openstack/kolla-ansible
Code Issues Proposed changes
d8300d5ae7
kolla-ansible/tests/pre.yml
Michal Nasiadka 241e34748d Upgrade virtualenv in pre 
Since virtualenv 20.0 (amongst other changes) six version >1.12.0 is required.
This change adds upgrade of virtualenv and six in pre - to be reverted once
infra CentOS images are sorted out.

Change-Id: I0ca0347bb6ebc5d8f5d22f708211e01221165262
2020-02-12 13:48:25 +01:00

161 lines
5.8 KiB
YAML
Raw Blame History

---
- hosts: all
any_errors_fatal: true
vars:
logs_dir: "/tmp/logs"
roles:
- bindep
- multi-node-firewall
tasks:
# TODO(mnasiadka): Remove once infra merges virtualenv fixes
- name: Upgrade virtualenv package
command: python3 -m pip install -U virtualenv
become: True
# We have had cases where the nodepool private IP address is not assigned,
# which causes hard to diagnose errors later on. Catch it early.
- name: Assert that the nodepool private IPv4 address is assigned
assert:
that: nodepool.private_ipv4 in ansible_all_ipv4_addresses
fail_msg: >-
The nodepool private IP address {{ nodepool.private_ipv4 }} is not assigned
- name: Install dbus for debian system
apt: name=dbus
when:
- ansible_os_family == 'Debian'
become: true
- name: Ensure /tmp/logs/ dir
file:
path: "{{ logs_dir }}"
state: "directory"
- name: Ensure node directories
file:
path: "{{ logs_dir }}/{{ item }}"
state: "directory"
mode: 0777
with_items:
- "docker_logs"
- "kolla_configs"
- "system_logs"
- "kolla"
- "ansible"
- name: set new hostname based on ansible inventory file
hostname:
name: "{{ inventory_hostname }}"
become: true
# NOTE(yoctozepto): start VXLAN interface config
- name: Set VXLAN interface facts
set_fact:
api_interface_address: "{{ api_network_prefix }}{{ groups['all'].index(inventory_hostname) + 1 }}"
api_interface_tunnel_vni: 10001
tunnel_local_address: "{{ nodepool.private_ipv4 }}"
# NOTE(yoctozepto): CI VXLAN must use a different port than neutron-openvswitch-agent
# which defaults to 4789 (the default is used in CI)
# hence using port 4790
- name: Create VXLAN interface
become: true
command: ip link add {{ api_interface_name }} type vxlan id {{ api_interface_tunnel_vni }} local {{ tunnel_local_address }} dstport 4790
- name: Set VXLAN interface MTU
become: true
vars:
# Find the parent interface
parent_interface: >-
{{ ansible_interfaces |
map('extract', ansible_facts) |
selectattr('ipv4.address', 'defined') |
selectattr('ipv4.address', 'equalto', tunnel_local_address) |
first }}
# Allow 50 bytes overhead for VXLAN headers.
mtu: "{{ parent_interface.mtu | int - 50 }}"
command: ip link set {{ api_interface_name }} mtu {{ mtu }}
# emulate BUM by multiplicating traffic to unicast targets
- name: Add fdb entries for BUM traffic
become: true
vars:
dest_ip: "{{ hostvars[item].tunnel_local_address }}"
command: bridge fdb append 00:00:00:00:00:00 dev {{ api_interface_name }} dst {{ dest_ip }}
with_inventory_hostnames: all
when: item != inventory_hostname
- name: Add IPv4 address for VXLAN network
become: true
vars:
api_network_cidr: "{{ api_interface_address }}/{{ api_network_prefix_length }}"
# NOTE(yoctozepto): we have to compute and explicitly set the broadcast address,
# otherwise bifrost fails its pre-bootstrap sanity checks due to missing
# broadcast address as ansible picks up scope ('global') as the interface's
# broadcast address which fails checks logic
api_network_broadcast_address: "{{ api_network_cidr | ipaddr('broadcast') }}"
command: ip address add {{ api_network_cidr }} broadcast {{ api_network_broadcast_address }} dev {{ api_interface_name }}
when: address_family == 'ipv4'
# NOTE(yoctozepto): IPv6 has no broadcast address, let's not create confusion by setting it
- name: Add IPv6 address for VXLAN network
become: true
command: ip address add {{ api_interface_address }}/{{ api_network_prefix_length }} dev {{ api_interface_name }}
when: address_family == 'ipv6'
- name: Accept traffic on the VXLAN network (IN)
become: true
iptables:
state: present
action: insert
chain: INPUT
ip_version: "{{ address_family }}"
in_interface: "{{ api_interface_name }}"
jump: ACCEPT
# NOTE(yoctozepto): the default policy is ACCEPT but it is nicer to get statistics
- name: Accept traffic on the VXLAN network (OUT)
become: true
iptables:
state: present
action: insert
chain: OUTPUT
ip_version: "{{ address_family }}"
out_interface: "{{ api_interface_name }}"
jump: ACCEPT
- name: Bring VXLAN interface up
become: true
command: ip link set {{ api_interface_name }} up
# NOTE(yoctozepto): IPv6 DAD may delay proper address assignment
# this task will wait until DAD is done and addresses are no longer tentative
# we assign addresses uniquely so DAD can only move it to preferred
# hence we only check whether it's no longer tentative
- name: Ensure IPv6 addresses on VXLAN are no longer tentative
become: true
command: ip -o address show tentative dev {{ api_interface_name }}
register: tentative_addresses
until: tentative_addresses.stdout == ''
retries: 30
delay: 2
when:
- address_family == 'ipv6'
- name: Ping across VXLAN
vars:
ping_command: "{{ 'ping' if address_family == 'ipv4' else 'ping6' }}"
command: "{{ ping_command }} -c1 {{ hostvars[item].api_interface_address }}"
with_inventory_hostnames: all
# NOTE(yoctozepto): CentOS 7 image uses myhostname plugin for NSS
# which creates issues with IPv6-only deployment by providing
# an IPv4 address for the current hostname (affects rabbitmq)
- name: Disable myhostname NSS plugin
become: true
replace:
path: /etc/nsswitch.conf
regexp: ' myhostname'
replace: ''
View Git Blame Copy Permalink