From bbd5e7af26a2f8e07db2b5b56c475838eefa11e8 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Mon, 30 Sep 2024 15:12:10 +0200 Subject: [PATCH] Add OpenStack playbooks to openstack-ansible-plugins collection Needed-By: https://review.opendev.org/c/openstack/openstack-ansible/+/930909 Change-Id: I55c82019eaba17ca0da61ead1aad62236c84f221 --- playbooks/adjutant.yml | 100 +++++++++ playbooks/aodh.yaml | 106 ++++++++++ playbooks/barbican.yml | 104 ++++++++++ playbooks/blazar.yml | 108 ++++++++++ playbooks/ceilometer.yml | 57 ++++++ playbooks/ceph_rgw_install.yml | 122 +++++++++++ playbooks/ceph_rgw_keystone_setup.yml | 115 +++++++++++ playbooks/cinder.yml | 68 +++++++ playbooks/cloudkitty.yml | 101 ++++++++++ playbooks/common/cinder.yml | 140 +++++++++++++ playbooks/common/neutron.yml | 113 +++++++++++ playbooks/designate.yml | 107 ++++++++++ playbooks/glance.yml | 120 +++++++++++ playbooks/gnocchi.yml | 108 ++++++++++ playbooks/heat.yml | 107 ++++++++++ playbooks/horizon.yml | 106 ++++++++++ playbooks/ironic.yml | 107 ++++++++++ playbooks/keystone.yml | 242 ++++++++++++++++++++++ playbooks/magnum.yml | 108 ++++++++++ playbooks/manila.yml | 131 ++++++++++++ playbooks/masakari.yml | 138 +++++++++++++ playbooks/mistral.yml | 109 ++++++++++ playbooks/neutron.yml | 78 ++++++++ playbooks/nova.yml | 278 ++++++++++++++++++++++++++ playbooks/octavia.yml | 108 ++++++++++ playbooks/openstack_hosts_setup.yml | 2 +- playbooks/placement.yml | 108 ++++++++++ playbooks/rally.yml | 49 +++++ playbooks/setup_openstack.yml | 112 +++++++++++ playbooks/skyline.yml | 71 +++++++ playbooks/swift.yml | 82 ++++++++ playbooks/swift_sync.yml | 37 ++++ playbooks/tacker.yml | 96 +++++++++ playbooks/tempest.yml | 54 +++++ playbooks/trove.yml | 108 ++++++++++ playbooks/zun.yml | 119 +++++++++++ 36 files changed, 3818 insertions(+), 1 deletion(-) create mode 100644 playbooks/adjutant.yml create mode 100644 playbooks/aodh.yaml create mode 100644 playbooks/barbican.yml create mode 100644 playbooks/blazar.yml create mode 100644 playbooks/ceilometer.yml create mode 100644 playbooks/ceph_rgw_install.yml create mode 100644 playbooks/ceph_rgw_keystone_setup.yml create mode 100644 playbooks/cinder.yml create mode 100644 playbooks/cloudkitty.yml create mode 100644 playbooks/common/cinder.yml create mode 100644 playbooks/common/neutron.yml create mode 100644 playbooks/designate.yml create mode 100644 playbooks/glance.yml create mode 100644 playbooks/gnocchi.yml create mode 100644 playbooks/heat.yml create mode 100644 playbooks/horizon.yml create mode 100644 playbooks/ironic.yml create mode 100644 playbooks/keystone.yml create mode 100644 playbooks/magnum.yml create mode 100644 playbooks/manila.yml create mode 100644 playbooks/masakari.yml create mode 100644 playbooks/mistral.yml create mode 100644 playbooks/neutron.yml create mode 100644 playbooks/nova.yml create mode 100644 playbooks/octavia.yml create mode 100644 playbooks/placement.yml create mode 100644 playbooks/rally.yml create mode 100644 playbooks/setup_openstack.yml create mode 100644 playbooks/skyline.yml create mode 100644 playbooks/swift.yml create mode 100644 playbooks/swift_sync.yml create mode 100644 playbooks/tacker.yml create mode 100644 playbooks/tempest.yml create mode 100644 playbooks/trove.yml create mode 100644 playbooks/zun.yml diff --git a/playbooks/adjutant.yml b/playbooks/adjutant.yml new file mode 100644 index 00000000..739ed86c --- /dev/null +++ b/playbooks/adjutant.yml @@ -0,0 +1,100 @@ +--- +# Copyright 2020, City Network International AB +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather adjutant facts + hosts: adjutant_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: adjutant_api + service_variable: "adjutant_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install adjutant services + hosts: adjutant_all + gather_facts: false + serial: "{{ adjutant_api_serial | default(['1','100%']) }}" + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: adjutant_api-back + haproxy_state: disabled + when: + - "'adjutant_api' in group_names" + - "groups['adjutant_api'] | length > 1" + tags: + - always + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + roles: + - role: "os_adjutant" + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: adjutant_api-back + haproxy_state: enabled + when: + - "'adjutant_api' in group_names" + - "groups['adjutant_api'] | length > 1" + tags: + - always diff --git a/playbooks/aodh.yaml b/playbooks/aodh.yaml new file mode 100644 index 00000000..ef668104 --- /dev/null +++ b/playbooks/aodh.yaml @@ -0,0 +1,106 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather aodh facts + hosts: aodh_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: aodh_api + service_variable: "aodh_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install the aodh components + hosts: aodh_all + gather_facts: false + serial: "{{ aodh_serial | default(['1','100%']) }}" + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: aodh_api-back + haproxy_state: disabled + when: + - "'aodh_api' in group_names" + - "groups['aodh_api'] | length > 1" + tags: + - always + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + roles: + - role: "os_aodh" + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: aodh_api-back + haproxy_state: enabled + when: + - "'aodh_api' in group_names" + - "groups['aodh_api'] | length > 1" + tags: + - always diff --git a/playbooks/barbican.yml b/playbooks/barbican.yml new file mode 100644 index 00000000..4c7afa5e --- /dev/null +++ b/playbooks/barbican.yml @@ -0,0 +1,104 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather barbican facts + hosts: barbican_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: barbican_api + service_variable: "barbican_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Installation and setup of barbican + hosts: barbican_all + gather_facts: false + serial: "{{ barbican_serial | default(['1','100%']) }}" + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: barbican-back + haproxy_state: disabled + when: + - "'barbican_api' in group_names" + - "groups['barbican_api'] | length > 1" + tags: + - always + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + roles: + - role: "os_barbican" + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: barbican-back + haproxy_state: enabled + when: + - "'barbican_api' in group_names" + - "groups['barbican_api'] | length > 1" + tags: + - always diff --git a/playbooks/blazar.yml b/playbooks/blazar.yml new file mode 100644 index 00000000..ad096925 --- /dev/null +++ b/playbooks/blazar.yml @@ -0,0 +1,108 @@ +--- +# Copyright 2018, taseer94@gmail.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather blazar facts + hosts: blazar_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: blazar_api + service_variable: "blazar_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install blazar components + hosts: blazar_all + gather_facts: false + serial: "{{ blazar_serial | default(['1','100%']) }}" + environment: "{{ deployment_environment_variables | default({}) }}" + user: root + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: blazar_api-back + haproxy_state: disabled + when: + - "'blazar_api' in group_names" + - "groups['blazar_api'] | length > 1" + tags: + - always + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + roles: + - role: "os_blazar" + - role: "openstack.osa.system_crontab_coordination" + tags: + - crontab + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: blazar_api-back + haproxy_state: enabled + when: + - "'blazar_api' in group_names" + - "groups['blazar_api'] | length > 1" + tags: + - always diff --git a/playbooks/ceilometer.yml b/playbooks/ceilometer.yml new file mode 100644 index 00000000..e3415e67 --- /dev/null +++ b/playbooks/ceilometer.yml @@ -0,0 +1,57 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather