openstack
/
openstack-ansible
Code Issues Proposed changes

Cleanup/standardize usage of tags in plays 

The numerous tags within the playbook have been condensed
to two potential tags: "$NAMESPACE-config", and "$NAMESPACE".

These tags have been chosen as they are namespaced and cover
the configuration pre-tasks as well as the option to execute
the main playbook from a higher level play. By tagging
everything in the play with "$NAMESPACE" we're ensuring that
everything covered by the playbook has a namespaced tag. Any
place using the "always" tag was left alone as the tasks being
executed must "always" execute whenever the playbook is called.

Notice: The os-swift-setup.yml playbook file has been
removed because it currently serves no purpose. While the
os-swift-sync.yml is no longer being directly called it has been
left as it could be of use to a deployer.

Change-Id: Iebfd82ebffedc768a18d9d9be6a9e70df2ae8fc1
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2016-07-19 14:00:35 -05:00 committed by Jesse Pretorius (odyssey4me)
parent 4205048c44
commit ecd81b9618
30 changed files with 206 additions and 357 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
playbooks/galera-install.yml
View File

@ -33,7 +33,7 @@
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
tags:
- galera-lxc-container-setup
- galera
- name: Install galera server
hosts: galera_all
@ -43,7 +43,9 @@
user: root
roles:
- role: "pip_install"
- { role: "galera_server", tags: [ "galera-server" ] }
tags:
- pip
- role: "galera_server"
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: galera_log_rotate
rsyslog_client_log_dir: "/var/log/mysql_logs"
@ -52,15 +54,14 @@
- /var/log/mysql.err
rsyslog_client_config_name: "99-galera-rsyslog-client.conf"
tags:
- "galera-rsyslog-client"
- "rsyslog-client"
- rsyslog
- role: "system_crontab_coordination"
tags:
- "system-crontab-coordination"
- crontab
vars:
# overridden here to ensure the correct value for the galera_client role
galera_address: 127.0.0.1
galera_server_id: "{{ inventory_hostname | string_2_int }}"
galera_wsrep_node_name: "{{ container_name }}"
tags:
- galera-install-cluster
- galera

37
playbooks/haproxy-install.yml
View File

@ -13,31 +13,29 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- name: haproxy container config
- name: haproxy base config
hosts: haproxy_all
gather_facts: "{{ gather_facts | default(True) }}"
max_fail_percentage: 0
user: root
tasks:
pre_tasks:
- include: common-tasks/os-lxc-container-setup.yml
- include: common-tasks/os-log-dir-setup.yml
vars:
log_dirs:
- src: "/openstack/log/{{ inventory_hostname }}-haproxy"
dest: "/var/log/haproxy"
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
tags:
- haproxy-lxc-container-setup
- hosts: haproxy
gather_facts: "{{ gather_facts | default(True) }}"
user: root
vars_files:
- "{{ haproxy_keepalived_vars_file | default('vars/configs/keepalived_haproxy.yml')}}"
roles:
- role: "keepalived"
when: haproxy_use_keepalived | bool
tags:
- keepalived
vars_files:
- "{{ haproxy_keepalived_vars_file | default('vars/configs/keepalived_haproxy.yml') }}"
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
tags:
- haproxy-config
- haproxy
- name: Install haproxy
hosts: haproxy
@ -51,30 +49,31 @@
state: "absent"
with_items:
- "keystone_internal"
tags:
- haproxy-config # this tag is present because the task is ONLY a config task
when: internal_lb_vip_address == external_lb_vip_address
tags:
- haproxy-service-config
- haproxy-config # this tag is present because the task is ONLY a config task
- name: Remove legacy haproxy logging file
file:
dest: "/etc/rsyslog.d/haproxy.conf"
state: "absent"
tags:
- haproxy-service-config
- haproxy-config # this tag is present because the task is ONLY a config task
roles:
- role: "haproxy_server"
haproxy_service_configs: "{{ haproxy_default_services + haproxy_extra_services|default([]) }}"
tags:
- "haproxy-server"
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: haproxy_log_rotate
rsyslog_client_log_dir: "/var/log/haproxy"
rsyslog_client_config_name: "99-haproxy-rsyslog-client.conf"
tags:
- "haproxy-rsyslog-client"
- "rsyslog-client"
- rsyslog
post_tasks:
- include: common-tasks/package-cache-proxy.yml
vars_files:
- vars/configs/haproxy_config.yml
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
tags:
- haproxy

6
playbooks/lxc-containers-create.yml
View File

@ -19,7 +19,7 @@
max_fail_percentage: 20
user: root
roles:
- { role: "lxc_container_create", tags: [ "lxc-container-create" ] }
- role: "lxc_container_create"
post_tasks:
- name: Wait for ssh to be available
local_action:
@ -28,7 +28,7 @@
host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
search_regex: OpenSSH
delay: 1
tags:
- lxc-container-wait-for-ssh
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
tags:
- lxc-containers-create

