326 lines
8.8 KiB
YAML
326 lines
8.8 KiB
YAML
# Copyright (c) 2017 Mirantis Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Setup libvirt - ensure network and storage pool are defined and active,
|
|
# prepare dir for vm logs
|
|
---
|
|
- name: fail if secure boot is requested without UEFI
|
|
fail:
|
|
msg: Secure boot support requires default_boot_mode set to "uefi"
|
|
when:
|
|
- default_boot_mode != 'uefi'
|
|
- test_vm_secure_boot | bool
|
|
|
|
- name: install gunicorn and lxml
|
|
include_role:
|
|
name: bifrost-pip-install
|
|
vars:
|
|
package: "{{ item }}"
|
|
loop:
|
|
- gunicorn
|
|
- lxml
|
|
|
|
- name: install libvirt-python if needed
|
|
include_role:
|
|
name: bifrost-pip-install
|
|
vars:
|
|
package: libvirt-python
|
|
when: ansible_os_family != 'RedHat'
|
|
|
|
- name: configure libvirt log filters for qemu
|
|
blockinfile:
|
|
path: /etc/libvirt/libvirtd.conf
|
|
block: |
|
|
log_filters="1:qemu 1:libvirt 4:object 4:json 4:event 1:util"
|
|
log_outputs="1:file:/var/log/libvirt/libvirtd.log"
|
|
|
|
- name: "Restart libvirt service"
|
|
service: name="{{ libvirt_service_name }}" state=restarted
|
|
|
|
# NOTE(Shrews) We need to enable ip forwarding for the libvirt bridge to
|
|
# operate properly with dnsmasq. This should be done before starting dnsmasq.
|
|
- name: "Enable IP forwarding in sysctl"
|
|
sysctl:
|
|
name: "net.ipv4.ip_forward"
|
|
value: 1
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
|
|
# NOTE(Shrews) Ubuntu packaging+apparmor issue prevents libvirt from loading
|
|
# the ROM from /usr/share/misc.
|
|
- name: "Look for sgabios in {{ sgabios_dir }}"
|
|
stat: path={{ sgabios_dir }}/sgabios.bin
|
|
register: test_sgabios_qemu
|
|
|
|
- name: "Look for sgabios in /usr/share/misc"
|
|
stat: path=/usr/share/misc/sgabios.bin
|
|
register: test_sgabios_misc
|
|
|
|
- name: "Place sgabios.bin"
|
|
command: cp /usr/share/misc/sgabios.bin /usr/share/qemu/sgabios.bin
|
|
when:
|
|
- not test_sgabios_qemu.stat.exists
|
|
- test_sgabios_misc.stat.exists
|
|
|
|
# NOTE(TheJulia): In order to prevent conflicts, stop
|
|
# dnsmasq to prevent conflicts with libvirt restarting.
|
|
# TODO(TheJulia): We shouldn't need to do this, but the
|
|
# libvirt dhcp instance conflicts withour specific config
|
|
# and taking this path allows us to not refactor dhcp at
|
|
# this moment. Our DHCP serving should be refactored
|
|
# so we don't need to do this.
|
|
- name: "Stop default dnsmasq service"
|
|
service:
|
|
name: dnsmasq
|
|
state: stopped
|
|
ignore_errors: true
|
|
|
|
# NOTE(TheJulia): Seems if you test in a VM, this might
|
|
# be helpful if your installed your host originally
|
|
# with the default 192.168.122/0/24 network
|
|
- name: destroy libvirt network
|
|
virt_net:
|
|
name: "{{ test_vm_network }}"
|
|
state: absent
|
|
uri: "{{ test_vm_libvirt_uri }}"
|
|
|
|
- name: ensure libvirt network is present
|
|
virt_net:
|
|
name: "{{ test_vm_network }}"
|
|
state: present
|
|
xml: "{{ lookup('template', 'net.xml.j2') }}"
|
|
uri: "{{ test_vm_libvirt_uri }}"
|
|
|
|
- name: find facts on libvirt networks
|
|
virt_net:
|
|
name: "{{ test_vm_network }}"
|
|
command: facts
|
|
uri: "{{ test_vm_libvirt_uri }}"
|
|
|
|
# NOTE(pas-ha) yet another place where non-local libvirt will not work
|
|
- name: "Delete network interface if virtual network is not active"
|
|
command: ip link del {{ ansible_libvirt_networks[test_vm_network].bridge }}
|
|
when:
|
|
- ansible_libvirt_networks[test_vm_network].state != 'active'
|
|
- test_vm_libvirt_uri == 'qemu:///system'
|
|
ignore_errors: yes
|
|
|
|
- name: set libvirt network to autostart
|
|
virt_net:
|
|
name: "{{ test_vm_network }}"
|
|
autostart: yes
|
|
uri: "{{ test_vm_libvirt_uri }}"
|
|
|
|
- name: ensure libvirt network is running
|
|
virt_net:
|
|
name: "{{ test_vm_network }}"
|
|
state: active
|
|
uri: "{{ test_vm_libvirt_uri }}"
|
|
|
|
- name: get libvirt network status
|
|
virt_net:
|
|
name: "{{ test_vm_network }}"
|
|
command: status
|
|
uri: "{{ test_vm_libvirt_uri }}"
|
|
register: test_vm_net_status
|
|
|
|
- name: fail if libvirt network is not active
|
|
assert:
|
|
that: test_vm_net_status.status == 'active'
|
|
|
|
- name: define a libvirt pool if not set
|
|
virt_pool:
|
|
name: "{{ test_vm_storage_pool }}"
|
|
state: present
|
|
uri: "{{ test_vm_libvirt_uri }}"
|
|
xml: "{{ lookup('template', 'pool_dir.xml.j2') }}"
|
|
|
|
- name: ensure libvirt pool is running
|
|
virt_pool:
|
|
name: "{{ test_vm_storage_pool }}"
|
|
state: active
|
|
autostart: yes
|
|
uri: "{{ test_vm_libvirt_uri }}"
|
|
|
|
- name: create dir for bm logs
|
|
file:
|
|
state: directory
|
|
path: "{{ test_vm_logdir }}"
|
|
recurse: yes
|
|
mode: "0755"
|
|
|
|
- name: ensure parent dir for bm logs has proper rights
|
|
file:
|
|
state: directory
|
|
path: "{{ test_vm_logdir | dirname }}"
|
|
mode: "0755"