ceilometer facts + hosts: ceilometer_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Install the ceilometer components + hosts: ceilometer_all + gather_facts: false + serial: "{{ ceilometer_serial | default(['1','100%']) }}" + user: root + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + roles: + - role: "os_ceilometer" + + environment: "{{ deployment_environment_variables | default({}) }}" diff --git a/playbooks/ceph_rgw_install.yml b/playbooks/ceph_rgw_install.yml new file mode 100644 index 00000000..77534f3e --- /dev/null +++ b/playbooks/ceph_rgw_install.yml @@ -0,0 +1,122 @@ +--- +# Copyright 2017, Logan Vig +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Importing ceph_rgw_keystone_setup playbook + import_playbook: openstack.osa.ceph_rgw_keystone_setup + when: (groups[rgw_group_name] is defined and groups[rgw_group_name] | length > 0) or (ceph_rgws | length > 0) + +- name: Gather ceph-rgw facts + hosts: ceph-rgw + gather_facts: "{{ osa_gather_facts | default(True) }}" + tags: + - always + +- name: Install ceph radosgw + hosts: ceph-rgw + gather_facts: false + user: root + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + - name: Including unbound-clients role + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + # Set the priority of the ceph community apt repo either above or below that of UCA or distro sources + - name: Set apt package pins + include_role: + name: apt_package_pinning + vars: + apt_package_pinning_file_name: "ceph_community_pin.pref" + apt_package_pinning_priority: "{{ (ceph_repository == 'community') | ternary(1000, 100) }}" + apt_pinned_packages: [{ package: '*', release: 'ceph.com' }] + when: + - ansible_facts['pkg_mgr'] == 'apt' + + - name: Install python3-yaml + package: + name: "{{ (ansible_facts['os_family'] | lower == 'debian') | ternary('python3-yaml', 'python3-pyyaml') }}" + state: present + + - name: Gather ceph-mon facts + action: setup + delegate_to: "{{ item }}" + delegate_facts: yes + with_items: "{{ groups[mon_group_name] }}" + when: + - inventory_hostname == ansible_play_hosts[0] + tags: + - ceph-mon-facts + - ceph-rgw + + - name: Create and install SSL certificates + include_role: + name: pki + tasks_from: main_certs.yml + apply: + tags: + - ceph-rgw-config + - pki + vars: + pki_setup_host: "{{ ceph_rgw_pki_setup_host }}" + pki_dir: "{{ ceph_rgw_pki_dir }}" + pki_create_certificates: "{{ ceph_rgw_user_ssl_cert is not defined and ceph_rgw_user_ssl_key is not defined }}" + pki_regen_cert: "{{ ceph_rgw_pki_regen_cert }}" + pki_certificates: "{{ ceph_rgw_pki_certificates }}" + pki_install_certificates: "{{ ceph_rgw_pki_install_certificates }}" + when: + - ceph_rgw_backend_ssl + tags: + - always + + roles: + - role: ceph-defaults + tags: + - skip_ansible_lint + - role: ceph-facts + tags: + - skip_ansible_lint + - role: ceph-common + tags: + - skip_ansible_lint + - role: ceph-handler + tags: + - skip_ansible_lint + - role: ceph-config + tags: + - skip_ansible_lint + - role: ceph-rgw + tags: + - skip_ansible_lint + - role: "openstack.osa.system_crontab_coordination" + tags: + - "system-crontab-coordination" + + vars: + is_metal: "{{ properties.is_metal|default(false) }}" + radosgw_civetweb_port: "{{ radosgw_service_port }}" + tags: + - ceph-rgw diff --git a/playbooks/ceph_rgw_keystone_setup.yml b/playbooks/ceph_rgw_keystone_setup.yml new file mode 100644 index 00000000..4c09cdfc --- /dev/null +++ b/playbooks/ceph_rgw_keystone_setup.yml @@ -0,0 +1,115 @@ +--- +# Copyright 2017, Logan Vig +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Configure keystone for radosgw + hosts: "{{ openstack_service_setup_host | default('localhost') }}" + user: root + vars: + ansible_python_interpreter: >- + {{ openstack_service_setup_host_python_interpreter | + default((openstack_service_setup_host | + default('localhost') == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }} + tags: + - ceph-rgw + - ceph-rgw-setup + - rgw-service-add + tasks: + - name: Setup installation variables + import_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method | default('source') }}" + tags: + - always + + - name: Add service to the keystone service catalog + openstack.cloud.catalog_service: + cloud: default + state: present + name: "{{ radosgw_service_name }}" + service_type: "{{ radosgw_service_type }}" + description: "{{ radosgw_service_description }}" + interface: admin + verify: "{{ not (keystone_service_adminuri_insecure | bool) }}" + register: add_service + until: add_service is success + retries: 5 + delay: 10 + tags: + - ceph-rgw-setup + - rgw-service-add + + - name: Add service user + openstack.cloud.identity_user: + cloud: default + state: present + name: "{{ radosgw_admin_user }}" + password: "{{ radosgw_admin_password }}" + domain: default + default_project: "{{ radosgw_admin_tenant }}" + interface: admin + verify: "{{ not (keystone_service_adminuri_insecure | bool) }}" + register: add_user + until: add_user is success + retries: 5 + delay: 10 + no_log: True + + - name: Add service user to roles + openstack.cloud.role_assignment: + cloud: default + state: present + user: "{{ radosgw_admin_user }}" + role: "{{ radosgw_role_name | default('admin') }}" + project: "{{ radosgw_admin_tenant }}" + interface: admin + verify: "{{ not (keystone_service_adminuri_insecure | bool) }}" + register: add_user_role + until: add_user_role is success + retries: 5 + delay: 10 + + - name: Add service role + openstack.cloud.identity_role: + cloud: default + state: present + name: "swiftoperator" + interface: admin + verify: "{{ not (keystone_service_adminuri_insecure | bool) }}" + register: add_role + until: add_role is success + retries: 5 + delay: 10 + + - name: Add endpoints to keystone endpoint catalog + openstack.cloud.endpoint: + cloud: default + state: present + service: "{{ radosgw_service_name }}" + endpoint_interface: "{{ item.interface }}" + url: "{{ item.url }}" + region: "{{ radosgw_service_region }}" + interface: admin + verify: "{{ not (keystone_service_adminuri_insecure | bool) }}" + register: add_service + until: add_service is success + retries: 5 + delay: 10 + with_items: + - interface: "public" + url: "{{ radosgw_service_publicurl }}" + - interface: "internal" + url: "{{ radosgw_service_internalurl }}" + - interface: "admin" + url: "{{ radosgw_service_adminurl }}" diff --git a/playbooks/cinder.yml b/playbooks/cinder.yml new file mode 100644 index 00000000..897bfded --- /dev/null +++ b/playbooks/cinder.yml @@ -0,0 +1,68 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather cinder facts + hosts: cinder_all + gather_facts: false + tags: + - always + tasks: + - name: Gather minimal facts for cinder + setup: + gather_subset: + - "!all" + - min + when: osa_gather_facts | default(True) + + - name: Gather additional facts for cinder + setup: + gather_subset: "{{ cinder_gather_subset | default('processor_count') }}" + filter: "{{ cinder_gather_filter | default('ansible_processor*') }}" + when: osa_gather_facts | default(True) + +- name: Install cinder scheduler services + import_playbook: openstack.osa.common.cinder + vars: + cinder_hosts: "cinder_scheduler:!cinder_api" + cinder_serial: "{{ cinder_scheduler_serial | default(['1', '100%']) }}" + +- name: Install cinder volume services + import_playbook: openstack.osa.common.cinder + vars: + cinder_hosts: "cinder_volume:!cinder_scheduler:!cinder_api" + cinder_serial: "{{ cinder_backend_serial | default(['1', '100%']) }}" + +- name: Install cinder backup services + import_playbook: openstack.osa.common.cinder + vars: + cinder_hosts: "cinder_backup:!cinder_volume:!cinder_scheduler:!cinder_api" + cinder_serial: "{{ cinder_backend_serial | default(['1', '100%']) }}" + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: cinder_api + service_variable: "cinder_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install cinder API services + import_playbook: openstack.osa.common.cinder + vars: + cinder_hosts: "cinder_api" + cinder_serial: "{{ cinder_api_serial | default(['1', '100%']) }}" diff --git a/playbooks/cloudkitty.yml b/playbooks/cloudkitty.yml new file mode 100644 index 00000000..44c01d80 --- /dev/null +++ b/playbooks/cloudkitty.yml @@ -0,0 +1,101 @@ +--- +# Copyright 2021, ELITS Cloud Services AB +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +- name: Gather cloudkitty facts + hosts: cloudkitty_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: cloudkitty_api + service_variable: "cloudkitty_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install cloudkitty services + hosts: cloudkitty_all + serial: "{{ cloudkitty_api_serial | default(['1', '100%']) }}" + gather_facts: false + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: cloudkitty_api-back + haproxy_state: disabled + when: + - "'cloudkitty_api' in group_names" + - "groups['cloudkitty_api'] | length > 1" + tags: + - always + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + roles: + - role: "os_cloudkitty" + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: cloudkitty_api-back + haproxy_state: enabled + when: + - "'cloudkitty_api' in group_names" + - "groups['cloudkitty_api'] | length > 1" + tags: + - always diff --git a/playbooks/common/cinder.yml b/playbooks/common/cinder.yml new file mode 100644 index 00000000..21a3fdf7 --- /dev/null +++ b/playbooks/common/cinder.yml @@ -0,0 +1,140 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install cinder services + hosts: "{{ cinder_hosts }}" + serial: "{{ cinder_serial }}" + gather_facts: false + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: cinder_api-back + haproxy_state: disabled + when: + - "'cinder_api' in group_names" + - "groups['cinder_api'] | length > 1" + tags: + - always + + - name: Determine storage bridge IP address + include_role: + name: openstack.osa.dynamic_address_fact + vars: + network_address: "storage_address" + tags: + - always + + - name: Configure container (cinder-volume) when lvm is in-use + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + vars: + extra_container_config: + - "lxc.autodev=0" + - "lxc.cgroup.devices.allow=a *:* rmw" + - "lxc.mount.entry=udev dev devtmpfs defaults 0 0" + extra_container_config_no_restart: + - "lxc.start.order=39" + when: + - "not is_metal" + - "'cinder_volume' in group_names" + - "cinder_backend_lvm_inuse | bool" + + - name: Configure container (other services) + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: + - "not is_metal" + - "not ( 'cinder_volume' in group_names and cinder_backend_lvm_inuse | bool )" + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + - name: Add volume group block device to cinder # noqa: no-changed-when + shell: | + set -o pipefail + {% if item.value.volume_group is defined %} + if [ "$(pvdisplay | grep -B1 {{ item.value.volume_group }} | awk '/PV/ {print $3}')" ];then + for device in `pvdisplay | grep -B1 {{ item.value.volume_group }} | awk '/PV/ {print $3}'` + do lxc-device -n {{ container_name }} add $device + done + fi + {% else %} + echo "{{ item.key }} volume_group not defined" + {% endif %} + args: + executable: /bin/bash + with_dict: "{{ cinder_backends | default({}) }}" + when: + - container_tech | default('lxc') == 'lxc' + - physical_host != container_name + - cinder_backend_lvm_inuse | bool + delegate_to: "{{ physical_host }}" + + - name: Trigger udevadm # noqa: no-changed-when + command: udevadm trigger + delegate_to: "{{ physical_host }}" + when: cinder_backend_lvm_inuse | bool + + roles: + - role: "os_cinder" + cinder_storage_address: "{{ storage_address }}" + + - role: "openstack.osa.system_crontab_coordination" + tags: + - crontab + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: cinder_api-back + haproxy_state: enabled + when: + - "'cinder_api' in group_names" + - "groups['cinder_api'] | length > 1" + tags: + - always diff --git a/playbooks/common/neutron.yml b/playbooks/common/neutron.yml new file mode 100644 index 00000000..ae43e8c7 --- /dev/null +++ b/playbooks/common/neutron.yml @@ -0,0 +1,113 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install neutron services + hosts: "{{ neutron_hosts }}" + serial: "{{ neutron_serial }}" + gather_facts: false + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: neutron_server-back + haproxy_state: disabled + when: + - "'neutron_server' in group_names" + - "groups['neutron_server'] | length > 1" + tags: + - always + + - name: Determine tunnel bridge IP address + include_role: + name: openstack.osa.dynamic_address_fact + vars: + network_address: "tunnel_address" + tags: + - always + + - name: Configure container (neutron-agent) + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + vars: + list_of_bind_mounts: + - bind_dir_path: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('/lib/modules', '/usr/lib/modules') }}" + mount_path: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('/lib/modules', '/usr/lib/modules') }}" + extra_container_config: + - "lxc.cgroup.devices.allow=a *:* rmw" + extra_container_config_no_restart: + - "lxc.start.order=29" + when: + - "not is_metal" + - "'neutron_agent' in group_names" + + - name: Configure container (other services) + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: + - "not is_metal" + - "'neutron_agent' not in group_names" + + - name: Including unbound_clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + roles: + - role: "os_neutron" + + - role: "openstack.osa.system_crontab_coordination" + tags: + - crontab + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: neutron_server-back + haproxy_state: enabled + when: + - "'neutron_server' in group_names" + - "groups['neutron_server'] | length > 1" + tags: + - always diff --git a/playbooks/designate.yml b/playbooks/designate.yml new file mode 100644 index 00000000..59ed1de6 --- /dev/null +++ b/playbooks/designate.yml @@ -0,0 +1,107 @@ +--- +# Copyright 2016 Internet Solutions (Pty) Ltd +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# (c) 2016 Donovan Francesco +# (c) 2016 Paul Stevens + +- name: Gather designate facts + hosts: designate_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: designate_api + service_variable: "designate_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install designate server + hosts: designate_all + gather_facts: false + serial: "{{ designate_serial | default(['1','100%']) }}" + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: designate_api-back + haproxy_state: disabled + when: + - "'designate_api' in group_names" + - "groups['designate_api'] | length > 1" + tags: + - always + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + roles: + - role: "os_designate" + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: designate_api-back + haproxy_state: enabled + when: + - "'designate_api' in group_names" + - "groups['designate_api'] | length > 1" + tags: + - always diff --git a/playbooks/glance.yml b/playbooks/glance.yml new file mode 100644 index 00000000..0ebdbe93 --- /dev/null +++ b/playbooks/glance.yml @@ -0,0 +1,120 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather glance facts + hosts: "glance_all" + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: glance_api + service_variable: "glance_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install glance services + hosts: "glance_all" + serial: "{{ glance_api_serial | default(['1', '100%']) }}" + gather_facts: false + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: glance_api-back + haproxy_state: disabled + when: + - "'glance_api' in group_names" + - "groups['glance_api'] | length > 1" + tags: + - always + + - name: Configure container (local storage bind mount from host) + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + vars: + list_of_bind_mounts: "{{ glance_container_bind_mounts }}" + when: + - not is_metal + - glance_default_store == "file" + - (glance_remote_client is not defined) or (glance_remote_client | length == 0) + + - name: Configure container (remote storage) + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: + - not is_metal + - (glance_default_store != "file") or (glance_remote_client is defined) + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + roles: + - role: "os_glance" + - role: "openstack.osa.system_crontab_coordination" + tags: + - crontab + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: glance_api-back + haproxy_state: enabled + when: + - "'glance_api' in group_names" + - "groups['glance_api'] | length > 1" + tags: + - always diff --git a/playbooks/gnocchi.yml b/playbooks/gnocchi.yml new file mode 100644 index 00000000..893f9889 --- /dev/null +++ b/playbooks/gnocchi.yml @@ -0,0 +1,108 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather gnocchi facts + hosts: gnocchi_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: gnocchi_api + service_variable: "gnocchi_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install Gnocchi components + hosts: gnocchi_all + gather_facts: false + serial: "{{ gnocchi_serial | default(['1','100%']) }}" + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: gnocchi-back + haproxy_state: disabled + when: + - "'gnocchi_all' in group_names" + - "groups['gnocchi_all'] | length > 1" + tags: + - always + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + vars: + list_of_bind_mounts: "{{ gnocchi_container_bind_mounts }}" + when: + - not is_metal + - (gnocchi_storage_driver | default('file')) != "file" + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + roles: + - role: "os_gnocchi" + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: gnocchi-back + haproxy_state: enabled + when: + - "'gnocchi_all' in group_names" + - "groups['gnocchi_all'] | length > 1" + tags: + - always diff --git a/playbooks/heat.yml b/playbooks/heat.yml new file mode 100644 index 00000000..7275432a --- /dev/null +++ b/playbooks/heat.yml @@ -0,0 +1,107 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather heat facts + hosts: heat_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: heat_api + service_variable: "heat_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install heat server + hosts: heat_all + gather_facts: false + serial: "{{ heat_serial | default(['1','100%']) }}" + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: heat_api-back + haproxy_state: disabled + when: + - "'heat_api' in group_names" + - "groups['heat_api'] | length > 1" + tags: + - always + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + roles: + - role: "os_heat" + - role: "openstack.osa.system_crontab_coordination" + tags: + - crontab + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: heat_api-back + haproxy_state: enabled + when: + - "'heat_api' in group_names" + - "groups['heat_api'] | length > 1" + tags: + - always diff --git a/playbooks/horizon.yml b/playbooks/horizon.yml new file mode 100644 index 00000000..4163e253 --- /dev/null +++ b/playbooks/horizon.yml @@ -0,0 +1,106 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather horizon facts + hosts: horizon_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: horizon_all + service_variable: "horizon_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install horizon server + hosts: horizon_all + gather_facts: false + serial: "{{ horizon_serial | default(['1','100%']) }}" + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: horizon-back + haproxy_state: disabled + when: + - "'horizon_all' in group_names" + - "groups['horizon_all'] | length > 1" + tags: + - always + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + roles: + - role: "os_horizon" + - role: "openstack.osa.system_crontab_coordination" + tags: + - crontab + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: horizon-back + haproxy_state: enabled + when: + - "'horizon_all' in group_names" + - "groups['horizon_all'] | length > 1" + tags: + - always diff --git a/playbooks/ironic.yml b/playbooks/ironic.yml new file mode 100644 index 00000000..f725d651 --- /dev/null +++ b/playbooks/ironic.yml @@ -0,0 +1,107 @@ +--- +# Copyright 2016, Rackspace, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather ironic facts + hosts: ironic_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: ironic_api + service_variable: "ironic_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Installation and setup of Ironic + hosts: ironic_all + gather_facts: false + serial: "{{ ironic_serial | default(['1','100%']) }}" + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: ironic_api-back + haproxy_state: disabled + when: + - "'ironic_api' in group_names" + - "groups['ironic_api'] | length > 1" + tags: + - always + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + roles: + - role: "os_ironic" + - role: "openstack.osa.system_crontab_coordination" + tags: + - crontab + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: ironic_api-back + haproxy_state: enabled + when: + - "'ironic_api' in group_names" + - "groups['ironic_api'] | length > 1" + tags: + - always diff --git a/playbooks/keystone.yml b/playbooks/keystone.yml new file mode 100644 index 00000000..27efa149 --- /dev/null +++ b/playbooks/keystone.yml @@ -0,0 +1,242 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# The openstack_openrc role gets executed on a designated service +# host which will handle all service/user/domain/project/role +# management for the roles. It is executed here as this is the +# first role which will use it and the implementation of the +# clouds.yaml file is useless until keystone is in place. +- name: Implement openrc/clouds.yaml on the designated service host + hosts: "{{ openstack_service_setup_host | default('localhost') }}" + gather_facts: "{{ osa_gather_facts | default(True) }}" + become: yes + tags: + - openrc + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + roles: + - role: "openstack_openrc" + +- name: Gather keystone facts + hosts: keystone_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Pre-service deployment + hosts: keystone_all + gather_facts: false + environment: "{{ deployment_environment_variables | default({}) }}" + tasks: + - name: "Pre-service deployment tasks from os_keystone role" + include_role: + name: os_keystone + tasks_from: main_pre.yml + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: keystone_all + service_variable: "keystone_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Installation and setup of Keystone + hosts: keystone_all + serial: "{{ keystone_serial | default(['1', '100%']) }}" + gather_facts: false + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: "keystone_service-back" + haproxy_state: disabled + when: + - "'keystone_all' in group_names" + - "groups['keystone_all'] | length > 1" + tags: + - always + + - name: Configure container + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + vars: + extra_container_config_no_restart: + - "lxc.start.order=19" + when: not is_metal + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + roles: + - role: "os_keystone" + - role: "openstack.osa.system_crontab_coordination" + tags: + - crontab + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: "keystone_service-back" + haproxy_state: enabled + when: + - "'keystone_all' in group_names" + - "groups['keystone_all'] | length > 1" + tags: + - always + +# These facts are set against the deployment host to ensure that +# they are fast to access. This is done in preference to setting +# them against each target as the hostvars extraction will take +# a long time if executed against a large inventory. +- name: Finalise data migrations