diff --git a/.ansible-lint b/.ansible-lint deleted file mode 100644 index fdfe9c76c..000000000 --- a/.ansible-lint +++ /dev/null @@ -1,69 +0,0 @@ -exclude_paths: - - releasenotes/ - - ../ -parseable: true -quiet: false -rulesdir: - - .ansible-lint_rules/ -verbosity: 1 -# Mocking modules is not recommended as it prevents testing of invalid -# arguments or lack of their presence at runtime. It is preffered to -# make use of requirements.yml to declare them. -mock_roles: - - ceph-defaults - - ceph-facts -mock_modules: - - baremetal_nodes_validate - - ceph_crush_rule - - ceph_dashboard_user - - ceph_key - - ceph_fs - - ceph_pool - - ceph_mkspec - - ceph_spec_bootstrap - - config_template - - container_startup_config - - lvm2_physical_devices_facts - - metalsmith_instances - - os_baremetal_clean_node - - os_baremetal_provide_node - - os_tripleo_baremetal_configure - - os_tripleo_baremetal_node_introspection - - tripleo_baremetal_check_existing - - tripleo_baremetal_expand_roles - - tripleo_baremetal_populate_environment - - tripleo_build_heat_environment - - tripleo_composable_network - - tripleo_config_download - - tripleo_container_config_scripts - - tripleo_container_configs - - tripleo_container_image_prepare - - tripleo_derive_hci_parameters - - tripleo_diff_exec - - tripleo_fernet_keys_rotate - - tripleo_findif_for_ip - - tripleo_generate_ansible_inventory - - tripleo_generate_overcloudrc - - tripleo_get_flatten_stack - - tripleo_get_introspected_data - - tripleo_get_role_list - - tripleo_image_params_prepare - - tripleo_network_populate_environment - - tripleo_network_ports_populate_environment - - tripleo_os_net_config - - tripleo_os_net_config_mappings - - tripleo_overcloud_network_extract - - tripleo_overcloud_network_ports - - tripleo_passwords_rotate - - tripleo_plan_deploy - - tripleo_plan_parameters_update - - tripleo_service_vip - - tripleo_swift_tempurl - - tripleo_templates_upload - - tripleo_unmanaged_populate_environment - - tripleo_generate_inventory_network_config - - tripleo_overcloud_network_vip_extract - - tripleo_overcloud_network_vip_provision - - tripleo_overcloud_network_vip_populate_environment - - tripleo_ovn_mac_addresses - - tripleo_unprovision_network diff --git a/.config/molecule/config.yml b/.config/molecule/config.yml deleted file mode 100644 index bd5f42a5c..000000000 --- a/.config/molecule/config.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -driver: - name: delegated - options: - managed: false - login_cmd_template: >- - ssh - -o UserKnownHostsFile=/dev/null - -o StrictHostKeyChecking=no - -o Compression=no - -o TCPKeepAlive=yes - -o VerifyHostKeyDNS=no - -o ForwardX11=no - -o ForwardAgent=no - {instance} - ansible_connection_options: - ansible_connection: ssh - -log: true - -platforms: - - name: instance - -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - test_sequence: - - prepare - - converge - - check - - verify - - cleanup - -verifier: - name: ansible diff --git a/.config/molecule/config_podman.yml b/.config/molecule/config_podman.yml deleted file mode 100644 index 27954c4b6..000000000 --- a/.config/molecule/config_podman.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -driver: - name: podman - -log: true - -platforms: - - name: centos - hostname: centos - image: ${TRIPLEO_ANSIBLE_MOLECULE_IMAGE:-"ubi9/ubi-init"} - registry: - url: ${TRIPLEO_ANSIBLE_MOLECULE_REGISTRY:-"registry.access.redhat.com"} - dockerfile: Dockerfile.j2 - pkg_extras: python*setuptools - command: ${TRIPLEO_ANSIBLE_MOLECULE_COMMAND:-"/sbin/init"} - volumes: ${TRIPLEO_ANSIBLE_MOLECULE_VOLUMES:-['/etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro','/etc/pki/rpm-gpg:/etc/pki/rpm-gpg:O','/opt/yum.repos.d:/etc/yum.repos.d:O','/etc/dnf/vars:/etc/dnf/vars:O']} - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - ulimits: &ulimit - - host - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 132712d4d..000000000 --- a/.gitignore +++ /dev/null @@ -1,42 +0,0 @@ -*.py[cod] - -# Testing cruft -.tox -.venv -*.egg* -egg -.coverage -cover -nosetests.xml -.testrepository -.stestr -tripleo_ansible.egg-info/ -__pycache__ -build - -# Editors -*~ -.*.swp -.*sw? - -# Playbook retry files -*.retry - -# roles -tripleo_ansible/roles.galaxy/* - -# Sphinx -doc/build - -ansible-errors.json -pytestdebug.log - -# doc -doc/build/* - -# JetBrain -.idea/ -.cache - -# Custom inventory variable files -tripleo_ansible/inventory/99-standalone-vars diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml deleted file mode 100644 index c96812c39..000000000 --- a/.pre-commit-config.yaml +++ /dev/null @@ -1,45 +0,0 @@ ---- -repos: - - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v3.4.0 - hooks: - - id: end-of-file-fixer - - id: trailing-whitespace - - id: mixed-line-ending - - id: check-byte-order-marker - - id: check-executables-have-shebangs - - id: check-merge-conflict - - id: check-symlinks - - id: debug-statements - - id: check-yaml - files: .*\.(yaml|yml)$ - args: [--allow-multiple-documents] - - repo: https://github.com/pycqa/flake8 - rev: 3.9.0 - hooks: - - id: flake8 - additional_dependencies: [flake8-typing-imports==1.6.0] - entry: flake8 --ignore=E24,E121,E122,E123,E124,E126,E226,E265,E305,E402,F401,F405,E501,E704,F403,F841,W503 - # TODO(cloudnull): These codes were added to pass the lint check. - # All of these ignore codes should be resolved in - # future PRs. - - repo: https://github.com/ansible-community/ansible-lint - rev: v5.3.2 - hooks: - - id: ansible-lint - additional_dependencies: - - 'ansible-core<2.12' - - yamllint - - repo: https://github.com/openstack-dev/bashate.git - rev: 2.0.0 - hooks: - - id: bashate - entry: bashate --error . --ignore=E006,E040 - verbose: false - # Run bashate check for all bash scripts - # Ignores the following rules: - # E006: Line longer than 79 columns (as many scripts use jinja - # templating, this is very difficult) - # E040: Syntax error determined using `bash -n` (as many scripts - # use jinja templating, this will often fail and the syntax - # error will be discovered in execution anyway) diff --git a/.stestr.conf b/.stestr.conf deleted file mode 100644 index 1649a44cb..000000000 --- a/.stestr.conf +++ /dev/null @@ -1,3 +0,0 @@ -[DEFAULT] -test_path=${TEST_PATH:-./tripleo_ansible/tests/} -top_dir=./ diff --git a/.yamllint b/.yamllint deleted file mode 100644 index 5d79317b7..000000000 --- a/.yamllint +++ /dev/null @@ -1,10 +0,0 @@ ---- -extends: default - -rules: - line-length: - # matches hardcoded 160 value from ansible-lint - max: 160 - -ignore: | - zuul.d/*.yaml diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 67db85882..000000000 --- a/LICENSE +++ /dev/null @@ -1,175 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. diff --git a/README.rst b/README.rst index 0766f7b7c..4ee2c5f13 100644 --- a/README.rst +++ b/README.rst @@ -1,30 +1,10 @@ -======================== -Team and repository tags -======================== +This project is no longer maintained. -.. image:: https://governance.openstack.org/tc/badges/tripleo-ansible.svg - :target: https://governance.openstack.org/tc/reference/tags/index.html +The contents of this repository are still available in the Git +source code management system. To see the contents of this +repository before it reached its end of life, please check out the +previous commit with "git checkout HEAD^1". -.. Change things from this point on - -=============== -TripleO Ansible -=============== - -TripleO Ansible project repository. Contains Ansible playbooks, roles, and -plugins for use with TripleO. - -Documentation for the project can be found at: -``_ - -Release notes for the project can be found at: -``_ - -The project source code repository is located at: -``_ - -The project home is at: -``_ - -The project bug tracker is located at: -``_ +For any further questions, please email +openstack-discuss@lists.openstack.org or join #openstack-dev on +OFTC. diff --git a/_skeleton_role_/defaults/main.yml.j2 b/_skeleton_role_/defaults/main.yml.j2 deleted file mode 100644 index 4d22b8a2e..000000000 --- a/_skeleton_role_/defaults/main.yml.j2 +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_{{ role_name | replace('tripleo_', '') }}" -tripleo_{{ role_name | replace('tripleo_', '') }}_debug: {% raw %}"{{ (ansible_verbosity | int) >= 2 | bool }}"{% endraw %} - -tripleo_{{ role_name | replace('tripleo_', '') }}_hide_sensitive_logs: true diff --git a/_skeleton_role_/files/.gitkeep b/_skeleton_role_/files/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/_skeleton_role_/handlers/main.yml b/_skeleton_role_/handlers/main.yml deleted file mode 100644 index dfe6723b5..000000000 --- a/_skeleton_role_/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. diff --git a/_skeleton_role_/meta/main.yml.j2 b/_skeleton_role_/meta/main.yml.j2 deleted file mode 100644 index 6f79c4d02..000000000 --- a/_skeleton_role_/meta/main.yml.j2 +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: TripleO OpenStack Role -- {{ role_name }} - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - namespace: openstack - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 8 - - 9 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/_skeleton_role_/molecule/default/converge.yml.j2 b/_skeleton_role_/molecule/default/converge.yml.j2 deleted file mode 100644 index b18fadc85..000000000 --- a/_skeleton_role_/molecule/default/converge.yml.j2 +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "{{ role_name }}" diff --git a/_skeleton_role_/molecule/default/molecule.yml b/_skeleton_role_/molecule/default/molecule.yml deleted file mode 100644 index 20d7e2005..000000000 --- a/_skeleton_role_/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/_skeleton_role_/molecule/default/prepare.yml b/_skeleton_role_/molecule/default/prepare.yml deleted file mode 100644 index ec16f729a..000000000 --- a/_skeleton_role_/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/_skeleton_role_/tasks/main.yml.j2 b/_skeleton_role_/tasks/main.yml.j2 deleted file mode 100644 index 744bd17df..000000000 --- a/_skeleton_role_/tasks/main.yml.j2 +++ /dev/null @@ -1,34 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "{{ role_name }}" will search for and load any operating system variable file -{% raw %} -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always -{% endraw %} diff --git a/_skeleton_role_/vars/main.yml.j2 b/_skeleton_role_/vars/main.yml.j2 deleted file mode 100644 index 0e089006c..000000000 --- a/_skeleton_role_/vars/main.yml.j2 +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "tripleo_{{ role_name | replace('tripleo_', '') }}" diff --git a/ansible-requirements.txt b/ansible-requirements.txt deleted file mode 100644 index c31312ce3..000000000 --- a/ansible-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -ansible-core -metalsmith>=1.4.0 # Apache-2.0 -importlib-metadata -jsonschema # MIT diff --git a/ansible-test-env-podman.rc b/ansible-test-env-podman.rc deleted file mode 100644 index ff3d3372e..000000000 --- a/ansible-test-env-podman.rc +++ /dev/null @@ -1,9 +0,0 @@ -export TRIPLEO_ANSIBLE_MOLECULE_COMMAND="/bin/sleep infinity" -export TRIPLEO_ANSIBLE_MOLECULE_VOLUMES="[]" -export TRIPLEO_ANSIBLE_MOLECULE_IMAGE="centos/centos:stream9" -export TRIPLEO_ANSIBLE_MOLECULE_REGISTRY="quay.io" - -# Role specific vars -export TRIPLEO_ANSIBLE_SSHD_MOLECULE_VOLUMES="['/sys/fs/cgroup:/sys/fs/cgroup:rw']" -export TRIPLEO_ANSIBLE_OVN_MOLECULE_VOLUMES="['/sys/fs/cgroup:/sys/fs/cgroup:rw']" -export TRIPLEO_ANSIBLE_COMPUTE_NODE_MOLECULE_VOLUMES="['$HOME/.cache/tripleo-ansible/containers:/var/lib/containers:rw','/sys/fs/cgroup:/sys/fs/cgroup:rw']" diff --git a/ansible-test-env.rc b/ansible-test-env.rc deleted file mode 100644 index 8b088cf17..000000000 --- a/ansible-test-env.rc +++ /dev/null @@ -1,25 +0,0 @@ -export TRIPLEO_ANSIBLE_WORKPATH="$(dirname $(readlink -f ${BASH_SOURCE[0]}))" -export ANSIBLE_STDOUT_CALLBACK=debug -export ANSIBLE_ACTION_PLUGINS="${TRIPLEO_ANSIBLE_WORKPATH}/tripleo_ansible/roles.galaxy/config_template/action:${TRIPLEO_ANSIBLE_WORKPATH}/tripleo_ansible/ansible_plugins/action" -export ANSIBLE_CALLBACK_PLUGINS="${TRIPLEO_ANSIBLE_WORKPATH}/tripleo_ansible/ansible_plugins/callback" -export ANSIBLE_STRATEGY_PLUGINS="${TRIPLEO_ANSIBLE_WORKPATH}/tripleo_ansible/ansible_plugins/strategy" -export ANSIBLE_FILTER_PLUGINS="${TRIPLEO_ANSIBLE_WORKPATH}/tripleo_ansible/ansible_plugins/filter" -export ANSIBLE_LIBRARY="${TRIPLEO_ANSIBLE_WORKPATH}/tripleo_ansible/roles.galaxy/config_template/library:${TRIPLEO_ANSIBLE_WORKPATH}/tripleo_ansible/ansible_plugins/modules" -export ANSIBLE_MODULE_UTILS="${TRIPLEO_ANSIBLE_WORKPATH}/tripleo_ansible/ansible_plugins/module_utils" -export ANSIBLE_ROLES_PATH="${TRIPLEO_ANSIBLE_WORKPATH}/tripleo_ansible/roles.galaxy:${TRIPLEO_ANSIBLE_WORKPATH}/tripleo_ansible/roles" -export ANSIBLE_INVENTORY="${TRIPLEO_ANSIBLE_WORKPATH}/tests/hosts.ini" -export ANSIBLE_RETRY_FILES_ENABLED="0" -export ANSIBLE_LOAD_CALLBACK_PLUGINS="1" -export ANSIBLE_HOST_KEY_CHECKING=False - -function unset-ansible-test-env { - for i in $(env | grep ANSIBLE_ | awk -F'=' '{print $1}'); do - unset ${i} - done - unset TRIPLEO_ANSIBLE_WORKPATH - echo -e "Ansible test environment deactivated.\n" - unset -f unset-ansible-test-env -} - -echo -e "Ansible test environment is now active" -echo -e "Run 'unset-ansible-test-env' to deactivate.\n" diff --git a/bindep.txt b/bindep.txt deleted file mode 100644 index 17c6ecc11..000000000 --- a/bindep.txt +++ /dev/null @@ -1,41 +0,0 @@ -# This file facilitates OpenStack-CI package installation -# before the execution of any tests. -# -# See the following for details: -# - https://docs.openstack.org/infra/bindep/ -# - https://opendev.org/opendev/bindep/ -# -# Even if the role does not make use of this facility, it -# is better to have this file empty, otherwise OpenStack-CI -# will fall back to installing its default packages which -# will potentially be detrimental to the tests executed. - -# The gcc compiler -gcc - -# Base requirements for RPM distros -gcc-c++ [platform:rpm] -git [platform:rpm] -libffi-devel [platform:rpm] -openssl-devel [platform:rpm] -podman [platform:rpm] -python3-devel [platform:rpm !platform:rhel-7 !platform:centos-7] -PyYAML [platform:rpm !platform:rhel-8 !platform:centos-8 !platform:rhel-9 !platform:centos-9 !platform:fedora] -python3-pyyaml [platform:rpm !platform:rhel-7 !platform:centos-7] -python3-dnf [platform:rpm !platform:rhel-7 !platform:centos-7] - -# RH Mechanisms -python-rhsm-certificates [platform:redhat] - -# SELinux cent7 -libselinux-python3 [platform:rpm !platform:rhel-8 !platform:centos-8] -libsemanage-python3 [platform:redhat !platform:rhel-8 !platform:centos-8] -# SELinux cent8 -python3-libselinux [platform:rpm !platform:rhel-7 !platform:centos-7] -python3-libsemanage [platform:redhat !platform:rhel-7 !platform:centos-7] - -# Required for compressing collected log files in CI -gzip - -# Required to build language docs -gettext diff --git a/doc/build/html/.gitkeep b/doc/build/html/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/doc/requirements.txt b/doc/requirements.txt deleted file mode 100644 index 23816c6a0..000000000 --- a/doc/requirements.txt +++ /dev/null @@ -1,10 +0,0 @@ -# this is required for the docs build jobs -ansible-core -sphinx>=2.0.0,!=2.1.0 # BSD -openstackdocstheme>=2.2.1 # Apache-2.0 -reno>=3.1.0 # Apache-2.0 -doc8>=0.8.1 # Apache-2.0 -bashate>=0.6.0 # Apache-2.0 -metalsmith>=1.4.0 # Apache-2.0 -jsonschema # MIT -ruamel.yaml diff --git a/doc/source/_exts/ansible-autodoc.py b/doc/source/_exts/ansible-autodoc.py deleted file mode 100644 index f6ae1a985..000000000 --- a/doc/source/_exts/ansible-autodoc.py +++ /dev/null @@ -1,381 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import imp -import os - -from docutils import core -from docutils import nodes -from docutils.parsers.rst import Directive -from docutils.parsers import rst -from docutils.writers.html4css1 import Writer - -from sphinx import addnodes - -import yaml -from ruamel.yaml import YAML as RYAML - -try: - import io - StringIO = io.StringIO -except ImportError: - import StringIO - - -class DocYaml(RYAML): - def _license_filter(self, data): - """This will filter out our boilerplate license heading in return data. - - The filter is used to allow documentation we're creating in variable - files to be rendered more beautifully. - """ - lines = list() - mark = True - for line in data.splitlines(): - if '# Copyright' in line: - mark = False - if mark: - lines.append(line) - if '# under the License' in line: - mark = True - return '\n'.join(lines) - - def dump(self, data, stream=None, **kw): - if not stream: - stream = StringIO() - try: - RYAML.dump(self, data, stream, **kw) - return self._license_filter(stream.getvalue().strip()) - finally: - stream.close() - - -DOCYAML = DocYaml() -DOCYAML.default_flow_style = False - - -class AnsibleAutoPluginDirective(Directive): - directive_name = "ansibleautoplugin" - has_content = True - option_spec = { - 'module': rst.directives.unchanged, - 'role': rst.directives.unchanged, - 'documentation': rst.directives.unchanged, - 'examples': rst.directives.unchanged - } - - @staticmethod - def _render_html(source): - return core.publish_parts( - source=source, - writer=Writer(), - writer_name='html', - settings_overrides={'no_system_messages': True} - ) - - def make_node(self, title, contents, content_type=None): - section = self._section_block(title=title) - if not content_type: - # Doc section - for content in contents['docs']: - for paragraph in content.split('\n'): - retnode = nodes.paragraph() - retnode.append(self._raw_html_block(data=paragraph)) - section.append(retnode) - - # Options Section - options_list = nodes.field_list() - options_section = self._section_block(title='Options') - for key, value in contents['options'].items(): - options_list.append( - self._raw_fields( - data=value['description'], - field_name=key - ) - ) - else: - options_section.append(options_list) - section.append(options_section) - - # Authors Section - authors_list = nodes.field_list() - authors_list.append( - self._raw_fields( - data=contents['author'] - ) - ) - authors_section = self._section_block(title='Authors') - authors_section.append(authors_list) - section.append(authors_section) - - elif content_type == 'yaml': - for content in contents: - section.append( - self._literal_block( - data=content, - dump_data=False - ) - ) - - return section - - @staticmethod - def load_module(filename): - return imp.load_source('__ansible_module__', filename) - - @staticmethod - def build_documentation(module): - docs = DOCYAML.load(module.DOCUMENTATION) - doc_data = dict() - doc_data['docs'] = docs['description'] - doc_data['author'] = docs.get('author', list()) - doc_data['options'] = docs.get('options', dict()) - return doc_data - - @staticmethod - def build_examples(module): - examples = DOCYAML.load(module.EXAMPLES) - return_examples = list() - for example in examples: - return_examples.append(DOCYAML.dump([example])) - return return_examples - - def _raw_html_block(self, data): - html = self._render_html(source=data) - return nodes.raw('', html['body'], format='html') - - def _raw_fields(self, data, field_name=''): - body = nodes.field_body() - if isinstance(data, list): - for item in data: - body.append(self._raw_html_block(data=item)) - else: - body.append(self._raw_html_block(data=data)) - - field = nodes.field() - field.append(nodes.field_name(text=field_name)) - field.append(body) - return field - - @staticmethod - def _literal_block(data, language='yaml', dump_data=True): - if dump_data: - literal = nodes.literal_block( - text=DOCYAML.dump(data) - ) - else: - literal = nodes.literal_block(text=data) - literal['language'] = 'yaml' - return literal - - @staticmethod - def _section_block(title, text=None): - section = nodes.section( - title, - nodes.title(text=title), - ids=[nodes.make_id('-'.join(title))], - ) - if text: - section_body = nodes.field_body() - section_body.append(nodes.paragraph(text=text)) - section.append(section_body) - - return section - - def _yaml_section(self, to_yaml_data, section_title, section_text=None): - yaml_section = self._section_block( - title=section_title, - text=section_text - ) - yaml_section.append(self._literal_block(data=to_yaml_data)) - return yaml_section - - def _run_role(self, role): - section = self._section_block( - title='Role Documentation', - text='Welcome to the "{}" role documentation.'.format( - os.path.basename(role) - ) - ) - defaults_file = os.path.join(role, 'defaults', 'main.yml') - if os.path.exists(defaults_file): - with open(defaults_file) as f: - role_defaults = DOCYAML.load(f.read()) - section.append( - self._yaml_section( - to_yaml_data=role_defaults, - section_title='Role Defaults', - section_text='This section highlights all of the defaults' - ' and variables set within the "{}"' - ' role.'.format( - os.path.basename(role) - ) - ) - ) - - vars_path = os.path.join(role, 'vars') - if os.path.exists(vars_path): - for v_file in os.listdir(vars_path): - vars_file = os.path.join(vars_path, v_file) - with open(vars_file) as f: - vars_values = DOCYAML.load(f.read()) - section.append( - self._yaml_section( - to_yaml_data=vars_values, - section_title='Role Variables: {}'.format(v_file) - ) - ) - - test_list = nodes.field_list() - test_section = self._section_block( - title='Molecule Scenarios', - text='Molecule is being used to test the "{}" role. The' - ' following section highlights the drivers in service' - ' and provides an example playbook showing how the role' - ' is leveraged.'.format( - os.path.basename(role) - ) - ) - molecule_path = os.path.join(role, 'molecule') - if os.path.exists(molecule_path): - for test in os.listdir(molecule_path): - test_path = os.path.join(molecule_path, test) - molecule_section = self._section_block( - title='Scenario: {}'.format(test) - ) - molecule_file = os.path.join(test_path, 'molecule.yml') - if not os.path.exists(molecule_file): - continue - - with open(molecule_file) as f: - molecule_conf = DOCYAML.load(f.read()) - - driver_data = molecule_conf.get('driver') - if driver_data: - molecule_section.append( - nodes.field_name( - text='Driver: {}'.format( - driver_data['name'] - ) - ) - ) - - options = driver_data.get('options') - if options: - molecule_section.append( - self._yaml_section( - to_yaml_data=options, - section_title='Molecule Options' - ) - ) - - provisioner_data = molecule_conf.get('provisioner') - if provisioner_data: - inventory = provisioner_data.get('inventory') - if inventory: - molecule_section.append( - self._yaml_section( - to_yaml_data=inventory, - section_title='Molecule Inventory' - ) - ) - os.environ["MOLECULE_SCENARIO_DIRECTORY"] = test_path - converge_playbook_path = os.path.join(test_path, 'converge.yml') - molecule_playbook_path = os.path.expandvars( - provisioner_data.get('playbooks', {}) - .get('converge', converge_playbook_path) - ) - if not os.path.exists(molecule_playbook_path): - molecule_playbook_path = os.path.join( - test_path, 'playbook.yml' - ) - if not os.path.exists(molecule_playbook_path): - continue - with open(molecule_playbook_path) as f: - molecule_playbook = DOCYAML.load(f.read()) - molecule_section.append( - self._yaml_section( - to_yaml_data=molecule_playbook, - section_title='Example {} playbook'.format(test) - ) - ) - test_list.append(molecule_section) - else: - test_section.append(test_list) - section.append(test_section) - - self.run_returns.append(section) - - # Document any libraries nested within the role - library_path = os.path.join(role, 'library') - if os.path.exists(library_path): - self.options['documentation'] = True - self.options['examples'] = True - for lib in os.listdir(library_path): - if lib.endswith('.py'): - self._run_module( - module=self.load_module( - filename=os.path.join( - library_path, - lib - ) - ), - module_title='Embedded module: {}'.format(lib), - example_title='Examples for embedded module' - ) - - def _run_module(self, module, module_title="Module Documentation", - example_title="Example Tasks"): - if self.options.get('documentation'): - docs = self.build_documentation(module=module) - self.run_returns.append( - self.make_node( - title=module_title, - contents=docs - ) - ) - - if self.options.get('examples'): - examples = self.build_examples(module=module) - self.run_returns.append( - self.make_node( - title=example_title, - contents=examples, - content_type='yaml' - ) - ) - - def run(self): - self.run_returns = list() - - if self.options.get('module'): - module = self.load_module(filename=self.options['module']) - self._run_module(module=module) - - if self.options.get('role'): - self._run_role(role=self.options['role']) - - return self.run_returns - - -def setup(app): - classes = [ - AnsibleAutoPluginDirective, - ] - for directive_class in classes: - app.add_directive(directive_class.directive_name, directive_class) - - return {'version': '0.2'} diff --git a/doc/source/conf.py b/doc/source/conf.py deleted file mode 100755 index b31c1f654..000000000 --- a/doc/source/conf.py +++ /dev/null @@ -1,101 +0,0 @@ -#!/usr/bin/env python -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import os -import sys - -from ansible.plugins import loader - -# Add the project -sys.path.insert(0, os.path.abspath('../..')) -# Add the extensions -sys.path.insert(0, os.path.join(os.path.abspath('.'), '_exts')) - -# -- General configuration ---------------------------------------------------- - -# Add any Sphinx extension module names here, as strings. They can be -# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom ones. -extensions = [ - 'openstackdocstheme', - 'sphinx.ext.autodoc', - 'ansible-autodoc' -] - -# autodoc generation is a bit aggressive and a nuisance when doing heavy -# text edit cycles. -# execute "export SPHINX_DEBUG=1" in your terminal to disable -# autodoc_mock_imports = ["django"] - -# The suffix of source filenames. -source_suffix = '.rst' - -# The master toctree document. -master_doc = 'index' - -# General information about the project. -project = u'tripleo-ansible' -copyright = u'2019, OpenStack Foundation' - -# If true, '()' will be appended to :func: etc. cross-reference text. -add_function_parentheses = True - -# If true, the current module name will be prepended to all description -# unit titles (such as .. function::). -add_module_names = True - -# The name of the Pygments (syntax highlighting) style to use. -pygments_style = 'native' - -# -- Options for HTML output -------------------------------------------------- - -# The theme to use for HTML and HTML Help pages. Major themes that come with -# Sphinx are currently 'default' and 'sphinxdoc'. -# html_theme_path = ["."] -# html_theme = '_theme' -# html_static_path = ['static'] - -# Output file base name for HTML help builder. -htmlhelp_basename = '%sdoc' % project -html_theme = 'openstackdocs' - -# Grouping the document tree into LaTeX files. List of tuples -# (source start file, target name, title, author, documentclass -# [howto/manual]). -latex_documents = [ - ('index', - '%s.tex' % project, - u'%s Documentation' % project, - u'OpenStack Foundation', 'manual'), -] - -# Example configuration for intersphinx: refer to the Python standard library. -# intersphinx_mapping = {'http://docs.python.org/': None} - -# openstackdocstheme options -openstackdocs_repo_name = 'openstack/tripleo-ansible' -openstackdocs_auto_name = False -openstackdocs_bug_project = 'tripleo' -openstackdocs_bug_tag = 'documentation' - -needed_module_utils = [ - 'baremetal_deploy', - 'tripleo_common_utils' -] -# load our custom module_utils so that modules can be imported for -# generating docs -for m in needed_module_utils: - try: - loader.module_utils_loader.get(m) - except AttributeError: - pass diff --git a/doc/source/contributing_roles.rst b/doc/source/contributing_roles.rst deleted file mode 100644 index 5ba98fa8e..000000000 --- a/doc/source/contributing_roles.rst +++ /dev/null @@ -1,198 +0,0 @@ -============ -Contributing -============ - -Adding roles into this project is easy and starts with a compatible skeleton. - - -Create a new role manually -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -From with the project root, creating a skeleton for the new role. - -.. code-block:: console - - $ ansible-galaxy init --role-skeleton=_skeleton_role_ --init-path=tripleo_ansible/roles ${NEWROLENAME} - -When the role is ready for CI, add a **job** entry into the -`zuul.d/molecule.yaml`. - -.. code-block:: yaml - - - job: - files: - - ^tripleo_ansible/roles/${NEWROLENAME}/.* - name: tripleo-ansible-centos-stream-molecule-${NEWROLENAME} - parent: tripleo-ansible-centos-stream-base - vars: - tox_envlist: mol-${NEWROLENAME} - - -Make sure to add the **job** name into the check and gate section at the top -of the `molecule.yaml` file. - -.. code-block:: yaml - - - project: - check: - jobs: - - tripleo-ansible-centos-stream-molecule-${NEWROLENAME} - gate: - jobs: - - tripleo-ansible-centos-stream-molecule-${NEWROLENAME} - - -Finally add a role documentation file at -`doc/source/roles/role-${NEWROLENAME}.rst`. This file will need to contain -a title, a literal include of the defaults yaml and a literal include of -the molecule playbook, or playbooks, used to test the role, which is noted -as an "example" playbook. - - -Create a new role with automation -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The role addition process is also automated using ansible. If ansible is -available on the development workstation change directory to the root of -the `tripleo-ansible` repository and run the the following command which -will perform the basic tasks noted above. - -.. code-block:: console - - $ ansible-playbook -i localhost, role-addition.yml -e role_name=${NEWROLENAME} - - -If this playbook is being executed from a virtual-environment be sure to -activate the virtual environment before running the playbook. - -.. code-block:: console - - $ . ~/bin/venvs/ansible/bin/activate - (ansible)$ ansible-playbook -i localhost, role-addition.yml -e role_name=${NEWROLENAME} - - -Local testing of new roles -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Local testing of new roles can be done in any number of ways, however, -the easiest way is via the script `run-local-test`. This script -will setup the local work environment to execute tests mimicking what -Zuul does. - -.. warning:: - - This script makes the assumption the executing user has the - ability to escalate privileges and will modify the local system. - -To use this script execute the following command. - -.. code-block:: console - - $ ./scripts/run-local-test ${NEWROLENAME} - -When using the `run-local-test` script, the TRIPLEO_JOB_ANSIBLE_ARGS -environment variable can be used to pass arbitrary Ansible arguments. -For example, the following shows how to use `--skip-tags` when testing -the `tripleo_ceph_run_ansible` role. - -.. code-block:: console - - $ export TRIPLEO_JOB_ANSIBLE_ARGS="--skip-tags run_ceph_ansible,run_uuid_ansible" - $ ./scripts/run-local-test tripleo_ceph_run_ansible - -Role based testing with molecule can be executed directly from within -the role directory. - -.. note:: - - Most tests require docker for container based testing. If Docker - is not available on the local workstation it will need to be - installed prior to executing most molecule based tests. - - -.. note:: - - The script `bindep-install`, in the **scripts** path, is - available and will install all system dependencies. - - -Before running basic molecule tests, it is recommended to install all -of the python dependencies in a virtual environment. - -.. code-block:: console - - $ python -m virtualenv --system-site-packages "${HOME}/test-python" - $ ${HOME}/test-python/bin/pip install -r requirements.txt \ - -r test-requirements.txt \ - -r molecule-requirements.txt - $ source ${HOME}/test-python/bin/activate - - -To run a basic molecule test, simply source the `ansibe-test-env.rc` -file from the project root, and then execute the following commands. - -.. code-block:: console - - (test-python) $ source ansible-test-env.rc - (test-python) $ cd tripleo_ansible/roles/${NEWROLENAME}/ - (test-python) $ molecule --base-config ../../../.config/molecule/config.yml test --all - -To run a test using the `podman` driver, `ansible-test-env-podman.rc` also -needs to be sourced, and specify the `config_podman.yml` molecule config. - -.. code-block:: console - - (test-python) $ source ansible-test-env.rc - (test-python) $ source ansible-test-env-podman.rc - (test-python) $ cd tripleo_ansible/roles/${NEWROLENAME}/ - (test-python) $ molecule --base-config ../../../.config/molecule/config_podman.yml test --all - -If a role has more than one scenario, a specific scenario can be -specified on the command line. Running specific scenarios will -help provide developer feedback faster. To pass-in a scenario use -the `--scenario-name` flag with the name of the desired scenario. - -.. code-block:: console - - (test-python) $ cd tripleo_ansible/roles/${NEWROLENAME}/ - (test-python) $ molecule test --scenario-name ${EXTRA_SCENARIO_NAME} - - -When debugging molecule tests its sometimes useful to use the -`--debug` flag. This flag will provide extra verbose output about -test being executed and running the environment. - -.. code-block:: console - - (test-python) $ molecule --debug test - - -Contributing plugins -~~~~~~~~~~~~~~~~~~~~ - -All plugins contributed to the TripleO-Ansible can be found in the -`tripleo_ansible/ansible_plugins` directory, from the root of this project. -When contributing a plugin, make sure to also add documentation in the -`doc/source/modules` folder. All documentation added to this folder will be -automatically indexed and rendered via `sphinx`. - -If a contributed plugin is following the Ansible practice of placing -documentation within the plugin itself, the following snippet can be used in a -sphinx template to auto-render the in-code documentation. - -.. code-block:: rst - - .. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/${DIRECTORY}/${PLUGINFILE} - :documentation: true - :examples: true - -The snippet can take two options, `documentation` and `examples`. If a given -plugin does not have either of these in-code documentation objects, -documentation for either type can be disabled by omitting the option. - -.. code-block:: rst - - .. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/${DIRECTORY}/${PLUGINFILE} - :documentation: true diff --git a/doc/source/contributor/contributing.rst b/doc/source/contributor/contributing.rst deleted file mode 100644 index d7e50a2e5..000000000 --- a/doc/source/contributor/contributing.rst +++ /dev/null @@ -1,67 +0,0 @@ -============================ -So You Want to Contribute... -============================ - -For general information on contributing to OpenStack, please check out the -`contributor guide `_ to get started. -It covers all the basics that are common to all OpenStack projects: the accounts -you need, the basics of interacting with our Gerrit review system, how we -communicate as a community, etc. - -The information below will cover the project specific information you need to get started with TripleO. - -Documentation -~~~~~~~~~~~~~ -Documentation for the TripleO project can be found `here `_ - -Communication -~~~~~~~~~~~~~ -* IRC channel ``#tripleo`` at FreeNode -* Mailing list (prefix subjects with ``[tripleo]`` for faster responses) - http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-discuss - -Contacting the Core Team -~~~~~~~~~~~~~~~~~~~~~~~~ -Please refer to the `TripleO Core Team -`_ contacts. - -New Feature Planning -~~~~~~~~~~~~~~~~~~~~ -If you want to propose a new feature please read our `Example Spec `_ - -Submit your feature to the `proper branch `_. - -TripleO features are tracked on `Launchpad BP `_. - -New TripleO Policy Proposal -~~~~~~~~~~~~~~~~~~~~~~~~~~~ -New policies can be proposed by submitting a policy-template -in the same way a spec file is submitted. - -Task Tracking -~~~~~~~~~~~~~ -We track our tasks in `Launchpad `_ and in -`StoryBoard `_ - -Reporting a Bug -~~~~~~~~~~~~~~~ -You found an issue and want to make sure we are aware of it? You can do so on -`Launchpad `__. -More info about Launchpad usage can be found on `OpenStack docs page -`_ - -Getting Your Patch Merged -~~~~~~~~~~~~~~~~~~~~~~~~~ -All changes proposed to the TripleO requires two ``Code-Review +2`` votes from -TripleO core reviewers before one of the core reviewers can approve patch by -giving ``Workflow +1`` vote. - -Project Team Lead Duties -~~~~~~~~~~~~~~~~~~~~~~~~ -All common PTL duties are enumerated in the `PTL guide -`_. - -The Release Process for TripleO is documented in `Release Management -`_. - -Documentation for the TripleO project can be found `here `_ diff --git a/doc/source/index.rst b/doc/source/index.rst deleted file mode 100644 index 36a071136..000000000 --- a/doc/source/index.rst +++ /dev/null @@ -1,26 +0,0 @@ -.. tripleo-ansible documentation master file, created by - sphinx-quickstart on Tue Jun 7 22:26:36 2019. - You can adapt this file completely to your liking, but it should at least - contain the root `toctree` directive. - -Welcome to tripleo-ansible's documentation! -=========================================== - -Contents: - -.. toctree:: - :maxdepth: 2 - - contributor/contributing - installation - contributing_roles - usage - roles - modules - standalone-roles-playbooks - -Indices and tables -================== - -* :ref:`genindex` -* :ref:`search` diff --git a/doc/source/installation.rst b/doc/source/installation.rst deleted file mode 100644 index 5fe129ceb..000000000 --- a/doc/source/installation.rst +++ /dev/null @@ -1,16 +0,0 @@ -============ -Installation -============ - -At the command line using `yum`. - -.. code-block:: console - - $ yum install tripleo-ansible - - -At the command line using `dnf`. - -.. code-block:: console - - $ dnf install tripleo-ansible diff --git a/doc/source/modules.rst b/doc/source/modules.rst deleted file mode 100644 index 8de930115..000000000 --- a/doc/source/modules.rst +++ /dev/null @@ -1,9 +0,0 @@ -Documented modules in TripleO-Ansible -===================================== - -Contents: - -.. toctree:: - :glob: - - modules/* diff --git a/doc/source/modules/action-package.rst b/doc/source/modules/action-package.rst deleted file mode 100644 index 39425bcb3..000000000 --- a/doc/source/modules/action-package.rst +++ /dev/null @@ -1,14 +0,0 @@ -================ -Module - package -================ - - -This module provides for the following ansible plugin: - - * package - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/action/package.py - :documentation: true - :examples: true diff --git a/doc/source/modules/action-tripleo_host_prep.rst b/doc/source/modules/action-tripleo_host_prep.rst deleted file mode 100644 index 321765393..000000000 --- a/doc/source/modules/action-tripleo_host_prep.rst +++ /dev/null @@ -1,14 +0,0 @@ -========================== -Module - tripleo_host_prep -========================== - - -This module provides for the following ansible plugin: - - * tripleo_host_prep - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/action/tripleo_host_prep.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-ceph_spec.rst b/doc/source/modules/modules-ceph_spec.rst deleted file mode 100644 index 605a4a10d..000000000 --- a/doc/source/modules/modules-ceph_spec.rst +++ /dev/null @@ -1,14 +0,0 @@ -============================ -Module - ceph_mkspec -============================ - - -This module provides for the following ansible plugin: - - * ceph_mkspec - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/ceph_mkspec.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-ceph_spec_bootstrap.rst b/doc/source/modules/modules-ceph_spec_bootstrap.rst deleted file mode 100644 index d10356cf1..000000000 --- a/doc/source/modules/modules-ceph_spec_bootstrap.rst +++ /dev/null @@ -1,14 +0,0 @@ -============================ -Module - ceph_spec_bootstrap -============================ - - -This module provides for the following ansible plugin: - - * ceph_spec_bootstrap - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/ceph_spec_bootstrap.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-container-puppet-config.rst b/doc/source/modules/modules-container-puppet-config.rst deleted file mode 100644 index 30d59c47a..000000000 --- a/doc/source/modules/modules-container-puppet-config.rst +++ /dev/null @@ -1,14 +0,0 @@ -================================ -Module - container_puppet_config -================================ - - -This module provides for the following ansible plugin: - - * container_puppet_config - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/container_puppet_config.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo-container-config-scripts.rst b/doc/source/modules/modules-tripleo-container-config-scripts.rst deleted file mode 100644 index 294467f0f..000000000 --- a/doc/source/modules/modules-tripleo-container-config-scripts.rst +++ /dev/null @@ -1,14 +0,0 @@ -========================================= -Module - tripleo_container_config_scripts -========================================= - - -This module provides for the following ansible plugin: - - * tripleo_container_config_scripts - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_container_config_scripts.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo-container-configs.rst b/doc/source/modules/modules-tripleo-container-configs.rst deleted file mode 100644 index bacf73f22..000000000 --- a/doc/source/modules/modules-tripleo-container-configs.rst +++ /dev/null @@ -1,14 +0,0 @@ -================================== -Module - tripleo_container_configs -================================== - - -This module provides for the following ansible plugin: - - * tripleo_container_configs - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_container_configs.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo-overcloud_role_show.rst b/doc/source/modules/modules-tripleo-overcloud_role_show.rst deleted file mode 100644 index 865dad852..000000000 --- a/doc/source/modules/modules-tripleo-overcloud_role_show.rst +++ /dev/null @@ -1,8 +0,0 @@ -==================================== -Module - tripleo_overcloud_role_show -==================================== - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_role_show.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_baremetal_check_existing.rst b/doc/source/modules/modules-tripleo_baremetal_check_existing.rst deleted file mode 100644 index 28a5639e5..000000000 --- a/doc/source/modules/modules-tripleo_baremetal_check_existing.rst +++ /dev/null @@ -1,14 +0,0 @@ -========================================= -Module - tripleo_baremetal_check_existing -========================================= - - -This module provides for the following ansible plugin: - - * tripleo_baremetal_check_existing - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_baremetal_check_existing.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_baremetal_expand_roles.rst b/doc/source/modules/modules-tripleo_baremetal_expand_roles.rst deleted file mode 100644 index 501b9bc08..000000000 --- a/doc/source/modules/modules-tripleo_baremetal_expand_roles.rst +++ /dev/null @@ -1,14 +0,0 @@ -======================================= -Module - tripleo_baremetal_expand_roles -======================================= - - -This module provides for the following ansible plugin: - - * tripleo_baremetal_expand_roles - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_baremetal_expand_roles.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_baremetal_populate_environment.rst b/doc/source/modules/modules-tripleo_baremetal_populate_environment.rst deleted file mode 100644 index 9503d74df..000000000 --- a/doc/source/modules/modules-tripleo_baremetal_populate_environment.rst +++ /dev/null @@ -1,14 +0,0 @@ -=============================================== -Module - tripleo_baremetal_populate_environment -=============================================== - - -This module provides for the following ansible plugin: - - * tripleo_baremetal_populate_environment - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_baremetal_populate_environment.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_build_heat_environment.rst b/doc/source/modules/modules-tripleo_build_heat_environment.rst deleted file mode 100644 index 55a5bbba5..000000000 --- a/doc/source/modules/modules-tripleo_build_heat_environment.rst +++ /dev/null @@ -1,14 +0,0 @@ -======================================= -Module - tripleo_build_heat_environment -======================================= - - -This module provides for the following ansible plugin: - - * tripleo_build_heat_environment - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_build_heat_environment.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_composable_network.rst b/doc/source/modules/modules-tripleo_composable_network.rst deleted file mode 100644 index b5c76f638..000000000 --- a/doc/source/modules/modules-tripleo_composable_network.rst +++ /dev/null @@ -1,14 +0,0 @@ -=================================== -Module - tripleo_composable_network -=================================== - - -This module provides for the following ansible plugin: - - * tripleo_composable_network - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_composable_network.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_config_download.rst b/doc/source/modules/modules-tripleo_config_download.rst deleted file mode 100644 index 1ee792980..000000000 --- a/doc/source/modules/modules-tripleo_config_download.rst +++ /dev/null @@ -1,14 +0,0 @@ -================================ -Module - tripleo_config_download -================================ - - -This module provides for the following ansible plugin: - - * tripleo_config_download - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_config_download.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_container_image_prepare.rst b/doc/source/modules/modules-tripleo_container_image_prepare.rst deleted file mode 100644 index 3c62d56ec..000000000 --- a/doc/source/modules/modules-tripleo_container_image_prepare.rst +++ /dev/null @@ -1,14 +0,0 @@ -======================================== -Module - tripleo_container_image_prepare -======================================== - - -This module provides for the following ansible plugin: - - * tripleo_container_image_prepare - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_container_image_prepare.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_deploy_artifacts.rst b/doc/source/modules/modules-tripleo_deploy_artifacts.rst deleted file mode 100644 index 220da0775..000000000 --- a/doc/source/modules/modules-tripleo_deploy_artifacts.rst +++ /dev/null @@ -1,14 +0,0 @@ -================================= -Module - tripleo_deploy_artifacts -================================= - - -This module provides for the following ansible plugin: - - * tripleo_deploy_artifacts - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_deploy_artifacts.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_diff_exec.rst b/doc/source/modules/modules-tripleo_diff_exec.rst deleted file mode 100644 index 04eef8cdc..000000000 --- a/doc/source/modules/modules-tripleo_diff_exec.rst +++ /dev/null @@ -1,14 +0,0 @@ -========================== -Module - tripleo_diff_exec -========================== - - -This module provides for the following ansible plugin: - - * tripleo_diff_exec - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_diff_exec.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_fernet_keys_rotate.rst b/doc/source/modules/modules-tripleo_fernet_keys_rotate.rst deleted file mode 100644 index 38b0c3014..000000000 --- a/doc/source/modules/modules-tripleo_fernet_keys_rotate.rst +++ /dev/null @@ -1,14 +0,0 @@ -=================================== -Module - tripleo_fernet_keys_rotate -=================================== - - -This module provides for the following ansible plugin: - - * tripleo_fernet_keys_rotate - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_fernet_keys_rotate.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_generate_ansible_inventory.rst b/doc/source/modules/modules-tripleo_generate_ansible_inventory.rst deleted file mode 100644 index a27cf63d3..000000000 --- a/doc/source/modules/modules-tripleo_generate_ansible_inventory.rst +++ /dev/null @@ -1,14 +0,0 @@ -=========================================== -Module - tripleo_generate_ansible_inventory -=========================================== - - -This module provides for the following ansible plugin: - - * tripleo_generate_ansible_inventory - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_generate_ansible_inventory.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_network_populate_environment.rst b/doc/source/modules/modules-tripleo_network_populate_environment.rst deleted file mode 100644 index 29d1bd461..000000000 --- a/doc/source/modules/modules-tripleo_network_populate_environment.rst +++ /dev/null @@ -1,14 +0,0 @@ -============================================= -Module - tripleo_network_populate_environment -============================================= - - -This module provides for the following ansible plugin: - - * tripleo_network_populate_environment - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_network_populate_environment.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_network_ports_populate_environment.rst b/doc/source/modules/modules-tripleo_network_ports_populate_environment.rst deleted file mode 100644 index 41a21b4ea..000000000 --- a/doc/source/modules/modules-tripleo_network_ports_populate_environment.rst +++ /dev/null @@ -1,14 +0,0 @@ -=================================================== -Module - tripleo_network_ports_populate_environment -=================================================== - - -This module provides for the following ansible plugin: - - * tripleo_network_ports_populate_environment - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_network_ports_populate_environment.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_nova_image_cache.rst b/doc/source/modules/modules-tripleo_nova_image_cache.rst deleted file mode 100644 index 2d8d66ff0..000000000 --- a/doc/source/modules/modules-tripleo_nova_image_cache.rst +++ /dev/null @@ -1,14 +0,0 @@ -================================= -Module - tripleo_nova_image_cache -================================= - - -This module provides for the following ansible plugin: - - * tripleo_nova_image_cache - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_nova_image_cache.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_os_net_config.rst b/doc/source/modules/modules-tripleo_os_net_config.rst deleted file mode 100644 index e1b3e7a24..000000000 --- a/doc/source/modules/modules-tripleo_os_net_config.rst +++ /dev/null @@ -1,14 +0,0 @@ -============================== -Module - tripleo_os_net_config -============================== - - -This module provides for the following ansible plugin: - - * tripleo_os_net_config - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_os_net_config.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_os_net_config_mappings.rst b/doc/source/modules/modules-tripleo_os_net_config_mappings.rst deleted file mode 100644 index e9cdff482..000000000 --- a/doc/source/modules/modules-tripleo_os_net_config_mappings.rst +++ /dev/null @@ -1,14 +0,0 @@ -======================================= -Module - tripleo_os_net_config_mappings -======================================= - - -This module provides for the following ansible plugin: - - * tripleo_os_net_config_mappings - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_os_net_config_mappings.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_overcloud_network_vip_extract.rst b/doc/source/modules/modules-tripleo_overcloud_network_vip_extract.rst deleted file mode 100644 index 1ce95ac14..000000000 --- a/doc/source/modules/modules-tripleo_overcloud_network_vip_extract.rst +++ /dev/null @@ -1,14 +0,0 @@ -============================================== -Module - tripleo_overcloud_network_vip_extract -============================================== - - -This module provides for the following ansible plugin: - - * tripleo_overcloud_network_vip_extract - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_vip_extract.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_overcloud_network_vip_populate_environment.rst b/doc/source/modules/modules-tripleo_overcloud_network_vip_populate_environment.rst deleted file mode 100644 index 449dd4ca9..000000000 --- a/doc/source/modules/modules-tripleo_overcloud_network_vip_populate_environment.rst +++ /dev/null @@ -1,14 +0,0 @@ -=========================================================== -Module - tripleo_overcloud_network_vip_populate_environment -=========================================================== - - -This module provides for the following ansible plugin: - - * tripleo_overcloud_network_vip_populate_environment - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_vip_populate_environment.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_overcloud_network_vip_provision.rst b/doc/source/modules/modules-tripleo_overcloud_network_vip_provision.rst deleted file mode 100644 index c18eb59fc..000000000 --- a/doc/source/modules/modules-tripleo_overcloud_network_vip_provision.rst +++ /dev/null @@ -1,14 +0,0 @@ -================================================ -Module - tripleo_overcloud_network_vip_provision -================================================ - - -This module provides for the following ansible plugin: - - * tripleo_overcloud_network_vip_provision - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_vip_provision.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_overcloud_role_list.rst b/doc/source/modules/modules-tripleo_overcloud_role_list.rst deleted file mode 100644 index 375f39007..000000000 --- a/doc/source/modules/modules-tripleo_overcloud_role_list.rst +++ /dev/null @@ -1,8 +0,0 @@ -==================================== -Module - tripleo_overcloud_role_list -==================================== - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_role_list.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_ovn_mac_addresses.rst b/doc/source/modules/modules-tripleo_ovn_mac_addresses.rst deleted file mode 100644 index 254573cf6..000000000 --- a/doc/source/modules/modules-tripleo_ovn_mac_addresses.rst +++ /dev/null @@ -1,14 +0,0 @@ -================================== -Module - tripleo_ovn_mac_addresses -================================== - - -This module provides for the following ansible plugin: - - * tripleo_ovn_mac_addresses - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_ovn_mac_addresses.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_passwords_rotate.rst b/doc/source/modules/modules-tripleo_passwords_rotate.rst deleted file mode 100644 index 43b9329dd..000000000 --- a/doc/source/modules/modules-tripleo_passwords_rotate.rst +++ /dev/null @@ -1,14 +0,0 @@ -================================= -Module - tripleo_passwords_rotate -================================= - - -This module provides for the following ansible plugin: - - * tripleo_passwords_rotate - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_passwords_rotate.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_unmanaged_populate_environment.rst b/doc/source/modules/modules-tripleo_unmanaged_populate_environment.rst deleted file mode 100644 index ad632205a..000000000 --- a/doc/source/modules/modules-tripleo_unmanaged_populate_environment.rst +++ /dev/null @@ -1,14 +0,0 @@ -=============================================== -Module - tripleo_unmanaged_populate_environment -=============================================== - - -This module provides for the following ansible plugin: - - * tripleo_unmanaged_populate_environment - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_unmanaged_populate_environment.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-tripleo_unprovision_network.rst b/doc/source/modules/modules-tripleo_unprovision_network.rst deleted file mode 100644 index c5909f5c6..000000000 --- a/doc/source/modules/modules-tripleo_unprovision_network.rst +++ /dev/null @@ -1,14 +0,0 @@ -==================================== -Module - tripleo_unprovision_network -==================================== - - -This module provides for the following ansible plugin: - - * tripleo_unprovision_network - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_unprovision_network.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules_tripleo_overcloud_network_extract.rst b/doc/source/modules/modules_tripleo_overcloud_network_extract.rst deleted file mode 100644 index 56f805512..000000000 --- a/doc/source/modules/modules_tripleo_overcloud_network_extract.rst +++ /dev/null @@ -1,14 +0,0 @@ -========================================== -Module - tripleo_overcloud_network_extract -========================================== - - -This module provides for the following ansible plugin: - - * tripleo_overcloud_network_extract - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_extract.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules_tripleo_overcloud_network_ports.rst b/doc/source/modules/modules_tripleo_overcloud_network_ports.rst deleted file mode 100644 index 2031d1bf7..000000000 --- a/doc/source/modules/modules_tripleo_overcloud_network_ports.rst +++ /dev/null @@ -1,14 +0,0 @@ -======================================== -Module - tripleo_overcloud_network_ports -======================================== - - -This module provides for the following ansible plugin: - - * tripleo_overcloud_network_ports - - -.. ansibleautoplugin:: - :module: tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_ports.py - :documentation: true - :examples: true diff --git a/doc/source/roles.rst b/doc/source/roles.rst deleted file mode 100644 index a19a3f329..000000000 --- a/doc/source/roles.rst +++ /dev/null @@ -1,9 +0,0 @@ -Documented roles in TripleO-Ansible -=================================== - -Contents: - -.. toctree:: - :glob: - - roles/* diff --git a/doc/source/roles/role-aide.rst b/doc/source/roles/role-aide.rst deleted file mode 100644 index 225594860..000000000 --- a/doc/source/roles/role-aide.rst +++ /dev/null @@ -1,6 +0,0 @@ -=========== -Role - aide -=========== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/aide diff --git a/doc/source/roles/role-backup_and_restore.rst b/doc/source/roles/role-backup_and_restore.rst deleted file mode 100644 index 6a284763f..000000000 --- a/doc/source/roles/role-backup_and_restore.rst +++ /dev/null @@ -1,307 +0,0 @@ -========================= -Role - backup_and_restore -========================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/backup_and_restore - -Usage -~~~~~ - -This Ansible role allows to -do the following tasks: - -1. Install an NFS server. -2. Install ReaR. -3. Perform a ReaR backup. - - -This example is meant to describe a very simple -use case in which the user needs to create a set -of recovery images from the control plane nodes. - -First, the user needs to have access to the -environment Ansible inventory. - -We will use the *tripleo-ansible-inventory* -command to generate the inventory file. - -:: - - tripleo-ansible-inventory \ - --ansible_ssh_user heat-admin \ - --static-yaml-inventory ~/tripleo-inventory.yaml - -In this particular case, we don't have an additional -NFS server to store the backups from the control plane nodes, -so, we will install the NFS server in the Undercloud node -(but any other node can be used as the NFS storage backend). - -First, we need to create an Ansible playbook to -specify that we will install the NFS server in the -Undercloud node. - -:: - - cat <<'EOF' > ~/bar_nfs_setup.yaml - # Playbook - # We will setup the NFS node in the Undercloud node - # (we don't have any other place at the moment to do this) - - become: true - hosts: undercloud - name: Setup NFS server for ReaR - roles: - - role: backup_and_restore - EOF - -Then, we will create another playbook to determine the location -in which we will like to install ReaR. - -:: - - cat <<'EOF' > ~/bar_rear_setup.yaml - # Playbook - # We install and configure ReaR in the control plane nodes - # As they are the only nodes we will like to backup now. - - become: true - hosts: Controller - name: Install ReaR - roles: - - role: backup_and_restore - EOF - -Now we create the playbook to create the actual backup. - -:: - - cat <<'EOF' > ~/bar_rear_create_restore_images.yaml - # Playbook - # We run ReaR in the control plane nodes. - - become: true - hosts: ceph_mon - name: Backup ceph authentication - tasks: - - name: Backup ceph authentication role - include_role: - name: backup_and_restore - tasks_from: ceph_authentication - tags: - - bar_create_recover_image - - - become: true - hosts: Controller - name: Create the recovery images for the control plane - roles: - - role: backup_and_restore - EOF - -The last step is to run the previously create playbooks -filtering by the corresponding tag. - -First, we configure the NFS server. - -:: - - # Configure NFS server in the Undercloud node - ansible-playbook \ - -v -i ~/tripleo-inventory.yaml \ - --extra="ansible_ssh_common_args='-o StrictHostKeyChecking=no'" \ - --become \ - --become-user root \ - --tags bar_setup_nfs_server \ - ~/bar_nfs_setup.yaml - -Then, we install ReaR in the desired nodes. - -:: - - # Configure ReaR in the control plane - ansible-playbook \ - -v -i ~/tripleo-inventory.yaml \ - --extra="ansible_ssh_common_args='-o StrictHostKeyChecking=no'" \ - --become \ - --become-user root \ - --tags bar_setup_rear \ - ~/bar_rear_setup.yaml - -Lastly, we execute the actual backup step. With or without ceph. - -:: - - # Create recovery images of the control plane - ansible-playbook \ - -v -i ~/tripleo-inventory.yaml \ - --extra="ansible_ssh_common_args='-o StrictHostKeyChecking=no'" \ - --become \ - --become-user root \ - --tags bar_create_recover_image \ - ~/bar_rear_create_restore_images.yaml - - -Ironic Usage -~~~~~~~~~~~~ - -This Ansible role gets the most of the ironic/metallsmitch -service on the Undercloud to automate the restoration of -the nodes. - -1. Install an NFS server as a data backup. -2. Install an NFS server on the Undercloud. -3. Install and configure ReaR. -4. Perform a ReaR backup. -5. Restore a Node. - - -Firstly, the user needs to have access to the -environment Ansible inventory. - -We will use the *tripleo-ansible-inventory* -command to generate the inventory file. - -:: - - tripleo-ansible-inventory \ - --stack overcloud \ - --ansible_ssh_user heat-admin \ - --static-yaml-inventory ~/tripleo-inventory.yaml - - -Secondly, we need to create an Ansible playbook to -specify that we will install the NFS server in the -Undercloud node. - -:: - - cat <<'EOF' > ~/bar_nfs_setup.yaml - # Playbook - # We will setup the NFS node in the Undercloud node - # (we don't have any other place at the moment to do this) - - become: true - hosts: backupServer - name: Setup NFS server for ReaR - roles: - - role: backup_and_restore - EOF - - -Then, we need to install and configure the NFS server. - -:: - - # Install and Configure NFS server node - ansible-playbook \ - -v -i ~/tripleo-inventory.yaml \ - --extra="ansible_ssh_common_args='-o StrictHostKeyChecking=no'" \ - --become \ - --become-user root \ - --tags bar_setup_nfs_server \ - ~/bar_nfs_setup.yaml - - -The Undercloud needs to be configured to integrate ReaR with -Ironic. The first step is the creation of the playbook. - -:: - - cat <<'EOF' > ~/prepare-undercloud-pxe.yaml - --- - - name: TripleO PXE installation and configuration. - hosts: Undercloud - become: true - vars: - tripleo_backup_and_restore_shared_storage_folder: "{{ tripleo_backup_and_restore_ironic_images_path }}" - tripleo_backup_and_restore_shared_storage_subfolders: ["pxelinux.cfg"] - roles: - - role: backup_and_restore - EOF - -After the playbook is created, let's execute ansible to apply the changes. - -:: - - ansible-playbook \ - -v -i ~/tripleo-inventory.yaml \ - --extra="ansible_ssh_common_args='-o StrictHostKeyChecking=no'" \ - --become \ - --become-user root \ - --tags bar_setup_nfs_server \ - ~/prepare-undercloud-pxe.yaml - -Now, the overcloud nodes need to be configured. As before firstly the -playbook is created. - -:: - - cat <<'EOF' > ~cli-overcloud-conf-ironic.yaml - --- - - name: Get Undercloud data - hosts: Undercloud - tasks: - - name: Get networking - setup: - gather_subset: network - tags: - - never - - - name: TripleO Ironic ReaR installation and configuration on Overcloud - hosts: Controller - become: true - vars: - tripleo_backup_and_restore_pxe_output_url: "nfs://{{ hostvars['undercloud']['ansible_facts']['br_ctlplane']['ipv4']['address'] }}{{ tripleo_backup_and_restore_ironic_images_path }}" - tripleo_backup_and_restore_local_config: - OUTPUT: PXE - OUTPUT_PREFIX_PXE: $HOSTNAME - BACKUP: NETFS - PXE_RECOVER_MODE: '"unattended"' - PXE_CREATE_LINKS: '"IP"' - USE_STATIC_NETWORKING: y - PXE_CONFIG_GRUB_STYLE: y - KERNEL_CMDLINE: '"unattended"' - POST_RECOVERY_SCRIPT: poweroff - USER_INPUT_TIMEOUT: "10" - PXE_TFTP_URL: "{{ tripleo_backup_and_restore_pxe_output_url }}" - BACKUP_URL: "{{ tripleo_backup_and_restore_backup_url }}" - PXE_CONFIG_URL: "{{ tripleo_backup_and_restore_pxe_output_url }}/pxelinux.cfg" - roles: - - role: backup_and_restore - EOF - -Install and configure ReaR on the overcloud controller nodes. If the nodes are using OVS, -ReaR does not know how to configure the network so the -tripleo_backup_and_restore_network_preparation_commands needs to be configure. - -:: - - ansible-playbook \ - -v -i tripleo-inventory.yaml \ - --extra="ansible_ssh_common_args='-o StrictHostKeyChecking=no'" \ - --become \ - --become-user root \ - --tags bar_setup_rear \ - ~/cli-overcloud-conf-ironic.yaml \ - -e "tripleo_backup_and_restore_network_preparation_commands=\"('ip l a br-ex type bridge' 'ip l s ens3 up' 'ip l s br-ex up' 'ip l s ens3 master br-ex' 'dhclient br-ex')\"" - - -There are some playbooks that can be used to perform a backup of the nodes. - -:: - - ansible-playbook \ - -v -i ~/tripleo-inventory.yaml \ - --extra="ansible_ssh_common_args='-o StrictHostKeyChecking=no'" \ - --become \ - --become-user root \ - --tags bar_create_recover_image \ - /usr/share/ansible/tripleo-playbooks/cli-overcloud-backup.yaml - - -In the same way to Restore a node there is also a playbook to achieve it. -The tripleo_backup_and_restore_overcloud_restore_name is the name, uuid or -hostname of the node that is going to be restored. - -:: - - ansible-playbook \ - -v -i tripleo-inventory.yaml \ - /usr/share/ansible/tripleo-playbooks/cli-overcloud-restore-node.yml \ - -e "tripleo_backup_and_restore_overcloud_restore_name=control-0" diff --git a/doc/source/roles/role-env_data.rst b/doc/source/roles/role-env_data.rst deleted file mode 100644 index 97cdb0619..000000000 --- a/doc/source/roles/role-env_data.rst +++ /dev/null @@ -1,6 +0,0 @@ -=============== -Role - env_data -=============== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/env_data diff --git a/doc/source/roles/role-iscsid.rst b/doc/source/roles/role-iscsid.rst deleted file mode 100644 index 17ed12541..000000000 --- a/doc/source/roles/role-iscsid.rst +++ /dev/null @@ -1,6 +0,0 @@ -============= -Role - iscsid -============= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/iscsid diff --git a/doc/source/roles/role-login_defs.rst b/doc/source/roles/role-login_defs.rst deleted file mode 100644 index 0ddbaa157..000000000 --- a/doc/source/roles/role-login_defs.rst +++ /dev/null @@ -1,10 +0,0 @@ -================= -Role - login-defs -================= - -Login-defs role installs default parameters for user account parameters. They -are used by useradd, usermod, userdel, groupadd and other group utilities. -Parameters are set in /etc/login.defs file. - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/login-defs diff --git a/doc/source/roles/role-octavia-controller-post-config copy.rst b/doc/source/roles/role-octavia-controller-post-config copy.rst deleted file mode 100644 index da707e2cf..000000000 --- a/doc/source/roles/role-octavia-controller-post-config copy.rst +++ /dev/null @@ -1,6 +0,0 @@ -=============================== -Role - octavia-overcloud-config -=============================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/octavia-overcloud-config diff --git a/doc/source/roles/role-octavia_common.rst b/doc/source/roles/role-octavia_common.rst deleted file mode 100644 index ba11577b4..000000000 --- a/doc/source/roles/role-octavia_common.rst +++ /dev/null @@ -1,6 +0,0 @@ -===================== -Role - octavia_common -===================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/octavia_common diff --git a/doc/source/roles/role-octavia_controller_config.rst b/doc/source/roles/role-octavia_controller_config.rst deleted file mode 100644 index 1b967e885..000000000 --- a/doc/source/roles/role-octavia_controller_config.rst +++ /dev/null @@ -1,6 +0,0 @@ -================================ -Role - octavia-controller-config -================================ - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/octavia_controller_config diff --git a/doc/source/roles/role-octavia_overcloud_config.rst b/doc/source/roles/role-octavia_overcloud_config.rst deleted file mode 100644 index 5665a0e4e..000000000 --- a/doc/source/roles/role-octavia_overcloud_config.rst +++ /dev/null @@ -1,6 +0,0 @@ -===================================== -Role - octavia-controller-post-config -===================================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/octavia_controller_post_config diff --git a/doc/source/roles/role-octavia_undercloud.rst b/doc/source/roles/role-octavia_undercloud.rst deleted file mode 100644 index 3d5ec4e6e..000000000 --- a/doc/source/roles/role-octavia_undercloud.rst +++ /dev/null @@ -1,6 +0,0 @@ -========================= -Role - octavia-undercloud -========================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/octavia_undercloud diff --git a/doc/source/roles/role-test_deps.rst b/doc/source/roles/role-test_deps.rst deleted file mode 100644 index 94218ff62..000000000 --- a/doc/source/roles/role-test_deps.rst +++ /dev/null @@ -1,6 +0,0 @@ -================ -Role - test_deps -================ - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/test_deps diff --git a/doc/source/roles/role-test_package_action.rst b/doc/source/roles/role-test_package_action.rst deleted file mode 100644 index 609503862..000000000 --- a/doc/source/roles/role-test_package_action.rst +++ /dev/null @@ -1,6 +0,0 @@ -========================== -Role - test_package_action -========================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/test_package_action diff --git a/doc/source/roles/role-tripleo-ovs-dpdk.rst b/doc/source/roles/role-tripleo-ovs-dpdk.rst deleted file mode 100644 index 5e506c1c3..000000000 --- a/doc/source/roles/role-tripleo-ovs-dpdk.rst +++ /dev/null @@ -1,142 +0,0 @@ -======================= -Role - tripleo-ovs-dpdk -======================= - - -Role Documentation -================== - -Welcome to the "tripleo-ovs-dpdk" role documentation. This role enables and -configures DPDK in OpenvSwitch. - - -Requirements ------------- - -* Ensure hugepages is enabled - - -Role Defaults -------------- - -- ``tripleo_ovs_dpdk_pmd_core_list`` - - - **Description**: (*Mandatory*) List of PMD Cores for DPDK. Its a - comma-separated string of logical cores. These core should be part - of ``isolcpus`` kernel parameter and be excluded from ``NovaComputeCpuDedicatedSet`` - and from ``NovaComputeCpuSharedSet`` - - **Default**: ``''`` - - **Examples**: ``'1,13'`` - -- ``tripleo_ovs_dpdk_lcore_list`` - - - **Description**: (*Optional*) List of lcores for DPDK. Its a - comma-separated string of logical cores. - All ovs-vswitchd threads will be pinned to the first core declared - in the mask. - - **Default**: ``''`` - - **Examples**: ``'0,12'`` - -- ``tripleo_ovs_dpdk_socket_memory`` - - - **Description**: (*Mandatory*) Memory in MB to be allocated on each NUMA - node for DPDK. Its a comma-separated string of memory in MB. - - **Default**: ``''`` - - **Examples**: - - - ``'1024'`` for a single NUMA memory allocation - - ``'1024,1024'`` for a dual NUMA memory allocation - -- ``tripleo_ovs_dpdk_memory_channels`` - - - **Description**: (*Optional*) Number of memory channels in the memory - architecture. Its a number. - - **Default**: ``4`` - -- ``tripleo_ovs_dpdk_extra`` - - - **Description**: (*Optional*) Extra parameter to be passed on to DPDK for - initialization. Its a string. - - **Default**: ``''`` - -- ``tripleo_ovs_dpdk_revalidator_cores`` - - - **Description**: (*Optional*) Number of cores to he used for revalidator - threads. Its a string with a number, specifying the count of logical cores - to be used as revalidator threads. - - **Default**: ``''`` - - **Examples**: ``'2'`` - -- ``tripleo_ovs_dpdk_handler_cores`` - - - **Description**: (*Optional*) Number of cores to be used for handler - threads. Its a string with a number, specifying the count of logical cores - to be used as handler threads. - - **Default**: ``''`` - - **Examples**: ``'2'`` - -- ``tripleo_ovs_dpdk_emc_insertion_probablity`` - - - **Description**: (*Optional*) EMC insertion inverse probability. Its a - string with a number of flows (out of which 1 flow will cached). Having - 100, results in caching 1 in 100 flows. Having 0, disables EMC cache. - - **Default**: ``''`` - - **Examples**: ``'100'`` - -- ``tripleo_ovs_dpdk_enable_tso`` - - - **Description**: (*Optional*) Enable TSO support in OVS DPDK datapath. - - **Default**: ``false`` - - **Examples**: ``true`` - -- ``tripleo_ovs_dpdk_pmd_auto_lb`` - - - **Description**: (*Optional*) Enable DPDK OVS PMD Auto Load Balance. - - **Default**: ``false`` - - **Examples**: ``true`` - -- ``tripleo_ovs_dpdk_pmd_load_threshold`` - - - **Description**: (*Optional*) Minimum PMD thread load threshold, in range - 0 to 100. Its a string with a number, specifies the minimum - PMD thread load threshold (% of used cycles) of any non-isolated PMD threads - when a PMD Auto Load Balance may be triggered. - - **Default**: ``''`` - - **Examples**: ``'50'`` - -- ``tripleo_ovs_dpdk_pmd_improvement_threshold`` - - - **Description**: (*Optional*) PMD load variance improvement threshold, in range - 0 to 100. Its a string with a number, specifies the minimum evaluated % improvement - in load distribution across the non-isolated PMD threads that will allow - a PMD Auto Load Balance to occur. - Note, setting this parameter to 0 will always allow an auto load balance to occur - regardless of estimated improvement or not. - - **Default**: ``''`` - - **Examples**: ``'10'`` - -- ``tripleo_ovs_dpdk_pmd_rebal_interval`` - - - **Description**: (*Optional*) PMD auto load balancing interval, in range - 0 to 20,000. Its a string with a number, specifies the minimum time (in minutes) - between 2 consecutive PMD Auto Load Balancing iterations. The defaul value is 1 min. - - **Default**: ``''`` - - **Examples**: ``'5'`` - -Modules -------- - -- ``openvswitch_db`` - - - **Description**: It is a ansible core module, which requires additional - changes which are in progress. Below are the pull requests against the - core module. Once these are merged, this module can be removed. - - - https://github.com/ansible/ansible/pull/61092 - - https://github.com/ansible/ansible/pull/60994 - - -Dependencies ------------- - -None diff --git a/doc/source/roles/role-tripleo_auditd.rst b/doc/source/roles/role-tripleo_auditd.rst deleted file mode 100644 index 1bff8b8f3..000000000 --- a/doc/source/roles/role-tripleo_auditd.rst +++ /dev/null @@ -1,6 +0,0 @@ -===================== -Role - tripleo_auditd -===================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_auditd diff --git a/doc/source/roles/role-tripleo_bootstrap.rst b/doc/source/roles/role-tripleo_bootstrap.rst deleted file mode 100644 index b8fdd1f1f..000000000 --- a/doc/source/roles/role-tripleo_bootstrap.rst +++ /dev/null @@ -1,6 +0,0 @@ -======================== -Role - tripleo_bootstrap -======================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_bootstrap diff --git a/doc/source/roles/role-tripleo_cellv2.rst b/doc/source/roles/role-tripleo_cellv2.rst deleted file mode 100644 index 7a33ab304..000000000 --- a/doc/source/roles/role-tripleo_cellv2.rst +++ /dev/null @@ -1,6 +0,0 @@ -===================== -Role - tripleo-cellv2 -===================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_cellv2 diff --git a/doc/source/roles/role-tripleo_ceph_client.rst b/doc/source/roles/role-tripleo_ceph_client.rst deleted file mode 100644 index 7d2eceb07..000000000 --- a/doc/source/roles/role-tripleo_ceph_client.rst +++ /dev/null @@ -1,6 +0,0 @@ -========================== -Role - tripleo_ceph_client -========================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_ceph_client diff --git a/doc/source/roles/role-tripleo_ceph_client_files.rst b/doc/source/roles/role-tripleo_ceph_client_files.rst deleted file mode 100644 index 82783b2fc..000000000 --- a/doc/source/roles/role-tripleo_ceph_client_files.rst +++ /dev/null @@ -1,6 +0,0 @@ -================================ -Role - tripleo_ceph_client_files -================================ - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_ceph_client_files diff --git a/doc/source/roles/role-tripleo_ceph_common.rst b/doc/source/roles/role-tripleo_ceph_common.rst deleted file mode 100644 index 5797b71f2..000000000 --- a/doc/source/roles/role-tripleo_ceph_common.rst +++ /dev/null @@ -1,6 +0,0 @@ -========================== -Role - tripleo-ceph-common -========================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_ceph_common diff --git a/doc/source/roles/role-tripleo_ceph_distribute_keys.rst b/doc/source/roles/role-tripleo_ceph_distribute_keys.rst deleted file mode 100644 index aa356b625..000000000 --- a/doc/source/roles/role-tripleo_ceph_distribute_keys.rst +++ /dev/null @@ -1,6 +0,0 @@ -=================================== -Role - tripleo_ceph_distribute_keys -=================================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_ceph_distribute_keys diff --git a/doc/source/roles/role-tripleo_ceph_fetch_dir.rst b/doc/source/roles/role-tripleo_ceph_fetch_dir.rst deleted file mode 100644 index 7911c7524..000000000 --- a/doc/source/roles/role-tripleo_ceph_fetch_dir.rst +++ /dev/null @@ -1,6 +0,0 @@ -============================= -Role - tripleo-ceph-fetch-dir -============================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_ceph_fetch_dir diff --git a/doc/source/roles/role-tripleo_ceph_run_ansible.rst b/doc/source/roles/role-tripleo_ceph_run_ansible.rst deleted file mode 100644 index 7a6ee80b8..000000000 --- a/doc/source/roles/role-tripleo_ceph_run_ansible.rst +++ /dev/null @@ -1,16 +0,0 @@ -=============================== -Role - tripleo-ceph-run-ansible -=============================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_ceph_run_ansible - - -Required test arguments -~~~~~~~~~~~~~~~~~~~~~~~ - -+--------------------------+-------------------------------------------------+ -| Environment Variable | Variable Value | -+==========================+=================================================+ -| TRIPLEO_JOB_ANSIBLE_ARGS | '--skip-tags=run_uuid_ansible,run_ceph_ansible' | -+--------------------------+-------------------------------------------------+ diff --git a/doc/source/roles/role-tripleo_ceph_uuid.rst b/doc/source/roles/role-tripleo_ceph_uuid.rst deleted file mode 100644 index 214280aa8..000000000 --- a/doc/source/roles/role-tripleo_ceph_uuid.rst +++ /dev/null @@ -1,16 +0,0 @@ -======================== -Role - tripleo-ceph-uuid -======================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_ceph_uuid - - -Required test arguments -~~~~~~~~~~~~~~~~~~~~~~~ - -+--------------------------+-------------------------------------------------+ -| Environment Variable | Variable Value | -+==========================+=================================================+ -| TRIPLEO_JOB_ANSIBLE_ARGS | '--skip-tags=run_uuid_ansible' | -+--------------------------+-------------------------------------------------+ diff --git a/doc/source/roles/role-tripleo_ceph_work_dir.rst b/doc/source/roles/role-tripleo_ceph_work_dir.rst deleted file mode 100644 index 934bfefff..000000000 --- a/doc/source/roles/role-tripleo_ceph_work_dir.rst +++ /dev/null @@ -1,6 +0,0 @@ -============================ -Role - tripleo-ceph-work-dir -============================ - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_ceph_work_dir diff --git a/doc/source/roles/role-tripleo_cephadm.rst b/doc/source/roles/role-tripleo_cephadm.rst deleted file mode 100644 index 1be09d97f..000000000 --- a/doc/source/roles/role-tripleo_cephadm.rst +++ /dev/null @@ -1,117 +0,0 @@ -====================== -Role - tripleo_cephadm -====================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_cephadm - -About -~~~~~ - -An Ansible role for TripleO integration with Ceph clusters deployed with -`cephadm`_ and managed with Ceph `orchestrator`_. - -This role is provided as part of the implementation of the `tripleo_ceph_spec`_. -It is an Ansible wrapper to call the Ceph tools `cephadm`_ and `orchestrator`_ -and it contains the Ansible module `ceph_key`_ from `ceph-ansible`_. - -Assumptions -~~~~~~~~~~~ - -- This role assumes it has an inventory with a single host, known as the - `bootstrap_host`. An inventory genereated by `tripleo-ansible-inventory` - will have a `mons` group so the first node in this group is a good - candidate for this host. - -- The `cephadm`_ binary must be installed on the `bootstrap_host`. - -- Though there only needs to be one Ceph node in the inventory `cephadm`_ - will configure the other servers with SSH. Thus, the following playbook - should