add baremetal role to install kolla deps.

Change-Id: Ie70db1b18a73528b1194e4fbcf53d09fed20f4a0
Implements: blueprint kolla-host
This commit is contained in:
Sean Mooney 2016-08-04 02:50:31 +00:00
parent 54c745fc36
commit 3e8f9986d1
18 changed files with 454 additions and 2 deletions

View File

@ -24,6 +24,11 @@ compute01
[storage]
storage01
[baremetal:children]
control
network
compute
storage
# You can explicitly specify which hosts run each project by updating the
# groups in the sections below. Common services are grouped together.

7
ansible/kolla-host.yml Normal file
View File

@ -0,0 +1,7 @@
---
- hosts: baremetal
gather_facts: no
roles:
- { role: baremetal,
tags: baremetal }

View File

@ -0,0 +1,41 @@
---
baremetal_nic: "{{ api_interface | default('em1') }}"
docker_apt_url: "https://apt.dockerproject.org"
docker_apt_key_id: F76221572C52609D
docker_yum_url: "https://yum.dockerproject.org"
docker_gpg_fingerprint: "58118E89F3A912897C070ADBF76221572C52609D"
customize_etc_hosts: True
create_kolla_user: True
docker_storage_driver: ""
debian_pkg_install:
- docker-engine=1.11.*
- git
- python-dev
- libssl-dev
- libffi-dev
- python-setuptools
- ntp
redhat_pkg_install:
- epel-release
- docker-engine-1.11.0
- git
- python-devel
- openssl-devel
- libffi-devel
- python-setuptools
- ntp
ubuntu_pkg_removals:
- lxd
- lxc
- libvirt
redhat_pkg_removals:
- libvirt

View File

@ -0,0 +1,17 @@
---
- name: get real node hostname
shell: echo $(hostname)
register: real_node_hostname
delegate_to: "{{ baremetal_node }}"
- name: get real node ip
shell: ip -4 addr show "{{ hostvars[baremetal_node]['baremetal_nic'] }}" | grep -oP "(?<=inet )[\d\.]+(?=/)"
register: real_node_ip
delegate_to: "{{ baremetal_node }}"
- name: Insert hosts entries for all kolla-ansible hosts
lineinfile:
dest=/etc/hosts
line="{{ real_node_ip.stdout }} {{ real_node_hostname.stdout.split('.')[0] }} {{ real_node_hostname.stdout }} {{ '#' }}a_kolla_ansible_host"
insertafter=".*kolla-ansible\ hosts"
state=present

View File

@ -0,0 +1,4 @@
---
- include: pre-install.yml
- include: install.yml
- include: post-install.yml

View File

@ -0,0 +1,59 @@
---
- name: update apt cache
command: apt-get update
become: True
when: ansible_os_family == 'Debian'
- name: install apt packages
package: name={{item}} state=present
become: True
with_items: "{{ debian_pkg_install }}"
when: ansible_os_family == 'Debian'
- name: install wily kernel
package: name=linux-generic-lts-wily state=latest
register: kernel_updated
become: True
when:
- ansible_distribution|lower == "ubuntu" | bool
- ansible_distribution_release|lower == "trusty" | bool
- name: set reboot required
set_fact:
reboot_required: True
when:
- kernel_updated is defined
- kernel_updated.changed
- name: install deltarpm packages
package: name={{item}} state=installed
become: True
with_items:
- deltarpm
when: ansible_os_family == 'RedHat'
- name: install yum packages
package: name={{item}} state=present
become: True
with_items: "{{ redhat_pkg_install }}"
when: ansible_os_family == 'RedHat'
- name: install pip
easy_install: name=pip
become: True
- name: Install docker-py
pip: name=docker-py state=latest
become: True
- name: remove packages
package: name={{item}} state=absent
with_items: "{{ ubuntu_pkg_removals }}"
become: True
when: ansible_distribution|lower == "ubuntu" | bool
- name: remove packages
package: name={{item}} state=absent
with_items: "{{ redhat_pkg_removals }}"
become: True
when: ansible_os_family == 'RedHat'

View File

@ -0,0 +1,2 @@
---
- include: "{{ action }}.yml"

