kayobe/ansible/provision-net.yml
Mark Goddard 388dfa369c Avoid fact gathering for group_by
There are a few places where we have a play with one task that uses the
group_by module to generate groups that are used in a subsequent play.
These plays do not need to gather facts for their target hosts.

In particular, the kolla-openstack.yml playbook should really be able to
operate without access to remote hosts.

This change also adds changed_when: false to all group_by tasks, since
they show as changed but haven't really made any changes outside of
Ansible.

TrivialFix

Change-Id: I18f67eda4e48058f3f402b9d0e692d6eeb02855f
2021-03-04 17:32:15 +00:00

129 lines
6.0 KiB
YAML

---
- name: Check whether Ironic is enabled
hosts: controllers
gather_facts: False
tags:
- provision-net
- cleaning-net
tasks:
- name: Create controllers group with ironic enabled
group_by:
key: "controllers_for_provision_net_{{ kolla_enable_ironic | bool }}"
changed_when: false
- name: Ensure provisioning and cleaning networks and subnets are registered in neutron
# Only required to run on a single host.
hosts: controllers_for_provision_net_True[0]
vars:
venv: "{{ virtualenv_path }}/openstacksdk"
provision_net:
name: "{{ kolla_ironic_provisioning_network }}"
provider_network_type: "{% if provision_wl_net_name | net_vlan %}vlan{% else %}flat{% endif %}"
provider_physical_network: "{{ provision_wl_net_name | net_physical_network | default('physnet1', True) }}"
provider_segmentation_id: "{{ provision_wl_net_name | net_vlan }}"
# Flat networks need to be shared to allow instances to use them.
shared: "{{ (provision_wl_net_name | net_vlan) is none }}"
subnets:
- name: "{{ kolla_ironic_provisioning_network }}"
cidr: "{{ provision_wl_net_name | net_cidr }}"
gateway_ip: "{{ provision_wl_net_name | net_neutron_gateway or provision_wl_net_name | net_gateway }}"
allocation_pool_start: "{{ provision_wl_net_name | net_neutron_allocation_pool_start }}"
allocation_pool_end: "{{ provision_wl_net_name | net_neutron_allocation_pool_end }}"
cleaning_net:
name: "{{ kolla_ironic_cleaning_network }}"
provider_network_type: "{% if cleaning_net_name | net_vlan %}vlan{% else %}flat{% endif %}"
provider_physical_network: "{{ cleaning_net_name | net_physical_network | default('physnet1', True) }}"
provider_segmentation_id: "{{ cleaning_net_name | net_vlan }}"
# Flat networks need to be shared to allow instances to use them.
shared: "{{ (cleaning_net_name | net_vlan) is none }}"
subnets:
- name: "{{ kolla_ironic_cleaning_network }}"
cidr: "{{ cleaning_net_name | net_cidr }}"
gateway_ip: "{{ cleaning_net_name | net_neutron_gateway or cleaning_net_name | net_gateway }}"
allocation_pool_start: "{{ cleaning_net_name | net_neutron_allocation_pool_start }}"
allocation_pool_end: "{{ cleaning_net_name | net_neutron_allocation_pool_end }}"
network_registrations: "{{ [provision_net] + ([] if cleaning_net_name == provision_wl_net_name else [cleaning_net]) }}"
tags:
- provision-net
- cleaning-net
pre_tasks:
- name: Validate OpenStack password authentication parameters
fail:
msg: >
Required OpenStack authentication parameter {{ item }} is
{% if item in openstack_auth %}empty{% else %}not present{% endif %}
in openstack_auth. Have you sourced the environment file?
when:
- openstack_auth_type == 'password'
- item not in openstack_auth or not openstack_auth[item]
with_items: "{{ openstack_auth_password_required_params }}"
tags:
- config-validation
roles:
- role: stackhpc.os-networks
os_openstacksdk_install_epel: "{{ dnf_install_epel }}"
os_openstacksdk_state: latest
os_openstacksdk_upper_constraints_file: "{{ pip_upper_constraints_file }}"
os_networks_venv: "{{ venv }}"
os_networks_auth_type: "{{ openstack_auth_type }}"
os_networks_auth: "{{ openstack_auth }}"
os_networks_cacert: "{{ openstack_cacert | default(omit, true) }}"
os_networks_interface: "{{ openstack_interface | default(omit, true) }}"
# Network configuration.
os_networks: "{{ network_registrations }}"
tasks:
# NOTE(mgoddard): Originally, provisioning and cleaning networks were
# always shared. However now, VLAN networks are not shared. The os_network
# module does not appear to update networks after they have been created,
# so during this transition we manually update them here if necessary.
# TODO(mgoddard): Remove this code after a suitable transition period.
- name: Ensure python-openstackclient is installed
pip:
name: python-openstackclient
state: latest
extra_args: "{% if pip_upper_constraints_file %}-c {{ pip_upper_constraints_file }}{% endif %}"
virtualenv: "{{ venv }}"
when: network_registrations | rejectattr('shared') | list | length > 0
- block:
- name: Gather facts about provisioning network
os_networks_facts:
auth: "{{ openstack_auth }}"
auth_type: "{{ openstack_auth_type }}"
cacert: "{{ openstack_cacert | default(omit, true) }}"
interface: "{{ openstack_interface | default(omit, true) }}"
name: "{{ provision_net.name }}"
register: provisioning_network_facts
- name: Set provisioning network to unshared
command: "{{ venv }}/bin/openstack network set {{ provision_net.name }} --no-share"
changed_when: true
when: openstack_networks[0].shared
environment: "{{ openstack_auth_env }}"
vars:
ansible_python_interpreter: "{{ venv }}/bin/python"
when: not provision_net.shared | bool
- block:
- name: Gather facts about cleaning network
os_networks_facts:
auth: "{{ openstack_auth }}"
auth_type: "{{ openstack_auth_type }}"
cacert: "{{ openstack_cacert | default(omit, true) }}"
interface: "{{ openstack_interface | default(omit, true) }}"
name: "{{ cleaning_net.name }}"
register: cleaning_network_facts
- name: Set cleaning network to unshared
command: "{{ venv }}/bin/openstack network set {{ cleaning_net.name }} --no-share"
changed_when: true
when: openstack_networks[0].shared
environment: "{{ openstack_auth_env }}"
vars:
ansible_python_interpreter: "{{ venv }}/bin/python"
when:
- cleaning_net_name != provision_wl_net_name
- not cleaning_net.shared | bool