diff --git a/playbooks/common-playbooks/unbound-clients.yml b/playbooks/common-playbooks/unbound-clients.yml new file mode 100644 index 0000000000..d09dd3db8d --- /dev/null +++ b/playbooks/common-playbooks/unbound-clients.yml @@ -0,0 +1,77 @@ +--- +# Copyright 2016, Logan Vig +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install unbound DNS resolver client configurations + gather_facts: true + hosts: "{{ unbound_group }}" + user: root + pre_tasks: + #gather a list of physical_hosts containing unbound containers + - name: Set unbound physical hosts fact + set_fact: + unbound_physical_hosts: > + {% set _var = [] -%} + {% for i in groups[resolvconf_resolver_group] -%} + {% if hostvars[i]['physical_host'] is defined -%} + {% if _var.append(hostvars[i]['physical_host']) -%}{% endif -%} + {% endif -%} + {% endfor -%} + {{ _var }} + + #create a sorted resolver list with affinity toward unbound container(s) + #on the same physical_host + - name: Apply resolver sorting + set_fact: + resolver_list: > + {% set _var = [] -%} + {% for i in groups[resolvconf_resolver_group] -%} + {% if physical_host is defined + and hostvars[i]['physical_host'] is defined + and physical_host == hostvars[i]['physical_host'] -%} + {% if _var.append(dict(host=hostvars[i]['ansible_host'], priority=100)) -%}{% endif -%} + {% else -%} + {% if _var.append(dict(host=hostvars[i]['ansible_host'], priority=50)) -%}{% endif -%} + {% endif -%} + {% endfor -%} + {{ _var }} + when: + - physical_host is defined + - physical_host in unbound_physical_hosts + + - name: Set resolver IP list fact + set_fact: + resolvconf_resolver_ips: "{{ resolver_list | sort(reverse=true, attribute='priority') | map(attribute='host') | list }}" + resolvconf_options: + - 'timeout:1' + when: + - resolver_list is defined + - resolver_list | length > 0 + + #rotate is only used when no physical_host affinity is defined + - name: Set resolver rotate when physical_host is not an unbound host + set_fact: + resolvconf_options: + - 'timeout:1' + - 'rotate' + when: + - resolver_list is not defined + roles: + - role: "resolvconf" + tags: + - unbound_client + vars: + #Only run the resolvconf role when DNS containers are deployed to the env. + resolvconf_enabled: "{{ groups['unbound'] is defined and groups['unbound'] | length > 0 }}" + environment: "{{ deployment_environment_variables | default({}) }}" diff --git a/playbooks/etcd-install.yml b/playbooks/etcd-install.yml index e5289230fd..a1386b3e3f 100644 --- a/playbooks/etcd-install.yml +++ b/playbooks/etcd-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "etcd_all" + when: + - resolvconf_enabled | bool + - name: Install etcd server cluster hosts: etcd_all gather_facts: "{{ gather_facts | default(True) }}" @@ -30,4 +36,3 @@ vars: is_metal: "{{ properties.is_metal|default(false) }}" environment: "{{ deployment_environment_variables | default({}) }}" - diff --git a/playbooks/galera-install.yml b/playbooks/galera-install.yml index 2e8c67dbe0..620b994e66 100644 --- a/playbooks/galera-install.yml +++ b/playbooks/galera-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "galera_all" + when: + - resolvconf_enabled | bool + - name: Galera container config hosts: galera_all gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/haproxy-install.yml b/playbooks/haproxy-install.yml index 9b69053e00..0a71dc0818 100644 --- a/playbooks/haproxy-install.yml +++ b/playbooks/haproxy-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "haproxy" + when: + - resolvconf_enabled | bool + - name: haproxy base config hosts: haproxy gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/lxc-hosts-setup.yml b/playbooks/lxc-hosts-setup.yml index 6db3cc0541..49454579d6 100644 --- a/playbooks/lxc-hosts-setup.yml +++ b/playbooks/lxc-hosts-setup.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "{{ lxc_host_group | default('lxc_hosts')}}" + when: + - resolvconf_enabled | bool + - name: Basic lxc host setup hosts: "{{ lxc_host_group | default('lxc_hosts')}}" gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/memcached-install.yml b/playbooks/memcached-install.yml index 290856d183..cc6fa26c33 100644 --- a/playbooks/memcached-install.yml +++ b/playbooks/memcached-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "memcached" + when: + - resolvconf_enabled | bool + - name: Install memcached hosts: memcached gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/openstack-hosts-setup.yml b/playbooks/openstack-hosts-setup.yml index 46973a4682..a3b7bed41c 100644 --- a/playbooks/openstack-hosts-setup.yml +++ b/playbooks/openstack-hosts-setup.