Fixes deployment on CentOS 7.6
[apex.git] / lib / ansible / playbooks / configure_undercloud.yml
1 ---
2 - hosts: all
3   tasks:
4     - name: Generate SSH key for stack if missing
5       shell: test -e ~/.ssh/id_rsa || ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
6     - name: Fix ssh key for stack
7       shell: restorecon -r /home/stack
8       become: yes
9     - file:
10         path: /home/stack/nics
11         state: directory
12         owner: stack
13         group: stack
14         mode: 0775
15     - copy:
16         src: /root/.ssh/id_rsa.pub
17         dest: /home/stack/jumphost_id_rsa.pub
18         owner: stack
19         group: stack
20         mode: 0644
21     - copy:
22         src: "{{ apex_temp_dir }}/{{ item }}.yaml"
23         dest: "/home/stack/nics/{{ item }}.yaml"
24         owner: stack
25         group: stack
26         mode: 0644
27       with_items:
28         - controller
29         - compute
30     - name: Copy container prep env file to undercloud
31       copy:
32         src: "{{ apex_temp_dir }}/containers-prepare-parameter.yaml"
33         dest: "/home/stack/containers-prepare-parameter.yaml"
34         owner: stack
35         group: stack
36         mode: 0644
37     - lineinfile:
38         path: /etc/sudoers
39         regexp: 'Defaults\s*requiretty'
40         state: absent
41       become: yes
42     - lineinfile:
43         path: /etc/environment
44         regexp: '^http_proxy'
45         line: "http_proxy={{ http_proxy }}"
46       become: yes
47       when: http_proxy
48     - lineinfile:
49         path: /etc/environment
50         regexp: '^https_proxy'
51         line: "https_proxy={{ https_proxy }}"
52       become: yes
53       when: https_proxy
54     - name: openstack-configs undercloud
55       shell: openstack-config --set undercloud.conf DEFAULT {{ item }}
56       with_items: "{{ undercloud_config }}"
57     - name: openstack-configs undercloud network
58       shell: openstack-config --set undercloud.conf ctlplane-subnet {{ item }}
59       with_items: "{{ undercloud_network_config }}"
60     - block:
61         - name: undercloud install
62           shell: openstack undercloud install &> apex-undercloud-install.log
63           become: yes
64           become_user: stack
65       rescue:
66         - name: undercloud install retry
67           shell: openstack undercloud install >> apex-undercloud-install.log 2>&1
68           become: yes
69           become_user: stack
70       always:
71         - name: fetch undercloud log
72           fetch:
73             src: /home/stack/apex-undercloud-install.log
74             dest: "{{ apex_temp_dir }}/"
75             flat: yes
76     - name: Install ceph-ansible
77       yum:
78         name: ceph-ansible
79       become: yes
80     - name: openstack-configs nova
81       shell: openstack-config --set /var/lib/config-data/nova/etc/nova/nova.conf DEFAULT {{ item }}
82       become: yes
83       with_items: "{{ nova_config }}"
84     - name: restart nova services
85       shell: "{{ container_client }} restart {{ item }}"
86       with_items:
87         - nova_conductor
88         - nova_compute
89         - nova_api
90         - nova_scheduler
91       become: yes
92     - name: openstack-configs neutron
93       shell: openstack-config --set /var/lib/config-data/neutron/etc/neutron/neutron.conf DEFAULT {{ item }}
94       become: yes
95       with_items: "{{ neutron_config }}"
96     - name: restart neutron services
97       shell: "{{ container_client }} restart {{ item }}"
98       with_items:
99         - neutron_api
100         - neutron_dhcp
101       become: yes
102     - name: openstack-configs ironic
103       shell: openstack-config --set /var/lib/config-data/ironic/etc/ironic/ironic.conf {{ item }}
104       become: yes
105       with_items: "{{ ironic_config }}"
106     - name: restart ironic services
107       shell: "{{ container_client }} restart {{ item }}"
108       with_items:
109         - ironic_api
110         - ironic_conductor
111         - ironic_inspector
112       become: yes
113     - name: configure external network vlan ifcfg
114       template:
115         src: external_vlan_ifcfg.yml.j2
116         dest: "/etc/sysconfig/network-scripts/ifcfg-vlan{{ external_network.vlan }}"
117         owner: root
118         group: root
119         mode: 0644
120       become: yes
121       when:
122         - external_network.vlan != "native"
123         - external_network.enabled
124     - name: bring up vlan ifcfg
125       shell: "ifup vlan{{ external_network.vlan }}"
126       become: yes
127       when:
128         - external_network.vlan != "native"
129         - external_network.enabled
130     - name: assign IP to native eth2
131       shell: ip a a {{ external_network.ip }}/{{ external_network.prefix }} dev eth2
132       become: yes
133       when:
134         - external_network.vlan == "native"
135         - external_network.enabled
136     - name: bring up eth2
137       shell: ip link set up dev eth2
138       when:
139         - external_network.vlan == "native"
140         - external_network.enabled
141       become: yes
142     - name: bring up eth0 if aarch64
143       shell: ip link set up dev eth0
144       when:
145         - external_network.vlan == "native"
146         - external_network.enabled
147         - aarch64
148       become: yes
149     - block:
150         - name: Undercloud NAT - MASQUERADE interface
151           iptables:
152             table: nat
153             chain: POSTROUTING
154             out_interface: eth0
155             jump: MASQUERADE
156         - name: Undercloud NAT - MASQUERADE interface with subnet
157           iptables:
158             table: nat
159             chain: POSTROUTING
160             out_interface: eth0
161             jump: MASQUERADE
162             source: "{{ nat_cidr }}"
163         - name: Undercloud NAT - Allow Forwarding
164           iptables:
165             chain: FORWARD
166             in_interface: eth2
167             jump: ACCEPT
168         - name: Undercloud NAT - Allow Stateful Forwarding
169           iptables:
170             chain: FORWARD
171             in_interface: eth2
172             jump: ACCEPT
173             source: "{{ nat_cidr }}"
174             ctstate: ESTABLISHED,RELATED
175       become: yes
176       when:
177         - not nat_network_ipv6
178         - nat
179     - name: Allow SSH in iptables
180       iptables:
181         action: insert
182         chain: INPUT
183         rule_num: 1
184         protocol: tcp
185         destination_port: 22
186         jump: ACCEPT
187       become: yes
188     - name: Undercloud NAT - Save iptables
189       shell: service iptables save
190       become: yes
191     - name: fetch storage environment file
192       fetch:
193         src: /usr/share/openstack-tripleo-heat-templates/environments/storage-environment.yaml
194         dest: "{{ apex_temp_dir }}/"
195         flat: yes
196     - name: fetch sriov environment file
197       fetch:
198         src: /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-opendaylight-sriov.yaml
199         dest: "{{ apex_temp_dir }}/"
200         flat: yes
201     - name: Restorecon for root ssh
202       shell: restorecon -r -v /root/.ssh
203       become: yes
204
205 - include: undercloud_aarch64.yml
206   when: aarch64