add baremetal role to install kolla deps.
Change-Id: Ie70db1b18a73528b1194e4fbcf53d09fed20f4a0 Implements: blueprint kolla-host
This commit is contained in:
parent
54c745fc36
commit
3e8f9986d1
@ -24,6 +24,11 @@ compute01
|
||||
[storage]
|
||||
storage01
|
||||
|
||||
[baremetal:children]
|
||||
control
|
||||
network
|
||||
compute
|
||||
storage
|
||||
|
||||
# You can explicitly specify which hosts run each project by updating the
|
||||
# groups in the sections below. Common services are grouped together.
|
||||
|
7
ansible/kolla-host.yml
Normal file
7
ansible/kolla-host.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- hosts: baremetal
|
||||
gather_facts: no
|
||||
roles:
|
||||
- { role: baremetal,
|
||||
tags: baremetal }
|
||||
|
41
ansible/roles/baremetal/defaults/main.yml
Normal file
41
ansible/roles/baremetal/defaults/main.yml
Normal file
@ -0,0 +1,41 @@
|
||||
---
|
||||
baremetal_nic: "{{ api_interface | default('em1') }}"
|
||||
|
||||
docker_apt_url: "https://apt.dockerproject.org"
|
||||
docker_apt_key_id: F76221572C52609D
|
||||
|
||||
docker_yum_url: "https://yum.dockerproject.org"
|
||||
docker_gpg_fingerprint: "58118E89F3A912897C070ADBF76221572C52609D"
|
||||
|
||||
customize_etc_hosts: True
|
||||
|
||||
create_kolla_user: True
|
||||
|
||||
docker_storage_driver: ""
|
||||
|
||||
debian_pkg_install:
|
||||
- docker-engine=1.11.*
|
||||
- git
|
||||
- python-dev
|
||||
- libssl-dev
|
||||
- libffi-dev
|
||||
- python-setuptools
|
||||
- ntp
|
||||
|
||||
redhat_pkg_install:
|
||||
- epel-release
|
||||
- docker-engine-1.11.0
|
||||
- git
|
||||
- python-devel
|
||||
- openssl-devel
|
||||
- libffi-devel
|
||||
- python-setuptools
|
||||
- ntp
|
||||
|
||||
ubuntu_pkg_removals:
|
||||
- lxd
|
||||
- lxc
|
||||
- libvirt
|
||||
|
||||
redhat_pkg_removals:
|
||||
- libvirt
|
17
ansible/roles/baremetal/tasks/append_to_etc_hosts.yml
Normal file
17
ansible/roles/baremetal/tasks/append_to_etc_hosts.yml
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
- name: get real node hostname
|
||||
shell: echo $(hostname)
|
||||
register: real_node_hostname
|
||||
delegate_to: "{{ baremetal_node }}"
|
||||
|
||||
- name: get real node ip
|
||||
shell: ip -4 addr show "{{ hostvars[baremetal_node]['baremetal_nic'] }}" | grep -oP "(?<=inet )[\d\.]+(?=/)"
|
||||
register: real_node_ip
|
||||
delegate_to: "{{ baremetal_node }}"
|
||||
|
||||
- name: Insert hosts entries for all kolla-ansible hosts
|
||||
lineinfile:
|
||||
dest=/etc/hosts
|
||||
line="{{ real_node_ip.stdout }} {{ real_node_hostname.stdout.split('.')[0] }} {{ real_node_hostname.stdout }} {{ '#' }}a_kolla_ansible_host"
|
||||
insertafter=".*kolla-ansible\ hosts"
|
||||
state=present
|
4
ansible/roles/baremetal/tasks/bootstrap-servers.yml
Normal file
4
ansible/roles/baremetal/tasks/bootstrap-servers.yml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
- include: pre-install.yml
|
||||
- include: install.yml
|
||||
- include: post-install.yml
|
59
ansible/roles/baremetal/tasks/install.yml
Normal file
59
ansible/roles/baremetal/tasks/install.yml
Normal file
@ -0,0 +1,59 @@
|
||||
---
|
||||
- name: update apt cache
|
||||
command: apt-get update
|
||||
become: True
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
- name: install apt packages
|
||||
package: name={{item}} state=present
|
||||
become: True
|
||||