be run before one which uses this role to configure the `ceph-admin` - user on the overcloud with the SSH keys that `cephadm`_ requires. - - .. code-block:: bash - - ansible-playbook -i $INV \ - tripleo-ansible/tripleo_ansible/playbooks/cli-enable-ssh-admin.yaml \ - -e @ceph-admin.yml - - Where `ceph-admin.yml` contains something like the following: - - .. code-block:: YAML - - --- - tripleo_admin_user: ceph-admin - ssh_servers: "{{ groups['mons'] }}" - distribute_private_key: true - - The `ssh_servers` variable should be expanded to contain another other nodes - hosting Ceph, e.g. `osds`. - -- A `cephadm-spec`_ file should be provided which references the Ceph services - to be run on the other `ssh_hosts`. The path to this file can be set with - the `ceph_spec` variable. - -Usage -~~~~~ - -Here is an example of a playbook which bootstraps the first Ceph monitor -and then applies a spec file to add other hosts. It then creates RBD pools -for Nova, Cinder, and Glance and a cephx keyring called `openstack` to access -those pools. It then creates a file which can be passed as input to the role -`tripleo_ceph_client` so that an overcloud can be configured to use the deployed -Ceph cluster. - -.. code-block:: YAML - - - name: Deploy Ceph with cephadm - hosts: mons[0] - vars: - bootstrap_host: "{{ groups['mons'][0] }}" - tripleo_cephadm_spec_on_bootstrap: false - pools: - - vms - - volumes - - images - tasks: - - name: Satisfy Ceph prerequisites - import_role: - role: tripleo_cephadm - tasks_from: pre - - - name: Bootstrap Ceph - import_role: - role: tripleo_cephadm - tasks_from: bootstrap - - - name: Apply Ceph spec - import_role: - role: tripleo_cephadm - tasks_from: apply_spec - when: not tripleo_cephadm_spec_on_bootstrap - - - name: Create Pools - import_role: - role: tripleo_cephadm - tasks_from: pools - - - name: Create Keys - import_role: - role: tripleo_cephadm - tasks_from: keys - - - name: Export configuration for tripleo_ceph_client - import_role: - role: tripleo_cephadm - tasks_from: export - vars: - cephx_keys: - - client.openstack - - -.. _tripleo_ceph_spec: https://specs.openstack.org/openstack/tripleo-specs/specs/wallaby/tripleo-ceph.html -.. _cephadm: https://docs.ceph.com/en/latest/cephadm/ -.. _orchestrator: https://docs.ceph.com/en/latest/mgr/orchestrator/ -.. _ceph_key: https://github.com/ceph/ceph-ansible/blob/master/library/ceph_key.py -.. _ceph-ansible: https://github.com/ceph/ceph-ansible/ -.. _cephadm-spec: https://tracker.ceph.com/issues/44205 diff --git a/doc/source/roles/role-tripleo_clients_install.rst b/doc/source/roles/role-tripleo_clients_install.rst deleted file mode 100644 index d79fd4876..000000000 --- a/doc/source/roles/role-tripleo_clients_install.rst +++ /dev/null @@ -1,6 +0,0 @@ -============================== -Role - tripleo-clients-install -============================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_clients_install diff --git a/doc/source/roles/role-tripleo_collectd.rst b/doc/source/roles/role-tripleo_collectd.rst deleted file mode 100644 index 1f3b29fd6..000000000 --- a/doc/source/roles/role-tripleo_collectd.rst +++ /dev/null @@ -1,6 +0,0 @@ -======================= -Role - tripleo_collectd -======================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_collectd diff --git a/doc/source/roles/role-tripleo_compute_node.rst b/doc/source/roles/role-tripleo_compute_node.rst deleted file mode 100644 index b6c2747ad..000000000 --- a/doc/source/roles/role-tripleo_compute_node.rst +++ /dev/null @@ -1,6 +0,0 @@ -=========================== -Role - tripleo_compute_node -=========================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_compute_node diff --git a/doc/source/roles/role-tripleo_config.rst b/doc/source/roles/role-tripleo_config.rst deleted file mode 100644 index 118fb0c63..000000000 --- a/doc/source/roles/role-tripleo_config.rst +++ /dev/null @@ -1,6 +0,0 @@ -===================== -Role - tripleo-config -===================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_config diff --git a/doc/source/roles/role-tripleo_container_image_build.rst b/doc/source/roles/role-tripleo_container_image_build.rst deleted file mode 100644 index a1166586c..000000000 --- a/doc/source/roles/role-tripleo_container_image_build.rst +++ /dev/null @@ -1,50 +0,0 @@ -==================================== -Role - tripleo_container_image_build -==================================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_container_image_build - -This is an example application variable file. - -.. code-block:: yaml - - --- - - # FROM - tcib_from: "ubi8" - - # Path where container file be generated - tcib_path: "{{ lookup('env', 'HOME') }}/tripleo-base" - - # this ends up being a LABEL - tcib_labels: - maintainer: "TripleO" - - # ENTRYPOINT - tcib_entrypoint: "dumb-init --single-child --" - - # STOPSIGNAL - tcib_stopsignal: "SIGTERM" - - # ENV - tcib_envs: - LANG: en_US.UTF-8 - - # RUN commands - tcib_runs: - - mkdir -p /etc/ssh - - touch /etc/ssh/ssh_known_host - - mkdir -p /openstack - - dnf install -y crudini curl - - # COPY - tcib_copies: - - /usr/share/tripleo-common/healthcheck/common.sh /openstack/common.sh - - -This role can be used with the TripleO playbook, `cli-generate-containerfile.yaml`. - -.. code-block:: shell - - ansible-playbook -i 'localhost,' /usr/share/ansible/tripleo-playbooks/cli-generate-containerfile.yaml -e @~/tripleo-base.yaml diff --git a/doc/source/roles/role-tripleo_container_image_prepare.rst b/doc/source/roles/role-tripleo_container_image_prepare.rst deleted file mode 100644 index a76b31c79..000000000 --- a/doc/source/roles/role-tripleo_container_image_prepare.rst +++ /dev/null @@ -1,6 +0,0 @@ -====================================== -Role - tripleo-container-image-prepare -====================================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_container_image_prepare diff --git a/doc/source/roles/role-tripleo_container_manage.rst b/doc/source/roles/role-tripleo_container_manage.rst deleted file mode 100644 index f25616a59..000000000 --- a/doc/source/roles/role-tripleo_container_manage.rst +++ /dev/null @@ -1,214 +0,0 @@ -=============================== -Role - tripleo_container_manage -=============================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_container_manage - -Usage -~~~~~ - -Note that right now, only Podman is supported by this role. Docker support is -in the roadmap though. - -This Ansible role allows to do the following tasks: - -* Collect container configs data, generated by TripleO Heat Templates. - This data is used as a source of truth on which configuration we expect to - apply with this role. It means that if a container is already managed by - this role, no matter its state now, the configs data will reconfigure the - container if needed. - -* Manage systemd shutdown files. - It takes care of cleaning up the Paunch services and files and create - the TripleO Container systemd service, required for service ordering when - it comes to shutdown or start a node. It also manages the netns-placeholder - service. - -* Delete containers that aren't needed anymore or that will need to be - re-configured. It uses a custom filter, named needs_delete() which has a set - of rules which allow to determine if whether or not the container needs to be - deleted. - These reasons will make the containers not deleted: - - * The container is not managed by tripleo_ansible. - - * The container config_id doesn't match with the one in input. - - Once the previous conditions checked, then these reasons will make the - containers deleted: - - * The container has no config_data. - - * The container has a config_data which doesn't match the one in input. - - Note that when a container is removed, the role also disable and remove - the systemd services and healtchecks if present. - -* Create containers in a specific order defined by start_order container - config, where default is 0. - - * If the container is an exec, we'll run a dedicated playbook for execs, - using async so multiple execs can be run at the same time. - - * Otherwise, the `podman_container`_ is used, in async, to create the - containers. - If the container has a `restart` policy, we'll configure the systemd - service. - If the container has a `healthcheck` script, we'll configure the systemd - healthcheck service. - - Note: `tripleo_container_manage_concurrency` parameter is set to 1 by - default, and putting higher value than 2 can be expose issue with Podman - locks. - - Here is an example of a playbook: - -.. code-block:: YAML - - - name: Manage step_1 containers using tripleo-ansible - block: - - name: "Manage containers for step 1 with tripleo-ansible" - include_role: - name: tripleo_container_manage - vars: - tripleo_container_manage_config: "/var/lib/tripleo-config/container-startup-config/step_1" - tripleo_container_manage_config_id: "tripleo_step1" - -Roles variables -~~~~~~~~~~~~~~~ - -+------------------------------------------------+-----------------------------+----------------------------+ -| Name | Default Value | Description | -+================================================+=============================+============================+ -| tripleo_container_manage_cli | podman | Container CLI | -+------------------------------------------------+-----------------------------+----------------------------+ -| tripleo_container_manage_concurrency | 1 | Number of containers | -| | | managed at same time | -+------------------------------------------------+-----------------------------+----------------------------+ -| tripleo_container_manage_config | /var/lib/tripleo-config/ | Container config path | -+------------------------------------------------+-----------------------------+----------------------------+ -| tripleo_container_manage_config_id | tripleo | Config ID | -+------------------------------------------------+-----------------------------+----------------------------+ -| tripleo_container_manage_config_patterns | `*.json` | Bash REGEX to find configs | -+------------------------------------------------+-----------------------------+----------------------------+ -| tripleo_container_manage_debug | false | Debug toggle | -+------------------------------------------------+-----------------------------+----------------------------+ -| tripleo_container_manage_healthcheck_disable | false | Allow to disable | -| | | Healthchecks | -+------------------------------------------------+-----------------------------+----------------------------+ -| tripleo_container_manage_log_path | /var/log/containers/stdouts | Containers stdouts path | -+------------------------------------------------+-----------------------------+----------------------------+ -| tripleo_container_manage_config_overrides | {} | Allows to override any | -| | | container configuration | -+------------------------------------------------+-----------------------------+----------------------------+ -| tripleo_container_manage_clean_orphans | true | Option to clean orphans | -+------------------------------------------------+-----------------------------+----------------------------+ - -Healthchecks -~~~~~~~~~~~~ - -Previously, the container healthcheck was implemented by a systemd timer which -would run ``podman exec`` to determine if a given container was healthy.. -Now, we are using the native healthcheck interface in Podman; which is easier -to integrate and consume. - -We are now using the native healthcheck interface in Podman; which is easier to -integrate with and consume. - -To check if a container (e.g. keystone) is healthy, run the following command: - -.. code-block:: bash - - $ sudo podman healthcheck run keystone - -The return code should be 0 and "healthy" should be printed as the output. -One can also use the ``podman inspect keystone`` output to figure out that -the healthcheck is periodically running and healthy: - -.. code-block:: bash - - "Health": { - "Status": "healthy", - "FailingStreak": 0, - "Log": [ - { - "Start": "2020-04-14T18:48:57.272180578Z", - "End": "2020-04-14T18:48:57.806659104Z", - "ExitCode": 0, - "Output": "" - }, - (...) - ] - } - -Debug -~~~~~ - -The role allows you to perform specific actions on a given container. -This can be used to: - -* Run a container with a specific one-off configuration. -* Output the container commands that are run to to manage containers lifecycle. -* Output the changes that would have been made on containers by Ansible. - -.. note:: To manage a single container, you need to know 2 things: - - * At which step the container is deployed. - - * The name of the generated JSON file for container config. - -Here is an example of a playbook to manage HAproxy container at step 1 which -overrides the image setting in one-off. - -.. code-block:: YAML - - - hosts: localhost - become: true - tasks: - - name: Manage step_1 containers using tripleo-ansible - block: - - name: "Manage HAproxy container at step 1 with tripleo-ansible" - include_role: - name: tripleo_container_manage - vars: - tripleo_container_manage_config_patterns: 'haproxy.json' - tripleo_container_manage_config: "/var/lib/tripleo-config/container-startup-config/step_1" - tripleo_container_manage_config_id: "tripleo_step1" - tripleo_container_manage_clean_orphans: false - tripleo_container_manage_config_overrides: - haproxy: - image: quay.io/tripleomastercentos9/centos-binary-haproxy:hotfix - -If Ansible is run in check mode, no container will be removed nor created, -however at the end of the playbook a list of commands will be displayed to show -what would have been run. -This is useful for debug purposes, as it was something that one could do with -`paunch debug` command. - -.. code-block:: bash - - $ ansible-playbook haproxy.yaml --check - -Adding the diff mode will output the changes what would have been made on -containers by Ansible. - -.. code-block:: bash - - $ ansible-playbook haproxy.yaml --check --diff - -The ``tripleo_container_manage_clean_orphans`` parameter is optional -and can be set to `false` to not clean orphaned containers for a -config_id. It can be used to manage a single container without -impacting other running containers with same config_id. - -The ``tripleo_container_manage_config_overrides`` parameter is optional -and can be used to override a specific container attribute like the image -or the container user. The parameter takes a dictionary where each key is the -container name and its parameters that we want to override. These parameters -have to exist and are the ones that define the container configuration in -TripleO Heat Templates. Note that it doesn't write down the overrides in the -JSON file so if an update / upgrade is executed, the container will be -re-configured with the configuration that is in the JSON file. - -.. _podman_container: https://github.com/containers/ansible-podman-collections diff --git a/doc/source/roles/role-tripleo_container_rm.rst b/doc/source/roles/role-tripleo_container_rm.rst deleted file mode 100644 index 0bb1b1786..000000000 --- a/doc/source/roles/role-tripleo_container_rm.rst +++ /dev/null @@ -1,6 +0,0 @@ -=========================== -Role - tripleo-container-rm -=========================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_container_rm diff --git a/doc/source/roles/role-tripleo_container_standalone.rst b/doc/source/roles/role-tripleo_container_standalone.rst deleted file mode 100644 index a54bcde80..000000000 --- a/doc/source/roles/role-tripleo_container_standalone.rst +++ /dev/null @@ -1,6 +0,0 @@ -=================================== -Role - tripleo_container_standalone -=================================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_container_standalone diff --git a/doc/source/roles/role-tripleo_container_stop.rst b/doc/source/roles/role-tripleo_container_stop.rst deleted file mode 100644 index 43eebb878..000000000 --- a/doc/source/roles/role-tripleo_container_stop.rst +++ /dev/null @@ -1,6 +0,0 @@ -============================= -Role - tripleo-container-stop -============================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_container_stop diff --git a/doc/source/roles/role-tripleo_container_tag.rst b/doc/source/roles/role-tripleo_container_tag.rst deleted file mode 100644 index 48f4839cf..000000000 --- a/doc/source/roles/role-tripleo_container_tag.rst +++ /dev/null @@ -1,6 +0,0 @@ -============================ -Role - tripleo-container-tag -============================ - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_container_tag diff --git a/doc/source/roles/role-tripleo_create_admin.rst b/doc/source/roles/role-tripleo_create_admin.rst deleted file mode 100644 index f82d9e378..000000000 --- a/doc/source/roles/role-tripleo_create_admin.rst +++ /dev/null @@ -1,6 +0,0 @@ -=========================== -Role - tripleo-create-admin -=========================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_create_admin diff --git a/doc/source/roles/role-tripleo_derived_parameters.rst b/doc/source/roles/role-tripleo_derived_parameters.rst deleted file mode 100644 index 8c0d02dc9..000000000 --- a/doc/source/roles/role-tripleo_derived_parameters.rst +++ /dev/null @@ -1,6 +0,0 @@ -================================= -Role - tripleo_derived_parameters -================================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_derived_parameters diff --git a/doc/source/roles/role-tripleo_docker_rm.rst b/doc/source/roles/role-tripleo_docker_rm.rst deleted file mode 100644 index 1237f53cf..000000000 --- a/doc/source/roles/role-tripleo_docker_rm.rst +++ /dev/null @@ -1,14 +0,0 @@ -======================== -Role - tripleo-docker-rm -======================== - -.. DANGER:: - - This role is a linked role to `tripleo-container-rm`. This role and exists - to ensure we're providing a stable interface as we transition. In a future - release this link will be removed in favor of using the stable role, - `tripleo-container-rm`. - - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo-docker-rm diff --git a/doc/source/roles/role-tripleo_firewall.rst b/doc/source/roles/role-tripleo_firewall.rst deleted file mode 100644 index d64df9249..000000000 --- a/doc/source/roles/role-tripleo_firewall.rst +++ /dev/null @@ -1,6 +0,0 @@ -======================= -Role - tripleo-firewall -======================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_firewall diff --git a/doc/source/roles/role-tripleo_ha_wrappers.rst b/doc/source/roles/role-tripleo_ha_wrappers.rst deleted file mode 100644 index 199f3366f..000000000 --- a/doc/source/roles/role-tripleo_ha_wrappers.rst +++ /dev/null @@ -1,6 +0,0 @@ -========================= -Role - tripleo-ha-wrapper -========================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_ha_wrapper diff --git a/doc/source/roles/role-tripleo_hieradata.rst b/doc/source/roles/role-tripleo_hieradata.rst deleted file mode 100644 index 8ca61b4d8..000000000 --- a/doc/source/roles/role-tripleo_hieradata.rst +++ /dev/null @@ -1,6 +0,0 @@ -======================== -Role - tripleo-hieradata -======================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_hieradata diff --git a/doc/source/roles/role-tripleo_hosts_entries.rst b/doc/source/roles/role-tripleo_hosts_entries.rst deleted file mode 100644 index e1d0ed73f..000000000 --- a/doc/source/roles/role-tripleo_hosts_entries.rst +++ /dev/null @@ -1,6 +0,0 @@ -============================ -Role - tripleo-hosts-entries -============================ - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_hosts_entries diff --git a/doc/source/roles/role-tripleo_httpd_config.rst b/doc/source/roles/role-tripleo_httpd_config.rst deleted file mode 100644 index 2d9d677a2..000000000 --- a/doc/source/roles/role-tripleo_httpd_config.rst +++ /dev/null @@ -1,6 +0,0 @@ -=========================== -Role - tripleo_httpd_config -=========================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_httpd_config diff --git a/doc/source/roles/role-tripleo_httpd_vhost.rst b/doc/source/roles/role-tripleo_httpd_vhost.rst deleted file mode 100644 index a0b8900fe..000000000 --- a/doc/source/roles/role-tripleo_httpd_vhost.rst +++ /dev/null @@ -1,6 +0,0 @@ -========================== -Role - tripleo_httpd_vhost -========================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_httpd_vhost diff --git a/doc/source/roles/role-tripleo_image_serve.rst b/doc/source/roles/role-tripleo_image_serve.rst deleted file mode 100644 index aacde962c..000000000 --- a/doc/source/roles/role-tripleo_image_serve.rst +++ /dev/null @@ -1,6 +0,0 @@ -========================== -Role - tripleo-image-serve -========================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_image_serve diff --git a/doc/source/roles/role-tripleo_ironic.rst b/doc/source/roles/role-tripleo_ironic.rst deleted file mode 100644 index 0c4525975..000000000 --- a/doc/source/roles/role-tripleo_ironic.rst +++ /dev/null @@ -1,6 +0,0 @@ -========================= -Role - tripleo_ironic_api -========================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_ironic diff --git a/doc/source/roles/role-tripleo_kernel.rst b/doc/source/roles/role-tripleo_kernel.rst deleted file mode 100644 index 905f757be..000000000 --- a/doc/source/roles/role-tripleo_kernel.rst +++ /dev/null @@ -1,6 +0,0 @@ -===================== -Role - tripleo-kernel -===================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_kernel diff --git a/doc/source/roles/role-tripleo_keystone.rst b/doc/source/roles/role-tripleo_keystone.rst deleted file mode 100644 index b0424e1ab..000000000 --- a/doc/source/roles/role-tripleo_keystone.rst +++ /dev/null @@ -1,6 +0,0 @@ -======================= -Role - tripleo_keystone -======================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_keystone diff --git a/doc/source/roles/role-tripleo_keystone_resources.rst b/doc/source/roles/role-tripleo_keystone_resources.rst deleted file mode 100644 index fa8936f8a..000000000 --- a/doc/source/roles/role-tripleo_keystone_resources.rst +++ /dev/null @@ -1,180 +0,0 @@ -================================= -Role - tripleo-keystone-resources -================================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_keystone_resources - -Usage -~~~~~ - -This Ansible role allows to do the following tasks: - -* Manage /etc/openstack/clouds.yaml in order to configure `openstacksdk`_. - If /etc/openstack/clouds.yaml already exists with some config, the role - will only add new config without removing what was there before; - however it will modify an existing config if it changed. - Example: "undercloud" cloud is already configured in clouds.yaml and a new - "overcloud" config is given to the role. clouds.yaml will now contain both - configs. However if a new config is given later for "undercloud" and/or - "overcloud", with e.g. new credentials, the configs will be updated - accordingly. - The task has two parameters: `tripleo_keystone_resources_cloud_name` which - is the name of the cloud and `tripleo_keystone_resources_cloud_config` which - is the cloud config, defined by `openstacksdk`_. - Here is an example of a task which would configure the "overcloud" cloud in - clouds.yaml: - -.. code-block:: YAML - - - name: Configure /etc/openstack/clouds.yaml - include_role: - name: tripleo-keystone-resources - tasks_from: clouds - vars: - tripleo_keystone_resources_cloud_name: overcloud - tripleo_keystone_resources_cloud_config: - auth: - auth_url: https://keystone-public:5000 - password: verysecrete - project_domain_name: Default - project_name: admin - user_domain_name: Default - username: admin - identity_api_version: '3' - region_name: RegionOne - - -* Manage Keystone resources like: projects, domains, services, endpoints, - roles, users and roles assignements. - The resources are split by playbook, so they can be individually used. - The `main` playbook will call them all, by starting with the `admin` - playbook which manages things like: default domain, admin and service - projects, admin role and _member_ role if - `tripleo_keystone_resources_member_role_enabled` is set to true (needed by - Horizon), admin user and its assignements to the roles, identity service and - the three endpoints (public, internal and admin). - The rest of the `main` playbook will create the resources according to what - is defined in `tripleo_keystone_resources_catalog_config`. - The `tripleo_keystone_resources_catalog_config` interface is documented later - in this manual. - The Keystone resources are created by using the OpenStack Ansible modules, - and therefore the openstacksdk. To make it faster, we use `async`_ and batch - the data by `10`. It can be changed with `tripleo_keystone_resources_batch`. - Here is an example of a task which would configure the Keystone resources - (with an small example of catalog config with only Neutron resources): - -.. code-block:: YAML - - - name: Manage Keystone resources for OpenStack services - include_role: - name: tripleo-keystone-resources - vars: - tripleo_keystone_resources_catalog_config: - neutron: - endpoints: - public: https://neutron-admin:9696 - internal: https://neutron-admin:9696 - admin: https://neutron-admin:9696 - users: - neutron: - password: secrete_neutron - region: RegionOne - service: 'network' - tripleo_keystone_resources_service_project: 'service' - tripleo_keystone_resources_cloud_name: overcloud - tripleo_keystone_resources_region: RegionOne - tripleo_keystone_resources_admin_endpoint: https://keystone-admin:35357 - tripleo_keystone_resources_public_endpoint: https://keystone-public:5000 - tripleo_keystone_resources_internal_endpoint: https://keystone-internal:500 - tripleo_keystone_resources_admin_password: verysecrete - -Roles variables -~~~~~~~~~~~~~~~ - -+------------------------------------------------+----------------------------+----------------------------+ -| Name | Default Value | Description | -+================================================+============================+============================+ -| tripleo_keystone_resources_cloud_name | openstack | OpenStack cloud name | -+------------------------------------------------+----------------------------+----------------------------+ -| tripleo_keystone_resources_cloud_config | {} | OpenStack Cloud config | -+------------------------------------------------+----------------------------+----------------------------+ -| tripleo_keystone_resources_clouds_file_path | /etc/openstack/clouds.yaml | File path for clouds.yaml | -+------------------------------------------------+----------------------------+----------------------------+ -| tripleo_keystone_resources_clouds_file_owner | root | File owner for clouds.yaml | -+------------------------------------------------+----------------------------+----------------------------+ -| tripleo_keystone_resources_clouds_file_group | root | File group for clouds.yaml | -+------------------------------------------------+----------------------------+----------------------------+ -| tripleo_keystone_resources_clouds_file_mode | '0600' | File mode for clouds.yaml | -+------------------------------------------------+----------------------------+----------------------------+ -| tripleo_keystone_resources_catalog_config | {} | Cloud catalog config | -+------------------------------------------------+----------------------------+----------------------------+ -| tripleo_keystone_resources_member_role_enabled | false | Manage _member_ role | -+------------------------------------------------+----------------------------+----------------------------+ -| tripleo_keystone_resources_batch | 10 | How many Keystone | -| | | resources do we manage at | -| | | the same time | -+------------------------------------------------+----------------------------+----------------------------+ - -Keystone resources catalog config -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The `tripleo_keystone_resources_catalog_config` parameter defines the -Keystone resources that we want to create. - -The data type has to be a dictionary where: - -* The (required) key is the service name and must be unique in the deployment. - -* The (optional) `endpoints` contains three keys: public, internal and admin; - which define each endpoint type. - -* The (optional) `users` contains the users required by the service. - Most of the services will have one defined user with its password but - a second user or more can be provided with specific roles and domain. - If a user has multiple roles, the user role assignment will be done for each - role into either a project (default to service) or a domain if defined. - -* The (required if endpoints are needed) `region` defines the OpenStack region - in which the endpoints are created. - -* The (required if endpoints are needed) `service` defines the service type - name for the service that is deployed. - Note that it's important to read the service documentation to know what - service type should be used, or the service won't be discoverable by - OpenStack clients. - -* The (optional) `roles` is a list that contains the extra roles that will be - created. - -* The (optional) `domains` is a list that contains the extra domains that will - be created. - -Here is an advanced example for Heat API resources: - -.. code-block:: YAML - - keystone_resources: - heat: - endpoints: - public: https://neutron-public:8004 - internal: https://neutron-internal:8004 - admin: https://neutron-admin:8004 - users: - heat: - password: secrete_heat - heat_stack_domain_admin: - password: secret_heat_domain - roles: - - admin - domain: heat_stack - region: RegionOne - service: 'orchestration' - roles: - - heat_stack_user - domains: - - heat_stack - - -.. _openstacksdk: https://docs.openstack.org/openstacksdk/latest/user/config/configuration.html#config-files -.. _async: https://docs.ansible.com/ansible/latest/user_guide/playbooks_async.html diff --git a/doc/source/roles/role-tripleo_logrotate_crond.rst b/doc/source/roles/role-tripleo_logrotate_crond.rst deleted file mode 100644 index 6ea792bf7..000000000 --- a/doc/source/roles/role-tripleo_logrotate_crond.rst +++ /dev/null @@ -1,6 +0,0 @@ -============================== -Role - tripleo_logrotate_crond -============================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_logrotate_crond diff --git a/doc/source/roles/role-tripleo_lvmfilter.rst b/doc/source/roles/role-tripleo_lvmfilter.rst deleted file mode 100644 index f5dfd2a81..000000000 --- a/doc/source/roles/role-tripleo_lvmfilter.rst +++ /dev/null @@ -1,6 +0,0 @@ -======================== -Role - tripleo_lvmfilter -======================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_lvmfilter diff --git a/doc/source/roles/role-tripleo_metrics_qdr.rst b/doc/source/roles/role-tripleo_metrics_qdr.rst deleted file mode 100644 index af1bd88c9..000000000 --- a/doc/source/roles/role-tripleo_metrics_qdr.rst +++ /dev/null @@ -1,6 +0,0 @@ -===================== -Role - metrics_qdr -===================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_metrics_qdr diff --git a/doc/source/roles/role-tripleo_module_load.rst b/doc/source/roles/role-tripleo_module_load.rst deleted file mode 100644 index fa2ed3925..000000000 --- a/doc/source/roles/role-tripleo_module_load.rst +++ /dev/null @@ -1,6 +0,0 @@ -========================== -Role - tripleo-module-load -========================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_module_load diff --git a/doc/source/roles/role-tripleo_multipathd.rst b/doc/source/roles/role-tripleo_multipathd.rst deleted file mode 100644 index 1e22c56e3..000000000 --- a/doc/source/roles/role-tripleo_multipathd.rst +++ /dev/null @@ -1,6 +0,0 @@ -========================= -Role - tripleo_multipathd -========================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_multipathd diff --git a/doc/source/roles/role-tripleo_mysql_client.rst b/doc/source/roles/role-tripleo_mysql_client.rst deleted file mode 100644 index 91f5e8b91..000000000 --- a/doc/source/roles/role-tripleo_mysql_client.rst +++ /dev/null @@ -1,6 +0,0 @@ -=========================== -Role - tripleo_mysql_client -=========================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_mysql_client diff --git a/doc/source/roles/role-tripleo_network_config.rst b/doc/source/roles/role-tripleo_network_config.rst deleted file mode 100644 index 1aceebca3..000000000 --- a/doc/source/roles/role-tripleo_network_config.rst +++ /dev/null @@ -1,6 +0,0 @@ -============================= -Role - tripleo_network_config -============================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_network_config diff --git a/doc/source/roles/role-tripleo_nftables.rst b/doc/source/roles/role-tripleo_nftables.rst deleted file mode 100644 index 5afbc8da9..000000000 --- a/doc/source/roles/role-tripleo_nftables.rst +++ /dev/null @@ -1,6 +0,0 @@ -======================= -Role - tripleo_nftables -======================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_nftables diff --git a/doc/source/roles/role-tripleo_nodes_validation.rst b/doc/source/roles/role-tripleo_nodes_validation.rst deleted file mode 100644 index d48b224f5..000000000 --- a/doc/source/roles/role-tripleo_nodes_validation.rst +++ /dev/null @@ -1,6 +0,0 @@ -=============================== -Role - tripleo_nodes_validation -=============================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_nodes_validation diff --git a/doc/source/roles/role-tripleo_nova_image_cache.rst b/doc/source/roles/role-tripleo_nova_image_cache.rst deleted file mode 100644 index ae273fdd2..000000000 --- a/doc/source/roles/role-tripleo_nova_image_cache.rst +++ /dev/null @@ -1,6 +0,0 @@ -=============================== -Role - tripleo-nova-image-cache -=============================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_nova_image_cache diff --git a/doc/source/roles/role-tripleo_nova_migration_target.rst b/doc/source/roles/role-tripleo_nova_migration_target.rst deleted file mode 100644 index 3b3db3973..000000000 --- a/doc/source/roles/role-tripleo_nova_migration_target.rst +++ /dev/null @@ -1,6 +0,0 @@ -==================================== -Role - tripleo_nova_migration_target -==================================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_nova_migration_target diff --git a/doc/source/roles/role-tripleo_nvdimm.rst b/doc/source/roles/role-tripleo_nvdimm.rst deleted file mode 100644 index 3c039616c..000000000 --- a/doc/source/roles/role-tripleo_nvdimm.rst +++ /dev/null @@ -1,6 +0,0 @@ -===================== -Role - tripleo_nvdimm -===================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_nvdimm diff --git a/doc/source/roles/role-tripleo_ovn.rst b/doc/source/roles/role-tripleo_ovn.rst deleted file mode 100644 index 256c7cce1..000000000 --- a/doc/source/roles/role-tripleo_ovn.rst +++ /dev/null @@ -1,6 +0,0 @@ -=========================== -Role - tripleo_ovn -=========================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_ovn diff --git a/doc/source/roles/role-tripleo_ovn_cluster.rst b/doc/source/roles/role-tripleo_ovn_cluster.rst deleted file mode 100644 index 85d0d34f7..000000000 --- a/doc/source/roles/role-tripleo_ovn_cluster.rst +++ /dev/null @@ -1,6 +0,0 @@ -========================== -Role - tripleo_ovn_cluster -========================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_ovn_cluster diff --git a/doc/source/roles/role-tripleo_packages.rst b/doc/source/roles/role-tripleo_packages.rst deleted file mode 100644 index a8bba9169..000000000 --- a/doc/source/roles/role-tripleo_packages.rst +++ /dev/null @@ -1,6 +0,0 @@ -======================= -Role - tripleo-packages -======================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_packages diff --git a/doc/source/roles/role-tripleo_persist.rst b/doc/source/roles/role-tripleo_persist.rst deleted file mode 100644 index 6d38bf8d6..000000000 --- a/doc/source/roles/role-tripleo_persist.rst +++ /dev/null @@ -1,6 +0,0 @@ -====================== -Role - tripleo-persist -====================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_persist diff --git a/doc/source/roles/role-tripleo_podman.rst b/doc/source/roles/role-tripleo_podman.rst deleted file mode 100644 index 9468552ac..000000000 --- a/doc/source/roles/role-tripleo_podman.rst +++ /dev/null @@ -1,6 +0,0 @@ -===================== -Role - tripleo-podman -===================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_podman diff --git a/doc/source/roles/role-tripleo_provision_mcelog.rst b/doc/source/roles/role-tripleo_provision_mcelog.rst deleted file mode 100644 index 613a53a39..000000000 --- a/doc/source/roles/role-tripleo_provision_mcelog.rst +++ /dev/null @@ -1,6 +0,0 @@ -=============================== -Role - tripleo_provision_mcelog -=============================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_provision_mcelog diff --git a/doc/source/roles/role-tripleo_puppet_cache.rst b/doc/source/roles/role-tripleo_puppet_cache.rst deleted file mode 100644 index 46ef0a302..000000000 --- a/doc/source/roles/role-tripleo_puppet_cache.rst +++ /dev/null @@ -1,6 +0,0 @@ -=========================== -Role - tripleo-puppet-cache -=========================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_puppet_cache diff --git a/doc/source/roles/role-tripleo_redhat_enforce.rst b/doc/source/roles/role-tripleo_redhat_enforce.rst deleted file mode 100644 index d340c7251..000000000 --- a/doc/source/roles/role-tripleo_redhat_enforce.rst +++ /dev/null @@ -1,66 +0,0 @@ -===================================== -Role - tripleo_redhat_enforce -===================================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_redhat_enforce - -Description -~~~~~~~~~~~ - -This role is for OSP, the downstream version of tripleo and shouldn't -be used with other OS as it required the host to be subscribed. - -It enforces policies regarding rhel version and subscribed channel -according to the OSP version used. - -This module hosts those requirements, so that we prevent update to -wrong rhel release or subscription to wrong channels. - -Currently it only implements a basic check to the subscribed rhel -version. - -This check has some fail-safe logic to avoid crashing the update on -temporary network issue when running subscription-manager. - -We are avoiding the validation framework as this can be easily -disabled and we want this enforcement to be mandatory as this could -lead user to unsupported combination of OSP/RHEL. - -For upstream that change is transparent as the tasks are skipped if -the ansible_distribution is not Red Hat. - -Usage -~~~~~ - -Very simple usage, just pass the right parameter for the version you -plan to check. - -Remember this won't have any effects on anything else than a Red Hat -subscribed host. - -.. code-block:: YAML - - - name: Enforce RHOSP rules regarding subscription. - include_role: - name: tripleo_redhat_enforce - vars: - tripleo_redhat_enforce_osp: 16.0 - tripleo_redhat_enforce_os: 8.1 - - -Roles variables -~~~~~~~~~~~~~~~ - -+------------------------------------------------+-----------------------------+-------------------------------+ -| Name | Default Value | Description | -+================================================+=============================+===============================+ -| tripleo_redhat_enforce_debug | false | No used currently | -+------------------------------------------------+-----------------------------+-------------------------------+ -| tripleo_redhat_enforce | true on Red Hat distribution| Set to true to run validation | -| | false everywhere else | | -+------------------------------------------------+-----------------------------+-------------------------------+ -| tripleo_redhat_enforce_osp | OSP version (16.0, 16.1,...)| Version of OSP | -+------------------------------------------------+-----------------------------+-------------------------------+ -| tripleo_redhat_enforce_os | RHEL version (8.1, 8.2, ...)| Version of RHEL | -+------------------------------------------------+-----------------------------+-------------------------------+ diff --git a/doc/source/roles/role-tripleo_run_cephadm.rst b/doc/source/roles/role-tripleo_run_cephadm.rst deleted file mode 100644 index 28460a17f..000000000 --- a/doc/source/roles/role-tripleo_run_cephadm.rst +++ /dev/null @@ -1,6 +0,0 @@ -========================== -Role - tripleo_run_cephadm -========================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_run_cephadm diff --git a/doc/source/roles/role-tripleo_securetty.rst b/doc/source/roles/role-tripleo_securetty.rst deleted file mode 100644 index 14d01d222..000000000 --- a/doc/source/roles/role-tripleo_securetty.rst +++ /dev/null @@ -1,6 +0,0 @@ -======================== -Role - tripleo-securetty -======================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_securetty diff --git a/doc/source/roles/role-tripleo_ssh_known_hosts.rst b/doc/source/roles/role-tripleo_ssh_known_hosts.rst deleted file mode 100644 index fdccb0eeb..000000000 --- a/doc/source/roles/role-tripleo_ssh_known_hosts.rst +++ /dev/null @@ -1,6 +0,0 @@ -============================== -Role - tripleo-ssh-known-hosts -============================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_ssh_known_hosts diff --git a/doc/source/roles/role-tripleo_sshd.rst b/doc/source/roles/role-tripleo_sshd.rst deleted file mode 100644 index 591b7c5bd..000000000 --- a/doc/source/roles/role-tripleo_sshd.rst +++ /dev/null @@ -1,6 +0,0 @@ -=================== -Role - tripleo-sshd -=================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_sshd diff --git a/doc/source/roles/role-tripleo_systemd_wrapper.rst b/doc/source/roles/role-tripleo_systemd_wrapper.rst deleted file mode 100644 index 611276d15..000000000 --- a/doc/source/roles/role-tripleo_systemd_wrapper.rst +++ /dev/null @@ -1,90 +0,0 @@ -============================== -Role - tripleo-systemd-wrapper -============================== - -An Ansible role to manage systemd wrappers in TripleO. - - -What it does ------------- - -In a nutshell, this role helps to configure systemd so it manages side car -containers (e.g. dnsmasq, HAproxy, keepalived, etc, requested by Neutron -agents). - -Underneath, this role creates four files: - -- /etc/systemd/system/.path - -This file will allow the host to monitor changes to -/var/lib//-processes-timestamp which keeps track of the -service processes in a text file. --processes-timestamp file is managed by the -wrapper script -with a flock to avoid race conditions. - -- /etc/systemd/system/.service - -This file is the SystemD service that will run the synchronization of -processes. It is run as "Type=oneshot" because we just want the unit to execute -the -process-sync script without keeping active processes. -In this Ansible role, we automatically enable and start this service. - -- /var/lib///wrapper - -Script that wrap the service lifecycle management. It takes care of starting -the side containers everytime the service is called. -Because it's a wrapper, the script has to be bind mounted from the host into -the container. - -e.g.: /var/lib/neutron/neutron-dnsmasq/wrapper:/usr/local/bin/dnsmasq:ro - -So in the case of Neutron DHCP agent, when an operator will create a network, -Neutron will call dnsmasq which will actually call our side container wrapper. - -- /var/lib/neutron//process-sync - -This script helps to keep the list of processes (side containers) up to date, -so we don't create more than one container per namespace. We use flock to avoid -a race condition if at the same time the wrapper is called. The flock protects -the list of processes and also the timestamps. - - -Requirements ------------- - -It requires systemd on the host. This role isn't designed nor tested to run -within a container. - -Role variables --------------- - -- tripleo_systemd_wrapper_cmd: -- Command to run in the container. -- tripleo_systemd_wrapper_config_bind_mount: -- Bind-mount used for container config. -- tripleo_systemd_wrapper_container_cli: -- Name of the container cli command to use (podman | docker). -- tripleo_systemd_wrapper_docker_additional_sockets: -- Additional docker sockets to use when interacting with docker -- tripleo_systemd_wrapper_image_name: -- Container image name. -- tripleo_systemd_wrapper_service_dir: -- Directory where state files will be created. -- tripleo_systemd_wrapper_service_kill_script: -- Name of the script to create for the kill action -- tripleo_systemd_wrapper_service_name: -- Name of the service to wrap in Systemd. - -Example Playbook ----------------- - -Sample playbook to call the role:: - - - name: Create Neutron dnsmasq systemd wrapper - hosts: all - roles: - - tripleo-systemd-wrapper - vars: - tripleo_systemd_wrapper_cmd: "/usr/sbin/dnsmasq -k" - tripleo_systemd_wrapper_config_bind_mount: "/var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro" - tripleo_systemd_wrapper_container_cli: podman - tripleo_systemd_wrapper_image_name: "quay.io/tripleomastercentos9/centos-binary-neutron-dhcp-agent:current-tripleo" - tripleo_systemd_wrapper_service_dir: /var/lib/neutron - tripleo_systemd_wrapper_service_kill_script: dnsmasq-kill - tripleo_systemd_wrapper_service_name: neutron-dnsmasq - - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo-systemd-wrapper diff --git a/doc/source/roles/role-tripleo_time.rst b/doc/source/roles/role-tripleo_time.rst deleted file mode 100644 index dc842b1f3..000000000 --- a/doc/source/roles/role-tripleo_time.rst +++ /dev/null @@ -1,6 +0,0 @@ -======================= -Role - tripleo-timezone -======================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_timezone diff --git a/doc/source/roles/role-tripleo_timezone.rst b/doc/source/roles/role-tripleo_timezone.rst deleted file mode 100644 index dc842b1f3..000000000 --- a/doc/source/roles/role-tripleo_timezone.rst +++ /dev/null @@ -1,6 +0,0 @@ -======================= -Role - tripleo-timezone -======================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_timezone diff --git a/doc/source/roles/role-tripleo_transfer.rst b/doc/source/roles/role-tripleo_transfer.rst deleted file mode 100644 index 8d84538df..000000000 --- a/doc/source/roles/role-tripleo_transfer.rst +++ /dev/null @@ -1,6 +0,0 @@ -======================= -Role - tripleo-transfer -======================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_transfer diff --git a/doc/source/roles/role-tripleo_unbound.rst b/doc/source/roles/role-tripleo_unbound.rst deleted file mode 100644 index 25a841ece..000000000 --- a/doc/source/roles/role-tripleo_unbound.rst +++ /dev/null @@ -1,6 +0,0 @@ -====================== -Role - tripleo_unbound -====================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_unbound diff --git a/doc/source/roles/role-tripleo_update_trusted_cas.rst b/doc/source/roles/role-tripleo_update_trusted_cas.rst deleted file mode 100644 index 58ee6bf6a..000000000 --- a/doc/source/roles/role-tripleo_update_trusted_cas.rst +++ /dev/null @@ -1,6 +0,0 @@ -================================= -Role - tripleo_update_trusted_cas -================================= - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_update_trusted_cas diff --git a/doc/source/roles/role-tripleo_upgrade_hiera.rst b/doc/source/roles/role-tripleo_upgrade_hiera.rst deleted file mode 100644 index d0378dfff..000000000 --- a/doc/source/roles/role-tripleo_upgrade_hiera.rst +++ /dev/null @@ -1,6 +0,0 @@ -============================ -Role - tripleo-upgrade-hiera -============================ - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_upgrade_hiera diff --git a/doc/source/roles/role-tripleo_validations_package.rst b/doc/source/roles/role-tripleo_validations_package.rst deleted file mode 100644 index c657077f6..000000000 --- a/doc/source/roles/role-tripleo_validations_package.rst +++ /dev/null @@ -1,6 +0,0 @@ -================================== -Role - tripleo-validations-package -================================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tripleo_validations_package diff --git a/doc/source/roles/role-tuned.rst b/doc/source/roles/role-tuned.rst deleted file mode 100644 index f79d0dc95..000000000 --- a/doc/source/roles/role-tuned.rst +++ /dev/null @@ -1,6 +0,0 @@ -============ -Role - tuned -============ - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/tuned diff --git a/doc/source/roles/snapshot_and_revert.rst b/doc/source/roles/snapshot_and_revert.rst deleted file mode 100644 index c561938e3..000000000 --- a/doc/source/roles/snapshot_and_revert.rst +++ /dev/null @@ -1,49 +0,0 @@ -========================== -Role - snapshot_and_revert -========================== - -.. ansibleautoplugin:: - :role: tripleo_ansible/roles/snapshot_and_revert - -Usage -~~~~~ - -This Ansible role allows to -do the following tasks: - -1. Take LVM snapshots in both the Controller and Compute nodes. -2. Revert the state to the previously created snapshots. -3. Remove the snapshots. - -LVM snapshots are a feature of Linux Logical Volume Manager (LVM) -that allows users to create a temporary, read-only copy of a -the logical volumes of the Overcloud nodes. -The copy is a point-in-time representation of the original volume -and can be used for various purposes like data backup, testing, and recovery. -The ext4 file system must be used on top of LVM logical volumes, otherwise -this feature can not be used. - -This example is meant to describe a very simple -use case in which the user needs to create a set -of recovery LVM snapshots from the Controller and Compute nodes. - -Login in the Undercloud node and run: - -:: - - # Create snapshots in the Compute and Controller nodes - openstack overcloud backup snapshot - -To revert the snapshots run: - -:: - - # Revert snapshots in the Compute and Controller nodes - openstack overcloud backup snapshot --revert - -Then, to remove the created snapshots run: - -:: - - # Remove snapshots in the Controller and Compute nodes - openstack overcloud backup snapshot --remove diff --git a/doc/source/standalone-roles-playbooks.rst b/doc/source/standalone-roles-playbooks.rst deleted file mode 100644 index 2c618e57b..000000000 --- a/doc/source/standalone-roles-playbooks.rst +++ /dev/null @@ -1,744 +0,0 @@ -============================== -Standalone Roles and Playbooks -============================== - -The roles provided by tripleo-ansible can be used directly by ansible or -ansible-playbook, without requiring direct integration with -tripleo-heat-templates or the config-download mechanism. This usage is referred -to as standalone usage. - -It is a design goal of tripleo-ansible that all of the ansible roles, plugins, -modules, inventory, and playbooks provided by this repository are able to be -used in this standalone fashion. - -Given the evolution of development within tripleo-ansible, not all roles were -developed with standalone usage in mind, and not all roles offer the same -interfaces. However, it is the goal of this documentation to document the -consistent patterns that are present across the effort to make standalone roles -a primary interface provided by tripleo-ansible. - -Roles -===== - -The following patterns define the interfaces provided by standalone roles. Not -all roles will follow all patterns documented here as not all will be -applicable, and different roles have already been developed. However, new -development SHOULD follow these patterns in every extent possible. - -Standalone roles names should be formatted as ``tripleo__`` -like ``tripleo_ovn_dbs`` and ``tripleo_ovn_controller`` Each component of a -service, or services shared configs, should become a standalone ansible role. -Small shared components of a service, like ones responsible for common service -logging, could be merged with either, or all, of the service components roles. - -Variables ---------- - -We aim to maintain both standalone ansible and legacy t-h-t/puppet deployment -methods for a while. We need them syncronized, backportable, and its covered -features to be kept in parity. For that, role variables for services and -components should follow the naming rules: - -#. If there is a corresponding Heat parameter for it in tripleo-heat-templates, - the variable names should be: ``tripleo___`` - Where ``param_name>`` is ``snake_case`` translation of its ``CamelCase`` name. - For example, the ``tripleo_nova_compute`` role variable for - ``NovaComputeLibvirtPreAllocateImages`` should be named - ``tripleo_nova_compute_libvirt_pre_allocate_images`` -#. If there is a corresponding Heat parameter shared between multiple - services/components templates, each standalone ansible role should refer to - its dedicated role var, and provide a failback to a shared variable, like: - ``UpgradeLevelNovaCompute`` should be named ``tripleo_nova_libvirt_upgrade_level_compute`` - for the ``tripleo_nova_libvirt`` role variable, and - ``tripleo_nova_compute_upgrade_level_compute`` for the ``tripleo_nova_compute`` - role. And both should failback to ``tripleo_upgrade_level_compute`` in the - roles default vars. -#. Complex values may be evaluated as facts in ``tasks/main.yml`` For example, - ``cinder_common_kolla_permissions`` and ``kolla_permissions`` that correspond to - ``CephExternalMultiConfig`` of Nova Libvirt and Cinder Common t-h-t services, - could be defined via the service-name prefixed ``_ceph_multiconfig_permissions`` - facts for the ``tripleo_nova_libvirt`` and ``tripleo_cinder_common`` roles. - Then roles for cinder backup and volume components may share that fact from - the cinder common role. Beware that setting facts is expensive - it requires - running a task which costs time and thus it should be avoided. However, when - there are complex t-h-t yaql and str_replace templating functions from Heat, - it is OK to translate these into jinja and set facts. If bottlenecks are - found which will affecting production clusters, then they can be optimized - later. -#. Puppet Hiera data should ideally be mapped into standalone roles variables - as well. Unless there is ansible config templating and/or conf files snippets - used as direct user inputs. However, please always remember about the goal of - simplified backports of this state-of-art TripleO deployment framework into - the "legacy world" of Heat and Puppet. The example role var name for hiera - ``nova::compute::libvirt::cpu_model_extra_flags`` could be - ``tripleo_nova_compute_cpu_model_extra_flags`` -#. When there is a Heat parameter assigned to Hiera data for Puppet, only - provide a role var for the former, and omit it for the latter. For example, - ``NovaEnableVTPM``s value in t-h-t is assigned to Hiera's - ``nova::compute::libvirt::swtpm_enabled`` Use the role name - ``tripleo_nova_compute_enable_vtpm`` to cover both mappings with a single - input. Had there been no matching Heat parameter for it, the role var name - would become ``tripleo_nova_compute_libvirt_swtpm_enabled`` to match the Hiera - data mapping. - -Following these rules will help TripleO developers to maintain both deployment -methods, and simply using ansible group vars to call standalone roles from -tripleo-heat-templates, as a drop-in replacement for existing Heat parameters -and Hiera data, with full feature parity maintained automagically. That would -also help a lot the TripleO project users to convert their Heat templates and -customizations to quickly provide it as inputs for standalone roles. - -To simplify code generation and verification of role vars mappings to Heat -parameters and Puppet Hiera data, there is a helper script_ (provided as the -best effort). - -.. _script: https://gist.github.com/bogdando/ab2118f4c6fbb88c1c127fd6eb82b756 - -Task files ----------- - -Tasks within roles should be broken out by the tasks high level management -function, with each function in its own task file. The following task files are -common to most roles, and roles providing these functional tasks must organize -their tasks in files whose names match the names shown here. - -.. code-block:: - - install.yml - configure.yml - run.yml - update.yml - upgrade.yml - scale_up.yml - scale_down.yml - -install.yml - Installation tasks. Tasks that install software from remote repositories, or - pull container images, unpack tarballs, etc. - -configure.yml - Configuration tasks. Tasks that configure software through generating or - editing configuration files, setting configuration data, etc. - -run.yml - Run tasks. Tasks that run other commands, start daemon services, start one - time or persistent containers, etc. - -update.yml - Update tasks. Tasks that update software across minor releases, which - typically do not require downtime or cause API backwards compatibility. - -upgrade.yml - Upgrade tasks. Tasks that upgrade software across major releases. May require - downtime of the managed software or cause breaking backwards compatibility - changes. - -scale_up.yml - Scale up tasks. Tasks that are run when the software is scaled onto existing - nodes or new nodes. - -scale_down.yml - Scale down tasks. Tasks that are run when the software is scaled down and - stopped from running on existing nodes. - -It may not be clear how to organize all tasks within the above files in a given -role. There may be some grey area for some tasks, or even subjective -classification of how to organize tasks. This is recognized. In the majority of -cases, roles should work in the manner of least surprise to users and -operators. As examples of "least suprise", tasks provided by configure.yml -should not leave long running processes around, run.yml should not install -needed software from remote repositories, etc. - -Configuration -------------- - -Configuration tasks will vary by role based on the software that the role -manages. - -For containerized OpenStack services (and other services), that use -configuration files, the following configuration pattern can be used: - -#. Start a container from the service image -#. Copy out all needed configuration files from the running container to - the ``var/lib/config-data/ansible-generated/`` directory on the - managed node. -#. Configure the configuration files as needed using common configuration - modules such as ``inifile``. -#. When starting the actual service container, bind mount in the configuration - files from ``/var/lib/config-data/ansible-generated/`` to the - needed locations within the service container. - -The following tasks show an example implementation of the above pattern to -configure the ``nova_compute`` service from within the ``tripleo_nova_compute`` -role. Note that this is a simplified implementation of the actual task list -from the role: - -.. code-block:: yaml - - - name: Ensure /var/lib/config-data/ansible-generated/nova_compute/etc/nova exists - file: - path: "/var/lib/config-data/ansible-generated/nova_compute/etc/nova" - state: directory - recurse: true - - - name: Remove nova_compute_config container if exists - shell: | - podman rm -f nova_compute_config || : - - - name: Run nova_compute_config container - shell: podman run --detach --name nova_compute_config quay.io/tripleomastercentos9/openstack-nova-compute:current-tripleo sleep infinity - register: config_container_id - - - name: Copy initial config files from nova_libvirt_config container - shell: | - mount_dir=$(podman mount nova_compute_config) - cp -a ${mount_dir}/etc/nova/nova.conf /var/lib/config-data/ansible-generated/nova_compute/etc/nova/nova.conf - failed_when: false - notify: Remove nova_compute_config container - register: copy_config_files - - - name: Check for failure - debug: - msg: | - Copying config files failed - {{ copy_config_files.stdout }} - {{ copy_config_files.stderr }} - when: - - copy_config_files.rc != 0 - failed_when: true - - - name: Configure nova.conf - ini_file: - path: "/var/lib/config-data/ansible-generated/nova_compute/etc/nova/nova.conf" - section: "{{ item.section }}" - option: "{{ item.option }}" - value: "{{ item.value }}" - loop: "{{ nova_conf }}" - vars: - nova_conf: | - - section: DEFAULT - option: reserved_host_memory_mb - value: 1024 - - section: DEFAULT - option: ram_allocation_ratio - value: 1.0 - -.. note:: - - Configuration is **not** done with Puppet in the standalone roles. Puppet - should not be used at all within new role development in tripeo-ansible. - Puppet functionality needs to be migrated to ansible tasks. See the - tripleo-spec `decouple-tripleo-tasks`_ for more information. - -Container management --------------------- - -Managing containers from a role may vary depending on the role's purpose. For -OpenStack and similar services, container management can be done with the -:doc:`roles/role-tripleo_container_standalone` role. The -``tripleo_container_standalone`` role has 3 main input variables each time it -is used: - -#. tripleo_container_standalone_service - Service name/label used for directory - and file naming. -#. tripleo_container_standalone_container_defs - A dictionary of container - names and yml definitions. The YAML structure matches that of the - ``docker_config`` interface defined from ``tripleo-heat-templates``. -#. tripleo_container_standalone_kolla_config_files - A dictionary of container - names and yml structure of a kolla conifguration file. - -With these 3 inputs, the ``tripleo_container_standalone`` role will manage the -container (start/run) as described by the inputs. - -The following tasks show an example implementation of using the -``tripleo_container_standalone`` role to manage the containers defined by the -``nova_compute`` service within the ``tripleo_nova_compute`` role: - -.. code-block:: yaml - - - name: Manage nova_wait_for_compute_service container - when: tripleo_nova_compute_additional_cell|bool - include_role: - name: tripleo_container_standalone - vars: - tripleo_container_standalone_service: nova_wait_for_compute_service - tripleo_container_standalone_container_defs: - nova_wait_for_compute_service: "{{ lookup('template', 'nova_wait_for_compute_service.yml.j2') | from_yaml }}" - tripleo_container_standalone_kolla_config_files: - nova_wait_for_compute_service: "{{ lookup('file', 'files/nova_wait_for_compute_service.yml') | from_yaml }}" - - - name: Manage nova_compute container - include_role: - name: tripleo_container_standalone - vars: - tripleo_container_standalone_service: nova_compute - tripleo_container_standalone_container_defs: - nova_compute: "{{ lookup('template', 'nova_compute.yml.j2') | from_yaml }}" - tripleo_container_standalone_kolla_config_files: - nova_compute: "{{ lookup('template', 'templates/kolla_config/nova_compute.yml.j2') | from_yaml }}" - -Notice how the container definitions and kolla config files yml structure are -read from templates using ``lookup``. This allows for customizing the container -definitions based on the values of provided variables for the deployment. - -Playbooks -========= - -The standalone playbooks provided by tripleo-ansible can be used to deploy and -manage an OpenStack environment entirely with ansible runtimes (ansible / -ansible-playbook). To separate these playbooks from playbooks for other -purposes within tripleo-ansible, the standalone playbooks are prefixed with -``deploy-`` within the `tripleo_ansible/playbooks`_ directory. - -The playbooks are organized by management function like the task files within -each role. Additionally, they are further organized to allow managing operating -system (OS) and OpenStack services in isolation from the other. Like task -organization, the delineation between an OS and OpenStack service may not be -clear. One way to distinguish the service is to consider the source of the -software managed by the service. The source may either be provided by an -OpenStack repository, or from an OS repository (such as CentOS). As an example, -libvirt may be considered an OS service as it's software is provided by CentOS, -while ``nova_compute`` is considered an OpenStack service as it's software is -provided by OpenStack/OpenDev. - -The following provided playbooks illustrate the organization of management -function: - -.. code-block:: - - deploy-tripleo-openstack-configure.yml - deploy-tripleo-openstack-install.yml - deploy-tripleo-openstack-run.yml - deploy-tripleo-os-configure.yml - deploy-tripleo-os-install.yml - deploy-tripleo-os-run.yml - -Additionally, playbooks are provided to manage other parts of the deployment, -in order to manage a complete environment. The playbooks include: - -.. code-block:: - - deploy-tripleo-facts.yml - deploy-tripleo-selinux.yml - deploy-tripleo-pre-network.yml - deploy-tripleo-network-configure.yml - deploy-tripleo-network-validate.yml - -In the simplest form, the standalone playbooks will consume standalone roles -with just an ``include_role`` module using the ``tasks_from`` argument to -include the corresponding tasks file from the role for the management function. - -An example of tasks from the ``deploy-tripleo-os-run.yml`` playbook illustrate -this pattern: - -.. code-block:: yaml - - - name: Run sshd - include_role: - name: tripleo_sshd - tasks_from: run.yml - - name: Run chrony - include_role: - name: chrony - tasks_from: run.yml - - name: Run timezone - include_role: - name: tripleo_timezone - tasks_from: run.yml - -A top level playbook, `deploy-overcloud-compute.yml`_ is also provided that -includes the above ``deploy-`` playbooks in a way that is used to deploy and -manage OpenStack compute nodes. - -Other top level playbooks will be added for other OpenStack management use -cases. - -Inventory -========= - -The `inventory`_ provided by tripleo-ansible is an example inventory that can -be used to configure the same node running ansible-playbook as an OpenStack -compute node. It is a sample inventory, using standard TripleO defaults and is -meant to be copied and modified for different environments. - -The files provided by the sample inventory are as follows: - -.. code-block:: - - 01-site - 02-computes - 03-tripleo - 99-standalone-vars - group_vars/overcloud - host_vars/localhost - -01-site - Defines top level groups used by the playbooks including allovercloud, - overcloud, and Compute -02-computes - Defines the actual compute nodes for the deployment. Only localhost is - included in the sample. Additional compute nodes could be added here. -03-tripleo - Defines common variables for the overcloud. -99-standalone-vars - Defines the minimal set of ansible variables to a default deployment using - the default values. These variables include IP addresses in the default - TripleO subnet range (192.168.24.0/24), passwords, and connection url's. -group_vars/overcloud - Defines common variables to the overcloud group -host_vars/localhost - Defines host specific variables to each compute node, in the sample, only - localhost is used. - -Usage Examples -============== - -tripleo-ansible environment setup ---------------------------------- - -As work is in progress, an environment needs to be setup that can consume the -in progress work from tripleo-ansible and other repositories. - -The environment setup example assumes a non-root user, and working from the -home directory, but the example can be modified as needed. - -On the ansible controller node - -#. Clone tripleo-ansible - - .. code-block:: shell - - git clone https://opendev.org/openstack/tripleo-ansible - -#. Apply the latest patches from the `standalone-roles`_ topic branch to the cloned repository - -#. Clone ansible-role-chrony. It is also needed, but is not part of tripleo-ansible. - - .. code-block:: shell - - git clone https://opendev.org/openstack/ansible-role-chrony - -#. Create a roles directory for ansible-role-chrony, and an ``ansible.cfg`` to - use roles from the git repositories. - - .. code-block:: shell - - mkdir ~/roles; ln -s ~/ansible-role-chrony ~/roles/chrony - cat <ansible.cfg - [defaults] - roles_path=~/roles:~/tripleo-ansible/tripleo_ansible/roles:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles - EOF - - -Execution examples ------------------- - -With the environment setup, ``anible-playbook`` is used to execute the playbook -to manage compute nodes. These examples show different ways to use the -playbooks. - -#. TripleO defaults, localhost configured as a compute node - - .. code-block:: shell - - sudo ansible-playbook -i tripleo-ansible/tripleo_ansible/inventory tripleo-ansible/tripleo_ansible/playbooks/deploy-overcloud-compute.yml - -#. TripleO defaults, remote node(s) configured as compute node(s) - - .. code-block:: shell - - # Edit tripleo-ansible/tripleo_ansible/inventory/02-computes, and add additional compute nodes under the ``[Compute]`` group - # Add additional ``host_vars`` files under tripleo-ansible/tripleo_ansible/inventory/host_vars to configure host specific connection variables if needed - sudo ansible-playbook -i tripleo-ansible/tripleo_ansible/inventory tripleo-ansible/tripleo_ansible/playbooks/deploy-overcloud-compute.yml - -#. Modifying defaults, remote node(s) configured as compute node(s) - - .. code-block:: shell - - # Modify inventory as needed from previous examples - # Edit tripleo-ansible/tripleo_ansible/inventory/99-custom, and set the desired variable values - sudo ansible-playbook -i tripleo-ansible/tripleo_ansible/inventory tripleo-ansible/tripleo_ansible/playbooks/deploy-overcloud-compute.yml - -tripleo_compute_node role for dev/test -====================================== - -The tripleo_compute_node role within tripleo-ansible can be used for development and -test of the standalone playbooks and roles. The role has a ``default`` molecule -scenario that executes the standalone playbooks when `converge.yml`_ is run by -molecule. - -The scenario uses the podman molecule driver, and starts a podman container -named `tripleo_compute_node`_. The ``tripleo_compute_node`` container is a -`rootless podman`_ container started as the user executed molecule. The container uses -`podman in podman`_, and has `systemd as the init process`_. This -configuration allows for treating the container as a simulated compute node for -the purposes of dev and test. - -On the host, the only requirements are that podman is installed, and the -openvswitch kernel module is loaded. Without the openvswitch module loaded on -the house, the ``ovn`` containers with the ``tripleo_compute_node`` container will -fail to start. Other than the openvswitch kernel module requirement, this -environment is isolated from the host. - -A ``tox`` target exists to easily create the environment: - - .. code-block:: console - - [stack@centos-9-stream tripleo-ansible]$ tox -e molecule-compute-node -- --destroy=never - -``destroy=never`` are passed as positional arguments to tox, so that molecule -does not clean up the environment automatically. Omit these arguments if the -container should be deleted after the molecule test. - -After the tox execution with ``destroy=never`` the ``tripleo_compute_node`` -environment is up and running: - - .. code-block:: console - - [stack@centos-9-stream tripleo-ansible]$ podman ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - cf9293611eb8 localhost/molecule_local/centos/centos:stream9 /sbin/init 3 hours ago Up 3 hours ago tripleo_compute_node - -The container can be entered with either ``podman exec`` or with ``molecule -login``: - - .. code-block:: console - - [stack@centos-9-stream tripleo-ansible]$ source .tox/molecule-compute-node/bin/activate - (molecule-compute-node) [stack@centos-9-stream tripleo-ansible]$ cd tripleo_ansible/roles/tripleo_compute_node/ - (molecule-compute-node) [stack@centos-9-stream tripleo_compute_node]$ molecule login - INFO Found config file - /home/stack/tripleo-ansible/.config/molecule/config.yml - INFO Running default > login - [root@tripleocomputenode /]# - -From within the container, the compute services are visible: - - .. code-block:: console - - [root@tripleocomputenode /]# podman ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - fbdc4d34c11b quay.io/tripleomastercentos9/openstack-ovn-controller:current-tripleo kolla_start 3 hours ago Up 3 hours ago (healthy) ovn_controller - e8be9a2f5b10 quay.io/tripleomastercentos9/openstack-cron:current-tripleo kolla_start 2 hours ago Up 2 hours ago (healthy) logrotate_crond - d741a2abacd0 quay.io/tripleomastercentos9/openstack-iscsid:current-tripleo kolla_start 2 hours ago Up 2 hours ago iscsid - ea996a8c5357 quay.io/tripleomastercentos9/openstack-nova-libvirt:current-tripleo kolla_start 2 hours ago Up 2 hours ago nova_virtlogd - d463308dcac8 quay.io/tripleomastercentos9/openstack-nova-libvirt:current-tripleo kolla_start 2 hours ago Up 2 hours ago nova_virtsecretd - 295fb6d01be7 quay.io/tripleomastercentos9/openstack-nova-libvirt:current-tripleo kolla_start 2 hours ago Up 2 hours ago nova_virtnodedevd - ac21ae881494 quay.io/tripleomastercentos9/openstack-nova-libvirt:current-tripleo kolla_start 2 hours ago Up 2 hours ago nova_virtstoraged - 270fe4c0f0ef quay.io/tripleomastercentos9/openstack-nova-libvirt:current-tripleo kolla_start 2 hours ago Up 2 hours ago nova_virtqemud - 1e8085b34a49 quay.io/tripleomastercentos9/openstack-nova-libvirt:current-tripleo kolla_start 2 hours ago Up 2 hours ago nova_virtproxyd - 5ba018f50b31 quay.io/tripleomastercentos9/openstack-nova-compute:current-tripleo kolla_start 2 hours ago Up 2 hours ago nova_compute - -Exit the container to return to the ``tripleo-ansible`` checkout: - - .. code-block:: console - - [root@tripleocomputenode /]# exit - exit - (molecule-compute-node) [stack@centos-9-stream tripleo_compute_node]$ - -To develop and test any of the playbooks and roles, make the desired changes -directly in the tripleo-ansible checkout. The ``ansible-test-env.rc`` file must -be sourced to set the configuration paths for ansible so that ansible knows -where to find the custom strategies, plugins, modules, and roles provided by -``tripleo-ansible``: - - .. code-block:: console - - (molecule-compute-node) [stack@centos-9-stream tripleo_compute_node]$ source ../../../ansible-test-env.rc - Ansible test environment is now active - Run 'unset-ansible-test-env' to deactivate. - - (molecule-compute-node) [stack@centos-9-stream tripleo_compute_node]$ ansible-playbook -i molecule/inventory/ ../../playbooks/deploy-tripleo-facts.yml - -TripleO integration -=================== - -`TripleO standalone`_ can be used to deploy an OpenStack control plane, and -the standalone roles can then be used to deploy additional Compute node(s). - -The required ``99-standalone-vars`` inventory file can be generated from the deployed -OpenStack control plane by using ``tripleo-standalone-vars`` script. - -Copy the script to either your standalone controller or undercloud before running it. - -Use the generated ``99-standalone-vars`` from the below commands -when ``ansible-playbook`` is executed. - -#. Here is the ``tripleo-standalone-vars`` help page. - - .. code-block:: shell - - ~/tripleo-ansible/scripts/tripleo-standalone-vars --help - usage: tripleo-standalone-vars [-h] [--config-download-dir CONFIG_DOWNLOAD_DIR] [--output-file OUTPUT_FILE] [--role ROLE] [--force] - - tripleo-standalone-vars - - options: - -h, --help show this help message and exit - --config-download-dir CONFIG_DOWNLOAD_DIR, -c CONFIG_DOWNLOAD_DIR - The config-download directory for the deployment used as the source of the generated ansible variables. (default: ~/overcloud- - deploy/overcloud/config-download/overcloud) - --output-file OUTPUT_FILE, -o OUTPUT_FILE - Output file containing the generated ansible vars. (default: 99-standalone-vars) - --role ROLE, -r ROLE Primary role name from the source deployment. (default: Controller) - --force, -f Force overwriting the output file if it exists. (default: False) - -#. From a standalone controller where you want to add compute services, Execute the ``tripleo-standalone-vars`` script - - .. code-block:: shell - - ~/tripleo-ansible/scripts/tripleo-standalone-vars \ - --config-download-dir /home/stack/tripleo-deploy/standalone/$(ls -1dtr standalone-ansible* | tail -n -1) \ - --role Standalone \ - --output-file ~/tripleo-ansible/tripleo_ansible/inventory/99-standalone-vars - -#. From an undercloud with an already deployed overcloud control plane, Execute the ``tripleo-standalone-vars`` script - - .. code-block:: shell - - ~/tripleo-ansible/scripts/tripleo-standalone-vars - -#. The script will generate ``99-standalone-vars`` in the current directory. Copy the file to the ansible control node where the inventory is defined. - -#. If we want to regenerate the ``99-standalone-vars``, Execute the ``tripleo-standalone-vars`` script with ``--force`` flag. - - .. code-block:: shell - - ~/tripleo-ansible/scripts/tripleo-standalone-vars --force - -Integration of standalone roles with tripleo-heat-templates ------------------------------------------------------------ - -As standalone roles are developed, they can also be consumed from -tripleo-heat-templates so that maintenance of the ansible tasks only needs to -be done from a single location in tripleo-ansible. - -Once a role provides the equivalent set of task functionality, the role can be -consumed within tripleo-heat-templates using the composable service interfaces. - -The ``ansible_group_vars`` interface is used to define values for ansible -variables that can be consumed by the included roles. The following example -shows how the ``logrotate-crond-container-puppet.yml`` service from -tripleo-heat-templates uses the standalone ``tripleo_logrotate_crond`` role -from tripleo-ansible. - -.. code-block:: yaml - - role_data: - ansible_group_vars: - tripleo_logrotate_crond_purge_after_days: {get_param: LogrotatePurgeAfterDays} - tripleo_logrotate_crond_config_volume: /var/lib/config-data/puppet-generated/crond - tripleo_logrotate_crond_image: {get_attr: [RoleParametersValue, value, ContainerCrondConfigImage]} - host_prep_tasks: - - name: tripleo_logrotate_crond install tasks - include_role: - name: tripleo_logrotate_crond - tasks_from: install.yml - deploy_steps_tasks: - - name: tripleo_logrotate_crond configure tasks - when: step|int == 2 - include_role: - name: tripleo_logrotate_crond - tasks_from: configure.yml - - name: logrotate-crond container - when: step|int == 4 - include_role: - name: tripleo_logrotate_crond - tasks_from: run.yml - update_tasks: - - name: logrotate-crond update - when: step|int == 1 - include_role: - name: tripleo_logrotate_crond - tasks_from: update.yml - upgrade_tasks: - - name: logrotate-crond upgrade - when: step|int == 1 - include_role: - name: tripleo_logrotate_crond - tasks_from: upgrade.yml - -Each composable service interface (such as ``host_prep_tasks``, -``deploy_steps_tasks``, etc) consumes the corresponding task file from the -role. The ``docker_config`` and ``kolla_config`` sections are also no longer -needed in the composable service as that logic is contained within the -container management tasks in ``run.yml`` from the standalone role. - -Step-wise deployment logic --------------------------- - -The step based deployment from tripleo-heat-templates which uses a rigid -framework of 5 distinct steps or stages at which software is managed is **not** -reproduced with the standalone roles and playbooks. - -Most OS and OpenStack services have sufficiently evolved such that the step -based deployment is not needed. However, ordering is still important during the -deployment. Ordering with the standalone roles in tripleo-ansible is defined -directly by the playbooks. There is no need for roles to have a higher concept -of ordering by defining tasks for each steps. The playbooks simply include the -right task files from a given role in the right order. - -However, needed ordering may impose a given task file structure within a role. -If not all tasks from a role's ``run.yml`` can happen at once in a given -order, then the task file may need to be factored out into multiple files -(``setup.yml``, ``bootstrap.yml``) so that tasks can be included in the -needed order. - -Heat parameter and Hiera key to Ansible group variable mapping --------------------------------------------------------------- - -Heat parameters and Hiera keys will often end up mapped to equivalent Ansible -group variables as functionality is ported to standalone roles. In cases where -equivalent group variables are used, the name mapping between -tripleo-heat-templates, puppet-tripleo, tripleo-ansible should be consistent. - -Heat parameters using CamelCase should be converted to ansible group variables -using under_score naming and prefixed with the standalone role name. - -As an example, the Heat parameter ``CephClusterFSID`` would be named -``tripleo_nova_compute_ceph_cluster_fsid`` as an ansible group variable. - -Configuration -------------- - -tripleo-heat-templates still uses Puppet for configuration, host tasks, and -some bootstrap tasks. The standalone roles can still be used alongside Puppet, -even though the roles should themselves should not use puppet. The task file -organization of a role should allow for running only individual task files as -needed with ``include_role``, such that the Puppet pieces can be run by other -means. - -For configuration, the standalone roles can be pointed at a different -configuration directory for bind mounting into containers. This allows the -container bind mount to switch between -``/var/lib/config-data/puppet-generated`` and -``/var/lib/config-data/ansible-generated`` depending on which method is used. - -The standalone roles also provided a boolean variable to control whether -configuration is done at all with ansible. When set to ``False`` the ansible -tasks that generate the config files would be skipped in the standalone roles. - -As an example, the variables for the ``tripleo_nova_compute`` role are defined -as: - -.. code-block:: yaml - - tripleo_nova_compute_config_use_ansible: true - tripleo_nova_compute_config_dir: /var/lib/config-data/ansible-generated/nova_libvirt - -tripleo-heat-templates can define the variables within the -``ansible_group_vars`` interface to control the configuration behavior. - -.. _tripleo_ansible/playbooks: https://opendev.org/openstack/tripleo-ansible/src/branch/master/tripleo_ansible/playbooks -.. _deploy-overcloud-compute.yml: https://opendev.org/openstack/tripleo-ansible/src/branch/master/tripleo_ansible/playbooks/deploy-overcloud-compute.yml -.. _inventory: https://opendev.org/openstack/tripleo-ansible/src/branch/master/tripleo_ansible/inventory -.. _standalone-roles: https://review.opendev.org/q/topic:standalone-roles -.. _standalone-roles patch for ansible-role-chrony: https://review.opendev.org/c/openstack/ansible-role-chrony/+/842223 -.. _TripleO standalone: https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/deployment/standalone.html -.. _decouple-tripleo-tasks: https://specs.openstack.org/openstack/tripleo-specs/specs/zed/decouple-tripleo-tasks.html -.. _tripleo_compute_node: https://opendev.org/openstack/tripleo-ansible/src/branch/master/tripleo_ansible/roles -.. _converge.yml: https://opendev.org/openstack/tripleo-ansible/src/branch/master/tripleo_ansible/roles/tripleo_compute_node/molecule/default/converge.yml -.. _rootless podman: https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md -.. _podman in podman: https://www.redhat.com/sysadmin/podman-inside-container -.. _systemd as the init process: https://developers.redhat.com/blog/2019/04/24/how-to-run-systemd-in-a-container?extIdCarryOver=true&sc_cid=701f2000001Css0AAC#other_cool_features_about_podman_and_systemd diff --git a/doc/source/usage.rst b/doc/source/usage.rst deleted file mode 100644 index 1e1c94022..000000000 --- a/doc/source/usage.rst +++ /dev/null @@ -1,7 +0,0 @@ -===== -Usage -===== - -Once the tripleo ansible project has been installed navigate to the share path, -usually `/usr/share/ansible` path to access the installed roles, playbooks, and -libraries. diff --git a/molecule-requirements.txt b/molecule-requirements.txt deleted file mode 100644 index b550200c3..000000000 --- a/molecule-requirements.txt +++ /dev/null @@ -1,24 +0,0 @@ -# this is required for the molecule jobs -ansi2html -# https://github.com/sqlalchemy/dogpile.cache/issues/178 (openstacksdk) -dogpile.cache>=0.6.5,!