12
playbooks/lxc-containers-destroy.yml
View File

@ -24,9 +24,9 @@
name: "{{ container_name }}"
state: "absent"
delegate_to: "{{ physical_host }}"
when: force_containers_destroy | bool
tags:
- container-destroy
when:
- force_containers_destroy | bool
- force_containers_data_destroy | bool
- name: Destroy container service directories
file:
path: "{{ item }}"
@ -36,8 +36,6 @@
delegate_to: "{{ physical_host }}"
when:
- force_containers_destroy | bool
tags:
- container-directories-service
- name: Destroy container data
file:
path: "{{ item }}"
@ -51,8 +49,6 @@
when:
- force_containers_destroy | bool
- force_containers_data_destroy | bool
tags:
- container-directories-data
vars_prompt:
- name: "force_containers_destroy"
prompt: "Are you sure you want to destroy the LXC containers?"
@ -64,3 +60,5 @@
default: "no"
private: no
when: force_containers_data_destroy is undefined
tags:
- lxc-containers-destroy

7
playbooks/lxc-hosts-setup.yml
View File

@ -40,13 +40,14 @@
dest: "/var/log/lxc"
state: "link"
roles:
- { role: "lxc_hosts", tags: [ "lxc-host", "host-setup" ] }
- role: "lxc_hosts"
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: lxc_log_rotate
rsyslog_client_log_dir: "/var/log/lxc"
rsyslog_client_config_name: "99-lxc-rsyslog-client.conf"
tags:
- "lxc-rsyslog-client"
- "rsyslog-client"
- rsyslog
vars:
pip_lock_to_internal_repo: False
tags:
- lxc-hosts

13
playbooks/memcached-install.yml
View File

@ -27,16 +27,17 @@
dest: "/var/log/memcached"
- include: common-tasks/package-cache-proxy.yml
roles:
- { role: "memcached_server", tags: [ "memcached-server" ] }
- role: "system_crontab_coordination"
tags:
- "system-crontab-coordination"
- role: "memcached_server"
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: memcached_log_rotate
rsyslog_client_log_dir: "/var/log/memcached"
rsyslog_client_config_name: "99-memcached-rsyslog-client.conf"
tags:
- "memcached-rsyslog-client"
- "rsyslog-client"
- rsyslog
- role: "system_crontab_coordination"
tags:
- crontab
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
tags:
- memcached

4
playbooks/openstack-hosts-setup.yml
View File

@ -19,4 +19,6 @@
max_fail_percentage: 20
user: root
roles:
- { role: "openstack_hosts", tags: [ "openstack-hosts-setup" ] }
- role: "openstack_hosts"
tags:
- openstack-hosts

8
playbooks/os-aodh-install.yml
View File

@ -49,15 +49,15 @@
- role: "os_aodh"
aodh_venv_tag: "{{ openstack_release }}"
aodh_venv_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ ansible_distribution | lower }}/aodh-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz"
- role: "openstack_openrc"
tags:
- "os-aodh"
- { role: "openstack_openrc", tags: [ "openstack-openrc" ] }
- openrc
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: aodh_log_rotate
rsyslog_client_log_dir: "/var/log/aodh"
rsyslog_client_config_name: "99-aodh-rsyslog-client.conf"
tags:
- "aodh-rsyslog-client"
- rsyslog
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
aodh_rabbitmq_userid: aodh
@ -65,3 +65,5 @@
aodh_rabbitmq_servers: "{{ rabbitmq_servers }}"
aodh_rabbitmq_port: "{{ rabbitmq_port }}"
aodh_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
tags:
- aodh

8
playbooks/os-ceilometer-install.yml
View File

@ -42,14 +42,16 @@
- role: "os_ceilometer"
ceilometer_venv_tag: "{{ openstack_release }}"
ceilometer_venv_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ ansible_distribution | lower }}/ceilometer-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz"
- role: "openstack_openrc"
tags:
- "os-ceilometer"
- { role: "openstack_openrc", tags: [ "openstack-openrc" ] }
- openrc
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: ceilometer_log_rotate
rsyslog_client_log_dir: "/var/log/ceilometer"
rsyslog_client_config_name: "99-ceilometer-rsyslog-client.conf"
tags:
- "ceilometer-rsyslog-client"
- rsyslog
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
tags:
- ceilometer