if required + hosts: keystone_all + gather_facts: no + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + - name: Refresh local facts + setup: + filter: ansible_local + gather_subset: "!all" + + # This variable contains the values of the local fact set for the keystone + # venv tag for all hosts in the 'keystone_all' host group. + - name: Gather software version list + set_fact: + keystone_all_software_versions: "{{ (groups['keystone_all'] | + map('extract', hostvars, ['ansible_local', 'openstack_ansible', 'keystone', 'venv_tag'])) | + list }}" + delegate_to: localhost + run_once: yes + + # This variable outputs a boolean value which is True when + # keystone_all_software_versions contains a list of defined + # values. If they are not defined, it means that not all + # hosts have their software deployed yet. + - name: Set software deployed fact + set_fact: + keystone_all_software_deployed: "{{ (keystone_all_software_versions | select('defined')) | list == keystone_all_software_versions }}" + delegate_to: localhost + run_once: yes + + # This variable outputs a boolean when all the values in + # keystone_all_software_versions are the same and the software + # has been deployed to all hosts in the group. + - name: Set software updated fact + set_fact: + keystone_all_software_updated: "{{ ((keystone_all_software_versions | unique) | length == 1) and (keystone_all_software_deployed | bool) }}" + delegate_to: localhost + run_once: yes + + - name: Perform a Keystone DB sync contract + command: "{{ keystone_bin }}/keystone-manage db_sync --contract" # noqa: no-changed-when + become: yes + become_user: "{{ keystone_system_user_name | default('keystone') }}" + when: + - "keystone_all_software_updated | bool" + - "ansible_local['openstack_ansible']['keystone']['need_db_contract'] | bool" + register: dbsync_contract + run_once: yes + + - name: Disable the need for any further db sync + ini_file: + dest: "/etc/ansible/facts.d/openstack_ansible.fact" + section: keystone + option: "need_db_contract" + value: "False" + mode: "0644" + when: + - "dbsync_contract is succeeded" + +# note(jrosser) this can only be done once the DB contract has completed so we must put it as +# the last part of the keystone setup +- name: SP/IDP setup + hosts: keystone_all + gather_facts: no + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + + - name: "Post configure SP/IDP" + include_role: + name: os_keystone + tasks_from: main_keystone_federation_sp_idp_setup.yml diff --git a/playbooks/magnum.yml b/playbooks/magnum.yml new file mode 100644 index 00000000..b89fe2a1 --- /dev/null +++ b/playbooks/magnum.yml @@ -0,0 +1,108 @@ +--- +# Copyright 2016 Internet Solutions (Pty) Ltd +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# (c) 2016 Donovan Francesco +# (c) 2016 Paul Stevens + +- name: Gather magnum facts + hosts: magnum_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: magnum_all + service_variable: "magnum_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install magnum server + hosts: magnum_all + user: root + gather_facts: false + serial: "{{ magnum_serial | default(['1','100%']) }}" + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: magnum-back + haproxy_state: disabled + when: + - "'magnum_all' in group_names" + - "groups['magnum_all'] | length > 1" + tags: + - always + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + roles: + - role: "os_magnum" + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: magnum-back + haproxy_state: enabled + when: + - "'magnum_all' in group_names" + - "groups['magnum_all'] | length > 1" + tags: + - always diff --git a/playbooks/manila.yml b/playbooks/manila.yml new file mode 100644 index 00000000..fd226078 --- /dev/null +++ b/playbooks/manila.yml @@ -0,0 +1,131 @@ +--- +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install ganesha-nfs + import_playbook: openstack.osa.ceph_nfs_install + +- name: Gather manila facts + hosts: manila_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + serial: "{{ manila_serial | default(['1','100%']) }}" + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: manila_api + service_variable: "manila_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install manila API services + hosts: manila_api:manila_scheduler + gather_facts: false + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + args: + apply: + tags: + - always + tags: + - always + + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: manila-back + haproxy_state: disabled + when: + - "'manila_api' in group_names" + - "groups['manila_api'] | length > 1" + tags: + - always + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + roles: + - role: "os_manila" + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: manila-back + haproxy_state: enabled + when: + - "'manila_api' in group_names" + - "groups['manila_api'] | length > 1" + tags: + - always + +- name: Install manila data services + hosts: manila_data:manila_share + gather_facts: false + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + roles: + - role: "os_manila" diff --git a/playbooks/masakari.yml b/playbooks/masakari.yml new file mode 100644 index 00000000..d42f5255 --- /dev/null +++ b/playbooks/masakari.yml @@ -0,0 +1,138 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather masakari facts + hosts: masakari_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tags: + - always + +- name: Setup corosync cluster + hosts: masakari_monitor + gather_facts: false + serial: "{{ masakari_monitor_serial | default('100%') }}" + user: root + vars: + pacemaker_corosync_group: masakari_monitor + pacemaker_corosync_ring_interface: "{{ masakari_monitor_corosync_multicast_interface }}" + haveged_enabled: false + pre_tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + vars: + deployment_extra_facts_filter: "{{ 'ansible_' ~ pacemaker_corosync_ring_interface | replace('-','_') }}" + deployment_extra_facts_subset: "!all,network" + args: + apply: + tags: + - always + tags: + - always + roles: + - role: "pacemaker_corosync" + tags: pacemaker-corosync + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: masakari_api + service_variable: "masakari_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install the masakari components + hosts: masakari_all + gather_facts: false + serial: "{{ masakari_api_serial | default(['1','100%']) }}" + user: root + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + args: + apply: + tags: + - always + tags: + - always + + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: masakari_api-back + haproxy_state: disabled + when: + - "'masakari_api' in group_names" + - "groups['masakari_api'] | length > 1" + tags: + - always + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + roles: + - role: "os_masakari" + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: masakari_api-back + haproxy_state: enabled + when: + - "'masakari_api' in group_names" + - "groups['masakari_api'] | length > 1" + tags: + - always + + environment: "{{ deployment_environment_variables | default({}) }}" diff --git a/playbooks/mistral.yml b/playbooks/mistral.yml new file mode 100644 index 00000000..44dabd1e --- /dev/null +++ b/playbooks/mistral.yml @@ -0,0 +1,109 @@ +--- +# Copyright 2019, VEXXHOST, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather mistral facts + hosts: mistral_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: mistral_api + service_variable: "mistral_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install mistral components + hosts: mistral_all + gather_facts: false + serial: "{{ mistral_serial | default(['1','100%']) }}" + environment: "{{ deployment_environment_variables | default({}) }}" + user: root + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: mistral-back + haproxy_state: disabled + when: + - "'mistral_all' in