with_items: "{{ debian_pkg_install }}"
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
- name: install wily kernel
|
||||
package: name=linux-generic-lts-wily state=latest
|
||||
register: kernel_updated
|
||||
become: True
|
||||
when:
|
||||
- ansible_distribution|lower == "ubuntu" | bool
|
||||
- ansible_distribution_release|lower == "trusty" | bool
|
||||
|
||||
- name: set reboot required
|
||||
set_fact:
|
||||
reboot_required: True
|
||||
when:
|
||||
- kernel_updated is defined
|
||||
- kernel_updated.changed
|
||||
|
||||
- name: install deltarpm packages
|
||||
package: name={{item}} state=installed
|
||||
become: True
|
||||
with_items:
|
||||
- deltarpm
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
- name: install yum packages
|
||||
package: name={{item}} state=present
|
||||
become: True
|
||||
with_items: "{{ redhat_pkg_install }}"
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
- name: install pip
|
||||
easy_install: name=pip
|
||||
become: True
|
||||
|
||||
- name: Install docker-py
|
||||
pip: name=docker-py state=latest
|
||||
become: True
|
||||
|
||||
- name: remove packages
|
||||
package: name={{item}} state=absent
|
||||
with_items: "{{ ubuntu_pkg_removals }}"
|
||||
become: True
|
||||
when: ansible_distribution|lower == "ubuntu" | bool
|
||||
|
||||
- name: remove packages
|
||||
package: name={{item}} state=absent
|
||||
with_items: "{{ redhat_pkg_removals }}"
|
||||
become: True
|
||||
when: ansible_os_family == 'RedHat'
|
2
ansible/roles/baremetal/tasks/main.yml
Normal file
2
ansible/roles/baremetal/tasks/main.yml
Normal file
@ -0,0 +1,2 @@
|
||||
---
|
||||
- include: "{{ action }}.yml"
|
79
ansible/roles/baremetal/tasks/post-install.yml
Normal file
79
ansible/roles/baremetal/tasks/post-install.yml
Normal file
@ -0,0 +1,79 @@
|
||||
---
|
||||
|
||||
- name: Ensure docker service directory exists
|
||||
file:
|
||||
path=/etc/systemd/system/docker.service.d
|
||||
state=directory
|
||||
recurse=yes
|
||||
become: True
|
||||
when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version > "14") or
|
||||
(ansible_os_family == "RedHat") or (ansible_distribution == "Debian")
|
||||
|
||||
- name: configure docker service
|
||||
become: True
|
||||
template:
|
||||
src=docker_systemd_service.j2
|
||||
dest=/etc/systemd/system/docker.service.d/kolla.conf
|
||||
when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version > "14") or
|
||||
(ansible_os_family == "RedHat") or (ansible_distribution == "Debian")
|
||||
|
||||
- name: reload docker service file
|
||||
become: True
|
||||
command: systemctl daemon-reload
|
||||
when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version > "14") or
|
||||
(ansible_os_family == "RedHat") or (ansible_distribution == "Debian")
|
||||
|
||||
- name: configure docker service
|
||||
become: True
|
||||
template:
|
||||
src=docker_defaults.j2
|
||||
dest=/etc/default/docker
|
||||
when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "15")
|
||||
|
||||
- name: docker mount shared
|
||||
command: mount --make-shared /run
|
||||
become: True
|
||||
when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "15")
|
||||
|
||||
- name: remove apparmor profile for libvirt
|
||||
command: apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd
|
||||
become: True
|
||||
when: ansible_distribution == "Ubuntu"
|
||||
|
||||