26
playbooks/os-cinder-install.yml
View File

@ -86,12 +86,8 @@
- physical_host != container_name
- cinder_backend_lvm_inuse | bool
delegate_to: "{{ physical_host }}"
tags:
- cinder-lxc-devices
- name: udevadm trigger
command: udevadm trigger
tags:
- cinder-container-setup
delegate_to: "{{ physical_host }}"
when: cinder_backend_lvm_inuse | bool
- name: Set cinder storage bridge (is_metal)
@ -101,7 +97,7 @@
- hostvars[inventory_hostname]['container_networks']['storage_address']['bridge'] is defined
- is_metal | bool
tags:
- cinder-config
- always
- name: Set cinder storage address (is_metal)
set_fact:
storage_address: "{{ hostvars[inventory_hostname][storage_bridge]['ipv4']['address'] }}"
@ -109,7 +105,7 @@
- hostvars[inventory_hostname]['container_networks']['storage_address']['bridge'] is defined
- is_metal | bool
tags:
- cinder-config
- always
- name: Set cinder storage bridge (is_metal no storage network)
set_fact:
storage_address: "{{ ansible_ssh_host }}"
@ -117,7 +113,7 @@
- hostvars[inventory_hostname]['container_networks']['storage_address']['bridge'] is undefined
- is_metal | bool
tags:
- cinder-config
- always
- name: Set cinder storage address (container)
set_fact:
storage_address: "{{ hostvars[inventory_hostname]['container_networks']['storage_address']['address'] }}"
@ -125,7 +121,7 @@
- hostvars[inventory_hostname]['container_networks']['storage_address']['address'] is defined
- not is_metal | bool
tags:
- cinder-config
- always
- name: Set cinder storage address (container no storage network)
set_fact:
storage_address: "{{ ansible_ssh_host }}"
@ -133,7 +129,7 @@
- hostvars[inventory_hostname]['container_networks']['storage_address']['address'] is undefined
- not is_metal | bool
tags:
- cinder-config
- always
roles:
- role: "os_cinder"
cinder_venv_tag: "{{ openstack_release }}"
@ -142,27 +138,25 @@
cinder_storage_address: "{{ storage_address }}"
cinder_glance_host: "{{ internal_lb_vip_address }}"
cinder_glance_service_port: "{{ glance_service_port }}"
tags:
- "os-cinder"
- role: "ceph_client"
cinder_venv_bin: "/openstack/venvs/cinder-{{ openstack_release }}/bin"
openstack_service_system_user: "{{ cinder_system_user_name }}"
openstack_service_venv_bin: "{{ cinder_venv_bin if cinder_venv_enabled|default(True)|bool else None }}"
tags:
- "cinder-ceph-client"
- "ceph-client"
- ceph
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: cinder_log_rotate
rsyslog_client_log_dir: "/var/log/cinder"
rsyslog_client_config_name: "99-cinder-rsyslog-client.conf"
tags:
- "cinder-rsyslog-client"
- "rsyslog-client"
- rsyslog
- role: "system_crontab_coordination"
tags:
- "system-crontab-coordination"
- crontab
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
cinder_galera_user: cinder
cinder_galera_database: cinder
cinder_galera_address: "{{ galera_address }}"
tags:
- cinder

14
playbooks/os-glance-install.yml
View File

@ -68,28 +68,28 @@
- role: "os_glance"
glance_venv_tag: "{{ openstack_release }}"
glance_venv_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ ansible_distribution | lower }}/glance-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz"
- role: "openstack_openrc"
tags:
- "os-glance"
- { role: "openstack_openrc", tags: [ "openstack-openrc" ] }
- openrc
- role: "ceph_client"
glance_venv_bin: "/openstack/venvs/glance-{{ openstack_release }}/bin"
openstack_service_system_user: "{{ glance_system_user_name }}"
openstack_service_venv_bin: "{{ glance_venv_bin if glance_venv_enabled|default(True)|bool else None }}"
tags:
- "glance-ceph-client"
- "ceph-client"
- ceph
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: glance_log_rotate
rsyslog_client_log_dir: "/var/log/glance"
rsyslog_client_config_name: "99-glance-rsyslog-client.conf"
tags:
- "glance-rsyslog-client"
- "rsyslog-client"
- rsyslog
- role: "system_crontab_coordination"
tags:
- "system-crontab-coordination"
- crontab
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
glance_galera_user: glance
glance_galera_database: glance
glance_galera_address: "{{ galera_address }}"
tags:
- glance

8
playbooks/os-gnocchi-install.yml
View File

@ -43,17 +43,19 @@
- role: "os_gnocchi"
gnocchi_venv_tag: "{{ openstack_release }}"
gnocchi_venv_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ ansible_distribution | lower }}/gnocchi-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz"
- role: "openstack_openrc"
tags:
- "os-gnocchi"
- { role: "openstack_openrc", tags: [ "openstack-openrc" ] }
- openrc
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: gnocchi_log_rotate
rsyslog_client_log_dir: "/var/log/gnocchi"
rsyslog_client_config_name: "99-gnocchi-rsyslog-client.conf"
tags:
- "gnocchi-rsyslog-client"
- rsyslog
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
gnocchi_galera_user: gnocchi
gnocchi_galera_database: gnocchi
gnocchi_galera_address: "{{ galera_address }}"
tags:
- gnocchi

13
playbooks/os-heat-install.yml
View File

@ -61,22 +61,21 @@
- role: "os_heat"
heat_venv_tag: "{{ openstack_release }}"
heat_venv_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ ansible_distribution | lower }}/heat-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz"
tags:
- "os-heat"
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: heat_log_rotate
rsyslog_client_log_dir: "/var/log/heat"
rsyslog_client_config_name: "99-heat-rsyslog-client.conf"
tags:
- "heat-rsyslog-client"
- "rsyslog-client"
- rsyslog
- role: "system_crontab_coordination"
tags:
- "system-crontab-coordination"
- crontab
vars_files:
- defaults/repo_packages/openstack_services.yml
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
heat_galera_user: heat
heat_galera_database: heat
heat_galera_address: "{{ galera_address }}"
vars_files:
- defaults/repo_packages/openstack_services.yml
tags:
- heat