group_names" + - "groups['mistral_all'] | length > 1" + tags: + - always + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + roles: + - role: "os_mistral" + - role: "openstack.osa.system_crontab_coordination" + tags: + - crontab + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: mistral-back + haproxy_state: enabled + when: + - "'mistral_all' in group_names" + - "groups['mistral_all'] | length > 1" + tags: + - always diff --git a/playbooks/neutron.yml b/playbooks/neutron.yml new file mode 100644 index 00000000..445b5eb3 --- /dev/null +++ b/playbooks/neutron.yml @@ -0,0 +1,78 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather neutron facts + hosts: neutron_all + gather_facts: false + tags: + - always + tasks: + - name: Gather minimal facts for neutron + setup: + gather_subset: + - "!all" + - min + when: osa_gather_facts | default(True) + + - name: Gather additional facts for neutron + setup: + gather_subset: "{{ neutron_gather_subset | default('processor_count') }}" + filter: "{{ neutron_gather_filter | default('ansible_processor*') }}" + when: osa_gather_facts | default(True) + +- name: Configure Neutron dynamic host groupings + hosts: localhost + gather_facts: no + tasks: + - name: Add hosts to dynamic inventory group + add_host: + group: "{{ dest_group }}" + name: "{{ item }}" + with_items: "{{ groups[src_group] }}" + when: + - "group_when | default(True)" + vars: + src_group: "nova_compute" + dest_group: "neutron_l3_agent, neutron_metadata_agent" + group_when: "{{ (neutron_plugin_type | default('ml2.ovn') == 'ml2.ovs.dvr') }}" + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: neutron_server + service_variable: "neutron_haproxy_services" + when: + - groups[service_group] + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install neutron server + import_playbook: openstack.osa.common.neutron + vars: + neutron_hosts: "neutron_server" + neutron_serial: "{{ neutron_server_serial | default(['1', '100%']) }}" + +- name: Install neutron L2 agents + import_playbook: openstack.osa.common.neutron + vars: + neutron_hosts: "neutron_linuxbridge_agent:neutron_openvswitch_agent:!neutron_server" + neutron_serial: "{{ neutron_agent_serial | default('50%') }}" + +- name: Install all other neutron agents + import_playbook: openstack.osa.common.neutron + vars: + neutron_hosts: "neutron_all:!neutron_linuxbridge_agent:!neutron_openvswitch_agent:!neutron_server" + neutron_serial: "{{ neutron_other_serial | default('1') }}" diff --git a/playbooks/nova.yml b/playbooks/nova.yml new file mode 100644 index 00000000..6369ede7 --- /dev/null +++ b/playbooks/nova.yml @@ -0,0 +1,278 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather nova facts + hosts: nova_all + gather_facts: false + tags: + - always + tasks: + - name: Gather minimal facts for nova + setup: + gather_subset: + - "!all" + - min + when: osa_gather_facts | default(True) + + - name: Gather additional facts for nova + setup: + gather_subset: "{{ nova_gather_subset | default('processor_count') }}" + filter: "{{ nova_gather_filter | default('ansible_processor*') }}" + when: osa_gather_facts | default(True) + +- name: "Config haproxy service" + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: + - nova_api_os_compute + - nova_api_metadata + - nova_console + - nova_ironic_console + service_variable: "nova_haproxy_services" + when: + - groups['nova_all'] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install nova control-plane services + hosts: "nova_conductor:nova_scheduler:nova_api_os_compute:nova_api_metadata:nova_console" + serial: "{{ nova_conductor_serial | default(['1', '100%']) }}" + gather_facts: false + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + # Enable execution of ceph_client on the nova compute hosts if cinder RBD + # backends are used. This is necessary to ensure that volume-backed Nova + # instances can function when RBD is the volume backend. + - name: Set cinder RBD inuse fact + set_fact: + nova_cinder_rbd_inuse: "{{ True in groups['cinder_volume'] | map('extract', hostvars, 'cinder_backend_rbd_inuse') }}" + delegate_to: localhost + delegate_facts: True + when: + - "'nova_compute' in group_names" + - "inventory_hostname == ((groups['nova_compute'] | intersect(ansible_play_hosts)) | list)[0]" + - "hostvars['localhost']['nova_cinder_rbd_inuse'] is not defined" + tags: + - always + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: "{{ backend_name }}-back" + haproxy_state: disabled + loop_control: + loop_var: backend_name + when: + - "backend_name in group_names" + - "groups[backend_name] | length > 1" + with_items: + - "nova_api_metadata" + - "nova_api_os_compute" + - "nova_console" + tags: + - always + + - name: Configure container + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + vars: + extra_container_config_no_restart: + - "lxc.start.order=39" + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + roles: + - role: "os_nova" + nova_management_address: "{{ management_address }}" + nova_cinder_rbd_inuse: "{{ hostvars['localhost']['nova_cinder_rbd_inuse'] | default(False) }}" + + - role: "openstack.osa.system_crontab_coordination" + tags: + - crontab + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: "{{ backend_name }}-back" + haproxy_state: enabled + loop_control: + loop_var: backend_name + when: + - "backend_name in group_names" + - "groups[backend_name] | length > 1" + with_items: + - "nova_api_metadata" + - "nova_api_os_compute" + - "nova_console" + tags: + - always + + +- name: Install nova compute services + hosts: "nova_compute:!nova_conductor:!nova_scheduler:!nova_api_os_compute:!nova_api_metadata:!nova_console" + serial: "{{ nova_compute_serial | default('100%') }}" + gather_facts: false + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + + # Enable execution of ceph_client on the nova compute hosts if cinder RBD + # backends are used. This is necessary to ensure that volume-backed Nova + # instances can function when RBD is the volume backend. + - name: Set cinder RBD inuse fact + set_fact: + nova_cinder_rbd_inuse: "{{ True in groups['cinder_volume'] | map('extract', hostvars, 'cinder_backend_rbd_inuse') }}" + delegate_to: localhost + delegate_facts: True + when: + - "'nova_compute' in group_names" + - "inventory_hostname == ((groups['nova_compute'] | intersect(ansible_play_hosts)) | list)[0]" + - "hostvars['localhost']['nova_cinder_rbd_inuse'] is not defined" + tags: + - always + + - name: Configure container + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + vars: + extra_container_config_no_restart: + - "lxc.start.order=39" + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + - name: Add nbd devices to the compute + shell: | + for i in /dev/nbd*;do + lxc-device -n {{ container_name }} add $i $i + done + failed_when: false + register: device_add + changed_when: > + 'added' in device_add.stdout.lower() + delegate_to: "{{ physical_host }}" + when: + - container_tech | default('lxc') == 'lxc' + - "'nova_compute' in group_names" + - "not is_metal | bool" + tags: + - always + + - name: Add net/tun device to the compute # noqa: no-changed-when + command: | + lxc-device -n {{ container_name }} add /dev/net/tun /dev/net/tun + delegate_to: "{{ physical_host }}" + when: + - container_tech | default('lxc') == 'lxc' + - "'nova_compute' in group_names" + - "not is_metal | bool" + tags: + - always + + - name: Check if kvm device exists + stat: + path: /dev/kvm + delegate_to: "{{ physical_host }}" + register: kvm_device + when: + - container_tech | default('lxc') == 'lxc' + - "'nova_compute' in group_names" + - "not is_metal | bool" + tags: + - always + + - name: Add kvm device to the compute + command: | + lxc-device -n {{ container_name }} add /dev/kvm /dev/kvm + delegate_to: "{{ physical_host }}" + register: device_add + failed_when: false + changed_when: > + 