Merge "Separate per-service host configuration tasks"

2020-04-05 16:40:27 +00:00 · 2020-04-05 16:40:27 +00:00 · 7c92e56cfd
commit 7c92e56cfd
parent 3122e6151c fdea19a305
25 changed files with 132 additions and 96 deletions
--- a/ansible/roles/elasticsearch/tasks/config-host.yml
+++ b/ansible/roles/elasticsearch/tasks/config-host.yml
@ -0,0 +1,12 @@
+---
+- name: Setting sysctl values
+  become: true
+  sysctl:
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
+    sysctl_set: yes
+  with_items:
+    - { name: "vm.max_map_count", value: 262144}
+  when:
+    - set_sysctl | bool
+    - inventory_hostname in groups['elasticsearch']
--- a/ansible/roles/elasticsearch/tasks/config.yml
+++ b/ansible/roles/elasticsearch/tasks/config.yml
@ -1,13 +1,4 @@
 ---
- name: Setting sysctl values
-  become: true
-  sysctl: name={{ item.name }} value={{ item.value }} sysctl_set=yes
-  with_items:
-    - { name: "vm.max_map_count", value: 262144}
-  when:
-    - set_sysctl | bool
-    - inventory_hostname in groups['elasticsearch']
-
 - name: Ensuring config directories exist
  file:
    path: "{{ node_config_directory }}/{{ item.key }}"
--- a/ansible/roles/elasticsearch/tasks/deploy.yml
+++ b/ansible/roles/elasticsearch/tasks/deploy.yml
@ -1,4 +1,6 @@
 ---
+- include_tasks: config-host.yml
+
 - include_tasks: config.yml

 - name: Flush handlers
--- a/ansible/roles/haproxy/tasks/config-host.yml
+++ b/ansible/roles/haproxy/tasks/config-host.yml
@ -0,0 +1,20 @@
+---
+- name: Setting sysctl values
+  sysctl:
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
+    sysctl_set: yes
+  become: true
+  with_items:
+    - { name: "net.ipv4.ip_nonlocal_bind", value: 1}
+    - { name: "net.ipv6.ip_nonlocal_bind", value: 1}
+    - { name: "net.unix.max_dgram_qlen", value: 128}
+  when:
+    - set_sysctl | bool
+
+- name: Load and persist keepalived module
+  import_role:
+    name: module-load
+  vars:
+    modules:
+      - {'name': ip_vs }
--- a/ansible/roles/haproxy/tasks/config.yml
+++ b/ansible/roles/haproxy/tasks/config.yml
@ -1,14 +1,4 @@
 ---
- name: Setting sysctl values
-  sysctl: name={{ item.name }} value={{ item.value }} sysctl_set=yes
-  become: true
-  with_items:
-    - { name: "net.ipv4.ip_nonlocal_bind", value: 1}
-    - { name: "net.ipv6.ip_nonlocal_bind", value: 1}
-    - { name: "net.unix.max_dgram_qlen", value: 128}
-  when:
-    - set_sysctl | bool
-
 - name: Ensuring config directories exist
  file:
    path: "{{ node_config_directory }}/{{ item.key }}"
@ -83,13 +73,6 @@
  notify:
    - Restart haproxy container

- name: Load and persist keepalived module
-  import_role:
-    name: module-load
-  vars:
-    modules:
-      - {'name': ip_vs }
-
 - name: Copying over keepalived.conf
  vars:
    service: "{{ haproxy_services['keepalived'] }}"
--- a/ansible/roles/haproxy/tasks/deploy.yml
+++ b/ansible/roles/haproxy/tasks/deploy.yml
@ -1,4 +1,6 @@
 ---
+- include_tasks: config-host.yml
+
 - include_tasks: config.yml

 - name: Flush handlers
--- a/ansible/roles/ironic/tasks/config-host.yml
+++ b/ansible/roles/ironic/tasks/config-host.yml
@ -0,0 +1,8 @@
+---
+- name: Load and persist iscsi_tcp module
+  import_role:
+    name: module-load
+  vars:
+    modules:
+      - {'name': iscsi_tcp}
+  when: inventory_hostname in groups['ironic-conductor']
--- a/ansible/roles/ironic/tasks/config.yml
+++ b/ansible/roles/ironic/tasks/config.yml
@ -1,11 +1,4 @@
 ---
- name: Load and persist iscsi_tcp module
-  import_role:
-    name: module-load
-  vars:
-    modules:
-      - {'name': iscsi_tcp}
-
 - name: Ensuring config directories exist
  file:
    path: "{{ node_config_directory }}/{{ item.key }}"
--- a/ansible/roles/ironic/tasks/deploy.yml
+++ b/ansible/roles/ironic/tasks/deploy.yml
@ -4,6 +4,8 @@
        (inventory_hostname in groups['ironic-api'] or
        inventory_hostname in groups['ironic-inspector'])