9
playbooks/os-horizon-install.yml
View File

@ -40,20 +40,19 @@
- role: "os_horizon"
horizon_venv_tag: "{{ openstack_release }}"
horizon_venv_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ ansible_distribution | lower }}/horizon-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz"
tags:
- "os-horizon"
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: horizon_log_rotate
rsyslog_client_log_dir: "/var/log/horizon"
rsyslog_client_config_name: "99-horizon-rsyslog-client.conf"
tags:
- "horizon-rsyslog-client"
- "rsyslog-client"
- rsyslog
- role: "system_crontab_coordination"
tags:
- "system-crontab-coordination"
- crontab
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
horizon_galera_user: horizon
horizon_galera_database: horizon
horizon_galera_address: "{{ galera_address }}"
tags:
- horizon

11
playbooks/os-ironic-install.yml
View File

@ -43,23 +43,22 @@
- role: "os_ironic"
ironic_venv_tag: "{{ openstack_release }}"
ironic_venv_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ ansible_distribution | lower }}/ironic-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz"
tags:
- "os-ironic"
- role: "openstack_openrc"
tags:
- "openstack-openrc"
- openrc
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: ironic_log_rotate
rsyslog_client_log_dir: "/var/log/ironic"
rsyslog_client_config_name: "99-ironic-rsyslog-client.conf"
tags:
- "ironic-rsyslog-client"
- "rsyslog-client"
- rsyslog
- role: "system_crontab_coordination"
tags:
- "system-crontab-coordination"
- crontab
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
ironic_galera_user: ironic
ironic_galera_database: ironic
ironic_galera_address: "{{ galera_address }}"
tags:
- ironic

13
playbooks/os-keystone-install.yml
View File

@ -73,28 +73,27 @@
with_items:
- { key: "net.ipv4.ip_local_reserved_ports", value: "{{ keystone_admin_port }}"}
when: is_metal | bool
tags:
- keystone-reserved-port
roles:
- role: "os_keystone"
keystone_venv_tag: "{{ openstack_release }}"
keystone_venv_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ ansible_distribution | lower }}/keystone-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz"
- role: "openstack_openrc"
tags:
- "os-keystone"
- { role: "openstack_openrc", tags: [ "openstack-openrc" ] }
- openrc
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: keystone_log_rotate
rsyslog_client_log_dir: "/var/log/keystone"
rsyslog_client_config_name: "99-keystone-rsyslog-client.conf"
tags:
- "keystone-rsyslog-client"
- "rsyslog-client"
- rsyslog
- role: "system_crontab_coordination"
tags:
- "system-crontab-coordination"
- crontab
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
keystone_admin_port: 35357
keystone_galera_user: keystone
keystone_galera_database: keystone
keystone_galera_address: "{{ galera_address }}"
tags:
- keystone

9
playbooks/os-magnum-install.yml
View File

@ -50,15 +50,16 @@
- role: "os_magnum"
magnum_venv_tag: "{{ openstack_release }}"
magnum_venv_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ ansible_distribution | lower }}/magnum-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz"
pip_lock_to_internal_repo: "{{ (pip_links | length) >= 1 }}"
- role: "openstack_openrc"
tags:
- "os-magnum"
- { role: "openstack_openrc", tags: [ "openstack-openrc" ] }
- openrc
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: magnum_log_rotate
rsyslog_client_log_dir: "/var/log/magnum"
rsyslog_client_config_name: "99-magnum-rsyslog-client.conf"
tags:
- "magnum-rsyslog-client"
- rsyslog
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
tags:
- "magnum"

28
playbooks/os-neutron-install.yml
View File

@ -75,32 +75,27 @@
is_metal: "{{ is_metal }}"
register: pndata
tags:
- neutron-provider-networks
- neutron-config
- always
- name: Set provider network fact(s)
set_fact:
_provider_networks: "{{ pndata }}"
_overlay_network: "{{ container_networks.tunnel_address|default({}) }}"
tags:
- neutron-provider-networks
- neutron-config
- always
- name: set local_ip fact (is_metal)
set_fact:
_local_ip: "{{ hostvars[inventory_hostname]['ansible_' + _overlay_network.bridge|default(ansible_default_ipv4['interface'])|replace('-', '_')]['ipv4']['address']|default(ansible_ssh_host) }}"
when:
- is_metal | bool
tags:
- neutron-config
- always
- name: set local_ip fact (container)
set_fact:
_local_ip: "{{ _overlay_network.address|default(ansible_ssh_host) }}"
when:
- not is_metal | bool
tags:
- neutron-config
- always
roles:
- role: "os_neutron"
neutron_venv_tag: "{{ openstack_release }}"
@ -108,14 +103,14 @@
neutron_overlay_network: "{{ _overlay_network }}"
neutron_provider_networks: "{{ _provider_networks }}"
neutron_local_ip: "{{ _local_ip|default('127.0.0.1') }}"
tags:
- "os-neutron"
- role: "bird"
when:
- "'neutron_calico_dhcp_agent' in group_names"
tags:
- "bird"
- { role: "openstack_openrc", tags: [ "openstack-openrc" ] }
- bird
- role: "openstack_openrc"
tags:
- openrc
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: neutron_log_rotate
rsyslog_client_log_dir: "/var/log/neutron"
@ -124,11 +119,12 @@
- /var/log/conntrackd.log
- /var/log/conntrackd-stats.log
tags:
- "neutron-rsyslog-client"
- "rsyslog-client"
- rsyslog
- role: "system_crontab_coordination"
tags:
- "system-crontab-coordination"
- crontab
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
bind_prefix: "{{ provider_network_bind_prefix|default('') }}"
tags:
- neutron