=0.9.1 # MIT -openstacksdk -pytest -pytest-cov -pytest-html -pytest-testinfra -pytest-xdist -mock -molecule>=3.3.4 -molecule-podman>=1.0.0a1 -ruamel.yaml -netaddr -jinja2 - -ansible-core - -# Upstream requirements from constraints.txt -tripleo-common -os-net-config # Apache-2.0 -# Allows to unpin cryptography -pyOpenSSL>=22.1.0 diff --git a/releasenotes/build/html/.gitkeep b/releasenotes/build/html/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/releasenotes/notes/Add-Unbound-forwarder-support-9bdc3ef54104ff30.yaml b/releasenotes/notes/Add-Unbound-forwarder-support-9bdc3ef54104ff30.yaml deleted file mode 100644 index c32956c07..000000000 --- a/releasenotes/notes/Add-Unbound-forwarder-support-9bdc3ef54104ff30.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Adds support for Unbound to forward DNS resolution requests to other - DNS resolvers (DNS resolver forwarding). diff --git a/releasenotes/notes/Add-tripleo-unbound-role-fb072294f074adf1.yaml b/releasenotes/notes/Add-tripleo-unbound-role-fb072294f074adf1.yaml deleted file mode 100644 index b1bf2d73a..000000000 --- a/releasenotes/notes/Add-tripleo-unbound-role-fb072294f074adf1.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Added a new role for ``tripleo_unbound`` to configure the Unbound DNS - resolver for TripleO deployments. diff --git a/releasenotes/notes/add-ansible-args-to-test-commands-e6b14d561af5de7d.yaml b/releasenotes/notes/add-ansible-args-to-test-commands-e6b14d561af5de7d.yaml deleted file mode 100644 index 7d8852e1a..000000000 --- a/releasenotes/notes/add-ansible-args-to-test-commands-e6b14d561af5de7d.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -features: - - | - A new argument has been added to the molecule test setup allowing - developers to run tests with Ansible command line arguments. This - feature is useful when testing roles that require augmentation, - like when tags are needed. - - .. code-block:: console - - pytest tests/test_molecule.py --scenario=${NEWROLENAME} --ansible-args='--tags xxx --skip-tags yyy' diff --git a/releasenotes/notes/add-octavia-log-offload-protocol-parameter-a94d54c405f55096.yaml b/releasenotes/notes/add-octavia-log-offload-protocol-parameter-a94d54c405f55096.yaml deleted file mode 100644 index 0a7a6dad7..000000000 --- a/releasenotes/notes/add-octavia-log-offload-protocol-parameter-a94d54c405f55096.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Added new log_offload_protocol parameter that sets the - [amphora_agent]/log_protocol setting in Octavia's configuration. diff --git a/releasenotes/notes/add-tripleo_ovn_cluster-role-f70990a8282d722e.yaml b/releasenotes/notes/add-tripleo_ovn_cluster-role-f70990a8282d722e.yaml deleted file mode 100644 index f3c0f2510..000000000 --- a/releasenotes/notes/add-tripleo_ovn_cluster-role-f70990a8282d722e.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Added a new role for ``tripleo_ovn_cluster`` to configure OVN DBs clustered - for TripleO deployments. diff --git a/releasenotes/notes/add_designate_bind_pool_config-1eda0fd001af1308.yaml b/releasenotes/notes/add_designate_bind_pool_config-1eda0fd001af1308.yaml deleted file mode 100644 index 39e8cd9fb..000000000 --- a/releasenotes/notes/add_designate_bind_pool_config-1eda0fd001af1308.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Added new role ``designate_bind_pool`` to generate a bind pool configuration - using information from the existing deployment. diff --git a/releasenotes/notes/add_save_swift_parameter_to_undercloud_backup-9cf04020d91bb0c1.yaml b/releasenotes/notes/add_save_swift_parameter_to_undercloud_backup-9cf04020d91bb0c1.yaml deleted file mode 100644 index 105153587..000000000 --- a/releasenotes/notes/add_save_swift_parameter_to_undercloud_backup-9cf04020d91bb0c1.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Adds a new --save-swift parameter to undercloud-backup. This is due to the - fact that in the past the backup would be always saved on swift and the - next backup would contain the previous backup thus increasing exponentially diff --git a/releasenotes/notes/add_tripleo_frr_role-793d53d11eded3bf.yaml b/releasenotes/notes/add_tripleo_frr_role-793d53d11eded3bf.yaml deleted file mode 100644 index e0daa730d..000000000 --- a/releasenotes/notes/add_tripleo_frr_role-793d53d11eded3bf.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Added a new role ``tripleo_frr`` to configure FRR service instances. - FRR daemons ``zebra``, ``watchfrr``, ``bgpd`` and ``bfdd`` can be enabled. diff --git a/releasenotes/notes/bug-1849393-fix-retrieval-of-storage-nfs-params-5f92d7999c36ef05.yaml b/releasenotes/notes/bug-1849393-fix-retrieval-of-storage-nfs-params-5f92d7999c36ef05.yaml deleted file mode 100644 index eaa22540e..000000000 --- a/releasenotes/notes/bug-1849393-fix-retrieval-of-storage-nfs-params-5f92d7999c36ef05.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - | - An incorrect lookup issue with respect to the StorageNFS network has - been fixed. See `Launchpad bug 1849393 - `_ for more details. diff --git a/releasenotes/notes/bug-1978356-45021b2a7fb8304b.yaml b/releasenotes/notes/bug-1978356-45021b2a7fb8304b.yaml deleted file mode 100644 index dc77613eb..000000000 --- a/releasenotes/notes/bug-1978356-45021b2a7fb8304b.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - | - Fixed an issue where the generated ansible inventory would be incomplete - if any uppercase characters was used in overcloud node hostnames. - See bug: `1978356 `_. diff --git a/releasenotes/notes/bug-1978360-0c9d6440e2788838.yaml b/releasenotes/notes/bug-1978360-0c9d6440e2788838.yaml deleted file mode 100644 index ab653c1ef..000000000 --- a/releasenotes/notes/bug-1978360-0c9d6440e2788838.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - | - Fixed idempotency issue with overcloud node port management when node - hostname contain uppercase characters. - See bug: `1978360 `_. diff --git a/releasenotes/notes/bug-1978362-e2b878f5f6c61298.yaml b/releasenotes/notes/bug-1978362-e2b878f5f6c61298.yaml deleted file mode 100644 index 09e881998..000000000 --- a/releasenotes/notes/bug-1978362-e2b878f5f6c61298.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - | - Fixed an issue which caused RoleNetIpMap to have missing overcloud node IP - addresses when overcloud node hostname contain uppercase characters. - See bug: `1978362 `_. diff --git a/releasenotes/notes/check-installed-packages-before-invoking-package-module-ede8b9c3e4944a0b.yaml b/releasenotes/notes/check-installed-packages-before-invoking-package-module-ede8b9c3e4944a0b.yaml deleted file mode 100644 index 471d00b3e..000000000 --- a/releasenotes/notes/check-installed-packages-before-invoking-package-module-ede8b9c3e4944a0b.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -fixes: - - | - Deployment failure was observed when repository files are present, but the - ctlplane is a non routed network. The node cannot connect to repositories - before the network is configured in this case. Some roles use the ansible - built-in ``package`` which fail despite the fact that the packages are - already installed in case it cannot connect to repositories. - - The roles tripleo-bootstrap and tuned will now inspect the installed - packages to check wheater or not packages are already installed. When - packages are installed, the ``package`` tasks are skipped. See bug: - `1959731 `_. diff --git a/releasenotes/notes/clean-endpoints-cca5478129f0506d.yaml b/releasenotes/notes/clean-endpoints-cca5478129f0506d.yaml deleted file mode 100644 index 20bc49170..000000000 --- a/releasenotes/notes/clean-endpoints-cca5478129f0506d.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -features: - - | - Add a new playbook to allow for the removal of old Keystone services. - This playbook will remove any services that exist but have since been - disabled. This cleanup task is tunable using - `tripleo_keystone_resources_cleanup` which by default is set to True. diff --git a/releasenotes/notes/clean-iptables-967b9dda091a6535.yaml b/releasenotes/notes/clean-iptables-967b9dda091a6535.yaml deleted file mode 100644 index e7abedc53..000000000 --- a/releasenotes/notes/clean-iptables-967b9dda091a6535.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -other: - - | - Remove iptables management from tripleo-ansible, since we're now using - nftables by default. Therefore, tripleo_iptables isn't needed anymore, - nor is the switch in tripleo_firewall allowing to chose the engine. diff --git a/releasenotes/notes/configure-podman-cni-788ffa30083acbb5.yaml b/releasenotes/notes/configure-podman-cni-788ffa30083acbb5.yaml deleted file mode 100644 index 40e167945..000000000 --- a/releasenotes/notes/configure-podman-cni-788ffa30083acbb5.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -features: - - | - A new variable named `tripleo_podman_default_network_config` has been added - to be able to configure the default network used by podman. By default the - configuration will use `10.255.255.0/24` as a network for podman managed - containers. TripleO does not use podman's networking, however removing - this configuration (or making it invalid) breaks the `podman network` - functions. The network is not applied if it's already running which is - indicated by the existance of a cni-podman0 interface. diff --git a/releasenotes/notes/disable-cloud-init-network-config-after-tripleo_network_config-1fea430985e1a3cd.yaml b/releasenotes/notes/disable-cloud-init-network-config-after-tripleo_network_config-1fea430985e1a3cd.yaml deleted file mode 100644 index 8bddd5702..000000000 --- a/releasenotes/notes/disable-cloud-init-network-config-after-tripleo_network_config-1fea430985e1a3cd.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -fixes: - - | - The tripleo_network_config role will now disable network config in - cloud-init after succesfully applying network configuration. In some rare - cases cloud-init would re-configure networking after a reboot. Breaking - the configuration written by tripleo_network_config. - See bug: `1958332 `_. diff --git a/releasenotes/notes/docker_enable_vfs-c8b41b02111341df.yaml b/releasenotes/notes/docker_enable_vfs-c8b41b02111341df.yaml deleted file mode 100644 index 26efa368d..000000000 --- a/releasenotes/notes/docker_enable_vfs-c8b41b02111341df.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -other: - - Zuul jobs can now run docker workloads using the VFS storage driver. - More on the VFS storage driver can be seen here - https://docs.docker.com/storage/storagedriver/vfs-driver diff --git a/releasenotes/notes/fix-scattered-octavia-configs-2ef4f66ed1e02b60.yaml b/releasenotes/notes/fix-scattered-octavia-configs-2ef4f66ed1e02b60.yaml deleted file mode 100644 index 463ab8fac..000000000 --- a/releasenotes/notes/fix-scattered-octavia-configs-2ef4f66ed1e02b60.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -fixes: - - | - Fixed a configuration issue where required settings for Octavia services - were missing. diff --git a/releasenotes/notes/fix_nvdimm_ns_check-cb0837b5dbf40ab7.yaml b/releasenotes/notes/fix_nvdimm_ns_check-cb0837b5dbf40ab7.yaml deleted file mode 100644 index ac813022c..000000000 --- a/releasenotes/notes/fix_nvdimm_ns_check-cb0837b5dbf40ab7.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -fixes: - - | - Due to the use of a folding block operator instead of the literal block - operator the check for existing namespaces does not work correct and - namespaces get created on subsequent deploy runs even if they already - exist. Now namespaces won't get created if the are already there. diff --git a/releasenotes/notes/fix_ssh-known-hosts-22738bc60fdc2f62.yaml b/releasenotes/notes/fix_ssh-known-hosts-22738bc60fdc2f62.yaml deleted file mode 100644 index 0ebfa4a04..000000000 --- a/releasenotes/notes/fix_ssh-known-hosts-22738bc60fdc2f62.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -fixes: - - | - The tripleo-ssh-known-hosts ansible role used the list of network names to - create the different possible hostnames in the ssh_known_hosts file. The - network names do not match the actual network hostnames, like internal_api - vs. internalapi which results in ssh host verification to fail and e.g. - live migration to fail. - - Initial approach in a5bcbc8d015b792b3546ecbb139506f248dacfe8 had to be - reverted as it resulted in errors when the _hostname inventory information - was missing from the ansible inventory. - - This syncs to use the same approach to create the hostname like in - https://review.opendev.org/693010 to have entries in /etc/hosts and - ssh_known_hosts created in the same way/source. diff --git a/releasenotes/notes/kernelargs-playbook-d158ff63fa5fbb5a.yaml b/releasenotes/notes/kernelargs-playbook-d158ff63fa5fbb5a.yaml deleted file mode 100644 index 4e799ce34..000000000 --- a/releasenotes/notes/kernelargs-playbook-d158ff63fa5fbb5a.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -features: - - | - Standalone playbook ``cli-overcloud-node-kernelargs.yaml`` allows tuned and - kernel arguments to be set, followed by a reboot. This allows that overcloud - node provision command to run this playbook before the network configuration - to support features such as DPDK. diff --git a/releasenotes/notes/net-conf-schema-num_dpdk_interface_rx_queues-4a37e4fc3957ed9a.yaml b/releasenotes/notes/net-conf-schema-num_dpdk_interface_rx_queues-4a37e4fc3957ed9a.yaml deleted file mode 100644 index ba5b643ed..000000000 --- a/releasenotes/notes/net-conf-schema-num_dpdk_interface_rx_queues-4a37e4fc3957ed9a.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - | - It is now possible to set the Number of Rx Queues required for DPDK bond - or DPDK ports in the baremetal deployment definition. See bug: - `1989593 `_. diff --git a/releasenotes/notes/network-update-var-e5082d1bed8d8cde.yaml b/releasenotes/notes/network-update-var-e5082d1bed8d8cde.yaml deleted file mode 100644 index 8e5f91d1b..000000000 --- a/releasenotes/notes/network-update-var-e5082d1bed8d8cde.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -features: - - | - Introduce a new variable tripleo_network_config_update. This will be a - bool. When tripleo_network_config_update is True. Existing network - configurations will be updated. By default, this is False and only - new deployments will have the networks configured. -deprecations: - - | - This change removes the tripleo_network_config_action. Since we can no - longer rely on the Heat stack action when using Ephemeral Heat in - tripleo diff --git a/releasenotes/notes/openvswitch-dpdk-playbook-4d7fa71529c74e3f.yaml b/releasenotes/notes/openvswitch-dpdk-playbook-4d7fa71529c74e3f.yaml deleted file mode 100644 index 821457be2..000000000 --- a/releasenotes/notes/openvswitch-dpdk-playbook-4d7fa71529c74e3f.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -features: - - | - Standalone playbook ``cli-overcloud-openvswitch-dpdk.yaml`` allows ovs-dpdk - role specific config parameters to be set. When overcloud node provision is done, - this playbook has to be run before the network configuration and after setting - kernelargs, to support features such as DPDK. diff --git a/releasenotes/notes/paunch_removal-368245325e2964a2.yaml b/releasenotes/notes/paunch_removal-368245325e2964a2.yaml deleted file mode 100644 index 2002d2fe6..000000000 --- a/releasenotes/notes/paunch_removal-368245325e2964a2.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -deprecations: - - | - Paunch module was removed since Paunch has been retired in Victoria cycle. diff --git a/releasenotes/notes/podman_heathcheck_v2-b3d4db0aeaf03519.yaml b/releasenotes/notes/podman_heathcheck_v2-b3d4db0aeaf03519.yaml deleted file mode 100644 index 0112314e5..000000000 --- a/releasenotes/notes/podman_heathcheck_v2-b3d4db0aeaf03519.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -features: - - | - Stop using systemd to manage container healthchecks and use native podman - healthchecks which are easier to consume than systemd. - The tripleo_container_manage role will take care of cleaning up the old - systemd healthchecks if they exist. diff --git a/releasenotes/notes/remove-baremetal_register_or_update_nodes-module-638e42682e08bc19.yaml b/releasenotes/notes/remove-baremetal_register_or_update_nodes-module-638e42682e08bc19.yaml deleted file mode 100644 index 26507f288..000000000 --- a/releasenotes/notes/remove-baremetal_register_or_update_nodes-module-638e42682e08bc19.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -upgrade: - - | - The ``baremetal_register_or_update_nodes`` module has been removed, - because it is useless since Glance was removed from Undercloud. diff --git a/releasenotes/notes/remove-stack-action-0aa6c9d7927bf2d3.yaml b/releasenotes/notes/remove-stack-action-0aa6c9d7927bf2d3.yaml deleted file mode 100644 index eda653a2f..000000000 --- a/releasenotes/notes/remove-stack-action-0aa6c9d7927bf2d3.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -deprecations: - - | - This change removes unused stack_action/stack_update_type hieras. diff --git a/releasenotes/notes/support-ipv6-lb-mgmt-net-7f7b1366a1e54d79.yaml b/releasenotes/notes/support-ipv6-lb-mgmt-net-7f7b1366a1e54d79.yaml deleted file mode 100644 index 08d5a3832..000000000 --- a/releasenotes/notes/support-ipv6-lb-mgmt-net-7f7b1366a1e54d79.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Added support for load balancer management network with IPv6 subnet for - Octavia. Using a private IPv6 subnet may simplify edge deployments. diff --git a/releasenotes/notes/tripleo-kernel-hugepages-6884a03ab77c0922.yaml b/releasenotes/notes/tripleo-kernel-hugepages-6884a03ab77c0922.yaml deleted file mode 100644 index 6f326553f..000000000 --- a/releasenotes/notes/tripleo-kernel-hugepages-6884a03ab77c0922.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -features: - - | - Adding tripleo_kernel_hugepages - - Hugepages management was always a manual step done by operators via the - TripleO parameter ``KernelArgs``. This is error prone and causing confusion. - - The new ``tripleo_kernel_hugepages`` setting allow operators to define - hugepages as dictionnary, making it easier to read and follow. - - To prevent unvolontary changes, there's multiple validations before - applying a change: - - - We convert the current running configurations to an actual dictionnary - that we validate the new format against - - If no change is necessary, even though the format might not be the same, - there's no kernel_args update. - - By default, we don't remove hugepages in places except when operators - specifically set the ``tripleo_kernel_hugepages_remove`` to true. - - This change also includes 4 new molecule scenarios that will help with - consistency. - - This change is also opening the door to more automations and automatic - tuning. diff --git a/releasenotes/notes/tripleo-podman-enable_socket-f93bdaa47f4b01d9.yaml b/releasenotes/notes/tripleo-podman-enable_socket-f93bdaa47f4b01d9.yaml deleted file mode 100644 index 791d74a7c..000000000 --- a/releasenotes/notes/tripleo-podman-enable_socket-f93bdaa47f4b01d9.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - tripleo-podman now has the ability to enable podman.socket service when - tripleo_podman_enable_socket is enabled. diff --git a/releasenotes/source/_static/.gitkeep b/releasenotes/source/_static/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py deleted file mode 100644 index 42725d988..000000000 --- a/releasenotes/source/conf.py +++ /dev/null @@ -1,270 +0,0 @@ -# -*- coding: utf-8 -*- -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# If extensions (or modules to document with autodoc) are in another directory, -# add these directories to sys.path here. If the directory is relative to the -# documentation root, use os.path.abspath to make it absolute, like shown here. -#sys.path.insert(0, os.path.abspath('.')) - -# -- General configuration ------------------------------------------------ - -# If your documentation needs a minimal Sphinx version, state it here. -#needs_sphinx = '1.0' - -# Add any Sphinx extension module names here, as strings. They can be -# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom -# ones. -extensions = [ - 'openstackdocstheme', - 'reno.sphinxext', -] - -# Add any paths that contain templates here, relative to this directory. -templates_path = ['_templates'] - -# The suffix of source filenames. -source_suffix = '.rst' - -# The encoding of source files. -#source_encoding = 'utf-8-sig' - -# The master toctree document. -master_doc = 'index' - -# General information about the project. -project = u'tripleo-ansible Release Notes' -copyright = u'2019, TripleO Developers' - -# The version info for the project you're documenting, acts as replacement for -# |version| and |release|, also used in various other places throughout the -# built documents. -# -# The full version, including alpha/beta/rc tags. -release = '' -# The short X.Y version. -version = '' - -# The full version, including alpha/beta/rc tags. - -# The language for content autogenerated by Sphinx. Refer to documentation -# for a list of supported languages. -#language = None - -# There are two options for replacing |today|: either, you set today to some -# non-false value, then it is used: -#today = '' -# Else, today_fmt is used as the format for a strftime call. -#today_fmt = '%B %d, %Y' - -# List of patterns, relative to source directory, that match files and -# directories to ignore when looking for source files. -exclude_patterns = [] - -# The reST default role (used for this markup: `text`) to use for all -# documents. -#default_role = None - -# If true, '()' will be appended to :func: etc. cross-reference text. -#add_function_parentheses = True - -# If true, the current module name will be prepended to all description -# unit titles (such as .. function::). -#add_module_names = True - -# If true, sectionauthor and moduleauthor directives will be shown in the -# output. They are ignored by default. -#show_authors = False - -# The name of the Pygments (syntax highlighting) style to use. -pygments_style = 'native' - -# A list of ignored prefixes for module index sorting. -#modindex_common_prefix = [] - -# If true, keep warnings as "system message" paragraphs in the built documents. -#keep_warnings = False - - -# -- Options for HTML output ---------------------------------------------- - -# The theme to use for HTML and HTML Help pages. See the documentation for -# a list of builtin themes. -html_theme = 'openstackdocs' - -# Theme options are theme-specific and customize the look and feel of a theme -# further. For a list of options available for each theme, see the -# documentation. -#html_theme_options = {} - -# Add any paths that contain custom themes here, relative to this directory. -#html_theme_path = [] - -# The name for this set of Sphinx documents. If None, it defaults to -# " v documentation". -#html_title = None - -# A shorter title for the navigation bar. Default is the same as html_title. -#html_short_title = None - -# The name of an image file (relative to this directory) to place at the top -# of the sidebar. -#html_logo = None - -# The name of an image file (within the static path) to use as favicon of the -# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 -# pixels large. -#html_favicon = None - -# Add any paths that contain custom static files (such as style sheets) here, -# relative to this directory. They are copied after the builtin static files, -# so a file named "default.css" will overwrite the builtin "default.css". -html_static_path = ['_static'] - -# Add any extra paths that contain custom files (such as robots.txt or -# .htaccess) here, relative to this directory. These files are copied -# directly to the root of the documentation. -#html_extra_path = [] - -# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, -# using the given strftime format. -#html_last_updated_fmt = '%b %d, %Y' - -# If true, SmartyPants will be used to convert quotes and dashes to -# typographically correct entities. -#html_use_smartypants = True - -# Custom sidebar templates, maps document names to template names. -#html_sidebars = {} - -# Additional templates that should be rendered to pages, maps page names to -# template names. -#html_additional_pages = {} - -# If false, no module index is generated. -#html_domain_indices = True - -# If false, no index is generated. -#html_use_index = True - -# If true, the index is split into individual pages for each letter. -#html_split_index = False - -# If true, links to the reST sources are added to the pages. -#html_show_sourcelink = True - -# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. -#html_show_sphinx = True - -# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. -#html_show_copyright = True - -# If true, an OpenSearch description file will be output, and all pages will -# contain a tag referring to it. The value of this option must be the -# base URL from which the finished HTML is served. -#html_use_opensearch = '' - -# This is the file name suffix for HTML files (e.g. ".xhtml"). -#html_file_suffix = None - -# Output file base name for HTML help builder. -htmlhelp_basename = 'tripleo-ansibleReleaseNotesdoc' - - -# -- Options for LaTeX output --------------------------------------------- - -latex_elements = { -# The paper size ('letterpaper' or 'a4paper'). -#'papersize': 'letterpaper', - -# The font size ('10pt', '11pt' or '12pt'). -#'pointsize': '10pt', - -# Additional stuff for the LaTeX preamble. -#'preamble': '', -} - -# Grouping the document tree into LaTeX files. List of tuples -# (source start file, target name, title, -# author, documentclass [howto, manual, or own class]). -latex_documents = [ - ('index', 'tripleo-ansibleReleaseNotes.tex', u'tripleo-ansible Release Notes Documentation', - u'2016, TripleO Developers', 'manual'), -] - -# The name of an image file (relative to this directory) to place at the top of -# the title page. -#latex_logo = None - -# For "manual" documents, if this is true, then toplevel headings are parts, -# not chapters. -#latex_use_parts = False - -# If true, show page references after internal links. -#latex_show_pagerefs = False - -# If true, show URL addresses after external links. -#latex_show_urls = False - -# Documents to append as an appendix to all manuals. -#latex_appendices = [] - -# If false, no module index is generated. -#latex_domain_indices = True - - -# -- Options for manual page output --------------------------------------- - -# One entry per manual page. List of tuples -# (source start file, name, description, authors, manual section). -man_pages = [ - ('index', 'tripleo-ansiblereleasenotes', u'tripleo-ansible Release Notes Documentation', - [u'2016, TripleO Developers'], 1) -] - -# If true, show URL addresses after external links. -#man_show_urls = False - - -# -- Options for Texinfo output ------------------------------------------- - -# Grouping the document tree into Texinfo files. List of tuples -# (source start file, target name, title, author, -# dir menu entry, description, category) -texinfo_documents = [ - ('index', 'tripleo-ansibleReleaseNotes', u'tripleo-ansible Release Notes Documentation', - u'2016, TripleO Developers', 'tripleo-ansibleReleaseNotes', 'One line description of project.', - 'Miscellaneous'), -] - -# Documents to append as an appendix to all manuals. -#texinfo_appendices = [] - -# If false, no module index is generated. -#texinfo_domain_indices = True - -# How to display URL addresses: 'footnote', 'no', or 'inline'. -#texinfo_show_urls = 'footnote' - -# If true, do not generate a @detailmenu in the "Top" node's menu. -#texinfo_no_detailmenu = False - -# -- Options for Internationalization output ------------------------------ -locale_dirs = ['locale/'] - -# openstackdocstheme options -openstackdocs_repo_name = 'openstack/tripleo-ansible' -openstackdocs_auto_name = False -openstackdocs_bug_project = 'tripleo' -openstackdocs_bug_tag = 'documentation' diff --git a/releasenotes/source/index.rst b/releasenotes/source/index.rst deleted file mode 100644 index 2a0f2c2fb..000000000 --- a/releasenotes/source/index.rst +++ /dev/null @@ -1,13 +0,0 @@ -============================= -TripleO-Ansible Release Notes -============================= - -.. toctree:: - :maxdepth: 1 - - unreleased - zed - wallaby - victoria - ussuri - train diff --git a/releasenotes/source/train.rst b/releasenotes/source/train.rst deleted file mode 100644 index 583900393..000000000 --- a/releasenotes/source/train.rst +++ /dev/null @@ -1,6 +0,0 @@ -========================== -Train Series Release Notes -========================== - -.. release-notes:: - :branch: stable/train diff --git a/releasenotes/source/unreleased.rst b/releasenotes/source/unreleased.rst deleted file mode 100644 index 875030f9d..000000000 --- a/releasenotes/source/unreleased.rst +++ /dev/null @@ -1,5 +0,0 @@ -============================ -Current Series Release Notes -============================ - -.. release-notes:: diff --git a/releasenotes/source/ussuri.rst b/releasenotes/source/ussuri.rst deleted file mode 100644 index e21e50e0c..000000000 --- a/releasenotes/source/ussuri.rst +++ /dev/null @@ -1,6 +0,0 @@ -=========================== -Ussuri Series Release Notes -=========================== - -.. release-notes:: - :branch: stable/ussuri diff --git a/releasenotes/source/victoria.rst b/releasenotes/source/victoria.rst deleted file mode 100644 index 4efc7b6f3..000000000 --- a/releasenotes/source/victoria.rst +++ /dev/null @@ -1,6 +0,0 @@ -============================= -Victoria Series Release Notes -============================= - -.. release-notes:: - :branch: stable/victoria diff --git a/releasenotes/source/wallaby.rst b/releasenotes/source/wallaby.rst deleted file mode 100644 index d77b56599..000000000 --- a/releasenotes/source/wallaby.rst +++ /dev/null @@ -1,6 +0,0 @@ -============================ -Wallaby Series Release Notes -============================ - -.. release-notes:: - :branch: stable/wallaby diff --git a/releasenotes/source/zed.rst b/releasenotes/source/zed.rst deleted file mode 100644 index 9608c05e4..000000000 --- a/releasenotes/source/zed.rst +++ /dev/null @@ -1,6 +0,0 @@ -======================== -Zed Series Release Notes -======================== - -.. release-notes:: - :branch: stable/zed diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index 5c9478ac7..000000000 --- a/requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -pbr>=1.6 -tripleo-common>=16.0.0 # Apache-2.0 -python-heatclient # Apache-2.0 -python-ironicclient!=2.5.2,!=2.7.1,!=3.0.0,>=2.3.0,<4.0.0;python_version=='2.7' # Apache-2.0 -python-ironicclient!=2.5.2,!=2.7.1,!=3.0.0,>=2.3.0;python_version>='3.6' # Apache-2.0 -metalsmith # Apache-2.0 diff --git a/requirements.yml b/requirements.yml deleted file mode 120000 index 68eece9d4..000000000 --- a/requirements.yml +++ /dev/null @@ -1 +0,0 @@ -../tripleo-ansible/tripleo_ansible/requirements.yml \ No newline at end of file diff --git a/role-addition.yml b/role-addition.yml deleted file mode 100755 index 62e56c898..000000000 --- a/role-addition.yml +++ /dev/null @@ -1,112 +0,0 @@ -#!/usr/bin/env ansible-playbook ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Create a new role for TripleO-Ansible - hosts: localhost - connection: local - gather_facts: false - tasks: - - name: Check for role name - fail: - msg: >- - The required variable `role_name` is undefined. Check your settings. - when: - - role_name is undefined - - - name: Normalize the role name - set_fact: - _role_name: "{{ role_name | replace('-', '_' ) }}" - - - name: Create role - command: >- - ansible-galaxy init - --role-skeleton=_skeleton_role_ - --init-path=tripleo_ansible/roles {{ _role_name }} - args: - creates: "tripleo_ansible/roles/{{ _role_name }}" - - - name: Read zuul molecule file - slurp: - src: zuul.d/molecule.yaml - register: molecule_yaml - - - name: Create molecule entry - copy: - content: |- - # Managed via ./role-addition.yml, do not edit manually without testing that - # new role addition does not reformat it. - --- - {% set items = molecule_yaml['content'] | b64decode | from_yaml %} - {% set job_index = [] %} - {% set new_job_name = "tripleo-ansible-centos-stream-molecule-" ~ _role_name %} - {% for item in items %} - {% if 'project-template' in item %} - {% if item['project-template']['name'] == "tripleo-ansible-molecule-jobs" %} - {% if not (new_job_name in item['project-template']['check']['jobs']) %} - {% set _ = item['project-template']['check']['jobs'].append(new_job_name) %} - {% set check_jobs = (item['project-template']['check']['jobs'] | sort) %} - {% set _ = item['project-template']['check'].update({'jobs': check_jobs}) %} - {% endif %} - {% if not (new_job_name in item['project-template']['gate']['jobs']) %} - {% set _ = item['project-template']['gate']['jobs'].append(new_job_name) %} - {% set gate_jobs = (item['project-template']['gate']['jobs'] | sort) %} - {% set _ = item['project-template']['gate'].update({'jobs': gate_jobs}) %} - {% endif %} - {% if not (new_job_name in item['project-template']['periodic-weekly']['jobs']) %} - {% set _ = item['project-template']['periodic-weekly']['jobs'].append(new_job_name) %} - {% set periodic_jobs = (item['project-template']['periodic-weekly']['jobs'] | sort) %} - {% set _ = item['project-template']['periodic-weekly'].update({'jobs': periodic_jobs}) %} - {% endif %} - {% endif %} - {% else %} - {% if item['job']['name'] == new_job_name %} - {% set _ = job_index.append(new_job_name) %} - {% endif %} - {% endif %} - {% endfor %} - {% if (job_index | length) < 1 %} - {% set new_job = { - "name": new_job_name, - "parent": "tripleo-ansible-centos-stream-base", - "files": [ - "^tripleo_ansible/roles/" ~ _role_name ~ "/(?!meta).*", - "^molecule-requirements.txt", - ], - "vars": { - "tripleo_role_name": _role_name - } - } - %} - {% set _ = items.append({"job": new_job}) %} - {% endif %} - {% set project = items.pop(0) %} - {% set sorted_jobs = items | sort(attribute='job.name') %} - {% set _ = sorted_jobs.insert(0, project) %} - {{ sorted_jobs | to_nice_yaml(indent=2, width=1337) }} - dest: zuul.d/molecule.yaml - - - name: Create role documentation - copy: - content: | - {% set opening = 'Role - ' ~ _role_name %} - {{ '=' * (opening | length) }} - {{ opening }} - {{ '=' * (opening | length) }} - - .. ansibleautoplugin:: - :role: tripleo_ansible/roles/{{ _role_name }} - dest: "doc/source/roles/role-{{ _role_name }}.rst" diff --git a/roles b/roles deleted file mode 120000 index 3a166856b..000000000 --- a/roles +++ /dev/null @@ -1 +0,0 @@ -tripleo_ansible/roles \ No newline at end of file diff --git a/scripts/bindep-install b/scripts/bindep-install deleted file mode 100755 index b9f123317..000000000 --- a/scripts/bindep-install +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/env bash -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -## Shell Opts ---------------------------------------------------------------- - -set -o pipefail -set -xeuo - - -## Vars ---------------------------------------------------------------------- - -export BINDEP_FILE="${BINDEP_FILE:-$(dirname $(readlink -f ${BASH_SOURCE[0]}))/../bindep.txt}" - - -## Main ---------------------------------------------------------------------- - -# Source distribution information -source /etc/os-release || source /usr/lib/os-release -RHT_PKG_MGR=$(command -v dnf || command -v yum) - -# NOTE(cloudnull): Get a list of packages to install with bindep. If packages -# need to be installed, bindep exits with an exit code of 1. -BINDEP_PKGS=$(bindep -b -f "${BINDEP_FILE}" test || true) - -if [[ ${#BINDEP_PKGS} > 0 ]]; then - case "${ID,,}" in - amzn|rhel|centos|fedora) - sudo "${RHT_PKG_MGR}" install -y ${BINDEP_PKGS} - ;; - esac -fi diff --git a/scripts/run-local-test b/scripts/run-local-test deleted file mode 100755 index 55b3f06cd..000000000 --- a/scripts/run-local-test +++ /dev/null @@ -1,111 +0,0 @@ -#!/usr/bin/env bash -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -## Shell Opts ---------------------------------------------------------------- - -set -o pipefail -set -xeuo - -## Vars ---------------------------------------------------------------------- - -export PROJECT_DIR="$(dirname $(readlink -f ${BASH_SOURCE[0]}))/../" -export ROLE_NAME="${ROLE_NAME:-$1}" -export TRIPLEO_JOB_ANSIBLE_ARGS=${TRIPLEO_JOB_ANSIBLE_ARGS:-""} -export TOX_CONSTRAINTS_FILE=${TOX_CONSTRAINTS_FILE:-"https://releases.openstack.org/constraints/upper/master"} - -# NOTE(cloudnull): Disable ansible compat check, caters to the case where -# system ansible may be installed. -export ANSIBLE_SKIP_CONFLICT_CHECK=1 - -## Functions ----------------------------------------------------------------- - -function run_pip { - "${HOME}/test-python/bin/pip" install \ - -c "${TOX_CONSTRAINTS_FILE}" \ - -c "${PROJECT_DIR}/ansible-requirements.txt" \ - -r "${PROJECT_DIR}/requirements.txt" \ - -r "${PROJECT_DIR}/test-requirements.txt" \ - -r "${PROJECT_DIR}/molecule-requirements.txt" ${@:-} - # Required by authorized_key module used in tripleo_ansible/playbooks/prepare-test-host.yml - "${HOME}/test-python/bin/ansible-galaxy" collection install ansible.posix -} - -## Main ---------------------------------------------------------------------- - -# Source distribution information -source /etc/os-release || source /usr/lib/os-release -RHT_PKG_MGR=$(command -v dnf || command -v yum) -PYTHON_EXEC=$(command -v python3 || command -v python) - -# Install the requirements we need to run local tests -sudo dnf -y install gcc -case "${ID,,}" in - amzn|fedora) - sudo "${RHT_PKG_MGR}" install -y python*-virtualenv - ;; - rhel|centos) - # Virtualenv no longer packaged for RHEL/CentOS 9. We will have to use - # system pip to install it. - sudo dnf -y install python*-pip - sudo pip install virtualenv - ;; -esac - -# Ensure the required ci file is presnet -sudo mkdir -p /etc/ci -sudo touch /etc/ci/mirror_info.sh - -# Create a virtual env -"${PYTHON_EXEC}" -m virtualenv --system-site-packages "${HOME}/test-python" - -# Run bindep -"${HOME}/test-python/bin/pip" install pip setuptools bindep --upgrade -"${PROJECT_DIR}/scripts/bindep-install" - -# Install local requirements -if [[ -d "${HOME}/.cache/pip/wheels" ]]; then - rm -rf "${HOME}/.cache/pip/wheels" -fi -run_pip - -# NOTE(cloudnull): In some cases ansible will not be installed due to wheel -# building issues, caused by pip. If this happens we -# re-install the packages with the force flag, which will -# ensure everything is rebuilt and installed correctly. -if [ ! -f "${HOME}/test-python/bin/ansible" ]; then - run_pip --force -fi - -# Display list of installed packages with versions (debugging failures) -"${HOME}/test-python/bin/pip" freeze - -# Ensure we don't keep any dangling sudo session in the shell -sudo -k - -# Run local test -PS1="[\u@\h \W]\$" source "${HOME}/test-python/bin/activate" -source "${PROJECT_DIR}/ansible-test-env.rc" -export ANSIBLE_ROLES_PATH="${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" -ansible-playbook -i "${PROJECT_DIR}/tests/hosts.ini" \ - -e "tripleo_src=$(realpath --relative-to="${HOME}" "${PROJECT_DIR}")" \ - -e "tripleo_role_name=${ROLE_NAME}" \ - -e "tripleo_job_ansible_args='${TRIPLEO_JOB_ANSIBLE_ARGS}'" \ - -e "ansible_user=${USER}" \ - -e "ansible_user_dir=${HOME}" \ - "${PROJECT_DIR}/tripleo_ansible/playbooks/prepare-test-host.yml" \ - "${PROJECT_DIR}/zuul.d/playbooks/run-local.yml" \ - -v diff --git a/scripts/tripleo-standalone-vars b/scripts/tripleo-standalone-vars deleted file mode 100755 index 415631009..000000000 --- a/scripts/tripleo-standalone-vars +++ /dev/null @@ -1,541 +0,0 @@ -#!/usr/bin/python -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import argparse -import jinja2 -import logging -import os -import sys -import yaml - -# STANDALONE_VARS is a dict with keys of ansible var names, and values of a -# jinja2 template. The jinja2 template can use jinja2 variables as defined from -# TEMPLATE_VARS below. -STANDALONE_VARS = { - 'tripleo_nova_compute_DEFAULT_transport_url': { - 'template': - 'rabbit://' - '{% for node in oslo_messaging_rpc_node_names %}' - '{% if not loop.first %},{% endif %}' - '{{oslo_messaging_rpc_user_name}}:{{oslo_messaging_rpc_password}}' - '@{{node}}:5672' - '{% endfor %}' - '/?ssl={% if oslo_messaging_rpc_use_ssl=="True" %}1' - '{% else %}0{% endif %}', - 'section': 'DEFAULT', - 'option': 'transport_url' - }, - 'tripleo_ovn_metadata_agent_DEFAULT_transport_url': { - 'template': - 'rabbit://' - '{% for node in oslo_messaging_rpc_node_names %}' - '{% if not loop.first %},{% endif %}' - '{{oslo_messaging_rpc_user_name}}:{{oslo_messaging_rpc_password}}' - '@{{node}}:5672' - '{% endfor %}' - '/?ssl={% if oslo_messaging_rpc_use_ssl=="True" %}1' - '{% else %}0{% endif %}', - 'section': 'DEFAULT', - 'option': 'transport_url' - }, - 'tripleo_ovn_metadata_agent_oslo_messaging_notifications_transport_url': { - 'template': - 'rabbit://' - '{% for node in oslo_messaging_rpc_node_names %}' - '{% if not loop.first %},{% endif %}' - '{{oslo_messaging_rpc_user_name}}:{{oslo_messaging_rpc_password}}' - '@{{node}}:5672' - '{% endfor %}' - '/?ssl={% if oslo_messaging_rpc_use_ssl=="True" %}1' - '{% else %}0{% endif %}', - 'section': 'oslo_messaging_notifications', - 'option': 'transport_url' - }, - 'tripleo_nova_compute_oslo_messaging_notifications_transport_url': { - 'template': - 'rabbit://' - '{% for node in oslo_messaging_rpc_node_names %}' - '{% if not loop.first %},{% endif %}' - '{{oslo_messaging_rpc_user_name}}:{{oslo_messaging_rpc_password}}' - '@{{node}}:5672' - '{% endfor %}' - '/?ssl={% if oslo_messaging_rpc_use_ssl=="True" %}1' - '{% else %}0{% endif %}', - 'section': 'DEFAULT', - 'option': 'oslo_messaging_notifications_transport_url' - }, - 'tripleo_nova_compute_cache_memcache_servers': { - 'template': - '{% for node in memcached_node_names %}' - '{% if not loop.first %},{% endif %}' - '{{ node }}:{{ memcached_port }}' - '{% endfor %}', - 'section': 'cache', - 'option': 'memcache_servers' - }, - 'tripleo_nova_compute_cinder_auth_url': { - 'template': '{{ nova_cinder_auth_url }}', - 'section': 'cinder', - 'option': 'auth_url' - }, - 'tripleo_nova_compute_cinder_password': { - 'template': '{{ nova_cinder_password }}', - 'section': 'cinder', - 'option': 'password' - }, - 'tripleo_nova_compute_neutron_auth_url': { - 'template': '{{ nova_neutron_auth_url }}', - 'section': 'neutron', - 'option': 'auth_url' - }, - 'tripleo_nova_compute_neutron_password': { - 'template': '{{ nova_neutron_password }}', - 'section': 'neutron', - 'option': 'password' - }, - 'ctlplane_dns_nameservers': { - 'template': '{{ ctlplane_dns_nameservers }}', - }, - 'dns_search_domains': { - 'template': '{{ dns_search_domains }}', - }, - 'tripleo_nova_compute_vnc_novncproxy_base_url': { - 'template': - '{{ vncproxy_protocol }}://{{ vncproxy_host }}:{{ vncproxy_port }}', - 'section': 'vnc', - 'option': 'novncproxy_base_url' - }, - 'tripleo_nova_compute_service_user_username': { - 'template': 'nova', - 'section': 'service_user', - 'option': 'username' - }, - 'tripleo_nova_compute_service_user_password': { - 'template': '{{ service_user_password }}', - 'section': 'service_user', - 'option': 'password' - }, - 'tripleo_nova_compute_service_user_auth_url': { - 'template': '{{ service_user_auth_url }}', - 'section': 'service_user', - 'option': 'auth_url' - }, - 'tripleo_nova_compute_service_user_auth_type': { - 'template': 'password', - 'section': 'service_user', - 'option': 'auth_type' - }, - 'tripleo_nova_compute_service_user_project_name': { - 'template': '{{ service_user_project_name }}', - 'section': 'service_user', - 'option': 'project_name' - }, - 'tripleo_nova_compute_service_user_project_domain_name': { - 'template': 'Default', - 'section': 'service_user', - 'option': 'project_domain_name' - }, - 'tripleo_nova_compute_service_user_user_domain_name': { - 'template': 'Default', - 'section': 'service_user', - 'option': 'user_domain_name' - }, - 'tripleo_nova_compute_service_user_region_name': { - 'template': '{{ service_user_region_name }}', - 'section': 'service_user', - 'option': 'region_name' - }, - 'tripleo_nova_compute_service_user_send_service_user_token': { - 'template': '{{ service_user_send_service_user_token }}', - 'section': 'service_user', - 'option': 'send_service_user_token' - }, - - 'tripleo_nova_compute_placement_username': { - 'template': 'placement', - 'section': 'placement', - 'option': 'username' - }, - 'tripleo_nova_compute_placement_password': { - 'template': '{{ placement_password }}', - 'section': 'placement', - 'option': 'password' - }, - 'tripleo_nova_compute_placement_auth_url': { - 'template': '{{ placement_auth_url }}', - 'section': 'placement', - 'option': 'auth_url' - }, - 'tripleo_nova_compute_placement_auth_type': { - 'template': 'password', - 'section': 'placement', - 'option': 'auth_type' - }, - 'tripleo_nova_compute_placement_project_name': { - 'template': '{{ placement_project_name }}', - 'section': 'placement', - 'option': 'project_name' - }, - 'tripleo_nova_compute_placement_project_domain_name': { - 'template': 'Default', - 'section': 'placement', - 'option': 'project_domain_name' - }, - 'tripleo_nova_compute_placement_user_domain_name': { - 'template': 'Default', - 'section': 'placement', - 'option': 'user_domain_name' - }, - 'tripleo_nova_compute_placement_region_name': { - 'template': '{{ placement_region_name }}', - 'section': 'placement', - 'option': 'region_name' - }, - 'tripleo_nova_compute_placement_valid_interfaces': { - 'template': '{{ placement_valid_interfaces }}', - 'section': 'placement', - 'option': 'valid_interfaces' - }, - 'tripleo_nova_compute_neutron_auth_type': { - 'template': 'v3password', - 'section': 'neutron', - 'option': 'auth_type' - }, - 'tripleo_nova_compute_neutron_project_name': { - 'template': 'service', - 'section': 'neutron', - 'option': 'project_name' - }, - 'tripleo_nova_compute_neutron_user_domain_name': { - 'template': 'Default', - 'section': 'neutron', - 'option': 'user_domain_name' - }, - 'tripleo_nova_compute_neutron_project_domain_name': { - 'template': 'Default', - 'section': 'neutron', - 'option': 'project_domain_name' - }, - 'tripleo_nova_compute_neutron_region_name': { - 'template': 'regionOne', - 'section': 'neutron', - 'option': 'region_name' - }, - 'tripleo_nova_compute_neutron_username': { - 'template': 'neutron', - 'section': 'neutron', - 'option': 'username' - }, - 'tripleo_ovn_dbs': { - 'template': '{{ ovn_dbs }}', - }, - 'tripleo_ovn_metadata_agent_database_connection': { - 'template': '{{ neutron_database_connection }}', - 'section': 'database', - 'option': 'connection' - }, - 'tripleo_ovn_metadata_agent_keystone_www_authenticate_uri': { - 'template': '{{ neutron_keystone_auth_uri }}', - 'section': 'keystone_authtoken', - 'option': 'www_authenticate_uri' - }, - 'tripleo_ovn_metadata_agent_keystone_auth_url': { - 'template': '{{ neutron_keystone_auth_url }}', - 'section': 'keystone_authtoken', - 'option': 'auth_url' - }, - 'tripleo_ovn_metadata_agent_keystone_password': { - 'template': '{{ neutron_keystone_password }}', - 'section': 'keystone_authtoken', - 'option': 'password' - }, - 'tripleo_ovn_metadata_agent_placement_password': { - 'template': '{{ neutron_placement_password }}', - 'section': 'placement', - 'option': 'password' - }, - 'tripleo_ovn_metadata_agent_nova_auth_url': { - 'template': '{{ neutron_nova_auth_url }}', - 'section': 'nova', - 'option': 'auth_url' - }, - 'tripleo_ovn_metadata_agent_nova_password': { - 'template': '{{ neutron_nova_password }}', - 'section': 'nova', - 'option': 'password' - }, - 'tripleo_ovn_metadata_agent_placement_auth_url': { - 'template': '{{ neutron_placement_auth_url }}', - 'section': 'placement', - 'option': 'auth_url' - }, - 'tripleo_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_host': { - 'template': '{{ neutron_metadata_host }}', - 'section': 'DEFAULT', - 'option': 'nova_metadata_host' - }, - 'tripleo_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_proxy_shared_secret': { - 'template': '{{ neutron_metadata_shared_secret }}', - 'section': 'DEFAULT', - 'option': 'metadata_proxy_shared_secret' - }, - -} - -# TEMPLATE_VARS is a dict with keys jinja2 variables names that will be passed -# when the templates from STANDALONE_VARS are rendered. The values are a dict -# of a file name and YAML key to look up from the config-download directory. -# The file names use string formatting with replacement fields (role). -TEMPLATE_VARS = { - 'oslo_messaging_rpc_user_name': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.oslo_messaging_rpc_user_name' - }, - 'oslo_messaging_rpc_password': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.oslo_messaging_rpc_password' - }, - 'oslo_messaging_rpc_use_ssl': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.oslo_messaging_rpc_use_ssl' - }, - 'oslo_messaging_rpc_node_names': { - 'file': 'group_vars/overcloud.json', - 'key': 'oslo_messaging_rpc_node_names' - }, - 'memcached_port': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.memcached_port' - }, - 'memcached_node_names': { - 'file': 'group_vars/overcloud.json', - 'key': 'memcached_node_names' - }, - 'nova_cinder_auth_url': { - 'file': 'group_vars/{role}', - # nova-compute which sets nova::cinder::auth_url may not be deployed - # if the deployment is a standalone ctlplane, but the auth_url for - # neutron is the same value. - 'key': 'service_configs.nova::network::neutron::auth_url' - }, - 'nova_cinder_password': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.cinder::db::mysql::password' - }, - 'nova_neutron_auth_url': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.nova::network::neutron::auth_url' - }, - 'nova_neutron_password': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.nova::network::neutron::password' - }, - 'ctlplane_dns_nameservers': { - 'file': 'group_vars/{role}', - 'key': 'ctlplane_dns_nameservers' - }, - 'dns_search_domains': { - 'file': 'group_vars/{role}', - 'key': 'dns_search_domains' - }, - 'vncproxy_protocol': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.nova::vncproxy::common::vncproxy_protocol' - }, - 'vncproxy_host': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.nova::vncproxy::common::vncproxy_host' - }, - 'vncproxy_port': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.nova::vncproxy::common::vncproxy_port' - }, - - 'service_user_password': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.nova::keystone::service_user::password' - }, - 'service_user_auth_url': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.nova::keystone::service_user::auth_url' - }, - 'service_user_project_name': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.nova::keystone::service_user::project_name' - }, - 'service_user_region_name': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.nova::keystone::service_user::region_name' - }, - 'service_user_send_service_user_token': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.nova::keystone::service_user::send_service_user_token' - }, - - 'placement_password': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.nova::placement::password' - }, - 'placement_auth_url': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.nova::placement::auth_url' - }, - 'placement_project_name': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.nova::placement::project_name' - }, - 'placement_valid_interfaces': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.nova::placement::valid_interfaces' - }, - 'ovn_dbs': { - 'file': 'group_vars/overcloud.json', - 'key': 'ovn_dbs_node_ips' - }, - 'placement_region_name': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.nova::placement::region_name' - }, - 'neutron_database_connection': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.neutron::db::database_connection' - }, - 'neutron_keystone_auth_uri': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.neutron::keystone::authtoken::www_authenticate_uri' - }, - #'neutron_keystone_memcached_servers': { - # 'file': 'group_vars/{role}', - # 'key': 'service_configs.neutron::keystone::authtoken::memc' - #}, - 'neutron_keystone_auth_url': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.neutron::keystone::authtoken::auth_url' - }, - 'neutron_keystone_password': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.neutron::keystone::authtoken::password' - }, - 'neutron_placement_password': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.neutron::server::placement::password' - }, - 'neutron_placement_auth_url': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.neutron::server::placement::auth_url' - }, - 'neutron_nova_password': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.neutron::server::notifications::nova::password' - }, - 'neutron_nova_auth_url': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.neutron::server::notifications::nova::auth_url' - }, - 'neutron_metadata_host': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.neutron::agents::ovn_metadata::metadata_host' - }, - 'neutron_metadata_shared_secret': { - 'file': 'group_vars/{role}', - 'key': 'service_configs.neutron::agents::ovn_metadata::shared_secret' - }, -} - - -def parse_args(): - parser = argparse.ArgumentParser( - description=("tripleo-standalone-vars"), - formatter_class=argparse.ArgumentDefaultsHelpFormatter) - parser.add_argument( - '--config-download-dir', '-c', - action='store', - default='~/overcloud-deploy/overcloud/config-download/overcloud', - help=('The config-download directory for the deployment used as ' - 'the source of the generated ansible variables.')) - parser.add_argument('--output-file', '-o', - default='99-standalone-vars', - help=("Output file containing the generated ansible " - "vars.")) - parser.add_argument('--role', '-r', - default='Controller', - help="Primary role name from the source deployment.") - parser.add_argument('--force', '-f', - action='store_true', - help="Force overwriting the output file if it exists.") - - args = parser.parse_args(sys.argv[1:]) - return args - - -def main(): - - logging.basicConfig() - log = logging.getLogger() - log.setLevel(logging.INFO) - - args = parse_args() - - if os.path.exists(args.output_file) and not args.force: - print("Output file {} exists. Won't continue without --force, or " - "delete the file first.".format(args.output_file)) - sys.exit(1) - - tmpl_vars = {} - standalone_vars = {} - nova_config = {} - standalone_vars['tripleo_nova_compute_config_overrides'] = nova_config - file_cache = {} - format_dict = dict(role=args.role) - - for t_var, t_dict in TEMPLATE_VARS.items(): - # Load the file if not already in file_cache - log.info('Looking up {}'.format(t_var)) - file_path = os.path.join( - args.config_download_dir, - t_dict['file']).format(**format_dict) - if file_path not in file_cache: - with open(file_path) as f: - log.info('Caching {}'.format(file_path)) - file_cache[file_path] = yaml.safe_load(f.read()) - - keys = t_dict['key'].split('.') - val = file_cache[file_path][keys[0]] - for k in keys[1:]: - val = val[k] - tmpl_vars[t_var] = val - - for s_var, s_tmpl in STANDALONE_VARS.items(): - log.info("Loading template for {}".format(s_var)) - jinja_tmpl = jinja2.Environment().from_string(s_tmpl['template']) - log.info("Rendering {}".format(s_var)) - s_val = jinja_tmpl.render(**tmpl_vars) - try: - s_val_yaml = yaml.safe_load(s_val) - except yaml.YAMLError as ye: - s_val_yaml = s_val - standalone_vars[s_var] = s_val_yaml - if 'section' in s_tmpl: - section_config = nova_config.setdefault(s_tmpl['section'], {}) - section_config[s_tmpl['option']] = s_val - - config_dict = {'Compute': {'vars': standalone_vars}} - with open(args.output_file, 'w') as f: - f.write(yaml.safe_dump(config_dict, default_flow_style=False, width=10000)) - - -if __name__ == '__main__': - main() diff --git a/setup.cfg b/setup.cfg deleted file mode 100644 index 3992bb739..000000000 --- a/setup.cfg +++ /dev/null @@ -1,34 +0,0 @@ -[metadata] -name = tripleo-ansible -summary = Ansible assets for the TripleO project. -description_file = - README.rst - -author = OpenStack -author_email = openstack-discuss@lists.openstack.org -home_page = https://opendev.org/openstack/tripleo-ansible -classifier = - License :: OSI Approved :: Apache Software License - Development Status :: 4 - Beta - Intended Audience :: Developers - Intended Audience :: System Administrators - Intended Audience :: Information Technology - Topic :: Utilities - -[global] -setup-hooks = - pbr.hooks.setup_hook - -[files] -data_files = - share/ansible/tripleo-inventory/ = tripleo_ansible/inventory/* - share/ansible/tripleo-playbooks/ = tripleo_ansible/playbooks/* - share/ansible/plugins/ = tripleo_ansible/ansible_plugins/* - share/ansible/roles/ = tripleo_ansible/roles/* - -[wheel] -universal = 1 - -[pbr] -skip_authors = True -skip_changelog = True diff --git a/setup.py b/setup.py deleted file mode 100644 index 58ffb5224..000000000 --- a/setup.py +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright Red Hat, Inc. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import setuptools - -setuptools.setup( - setup_requires=['pbr'], - py_modules=[], - pbr=True) diff --git a/test-requirements.txt b/test-requirements.txt deleted file mode 100644 index 8f8f75526..000000000 --- a/test-requirements.txt +++ /dev/null @@ -1,5 +0,0 @@ -pre-commit # MIT -netaddr # BSD -stestr>=2.0.0 # Apache-2.0 -oslotest>=3.2.0 # Apache-2.0 -mock diff --git a/tests/conftest.py b/tests/conftest.py deleted file mode 100644 index dd871b960..000000000 --- a/tests/conftest.py +++ /dev/null @@ -1,20 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -import os - - -def pytest_addoption(parser): - parser.addoption('--scenario', help='scenario setting') - parser.addoption('--ansible-args', help='ansible args passed into test runner.') diff --git a/tests/hosts.ini b/tests/hosts.ini deleted file mode 100644 index 28280524b..000000000 --- a/tests/hosts.ini +++ /dev/null @@ -1 +0,0 @@ -test ansible_connection=local ansible_host=localhost diff --git a/tests/test_molecule.py b/tests/test_molecule.py deleted file mode 100644 index a9561edd3..000000000 --- a/tests/test_molecule.py +++ /dev/null @@ -1,118 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import os -import subprocess - -import pytest -import yaml - - -def set_proper_molecule_config(role_path, scenario='default'): - mol_config_file = "config.yml" - if os.path.exists(os.path.join(role_path, 'molecule', - f'{scenario}/molecule.yml')): - molecule_path = os.path.join( - role_path, 'molecule', f'{scenario}/molecule.yml') - with open(molecule_path) as content: - data = yaml.safe_load(content) - if 'driver' in data.keys() and data['driver']['name'] == 'podman': - mol_config_file = "config_podman.yml" - - root_path = os.path.dirname(os.path.abspath(__file__)).split('/tests')[0] - mol_config = os.path.join(root_path, '.config/molecule', mol_config_file) - return mol_config - - -def set_molecule_tags(role_path, scenario='default'): - mol_tags = [] - if os.path.exists(os.path.join(role_path, 'molecule', - f'{scenario}/test_vars.yml')): - test_vars_path = os.path.join(role_path, 'molecule', - f'{scenario}/test_vars.yml') - with open(test_vars_path) as content: - data = yaml.safe_load(content) - - if not data: - return [] - if ('test_skip_tags' in data.keys() and data['test_skip_tags'] - and data.get('molecule_skip_tags_enforce', True)): - mol_tags.append('--skip-tags') - if type(data['test_skip_tags']) == str: - mol_tags.append(data['test_skip_tags']) - elif type(data['test_skip_tags']) == list: - mol_tags.append(",".join(data['test_skip_tags'])) - - if ('test_tags' in data.keys() and data['test_tags'] - and data.get('molecule_tags_enforce', True)): - mol_tags.append('--tags') - if type(data['test_tags']) == str: - mol_tags.append(data['test_tags']) - elif type(data['test_tags']) == list: - mol_tags.append(",".join(data['test_tags'])) - return mol_tags - - -def run_molecule(pytestconfig, scenario=None): - cmd = ['python', '-m', 'molecule'] - if not scenario: - scenario = 'default' - ansible_args = pytestconfig.getoption("ansible_args") - cmd.extend(['--base-config', set_proper_molecule_config(os.getcwd(), - scenario)]) - - if ansible_args: - cmd.append('converge') - if scenario: - cmd.extend(['--scenario-name', scenario]) - cmd.append('--') - cmd.extend(ansible_args.split()) - else: - cmd.append('test') - if scenario: - cmd.extend(['--scenario-name', scenario]) - else: - cmd.append('--all') - - alltags = set_molecule_tags(os.getcwd(), scenario) - if alltags: - if '--' not in cmd: - cmd.append('--') - cmd.extend(alltags) - - try: - assert subprocess.call(cmd) == 0 - finally: - if ansible_args: - cmd = ['python', '-m', 'molecule', 'destroy'] - cmd.extend(['--base-config', - set_proper_molecule_config(os.getcwd())]) - if scenario: - cmd.extend(['--scenario-name', scenario]) - subprocess.call(cmd) - - -def get_molecule_scenario(role_path): - mol_scenario = [] - if os.path.exists(os.path.join(role_path, 'molecule')): - mol_dir = os.path.join(role_path, 'molecule') - dirs = os.listdir(mol_dir) - mol_scenario = [d for d in dirs if os.path.exists( - os.path.join(mol_dir, d, 'molecule.yml'))] - return mol_scenario - - -def test_molcule(pytestconfig): - scenarios = get_molecule_scenario(os.getcwd()) - for scenario in scenarios: - run_molecule(pytestconfig, scenario) diff --git a/tox.ini b/tox.ini deleted file mode 100644 index fedda9250..000000000 --- a/tox.ini +++ /dev/null @@ -1,133 +0,0 @@ -[tox] -minversion = 3.18.0 -envlist = docs,linters -ignore_base_python_conflict = True - -[testenv] -basepython = python3 -usedevelop = True -passenv = * -setenv = - ANSIBLE_SKIP_CONFLICT_CHECK=1 - ANSIBLE_ACTION_PLUGINS={toxinidir}/tripleo_ansible/roles.galaxy/config_template/action:{toxinidir}/tripleo_ansible/ansible_plugins/action - ANSIBLE_CALLBACK_PLUGINS={toxinidir}/tripleo_ansible/ansible_plugins/callback - ANSIBLE_FILTER_PLUGINS={toxinidir}/tripleo_ansible/ansible_plugins/filter - ANSIBLE_LIBRARY={toxinidir}/tripleo_ansible/roles.galaxy/config_template/library:{toxinidir}/tripleo_ansible/ansible_plugins/modules - ANSIBLE_MODULE_UTILS={toxinidir}/tripleo_ansible/ansible_plugins/module_utils - ANSIBLE_ROLES_PATH={toxinidir}/tripleo_ansible/roles.galaxy:{toxinidir}/tripleo_ansible/roles - ANSIBLE_INVENTORY={toxinidir}/tests/hosts.ini - ANSIBLE_NOCOWS=1 - ANSIBLE_RETRY_FILES_ENABLED=0 - ANSIBLE_STDOUT_CALLBACK=debug - ANSIBLE_LOG_PATH={envlogdir}/ansible-execution.log - VIRTUAL_ENV={envdir} - LC_ALL=en_US.UTF-8 - # pip: Avoid 2020-01-01 warnings: https://github.com/pypa/pip/issues/6207 - # paramiko CryptographyDeprecationWarning: https://github.com/ansible/ansible/issues/52598 - PYTHONWARNINGS=ignore:DEPRECATION::pip._internal.cli.base_command,ignore::UserWarning - PIP_DISABLE_PIP_VERSION_CHECK=1 - TRIPLEO_ANSIBLE_COMPUTE_NODE_MOLECULE_CACHE={homedir}/.cache/tripleo-ansible/containers - TRIPLEO_ANSIBLE_COMPUTE_NODE_MOLECULE_VOLUMES=['{homedir}/.cache/tripleo-ansible/containers:/var/lib/containers:rw','/sys/fs/cgroup:/sys/fs/cgroup:rw'] -sitepackages = True -deps = - -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} - -r {toxinidir}/requirements.txt - -r {toxinidir}/test-requirements.txt - -r {toxinidir}/ansible-requirements.txt -commands = -# ansible-core 2.13.6 installed with py38 does not provide a way to set -# timeout with ansible-galaxy command. - ansible-galaxy install -fr {toxinidir}/tripleo_ansible/ansible-collections-requirements.yml - stestr run {posargs} -allowlist_externals = - bash - tox - true - ansible-galaxy - -[testenv:bindep] -# Do not install any requirements. We want this to be fast and work even if -# system dependencies are missing, since it's used to tell you what system -# dependencies are missing! This also means that bindep must be installed -# separately, outside of the requirements files. -deps = bindep -commands = bindep test - -[testenv:linters] -skip_install = True -sitepackages = False -deps = - pre-commit - virtualenv - -r {toxinidir}/ansible-requirements.txt -commands = - bash -c "ANSIBLE_ROLES_PATH='{toxinidir}/tripleo_ansible/roles.galaxy' \ - ansible-galaxy install --timeout 300 -fr {toxinidir}/tripleo_ansible/requirements.yml" - ansible-galaxy install --timeout 300 -fr {toxinidir}/tripleo_ansible/ansible-collections-requirements.yml - python -m pre_commit run -a - -[testenv:releasenotes] -deps = - -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} - -r {toxinidir}/doc/requirements.txt -commands = - sphinx-build -a -E -W -d releasenotes/build/doctrees --keep-going -b html releasenotes/source releasenotes/build/html - -[testenv:docs] -deps = - -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} - -r {toxinidir}/doc/requirements.txt -commands= - ansible-galaxy install --timeout 300 -fr {toxinidir}/tripleo_ansible/ansible-collections-requirements.yml - doc8 doc - sphinx-build -a -E -W -d doc/build/doctrees --keep-going -b html doc/source doc/build/html -T - -[doc8] -# Settings for doc8: -extensions = .rst -ignore = D001 - -[testenv:venv] -commands = {posargs} - -[testenv:pep8] -description = "[deprecated], use linters instead." -deps = - {[testenv:linters]deps} -commands = - {[testenv:linters]commands} -skip_install = True -sitepackages = False - -[testenv:role-addition] -deps = - pre-commit - virtualenv - -r {toxinidir}/molecule-requirements.txt - -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} -commands = - ansible-galaxy install --timeout 300 -fr {toxinidir}/tripleo_ansible/ansible-collections-requirements.yml - ansible-playbook -i localhost, -c local zuul.d/playbooks/run-role-addition.yml -e tripleo_src={toxinidir} - bash -c "if podman ps 2> /dev/null; then \ - cd {toxinidir}/tripleo_ansible/roles/skeleton_test; \ - molecule --base-config {toxinidir}/.config/molecule/config_podman.yml test --all; \ - else \ - echo -e '\n\nNo molecule tests have been executed\nSee https://docs.openstack.org/tripleo-ansible/latest/contributing.html\n\n'; \ - fi" - {[testenv:linters]commands} - -[testenv:modules] -deps= - {[testenv:linters]deps} -commands = - bash -c "cd {toxinidir}/tripleo_ansible/ansible_plugins/tests; molecule test --all;" - {[testenv:linters]commands} - -[testenv:molecule-compute-node] -deps = - {[testenv:linters]deps} -commands = - ansible-galaxy install --timeout 300 -r {toxinidir}/tripleo_ansible/requirements.yml - pip install -r {toxinidir}/molecule-requirements.txt - bash -c 'mkdir -p $TRIPLEO_ANSIBLE_COMPUTE_NODE_MOLECULE_CACHE' - bash -c "cd {toxinidir}/tripleo_ansible/roles/tripleo_compute_node; molecule test --all {posargs};" diff --git a/tripleo_ansible/__init__.py b/tripleo_ansible/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/ansible-collections-requirements.yml b/tripleo_ansible/ansible-collections-requirements.yml deleted file mode 100644 index 0ee365abd..000000000 --- a/tripleo_ansible/ansible-collections-requirements.yml +++ /dev/null @@ -1,9 +0,0 @@ - -collections: - - name: https://opendev.org/openstack/ansible-collections-openstack.git - type: git - version: ed36d82a0c60a841d2f30c61a50d60531481b2cc - - containers.podman - - community.general - - ansible.posix - - community.crypto diff --git a/tripleo_ansible/ansible_plugins/action/container_systemd.py b/tripleo_ansible/ansible_plugins/action/container_systemd.py deleted file mode 100644 index f0266d897..000000000 --- a/tripleo_ansible/ansible_plugins/action/container_systemd.py +++ /dev/null @@ -1,370 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from __future__ import absolute_import, division, print_function -__metaclass__ = type - -import copy -import os - -import tenacity -import yaml - -from ansible.errors import AnsibleActionFail -from ansible.plugins.action import ActionBase -from ansible.utils.display import Display - - -DISPLAY = Display() - -DOCUMENTATION = """ -module: container_systemd -author: - - "TripleO team" -version_added: '2.9' -short_description: Create systemd files and manage services to run containers -notes: [] -description: - - Manage the systemd unit files for containers with a restart policy and - then make sure the services are started so the containers are running. - It takes the container config data in entry to figure out how the unit - files will be configured. It returns a list of services that were - restarted. -requirements: - - None -options: - container_config: - description: - - List of container configurations - type: list - elements: dict - systemd_healthchecks: - default: true - description: - - Whether or not we cleanup the old healthchecks with SystemD. - type: boolean - debug: - default: false - description: - - Whether or not debug is enabled. - type: boolean -""" -EXAMPLES = """ -- name: Manage container systemd services - container_systemd: - container_config: - - keystone: - image: quay.io/tripleo/keystone - restart: always - - mysql: - image: quay.io/tripleo/mysql - stop_grace_period: 25 - restart: always -""" -RETURN = """ -restarted: - description: List of services that were restarted - returned: always - type: list - sample: - - tripleo_keystone.service - - tripleo_mysql.service -""" - - -class ActionModule(ActionBase): - """Class for the container_systemd action plugin. - """ - - _VALID_ARGS = yaml.safe_load(DOCUMENTATION)['options'] - - def _get_args(self): - missing = [] - args = {} - - for option, vals in self._VALID_ARGS.items(): - if 'default' not in vals: - if self._task.args.get(option, None) is None: - missing.append(option) - continue - args[option] = self._task.args.get(option) - else: - args[option] = self._task.args.get(option, vals['default']) - - if missing: - raise AnsibleActionFail('Missing required parameters: {}'.format( - ', '.join(missing))) - return args - - def _cleanup_requires(self, container_names, task_vars): - """Cleanup systemd requires files. - - :param container_names: List of container names. - :param task_vars: Dictionary of Ansible task variables. - """ - for name in container_names: - path = "/etc/systemd/system/tripleo_{}.requires".format(name) - if self.debug: - DISPLAY.display('Removing {} file'.format(path)) - results = self._execute_module( - module_name='file', - module_args=dict(path=path, state='absent'), - task_vars=task_vars - ) - if results.get('changed', False): - self.changed = True - - def _delete_service(self, name, task_vars): - """Stop and disable a systemd service. - - :param name: String for service name to stop and disable. - :param task_vars: Dictionary of Ansible task variables. - """ - tvars = copy.deepcopy(task_vars) - results = self._execute_module( - module_name='systemd', - module_args=dict(state='stopped', - name='tripleo_{}_healthcheck.timer'.format(name), - enabled=False, - daemon_reload=False), - task_vars=tvars - ) - return results - - def _cleanup_healthchecks(self, container_names, task_vars): - """Cleanup systemd healthcheck files. - - :param container_names: List of container names. - :param task_vars: Dictionary of Ansible task variables. - """ - systemd_reload = False - for cname in container_names: - h_path = os.path.join('/etc/systemd/system', - 'tripleo_{}_healthcheck.timer'.format(cname)) - healthcheck_stat = self._execute_module( - module_name='stat', - module_args=dict(path=h_path), - task_vars=task_vars - ) - if healthcheck_stat.get('stat', {}).get('exists', False): - if self.debug: - DISPLAY.display('Cleaning-up systemd healthcheck for ' - '{}'.format(cname)) - self._delete_service(cname, task_vars) - files_ext = ['service', 'timer'] - for ext in files_ext: - sysd_base = '/etc/systemd/system' - file_path = 'tripleo_{}_healthcheck.{}'.format(cname, ext) - full_path = os.path.join(sysd_base, file_path) - results = self._execute_module( - module_name='file', - module_args=dict(path=full_path, state='absent'), - task_vars=task_vars - ) - if results.get('changed', False): - self.changed = True - systemd_reload = True - if systemd_reload: - self._systemd_reload(task_vars) - - def _get_unit_template(self): - """Return systemd unit template data - - :returns data: Template data. - """ - if self._task._role: - file_path = self._task._role._role_path - else: - file_path = self._loader.get_basedir() - # NOTE: if templates doesn't exist, it'll always return - # file_path/systemd-service.j2 - # This file is required to exist from the - # tripleo_container_manage role, as there is no - # parameter to override it now. - source = self._loader.path_dwim_relative( - file_path, - 'templates', - 'systemd-service.j2' - ) - if not os.path.exists(source): - raise AnsibleActionFail('Template {} was ' - 'not found'.format(source)) - with open(source) as template_file: - data = template_file.read() - return data - - def _create_units(self, container_config, task_vars): - """Create system units and get list of changed services - - :param container_config: List of dictionaries for container configs. - :param task_vars: Dictionary of Ansible task variables. - :returns changed_containers: List of containers which has a new unit. - """ - try: - remote_user = self._get_remote_user() - except Exception: - remote_user = task_vars.get('ansible_user') - if not remote_user: - remote_user = self._play_context.remote_user - tmp = self._make_tmp_path(remote_user) - unit_template = self._get_unit_template() - changed_containers = [] - for container in container_config: - for name, config in container.items(): - dest = '/etc/systemd/system/tripleo_{}.service'.format(name) - task_vars['container_data_unit'] = container - unit = (self._templar.template(unit_template, - preserve_trailing_newlines=True, - escape_backslashes=False, - convert_data=False)) - del task_vars['container_data_unit'] - remote_data = self._transfer_data( - self._connection._shell.join_path(tmp, 'source'), unit) - - results = self._execute_module( - module_name='copy', - module_args=dict(src=remote_data, - dest=dest, - mode='0644', - owner='root', - group='root'), - task_vars=task_vars) - if results.get('changed', False): - changed_containers.append(name) - if self.debug: - DISPLAY.display('Systemd unit files were created or updated for: ' - '{}'.format(changed_containers)) - return changed_containers - - def _systemd_reload(self, task_vars): - """Reload systemd to load new units. - - :param task_vars: Dictionary of Ansible task variables. - """ - if self.debug: - DISPLAY.display('Running systemd daemon reload') - results = self._execute_module( - module_name='systemd', - module_args=dict(daemon_reload=True), - task_vars=task_vars - ) - if results.get('changed', False): - self.changed = True - - @tenacity.retry( - reraise=True, - stop=tenacity.stop_after_attempt(6), - wait=tenacity.wait_fixed(10) - ) - def _manage_service(self, name, state, task_vars): - """Manage a systemd service with retries and delay. - - :param name: String for service name to manage. - :param state: String for service state. - :param task_vars: Dictionary of Ansible task variables. - """ - tvars = copy.deepcopy(task_vars) - results = self._execute_module( - module_name='systemd', - module_args=dict(state=state, - name='tripleo_{}.service'.format(name), - enabled=True, - daemon_reload=False), - task_vars=tvars - ) - try: - if 'Result' in results['status']: - if results['status']['Result'] == 'success': - if results.get('changed', False): - self.changed = True - self.restarted.append('tripleo_{}' - '.service'.format(name)) - return - except KeyError: - # if 'systemd' task failed to start the service, the 'status' - # key doesn't exist, so we'll use the final raise to report the - # issue if the service never start after the attempts. - pass - raise AnsibleActionFail('Service {} has not started yet'.format(name)) - - def _restart_services(self, service_names, task_vars): - """Restart systemd services. - - :param service_names: List of services to restart. - :param task_vars: Dictionary of Ansible task variables. - """ - for name in service_names: - if self.debug: - DISPLAY.display('Restarting systemd service for ' - '{}'.format(name)) - self._manage_service(name=name, state='restarted', - task_vars=task_vars) - - def _ensure_started(self, service_names, task_vars): - """Ensure systemd services are started. - - :param service_names: List of services to start. - :param task_vars: Dictionary of Ansible task variables. - """ - for name in service_names: - if self.debug: - DISPLAY.display('Ensure that systemd service for ' - '{} is started'.format(name)) - self._manage_service(name=name, state='started', - task_vars=task_vars) - - def run(self, tmp=None, task_vars=None): - self.changed = False - self.restarted = [] - already_created = [] - - if task_vars is None: - task_vars = dict() - result = super(ActionModule, self).run(tmp, task_vars) - del tmp - - # parse args - args = self._get_args() - - container_config = args['container_config'] - systemd_healthchecks = args['systemd_healthchecks'] - self.debug = args['debug'] - - container_names = [] - for container in container_config: - for name, config in container.items(): - container_names.append(name) - - self._cleanup_requires(container_names, task_vars) - - if systemd_healthchecks: - self._cleanup_healthchecks(container_names, task_vars) - - changed_services = self._create_units(container_config, task_vars) - if len(changed_services) > 0: - self._systemd_reload(task_vars) - self._restart_services(changed_services, task_vars) - for c in container_names: - # For services that didn't restart, make sure they're started - if c not in changed_services: - already_created.append(c) - if len(already_created) > 0: - self._ensure_started(already_created, task_vars) - - result['changed'] = self.changed - result['restarted'] = self.restarted - return result diff --git a/tripleo_ansible/ansible_plugins/action/package.py b/tripleo_ansible/ansible_plugins/action/package.py deleted file mode 100644 index d56f74f29..000000000 --- a/tripleo_ansible/ansible_plugins/action/package.py +++ /dev/null @@ -1,160 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import imp -import os - -import ansible.plugins.action as action - - -DOCUMENTATION = """ ---- -module: package -author: - - Kevin Carter (@cloudnull) -version_added: '2.8' -short_description: Tripleo action plugin to evaluate package installations -notes: [] -description: - - This is an action plugin shim that will intercept the use of - the standard package module. The intention of this shim is to ensure the - package module respects the option `tripleo_enable_package_install` - which is used to control the installation of packages through a - deployment. - - This plugin will do nothing if `tripleo_enable_package_install` - is unset thereby allowing ansible to function normally. When the global - option is present the plugin will evaluate its truthiness and react - accordingly. - - * False - No action taken, task will be marked as skipped. - - * True - Package installation happens normally. - - If this module encounters an error while processesing the module will - proceed as if the option `tripleo_enable_package_install` is unset which - ensures ansible tasks are handled correctly no matter the context in - which they are executed. - - Anytime this module results in a "skip" a message will be made available - which indicates why it was skipped. Messages will only be visualized - when debug mode has been enabled or through registering a variable and - using it a task which can print messages; e.g. `debug` or `fail`. -options: - tripleo_enable_package_install: - description: - - Boolean option to enable or disable package installations. This option - can be passed in as a task var, groupvar, or hostvar. This option is - **NOT** a module argument. - required: True - default: True -""" - - -EXAMPLES = """ -# Run package install -- name: Run Package Installation - package: - name: mypackage - state: present - vars: - tripleo_enable_package_install: true -""" - - -# NOTE(cloudnull): imp is being used because core action plugins are not -# importable in py27. Once we get to the point where we -# no longer support py27 these lines should be converted -# to a straight python import. -# -# >>> from ansible.plugins.action import package -# -PKG = imp.load_source( - 'package', - os.path.join( - os.path.dirname( - action.