSH key for stack if missing
   5       shell: test -e ~/.ssh/id_rsa || ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
   6     - name: Fix ssh key for stack
   7       shell: restorecon -r /home/stack
   8       become: yes
   9     - file:
  10         path: /home/stack/nics
  11         state: directory
  12         owner: stack
  13         group: stack
  14         mode: 0775
  15     - copy:
  16         src: /root/.ssh/id_rsa.pub
  17         dest: /home/stack/jumphost_id_rsa.pub
  18         owner: stack
  19         group: stack
  20         mode: 0644
  21     - copy:
  22         src: "{{ apex_temp_dir }}/{{ item }}.yaml"
  23         dest: "/home/stack/nics/{{ item }}.yaml"
  24         owner: stack
  25         group: stack
  26         mode: 0644
  27       with_items:
  28         - controller
  29         - compute
  30     - lineinfile:
  31         path: /etc/sudoers
  32         regexp: 'Defaults\s*requiretty'
  33         state: absent
  34       become: yes
  35     - lineinfile:
  36         path: /etc/environment
  37         regexp: '^http_proxy'
  38         line: "http_proxy={{ http_proxy }}"
  39       become: yes
  40       when: http_proxy
  41     - lineinfile:
  42         path: /etc/environment
  43         regexp: '^https_proxy'
  44         line: "https_proxy={{ https_proxy }}"
  45       become: yes
  46       when: https_proxy
  47     - name: openstack-configs undercloud
  48       shell: openstack-config --set undercloud.conf DEFAULT {{ item }}
  49       with_items: "{{ undercloud_config }}"
  50     - name: openstack-configs undercloud network
  51       shell: openstack-config --set undercloud.conf ctlplane-subnet {{ item }}
  52       with_items: "{{ undercloud_network_config }}"
  53     - block:
  54         - name: undercloud install
  55           shell: openstack undercloud install &> apex-undercloud-install.log
  56           become: yes
  57           become_user: stack
  58       rescue:
  59         - name: undercloud install retry
  60           shell: openstack undercloud install >> apex-undercloud-install.log 2>&1
  61           become: yes
  62           become_user: stack
  63       always:
  64         - name: fetch undercloud log
  65           fetch:
  66             src: /home/stack/apex-undercloud-install.log
  67             dest: "{{ apex_temp_dir }}/"
  68             flat: yes
  69     - name: openstack-configs nova
  70       shell: openstack-config --set /var/lib/config-data/nova/etc/nova/nova.conf DEFAULT {{ item }}
  71       become: yes
  72       with_items: "{{ nova_config }}"
  73     - name: restart nova services
  74       shell: "docker restart {{ item }}"
  75       with_items:
  76         - nova_conductor
  77         - nova_compute
  78         - nova_api
  79         - nova_scheduler
  80       become: yes
  81     - name: openstack-configs neutron
  82       shell: openstack-config --set /var/lib/config-data/neutron/etc/neutron/neutron.conf DEFAULT {{ item }}
  83       become: yes
  84       with_items: "{{ neutron_config }}"
  85     - name: restart neutron services
  86       shell: "docker restart {{ item }}"
  87       with_items:
  88         - neutron_api
  89         - neutron_dhcp
  90       become: yes
  91     - name: openstack-configs ironic
  92       shell: openstack-config --set /var/lib/config-data/ironic/etc/ironic/ironic.conf {{ item }}
  93       become: yes
  94       with_items: "{{ ironic_config }}"
  95     - name: restart ironic services
  96       shell: "docker restart {{ item }}"
  97       with_items:
  98         - ironic_api
  99         - ironic_conductor
 100         - ironic_inspector
 101       become: yes
 102     # will need to modify the below to patch the container
 103     - lineinfile:
 104         path: /usr/lib/python2.7/site-packages/ironic/common/pxe_utils.py
 105         regexp: '_link_ip_address_pxe_configs'
 106         line: '        _link_mac_pxe_configs(task)'
 107       when: aarch64
 108     - name: configure external network vlan ifcfg
 109       template:
 110         src: external_vlan_ifcfg.yml.j2
 111         dest: "/etc/sysconfig/network-scripts/ifcfg-vlan{{ external_network.vlan }}"
 112         owner: root
 113         group: root
 114         mode: 0644
 115       become: yes
 116       when:
 117         - external_network.vlan != "native"
 118         - external_network.enabled
 119     - name: bring up vlan ifcfg
 120       shell: "ifup vlan{{ external_network.vlan }}"
 121       become: yes
 122       when:
 123         - external_network.vlan != "native"
 124         - external_network.enabled
 125     - name: assign IP to native eth2
 126       shell: ip a a {{ external_network.ip }}/{{ external_network.prefix }} dev eth2
 127       become: yes
 128       when:
 129         - external_network.vlan == "native"
 130         - external_network.enabled
 131         - not aarch64
 132     - name: bring up eth2
 133       shell: ip link set up dev eth2
 134       when:
 135         - external_network.vlan == "native"
 136         - external_network.enabled
 137         - not aarch64
 138       become: yes
 139     - name: assign IP to native eth0 if aarch64
 140       shell: ip a a {{ external_network.ip }}/{{ external_network.prefix }} dev eth0
 141       become: yes
 142       when:
 143         - external_network.vlan == "native"
 144         - external_network.enabled
 145         - aarch64
 146     - name: bring up eth0 if aarch64
 147       shell: ip link set up dev eth0
 148       when:
 149         - external_network.vlan == "native"
 150         - external_network.enabled
 151         - aarch64
 152       become: yes
 153     - block:
 154         - name: Undercloud NAT - MASQUERADE interface
 155           iptables:
 156             table: nat
 157             chain: POSTROUTING
 158             out_interface: eth0
 159             jump: MASQUERADE
 160         - name: Undercloud NAT - MASQUERADE interface with subnet
 161           iptables:
 162             table: nat
 163             chain: POSTROUTING
 164             out_interface: eth0
 165             jump: MASQUERADE
 166             source: "{{ nat_cidr }}"
 167         - name: Undercloud NAT - Allow Forwarding
 168           iptables:
 169             chain: FORWARD
 170             in_interface: eth2
 171             jump: ACCEPT
 172         - name: Undercloud NAT - Allow Stateful Forwarding
 173           iptables:
 174             chain: FORWARD
 175             in_interface: eth2
 176             jump: ACCEPT
 177             source: "{{ nat_cidr }}"
 178             ctstate: ESTABLISHED,RELATED
 179         - name: Undercloud NAT - Save iptables
 180           shell: service iptables save
 181       become: yes
 182       when:
 183         - not nat_network_ipv6
 184         - nat
 185     - name: fetch storage environment file
 186       fetch:
 187         src: /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml
 188         dest: "{{ apex_temp_dir }}/"
 189         flat: yes
 190     - name: fetch sriov environment file
 191       fetch:
 192         src: /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-opendaylight-sriov.yaml
 193         dest: "{{ apex_temp_dir }}/"
 194         flat: yes
 195     - name: Restorecon for root ssh
 196       shell: restorecon -r -v /root/.ssh
 197       become: yes
 198
 199 - include: undercloud_aarch64.yml
 200   when: aarch64