34
playbooks/os-nova-install.yml
View File

@ -79,8 +79,7 @@
- "inventory_hostname in groups['nova_compute']"
- "not is_metal | bool"
tags:
- nova-kvm
- nova-kvm-container-devices
- always
- name: Add net/tun device to the compute
shell: |
lxc-device -n {{ container_name }} add /dev/net/tun /dev/net/tun
@ -89,8 +88,7 @@
- "inventory_hostname in groups['nova_compute']"
- "not is_metal | bool"
tags:
- nova-kvm
- nova-kvm-container-devices
- always
- name: Check if kvm device exists
stat:
path: /dev/kvm
@ -100,8 +98,7 @@
- "inventory_hostname in groups['nova_compute']"
- "not is_metal | bool"
tags:
- nova-kvm
- nova-kvm-container-devices
- always
- name: Add kvm device to the compute
shell: |
lxc-device -n {{ container_name }} add /dev/kvm /dev/kvm
@ -115,8 +112,7 @@
- "not is_metal | bool"
- kvm_device.stat.ischr is defined and kvm_device.stat.ischr
tags:
- nova-kvm
- nova-kvm-container-devices
- always
- name: Set nova management bridge (is_metal)
set_fact:
management_bridge: "{{ 'ansible_' + hostvars[inventory_hostname]['management_bridge'] | replace('-', '_') }}"
@ -124,7 +120,7 @@
- "hostvars[inventory_hostname]['management_bridge'] is defined"
- "is_metal | bool"
tags:
- nova-config
- always
- name: Set nova management address (is_metal)
set_fact:
management_address: "{{ hostvars[inventory_hostname][management_bridge]['ipv4']['address'] }}"
@ -132,7 +128,7 @@
- "hostvars[inventory_hostname][management_bridge]['ipv4']['address'] is defined"
- "is_metal | bool"
tags:
- nova-config
- always
- name: Set nova management address (container)
set_fact:
management_address: "{{ hostvars[inventory_hostname]['container_networks']['container_address']['address'] }}"
@ -141,14 +137,14 @@
- "hostvars[inventory_hostname]['container_networks']['container_address']['address'] is defined"
- "not is_metal | bool"
tags:
- nova-config
- always
- name: Set nova management address (unknown management network)
set_fact:
management_address: "{{ ansible_ssh_host }}"
when:
- "management_address is undefined"
tags:
- nova-config
- always
roles:
- role: "os_nova"
nova_novncproxy_git_repo: "{{ openstack_repo_git_url }}/novnc"
@ -158,28 +154,24 @@
nova_management_address: "{{ management_address }}"
nova_venv_tag: "{{ openstack_release }}"
nova_venv_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ ansible_distribution | lower }}/nova-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz"
tags:
- "os-nova"
- role: "ceph_client"
nova_venv_bin: "/openstack/venvs/nova-{{ openstack_release }}/bin"
openstack_service_system_user: "{{ nova_system_user_name }}"
openstack_service_venv_bin: "{{ nova_venv_bin if nova_venv_enabled|default(True)|bool else None }}"
tags:
- "nova-ceph-client"
- "ceph-client"
- ceph
- role: "openstack_openrc"
tags:
- "openstack-openrc"
- openrc
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: nova_log_rotate
rsyslog_client_log_dir: "/var/log/nova"
rsyslog_client_config_name: "99-nova-rsyslog-client.conf"
tags:
- "nova-rsyslog-client"
- "rsyslog-client"
- rsyslog
- role: "system_crontab_coordination"
tags:
- "system-crontab-coordination"
- crontab
vars_files:
- defaults/repo_packages/openstack_other.yml
vars:
@ -191,3 +183,5 @@
nova_galera_address: "{{ galera_address }}"
nova_api_galera_address: "{{ galera_address }}"
glance_host: "{{ internal_lb_vip_address }}"
tags:
- nova