__file__ - ), - 'package.py' - ) -) - - -def _bool_set(bool_opt): - """Check if option is a bool and return its type. - - returns: `bool` || `None` - """ - true_opts = ('true', 'yes', '1') - false_opts = ('false', 'no', '0') - if bool_opt is None: - return None - elif bool_opt is True: - return True - elif bool_opt is False: - return False - else: - bool_opt = str(bool_opt).lower() - if bool_opt in (true_opts + false_opts): - if bool_opt in true_opts: - return True - else: - return False - else: - return None - - -class ActionModule(PKG.ActionModule): - def run(self, tmp=None, task_vars=None): - """Shim for tripleo package operations. - - This shim will intercept the package module and if the hostvar - `tripleo_enable_package_install` is set to false all package - operations will be no-op. If this option is set to true, then the - normal package module will be executed. - - * This shim allows for the package module to be used with and without - delegation. - * In the event of ANY exception the module will hand off back to the - normal package module. - """ - try: - if self._task.delegate_to: - tripleo_pkg = self._templar.template( - "{{ hostvars['%s']['tripleo_enable_package_install'] }}" - % self._task.delegate_to - ) - else: - tripleo_pkg = self._templar.template( - "{{ tripleo_enable_package_install }}" - ) - except Exception: # If any exception run the normal pkg module - tripleo_pkg = None - else: - tripleo_pkg = _bool_set(bool_opt=tripleo_pkg) - finally: - if (tripleo_pkg is not None) and (tripleo_pkg is False): - return { - 'failed': False, - 'skipped': True, - 'msg': 'package installations are currently disabled,' - ' via "tripleo_enable_package_install" being' - ' set to "{}". please check the deployment' - ' settings.'.format(tripleo_pkg), - 'bool_param': tripleo_pkg - } - else: - return super(ActionModule, self).run(tmp, task_vars) diff --git a/tripleo_ansible/ansible_plugins/action/tripleo_all_nodes_data.py b/tripleo_ansible/ansible_plugins/action/tripleo_all_nodes_data.py deleted file mode 100644 index cc625246b..000000000 --- a/tripleo_ansible/ansible_plugins/action/tripleo_all_nodes_data.py +++ /dev/null @@ -1,262 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -DOCUMENTATION = """ ---- -module: tripleo_all_nodes_data -author: - - James Slagle (@slagle) -version_added: '2.8' -short_description: Renders the all_nodes data for TripleO as group_vars -notes: [] -description: - - This module renders the all_nodes data for TripleO as group_vars which are - then available on overcloud nodes. -options: - forks: - description: - - The number of forks to spawn in parallel to compute the data for each - service. Defaults to the forks set for ansible. - required: False -""" - -EXAMPLES = """ -- name: Render all_nodes data - tripleo_all_nodes_data: -""" - - -import json -from multiprocessing import Manager, Process -import os -import traceback - -from ansible.errors import AnsibleError -from ansible.plugins.action import ActionBase - -try: - from ansible_collections.ansible.utils.plugins.filter import ipaddr -except ImportError: - from ansible_collections.ansible.netcommon.plugins.filter import ipaddr - -from ansible.utils.display import Display - - -DISPLAY = Display() - - -class ActionModule(ActionBase): - """Renders the all_nodes data for TripleO as group_vars""" - - def compute_service(self, service, all_nodes): - DISPLAY.vv("Processing {}".format(service)) - - # _enabled: true - all_nodes[service + '_enabled'] = True - - # _node_ips: - DISPLAY.vv(" Computing data for {}_node_ips".format(service)) - service_network = self.service_net_map.get( - service + '_network', 'ctlplane') - service_hosts = self.groups.get(service, []) - service_node_ips = list( - map(lambda host: self.h_vars[host][service_network + '_ip'], - service_hosts)) - for extra_node_ip in self.all_nodes_extra_map_data.get( - service + '_node_ips', []): - if extra_node_ip not in service_node_ips: - service_node_ips.append(extra_node_ip) - all_nodes[service + '_node_ips'] = service_node_ips - - if self.nova_additional_cell: - # _cell_node_names: - v = service_network + '_hostname' - service_cell_node_names = \ - list(map(lambda host: self.h_vars[host][v], - service_hosts)) - all_nodes[service + '_cell_node_names'] = \ - service_cell_node_names - else: - # _node_names: - DISPLAY.vv(" Computing data for {}_node_names".format(service)) - v = service_network + '_hostname' - service_node_names = \ - list(map(lambda host: self.h_vars[host][v], - service_hosts)) - for extra_node_name in self.all_nodes_extra_map_data.get( - service + '_node_names', []): - if extra_node_name not in service_node_names: - service_node_names.append(extra_node_name) - all_nodes[service + '_node_names'] = service_node_names - - # _short_node_names: - DISPLAY.vv(" Computing data for {}_short_node_names".format(service)) - service_short_node_names = \ - list(map(lambda host: self.h_vars[host]['inventory_hostname'], - service_hosts)) - for extra_short_node_name in self.all_nodes_extra_map_data.get( - service + '_short_node_names', []): - if extra_short_node_name not in service_node_names: - service_short_node_names.append(extra_short_node_name) - all_nodes[service + '_short_node_names'] = \ - service_short_node_names - - # _short_bootstrap_node_name: hostname - DISPLAY.vv(" Computing data for {}_short_bootstrap_node_name".format(service)) - if self.all_nodes_extra_map_data.get( - service + '_short_bootstrap_node_name', None): - v = service + '_short_bootstrap_node_name' - service_hosts += self.all_nodes_extra_map_data[v] - service_hosts.sort() - if service_hosts: - all_nodes[service + '_short_bootstrap_node_name'] = \ - service_hosts[0] - - # _bootstrap_node_ip: hostname - DISPLAY.vv(" Computing data for {}_short_bootstrap_node_ip".format(service)) - if self.all_nodes_extra_map_data.get( - service + '_bootstrap_node_ip', None): - v = service + '_bootstrap_node_ip' - service_bootstrap_node_ips = \ - service_node_ips.append(self.all_nodes_extra_map_data[v]) - else: - service_bootstrap_node_ips = service_node_ips - if service_bootstrap_node_ips: - all_nodes[service + '_bootstrap_node_ip'] = \ - service_bootstrap_node_ips[0] - - def process_services(self, enabled_services, all_nodes, forks): - # This breaks up the enabled_services list into smaller lists with - # length equal to the number of forks. - enabled_services_length = len(enabled_services) - for i in range(0, enabled_services_length, forks): - # It would be nice to be able to use multiprocessing.Pool here, - # however, that resulted in many pickle errors. - # For each smaller list, spawn a process to compute each service in - # that chunk. - end = i + forks - if end > enabled_services_length: - end = enabled_services_length - processes = [Process(target=self.compute_service, - args=(enabled_services[x], all_nodes)) - for x in range(i, end)] - [p.start() for p in processes] - [p.join() for p in processes] - [p.terminate() for p in processes] - - def compute_all_nodes(self, all_nodes, task_vars): - DISPLAY.vv("Starting compute and render for all_nodes data") - # Internal Ansible objects for inventory and variables - inventory = self._task.get_variable_manager()._inventory - self.groups = inventory.get_groups_dict() - # host_vars - self.h_vars = self._task.get_variable_manager().get_vars()['hostvars'] - - # Needed tripleo variables for convenience - self.service_net_map = task_vars['service_net_map'] - self.nova_additional_cell = task_vars['nova_additional_cell'] - self.all_nodes_extra_map_data = task_vars['all_nodes_extra_map_data'] - service_vip_vars = task_vars.get('service_vip_vars', {}) - net_vip_map = task_vars['net_vip_map'] - enabled_services = task_vars['enabled_services'] - primary_role_name = task_vars['primary_role_name'] - - enabled_services += self.all_nodes_extra_map_data.get( - 'enabled_services', []) - # make enabled_services unique and sorted - enabled_services = list(set(enabled_services)) - enabled_services.sort() - - all_nodes['enabled_services'] = enabled_services - - forks = self._task.args.get('forks', task_vars['ansible_forks']) - DISPLAY.vv("forks set to {}".format(forks)) - self.process_services(enabled_services, all_nodes, forks) - - # : service_network - DISPLAY.vv("Computing data for service_net_map") - for key, value in self.service_net_map.items(): - all_nodes[key] = value - - # all values from all_nodes_extra_map_data when nova_additional_cell - if self.nova_additional_cell: - for key, value in self.all_nodes_extra_map_data.items(): - all_nodes[key] = value - - # redis_vip: ip - DISPLAY.vv("Computing data for redis_vip") - if 'redis' in enabled_services or self.nova_additional_cell: - if 'redis_vip' in self.all_nodes_extra_map_data: - all_nodes['redis_vip'] = self.all_nodes_extra_map_data['redis_vip'] - elif 'redis' in service_vip_vars: - all_nodes['redis_vip'] = service_vip_vars['redis'] - elif 'redis' in net_vip_map: - all_nodes['redis_vip'] = net_vip_map['redis'] - - # ovn_dbs_vip: ip - DISPLAY.vv("Computing data for ovn_dbs_vip") - if 'ovn_dbs' in enabled_services or self.nova_additional_cell: - if 'ovn_dbs_vip' in self.all_nodes_extra_map_data: - all_nodes['ovn_dbs_vip'] = \ - self.all_nodes_extra_map_data['ovn_dbs_vip'] - elif 'ovn_dbs' in service_vip_vars: - all_nodes['ovn_dbs_vip'] = service_vip_vars['ovn_dbs'] - elif 'ovn_dbs' in net_vip_map: - all_nodes['ovn_dbs_vip'] = net_vip_map['ovn_dbs'] - - DISPLAY.vv("Computing data for top level vars") - all_nodes['deploy_identifier'] = task_vars['deploy_identifier'] - all_nodes['container_cli'] = task_vars['container_cli'] - - # controller_node_ - # note that these are supposed to be strings, not lists - DISPLAY.vv("Computing data for controller node ips/names") - primary_hosts = self.groups.get(primary_role_name, []) - all_nodes['controller_node_ips'] = \ - ','.join(list(map(lambda host: self.h_vars[host]['ctlplane_ip'], - primary_hosts))) - all_nodes['controller_node_names'] = \ - ','.join(list(map(lambda host: self.h_vars[host]['inventory_hostname'], - primary_hosts))) - - DISPLAY.vv("Done") - - def run(self, tmp=None, task_vars=None): - """Renders the all_nodes data for TripleO as group_vars""" - - manager = Manager() - all_nodes = manager.dict() - try: - self.compute_all_nodes(all_nodes, task_vars) - - all_nodes = dict(all_nodes) - all_nodes_path = os.path.join(task_vars['playbook_dir'], - 'group_vars', 'overcloud.json') - with open(all_nodes_path, 'w') as f: - DISPLAY.vv("Rendering all_nodes to {}".format(all_nodes_path)) - json.dump(all_nodes, f, sort_keys=True, indent=4) - except Exception as e: - DISPLAY.error(traceback.format_exc()) - raise AnsibleError(str(e)) - finally: - manager.shutdown() - # multiprocessing can hang the plugin exit if there are still - # references to the Manager() object. Even though we have called - # .shutdown(), clean up all_nodes just to be safe. - all_nodes = None - - DISPLAY.vv("returning") - return dict(all_nodes=all_nodes) diff --git a/tripleo_ansible/ansible_plugins/action/tripleo_host_prep.py b/tripleo_ansible/ansible_plugins/action/tripleo_host_prep.py deleted file mode 100644 index 4460c3d58..000000000 --- a/tripleo_ansible/ansible_plugins/action/tripleo_host_prep.py +++ /dev/null @@ -1,324 +0,0 @@ -#!/usr/bin/env python3 -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -import os -import tempfile -import yaml - -from ansible.errors import AnsibleActionFail -from ansible.plugins.action import ActionBase -from ansible.utils.display import Display - -DISPLAY = Display() - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = """ ---- -module: tripleo_host_prep -author: - - Alex Schultz -version_added: '2.9' -short_description: Apply host prep data to a host -notes: [] -description: - - This module processes a complex hash provided to it that expresses - users, groups, files, directories and some selinux related options that - should applied to the host. This module leverages the existing ansible - modules to apply the data. users (ansible.builtin.user), - groups (ansible.builtin.group), files (ansible.builtin.copy), - directories (ansible.builtin.file), seboolean (ansible.posix.seboolean), - sefcontext (community.general.sefcontext). All options exposed by these - modules are available. -options: - host_prep_data: - description: - - Dictionary containing users, groups, files, directories, etc to apply. - required: True - type: dict - debug: - description: - - Whether or not debug is enabled. - default: False - required: False - type: bool -""" - -EXAMPLES = """ -- name: Apply host prep - tripleo_host_prep: - host_prep_data: - service_a: - users: - "foo": - uid: 1233 - group: foobar - groups: - "foobar": - gid: 1233 - files: - "/var/tmp/foo/bar": - content: | - data - mode: "0644" - directories: - "/var/tmp/foo": - mode: "0700" - seboolean: - "virt_sandbox_use_netlink": - persistent: true - state: true - sefcontext: - "/var/tmp/foo(/.*)?": - setype: container_file_t - service_b: - directories: - "/var/tmp/bar": - mode: "0750" - files: - "/var/tmp/bar/baz": - content: "fizz" - mode: "0600" - owner: root -""" - -RETURN = """ -""" - - -class ActionModule(ActionBase): - """Tripleo host prep module - - """ - - TRANSFERS_FILES = True - - _VALID_ARGS = yaml.safe_load(DOCUMENTATION)['options'] - - class PrepTaskFailure(Exception): - """exception to stop processing""" - - def _get_args(self): - missing = [] - args = {} - - for option, vals in self._VALID_ARGS.items(): - if 'default' not in vals: - if self._task.args.get(option, None) is None: - missing.append(option) - continue - args[option] = self._task.args.get(option) - else: - args[option] = self._task.args.get(option, vals['default']) - - if missing: - raise AnsibleActionFail('Missing required parameters: {}'.format( - ', '.join(missing))) - return args - - def _get_data_type(self, data_type): - data = {} - for svc in self.host_prep_data.items(): - items = svc[1].get(data_type, {}) - for item in items: - if item in data: - if data[item] != items[item]: - DISPLAY.warning(f'{item} defined multiple times with ' - 'different settings. The first ' - 'instance will be used.') - else: - DISPLAY.debug(f'{item} already handled, skipping') - continue - data[item] = items.get(item) - return data - - def _handle_result(self, result): - if result.get('changed', False): - self.changed = True - if result.get('failed', False): - self.fail_result = result - raise self.PrepTaskFailure() - - def apply_groups(self, task_vars): - """Apply groups to a system""" - group_data = self._get_data_type('groups') - for group in group_data: - # create group - args = group_data[group] or {} - args.setdefault('name', group) - group_result = self._execute_module( - module_name='group', - module_args=args, - task_vars=task_vars - ) - self._handle_result(group_result) - - def apply_users(self, task_vars): - """Apply users to a system""" - user_data = self._get_data_type('users') - for user in user_data: - # create user - args = user_data[user] or {} - args.setdefault('name', user) - user_result = self._execute_module( - module_name='user', - module_args=args, - task_vars=task_vars - ) - self._handle_result(user_result) - - def apply_dirs(self, task_vars): - """Create directories on a system""" - dir_data = self._get_data_type('directories') - for dirname in dir_data: - # create dir - args = dir_data[dirname] or {} - args.setdefault('path', dirname) - args.setdefault('state', 'directory') - - dir_result = self._execute_module( - module_name='file', - module_args=args, - task_vars=task_vars - ) - self._handle_result(dir_result) - - def apply_files(self, task_vars): - """Copy file or file data to a remote system""" - file_data = self._get_data_type('files') - for filename in file_data: - # create file - args = file_data[filename] or {} - args.setdefault('dest', filename) - tempfile_path = None - if 'content' in args: - # copy content to the remote system - tempfile_path = self._transfer_data( - remote_path=self._connection._shell.join_path( - self.remote_tmp, - next(tempfile._get_candidate_names())), - data=args.pop('content') - ) - elif not args.get('remote_src', False) and 'src' in args: - # copy the local src to the remote system - tempfile_path = self._transfer_file( - local_path=args['src'], - remote_path=self._connection._shell.join_path( - self.remote_tmp, - next(tempfile._get_candidate_names())) - ) - if tempfile_path: - args['src'] = tempfile_path - # since we already handled the copy, tell copy module it - # is a remote src location - args['remote_src'] = True - try: - # the copy module always assumes remote host, the action - # plugin version does the copy action. - file_result = self._execute_module( - module_name='copy', - module_args=args, - task_vars=task_vars - ) - self._handle_result(file_result) - finally: - # do temp file cleanup - if tempfile_path: - try: - # delete remote temp - self._execute_module( - module_name='file', - module_args={'path': tempfile_path, - 'state': 'absent'}, - task_vars=task_vars - ) - finally: - # delete local if exists - if os.path.exists(tempfile_path): - os.remove(tempfile_path) - - def apply_seboolean(self, task_vars): - """Apply a list of sebooleans""" - sebool_data = self._get_data_type('seboolean') - for sebool in sebool_data: - # manage seboolean - args = sebool_data[sebool] or {} - args.setdefault('name', sebool) - sebool_result = self._execute_module( - module_name='ansible.posix.seboolean', - module_args=args, - task_vars=task_vars - ) - self._handle_result(sebool_result) - - def apply_sefcontext(self, task_vars): - """Apply a list of sefcontexts""" - sefctx_data = self._get_data_type('sefcontext') - for sefctx in sefctx_data: - # manage sefctx - args = sefctx_data[sefctx] or {} - args.setdefault('target', sefctx) - sefctx_result = self._execute_module( - module_name='community.general.sefcontext', - module_args=args, - task_vars=task_vars - ) - self._handle_result(sefctx_result) - - def run(self, tmp=None, task_vars=None): - self._supports_check_mode = True - self.changed = False - - if task_vars is None: - task_vars = dict() - result = super(ActionModule, self).run(tmp, task_vars) - del tmp - # parse args - args = self._get_args() - - self.fail_result = None - self.host_prep_data = args['host_prep_data'] - self.debug = args['debug'] - - try: - # create a remote temp for our usage with the files call - self.remote_tmp = self._make_tmp_path( - remote_user=self._play_context.remote_user - ) - # Apply the data in a specific order - self.apply_groups(task_vars) - # users need groups - self.apply_users(task_vars) - # directories needs users/groups - self.apply_dirs(task_vars) - # files need directories/users/groups - self.apply_files(task_vars) - # selinux bits can be applied last - self.apply_seboolean(task_vars) - self.apply_sefcontext(task_vars) - # update result with changed flag - result['changed'] = self.changed - except self.PrepTaskFailure: - result = self.fail_result - finally: - if self.remote_tmp: - self._remove_tmp_path(self.remote_tmp) - return result diff --git a/tripleo_ansible/ansible_plugins/action/tripleo_nova_image_cache.py b/tripleo_ansible/ansible_plugins/action/tripleo_nova_image_cache.py deleted file mode 100644 index 256122443..000000000 --- a/tripleo_ansible/ansible_plugins/action/tripleo_nova_image_cache.py +++ /dev/null @@ -1,189 +0,0 @@ -#!/usr/bin/python -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -import hashlib -import os -import uuid - - -from ansible.errors import AnsibleAction -from ansible.errors import AnsibleActionFail -from ansible.errors import AnsibleError -from ansible.plugins.action import ActionBase -from ansible.plugins.action import display - - -class ActionModule(ActionBase): - TRANSFERS_FILES = False - - def run(self, tmp=None, task_vars=None): - if task_vars is None: - task_vars = dict() - - result = super(ActionModule, self).run(tmp, task_vars) - del tmp # tmp no longer has any effect - - scp_source = self._task.args.get('scp_source', None) - scp_continue = self._task.args.get('scp_continue_on_error', False) - state = self._task.args.get('state', 'present') - - try: - # Ensure it's a valid uuid - image_id = str(uuid.UUID(self._task.args.get('id'))) - except ValueError: - raise AnsibleError( - "Invalid image id: {}".format( - self._task.args.get('id') - ) - ) - - cache_dir = task_vars.get( - 'tripleo_nova_cache_dir', - '/var/lib/nova/instances/_base' - ) - cache_fn = hashlib.sha1(image_id.encode('utf-8')).hexdigest() - cache_file = os.path.join(cache_dir, cache_fn) - cache_tmp = os.path.join( - cache_dir, - 'ansible_tripleo_nova_cache_tmp_{}'.format(os.getpid()) - ) - tmp_file = os.path.join(cache_tmp, cache_fn) - container_cli = task_vars.get('container_cli', 'podman') - - result.update({'actions': []}) - - try: - # Ensure target directory exists - command_args = { - '_raw_params': - ( - "{} exec -u nova nova_compute /bin/bash -c " - "\"mkdir -p '{}'; chmod 755 '{}'\"" - ).format(container_cli, cache_dir, cache_dir), - 'creates': cache_dir - - } - command_task_vars = { - 'become': True, - 'ansible_facts': task_vars.get('ansible_facts', {}), - 'ansible_delegated_vars': task_vars.get('ansible_delegated_vars', {}) - } - command_result = self._execute_module( - 'command', - module_args=command_args, - task_vars=command_task_vars - ) - command_result['name'] = 'Ensure nova cache dir exists' - result['actions'].append(command_result) - cmd = self._connection._shell.exists(cache_file) - cache_file_exists_res = self._low_level_execute_command( - cmd, - sudoable=True - ) - cache_file_exists = self._parse_returned_data( - cache_file_exists_res).get('rc', 0) == 0 - result['actions'].append({ - 'name': 'Check if cache file exists', - 'exists': cache_file_exists - }) - - new_module_args = self._task.args.copy() - new_module_args.pop('scp_source', None) - new_module_args['_cache_dir'] = cache_dir - new_module_args['_cache_file'] = cache_file - - if state == 'present' and \ - not cache_file_exists and \ - scp_source is not None: - # Create tmp dir - command_args = { - '_raw_params': - ( - "{} exec -u nova nova_compute /bin/bash -c " - "\"mkdir -p '{}'; chmod 755 '{}'\"" - ).format(container_cli, cache_tmp, cache_tmp), - } - command_task_vars = { - 'become': True, - 'ansible_facts': task_vars.get('ansible_facts', {}), - 'ansible_delegated_vars': task_vars.get('ansible_delegated_vars', {}) - } - command_result = self._execute_module( - 'command', - module_args=command_args, - task_vars=command_task_vars - ) - command_result['name'] = 'Create tmp dir' - result['actions'].append(command_result) - - command_args = { - '_raw_params': - "{} exec -u nova nova_compute scp {}:'{}' '{}'".format( - container_cli, - scp_source, - cache_file, - cache_tmp - ) - } - command_task_vars = { - 'become': True, - 'ignore_errors': True, - 'ansible_facts': task_vars.get('ansible_facts', {}), - 'ansible_delegated_vars': task_vars.get('ansible_delegated_vars', {}) - } - command_result = self._execute_module( - 'command', - module_args=command_args, - task_vars=command_task_vars) - command_result['name'] = 'Fetch image from {}'.format( - scp_source - ) - result['actions'].append(command_result) - if command_result['rc'] == 0: - new_module_args['_prefetched_path'] = tmp_file - elif not scp_continue: - raise AnsibleActionFail( - '{} failed: {}'.format( - command_result['name'], - command_result['msg'] - ) - ) - - command_result = self._execute_module( - 'tripleo_nova_image_cache', - module_args=new_module_args, - task_vars=task_vars - ) - result['actions'] += command_result.pop('actions', []) - result.update(command_result) - - except AnsibleAction as e: - result.update(e.result) - finally: - cmd = self._connection._shell.remove(cache_tmp, recurse=True) - tmp_rm_res = self._low_level_execute_command(cmd, sudoable=True) - tmp_rm_data = self._parse_returned_data(tmp_rm_res) - if tmp_rm_data.get('rc', 0) != 0: - display.warning( - 'Error deleting remote temporary files ' - ' (rc: %s, stderr: %s})' % ( - tmp_rm_res.get('rc'), - tmp_rm_res.get('stderr', 'No error string available.') - ) - ) - self._remove_tmp_path(self._connection._shell.tmpdir) - return result diff --git a/tripleo_ansible/ansible_plugins/action/tripleo_push_artifacts.py b/tripleo_ansible/ansible_plugins/action/tripleo_push_artifacts.py deleted file mode 100644 index 0120a72a8..000000000 --- a/tripleo_ansible/ansible_plugins/action/tripleo_push_artifacts.py +++ /dev/null @@ -1,305 +0,0 @@ -#!/usr/bin/python -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -__metaclass__ = type - -from ansible.errors import AnsibleActionFail -from ansible.plugins.action import ActionBase -from ansible.utils.display import Display - -import os -import requests -import subprocess -import tempfile - - -ARTIFACTS_ANCHOR = '/var/lib/tripleo/artifacts' - -DISPLAY = Display() - -ANSIBLE_METADATA = { - 'metadata_version': '1.0', - 'status': ['preview'], - 'supported_by': 'community' -} - - -DOCUMENTATION = ''' ---- -module: tripleo_push_artifacts -short_description: Push RPM/tar.gz artifact files from a local path -version_added: "2.9" -author: "Kevin Carter (@cloudnull)" -description: - - Takes a set of fully qualified paths as inputs, pushes the content - and deploys them on the remote system. - - When installing multiple RPMs all of them will be installed using - a single transaction with DNF. This improves performance, while - maintaining the package ordering. -options: - artifact_paths: - description: - - List of artifact full paths - required: true - type: list - artifact_urls: - description: - - List of artifact full paths - required: true - type: list -''' - -RETURN = """ -""" - -EXAMPLES = """ -- name: Push artifacts - tripleo_push_artifacts: - artifact_paths: - - /var/lib/tripleo/artifacts/container1/foo.rpm - - /var/lib/tripleo/artifacts/container2/foo.tar.gz - artifact_urls: - - https://example.tld/packages/package.rpm -""" - - -class ActionModule(ActionBase): - """Batch process artifacts.""" - - def _run_module(self, module_name, module_args): - """Execute an ansible module.""" - - DISPLAY.vv('Running module name: {}'.format(module_name)) - - results = self._execute_module( - module_name=module_name, - module_args=module_args, - task_vars=self.task_vars_meta - ) - DISPLAY.vv('Result {}'.format(results)) - - if results.get('changed', False): - self.changed = True - - if results.get('failed', False): - raise AnsibleActionFail( - 'Module {} failed. Message: {}'.format( - module_name, - results.get('msg') - ) - ) - - return results - - def _get_filetype(self, filename): - """Get file type information.""" - - try: - r = subprocess.run( - "file -b {}".format(filename), - shell=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - universal_newlines=True - ) - except Exception as e: - raise Exception('Unable to determine file type: %s' & e) - else: - if 'RPM' in r.stdout: - return 'rpm' - elif 'gzip compressed data' in r.stdout: - return 'targz' - - raise AnsibleActionFail( - 'Filename {} is an unknown type'.format(filename) - ) - - def _get_url(self, url): - """Run file download operation.""" - - path_path = os.path.join(tempfile.gettempdir(), 'artifacts') - os.makedirs(path_path) - package_name = os.path.join( - path_path, - os.path.basename(url) - ) - with requests.get(url, stream=True) as r: - r.raise_for_status() - with open(package_name, 'wb') as f: - for chunk in r.iter_content(chunk_size=8192): - f.write(chunk) - return package_name - - def _transfer_files(self, filename, destination): - """Run file transfer operation.""" - - # Access to protected method is unavoidable in Ansible - # NOTE(cloudnull): Access to private method is unavoidable in Ansible - transferred_file = self._transfer_file( - local_path=filename, - remote_path=self._connection._shell.join_path(self.tmp, 'source') - ) - self._run_module( - module_name='copy', - module_args=dict( - src=transferred_file, - dest=destination, - _original_basename=os.path.basename(filename), - follow=True, - ) - ) - - def deploy_rpm(self, filename): - """Sync RPM to remote host.""" - - DISPLAY.vv('Running package deployment') - package_path = os.path.join( - ARTIFACTS_ANCHOR, - os.path.basename(filename) - ) - self._run_module( - module_name='file', - module_args=dict( - path=os.path.dirname(package_path), - state='directory' - ) - ) - self._transfer_files(filename=filename, destination=package_path) - - return package_path - - def install_rpms(self, rpms): - """Run RPM installation.""" - - DISPLAY.vv('Running package install for: {}'.format(rpms)) - self._run_module( - module_name='dnf', - module_args=dict( - name=rpms - ) - ) - for rpm in rpms: - self._run_module( - module_name='file', - module_args=dict( - path=rpm, - state='absent' - ) - ) - self.installed_artifacts.extend( - [os.path.basename(i) for i in rpms] - ) - - def deploy_targz(self, filename): - """Run unarchive deployment.""" - - DISPLAY.vv('Running archive deployment') - package_path = os.path.join( - ARTIFACTS_ANCHOR, - os.path.basename(filename) - ) - self._run_module( - module_name='file', - module_args=dict( - path=os.path.dirname(package_path), - state='directory' - ) - ) - self._transfer_files(filename=filename, destination=package_path) - results = self._low_level_execute_command( - "tar xvz -C / -f {}".format(package_path), - executable='/bin/bash' - ) - DISPLAY.vv('Result {}'.format(results)) - if results['rc'] > 0: - DISPLAY.error(msg='Failed command: {}'.format(results)) - raise AnsibleActionFail( - 'Unable to perform unarchive {}.'.format(package_path) - ) - self._run_module( - module_name='file', - module_args=dict( - path=package_path, - state='absent' - ) - ) - self.installed_artifacts.append(os.path.basename(filename)) - - def _run(self, task_vars=None): - """Run the artifact push batcher. - - All pushed artifacts will be deployed to the inventory target. - """ - - self.changed = False - self.installed_artifacts = list() - - if task_vars is None: - task_vars = dict() - - result = super(ActionModule, self).run(task_vars=task_vars) - - self.task_vars_meta = task_vars - - # parse args - download_artifacts = self._task.args.get('artifact_urls', list()) - local_artifacts = self._task.args.get('artifact_paths', list()) - if not local_artifacts and not download_artifacts: - raise AnsibleActionFail( - 'Neither artifact_paths or artifact_urls has any value.' - ' Check configuration and try again.' - ) - - for artifact in download_artifacts: - local_artifacts.append( - self._get_url(url=artifact) - ) - - rpms = list() - for artifact in local_artifacts: - filetype = self._get_filetype(filename=artifact) - DISPLAY.vv( - 'Artifact type: {}, file: {}'.format( - filetype, - artifact - ) - ) - if filetype == 'rpm': - pushed_artifact = self.deploy_rpm(filename=artifact) - rpms.append(pushed_artifact) - elif filetype == 'targz': - self.deploy_targz(filename=artifact) - - if rpms: - self.install_rpms(rpms=rpms) - - result['changed'] = self.changed - result['installed_artifacts'] = self.installed_artifacts - - return result - - def run(self, tmp=None, task_vars=None): - """Begin action plugin execution.""" - - del tmp # tmp no longer has any effect - - try: - self.tmp = self._make_tmp_path( - remote_user=self._play_context.remote_user - ) - return self._run(task_vars=task_vars) - finally: - self._remove_tmp_path(self.tmp) diff --git a/tripleo_ansible/ansible_plugins/callback/tripleo.py b/tripleo_ansible/ansible_plugins/callback/tripleo.py deleted file mode 100644 index 6aa772976..000000000 --- a/tripleo_ansible/ansible_plugins/callback/tripleo.py +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -from ansible import constants as C -from ansible.plugins.callback.default import CallbackModule as BASE - - -class CallbackModule(BASE): - def set_options(self, task_keys=None, var_options=None, direct=None): - super(CallbackModule, self).set_options(task_keys=task_keys, - var_options=var_options, - direct=direct) - - def v2_runner_retry(self, result): - task_name = result.task_name or result._task - retry_count = result._result['retries'] - result._result['attempts'] - if (getattr(result, '_task', False) - and (getattr(result._task, 'action', False) - in ['async_status'])): - state = "WAITING FOR COMPLETION" - else: - state = "RETRYING" - color = C.COLOR_DEBUG - msg = "%s: %s (%d retries left)." % (state, task_name, retry_count) - if self._run_is_verbose(result, verbosity=2): - msg += "Result was: %s" % self._dump_results(result._result) - self._display.display(msg, color=color) diff --git a/tripleo_ansible/ansible_plugins/callback/tripleo_dense.py b/tripleo_ansible/ansible_plugins/callback/tripleo_dense.py deleted file mode 100644 index 01f6e8e65..000000000 --- a/tripleo_ansible/ansible_plugins/callback/tripleo_dense.py +++ /dev/null @@ -1,322 +0,0 @@ -__metaclass__ = type - -import uuid - -from ansible import constants as C -from ansible.playbook.task_include import TaskInclude -from ansible.plugins.callback.default import CallbackModule as DefaultCallback -from datetime import datetime - - -DOCUMENTATION = """ - name: tripleo_dense - type: stdout - short_description: default TripleO screen output - version_added: historical - description: - - This is the default output callback for TripleO. - extends_documentation_fragment: - - default_callback - requirements: - - set as stdout in configuration -""" - - -class CallbackModule(DefaultCallback): - def get_options(self, option_string): - pass - - def _output(self, msg, color=None): - timestamp = datetime.now().strftime("%Y-%m-%d %H:%M:%S.%f") - if isinstance(msg, list): - output = ' | '.join([timestamp] + msg) - else: - output = timestamp + ' | ' + msg - self._display.display(output, color=color) - - def _get_host(self, result): - delegated_vars = result._result.get('_ansible_delegated_vars', None) - if (getattr(result, '_host', False) - and getattr(result._host, 'get_name', False)): - msg = '%s' % result._host.get_name() - elif (getattr(result, '_host', False) - and getattr(result._host, 'name', False)): - msg = '%s' % result._host.name - else: - msg = 'UNKNOWN' - if delegated_vars: - msg += ' -> %s' % delegated_vars['ansible_host'] - return msg - - def _get_task_name(self, item=None): - name = '' - if item and getattr(item, 'name', False): - # item is a task - name = item.name - elif item and getattr(item, 'task_name', False): - name = item.task_name - elif item and getattr(item, '_task', False): - name = item._task.name - return name - - def _get_uuid(self, item=None): - uuid = '' - - if item and getattr(item, '_uuid', False): - # item is a task - uuid = item._uuid - elif item and getattr(item, '_task', False): - # item is a result (may not have a _task tho) - if getattr(item._task, '_uuid', False): - uuid = item._task._uuid - return '{:36}'.format(uuid) - - def _get_state(self, state): - return '{:>10}'.format(state) - - # TODO(mwhahaha): can this work for fatal/skipped/etc? - def _get_item_line(self, result, item=False): - line = [ - self._get_uuid(result) - ] - host_str = self._get_host(result=result) - - if (getattr(result, '_result', False) - and result._result.get('changed', False)): - line.append(self._get_state('CHANGED')), - line.append(self._get_task_name(result)) - line.append(host_str) - color = C.COLOR_CHANGED - else: - if not self.get_option('display_ok_hosts'): - return (None, None) - line.append(self._get_state('OK')) - line.append(self._get_task_name(result)) - line.append(host_str) - color = C.COLOR_OK - if item: - item_result = self._get_item_label(result._result) - # don't display if None - if item_result: - line.append('item=%s' % item_result) - return (line, color) - - def _handle_warnings(self, result): - if not C.ACTION_WARNINGS: - return - if result.get('warnings', False): - line = [ - self._get_uuid(result), - self._get_state('WARNING') - ] - color = C.COLOR_WARN - for warn in result['warnings']: - msg = line + [warn] - self._output(msg, color) - del result['warnings'] - if result.get('deprecations', False): - line = [ - self._get_uuid(result), - self._get_state('DEPRECATED') - ] - color = C.COLOR_DEPRECATE - # TODO(mwhahaha): handle deps correctly as they are a dict - for dep in result['deprecations']: - msg = line + [dep['msg']] - self._output(msg, color) - del result['deprecations'] - - def _task_line(self, task, state, color=None): - if not task.name: - return - line = [ - self._get_uuid(task), - self._get_state(state), - self._get_task_name(task) - ] - self._output(line, color) - - def v2_playbook_on_task_start(self, task, is_conditional): - self._task_line(task, 'TASK') - - def v2_playbook_on_handler_task_start(self, task): - self._task_line(task, 'HANDLER') - - def v2_playbook_on_cleanup_task_start(self, task): - self._task_line(task, 'CLEANUP') - - # TODO(mwhahaha): Push fix into default for broken version of this - # function because get_option doesn't work when k is not in _plugin_options - def v2_runner_on_start(self, host, task): - if ('show_per_host_start' in self._plugin_options - and self.get_options('show_per_host_start')): - color = C.COLOR_HIGHLIGHT - line = [ - self._get_uuid(task), - self._get_state('START'), - self._get_task_name(task=task), - host.name - ] - self._output(line, color) - - def v2_runner_item_on_ok(self, result): - if isinstance(result._task, TaskInclude): - return - (line, color) = self._get_item_line(result, item=True) - if not line: - return - self._handle_warnings(result._result) - if result._task.loop and 'results' in result._result: - self._process_items(result) - else: - if self._run_is_verbose(result): - line.append('result=%s' % self._dump_results(result._result)) - self._output(line, color) - - def v2_runner_on_failed(self, result, ignore_errors=False): - self._clean_results(result._result, result._task.action) - # TODO(mwhahaha): implement this one - self._handle_exception(result._result) - self._handle_warnings(result._result) - if result._task.loop and 'results' in result._result: - self._process_items(result) - else: - if ignore_errors: - status = 'IGNORED' - color = C.COLOR_SKIP - else: - status = 'FATAL' - color = C.COLOR_ERROR - - line = [ - self._get_uuid(result), - self._get_state(status), - self._get_task_name(result), - self._get_host(result=result) - ] - item_result = self._get_item_label(result._result) - # don't display if None - if item_result: - line.append('item=%s' % item_result) - line.append('error=%s' % self._dump_results(result._result)) - self._output(line, color) - - def v2_runner_item_on_failed(self, result): - line = [ - self._get_uuid(result), - self._get_state('FATAL'), - self._get_task_name(result), - self._get_host(result=result) - ] - color = C.COLOR_ERROR - item_result = self._get_item_label(result._result) - # don't display if None - if item_result: - line.append('item=%s' % item_result) - line.append('error=%s' % self._dump_results(result._result)) - self._output(line, color) - - def v2_runner_on_ok(self, result): - if isinstance(result._task, TaskInclude): - return - (line, color) = self._get_item_line(result) - if not line: - return - self._handle_warnings(result._result) - if result._task.loop and 'results' in result._result: - self._process_items(result) - else: - if self._run_is_verbose(result): - line.append('result=%s' % self._dump_results(result._result)) - self._output(line, color) - - def v2_runner_item_on_skipped(self, result): - if not C.DISPLAY_SKIPPED_HOSTS: - return - self._clean_results(result._result, result._task.action) - line = [ - self._get_uuid(result), - self._get_state('SKIPPED'), - self._get_task_name(result), - self._get_host(result=result) - ] - color = C.COLOR_SKIP - item_result = self._get_item_label(result._result) - # don't display if None - if item_result: - line.append('item=%s' % item_result) - if self._run_is_verbose(result): - line.append('result=%s' % self._dump_results(result._result)) - self._output(line, color) - - def v2_runner_on_skipped(self, result): - # TODO(mwhahaha): this is broken? - # if self.display_skipped_hosts: - self._clean_results(result._result, result._task.action) - if result._task.loop and 'results' in result._result: - self._process_items(result) - else: - line = [ - self._get_uuid(result), - self._get_state('SKIPPED'), - self._get_task_name(result), - self._get_host(result=result) - ] - color = C.COLOR_SKIP - item_result = self._get_item_label(result._result) - # don't display if None - if item_result: - line.append('item=%s' % item_result) - self._output(line, color) - - def v2_runner_on_unreachable(self, result): - line = [ - self._get_uuid(result), - self._get_state('UNREACHABLE'), - self._get_task_name(result), - self._get_host(result=result) - ] - item_result = self._get_item_label(result._result) - # don't display if None - if item_result: - line.append('item=%s' % item_result) - self._output(line, C.COLOR_UNREACHABLE) - - def v2_playbook_on_include(self, included_file): - color = C.COLOR_SKIP - # included files don't have tasks so lets generate one for the file - # for consistency. Should this be optional? - file_id = str(uuid.uuid4()) - for host in included_file._hosts: - line = [ - file_id, - self._get_state('INCLUDED'), - included_file._filename, - host.name - ] - self._output(line, color) - - def v2_runner_retry(self, result): - retry_count = result._result['retries'] - result._result['attempts'] - # NOTE(mwhahaha): action is async_status we know we're waiting vs a - # failure that is being retried. We can adjust state & color. - # We use getattr because ansible will stop using this if we try and - # access an undefined thing, so let's be careful. - if (getattr(result, '_task', False) - and (getattr(result._task, 'action', False) - in ['async_status'])): - state = 'WAITING' - else: - state = 'RETRY' - color = C.COLOR_DEBUG - host_str = self._get_host(result=result) - line = [ - self._get_uuid(result), - self._get_state(state), - self._get_task_name(result), - host_str, - '%d retries left' % retry_count - ] - if self._run_is_verbose(result, verbosity=2): - line.append("result=%s" % self._dump_results(result._result)) - self._output(line, color) diff --git a/tripleo_ansible/ansible_plugins/callback/tripleo_profile_tasks.py b/tripleo_ansible/ansible_plugins/callback/tripleo_profile_tasks.py deleted file mode 100644 index 0fbc0ea0b..000000000 --- a/tripleo_ansible/ansible_plugins/callback/tripleo_profile_tasks.py +++ /dev/null @@ -1,215 +0,0 @@ -__metaclass__ = type - -import collections -import time - -from ansible import constants as C -from ansible.plugins.callback import CallbackBase -from datetime import datetime -from datetime import timedelta - -DOCUMENTATION = ''' - callback: tripleo_profile_tasks - type: aggregate - short_description: adds time information to tasks - version_added: "2.9" - description: - - Based on upstream profile_tasks but formatted for tripleo_dense - requirements: - - whitelisting in configuration - see examples section below for details. - options: - output_limit: - description: Number of tasks to display in the summary - default: 20 - env: - - name: PROFILE_TASKS_TASK_OUTPUT_LIMIT - ini: - - section: callback_profile_tasks - key: task_output_limit - sort_order: - description: Adjust the sorting output of summary tasks - choices: ['descending', 'ascending', 'none'] - default: 'descending' - env: - - name: PROFILE_TASKS_SORT_ORDER - ini: - - section: callback_profile_tasks - key: sort_order -''' - - -class CallbackModule(CallbackBase): - - CALLBACK_VERSION = 2.0 - CALLBACK_TYPE = 'aggregate' - CALLBACK_NAME = 'tripleo_profile_tasks' - CALLBACK_NEEDS_WHITELIST = True - - def __init__(self): - self.stats = collections.OrderedDict() - self.tasks = {} - self.current = None - self.sort_order = None - self.task_output_limit = None - self.start_time = time.time() - super(CallbackModule, self).__init__() - - def set_options(self, task_keys=None, var_options=None, direct=None): - super(CallbackModule, self).set_options(task_keys=task_keys, - var_options=var_options, - direct=direct) - - self.sort_order = self.get_option('sort_order') - if self.sort_order is not None: - if self.sort_order == 'ascending': - self.sort_order = False - elif self.sort_order == 'descending': - self.sort_order = True - elif self.sort_order == 'none': - self.sort_order = None - - self.task_output_limit = self.get_option('output_limit') - if self.task_output_limit is not None: - if self.task_output_limit == 'all': - self.task_output_limit = None - else: - self.task_output_limit = int(self.task_output_limit) - - def _get_uuid(self, item=None): - uuid = '' - - if item and getattr(item, '_uuid', False): - # item is a task - uuid = item._uuid - elif item and getattr(item, '_task', False): - # item is a result (may not have a _task tho) - if getattr(item._task, '_uuid', False): - uuid = item._task._uuid - return '{:36}'.format(uuid) - - def _get_host(self, result): - delegated_vars = result._result.get('_ansible_delegated_vars', None) - if (getattr(result, '_host', False) - and getattr(result._host, 'get_name', False)): - msg = '%s' % result._host.get_name() - elif (getattr(result, '_host', False) - and getattr(result._host, 'name', False)): - msg = '%s' % result._host.name - else: - msg = 'UNKNOWN' - if delegated_vars: - msg += ' -> %s' % delegated_vars['ansible_host'] - return msg - - def _output(self, msg, color=None): - timestamp = datetime.now().strftime("%Y-%m-%d %H:%M:%S.%f") - if isinstance(msg, list): - output = ' | '.join([timestamp] + msg) - else: - output = timestamp + ' | ' + msg - self._display.display(output, color=color) - - def _start_task(self, task, host=None): - hostname = None - if host: - hostname = host.name - k = (hostname, task._uuid) - self.stats[k] = {'start': time.time(), - 'total_time': 0.0} - self.tasks[task._uuid] = task.get_name() - - def _end_task(self, result): - uuid = self._get_uuid(result) - host = self._get_host(result) - k = (host, uuid) - # the task never started, insert shrug emoji here. - if k not in self.stats: - self._display.vvvv('{} missing from stats'.format(k)) - return - total_time = time.time() - self.stats[k]['start'] - self.stats[k]['total_time'] = total_time - - line = [ - uuid, - u'{:>10}'.format('TIMING'), - self.tasks.get(uuid, ''), - host, - str(timedelta(seconds=time.time() - self.start_time)), - u'{0:.02f}s'.format(total_time) - ] - self._output(line, C.COLOR_DEBUG) - - def v2_runner_on_start(self, host, task): - self._start_task(task, host) - - # task ends - def v2_playbook_on_failed(self, result, ignore_errors=False): - self._end_task(result) - - def v2_runner_on_ok(self, result): - self._end_task(result) - - def v2_runner_item_on_ok(self, result): - self._end_task(result) - - def v2_runner_on_failed(self, result, ignore_errors=False): - self._end_task(result) - - def v2_runner_item_on_failed(self, result): - self._end_task(result) - - def v2_runner_on_skipped(self, result): - self._end_task(result) - - def v2_runner_on_unreachable(self, result): - self._end_task(result) - - # playbook finished - def playbook_on_stats(self, stats): - self.current = None - results = self.stats.items() - # Sort the tasks by the specified sort - if self.sort_order is not None: - results = sorted( - self.stats.items(), - key=lambda x: x[1]['total_time'], - reverse=self.sort_order, - ) - results = results[:self.task_output_limit] - - self._output('~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' - ' Summary Information ' - '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~') - self._output( - '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' - ' Total Tasks: {:<10} ' - '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'.format(len(self.tasks))) - - self._output( - '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' - ' Elapsed Time: {} ' - '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'.format( - str(timedelta(seconds=(time.time() - self.start_time))))) - - header = [ - '{:>36}'.format('UUID'), - '{:>10}'.format('Info'), - '{:>10}'.format('Host'), - '{:>11}'.format('Task Name'), - '{:>10}'.format('Run Time'), - ] - self._output(' | '.join(header)) - - for (host, uuid), result in results: - line = [ - uuid, - u'{:>10}'.format('SUMMARY'), - u'{:>10}'.format(host), - self.tasks.get(uuid, ''), - u'{0:.02f}s'.format(result['total_time']) - ] - self._output(' | '.join(line)) - - self._output('~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' - ' End Summary Information ' - '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~') diff --git a/tripleo_ansible/ansible_plugins/callback/tripleo_states.py b/tripleo_ansible/ansible_plugins/callback/tripleo_states.py deleted file mode 100644 index 178d6cf42..000000000 --- a/tripleo_ansible/ansible_plugins/callback/tripleo_states.py +++ /dev/null @@ -1,63 +0,0 @@ -__metaclass__ = type - -from ansible.plugins.callback import CallbackBase -from datetime import datetime - -DOCUMENTATION = ''' - callback: tripleo_states - type: aggregate - short_description: adds states information - version_added: "2.9" - description: - - TripleO specific callback useful to print out deployment states. - requirements: - - whitelisting in configuration - see examples section below for details. -''' - - -class CallbackModule(CallbackBase): - - CALLBACK_VERSION = 2.0 - CALLBACK_TYPE = 'aggregate' - CALLBACK_NAME = 'tripleo_states' - CALLBACK_NEEDS_WHITELIST = True - - def __init__(self, display=None): - super(CallbackModule, self).__init__(display) - - def _output(self, msg, color=None): - timestamp = datetime.now().strftime("%Y-%m-%d %H:%M:%S.%f") - if isinstance(msg, list): - output = ' | '.join([timestamp] + msg) - else: - output = timestamp + ' | ' + msg - self._display.display(output, color=color) - - def v2_playbook_on_stats(self, stats): - nodes_to_redeploy = [] - - # Find out which hosts failed to deploy; it would very likely - # happen when max_fail_percentage was set to a percentage value and the - # number of hosts which successfully deployed matched the criteria. - hosts = sorted(stats.processed.keys()) - for h in hosts: - t = stats.summarize(h) - if t['failures'] or t['unreachable']: - nodes_to_redeploy.append(h) - - # Only display if there are nodes in error state for now but it might - # change later if we add more information. - if len(nodes_to_redeploy) > 0: - self._output('~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' - ' State Information ' - '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~') - - self._output( - '~~~~~~~~~~~~~~~~~~' - ' Number of nodes which did not deploy successfully: {} ' - '~~~~~~~~~~~~~~~~~'.format(len(nodes_to_redeploy))) - nodes_to_redeploy_list = ", ".join(nodes_to_redeploy) - fail_msg = ' The following node(s) had failures: ' + \ - '{}'.format(nodes_to_redeploy_list) - self._output(fail_msg, 'red') - self._output('~' * 89) diff --git a/tripleo_ansible/ansible_plugins/filter/.gitkeep b/tripleo_ansible/ansible_plugins/filter/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/ansible_plugins/filter/cpu_mask.py b/tripleo_ansible/ansible_plugins/filter/cpu_mask.py deleted file mode 100644 index 140da56fb..000000000 --- a/tripleo_ansible/ansible_plugins/filter/cpu_mask.py +++ /dev/null @@ -1,35 +0,0 @@ -#!/usr/bin/python -import binascii - -from ansible.parsing.yaml.objects import AnsibleUnicode - - -class FilterModule(object): - def filters(self): - return { - 'cpu_mask': self.cpu_mask - } - - # Calculate the cpu mask for the list of CPUs - # Example - for input of 1,13 the mask would be 2002 - def cpu_mask(self, cpu_list): - mask = 0 - cpus = [] - for cpu in cpu_list.split(','): - if '-' in cpu: - rng = cpu.split('-') - cpus.extend(range(int(rng[0]), int(rng[1]) + 1)) - else: - cpus.append(int(cpu)) - cpus.sort() - max_val = int(cpus[-1]) - byte_arr = bytearray(int(max_val / 8) + 1) - - for item in cpus: - pos = int(int(item) / 8) - bit = int(item) % 8 - byte_arr[pos] |= 2**bit - - byte_arr.reverse() - mask = binascii.hexlify(byte_arr) - return mask.decode("utf-8").lstrip("0") diff --git a/tripleo_ansible/ansible_plugins/filter/helpers.py b/tripleo_ansible/ansible_plugins/filter/helpers.py deleted file mode 100644 index 9d152a508..000000000 --- a/tripleo_ansible/ansible_plugins/filter/helpers.py +++ /dev/null @@ -1,655 +0,0 @@ -#!/usr/bin/env python -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import ast -import json -import os -import re - -from ansible import errors - - -# cmp() doesn't exist on python3 -def cmp(a, b): - return 0 if a == b else 1 - - -class FilterModule(object): - def filters(self): - return { - 'singledict': self.singledict, - 'subsort': self.subsort, - 'needs_delete': self.needs_delete, - 'haskey': self.haskey, - 'list_of_keys': self.list_of_keys, - 'container_exec_cmd': self.container_exec_cmd, - 'containers_not_running': self.containers_not_running, - 'get_key_from_dict': self.get_key_from_dict, - 'recursive_get_key_from_dict': self.recursive_get_key_from_dict, - 'get_role_assignments': self.get_role_assignments, - 'get_domain_id': self.get_domain_id, - 'get_changed_containers': self.get_changed_containers, - 'get_failed_containers': self.get_failed_containers, - 'get_changed_async_task_names': self.get_changed_async_task_names, - 'dict_to_list': self.dict_to_list, - 'get_filtered_resources': self.get_filtered_resources, - 'get_filtered_resource_chains': self.get_filtered_resource_chains, - 'get_filtered_service_chain': self.get_filtered_service_chain, - 'get_filtered_role_resources': self.get_filtered_role_resources, - 'get_node_capabilities': self.get_node_capabilities, - 'get_node_profile': self.get_node_profile, - 'tht_abspath': self.tht_abspath, - 'snake_case': self.snake_case, - } - - def subsort(self, dict_to_sort, attribute, null_value=0): - """Sort a hash from a sub-element. - - This filter will return an dictionary ordered by the attribute - part of each item. - """ - for k, v in dict_to_sort.items(): - if attribute not in v: - dict_to_sort[k][attribute] = null_value - - data = {} - for d in dict_to_sort.items(): - if d[1][attribute] not in data: - data[d[1][attribute]] = [] - data[d[1][attribute]].append({d[0]: d[1]}) - - sorted_list = sorted( - data.items(), - key=lambda x: x[0] - ) - ordered_dict = {} - for o, v in sorted_list: - ordered_dict[o] = v - return ordered_dict - - def singledict(self, list_to_convert, merge_with={}): - """Generate a single dictionary from a list of dictionaries. - - This filter will return a single dictionary from a list of - dictionaries. - If merge_with is set, the return dict will be merged with it. - """ - return_dict = {} - for i in list_to_convert: - return_dict.update(i) - for k in merge_with.keys(): - if k in return_dict: - for mk, mv in merge_with[k].items(): - return_dict[k][mk] = mv - break - return return_dict - - def needs_delete(self, container_infos, config, config_id, - clean_orphans=False, check_config=True): - """Returns a list of containers which need to be removed. - - This filter will check which containers need to be removed for these - reasons: no config_data, updated config_data or container not - part of the global config. - - :param container_infos: list - :param config: dict - :param config_id: string - :param clean_orphans: bool - :param check_config: bool to whether or not check if config changed - :returns: list - """ - to_delete = [] - to_skip = [] - installed_containers = [] - - for c in container_infos: - c_name = c['Name'] - installed_containers.append(c_name) - labels = c['Config'].get('Labels') - if not labels: - labels = dict() - managed_by = labels.get('managed_by', 'unknown').lower() - - # Check containers have a label - if not labels: - to_skip += [c_name] - continue - - # Don't delete containers NOT managed by tripleo* or paunch* - elif not re.findall(r"(?=("+'|'.join(['tripleo', 'paunch'])+r"))", - managed_by): - to_skip += [c_name] - continue - - # Only remove containers managed in this config_id - elif labels.get('config_id') != config_id: - to_skip += [c_name] - continue - - # Remove containers with no config_data - # e.g. broken config containers - elif 'config_data' not in labels and clean_orphans: - to_delete += [c_name] - - for c_name, config_data in config.items(): - # don't try to remove a container which doesn't exist - if c_name not in installed_containers: - continue - - # already tagged to be removed - if c_name in to_delete: - continue - - if c_name in to_skip: - continue - - # Remove containers managed by tripleo-ansible when config_data - # changed. Since we already cleaned the containers not in config, - # this check needs to be in that loop. - # e.g. new TRIPLEO_CONFIG_HASH during a minor update - c_datas = list() - for c in container_infos: - if c_name == c['Name']: - try: - c_datas.append(c['Config']['Labels']['config_data']) - except KeyError: - pass - - # Build c_facts so it can be compared later with config_data - for c_data in c_datas: - try: - c_data = ast.literal_eval(c_data) - except (ValueError, SyntaxError): # may already be data - try: - c_data = dict(c_data) # Confirms c_data is type safe - except ValueError: # c_data is not data - c_data = dict() - - if cmp(c_data, config_data) != 0 and check_config: - to_delete += [c_name] - - # Cleanup installed containers that aren't in config anymore. - for c in installed_containers: - if c not in config.keys() and c not in to_skip and clean_orphans: - to_delete += [c] - - return to_delete - - def tht_abspath(self, file_paths, ignore_error=False, - root_dir='/usr/share/openstack-tripleo-heat-templates'): - '''Find a file/dir absolute path or relative to the home/t-h-t dir''' - - def get_path(file_path): - path = os.path.abspath(file_path) - if not os.path.exists(path): - path = os.path.abspath(os.path.join(os.path.expanduser('~'), - file_path)) - if not os.path.exists(path): - path = os.path.abspath(os.path.join(root_dir, file_path)) - if not os.path.exists(path): - if not ignore_error: - raise errors.AnsibleFilterError( - "Can't find path %s" % (file_path,)) - return file_path - return path - - if not file_paths: - return None - elif isinstance(file_paths, str): - return get_path(file_paths) - elif isinstance(file_paths, list): - paths = [] - for f_path in file_paths: - paths.append(get_path(f_path)) - return paths - else: - raise errors.AnsibleFilterError( - "Either lists or string for paths only supported.") - - def haskey(self, data, attribute, value=None, reverse=False, any=False, - excluded_keys=[]): - """Return dict data with a specific key. - - This filter will take a list of dictionaries (data) - and will return the dictionnaries which have a certain key given - in parameter with 'attribute'. - If reverse is set to True, the returned list won't contain dictionaries - which have the attribute. - If any is set to True, the returned list will match any value in - the list of values for "value" parameter which has to be a list. - If we want to exclude items which have certain key(s); these keys - should be added to the excluded_keys list. If excluded_keys is used - with reverse, we'll just exclude the items which had a key from - excluded_keys in the reversed list. - """ - return_list = [] - for i in data: - to_skip = False - for k, v in json.loads(json.dumps(i)).items(): - for e in excluded_keys: - if e in v: - to_skip = True - break - if to_skip: - break - if attribute in v and not reverse: - if value is None: - return_list.append(i) - else: - if isinstance(value, list) and any: - if v[attribute] in value: - return_list.append({k: v}) - elif any: - raise TypeError("value has to be a list if any is " - "set to True.") - else: - if v[attribute] == value: - return_list.append({k: v}) - if attribute not in v and reverse: - return_list.append({k: v}) - return return_list - - def list_of_keys(self, keys_to_list): - """Return a list of keys from a list of dictionaries. - - This filter takes in input a list of dictionaries and for each of them - it will add the key to list_of_keys and returns it. - """ - list_of_keys = [] - for i in keys_to_list: - for k, v in i.items(): - list_of_keys.append(k) - return list_of_keys - - def get_key_from_dict(self, data, key, strict=False, default=None): - """Return a list of unique values from a specific key from a dict. - - This filter takes in input a list of dictionaries and for each of them - it will add the value of a specific key into returned_list and - returns it sorted. If the key has to be part of the dict, set strict to - True. A default can be set if the key doesn't exist but strict has to - be set to False. - """ - returned_list = [] - for i in data.items(): - value = i[1].get(key) - if value is None and not strict and default is not None: - value = default - if value is None: - if strict: - raise TypeError('Missing %s key in ' - '%s' % (key, i[0])) - else: - continue - if isinstance(value, list): - for v in value: - if v not in returned_list: - returned_list.append(v) - elif isinstance(value, dict): - for k, v in value.items(): - if v not in returned_list: - returned_list.append({k: v}) - else: - if value not in returned_list: - returned_list.append(value) - return returned_list - - def recursive_get_key_from_dict(self, data, key): - """Recursively return values for keys in a dict - - This filter will traverse all the dictionaries in the provided - dictionary and return any values for a specified key. This is useful - if you have a complex dictionary containing dynamic keys but want to - fetch a commonly named key. - """ - val = [] - if key in data: - val.append(data.get(key)) - for k, v in data.items(): - if isinstance(v, dict): - val.extend(self.recursive_get_key_from_dict(v, key)) - return val - - def list_or_dict_arg(self, data, cmd, key, arg): - """Utility to build a command and its argument with list or dict data. - - The key can be a dictionary or a list, the returned arguments will be - a list where each item is the argument name and the item data. - """ - if key not in data: - return - value = data[key] - if isinstance(value, dict): - for k, v in sorted(value.items()): - if v: - cmd.append('%s=%s=%s' % (arg, k, v)) - elif k: - cmd.append('%s=%s' % (arg, k)) - elif isinstance(value, list): - for v in value: - if v: - cmd.append('%s=%s' % (arg, v)) - - def container_exec_cmd(self, data, cli='podman'): - """Return a list of all the arguments to execute a container exec. - - This filter takes in input the container exec data and the cli name - to return the full command in a list of arguments that will be used - by Ansible command module. - """ - cmd = [cli, 'exec'] - cmd.append('--user=%s' % data.get('user', 'root')) - if 'privileged' in data: - cmd.append('--privileged=%s' % str(data['privileged']).lower()) - self.list_or_dict_arg(data, cmd, 'environment', '--env') - cmd.extend(data['command']) - return cmd - - def containers_not_running(self, container_info, execs=[]): - """Check if specified services aren't running - - :params: container_info: containers list from podman_container_info - result - :params: execs: list of dicts for container actions - """ - not_running = [] - expected_containers = set() - - # Get the container out of any execs by extracting the container - # out of the command to be executed - # - # NOTE this could be written as: - # [v.get('command')[0] - # for i in self.haskey(execs, attribute='action', value='exec') - # for k, v in i.items()] - # But this won't handle missing command. I'm uncertain if we ever would - # pass in an exec without an action but the code below won't blow up - # if command is missing - for action in self.haskey(execs, attribute='action', value='exec'): - for k, v in action.items(): - command = v.get('command') - if command and len(command) > 0: - expected_containers.add(command[0]) - - # we don't have any containers we're checking so just stop - if len(expected_containers) == 0: - return [] - - # check running containers against exec containers - for container in container_info: - container_name = container.get('Name') - if (container_name in expected_containers - and not container.get('State', {}).get('Running')): - not_running.append(container_name) - return not_running - - def get_role_assignments(self, data, default_role='admin', - default_project='service'): - """Return a dict of all roles and their users. - - This filter takes in input the keystone resources data and - returns a dict where each key is a role and its users assigned. - If 'domain' or 'project' are specified, they are added to the user - entry; so the user will be assign to the domain or the project. - If no domain and no project are specified, default_project will be - used. - Note that domain and project are mutually exclusive in Keystone v3. - """ - returned_dict = {} - for d in data: - for k, v in d.items(): - roles = v.get('roles', default_role) - domain = v.get('domain') - project = v.get('project') - - if domain is not None and project is not None: - raise TypeError('domain and project need to be mutually ' - 'exclusive for user: %s' % k) - - if isinstance(roles, list): - for r in roles: - if r not in returned_dict: - returned_dict[r] = [] - if domain is not None: - returned_dict[r].append({k: {'domain': domain}}) - elif project is not None: - returned_dict[r].append({k: {'project': project}}) - else: - returned_dict[r].append({k: {'project': - default_project}}) - else: - if roles not in returned_dict: - returned_dict[roles] = [] - if domain is not None: - returned_dict[roles].append({k: {'domain': domain}}) - elif project is not None: - returned_dict[roles].append({k: {'project': project}}) - else: - returned_dict[roles].append({k: {'project': - default_project}}) - return returned_dict - - def get_domain_id(self, domain_name, all_domains): - """Return the ID of a domain by its name. - - This filter taks in input a domain name and a dictionary with all - domain informations. - """ - if domain_name == '': - return - for d in all_domains: - if d.get('name') == domain_name: - return d.get('id') - raise KeyError('Could not get domain ID for "%s"' % domain_name) - - def get_changed_containers(self, async_results): - """Return a list of containers that changed. - - This filter takes in input async results of a podman_container - invocation and returns the list of containers with actions, so we - know which containers have changed. - """ - changed = [] - for item in async_results: - if item.get('podman_actions'): - if item['container'].get('Name'): - changed.append(item['container'].get('Name')) - return changed - - def get_failed_containers(self, async_results): - """Return a list of containers that failed to start on time. - - This filter takes in input async results of a podman_container - invocation and returns the list of containers that did not - finished correctly. - """ - failed = [] - for item in async_results: - async_result_item = item['create_async_result_item'] - try: - if (item['failed'] or not item['finished'] - or async_result_item['stderr'] != ''): - for k, v in async_result_item['container_data'].items(): - failed.append(k) - except KeyError: - # if Ansible is run in check mode, the async_results items will - # not contain failed or finished keys. - continue - return failed - - def get_changed_async_task_names(self, data, extra=[]): - """Return a list of ansible resources that changed." - - This filter will take a list of dictionaries (data) - and will return a list of resources that changed. - An extra list can be given to automatically include the item if - part of the list already. - """ - return_list = [] - if 'results' in data: - for i in data['results']: - loop_var = i.get('ansible_loop_var', 'item') - for k, v in i[loop_var].items(): - if ('changed' in i and i['changed']) or k in extra: - return_list.append(k) - return return_list - - def dict_to_list(self, data): - """Return a list of dictionaries." - - This filter will take a dictionary which itself containers - multiple dictionaries; and will convert that to a list - of dictionaries. - """ - return_list = [] - for k, v in data.items(): - return_list.append({k: v}) - return return_list - - def snake_case(self, camel_case_string): - """Convert from THTCamelCase to ansible_snake_case - This filter will return a snake_case version of the input string. - >>> filter_snake_case('CephStorage') - 'ceph_storage' - >>> filter_snake_case('HTTPWorker') - 'http_worker' - >>> filter_snake_case('MetricsQDR') - 'metrics_qdr' - """ - camel_case_string = re.sub(r'(.)([A-Z][a-z]+)', r'\1_\2', - camel_case_string) - return re.sub(r'([a-z0-9])([A-Z])', r'\1_\2', camel_case_string).lower() - - @staticmethod - def get_filtered_service_chain(resource_chains, role_chain_resources): - """Returned filtered service chains. - - :param resource_chains: List of resource chains - :type resource_chains: List - - :param role_chain_resources: List of role chains - :type role_chain_resources: List - - :returns: Dictionary - """ - - for resource_id in [i['id'] for i in resource_chains]: - if resource_id in role_chain_resources: - for resource in resource_chains: - if resource['id'] == resource_id: - return resource - - @staticmethod - def get_filtered_role_resources(service_chain_resources, - tripleo_resources): - """Returned filtered role resources. - - :param service_chain_resources: List of service resources - :type service_chain_resources: List - - :param tripleo_resources: Dictionary of tripleo resources - :type tripleo_resources: Dictionary - - :returns: Dictionary - """ - role_services = dict() - for resource_id in service_chain_resources: - if resource_id in tripleo_resources.keys(): - role_services[resource_id] = tripleo_resources[resource_id] - else: - return role_services - - @staticmethod - def get_filtered_resource_chains(resources, role_name): - """Returned filtered resource chains. - - :param resources: Dictionary of resources - :type resources: Dictionary - - :param role_name: Name of role - :type role_name: String - - :returns: Dictionary - """ - for value in resources.values(): - if value.get('name') == '{}ServiceChain'.format(role_name): - return value - - @staticmethod - def get_filtered_resources(resources, filter_value): - """Returned filtered resources. - - :param resources: Dictionary of resources - :type resources: Dictionary - - :param filter_value: String to filter by - :type filter_value: String - - :returns: List - """ - resource_chains = list() - for value in resources.values(): - if value.get('type') == filter_value: - resource_chains.append(value) - else: - return resource_chains - - @staticmethod - def get_node_capabilities(nodes): - """Convert the Node's capabilities into a dictionary. - - :param nodes: List of nodes - :type nodes: List - - :returns: List - """ - - nodes_datas = list() - for node in nodes: - nodes_data = dict() - nodes_data['uuid'] = node['id'] - properties = node['properties'] - caps = properties.get('capabilities', '') - capabilities_dict = dict( - [key.strip().split(':', 1) for key in caps.split(',')]) - nodes_data['hint'] = capabilities_dict.get('node') - nodes_datas.append(nodes_data) - else: - return nodes_datas - - @staticmethod - def get_node_profile(nodes): - """Convert the Node's profile into a dictionary. - - :param nodes: List of nodes - :type nodes: List - - :returns: List - """ - - nodes_datas = list() - for node in nodes: - nodes_data = dict() - nodes_data['uuid'] = node['id'] - properties = node['properties'] - caps = properties.get('capabilities', '') - capabilities_dict = dict( - [key.strip().split(':', 1) for key in caps.split(',')]) - nodes_data['profile'] = capabilities_dict.get('profile') - nodes_datas.append(nodes_data) - else: - return nodes_datas diff --git a/tripleo_ansible/ansible_plugins/module_utils/.gitkeep b/tripleo_ansible/ansible_plugins/module_utils/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/ansible_plugins/module_utils/baremetal_deploy.py b/tripleo_ansible/ansible_plugins/module_utils/baremetal_deploy.py deleted file mode 100644 index ef172323e..000000000 --- a/tripleo_ansible/ansible_plugins/module_utils/baremetal_deploy.py +++ /dev/null @@ -1,654 +0,0 @@ -#!/usr/bin/python -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import collections -from copy import deepcopy as dcopy -import os - -import jsonschema - -import metalsmith -from metalsmith import sources - - -_IMAGE_SCHEMA = { - 'type': 'object', - 'properties': { - 'href': {'type': 'string'}, - 'checksum': {'type': 'string'}, - 'kernel': {'type': 'string'}, - 'ramdisk': {'type': 'string'}, - }, - 'required': ['href'], - 'additionalProperties': False, -} - -_NIC_SCHEMA = { - 'type': 'object', - 'properties': { - 'network': {'type': 'string'}, - 'port': {'type': 'string'}, - 'fixed_ip': {'type': 'string'}, - 'subnet': {'type': 'string'}, - }, - 'additionalProperties': False -} - -_NETWORK_CONFIG_SCHEMA = { - 'type': 'object', - 'properties': { - 'template': {'type': 'string'}, - 'nmstate': {'type': 'boolean'}, - 'physical_bridge_name': {'type': 'string'}, - 'public_interface_name': {'type': 'string'}, - 'network_config_update': {'type': 'boolean'}, - 'net_config_data_lookup': {'type': 'object'}, - 'default_route_network': { - 'type': 'array', - 'items': {'type': 'string'}, - }, - 'networks_skip_config': { - 'type': 'array', - 'items': {'type': 'string'} - }, - 'dns_search_domains': {'type': 'string'}, - 'bond_interface_ovs_options': {'type': 'string'}, - 'num_dpdk_interface_rx_queues': {'type': 'integer'} - }, - 'additionalProperties': False -} - -_NETWORK_SCHEMA = { - 'type': 'object', - 'properties': { - 'network': {'type': 'string'}, - 'port': {'type': 'string'}, - 'fixed_ip': {'type': 'string'}, - 'subnet': {'type': 'string'}, - 'vif': {'type': 'boolean'} - }, - 'additionalProperties': False -} - -_CONFIG_DRIVE_SCHEMA = { - 'type': 'object', - 'properties': { - 'cloud_config': {'type': 'object'}, - 'meta_data': {'type': 'object'}, - }, - 'additionalProperties': False -} - -_INSTANCE_SCHEMA = { - 'type': 'object', - 'properties': { - 'capabilities': {'type': 'object'}, - 'conductor_group': {'type': 'string'}, - 'config_drive': _CONFIG_DRIVE_SCHEMA, - 'hostname': { - 'type': 'string', - 'minLength': 2, - 'maxLength': 255 - }, - 'image': _IMAGE_SCHEMA, - 'name': {'type': 'string'}, - 'netboot': {'type': 'boolean'}, - 'nics': {'type': 'array', - 'items': _NIC_SCHEMA}, - 'network_config': _NETWORK_CONFIG_SCHEMA, - 'networks': {'type': 'array', - 'items': _NETWORK_SCHEMA}, - 'passwordless_sudo': {'type': 'boolean'}, - 'profile': {'type': 'string'}, - 'provisioned': {'type': 'boolean'}, - 'resource_class': {'type': 'string'}, - 'root_size_gb': {'type': 'integer', 'minimum': 4}, - 'ssh_public_keys': {'type': 'string'}, - 'swap_size_mb': {'type': 'integer', 'minimum': 64}, - 'traits': { - 'type': 'array', - 'items': {'type': 'string'} - }, - 'user_name': {'type': 'string'}, - 'managed': {'type': 'boolean'}, - 'management_ip': {'type': 'string'}, - }, - 'additionalProperties': False, -} - - -_INSTANCES_SCHEMA = { - 'type': 'array', - 'items': _INSTANCE_SCHEMA -} -"""JSON schema of the instances list.""" - -_no_nics = dcopy(_INSTANCE_SCHEMA) -_no_networks = dcopy(_INSTANCE_SCHEMA) -del _no_nics['properties']['nics'] -del _no_networks['properties']['networks'] - -_ROLE_DEFAULTS_SCHEMA = { - 'anyOf': [_no_nics, _no_networks] -} -"""JSON schema of the role defaults.""" - -_INSTANCES_INPUT_SCHEMA = { - 'type': 'array', - 'items': {'anyOf': [_no_nics, _no_networks]}, -} -"""JSON schema of the instances input.""" - -_ROLE_ANSIBLE_PLAYBOOKS_SCHEMA = { - 'type': 'array', - 'items': { - 'type': 'object', - 'properties': { - 'playbook': {'type': 'string'}, - 'extra_vars': {'type': 'object'} - }, - 'additionalProperties': False, - 'required': ['playbook'], - } -} -"""JSON schema of the role ansible_playbooks input.""" - -_ROLES_INPUT_SCHEMA = { - 'type': 'array', - 'items': { - 'type': 'object', - 'properties': { - 'name': {'type': 'string'}, - 'hostname_format': {'type': 'string'}, - 'count': {'type': 'integer', 'minimum': 0}, - 'defaults': _ROLE_DEFAULTS_SCHEMA, - 'instances': _INSTANCES_INPUT_SCHEMA, - 'ansible_playbooks': _ROLE_ANSIBLE_PLAYBOOKS_SCHEMA, - }, - 'additionalProperties': False, - 'required': ['name'], - } -} -"""JSON schema of the roles list.""" - - -class BaremetalDeployException(Exception): - pass - - -def expand(roles, stack_name, expand_provisioned=True, default_image=None, - default_network=None, user_name=None, ssh_public_keys=None, - default_network_config=None): - - def _remove_vif_key(nets): - for net in nets: - net.pop('vif', None) - - for role in roles: - defaults = role.setdefault('defaults', {}) - if default_image: - defaults.setdefault('image', default_image) - if ssh_public_keys: - defaults.setdefault('ssh_public_keys', ssh_public_keys) - if user_name: - defaults.setdefault('user_name', user_name) - if default_network: - default_networks = defaults.setdefault('networks', []) - default_networks.extend([x for x in default_network - if x not in default_networks]) - if default_network_config: - default_network_config = defaults.setdefault('network_config', {}) - - if 'profile' in defaults: - capabilities = defaults.setdefault('capabilities', {}) - capabilities.setdefault('profile', defaults['profile']) - del defaults['profile'] - - # Set config-drive metadata instance-name to the role name - config_drive = defaults.setdefault('config_drive', {}) - meta_data = config_drive.setdefault('meta_data', {}) - meta_data['instance-type'] = role['name'] - - for inst in role.get('instances', []): - merge_config_drive_defaults(defaults, inst) - merge_networks_defaults(defaults, inst) - merge_network_config_defaults(defaults, inst) - - for k, v in defaults.items(): - if k != 'config_drive': - # Need to use deepcopy here so defaults are not accidentally - # changed by per-instance manipulations - inst.setdefault(k, dcopy(v)) - - # Set the default hostname now for duplicate hostname - # detection during validation - if 'hostname' not in inst and 'name' in inst: - inst['hostname'] = inst['name'] - - validate_roles(roles) - - instances = [] - hostname_map = {} - parameter_defaults = {'HostnameMap': hostname_map} - role_net_map = {} - hostname_role_map = {} - for role in roles: - name = role['name'] - role_net_map.setdefault(name, set()) - hostname_format = build_hostname_format( - role.get('hostname_format'), name) - count = role.get('count', 1) - unprovisioned_indexes = [] - - # build a map of all potential generated names - # with the index number which generates the name - potential_gen_names = {} - for index in range(count + len(role.get('instances', []))): - potential_gen_names[build_hostname( - hostname_format, index, stack_name)] = index - - # build a list of instances from the specified - # instances list - role_instances = [] - for instance in role.get('instances', []): - inst = {} - inst.update(instance) - - # create a hostname map entry now if the specified hostname - # is a valid generated name - if inst.get('hostname') in potential_gen_names: - hostname_map[inst['hostname']] = inst['hostname'] - - role_instances.append(inst) - - # add generated instance entries until the desired count of - # provisioned instances is reached - while len([i for i in role_instances - if i.get('provisioned', True)]) < count: - inst = {} - inst.update(role['defaults']) - role_instances.append(inst) - - # NOTE(dtantsur): our hostname format may differ from THT defaults, - # so override it in the resulting environment - parameter_defaults['%sHostnameFormat' % name] = ( - hostname_format) - - # ensure each instance has a unique non-empty hostname - # and a hostname map entry and add nics entry for vif networks. - # Also build a list of indexes for unprovisioned instances - index = 0 - for inst in role_instances: - provisioned = inst.get('provisioned', True) - gen_name = None - hostname = inst.get('hostname') - - if hostname not in hostname_map: - while (not gen_name - or gen_name in hostname_map): - gen_name = build_hostname( - hostname_format, index, stack_name) - index += 1 - inst.setdefault('hostname', gen_name) - hostname = inst.get('hostname') - hostname_map[gen_name] = inst['hostname'] - - if not provisioned: - if gen_name: - unprovisioned_indexes.append( - potential_gen_names[gen_name]) - elif hostname in potential_gen_names: - unprovisioned_indexes.append( - potential_gen_names[hostname]) - - vif_networks = [x for x in dcopy(inst.get('networks', [])) - if x.get('vif')] - if vif_networks: - _remove_vif_key(vif_networks) - inst.setdefault('nics', vif_networks) - - if 'profile' in inst: - capabilities = inst.setdefault('capabilities', {}) - capabilities['profile'] = inst['profile'] - del inst['profile'] - - if unprovisioned_indexes: - parameter_defaults['%sRemovalPolicies' % name] = [{ - 'resource_list': unprovisioned_indexes - }] - - provisioned_count = 0 - for inst in role_instances: - provisioned = inst.pop('provisioned', True) - - if provisioned: - provisioned_count += 1 - - # Only add instances which match the desired provisioned state - if provisioned == expand_provisioned: - instances.append(inst) - - role_net_map[name].update( - [x['network'] for x in inst.get('networks', [])]) - hostname_role_map[inst['hostname']] = name - - parameter_defaults['%sCount' % name] = ( - provisioned_count) - - validate_instances(instances, _INSTANCES_SCHEMA) - if expand_provisioned: - env = {'parameter_defaults': parameter_defaults} - else: - env = {} - return instances, env, role_net_map, hostname_role_map - - -def merge_network_config_defaults(defaults, instance): - d_network_config = defaults.get('network_config', {}) - i_network_config = instance.get('network_config', {}) - if not d_network_config: - return - - # only merge network_config not already defined on the instance - for k, v in d_network_config.items(): - i_network_config.setdefault(k, v) - - -def merge_networks_defaults(defaults, instance): - d_networks = defaults.get('networks', []) - i_networks = instance.get('networks', []) - if not d_networks: - return - - i_dict = {x['network']: x for x in i_networks} - d_dict = {x['network']: x for x in d_networks} - - # only merge networks not already defined on the instance - for key in d_dict: - if key not in i_dict: - i_networks.append(d_dict[key]) - - # only set non-empty networks value on the instance - if i_networks: - instance['networks'] = i_networks - - -def merge_config_drive_defaults(defaults, instance): - d_config_drive = defaults.get('config_drive', {}) - i_config_drive = instance.get('config_drive', {}) - - def merge(key): - d_dict = d_config_drive.get(key, {}) - i_dict = i_config_drive.get(key, {}) - - # start with a shallow copy of the defaults and update - # with the instance value - f_dict = dict(d_dict) - f_dict.update(i_dict) - - # only set non-empty merge results - if f_dict: - i_config_drive[key] = f_dict - - merge('cloud_config') - merge('meta_data') - - # only set non-empty config_drive value on the instance - if i_config_drive: - instance['config_drive'] = i_config_drive - - -def check_existing(instances, provisioner, baremetal): - validate_instances(instances, _INSTANCES_SCHEMA) - - # Due to the name shadowing we should import other way - import importlib - sdk = importlib.import_module('openstack') - - not_found = [] - found = [] - unmanaged = [] - existing_by_hostname = collections.defaultdict(list) - existing_by_name = collections.defaultdict(list) - if baremetal: - for node in baremetal.nodes(associated=True, fields=['uuid', 'name', 'instance_info']): - existing_by_name[node.name].append(node.id) - display_name = node.instance_info.get('display_name') - if display_name: - existing_by_hostname[display_name].append(node.id) - - for request in instances: - - hostname = request['hostname'] - name = request.get('name') - hostname_matches = len(existing_by_hostname[hostname]) - name_matches = name and len(existing_by_name[name]) or 0 - if hostname_matches == 0: - if name_matches == 0: - # try the hostname, there may be an allocation with that name - ident = hostname - elif name_matches == 1: - ident = name - else: - message = ('There is more than one existing node with name=%s. ' - 'Replace this name with a specific node uuid to match the desired instance.' - % hostname) - raise BaremetalDeployException(message) - elif hostname_matches == 1: - ident = existing_by_hostname[hostname][0] - else: - message = ('There is more than one existing instance with instance_info.display_name=%s. ' - 'Replace this hostname with a specific node uuid to match the desired instance.' - % hostname) - raise BaremetalDeployException(message) - - if not request.get('managed', True): - unmanaged.append(request) - continue - elif not baremetal: - message = ('Instance %s is not specified as pre-provisioned ' - '(managed: False), and no connection to ' - 'the baremetal service was provided.' - % ident) - raise BaremetalDeployException(message) - - try: - instance = provisioner.show_instance(ident) - # TODO(dtantsur): replace Error with a specific exception - except (sdk.exceptions.ResourceNotFound, - metalsmith.exceptions.Error): - not_found.append(request) - except Exception as exc: - message = ('Failed to request instance information for %s' - % ident) - raise BaremetalDeployException( - "%s. %s: %s" % (message, type(exc).