+- include_tasks: config-host.yml
+
 - include_tasks: config.yml
  when: inventory_hostname in groups['ironic-api'] or
        inventory_hostname in groups['ironic-conductor'] or
--- a/ansible/roles/iscsi/tasks/config-host.yml
+++ b/ansible/roles/iscsi/tasks/config-host.yml
@ -0,0 +1,10 @@
+---
+- name: Load and persist configfs module
+  import_role:
+    name: module-load
+  vars:
+    modules:
+      - name: configfs
+  when:
+    - inventory_hostname in groups[iscsi_services.iscsid.group]
+    - iscsi_services.iscsid.enabled | bool
--- a/ansible/roles/iscsi/tasks/config.yml
+++ b/ansible/roles/iscsi/tasks/config.yml
@ -1,14 +1,4 @@
 ---
- name: Load and persist configfs module
-  import_role:
-    name: module-load
-  vars:
-    modules:
-      - name: configfs
-  when:
-    - inventory_hostname in groups[iscsi_services.iscsid.group]
-    - iscsi_services.iscsid.enabled | bool
-
 - name: Ensuring config directories exist
  file:
    path: "{{ node_config_directory }}/{{ item.key }}"
--- a/ansible/roles/iscsi/tasks/deploy.yml
+++ b/ansible/roles/iscsi/tasks/deploy.yml
@ -1,4 +1,6 @@
 ---
+- include_tasks: config-host.yml
+
 - include_tasks: config.yml

 - name: Flush handlers
--- a/ansible/roles/multipathd/tasks/config-host.yml
+++ b/ansible/roles/multipathd/tasks/config-host.yml
@ -0,0 +1,7 @@
+---
+- name: Load and persist dm-multipath module
+  import_role:
+    name: module-load
+  vars:
+    modules:
+      - {'name': dm-multipath}
--- a/ansible/roles/multipathd/tasks/config.yml
+++ b/ansible/roles/multipathd/tasks/config.yml
@ -1,11 +1,4 @@
 ---
- name: Load and persist dm-multipath module
-  import_role:
-    name: module-load
-  vars:
-    modules:
-      - {'name': dm-multipath}
-
 - name: Ensuring config directories exist
  file:
    path: "{{ node_config_directory }}/{{ item.key }}"
--- a/ansible/roles/multipathd/tasks/deploy.yml
+++ b/ansible/roles/multipathd/tasks/deploy.yml
@ -1,4 +1,6 @@
 ---
+- include_tasks: config-host.yml
+
 - include_tasks: config.yml

 - name: Flush handlers
--- a/ansible/roles/neutron/tasks/config-host.yml
+++ b/ansible/roles/neutron/tasks/config-host.yml
@ -0,0 +1,30 @@
+---
+- name: Load and persist ip6_tables module
+  include_role:
+    name: module-load
+  vars:
+    modules:
+      - {'name': ip6_tables}
+  when: neutron_services | select_services_enabled_and_mapped_to_host | list | intersect([ "neutron-l3-agent", "neutron-linuxbridge-agent", "neutron-openvswitch-agent" ]) | list | length > 0
+
+- name: Setting sysctl values
+  become: true
+  vars:
+    neutron_l3_agent: "{{ neutron_services['neutron-l3-agent'] }}"
+  sysctl:
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
+    sysctl_set: yes
+  with_items:
+    - { name: "net.ipv4.ip_forward", value: 1}
+    - { name: "net.ipv4.conf.all.rp_filter", value: "{{ neutron_l3_agent_host_rp_filter_mode }}"}
+    - { name: "net.ipv4.conf.default.rp_filter", value: "{{ neutron_l3_agent_host_rp_filter_mode }}"}
+    - { name: "net.ipv4.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh1 }}"}
+    - { name: "net.ipv4.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh2 }}"}
+    - { name: "net.ipv4.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh3 }}"}
+    - { name: "net.ipv6.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh1 }}"}
+    - { name: "net.ipv6.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh2 }}"}
+    - { name: "net.ipv6.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh3 }}"}
+  when:
+    - set_sysctl | bool
+    - (neutron_l3_agent.enabled | bool and neutron_l3_agent.host_in_groups | bool)
--- a/ansible/roles/neutron/tasks/config.yml
+++ b/ansible/roles/neutron/tasks/config.yml
@ -1,31 +1,4 @@
 ---
- name: Load and persist ip6_tables module
-  include_role:
-    name: module-load
-  vars:
-    modules:
-      - {'name': ip6_tables}
-  when: neutron_services | select_services_enabled_and_mapped_to_host | list | intersect([ "neutron-l3-agent", "neutron-linuxbridge-agent", "neutron-openvswitch-agent" ]) | list | length > 0
-
- name: Setting sysctl values
-  become: true
-  vars:
-    neutron_l3_agent: "{{ neutron_services['neutron-l3-agent'] }}"
-  sysctl: name={{ item.name }} value={{ item.value }} sysctl_set=yes
-  with_items:
-    - { name: "net.ipv4.ip_forward", value: 1}
-    - { name: "net.ipv4.conf.all.rp_filter", value: "{{ neutron_l3_agent_host_rp_filter_mode }}"}
-    - { name: "net.ipv4.conf.default.rp_filter", value: "{{ neutron_l3_agent_host_rp_filter_mode }}"}
-    - { name: "net.ipv4.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh1 }}"}
-    - { name: "net.ipv4.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh2 }}"}
-    - { name: "net.ipv4.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh3 }}"}
-    - { name: "net.ipv6.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh1 }}"}
-    - { name: "net.ipv6.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh2 }}"}
-    - { name: "net.ipv6.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh3 }}"}
-  when:
-    - set_sysctl | bool
-    - (neutron_l3_agent.enabled | bool and neutron_l3_agent.host_in_groups | bool)
-
 - name: Ensuring config directories exist
  become: true
  file:
--- a/ansible/roles/neutron/tasks/deploy.yml
+++ b/ansible/roles/neutron/tasks/deploy.yml
@ -5,6 +5,8 @@
 - include_tasks: clone.yml
  when: neutron_dev_mode | bool