12
playbooks/os-sahara-install.yml
View File

@ -58,21 +58,17 @@
- role: "os_sahara"
sahara_venv_tag: "{{ openstack_release }}"
sahara_venv_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ ansible_distribution | lower }}/sahara-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz"
tags:
- "os-sahara"
- role: "openstack_openrc"
tags:
- "openstack-openrc"
- openrc
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: sahara_log_rotate
rsyslog_client_log_dir: "/var/log/sahara"
rsyslog_client_config_name: "99-sahara-rsyslog-client.conf"
tags:
- "sahara-rsyslog-client"
- "rsyslog-client"
- role: "system_crontab_coordination"
tags:
- "system-crontab-coordination"
- rsyslog
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
pip_lock_to_internal_repo: "{{ (pip_links | length) >= 1 }}"
tags:
- sahara

32
playbooks/os-swift-install.yml
View File

@ -36,6 +36,8 @@
- inventory_hostname in groups['swift_all']
- swift.storage_network is defined
- is_metal | bool
tags:
- always
- name: Set swift storage address (is_metal)
set_fact:
storage_address: "{{ hostvars[inventory_hostname][storage_bridge]['ipv4']['address'] }}"
@ -43,6 +45,8 @@
- inventory_hostname in groups['swift_all']
- swift.storage_network is defined
- is_metal | bool
tags:
- always
- name: Set swift storage address (is_metal no storage network)
set_fact:
storage_address: "{{ ansible_ssh_host }}"
@ -50,6 +54,8 @@
- inventory_hostname in groups['swift_all']
- swift.storage_network is undefined
- is_metal | bool
tags:
- always
- name: Set swift storage address (container)
set_fact:
storage_address: "{{ hostvars[inventory_hostname]['container_networks']['storage_address']['address'] }}"
@ -57,6 +63,8 @@
- inventory_hostname in groups['swift_all']
- hostvars[inventory_hostname]['container_networks']['storage_address']['address'] is defined
- not is_metal | bool
tags:
- always
- name: Set swift storage address (container no storage network)
set_fact:
storage_address: "{{ ansible_ssh_host }}"
@ -64,6 +72,8 @@
- inventory_hostname in groups['swift_all']
- hostvars[inventory_hostname]['container_networks']['storage_address']['address'] is undefined
- not is_metal | bool
tags:
- always
- name: Set swift replication bridge (is_metal)
set_fact:
replication_bridge: "{{ 'ansible_' + swift.replication_network | replace('-', '_') }}"
@ -71,6 +81,8 @@
- inventory_hostname in groups['swift_all']
- swift.replication_network is defined
- is_metal | bool
tags:
- always
- name: Set swift replication address (is_metal)
set_fact:
replication_address: "{{ hostvars[inventory_hostname][replication_bridge]['ipv4']['address'] }}"
@ -78,6 +90,8 @@
- inventory_hostname in groups['swift_all']
- swift.replication_network is defined
- is_metal | bool
tags:
- always
- name: Set swift replication address (is_metal no replication network)
set_fact:
replication_address: "{{ storage_address }}"
@ -85,6 +99,8 @@
- inventory_hostname in groups['swift_all']
- swift.replication_network is undefined
- is_metal | bool
tags:
- always
- name: Set swift replication address (container)
set_fact:
replication_address: "{{ hostvars[inventory_hostname]['container_networks']['replication_address']['address'] }}"
@ -92,6 +108,8 @@
- inventory_hostname in groups['swift_all']
- hostvars[inventory_hostname]['container_networks']['replication_address']['address'] is defined
- not is_metal | bool
tags:
- always
- name: Set swift replication address (container no replication network)
set_fact:
replication_address: "{{ storage_address }}"
@ -109,6 +127,8 @@
when:
- swift_ceilometer_enabled | bool
- inventory_hostname == groups['swift_all'][0]
tags:
- always
roles:
- role: "os_swift"
swift_venv_tag: "{{ openstack_release }}"
@ -117,10 +137,11 @@
swift_replication_address: "{{ replication_address }}"
swift_do_setup: True
swift_do_sync: True
tags:
- "os-swift"
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
pip_lock_to_internal_repo: "{{ (pip_links | length) >= 1 }}"
tags:
- swift
- name: Installation and setup of Swift
hosts: swift_all
@ -134,8 +155,9 @@
rsyslog_client_log_files:
- /var/log/rsyncd.log
tags:
- "swift-rsyslog-client"
- "rsyslog-client"
- rsyslog
- role: "system_crontab_coordination"
tags:
- "system-crontab-coordination"
- crontab
tags:
- swift