__name__, exc)) - else: - if (not instance.allocation - and instance.state == metalsmith.InstanceState.ACTIVE - and 'name' in request): - try: - baremetal.get_allocation(request['hostname']) - raise BaremetalDeployException( - 'An allocation with the requested hostname %s ' - 'already exists. Refusing to proceed to avoid ' - 'confusing results. Please either change the node ' - 'name or use a different hostname' - % request['hostname']) - except sdk.exceptions.ResourceNotFound: - pass - - # Existing node is missing an allocation record, - # so create one without triggering allocation - baremetal.create_allocation( - resource_class=request.get('resource_class', 'baremetal'), - name=request['hostname'], - node=request['name'] - ) - - # Refresh the instance after adding the allocation - # See: https://bugs.launchpad.net/tripleo/+bug/1929555 - instance = provisioner.show_instance(instance.uuid) - - # NOTE(dtantsur): metalsmith can match instances by node names, - # provide a safeguard to avoid conflicts - if (instance.hostname - and instance.hostname != request['hostname']): - try: - allocation = baremetal.get_allocation(request['hostname']) - node = baremetal.get_node(allocation.node_id) - if (node.instance_info.get('display_name') - != request['hostname']): - error = ("Requested hostname %s was not found, but " - "the deployed node %s has a matching name. " - "Refusing to proceed to avoid confusing " - "results. Please either rename the node or " - "use a different hostname") % ( - request['hostname'], instance.uuid) - raise BaremetalDeployException(error) - except sdk.exceptions.ResourceNotFound: - continue - found.append(instance) - - return found, not_found, unmanaged - - -def populate_environment(instance_uuids, provisioner, environment, - ctlplane_network, templates): - - resource_registry = environment.setdefault( - 'resource_registry', {}) - resource_registry.setdefault( - 'OS::TripleO::DeployedServer::ControlPlanePort', - os.path.join(templates, 'deployed-server/deployed-neutron-port.yaml')) - port_map = (environment.setdefault('parameter_defaults', {}) - .setdefault('DeployedServerPortMap', {})) - for uuid in instance_uuids: - instance = provisioner.show_instance(uuid) - nets = nics_to_port_map(instance.nics(), provisioner.connection) - ctlplane_net = nets.get(ctlplane_network) - if not ctlplane_net: - continue - ctlplane = {} - ctlplane['fixed_ips'] = ctlplane_net.get('fixed_ips', []) - - port_map['%s-%s' % (instance.hostname.lower(), - ctlplane_network)] = ctlplane - return environment - - -def build_hostname_format(hostname_format, role_name): - if not hostname_format: - hostname_format = '%stackname%-{}-%index%'.format( - 'novacompute' if role_name == 'Compute' else role_name.lower()) - return hostname_format - - -def build_hostname(hostname_format, index, stack): - gen_name = hostname_format.replace('%index%', str(index)) - gen_name = gen_name.replace('%stackname%', stack) - return gen_name - - -def validate_instances(instances, schema): - jsonschema.validate(instances, schema) - hostnames = set() - names = set() - fixed_ips = set() - for inst in instances: - name = inst.get('hostname', inst.get('name')) - # NOTE(dtantsur): validate image parameters - get_source(inst) - - if inst.get('hostname'): - if inst['hostname'] in hostnames: - raise ValueError('Hostname %s is used more than once' % - inst['hostname']) - hostnames.add(inst['hostname']) - - if inst.get('name'): - if inst['name'] in names: - raise ValueError('Node %s is requested more than once' % - inst['name']) - names.add(inst['name']) - - inst_ips = {net['fixed_ip'] for net in inst.get('networks', []) - if net.get('fixed_ip')} - if inst_ips.intersection(fixed_ips): - raise ValueError( - 'One or more IP address {ips} for Node {name} is requested ' - 'more than once'.format( - ips=', '.join(inst_ips.intersection(fixed_ips)), - name=name)) - fixed_ips.update(inst_ips) - - if not inst.get('managed', True): - if not inst_ips and not inst.get('management_ip'): - raise ValueError('Node %s that is managed: false requires ' - 'either a fixed IP address, or a management ' - 'ip address' % name) - - -def validate_roles(roles): - jsonschema.validate(roles, _ROLES_INPUT_SCHEMA) - - for item in roles: - count = item.get('count', 1) - instances = item.get('instances', []) - instances = [i for i in instances if i.get('provisioned', True)] - name = item.get('name') - if len(instances) > count: - raise ValueError( - "%s: number of instance entries %s " - "cannot be greater than count %s" % - (name, len(instances), count) - ) - - defaults = item.get('defaults', {}) - if 'hostname' in defaults: - raise ValueError("%s: cannot specify hostname in defaults" - % name) - if 'name' in defaults: - raise ValueError("%s: cannot specify name in defaults" - % name) - if 'provisioned' in defaults: - raise ValueError("%s: cannot specify provisioned in defaults" - % name) - if 'instances' in item: - validate_instances(item['instances'], _INSTANCES_INPUT_SCHEMA) - - -def get_source(instance): - image = instance.get('image', {}) - return sources.detect(image=image.get('href'), - kernel=image.get('kernel'), - ramdisk=image.get('ramdisk'), - checksum=image.get('checksum')) - - -def nics_to_port_map(nics, connection): - """Build a port map from a metalsmith instance.""" - port_map = {} - for nic in nics: - for ip in nic.fixed_ips: - net_name = getattr(nic.network, 'name', None) or nic.network.id - subnet = connection.network.get_subnet(ip['subnet_id']) - net_info = port_map.setdefault( - net_name, {'network': nic.network.to_dict(), - 'fixed_ips': [], 'subnets': []}) - net_info['fixed_ips'].append({'ip_address': ip['ip_address']}) - net_info['subnets'].append(subnet.to_dict()) - return port_map diff --git a/tripleo_ansible/ansible_plugins/module_utils/ca_common.py b/tripleo_ansible/ansible_plugins/module_utils/ca_common.py deleted file mode 100644 index 8a1f6cf62..000000000 --- a/tripleo_ansible/ansible_plugins/module_utils/ca_common.py +++ /dev/null @@ -1,143 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2020 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# Included from: https://github.com/ceph/ceph-ansible/blob/master/module_utils/ca_common.py -import os -import datetime - - -def generate_ceph_cmd(sub_cmd, args, spec_path, user_key=None, cluster='ceph', - user='client.admin', container_image=None, interactive=False): - ''' - Generate 'ceph' command line to execute - ''' - - if not user_key: - user_key = '/etc/ceph/{}.{}.keyring'.format(cluster, user) - - cmd = pre_generate_ceph_cmd(container_image=container_image, interactive=interactive, spec_path=spec_path) - - base_cmd = [ - '-n', - user, - '-k', - user_key, - '--cluster', - cluster - ] - base_cmd.extend(sub_cmd) - cmd.extend(base_cmd + args) - - return cmd - - -def container_exec(binary, container_image, spec_path=None, interactive=False): - ''' - Build the docker CLI to run a command inside a container - ''' - - container_binary = os.getenv('CEPH_CONTAINER_BINARY') - command_exec = [container_binary, 'run'] - - fsid = '' - if interactive: - command_exec.extend(['--interactive']) - - if 'CEPH_FSID' in os.environ: - fsid = os.getenv('CEPH_FSID') - ceph_config_path = '/etc/ceph' - if fsid: - path = '/var/lib/ceph/{}/config'.format(fsid) - if os.path.exists(path): - ceph_config_path = path - command_exec.extend(['--rm', - '--net=host', - '-v', '{}:/etc/ceph:z'.format(ceph_config_path), - '-v', '/var/lib/ceph/:/var/lib/ceph/:z', - '-v', '/var/log/ceph/:/var/log/ceph/:z']) - - if spec_path is not None and len(spec_path) > 0: - command_exec.extend(['-v', '{}:{}:z'.format(spec_path, spec_path)]) - - command_exec.extend(['--entrypoint=' + binary, container_image]) - - return command_exec - - -def is_containerized(): - ''' - Check if we are running on a containerized cluster - ''' - - if 'CEPH_CONTAINER_IMAGE' in os.environ: - container_image = os.getenv('CEPH_CONTAINER_IMAGE') - else: - container_image = None - - return container_image - - -def pre_generate_ceph_cmd(container_image=None, interactive=False, spec_path=None): - ''' - Generate ceph prefix comaand - ''' - if container_image: - cmd = container_exec('ceph', container_image, spec_path=spec_path, interactive=interactive) - else: - cmd = ['ceph'] - - return cmd - - -def exec_command(module, cmd, stdin=None): - ''' - Execute command(s) - ''' - - binary_data = False - if stdin: - binary_data = True - rc, out, err = module.run_command(cmd, data=stdin, binary_data=binary_data) - - return rc, cmd, out, err - - -def exit_module(module, out, rc, cmd, err, startd, changed=False): - endd = datetime.datetime.now() - delta = endd - startd - - result = dict( - cmd=cmd, - start=str(startd), - end=str(endd), - delta=str(delta), - rc=rc, - stdout=out.rstrip("\r\n"), - stderr=err.rstrip("\r\n"), - changed=changed, - ) - module.exit_json(**result) - - -def fatal(message, module): - ''' - Report a fatal error and exit - ''' - - if module: - module.fail_json(msg=message, rc=1) - else: - raise(Exception(message)) diff --git a/tripleo_ansible/ansible_plugins/module_utils/ceph_spec.py b/tripleo_ansible/ansible_plugins/module_utils/ceph_spec.py deleted file mode 100644 index 17e7f60e9..000000000 --- a/tripleo_ansible/ansible_plugins/module_utils/ceph_spec.py +++ /dev/null @@ -1,294 +0,0 @@ -#!/usr/bin/env python -# Copyright (c) 2021 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import ipaddress -import json -import sys - -ALLOWED_DAEMONS = ['host', 'mon', 'mgr', 'mds', 'nfs', 'osd', 'rgw', 'grafana', - 'crash', 'prometheus', 'alertmanager', 'node-exporter', 'ingress'] - -ALLOWED_HOST_PLACEMENT_MODE = ['hosts', 'host_pattern', 'label'] - -CRUSH_ALLOWED_LOCATION = ['osd', 'host', 'chassis', 'rack', 'row', 'pdu', 'pod', - 'room', 'datacenter', 'zone', 'region', 'root'] - -ALLOWED_EXTRA_KEYS = dict() - -ALLOWED_SPEC_KEYS = { - 'rgw': [ - 'rgw_frontend_port', - 'rgw_frontend_type', - 'rgw_realm', - 'rgw_zone', - 'rgw_ip_address', - 'rgw_frontend_ssl_certificate', - 'ssl' - ], - 'nfs': [ - 'namespace', - 'pool' - ], - 'ingress': [ - 'backend_service', - 'frontend_port', - 'monitor_port', - 'virtual_ip', - 'virtual_interface_networks', - 'ssl_cert' - ], -} - - -class CephPlacementSpec(object): - def __init__(self, - hosts: list, - host_pattern: str, - count: int, - labels: list): - - if len(labels) > 0: - self.labels = labels - if count > 0: - self.count = count - if host_pattern is not None and len(host_pattern) > 0: - self.host_pattern = host_pattern - - if hosts is not None and len(hosts) > 0: - self.hosts = hosts - - def __setattr__(self, key, value): - self.__dict__[key] = value - - def make_spec(self): - # if the host list is passed, this should be - # the preferred way - if getattr(self, 'hosts', None): - spec_template = { - 'placement': { - 'hosts': self.hosts - } - } - # if no list is passed or an empty list is provided - # let's check if a "host pattern" is provided - elif getattr(self, 'host_pattern', None): - spec_template = { - 'placement': { - 'host_pattern': self.host_pattern - } - } - elif getattr(self, 'labels', None) is not None: - spec_template = { - 'placement': { - 'labels': self.labels - } - } - else: - spec_template = {} - - return spec_template - - -class CephHostSpec(object): - def __init__(self, daemon_type: str, - daemon_addr: str, - daemon_hostname: str, - labels: list, - location: dict = None, - ): - - self.daemon_type = daemon_type - self.daemon_addr = daemon_addr - self.daemon_hostname = daemon_hostname - - assert isinstance(labels, list) - self.labels = list(set(labels)) - - # init crush location parameters - if location and isinstance(location, dict): - self.location = location - else: - self.location = {} - - def is_valid_crush_location(self): - for k in self.location.keys(): - if k not in CRUSH_ALLOWED_LOCATION: - return False - return True - - def make_daemon_spec(self): - lb = {} - crloc = {} - - spec_template = { - 'service_type': self.daemon_type, - 'addr': self.daemon_addr, - 'hostname': self.daemon_hostname, - } - - if len(self.labels) > 0: - lb = {'labels': self.labels} - - if self.location: - if self.is_valid_crush_location(): - crloc = {'location': self.location} - else: - raise Exception("Fatal: the spec should be composed by only allowed keywords") - - spec_template = {**spec_template, **lb, **crloc} - return spec_template - - -class CephDaemonSpec(object): - def __init__(self, daemon_type: str, - daemon_id: str, - daemon_name: str, - hosts: list, - placement_pattern: str, - networks: list, - spec: dict, - labels: list, - **kwargs: dict): - - self.daemon_name = daemon_name - self.daemon_id = daemon_id - self.daemon_type = daemon_type - self.hosts = hosts - self.placement = placement_pattern - self.labels = labels - - # network list where the current daemon should be bound - if not networks: - self.networks = [] - else: - self.networks = networks - - # extra keywords definition (e.g. data_devices for OSD(s) - self.extra = {} - for k, v in kwargs.items(): - self.extra[k] = v - - assert isinstance(spec, dict) - self.spec = spec - - def __setattr__(self, key, value): - self.__dict__[key] = value - - def validate_networks(self): - if len(self.networks) < 1: - return False - - for network in self.networks: - try: - ipaddress.ip_network(network) - except ValueError as e: - raise Exception(f'Cannot parse network {network}: {e}') - return True - - def make_daemon_spec(self): - - # the placement dict - pl = {} - # the spec dict - sp = {} - - place = CephPlacementSpec(self.hosts, self.placement, 0, self.labels) - pl = place.make_spec() - - # the spec daemon header - spec_template = { - 'service_type': self.daemon_type, - 'service_name': self.daemon_name, - 'service_id': self.daemon_id, - } - - # the networks dict - ntw = {} - - if self.validate_networks(): - ntw = { - 'networks': self.networks - } - - # process extra parameters if present - if not self.validate_keys(self.extra.keys(), ALLOWED_EXTRA_KEYS): - raise Exception("Fatal: the spec should be composed by only allowed keywords") - - # append the spec if provided - if len(self.spec.keys()) > 0: - if self.validate_keys(self.spec.keys(), ALLOWED_SPEC_KEYS): - sp = {'spec': self.normalize_spec(self.filter_spec(self.spec))} - else: - raise Exception("Fatal: the spec should be composed by only allowed keywords") - - # build the resulting daemon template - spec_template = {**spec_template, **ntw, **self.extra, **pl, **sp} - return spec_template - - def normalize_spec(self, spec): - ''' - For each spec key we need to make sure - that ports are evaluated as int, otherwise - cephadm fails when the spec is applied. - ''' - for k, v in spec.items(): - if 'port' in k: - spec[k] = int(v) - return spec - - def filter_spec(self, spec): - return {k: v for k, v in spec.items() if v} - - def validate_keys(self, spec, ALLOWED_KEYS): - ''' - When the spec section is created, if constraints are - defined for a given daemon, then this check is run - to make sure only valid keys are provided. - ''' - - # an entry for the current daemon is not found - # no checks are required (let ceph orch take care of - # the validation - if self.daemon_type not in ALLOWED_KEYS.keys(): - return True - - # a basic check on the spec dict: if some constraints - # are specified, the provided keys should be contained - # in the ALLOWED keys - for item in spec: - if item not in ALLOWED_KEYS.get(self.daemon_type): - return False - return True - - def log(self, msg): - print('[DEBUG] - %s' % msg) - - def whoami(self) -> str: - return '%s.%s' % (self.daemon_type, self.daemon_id) - - -def export(content, fp): - if len(content) > 0: - if fp is not None and len(fp) > 0: - open(fp, 'w').close() # reset file - with open(fp, 'w') as f: - f.write('---\n') - f.write(content) - else: - print('---') - print(content.rstrip('\r\n')) - else: - print('Nothing to dump!') diff --git a/tripleo_ansible/ansible_plugins/module_utils/network_data_v2.py b/tripleo_ansible/ansible_plugins/module_utils/network_data_v2.py deleted file mode 100644 index 645bb72f6..000000000 --- a/tripleo_ansible/ansible_plugins/module_utils/network_data_v2.py +++ /dev/null @@ -1,497 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2020 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import collections -import collections.abc -import ipaddress -import jsonschema -import os -import yaml - -RES_ID = 'physical_resource_id' -TYPE_NET = 'OS::Neutron::Net' -TYPE_SUBNET = 'OS::Neutron::Subnet' -RES_TYPE = 'resource_type' -TYPE_SEGMENT = 'OS::Neutron::Segment' -NET_VIP_SUFFIX = '_virtual_ip' - -DOMAIN_NAME_REGEX = (r'^(?=^.{1,255}$)(?!.*\.\..*)(.{1,63}\.)' - r'+(.{0,63}\.?)|(?!\.)(?!.*\.\..*)(^.{1,63}$)' - r'|(^\.$)$') -NET_DATA_V2_SCHEMA = ''' ---- -$schema: http://json-schema.org/draft-04/schema - -definitions: - domain_name_string: - type: string - pattern: {domain_name_regex} - ipv4_allocation_pool: - type: object - properties: - start: - type: string - ip_address_version: 4 - end: - type: string - ip_address_version: 4 - additionalProperties: False - uniqueItems: true - required: - - start - - end - ipv4_route: - type: object - properties: - destination: - type: string - ip_subnet_version: 4 - nexthop: - type: string - ip_address_version: 4 - additionalProperties: False - uniqueItems: true - required: - - destination - - nexthop - ipv6_allocation_pool: - type: object - properties: - start: - type: string - ip_address_version: 6 - end: - type: string - ip_address_version: 6 - additionalProperties: False - uniqueItems: true - required: - - start - - end - ipv6_route: - type: object - properties: - destination: - type: string - ip_subnet_version: 6 - nexthop: - type: string - ip_address_version: 6 - additionalProperties: False - uniqueItems: true - required: - - destination - - nexthop - - ipv4_subnet: - type: object - properties: - ip_subnet: - type: string - ip_subnet_version: 4 - gateway_ip: - type: string - ip_address_version: 4 - allocation_pools: - type: array - items: - $ref: "#/definitions/ipv4_allocation_pool" - enable_dhcp: - type: boolean - routes: - type: array - items: - $ref: "#/definitions/ipv4_route" - vlan: - type: integer - minimum: 1 - maximum: 4096 - physical_network: - type: string - network_type: - enum: - - flat - - vlan - segmentation_id: - type: integer - minimum: 1 - maximum: 4096 - additionalProperties: False - required: - - ip_subnet - - ipv6_subnet: - type: object - properties: - ipv6_subnet: - type: string - ip_subnet_version: 6 - gateway_ipv6: - type: string - ip_address_version: 6 - ipv6_allocation_pools: - type: array - items: - $ref: "#/definitions/ipv6_allocation_pool" - routes_ipv6: - type: array - items: - $ref: "#/definitions/ipv6_route" - ipv6_address_mode: - enum: - - slaac - - dhcpv6-stateful - - dhcpv6-stateless - ipv6_ra_mode: - enum: - - slaac - - dhcpv6-stateful - - dhcpv6-stateless - enable_dhcp: - type: boolean - vlan: - type: integer - minimum: 1 - maximum: 4096 - physical_network: - type: string - network_type: - type: string - enum: - - flat - - vlan - segmentation_id: - type: integer - minimum: 1 - maximum: 4096 - additionalProperties: False - required: - - ipv6_subnet - - dual_subnet: - type: object - properties: - ip_subnet: - type: string - ip_subnet_version: 4 - gateway_ip: - type: string - ip_address_version: 4 - allocation_pools: - type: array - items: - $ref: "#/definitions/ipv4_allocation_pool" - routes: - type: array - items: - $ref: "#/definitions/ipv4_route" - ipv6_subnet: - type: string - ip_subnet_version: 6 - gateway_ipv6: - type: string - ip_address_version: 6 - ipv6_allocation_pools: - type: array - items: - $ref: "#/definitions/ipv6_allocation_pool" - routes_ipv6: - type: array - items: - $ref: "#/definitions/ipv6_route" - ipv6_address_mode: - enum: - - slaac - - dhcpv6-stateful - - dhcpv6-stateless - ipv6_ra_mode: - enum: - - slaac - - dhcpv6-stateful - - dhcpv6-stateless - enable_dhcp: - type: boolean - vlan: - type: integer - minimum: 1 - maximum: 4096 - physical_network: - type: string - network_type: - type: string - enum: - - flat - - vlan - segmentation_id: - type: integer - minimum: 1 - maximum: 4096 - additionalProperties: False - required: - - ip_subnet - - ipv6_subnet - -type: object -properties: - name: - type: string - name_lower: - type: string - admin_state_up: - type: boolean - dns_domain: - $ref: "#/definitions/domain_name_string" - mtu: - type: integer - minimum: 1000 - maximum: 65536 - shared: - type: boolean - service_net_map_replace: - type: string - ipv6: - type: boolean - vip: - type: boolean - subnets: - type: object - additionalProperties: - oneOf: - - $ref: "#/definitions/ipv4_subnet" - - $ref: "#/definitions/ipv6_subnet" - - $ref: "#/definitions/dual_subnet" -additionalProperties: False -required: -- name -- subnets -'''.format(domain_name_regex=DOMAIN_NAME_REGEX) - - -def _get_detailed_errors(error, depth, absolute_schema_path, absolute_schema, - filter_errors=True): - """Returns a list of error messages from all subschema validations. - - Recurses the error tree and adds one message per sub error. That list can - get long, because jsonschema also tests the hypothesis that the provided - network element type is wrong (e.g. "ovs_bridge" instead of "ovs_bond"). - Setting `filter_errors=True` assumes the type, if specified, is correct and - therefore produces a much shorter list of more relevant results. - """ - - if not error.context: - return [] - - sub_errors = error.context - if filter_errors: - if (absolute_schema_path[-1] in ['oneOf', 'anyOf'] - and isinstance(error.instance, collections.abc.Mapping) - and 'type' in error.instance): - found, index = _find_type_in_schema_list( - error.validator_value, error.instance['type']) - if found: - sub_errors = [i for i in sub_errors if ( - i.schema_path[0] == index)] - - details = [] - sub_errors = sorted(sub_errors, key=lambda e: e.schema_path) - for sub_error in sub_errors: - schema_path = collections.deque(absolute_schema_path) - schema_path.extend(sub_error.schema_path) - details.append("{} {}: {}".format( - '-' * depth, - _pretty_print_schema_path(schema_path, absolute_schema), - sub_error.message) - ) - details.extend(_get_detailed_errors( - sub_error, depth + 1, schema_path, absolute_schema, - filter_errors)) - - return details - - -def _find_type_in_schema_list(schemas, type): - """Finds an object of a given type in an anyOf/oneOf array. - - Returns a tuple (`found`, `index`), where `found` indicates whether - on object of type `type` was found in the `schemas` array. - If so, `index` contains the object's position in the array. - """ - for index, schema in enumerate(schemas): - if not isinstance(schema, collections.abc.Mapping): - continue - if '$ref' in schema and schema['$ref'].split('/')[-1] == type: - return True, index - if ('properties' in schema and 'type' in schema['properties'] - and schema['properties']['type'] == type): - return True, index - - return False, 0 - - -def _pretty_print_schema_path(absolute_schema_path, absolute_schema): - """Returns a representation of the schema path that's easier to read. - - For example: - >>> _pretty_print_schema_path("items/oneOf/0/properties/use_dhcp/oneOf/2") - "items/oneOf/interface/use_dhcp/oneOf/param" - """ - - pretty_path = [] - current_path = [] - current_schema = absolute_schema - for item in absolute_schema_path: - if item not in ["properties"]: - pretty_path.append(item) - current_path.append(item) - current_schema = current_schema[item] - if (isinstance(current_schema, collections.abc.Mapping) - and '$ref' in current_schema): - if (isinstance(pretty_path[-1], int) and pretty_path[-2] - in ['oneOf', 'anyOf']): - pretty_path[-1] = current_schema['$ref'].split('/')[-1] - current_path = current_schema['$ref'].split('/') - current_schema = absolute_schema - for i in current_path[1:]: - current_schema = current_schema[i] - - return '/'.join([str(x) for x in pretty_path]) - - -def validate_json_schema(net_data): - - def ip_subnet_version_validator(validator, ip_version, instance, schema): - msg = '{} does not appear to be an IPv{} subnet'.format( - instance, ip_version) - try: - if not ipaddress.ip_network(instance).version == ip_version: - yield jsonschema.ValidationError(msg) - except ValueError: - yield jsonschema.ValidationError(msg) - - def ip_address_version_validator(validator, ip_version, instance, schema): - msg = '{} does not appear to be an IPv{} address'.format( - instance, ip_version) - try: - if not ipaddress.ip_address(instance).version == ip_version: - yield jsonschema.ValidationError(msg) - except ValueError: - yield jsonschema.ValidationError(msg) - - schema = yaml.safe_load(NET_DATA_V2_SCHEMA) - net_data_validator = jsonschema.validators.extend( - jsonschema.Draft4Validator, - validators={'ip_subnet_version': ip_subnet_version_validator, - 'ip_address_version': ip_address_version_validator}) - validator = net_data_validator(schema) - errors = validator.iter_errors(instance=net_data) - - error_messages = [] - for error in errors: - details = _get_detailed_errors(error, 1, error.schema_path, schema) - - config_path = '/'.join([str(x) for x in error.path]) - if details: - error_messages.append( - "Failed schema validation at {}:\n {}\n" - " Sub-schemas tested and not matching:\n {}".format( - config_path, error.message, '\n '.join(details))) - else: - error_messages.append( - "Failed schema validation at {}:\n {}".format( - config_path, error.message)) - - return error_messages - - -def validate_playbook_dir(playbook_dir_path): - if not os.path.exists(playbook_dir_path): - raise Exception('ERROR: Playbook directory {} does not exist.'.format( - playbook_dir_path)) - - if not os.path.isdir(playbook_dir_path): - raise Exception( - 'ERROR: Playbook directory {} is not a directory'.format( - playbook_dir_path)) - - -def tags_to_dict(resource_tags): - tag_dict = dict() - for tag in resource_tags: - if not tag.startswith('tripleo_'): - continue - try: - key, value = tag.rsplit('=') - except ValueError: - continue - if key == 'tripleo_net_idx': - value = int(value) - tag_dict.update({key: value}) - - return tag_dict - - -def wrap_ipv6(ip_address): - """Wrap the address in square brackets if it's an IPv6 address.""" - if ipaddress.ip_address(ip_address).version == 6: - return '[{}]'.format(ip_address) - - return ip_address - - -def get_overcloud_network_resources(conn, stack_name): - network_resource_dict = dict() - networks = [res for res in conn.orchestration.resources(stack_name) - if res.name == 'Networks'][0] - networks = conn.orchestration.resources(networks.physical_resource_id) - for net in networks: - if net.name == 'NetworkExtraConfig': - continue - network_resource_dict[net.name] = dict() - for res in conn.orchestration.resources(net.physical_resource_id): - if res.resource_type == TYPE_SEGMENT: - continue - network_resource_dict[net.name][res.name] = { - RES_ID: res.physical_resource_id, - RES_TYPE: res.resource_type - } - - return network_resource_dict - - -def create_name_id_maps(conn): - net_name_map = {} - net_id_map = {} - cidr_prefix_map = {} - for net in conn.network.networks(): - tags = tags_to_dict(net.tags) - subnets = conn.network.subnets(network_id=net.id) - net_id_map[net.id] = net.name - net_name_map[net.name] = dict( - id=net.id, - name_upper=tags.get('tripleo_network_name', net.name) - ) - subnets_map = net_name_map[net.name]['subnets'] = dict() - - for s in subnets: - subnets_map[s.name] = s.id - cidr_prefix_map[s.id] = s.cidr.split('/')[-1] - - net_maps = dict(by_id=net_id_map, - by_name=net_name_map, - cidr_prefix_map=cidr_prefix_map) - - return net_maps diff --git a/tripleo_ansible/ansible_plugins/module_utils/tripleo_common_utils.py b/tripleo_ansible/ansible_plugins/module_utils/tripleo_common_utils.py deleted file mode 100644 index a8df224d6..000000000 --- a/tripleo_ansible/ansible_plugins/module_utils/tripleo_common_utils.py +++ /dev/null @@ -1,83 +0,0 @@ -#!/usr/bin/python -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# NOTE: This is still using the legacy clients. We've not -# changed to using the OpenStackSDK fully because -# tripleo-common expects the legacy clients. Once -# we've updated tripleo-common to use the SDK we -# should revise this. -import os - -from heatclient.v1 import client as heatclient -from ironicclient import client as ironicclient - -from tripleo_common.utils import heat as tc_heat_utils -from tripleo_common.utils import nodes -from tripleo_common.utils import parameters - - -class TripleOCommon(object): - def __init__(self, session): - self.sess = session - self.client_cache = dict() - - def get_orchestration_client(self): - """Return the orchestration (heat) client. - - This method will return a client object using the legacy library. Upon - the creation of a successful client creation, the client object will - be stored in the `self.client_cache object`, should this method be - called more than once, the cached object will automatically return, - resulting in fewer authentications and faster API interactions. - - :returns: Object - """ - - if 'heatclient' in self.client_cache: - return self.client_cache['heatclient'] - else: - if os.environ.get('OS_HEAT_TYPE', '') == 'ephemeral': - host = os.environ.get('OS_HEAT_HOST', '127.0.0.1') - port = os.environ.get('OS_HEAT_PORT', 8006) - self.client_cache['heatclient'] = \ - tc_heat_utils.local_orchestration_client(host, int(port)) - else: - self.client_cache['heatclient'] = \ - heatclient.Client(session=self.sess) - return self.client_cache['heatclient'] - - def get_baremetal_client(self): - """Return the baremetal (ironic) client. - - This method will return a client object using the legacy library. Upon - the creation of a successful client creation, the client object will - be stored in the `self.client_cache object`, should this method be - called more than once, the cached object will automatically return, - resulting in fewer authentications and faster API interactions. - - :returns: Object - """ - - if 'ironicclient' in self.client_cache: - return self.client_cache['ironicclient'] - else: - self.client_cache['ironicclient'] = \ - ironicclient.Client( - 1, - session=self.sess, - os_ironic_api_version='1.36' - ) - return self.client_cache['ironicclient'] diff --git a/tripleo_ansible/ansible_plugins/modules/baremetal_nodes_validate.py b/tripleo_ansible/ansible_plugins/modules/baremetal_nodes_validate.py deleted file mode 100644 index 7fdc14742..000000000 --- a/tripleo_ansible/ansible_plugins/modules/baremetal_nodes_validate.py +++ /dev/null @@ -1,101 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2018 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from ansible.module_utils.basic import AnsibleModule - -from tripleo_common import exception -from tripleo_common.utils import nodes - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: baremetal_nodes_validate - -short_description: Baremetal nodes - -version_added: "2.8" - -description: - - "Baremetal nodes functions." - -options: - node_list: - description: - - List of the nodes to be validated - required: true - -author: - - Adriano Petrich (@frac) -''' - -EXAMPLES = ''' -# Pass in a message -- name: Test with a message - baremetal_nodes_validate: - nodes_list: - - _comment: 'This is a comment' - pm_type: 'pxe_ipmitool' - pm_addr: '192.168.0.1' - pm_user: 'root' - pm_password: 'p@$$w0rd' - - - pm_type: 'ipmi' - pm_addr: '192.168.1.1' - pm_user: 'root' - pm_password: 'p@$$w0rd' -''' - - -def run_module(): - module_args = dict( - nodes_list=dict(type='list', required=True), - ) - - result = dict( - success=False, - error='' - ) - - module = AnsibleModule( - argument_spec=module_args, - supports_check_mode=True - ) - - if module.check_mode: - module.exit_json(**result) - try: - nodes_json = module.params['nodes_list'] - nodes.validate_nodes(nodes_json) - result['success'] = True - except exception.InvalidNode as exc: - result['error'] = str(exc) - module.fail_json(msg='Validation Failed', **result) - - module.exit_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/ceph_crush_rule.py b/tripleo_ansible/ansible_plugins/modules/ceph_crush_rule.py deleted file mode 100644 index 825c3d17a..000000000 --- a/tripleo_ansible/ansible_plugins/modules/ceph_crush_rule.py +++ /dev/null @@ -1,242 +0,0 @@ -# Copyright 2020, Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# Included from: https://github.com/ceph/ceph-ansible/blob/master/library/ceph_crush_rule.py - -from __future__ import absolute_import, division, print_function -__metaclass__ = type - -from ansible.module_utils.basic import AnsibleModule -try: - from ansible.module_utils.ca_common import exit_module, generate_ceph_cmd, is_containerized, exec_command -except ImportError: - from module_utils.ca_common import exit_module, generate_ceph_cmd, is_containerized, exec_command -import datetime -import json -import yaml - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = """ ---- -module: ceph_crush_rule -short_description: Manage Ceph Crush Replicated/Erasure Rule -version_added: "2.8" -description: - - Manage Ceph Crush rule(s) creation, deletion and updates. -options: - name: - description: - - name of the Ceph Crush rule. - required: true - type: str - cluster: - description: - - The ceph cluster name. - required: false - default: ceph - type: str - state: - description: - If 'present' is used, the module creates a rule if it doesn't - exist or update it if it already exists. - If 'absent' is used, the module will simply delete the rule. - If 'info' is used, the module will return all details about the - existing rule (json formatted). - required: false - choices: ['present', 'absent', 'info'] - default: present - type: str - rule_type: - description: - - The ceph CRUSH rule type. - required: false - choices: ['replicated', 'erasure'] - required: false - type: str - bucket_root: - description: - - The ceph bucket root for replicated rule. - required: false - type: str - bucket_type: - description: - - The ceph bucket type for replicated rule. - required: false - choices: ['osd', 'host', 'chassis', 'rack', 'row', 'pdu', 'pod', 'room', 'datacenter', 'zone', 'region', 'root'] - type: str - device_class: - description: - - The ceph device class for replicated rule. - required: false - type: str - profile: - description: - - The ceph erasure profile for erasure rule. - required: false - type: str -author: - - Dimitri Savineau -""" - -EXAMPLES = ''' -- name: create a Ceph Crush replicated rule - ceph_crush_rule: - name: foo - bucket_root: default - bucket_type: host - device_class: ssd - rule_type: replicated - -- name: create a Ceph Crush erasure rule - ceph_crush_rule: - name: foo - profile: bar - rule_type: erasure - -- name: get a Ceph Crush rule information - ceph_crush_rule: - name: foo - state: info - -- name: delete a Ceph Crush rule - ceph_crush_rule: - name: foo - state: absent -''' - -RETURN = '''# ''' - - -def create_rule(module, container_image=None): - ''' - Create a new crush replicated/erasure rule - ''' - - cluster = module.params.get('cluster') - name = module.params.get('name') - rule_type = module.params.get('rule_type') - bucket_root = module.params.get('bucket_root') - bucket_type = module.params.get('bucket_type') - device_class = module.params.get('device_class') - profile = module.params.get('profile') - - if rule_type == 'replicated': - args = ['create-replicated', name, bucket_root, bucket_type] - if device_class: - args.append(device_class) - else: - args = ['create-erasure', name] - if profile: - args.append(profile) - - cmd = generate_ceph_cmd(['osd', 'crush', 'rule'], args, spec_path=None, cluster=cluster, container_image=container_image) - - return cmd - - -def get_rule(module, container_image=None): - ''' - Get existing crush rule - ''' - - cluster = module.params.get('cluster') - name = module.params.get('name') - - args = ['dump', name, '--format=json'] - - cmd = generate_ceph_cmd(['osd', 'crush', 'rule'], args, spec_path=None, cluster=cluster, container_image=container_image) - - return cmd - - -def remove_rule(module, container_image=None): - ''' - Remove a crush rule - ''' - - cluster = module.params.get('cluster') - name = module.params.get('name') - - args = ['rm', name] - - cmd = generate_ceph_cmd(['osd', 'crush', 'rule'], args, spec_path=None, cluster=cluster, container_image=container_image) - - return cmd - - -def main(): - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=True, - required_if=[ - ('state', 'present', ['rule_type']), - ('rule_type', 'replicated', ['bucket_root', 'bucket_type']), - ('rule_type', 'erasure', ['profile']) - ] - ) - - # Gather module parameters in variables - name = module.params.get('name') - state = module.params.get('state') - rule_type = module.params.get('rule_type') - - if module.check_mode: - module.exit_json( - changed=False, - stdout='', - stderr='', - rc=0, - start='', - end='', - delta='', - ) - - startd = datetime.datetime.now() - changed = False - - # will return either the image name or None - container_image = is_containerized() - - if state == "present": - rc, cmd, out, err = exec_command(module, get_rule(module, container_image=container_image)) - if rc != 0: - rc, cmd, out, err = exec_command(module, create_rule(module, container_image=container_image)) - changed = True - else: - rule = json.loads(out) - if (rule['type'] == 1 and rule_type == 'erasure') or (rule['type'] == 3 and rule_type == 'replicated'): - module.fail_json(msg="Can not convert crush rule {} to {}".format(name, rule_type), changed=False, rc=1) - - elif state == "absent": - rc, cmd, out, err = exec_command(module, get_rule(module, container_image=container_image)) - if rc == 0: - rc, cmd, out, err = exec_command(module, remove_rule(module, container_image=container_image)) - changed = True - else: - rc = 0 - out = "Crush Rule {} doesn't exist".format(name) - - elif state == "info": - rc, cmd, out, err = exec_command(module, get_rule(module, container_image=container_image)) - - exit_module(module=module, out=out, rc=rc, cmd=cmd, err=err, startd=startd, changed=changed) - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/ceph_dashboard_user.py b/tripleo_ansible/ansible_plugins/modules/ceph_dashboard_user.py deleted file mode 100644 index 9e1de74d2..000000000 --- a/tripleo_ansible/ansible_plugins/modules/ceph_dashboard_user.py +++ /dev/null @@ -1,265 +0,0 @@ -# Copyright 2020, Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from __future__ import absolute_import, division, print_function -__metaclass__ = type - -from ansible.module_utils.basic import AnsibleModule -try: - from ansible.module_utils.ca_common import generate_ceph_cmd, \ - is_containerized, \ - exec_command, \ - exit_module -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils.ca_common import generate_ceph_cmd, is_containerized, exec_command, exit_module - -import datetime -import json -import yaml - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = """ ---- -module: ceph_dashboard_user - -short_description: Manage Ceph Dashboard User - -version_added: "2.8" - -description: - - Manage Ceph Dashboard user(s) creation, deletion and updates. -options: - cluster: - description: - - The ceph cluster name. - required: false - default: ceph - type: str - name: - description: - - name of the Ceph Dashboard user. - required: true - type: str - state: - description: - If 'present' is used, the module creates a user if it doesn't - exist or update it if it already exists. - If 'absent' is used, the module will simply delete the user. - If 'info' is used, the module will return all details about the - existing user (json formatted). - required: false - choices: ['present', 'absent', 'info'] - default: present - type: str - password: - description: - - password of the Ceph Dashboard user. - required: false - type: str - roles: - description: - - roles of the Ceph Dashboard user. - required: false - choices: ['administrator', 'read-only', 'block-manager', 'rgw-manager', 'cluster-manager', 'pool-manager', 'cephfs-manager'] - type: list - default: [] - -author: - - Dimitri Savineau -""" - -EXAMPLES = ''' -- name: create a Ceph Dashboard user - ceph_dashboard_user: - name: foo - password: bar - -- name: create a read-only/block-manager Ceph Dashboard user - ceph_dashboard_user: - name: foo - password: bar - roles: - - 'read-only' - - 'block-manager' - -- name: create a Ceph Dashboard admin user - ceph_dashboard_user: - name: foo - password: bar - roles: ['administrator'] - -- name: get a Ceph Dashboard user information - ceph_dashboard_user: - name: foo - state: info - -- name: delete a Ceph Dashboard user - ceph_dashboard_user: - name: foo - state: absent -''' - -RETURN = '''# ''' - - -def create_user(module, container_image=None): - ''' - Create a new user - ''' - - cluster = module.params.get('cluster') - name = module.params.get('name') - - args = ['ac-user-create', '-i', '-', name] - - cmd = generate_ceph_cmd(sub_cmd=['dashboard'], args=args, spec_path=None, cluster=cluster, container_image=container_image, interactive=True) - - return cmd - - -def set_roles(module, container_image=None): - ''' - Set user roles - ''' - - cluster = module.params.get('cluster') - name = module.params.get('name') - roles = module.params.get('roles') - - args = ['ac-user-set-roles', name] - - args.extend(roles) - - cmd = generate_ceph_cmd(sub_cmd=['dashboard'], args=args, spec_path=None, cluster=cluster, container_image=container_image) - - return cmd - - -def set_password(module, container_image=None): - ''' - Set user password - ''' - - cluster = module.params.get('cluster') - name = module.params.get('name') - - args = ['ac-user-set-password', '-i', '-', name] - - cmd = generate_ceph_cmd(sub_cmd=['dashboard'], args=args, spec_path=None, cluster=cluster, container_image=container_image, interactive=True) - - return cmd - - -def get_user(module, container_image=None): - ''' - Get existing user - ''' - - cluster = module.params.get('cluster') - name = module.params.get('name') - - args = ['ac-user-show', name, '--format=json'] - - cmd = generate_ceph_cmd(sub_cmd=['dashboard'], args=args, spec_path=None, cluster=cluster, container_image=container_image) - - return cmd - - -def remove_user(module, container_image=None): - ''' - Remove a user - ''' - - cluster = module.params.get('cluster') - name = module.params.get('name') - - args = ['ac-user-delete', name] - - cmd = generate_ceph_cmd(sub_cmd=['dashboard'], args=args, spec_path=None, cluster=cluster, container_image=container_image) - - return cmd - - -def run_module(): - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=True, - required_if=[['state', 'present', ['password']]] - ) - - # Gather module parameters in variables - name = module.params.get('name') - state = module.params.get('state') - roles = module.params.get('roles') - password = module.params.get('password') - - if module.check_mode: - module.exit_json( - changed=False, - stdout='', - stderr='', - rc=0, - start='', - end='', - delta='', - ) - - startd = datetime.datetime.now() - changed = False - - # will return either the image name or None - container_image = is_containerized() - - if state == "present": - rc, cmd, out, err = exec_command(module, get_user(module, container_image=container_image)) - if rc == 0: - user = json.loads(out) - user['roles'].sort() - roles.sort() - if user['roles'] != roles: - rc, cmd, out, err = exec_command(module, set_roles(module, container_image=container_image)) - changed = True - rc, cmd, out, err = exec_command(module, set_password(module, container_image=container_image), stdin=password) - else: - rc, cmd, out, err = exec_command(module, create_user(module, container_image=container_image), stdin=password) - rc, cmd, out, err = exec_command(module, set_roles(module, container_image=container_image)) - changed = True - - elif state == "absent": - rc, cmd, out, err = exec_command(module, get_user(module, container_image=container_image)) - if rc == 0: - rc, cmd, out, err = exec_command(module, remove_user(module, container_image=container_image)) - changed = True - else: - rc = 0 - out = "Dashboard User {} doesn't exist".format(name) - - elif state == "info": - rc, cmd, out, err = exec_command(module, get_user(module, container_image=container_image)) - - exit_module(module=module, out=out, rc=rc, cmd=cmd, err=err, startd=startd, changed=changed) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/ceph_fs.py b/tripleo_ansible/ansible_plugins/modules/ceph_fs.py deleted file mode 100644 index 4a9694efb..000000000 --- a/tripleo_ansible/ansible_plugins/modules/ceph_fs.py +++ /dev/null @@ -1,256 +0,0 @@ -# Copyright 2020, Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# Included from: https://github.com/ceph/ceph-ansible/blob/master/library/ceph_fs.py - -from __future__ import absolute_import, division, print_function -__metaclass__ = type - -from ansible.module_utils.basic import AnsibleModule -try: - from ansible.module_utils.ca_common import is_containerized, \ - exec_command, \ - generate_ceph_cmd, \ - exit_module -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils.ca_common import is_containerized, \ - exec_command, \ - generate_ceph_cmd, \ - exit_module - -import datetime -import json -import yaml - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = """ ---- -module: ceph_fs - -short_description: Manage Ceph File System - -version_added: "2.8" - -description: - - Manage Ceph File System(s) creation, deletion and updates. -options: - cluster: - description: - - The ceph cluster name. - required: false - default: ceph - name: - description: - - name of the Ceph File System. - required: true - state: - description: - If 'present' is used, the module creates a filesystem if it - doesn't exist or update it if it already exists. - If 'absent' is used, the module will simply delete the filesystem. - If 'info' is used, the module will return all details about the - existing filesystem (json formatted). - required: false - choices: ['present', 'absent', 'info'] - default: present - data: - description: - - name of the data pool. - required: false - metadata: - description: - - name of the metadata pool. - required: false - max_mds: - description: - - name of the max_mds attribute. - required: false - -author: - - Dimitri Savineau -""" - -EXAMPLES = ''' -- name: create a Ceph File System - ceph_fs: - name: foo - data: bar_data - metadata: bar_metadata - max_mds: 2 - -- name: get a Ceph File System information - ceph_fs: - name: foo - state: info - -- name: delete a Ceph File System - ceph_fs: - name: foo - state: absent -''' - -RETURN = '''# ''' - - -def create_fs(module, container_image=None): - ''' - Create a new fs - ''' - - cluster = module.params.get('cluster') - name = module.params.get('name') - data = module.params.get('data') - metadata = module.params.get('metadata') - - args = ['new', name, metadata, data] - - cmd = generate_ceph_cmd(sub_cmd=['fs'], args=args, spec_path=None, cluster=cluster, container_image=container_image) - - return cmd - - -def get_fs(module, container_image=None): - ''' - Get existing fs - ''' - - cluster = module.params.get('cluster') - name = module.params.get('name') - - args = ['get', name, '--format=json'] - - cmd = generate_ceph_cmd(sub_cmd=['fs'], args=args, spec_path=None, cluster=cluster, container_image=container_image) - - return cmd - - -def remove_fs(module, container_image=None): - ''' - Remove a fs - ''' - - cluster = module.params.get('cluster') - name = module.params.get('name') - - args = ['rm', name, '--yes-i-really-mean-it'] - - cmd = generate_ceph_cmd(sub_cmd=['fs'], args=args, spec_path=None, cluster=cluster, container_image=container_image) - - return cmd - - -def fail_fs(module, container_image=None): - ''' - Fail a fs - ''' - - cluster = module.params.get('cluster') - name = module.params.get('name') - - args = ['fail', name] - - cmd = generate_ceph_cmd(sub_cmd=['fs'], args=args, spec_path=None, cluster=cluster, container_image=container_image) - - return cmd - - -def set_fs(module, container_image=None): - ''' - Set parameter to a fs - ''' - - cluster = module.params.get('cluster') - name = module.params.get('name') - max_mds = module.params.get('max_mds') - - args = ['set', name, 'max_mds', str(max_mds)] - - cmd = generate_ceph_cmd(sub_cmd=['fs'], args=args, spec_path=None, cluster=cluster, container_image=container_image) - - return cmd - - -def run_module(): - - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=True, - required_if=[['state', 'present', ['data', 'metadata']]], - ) - - # Gather module parameters in variables - name = module.params.get('name') - state = module.params.get('state') - max_mds = module.params.get('max_mds') - - if module.check_mode: - module.exit_json( - changed=False, - stdout='', - stderr='', - rc=0, - start='', - end='', - delta='', - ) - - startd = datetime.datetime.now() - changed = False - - # will return either the image name or None - container_image = is_containerized() - - if state == "present": - rc, cmd, out, err = exec_command(module, get_fs(module, container_image=container_image)) - if rc == 0: - fs = json.loads(out) - if max_mds and fs["mdsmap"]["max_mds"] != max_mds: - rc, cmd, out, err = exec_command(module, set_fs(module, container_image=container_image)) - if rc == 0: - changed = True - else: - rc, cmd, out, err = exec_command(module, create_fs(module, container_image=container_image)) - if max_mds and max_mds > 1: - exec_command(module, set_fs(module, container_image=container_image)) - if rc == 0: - changed = True - - elif state == "absent": - rc, cmd, out, err = exec_command(module, get_fs(module, container_image=container_image)) - if rc == 0: - exec_command(module, fail_fs(module, container_image=container_image)) - rc, cmd, out, err = exec_command(module, remove_fs(module, container_image=container_image)) - if rc == 0: - changed = True - else: - rc = 0 - out = "Ceph File System {} doesn't exist".format(name) - - elif state == "info": - rc, cmd, out, err = exec_command(module, get_fs(module, container_image=container_image)) - - exit_module(module=module, out=out, rc=rc, cmd=cmd, err=err, startd=startd, changed=changed) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/ceph_key.py b/tripleo_ansible/ansible_plugins/modules/ceph_key.py deleted file mode 100644 index e45b9cc60..000000000 --- a/tripleo_ansible/ansible_plugins/modules/ceph_key.py +++ /dev/null @@ -1,701 +0,0 @@ -#!/usr/bin/python3 - -# Copyright 2018, Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# Included from: https://github.com/ceph/ceph-ansible/blob/master/library/ceph_key.py - -from __future__ import absolute_import, division, print_function -__metaclass__ = type - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.ca_common import is_containerized, container_exec, fatal -import datetime -import json -import yaml -import os -import struct -import time -import base64 -import socket - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = """ ---- -module: ceph_key -author: Sebastien Han -short_description: Manage Cephx key(s) -version_added: "2.6" -notes: [] -description: - - Manage CephX creation, deletion and updates. - It can also list and get information about keyring(s). -requirements: - - None -options: - cluster: - description: - - The ceph cluster name. - required: false - type: str - default: ceph - name: - description: - - name of the CephX key - type: str - required: true - user: - description: - - entity used to perform operation. - It corresponds to the -n option (--name) - type: str - required: false - default: client.admin - user_key: - description: - - the path to the keyring corresponding to the - user being used. It corresponds to the -k - option (--keyring) - type: str - state: - description: - - If 'present' is used, the module creates a keyring - with the associated capabilities. - If 'present' is used and a secret is provided the module - will always add the key. Which means it will update - the keyring if the secret changes, the same goes for - the capabilities. - If 'absent' is used, the module will simply delete the keyring. - If 'list' is used, the module will list all the keys and will - return a json output. - If 'info' is used, the module will return in a json format the - description of a given keyring. - If 'generate_secret' is used, the module will simply output a cephx keyring. - required: false - type: str - choices: ['present', 'update', 'absent', 'list', 'info', 'fetch_initial_keys', 'generate_secret'] - default: 'present' - caps: - description: - - CephX key capabilities - type: dict - required: false - secret: - description: - - keyring's secret value - required: false - type: str - import_key: - description: - - Wether or not to import the created keyring into Ceph. - This can be useful for someone that only wants to generate keyrings - but not add them into Ceph. - required: false - type: bool - default: true - dest: - description: - - Destination to write the keyring, can a file or a directory - required: false - type: str - default: '/etc/ceph/' - fetch_initial_keys: - description: - - Fetch client.admin and bootstrap key. - This is only needed for Nautilus and above. - Writes down to the filesystem the initial keys generated by the monitor. - This command can ONLY run from a monitor node. - required: false - type: str - default: 'false' - output_format: - description: - - The key output format when retrieving the information of an - entity. - required: false - type: str - default: 'json' -""" - -EXAMPLES = ''' - -keys_to_create: - - { name: client.key, key: "AQAin8tUUK84ExAA/QgBtI7gEMWdmnvKBzlXdQ==", \ - caps: { mon: "allow rwx", mds: "allow *" } , mode: "0600" } - - { name: client.cle, caps: { mon: "allow r", osd: "allow *" } , mode: "0600" } - -caps: - mon: "allow rwx" - mds: "allow *" - -- name: create ceph admin key - ceph_key: - name: client.admin - state: present - secret: AQAin8tU2DsKFBAAFIAzVTzkL3+gtAjjpQiomw== - caps: - mon: allow * - osd: allow * - mgr: allow * - mds: allow - mode: 0400 - import_key: false - -- name: create monitor initial keyring - ceph_key: - name: mon. - state: present - secret: AQAin8tUMICVFBAALRHNrV0Z4MXupRw4v9JQ6Q== - caps: - mon: allow * - dest: "/var/lib/ceph/tmp/" - import_key: false - -- name: create cephx key - ceph_key: - name: "{{ keys_to_create }}" - user: client.bootstrap-rgw - user_key: /var/lib/ceph/bootstrap-rgw/ceph.keyring - state: present - caps: "{{ caps }}" - -- name: create cephx key but don't import it in Ceph - ceph_key: - name: "{{ keys_to_create }}" - state: present - caps: "{{ caps }}" - import_key: false - -- name: delete cephx key - ceph_key: - name: "my_key" - state: absent - -- name: info cephx key - ceph_key: - name: "my_key"" - state: info - -- name: info cephx admin key (plain) - ceph_key: - name: client.admin - output_format: plain - state: info - register: client_admin_key - -- name: list cephx keys - ceph_key: - state: list - -- name: fetch cephx keys - ceph_key: - state: fetch_initial_keys -''' - -RETURN = '''# ''' - - -CEPH_INITIAL_KEYS = ['client.admin', - 'client.bootstrap-mds', 'client.bootstrap-mgr', - 'client.bootstrap-osd', 'client.bootstrap-rbd', - 'client.bootstrap-rbd-mirror', 'client.bootstrap-rgw'] - - -def generate_secret(): - ''' - Generate a CephX secret - ''' - - key = os.urandom(16) - header = struct.pack(' 0: - if path is not None and len(path) > 0: - with open(path, 'w') as f: - f.write('---\n') - f.write(yaml.safe_dump(content, indent=2)) - else: - print('Nothing to dump!') - - -def repr_str(dumper, data): - if '\n' in data: - return dumper.represent_scalar(u'tag:yaml.org,2002:str', data, style='|') - return dumper.org_represent_str(data) - - -yaml.SafeDumper.org_represent_str = yaml.SafeDumper.represent_str -yaml.add_representer(str, repr_str, Dumper=yaml.SafeDumper) - - -def run_module(): - - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=True, - required_if=[['apply', True, ['render_path']]], - ) - - # Gather module parameters in variables - cluster = module.params.get('cluster') - service_type = module.params.get('service_type') - service_id = module.params.get('service_type') - service_name = module.params.get('service_name') - hosts = module.params.get('hosts') - host_pattern = module.params.get('host_pattern') - networks = module.params.get('networks') - labels = module.params.get('labels') - spec = module.params.get('spec') - extra = module.params.get('extra') - apply = module.params.get('apply') - render_path = module.params.get('render_path') - - if module.check_mode: - module.exit_json( - changed=False, - stdout='', - stderr='', - rc=0, - start='', - end='', - delta='', - ) - - startd = datetime.datetime.now() - changed = False - - # PROCESSING PARAMETERS - if service_id is None: - service_id = service_type - if service_name is None: - service_name = "{}.{}".format(service_type, service_id) - - # no spec is provided - if spec is None: - spec = {} - - # no spec is provided - if extra is None: - extra = {} - - # no labels are defined - if labels is None: - labels = [] - - # no networks are defined - if networks is None: - networks = [] - - d = ceph_spec.CephDaemonSpec(service_type, service_id, service_name, - hosts, host_pattern, networks, spec, labels, **extra) - - if apply: - container_image = is_containerized() - render('{}/{}'.format(render_path, service_type), d.make_daemon_spec()) - cmd = generate_orch_cli(cluster, '{}/{}'.format(render_path, service_type), container_image) - rc, cmd, out, err = exec_command(module, cmd) - exit_module(module=module, out=out, rc=rc, cmd=cmd, err=err, startd=startd, changed=changed) - else: - # render the dict as the output of the module - module.exit_json(changed=True, result=d.make_daemon_spec()) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/ceph_pool.py b/tripleo_ansible/ansible_plugins/modules/ceph_pool.py deleted file mode 100644 index cae591f4d..000000000 --- a/tripleo_ansible/ansible_plugins/modules/ceph_pool.py +++ /dev/null @@ -1,672 +0,0 @@ -#!/usr/bin/python3 - -# Copyright 2020, Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# Included from: https://github.com/ceph/ceph-ansible/blob/master/library/ceph_pool.py - -from __future__ import absolute_import, division, print_function -__metaclass__ = type - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.ca_common import generate_ceph_cmd, \ - pre_generate_ceph_cmd, \ - is_containerized, \ - exec_command, \ - exit_module -import datetime -import json -import yaml -import os - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = """ ---- -module: ceph_pool -author: Guillaume Abrioux -short_description: Manage Ceph Pools -version_added: "2.8" -description: - - Manage Ceph pool(s) creation, deletion and updates. -options: - cluster: - description: - - The ceph cluster name. - required: false - default: ceph - type: str - name: - description: - - name of the Ceph pool - required: true - type: str - state: - description: - If 'present' is used, the module creates a pool if it doesn't exist - or update it if it already exists. - If 'absent' is used, the module will simply delete the pool. - If 'list' is used, the module will return all details about the - existing pools. (json formatted). - required: false - type: str - choices: ['present', 'absent', 'list'] - default: present - size: - description: - - set the replica size of the pool. - required: false - type: str - min_size: - description: - - set the min_size parameter of the pool. - required: false - type: str - pg_num: - description: - - set the pg_num of the pool. - required: false - type: str - pgp_num: - description: - - set the pgp_num of the pool. - required: false - type: str - pg_autoscale_mode: - description: - - set the pg autoscaler on the pool. - required: false - default: 'on' - type: str - target_size_ratio: - description: - - set the target_size_ratio on the pool - required: false - type: str - pool_type: - description: - - set the pool type, either 'replicated' or 'erasure' - required: false - default: 'replicated' - type: str - erasure_profile: - description: - - When pool_type = 'erasure', set the erasure profile of the pool - required: false - default: 'default' - type: str - rule_name: - description: - - Set the crush rule name assigned to the pool - required: false - default: 'replicated_rule' - type: str - expected_num_objects: - description: - - Set the expected_num_objects parameter of the pool. - required: false - default: '0' - application: - description: - - Set the pool application on the pool. - required: false - type: str -""" - -EXAMPLES = ''' - -pools: - - { name: foo, size: 3, application: rbd, pool_type: 'replicated', - pg_autoscale_mode: 'on' } - -- hosts: all - become: true - tasks: - - name: create a pool - ceph_pool: - name: "{{ item.name }}" - state: present - size: "{{ item.size }}" - application: "{{ item.application }}" - pool_type: "{{ item.pool_type }}" - pg_autoscale_mode: "{{ item.pg_autoscale_mode }}" - with_items: "{{ pools }}" -''' - -RETURN = '''# ''' - - -def check_pool_exist(cluster, - name, - user, - user_key, - output_format='json', - container_image=None): - ''' - Check if a given pool exists - ''' - - args = ['stats', name, '-f', output_format] - - cmd = generate_ceph_cmd(sub_cmd=['osd', 'pool'], - args=args, - spec_path=None, - cluster=cluster, - user=user, - user_key=user_key, - container_image=container_image) - - return cmd - - -def generate_get_config_cmd(param, - cluster, - user, - user_key, - container_image=None): - _cmd = pre_generate_ceph_cmd(container_image=container_image) - args = [ - '-n', - user, - '-k', - user_key, - '--cluster', - cluster, - 'config', - 'get', - 'mon.*', - param - ] - cmd = _cmd + args - return cmd - - -def get_application_pool(cluster, - name, - user, - user_key, - output_format='json', - container_image=None): - ''' - Get application type enabled on a given pool - ''' - - args = ['application', 'get', name, '-f', output_format] - - cmd = generate_ceph_cmd(sub_cmd=['osd', 'pool'], - args=args, - spec_path=None, - cluster=cluster, - user=user, - user_key=user_key, - container_image=container_image) - - return cmd - - -def enable_application_pool(cluster, - name, - application, - user, - user_key, - container_image=None): - ''' - Enable application on a given pool - ''' - - args = ['application', 'enable', name, application] - - cmd = generate_ceph_cmd(sub_cmd=['osd', 'pool'], - args=args, - spec_path=None, - cluster=cluster, - user=user, - user_key=user_key, - container_image=container_image) - - return cmd - - -def disable_application_pool(cluster, - name, - application, - user, - user_key, - container_image=None): - ''' - Disable application on a given pool - ''' - - args = ['application', 'disable', name, - application, '--yes-i-really-mean-it'] - - cmd = generate_ceph_cmd(sub_cmd=['osd', 'pool'], - args=args, - spec_path=None, - cluster=cluster, - user=user, - user_key=user_key, - container_image=container_image) - - return cmd - - -def get_pool_details(module, - cluster, - name, - user, - user_key, - output_format='json', - container_image=None): - ''' - Get details about a given pool - ''' - - args = ['ls', 'detail', '-f', output_format] - - cmd = generate_ceph_cmd(sub_cmd=['osd', 'pool'], - args=args, - spec_path=None, - cluster=cluster, - user=user, - user_key=user_key, - container_image=container_image) - - rc, cmd, out, err = exec_command(module, cmd) - - if rc == 0: - out = [p for p in json.loads(out.strip()) if p['pool_name'] == name][0] - - _rc, _cmd, application_pool, _err = exec_command(module, - get_application_pool(cluster, # noqa: E501 - name, # noqa: E501 - user, # noqa: E501 - user_key, # noqa: E501 - container_image=container_image)) # noqa: E501 - - # This is a trick because "target_size_ratio" isn't present at the same level in the dict - # ie: - # { - # 'pg_num': 8, - # 'pgp_num': 8, - # 'pg_autoscale_mode': 'on', - # 'options': { - # 'target_size_ratio': 0.1 - # } - # } - # If 'target_size_ratio' is present in 'options', we set it, this way we end up - # with a dict containing all needed keys at the same level. - if 'target_size_ratio' in out['options'].keys(): - out['target_size_ratio'] = out['options']['target_size_ratio'] - else: - out['target_size_ratio'] = None - - application = list(json.loads(application_pool.strip()).keys()) - - if len(application) == 0: - out['application'] = '' - else: - out['application'] = application[0] - - return rc, cmd, out, err - - -def compare_pool_config(user_pool_config, running_pool_details): - ''' - Compare user input config pool details with current running pool details - ''' - - delta = {} - filter_keys = ['pg_num', 'pg_placement_num', 'size', - 'pg_autoscale_mode', 'target_size_ratio'] - for key in filter_keys: - if (str(running_pool_details[key]) != user_pool_config[key]['value'] and user_pool_config[key]['value']): - delta[key] = user_pool_config[key] - - if (running_pool_details['application'] != user_pool_config['application']['value'] and user_pool_config['application']['value']): - delta['application'] = {} - delta['application']['new_application'] = user_pool_config['application']['value'] # noqa: E501 - # to be improved (for update_pools()...) - delta['application']['value'] = delta['application']['new_application'] - delta['application']['old_application'] = running_pool_details['application'] # noqa: E501 - - return delta - - -def list_pools(cluster, - user, - user_key, - details, - output_format='json', - container_image=None): - ''' - List existing pools - ''' - - args = ['ls'] - - if details: - args.append('detail') - - args.extend(['-f', output_format]) - - cmd = generate_ceph_cmd(sub_cmd=['osd', 'pool'], - args=args, - spec_path=None, - cluster=cluster, - user=user, - user_key=user_key, - container_image=container_image) - - return cmd - - -def create_pool(cluster, - name, - user, - user_key, - user_pool_config, - container_image=None): - ''' - Create a new pool - ''' - - args = ['create', user_pool_config['pool_name']['value'], - user_pool_config['type']['value']] - - if user_pool_config['pg_autoscale_mode']['value'] != 'on': - args.extend(['--pg_num', - user_pool_config['pg_num']['value'], - '--pgp_num', - user_pool_config['pgp_num']['value']]) - elif user_pool_config['target_size_ratio']['value']: - args.extend(['--target_size_ratio', - user_pool_config['target_size_ratio']['value']]) - - if user_pool_config['type']['value'] == 'replicated': - args.extend([user_pool_config['crush_rule']['value'], - '--expected_num_objects', - user_pool_config['expected_num_objects']['value'], - '--autoscale-mode', - user_pool_config['pg_autoscale_mode']['value']]) - - if (user_pool_config['size']['value'] and user_pool_config['type']['value'] == "replicated"): - args.extend(['--size', user_pool_config['size']['value']]) - - elif user_pool_config['type']['value'] == 'erasure': - args.extend([user_pool_config['erasure_profile']['value']]) - - if user_pool_config['crush_rule']['value']: - args.extend([user_pool_config['crush_rule']['value']]) - - args.extend(['--expected_num_objects', - user_pool_config['expected_num_objects']['value'], - '--autoscale-mode', - user_pool_config['pg_autoscale_mode']['value']]) - - cmd = generate_ceph_cmd(sub_cmd=['osd', 'pool'], - args=args, - spec_path=None, - cluster=cluster, - user=user, - user_key=user_key, - container_image=container_image) - - return cmd - - -def remove_pool(cluster, name, user, user_key, container_image=None): - ''' - Remove a pool - ''' - - args = ['rm', name, name, '--yes-i-really-really-mean-it'] - - cmd = generate_ceph_cmd(sub_cmd=['osd', 'pool'], - args=args, - spec_path=None, - cluster=cluster, - user=user, - user_key=user_key, - container_image=container_image) - - return cmd - - -def update_pool(module, cluster, name, - user, user_key, delta, container_image=None): - ''' - Update an existing pool - ''' - - report = "" - - for key in delta.keys(): - if key != 'application': - args = ['set', - name, - delta[key]['cli_set_opt'], - delta[key]['value']] - - cmd = generate_ceph_cmd(sub_cmd=['osd', 'pool'], - args=args, - spec_path=None, - cluster=cluster, - user=user, - user_key=user_key, - container_image=container_image) - - rc, cmd, out, err = exec_command(module, cmd) - if rc != 0: - return rc, cmd, out, err - - else: - rc, cmd, out, err = exec_command(module, disable_application_pool(cluster, name, delta['application']['old_application'], user, user_key, container_image=container_image)) # noqa: E501 - if rc != 0: - return rc, cmd, out, err - - rc, cmd, out, err = exec_command(module, enable_application_pool(cluster, name, delta['application']['new_application'], user, user_key, container_image=container_image)) # noqa: E501 - if rc != 0: - return rc, cmd, out, err - - report = report + "\n" + "{} has been updated: {} is now {}".format(name, key, delta[key]['value']) # noqa: E501 - - out = report - return rc, cmd, out, err - - -def run_module(): - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=True, - ) - - # Gather module parameters in variables - cluster = module.params.get('cluster') - name = module.params.get('name') - state = module.params.get('state') - details = module.params.get('details') - size = module.params.get('size') - min_size = module.params.get('min_size') - pg_num = module.params.get('pg_num') - pgp_num = module.params.get('pgp_num') - pg_autoscale_mode = module.params.get('pg_autoscale_mode') - target_size_ratio = module.params.get('target_size_ratio') - application = module.params.get('application') - - if (module.params.get('pg_autoscale_mode').lower() in - ['true', 'on', 'yes']): - pg_autoscale_mode = 'on' - elif (module.params.get('pg_autoscale_mode').lower() in - ['false', 'off', 'no']): - pg_autoscale_mode = 'off' - else: - pg_autoscale_mode = 'warn' - - if module.params.get('pool_type') == '1': - pool_type = 'replicated' - elif module.params.get('pool_type') == '3': - pool_type = 'erasure' - else: - pool_type = module.params.get('pool_type') - - if not module.params.get('rule_name'): - rule_name = 'replicated_rule' if pool_type == 'replicated' else None - else: - rule_name = module.params.get('rule_name') - - erasure_profile = module.params.get('erasure_profile') - expected_num_objects = module.params.get('expected_num_objects') - user_pool_config = { - 'pool_name': {'value': name}, - 'pg_num': {'value': pg_num, 'cli_set_opt': 'pg_num'}, - 'pgp_num': {'value': pgp_num, 'cli_set_opt': 'pgp_num'}, - 'pg_autoscale_mode': {'value': pg_autoscale_mode, - 'cli_set_opt': 'pg_autoscale_mode'}, - 'target_size_ratio': {'value': target_size_ratio, - 'cli_set_opt': 'target_size_ratio'}, - 'application': {'value': application}, - 'type': {'value': pool_type}, - 'erasure_profile': {'value': erasure_profile}, - 'crush_rule': {'value': rule_name, 'cli_set_opt': 'crush_rule'}, - 'expected_num_objects': {'value': expected_num_objects}, - 'size': {'value': size, 'cli_set_opt': 'size'}, - 'min_size': {'value': min_size} - } - - if module.check_mode: - module.exit_json( - changed=False, - stdout='', - stderr='', - rc=0, - start='', - end='', - delta='', - ) - - startd = datetime.datetime.now() - changed = False - - # will return either the image name or None - container_image = is_containerized() - - user = "client.admin" - keyring_filename = cluster + '.' + user + '.keyring' - user_key = os.path.join("/etc/ceph/", keyring_filename) - - if state == "present": - rc, cmd, out, err = exec_command(module, - check_pool_exist(cluster, - name, - user, - user_key, - container_image=container_image)) # noqa: E501 - if rc == 0: - running_pool_details = get_pool_details(module, - cluster, - name, - user, - user_key, - container_image=container_image) # noqa: E501 - user_pool_config['pg_placement_num'] = {'value': str(running_pool_details[2]['pg_placement_num']), 'cli_set_opt': 'pgp_num'} # noqa: E501 - delta = compare_pool_config(user_pool_config, - running_pool_details[2]) - if len(delta) > 0: - keys = list(delta.keys()) - details = running_pool_details[2] - if details['erasure_code_profile'] and 'size' in keys: - del delta['size'] - if details['pg_autoscale_mode'] == 'on': - delta.pop('pg_num', None) - delta.pop('pgp_num', None) - - if len(delta) == 0: - out = "Skipping pool {}.\nUpdating either 'size' on an erasure-coded pool " \ - "or 'pg_num'/'pgp_num' on a pg autoscaled pool is incompatible".format(name) - else: - rc, cmd, out, err = update_pool(module, - cluster, - name, - user, - user_key, - delta, - container_image=container_image) # noqa: E501 - if rc == 0: - changed = True - else: - out = "Pool {} already exists and there is nothing to update.".format(name) # noqa: E501 - else: - rc, cmd, out, err = exec_command(module, - create_pool(cluster, - name, - user, - user_key, - user_pool_config=user_pool_config, # noqa: E501 - container_image=container_image)) # noqa: E501 - if user_pool_config['application']['value']: - rc, _, _, _ = exec_command(module, - enable_application_pool(cluster, - name, - user_pool_config['application']['value'], # noqa: E501 - user, - user_key, - container_image=container_image)) # noqa: E501 - if user_pool_config['min_size']['value']: - # not implemented yet - pass - changed = True - - elif state == "list": - rc, cmd, out, err = exec_command(module, - list_pools(cluster, - name, user, - user_key, - details, - container_image=container_image)) # noqa: E501 - if rc != 0: - out = "Couldn't list pool(s) present on the cluster" - - elif state == "absent": - rc, cmd, out, err = exec_command(module, - check_pool_exist(cluster, - name, user, - user_key, - container_image=container_image)) # noqa: E501 - if rc == 0: - rc, cmd, out, err = exec_command(module, - remove_pool(cluster, - name, - user, - user_key, - container_image=container_image)) # noqa: E501 - changed = True - else: - rc = 0 - out = "Skipped, since pool {} doesn't exist".format(name) - - exit_module(module=module, out=out, rc=rc, cmd=cmd, err=err, startd=startd, - changed=changed) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/ceph_spec_bootstrap.py b/tripleo_ansible/ansible_plugins/modules/ceph_spec_bootstrap.py deleted file mode 100644 index 95ccb4d22..000000000 --- a/tripleo_ansible/ansible_plugins/modules/ceph_spec_bootstrap.py +++ /dev/null @@ -1,594 +0,0 @@ -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -"""Create Ceph Orchestrator specification file based on TripleO parameters""" - -import os -import re -import socket -import yaml - -from ansible.module_utils.basic import AnsibleModule -try: - from ansible.module_utils import ceph_spec -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils import ceph_spec - - -ANSIBLE_METADATA = { - 'metadata_version': '0.