View File

@ -0,0 +1,79 @@
---
- name: Ensure docker service directory exists
file:
path=/etc/systemd/system/docker.service.d
state=directory
recurse=yes
become: True
when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version > "14") or
(ansible_os_family == "RedHat") or (ansible_distribution == "Debian")
- name: configure docker service
become: True
template:
src=docker_systemd_service.j2
dest=/etc/systemd/system/docker.service.d/kolla.conf
when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version > "14") or
(ansible_os_family == "RedHat") or (ansible_distribution == "Debian")
- name: reload docker service file
become: True
command: systemctl daemon-reload
when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version > "14") or
(ansible_os_family == "RedHat") or (ansible_distribution == "Debian")
- name: configure docker service
become: True
template:
src=docker_defaults.j2
dest=/etc/default/docker
when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "15")
- name: docker mount shared
command: mount --make-shared /run
become: True
when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "15")
- name: remove apparmor profile for libvirt
command: apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd
become: True
when: ansible_distribution == "Ubuntu"
- name: create docker group
group:
name: docker
become: True
- name: add kolla user to docker group
user:
name: kolla
append: yes
groups: docker
become: True
when: create_kolla_user | bool == True
- name: start docker
service:
name: docker
state: started
become: yes
- name: restart docker
service:
name: docker
state: restarted
become: yes
- name: enable docker
service:
name: docker
enabled: yes
become: yes
- name: reboot
command: reboot -f
become: yes
when:
- reboot_required is defined
- reboot_required | bool == true

View File

@ -0,0 +1,154 @@
---
- name: "install python2 and python-simplejson"
become: true
raw: "yum install -y python python-simplejson || apt-get install -y python2.7 python-simplejson"
- name: gather facts
setup:
- name: get node hostname
shell: echo $(hostname)
register: node_hostname
- name: update /etc/hosts with hostname
lineinfile:
dest: /etc/hosts
regexp: "127.0.0.1 {{ node_hostname.stdout }} localhost"
line: "127.0.0.1 {{ node_hostname.stdout }} localhost"
state: present
become: True
when: customize_etc_hosts | bool == True
- name: Remove all previous kolla-ansible hosts entries to prevent cruft
lineinfile:
dest=/etc/hosts
regexp="{{ '#' }}a_kolla-ansible_host"
state=absent
become: True
when: customize_etc_hosts | bool == True
- name: Insert a comment after EOF to put our entries under, IF it is not already present
lineinfile:
dest=/etc/hosts
regexp="{{ '#' }}kolla-ansible hosts"
line="{{ '#' }}kolla-ansible hosts"
insertafter=EOF
state=present
become: True
when: customize_etc_hosts | bool == True
- include: append_to_etc_hosts.yml
with_inventory_hostnames: baremetal
loop_control:
loop_var: baremetal_node
become: True
when: customize_etc_hosts | bool == True
- name: ensure sudo group is present
group: name=sudo state=present
become: True
- name: ensure kolla group is present
group: name=kolla state=present
become: True
when: create_kolla_user | bool == True
- name: create kolla user
user:
name: kolla
state: present
group: kolla
groups: "sudo"
become: True
when: create_kolla_user | bool == True
- name: grant kolla user passwordless sudo
lineinfile:
dest: /etc/sudoers
state: present
regexp: '^kolla'
line: 'kolla ALL=(ALL) NOPASSWD: ALL'
become: True
when: create_kolla_user | bool == True
- name: add public key to kolla user authorized keys
authorized_key:
user: kolla
key: "{{ kolla_ssh_key.public_key }}"
become: True
when: create_kolla_user | bool == True
- name: install apt packages
command: apt-get update
become: True
when: ansible_os_family == 'Debian'
- name: install ubuntu ca certs
package: name={{item}} state=latest
become: True
with_items:
- ca-certificates
- apt-transport-https
when:
- ansible_os_family == 'Debian'
- name: Ensure apt sources list directory exists
file: path=/etc/apt/sources.list.d state=directory recurse=yes
become: True
when: ansible_os_family == 'Debian'
- name: enable docker repo apt
template:
src: docker_apt_repo.j2
dest: /etc/apt/sources.list.d/docker.list
become: True
when: ansible_os_family == 'Debian'
- name: install docker apt gpg key
apt_key:
url: "{{ docker_apt_url }}/gpg"
id: "{{ docker_apt_key_id }}"
state: present
become: True
when:
- ansible_os_family == 'Debian'
- ansible_distribution == 'Ubuntu'
- name: Ensure yum repos directory exists
file: path=/etc/yum.repos.d/ state=directory recurse=yes
become: True
when: ansible_os_family == 'RedHat'
- name: enable docker repo yum
become: True
template:
src: docker_yum_repo.j2
dest: /etc/yum.repos.d/docker.repo
when: ansible_os_family == 'RedHat'
- name: install docker rpm gpg key
rpm_key:
state: present
key: "{{ docker_yum_url }}/gpg"
become: True
when: ansible_os_family == 'RedHat'
- name: Ensure /etc/kolla directory exists
file:
path: /etc/kolla
state: directory
recurse: yes
owner: kolla
mode: 755
become: True
when: create_kolla_user | bool == True
- name: Ensure /etc/kolla directory exists
file:
path: /etc/kolla
state: directory
recurse: yes
mode: 666
become: True
when: create_kolla_user | bool == False