157
playbooks/os-swift-setup.yml
View File

@ -1,157 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This playbook will install the swift services but not sync the ring or keys.
- name: Installation and setup of Swift
hosts: swift_all
gather_facts: "{{ gather_facts | default(True) }}"
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_config
tags:
- lxc-aa-profile
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: container_config is defined and container_config | changed
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- name: Create log dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-swift" }
when: is_metal | bool
tags:
- swift-logs
- swift-log-dirs
- name: Create log aggregation links
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: "{{ item.state }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
force: "yes"
with_items:
- src: "/openstack/log/{{ inventory_hostname }}-swift"
dest: "/var/log/swift"
owner: "syslog"
group: "syslog"
state: "link"
when: is_metal | bool
tags:
- swift-logs
- name: Set swift storage bridge (is_metal)
set_fact:
storage_bridge: "{{ 'ansible_' + swift.storage_network | replace('-', '_') }}"
when:
- swift.storage_network is defined
- is_metal | bool
- name: Set swift storage address (is_metal)
set_fact:
storage_address: "{{ hostvars[inventory_hostname][storage_bridge]['ipv4']['address'] }}"
when:
- swift.storage_network is defined
- is_metal | bool
- name: Set swift storage address (is_metal no storage network)
set_fact:
storage_address: "{{ ansible_ssh_host }}"
when:
- swift.storage_network is undefined
- is_metal | bool
- name: Set swift storage address (container)
set_fact:
storage_address: "{{ hostvars[inventory_hostname]['container_networks']['storage_address']['address'] }}"
when:
- hostvars[inventory_hostname]['container_networks']['storage_address']['address'] is defined
- not is_metal | bool
- name: Set swift storage address (container no storage network)
set_fact:
storage_address: "{{ ansible_ssh_host }}"
when:
- hostvars[inventory_hostname]['container_networks']['storage_address']['address'] is undefined
- not is_metal | bool
- name: Set swift replication bridge (is_metal)
set_fact:
replication_bridge: "{{ 'ansible_' + swift.replication_network | replace('-', '_') }}"
when:
- swift.replication_network is defined
- is_metal | bool
- name: Set swift replication address (is_metal)
set_fact:
replication_address: "{{ hostvars[inventory_hostname][replication_bridge]['ipv4']['address'] }}"
when:
- swift.replication_network is defined
- is_metal | bool
- name: Set swift replication address (is_metal no replication network)
set_fact:
replication_address: "{{ storage_address }}"
when:
- swift.replication_network is undefined
- is_metal | bool
- name: Set swift replication address (container)
set_fact:
replication_address: "{{ hostvars[inventory_hostname]['container_networks']['replication_address']['address'] }}"
when:
- hostvars[inventory_hostname]['container_networks']['replication_address']['address'] is defined
- not is_metal | bool
- name: Set swift replication address (container no replication network)
set_fact:
replication_address: "{{ storage_address }}"
when:
- hostvars[inventory_hostname]['container_networks']['replication_address']['address'] is undefined
- not is_metal | bool
roles:
- role: "os_swift"
swift_venv_tag: "{{ openstack_release }}"
swift_venv_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ ansible_distribution | lower }}/swift-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz"
swift_storage_address: "{{ storage_address }}"
swift_replication_address: "{{ replication_address }}"
swift_do_setup: True
swift_do_sync: False
tags:
- "os-swift"
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: swift_log_rotate
rsyslog_client_log_dir: "/var/log/swift"
rsyslog_client_config_name: "99-swift-rsyslog-client.conf"
rsyslog_client_log_files:
- /var/log/rsyncd.log
tags:
- "swift-rsyslog-client"
- "rsyslog-client"
- role: "system_crontab_coordination"
tags:
- "system-crontab-coordination"
vars:
is_metal: "{{ properties.is_metal|default(false) }}"

4
playbooks/os-swift-sync.yml
View File

@ -25,7 +25,7 @@
swift_do_setup: False
swift_do_sync: True
swift_venv_tag: "{{ openstack_release }}"
tags:
- "os-swift-sync"
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
tags:
- swift

9
playbooks/os-tempest-install.yml
View File

@ -22,21 +22,20 @@
- role: "os_tempest"
tempest_venv_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ ansible_distribution | lower }}/tempest-{{ openstack_release }}-{{ ansible_architecture | lower }}.tgz"
tempest_git_repo: "{{ openstack_repo_git_url }}/tempest"
tags:
- "os-tempest"
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: utility_log_rotate
rsyslog_client_log_dir: "{{ tempest_log_dir }}"
rsyslog_client_config_name: "99-tempest-rsyslog-client.conf"
tags:
- "tempest-rsyslog-client"
- "rsyslog-client"
- rsyslog
- role: "system_crontab_coordination"
tags:
- "system-crontab-coordination"
- crontab
vars_files:
- defaults/repo_packages/openstack_other.yml
vars:
# This sets the tempest group to the utility group
tempest_main_group: utility_all
is_metal: "{{ properties.is_metal|default(false) }}"
tags:
- tempest

18
playbooks/rabbitmq-install.yml
View File

@ -23,10 +23,10 @@
- include: common-tasks/package-cache-proxy.yml
roles:
- role: "system_crontab_coordination"
tags:
- "system-crontab-coordination"
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
tags:
- rabbitmq
# NOTE(mancdaz): rabbitmq cannot be upgraded in serial, so when
# rabbitmq_upgrade=True, serial is set to 0, else it is 1 for installs
@ -37,16 +37,14 @@
user: root
roles:
- role: "rabbitmq_server"
tags:
- "rabbitmq-server"
- "upgrade-rabbitmq-server"
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: rabbitmq_log_rotate
rsyslog_client_log_dir: "/var/log/rabbitmq"
rsyslog_client_config_name: "99-rabbitmq-rsyslog-client.conf"
tags:
- "rabbitmq-rsyslog-client"
- "rsyslog-client"
- rsyslog
tags:
- rabbitmq
- name: Ensure rabbitmq user for monitoring GUI
hosts: "{{ rabbitmq_host_group | default('rabbitmq_all') }}[0]"
@ -57,7 +55,7 @@
user: "{{ rabbitmq_monitoring_userid|default('monitoring') }}"
password: "{{ rabbitmq_monitoring_password }}"
state: "present"
tags: "monitoring"
when: rabbitmq_monitoring_password is defined
tags:
- "rabbitmq_monitoring_user"
tags:
- rabbitmq-config
- rabbitmq