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: ceph_spec_bootstrap module -short_description: Create Ceph Orchestrator specification file based on TripleO parameters -description: - - "The ceph_spec_bootstrap module uses information from both the composed services in TripleO roles and the deployed hosts file ('openstack overcloud node provision' output), or just the inventory file (tripleo-ansible-inventory output) to determine what Ceph services should run on what hosts and generate a valid Ceph spec. This allows the desired end state defined in TripleO to be translated into an end state defined in Ceph orchestrator. The intention is to use this module when bootstraping a new Ceph cluster." -options: - deployed_metalsmith: - description: The absolute path to a file like deployed_metal.yaml, as genereated by 'openstack overcloud node provision --output deployed_metal.yaml'. This file is used to map which ceph_service_types map to which deployed hosts. Use this option if you have deployed servers with metalsmith but do not yet have an inventory genereated from the overcloud in Heat. Either tripleo_ansible_inventory xor deployed_metalsmith must be used (not both) unless the method option is used. - required: False - type: str - tripleo_ansible_inventory: - description: The absolute path to an Ansible inventory genereated by running the tripleo-ansible-inventory command. This file is used to map which ceph_service_types map to which deployed hosts. Use this option if you already have an inventory genereated from the overcloud in Heat. Either tripleo_ansible_inventory xor deployed_metalsmith must be used (not both) unless the method option is used. - required: False - type: str - new_ceph_spec: - description: The absolute path to a new file which will be created by the module and contain the resultant Ceph specification. If not provided, defaults to /home/stack/ceph_spec.yaml. - required: False - type: str - ceph_service_types: - description: List of Ceph services being deployed on overcloud. All service names must be a valid service_type as described in the Ceph Orchestrator CLI service spec documentation. If not provided, defaults to ['mon', 'mgr', 'osd'], which are presently the only supported service types this module supports. - required: False - type: list - tripleo_roles: - description: The absolute path to the TripleO roles file. Only necessary if deployed_metalsmith is used. If not provided then defaults to /usr/share/openstack-tripleo-heat-templates/roles_data.yaml. This file is used to map which ceph_service_types map to which roles. E.g. all roles with OS::TripleO::Services::CephOSD will get the Ceph service_type 'osd'. This paramter is ignored if tripleo_ansible_inventory is used. - required: False - type: str - osd_spec: - description: A valid osd service specification. If not passed defaults to using all available data devices (data_devices all true). - required: False - type: dict - fqdn: - description: When true, the "hostname" and "hosts" in the generated Ceph spec will have their fully qualified domain name. This paramter defaults to false and only has an effect when tripleo_ansible_inventory is used. - required: False - type: bool - crush_hierarchy: - description: The crush hierarchy, expressed as a dict, maps the relevant OSD nodes to a user defined crush hierarchy. - required: False - type: dict - standalone: - description: Create a spec file for a standalone deployment. Used for single server development or testing environments. - required: False - type: bool - mon_ip: - description: The desired IP address of the first Ceph monitor. Required when standalone is true, otherwise ignored. - method: - description: Whether the deployed_metalsmith file or tripleo_ansible_inventory file should be used to build the spec if both of these parameters are passed. When "both" is used the roles, services and hosts are determined from deployed_metalsmith and tripleo_roles parameters but the IPs come from the tripleo_ansible_inventory parameter. - required: False - type: str - choices: ['deployed_metalsmith', 'tripleo_ansible_inventory', 'both'] -author: - - John Fulton (fultonj) -''' - -EXAMPLES = ''' -- name: make spec from 'openstack overcloud node provision' output - ceph_spec_bootstrap: - new_ceph_spec: "{{ playbook_dir }}/ceph_spec.yaml" - deployed_metalsmith: ~/overcloud-baremetal-deployed.yaml - -- name: make spec from tripleo-ansible-inventory output - ceph_spec_bootstrap: - new_ceph_spec: "{{ playbook_dir }}/ceph_spec.yaml" - tripleo_ansible_inventory: ~/config-download/overcloud/tripleo-ansible-inventory.yaml - -- name: make spec from deployed_metalsmith; use inventory not DeployedSeverPortMap for IPs - ceph_spec_bootstrap: - new_ceph_spec: "{{ playbook_dir }}/ceph_spec.yaml" - tripleo_ansible_inventory: ~/config-download/overcloud/tripleo-ansible-inventory.yaml - deployed_metalsmith: ~/overcloud-baremetal-deployed.yaml - method: 'both' - -- name: make spec from inventory with FQDNs and custom osd_spec - ceph_spec_bootstrap: - new_ceph_spec: "{{ playbook_dir }}/ceph_spec.yaml" - tripleo_ansible_inventory: ~/config-download/overcloud/tripleo-ansible-inventory.yaml - crush_hierarchy: - ceph_osd-0: - rack: r1 - ceph_osd-1: - rack: r1 - ceph_osd-2: - rack: r1 - fqdn: true - osd_spec: - data_devices: - paths: - - /dev/ceph_vg/ceph_lv_data - -- name: make spec with only Ceph mons and managers - ceph_spec_bootstrap: - new_ceph_spec: "{{ playbook_dir }}/ceph_spec.yaml" - deployed_metalsmith: ~/overcloud-baremetal-deployed.yaml - ceph_service_types: - - mon - - mgr - -- name: make spec with composed roles/ HDDs for data/ SSDs for db - ceph_spec_bootstrap: - new_ceph_spec: "{{ playbook_dir }}/ceph_spec.yaml" - deployed_metalsmith: ~/overcloud-baremetal-deployed.yaml - tripleo_roles: ~/templates/custom_roles_data.yaml - osd_spec: - data_devices: - rotational: 1 - db_devices: - rotational: 0 - -- name: Create Ceph spec for standalone deployment - ceph_spec_bootstrap: - new_ceph_spec: "{{ playbook_dir }}/ceph_spec.yaml" - mon_ip: "{{ tripleo_cephadm_first_mon_ip }}" - standalone: True -''' - -RETURN = ''' -''' - -# Map tripleo services to ceph spec service_types -SERVICE_MAP = { - 'CephMon': ['mon'], - 'CephMgr': ['mgr'], - 'CephOSD': ['osd'] -} - -# Support for the following are not yet available -# 'CephMds': ['mds'], -# 'CephRbdMirror': ['rbd-mirror'], -# 'CephRgw': ['rgw'], -# 'CephGrafana': ['alertmanager', 'grafana', 'node-exporter'], - - -def get_inventory_hosts_to_ips(inventory, roles, fqdn=False): - """Returns map of hostnames to IP addresses for groups in roles list - {'oc0-ceph-0': '192.168.24.13', - 'oc0-compute-0': '192.168.24.21', - 'oc0-controller-0': '192.168.24.23', - 'oc0-controller-1': '192.168.24.15', - 'oc0-controller-2': '192.168.24.7'} - Uses the ansible inventory as source. If the inventory has: - - CephStorage: - children: - overcloud_CephStorage: {} - overcloud_CephStorage: - hosts: - ceph-0: - ansible_host: 192.168.24.13 - - Then the hosts of the CephStorage group (from the roles list) - are ['ceph-0'] because overcloud_CephStorage is a child group. - Does not handle if one group has both children and hosts, but only - needs to handle the types of groups generated in tripleo inventory. - """ - hosts_to_ips = {} - for key in inventory: - if key in roles: - if 'children' in inventory[key] and 'hosts' not in inventory[key]: - # e.g. if CephStorage has children (e.g. overcloud_CephStorage) - # then set the key to overcloud_CephStorage so we get its hosts - key = [k for k, v in inventory[key]['children'].items()][0] - if 'hosts' in inventory[key]: - for host in inventory[key]['hosts']: - ip = inventory[key]['hosts'][host]['ansible_host'] - if fqdn: - hostname = inventory[key]['hosts'][host]['canonical_hostname'] - else: - hostname = host - hosts_to_ips[hostname] = ip - return hosts_to_ips - - -def get_deployed_hosts_to_ips(metalsmith_data_file): - """Return a map of hostnames to IP addresses, e.g. - {'oc0-ceph-0': '192.168.24.13', - 'oc0-compute-0': '192.168.24.21', - 'oc0-controller-0': '192.168.24.23', - 'oc0-controller-1': '192.168.24.15', - 'oc0-controller-2': '192.168.24.7'} - Uses output of metalsmith deployed hosts file as source - """ - hosts_to_ips = {} - with open(metalsmith_data_file, 'r') as stream: - try: - metal = yaml.safe_load(stream) - except yaml.YAMLError as exc: - print(exc) - try: - port_map = metal['parameter_defaults']['DeployedServerPortMap'] - for host, host_map in port_map.items(): - try: - ip = host_map['fixed_ips'][0]['ip_address'] - except Exception: - raise RuntimeError( - 'The DeployedServerPortMap is missing the first ' - 'fixed_ip in the data file: {metalsmith_data_file}'.format( - metalsmith_data_file=metalsmith_data_file)) - hosts_to_ips[host.replace('-ctlplane', '')] = ip - except Exception: - raise RuntimeError( - 'The DeployedServerPortMap is not defined in ' - 'data file: {metalsmith_data_file}'.format( - metalsmith_data_file=metalsmith_data_file)) - return hosts_to_ips - - -def get_inventory_roles_to_hosts(inventory, roles, fqdn=False): - """Return a map of roles to host lists, e.g. - roles_to_hosts['CephStorage'] = ['oc0-ceph-0', 'oc0-ceph-1'] - roles_to_hosts['Controller'] = ['oc0-controller-0'] - roles_to_hosts['Compute'] = ['oc0-compute-0'] - Uses ansible inventory as source - """ - roles_to_hosts = {} - for key in inventory: - if key in roles: - roles_to_hosts[key] = [] - for host in inventory[key]['hosts']: - if fqdn: - hostname = inventory[key]['hosts'][host]['canonical_hostname'] - else: - hostname = host - roles_to_hosts[key].append(hostname) - return roles_to_hosts - - -def get_deployed_roles_to_hosts(metalsmith_data_file, roles): - """Return a map of roles to host lists, e.g. - roles_to_hosts['CephStorage'] = ['oc0-ceph-0', 'oc0-ceph-1'] - roles_to_hosts['Controller'] = ['oc0-controller-0'] - roles_to_hosts['Compute'] = ['oc0-compute-0'] - Uses output of metalsmith deployed hosts file as source - """ - roles_to_hosts = {} - with open(metalsmith_data_file, 'r') as stream: - try: - metal = yaml.safe_load(stream) - except yaml.YAMLError as exc: - print(exc) - try: - name_map = metal['parameter_defaults']['HostnameMap'] - for role in roles: - for item in metal['parameter_defaults']: - if item == role + 'HostnameFormat': - host_fmt = metal['parameter_defaults'][item] - pat = host_fmt.replace('%stackname%', '.*').replace('-%index%', '') - reg = re.compile(pat) - matching_hosts = [] - for host in name_map: - if reg.match(host): - matching_hosts.append(name_map[host]) - roles_to_hosts[role] = matching_hosts - except Exception: - raise RuntimeError( - 'The expected HostnameMap and RoleHostnameFormat are ' - 'not defined in data file: {metalsmith_data_file}'.format( - metalsmith_data_file=metalsmith_data_file)) - return roles_to_hosts - - -def get_roles_to_svcs_from_inventory(inventory): - """Return a map of map of TripleO Roles to TripleO Ceph Services, e.g. - {'CephStorage': ['CephOSD'], - 'Controller': ['CephMgr', 'CephMon']} - Uses inventory file as source - """ - # This approach is backwards but lets the larger program stay consistent - # and not require the roles file when the inventory is provided. The method - # of inventory is only used to deploy ceph during overcloud (not before). - roles_to_services = {} - inverse_service_map = {} - ceph_services = [] - for tripleo_name, ceph_list in SERVICE_MAP.items(): - for ceph_name in ceph_list: - ceph_services.append(ceph_name) - inverse_service_map[ceph_name] = tripleo_name - for key in inventory: - key_rename = key.replace('ceph_', '') - if key_rename in ceph_services: - for role in inventory[key]['children'].keys(): - if role in roles_to_services.keys(): - roles_to_services[role].append(inverse_service_map[key_rename]) - else: - roles_to_services[role] = [inverse_service_map[key_rename]] - return roles_to_services - - -def get_roles_to_svcs_from_roles(roles_file): - """Return a map of map of TripleO Roles to TripleO Ceph Services, e.g. - {'Compute': [], - 'CephStorage': ['CephOSD'], - 'Controller': ['CephMgr', 'CephMon']} - Uses roles file as source - """ - roles_to_services = {} - with open(roles_file, 'r') as stream: - try: - roles = yaml.safe_load(stream) - except yaml.YAMLError as exc: - print(exc) - try: - for role in roles: - svcs = [] - for svc in role['ServicesDefault']: - svc_short = svc.replace('OS::TripleO::Services::', '') - if svc_short in SERVICE_MAP.keys(): - svcs.append(svc_short) - roles_to_services[role['name']] = svcs - except Exception: - raise RuntimeError( - 'Unable to extract the name or ServicesDefault list from ' - 'data file: {roles_file}'.format(roles_file=roles_file)) - return roles_to_services - - -def get_label_map(hosts_to_ips, roles_to_svcs, roles_to_hosts, ceph_service_types): - """Return a map of hostname to list of ceph service to run on that host, e.g. - label_map['oc0-ceph-0'] = ['osd'] - label_map['oc0-controller-0'] = ['mon', 'mgr', '_admin'] - """ - label_map = {} - for host in hosts_to_ips: - label_map[host] = [] - for role, host_list in roles_to_hosts.items(): - if host in host_list: - for tripleo_svc in roles_to_svcs[role]: - for potential_ceph_svc in SERVICE_MAP[tripleo_svc]: - if potential_ceph_svc in ceph_service_types: - label_map[host].append(potential_ceph_svc) - if potential_ceph_svc == 'mon': - label_map[host].append('_admin') - return label_map - - -def get_specs(hosts_to_ips, label_map, ceph_service_types, osd_spec={}, cr={}): - """Build specs from hosts map, label_map, and ceph_service_types list - Create a ceph_spec object for each host or service - Returns a list of dictionaries. - """ - specs = [] - # Create host entries - for host, ip in hosts_to_ips.items(): - if len(label_map[host]) > 0: - spec = ceph_spec.CephHostSpec('host', ip, host, label_map[host], location=cr.get(host, None)) - specs.append(spec.make_daemon_spec()) - - # Create service entries for supported services in SERVICE_MAP - labels = [] - placement_pattern = '' - spec_dict = {} - for svc in ceph_service_types: - host_list = [] - for host, label_list in label_map.items(): - if svc in label_list: - host_list.append(host) - if svc in ['mon', 'mgr']: - d = ceph_spec.CephDaemonSpec(svc, svc, svc, host_list, - placement_pattern, None, - spec_dict, labels) - if svc in ['osd']: - if osd_spec == {}: - # default to all devices - osd_spec = { - 'data_devices': { - 'all': True - } - } - d = ceph_spec.CephDaemonSpec(svc, 'default_drive_group', - 'osd.default_drive_group', - host_list, placement_pattern, - None, spec_dict, labels, **osd_spec) - specs.append(d.make_daemon_spec()) - return specs - - -def render(specs, output): - """Write a multiline yaml file from a list of dicts - """ - open(output, 'w').close() # reset file - for spec in specs: - with open(output, 'a') as f: - f.write('---\n') - f.write(yaml.dump(spec)) - - -def flatten(t): - """Merge a list of lists into a single list - """ - return [item for sublist in t for item in sublist] - - -def ceph_spec_standalone(new_ceph_spec, mon_ip, osd_spec={}): - """Write ceph_spec_path file for a standalone ceph host - :param new_ceph_spec: the path to a ceph_spec.yaml file - :param mon_ip: the ip address of the ceph monitor - :param (osd_spec): dict describing the OSDs - :return dictionary of ceph specs - """ - hostname = socket.gethostname() - hosts_to_ips = dict() - hosts_to_ips[hostname] = mon_ip - svcs = ['osd', 'mon', 'mgr'] - label_map = dict() - label_map[hostname] = svcs + ['_admin'] - specs = get_specs(hosts_to_ips, label_map, svcs, osd_spec) - render(specs, new_ceph_spec) - return specs - - -def main(): - """Main method of Ansible module - """ - result = dict( - changed=False, - msg='', - specs=[] - ) - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=True, - ) - # Set payload defaults - result['failed'] = False - specs = [] - errors = [] - - # Collect inputs - deployed_metalsmith = module.params.get('deployed_metalsmith') - tripleo_ansible_inventory = module.params.get('tripleo_ansible_inventory') - new_ceph_spec = module.params.get('new_ceph_spec') - ceph_service_types = module.params.get('ceph_service_types') - tripleo_roles = module.params.get('tripleo_roles') - osd_spec = module.params.get('osd_spec') - fqdn = module.params.get('fqdn') - crush = module.params.get('crush_hierarchy') - standalone = module.params.get('standalone') - mon_ip = module.params.get('mon_ip') - method = module.params.get('method') - - # Set defaults - if ceph_service_types is None: - ceph_service_types = ['mon', 'mgr', 'osd'] - if new_ceph_spec is None: - new_ceph_spec = "/home/stack/ceph_spec.yaml" - if tripleo_roles is None: - tripleo_roles = "/usr/share/openstack-tripleo-heat-templates/roles_data.yaml" - if osd_spec is None: - osd_spec = {} - if fqdn is None: - fqdn = False - if crush is None: - crush = {} - if standalone is None: - standalone = False - if mon_ip is None: - mon_ip = "" - - # Handle standalone scenario and exit module early ... - if standalone: - result['specs'] = ceph_spec_standalone(new_ceph_spec, mon_ip, osd_spec) - module.exit_json(**result) - # ... otherwise validate the inputs to build a multinode spec - # 0. Are they using metalsmith or an inventory as their method? - if not method: - if not (deployed_metalsmith or tripleo_ansible_inventory): - result['msg'] = ("The tripleo_ansible_inventory or " - "deployed_metalsmith parameter is required.") - result['failed'] = True - module.exit_json(**result) - if not deployed_metalsmith and tripleo_ansible_inventory: - method = 'tripleo_ansible_inventory' - elif deployed_metalsmith and not tripleo_ansible_inventory: - method = 'deployed_metalsmith' - else: - method = "both" - result['method'] = method - - # determine required files based on method - required_files = [] - if method == 'tripleo_ansible_inventory': - required_files.append(tripleo_ansible_inventory) - elif method == 'deployed_metalsmith': - required_files.append(deployed_metalsmith) - required_files.append(tripleo_roles) - elif method == 'both': - required_files.append(tripleo_ansible_inventory) - required_files.append(deployed_metalsmith) - required_files.append(tripleo_roles) - - # 1. The required files must all be an existing path to a file - for fpath in required_files: - if not os.path.isfile(fpath): - error = str(fpath) + " is not a valid file." - errors.append(error) - result['failed'] = True - # 2. The directory for the spec file must be an existing path - fpath = os.path.dirname(new_ceph_spec) - if not os.path.isdir(fpath): - error = str(fpath) + " is not a valid directory." - errors.append(error) - result['failed'] = True - # 3. argument_spec already ensures osd_spec is a dictionary - # 4. Must be one of the ceph_spec.ALLOWED_DAEMONS used in the SERVICE_MAP - supported_services = flatten(SERVICE_MAP.values()) - for service_type in ceph_service_types: - if service_type not in supported_services: - error = "'" + str(service_type) + "' must be one of " - error += str(supported_services) - errors.append(error) - result['failed'] = True - # 5. fqdn is only supported for the inventory method - if method != 'tripleo_ansible_inventory' and fqdn: - error = "The fqdn option may only be true when using tripleo_ansible_inventory" - errors.append(error) - result['failed'] = True - - if not result['failed']: - # Build data structures to map roles/services/hosts/labels - if method == 'deployed_metalsmith': - roles_to_svcs = get_roles_to_svcs_from_roles(tripleo_roles) - roles_to_hosts = get_deployed_roles_to_hosts(deployed_metalsmith, - roles_to_svcs.keys()) - hosts_to_ips = get_deployed_hosts_to_ips(deployed_metalsmith) - elif method == 'tripleo_ansible_inventory': - with open(tripleo_ansible_inventory, 'r') as stream: - inventory = yaml.safe_load(stream) - roles_to_svcs = get_roles_to_svcs_from_inventory(inventory) - roles_to_hosts = get_inventory_roles_to_hosts(inventory, - roles_to_svcs.keys(), - fqdn) - hosts_to_ips = get_inventory_hosts_to_ips(inventory, - roles_to_svcs.keys(), - fqdn) - elif method == 'both': - roles_to_svcs = get_roles_to_svcs_from_roles(tripleo_roles) - roles_to_hosts = get_deployed_roles_to_hosts(deployed_metalsmith, - roles_to_svcs.keys()) - with open(tripleo_ansible_inventory, 'r') as stream: - inventory = yaml.safe_load(stream) - hosts_to_ips = get_inventory_hosts_to_ips(inventory, - roles_to_svcs.keys(), - fqdn) - # regardless of how we built our maps, assign the correct labels - label_map = get_label_map(hosts_to_ips, roles_to_svcs, - roles_to_hosts, ceph_service_types) - # Build specs as list of ceph_spec objects from data structures - specs = get_specs(hosts_to_ips, label_map, ceph_service_types, osd_spec, crush) - # Render specs list to file - render(specs, new_ceph_spec) - - # Set payloads - result['msg'] = " ".join(errors) - result['specs'] = specs - - # exit and pass the key/value results - module.exit_json(**result) - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/container_config_data.py b/tripleo_ansible/ansible_plugins/modules/container_config_data.py deleted file mode 100644 index b176a839e..000000000 --- a/tripleo_ansible/ansible_plugins/modules/container_config_data.py +++ /dev/null @@ -1,188 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.parsing.convert_bool import boolean - -import glob -import json -import os -import yaml - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = """ ---- -module: container_config_data -author: - - Emilien Macchi -version_added: '2.8' -short_description: Generates a dictionary which contains all container configs -notes: [] -description: - - This module reads container configs in JSON files and generate a dictionary - which later will be used to manage the containers. -options: - config_path: - description: - - The path of a directory or a file where the JSON files are. - This parameter is required. - required: True - type: str - config_pattern: - description: - - Search pattern to find JSON files. - default: '*.json' - required: False - type: str - config_overrides: - description: - - Allows to override any container configuration which will take - precedence over the JSON files. - default: {} - required: False - type: dict - debug: - description: - - Whether or not debug is enabled. - default: False - required: False - type: bool -""" - -EXAMPLES = """ -- name: Generate containers configs data - container_config_data: - config_path: /var/lib/tripleo-config/container-startup-config/step_1 -- name: Generate containers configs data for HAproxy and override image - container_config_data: - config_path: /var/lib/tripleo-config/container-startup-config/step_1 - config_pattern: 'haproxy.json' - config_overrides: - haproxy: - image: my-registry.io/tripleo/haproxy:mytag -""" - -RETURN = """ -configs: - description: - - Dictionary with container configs ready to be consumed by - tripleo_container_manage role. - returned: always - type: dict -""" - - -class ContainerConfigDataManager(object): - """Notes about this module. - - It will generates a dictionary which contains all container configs, - later consumed by tripleo_container_manage role. - """ - - def __init__(self, module, results): - - self.module = module - self.results = results - - # parse args - args = self.module.params - - # Set parameters - config_path = args['config_path'] - config_pattern = args['config_pattern'] - config_overrides = args['config_overrides'] - self.debug = args['debug'] - - # Generate dict from JSON files that match search pattern - if os.path.exists(config_path): - matched_configs = glob.glob(os.path.join(config_path, - config_pattern)) - config_dict = {} - for mc in matched_configs: - name = os.path.splitext(os.path.basename(mc))[0] - config = json.loads(self._slurp(mc)) - if self.debug: - self.module.debug('Config found for {}: {}'.format(name, - config)) - config_dict.update({name: config}) - - # Merge the config dict with given overrides - self.results['configs'] = self._merge_with_overrides( - config_dict, config_overrides) - else: - self.module.debug( - msg='{} does not exists, skipping step'.format(config_path)) - self.results['configs'] = {} - - # Returns data - self.module.exit_json(**self.results) - - def _merge_with_overrides(self, config, merge_with=None): - """Merge config with a given dict of overrides. - - :param config: dictionary of configs - :param merge_with: dictionary of overrides - :return: dict - """ - merged_dict = config - if merge_with is None: - merge_with = {} - for k in merge_with.keys(): - if k in config: - for mk, mv in merge_with[k].items(): - if self.debug: - self.module.debug('Override found for {}: {} will be ' - 'set to {}'.format(k, mk, mv)) - merged_dict[k][mk] = mv - break - return merged_dict - - def _slurp(self, path): - """Slurps a file and return its content. - - :param path: string - :returns: string - """ - if os.path.exists(path): - with open(path, 'r') as f: - return f.read() - else: - self.module.warn('{} was not found.'.format(path)) - return '' - - -def main(): - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=True, - ) - results = dict( - changed=False, - configs={} - ) - ContainerConfigDataManager(module, results) - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/container_puppet_config.py b/tripleo_ansible/ansible_plugins/modules/container_puppet_config.py deleted file mode 100644 index 843997fbc..000000000 --- a/tripleo_ansible/ansible_plugins/modules/container_puppet_config.py +++ /dev/null @@ -1,551 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.parsing.convert_bool import boolean -from datetime import datetime - -import base64 -import copy -import fnmatch -import json -import os -import shutil -import tempfile -import yaml - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = """ ---- -module: container_puppet_config -author: - - "Emilien Macchi (@EmilienM)" -version_added: '2.9' -short_description: Generate puppet containers configs -notes: [] -description: - - Generate puppet containers configs -requirements: - - None -options: - no_archive: - description: - - Disables config-data archiving - type: bool - default: True - check_mode: - description: - - Ansible check mode is enabled - type: bool - default: False - config_vol_prefix: - description: - - Config volume prefix - type: str - default: '/var/lib/config-data' - debug: - description: - - Enable debug - type: bool - default: False - net_host: - description: - - Using host network - type: bool - default: True - puppet_config: - description: Path to the puppet configs - type: str - default: "" - short_hostname: - description: - - Short hostname - type: str - default: "" - step: - description: - - Step number - default: 6 - type: int - update_config_hash_only: - description: - - When set to True, the module will only inspect for new config hashes - in config_vol_prefix and make sure the container-startup-configs - are updated with these hashes. This is useful to execute - before we manage the startup containers, so they will be restarted - if needed (e.g. new config has been applied, container needs - restart). - type: bool - default: False -""" - -EXAMPLES = """ -- name: Generate puppet container config for step 1 - container_puppet_config: - step: 1 - puppet_config: /var/lib/container-puppet/container-puppet.json - short_hostname: "{{ ansible_facts['hostname'] }}" - update_config_hash_only: false -- name: Update config hashes for container startup configs - container_puppet_config: - update_config_hash_only: true -""" - -CONTAINER_PUPPET_CONFIG = '/var/lib/tripleo-config/container-puppet-config' -CONTAINER_STARTUP_CONFIG = '/var/lib/tripleo-config/container-startup-config' -CONTAINER_ENTRYPOINT = '/var/lib/container-puppet/container-puppet.sh' - - -class ContainerPuppetManager: - """Notes about this module. - - It will generate container config that will be consumed by the - tripleo-container-manage role that is using podman_container module. - """ - - def __init__(self, module, results): - - super(ContainerPuppetManager, self).__init__() - self.module = module - self.results = results - - # parse args - args = self.module.params - - # Set parameters - puppet_config = args['puppet_config'] - update_config_hash_only = args['update_config_hash_only'] - self.config_vol_prefix = args['config_vol_prefix'] - - if not update_config_hash_only: - data = json.loads(self._slurp(puppet_config)) - - self.step = args['step'] - self.net_host = args['net_host'] - self.debug = args['debug'] - self.check = args['check_mode'] - self.no_archive = args['no_archive'] - self.hostname = args['short_hostname'] - - config_path = os.path.join(CONTAINER_PUPPET_CONFIG, - 'step_' + str(self.step)) - - # Cleanup old configs generated in previous versions - self._cleanup_old_configs() - - # Make sure config_path exists - # Note: it'll cleanup old configs before creating new ones. - self._create_dir(config_path) - - # Generate the container configs - config = self._get_config(self._merge_volumes_configs(data)) - for k, v in config.items(): - config_dest = os.path.join(config_path, k + '.json') - self._update_container_config(config_dest, v) - - # Update container-startup-config with new config hashes - self._update_hashes() - - self.module.exit_json(**self.results) - - def _merge_volumes_configs(self, data): - """Returns a list of puppet configs with unique config_volume keys. - - :param data: list - :returns: list - - This method takes in input a list of container puppet configs and - returns a list of container puppet configs with unique config_volume - keys. It will allow to run puppet for a single volume at a time and - avoid the situation where multiple configs using the same config - volume would run separately; which would cause race condition issues - because of the rsync commands executed at the end of puppet run. - To also saves time we support configuring 'shared' services at the same - time. For example configuring all of the heat services - in a single container pass makes sense and will save some time. - To support this we merge shared settings together here. - We key off of config_volume as this should be the same for a - given group of services. We are also now specifying the container - in which the services should be configured. This should match - in all instances where the volume name is also the same. - """ - returned_dict = {} - for config in data: - config_volume = config.get('config_volume') - if config_volume is None or config_volume == '': - continue - puppet_tags = config.get('puppet_tags') - step_config = config.get('step_config') - config_image = config.get('config_image') - volumes = config.get('volumes') - if config_volume in returned_dict: - # A config already exists for that config_volume, - # we'll append puppet_tags and step_config and extend volumes. - config_image_orig = ( - returned_dict[config_volume]['config_image'] - ) - if volumes: - volumes_orig = ( - returned_dict[config_volume].get('volumes', []) - ) - volumes_orig.extend(volumes) - returned_dict[config_volume]['volumes'] = ( - sorted(set(volumes_orig)) - ) - if puppet_tags is not None: - returned_dict[config_volume]['puppet_tags'] = '%s,%s' % ( - returned_dict[config_volume]['puppet_tags'], - puppet_tags - ) - if step_config is not None: - returned_dict[config_volume]['step_config'] = '%s\n%s' % ( - returned_dict[config_volume]['step_config'], - step_config - ) - if config_image != config_image_orig: - self.module.warn('{} config image does not match with ' - '{}'.format(config_image, - config_image_orig)) - else: - # This is a new config - returned_dict[config_volume] = config - - return returned_dict - - def _get_config(self, data): - """Returns a list of puppet configs per container. - - :param data: list - :returns: list - - This method takes in input a list of dicts and returns - a dictionary which match with the podman_container module interface. - """ - returned_dict = {} - default_volumes = ['/etc/localtime:/etc/localtime:ro', - '/etc/puppet:/tmp/puppet-etc:ro', - '/etc/pki/ca-trust/extracted:' - '/etc/pki/ca-trust/extracted:ro', - '/etc/pki/tls/certs/ca-bundle.crt:' - '/etc/pki/tls/certs/ca-bundle.crt:ro', - '/etc/pki/tls/certs/ca-bundle.trust.crt:' - '/etc/pki/tls/certs/ca-bundle.trust.crt:ro', - '/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro', - '%s:/var/lib/config-data' - ':rw' % self.config_vol_prefix, - '/var/lib/container-puppet/puppetlabs/facter.conf:' - '/etc/puppetlabs/facter/facter.conf:ro', - '/var/lib/container-puppet/puppetlabs:' - '/opt/puppetlabs:ro', - '%s:%s:ro' % (CONTAINER_ENTRYPOINT, - CONTAINER_ENTRYPOINT), - '/usr/share/openstack-puppet/modules:' - '/usr/share/openstack-puppet/modules:ro', - '/dev/log:/dev/log:rw'] - # Defaults - default_data = { - # the security_opt can be removed once we properly address: - # https://bugs.launchpad.net/tripleo/+bug/1864501 - 'security_opt': ['label=disable'], - 'user': 0, - # container-puppet shouldn't detach - 'detach': False, - 'entrypoint': CONTAINER_ENTRYPOINT, - 'environment': self._get_environment_config() - } - for config_volume, config in data.items(): - cdata = copy.deepcopy(default_data) - volumes = copy.deepcopy(default_volumes) - cname = 'container-puppet-' + config_volume - if self.check: - volumes += ['/etc/puppet/check-mode:' - '/tmp/puppet-check-mode:ro'] - if self.net_host: - cdata['net'] = ['host'] - volumes += ['/etc/hosts:/etc/hosts:ro'] - else: - cdata['net'] = ['none'] - - cdata['environment']['PUPPET_TAGS'] = ( - self._get_puppet_tags(config)) - - cdata['environment']['NAME'] = config_volume - for k, v in config.items(): - if k == 'config_volume': - continue - if k == 'puppet_tags': - continue - if k == 'step_config': - cdata['environment']['STEP_CONFIG'] = v - continue - if k == 'config_image': - cdata['image'] = v - continue - if k == 'privileged': - cdata['privileged'] = v - continue - if k == 'volumes': - if isinstance(v, (list)): - volumes.extend(v) - else: - volumes += [v] - continue - # Keep this one at the very end to override any attribute: - cdata[k] = v - cdata['volumes'] = sorted(set(volumes)) - returned_dict[cname] = cdata - return returned_dict - - def _get_environment_config(self): - """Returns common environment configs. - - :returns: dict - """ - returned_env = { - 'STEP': self._get_puppet_step(self.step), - 'NET_HOST': str(self.net_host).lower(), - 'DEBUG': str(self.debug).lower(), - } - if self.hostname is not None: - returned_env['HOSTNAME'] = self.hostname - if not self.no_archive: - returned_env['NO_ARCHIVE'] = '' - else: - returned_env['NO_ARCHIVE'] = self.no_archive - return returned_env - - def _get_puppet_step(self, step): - """Returns the step used by Puppet during a run." - - :param step: integer - :returns: integer - """ - # When container_puppet_config is called at step1, it's to initialize - # configuration files for all services like they were deployed; so - # in Puppet it means after step5. Which is why we override the step - # just for the Puppet run. - # Note that it was the same behavior with container-puppet.py since - # STEP was set to 6 by default and wasn't overriden when the script - # was run at step1. - if step == 1: - return 6 - return step - - def _get_puppet_tags(self, config): - """Returns Puppet tags. - - :returns: string - """ - puppet_tags = 'file,file_line,concat,augeas,cron' - config_puppet_tags = config.get('puppet_tags') - if config_puppet_tags is not None: - puppet_tags += ',%s' % config_puppet_tags - return puppet_tags - - def _exists(self, path): - """Returns True if a patch exists. - - :param path: string - :returns: boolean - """ - if os.path.exists(path): - return True - - def _remove_dir(self, path): - """Remove a directory. - - :param path: string - """ - if self._exists(path): - shutil.rmtree(path) - - def _remove_file(self, path): - """Remove a file. - - :param path: string - """ - if self._exists(path): - os.remove(path) - - def _create_dir(self, path): - """Creates a directory. - - :param path: string - """ - if self._exists(path): - self._remove_dir(path) - os.makedirs(path) - - def _find(self, path, pattern='*.json'): - """Returns a list of files in a directory. - - :param path: string - :param pattern: string - :returns: list - """ - configs = [] - if self._exists(path): - for root, dirnames, filenames in os.walk(path): - for filename in fnmatch.filter(filenames, pattern): - configs.append(os.path.join(root, filename)) - else: - self.module.warn('{} does not exists'.format(path)) - return configs - - def _slurp(self, path): - """Slurps a file and return its content. - - :param path: string - :returns: string - """ - if self._exists(path): - with open(path, 'r') as f: - return f.read() - else: - self.module.warn('{} was not found.'.format(path)) - return '' - - def _update_container_config(self, path, config): - """Update a container config. - - :param path: string - :param config: string - """ - with open(path, 'wb') as f: - f.write(json.dumps(config, indent=2).encode('utf-8')) - os.chmod(path, 0o600) - self.results['changed'] = True - - def _get_config_hash(self, config_volume): - """Returns a config hash from a config_volume. - - :param config_volume: string - :returns: string - """ - hashfile = "%s.md5sum" % config_volume - hash_data = '' - if self._exists(hashfile): - return self._slurp(hashfile).strip('\n') - - def _get_config_base(self, prefix, volume): - """Returns a config base path for a specific volume. - - :param prefix: string - :param volume: string - :returns: string - """ - # crawl the volume's path upwards until we find the - # volume's base, where the hashed config file resides - path = volume - base = prefix.rstrip(os.path.sep) - base_generated = os.path.join(base, 'puppet-generated') - while path.startswith(prefix): - dirname = os.path.dirname(path) - if dirname == base or dirname == base_generated: - return path - else: - path = dirname - self.module.fail_json( - msg='Could not find config base for: {} ' - 'with prefix: {}'.format(volume, prefix)) - - def _match_config_volumes(self, config): - """Return a list of volumes that match a config. - - :param config: dict - :returns: list - """ - # Match the mounted config volumes - we can't just use the - # key as e.g "novacomute" consumes config-data/nova - prefix = self.config_vol_prefix - try: - volumes = config.get('volumes', []) - except AttributeError: - self.module.fail_json( - msg='Error fetching volumes. Prefix: ' - '{} - Config: {}'.format(prefix, config)) - return sorted([self._get_config_base(prefix, v.split(":")[0]) - for v in volumes if v.startswith(prefix)]) - - def _update_hashes(self): - """Update container startup config with new config hashes if needed. - """ - configs = self._find(CONTAINER_STARTUP_CONFIG) - for config in configs: - old_config_hash = '' - cname = os.path.splitext(os.path.basename(config))[0] - if cname.startswith('hashed-'): - # Take the opportunity to cleanup old hashed files which - # don't exist anymore. - self._remove_file(config) - continue - startup_config_json = json.loads(self._slurp(config)) - config_volumes = self._match_config_volumes(startup_config_json) - config_hashes = [ - self._get_config_hash(vol_path) for vol_path in config_volumes - ] - config_hashes = filter(None, config_hashes) - if 'environment' in startup_config_json: - old_config_hash = startup_config_json['environment'].get( - 'TRIPLEO_CONFIG_HASH', '') - if config_hashes is not None and config_hashes: - config_hash = '-'.join(config_hashes) - if config_hash == old_config_hash: - # config doesn't need an update - continue - self.module.debug( - 'Config change detected for {}, new hash: {}'.format( - cname, - config_hash - ) - ) - if 'environment' not in startup_config_json: - startup_config_json['environment'] = {} - startup_config_json['environment']['TRIPLEO_CONFIG_HASH'] = ( - config_hash) - self._update_container_config(config, startup_config_json) - - def _cleanup_old_configs(self): - """Cleanup old container configurations and directories. - """ - # This configuration file was removed here: - # https://review.opendev.org/#/c/702876 - old_config = os.path.join(CONTAINER_STARTUP_CONFIG + '-step_' - + str(self.step) + '.json') - self._remove_file(old_config) - - -def main(): - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=True, - ) - results = dict( - changed=False - ) - ContainerPuppetManager(module, results) - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/container_startup_config.py b/tripleo_ansible/ansible_plugins/modules/container_startup_config.py deleted file mode 100644 index 0d10d7d53..000000000 --- a/tripleo_ansible/ansible_plugins/modules/container_startup_config.py +++ /dev/null @@ -1,148 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -import glob -import json -import os -import shutil -import yaml - -from ansible.module_utils.basic import AnsibleModule - -DOCUMENTATION = """ ---- -module: container_startup_config -author: - - "TripleO team" -version_added: '2.9' -short_description: Generate startup containers configs -notes: [] -description: - - It will generate container startup configs that will be consumed by the - tripleo-container-manage role that is using podman_container module. -requirements: - - None -options: - config_base_dir: - description: - - Config base directory - type: str - default: '/var/lib/tripleo-config/container-startup-config' - config_data: - description: - - Dictionary of container configs data - type: dict - required: true -""" - -EXAMPLES = """ -- name: Generate startup container config for all the steps - container_startup_config: - config_data: - step_1: - haproxy: - image: quay.io/haproxy - memcached: - image: quay.io/memcached - step_2: - mysql: - image: quay.io/mysql -""" - - -class ContainerStartupManager: - """Class for container_startup_config module.""" - - def __init__(self, module, results): - - super(ContainerStartupManager, self).__init__() - self.module = module - self.results = results - - # parse args - args = self.module.params - - # Set parameters - self.config_base_dir = args['config_base_dir'] - self.config_data = args['config_data'] - - # Cleanup old configs created by previous releases - self._cleanup_old_configs() - - # Create config_base_dir - if not os.path.exists(self.config_base_dir): - os.makedirs(self.config_base_dir) - os.chmod(self.config_base_dir, 0o600) - self.results['changed'] = True - - # Generate the container configs per step - for step, step_config in self.config_data.items(): - step_dir = os.path.join(self.config_base_dir, step) - self._recreate_dir(step_dir) - for container, container_config in step_config.items(): - container_config_path = os.path.join(self.config_base_dir, - step, container + '.json') - self._create_config(container_config_path, container_config) - - self.module.exit_json(**self.results) - - def _recreate_dir(self, path): - """Creates a directory. - - :param path: string - """ - os.makedirs(path) - - def _create_config(self, path, config): - """Update a container config. - - :param path: string - :param config: string - """ - with open(path, "wb") as config_file: - config_file.write(json.dumps(config, indent=2).encode('utf-8')) - os.chmod(path, 0o600) - self.results['changed'] = True - - def _cleanup_old_configs(self): - """Cleanup old container configurations from previous releases. - """ - pattern = '*docker-container-startup-config*.json' - old_configs = glob.glob(os.path.join('/var/lib/tripleo-config', - pattern)) - for config in old_configs: - os.remove(config) - - step_dirs = glob.glob(self.config_base_dir + '/step_*') - for step_dir in step_dirs: - shutil.rmtree(step_dir, ignore_errors=True) - - -def main(): - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=True, - ) - results = dict( - changed=False - ) - ContainerStartupManager(module, results) - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/lvm2_physical_devices_facts.py b/tripleo_ansible/ansible_plugins/modules/lvm2_physical_devices_facts.py deleted file mode 100644 index 897d67c64..000000000 --- a/tripleo_ansible/ansible_plugins/modules/lvm2_physical_devices_facts.py +++ /dev/null @@ -1,102 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -DOCUMENTATION = """ -module: lvm2_physical_devices_facts -short_description: Gather list of block devices in use by LVM2 -version_added: '1.0.0' -description: Gather list of block devices in use by LVM2 as PVs -author: - - "Giulio Fidente (@gfidente)" -""" - -EXAMPLES = """ -- name: Get list of LVM2 PVs - lvm2_physical_devices_facts: -""" - -RETURN = """ -ansible_facts: - description: List of PVs in use - returned: always - type: dict - contains: - lvm2_active_pvs: - description: List of LVM2 volumes hosting active LVs - type: list - returned: always but it might be empty - sample: ['/dev/sdb2'] -""" - -from ansible.module_utils.basic import AnsibleModule - - -def get_vgs_with_active_lvs(module): - command = ['lvs', '--noheadings', '--options', 'vg_name', '--select', 'lv_active=active'] - rc, out, err = module.run_command(command) - if rc != 0: - module.fail_json(msg="Failed to run LVM2 lvs command", err=err) - if not out: - return [] - vgs = list(set(out.split())) - return vgs - - -def get_pvs_in_use_by_active_vg(module, active_vg): - command = ['vgs', '--noheadings', '--options', 'pv_name', active_vg] - rc, out, err = module.run_command(command) - if rc != 0: - module.fail_json(msg="Failed to run LVM2 vgs command for %s" % (active_vg), err=err) - if not out: - return [] - pvs = list(set(out.split())) - return pvs - - -def run_module(): - module_args = {} - - result = dict( - changed=False, - ansible_facts=dict(), - ) - - module = AnsibleModule( - argument_spec=module_args, - supports_check_mode=True, - ) - - if module.check_mode: - module.exit_json(**result) - - active_vgs = get_vgs_with_active_lvs(module) - active_pvs = [] - for vg in active_vgs: - active_pvs.extend(get_pvs_in_use_by_active_vg(module, vg)) - pvs = {'lvm2_active_pvs': list(set(active_pvs))} - result['ansible_facts'] = pvs - - module.exit_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/os_baremetal_clean_node.py b/tripleo_ansible/ansible_plugins/modules/os_baremetal_clean_node.py deleted file mode 100644 index 96a77085a..000000000 --- a/tripleo_ansible/ansible_plugins/modules/os_baremetal_clean_node.py +++ /dev/null @@ -1,571 +0,0 @@ -#!/usr/bin/python -# Copyright (c) 2019 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# flake8: noqa: E501 -__metaclass__ = type - - -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} - - -DOCUMENTATION = ''' ---- -module: os_baremetal_clean_node -short_description: Clean baremetal nodes of Ironic -extends_documentation_fragment: openstack -author: - - "Sagi Shnaidman (@sshnaidm)" -version_added: "2.10" -description: - - Clean Ironic nodes. -options: - node_uuid: - description: - - globally unique identifier (UUID) to identify the host. - type: list - required: False - default: [] - node_name: - description: - - unique name identifier to identify the host in Ironic. - type: list - required: False - default: [] - clean_steps: - description: - - The clean steps as a list of clean-step - dictionaries; each dictionary should have keys 'interface' and - 'step', and optional key 'args'. This must be specified for node - cleaning. - type: list - required: True - timeout: - description: - - Timeout to wait for each node to clean in seconds. - type: int - required: False - default: 1800 - quiet: - description: - - Don't provide cleaned nodes info in output of the module - type: bool - default: False - max_retries: - description: - - Number of attempts before failing. - type: int - required: False - default: 0 - concurrency: - description: - - Max level of concurrency. - type: int - required: False - default: 20 - raid_config: - description: - - Sets the raid configuration for a given node. - type: dict - required: False -requirements: ["openstacksdk"] -''' - -RETURN = ''' -baremetal_nodes: - description: Dictionary of new facts representing discovered properties of - the node. - returned: changed - type: dict - sample: { - "baremetal_data": [ - { - "af7e758c-d5d0-4cd6-9f60-efbabf5a7788": { - "allocation_id": null, - "bios_interface": null, - "boot_interface": null, - "chassis_id": null, - "clean_step": null, - "conductor": null, - "conductor_group": null, - "console_interface": null, - "created_at": null, - "deploy_interface": null, - "deploy_step": null, - "driver": null, - "driver_info": null, - "driver_internal_info": null, - "extra": null, - "fault": null, - "id": "af7e758c-d5d0-4cd6-9f60-efbabf5a7788", - "inspect_interface": null, - "instance_id": null, - "instance_info": null, - "is_automated_clean_enabled": null, - "is_console_enabled": null, - "is_maintenance": null, - "is_protected": null, - "last_error": null, - "links": [ - { - "href": "https://192.168.24.2:13385/v1/nodes/af7e758c-d5d0-4cd6-9f60-efbabf5a7788", - "rel": "self" - }, - { - "href": "https://192.168.24.2:13385/nodes/af7e758c-d5d0-4cd6-9f60-efbabf5a7788", - "rel": "bookmark" - } - ], - "location": { - "cloud": "undercloud", - "project": { - "domain_id": null, - "domain_name": "Default", - "id": "09c0706606d04ca5a57b3894ad6e915a", - "name": "admin" - }, - "region_name": "regionOne", - "zone": null - }, - "maintenance_reason": null, - "management_interface": null, - "name": null, - "network_interface": null, - "owner": null, - "port_groups": null, - "ports": null, - "power_interface": null, - "power_state": null, - "properties": null, - "protected_reason": null, - "provision_state": "manageable", - "raid_config": null, - "raid_interface": null, - "rescue_interface": null, - "reservation": null, - "resource_class": null, - "states": null, - "storage_interface": null, - "target_power_state": null, - "target_provision_state": null, - "target_raid_config": null, - "traits": null, - "updated_at": null, - "vendor_interface": null - } - }, - { - "c0a4aa96-742d-40be-b594-f940856dfae7": { - "allocation_id": null, - "bios_interface": null, - "boot_interface": null, - "chassis_id": null, - "clean_step": null, - "conductor": null, - "conductor_group": null, - "console_interface": null, - "created_at": null, - "deploy_interface": null, - "deploy_step": null, - "driver": null, - "driver_info": null, - "driver_internal_info": null, - "extra": null, - "fault": null, - "id": "c0a4aa96-742d-40be-b594-f940856dfae7", - "inspect_interface": null, - "instance_id": null, - "instance_info": null, - "is_automated_clean_enabled": null, - "is_console_enabled": null, - "is_maintenance": null, - "is_protected": null, - "last_error": null, - "links": [ - { - "href": "https://192.168.24.2:13385/v1/nodes/c0a4aa96-742d-40be-b594-f940856dfae7", - "rel": "self" - }, - { - "href": "https://192.168.24.2:13385/nodes/c0a4aa96-742d-40be-b594-f940856dfae7", - "rel": "bookmark" - } - ], - "location": { - "cloud": "undercloud", - "project": { - "domain_id": null, - "domain_name": "Default", - "id": "09c0706606d04ca5a57b3894ad6e915a", - "name": "admin" - }, - "region_name": "regionOne", - "zone": null - }, - "maintenance_reason": null, - "management_interface": null, - "name": null, - "network_interface": null, - "owner": null, - "port_groups": null, - "ports": null, - "power_interface": null, - "power_state": null, - "properties": null, - "protected_reason": null, - "provision_state": "manageable", - "raid_config": null, - "raid_interface": null, - "rescue_interface": null, - "reservation": null, - "resource_class": null, - "states": null, - "storage_interface": null, - "target_power_state": null, - "target_provision_state": null, - "target_raid_config": null, - "traits": null, - "updated_at": null, - "vendor_interface": null - } - }, - { - "72176c3a-cfcb-4d82-927d-92b1d3f46716": { - "allocation_id": null, - "bios_interface": null, - "boot_interface": null, - "chassis_id": null, - "clean_step": null, - "conductor": null, - "conductor_group": null, - "console_interface": null, - "created_at": null, - "deploy_interface": null, - "deploy_step": null, - "driver": null, - "driver_info": null, - "driver_internal_info": null, - "extra": null, - "fault": null, - "id": "72176c3a-cfcb-4d82-927d-92b1d3f46716", - "inspect_interface": null, - "instance_id": null, - "instance_info": null, - "is_automated_clean_enabled": null, - "is_console_enabled": null, - "is_maintenance": null, - "is_protected": null, - "last_error": null, - "links": [ - { - "href": "https://192.168.24.2:13385/v1/nodes/72176c3a-cfcb-4d82-927d-92b1d3f46716", - "rel": "self" - }, - { - "href": "https://192.168.24.2:13385/nodes/72176c3a-cfcb-4d82-927d-92b1d3f46716", - "rel": "bookmark" - } - ], - "location": { - "cloud": "undercloud", - "project": { - "domain_id": null, - "domain_name": "Default", - "id": "09c0706606d04ca5a57b3894ad6e915a", - "name": "admin" - }, - "region_name": "regionOne", - "zone": null - }, - "maintenance_reason": null, - "management_interface": null, - "name": null, - "network_interface": null, - "owner": null, - "port_groups": null, - "ports": null, - "power_interface": null, - "power_state": null, - "properties": null, - "protected_reason": null, - "provision_state": "manageable", - "raid_config": null, - "raid_interface": null, - "rescue_interface": null, - "reservation": null, - "resource_class": null, - "states": null, - "storage_interface": null, - "target_power_state": null, - "target_provision_state": null, - "target_raid_config": null, - "traits": null, - "updated_at": null, - "vendor_interface": null - } - } - ], - "changed": true, - "failed_nodes": [], - "passed_nodes": [ - "af7e758c-d5d0-4cd6-9f60-efbabf5a7788", - "c0a4aa96-742d-40be-b594-f940856dfae7", - "72176c3a-cfcb-4d82-927d-92b1d3f46716" - ] - } -''' # noqa - -EXAMPLES = ''' -# Invoke node inspection -- os_baremetal_clean_node: - node_uuid: - - 0593c323-ad62-4ce9-b431-3c322827a428 - clean_steps: - - interface: deploy - step: erase_devices_metadata - -- os_baremetal_clean_node: - node_uuid: - - 0593c323-ad62-4ce9-b431-3c322827a428 - raid_config: - logical_disks: - - "size_gb": 100 - "raid_level": "1" - "controller": "software" - clean_steps: - - interface: raid - step: delete_configuration - - interface: raid - step: create_configuration - -- os_baremetal_clean_node: - node_uuid: - - 0593c323-ad62-4ce9-b431-3c322827a428 - clean_steps: - - interface: bios - step: apply_configuration - priority: 150 - args: - settings: - - name: "LogicalProc" - value: "Disabled" - -- os_baremetal_clean_node: - node_name: - - baremetal-85-3 - clean_steps: - - interface: management - step: activate_license - args: - ilo_license_key: "ABC12-XXXXX-XXXXX-XXXXX-YZ345" - - interface: management - step: update_firmware - args: - firmware_update_mode: "ilo" - firmware_images: - - url: "file:///firmware_images/ilo/1.5/CP024444.scexe" - checksum: "a94e683ea16d9ae44768f0a65942234d" - component: "ilo" -''' - -import yaml - -from concurrent import futures - -from openstack import exceptions - -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import (openstack_full_argument_spec, - openstack_module_kwargs, - openstack_cloud_from_module) - - -def parallel_nodes_cleaning(conn, module): - client = conn.baremetal - node_timeout = module.params['timeout'] - nodes = module.params['node_uuid'] + module.params['node_name'] - clean_steps = module.params['clean_steps'] - result = {} - - if module.params['raid_config']: - for node in nodes: - try: - node_info = client.update_node( - node, - target_raid_config=module.params['raid_config'] - ) - result.update({node: { - 'msg': 'Setting the raid configuration' - ' for node {} succeeded.'.format(node), - 'failed': False, - 'info': node_info, - }}) - except exceptions.BadRequestException as e: - result.update({node: { - 'msg': 'Setting raid configuration' - ' for node {} failed. Error: {}'.format( - node, - str(e) - ), - 'failed': True, - 'error': str(e), - 'info': {}, - }}) - nodes.pop(nodes.index(node)) - - workers = min(len(nodes), module.params['concurrency']) or 1 - with futures.ThreadPoolExecutor(max_workers=workers) as executor: - future_to_build = { - executor.submit( - client.set_node_provision_state, - node, - "clean", - clean_steps=clean_steps, - wait=True - ): node for node in nodes - } - - done, not_done = futures.wait( - future_to_build, - timeout=node_timeout, - return_when=futures.ALL_COMPLETED - ) - - nodes_wait = list() - for job in done: - if job._exception: - result.update( - { - future_to_build[job]: { - 'msg': 'Cleaning failed for node {}: {}'.format( - future_to_build[job], - str(job._exception) - ), - 'failed': True, - 'info': {} - } - } - ) - else: - nodes_wait.append(future_to_build[job]) - else: - if not_done: - for job in not_done: - result.update( - { - future_to_build[job]: { - 'msg': 'Cleaning incomplete for node {}'.format( - future_to_build[job], - ), - 'failed': True, - 'info': {} - } - } - ) - - nodes_to_delete = [] - for node in nodes_wait: - node_info = client.get_node( - node, - fields=['provision_state', 'last_error'] - ).to_dict() - state = node_info['provision_state'] - if state == 'manageable': - nodes_to_delete.append(node) - result.update({node: { - 'msg': 'Successful cleaning for node %s' % node, - 'failed': False, - 'error': '', - 'info': node_info, - }}) - elif state not in [ - 'manageable', 'cleaning', 'clean wait', 'available']: - nodes_to_delete.append(node) - result.update({node: { - 'msg': 'Failed cleaning for node %s: %s' % ( - node, - node_info['last_error'] or 'state %s' % state), - 'failed': True, - 'info': node_info, - }}) - - for node in nodes_to_delete: - nodes_wait.remove(node) - - if nodes_wait: - for node in nodes_wait: - node_info = client.get_node( - node, - fields=['provision_state', 'last_error'] - ).to_dict() - state = node_info['provision_state'] - result.update({node: { - 'msg': 'Timeout exceeded for node %s: ' - 'node is in state %s' % (node, state), - 'failed': True, - 'info': node_info, - }}) - - return result - - -def main(): - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - module_kwargs = openstack_module_kwargs() - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **module_kwargs - ) - if not module.params['node_uuid'] and not module.params['node_name']: - module.fail_json(msg="Provide either UUID or names of nodes!") - sdk, cloud = openstack_cloud_from_module(module) - - try: - result = parallel_nodes_cleaning(cloud, module) - module_results = {"changed": True} - failed_nodes = [k for k, v in result.items() if v['failed']] - passed_nodes = [k for k, v in result.items() if not v['failed']] - infos = [{k: v['info']} for k, v in result.items()] - all_errors = "\n".join( - [v['msg'] for k, v in result.items() if v['failed']]) - failed = len(failed_nodes) - if failed > 0: - message = ("Cleaning completed with failures. %s node(s) failed." - "Errors: %s" - % (failed, all_errors)) - module_results.update({'failed': True}) - else: - message = "Cleaning completed successfully: %s nodes" % len( - module.params["node_uuid"]) - module_results.update({ - "baremetal_data": infos if not module.params['quiet'] else {}, - "failed_nodes": failed_nodes, - "passed_nodes": passed_nodes, - "msg": message - }) - module.exit_json(**module_results) - - except sdk.exceptions.OpenStackCloudException as e: - module.fail_json(msg=str(e)) - - -if __name__ == "__main__": - main() diff --git a/tripleo_ansible/ansible_plugins/modules/os_baremetal_node_info.py b/tripleo_ansible/ansible_plugins/modules/os_baremetal_node_info.py deleted file mode 100644 index 25ca3d6fe..000000000 --- a/tripleo_ansible/ansible_plugins/modules/os_baremetal_node_info.py +++ /dev/null @@ -1,387 +0,0 @@ -#!/usr/bin/python -# Copyright (c) 2019 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# flake8: noqa: E501 -__metaclass__ = type - - -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} - - -DOCUMENTATION = ''' ---- -module: os_baremetal_node_info -short_description: Show info about baremetal nodes of Ironic -extends_documentation_fragment: openstack -author: - - "Sagi Shnaidman (@sshnaidm)" -version_added: "2.10" -description: - - Requests Ironic for nodes info. -options: - mac: - description: - - unique mac address that is used to attempt to identify the host. - type: str - required: False - uuid: - description: - - globally unique identifier (UUID) to identify the host. - type: str - required: False - name: - description: - - unique name identifier to identify the host in Ironic. - type: str - required: False - ironic_url: - description: - - If noauth mode is utilized, this is required to be set to the - endpoint URL for the Ironic API. - Use with "auth" and "auth_type" settings set to None. - type: str - required: False - filters: - description: - - Filters to pass for Ironic client - type: dict - default: {} - suboptions: - associated: - description: - - Only return those which are, or are not, associated with an - instance_id. - type: str - required: False - conductor_group: - description: - - Only return those in the specified conductor_group. - type: str - required: False - driver: - description: - - Only return those with the specified driver. - type: str - required: False - fault: - description: - - Only return those with the specified fault type. - type: str - required: False - instance_id: - description: - - Only return the node with this specific instance UUID or an empty - set if not found. - type: str - required: False - is_maintenance: - description: - - Only return those with maintenance set to True or False. - type: bool - required: False - limit: - description: - - Requests at most the specified number of nodes be returned from - the query. - type: int - required: False - marker: - description: - - Specifies the ID of the last-seen node. Use the limit parameter - to make an initial limited request and use the ID of the - last-seen node from the response as the marker value in a - subsequent limited request. - type: str - required: False - provision_state: - description: - - Only return those nodes with the specified provision_state. - type: str - required: False - resource_class: - description: - - Only return those with the specified resource_class. - type: str - required: False - sort_dir: - description: - - Sorts the response by the requested sort direction. - A valid value is asc (ascending) or desc (descending). Default is asc. - You can specify multiple pairs of sort key and sort direction query parameters. - If you omit the sort direction in a pair, the API uses the natural sorting direction of - the server attribute that is provided as the sort_key. - type: str - required: False - choices: - - asc - - desc - sort_key: - description: - - Sorts the response by the this attribute value. Default is id. - You can specify multiple pairs of sort key and sort direction query parameters. - If you omit the sort direction in a pair, the API uses the natural sorting direction - of the server attribute that is provided as the sort_key. - type: str - required: False - -requirements: ["openstacksdk"] -''' - -RETURN = ''' -baremetal_nodes: - description: Dictionary of new facts representing discovered properties of - the node. - returned: changed - type: list - sample: [ - { - "allocation_id": null, - "bios_interface": "no-bios", - "boot_interface": "ipxe", - "chassis_id": null, - "clean_step": {}, - "conductor": "undercloud.localdomain", - "conductor_group": "", - "console_interface": "ipmitool-socat", - "created_at": "2019-11-13T09:01:36+00:00", - "deploy_interface": "iscsi", - "deploy_step": {}, - "driver": "ipmi", - "driver_info": { - "deploy_kernel": "file:///var/lib/ironic/httpboot/agent.kernel", - "deploy_ramdisk": "file:///var/lib/ironic/httpboot/agent.ramdisk", - "ipmi_address": "192.168.100.19", - "ipmi_password": "******", - "ipmi_username": "admin", - "rescue_kernel": "file:///var/lib/ironic/httpboot/agent.kernel", - "rescue_ramdisk": "file:///var/lib/ironic/httpboot/agent.ramdisk" - }, - "driver_internal_info": { - "agent_cached_clean_steps": { - "deploy": [ - { - "abortable": true, - "interface": "deploy", - "priority": 99, - "reboot_requested": false, - "step": "erase_devices_metadata" - }, - { - "abortable": true, - "interface": "deploy", - "priority": 10, - "reboot_requested": false, - "step": "erase_devices" - } - ], - "raid": [ - { - "abortable": true, - "interface": "raid", - "priority": 0, - "reboot_requested": false, - "step": "create_configuration" - }, - { - "abortable": true, - "interface": "raid", - "priority": 0, - "reboot_requested": false, - "step": "delete_configuration" - } - ] - }, - "agent_cached_clean_steps_refreshed": "2019-11-13 09:06:10.069764", - "agent_continue_if_ata_erase_failed": false, - "agent_enable_ata_secure_erase": true, - "agent_erase_devices_iterations": 1, - "agent_erase_devices_zeroize": true, - "agent_last_heartbeat": "2019-11-13T09:27:45.360292", - "agent_url": "http://192.168.24.11:9999", - "agent_version": "5.1.0.dev23", - "clean_steps": null, - "deploy_boot_mode": "bios", - "deploy_steps": null, - "disk_erasure_concurrency": 1, - "hardware_manager_version": { - "generic_hardware_manager": "1.1" - }, - "is_whole_disk_image": false, - "last_power_state_change": "2019-11-13T09:30:28.924594", - "root_uuid_or_disk_id": "ccd53b26-429c-494a-ae99-bd244e6c488b" - }, - "extra": {}, - "fault": null, - "id": "400b3cd0-d134-417b-8f0e-63e273e01e5a", - "inspect_interface": "inspector", - "instance_id": "6911e6d6-c2e0-41df-ad88-3e4ab014e24c", - "instance_info": { - "configdrive": "******", - "display_name": "overcloud-controller-2", - "image_source": "e1712507-7d7c-4ee1-8cc7-155cc2c698f5", - "local_gb": "79", - "memory_mb": "4096", - "nova_host_id": "undercloud.localdomain", - "root_gb": "40", - "swap_mb": "0", - "vcpus": "1" - }, - "is_automated_clean_enabled": null, - "is_console_enabled": false, - "is_maintenance": false, - "is_protected": false, - "last_error": null, - "links": [ - { - "href": "https://192.168.24.2:13385/v1/nodes/400b3cd0-d134-417b-8f0e-63e273e01e5a", - "rel": "self" - }, - { - "href": "https://192.168.24.2:13385/nodes/400b3cd0-d134-417b-8f0e-63e273e01e5a", - "rel": "bookmark" - } - ], - "location": { - "cloud": "undercloud", - "project": { - "domain_id": null, - "domain_name": "Default", - "id": "5cd4120087264bb2b28f4413501e639a", - "name": "admin" - }, - "region_name": "regionOne", - "zone": null - }, - "maintenance_reason": null, - "management_interface": "ipmitool", - "name": "baremetal-1010-0", - "network_interface": "flat", - "port_groups": [ - { - "href": "https://192.168.24.2:13385/v1/nodes/400b3cd0-d134-417b-8f0e-63e273e01e5a/portgroups", - "rel": "self" - }, - { - "href": "https://192.168.24.2:13385/nodes/400b3cd0-d134-417b-8f0e-63e273e01e5a/portgroups", - "rel": "bookmark" - } - ], - "ports": [ - { - "href": "https://192.168.24.2:13385/v1/nodes/400b3cd0-d134-417b-8f0e-63e273e01e5a/ports", - "rel": "self" - }, - { - "href": "https://192.168.24.2:13385/nodes/400b3cd0-d134-417b-8f0e-63e273e01e5a/ports", - "rel": "bookmark" - } - ], - "power_interface": "ipmitool", - "power_state": "power on", - "properties": { - "capabilities": "cpu_vt:true,cpu_aes:true,cpu_hugepages_1g:true,cpu_hugepages:true,boot_option:local", - "cpu_arch": "x86_64", - "cpus": "4", - "local_gb": "79", - "memory_mb": "8192" - }, - "protected_reason": null, - "provision_state": "active", - "raid_config": {}, - "raid_interface": "no-raid", - "rescue_interface": "agent", - "reservation": null, - "resource_class": "baremetal", - "states": [ - { - "href": "https://192.168.24.2:13385/v1/nodes/400b3cd0-d134-417b-8f0e-63e273e01e5a/states", - "rel": "self" - }, - { - "href": "https://192.168.24.2:13385/nodes/400b3cd0-d134-417b-8f0e-63e273e01e5a/states", - "rel": "bookmark" - } - ], - "storage_interface": "noop", - "target_power_state": null, - "target_provision_state": null, - "target_raid_config": {}, - "traits": [], - "updated_at": "2019-11-13T09:30:47+00:00", - "vendor_interface": "ipmitool" - } - ] -''' # noqa - -EXAMPLES = ''' -# Invoke node inspection -- os_baremetal_node_info: - name: "testnode1" - -- os_baremetal_node_info: - cloud: undercloud - filters: - is_maintenance: true -''' -import yaml - -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - - -def _choose_id_value(module): - if module.params['uuid']: - return module.params['uuid'] - if module.params['name']: - return module.params['name'] - return None - - -def main(): - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - module_kwargs = openstack_module_kwargs() - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **module_kwargs - ) - sdk, cloud = openstack_cloud_from_module(module) - - try: - if module.params['name'] or module.params['uuid']: - result = cloud.get_machine(_choose_id_value(module)) - elif module.params['mac']: - result = cloud.get_machine_by_mac(module.params['mac']) - else: - result = list(cloud.baremetal.nodes(details=True, - **module.params['filters'])) - - module.exit_json(changed=False, - baremetal_nodes=result) - - except sdk.exceptions.OpenStackCloudException as e: - module.fail_json(msg=str(e)) - - -if __name__ == "__main__": - main() diff --git a/tripleo_ansible/ansible_plugins/modules/os_baremetal_provide_node.py b/tripleo_ansible/ansible_plugins/modules/os_baremetal_provide_node.py deleted file mode 100644 index 9127d8164..000000000 --- a/tripleo_ansible/ansible_plugins/modules/os_baremetal_provide_node.py +++ /dev/null @@ -1,497 +0,0 @@ -#!/usr/bin/python -# Copyright (c) 2019 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# flake8: noqa: E501 -__metaclass__ = type - - -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} - - -DOCUMENTATION = ''' ---- -module: os_baremetal_provide_node -short_description: Provide baremetal nodes of Ironic -extends_documentation_fragment: openstack -author: - - "Sagi Shnaidman (@sshnaidm)" -version_added: "2.10" -description: - - Provide Ironic nodes. -options: - node_uuid: - description: - - globally unique identifier (UUID) to identify the host. - type: list - required: False - default: [] - node_name: - description: - - unique name identifier to identify the host in Ironic. - type: list - required: False - default: [] - timeout: - description: - - Timeout to wait for each node to clean in seconds. - type: int - required: False - default: 1800 - quiet: - description: - - Don't provide cleaned nodes info in output of the module - type: bool - default: False - failfast: - description: - - Don't wait for other nodes to provide if at least one failed - type: bool - default: True - wait_for_bridge_mappings: - description: - - Whether to poll neutron agents for an agent with populated mappings - before doing the provide - type: bool - default: False -requirements: ["openstacksdk"] -''' - -RETURN = ''' -baremetal_nodes: - description: Dictionary of new facts representing discovered properties of - the node. - returned: changed - type: dict - sample: { - "baremetal_data": [ - { - "af7e758c-d5d0-4cd6-9f60-efbabf5a7788": { - "allocation_id": null, - "bios_interface": null, - "boot_interface": null, - "chassis_id": null, - "clean_step": null, - "conductor": null, - "conductor_group": null, - "console_interface": null, - "created_at": null, - "deploy_interface": null, - "deploy_step": null, - "driver": null, - "driver_info": null, - "driver_internal_info": null, - "extra": null, - "fault": null, - "id": "af7e758c-d5d0-4cd6-9f60-efbabf5a7788", - "inspect_interface": null, - "instance_id": null, - "instance_info": null, - "is_automated_clean_enabled": null, - "is_console_enabled": null, - "is_maintenance": null, - "is_protected": null, - "last_error": null, - "links": [ - { - "href": "https://192.168.24.2:13385/v1/nodes/af7e758c-d5d0-4cd6-9f60-efbabf5a7788", - "rel": "self" - }, - { - "href": "https://192.168.24.2:13385/nodes/af7e758c-d5d0-4cd6-9f60-efbabf5a7788", - "rel": "bookmark" - } - ], - "location": { - "cloud": "undercloud", - "project": { - "domain_id": null, - "domain_name": "Default", - "id": "09c0706606d04ca5a57b3894ad6e915a", - "name": "admin" - }, - "region_name": "regionOne", - "zone": null - }, - "maintenance_reason": null, - "management_interface": null, - "name": null, - "network_interface": null, - "owner": null, - "port_groups": null, - "ports": null, - "power_interface": null, - "power_state": null, - "properties": null, - "protected_reason": null, - "provision_state": "manageable", - "raid_config": null, - "raid_interface": null, - "rescue_interface": null, - "reservation": null, - "resource_class": null, - "states": null, - "storage_interface": null, - "target_power_state": null, - "target_provision_state": null, - "target_raid_config": null, - "traits": null, - "updated_at": null, - "vendor_interface": null - } - }, - { - "c0a4aa96-742d-40be-b594-f940856dfae7": { - "allocation_id": null, - "bios_interface": null, - "boot_interface": null, - "chassis_id": null, - "clean_step": null, - "conductor": null, - "conductor_group": null, - "console_interface": null, - "created_at": null, - "deploy_interface": null, - "deploy_step": null, - "driver": null, - "driver_info": null, - "driver_internal_info": null, - "extra": null, - "fault": null, - "id": "c0a4aa96-742d-40be-b594-f940856dfae7", - "inspect_interface": null, - "instance_id": null, - "instance_info": null, - "is_automated_clean_enabled": null, - "is_console_enabled": null, - "is_maintenance": null, - "is_protected": null, - "last_error": null, - "links": [ - { - "href": "https://192.168.24.2:13385/v1/nodes/c0a4aa96-742d-40be-b594-f940856dfae7", - "rel": "self" - }, - { - "href": "https://192.168.24.2:13385/nodes/c0a4aa96-742d-40be-b594-f940856dfae7", - "rel": "bookmark" - } - ], - "location": { - "cloud": "undercloud", - "project": { - "domain_id": null, - "domain_name": "Default", - "id": "09c0706606d04ca5a57b3894ad6e915a", - "name": "admin" - }, - "region_name": "regionOne", - "zone": null - }, - "maintenance_reason": null, - "management_interface": null, - "name": null, - "network_interface": null, - "owner": null, - "port_groups": null, - "ports": null, - "power_interface": null, - "power_state": null, - "properties": null, - "protected_reason": null, - "provision_state": "manageable", - "raid_config": null, - "raid_interface": null, - "rescue_interface": null, - "reservation": null, - "resource_class": null, - "states": null, - "storage_interface": null, - "target_power_state": null, - "target_provision_state": null, - "target_raid_config": null, - "traits": null, - "updated_at": null, - "vendor_interface": null - } - }, - { - "72176c3a-cfcb-4d82-927d-92b1d3f46716": { - "allocation_id": null, - "bios_interface": null, - "boot_interface": null, - "chassis_id": null, - "clean_step": null, - "conductor": null, - "conductor_group": null, - "console_interface": null, - "created_at": null, - "deploy_interface": null, - "deploy_step": null, - "driver": null, - "driver_info": null, - "driver_internal_info": null, - "extra": null, - "fault": null, - "id": "72176c3a-cfcb-4d82-927d-92b1d3f46716", - "inspect_interface": null, - "instance_id": null, - "instance_info": null, - "is_automated_clean_enabled": null, - "is_console_enabled": null, - "is_maintenance": null, - "is_protected": null, - "last_error": null, - "links": [ - { - "href": "https://192.168.24.2:13385/v1/nodes/72176c3a-cfcb-4d82-927d-92b1d3f46716", - "rel": "self" - }, - { - "href": "https://192.168.24.2:13385/nodes/72176c3a-cfcb-4d82-927d-92b1d3f46716", - "rel": "bookmark" - } - ], - "location": { - "cloud": "undercloud", - "project": { - "domain_id": null, - "domain_name": "Default", - "id": "09c0706606d04ca5a57b3894ad6e915a", - "name": "admin" - }, - "region_name": "regionOne", - "zone": null - }, - "maintenance_reason": null, - "management_interface": null, - "name": null, - "network_interface": null, - "owner": null, - "port_groups": null, - "ports": null, - "power_interface": null, - "power_state": null, - "properties": null, - "protected_reason": null, - "provision_state": "manageable", - "raid_config": null, - "raid_interface": null, - "rescue_interface": null, - "reservation": null, - "resource_class": null, - "states": null, - "storage_interface": null, - "target_power_state": null, - "target_provision_state": null, - "target_raid_config": null, - "traits": null, - "updated_at": null, - "vendor_interface": null - } - } - ], - "changed": true, - "failed_nodes": [], - "passed_nodes": [ - "af7e758c-d5d0-4cd6-9f60-efbabf5a7788", - "c0a4aa96-742d-40be-b594-f940856dfae7", - "72176c3a-cfcb-4d82-927d-92b1d3f46716" - ] - } -''' # noqa - -EXAMPLES = ''' -# Invoke node inspection -- os_baremetal_provide_node: - cloud: undercloud - node_uuid: - - 0593c323-ad62-4ce9-b431-3c322827a428 - -- os_baremetal_provide_node: - cloud: undercloud - failfast: False - node_name: - - baremetal-85-3 - -''' -import yaml -from openstack.exceptions import ResourceNotFound, ResourceFailure, ResourceTimeout -from openstack.utils import iterate_timeout - -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - - -def get_info_nodes(nodes_wait, msg, result, client): - for node in nodes_wait: - node_info = client.get_node( - node, - fields=['provision_state', 'last_error'] - ).to_dict() - state = node_info['provision_state'] - if state == 'available': - result.update({node: { - 'msg': 'Successful providing for node %s' % node, - 'failed': False, - 'error': '', - 'info': node_info, - }}) - else: - result.update({node: { - 'msg': 'Failed providing for node %s: %s' % ( - node, - node_info['last_error'] or 'state %s' % state), - 'failed': True, - 'info': node_info, - }}) - - return result, msg - - -def wait_for_unlocked(client, node, timeout): - timeout_msg = 'Timeout waiting for node %s to be unlocked' % node - for count in iterate_timeout(timeout, timeout_msg): - node_info = client.get_node( - node, - fields=['reservation'] - ).to_dict() - if node_info['reservation'] is None: - return - - -def wait_for_bridge_mapping(conn, node): - client = conn.network - - # (bshephar) We need to use the node UUID rather than the name when we - # check for the Neutron agents: - # https://bugs.launchpad.net/tripleo/+bug/1966155 - node_id = conn.baremetal.find_node(node, ignore_missing=False).id - - timeout_msg = ('Timeout waiting for node %s to have bridge_mappings ' - 'set in the ironic-neutron-agent entry' % node) - # default agent polling period is 30s, so wait 60s - timeout = 60 - for count in iterate_timeout(timeout, timeout_msg): - agents = list(client.agents(host=node_id, binary='ironic-neutron-agent')) - if agents: - if agents[0].configuration.get('bridge_mappings'): - return - - -def parallel_nodes_providing(conn, module): - client = conn.baremetal - node_timeout = module.params['timeout'] - wait_for_bridge_mappings = module.params['wait_for_bridge_mappings'] - nodes = list(set(module.params['node_uuid'] + module.params['node_name'])) - result = {} - nodes_wait = nodes[:] - for node in nodes: - try: - wait_for_unlocked(client, node, node_timeout) - - if wait_for_bridge_mappings: - wait_for_bridge_mapping(conn, node) - - client.set_node_provision_state( - node, - "provide", - wait=False) - except Exception as e: - nodes_wait.remove(node) - result.update({node: { - 'msg': 'Can not start providing for node %s: %s' % ( - node, str(e)), - 'failed': True, - 'info': {} - }}) - if module.params['failfast']: - return get_info_nodes( - nodes_wait, - msg="Failed providing nodes because of: %s" % str(e), - result=result, client=client) - - try: - client.wait_for_nodes_provision_state( - nodes=nodes_wait, - expected_state='available', - timeout=node_timeout, - abort_on_failed_state=module.params['failfast'], - # fail=False # use it when new openstacksdk is available - ) - except ResourceFailure as e: - return get_info_nodes(nodes_wait, - msg="Failed providing nodes because of failure: " - "%s" % str(e), - result=result, client=client) - except ResourceTimeout as e: - return get_info_nodes(nodes_wait, - msg="Failed providing nodes because of timeout: " - "%s" % str(e), - result=result, client=client) - else: - return get_info_nodes(nodes_wait, msg="", result=result, client=client) - - -def main(): - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - module_kwargs = openstack_module_kwargs() - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **module_kwargs - ) - if not module.params['node_uuid'] and not module.params['node_name']: - module.fail_json(msg="Provide either UUID or names of nodes!") - sdk, cloud = openstack_cloud_from_module(module) - - try: - result, msg = parallel_nodes_providing(cloud, module) - module_results = {"changed": True} - failed_nodes = [k for k, v in result.items() if v['failed']] - passed_nodes = [k for k, v in result.items() if not v['failed']] - infos = [{k: v['info']} for k, v in result.items()] - all_errors = "\n".join( - [msg] + [v['msg'] for k, v in result.items() if v['failed']]) - failed = len(failed_nodes) - if failed > 0: - message = ("Providing completed with failures. %s node(s) failed." - "Errors: %s" - % (failed, all_errors)) - module_results.update({'failed': True}) - else: - message = "Providing completed successfully: %s nodes" % len( - module.params["node_uuid"]) - module_results.update({ - "baremetal_data": infos if not module.params['quiet'] else {}, - "failed_nodes": failed_nodes, - "passed_nodes": passed_nodes, - "msg": message - }) - module.exit_json(**module_results) - - except sdk.exceptions.OpenStackCloudException as e: - module.fail_json(msg=str(e)) - - -if __name__ == "__main__": - main() diff --git a/tripleo_ansible/ansible_plugins/modules/os_tripleo_baremetal_node_introspection.py b/tripleo_ansible/ansible_plugins/modules/os_tripleo_baremetal_node_introspection.py deleted file mode 100644 index 1207e81a8..000000000 --- a/tripleo_ansible/ansible_plugins/modules/os_tripleo_baremetal_node_introspection.py +++ /dev/null @@ -1,355 +0,0 @@ -# Copyright (c) 2019 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from concurrent import futures -import io -import logging -import yaml - -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - -LOG = logging.getLogger('os_tripleo_baremetal_node_introspection') - -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} - - -DOCUMENTATION = ''' ---- -module: os_tripleo_baremetal_node_introspection -short_description: Introspect Ironic nodes -extends_documentation_fragment: openstack -author: - - "Dougal Matthews" - - "Sagi Shnaidman" -version_added: "2.10" -description: - - Requests Ironic for nodes info. -options: - node_uuids: - description: - - node_uuids - type: list - required: True - concurrency: - description: - - concurrency - type: int - default: 20 - max_retries: - description: - - max_retries - type: int - default: 2 - node_timeout: - description: - - node_timeout - type: int - default: 1200 - retry_timeout: - description: - - How much time to wait for node to be unlocked before introspection - retry - type: int - default: 120 - quiet: - description: - - Don't provide instrospection info in output of the module - type: bool - default: False - log_level: - description: - - Set the logging level for the log which is available in the - returned 'logging' result. - default: info - choices: - - debug - - info - - warning - - error -''' - -RETURN = ''' -introspection_data: - description: Dictionary of new facts representing introspection data of - nodes. - returned: changed - type: dict - sample: { - "400b3cd0-d134-417b-8f0e-63e273e01e5a": { - "failed": false, - "retries": 0, - "status": { - "error": null, - "finished_at": "2019-11-22T01:09:07", - "id": "400b3cd0-d134-417b-8f0e-63e273e01e5a", - "is_finished": true, - "links": [ - { - "href": "http://192.168.24.2:13050 .... ", - "rel": "self" - } - ], - "location": { - "cloud": "undercloud", - "project": { - "domain_id": null, - "domain_name": "Default", - "id": "......", - "name": "admin" - }, - "region_name": "regionOne", - "zone": null - }, - "name": null, - "started_at": "2019-11-22T01:07:32", - "state": "finished" - } - } - } -''' - -EXAMPLES = ''' -# Invoke node introspection - -- os_tripleo_baremetal_node_introspection: - node_uuids: - - uuid1 - - uuid2 - concurrency: 10 - max_retries: 1 - node_timeout: 1000 - -''' - -BASE_LOG_MAP = { - 'debug': logging.DEBUG, - 'info': logging.INFO, - 'warning': logging.WARNING, - 'error': logging.ERROR -} - - -def _configure_logging(log_level): - log_fmt = ('%(asctime)s %(levelname)s %(name)s: %(message)s') - urllib_level = logging.CRITICAL - - log_stream = io.StringIO() - handler = logging.StreamHandler(log_stream) - logging.basicConfig(level=BASE_LOG_MAP[log_level], format=log_fmt, - handlers=[handler]) - logging.getLogger('urllib3.connectionpool').setLevel(urllib_level) - return log_stream - - -def introspect(cloud, node_uuids, node_timeout, retry_timeout, max_retries, - concurrency, fetch_data): - result = {} - if not node_uuids: - return result - introspect_jobs = [] - - with futures.ThreadPoolExecutor(max_workers=concurrency) as p: - for node_uuid in node_uuids: - introspect_jobs.append(p.submit( - introspect_node, cloud, node_uuid, - node_timeout, retry_timeout, max_retries, fetch_data - )) - for job in futures.as_completed(introspect_jobs): - e = job.exception() - if e: - # This should not happen, but handle it anyway - result[node_uuid] = { - "error": str(e), - "failed": True, - "status": 'failed' - } - LOG.error('Unexpected error: %s', e) - else: - result[node_uuid] = job.result() - return result - - -def introspect_node(cloud, node_uuid, node_timeout, retry_timeout, - max_retries, fetch_data): - last_error = None - attempt = 0 - status = '' - - while attempt <= max_retries: - attempt += 1 - - node = cloud.baremetal.get_node(node_uuid) - - # Put into required state for attempt - LOG.info("Preparing for attempt %s for node: %s", attempt, node_uuid) - node = prepare_for_attempt(cloud, node, node_timeout, retry_timeout) - - try: - - # Start introspection - LOG.info("Introspecting node: %s", node_uuid) - node = cloud.baremetal.set_node_provision_state( - node, 'inspect', wait=True, timeout=node_timeout) - - if node.power_state != 'power off': - # power off the node - LOG.info('Power off node: %s', node_uuid) - cloud.baremetal.set_node_power_state( - node, 'power off', wait=True, timeout=node_timeout - ) - - if fetch_data: - # Get the introspection data for the result - LOG.info("Fetching introspection data: %s", node_uuid) - status = cloud.baremetal_introspection.get_introspection_data( - node_uuid) - - LOG.info("Introspecting node complete: %s", node_uuid) - # Success - return { - 'status': status, - 'failed': False, - 'error': None - } - except Exception as e: - last_error = str(e) - LOG.error("Introspection of node %s failed on attempt %s: " - "%s", node_uuid, attempt, last_error) - - message = 'unknown error' - # All attempts failed, fetch node to get the reason - try: - node = cloud.baremetal.get_node(node_uuid) - message = node.last_error - status = node.provision_state - except Exception: - if last_error: - # Couldn't fetch the node, use the last exception message instead - message = last_error - - return { - "error": "Error for introspection node %s on attempt %s: %s " % - (node_uuid, attempt, message), - "failed": True, - "status": status - } - - -def prepare_for_attempt(cloud, node, node_timeout, retry_timeout): - - if node.provision_state not in ('manageable', 'inspect failed'): - # Attempt to abort any existing introspection - try: - LOG.info('Node in state "%s", calling abort: %s', - node.provision_state, node.id) - node = cloud.baremetal.set_node_provision_state( - node, 'abort', wait=True, timeout=node_timeout) - except Exception as e: - LOG.warning("Abort introspection of node %s failed: %s", - node.id, str(e)) - - if node.power_state != 'power off': - # Attempt to power off the node - try: - LOG.info('Power off node: %s', node.id) - cloud.baremetal.set_node_power_state( - node, 'power off', wait=True, timeout=node_timeout - ) - except Exception as e: - LOG.warning("Power off of node %s failed: %s", - node.id, str(e)) - - if node.reservation: - # Wait until node is unlocked - try: - node = cloud.baremetal.wait_for_node_reservation( - node, timeout=retry_timeout) - except Exception as e: - LOG.warning("Waiting for node unlock %s failed: %s", - node.id, str(e)) - return node - - -def main(): - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - module_kwargs = openstack_module_kwargs() - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **module_kwargs - ) - log_stream = _configure_logging(module.params['log_level']) - sdk, cloud = openstack_cloud_from_module(module) - quiet = module.params['quiet'] - failed_nodes = [] - passed_nodes = [] - try: - result = introspect( - cloud, - node_uuids=module.params["node_uuids"], - node_timeout=module.params["node_timeout"], - retry_timeout=module.params["retry_timeout"], - max_retries=module.params["max_retries"], - concurrency=module.params["concurrency"], - fetch_data=not quiet) - except Exception as e: - # This should not happen, but handle it anyway - LOG.error('Unexpected error: %s', e) - module.fail_json( - msg=str(e), - failed_nodes=module.params["node_uuids"], - passed_nodes=[], - logging=log_stream.getvalue().split('\n') - ) - - for node_uuid, result in result.items(): - if result['failed']: - failed_nodes.append(node_uuid) - else: - passed_nodes.append(node_uuid) - - failed = len(failed_nodes) - - if failed > 0: - message = ("Introspection completed with failures. %s node(s) failed." - % failed) - module.log("os_tripleo_baremetal_node_introspection ERROR %s" % - message) - else: - message = "Introspection completed successfully: %s nodes" % len( - passed_nodes) - module.log("os_tripleo_baremetal_node_introspection INFO %s" % - message) - - module.exit_json( - changed=True, - failed=failed > 0, - introspection_data=result if not quiet else {}, - failed_nodes=failed_nodes, - passed_nodes=passed_nodes, - msg=message, - logging=log_stream.getvalue().split('\n') - ) - - -if __name__ == "__main__": - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_baremetal_check_existing.py b/tripleo_ansible/ansible_plugins/modules/tripleo_baremetal_check_existing.py deleted file mode 100644 index 3539d90c0..