diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index afc4235698..2d2104566d 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -24,6 +24,11 @@ compute01 [storage] storage01 +[baremetal:children] +control +network +compute +storage # You can explicitly specify which hosts run each project by updating the # groups in the sections below. Common services are grouped together. diff --git a/ansible/kolla-host.yml b/ansible/kolla-host.yml new file mode 100644 index 0000000000..db50419ece --- /dev/null +++ b/ansible/kolla-host.yml @@ -0,0 +1,7 @@ +--- +- hosts: baremetal + gather_facts: no + roles: + - { role: baremetal, + tags: baremetal } + diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml new file mode 100644 index 0000000000..c2f8bccbae --- /dev/null +++ b/ansible/roles/baremetal/defaults/main.yml @@ -0,0 +1,41 @@ +--- +baremetal_nic: "{{ api_interface | default('em1') }}" + +docker_apt_url: "https://apt.dockerproject.org" +docker_apt_key_id: F76221572C52609D + +docker_yum_url: "https://yum.dockerproject.org" +docker_gpg_fingerprint: "58118E89F3A912897C070ADBF76221572C52609D" + +customize_etc_hosts: True + +create_kolla_user: True + +docker_storage_driver: "" + +debian_pkg_install: + - docker-engine=1.11.* + - git + - python-dev + - libssl-dev + - libffi-dev + - python-setuptools + - ntp + +redhat_pkg_install: + - epel-release + - docker-engine-1.11.0 + - git + - python-devel + - openssl-devel + - libffi-devel + - python-setuptools + - ntp + +ubuntu_pkg_removals: + - lxd + - lxc + - libvirt + +redhat_pkg_removals: + - libvirt diff --git a/ansible/roles/baremetal/tasks/append_to_etc_hosts.yml b/ansible/roles/baremetal/tasks/append_to_etc_hosts.yml new file mode 100644 index 0000000000..8b26d01016 --- /dev/null +++ b/ansible/roles/baremetal/tasks/append_to_etc_hosts.yml @@ -0,0 +1,17 @@ +--- +- name: get real node hostname + shell: echo $(hostname) + register: real_node_hostname + delegate_to: "{{ baremetal_node }}" + +- name: get real node ip + shell: ip -4 addr show "{{ hostvars[baremetal_node]['baremetal_nic'] }}" | grep -oP "(?<=inet )[\d\.]+(?=/)" + register: real_node_ip + delegate_to: "{{ baremetal_node }}" + +- name: Insert hosts entries for all kolla-ansible hosts + lineinfile: + dest=/etc/hosts + line="{{ real_node_ip.stdout }} {{ real_node_hostname.stdout.split('.')[0] }} {{ real_node_hostname.stdout }} {{ '#' }}a_kolla_ansible_host" + insertafter=".*kolla-ansible\ hosts" + state=present diff --git a/ansible/roles/baremetal/tasks/bootstrap-servers.yml b/ansible/roles/baremetal/tasks/bootstrap-servers.yml new file mode 100644 index 0000000000..3888ed5cb9 --- /dev/null +++ b/ansible/roles/baremetal/tasks/bootstrap-servers.yml @@ -0,0 +1,4 @@ +--- +- include: pre-install.yml +- include: install.yml +- include: post-install.yml diff --git a/ansible/roles/baremetal/tasks/install.yml b/ansible/roles/baremetal/tasks/install.yml new file mode 100644 index 0000000000..c1593f85fd --- /dev/null +++ b/ansible/roles/baremetal/tasks/install.yml @@ -0,0 +1,59 @@ +--- +- name: update apt cache + command: apt-get update + become: True + when: ansible_os_family == 'Debian' + +- name: install apt packages + package: name={{item}} state=present + become: True + with_items: "{{ debian_pkg_install }}" + when: ansible_os_family == 'Debian' + +- name: install wily kernel + package: name=linux-generic-lts-wily state=latest + register: kernel_updated + become: True + when: + - ansible_distribution|lower == "ubuntu" | bool + - ansible_distribution_release|lower == "trusty" | bool + +- name: set reboot required + set_fact: + reboot_required: True + when: + - kernel_updated is defined + - kernel_updated.changed + +- name: install deltarpm packages + package: name={{item}} state=installed + become: True + with_items: + - deltarpm + when: ansible_os_family == 'RedHat' + +- name: install yum packages + package: name={{item}} state=present + become: True + with_items: "{{ redhat_pkg_install }}" + when: ansible_os_family == 'RedHat' + +- name: install pip + easy_install: name=pip + become: True + +- name: Install docker-py + pip: name=docker-py state=latest + become: True + +- name: remove packages + package: name={{item}} state=absent + with_items: "{{ ubuntu_pkg_removals }}" + become: True + when: ansible_distribution|lower == "ubuntu" | bool + +- name: remove packages + package: name={{item}} state=absent + with_items: "{{ redhat_pkg_removals }}" + become: True + when: ansible_os_family == 'RedHat' diff --git a/ansible/roles/baremetal/tasks/main.yml b/ansible/roles/baremetal/tasks/main.yml new file mode 100644 index 0000000000..b017e8b4ad --- /dev/null +++ b/ansible/roles/baremetal/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include: "{{ action }}.yml" diff --git a/ansible/roles/baremetal/tasks/post-install.yml b/ansible/roles/baremetal/tasks/post-install.yml new file mode 100644 index 0000000000..1fa91be1f7 --- /dev/null +++ b/ansible/roles/baremetal/tasks/post-install.yml @@ -0,0 +1,79 @@ +--- + +- name: Ensure docker service directory exists + file: + path=/etc/systemd/system/docker.service.d + state=directory + recurse=yes + become: True + when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version > "14") or + (ansible_os_family == "RedHat") or (ansible_distribution == "Debian") + +- name: configure docker service + become: True + template: + src=docker_systemd_service.j2 + dest=/etc/systemd/system/docker.service.d/kolla.conf + when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version > "14") or + (ansible_os_family == "RedHat") or (ansible_distribution == "Debian") + +- name: reload docker service file + become: True + command: systemctl daemon-reload + when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version > "14") or + (ansible_os_family == "RedHat") or (ansible_distribution == "Debian") + +- name: configure docker service + become: True + template: + src=docker_defaults.j2 + dest=/etc/default/docker + when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "15") + +- name: docker mount shared + command: mount --make-shared /run + become: True + when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "15") + +- name: remove apparmor profile for libvirt + command: apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd + become: True + when: ansible_distribution == "Ubuntu" + +- name: create docker group + group: + name: docker + become: True + +- name: add kolla user to docker group + user: + name: kolla + append: yes + groups: docker + become: True + when: create_kolla_user | bool == True + +- name: start docker + service: + name: docker + state: started + become: yes + +- name: restart docker + service: + name: docker + state: restarted + become: yes + +- name: enable docker + service: + name: docker + enabled: yes + become: yes + +- name: reboot + command: reboot -f + become: yes + when: + - reboot_required is defined + - reboot_required | bool == true diff --git a/ansible/roles/baremetal/tasks/pre-install.yml b/ansible/roles/baremetal/tasks/pre-install.yml new file mode 100644 index 0000000000..9aa13c2564 --- /dev/null +++ b/ansible/roles/baremetal/tasks/pre-install.yml @@ -0,0 +1,154 @@ +--- + +- name: "install python2 and python-simplejson" + become: true + raw: "yum install -y python python-simplejson || apt-get install -y python2.7 python-simplejson" + +- name: gather facts + setup: + +- name: get node hostname + shell: echo $(hostname) + register: node_hostname + +- name: update /etc/hosts with hostname + lineinfile: + dest: /etc/hosts + regexp: "127.0.0.1 {{ node_hostname.stdout }} localhost" + line: "127.0.0.1 {{ node_hostname.stdout }} localhost" + state: present + become: True + when: customize_etc_hosts | bool == True + +- name: Remove all previous kolla-ansible hosts entries to prevent cruft + lineinfile: + dest=/etc/hosts + regexp="{{ '#' }}a_kolla-ansible_host" + state=absent + become: True + when: customize_etc_hosts | bool == True + +- name: Insert a comment after EOF to put our entries under, IF it is not already present + lineinfile: + dest=/etc/hosts + regexp="{{ '#' }}kolla-ansible hosts" + line="{{ '#' }}kolla-ansible hosts" + insertafter=EOF + state=present + become: True + when: customize_etc_hosts | bool == True + +- include: append_to_etc_hosts.yml + with_inventory_hostnames: baremetal + loop_control: + loop_var: baremetal_node + become: True + when: customize_etc_hosts | bool == True + +- name: ensure sudo group is present + group: name=sudo state=present + become: True + +- name: ensure kolla