02e01e983b
This change fix the issue when inspection didn't work corrctly in case of L3-routed Ironic networks when DHCP packets received via a DHCP-relay. The dnsmasq optional netmask part in the dhcp-range parameter should be specified [1] in this case. [1] https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html Change-Id: I9488a72db588e31289907668f1997596a8ccdec6 Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/813268 Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
225 lines
9.7 KiB
YAML
225 lines
9.7 KiB
YAML
---
|
|
- name: Gather facts for localhost
|
|
hosts: localhost
|
|
gather_facts: true
|
|
tags: always
|
|
|
|
- name: Validate configuration options for kolla-ansible
|
|
hosts: localhost
|
|
tags:
|
|
- kolla-ansible
|
|
- config-validation
|
|
tasks:
|
|
- name: Validate serial console configuration
|
|
block:
|
|
- name: Check ipmitool-socat is in enabled in kolla_ironic_enabled_console_interfaces
|
|
fail:
|
|
msg: >
|
|
kolla_ironic_enabled_console_interfaces must contain ipmitool-socat if you set
|
|
ironic_serial_console_autoenable to true
|
|
when:
|
|
- kolla_ironic_enabled_console_interfaces is defined
|
|
- "'ipmitool-socat' not in kolla_ironic_enabled_console_interfaces"
|
|
when: ironic_serial_console_autoenable | bool
|
|
|
|
- name: Ensure Kolla Ansible is configured
|
|
hosts: localhost
|
|
tags:
|
|
- kolla-ansible
|
|
gather_facts: false
|
|
pre_tasks:
|
|
- block:
|
|
- name: Look for environment file in Kolla configuration path
|
|
stat:
|
|
path: "{{ kolla_config_path ~ '/.environment' }}"
|
|
get_checksum: False
|
|
get_md5: False
|
|
mime: False
|
|
register: kolla_environment_file
|
|
|
|
- name: Flag that the Kolla configuration path has been used by another environment
|
|
vars:
|
|
kolla_environment: "{{ lookup('file', kolla_config_path ~ '/.environment') }}"
|
|
fail:
|
|
msg: >
|
|
The Kolla configuration path at {{ kolla_config_path }} was
|
|
already used by environment {{ kolla_environment }}. You should
|
|
clean up this directory, including the environment file located
|
|
at {{ kolla_config_path ~ '/.environment' }}, before running
|
|
Kayobe again.
|
|
when:
|
|
- kolla_environment_file.stat.exists
|
|
- kolla_environment != kayobe_environment
|
|
|
|
tags:
|
|
- config
|
|
|
|
# Configuration and validation of network host networking.
|
|
- name: Validate Kolla Ansible API address configuration
|
|
fail:
|
|
msg: >
|
|
The Kolla Ansible variable {{ item.var_name }}
|
|
({{ item.description }}) is invalid. Value:
|
|
"{{ hostvars[inventory_hostname][item.var_name] | default('<undefined>') }}".
|
|
when:
|
|
- groups['network'] | length > 0
|
|
- item.required | bool
|
|
- hostvars[inventory_hostname][item.var_name] is not defined or not hostvars[inventory_hostname][item.var_name]
|
|
with_items:
|
|
- var_name: "kolla_internal_vip_address"
|
|
description: "Internal API VIP address"
|
|
required: True
|
|
- var_name: "kolla_internal_fqdn"
|
|
description: "Internal API Fully Qualified Domain Name (FQDN)"
|
|
required: True
|
|
- var_name: "kolla_external_vip_address"
|
|
description: "external API VIP address"
|
|
required: "{{ public_net_name != internal_net_name }}"
|
|
- var_name: "kolla_external_fqdn"
|
|
description: "External API Fully Qualified Domain Name (FQDN)"
|
|
required: "{{ public_net_name != internal_net_name }}"
|
|
tags:
|
|
- config
|
|
- config-validation
|
|
|
|
- import_role:
|
|
name: kolla-ansible
|
|
vars:
|
|
kolla_ansible_install_epel: "{{ dnf_install_epel }}"
|
|
kolla_external_fqdn_cert: "{{ kolla_config_path }}/certificates/haproxy.pem"
|
|
kolla_internal_fqdn_cert: "{{ kolla_config_path }}/certificates/haproxy-internal.pem"
|
|
kolla_ansible_passwords_path: "{{ kayobe_env_config_path }}/kolla/passwords.yml"
|
|
kolla_overcloud_group_vars_path: "{{ kayobe_env_config_path }}/kolla/inventory/group_vars"
|
|
kolla_ansible_certificates_path: "{{ kayobe_env_config_path }}/kolla/certificates"