- name: create docker group
|
||||
group:
|
||||
name: docker
|
||||
become: True
|
||||
|
||||
- name: add kolla user to docker group
|
||||
user:
|
||||
name: kolla
|
||||
append: yes
|
||||
groups: docker
|
||||
become: True
|
||||
when: create_kolla_user | bool == True
|
||||
|
||||
- name: start docker
|
||||
service:
|
||||
name: docker
|
||||
state: started
|
||||
become: yes
|
||||
|
||||
- name: restart docker
|
||||
service:
|
||||
name: docker
|
||||
state: restarted
|
||||
become: yes
|
||||
|
||||
- name: enable docker
|
||||
service:
|
||||
name: docker
|
||||
enabled: yes
|
||||
become: yes
|
||||
|
||||
- name: reboot
|
||||
command: reboot -f
|
||||
become: yes
|
||||
when:
|
||||
- reboot_required is defined
|
||||
- reboot_required | bool == true
|
154
ansible/roles/baremetal/tasks/pre-install.yml
Normal file
154
ansible/roles/baremetal/tasks/pre-install.yml
Normal file
@ -0,0 +1,154 @@
|
||||
---
|
||||
|
||||
- name: "install python2 and python-simplejson"
|
||||
become: true
|
||||
raw: "yum install -y python python-simplejson || apt-get install -y python2.7 python-simplejson"
|
||||
|
||||
- name: gather facts
|
||||
setup:
|
||||
|
||||
- name: get node hostname
|
||||
shell: echo $(hostname)
|
||||
register: node_hostname
|
||||
|
||||
- name: update /etc/hosts with hostname
|
||||
lineinfile:
|
||||
dest: /etc/hosts
|
||||
regexp: "127.0.0.1 {{ node_hostname.stdout }} localhost"
|
||||
line: "127.0.0.1 {{ node_hostname.stdout }} localhost"
|
||||
state: present
|
||||
become: True
|
||||
when: customize_etc_hosts | bool == True
|
||||
|
||||
- name: Remove all previous kolla-ansible hosts entries to prevent cruft
|
||||
lineinfile:
|
||||
dest=/etc/hosts
|
||||
regexp="{{ '#' }}a_kolla-ansible_host"
|
||||
state=absent
|
||||
become: True
|
||||
when: customize_etc_hosts | bool == True
|
||||
|
||||
- name: Insert a comment after EOF to put our entries under, IF it is not already present
|
||||
lineinfile:
|
||||
dest=/etc/hosts
|
||||
regexp="{{ '#' }}kolla-ansible hosts"
|
||||
line="{{ '#' }}kolla-ansible hosts"
|
||||
insertafter=EOF
|
||||
state=present
|
||||
become: True
|
||||
when: customize_etc_hosts | bool == True
|
||||
|
||||
- include: append_to_etc_hosts.yml
|
||||
with_inventory_hostnames: baremetal
|
||||
loop_control:
|
||||
loop_var: baremetal_node
|
||||
become: True
|
||||
when: customize_etc_hosts | bool == True
|
||||
|
||||
- name: ensure sudo group is present
|
||||
group: name=sudo state=present
|
||||
become: True
|
||||
|
||||
- name: ensure kolla group is present
|
||||
group: name=kolla state=present
|
||||
become: True
|
||||
when: create_kolla_user | bool == True
|
||||
|
||||
- name: create kolla user
|
||||
user:
|
||||
name: kolla
|
||||
state: present
|
||||
group: kolla
|
||||
groups: "sudo"
|
||||
become: True
|
||||
when: create_kolla_user | bool == True
|
||||
|
||||
- name: grant kolla user passwordless sudo
|
||||
lineinfile:
|
||||
dest: /etc/sudoers
|
||||
state: present
|
||||
regexp: '^kolla'
|
||||
line: 'kolla ALL=(ALL) NOPASSWD: ALL'
|
||||
become: True
|
||||
when: create_kolla_user | bool == True
|
||||
|
||||
- name: add public key to kolla user authorized keys
|
||||
authorized_key:
|
||||
user: kolla
|
||||
key: "{{ kolla_ssh_key.public_key }}"
|
||||
become: True
|
||||
when: create_kolla_user | bool == True
|
||||
|
||||