|
|
|
|
# NOTE(dtantsur): pypi version can easily get out of sync, we need to use
|
|
# the version from the distribution.
|
|
- name: edit libvirt-python out of upper constraints
|
|
lineinfile:
|
|
path: "{{ upper_constraints_file }}"
|
|
regexp: "^libvirt\\-python"
|
|
state: absent
|
|
when: ansible_os_family == 'RedHat'
|
|
|
|
- name: install virtualbmc dependencies
|
|
package:
|
|
name: libzmq5
|
|
state: present
|
|
when:
|
|
- ansible_facts['distribution'] == "Ubuntu"
|
|
- ansible_facts['distribution_major_version']|int >= 22
|
|
|
|
- name: install virtualbmc
|
|
include_role:
|
|
name: bifrost-pip-install
|
|
vars:
|
|
package: virtualbmc
|
|
|
|
- name: ensure Virtual BMC systemd service is configured
|
|
template:
|
|
src: vbmcd.service.j2
|
|
dest: /etc/systemd/system/vbmcd.service
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
become: true
|
|
register: vbmcd_service_file
|
|
|
|
- name: create Virtual BMC configuration directory
|
|
file:
|
|
path: /etc/virtualbmc
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
become: true
|
|
|
|
- name: write Virtual BMC configuration file
|
|
template:
|
|
src: virtualbmc.conf
|
|
dest: /etc/virtualbmc/virtualbmc.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
become: true
|
|
|
|
- name: ensure Virtual BMC systemd service is started and enabled
|
|
systemd:
|
|
name: vbmcd
|
|
enabled: yes
|
|
state: started
|
|
daemon_reload: "{{ vbmcd_service_file.changed }}"
|
|
become: true
|
|
|
|
- name: install sushy-tools
|
|
include_role:
|
|
name: bifrost-pip-install
|
|
vars:
|
|
package: sushy-tools>=0.18.2
|
|
|
|
- name: create Redfish Emulator state directory
|
|
file:
|
|
name: "{{ redfish_emulator_state_dir }}"
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
become: true
|
|
|
|
- name: ensure Redfish Emulator systemd service is configured
|
|
template:
|
|
src: redfish-emulator.service.j2
|
|
dest: /etc/systemd/system/redfish-emulator.service
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
become: true
|
|
register: redfish_emulator_service_file
|
|
|
|
- name: reload systemd units if needed
|
|
systemd:
|
|
daemon_reload: "{{ redfish_emulator_service_file.changed }}"
|
|
|
|
- name: find OVMF firmware
|
|
set_fact:
|
|
efi_loader_path: "{{ item }}"
|
|
with_first_found: "{{ efi_loader_locations }}"
|
|
ignore_errors: true
|
|
when: efi_loader_path is undefined
|
|
|
|
- name: fail if UEFI is requested and no OVMF firmware is found
|
|
fail:
|
|
msg: >
|
|
UEFI is requested but no OVMF firmware can be found. Please set
|
|
efi_loader_path explicitly. Note that firmware with secure boot enabled
|
|
may not work yet.
|
|
when:
|
|
- efi_loader_path is undefined
|
|
- default_boot_mode == 'uefi'
|
|
|
|
- name: find OVMF NVRAM
|
|
set_fact:
|
|
efi_nvram_path: "{{ item }}"
|
|
with_first_found: "{{ efi_nvram_locations }}"
|
|
when: default_boot_mode == 'uefi'
|
|
|
|
- name: write Redfish Emulator password file
|
|
htpasswd:
|
|
path: /etc/redfish-emulator.htpasswd
|
|
crypt_scheme: bcrypt
|
|
name: "admin"
|
|
password: "password"
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
|
|
- name: write Redfish Emulator configuration file
|
|
template:
|
|
src: redfish-emulator.conf.j2
|
|
dest: /etc/redfish-emulator.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
become: true
|
|
register: redfish_emulator_config_file
|
|
|
|
# NOTE(dtantsur): the migration can be removed after Xena
|
|
|
|
- name: check for the old state directory
|
|
stat:
|
|
path: /tmp/sushy-emulator
|
|
register: redfish_emulator_old_state_dir
|
|
|
|
- block:
|
|
- name: stop Redfish Emulator before migrating its state directory
|
|
systemd:
|
|
name: redfish-emulator
|
|
state: stopped
|
|
- name: migrate existing Redfish Emulator state directory
|
|
shell: mv /tmp/sushy-emulator/*.sqlite "{{ redfish_emulator_state_dir }}"
|
|
become: true
|
|
ignore_errors: true
|
|
when: redfish_emulator_old_state_dir.stat.exists
|
|
and redfish_emulator_state_dir != '/tmp/sushy-emulator'
|
|
|
|
- name: ensure Redfish Emulator systemd service is started and enabled
|
|
systemd:
|
|
name: redfish-emulator
|
|
enabled: yes
|
|
state: restarted
|
|
become: true
|