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "{{ openstack_host_group|default('hosts') }}" + when: + - resolvconf_enabled | bool + - name: Install Ansible prerequisites hosts: "{{ openstack_host_group|default('hosts') }}" gather_facts: false diff --git a/playbooks/os-aodh-install.yml b/playbooks/os-aodh-install.yml index da9a760a32..ec77c92c37 100644 --- a/playbooks/os-aodh-install.yml +++ b/playbooks/os-aodh-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "aodh_all" + when: + - resolvconf_enabled | bool + - name: Install the aodh components hosts: aodh_all gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/os-barbican-install.yml b/playbooks/os-barbican-install.yml index 4add1250f2..7c08b5c495 100644 --- a/playbooks/os-barbican-install.yml +++ b/playbooks/os-barbican-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "barbican_all" + when: + - resolvconf_enabled | bool + - name: Installation and setup of barbican hosts: barbican_all gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/os-ceilometer-install.yml b/playbooks/os-ceilometer-install.yml index 383b0e814b..da4c705fc4 100644 --- a/playbooks/os-ceilometer-install.yml +++ b/playbooks/os-ceilometer-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "ceilometer_all" + when: + - resolvconf_enabled | bool + - name: Install the ceilometer components hosts: ceilometer_all gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/os-cinder-install.yml b/playbooks/os-cinder-install.yml index 6702db00b5..a57cc8f83f 100644 --- a/playbooks/os-cinder-install.yml +++ b/playbooks/os-cinder-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "cinder_all" + when: + - resolvconf_enabled | bool + - name: Prepare MQ/DB services hosts: cinder_all gather_facts: no @@ -21,7 +27,6 @@ tags: - cinder tasks: - - name: Configure rabbitmq vhost/user include: common-tasks/rabbitmq-vhost-user.yml vars: @@ -230,4 +235,3 @@ value: False when: - data_migrations | succeeded - diff --git a/playbooks/os-designate-install.yml b/playbooks/os-designate-install.yml index 681adfe231..c2894654db 100644 --- a/playbooks/os-designate-install.yml +++ b/playbooks/os-designate-install.yml @@ -16,6 +16,12 @@ # (c) 2016 Donovan Francesco # (c) 2016 Paul Stevens +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "designate_all" + when: + - resolvconf_enabled | bool + - name: Install designate server hosts: designate_all gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/os-glance-install.yml b/playbooks/os-glance-install.yml index c998a110ae..333b019044 100644 --- a/playbooks/os-glance-install.yml +++ b/playbooks/os-glance-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "glance_all" + when: + - resolvconf_enabled | bool + - name: Prepare MQ/DB services hosts: glance_all gather_facts: no @@ -21,7 +27,6 @@ tags: - glance tasks: - - name: Configure rabbitmq vhost/user include: common-tasks/rabbitmq-vhost-user.yml vars: diff --git a/playbooks/os-gnocchi-install.yml b/playbooks/os-gnocchi-install.yml index 464f04f33b..14feccbc8b 100644 --- a/playbooks/os-gnocchi-install.yml +++ b/playbooks/os-gnocchi-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "gnocchi_all" + when: + - resolvconf_enabled | bool + - name: Install Gnocchi components hosts: gnocchi_all max_fail_percentage: 20 diff --git a/playbooks/os-heat-install.yml b/playbooks/os-heat-install.yml index 7e5ec5ebb2..4c3697da66 100644 --- a/playbooks/os-heat-install.yml +++ b/playbooks/os-heat-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "heat_all" + when: + - resolvconf_enabled | bool + - name: Install heat server hosts: heat_all gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/os-horizon-install.yml b/playbooks/os-horizon-install.yml index dd0fa49afa..b9abfb7b6f 100644 --- a/playbooks/os-horizon-install.yml +++ b/playbooks/os-horizon-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "horizon_all" + when: + - resolvconf_enabled | bool + - name: Install horizon server hosts: horizon_all gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/os-ironic-install.yml b/playbooks/os-ironic-install.yml index dbe015f8d0..ce3022739c 100644 --- a/playbooks/os-ironic-install.yml +++ b/playbooks/os-ironic-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "ironic_all" + when: + - resolvconf_enabled | bool + - name: Installation and setup of Ironic hosts: ironic_all gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/os-keystone-install.yml b/playbooks/os-keystone-install.yml index caae686348..e9b0216ffe 100644 --- a/playbooks/os-keystone-install.yml +++ b/playbooks/os-keystone-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "keystone_all" + when: + - resolvconf_enabled | bool + - name: Prepare MQ/DB services hosts: keystone_all gather_facts: no diff --git a/playbooks/os-magnum-install.yml b/playbooks/os-magnum-install.yml index 51dde07964..d89b908ccd 100644 --- a/playbooks/os-magnum-install.yml +++ b/playbooks/os-magnum-install.yml @@ -16,6 +16,12 @@ # (c) 2016 Donovan Francesco # (c) 2016 Paul Stevens +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "magnum_all" + when: + - resolvconf_enabled | bool + - name: Install magnum server hosts: magnum_all max_fail_percentage: 20 diff --git a/playbooks/os-molteniron-install.yml b/playbooks/os-molteniron-install.yml index c911e9f447..94e25438cc 100644 --- a/playbooks/os-molteniron-install.yml +++ b/playbooks/os-molteniron-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "molteniron_all" + when: + - resolvconf_enabled | bool + - name: Installation and setup of molteniron hosts: molteniron_all gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/os-neutron-install.yml b/playbooks/os-neutron-install.yml index 43d5f048c9..1152567d11 100644 --- a/playbooks/os-neutron-install.yml +++ b/playbooks/os-neutron-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "neutron_all" + when: + - resolvconf_enabled | bool + - name: Configure Neutron dynamic host groupings hosts: localhost gather_facts: no diff --git a/playbooks/os-nova-install.yml b/playbooks/os-nova-install.yml index 0bf30b00de..0b848d236f 100644 --- a/playbooks/os-nova-install.yml +++ b/playbooks/os-nova-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "nova_all" + when: + - resolvconf_enabled | bool + - name: Prepare MQ/DB services hosts: nova_conductor gather_facts: no diff --git a/playbooks/os-octavia-install.yml b/playbooks/os-octavia-install.yml index de917ff60d..6234b1de09 100644 --- a/playbooks/os-octavia-install.yml +++ b/playbooks/os-octavia-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "octavia_all" + when: + - resolvconf_enabled | bool + - name: Install octavia server hosts: octavia_all gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/os-rally-install.yml b/playbooks/os-rally-install.yml index 5cea8ffd45..3d07e21570 100644 --- a/playbooks/os-rally-install.yml +++ b/playbooks/os-rally-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "utility_all" + when: + - resolvconf_enabled | bool + - name: Installation and setup of Rally hosts: utility_all gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/os-sahara-install.yml b/playbooks/os-sahara-install.yml index fc70a67d25..db70bba129 100644 --- a/playbooks/os-sahara-install.yml +++ b/playbooks/os-sahara-install.yml @@ -11,6 +11,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "sahara_all" + when: + - resolvconf_enabled | bool + - name: Install sahara server hosts: sahara_all gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/os-swift-install.yml b/playbooks/os-swift-install.yml index 6175bd9279..93d25f6acc 100644 --- a/playbooks/os-swift-install.yml +++ b/playbooks/os-swift-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "swift_all" + when: + - resolvconf_enabled | bool + - name: Installation and setup of Swift hosts: swift_all:swift_remote_all gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/os-trove-install.yml b/playbooks/os-trove-install.yml index f0d4bba2fa..2637531af6 100644 --- a/playbooks/os-trove-install.yml +++ b/playbooks/os-trove-install.yml @@ -16,6 +16,12 @@ # (c) 2016 Donovan Francesco # (c) 2016 Paul Stevens +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "trove_all" + when: + - resolvconf_enabled | bool + - name: Install trove server hosts: trove_all gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/rabbitmq-install.yml b/playbooks/rabbitmq-install.yml index ce7822c6a8..e88fcc89c8 100644 --- a/playbooks/rabbitmq-install.yml +++ b/playbooks/rabbitmq-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "rabbitmq_all" + when: + - resolvconf_enabled | bool + - name: Create and configure rabbitmq container hosts: "{{ rabbitmq_host_group | default('rabbitmq_all') }}" serial: 1 diff --git a/playbooks/repo-server.yml b/playbooks/repo-server.yml index 403aa05117..684684b91f 100644 --- a/playbooks/repo-server.yml +++ b/playbooks/repo-server.