a981fcda7a
Ensure that you are using an rfc1918 internally. If you are using one, you must be aware of what you are doing, and deploy your own haproxy, or override the acls. Change-Id: I2e3b38892c194c8be289bd18f244d779f59e1aaf
104 lines
3.5 KiB
YAML
104 lines
3.5 KiB
YAML
---
|
|
# Copyright 2018, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# This playbook is meant to run after setup-hosts.
|
|
# To succeed, it expects the setup-hosts playbook to have run successfuly.
|
|
|
|
# Test if the openstack-hosts-setup play was a success.
|
|
# TO BE IMPLEMENTED
|
|
|
|
# Test if security-hardening was a success.
|
|
# TO BE IMPLEMENTED
|
|
|
|
# Test if containers-deploy was a success.
|
|
# Ensure the lxc containers are properly setup
|
|
- name: Ensuring hosts good behavior
|
|
hosts: lxc_hosts
|
|
gather_facts: yes
|
|
tasks:
|
|
- name: Looking for dnsmasq process
|
|
command: pgrep dnsmasq
|
|
changed_when: false
|
|
|
|
- name: Ensuring hosts good behavior
|
|
hosts: nspawn_hosts
|
|
gather_facts: yes
|
|
tasks:
|
|
- debug:
|
|
msg: "To be implemented. Please help."
|
|
|
|
- name: Ensuring containers creation, connection and good behavior
|
|
hosts: all_containers
|
|
gather_facts: yes
|
|
tasks:
|
|
- name: Ensure the physical host has all the proper interfaces defined
|
|
assert:
|
|
that:
|
|
- item.value.bridge in hostvars[physical_host]['ansible_interfaces']
|
|
with_dict: "{{ container_networks }}"
|
|
|
|
- name: Check if dns resolution and external connectivity is fine
|
|
get_url:
|
|
url: https://opendev.org/openstack/openstack-ansible/raw/ansible-role-requirements.yml
|
|
dest: /tmp/osa-master-requirements
|
|
environment: "{{ deployment_environment_variables | default({}) }}"
|
|
|
|
# Test extra settings before setup-infrastructure
|
|
- name: Ensure the internal_interfaces are well in the right range
|
|
hosts: localhost
|
|
gather_facts: no
|
|
tasks:
|
|
- name: Check your internal network is using private ips
|
|
assert:
|
|
that:
|
|
- internal_lb_vip_address | ipaddr('private')
|
|
|
|
- name: Ensure settings are not wrong with the usual suspects issues before trying to deploy infra
|
|
hosts: haproxy
|
|
gather_facts: yes
|
|
tasks:
|
|
- name: Checking that the LB vips are well configured.
|
|
assert:
|
|
that:
|
|
- external_lb_vip_address != internal_lb_vip_address
|
|
msg: |
|
|
External and Internal LB vip addresses are the same.
|
|
Run with -e vipcheck=False if you want to bypass this check.
|
|
when:
|
|
- vipcheck | default(True) | bool
|
|
- inventory_hostname == ansible_play_hosts[0]
|
|
|
|
- name: Checking that vip nics are well configured
|
|
assert:
|
|
that:
|
|
- item in ansible_interfaces
|
|
msg: "Misconfigured keepalived IP, the carrying interface {{ item }} doesn't exist"
|
|
with_items:
|
|
- "{{ haproxy_keepalived_external_interface }}"
|
|
- "{{ haproxy_keepalived_internal_interface }}"
|
|
when:
|
|
- groups['haproxy'] | length > 1
|
|
|
|
- name: Checking that vip address is well formed
|
|
assert:
|
|
that:
|
|
- item | ipaddr('address')
|
|
msg: "Misconfigured keepalived: The vip {{ item }} is not an IP address, but a network"
|
|
with_items:
|
|
- "{{ haproxy_keepalived_internal_vip_cidr }}"
|
|
- "{{ haproxy_keepalived_external_vip_cidr }}"
|
|
when:
|
|
- groups['haproxy'] | length > 1
|