|
|
# NOTE: This differs from the default SELinux mode in kolla ansible,
|
|
# which is permissive. The justification for using this mode is twofold:
|
|
# 1. it avoids filling up the audit log
|
|
# 2. it avoids an issue seen when using diskimage-builder in the bifrost
|
|
# container.
|
|
# We could look at making the SELinux mode configurable in future.
|
|
kolla_selinux_state: disabled
|
|
kolla_inspector_dhcp_pool_start: "{{ inspection_net_name | net_inspection_allocation_pool_start }}"
|
|
kolla_inspector_dhcp_pool_end: "{{ inspection_net_name | net_inspection_allocation_pool_end }}"
|
|
kolla_inspector_netmask: "{{ inspection_net_name | net_mask }}"
|
|
kolla_inspector_default_gateway: "{{ inspection_net_name | net_inspection_gateway or inspection_net_name | net_gateway }}"
|
|
kolla_inspector_extra_kernel_options: "{{ inspector_extra_kernel_options }}"
|
|
kolla_enable_host_ntp: false
|
|
docker_daemon_mtu: "{{ public_net_name | net_mtu | default }}"
|
|
kolla_globals_paths_extra:
|
|
- "{{ kayobe_config_path }}"
|
|
- "{{ kayobe_env_config_path }}"
|
|
|
|
- name: Generate Kolla Ansible host vars for the seed host
|
|
hosts: seed
|
|
tags:
|
|
- config
|
|
- config-validation
|
|
- kolla-ansible
|
|
gather_facts: False
|
|
tasks:
|
|
- name: Set Kolla Ansible host variables
|
|
kolla_ansible_host_vars:
|
|
interfaces:
|
|
- var_name: "kolla_bifrost_network_interface"
|
|
description: "Bifrost provisioning network"
|
|
network: "{{ provision_oc_net_name }}"
|
|
required: True
|
|
# Strictly api_interface is not required but kolla-ansible currently
|
|
# references it in prechecks.
|
|
- var_name: "kolla_api_interface"
|
|
description: "Bifrost provisioning network"
|
|
network: "{{ provision_oc_net_name }}"
|
|
required: True
|
|
|
|
- import_role:
|
|
name: kolla-ansible-host-vars
|
|
vars:
|
|
kolla_ansible_pass_through_host_vars: "{{ kolla_seed_inventory_pass_through_host_vars }}"
|
|
kolla_ansible_pass_through_host_vars_map: "{{ kolla_seed_inventory_pass_through_host_vars_map }}"
|
|
kolla_ansible_inventory_path: "{{ kolla_config_path }}/inventory/seed"
|
|
|
|
- name: Generate Kolla Ansible host vars for overcloud hosts
|
|
hosts: overcloud
|
|
tags:
|
|
- config
|
|
- config-validation
|
|
- kolla-ansible
|
|
gather_facts: False
|
|
tasks:
|
|
- name: Set Kolla Ansible host variables
|
|
vars:
|
|
require_ironic_networks: >-
|
|
{{ kolla_enable_ironic | bool and
|
|
inventory_hostname in groups['controllers'] }}
|
|
ironic_networks:
|
|
- network: "{{ provision_wl_net_name }}"
|
|
required: "{{ require_ironic_networks }}"
|
|
- network: "{{ cleaning_net_name }}"
|
|
required: "{{ require_ironic_networks }}"
|
|
require_provider_networks: >-
|
|
{{ kolla_enable_neutron | bool and
|
|
(inventory_hostname in groups['network'] or
|
|
(kolla_enable_neutron_provider_networks | bool and inventory_hostname in groups['compute'])) }}
|
|
# This expression generates a list containing an item for each network
|
|
# in external_net_names, in the format required by the
|
|
# external_networks argument of the kolla_ansible_host_vars action
|
|
# plugin.
|
|
provider_networks: >-
|
|
{{ dict(external_net_names |
|
|
zip_longest([], fillvalue=require_provider_networks)) |
|
|
dict2items(key_name='network', value_name='required') }}
|
|
kolla_ansible_host_vars:
|
|
interfaces:
|
|
- var_name: "kolla_network_interface"
|
|
description: "Default network"
|
|
network: "{{ internal_net_name }}"
|
|
required: True
|
|
- var_name: "kolla_api_interface"
|
|
description: "API network"
|
|
network: "{{ internal_net_name }}"
|
|
required: True
|
|
- var_name: "kolla_storage_interface"
|
|
description: "Storage network"
|
|
network: "{{ storage_net_name }}"
|
|
required: False
|
|
- var_name: "kolla_cluster_interface"
|
|
description: "Cluster network"
|
|
network: "{{ storage_mgmt_net_name }}"
|
|
required: False
|
|
- var_name: "kolla_swift_storage_interface"
|
|
description: "Swift storage network"
|
|
network: "{{ swift_storage_net_name }}"
|
|
required: False
|
|
- var_name: "kolla_swift_replication_interface"
|
|
description: "Swift storage replication network"
|
|
network: "{{ swift_storage_replication_net_name }}"
|
|
required: False
|
|
- var_name: "kolla_provision_interface"
|
|
description: "Bare metal provisioning network"
|
|
network: "{{ provision_wl_net_name }}"
|
|
required: "{{ kolla_enable_ironic | bool and inventory_hostname in groups['controllers'] }}"
|
|
- var_name: "kolla_inspector_dnsmasq_interface"
|
|
description: "Bare metal introspection network"
|
|
network: "{{ inspection_net_name }}"
|
|
required: "{{ kolla_enable_ironic | bool and inventory_hostname in groups['controllers'] }}"
|
|
- var_name: "kolla_dns_interface"
|
|
description: "DNS network"
|
|
network: "{{ public_net_name }}"
|
|
required: False
|
|
- var_name: "kolla_tunnel_interface"
|
|
description: "Tunnel network"
|
|
network: "{{ tunnel_net_name }}"
|
|
required: False
|
|
- var_name: "kolla_external_vip_interface"
|
|
description: "External network"
|
|
network: "{{ public_net_name }}"
|
|
required: "{{ inventory_hostname in groups['network'] }}"
|
|
external_networks: "{{ ironic_networks + provider_networks }}"
|
|
|
|
- import_role:
|
|
name: kolla-ansible-host-vars
|
|
vars:
|
|
kolla_ansible_pass_through_host_vars: "{{ kolla_overcloud_inventory_pass_through_host_vars }}"
|
|
kolla_ansible_pass_through_host_vars_map: "{{ kolla_overcloud_inventory_pass_through_host_vars_map }}"
|
|
kolla_ansible_inventory_path: "{{ kolla_config_path }}/inventory/overcloud"
|