group is present + group: name=kolla state=present + become: True + when: create_kolla_user | bool == True + +- name: create kolla user + user: + name: kolla + state: present + group: kolla + groups: "sudo" + become: True + when: create_kolla_user | bool == True + +- name: grant kolla user passwordless sudo + lineinfile: + dest: /etc/sudoers + state: present + regexp: '^kolla' + line: 'kolla ALL=(ALL) NOPASSWD: ALL' + become: True + when: create_kolla_user | bool == True + +- name: add public key to kolla user authorized keys + authorized_key: + user: kolla + key: "{{ kolla_ssh_key.public_key }}" + become: True + when: create_kolla_user | bool == True + +- name: install apt packages + command: apt-get update + become: True + when: ansible_os_family == 'Debian' + +- name: install ubuntu ca certs + package: name={{item}} state=latest + become: True + with_items: + - ca-certificates + - apt-transport-https + when: + - ansible_os_family == 'Debian' + +- name: Ensure apt sources list directory exists + file: path=/etc/apt/sources.list.d state=directory recurse=yes + become: True + when: ansible_os_family == 'Debian' + +- name: enable docker repo apt + template: + src: docker_apt_repo.j2 + dest: /etc/apt/sources.list.d/docker.list + become: True + when: ansible_os_family == 'Debian' + +- name: install docker apt gpg key + apt_key: + url: "{{ docker_apt_url }}/gpg" + id: "{{ docker_apt_key_id }}" + state: present + become: True + when: + - ansible_os_family == 'Debian' + - ansible_distribution == 'Ubuntu' + +- name: Ensure yum repos directory exists + file: path=/etc/yum.repos.d/ state=directory recurse=yes + become: True + when: ansible_os_family == 'RedHat' + +- name: enable docker repo yum + become: True + template: + src: docker_yum_repo.j2 + dest: /etc/yum.repos.d/docker.repo + when: ansible_os_family == 'RedHat' + +- name: install docker rpm gpg key + rpm_key: + state: present + key: "{{ docker_yum_url }}/gpg" + become: True + when: ansible_os_family == 'RedHat' + +- name: Ensure /etc/kolla directory exists + file: + path: /etc/kolla + state: directory + recurse: yes + owner: kolla + mode: 755 + become: True + when: create_kolla_user | bool == True + +- name: Ensure /etc/kolla directory exists + file: + path: /etc/kolla + state: directory + recurse: yes + mode: 666 + become: True + when: create_kolla_user | bool == False diff --git a/ansible/roles/baremetal/templates/docker_apt_repo.j2 b/ansible/roles/baremetal/templates/docker_apt_repo.j2 new file mode 100644 index 0000000000..a317c5b56f --- /dev/null +++ b/ansible/roles/baremetal/templates/docker_apt_repo.j2 @@ -0,0 +1,2 @@ +# main docker repo +deb {{docker_apt_url}}/repo {{ansible_distribution|lower}}-{{ansible_distribution_release|lower}} main diff --git a/ansible/roles/baremetal/templates/docker_defaults.j2 b/ansible/roles/baremetal/templates/docker_defaults.j2 new file mode 100644 index 0000000000..0b6b375bb5 --- /dev/null +++ b/ansible/roles/baremetal/templates/docker_defaults.j2 @@ -0,0 +1,26 @@ +# Docker Upstart and SysVinit configuration file + +# +# THIS FILE DOES NOT APPLY TO SYSTEMD +# +# Please see the documentation for "systemd drop-ins": +# https://docs.docker.com/engine/articles/systemd/ +# + +# Customize location of Docker binary (especially for development testing). +#DOCKERD="/usr/local/bin/dockerd" + +# Use DOCKER_OPTS to modify the daemon startup options. +DOCKER_OPTS="" +{% if docker_storage_driver %} +DOCKER_OPTS="$DOCKER_OPTS --storage-driver={{ docker_storage_driver }}" +{% endif %} +{% if docker_registry %} +DOCKER_OPTS="$DOCKER_OPTS --insecure-registry {{ docker_registry }}" +{% endif %} + +# If you need Docker to use an HTTP proxy, it can also be specified here. +#export http_proxy="http://127.0.0.1:3128/" + +# This is also a handy place to tweak where Docker's temporary files go. +#export TMPDIR="/mnt/bigdrive/docker-tmp" diff --git a/ansible/roles/baremetal/templates/docker_systemd_service.j2 b/ansible/roles/baremetal/templates/docker_systemd_service.j2 new file mode 100644 index 0000000000..fb021a677f --- /dev/null +++ b/ansible/roles/baremetal/templates/docker_systemd_service.j2 @@ -0,0 +1,11 @@ +[Service] +MountFlags=shared +ExecStart= +ExecStart=/usr/bin/docker daemon \ +{% if docker_registry %} +--insecure-registry {{ docker_registry }} \ +{% endif %} +{% if docker_storage_driver %} +--storage-driver={{ docker_storage_driver }} +{% endif %} + -H fd:// diff --git a/ansible/roles/baremetal/templates/docker_yum_repo.j2 b/ansible/roles/baremetal/templates/docker_yum_repo.j2 new file mode 100644 index 0000000000..a165efab20 --- /dev/null +++ b/ansible/roles/baremetal/templates/docker_yum_repo.j2 @@ -0,0 +1,6 @@ +[docker-repo] +name=Docker main Repository +baseurl={{docker_yum_url}}/repo/main/{{ansible_distribution|lower}}/{{ansible_distribution_major_version|lower}} +enabled=1 +gpgcheck=1 +gpgkey={{docker_yum_url}}/gpg diff --git a/ansible/roles/prechecks/tasks/service_checks.yml b/ansible/roles/prechecks/tasks/service_checks.yml index 29e9f90173..42335ab394 100644 --- a/ansible/roles/prechecks/tasks/service_checks.yml +++ b/ansible/roles/prechecks/tasks/service_checks.yml @@ -41,4 +41,4 @@ local_action: command grep '^[^#].*:\s*$' "{{ CONFIG_DIR }}/passwords.yml" register: result changed_when: false - failed_when: result.stdout | regex_replace('(.*nova_ssh_key.*)', '') | search(":") + failed_when: result.stdout | regex_replace('(.*ssh_key.*)', '') | search(":") diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index b026cb89a7..18e0b9dc1e 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -77,6 +77,10 @@ nova_ssh_key: private_key: public_key: +kolla_ssh_key: + private_key: + public_key: + #################### # RabbitMQ options #################### diff --git a/kolla/cmd/genpwd.py b/kolla/cmd/genpwd.py index ad77a77c0f..b45fa56adc 100755 --- a/kolla/cmd/genpwd.py +++ b/kolla/cmd/genpwd.py @@ -43,7 +43,7 @@ def main(): uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid'] # SSH key pair - ssh_keys = ['nova_ssh_key'] + ssh_keys = ['kolla_ssh_key', 'nova_ssh_key'] # If these keys are None, leave them as None blank_keys = ['docker_registry_password'] diff --git a/releasenotes/notes/kolla-host-584270e3aee6dfd6.yaml b/releasenotes/notes/kolla-host-584270e3aee6dfd6.yaml new file mode 100644 index 0000000000..b3ad9794e2 --- /dev/null +++ b/releasenotes/notes/kolla-host-584270e3aee6dfd6.yaml @@ -0,0 +1,29 @@ +--- +prelude: > + - In the Newton cycle a new kolla-host playbook was + introduced. The kolla-host playbook is intended to + prepare servers for use as kolla deployment hosts. + The kolla-host playbook requires the nodes to have + an os installed and be reachable via ssh. Currently + the kolla-host playbook supports ubuntu 14.04, + ubuntu 16.04 and centos 7.2 as target servers. + See features section for more details. +features: + - The kolla-host playbook supports bootrapping + clean os installations to enable them to be + used as kolla hosts. When the playbook completes + the bootstraped systems should pass the kolla + prechecks. + - The kolla-host playbook will install docker 1.11 + and docker-py on all baremetal nodes. + - The kolla-host playbook will configure /etc/host + with the hostname and ip address of all nodes + in the kolla inventroy if customize_etc_host + set to its default value of True. +security: + - The kolla-host playbook will create a kolla user + on all nodes using the ssh-key specified in the + passwords.yml. The kolla user will be granted + passwordless sudo privalages on the host. + this behavior can be disabled by setting + create_kolla_user=False diff --git a/tools/kolla-ansible b/tools/kolla-ansible index 030f0323e6..a37cbbf7b2 100755 --- a/tools/kolla-ansible +++ b/tools/kolla-ansible @@ -41,6 +41,7 @@ Options: Commands: prechecks Do pre-deployment checks for hosts mariadb_recovery Recover a completely stopped mariadb cluster + bootstrap-servers bootstrap servers with kolla deploy dependencies deploy Deploy and start all kolla containers destroy Destroy Kolla containers, volumes and host configuration ('-e destroy_include_images=yes' to also destroy Kolla images) @@ -144,6 +145,11 @@ case "$1" in ACTION="Destroy Kolla containers, volumes and host configuration" PLAYBOOK="${BASEDIR}/ansible/destroy.yml" ;; +(bootstrap-servers) + ACTION="Deploying Playbooks" + PLAYBOOK="${BASEDIR}/ansible/kolla-host.yml" + EXTRA_OPTS="$EXTRA_OPTS -e action=bootstrap-servers" + ;; (deploy) ACTION="Deploying Playbooks" EXTRA_OPTS="$EXTRA_OPTS -e action=deploy"