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_baremetal_check_existing.py +++ /dev/null @@ -1,158 +0,0 @@ -#!/usr/bin/python -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -from ansible.module_utils import baremetal_deploy as bd -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs - -import keystoneauth1 -import metalsmith - -import yaml - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - - -DOCUMENTATION = ''' ---- -module: tripleo_baremetal_check_existing -short_description: Given a list of instances, build a list of found and - not found instances -version_added: "2.9" -author: "Steve Baker (@stevebaker)" -description: - - Takes a baremetal deployment description of roles and node instances - and transforms that into an instance list and a heat environment file - for deployed-server. -options: - instances: - description: - - List of instances to be filtered into found and not found. - Only the name and hostname are used for finding. - required: true - type: list - elements: dict -''' - -RETURN = ''' -instances: - description: List of instances which actually exist - returned: changed - type: list - sample: [ - { - "hostname": "overcloud-controller-0", - "image": { - "href": "overcloud-full" - } - }, - { - "hostname": "overcloud-controller-1", - "image": { - "href": "overcloud-full" - } - } - ] -not_found: - description: List of instances which were not found - returned: changed - type: list - sample: [ - { - "hostname": "overcloud-controller-2", - "image": { - "href": "overcloud-full" - } - } - ] -''' - -EXAMPLES = ''' -- name: Find existing instances - tripleo_baremetal_check_existing: - instances: - - name: node-1 - hostname: overcloud-controller-0 - - name: node-2 - hostname: overcloud-novacompute-0 - register: tripleo_baremetal_existing -''' - - -def main(): - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - module_kwargs = openstack_module_kwargs() - module = AnsibleModule( - argument_spec=argument_spec, - supports_check_mode=False, - **module_kwargs - ) - - sdk, cloud = openstack_cloud_from_module(module) - provisioner = metalsmith.Provisioner(cloud_region=cloud.config) - - try: - msg = '' - - try: - baremetal = cloud.baremetal - except keystoneauth1.exceptions.catalog.EndpointNotFound as exc: - msg += str(exc) - baremetal = None - - found, not_found, pre_provisioned = bd.check_existing( - instances=module.params['instances'], - provisioner=provisioner, - baremetal=baremetal - ) - if found: - msg += ('Found existing instances: %s. ' - % ', '.join([i.uuid for i in found])) - if not_found: - msg += ('Instance(s) %s do not exist. ' - % ', '.join(r['hostname'] for r in not_found)) - if pre_provisioned: - msg += ('Instance(s) %s are pre-provisioned. ' - % ', '.join(r['hostname'] for r in pre_provisioned)) - - instances = [{ - 'name': i.node.name or i.uuid, - 'hostname': i.hostname, - 'id': i.uuid, - } for i in found] - module.exit_json( - changed=False, - msg=msg, - instances=instances, - not_found=not_found, - pre_provisioned=pre_provisioned - ) - except Exception as e: - module.fail_json(msg=str(e)) - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_baremetal_expand_roles.py b/tripleo_ansible/ansible_plugins/modules/tripleo_baremetal_expand_roles.py deleted file mode 100644 index 142532603..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_baremetal_expand_roles.py +++ /dev/null @@ -1,258 +0,0 @@ -#!/usr/bin/python -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -from ansible.module_utils import baremetal_deploy as bd -from ansible.module_utils.basic import AnsibleModule - -import yaml - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - - -DOCUMENTATION = ''' ---- -module: tripleo_baremetal_expand_roles -short_description: Manage baremetal nodes with metalsmith -version_added: "2.9" -author: "Steve Baker (@stevebaker)" -description: - - Takes a baremetal deployment description of roles and node instances - and transforms that into an instance list and a heat environment file - for deployed-server. -options: - stack_name: - description: - - Name of the overcloud stack which will be deployed on these instances - default: overcloud - state: - description: - - Build instance list for the desired provision state, "present" to - provision, "absent" to unprovision, "all" for a combination of - "present" and "absent". - default: present - choices: - - present - - absent - - all - baremetal_deployment: - description: - - Data describing roles and baremetal node instances to provision for - those roles - type: list - elements: dict - suboptions: - name: - description: - - Mandatory role name - type: str - required: True - hostname_format: - description: - - Overrides the default hostname format for this role. - The default format uses the lower case role name. - For example, the default format for the Controller role is - %stackname%-controller-%index%. Only the Compute role does not - follow the role name rule. The Compute default format is - %stackname%-novacompute-%index% - type: str - count: - description: - - Number of instances to create for this role. - type: int - default: 1 - defaults: - description: - - A dictionary of default values for instances entry properties. - An instances entry property overrides any defaults that you specify - in the defaults parameter. - type: dict - instances: - description: - - Values that you can use to specify attributes for specific nodes. - The length of this list must not be greater than the value of the - count parameter. - type: list - elements: dict - default_network: - description: - - Default nics entry when none are specified - type: list - suboptions: dict - default: - - network: ctlplane - vif: true - default_image: - description: - - Default image - type: dict - default: - href: overcloud-full - ssh_public_keys: - description: - - SSH public keys to load - type: str - user_name: - description: - - Name of the admin user to create - type: str -''' - -RETURN = ''' -instances: - description: Expanded list of instances to perform actions on - returned: changed - type: list - sample: [ - { - "hostname": "overcloud-controller-0", - "image": { - "href": "overcloud-full" - } - }, - { - "hostname": "overcloud-controller-1", - "image": { - "href": "overcloud-full" - } - }, - { - "hostname": "overcloud-controller-2", - "image": { - "href": "overcloud-full" - } - }, - { - "hostname": "overcloud-novacompute-0", - "image": { - "href": "overcloud-full" - } - }, - { - "hostname": "overcloud-novacompute-1", - "image": { - "href": "overcloud-full" - } - }, - { - "hostname": "overcloud-novacompute-2", - "image": { - "href": "overcloud-full" - } - } - ] -environment: - description: Heat environment data to be used with the overcloud deploy. - This is only a partial environment, further changes are - required once instance changes have been made. - returned: changed - type: dict - sample: { - "parameter_defaults": { - "ComputeDeployedServerCount": 3, - "ComputeDeployedServerHostnameFormat": "%stackname%-novacompute-%index%", - "ControllerDeployedServerCount": 3, - "ControllerDeployedServerHostnameFormat": "%stackname%-controller-%index%", - "HostnameMap": { - "overcloud-controller-0": "overcloud-controller-0", - "overcloud-controller-1": "overcloud-controller-1", - "overcloud-controller-2": "overcloud-controller-2", - "overcloud-novacompute-0": "overcloud-novacompute-0", - "overcloud-novacompute-1": "overcloud-novacompute-1", - "overcloud-novacompute-2": "overcloud-novacompute-2" - } - } - } -''' # noqa - -EXAMPLES = ''' -- name: Expand roles - tripleo_baremetal_expand_roles: - baremetal_deployment: - - name: Controller - count: 3 - defaults: - image: - href: overcloud-full - networks: [] - - name: Compute - count: 3 - defaults: - image: - href: overcloud-full - networks: [] - state: present - stack_name: overcloud - register: tripleo_baremetal_instances -''' - - -def main(): - argument_spec = yaml.safe_load(DOCUMENTATION)['options'] - module = AnsibleModule( - argument_spec=argument_spec, - supports_check_mode=False, - ) - - state = module.params['state'] - - try: - if state in ('present', 'all'): - present, env, role_net_map, hostname_role_map = bd.expand( - roles=module.params['baremetal_deployment'], - stack_name=module.params['stack_name'], - expand_provisioned=True, - default_image=module.params['default_image'], - default_network=module.params['default_network'], - user_name=module.params['user_name'], - ssh_public_keys=module.params['ssh_public_keys'], - ) - if state in ('absent', 'all'): - absent, _, _, _ = bd.expand( - roles=module.params['baremetal_deployment'], - stack_name=module.params['stack_name'], - expand_provisioned=False, - default_image=module.params['default_image'], - ) - env = {} - role_net_map = {} - hostname_role_map = {} - if state == 'present': - instances = present - elif state == 'absent': - instances = absent - elif state == 'all': - instances = present + absent - - module.exit_json( - changed=True, - msg='Expanded to %d instances' % len(instances), - instances=instances, - environment=env, - role_net_map=role_net_map, - hostname_role_map=hostname_role_map, - ) - except Exception as e: - module.fail_json(msg=str(e)) - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_baremetal_populate_environment.py b/tripleo_ansible/ansible_plugins/modules/tripleo_baremetal_populate_environment.py deleted file mode 100644 index 568364d1d..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_baremetal_populate_environment.py +++ /dev/null @@ -1,137 +0,0 @@ -#!/usr/bin/python -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -from ansible.module_utils import baremetal_deploy as bd -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs - -import metalsmith - -import yaml - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - - -DOCUMENTATION = ''' ---- -module: tripleo_baremetal_populate_environment -short_description: Add parameters to a heat environment with instance data -version_added: "2.9" -author: "Steve Baker (@stevebaker)" -description: - - Takes a list of existing instances and a heat environment file - and appends to that environment with instance-specific parameters such - as the port map. -options: - instances: - description: - - List of instance uuids to use for building the environment. - required: true - type: list - elements: dict - suboptions: - id: - description - - Node UUID to look up node details - type: str - environment: - description: - - Existing heat environment data to add to - type: dict - default: {} - ctlplane_network: - description: - - Name of control plane network - default: ctlplane - templates: - description: - - The path to tripleo-heat-templates root directory - type: path - default: /usr/share/openstack-tripleo-heat-templates -''' - -RETURN = ''' -environment: - description: Heat environment data to be used with the overcloud deploy. - This is only a partial environment, further changes are - required once instance changes have been made. - returned: changed - type: dict - sample: { - "parameter_defaults": { - "ComputeDeployedServerCount": 3, - "ComputeDeployedServerHostnameFormat": "%stackname%-novacompute-%index%", - "ControllerDeployedServerCount": 3, - "ControllerDeployedServerHostnameFormat": "%stackname%-controller-%index%", - "DeployedServerPortMap": {} - "HostnameMap": { - "overcloud-controller-0": "overcloud-controller-0", - "overcloud-controller-1": "overcloud-controller-1", - "overcloud-controller-2": "overcloud-controller-2", - "overcloud-novacompute-0": "overcloud-novacompute-0", - "overcloud-novacompute-1": "overcloud-novacompute-1", - "overcloud-novacompute-2": "overcloud-novacompute-2" - } - }, - "resource_registry": { - "OS::TripleO::DeployedServer::ControlPlanePort": "/usr/share/openstack-tripleo-heat-templates/deployed-server/deployed-neutron-port.yaml" - } - } -''' # noqa - - -def main(): - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - module_kwargs = openstack_module_kwargs() - module = AnsibleModule( - argument_spec=argument_spec, - supports_check_mode=False, - **module_kwargs - ) - - sdk, cloud = openstack_cloud_from_module(module) - provisioner = metalsmith.Provisioner(cloud_region=cloud.config) - - instance_uuids = [i['id'] for i in module.params['instances']] - - try: - env = bd.populate_environment( - instance_uuids=instance_uuids, - provisioner=provisioner, - environment=module.params['environment'], - ctlplane_network=module.params['ctlplane_network'], - templates=module.params['templates'] - ) - module.exit_json( - changed=False, - environment=env - ) - except Exception as e: - module.fail_json(msg=str(e)) - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_build_heat_environment.py b/tripleo_ansible/ansible_plugins/modules/tripleo_build_heat_environment.py deleted file mode 100644 index 892b0dec5..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_build_heat_environment.py +++ /dev/null @@ -1,91 +0,0 @@ -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -import yaml - -from ansible.module_utils import tripleo_common_utils as tc -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - -from heatclient.common import template_utils - -DOCUMENTATION = """ ---- -module: tripleo_build_heat_environment -short_description: Build heat stack environment -author: - - "Rabi Mishra (@ramishra)" -version_added: "2.10" -description: - - Builds heat stack environment from environment files. -options: - container: - description: - - Name of plan / container - type: str - env_files: - description: - - List of environment files and directories - type: list - default: [] -requirements: ["tripleo-common"] -""" - -EXAMPLES = """ -- name: Build heat environment - tripleo_build_heat_environment: - container: overcloud - env_files: [] -""" - - -def main(): - result = dict( - success=False, - changed=False, - error=None, - environment={} - ) - module = AnsibleModule( - openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ), - **openstack_module_kwargs() - ) - container = module.params.get('container') - env_files = module.params.get('env_files') - try: - if container: - _, conn = openstack_cloud_from_module(module) - tripleo = tc.TripleOCommon(session=conn.session) - heat = tripleo.get_orchestration_client() - env = heat.environment(container) - else: - _, env = template_utils.process_multiple_environments_and_files( - env_paths=env_files) - result['environment'] = env - result['changed'] = True - result['success'] = True - except Exception as ex: - result['error'] = str(ex) - result['msg'] = 'Error buiding environment: {}'.format( - ex) - module.fail_json(**result) - - module.exit_json(**result) - - -if __name__ == "__main__": - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_composable_network.py b/tripleo_ansible/ansible_plugins/modules/tripleo_composable_network.py deleted file mode 100644 index cd0489070..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_composable_network.py +++ /dev/null @@ -1,487 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2020 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import yaml - -try: - from ansible.module_utils import network_data_v2 -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils import network_data_v2 -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_composable_network - -short_description: Create a TripleO Composable network - -version_added: "2.8" - -description: - - Create a TripleO Composable network, a network, - one or more segments and one or more subnets - -options: - net_data: - description: - - Structure describing a TripleO composable network - type: dict - idx: - description: - - TripleO network index number - type: int -author: - - Harald Jensås -''' - -RETURN = ''' -''' - -EXAMPLES = ''' -- name: Create composable networks - default_network: - description: - - Default control plane network - type: string - default: ctlplane - tripleo_composable_network: - net_data: - name: Storage - name_lower: storage - dns_domain: storage.localdomain. - mtu: 1442 - subnets: - storage_subnet: - ip_subnet: 172.18.0.0/24 - gateway_ip: 172.18.0.254 - allocation_pools: - - start: 172.18.0.10 - end: 172.18.0.250 - routes: - - destination: 172.18.1.0/24 - nexthop: 172.18.0.254 - vip: true - vlan: 20 - storage_leaf1: - ip_subnet: 172.18.1.0/24 - gateway_ip: 172.18.1.254 - allocation_pools: - - start: 172.18.1.10 - end: 172.18.1.250 - routes: - - destination: 172.18.0.0/24 - nexthop: 172.18.1.254 - vip: false - vlan: 21 - idx: 1 -''' - -DEFAULT_NETWORK = 'ctlplane' -DEFAULT_ADMIN_STATE = False -DEFAULT_SHARED = False -DEFAULT_DOMAIN = 'localdomain.' -DEFAULT_NETWORK_TYPE = 'flat' -DEFAULT_MTU = 1500 -DEFAULT_VLAN_ID = 1 - - -def get_overcloud_domain_name(conn, default_network): - network = conn.network.find_network(default_network) - if network is not None and network.dns_domain: - return network.dns_domain.partition('.')[-1] - else: - return DEFAULT_DOMAIN - - -def build_network_tag_field(net_data, idx): - tags = ['='.join(['tripleo_network_name', net_data['name']]), - '='.join(['tripleo_net_idx', str(idx)])] - service_net_map_replace = net_data.get('service_net_map_replace') - vip = net_data.get('vip') - if service_net_map_replace: - tags.append('='.join(['tripleo_service_net_map_replace', - service_net_map_replace])) - if vip: - tags.append('='.join(['tripleo_vip', 'true'])) - - return tags - - -def build_subnet_tag_field(subnet_data): - tags = [] - vlan_id = subnet_data.get('vlan') - vlan_id = str(vlan_id) if vlan_id is not None else str(DEFAULT_VLAN_ID) - tags.append('='.join(['tripleo_vlan_id', vlan_id])) - - return tags - - -def create_net_spec(net_data, overcloud_domain_name, idx): - name_lower = net_data.get('name_lower', net_data['name'].lower()) - net_spec = { - 'admin_state_up': net_data.get('admin_state_up', DEFAULT_ADMIN_STATE), - 'dns_domain': net_data.get( - 'dns_domain', '.'.join([net_data['name'].lower(), - overcloud_domain_name]) - ), - 'mtu': net_data.get('mtu', DEFAULT_MTU), - 'name': name_lower, - 'shared': net_data.get('shared', DEFAULT_SHARED), - 'provider:physical_network': name_lower, - 'provider:network_type': DEFAULT_NETWORK_TYPE, - } - - net_spec.update({'tags': build_network_tag_field(net_data, idx)}) - - return net_spec - - -def validate_network_update(module, network, net_spec): - # Fail if updating read-only attributes - if (network.provider_network_type != net_spec.pop( - 'provider:network_type') - and network.provider_network_type is not None): - module.fail_json( - msg='Cannot update provider:network_type in existing network') - # NOTE(hjensas): When a network have multiple segments, - # attributes provider:network_type, provider:physical_network is None - # for the network. - if (net_spec.pop('provider:physical_network') - not in [network.provider_physical_network, net_spec['name']] - and network.provider_physical_network is not None): - module.fail_json( - msg='Cannot update provider:physical_network in existing network') - - # Remove fields that don't need update from spec - if network.is_admin_state_up == net_spec['admin_state_up']: - net_spec.pop('admin_state_up') - if network.dns_domain == net_spec['dns_domain']: - net_spec.pop('dns_domain') - if network.mtu == net_spec['mtu']: - net_spec.pop('mtu') - if network.name == net_spec['name']: - net_spec.pop('name') - if network.is_shared == net_spec['shared']: - net_spec.pop('shared') - - return net_spec - - -def create_or_update_network(conn, module, net_spec): - changed = False - - # Need to use set_tags for the tags ... - tags = net_spec.pop('tags') - - network = conn.network.find_network(net_spec['name']) - if not network: - network = conn.network.create_network(**net_spec) - changed = True - else: - net_spec = validate_network_update(module, network, net_spec) - if net_spec: - network = conn.network.update_network(network.id, **net_spec) - changed = True - - if network.tags != tags: - conn.network.set_tags(network, tags) - changed = True - - return changed, network - - -def create_segment_spec(net_id, net_name, subnet_name, physical_network=None): - name = '_'.join([net_name, subnet_name]) - if physical_network is None: - physical_network = name - else: - physical_network = physical_network - - return {'network_id': net_id, - 'physical_network': physical_network, - 'name': name, - 'network_type': DEFAULT_NETWORK_TYPE} - - -def validate_segment_update(module, segment, segment_spec): - # Fail if updating read-only attributes - if segment.network_id != segment_spec.pop('network_id'): - module.fail_json( - msg='Cannot update network_id in existing segment') - if segment.network_type != segment_spec.pop('network_type'): - module.fail_json( - msg='Cannot update network_type in existing segment') - if segment.physical_network != segment_spec.pop('physical_network'): - module.fail_json( - msg='Cannot update physical_network in existing segment') - - # Remove fields that don't need update from spec - if segment.name == segment_spec['name']: - segment_spec.pop('name') - - return segment_spec - - -def create_or_update_segment(conn, module, segment_spec, segment_id=None): - changed = False - - if segment_id: - segment = conn.network.find_segment(segment_id) - else: - segment = conn.network.find_segment( - segment_spec['name'], network_id=segment_spec['network_id']) - - if not segment: - segment = conn.network.create_segment(**segment_spec) - changed = True - else: - segment_spec = validate_segment_update(module, segment, segment_spec) - if segment_spec: - segment = conn.network.update_segment(segment.id, **segment_spec) - changed = True - - return changed, segment - - -def create_subnet_spec(net_id, name, subnet_data, - ipv6_enabled=False): - tags = build_subnet_tag_field(subnet_data) - subnet_v4_spec = None - subnet_v6_spec = None - if not ipv6_enabled and subnet_data.get('ip_subnet'): - subnet_v4_spec = { - 'ip_version': 4, - 'name': name, - 'network_id': net_id, - 'enable_dhcp': subnet_data.get('enable_dhcp', False), - 'gateway_ip': subnet_data.get('gateway_ip', None), - 'cidr': subnet_data['ip_subnet'], - 'allocation_pools': subnet_data.get('allocation_pools', []), - 'host_routes': subnet_data.get('routes', []), - 'tags': tags, - } - if ipv6_enabled and subnet_data.get('ipv6_subnet'): - subnet_v6_spec = { - 'ip_version': 6, - 'name': name, - 'network_id': net_id, - 'enable_dhcp': subnet_data.get('enable_dhcp', False), - 'gateway_ip': subnet_data.get('gateway_ipv6', None), - 'cidr': subnet_data['ipv6_subnet'], - 'allocation_pools': subnet_data.get('ipv6_allocation_pools', []), - 'host_routes': subnet_data.get('routes_ipv6', []), - 'tags': tags, - } - if 'ipv6_address_mode' in subnet_data: - subnet_v6_spec[ - 'ipv6_address_mode'] = subnet_data['ipv6_address_mode'] - if 'ipv6_ra_mode' in subnet_data: - subnet_v6_spec['ipv6_ra_mode'] = subnet_data['ipv6_ra_mode'] - - return subnet_v4_spec, subnet_v6_spec - - -def validate_subnet_update(module, subnet, subnet_spec): - - # Fail if updating read-only attributes - if subnet.ip_version != subnet_spec.pop('ip_version'): - module.fail_json( - msg='Cannot update ip_version in existing subnet') - if subnet.network_id != subnet_spec.pop('network_id'): - module.fail_json( - msg='Cannot update network_id in existing subnet') - if subnet.cidr != subnet_spec.pop('cidr'): - module.fail_json( - msg='Cannot update cidr in existing subnet') - segment_id = subnet_spec.pop('segment_id') - if subnet.segment_id != segment_id: - module.fail_json( - msg='Cannot update segment_id in existing subnet, ' - 'Current segment_id: {} Update segment_id: {}'.format( - subnet.segment_id, segment_id)) - - # Remove fields that don't need update from spec - if subnet.name == subnet_spec['name']: - subnet_spec.pop('name') - if subnet.is_dhcp_enabled == subnet_spec['enable_dhcp']: - subnet_spec.pop('enable_dhcp') - if subnet.ipv6_address_mode == subnet_spec.get('ipv6_address_mode'): - try: - subnet_spec.pop('ipv6_address_mode') - except KeyError: - pass - if subnet.ipv6_ra_mode == subnet_spec.get('ipv6_ra_mode'): - try: - subnet_spec.pop('ipv6_ra_mode') - except KeyError: - pass - if subnet.gateway_ip == subnet_spec['gateway_ip']: - subnet_spec.pop('gateway_ip') - if subnet.allocation_pools == subnet_spec['allocation_pools']: - subnet_spec.pop('allocation_pools') - if subnet.host_routes == subnet_spec['host_routes']: - subnet_spec.pop('host_routes') - - return subnet_spec - - -def create_or_update_subnet(conn, module, subnet_spec): - changed = False - # Need to use set_tags for the tags ... - tags = subnet_spec.pop('tags') - - subnet = conn.network.find_subnet(subnet_spec['name'], - ip_version=subnet_spec['ip_version'], - network_id=subnet_spec['network_id']) - if not subnet: - subnet = conn.network.create_subnet(**subnet_spec) - changed = True - else: - subnet_spec = validate_subnet_update(module, subnet, subnet_spec) - if subnet_spec: - subnet = conn.network.update_subnet(subnet.id, **subnet_spec) - changed = True - - if subnet.tags != tags: - conn.network.set_tags(subnet, tags) - changed = True - - return changed - - -def adopt_the_implicit_segment(conn, module, segments, subnets, network): - changed = False - # Check for implicit segment - implicit_segment = [s for s in segments if s['name'] is None] - if not implicit_segment: - return changed - - if len(implicit_segment) > 1: - module.fail_json(msg='Multiple segments with no name attribute exist ' - 'on network {}, unable to reliably adopt the ' - 'implicit segment.'.format(network.id)) - else: - implicit_segment = implicit_segment[0] - - if implicit_segment and subnets: - subnet_associated = [s for s in subnets - if s.segment_id == implicit_segment.id][0] - segment_spec = create_segment_spec( - network.id, network.name, subnet_associated.name, - physical_network=implicit_segment.physical_network) - create_or_update_segment(conn, module, segment_spec, - segment_id=implicit_segment.id) - changed = True - - return changed - elif implicit_segment and not subnets: - conn.network.delete_segment(implicit_segment.id) - changed = True - return changed - - module.fail_json(msg='ERROR: Unable to reliably adopt the implicit ' - 'segment.') - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **openstack_module_kwargs() - ) - - default_network = module.params.get('default_network', DEFAULT_NETWORK) - net_data = module.params['net_data'] - idx = module.params['idx'] - error_messages = network_data_v2.validate_json_schema(net_data) - if error_messages: - module.fail_json(msg='\n\n'.join(error_messages)) - - try: - _, conn = openstack_cloud_from_module(module) - - ipv6_enabled = net_data.get('ipv6', False) - # Create or update the network - net_spec = create_net_spec( - net_data, get_overcloud_domain_name(conn, default_network), idx) - changed, network = create_or_update_network(conn, module, net_spec) - result['changed'] = changed if changed else result['changed'] - - # Get current segments and subnets on the network - segments = list(conn.network.segments(network_id=network.id)) - subnets = list(conn.network.subnets(network_id=network.id)) - - changed = adopt_the_implicit_segment(conn, module, segments, - subnets, network) - result['changed'] = changed if changed else result['changed'] - for subnet_name, subnet_data in net_data.get('subnets', {}).items(): - segment_spec = create_segment_spec( - network.id, network.name, subnet_name, - physical_network=subnet_data.get('physical_network')) - subnet_v4_spec, subnet_v6_spec = create_subnet_spec( - network.id, subnet_name, subnet_data, ipv6_enabled) - - changed, segment = create_or_update_segment( - conn, module, segment_spec) - result['changed'] = changed if changed else result['changed'] - - if subnet_v4_spec: - subnet_v4_spec.update({'segment_id': segment.id}) - changed = create_or_update_subnet(conn, module, subnet_v4_spec) - result['changed'] = changed if changed else result['changed'] - - if subnet_v6_spec: - subnet_v6_spec.update({'segment_id': segment.id}) - changed = create_or_update_subnet(conn, module, subnet_v6_spec) - result['changed'] = changed if changed else result['changed'] - - result['success'] = True - - module.exit_json(**result) - - except Exception as err: - result['error'] = str(err) - result['msg'] = ("Error overcloud network provision failed!") - module.fail_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_config_download.py b/tripleo_ansible/ansible_plugins/modules/tripleo_config_download.py deleted file mode 100644 index e4c4854d4..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_config_download.py +++ /dev/null @@ -1,129 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2018 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import yaml - -from ansible.module_utils import tripleo_common_utils as tc -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - -from tripleo_common.utils import config as ooo_config - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_config_download - -short_description: Download config - -version_added: "2.8" - -description: - - "Download Config." - -options: - plan: - description: - - Overcloud plan name - type: str - default: overcloud - work_dir: - description: - - Work dir - type: str - default: /home/stack/config-download - config_type: - description: - - Config type - type: str - download: - description: - - Download flag - type: bool - default: true -author: - - Rabi Mishra (@ramishra) -''' - -EXAMPLES = ''' -- name: Download config - tripleo_config_download: - plan: overcloud - work_dir: /home/stack/config-downloa -''' - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **openstack_module_kwargs() - ) - - try: - plan = module.params.get('plan') - work_dir = module.params.get('work_dir') - config_type = module.params.get('config_type') - download = module.params.get('download') - - _, conn = openstack_cloud_from_module(module) - tripleo = tc.TripleOCommon(session=conn.session) - - heat = tripleo.get_orchestration_client() - ooo_config.get_overcloud_config( - swift=None, - heat=heat, - container=plan, - config_dir=work_dir, - config_type=config_type, - preserve_config=download) - result['success'] = True - result['changed'] = True - except Exception as err: - result['error'] = str(err) - result['msg'] = ("Error downloading config for %s: %s" % ( - plan, err)) - module.fail_json(**result) - - # in the event of a successful module execution, you will want to - # simple AnsibleModule.exit_json(), passing the key/value results - module.exit_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_container_config_scripts.py b/tripleo_ansible/ansible_plugins/modules/tripleo_container_config_scripts.py deleted file mode 100644 index 22bf9e247..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_container_config_scripts.py +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -import os -import yaml - -from ansible.module_utils.basic import AnsibleModule - -DOCUMENTATION = """ ---- -module: tripleo_container_config_scripts -author: - - "TripleO team" -version_added: '2.9' -short_description: Generate container config scripts -notes: [] -description: - - It will generate the TripleO container config scripts. -requirements: - - None -options: - config_data: - description: - - Content of container_config_scripts.yaml file (must be YAML format) - type: dict - required: true - config_dir: - description: - - Directory where config scripts will be written. - type: str - default: /var/lib/container-config-scripts -""" - -EXAMPLES = """ -- name: Write container config scripts - tripleo_container_config_scripts: - config_data: - container_puppet_apply.sh: - content: "#!/bin/bash\npuppet apply" - mode: "0700" - config_dir: /var/lib/container-config-scripts -""" - - -def main(): - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=True, - ) - results = dict( - changed=False - ) - # parse args - args = module.params - - # Set parameters - config_data = args['config_data'] - config_dir = args['config_dir'] - - if not module.check_mode: - for path, config in config_data.items(): - # this is specific to how the files are written in config-download - mode = config.get('mode', '0600') - config_path = os.path.join(config_dir, path) - with open(config_path, "w") as config_file: - config_file.write(config['content']) - os.chmod(config_path, int(mode, 8)) - results['changed'] = True - - module.exit_json(**results) - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_container_configs.py b/tripleo_ansible/ansible_plugins/modules/tripleo_container_configs.py deleted file mode 100644 index abd932624..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_container_configs.py +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -import json -import os -import yaml - -from ansible.module_utils.basic import AnsibleModule - -DOCUMENTATION = """ ---- -module: tripleo_container_configs -author: - - "TripleO team" -version_added: '2.9' -short_description: Generate Container configs in JSON -notes: [] -description: - - It will generate the Container JSON configs from config-download data in - YAML. -requirements: - - None -options: - config_data: - description: - - Content of kolla_config.yaml file (must be YAML format) - type: dict - required: true -""" - -EXAMPLES = """ -- name: Write container config json files - tripleo_container_configs: - config_data: - /var/lib/kolla/config_files/ceilometer_agent_compute.json: - command: /usr/bin/ceilometer-polling compute - config_files: - - dest: / - merge: true - preserve_properties: true - source: /var/lib/kolla/config_files/src/* - /var/lib/kolla/config_files/ceilometer_agent_notification.json: - command: /usr/bin/ceilometer-agent-notification - config_files: - - dest: / - merge: true - preserve_properties: true - source: /var/lib/kolla/config_files/src/* -""" - - -def main(): - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=True, - ) - results = dict( - changed=False - ) - - # parse args - args = module.params - - # Set parameters - config_data = args['config_data'] - - if not module.check_mode: - for path, config in config_data.items(): - with open(path, "wb") as config_file: - config_file.write(json.dumps(config, indent=2).encode('utf-8')) - os.chmod(path, 0o600) - results['changed'] = True - - module.exit_json(**results) - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_container_image_prepare.py b/tripleo_ansible/ansible_plugins/modules/tripleo_container_image_prepare.py deleted file mode 100644 index 52bb15276..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_container_image_prepare.py +++ /dev/null @@ -1,189 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2018 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import copy -import yaml -import logging -import os - -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs - -from tripleo_common import constants -from tripleo_common.image import image_uploader -from tripleo_common.image import kolla_builder - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_container_image_prepare - -short_description: Container Image Prepare - -version_added: "2.8" - -description: - - "Container Image Prepare." - -options: - roles_data: - description: - - Roles data to filter images - default: [] - type: list - environment: - description: - - Stack environment containing ContainerImagePrepare parameter - type: dict - default: {} - cleanup: - description: - - Cleanup behaviour - type: str - default: full - dry_run: - description: - - Flag for dry run - type: bool - default: false - log_file: - description: - - Log file - type: str - debug: - description: - - Flag to enable debug logging - type: bool - default: false -author: - - Rabi Mishra (@ramishra) -''' - -EXAMPLES = ''' -- name: Container image prepare - tripleo_container_image_prepare: - roles_data: {} - environment: {} - cleanup: full - dry_run: False -''' - - -def setup_logging(log_file, debug): - # Implements own logging - log_format = ('%(asctime)s %(process)d %(levelname)s ' - '%(name)s [ ] %(message)s') - logging.basicConfig( - datefmt='%Y-%m-%d %H:%M:%S', - format=log_format - ) - log = logging.getLogger() - if log_file: - formatter = logging.Formatter(log_format) - fh = logging.FileHandler(filename=log_file) - fh.setFormatter(formatter) - log.addHandler(fh) - if debug: - log_level = logging.DEBUG - else: - log_level = logging.INFO - log.setLevel(log_level) - return log - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - params={} - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **openstack_module_kwargs() - ) - - log_file = module.params.get('log_file') - debug = module.params.get('debug') - if not module.no_log: - log = setup_logging(log_file, debug) - - cleanup = module.params.get('cleanup') - dry_run = module.params.get('dry_run') - if cleanup not in image_uploader.CLEANUP: - raise RuntimeError('--cleanup must be one of: %s' % - ', '.join(image_uploader.CLEANUP)) - - roles_data = module.params.get('roles_data') - env = module.params.get('environment') - try: - params = kolla_builder.container_images_prepare_multi( - env, roles_data, cleanup=cleanup, dry_run=dry_run) - - for role in roles_data: - # NOTE(tkajinam): If a role-specific container image prepare - # parameter is set, run the image prepare process - # with the overridden environment - role_param = '%sContainerImagePrepare' % role['name'] - if env.get('parameter_defaults', {}).get(role_param): - tmp_env = copy.deepcopy(env) - tmp_env['parameter_defaults']['ContainerImagePrepare'] = ( - env['parameter_defaults'][role_param] - ) - - # NOTE(tkajinam): Put the image parameters as role-specific - # parameters - params['%sParameters' % role['name']] = ( - kolla_builder.container_images_prepare_multi( - tmp_env, [role], cleanup=cleanup, dry_run=dry_run) - ) - - if not module.no_log: - output = yaml.safe_dump(params, default_flow_style=False) - log.info(output) - - result['success'] = True - result['changed'] = True - result['params'] = {"parameter_defaults": params} - except Exception as err: - result['error'] = str(err) - result['msg'] = ("Error running container image prepare: %s" % (err)) - module.fail_json(**result) - - # in the event of a successful module execution, you will want to - # simple AnsibleModule.exit_json(), passing the key/value results - module.exit_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_container_manage.py b/tripleo_ansible/ansible_plugins/modules/tripleo_container_manage.py deleted file mode 100644 index 9da656352..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_container_manage.py +++ /dev/null @@ -1,404 +0,0 @@ -#!/usr/bin/python3 -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.parsing.convert_bool import boolean - -import glob -import os -import time -import yaml -import json - -from concurrent.futures import ThreadPoolExecutor - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = """ ---- -module: tripleo_container_manage -author: - - "Alex Schultz (@mwhahaha)" -version_added: '2.9' -short_description: Create containers from a set of json configurations -notes: [] -description: - - Generate puppet containers configs -requirements: - - None -options: - config_id: - description: - - Config id for the label - type: str - required: True - config_dir: - description: - - Path to the json container definitions - type: str - required: True - config_patterns: - description: - - Glob for configuration files - type: str - default: "*.json" - config_overrides: - description: - - Allows to override any container configuration which will take - precedence over the JSON files. - default: {} - required: False - type: dict - log_base_path: - description: - - Log base path directory - type: str - default: '/var/log/containers/stdouts' - concurrency: - description: - - Number of podman actions to run at the same time - type: int - default: 1 - debug: - description: - - Enable debug - type: bool - default: False -""" - -EXAMPLES = """ -- name: Run containers - tripleo_container_manage - config_id: tripleo_step1 - config_dir: /var/lib/tripleo-config/container-startup-config/step_1 -""" - - -from ansible_collections.containers.podman.plugins.module_utils.podman.podman_container_lib import PodmanManager, ARGUMENTS_SPEC_CONTAINER # noqa: F402 - - -class ExecFailure(Exception): - def __init__(self, msg, stdout=None, stderr=None): - super().__init__(msg) - self.msg = msg - self.stdout = stdout - self.stderr = stderr - - def __str__(self): - return f"ERROR: {self.msg}\nstderr: {self.stderr}" - - -class TripleoContainerManage: - """Notes about this module. - - It will generate container config that will be consumed by the - tripleo-container-manage role that is using podman_container module. - """ - - def __init__(self, module, results): - self.module = module - self.results = results - - # parse args - args = self.module.params - - # Set parameters - self.concurrency = args.get('concurrency', 4) - self.config_id = args.get('config_id') - self.config_dir = args.get('config_dir') - self.config_patterns = args.get('config_patterns') - self.config_overrides = args['config_overrides'] - self.log_base_path = args.get('log_base_path') - self.debug = args.get('debug') - - self.run() - - self.module.exit_json(**self.results) - - # container_config_data.py without overrides - def _get_configs(self): - configs = {} - if not os.path.exists(self.config_dir): - self.module.warn('Configuration directory does not exist ' - f'{self.config_dir}') - return configs - - matches = glob.glob(os.path.join(self.config_dir, - self.config_patterns)) - for match in matches: - name = os.path.splitext(os.path.basename(match))[0] - with open(match, 'r') as data: - config = json.loads(data.read()) - if self.debug: - self.module.debug(f'Config found for {name}: {config}') - configs.update({name: config}) - - # handle overrides similar to container_config_data - if self.config_overrides: - for k in self.config_overrides.keys(): - if k in configs: - for mk, mv in self.config_overrides[k].items(): - if self.debug: - self.module.debug(f'Override found for {k}: {mk} ' - f'will be set to {mv}') - configs[k][mk] = mv - return configs - - def _get_version(self): - rc, out, err = self.module.run_command(['podman', b'--version']) - if rc != 0 or not out or 'version' not in out: - self.module.fail_json(msg='Can not determine podman version') - return out.split('versio')[1].strip() - - def _container_opts_defaults(self): - default = {} - opts = ARGUMENTS_SPEC_CONTAINER - for k, v in opts.items(): - if 'default' in v: - default[k] = v['default'] - else: - default[k] = None - return default - - def _container_opts_update(self, container_opts): - opts_dict = self._container_opts_defaults() - aliases = {} - for k, v in ARGUMENTS_SPEC_CONTAINER.items(): - if 'aliases' in v: - for alias in v['aliases']: - aliases[alias] = k - for k in list(container_opts): - if k in aliases: - key = aliases[k] - opts_dict[key] = container_opts[k] - container_opts.pop(k) - opts_dict.update(container_opts) - return opts_dict - - def _container_opts_types(self, container_opts): - # convert data types since magic ansible option conversion doesn't - # occur here. - for k, v in container_opts.items(): - if v is None: - continue - if ARGUMENTS_SPEC_CONTAINER.get(k) is None: - if self.debug: - self.module.debug(f"Container opt '{k}' is unknown") - continue - opt_type = ARGUMENTS_SPEC_CONTAINER.get(k).get('type') - if opt_type in ['raw', 'path']: - continue - if not isinstance(v, eval(opt_type)): - if isinstance(v, str) and opt_type == 'list': - container_opts[k] = [v] - elif isinstance(v, str) and opt_type == 'bool': - container_opts[k] = boolean(v) - elif isinstance(v, str) and opt_type == 'int': - container_opts[k] = int(v) - elif isinstance(v, int) and opt_type == 'str': - container_opts[k] = str(v) - else: - raise TypeError(f"Container {container_opts['name']} " - f"option ({k}, {v}) is not " - f"type {opt_type} is {type(v)}") - return container_opts - - def _list_or_dict_arg(self, data, cmd, key, arg): - """Utility to build a command and its argument with list or dict data. - - The key can be a dictionary or a list, the returned arguments will be - a list where each item is the argument name and the item data. - """ - if key not in data: - return - value = data[key] - if isinstance(value, dict): - for k, v in sorted(value.items()): - if v: - cmd.append(f'{arg}={k}={v}') - elif k: - cmd.append(f'{arg}={k}') - elif isinstance(value, list): - for v in value: - if v: - cmd.append(f'{arg}={v}') - - def check_running_container(self, name, retries=10): - count = 0 - running = False - while not running and count < retries: - cmd = ['podman', 'inspect', name] - rc, out, err = self.module.run_command(cmd) - if rc == 0: - data = json.loads(out)[0] - running = data.get('State', {}).get('Running', False) - if running: - return True - self.module.debug(f"{name} is not running, waiting...") - count = count + 1 - time.sleep(6) - return False - - def exec_container(self, name, config): - # check to see if the container we're going to exec into is running - target_container = config['command'][0] - if not self.check_running_container(target_container): - msg = f"Cannot run {name} because target container is not running {target_container}" - self.module.warn(msg) - return False - - cmd = ['podman', 'exec', f"--user={config.get('user', 'root')}"] - if 'privileged' in config: - cmd.append('--privileged=%s' % str(config['privileged']).lower()) - self._list_or_dict_arg(config, cmd, 'environment', '--env') - cmd.extend(config['command']) - rc, out, err = self.module.run_command(cmd) - if rc != 0: - msg = f"Failure running exec '{name}'. rc={rc}, stdout={out}, stderr={err}" - self.module.warn(msg) - return False - return True - - def manage_container(self, name, config): - opts = { - 'name': name, - 'state': "started", - 'label': { - 'config_id': self.config_id, - 'container_name': name, - 'managed_by': 'tripleo_ansible', - 'config_data': config - }, - 'conmon_pidfile': f"/run/{name}.pid", - 'debug': self.debug, - 'log_driver': 'k8s-file', - 'log_level': 'info', - 'log_opt': {"path": f"{self.log_base_path}/{name}.log"}, - } - opts.update(config) - # do horible things to convert THT format to ansible module format - if 'volumes' in opts: - opts['volume'] = opts.pop('volumes') - if 'environment' in opts: - opts['env'] = opts.pop('environment') - if 'healthcheck' in opts and isinstance(opts['healthcheck'], dict): - opts['healthcheck'] = opts['healthcheck'].get('test', None) - if 'check_interval' in opts: - opts['healthcheck_interval'] = opts.pop('check_interval') - if 'remove' in opts: - opts['rm'] = opts.pop('remove') - if 'restart' in opts: - # NOTE(mwhahaha): converation from tripleo format to podman as - # systemd handles this restart config - opts['restart'] = False - if 'stop_grace_period' in opts: - opts['stop_timeout'] = opts.pop('stop_grace_period') - - success = True - try: - container_opts = self._container_opts_update(opts) - container_opts = self._container_opts_types(container_opts) - PodmanManager(self.module, container_opts).execute() - except ExecFailure as e: - print(e) - self.module.warn(str(e)) - success = False - return success - - def run_container(self, data): - name, config = data - action = config.get('action', 'create') - retries = config.pop('retries', 0) - retry_sleep = config.pop('retry_sleep', 30) - - success = False - while True: - if action == 'exec': - success = self.exec_container(name, config) - else: - success = self.manage_container(name, config) - - if success or retries <= 0: - break - else: - self.module.warn(f'Remaining retries for {name}: {retries}') - retries -= 1 - time.sleep(retry_sleep) - - return (name, success) - - def check_failures(self, results): - failed = [] - for result in results: - name, res = result - if not res: - failed.append(name) - return failed - - def batch_start_order(self, configs): - data = {} - for k in configs: - start_order = configs[k].get('start_order', 0) - if start_order not in data: - data[start_order] = [] - data[start_order].append((k, configs.get(k))) - return data - - def run(self): - configs = self._get_configs() - # sort configs by start_order - # launch containers? - data = self.batch_start_order(configs) - failed = [] - - def exe_fail_json(**kwargs): - raise ExecFailure(**kwargs) - - # NOTE: fix because PodmanManager calls fail_json directly so we want - # to handle those all at once at the end - orig_fail = self.module.fail_json - self.module.fail_json = exe_fail_json - # loop through keys sorted - for start_order in sorted(data.keys()): - with ThreadPoolExecutor(max_workers=self.concurrency) as exc: - results = exc.map(self.run_container, data[start_order]) - failed.extend(self.check_failures(results)) - self.module.fail_json = orig_fail - - if len(failed) > 0: - self.module.fail_json( - msg=f"Failed containers: {', '.join(failed)}") - self.results['changed'] = True - - -def main(): - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=True, - ) - results = dict( - changed=False - ) - TripleoContainerManage(module, results) - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_deploy_artifacts.py b/tripleo_ansible/ansible_plugins/modules/tripleo_deploy_artifacts.py deleted file mode 100644 index 1bc0e166d..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_deploy_artifacts.py +++ /dev/null @@ -1,149 +0,0 @@ -#!/usr/bin/python -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -from ansible.module_utils.basic import AnsibleModule - -import os -import subprocess -import traceback -import urllib.request -import yaml - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - - -DOCUMENTATION = ''' ---- -module: tripleo_deploy_artifacts -short_description: Deploy RPM/tar.gz artifact from a URL on a system -version_added: "2.9" -author: "Alex Schultz (@mwhahaha)" -description: - - Takes a set of urls as inputs, fetches their contents and deploys them - on the system. -options: - artifact_urls: - description: - - List of artifact urls to deploy - required: true - type: list -''' - -RETURN = ''' -''' - -EXAMPLES = ''' -- name: Deploy artifacts - tripleo_deploy_artifacts: - artifact_urls: - - http://example.com/foo.rpm - - http://example.com/foo.tar.gz -''' - - -def _get_filetype(filename): - cmd = "file -b " + filename - try: - r = subprocess.run(cmd, shell=True, stdout=subprocess.PIPE, - stderr=subprocess.PIPE, universal_newlines=True) - except Exception as e: - raise Exception('Unable to determine file type: %s' & e) - if 'RPM' in r.stdout: - return 'rpm' - elif 'gzip compressed data' in r.stdout: - return 'targz' - return 'UNKNOWN' - - -def deploy_rpm(filename): - rpm_filename = filename + '.rpm' - cmd = "dnf install -y " + rpm_filename - try: - os.rename(filename, rpm_filename) - _ = subprocess.run(cmd, shell=True, check=True, stderr=subprocess.PIPE, - universal_newlines=True) - except Exception as e: - raise Exception('Unable to install rpm: %s' % e) - finally: - if os.path.exists(rpm_filename): - os.unlink(rpm_filename) - - -def deploy_targz(filename): - cmd = "tar xvz -C / -f " + filename - try: - _ = subprocess.run(cmd, shell=True, check=True, stderr=subprocess.PIPE, - universal_newlines=True) - except Exception as e: - raise Exception('Unable to install tar.gz: %s' % e) - finally: - if os.path.exists(filename): - os.unlink(filename) - - -def run(module): - results = dict( - changed=False - ) - - args = module.params - urls = args.get('artifact_urls') - tmpfile = None - - # run command - for url in urls: - try: - (tmpfile, _) = urllib.request.urlretrieve(url) - filetype = _get_filetype(tmpfile) - if filetype == 'rpm': - deploy_rpm(tmpfile) - elif filetype == 'targz': - deploy_targz(tmpfile) - else: - results['failed'] = True - results['error'] = 'Invalid file format' - results['msg'] = ('Unable to determine file format for %s' % - url) - break - results['changed'] = True - except Exception as e: - results['failed'] = True - results['error'] = traceback.format_exc() - results['msg'] = "Unhandled exception: %s" % e - break - finally: - if tmpfile and os.path.exists(tmpfile): - os.unlink(tmpfile) - - module.exit_json(**results) - - -def main(): - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=False, - ) - run(module) - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_diff_exec.py b/tripleo_ansible/ansible_plugins/modules/tripleo_diff_exec.py deleted file mode 100644 index b0a1f43c6..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_diff_exec.py +++ /dev/null @@ -1,144 +0,0 @@ -#!/usr/bin/python -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -from ansible.module_utils.basic import AnsibleModule - -import filecmp -import os -import shutil -import subprocess -import traceback -import yaml - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - - -DOCUMENTATION = ''' ---- -module: tripleo_diff_exec -short_description: Run a command if a file is different than a previous one -version_added: "2.9" -author: "Alex Schultz (@mwhahaha)" -description: - - Takes a file path and compares it to a previous version (created by this - module) and runs a command if the contents are different. -options: - command: - description: - - Command to run if the state file has changed since the last run. If the - previous version of the state file does not exist, the command is run. - required: true - type: str - environment: - description: - - Environment variables to be passed to the command being run - required: false - type: dict - default: {} - return_codes: - description: - - List of valid return code values for the command - required: false - type: list - default: [0] - state_file: - description: - - File to use to compare to the previous version - required: true - type: str - state_file_suffix: - description: - - Suffix to use to store the previous version of the file for comparisons - between runs - required: false - default: -tripleo_diff_exec - type: str -''' - -RETURN = ''' -''' - -EXAMPLES = ''' -- name: Run command if file is changed - tripleo_diff_exec: - command: systemctl restart foo.service - state_file: /var/lib/my-file - state_file_suffix: -foo - environment: - FOO: bar -''' - - -def run(module): - results = dict( - changed=False - ) - - args = module.params - command = args.get('command') - environment = args.get('environment', {}) - return_codes = args.get('return_codes', [0]) - state_file = args.get('state_file') - state_file_bkup = args.get('state_file') + args.get('state_file_suffix', - '-tripleo_diff_exec') - - if not os.path.exists(state_file): - results['failed'] = True - results['error'] = "Missing state file" - results['msg'] = "State file does not exist: %s" % state_file - elif (not os.path.exists(state_file_bkup) - or not filecmp.cmp(state_file, state_file_bkup, shallow=False)): - # run command - try: - tmp_environment = os.environ.copy() - tmp_environment.update(environment) - r = subprocess.run(command, shell=True, env=tmp_environment, - stdout=subprocess.PIPE, stderr=subprocess.PIPE, - universal_newlines=True) - if r.returncode in return_codes: - results['changed'] = True - # copy old to bkup - shutil.copy2(state_file, state_file_bkup) - else: - results['failed'] = True - results['error'] = "Failed running command" - results['msg'] = ("Error running %s. rc: %s, stdout: %s, " - "stderr: %s" % (command, r.returncode, - r.stdout, r.stderr)) - except Exception as e: - results['failed'] = True - results['error'] = traceback.format_exc() - results['msg'] = "Unhandled exception: %s" % e - - module.exit_json(**results) - - -def main(): - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=False, - ) - run(module) - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_dnf_stream.py b/tripleo_ansible/ansible_plugins/modules/tripleo_dnf_stream.py deleted file mode 100644 index 9cd6182db..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_dnf_stream.py +++ /dev/null @@ -1,264 +0,0 @@ -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -DOCUMENTATION = ''' ---- -module: tripleo_dnf_stream -short_description: Enable or disable a set of DNF stream modules if available. -description: - - "Enables or disables one or more I(dnf) module streams. If no stream is being - specified, the default stream will be enabled/disabled." -options: - name: - description: - - "A module name to enable or disable, like C(container-tools:3.0). - If no stream or profile is specified then the defaults will be enabled - To handle multiple I(dnf) modules this parameter can accept a comma - separated string or a list of module names with their streams. - Passing the profile in this parameter won't have any impact as the - module only enables or disables the stream, it doesn't install/uninstall - packages." - required: true - type: list - elements: str - state: - description: - - "Whether to enable or disable a module. After the task is executed only - the module will change, there is no packages synchronization performed. - To do so, please check the I(dnf) Ansible module." - default: 'enabled' - required: false - type: str - choices: ['enabled', 'disabled'] - -author: - - Jose Luis Franco Arza (@jfrancoa) -''' - -EXAMPLES = ''' -- hosts: dbservers - tasks: - - name: Enable container-tools:3.0 stream module - tripleo_dnf_stream: - name: container-tools:3.0 - state: enabled - - name: Disable container-tools:3.0 stream module - tripleo_dnf_stream: - name: container-tools:3.0 - state: disabled - - name: Enable nginx, php:7.4 and python36:36 - tripleo_dnf_stream: - name: - - nginx - - php:7.4 - - python36:3.6 - - name: Update packages - dnf: - name: * - state: latest -''' - -import sys - -try: - import dnf - import dnf.cli - import dnf.const - import dnf.exceptions - import dnf.subject - import dnf.util - HAS_DNF = True -except ImportError: - HAS_DNF = False - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils._text import to_native - -from yaml import safe_load as yaml_safe_load - - -class DnfModule(): - """ - DNF Ansible module back-end implementation - """ - - def __init__(self, module): - self.module = module - - self.name = self.module.params['name'] - self.state = self.module.params['state'] - - self._ensure_dnf() - - try: - dnf.base.WITH_MODULES - except AttributeError: - self.module.fail_json( - msg="DNF modules are not supported.", - results=[], - ) - - def _ensure_dnf(self): - if not HAS_DNF: - self.module.fail_json( - msg="Could not import the dnf python module using {0} ({1}). " - "Please install `python3-dnf` package or ensure you have specified the " - "correct ansible_python_interpreter.".format(sys.executable, sys.version.replace('\n', '')), - results=[], - ) - - def _base(self): - """Return a fully configured dnf Base object.""" - base = dnf.Base() - base.read_all_repos() - base.fill_sack() - try: - # this method has been supported in dnf-4.2.17-6 or later - # https://bugzilla.redhat.com/show_bug.cgi?id=1788212 - base.setup_loggers() - except AttributeError: - pass - try: - base.init_plugins() - base.pre_configure_plugins() - except AttributeError: - pass # older versions of dnf didn't require this and don't have these methods - try: - base.configure_plugins() - except AttributeError: - pass # older versions of dnf didn't require this and don't have these methods - - return base - - def _is_module_available(self, module_spec): - module_spec = module_spec.strip() - module_list, nsv = self.module_base._get_modules(module_spec) - - if nsv: - return True, nsv - else: - return False, None - - def _is_module_enabled(self, module_nsv): - enabled_streams = self.base._moduleContainer.getEnabledStream(module_nsv.name) - - if enabled_streams: - if module_nsv.stream: - if module_nsv.stream in enabled_streams: - return True # The provided stream was found - else: - return False # The provided stream was not found - else: - return True # No stream provided, but module found - - def ensure(self): - response = { - 'msg': "", - 'changed': False, - 'results': [], - 'rc': 0 - } - - # Accumulate failures. Package management modules install what they can - # and fail with a message about what they can't. - failure_response = { - 'msg': "", - 'failures': [], - 'results': [], - 'rc': 1 - } - - if self.state == 'enabled': - for module in self.name: - try: - module_found, nsv = self._is_module_available(module) - if module_found: - if self._is_module_enabled(nsv): - response['results'].append("Module {0} already enabled.".format(module)) - self.module_base.enable([module]) - else: - failure_response['failures'].append("Module {0} is not available in the system.".format(module)) - except dnf.exceptions.MarkingErrors as e: - failure_response['failures'].append(' '.join((module, to_native(e)))) - - else: - # state = 'disabled' - for module in self.name: - try: - module_found, nsv = self._is_module_available(module) - if module_found: - if not self._is_module_enabled(nsv): - response['results'].append("Module {0} already disabled.".format(module)) - self.module_base.disable([module]) - self.module_base.reset([module]) - else: - # If the module is not available move on - response['results'].append("Module {0} is not available in the system".format(module)) - except dnf.exceptions.MarkingErrors as e: - failure_response['failures'].append(' '.join((module, to_native(e)))) - - try: - if failure_response['failures']: - failure_response['msg'] = 'Failed to manage some of the specified modules' - self.module.fail_json(**failure_response) - - # Perform the transaction if no failures found - self.base.do_transaction() - self.module.exit_json(**response) - except dnf.exceptions.Error as e: - failure_response['msg'] = "Unknown Error occured: {0}".format(to_native(e)) - self.module.fail_json(**failure_response) - - response['changed'] = True - - def run(self): - """The main function.""" - - # Note: base takes a long time to run so we want to check for failure - # before running it. - if not dnf.util.am_i_root(): - self.module.fail_json( - msg="This command has to be run under the root user.", - results=[], - ) - - self.base = self._base() - - self.module_base = dnf.module.module_base.ModuleBase(self.base) - - self.ensure() - - -def main(): - - module = AnsibleModule( - argument_spec=yaml_safe_load(DOCUMENTATION)['options'], - supports_check_mode=False, - ) - - module_implementation = DnfModule(module) - try: - module_implementation.run() - except dnf.exceptions.RepoError as de: - module.fail_json( - msg="Failed to synchronize repodata: {0}".format(to_native(de)), - rc=1, - results=[], - changed=False - ) - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_fernet_keys_rotate.py b/tripleo_ansible/ansible_plugins/modules/tripleo_fernet_keys_rotate.py deleted file mode 100644 index 0c24dc5cb..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_fernet_keys_rotate.py +++ /dev/null @@ -1,134 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2018 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import yaml - -from ansible.module_utils import tripleo_common_utils as tc -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - -from tripleo_common.utils import plan as plan_utils - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_fernet_keys_rotate - -short_description: Rotate Fernet Keys - -version_added: "2.8" - -description: - - "Rotate fernet keys." - -options: - container: - description: - - Overcloud stack name - default: overcloud -author: - - Rabi Mishra (@ramishra) -requirements: ["openstacksdk", "tripleo-common"] -''' - -EXAMPLES = ''' -- name: Rotate fernet keys - tripleo_fernet_keys_rotate: - container: overcloud -''' - -RETURN = ''' -fernet_keys: - description: Rotated fernet keys - returned: always - type: dict - no_log: true - sample: { - "/etc/keystone/fernet-keys/0": { - "content": "kZL9nNvdYim9AvLUfrX4bHAMgwlCIbIkgBLVEoMTi1A=" - }, - "/etc/keystone/fernet-keys/62": { - "content": "VTwb92H8iysaU0ky7nDV2XFNOscA4Cm_TYBFeI9wuQs=" - }, - "/etc/keystone/fernet-keys/63": { - "content": "6aiyiVzN5c2qYhuS2mgOLa0zK7Hc6q5-zq6n4tdEUAE=" - }, - "/etc/keystone/fernet-keys/64": { - "content": "Qq0Ef-wFtxAkwfOxqHHq8zykvozPGkwym4t9ATMrujA=" - }, - "/etc/keystone/fernet-keys/65": { - "content": "mnbPEIt0AQltAd5bzs9P8nV4cpksaOo7IHvK7eBHp8M=" - } - } -''' - - -def run_module(): - result = dict( - success=False, - error="", - fernet_keys={} - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=True, - **openstack_module_kwargs() - ) - - try: - container = module.params.get('container') - _, conn = openstack_cloud_from_module(module) - tripleo = tc.TripleOCommon(session=conn.session) - - heat = tripleo.get_orchestration_client() - # if the user is working with this module in only check mode we do not - # want to make any changes to the environment, just return the current - # state with no modifications - if module.check_mode: - module.exit_json(**result) - fernet_keys = plan_utils.rotate_fernet_keys(heat, container) - result['success'] = True - result['fernet_keys'] = fernet_keys - except Exception as err: - result['error'] = str(err) - result['msg'] = ("Error rotating fernet keys for plan %s: %s" % ( - container, err)) - module.fail_json(**result) - - # in the event of a successful module execution, you will want to - # simple AnsibleModule.exit_json(), passing the key/value results - module.exit_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_findif_for_ip.py b/tripleo_ansible/ansible_plugins/modules/tripleo_findif_for_ip.py deleted file mode 100644 index 1d31f801f..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_findif_for_ip.py +++ /dev/null @@ -1,103 +0,0 @@ -#!/usr/bin/python -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import netaddr -import os -import yaml - -from ansible.module_utils.basic import AnsibleModule - -DOCUMENTATION = """ ---- -module: tripleo_findif_for_ip -author: - - OpenStack TripleO Contributors -version_added: '1.0' -short_description: Finds the interface that an IP address is assigned to. -notes: [] -requirements: -description: - - Locates the interface that has the provided IP address assigned to it -options: - ip_address: - description: - - The IP address to look for - type: str - - debug: - description: - - Print debug output. - type: bool - default: false -""" - -EXAMPLES = """ -- name: Find the interface for the provided IP address - tripleo_find_if_for_ip: - ip_address: 192.168.24.22 -""" - -RETURN = """ -interface: - description: - - if not empty, the interface that has the given IP address - returned: always - type: str -""" - - -def find_interface(module, ip_address): - rc, out, err = module.run_command(['ip', '-br', 'addr']) - - result = { - 'changed': False, - 'interface': '' - } - for ifline in out.splitlines(): - columns = ifline.strip().split() - if len(columns) == 0: - continue - interface_name = columns[0] - ips = columns[2:] - for addr in ips: - ip = addr.split('/')[0] - if ip == ip_address: - result['interface'] = interface_name - return result - return result - - -def main(): - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=True, - ) - results = dict( - changed=False - ) - # parse args - ip_address = module.params['ip_address'] - - if netaddr.valid_ipv6(ip_address) or netaddr.valid_ipv4(ip_address): - results = find_interface(module, ip_address) - else: - module.fail_json(msg='%s is not a valid ip address' % ip_address) - - module.exit_json(**results) - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_generate_ansible_inventory.py b/tripleo_ansible/ansible_plugins/modules/tripleo_generate_ansible_inventory.py deleted file mode 100644 index e62d86fa4..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_generate_ansible_inventory.py +++ /dev/null @@ -1,157 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2018 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -import os -import traceback -import yaml - -from ansible.module_utils import tripleo_common_utils as tc -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - -from tripleo_common import inventory as inventory - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_generate_ansible_inventory - -short_description: Generate Ansible Inventory - -version_added: "2.8" - -description: - - "Generate Ansible Inventory" - -options: - plan: - description: - - Overcloud plan name - type: str - default: overcloud - ansible_ssh_user: - description: - - Ansible ssh user - type: str - default: tripleo-admin - ansible_ssh_private_key_file: - description: - - Private key file - type: str - ansible_python_interpreter: - description: - - Python interpreter - type: str - ssh_network: - description: - - SSH network - type: str - default: ctlplane - work_dir: - description: - - Work dir - type: str - default: /home/stack/config-download/overcloud -author: - - Rabi Mishra (@ramishra) -''' - -RETURN = ''' -inventory_path: - description: Inventory file path - returned: always - type: string -''' - - -EXAMPLES = ''' -- name: Generate ansible inventory for plan - tripleo_generate_ansible_inventory: - plan: overcloud - ansible_ssh_user: tripleo-admin - ansible_ssh_private_key_file: /home/stack/.ssh/tripleo-admin-rsa - ansible_python_interpreter: /usr/bin/python3 - ssh_network: ctlplane - work_dir: /home/stack/config-download/overcloud -''' - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - module = AnsibleModule( - argument_spec=argument_spec, - supports_check_mode=False, - **openstack_module_kwargs() - ) - - try: - plan = module.params.get('plan') - ssh_user = module.params.get('ansible_ssh_user') - ssh_private_key_file = module.params.get( - 'ansible_ssh_private_key_file') - python_interpretor = module.params.get('ansible_python_interpretor') - ssh_network = module.params.get('ssh_network') - work_dir = module.params.get('work_dir') - - _, conn = openstack_cloud_from_module(module) - tripleo = tc.TripleOCommon(session=conn.session) - heat = tripleo.get_orchestration_client() - - cloud_name = os.environ.get('OS_CLOUD', 'undercloud') - inventory_path = inventory.generate_tripleo_ansible_inventory( - cloud_name=cloud_name, - heat=heat, - plan=plan, - work_dir=work_dir, - ansible_python_interpreter=python_interpretor, - ansible_ssh_user=ssh_user, - undercloud_key_file=ssh_private_key_file, - ssh_network=ssh_network) - result['inventory_path'] = inventory_path - result['success'] = True - result['changed'] = True - except Exception as err: - result['error'] = traceback.format_exc() - result['msg'] = ("Error generating inventory for %s: %s - %s" % ( - plan, err, str(err))) - module.fail_json(**result) - - # in the event of a successful module execution, you will want to - # simple AnsibleModule.exit_json(), passing the key/value results - module.exit_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_generate_inventory_network_config.py b/tripleo_ansible/ansible_plugins/modules/tripleo_generate_inventory_network_config.py deleted file mode 100644 index d2cd5bbcf..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_generate_inventory_network_config.py +++ /dev/null @@ -1,282 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2021 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import copy -import traceback -import yaml - -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_generate_inventory_network_config - -short_description: Generate network config for ansible inventory - -version_added: "2.8" - -description: - - Generates network config that cannot be stored on neutron port resources - for the ansible inventory. - -options: - instances: - description: - - Data describing instances, node instances including networks and - network_config - type: list - elements: dict - suboptions: - hostname: - description: - - Node hostname - type: str - network_config: - description: - - Network configuration object - type: dict - suboptions: - default_route_network: - description: - - The network to use for the default route - type: list - default: - - ctlplane - template: - description: - - The nic config template - type: string - default: templates/net_config_bridge.j2 - dns_search_domains: - description: - - A list of DNS search domains to be added (in order) to - resolv.conf. - type: list - default: [] - physical_bridge_name: - description: - - An OVS bridge to create for accessing external networks. - type: string - default: br-ex - public_interface_name: - description: - - Which interface to add to the public bridge - type: string - default: nic1 - network_config_update: - description: - - When to apply network configuration changes, allowed values - are True or False. - type: boolean - default: False - networks_skip_config: - description: - - List of networks that should be skipped when configuring node - networking - type: list - default: [] - net_config_data_lookup: - description: - - Per node and/or per node group os-net-config nic mapping config - type: dict - bond_interface_ovs_options: - description: - - The ovs_options or bonding_options string for the bond - interface. Set things like lacp=active and/or - bond_mode=balance-slb for OVS bonds or like mode=4 for Linux - bonds using this option. - type: string - num_dpdk_interface_rx_queues: - description: - - Number of Rx Queues required for DPDK bond or DPDK ports - type: int - default: 1 - hostname_role_map: - description: - - Mapping of instance hostnames to role name - type: dict -author: - - Harald Jensås -''' - -RETURN = ''' -Controller: - hosts: - overcloud-controller-0: - template: templates/multiple_nics/multiple_nics.j2 - physical_bridge_name: br-ex - public_interface_name: nic1 - network_config_update: False - net_config_data_lookup: {} - bond_interface_ovs_options: bond_mode=balance-slb -Compute: - hosts: - overcloud-compute-0: - template: templates/multiple_nics/multiple_nics.j2 - physical_bridge_name: br-ex - public_interface_name: nic1 - network_config_update: False - net_config_data_lookup: {} - bond_interface_ovs_options: bond_mode=balance-slb - overcloud-compute-1: - template: templates/multiple_nics/multiple_nics.j2 - physical_bridge_name: br-ex - public_interface_name: nic1 - network_config_update: False - net_config_data_lookup: {} - bond_interface_ovs_options: bond_mode=balance-slb -''' - -EXAMPLES = ''' -- name: Generate network config for ansible inventory - tripleo_generate_inventory_network_config: - instances: - - hostname: overcloud-controller-0 - network_config: - template: templates/multiple_nics/multiple_nics.j2 - physical_bridge_name: br-ex - public_interface_name: nic1 - network_config_update: False - net_config_data_lookup: {} - bond_interface_ovs_options: bond_mode=balance-slb - - hostname: overcloud-novacompute-0 - network_config: - template: templates/multiple_nics/multiple_nics.j2 - physical_bridge_name: br-ex - public_interface_name: nic1 - network_config_update: False - net_config_data_lookup: {} - bond_interface_ovs_options: bond_mode=balance-slb - - hostname: overcloud-novacompute-1 - network_config: - template: templates/multiple_nics/multiple_nics.j2 - physical_bridge_name: br-ex - public_interface_name: nic1 - network_config_update: False - net_config_data_lookup: {} - bond_interface_ovs_options: bond_mode=balance-slb - hostname_role_map: - overcloud-controller-0: Controller - overcloud-novacompute-0: Compute - overcloud-novacompute-1: Compute -''' - - -def set_network_config_defaults(module_opts, network_config): - net_config_opts = module_opts['instances']['suboptions']['network_config'] - for k, v in net_config_opts['suboptions'].items(): - default = v.get('default') - if default is not None: - network_config.setdefault(k, default) - - -def translate_opts_for_tripleo_network_config_role(network_config): - translation_map = dict( - template='tripleo_network_config_template', - physical_bridge_name='neutron_physical_bridge_name', - public_interface_name='neutron_public_interface_name', - network_config_update=('tripleo_network_config_update'), - net_config_data_lookup='tripleo_network_config_os_net_config_mappings', - ) - - for key, value in copy.deepcopy(network_config).items(): - if key not in translation_map: - continue - - new_key = translation_map[key] - network_config.setdefault(new_key, value) - network_config.pop(key) - - -def generate_ansible_inventory_network_config(result, module_opts, instances, - hostname_role_map): - inventory = result['config'] - - roles = set(hostname_role_map.values()) - - for role in roles: - inventory.setdefault(role, dict()) - inventory[role].setdefault('hosts', dict()) - role_vars = inventory[role].setdefault('vars', dict()) - role_vars['tripleo_network_config_hide_sensitive_logs'] = False - - for instance in instances: - if not instance.get('provisioned', True): - continue - - hostname = instance['hostname'] - role = hostname_role_map[hostname] - host = inventory[role]['hosts'].setdefault(hostname.lower(), dict()) - network_config = instance.get('network_config', dict()) - set_network_config_defaults(module_opts, network_config) - translate_opts_for_tripleo_network_config_role(network_config) - host.update(network_config) - - # Delete empty roles, i.e no provisioned hosts. - for role in roles: - if not inventory[role]['hosts']: - del inventory[role] - - result['changed'] = True - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - config=dict(), - ) - - module_opts = yaml.safe_load(DOCUMENTATION)['options'] - argument_spec = openstack_full_argument_spec(**module_opts) - - module = AnsibleModule( - argument_spec=argument_spec, - supports_check_mode=False, - ) - - instances = module.params['instances'] - hostname_role_map = module.params['hostname_role_map'] - - try: - generate_ansible_inventory_network_config(result, module_opts, - instances, hostname_role_map) - - result['success'] = True - module.exit_json(**result) - except Exception: - result['error'] = traceback.format_exc() - result['msg'] = ("Error generating ansible inventory network config: " - "{}".format(traceback.format_exc().split('\n')[-2])) - module.fail_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_list_overclouds.py b/tripleo_ansible/ansible_plugins/modules/tripleo_list_overclouds.py deleted file mode 100644 index 29777c874..