--- - name: Set interfaces for overcloud hosts hosts: overcloud tags: - config - kolla-ansible gather_facts: False tasks: - name: Set API interface set_fact: kolla_api_interface: "{{ internal_net_name | net_interface | replace('-', '_') }}" when: internal_net_name in network_interfaces - name: Validate overcloud host Kolla Ansible network configuration fail: msg: > The Kolla Ansible variable {{ item.var_name }} ({{ item.description }}) is invalid. Value: "{{ hostvars[inventory_hostname][item.var_name] | default('') }}". when: - item.required | bool - hostvars[inventory_hostname][item.var_name] is not defined or not hostvars[inventory_hostname][item.var_name] with_items: - var_name: "kolla_api_interface" description: "API network interface name" required: True - name: Ensure Kolla Ansible is configured hosts: localhost tags: - kolla-ansible vars: # We need to reference configuration for the controller and seed nodes. # We pick the first host from each group for this. It is possible that at # this point these groups have no hosts in, and we should handle that case # gracefully. # NOTE: Per-host configuration is not currently supported. controller_host: "{{ groups['controllers'][0] }}" network_host: "{{ groups['network'][0] }}" seed_host: "{{ groups['seed'][0] }}" pre_tasks: # Configuration of extra user-provided Kolla globals. - block: - name: Check whether a Kolla extra globals configuration file exists stat: path: "{{ kayobe_config_path ~ '/kolla/globals.yml' }}" get_checksum: False get_md5: False mime: False register: globals_stat - name: Read the Kolla extra globals configuration file set_fact: kolla_extra_globals: "{{ lookup('template', kayobe_config_path ~ '/kolla/globals.yml') | from_yaml }}" when: globals_stat.stat.exists tags: - config # Configuration and validation of controller networking. - block: - name: Set facts containing the controller network interfaces set_fact: kolla_network_interface: "{{ internal_net_name | net_interface(controller_host) | replace('-', '_') }}" kolla_storage_interface: "{{ storage_net_name | net_interface(controller_host) | replace('-', '_') }}" kolla_cluster_interface: "{{ storage_mgmt_net_name | net_interface(controller_host) | replace('-', '_') }}" kolla_provision_interface: "{{ provision_wl_net_name | net_interface(controller_host) | replace('-', '_') }}" kolla_inspector_dnsmasq_interface: "{{ inspection_net_name | net_interface(controller_host) | replace('-', '_') }}" kolla_dns_interface: "{{ public_net_name | net_interface(controller_host) | replace('-', '_') }}" - name: Validate controller Kolla Ansible network configuration fail: msg: > The Kolla Ansible variable {{ item.var_name }} ({{ item.description }}) is invalid. Value: "{{ hostvars[inventory_hostname][item.var_name] | default('') }}". when: - item.required | bool - hostvars[inventory_hostname][item.var_name] is not defined or not hostvars[inventory_hostname][item.var_name] with_items: - var_name: "kolla_provision_interface" description: "Bare metal provisioning network interface name" required: "{{ kolla_enable_ironic }}" - var_name: "kolla_inspector_dnsmasq_interface" description: "Bare metal introspection network interface name" required: "{{ kolla_enable_ironic }}" when: groups['controllers'] | length > 0 tags: - config - config-validation # Configuration and validation of network host networking. - block: - name: Set facts containing the VIP addresses and FQDNs set_fact: kolla_internal_vip_address: "{{ internal_net_name | net_vip_address }}" kolla_internal_fqdn: "{{ internal_net_name | net_fqdn or internal_net_name | net_vip_address }}" kolla_external_vip_address: "{{ public_net_name | net_vip_address }}" kolla_external_fqdn: "{{ public_net_name | net_fqdn or public_net_name | net_vip_address }}" when: kolla_enable_haproxy | bool - name: Set facts containing the VIP addresses and FQDNs set_fact: kolla_internal_vip_address: "{{ internal_net_name | net_ip(network_host) }}" kolla_internal_fqdn: "{{ internal_net_name | net_ip(network_host) }}" kolla_external_vip_address: "{{ public_net_name | net_ip(network_host) }}" kolla_external_fqdn: "{{ public_net_name | net_ip(network_host) }}" when: not kolla_enable_haproxy | bool - name: Set facts containing the network host interfaces set_fact: kolla_external_vip_interface: "{{ public_net_name | net_interface(network_host) | replace('-', '_') }}" - name: Initialise facts containing the