+- include_tasks: config-host.yml
+
 - include_tasks: config.yml

 - include_tasks: config-neutron-fake.yml
--- a/ansible/roles/nova-cell/tasks/config-host.yml
+++ b/ansible/roles/nova-cell/tasks/config-host.yml
@ -0,0 +1,15 @@
+---
+- name: Setting sysctl values
+  become: true
+  sysctl:
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
+    sysctl_set: yes
+  with_items:
+    - { name: "net.bridge.bridge-nf-call-iptables", value: 1}
+    - { name: "net.bridge.bridge-nf-call-ip6tables", value: 1}
+    - { name: "net.ipv4.conf.all.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"}
+    - { name: "net.ipv4.conf.default.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"}
+  when:
+    - set_sysctl | bool
+    - inventory_hostname in groups[nova_cell_compute_group]
--- a/ansible/roles/nova-cell/tasks/config.yml
+++ b/ansible/roles/nova-cell/tasks/config.yml
@ -1,16 +1,4 @@
 ---
- name: Setting sysctl values
-  become: true
-  sysctl: name={{ item.name }} value={{ item.value }} sysctl_set=yes
-  with_items:
-    - { name: "net.bridge.bridge-nf-call-iptables", value: 1}
-    - { name: "net.bridge.bridge-nf-call-ip6tables", value: 1}
-    - { name: "net.ipv4.conf.all.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"}
-    - { name: "net.ipv4.conf.default.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"}
-  when:
-    - set_sysctl | bool
-    - inventory_hostname in groups[nova_cell_compute_group]
-
 - name: Ensuring config directories exist
  become: true
  file:
--- a/ansible/roles/nova-cell/tasks/deploy.yml
+++ b/ansible/roles/nova-cell/tasks/deploy.yml
@ -7,6 +7,8 @@
 - include_tasks: clone.yml
  when: nova_dev_mode | bool

+- include_tasks: config-host.yml
+
 - include_tasks: config.yml

 - include_tasks: config-nova-fake.yml
--- a/ansible/roles/openvswitch/tasks/config-host.yml
+++ b/ansible/roles/openvswitch/tasks/config-host.yml
@ -0,0 +1,7 @@
+---
+- name: Load and persist openvswitch module
+  import_role:
+    name: module-load
+  vars:
+    modules:
+      - {'name': openvswitch}
--- a/ansible/roles/openvswitch/tasks/config.yml
+++ b/ansible/roles/openvswitch/tasks/config.yml
@ -1,11 +1,4 @@
 ---
- name: Load and persist openvswitch module
-  import_role:
-    name: module-load
-  vars:
-    modules:
-      - {'name': openvswitch}
-
 - name: Ensuring config directories exist
  become: true
  file:
--- a/ansible/roles/openvswitch/tasks/deploy.yml
+++ b/ansible/roles/openvswitch/tasks/deploy.yml
@ -1,4 +1,6 @@
 ---
+- include_tasks: config-host.yml
+
 - include_tasks: config.yml

 - name: Flush Handlers
--- a/releasenotes/notes/no-host-config-in-genconfig-7321f0dcfc9d728d.yaml
+++ b/releasenotes/notes/no-host-config-in-genconfig-7321f0dcfc9d728d.yaml
@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Fixes an issue where host configuration tasks (``sysctl``, loading kernel
+    modules) could be performed during the ``kolla-ansible genconfig`` command.
+    See `bug 1860161 <https://bugs.launchpad.net/kolla-ansible/+bug/1860161>`__
+    for details.