- name: install apt packages
|
||||
command: apt-get update
|
||||
become: True
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
- name: install ubuntu ca certs
|
||||
package: name={{item}} state=latest
|
||||
become: True
|
||||
with_items:
|
||||
- ca-certificates
|
||||
- apt-transport-https
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
|
||||
- name: Ensure apt sources list directory exists
|
||||
file: path=/etc/apt/sources.list.d state=directory recurse=yes
|
||||
become: True
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
- name: enable docker repo apt
|
||||
template:
|
||||
src: docker_apt_repo.j2
|
||||
dest: /etc/apt/sources.list.d/docker.list
|
||||
become: True
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
- name: install docker apt gpg key
|
||||
apt_key:
|
||||
url: "{{ docker_apt_url }}/gpg"
|
||||
id: "{{ docker_apt_key_id }}"
|
||||
state: present
|
||||
become: True
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
- ansible_distribution == 'Ubuntu'
|
||||
|
||||
- name: Ensure yum repos directory exists
|
||||
file: path=/etc/yum.repos.d/ state=directory recurse=yes
|
||||
become: True
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
- name: enable docker repo yum
|
||||
become: True
|
||||
template:
|
||||
src: docker_yum_repo.j2
|
||||
dest: /etc/yum.repos.d/docker.repo
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
- name: install docker rpm gpg key
|
||||
rpm_key:
|
||||
state: present
|
||||
key: "{{ docker_yum_url }}/gpg"
|
||||
become: True
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
- name: Ensure /etc/kolla directory exists
|
||||
file:
|
||||
path: /etc/kolla
|
||||
state: directory
|
||||
recurse: yes
|
||||
owner: kolla
|
||||
mode: 755
|
||||
become: True
|
||||
when: create_kolla_user | bool == True
|
||||
|
||||
- name: Ensure /etc/kolla directory exists
|
||||
file:
|
||||
path: /etc/kolla
|
||||
state: directory
|
||||
recurse: yes
|
||||
mode: 666
|
||||
become: True
|
||||
when: create_kolla_user | bool == False
|
2
ansible/roles/baremetal/templates/docker_apt_repo.j2
Normal file
2
ansible/roles/baremetal/templates/docker_apt_repo.j2
Normal file
@ -0,0 +1,2 @@
|
||||
# main docker repo
|
||||
deb {{docker_apt_url}}/repo {{ansible_distribution|lower}}-{{ansible_distribution_release|lower}} main
|
26
ansible/roles/baremetal/templates/docker_defaults.j2
Normal file
26
ansible/roles/baremetal/templates/docker_defaults.j2
Normal file
@ -0,0 +1,26 @@
|
||||
# Docker Upstart and SysVinit configuration file
|
||||
|
||||
#
|
||||
# THIS FILE DOES NOT APPLY TO SYSTEMD
|
||||
#
|
||||
# Please see the documentation for "systemd drop-ins":
|
||||
# https://docs.docker.com/engine/articles/systemd/
|
||||
#
|
||||
|
||||
# Customize location of Docker binary (especially for development testing).
|
||||
#DOCKERD="/usr/local/bin/dockerd"
|
||||
|
||||
# Use DOCKER_OPTS to modify the daemon startup options.
|
||||
DOCKER_OPTS=""
|
||||
{% if docker_storage_driver %}
|
||||
DOCKER_OPTS="$DOCKER_OPTS --storage-driver={{ docker_storage_driver }}"
|
||||
{% endif %}
|
||||
{% if docker_registry %}
|
||||
DOCKER_OPTS="$DOCKER_OPTS --insecure-registry {{ docker_registry }}"
|
||||
{% endif %}
|
||||
|
||||
# If you need Docker to use an HTTP proxy, it can also be specified here.
|
||||
#export http_proxy="http://127.0.0.1:3128/"