network host interfaces set_fact: # Initialise the following lists. kolla_neutron_bridge_names: [] kolla_neutron_external_interfaces: [] kolla_neutron_bridge_interfaces: [] # When these networks are VLANs, we need to use the underlying tagged # bridge interface rather than the untagged interface. We therefore # strip the . suffix of the interface name. We use a union here # as a single tagged interface may be shared between these networks. - name: Set a fact containing the bridges to be patched to the Neutron OVS bridges set_fact: kolla_neutron_bridge_interfaces: > {{ kolla_neutron_bridge_interfaces | union([item | net_interface(network_host) | replace('.' ~ item | net_vlan(network_host) | default('!nomatch!'), '')]) | list }} with_items: "{{ [provision_wl_net_name, cleaning_net_name] + external_net_names | unique | list }}" when: item in hostvars[network_host].network_interfaces - name: Set facts containing the Neutron bridge and interface names set_fact: kolla_neutron_bridge_names: > {{ kolla_neutron_bridge_names + [item ~ network_bridge_suffix_ovs] }} kolla_neutron_external_interfaces: > {{ kolla_neutron_external_interfaces + [network_patch_prefix ~ item ~ network_patch_suffix_ovs] }} with_items: "{{ kolla_neutron_bridge_interfaces }}" - name: Validate network host Kolla Ansible network configuration fail: msg: > The Kolla Ansible variable {{ item.var_name }} ({{ item.description }}) is invalid. Value: "{{ hostvars[inventory_hostname][item.var_name] | default('') }}". when: - item.required | bool - hostvars[inventory_hostname][item.var_name] is not defined or not hostvars[inventory_hostname][item.var_name] with_items: - var_name: "kolla_internal_vip_address" description: "Internal API VIP address" required: True - var_name: "kolla_internal_fqdn" description: "Internal API Fully Qualified Domain Name (FQDN)" required: True - var_name: "kolla_external_vip_address" description: "external API VIP address" required: True - var_name: "kolla_external_fqdn" description: "External API Fully Qualified Domain Name (FQDN)" required: True - var_name: "kolla_external_vip_interface" description: "External network interface name" required: True - var_name: "kolla_neutron_bridge_names" description: "List of Neutron bridge names" required: True - var_name: "kolla_neutron_external_interfaces" description: "List of Neutron interface names" required: True - name: Validate network host Kolla Ansible Neutron bridge and interface configuration fail: msg: > The Kolla Ansible variable {{ item.0.var_name }} ({{ item.0.description }}) is invalid. Value: "{{ item.1 | default('') }}". when: - item.0.required | bool - item.1 is not defined or not item.1 with_subelements: - - var_name: "kolla_neutron_bridge_names" value: "{{ kolla_neutron_bridge_names }}" description: "List of Neutron bridge names" required: True - var_name: "kolla_neutron_external_interfaces" value: "{{ kolla_neutron_external_interfaces }}" description: "List of Neutron interface names" required: True - value when: groups['network'] | length > 0 tags: - config - config-validation # Configuration and validation of seed networking. - block: - name: Set facts containing the seed network interfaces set_fact: kolla_bifrost_network_interface: "{{ provision_oc_net_name | net_interface(seed_host) | replace('-', '_') }}" - name: Validate seed Kolla Ansible network configuration fail: msg: > The Kolla Ansible variable {{ item.var_name }} ({{ item.description }}) is invalid. Value: "{{ hostvars[inventory_hostname][item.var_name] | default('') }}". when: - item.required | bool - hostvars[inventory_hostname][item.var_name] is not defined or not hostvars[inventory_hostname][item.var_name] with_items: - var_name: "kolla_bifrost_network_interface" description: "Bifrost network interface name" required: True when: groups['seed'] | length > 0 tags: - config - config-validation roles: - role: kolla-ansible kolla_external_fqdn_cert: "{{ kolla_config_path }}/certificates/haproxy.pem" kolla_ansible_passwords_path: "{{ kayobe_config_path }}/kolla/passwords.yml" # NOTE: This differs from the default SELinux mode in kolla ansible, # which is permissive. The justification for using this mode is twofold: # 1. it avoids filling up the audit log # 2. it avoids an issue seen when using diskimage-builder in the bifrost # container. # We could look at making the SELinux mode configurable in future. kolla_selinux_state: disabled