Add configure tasks for iscsid role
This patch adds configure task which replaces the iscsid configuration in [1] with these modifications. - configure /etc/iscsi on the host directly, so it eliminates the use of /var/lib/config-data/ansible-generated - remove "sync from host" and "sync to host" operations which are no longer needed. - optimize the install task. [1] https://github.com/openstack/puppet-tripleo/blob/master/manifests /profile/base/iscsid.pp Co-Authored-By: Manoj Katari <mkatari@redhat.com> Change-Id: Idb57bb5179897ee7b4461f81372e6021b72be4d8
This commit is contained in:
parent
4dea939ba0
commit
322415d3c4
@ -70,4 +70,3 @@ tripleo_container_standalone_volumes: "{{
|
||||
|
||||
tripleo_debug: False
|
||||
tripleo_deploy_identifier: ''
|
||||
tripleo_iscsid_config_volume: /var/lib/config-data/ansible-generated/iscsid
|
||||
|
@ -23,13 +23,15 @@ tripleo_iscsid_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
|
||||
tripleo_iscsid_hide_sensitive_logs: true
|
||||
|
||||
tripleo_iscsid_image: "quay.io/tripleomastercentos9/openstack-iscsid:current-tripleo"
|
||||
tripleo_iscsid_config_dir: /var/lib/config-data/ansible-generated/iscsid
|
||||
tripleo_iscsid_config_image: "{{ tripleo_iscsid_image }}"
|
||||
tripleo_iscsid_volumes:
|
||||
- /var/lib/kolla/config_files/iscsid.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /dev:/dev
|
||||
- /run:/run
|
||||
- /sys:/sys
|
||||
- /lib/modules:/lib/modules:ro
|
||||
- "{{ tripleo_iscsid_config_dir }}/etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro"
|
||||
- /etc/iscsi:/etc/iscsi:z
|
||||
- /etc/target:/etc/target:z
|
||||
- /var/lib/iscsi:/var/lib/iscsi:z
|
||||
|
||||
tripleo_iscsid_chap_algs: 'SHA3-256,SHA256,SHA1,MD5'
|
||||
|
@ -1,6 +1 @@
|
||||
command: /usr/sbin/iscsid -f
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src-iscsid/"
|
||||
dest: "/etc/iscsi/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
|
@ -14,8 +14,45 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
- name: Ensure {{ tripleo_iscsid_config_dir }}/etc/iscsi exists
|
||||
file:
|
||||
path: "{{ tripleo_iscsid_config_dir }}/etc/iscsi"
|
||||
state: directory
|
||||
recurse: true
|
||||
|
||||
- name: Check if the iSCSI initiator name (IQN) has been reset
|
||||
ansible.builtin.stat:
|
||||
path: /etc/iscsi/.initiator_reset
|
||||
register: initiator_reset_state
|
||||
|
||||
# NOTE: Each overcloud node must have its own, unique iSCSI Qualified Name
|
||||
# (IQN) but it has to be reset once, and only once as all the services on the
|
||||
# node must use the same IQN. It is reset based on the existence of
|
||||
# .initiator_reset sentinel file.
|
||||
|
||||
- name: Ensure the system has a unique IQN
|
||||
when: initiator_reset_state.stat.exists == False
|
||||
block:
|
||||
|
||||
- name: Generate a unique IQN
|
||||
ansible.builtin.command: podman run -ti --rm --name iscsid_config {{ tripleo_iscsid_config_image }} /usr/sbin/iscsi-iname
|
||||
register: iscsi_iname
|
||||
|
||||
- name: Save the new IQN
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/iscsi/initiatorname.iscsi
|
||||
content: "InitiatorName={{ iscsi_iname.stdout }}"
|
||||
|
||||
- name: Record the IQN has been reset
|
||||
ansible.builtin.file:
|
||||
path: /etc/iscsi/.initiator_reset
|
||||
state: touch
|
||||
|
||||
- name: Write CHAP algorithms
|
||||
ansible.builtin.lineinfile:
|
||||
path: "/etc/iscsi/iscsid.conf"
|
||||
line: "node.session.auth.chap_algs = {{ tripleo_iscsid_chap_algs }}"
|
||||
regexp: "^node.session.auth.chap_algs"
|
||||
insertafter: "^#node.session.auth.chap.algs"
|
||||
register: modify_stat
|
||||
|
||||
- name: Record the iscsid container restart is required
|
||||
when : modify_stat.changed
|
||||
ansible.builtin.file:
|
||||
path: /etc/iscsi/.iscsid_restart_required
|
||||
state: touch
|
||||
|
@ -14,40 +14,48 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
- name: Create persistent directories
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
setype: "{{ item.setype }}"
|
||||
state: directory
|
||||
loop:
|
||||
- { 'path': /etc/iscsi, 'setype': container_file_t }
|
||||
- { 'path': /etc/target, 'setype': container_file_t }
|
||||
- { 'path': /var/lib/iscsi, 'setype': container_file_t }
|
||||
|
||||
- name: create fcontext entry for iscsi
|
||||
- name: Create fcontext entry for iscsi
|
||||
community.general.sefcontext:
|
||||
target: "{{ item.path }}(/.*)?"