|
||||
|
||||
# This is also a handy place to tweak where Docker's temporary files go.
|
||||
#export TMPDIR="/mnt/bigdrive/docker-tmp"
|
11
ansible/roles/baremetal/templates/docker_systemd_service.j2
Normal file
11
ansible/roles/baremetal/templates/docker_systemd_service.j2
Normal file
@ -0,0 +1,11 @@
|
||||
[Service]
|
||||
MountFlags=shared
|
||||
ExecStart=
|
||||
ExecStart=/usr/bin/docker daemon \
|
||||
{% if docker_registry %}
|
||||
--insecure-registry {{ docker_registry }} \
|
||||
{% endif %}
|
||||
{% if docker_storage_driver %}
|
||||
--storage-driver={{ docker_storage_driver }}
|
||||
{% endif %}
|
||||
-H fd://
|
6
ansible/roles/baremetal/templates/docker_yum_repo.j2
Normal file
6
ansible/roles/baremetal/templates/docker_yum_repo.j2
Normal file
@ -0,0 +1,6 @@
|
||||
[docker-repo]
|
||||
name=Docker main Repository
|
||||
baseurl={{docker_yum_url}}/repo/main/{{ansible_distribution|lower}}/{{ansible_distribution_major_version|lower}}
|
||||
enabled=1
|
||||
gpgcheck=1
|
||||
gpgkey={{docker_yum_url}}/gpg
|
@ -41,4 +41,4 @@
|
||||
local_action: command grep '^[^#].*:\s*$' "{{ CONFIG_DIR }}/passwords.yml"
|
||||
register: result
|
||||
changed_when: false
|
||||
failed_when: result.stdout | regex_replace('(.*nova_ssh_key.*)', '') | search(":")
|
||||
failed_when: result.stdout | regex_replace('(.*ssh_key.*)', '') | search(":")
|
||||
|
@ -77,6 +77,10 @@ nova_ssh_key:
|
||||
private_key:
|
||||
public_key:
|
||||
|
||||
kolla_ssh_key:
|
||||
private_key:
|
||||
public_key:
|
||||
|
||||
####################
|
||||
# RabbitMQ options
|
||||
####################
|
||||
|
@ -43,7 +43,7 @@ def main():
|
||||
uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid']
|
||||
|
||||
# SSH key pair
|
||||
ssh_keys = ['nova_ssh_key']
|
||||
ssh_keys = ['kolla_ssh_key', 'nova_ssh_key']
|
||||
|
||||
# If these keys are None, leave them as None
|
||||
blank_keys = ['docker_registry_password']
|
||||
|
29
releasenotes/notes/kolla-host-584270e3aee6dfd6.yaml
Normal file
29
releasenotes/notes/kolla-host-584270e3aee6dfd6.yaml
Normal file
@ -0,0 +1,29 @@
|
||||
---
|
||||
prelude: >
|
||||
- In the Newton cycle a new kolla-host playbook was
|
||||
introduced. The kolla-host playbook is intended to
|
||||
prepare servers for use as kolla deployment hosts.
|
||||
The kolla-host playbook requires the nodes to have
|
||||
an os installed and be reachable via ssh. Currently
|
||||
the kolla-host playbook supports ubuntu 14.04,
|
||||
ubuntu 16.04 and centos 7.2 as target servers.
|
||||
See features section for more details.
|
||||
features:
|
||||
- The kolla-host playbook supports bootrapping
|
||||
clean os installations to enable them to be
|
||||
used as kolla hosts. When the playbook completes
|
||||
the bootstraped systems should pass the kolla
|
||||
prechecks.
|
||||
- The kolla-host playbook will install docker 1.11
|
||||
and docker-py on all baremetal nodes.
|
||||
- The kolla-host playbook will configure /etc/host
|
||||
with the hostname and ip address of all nodes
|
||||
in the kolla inventroy if customize_etc_host
|
||||
set to its default value of True.
|
||||
security:
|
||||
- The kolla-host playbook will create a kolla user
|
||||
on all nodes using the ssh-key specified in the
|
||||
passwords.yml. The kolla user will be granted
|
||||
passwordless sudo privalages on the host.
|
||||
this behavior can be disabled by setting
|
||||
create_kolla_user=False
|
@ -41,6 +41,7 @@ Options:
|
||||
Commands:
|
||||
prechecks Do pre-deployment checks for hosts
|
||||
mariadb_recovery Recover a completely stopped mariadb cluster
|
||||
bootstrap-servers bootstrap servers with kolla deploy dependencies
|
||||
deploy Deploy and start all kolla containers
|
||||
destroy Destroy Kolla containers, volumes and host configuration
|
||||
('-e destroy_include_images=yes' to also destroy Kolla images)
|
||||
@ -144,6 +145,11 @@ case "$1" in
|
||||
ACTION="Destroy Kolla containers, volumes and host configuration"
|
||||
PLAYBOOK="${BASEDIR}/ansible/destroy.yml"
|
||||
;;
|
||||
(bootstrap-servers)
|
||||
ACTION="Deploying Playbooks"
|
||||
PLAYBOOK="${BASEDIR}/ansible/kolla-host.yml"
|
||||
EXTRA_OPTS="$EXTRA_OPTS -e action=bootstrap-servers"
|
||||
;;
|
||||
(deploy)
|
||||
ACTION="Deploying Playbooks"
|
||||
EXTRA_OPTS="$EXTRA_OPTS -e action=deploy"
|
||||
|
Loading…
Reference in New Issue
Block a user