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "repo_all" + when: + - resolvconf_enabled | bool + - name: Setup repo servers hosts: repo_all gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/rsyslog-install.yml b/playbooks/rsyslog-install.yml index 574baae9c1..f7e265c194 100644 --- a/playbooks/rsyslog-install.yml +++ b/playbooks/rsyslog-install.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "rsyslog" + when: + - resolvconf_enabled | bool + - name: Install rsyslog hosts: rsyslog gather_facts: "{{ gather_facts | default(True) }}" diff --git a/playbooks/unbound-install.yml b/playbooks/unbound-install.yml index 3cb99b2a3c..35d96c2e06 100644 --- a/playbooks/unbound-install.yml +++ b/playbooks/unbound-install.yml @@ -33,70 +33,3 @@ - defaults/repo_packages/openstack_services.yml vars: is_metal: "{{ properties.is_metal|default(false) }}" - -- name: Install unbound DNS resolver client configurations - hosts: - - "!unbound" - - "{{ openstack_host_group|default('hosts') }}" - - "{{ container_group|default('all_containers') }}" - user: root - pre_tasks: - #gather a list of physical_hosts containing unbound containers - - name: Set unbound physical hosts fact - set_fact: - unbound_physical_hosts: > - {% set _var = [] -%} - {% for i in groups[resolvconf_resolver_group] -%} - {% if hostvars[i]['physical_host'] is defined -%} - {% if _var.append(hostvars[i]['physical_host']) -%}{% endif -%} - {% endif -%} - {% endfor -%} - {{ _var }} - when: resolvconf_enabled | bool - #create a sorted resolver list with affinity toward unbound container(s) - #on the same physical_host - - name: Apply resolver sorting - set_fact: - resolver_list: > - {% set _var = [] -%} - {% for i in groups[resolvconf_resolver_group] -%} - {% if physical_host is defined - and hostvars[i]['physical_host'] is defined - and physical_host == hostvars[i]['physical_host'] -%} - {% if _var.append(dict(host=hostvars[i]['ansible_host'], priority=100)) -%}{% endif -%} - {% else -%} - {% if _var.append(dict(host=hostvars[i]['ansible_host'], priority=50)) -%}{% endif -%} - {% endif -%} - {% endfor -%} - {{ _var }} - when: - - resolvconf_enabled | bool - - physical_host is defined - - physical_host in unbound_physical_hosts - - name: Set resolver IP list fact - set_fact: - resolvconf_resolver_ips: "{{ resolver_list | sort(reverse=true, attribute='priority') | map(attribute='host') | list }}" - resolvconf_options: - - 'timeout:1' - when: - - resolvconf_enabled | bool - - resolver_list is defined - - resolver_list | length > 0 - #rotate is only used when no physical_host affinity is defined - - name: Set resolver rotate when physical_host is not an unbound host - set_fact: - resolvconf_options: - - 'timeout:1' - - 'rotate' - when: - - resolvconf_enabled | bool - - resolver_list is not defined - roles: - - role: "resolvconf" - when: resolvconf_enabled | bool - tags: - - unbound_client - vars: - #Only run the resolvconf role when DNS containers are deployed to the env. - resolvconf_enabled: "{{ groups['unbound'] is defined and groups['unbound'] | length > 0 }}" - environment: "{{ deployment_environment_variables | default({}) }}" diff --git a/playbooks/utility-install.yml b/playbooks/utility-install.yml index e40df4ac2b..f37d196d38 100644 --- a/playbooks/utility-install.yml +++ b/playbooks/utility-install.yml @@ -13,12 +13,17 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: common-playbooks/unbound-clients.yml + vars: + unbound_group: "utility_all" + when: + - resolvconf_enabled | bool + - name: Setup the utility location(s) hosts: utility_all max_fail_percentage: 20 user: root pre_tasks: - - include: common-tasks/os-lxc-container-setup.yml - include: common-tasks/os-log-dir-setup.yml