|
||||
setype: "{{ item.setype }}"
|
||||
state: present
|
||||
with_items:
|
||||
loop:
|
||||
- { 'path': /etc/iscsi, 'setype': container_file_t }
|
||||
- { 'path': /etc/target, 'setype': container_file_t }
|
||||
- { 'path': /var/lib/iscsi, 'setype': container_file_t }
|
||||
when:
|
||||
- tripleo_selinux_mode | default('enforcing') == 'enforcing'
|
||||
- name: create persistent directories
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /etc/iscsi, 'setype': container_file_t }
|
||||
- { 'path': /etc/target, 'setype': container_file_t }
|
||||
- { 'path': /var/lib/iscsi, 'setype': container_file_t }
|
||||
- name: stat /lib/systemd/system/iscsid.socket
|
||||
stat: path=/lib/systemd/system/iscsid.socket
|
||||
|
||||
- name: Stat /lib/systemd/system/iscsid.socket
|
||||
ansible.builtin.stat:
|
||||
path: /lib/systemd/system/iscsid.socket
|
||||
register: stat_iscsid_socket
|
||||
|
||||
- name: Stop and disable iscsid.socket service
|
||||
service: name=iscsid.socket state=stopped enabled=no
|
||||
ansible.builtin.service:
|
||||
name: iscsid.socket
|
||||
state: stopped
|
||||
enabled: no
|
||||
when: stat_iscsid_socket.stat.exists
|
||||
|
||||
- name: Check if iscsi.service is enabled
|
||||
command: systemctl is-enabled --quiet iscsi.service
|
||||
ansible.builtin.command: systemctl is-enabled --quiet iscsi.service
|
||||
failed_when: false
|
||||
register: iscsi_service_enabled_result
|
||||
|
||||
- name: Stop iscsi.service
|
||||
service: name=iscsi.service state=stopped enabled=no
|
||||
ansible.builtin.service:
|
||||
name: iscsi.service
|
||||
state: stopped
|
||||
enabled: no
|
||||
when:
|
||||
- not ansible_check_mode
|
||||
- iscsi_service_enabled_result is changed
|
||||
- iscsi_service_enabled_result.rc == 0
|
||||
|
@ -24,3 +24,29 @@
|
||||
iscsid: "{{ lookup('template', 'iscsid.yaml.j2') | from_yaml }}"
|
||||
tripleo_container_standalone_kolla_config_files:
|
||||
iscsid: "{{ lookup('file', 'files/iscsid.yaml') | from_yaml }}"
|
||||
register: manage_iscsid_stat
|
||||
|
||||
- name: Check if the iscsid container restart is required
|
||||
ansible.builtin.stat:
|
||||
path: /etc/iscsi/.iscsid_restart_required
|
||||
register: iscsi_restart_stat
|
||||
|
||||
# Existence of sentinel file (.iscsid_restart_required) on the host
|
||||
# indicates that restart of the iscisd container is needed to refresh
|
||||
# /etc/iscsid.conf
|
||||
# sentinel file will exist on an initial deployment, but the restart is
|
||||
# actually needed only if the service is already running, so we check if
|
||||
# the manage_iscsid_stat changed.
|
||||
|
||||
- name: Restart iscsid container to refresh /etcd/iscsid.conf
|
||||
when:
|
||||
- not manage_iscsid_stat.changed|bool
|
||||
- iscsi_restart_stat.stat.exists|bool
|
||||
systemd:
|
||||
name: tripleo_iscsid
|
||||
state: restarted
|
||||
|
||||
- name: Remove iscsid container restart sentinel file
|
||||
ansible.builtin.file:
|
||||
path: /etc/iscsi/.iscsid_restart_required
|
||||
state: absent
|
||||
|
@ -132,11 +132,11 @@ tripleo_nova_compute_volumes:
|
||||
- /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
|
||||
- /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- "{{ tripleo_nova_compute_config_dir }}:/var/lib/kolla/config_files/src:ro"
|
||||
- "{{ tripleo_iscsid_config_volume }}:/var/lib/kolla/config_files/src-iscsid:ro"
|
||||
- "{{ tripleo_nova_compute_ceph_config_path }}:/var/lib/kolla/config_files/src-ceph:ro"
|
||||
- /dev:/dev
|
||||
- /lib/modules:/lib/modules:ro
|
||||
- /run:/run
|
||||
- /etc/iscsi:/etc/iscsi:z
|
||||
- /var/lib/iscsi:/var/lib/iscsi:z
|
||||
- /var/lib/libvirt:/var/lib/libvirt:shared
|
||||
- /sys/class/net:/sys/class/net
|
||||
|
@ -11,13 +11,6 @@ config_files:
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
# (TODO: slagle) This must be commented out until files exist at this path
|
||||
# otherwise kolla-start fails. This can be enabled once the tripleo_iscsid
|
||||
# role is actually generating configuration.
|
||||
# - source: "/var/lib/kolla/config_files/src-iscsid/*"
|
||||
# dest: "/etc/iscsi/"
|
||||
# merge: true
|
||||
# preserve_properties: true
|
||||
- source: "/var/lib/kolla/config_files/src-ceph/"
|
||||
dest: "/etc/ceph/"
|
||||
merge: true
|
||||
|
Loading…
Reference in New Issue
Block a user