7
playbooks/repo-build.yml
View File

@ -21,6 +21,8 @@
key: repo_servers_{{ ansible_architecture }}
tags:
- always
tags:
- repo-build
# repo_all[0] is built last to ensure it has all build artifacts for final indexing
- name: Build new repo packages for a given release
@ -106,11 +108,10 @@
when:
- "groups['repo_servers_{{ ansible_architecture }}'] | length > 0"
- "inventory_hostname == groups['repo_servers_{{ ansible_architecture }}'][0]"
tags:
- "repo-build"
vars:
pkg_locations:
- ../
- /etc/ansible/roles
- /etc/openstack_deploy
tags:
- repo-build

10
playbooks/repo-server.yml
View File

@ -48,7 +48,7 @@
- repo_build_git_cache is defined
- _local_git_cache.stat.exists
roles:
- { role: "repo_server", tags: [ "repo-server" ] }
- role: "repo_server"
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: repo_nginx_log_rotate
rsyslog_client_log_dir: "/var/log/{{ repo_service_user_name }}"
@ -56,14 +56,14 @@
- /var/log/rsyncd.log
rsyslog_client_config_name: "99-repo-nginx-rsyslog-client.conf"
tags:
- "repo-nginx-rsyslog-client"
- "rsyslog-client"
- rsyslog
- role: "rsyslog_client"
rsyslog_client_log_rotate_file: lsyncd_log_rotate
rsyslog_client_log_dir: "/var/log/lsyncd"
rsyslog_client_config_name: "99-lsyncd-rsyslog-client.conf"
tags:
- "repo-rsyslog-client"
- "rsyslog-client"
- rsyslog
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
tags:
- repo-server

8
playbooks/rsyslog-install.yml
View File

@ -26,9 +26,13 @@
mount_path: "/openstack/{{ inventory_hostname }}/log-storage"
- include: common-tasks/package-cache-proxy.yml
roles:
- { role: "rsyslog_server", tags: [ "rsyslog-server" ] }
- role: "rsyslog_server"
tags:
- rsyslog
- role: "system_crontab_coordination"
tags:
- "system-crontab-coordination"
- crontab
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
tags:
- rsyslog

6
playbooks/security-hardening.yml
View File

@ -22,5 +22,7 @@
gather_facts: "{{ gather_facts | default(True) }}"
user: root
roles:
- { role: "openstack-ansible-security",
when: apply_security_hardening | bool }
- role: "openstack-ansible-security"
when: apply_security_hardening | bool
tags:
- security

27
playbooks/utility-install.yml
View File

@ -32,14 +32,14 @@
state: "directory"
force: "yes"
when: not is_metal | bool
tags:
- utility-logs
roles:
- { role: "galera_client", tags: [ "utility-galera-client" ] }
- role: "galera_client"
- role: "pip_install"
tags:
- utility-pip-lock-down
- { role: "openstack_openrc", tags: [ "utility-openstack-openrc" ] }
- pip
- role: "openstack_openrc"
tags:
- openrc
post_tasks:
- name: Update apt sources
apt:
@ -51,33 +51,27 @@
delay: 2
when:
- ansible_pkg_mgr == 'apt'
tags:
- utility-apt-packages
- name: Install apt packages
apt:
pkg: "{{ item }}"
state: latest
with_items: "{{ utility_apt_packages }}"
with_items: "{{ utility_apt_packages | default([]) }}"
when:
- ansible_pkg_mgr == 'apt'
tags:
- utility-apt-packages
- name: Install yum packages
yum:
pkg: "{{ item }}"
state: latest
with_items: "{{ utility_yum_packages }}"
with_items: "{{ utility_yum_packages | default([]) }}"
when:
- ansible_pkg_mgr == 'yum'
tags:
- utility-yum-packages
- name: Get list of python clients
shell: "curl -s {{ openstack_repo_url }}/os-releases/{{ openstack_release }}/requirements_absolute_requirements.txt | grep client | cut -d'=' -f1"
register: client_list
run_once: true
changed_when: false
tags:
- utility-pip-packages
- always
- skip_ansible_lint
- name: Install pip packages
pip:
@ -88,8 +82,7 @@
until: install_packages|success
retries: 5
delay: 2
tags:
- utility-pip-packages
with_items: "{{ utility_pip_packages }}"
- name: Distribute private ssh key
copy:
content: "{{ utility_ssh_private_key }}"
@ -105,3 +98,5 @@
utility_yum_packages:
- git
is_metal: "{{ properties.is_metal|default(false) }}"
tags:
- utility