'added' in device_add.stdout.lower() + when: + - container_tech | default('lxc') == 'lxc' + - "'nova_compute' in group_names" + - "not is_metal | bool" + - "'ischr' in kvm_device.stat and kvm_device.stat.ischr | bool" + tags: + - always + + roles: + - role: "os_nova" + nova_management_address: "{{ management_address }}" + nova_cinder_rbd_inuse: "{{ hostvars['localhost']['nova_cinder_rbd_inuse'] | default(False) }}" + + - role: "openstack.osa.system_crontab_coordination" + tags: + - crontab + +- name: Finalize nova setup + hosts: nova_conductor[0] + gather_facts: false + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + + - name: Running db_post_setup tasks from the role + import_role: + name: os_nova + tasks_from: nova_db_post_setup.yml diff --git a/playbooks/octavia.yml b/playbooks/octavia.yml new file mode 100644 index 00000000..b1b95ac2 --- /dev/null +++ b/playbooks/octavia.yml @@ -0,0 +1,108 @@ +--- +# Copyright 2017, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather octavia facts + hosts: octavia_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: octavia-api + service_variable: "octavia_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install octavia server + hosts: octavia_all + gather_facts: false + serial: "{{ octavia_serial | default(['1','100%']) }}" + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: octavia-back + haproxy_state: disabled + when: + - "'octavia_all' in group_names" + - "groups['octavia_all'] | length > 1" + tags: + - always + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + roles: + - role: "os_octavia" + - role: "openstack.osa.system_crontab_coordination" + tags: + - crontab + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: octavia-back + haproxy_state: enabled + when: + - "'octavia_all' in group_names" + - "groups['octavia_all'] | length > 1" + tags: + - always diff --git a/playbooks/openstack_hosts_setup.yml b/playbooks/openstack_hosts_setup.yml index c6d0c7cd..9f7bed7a 100644 --- a/playbooks/openstack_hosts_setup.yml +++ b/playbooks/openstack_hosts_setup.yml @@ -40,7 +40,7 @@ failed_when: "result.rc not in [0, 2]" - name: Gather host facts - hosts: "{{ openstack_host_group|default('hosts') }}" + hosts: "{{ openstack_host_group | default('hosts') }}" gather_facts: "{{ osa_gather_facts | default(True) }}" tags: - always diff --git a/playbooks/placement.yml b/playbooks/placement.yml new file mode 100644 index 00000000..2bee26b6 --- /dev/null +++ b/playbooks/placement.yml @@ -0,0 +1,108 @@ +--- +# Copyright 2019, VEXXHOST, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather placement facts + hosts: placement_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: placement_api + service_variable: "placement_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install placement components + hosts: placement_all + gather_facts: false + serial: "{{ placement_api_serial | default(['1','100%']) }}" + environment: "{{ deployment_environment_variables | default({}) }}" + user: root + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: placement-back + haproxy_state: disabled + when: + - "'placement_all' in group_names" + - "groups['placement_all'] | length > 1" + tags: + - always + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + roles: + - role: "os_placement" + - role: "openstack.osa.system_crontab_coordination" + tags: + - crontab + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: placement-back + haproxy_state: enabled + when: + - "'placement_all' in group_names" + - "groups['placement_all'] | length > 1" + tags: + - always diff --git a/playbooks/rally.yml b/playbooks/rally.yml new file mode 100644 index 00000000..8f8cf34a --- /dev/null +++ b/playbooks/rally.yml @@ -0,0 +1,49 @@ +--- +# Copyright 2016, Comcast Corp. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather rally facts + hosts: utility_all[0] + gather_facts: "{{ osa_gather_facts | default(True) }}" + tags: + - always + +- name: Installation and setup of Rally + hosts: utility_all[0] + gather_facts: false + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + - name: End playbook + meta: end_play + when: + - (not (rally_install | default(false)) | bool) + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + roles: + - role: "os_rally" diff --git a/playbooks/setup_openstack.yml b/playbooks/setup_openstack.yml new file mode 100644 index 00000000..eadca33d --- /dev/null +++ b/playbooks/setup_openstack.yml @@ -0,0 +1,112 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Importing pre hook playbook + import_playbook: "{{ pre_setup_openstack_hook | default('openstack.osa.hook_dummy') }}" + +- name: Importing keystone playbook + import_playbook: openstack.osa.keystone + +- name: Importing barbican playbook + import_playbook: openstack.osa.barbican + +- name: Importing placement playbook + import_playbook: openstack.osa.placement + +- name: Importing glance playbook + import_playbook: openstack.osa.glance + +- name: Importing cinder playbook + import_playbook: openstack.osa.cinder + +- name: Importing nova playbook + import_playbook: openstack.osa.nova + +- name: Importing neutron playbook + import_playbook: openstack.osa.neutron + +- name: Importing heat playbook + import_playbook: openstack.osa.heat + +- name: Importing horizon playbook + import_playbook: openstack.osa.horizon + +- name: Importing designate playbook + import_playbook: openstack.osa.designate + +- name: Importing swift playbook + import_playbook: openstack.osa.swift + +- name: Importing adjutant playbook + import_playbook: openstack.osa.adjutant + +- name: Importing gnocchi playbook + import_playbook: openstack.osa.gnocchi + +- name: Importing ceilometer playbook + import_playbook: openstack.osa.ceilometer + +- name: Importing aodh playbook + import_playbook: openstack.osa.aodh + +- name: Importing cloudkitty playbook + import_playbook: openstack.osa.cloudkitty + +- name: Importing ironic playbook + import_playbook: openstack.osa.ironic + +- name: Importing magnum playbook + import_playbook: openstack.osa.magnum + +- name: Importing trove playbook + import_playbook: openstack.osa.trove + +- name: Importing octavia playbook + import_playbook: openstack.osa.octavia + +- name: Importing tacker playbook + import_playbook: openstack.osa.tacker + +- name: Importing blazar playbook + import_playbook: openstack.osa.blazar + +- name: Importing masakari playbook + import_playbook: openstack.osa.masakari + +- name: Importing manila playbook + import_playbook: openstack.osa.manila + +- name: Importing mistral playbook + import_playbook: openstack.osa.mistral + +- name: Importing zun playbook + import_playbook: openstack.osa.zun + +# This is not an OpenStack service, but integrates with Keystone and must be +# deployed afterward. +- name: Importing ceph-rgw-install playbook + import_playbook: openstack.osa.ceph_rgw_install + +- name: Importing skyline playbook + import_playbook: openstack.osa.skyline + +- name: Importing tempest playbook + import_playbook: openstack.osa.tempest + +- name: Importing rally playbook + import_playbook: openstack.osa.rally + +- name: Importing post hook playbook + import_playbook: "{{ post_setup_openstack_hook | default('openstack.osa.hook_dummy') }}" diff --git a/playbooks/skyline.yml b/playbooks/skyline.yml new file mode 100644 index 00000000..dc3e88a2 --- /dev/null +++ b/playbooks/skyline.yml @@ -0,0 +1,71 @@ +--- +# Copyright 2022, BBC R&D +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather skyline facts + hosts: skyline_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: skyline_all + service_variable: "skyline_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install skyline components + hosts: skyline_all + gather_facts: false + serial: "{{ skyline_api_serial | default(['1','100%']) }}" + environment: "{{ deployment_environment_variables | default({}) }}" + user: root + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + roles: + - role: "os_skyline" + - role: "openstack.osa.system_crontab_coordination" + tags: + - crontab diff --git a/playbooks/swift.yml b/playbooks/swift.yml new file mode 100644 index 00000000..409daae8 --- /dev/null +++ b/playbooks/swift.yml @@ -0,0 +1,82 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather swift facts + hosts: swift_all:swift_remote_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: swift_all + service_variable: "swift_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Installation and setup of Swift + hosts: swift_all:swift_remote_all + gather_facts: false + user: root + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + vars: + extra_container_config_no_restart: + - "lxc.start.order=39" + when: not is_metal + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + roles: + - role: "os_swift" + swift_do_setup: True + swift_do_sync: True + environment: "{{ deployment_environment_variables | default({}) }}" + +- name: Installation and setup of Swift + hosts: swift_all + gather_facts: false + user: root + roles: + - role: "openstack.osa.system_crontab_coordination" + tags: + - crontab + environment: "{{ deployment_environment_variables | default({}) }}" diff --git a/playbooks/swift_sync.yml b/playbooks/swift_sync.yml new file mode 100644 index 00000000..cd20a767 --- /dev/null +++ b/playbooks/swift_sync.yml @@ -0,0 +1,37 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Playbook will sync the swift ring and ssh keys +# The services need to be installed first though. +- name: Synchronisation of swift ring and ssh keys + hosts: swift_all:swift_remote_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + user: root + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + roles: + - role: "os_swift" + swift_do_setup: False + swift_do_sync: True + environment: "{{ deployment_environment_variables | default({}) }}" diff --git a/playbooks/tacker.yml b/playbooks/tacker.yml new file mode 100644 index 00000000..693405f7 --- /dev/null +++ b/playbooks/tacker.yml @@ -0,0 +1,96 @@ +--- +# Copyright 2017, SUSE LINUX GmbH. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather tacker facts + hosts: tacker_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: tacker_server + service_variable: "tacker_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install the tacker components + hosts: tacker_all + gather_facts: false + serial: "{{ tacker_serial | default(['1','100%']) }}" + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: tacker-back + haproxy_state: disabled + when: + - "'tacker_all' in group_names" + - "groups['tacker_all'] | length > 1" + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + + roles: + - role: "os_tacker" + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: tacker-back + haproxy_state: enabled + when: + - "'tacker_all' in group_names" + - "groups['tacker_all'] | length > 1" diff --git a/playbooks/tempest.yml b/playbooks/tempest.yml new file mode 100644 index 00000000..41ab12d6 --- /dev/null +++ b/playbooks/tempest.yml @@ -0,0 +1,54 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather tempest facts + hosts: utility_all[0] + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Installation and setup of Tempest + hosts: utility_all[0] + gather_facts: false + user: root + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + - name: End playbook + meta: end_play + when: + - (not (tempest_install | default(false)) | bool) + + roles: + - role: "os_tempest" + - role: "openstack.osa.system_crontab_coordination" + tags: + - crontab + + environment: "{{ deployment_environment_variables | default({}) }}" diff --git a/playbooks/trove.yml b/playbooks/trove.yml new file mode 100644 index 00000000..409a457d --- /dev/null +++ b/playbooks/trove.yml @@ -0,0 +1,108 @@ +--- +# Copyright 2016 Internet Solutions (Pty) Ltd +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# (c) 2016 Donovan Francesco +# (c) 2016 Paul Stevens + +- name: Gather trove facts + hosts: trove_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: trove_api + service_variable: "trove_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install trove server + hosts: trove_all + gather_facts: false + serial: "{{ trove_serial | default(['1','100%']) }}" + user: root + environment: "{{ deployment_environment_variables | default({}) }}" + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + apply: + tags: + - always + tags: + - always + + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: trove-back + haproxy_state: disabled + when: + - "'trove_api' in group_names" + - "groups['trove_api'] | length > 1" + tags: + - always + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + roles: + - role: "os_trove" + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: trove-back + haproxy_state: enabled + when: + - "'trove_api' in group_names" + - "groups['trove_api'] | length > 1" + tags: + - always diff --git a/playbooks/zun.yml b/playbooks/zun.yml new file mode 100644 index 00000000..2cf6c05b --- /dev/null +++ b/playbooks/zun.yml @@ -0,0 +1,119 @@ +--- +# Copyright 2019, VEXXHOST, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather zun facts + hosts: zun_all + gather_facts: "{{ osa_gather_facts | default(True) }}" + tasks: + - name: Gather additional facts + include_role: + name: openstack.osa.gather_extra_facts + when: osa_gather_facts | default(True) + tags: + - always + +- name: Install etcd cluster + hosts: zun_api + gather_facts: false + serial: "{{ etcd_serial | default('100%') }}" + roles: + - role: "etcd" + vars: + etcd_cluster_group: "zun_api" + etcd_install_type: server + etcd_version: 3.3.27 + etcd_download_checksum: + x86_64: 'sha256:f9058f93e2f40343fd0bbbfce39ddb8a7afd8b03be020b7decc040d897065ded' + aarch64: 'sha256:7230b769efef5ac60a856d755776076597da5082d7a5904ee33995f921df8d8d' + tags: + - zun-install + - etcd-server + +- name: Configure haproxy services + import_playbook: openstack.osa.haproxy_service_config + vars: + service_group: zun_api + service_variable: "zun_haproxy_services" + when: + - groups[service_group] | length > 0 + - groups['haproxy'] | length > 0 + tags: + - haproxy-service-config + +- name: Install the zun components + hosts: zun_all + gather_facts: false + serial: "{{ zun_serial | default(['1','100%']) }}" + user: root + pre_tasks: + - name: Setup installation variables + include_role: + name: openstack.osa.install_defaults + defaults_from: "{{ install_method }}" + public: true + + # In order to ensure that any container, software or + # config file changes which causes a container/service + # restart do not cause an unexpected outage, we drain + # the load balancer back end for this container. + - name: Disabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: zun_api-back + haproxy_state: disabled + when: + - "'zun_api' in group_names" + - "groups['zun_api'] | length > 1" + tags: + - always + + - name: Including container-setup tasks + include_role: + name: "openstack.osa.{{ container_tech | default('lxc') }}_container_setup" + when: not is_metal + + - name: Including unbound-clients tasks + include_role: + name: openstack.osa.unbound_clients + when: + - hostvars['localhost']['resolvconf_enabled'] | bool + + roles: + - role: "os_zun" + + post_tasks: + # Now that container changes are done, we can set + # the load balancer back end for this container + # to available again. + - name: Enabling haproxy backends + include_role: + name: openstack.osa.haproxy_endpoint_manage + apply: + tags: + - always + vars: + haproxy_backend: zun_api-back + haproxy_state: enabled + when: + - "'zun_api' in group_names" + - "groups['zun_api'] | length > 1" + tags: + - always + + environment: "{{ deployment_environment_variables | default({}) }}"