View File

@ -0,0 +1,2 @@
# main docker repo
deb {{docker_apt_url}}/repo {{ansible_distribution|lower}}-{{ansible_distribution_release|lower}} main

View File

@ -0,0 +1,26 @@
# Docker Upstart and SysVinit configuration file
#
# THIS FILE DOES NOT APPLY TO SYSTEMD
#
# Please see the documentation for "systemd drop-ins":
# https://docs.docker.com/engine/articles/systemd/
#
# Customize location of Docker binary (especially for development testing).
#DOCKERD="/usr/local/bin/dockerd"
# Use DOCKER_OPTS to modify the daemon startup options.
DOCKER_OPTS=""
{% if docker_storage_driver %}
DOCKER_OPTS="$DOCKER_OPTS --storage-driver={{ docker_storage_driver }}"
{% endif %}
{% if docker_registry %}
DOCKER_OPTS="$DOCKER_OPTS --insecure-registry {{ docker_registry }}"
{% endif %}
# If you need Docker to use an HTTP proxy, it can also be specified here.
#export http_proxy="http://127.0.0.1:3128/"
# This is also a handy place to tweak where Docker's temporary files go.
#export TMPDIR="/mnt/bigdrive/docker-tmp"

View File

@ -0,0 +1,11 @@
[Service]
MountFlags=shared
ExecStart=
ExecStart=/usr/bin/docker daemon \
{% if docker_registry %}
--insecure-registry {{ docker_registry }} \
{% endif %}
{% if docker_storage_driver %}
--storage-driver={{ docker_storage_driver }}
{% endif %}
-H fd://

View File

@ -0,0 +1,6 @@
[docker-repo]
name=Docker main Repository
baseurl={{docker_yum_url}}/repo/main/{{ansible_distribution|lower}}/{{ansible_distribution_major_version|lower}}
enabled=1
gpgcheck=1
gpgkey={{docker_yum_url}}/gpg

View File

@ -41,4 +41,4 @@
local_action: command grep '^[^#].*:\s*$' "{{ CONFIG_DIR }}/passwords.yml"
register: result
changed_when: false
failed_when: result.stdout | regex_replace('(.*nova_ssh_key.*)', '') | search(":")
failed_when: result.stdout | regex_replace('(.*ssh_key.*)', '') | search(":")

View File

@ -77,6 +77,10 @@ nova_ssh_key:
private_key:
public_key:
kolla_ssh_key:
private_key:
public_key:
####################
# RabbitMQ options
####################

View File

@ -43,7 +43,7 @@ def main():
uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid']
# SSH key pair
ssh_keys = ['nova_ssh_key']
ssh_keys = ['kolla_ssh_key', 'nova_ssh_key']
# If these keys are None, leave them as None
blank_keys = ['docker_registry_password']

View File

@ -0,0 +1,29 @@
---
prelude: >
- In the Newton cycle a new kolla-host playbook was
introduced. The kolla-host playbook is intended to
prepare servers for use as kolla deployment hosts.
The kolla-host playbook requires the nodes to have
an os installed and be reachable via ssh. Currently
the kolla-host playbook supports ubuntu 14.04,
ubuntu 16.04 and centos 7.2 as target servers.
See features section for more details.
features:
- The kolla-host playbook supports bootrapping
clean os installations to enable them to be
used as kolla hosts. When the playbook completes
the bootstraped systems should pass the kolla
prechecks.
- The kolla-host playbook will install docker 1.11
and docker-py on all baremetal nodes.
- The kolla-host playbook will configure /etc/host
with the hostname and ip address of all nodes
in the kolla inventroy if customize_etc_host
set to its default value of True.
security:
- The kolla-host playbook will create a kolla user
on all nodes using the ssh-key specified in the
passwords.yml. The kolla user will be granted
passwordless sudo privalages on the host.
this behavior can be disabled by setting
create_kolla_user=False

View File

@ -41,6 +41,7 @@ Options:
Commands:
prechecks Do pre-deployment checks for hosts
mariadb_recovery Recover a completely stopped mariadb cluster
bootstrap-servers bootstrap servers with kolla deploy dependencies
deploy Deploy and start all kolla containers
destroy Destroy Kolla containers, volumes and host configuration
('-e destroy_include_images=yes' to also destroy Kolla images)
@ -144,6 +145,11 @@ case "$1" in
ACTION="Destroy Kolla containers, volumes and host configuration"
PLAYBOOK="${BASEDIR}/ansible/destroy.yml"
;;
(bootstrap-servers)
ACTION="Deploying Playbooks"
PLAYBOOK="${BASEDIR}/ansible/kolla-host.yml"
EXTRA_OPTS="$EXTRA_OPTS -e action=bootstrap-servers"
;;
(deploy)
ACTION="Deploying Playbooks"
EXTRA_OPTS="$EXTRA_OPTS -e action=deploy"