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_list_overclouds.py +++ /dev/null @@ -1,135 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2018 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from __future__ import absolute_import -from __future__ import division -from __future__ import print_function - -import yaml - -try: - from ansible.module_utils import tripleo_common_utils as tc -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils import tripleo_common_utils as tc -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - -from heatclient import exc as heat_exc -from tripleo_common import inventory as inventory - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_list_overclouds - -short_description: List all currently deployed overcloud stacks - -version_added: "2.8" - -description: - - "List all currently deployed overcloud stacks" - -options: {} -author: - - Steve Baker (@stevebaker) -''' - -RETURN = ''' -stacks: - description: List of stacks - returned: always - type: list - sample: - - id: 6ea20112-acc5-41d8-9481-78f1151bcfaa - stack_name: overcloud - - id: 9345a389-4345-482c-9e18-db226c011e56 - stack_name: other-overcloud -''' - - -EXAMPLES = ''' -- name: Get overcloud stacks - tripleo_list_overclouds: - register: overclouds -- name: Display stack names - debug: - msg: "overcloud {{ item.stack_name }} - loop: "{{ overclouds.stacks }} -''' - - -def get_overclouds(heat_client): - for stack in heat_client.stacks.list(): - try: - heat_client.stacks.output_show(stack.stack_name, 'AnsibleHostVarsMap') - yield { - "id": stack.id, - "stack_name": stack.stack_name - } - except heat_exc.NotFound: - pass - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **openstack_module_kwargs() - ) - - try: - _, conn = openstack_cloud_from_module(module) - - tripleo = tc.TripleOCommon(session=conn.session) - heat_client = tripleo.get_orchestration_client() - - result['stacks'] = list(get_overclouds(heat_client)) - result['success'] = True - result['changed'] = False - except Exception as err: - result['error'] = str(err) - result['msg'] = ("Error getting overclouds: %s" % err) - module.fail_json(**result) - - # in the event of a successful module execution, you will want to - # simple AnsibleModule.exit_json(), passing the key/value results - module.exit_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_network_populate_environment.py b/tripleo_ansible/ansible_plugins/modules/tripleo_network_populate_environment.py deleted file mode 100644 index eda11ba8a..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_network_populate_environment.py +++ /dev/null @@ -1,212 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2020 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import os -import yaml - -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_network_populate_environment - -short_description: Create TripleO Composable network deployed environemnt - -version_added: "2.8" - -description: - - "Create TripleO Composable network deployed environemnt data" - -options: - net_data: - description: - - Structure describing a TripleO composable network - type: list - templates: - description: - - The path to tripleo-heat-templates root directory - type: path - default: /usr/share/openstack-tripleo-heat-templates - -author: - - Harald Jensås -''' - -RETURN = ''' -net_ip_version_map: - description: - - Dictionary mapping network's to ip_version - returned: always - type: dict -net_cidr_map: - description: - - Dictionary mapping network to cidrs - returned: always - type: dict -''' - -EXAMPLES = ''' -- name: Populate environment - tripleo_network_populate_environment: - net_data: - - name: Baremetal - - name: External - - name: InternalApi - name_lower: internal_api - templates: /home/stack/tripleo-heat-templates - register: network_environment -''' - - -def get_net_ip_version(subnets, net_data): - ip_versions = {subnet.ip_version for subnet in subnets} - - if {4, 6} == ip_versions: - # Full dual stack is currently not supported, operator must set - # ipv6: true in network_data if services on the network should use ipv6 - return 6 if net_data.get('ipv6') is True else 4 - - return ip_versions.pop() - - -def get_net_cidrs(subnets, ip_version): - return [subnet.cidr for subnet in subnets - if subnet.ip_version == ip_version] - - -def get_network_attrs(network): - return {'name': network.name, - 'mtu': network.mtu, - 'dns_domain': network.dns_domain, - 'tags': network.tags} - - -def get_subnet_attrs(subnet): - attrs = { - 'name': subnet.name, - 'cidr': subnet.cidr, - 'gateway_ip': subnet.gateway_ip, - 'host_routes': subnet.host_routes, - 'dns_nameservers': subnet.dns_nameservers, - 'ip_version': subnet.ip_version, - 'tags': subnet.tags, - } - - return subnet.name, attrs - - -def get_subnets_attrs(subnets): - subnets_map = dict() - for subnet in subnets: - name, attrs = get_subnet_attrs(subnet) - subnets_map[name] = attrs - - return subnets_map - - -def set_composable_network_attrs(module, conn, name_lower, net_data, - attrs=None, - cidr_map=None, ip_version_map=None): - net = conn.network.find_network(name_lower) - if net is None: - msg = ('Failed crating deployed network environment. Network ' - '{} not found'.format(net_data['name'])) - module.fail_json(msg=msg) - - attrs['network'] = get_network_attrs(net) - - subnets = [conn.network.get_subnet(s_id) for s_id in net.subnet_ids] - - ip_version_map[name_lower] = get_net_ip_version(subnets, net_data) - cidr_map[name_lower] = get_net_cidrs(subnets, ip_version_map[name_lower]) - attrs['subnets'] = get_subnets_attrs(subnets) - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - environment={}, - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **openstack_module_kwargs() - ) - - networks_data = module.params['net_data'] - templates = module.params['templates'] - - try: - _, conn = openstack_cloud_from_module(module) - net_ip_version_map = dict() - net_cidr_map = dict() - net_attr_map = dict() - for net_data in networks_data: - name_lower = net_data.get('name_lower', net_data['name'].lower()) - net_attr_map[name_lower] = dict() - - set_composable_network_attrs( - module, conn, name_lower, net_data, - attrs=net_attr_map[name_lower], - cidr_map=net_cidr_map, - ip_version_map=net_ip_version_map) - - result['environment'] = { - 'resource_registry': { - 'OS::TripleO::Network': - os.path.join(templates, 'network/deployed_networks.yaml'), - }, - 'parameter_defaults': { - 'DeployedNetworkEnvironment': { - 'net_ip_version_map': net_ip_version_map, - 'net_cidr_map': net_cidr_map, - 'net_attributes_map': net_attr_map, - } - } - } - result['success'] = True - - module.exit_json(**result) - - except Exception as err: - result['error'] = str(err) - result['msg'] = "Error overcloud network provision failed!" - module.fail_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_network_ports_populate_environment.py b/tripleo_ansible/ansible_plugins/modules/tripleo_network_ports_populate_environment.py deleted file mode 100644 index 04ca00895..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_network_ports_populate_environment.py +++ /dev/null @@ -1,209 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2020 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import os -import yaml - -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_network_ports_populate_environment - -short_description: Create TripleO network port environment - -version_added: "2.8" - -description: - - "Create TripleO network port environment by extending the beremetal environment" - -options: - environment: - description: - - Existing heat environment data to add to - type: dict - default: {} - role_net_map: - description: - - Structure with role network association - type: dict - default: {} - node_port_map: - description: - - Structure with port data mapped by node and network - type: dict - default: {} - templates: - description: - - The path to tripleo-heat-templates root directory - type: path - default: /usr/share/openstack-tripleo-heat-templates - -author: - - Harald Jensås -''' - -RETURN = ''' -''' - -EXAMPLES = ''' -- name: Populate environment with network port data - tripleo_network_ports_populate_environment: - environment: {} - role_net_map: - Controller: - - external - - internal_api - - storage - - tenant - Compute: - - internal_api - - storage - - tenant - node_port_map: - controller-0: - internal_api: - ip_address: 172.18.0.9 - ip_subnet: 172.18.0.9/24 - ip_address_uri: 172.18.0.9 - tenant: - ip_address: 172.19.0.9 - ip_subnet: 172.19.0.9/24 - ip_address_uri: 172.19.0.9 - compute-0: - internal_api: - ip_address: 172.18.0.15 - ip_subnet: 172.18.0.15/24 - ip_address_uri: 172.18.0.15 - tenant: - ip_address: 172.19.0.15 - ip_subnet: 172.19.0.15/24 - ip_address_uri: 172.19.0.15 - register: environment -''' - - -CTLPLANE_NETWORK = 'ctlplane' -REGISTRY_KEY_TPL = 'OS::TripleO::{role}::Ports::{net_name}Port' -PORT_PATH_TPL = 'network/ports/deployed_{net_name_lower}.yaml' - - -def get_net_name_map(conn, role_net_map): - _map = {} - networks = set() - - for role, nets in role_net_map.items(): - networks.update(nets) - - for name_lower in networks: - if name_lower == CTLPLANE_NETWORK: - _map[name_lower] = name_lower - continue - - net = conn.network.find_network(name_or_id=name_lower) - if not net: - raise Exception('Network {} not found'.format(name_lower)) - - name_upper = [x.split('=').pop() for x in net.tags - if x.startswith('tripleo_network_name')] - - if not name_upper: - raise Exception( - 'Unable to find network name for network with name_lower: {}, ' - 'please make sure the network tag tripleo_network_name' - '=$NET_NAME is set.'.format(name_lower)) - - _map[name_lower] = name_upper.pop() - - return _map - - -def update_environment(environment, node_port_map, role_net_map, net_name_map, - templates): - resource_registry = environment.setdefault('resource_registry', {}) - parameter_defaults = environment.setdefault('parameter_defaults', {}) - - for role, nets in role_net_map.items(): - for net in nets: - if net == CTLPLANE_NETWORK: - continue - - registry_key = REGISTRY_KEY_TPL.format(role=role, - net_name=net_name_map[net]) - template_path = os.path.join( - templates, PORT_PATH_TPL.format(net_name_lower=net)) - resource_registry.update({registry_key: template_path}) - - _map = parameter_defaults.setdefault('NodePortMap', {}) - _map.update(node_port_map) - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - environment={}, - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **openstack_module_kwargs() - ) - - environment = result['environment'] = module.params['environment'] - role_net_map = module.params['role_net_map'] - node_port_map = module.params['node_port_map'] - templates = module.params['templates'] - - try: - _, conn = openstack_cloud_from_module(module) - - net_name_map = get_net_name_map(conn, role_net_map) - update_environment(environment, node_port_map, role_net_map, - net_name_map, templates) - - result['success'] = True - - module.exit_json(**result) - - except Exception as err: - result['error'] = str(err) - result['msg'] = "Error overcloud network provision failed!" - module.fail_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_nftables_from_files.py b/tripleo_ansible/ansible_plugins/modules/tripleo_nftables_from_files.py deleted file mode 100644 index e293142e7..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_nftables_from_files.py +++ /dev/null @@ -1,114 +0,0 @@ -#!/usr/bin/env python3 -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -import os -import yaml - -from ansible.module_utils.basic import AnsibleModule - -ANSIBLE_METADATA = { - 'metadata_version': '0.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = """ ---- -module: tripleo_nftables_from_files -author: - - Cedric Jeanneret -version_added: '2.12' -short_description: Get yaml contents and output a single list of rules -notes: [] -description: - - This action loads multiple YAML files from a specified location, and - appends the elements into a single list. This list can then be used within - tripleo_nftables in order to configure the firewall. -options: - src: - description: - - Source directory for the different files - required: True - type: str -""" - -EXAMPLES = """ -- name: Get nftables rules - register: tripleo_nftables_rules - tripleo_nftables_from_files: - src: /var/lib/tripleo-config/firewall -""" - -RETURN = """ -rules: - description: List of nftables rules built upon the files content - returned: always - type: dict - sample: - success: True - rules: - - rule_name: 000 accept related established - rule: - proto: all - state: - - RELATED - - ESTABLISHED - - rule_name: 010 accept ssh from all - rule: - proto: tcp - dport: 22 -""" - - -class main(): - """Main method for the module - """ - - result = dict(sucess=False, error="") - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=False, - ) - - dir_src = module.params.get('src', None) - if dir_src is None: - result['error'] = 'Missing required parameter: src' - result['msg'] = result['error'] - module.fail_json(**result) - - if not os.path.exists(dir_src): - result['error'] = 'Missing directory on host: {}'.format(dir_src) - result['msg'] = result['error'] - module.fail_json(**result) - - rules = [] - for r_file in os.listdir(dir_src): - with open(os.path.join(dir_src, r_file), 'r') as r_data: - try: - parsed_yaml = yaml.safe_load(r_data) - except Exception: - result['error'] = 'Unable to parse {}'.format( - os.path.join(dir_src, r_file)) - result['msg'] = result['error'] - module.fail_json(**result) - rules.extend(parsed_yaml) - result['rules'] = sorted(rules, key=lambda r: r['rule_name']) - result['success'] = True - module.exit_json(**result) - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_nftables_snippet.py b/tripleo_ansible/ansible_plugins/modules/tripleo_nftables_snippet.py deleted file mode 100644 index 97e0be69d..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_nftables_snippet.py +++ /dev/null @@ -1,136 +0,0 @@ -#!/usr/bin/env python3 -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -import hashlib -import os -import yaml - -from ansible.module_utils.basic import AnsibleModule - -ANSIBLE_METADATA = { - 'metadata_version': '0.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = """ ---- -module: tripleo_nftables_snippet -author: - - Cedric Jeanneret -version_added: '2.12' -short_description: Create rule snippets in selected configuration directory -notes: [] -description: - - This module validate and write the YAML in specified location/file, while - ensuring the filename is unique in the location. -options: - dest: - description: - - Destination absolute path, with filename - required: True - type: str - content: - description: - - List of rule dicts in valid YAML - required: False - type: str - state: - description: - - State of the snippet, either present or absent - type: str - default: present -""" - -EXAMPLES = """ -- name: Inject snippet for CI - tripleo_nftables_snippet: - dest: /var/lib/tripleo-config/firewall/ci-rules.yaml - content: | - - rule_name: 010 Allow SSH from everywhere - rule: - proto: tcp - dport: 22 - - rule_name: Allow console stream from everywhere - rule: - proto: tcp - dport: 19885 - state: [] -""" - -RETURN = """ -""" - - -class main(): - """Main method for the module - """ - - result = dict(sucess=False, error="", changed=False) - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=False, - ) - - dest = module.params.get('dest', None) - content = module.params.get('content', None) - state = module.params.get('state', 'present') - if dest is None: - result['error'] = 'Missing required parameter: dest' - result['msg'] = result['error'] - module.fail_json(**result) - if not os.path.isabs(dest): - result['error'] = '"dest" parameter must be an absolute path' - result['msg'] = result['error'] - module.fail_json(**result) - if state == 'present' and content is None: - result['error'] = 'Missing required parameter: content' - result['msg'] = result['error'] - module.fail_json(**result) - if not os.path.exists(os.path.dirname(dest)): - result['error'] = 'Destination directory does not exist' - result['msg'] = ("Directory {} doesn't exist, please create it " - "before trying to push files in there").format( - os.path.dirname(dest)) - module.fail_json(**result) - - if state == 'present': - try: - parsed_yaml = yaml.safe_load(content) - except Exception: - result['error'] = "Content doesn't look like a valid YAML." - result['msg'] = result['error'] - module.fail_json(**result) - - with open(dest, 'w') as f_output: - yaml.dump(parsed_yaml, f_output) - result['changed'] = True - else: - if os.path.exists(dest): - try: - os.remove(dest) - result['changed'] = True - except Exception: - result['error'] = "Unable to remove {}".format(dest) - result['msg'] = result['error'] - module.fail_json(**result) - - result['success'] = True - module.exit_json(**result) - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_nova_image_cache.py b/tripleo_ansible/ansible_plugins/modules/tripleo_nova_image_cache.py deleted file mode 100644 index 4af480836..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_nova_image_cache.py +++ /dev/null @@ -1,232 +0,0 @@ -#!/usr/bin/python -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -import datetime -import hashlib -import os -import tempfile -import time - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - - -DOCUMENTATION = ''' ---- -module: tripleo_nova_image_cache -short_description: Manage Nova image cache on TripleO OpenStack deployment -version_added: "2.0" -author: "Oliver Walsh (@owalsh)" -description: - - Manage Nova image cache on TripleO OpenStack deployment -options: - id: - description: - - ID of the image to cache - required: true - scp_source: - description: - - Attempt to scp the image from this nova-compute host - scp_continue_on_error: - description: - - Fallback to image download if scp fails - default: false - -requirements: ["openstacksdk", "tripleo-common"] -''' - -EXAMPLES = ''' -- name: Cache image - tripleo_nova_image_cache: - id: ec151bd1-aab4-413c-b577-ced089e7d3f8 - -- name: Cache image, try to copy from existing host - tripleo_nova_image_cache: - id: ec151bd1-aab4-413c-b577-ced089e7d3f8 - scp_source: nova-compute-0 - scp_continue_on_error: true - -''' - -FIPS_COMPLIANT_HASHES = {'sha1', 'sha224', 'sha256', 'sha384', 'sha512'} - - -def main(): - - argument_spec = openstack_full_argument_spec( - id=dict(required=True), - _cache_dir=dict(required=True), - _cache_file=dict(required=True), - _chunk_size=dict(default=64 * 1024, type='int'), - _prefetched_path=dict(default=None), - scp_continue_on_error=dict(default=False, type='bool') - ) - module_kwargs = openstack_module_kwargs() - module = AnsibleModule(argument_spec, **module_kwargs) - - image_id = module.params['id'] - cache_dir = module.params['_cache_dir'] - cache_file = module.params['_cache_file'] - chunk_size = module.params['_chunk_size'] - prefetched_path = module.params['_prefetched_path'] - scp_continue = module.params['scp_continue_on_error'] - - result = dict( - changed=False, - actions=[], - image=None, - cache_file='', - exists_in_cache=False, - mtime=0 - ) - - sdk, cloud = openstack_cloud_from_module(module, min_version='0.11.3') - - try: - result['exists_in_cache'] = exists_in_cache = os.path.exists( - cache_file) - if exists_in_cache: - result['cache_file'] = cache_file - - image = cloud.image.find_image(name_or_id=image_id) - exists_in_glance = image is not None - if exists_in_glance: - result['image'] = image.to_dict() - - if not exists_in_cache: - - if not exists_in_glance: - module.fail_json( - msg="Image not found in glance: %s" % image_id) - - if not hasattr(image, 'hash_value'): - module.fail_json( - msg="Image does not have a hash_value: %s" % image_id) - - hash_algo = image.hash_algo - if image.hash_algo not in FIPS_COMPLIANT_HASHES: - module.fail_json( - msg="The image hash algorithm in not supported") - - hasher = hashlib.new(hash_algo) - if prefetched_path: - result['actions'].append({ - 'name': 'Verify pre-fetched image checksum' - }) - with open(prefetched_path, 'rb') as prefetched_image_file: - while True: - chunk = prefetched_image_file.read(chunk_size) - if not chunk: - break - hasher.update(chunk) - prefetched_checksum = hasher.hexdigest() - if prefetched_checksum == image.checksum: - result['actions'].append({ - 'name': 'Verify pre-fetched image', - 'result': True, - 'expected_checksum': image.checksum, - 'actual_checksum': prefetched_checksum - }) - # FIXME: chown to the container nova uid (42436) - # until we can run within the container - os.chown(prefetched_path, 42436, 42436) - os.rename(prefetched_path, cache_file) - result['changed'] = True - else: - result['actions'].append({ - 'name': 'Verify pre-fetched image', - 'result': False, - 'expected_checksum': image.checksum, - 'actual_checksum': prefetched_checksum - }) - if not scp_continue: - module.fail_json( - msg="Pre-fetched image checksum failed") - # Ignore it and download direct from glance. - # As we did not create it we should not remove it. - prefetched_path = '' - - if not prefetched_path: - with tempfile.NamedTemporaryFile( - 'wb', - dir=cache_dir, - delete=False) as temp_cache_file: - try: - hasher = hashlib.new(hash_algo) - image_stream = cloud.image.download_image( - image, - stream=True - ) - try: - for chunk in image_stream.iter_content( - chunk_size=chunk_size): - hasher.update(chunk) - temp_cache_file.write(chunk) - finally: - image_stream.close() - temp_cache_file.close() - - download_checksum = hasher.hexdigest() - if download_checksum != image.checksum: - result['actions'].append({ - 'name': 'Verify downloaded image', - 'result': False, - 'expected_checksum': image.checksum, - 'actual_checksum': download_checksum - }) - module.fail_json( - msg="Image data does not match checksum") - result['actions'].append({ - 'name': 'Verify downloaded image', - 'result': True, - 'expected_checksum': image.checksum, - 'actual_checksum': download_checksum - }) - - # FIXME: chown to the container nova uid (42436) - # until we can run within the container - os.chown(temp_cache_file.name, 42436, 42436) - os.rename(temp_cache_file.name, cache_file) - result['changed'] = True - finally: - try: - os.unlink(temp_cache_file.name) - except Exception: - pass - - # Always set the mtime to now but don't report this as a change - # as this is constantly refreshed by nova (every 40mins by default) - # while an instance on the host is using the image - now = time.time() - os.utime(cache_file, (now, now)) - result['mtime'] = now - - module.exit_json(**result) - - except sdk.exceptions.OpenStackCloudException as e: - module.fail_json(msg=str(e), extra_data=e.extra_data) - - -if __name__ == "__main__": - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_os_net_config.py b/tripleo_ansible/ansible_plugins/modules/tripleo_os_net_config.py deleted file mode 100644 index d2cdc6b32..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_os_net_config.py +++ /dev/null @@ -1,245 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import json -import os -import subprocess -import time -import yaml - -from ansible.module_utils.basic import AnsibleModule - - -ANSIBLE_METADATA = { - 'metadata_version': '1.0', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = """ ---- -module: tripleo_os_net_config -author: - - OpenStack TripleO Contributors -version_added: '1.0' -short_description: Execute os-net-config tool. -notes: [] -requirements: - - os-net-config -description: - - Configure host network interfaces using a JSON config file format. -options: - cleanup: - description: - - Cleanup unconfigured interfaces. - type: bool - default: false - config_file: - description: - - Path to the configuration file. - type: str - default: /etc/os-net-config/config.yaml - debug: - description: - - Print debug output. - type: bool - default: false - detailed_exit_codes: - description: - - If enabled an exit code of '2' means that files were modified. - type: bool - default: false - safe_defaults: - description: - - If enabled, safe defaults (DHCP for all interfaces) will be applied in - case of failuring while applying the provided net config. - type: bool - default: false - use_nmstate: - description: - - If enabled, use nmstate and network manager for network configuration. - type: bool - default: false - -""" - -EXAMPLES = """ -- name: Create network configs with defaults - tripleo_os_net_config: -""" - -RETURN = """ -rc: - description: - - Integer for the return code - returned: always - type: int -stdout: - description: - - The command standard output - returned: always - type: str -stderr: - description: - - The command standard error - returned: always - type: str -""" - -DEFAULT_CFG = '/etc/os-net-config/dhcp_all_interfaces.yaml' - - -def _run_os_net_config(config_file, cleanup=False, debug=False, - detailed_exit_codes=False, noop=False, - use_nmstate=False): - # Build os-net-config command - argv = ['os-net-config --config-file {}'.format(config_file)] - if cleanup: - argv.append('--cleanup') - if debug: - argv.append('--debug') - if detailed_exit_codes: - argv.append('--detailed-exit-codes') - if noop: - argv.append('--noop') - if use_nmstate: - argv.append('--provider nmstate') - cmd = " ".join(argv) - - # Apply the provided network configuration - run = subprocess.run(cmd, shell=True, - stdout=subprocess.PIPE, stderr=subprocess.PIPE, - universal_newlines=True) - return cmd, run - - -def _apply_safe_defaults(debug=False): - _generate_default_cfg() - cmd, run = _run_os_net_config(config_file=DEFAULT_CFG, cleanup=True, - debug=debug, detailed_exit_codes=True) - return cmd, run - - -def _generate_default_cfg(): - with open(DEFAULT_CFG, "w") as config_file: - config_file.write('# autogenerated safe defaults file which' - 'will run dhcp on discovered interfaces\n\n') - network_interfaces = [] - for i in os.listdir('/sys/class/net/'): - excluded_ints = ['lo', 'vnet'] - int_subdir = '/sys/class/net/{}/'.format(i) - - if i in excluded_ints or not os.path.isdir(int_subdir): - continue - with open('/sys/class/net/{}/addr_assign_type'.format(i), 'r') as f: - mac_addr_type = int(f.read().strip()) - - if mac_addr_type != 0: - print('Device {} has generated MAC, skipping.'.format(i)) - continue - if os.path.exists('/sys/class/net/{}/device/physfn'.format(i)): - print("Device ({}) is a SR-IOV VF, skipping.".format(i)) - continue - retries = 10 - has_link = _has_link(i) - while has_link and retries > 0: - cmd = 'ip link set dev {} up &>/dev/null'.format(i) - subprocess.run(cmd, shell=True, - stdout=subprocess.PIPE, stderr=subprocess.PIPE, - universal_newlines=True) - has_link = _has_link(i) - if has_link: - break - time.sleep(1) - retries -= 1 - if has_link: - network_interface = { - 'type': 'interface', - 'name': i, - 'use_dhcp': True - } - network_interfaces.append(network_interface) - - network_config = {'network_config': network_interfaces} - with open(DEFAULT_CFG, "ab") as config_file: - config_file.write(json.dumps(network_config, indent=2).encode('utf-8')) - - -def _has_link(interface): - try: - with open('/sys/class/net/{}/carrier'.format(interface)) as f: - has_link = int(f.read().strip()) - except FileNotFoundError: - has_link = 0 - if has_link == 1: - return True - - -def main(): - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=True, - ) - results = dict( - changed=False - ) - # parse args - args = module.params - - # Set parameters - cleanup = args['cleanup'] - config_file = args['config_file'] - debug = args['debug'] - detailed_exit_codes = args['detailed_exit_codes'] - safe_defaults = args['safe_defaults'] - use_nmsate = args['use_nmstate'] - return_codes = [0] - if detailed_exit_codes: - return_codes.append(2) - - # Apply the provided network configuration - cmd, run = _run_os_net_config(config_file, cleanup, debug, - detailed_exit_codes, - module.check_mode, use_nmsate) - results['stderr'] = run.stderr - results['stdout'] = run.stdout - if run.returncode not in return_codes and not module.check_mode: - results['failed'] = True - results['rc'] = run.returncode - results['msg'] = ("Running %s failed with return code %s." % ( - cmd, run.returncode)) - if safe_defaults: - module.warn("Error applying the provided network configuration, " - "safe defaults will be applied in best effort.") - # Best effort to restore safe networking defaults to allow - # an operator to ssh the node and debug if needed. - _apply_safe_defaults(debug) - else: - results['rc'] = 0 - results['msg'] = ("Successfully run %s." % cmd) - if run.returncode == 2 and detailed_exit_codes: - # NOTE: dprince this udev rule can apparently leak DHCP processes? - # https://bugs.launchpad.net/tripleo/+bug/1538259 - # until we discover the root cause we can simply disable the - # rule because networking has already been configured at this point - udev_file = '/etc/udev/rules.d/99-dhcp-all-interfaces.rules' - if os.path.isfile(udev_file): - os.remove(udev_file) - results['changed'] = True - module.exit_json(**results) - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_os_net_config_mappings.py b/tripleo_ansible/ansible_plugins/modules/tripleo_os_net_config_mappings.py deleted file mode 100644 index a59841eee..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_os_net_config_mappings.py +++ /dev/null @@ -1,170 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -from ansible.module_utils.basic import AnsibleModule - -import copy -import os -import subprocess -import yaml - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_os_net_config_mappings -author: - - Harald Jensås (hjensas@redhat.com) -version_added: '2.8' -short_description: Configure os-net-config mappings for nodes or node groups -notes: [] -description: - - This module creates os-net-config mapping for nodes or node groups based on - the input data provided. MAC addresses or DMI table strings can be used - to identify specific nodes or node groups. See manual page for DMIDECODE(8) - for a list of DMI table strings that can be used. -options: - net_config_data_lookup: - description: - - Per node and/or per node group configuration map - type: dict -''' - -EXAMPLES = ''' -- name: Map os-net-config nicX abstraction using MAC address - tripleo_os_net_config_mappings: - net_config_data_lookup: - overcloud-controller-0: - nic1: "00:c8:7c:e6:f0:2e" - overcloud-compute-13: - nic1: "00:18:7d:99:0c:b6" -- name: Interface name to os-net-config nicX abstraction using system-uuid - tripleo_os_net_config_mappings: - net_config_data_lookup: - overcloud-controller-0: - dmiString: 'system-uuid' - id: 'A8C85861-1B16-4803-8689-AFC62984F8F6' - nic1: em3 - nic2: em1 - nic3: em2 - nic4: em4 -- name: Interface name to os-net-config nicX abstraction for node groups using system-product-name - tripleo_os_net_config_mappings: - net_config_data_lookup: - nodegroup-dell-poweredge-r630: - dmiString: "system-product-name" - id: "PowerEdge R630" - nic1: em3 - nic2: em1 - nic3: em2 - nodegroup-cisco-ucsb-b200-m4: - dmiString: "system-product-name" - id: "UCSB-B200-M4" - nic1: enp7s0 - nic2: enp6s0 -''' - -RETURN = ''' -mapping: - description: - - Dictionary with os-net-config mapping data that can be written to the - os-net-config mapping file. - returned: when mapping match present in net_config_data_lookup - type: dict -''' - - -def _get_interfaces(): - eth_addr = [] - - for x in os.listdir('/sys/class/net/'): - excluded_ints = ['lo', 'vnet'] - int_subdir = '/sys/class/net/{}/'.format(x) - - if x in excluded_ints or not os.path.isdir(int_subdir): - continue - # cast to lower case for MAC address match - with open('/sys/class/net/{}/address'.format(x)) as f: - mac_addr = f.read().strip().lower() - eth_addr.append(mac_addr) - - eth_addr = list(filter(None, eth_addr)) - - return eth_addr - - -def _get_mappings(data): - eth_addr = _get_interfaces() - - for node in data: - iface_mapping = copy.deepcopy(data[node]) - if 'dmiString' in iface_mapping: - del iface_mapping['dmiString'] - if 'id' in iface_mapping: - del iface_mapping['id'] - - # Match on mac addresses first - cast all to lower case - lc_iface_mapping = copy.deepcopy(iface_mapping) - for key, x in lc_iface_mapping.items(): - lc_iface_mapping[key] = x.lower() - - if any(x in eth_addr for x in - lc_iface_mapping.values()): - return {'interface_mapping': lc_iface_mapping} - - # If data contain dmiString and id keys, try to match node(group) - if 'dmiString' in data[node] and 'id' in data[node]: - ps = subprocess.Popen( - ['dmidecode', '--string', data[node]['dmiString']], - stdout=subprocess.PIPE, universal_newlines=True) - out, err = ps.communicate() - - # See LP#1816652 - if data[node].get('id').lower() == out.rstrip().lower(): - return {'interface_mapping': lc_iface_mapping} - - -def run(module): - results = dict( - changed=False, - mapping=None, - ) - - data = module.params['net_config_data_lookup'] - if isinstance(data, dict) and data: - results['mapping'] = _get_mappings(data) - - results['changed'] = True if results['mapping'] else False - - module.exit_json(**results) - - -def main(): - module = AnsibleModule( - argument_spec=yaml.safe_load(DOCUMENTATION)['options'], - supports_check_mode=False, - ) - run(module) - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_extract.py b/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_extract.py deleted file mode 100644 index c776c7184..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_extract.py +++ /dev/null @@ -1,306 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2020 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import yaml - -try: - from ansible.module_utils import network_data_v2 as n_utils -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils import network_data_v2 as n_utils # noqa -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_overcloud_network_extract - -short_description: Extract information on provisioned overcloud networks - -version_added: "2.8" - -description: - - "Extract information about provisioned network resource in overcloud heat stack." - -options: - stack_name: - description: - - Name of the overcloud heat stack - type: str -author: - - Harald Jensås -''' - -RETURN = ''' -network_data: - description: Overcloud networks data - returned: always - type: list - sample: - - name: Storage - name_lower: storage - mtu: 1440 - dns_domain: storage.localdomain. - vip: true - subnets: - storage: - ip_subnet: '172.18.0.0/24' - allocation_pools: - - {'end': '172.18.0.250', 'start': '172.18.0.10'} - gateway_ip: '172.18.0.254' - ipv6_subnet: 'fd00:fd00:fd00:2000::/64' - ipv6_allocation_pools: - - {'end': 'fd00:fd00:fd00:2000:ffff:ffff:ffff:fffe', 'start': 'fd00:fd00:fd00:2000::10'} - gateway_ipv6: 'fd00:fd00:fd00:2000::1' - routes: - - destination: 172.18.1.0/24 - nexthop: 172.18.0.254 - routes_ipv6: - - destination: 'fd00:fd00:fd00:2001::/64' - nexthop: 'fd00:fd00:fd00:2000::1' - vlan: 10 - physical_network: storage - storage_leaf1: - vlan: 21 - ip_subnet: '172.18.1.0/24' - allocation_pools: - - {'end': '172.18.1.250', 'start': '172.18.1.10'} - gateway_ip: '172.18.1.254' - ipv6_subnet: 'fd00:fd00:fd00:2001::/64' - ipv6_allocation_pools: - - {'end': 'fd00:fd00:fd00:2001:ffff:ffff:ffff:fffe', 'start': 'fd00:fd00:fd00:2001::10'} - gateway_ipv6: 'fd00:fd00:fd00:2001::1' - routes: - - destination: 172.18.0.0/24 - nexthop: 172.18.1.254 - routes_ipv6: - - destination: 'fd00:fd00:fd00:2000::/64' - nexthop: 'fd00:fd00:fd00:2001::1' - vlan: 20 - physical_network: storage_leaf1 -''' - -EXAMPLES = ''' -- name: Get Overcloud networks data - tripleo_overcloud_network_extract: - stack_name: overcloud - register: overcloud_network_data -- name: Write netowork data to output file - copy: - content: "{{ overcloud_network_data.network_data | to_yaml }}" - dest: /path/exported-network-data.yaml -''' - - -DEFAULT_NETWORK_MTU = 1500 -DEFAULT_NETWORK_SHARED = False -DEFAULT_NETWORK_ADMIN_STATE_UP = False -DEFAULT_NETWORK_TYPE = 'flat' -DEFAULT_NETWORK_VIP = False -DEFAULT_SUBNET_DHCP_ENABLED = False -DEFAULT_SUBNET_IPV6_ADDRESS_MODE = None -DEFAULT_SUBNET_IPV6_RA_MODE = None - - -def is_vip_network(conn, network_id): - network = conn.network.get_network(network_id) - return (network.tags is not None and 'tripleo_vip=True' in network.tags) - - -def get_network_info(conn, network_id): - - def pop_defaults(_dict): - if _dict['mtu'] == DEFAULT_NETWORK_MTU: - _dict.pop('mtu') - if _dict['shared'] == DEFAULT_NETWORK_SHARED: - _dict.pop('shared') - if _dict['admin_state_up'] == DEFAULT_NETWORK_ADMIN_STATE_UP: - _dict.pop('admin_state_up') - if _dict['vip'] == DEFAULT_NETWORK_VIP: - _dict.pop('vip') - if _dict['dns_domain'] is None: - _dict.pop('dns_domain') - - network = conn.network.get_network(network_id) - tag_dict = n_utils.tags_to_dict(network.tags) - - net_dict = { - 'name_lower': network.name, - 'dns_domain': network.dns_domain, - 'mtu': network.mtu, - 'shared': network.is_shared, - 'admin_state_up': network.is_admin_state_up, - 'vip': is_vip_network(conn, network.id), - } - - if 'tripleo_service_net_map_replace' in tag_dict: - net_dict.update({ - 'service_net_map_replace': - tag_dict['tripleo_service_net_map_replace'] - }) - - pop_defaults(net_dict) - - return tag_dict['tripleo_net_idx'], net_dict - - -def get_subnet_info(conn, subnet_id): - - def pop_defaults(_dict): - if _dict['enable_dhcp'] == DEFAULT_SUBNET_DHCP_ENABLED: - _dict.pop('enable_dhcp') - if _dict['network_type'] == DEFAULT_NETWORK_TYPE: - _dict.pop('network_type') - if _dict['vlan'] is None: - _dict.pop('vlan') - if _dict['segmentation_id'] is None: - _dict.pop('segmentation_id') - - try: - if _dict['ipv6_address_mode'] == DEFAULT_SUBNET_IPV6_ADDRESS_MODE: - _dict.pop('ipv6_address_mode') - except KeyError: - pass - - try: - if _dict['ipv6_ra_mode'] == DEFAULT_SUBNET_IPV6_RA_MODE: - _dict.pop('ipv6_ra_mode') - except KeyError: - pass - - subnet = conn.network.get_subnet(subnet_id) - segment = conn.network.get_segment(subnet.segment_id) - tag_dict = n_utils.tags_to_dict(subnet.tags) - subnet_name = subnet.name - - subnet_dict = { - 'enable_dhcp': subnet.is_dhcp_enabled, - 'vlan': (int(tag_dict['tripleo_vlan_id']) - if tag_dict.get('tripleo_vlan_id') else None), - 'physical_network': segment.physical_network, - 'network_type': segment.network_type, - 'segmentation_id': segment.segmentation_id, - } - - if subnet.ip_version == 4: - subnet_dict.update({ - 'ip_subnet': subnet.cidr, - 'allocation_pools': subnet.allocation_pools, - 'routes': subnet.host_routes, - }) - - if subnet.gateway_ip: - subnet_dict.update({ - 'gateway_ip': subnet.gateway_ip, - }) - - if subnet.ip_version == 6: - subnet_dict.update({ - 'ipv6_subnet': subnet.cidr, - 'ipv6_allocation_pools': subnet.allocation_pools, - 'routes_ipv6': subnet.host_routes, - 'ipv6_address_mode': subnet.ipv6_address_mode, - 'ipv6_ra_mode': subnet.ipv6_ra_mode, - }) - - if subnet.gateway_ip: - subnet_dict.update({ - 'gateway_ipv6': subnet.gateway_ip, - }) - - pop_defaults(subnet_dict) - - return subnet_name, subnet_dict - - -def parse_net_resource(conn, net_resource, indexed_networks, net_entry): - idx = None - for res in net_resource: - if net_resource[res][n_utils.RES_TYPE] == n_utils.TYPE_NET: - idx, net_dict = get_network_info( - conn, net_resource[res][n_utils.RES_ID]) - net_entry.update(net_dict) - if net_resource[res][n_utils.RES_TYPE] == n_utils.TYPE_SUBNET: - subnet_name, subnet_dict = get_subnet_info( - conn, net_resource[res][n_utils.RES_ID]) - net_entry['subnets'].update({subnet_name: subnet_dict}) - if idx is not None: - indexed_networks[idx] = net_entry - - -def parse_net_resources(conn, net_resources): - indexed_networks = dict() - for net in net_resources: - name = net.rpartition('Network')[0] - net_entry = {'name': name, 'subnets': dict()} - parse_net_resource(conn, net_resources[net], indexed_networks, - net_entry) - - network_data = [indexed_networks[i] for i in sorted(indexed_networks)] - - return network_data - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - network_data=list() - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **openstack_module_kwargs() - ) - - stack_name = module.params['stack_name'] - - try: - _, conn = openstack_cloud_from_module(module) - net_resources = n_utils.get_overcloud_network_resources(conn, - stack_name) - result['network_data'] = parse_net_resources(conn, net_resources) - - result['changed'] = True if result['network_data'] else False - module.exit_json(**result) - except Exception as err: - result['error'] = str(err) - result['msg'] = ("Error getting network data from overcloud stack " - "{stack_name}: %{error}".format(stack_name=stack_name, - error=err)) - module.fail_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_ports.py b/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_ports.py deleted file mode 100644 index 29d2d34d2..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_ports.py +++ /dev/null @@ -1,628 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2018 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from concurrent import futures -import metalsmith -import re -import yaml - -try: - from ansible.module_utils import network_data_v2 as n_utils -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils import network_data_v2 as n_utils # noqa -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_overcloud_network_ports - -short_description: Manage composable networks ports for overcloud nodes - -version_added: "2.8" -author: Harald Jensås - -description: - - "Manage composable networks ports for overcloud nodes." - -options: - stack_name: - description: - - Name of the overcloud stack which will be deployed on these instances - default: overcloud - concurrency: - description: - - Maximum number of instances to provision ports for at once. Set to 0 - to have no concurrency limit - type: int - default: 0 - state: - description: - - The desired provision state, "present" to provision, "absent" to - unprovision - default: present - choices: - - present - - absent - instances: - description: - - Data describing instances, node instances and networks to provision - ports in - type: list - elements: dict - suboptions: - name: - description: - - Mandatory role name - type: str - required: True - hostname: - description: - - Node hostname - type: str - networks: - description: - - List of networks for the role - type: list - elements: dict - suboptions: - network: - description: - - Name of the network - type: str - subnet: - description: - - Name of the subnet on the network - type: str - port: - description: - - Name or ID of a pre-created port - type: str - provisioned_instances: - description: - - List of provisioned instances - required: false - type: list - elements: dict - suboptions: - id: - description: - - Ironic Node UUID - type: str - hostname: - description: - - Node hostname - type: str - default: [] - hostname_role_map: - description: - - Mapping of instance hostnames to role name - type: dict -''' - -RETURN = ''' -node_port_map: - controller-0: - External: - ip_address: 10.0.0.9 - ip_subnet: 10.0.0.9/24 - ip_address_uri: 10.0.0.9 - InternalApi: - ip_address: 172.18.0.9 - ip_subnet: 172.18.0.9/24 - ip_address_uri: 172.18.0.9 - Tenant: - ip_address: 172.19.0.9 - ip_subnet: 172.19.0.9/24 - ip_address_uri: 172.19.0.9 - compute-0: - InternalApi: - ip_address: 172.18.0.15 - ip_subnet: 172.18.0.15/24 - ip_address_uri: 172.18.0.15 - Tenant: - ip_address: 172.19.0.15 - ip_subnet: 172.19.0.15/24 - ip_address_uri: 172.19.0.15 -''' - -EXAMPLES = ''' -- name: Manage composable networks instance ports - tripleo_overcloud_network_ports: - stack_name: overcloud - concurrency: 20 - instances: - - hostname: overcloud-controller-0 - networks: - - network: internal_api - subnet: internal_api_subnet - - network: tenant - subnet: tenant_subnet - - hostname: overcloud-novacompute-0 - networks: - - network: internal_api - subnet: internal_api_subnet - - network: tenant - subnet: tenant_subnet - - hostname: overcloud-novacompute-1 - networks: - - network: internal_api - subnet: internal_api_subnet02 - - network: tenant - subnet: tenant_subnet02 - provisioned: false - provisioned_instances: - - hostname: overcloud-novacompute-0 - id: 1e3685bd-ffbc-4028-8a1c-4e87e45062d0 - - hostname: overcloud-controller-0 - id: 59cf045a-ef7f-4f2e-be66-accd05dcd1e6 - register: overcloud_network_ports -''' - - -def delete_ports(conn, ports): - for port in ports: - conn.network.delete_port(port.id) - - -def pre_provisioned_ports(result, conn, net_maps, instance, inst_ports, tags): - for net in instance['networks']: - if net.get('port'): - network_id = net_maps['by_name'][net['network']]['id'] - p_obj = conn.network.find_port(net['port'], network_id=network_id) - - if p_obj is None: - msg = ("Network port {port} for instance {instance} could not " - "be found.".format(port=net['port'], - instance=instance['hostname'])) - raise Exception(msg) - result['changed'] = _reset_tags(conn, p_obj, tags) - inst_ports.append(p_obj) - - -def fixed_ips_need_update(port_def, port): - number_of_fixed_ips_in_def = len(port_def['fixed_ips']) - number_of_fixed_ips_on_port = len(port.fixed_ips) - - if number_of_fixed_ips_in_def != number_of_fixed_ips_on_port: - return True - - match_count = 0 - for def_fixed_ip in port_def['fixed_ips']: - def_values = set(def_fixed_ip.values()) - for port_fixed_ip in port.fixed_ips: - port_values = set(port_fixed_ip.values()) - if def_values.issubset(port_values): - match_count += 1 - - return number_of_fixed_ips_in_def != match_count - - -def port_need_update(port_def, port): - update_fields = dict() - - if fixed_ips_need_update(port_def, port): - update_fields['fixed_ips'] = port_def['fixed_ips'] - - return update_fields - - -def _reset_tags(conn, port, tags, default_route_network=None, - net_name=None): - changed = False - p_tags = set(port.tags) - # This would allow us to move nodes from one role to other - r = re.compile('tripleo_role=.*') - matched_tags = filter(r.match, p_tags.copy()) - for role_tag in matched_tags: - if role_tag and role_tag not in tags: - p_tags.remove(role_tag) - - if default_route_network and net_name in default_route_network: - tags.update({'tripleo_default_route=true'}) - elif 'tripleo_default_route=true' in p_tags: - p_tags.remove('tripleo_default_route=true') - conn.network.set_tags(port, list(p_tags)) - changed = True - - if not tags.issubset(p_tags): - p_tags.update(tags) - conn.network.set_tags(port, list(p_tags)) - changed = True - return changed - - -def update_ports(result, conn, port_defs, inst_ports, tags, net_maps, - network_config): - default_route_network = network_config.get('default_route_network', []) - for port_def in port_defs: - for p in inst_ports: - if (p.name == port_def['name'] - and p.network_id == port_def['network_id']): - port = p - break - else: # Executed because no break in for - raise Exception( - 'Port {name} on network {network} not found.'.format( - name=port_def['name'], network=port_def['network_id'])) - - update_fields = port_need_update(port_def, port) - - if update_fields: - conn.network.update_port(port.id, update_fields) - result['changed'] = True - - net_name = net_maps['by_id'][port.network_id] - result['changed'] = _reset_tags(conn, port, tags, - default_route_network, - net_name) - # Remove the 'tripleo_default_route' tag before processing next port - try: - tags.remove('tripleo_default_route=true') - except KeyError: - pass - - -def create_ports(result, conn, port_defs, inst_ports, tags, net_maps, - network_config): - default_route_network = network_config.get('default_route_network', - ['ctlplane']) - ports = conn.network.create_ports(port_defs) - - for port in ports: - net_name = net_maps['by_id'][port.network_id] - if net_name in default_route_network: - tags.update({'tripleo_default_route=true'}) - conn.network.set_tags(port, list(tags)) - inst_ports.append(port) - # Remove the 'tripleo_default_route' tag before processing next port - try: - tags.remove('tripleo_default_route=true') - except KeyError: - pass - - result['changed'] = True - - -def generate_port_defs(net_maps, instance, inst_ports): - hostname = instance['hostname'] - create_port_defs = [] - update_port_defs = [] - existing_port_names = [port.name for port in inst_ports] - - for net in instance['networks']: - net_name = net['network'] - net_name_upper = net_maps['by_name'][net_name]['name_upper'] - - if net.get('vif', False): - # VIF port's are managed by metalsmith. - continue - - net_id = net_maps['by_name'][net_name]['id'] - subnet_name_map = net_maps['by_name'][net_name]['subnets'] - - if net.get('fixed_ip'): - fixed_ips = [{'ip_address': net['fixed_ip']}] - else: - if net.get('subnet'): - try: - subnet_id = subnet_name_map[net['subnet']] - except KeyError: - raise Exception( - 'Subnet {subnet} not found on network {net_name}' - .format(subnet=net['subnet'], net_name=net_name)) - elif len(net_maps['by_name'][net_name]['subnets']) == 1: - subnet_id = next(iter(subnet_name_map.values())) - else: - raise Exception( - 'The "subnet" or "fixed_ip" must be set for the ' - '{instance_name} port on the {network_name} network since ' - 'there are multiple subnets'.format( - instance_name=hostname, network_name=net_name)) - - fixed_ips = [{'subnet_id': subnet_id}] - - port_name = '_'.join([hostname, net_name_upper]) - - port_def = dict(name=port_name, dns_name=hostname, network_id=net_id, - fixed_ips=fixed_ips) - - if port_name not in existing_port_names: - create_port_defs.append(port_def) - else: - update_port_defs.append(port_def) - - return create_port_defs, update_port_defs - - -def delete_removed_nets(result, conn, instance, net_maps, inst_ports): - instance_nets = [net['network'] for net in instance['networks']] - ports_by_net = {net_maps['by_id'][port.network_id]: port - for port in inst_ports - # Filter ports managed by metalsmith (vifs) - if 'tripleo_ironic_vif_port=true' not in port.tags} - - to_delete = [] - for net_name in ports_by_net: - if net_name not in instance_nets: - to_delete.append(ports_by_net[net_name]) - - if to_delete: - delete_ports(conn, to_delete) - inst_ports[:] = [port for port in inst_ports if port not in to_delete] - result['changed'] = True - - -def _provision_ports(result, conn, stack, instance, net_maps, ports_by_node, - ironic_uuid, role): - hostname = instance['hostname'] - network_config = instance.get('network_config', {}) - tags = ['tripleo_stack_name={}'.format(stack)] - # TODO(hjensas): This can be moved below the ironic_uuid condition in - # later release when all upgraded deployments has had the - # tripleo_ironic_uuid tag added - inst_ports = conn.network.ports(tags=tags) - # NOTE(hjensas): 'dns_name' is not a valid attribute for filtering, so we - # have to do it manually. - inst_ports = [port for port in inst_ports - if port.dns_name == hostname.lower()] - - tags.append('tripleo_role={}'.format(role)) - if ironic_uuid: - tags.append('tripleo_ironic_uuid={}'.format(ironic_uuid)) - - tags = set(tags) - - delete_removed_nets(result, conn, instance, net_maps, inst_ports) - pre_provisioned_ports(result, conn, net_maps, instance, inst_ports, tags) - - create_port_defs, update_port_defs = generate_port_defs(net_maps, instance, - inst_ports) - - if create_port_defs: - create_ports(result, conn, create_port_defs, inst_ports, tags, - net_maps, network_config) - if update_port_defs: - update_ports(result, conn, update_port_defs, inst_ports, tags, - net_maps, network_config) - - ports_by_node[hostname] = inst_ports - - -def _unprovision_ports(result, conn, stack, instance, ironic_uuid): - hostname = instance['hostname'] - tags = ['tripleo_stack_name={}'.format(stack)] - if ironic_uuid: - tags.append('tripleo_ironic_uuid={}'.format(ironic_uuid)) - inst_ports = conn.network.ports(tags=tags) - # NOTE(hjensas): 'dns_name' is not a valid attribute for filtering, so we - # have to do it manually. - inst_ports = [port for port in inst_ports - if port.dns_name == hostname.lower()] - - # TODO(hjensas): This can be removed in later release when all upgraded - # deployments has had the tripleo_ironic_uuid tag added. - if not inst_ports: - tags = ['tripleo_stack_name={}'.format(stack)] - inst_ports = conn.network.ports(tags=tags) - inst_ports = [port for port in inst_ports - if port.dns_name == hostname.lower()] - - if inst_ports: - delete_ports(conn, inst_ports) - result['changed'] = True - - -def generate_node_port_map(result, net_maps, ports_by_node): - node_port_map = result['node_port_map'] - for hostname, ports in ports_by_node.items(): - node = node_port_map[hostname.lower()] = dict() - for port in ports: - if not port.fixed_ips: - continue - - net_name = net_maps['by_id'][port.network_id] - ip_address = port.fixed_ips[0]['ip_address'] - subnet_id = port.fixed_ips[0]['subnet_id'] - cidr_prefix = net_maps['cidr_prefix_map'][subnet_id] - - node_net = node[net_name] = dict() - node_net['ip_address'] = ip_address - node_net['ip_subnet'] = '/'.join([ip_address, cidr_prefix]) - node_net['ip_address_uri'] = n_utils.wrap_ipv6(ip_address) - - -def validate_instance_nets_in_net_map(instances, net_maps): - for instance in instances: - for net in instance['networks']: - if not net['network'] in net_maps['by_name']: - raise Exception( - 'Network {network_name} for instance {instance_name} not ' - 'found.'.format(network_name=net['network'], - instance_name=instance['hostname'])) - - -def manage_instances_ports(result, conn, stack, instances, concurrency, state, - uuid_by_hostname, hostname_role_map, net_maps): - if not instances: - return - - # no limit on concurrency, create a worker for every instance - if concurrency < 1: - concurrency = len(instances) - - validate_instance_nets_in_net_map(instances, net_maps) - ports_by_node = dict() - - provision_jobs = [] - exceptions = [] - with futures.ThreadPoolExecutor(max_workers=concurrency) as p: - for instance in instances: - ironic_uuid = uuid_by_hostname.get(instance['hostname']) - if state == 'present': - role = hostname_role_map[instance['hostname']] - provision_jobs.append( - p.submit(_provision_ports, - result, - conn, - stack, - instance, - net_maps, - ports_by_node, - ironic_uuid, - role) - ) - elif state == 'absent': - provision_jobs.append( - p.submit(_unprovision_ports, - result, - conn, - stack, - instance, - ironic_uuid) - ) - - for job in futures.as_completed(provision_jobs): - e = job.exception() - if e: - exceptions.append(e) - - if exceptions: - raise exceptions[0] - - generate_node_port_map(result, net_maps, ports_by_node) - - -def _tag_metalsmith_instance_ports(result, conn, provisioner, uuid, hostname, - tags, default_route_network, net_maps): - instance = provisioner.show_instance(uuid) - - for nic in instance.nics(): - net_name = net_maps['by_id'][nic.network_id] - result['changed'] = _reset_tags(conn, nic, tags, - default_route_network, - net_name) - if not nic.dns_name == hostname: - conn.network.update_port(nic, dns_name=hostname) - result['changed'] = True - - # Remove the 'tripleo_default_route' tag before processing next port - try: - tags.remove('tripleo_default_route=true') - except KeyError: - pass - - -def tag_metalsmith_managed_ports(result, conn, concurrency, stack, - uuid_by_hostname, hostname_role_map, - instances_by_hostname, net_maps): - # no limit on concurrency, create a worker for every instance - if concurrency < 1: - concurrency = len(uuid_by_hostname) - - provisioner = metalsmith.Provisioner(cloud_region=conn.config) - provisioner.connection = conn - provision_jobs = [] - exceptions = [] - with futures.ThreadPoolExecutor(max_workers=concurrency) as p: - for hostname, uuid in uuid_by_hostname.items(): - role = hostname_role_map[hostname] - default_route_network = instances_by_hostname[hostname].get( - 'network_config', {}).get( - 'default_route_network', ['ctlplane']) - - tags = {'tripleo_stack_name={}'.format(stack), - 'tripleo_ironic_uuid={}'.format(uuid), - 'tripleo_role={}'.format(role), - 'tripleo_ironic_vif_port=true'} - provision_jobs.append( - p.submit(_tag_metalsmith_instance_ports, - result, conn, provisioner, uuid, hostname, tags, - default_route_network, net_maps) - ) - - for job in futures.as_completed(provision_jobs): - e = job.exception() - if e: - exceptions.append(e) - - if exceptions: - raise exceptions[0] - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - node_port_map=dict(), - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **openstack_module_kwargs() - ) - - stack = module.params['stack_name'] - concurrency = module.params['concurrency'] - instances = module.params['instances'] - state = module.params['state'] - provisioned_instances = module.params['provisioned_instances'] - hostname_role_map = module.params['hostname_role_map'] - uuid_by_hostname = {i['hostname']: i['id'] for i in provisioned_instances} - instances_by_hostname = {i['hostname']: i for i in instances} - - try: - _, conn = openstack_cloud_from_module(module) - - net_maps = n_utils.create_name_id_maps(conn) - - if state == 'present' and uuid_by_hostname: - tag_metalsmith_managed_ports(result, conn, concurrency, stack, - uuid_by_hostname, hostname_role_map, - instances_by_hostname, net_maps) - - manage_instances_ports(result, conn, stack, instances, concurrency, - state, uuid_by_hostname, hostname_role_map, - net_maps) - result['success'] = True - module.exit_json(**result) - except Exception as err: - result['error'] = str(err) - result['msg'] = ("Error managing network ports {}".format(err)) - module.fail_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_vip_extract.py b/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_vip_extract.py deleted file mode 100644 index 2eca197bb..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_vip_extract.py +++ /dev/null @@ -1,157 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -import yaml - -try: - from ansible.module_utils import network_data_v2 as n_utils -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils import network_data_v2 as n_utils # noqa -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_overcloud_network_vip_extract - -short_description: Extract information on provisioned overcloud Virtual IPs - -version_added: "2.8" - -description: - - Extract information about provisioned network Virtual IP resources in - overcloud heat stack. - -options: - stack_name: - description: - - Name of the overcloud heat stack - type: str -author: - - Harald Jensås -''' - -RETURN = ''' -vip_data: -- dns_name: overcloud - ip_address: 172.19.0.36 - name: storage_mgmt_virtual_ip - network: storage_mgmt - subnet: storage_mgmt_subnet -- dns_name: overcloud - ip_address: 172.17.0.167 - name: internal_api_virtual_ip - network: internal_api - subnet: internal_api_subnet -- dns_name: overcloud - ip_address: 172.18.0.83 - name: storage_virtual_ip - network: storage - subnet: storage_subnet -- dns_name: overcloud - ip_address: 10.0.0.82 - name: external_virtual_ip - network: external - subnet: external_subnet -- dns_name: overcloud - ip_address: 192.168.25.13 - name: control_virtual_ip - network: ctlplane - subnet: ctlplane-leaf1 -''' - -EXAMPLES = ''' -- name: Get Overcloud Virtual IPs data - tripleo_overcloud_network_vip_extract: - stack_name: overcloud - register: overcloud_vip_data -- name: Write Virtual IPs data to output file - copy: - content: "{{ overcloud_vip_data.network_data | to_yaml }}" - dest: /path/exported-vip-data.yaml -''' - - -def find_net_vips(conn, stack): - return [ - (dict(name=vip.name, - network=conn.network.get_network(vip['network_id'])['name'], - subnet=conn.network.get_subnet(vip.fixed_ips[0]['subnet_id'])['name'], - ip_address=vip.fixed_ips[0]['ip_address'], - dns_name=vip.dns_name)) - if vip.dns_name is not None else - (dict(name=vip.name, - network=conn.network.get_network(vip['network_id'])['name'], - subnet=conn.network.get_subnet(vip.fixed_ips[0]['subnet_id'])['name'], - ip_address=vip.fixed_ips[0]['ip_address'])) - for vip in conn.network.ports(tags='tripleo_stack_name={}'.format(stack)) - if [x for x in vip['tags'] if x.startswith('tripleo_vip_net=')] - ] - - -def run_module(): - - result = dict( - success=False, - changed=False, - error="", - vip_data=list() - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **openstack_module_kwargs() - ) - - stack = module.params['stack_name'] - - try: - _, conn = openstack_cloud_from_module(module) - - result['vip_data'] = find_net_vips(conn, stack) - result['changed'] = True if result['vip_data'] else False - result['success'] = True if result['vip_data'] else False - module.exit_json(**result) - except Exception as err: - result['error'] = str(err) - result['msg'] = ("Error getting Virtual IPs data from overcloud stack " - "{stack_name}: %{error}".format(stack_name=stack, - error=err)) - module.fail_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_vip_populate_environment.py b/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_vip_populate_environment.py deleted file mode 100644 index 6b7d43c74..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_vip_populate_environment.py +++ /dev/null @@ -1,246 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -import os -import yaml - -try: - from ansible.module_utils import network_data_v2 as n_utils -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils import network_data_v2 as n_utils # noqa -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_overcloud_network_vip_populate_environment - -short_description: Extract information on provisioned overcloud Virtual IPs - -version_added: "2.8" - -description: - - Extract information about provisioned network Virtual IP resources in - overcloud heat stack. - -options: - stack_name: - description: - - Name of the overcloud heat stack - type: str - vip_data: - description: - - Dictionary of network Virtual IP definitions - type: list - elements: dict - suboptions: - name: - description: - - Virtual IP name (optional) - type: str - network: - description: - - Neutron Network name - type: str - required: True - ip_address: - description: - - IP address (Optional) - type: str - subnet: - description: - - Neutron Subnet name (Optional) - type: str - dns_name: - description: - - Dns Name (Optional) - type: str - required: True - templates: - description: - - The path to tripleo-heat-templates root directory - type: path - default: /usr/share/openstack-tripleo-heat-templates - -author: - - Harald Jensås -''' - -RETURN = ''' -env: - -''' - -EXAMPLES = ''' -- name: Get Overcloud Virtual IPs data - tripleo_overcloud_network_vip_populate_environment: - stack_name: overcloud - register: overcloud_vip_env -- name: Write Virtual IPs environment to output file - copy: - content: "{{ overcloud_vip_env.vip_env | to_yaml }}" - dest: /path/overcloud_vip_env.yaml -''' - -REGISTRY_KEY_TPL = 'OS::TripleO::Network::Ports::{net_name}VipPort' -PORT_PATH_TPL = 'network/ports/deployed_vip_{net_name_lower}.yaml' - - -def get_net_name_map(conn): - _map = {} - - networks = list(conn.network.networks()) - if not networks: - raise Exception('Unable to create vip environment. No networks found') - - for network in networks: - tags = n_utils.tags_to_dict(network.tags) - try: - _map[network.name] = tags['tripleo_network_name'] - except KeyError: - # Hard code the ControlPlane resource which is static in - # THT/overcloud-resource-registry-puppet.j2.yaml - if network.name == 'ctlplane': - _map[network.name] = 'ControlPlane' - - return _map - - -def add_ctlplane_vip_to_env(conn, ctlplane_vip_data, port): - network = conn.network.get_network(port.network_id) - subnet = conn.network.get_subnet(port.fixed_ips[0]['subnet_id']) - ctlplane_vip_data['network'] = dict() - ctlplane_vip_data['network']['tags'] = network.tags - ctlplane_vip_data['subnets'] = list() - ctlplane_vip_data['subnets'].append({'ip_version': subnet.ip_version}) - ctlplane_vip_data['fixed_ips'] = [{'ip_address': x['ip_address']} - for x in port.fixed_ips] - ctlplane_vip_data['name'] = port.name - - -def add_vip_to_env(conn, vip_port_map, port, net_name_lower): - subnet = conn.network.get_subnet(port.fixed_ips[0]['subnet_id']) - - vip_port = vip_port_map[net_name_lower] = {} - vip_port['ip_address'] = port.fixed_ips[0]['ip_address'] - vip_port['ip_address_uri'] = n_utils.wrap_ipv6( - port.fixed_ips[0]['ip_address']) - vip_port['ip_subnet'] = '/'.join([port.fixed_ips[0]['ip_address'], - subnet.cidr.split('/')[1]]) - - -def populate_net_vip_env(conn, stack, net_maps, vip_data, env, templates): - low_up_map = get_net_name_map(conn) - - resource_reg = env['resource_registry'] = {} - param_defaults = env['parameter_defaults'] = {} - vip_port_map = param_defaults['VipPortMap'] = {} - ctlplane_vip_data = param_defaults['ControlPlaneVipData'] = {} - for vip_spec in vip_data: - net_name_lower = vip_spec['network'] - try: - port = next(conn.network.ports( - network_id=net_maps['by_name'][net_name_lower]['id'], - tags=['tripleo_stack_name={}'.format(stack), - 'tripleo_vip_net={}'.format(net_name_lower)])) - except StopIteration: - raise Exception('Neutron port for Virtual IP spec {} not ' - 'found'.format(vip_spec)) - - resource_reg[REGISTRY_KEY_TPL.format( - net_name=low_up_map[net_name_lower])] = os.path.join( - templates, PORT_PATH_TPL.format(net_name_lower=net_name_lower)) - - if net_name_lower == 'ctlplane': - add_ctlplane_vip_to_env(conn, ctlplane_vip_data, port) - else: - add_vip_to_env(conn, vip_port_map, port, net_name_lower) - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - env=dict() - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **openstack_module_kwargs() - ) - - stack = module.params['stack_name'] - vip_data = module.params['vip_data'] - templates = module.params['templates'] - - try: - _, conn = openstack_cloud_from_module(module) - net_maps = n_utils.create_name_id_maps(conn) - populate_net_vip_env(conn, stack, net_maps, vip_data, result['env'], - templates) - - result['changed'] = True if result['env'] else False - result['success'] = True if result['env'] else False - module.exit_json(**result) - except Exception as err: - result['error'] = err - result['msg'] = ("Error getting Virtual IPs data from overcloud stack " - "{stack_name}: %{error}".format(stack_name=stack, - error=err)) - module.fail_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_vip_provision.py b/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_vip_provision.py deleted file mode 100644 index 06c892441..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_network_vip_provision.py +++ /dev/null @@ -1,265 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -from concurrent import futures -import yaml - -try: - from ansible.module_utils import network_data_v2 as n_utils -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils import network_data_v2 as n_utils # noqa -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_overcloud_network_vip_provision - -short_description: Provision overcloud Virtual IPs - -version_added: "2.8" - -description: - - Provision network Virtual IP resources for an overcloud - -options: - stack_name: - description: - - Name of the overcloud heat stack - type: str - vip_data: - description: - - Dictionary of network Virtual IP definitions - type: list - default: [] - elements: dict - suboptions: - name: - description: - - Virtual IP name (optional) - type: str - network: - description: - - Neutron Network name - type: str - required: True - ip_address: - description: - - IP address (Optional) - type: str - subnet: - description: - - Neutron Subnet name (Optional) - type: str - dns_name: - description: - - Dns Name - type: str - required: True - default: overcloud - concurrency: - description: - - Maximum number of ports to provision at once. Set to 0 to have no - concurrency limit - type: int - default: 0 -author: - - Harald Jensås -''' - -EXAMPLES = ''' -- name: Provision Overcloud Virtual IPs - tripleo_overcloud_vip_provision: - stack_name: overcloud - vip_data: - - dns_name: overcloud - ip_address: 172.19.0.5 - name: storage_mgmt_virtual_ip - network: storage_mgmt - subnet: storage_mgmt_subnet - - dns_name: overcloud - ip_address: 172.17.0.5 - name: internal_api_virtual_ip - network: internal_api - subnet: internal_api_subnet - - dns_name: overcloud - ip_address: 172.18.0.5 - name: storage_virtual_ip - network: storage - subnet: storage_subnet - - dns_name: overcloud - ip_address: 10.0.0.5 - name: external_virtual_ip - network: external - subnet: external_subnet - - dns_name: overcloud - ip_address: 192.168.25.5 - name: control_virtual_ip - network: ctlplane - subnet: ctlplane-subnet -''' - - -def create_port_def(vip_spec, net_maps): - vip_spec.setdefault('dns_name', 'overcloud') - net_info = net_maps['by_name'][vip_spec['network']] - port_def = dict(network_id=net_info['id'], dns_name=vip_spec['dns_name']) - - if vip_spec['network'] == 'ctlplane' and not vip_spec.get('name'): - port_def['name'] = 'control' + n_utils.NET_VIP_SUFFIX - else: - port_def['name'] = (vip_spec['name'] if vip_spec.get('name') - else vip_spec['network'] + n_utils.NET_VIP_SUFFIX) - - if vip_spec.get('ip_address'): - port_def['fixed_ips'] = [{'ip_address': vip_spec['ip_address']}] - elif vip_spec.get('subnet'): - port_def['fixed_ips'] = [ - {'subnet_id': net_info['subnets'][vip_spec['subnet']]}] - elif len(net_info['subnets']) == 1: - port_def['fixed_ips'] = [ - {'subnet_id': list(net_info['subnets'].values())[0]}] - else: - raise Exception( - 'Network {} has multiple subnets, please add a subnet or an ' - 'ip_address for the vip on this network.'.format( - vip_spec['network'])) - - return port_def - - -def provision_vip_port(conn, stack, net_maps, vip_spec, managed_ports): - port_def = create_port_def(vip_spec, net_maps) - - tags = ['tripleo_stack_name={}'.format(stack), - 'tripleo_vip_net={}'.format(vip_spec['network'])] - - ports = conn.network.ports( - network_id=net_maps['by_name'][vip_spec['network']]['id'], - tags=tags) - - try: - port = next(ports) - managed_ports.append(port.id) - del port_def['network_id'] - for k, v in port_def.items(): - if port.get(k) != v: - conn.network.update_port(port.id, **port_def) - break - except StopIteration: - port = conn.network.create_port(**port_def) - conn.network.set_tags(port, tags) - managed_ports.append(port.id) - - -def validate_vip_nets_in_net_map(vip_data, net_maps): - for vip in vip_data: - if not vip['network'] in net_maps['by_name']: - raise Exception('Network {} for Virtual IP not found.'.format( - vip['network'])) - if (vip.get('subnet') - and not vip.get('subnet') in net_maps['by_name'][ - vip['network']]['subnets']): - raise Exception( - 'Subnet {} for Virtual IP not found on network {}.'.format( - vip['subnet'], vip['network'])) - - -def remove_obsolete_ports(conn, stack, managed_ports): - ports = conn.network.ports(tags=['tripleo_stack_name={}'.format(stack)]) - ports = [p for p in ports if any("tripleo_vip_net" in t for t in p.tags)] - - for port in ports: - if port.id not in managed_ports: - conn.network.delete_port(port.id) - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **openstack_module_kwargs() - ) - - concurrency = module.params['concurrency'] - stack = module.params.get('stack_name') - vip_data = module.params.get('vip_data') - - try: - _, conn = openstack_cloud_from_module(module) - net_maps = n_utils.create_name_id_maps(conn) - validate_vip_nets_in_net_map(vip_data, net_maps) - - # no limit on concurrency, create a worker for every vip - if concurrency < 1: - concurrency = len(vip_data) if len(vip_data) > 0 else 1 - - exceptions = list() - provision_jobs = list() - managed_ports = list() - with futures.ThreadPoolExecutor(max_workers=concurrency) as p: - for vip_spec in vip_data: - provision_jobs.append(p.submit( - provision_vip_port, conn, stack, net_maps, vip_spec, - managed_ports)) - - for job in futures.as_completed(provision_jobs): - e = job.exception() - if e: - exceptions.append(e) - - if exceptions: - raise exceptions[0] - - remove_obsolete_ports(conn, stack, managed_ports) - - result['success'] = True - module.exit_json(**result) - except Exception as err: - result['error'] = str(err) - result['msg'] = ("Error provisioning Virtual IPs for overcloud stack " - "{stack_name}: {error}".format(stack_name=stack, - error=err)) - module.fail_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_role_list.py b/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_role_list.py deleted file mode 100644 index ca80e5c67..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_role_list.py +++ /dev/null @@ -1,125 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2022 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import yaml - -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs - -from tripleo_common.utils import roles as rolesutils - -ROLES_PATH_DEFAULT = "/usr/share/openstack-tripleo-heat-templates/roles" - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = f''' ---- -module: tripleo_overcloud_role_list - -short_description: Retrieve list of overcloud roles - -version_added: "4.2" - -description: - - "Retrieve list of overcloud roles" - -options: - roles_path: - description: - - Path to the tripleo heat templates roles directory - default: {ROLES_PATH_DEFAULT} - -author: - - Jiri Podivin -''' - -RETURN = ''' -role_list: - description: Overcloud roles list - returned: always - type: list - elements: string - sample: - [ - "BlockStorage", - "CellController", - "CephAll", - "NetworkerSriov", - "NovaManager", - "Novacontrol", - "ObjectStorage", - "Standalone", - "Telemetry", - "Undercloud" - ] -''' - -EXAMPLES = ''' -- name: Get Overcloud roles list - tripleo_overcloud_role_list: - register: overcloud_role_list -- name: Write data to output file - copy: - content: "{{ overcloud_role_list.role_list | to_yaml }}" - dest: /path/exported-overcloud_role_list.yaml -''' - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - role_list=list() - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=True, - **openstack_module_kwargs() - ) - - try: - roles_path = module.params['roles_path'] - - result['role_list'] = rolesutils.get_roles_list_from_directory(roles_path) - - result['changed'] = bool(result['role_list']) - - module.exit_json(**result) - - except Exception as err: - result['error'] = str(err) - result['msg'] = ("Error getting role list: {error}".format(error=err)) - module.fail_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_role_show.py b/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_role_show.py deleted file mode 100644 index 565897a2e..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_overcloud_role_show.py +++ /dev/null @@ -1,197 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2022 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import os - -import yaml -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import ( - openstack_full_argument_spec, openstack_module_kwargs) -from tripleo_common.utils import roles as rolesutils - -ROLES_PATH_DEFAULT = "/usr/share/openstack-tripleo-heat-templates/roles" -ENVIRONMENT_PATH_DEFAULT = os.path.expanduser( - "~/overcloud-deploy/overcloud/environment/tripleo-overcloud-environment.yaml") - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = f''' ---- -module: tripleo_overcloud_role_show - -short_description: Retrieve detailed information about overcloud role - -version_added: "4.2" - -description: - - "Retrieve detailed information about an overcloud role" - - "Module should only be executed under users with access to the role info." - - "If {ENVIRONMENT_PATH_DEFAULT} is not accessible, or doesn't exist, a suitable alternative has to be provided." - -options: - roles_path: - description: - - Path to the tripleo heat templates roles directory - default: {ROLES_PATH_DEFAULT} - required: false - type: str - role_name: - description: - - Name of the overcloud role - required: true - type: str - environment_path: - description: - - Path to the tripleo environment file - default: {ENVIRONMENT_PATH_DEFAULT} - required: false - type: str - default_values: - description: - - Dictionary containing default key->value pairs from the requested role - - Used only when the keys aren't already defined within the role. - required: false - type: dict - default: {{}} -author: - - Jiri Podivin -''' - -RETURN = ''' -role_detail: - description: Overcloud role info - returned: always - type: dict - sample: - { - "CountDefault": 1, - "RoleParametersDefault": { - "FsAioMaxNumber": 1048576, - "TunedProfileName": "virtual-host" - }, - "ServicesDefault": [ - "OS::TripleO::Services::Aide", - "OS::TripleO::Services::AuditD", - "OS::TripleO::Services::BootParams", - "OS::TripleO::Services::CACerts", - "OS::TripleO::Services::CephClient", - ], - "deprecated_nic_config_name": "compute.yaml", - "deprecated_param_extraconfig": "NovaComputeExtraConfig", - "deprecated_param_image": "NovaImage", - "deprecated_param_ips": "NovaComputeIPs", - "deprecated_param_metadata": "NovaComputeServerMetadata", - "deprecated_param_scheduler_hints": "NovaComputeSchedulerHints", - "deprecated_server_resource_name": "NovaCompute", - "description": "Basic Compute Node role\n", - "name": "Compute" - }, -''' - -EXAMPLES = ''' -- name: Get Overcloud role info - tripleo_overcloud_role_show: - role_name: Compute - register: overcloud_role -- name: Write data to output file - copy: - content: "{{ overcloud_role.role_detail | to_yaml }}" - dest: /path/exported-overcloud_role.yaml -''' - - -def _set_role_defaults(role, overcloud_environment, default_values): - """Only apply defaults if there aren't any values present - under the keys already. First element of the item - element from the iterator corresponds to (key, value) - tuple. Comparing the `key` with the set of all keys in - `role` dictionary we determine if the value needs updating. - """ - - role.update( - [ - item for item in default_values.items() - if item[0] not in role.keys() - ]) - - role['CountDefault'] = overcloud_environment.get( - f"{role['name']}Count", role.get('CountDefault', None)) - role['FlavorDefault'] = overcloud_environment.get( - f"Overcloud{role['name']}Flavor", role.get('FlavorDefault', None)) - - return role - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - role_details=dict() - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=True, - **openstack_module_kwargs() - ) - - try: - roles_path = module.params['roles_path'] - environment_path = module.params['environment_path'] - default_values = module.params['default_values'] - role_name = module.params['role_name'] - - roles_path = os.path.join(roles_path, '{}.yaml'.format(role_name)) - - with open(roles_path, 'r') as file: - role = rolesutils.validate_role_yaml(file) - try: - with open(environment_path, 'r') as file: - overcloud_environment = yaml.safe_load(file)['parameter_defaults'] - except FileNotFoundError as exception: - raise FileNotFoundError( - f"Given role information path {environment_path} is not accessible.\n" - "Please verify user and host combination.") from exception - - role = _set_role_defaults(role, overcloud_environment, default_values) - result['role_detail'] = role - - result['changed'] = bool(result['role_detail']) - - module.exit_json(**result) - except Exception as err: - result['error'] = str(err) - result['msg'] = ("Error getting role information: %{error}".format( - error=err)) - module.fail_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_ovn_mac_addresses.py b/tripleo_ansible/ansible_plugins/modules/tripleo_ovn_mac_addresses.py deleted file mode 100644 index 81d4534a2..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_ovn_mac_addresses.py +++ /dev/null @@ -1,282 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2021 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from concurrent import futures -import os -import yaml - -try: - from ansible.module_utils import network_data_v2 -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils import network_data_v2 -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_ovn_mac_addresses - -short_description: Manage OVN bridge Mac Addresses - -version_added: "2.8" - -description: - - "Create a OVN Mac Address network, and allocate bridge mac address ports" - -options: - concurrency: - description: - - Maximum number of server resources to provision ports for at once. - Set to 0 to have no concurrency limit - type: int - default: 0 - playbook_dir: - description: - - The path to the directory of the playbook that was passed to the - ansible-playbook command line. - type: str - stack_name: - description: - - Name of the overcloud stack - type: str - default: overcloud - ovn_bridge_mappings: - description: - - OVN bridge mappings - type: list - server_resource_names: - description: - - List of server resources - type: list - ovn_static_bridge_mac_mappings: - description: - - Static OVN Bridge MAC address mappings. Unique OVN bridge mac addresses - is dynamically allocated by creating neutron ports. When neutron isn't - available, for instance in the standalone deployment, use this - parameter to provide static OVN bridge mac addresses. - type: dict - default: {} - -author: - - Harald Jensås -''' - -RETURN = ''' -''' - -EXAMPLES = ''' -- name: Create OVN Mac address ports - tripleo_ovn_mac_addresses: - stack_name: overcloud - bridge_mappings: - - datacentre:br-ex - server_resource_names: - - controller-0 - - controller-1 - - controller-2 -- name: Create OVN Mac address ports (static) - tripleo_ovn_mac_addresses: - stack_name: overcloud - bridge_mappings: - - datacentre:br-ex - server_resource_names: - - controller-0 - - compute-0 - ovn_static_bridge_mac_mappings: - controller-0: - datacenter: 00:00:5E:00:53:00 - provider: 00:00:5E:00:53:01 - compute-0: - datacenter: 00:00:5E:00:54:00 - provider: 00:00:5E:00:54:01 -''' - -NET_NAME = 'ovn_mac_addr_net' -NET_DESCRIPTION = 'Network used to allocate MAC addresses for OVN chassis.' - - -def create_ovn_mac_address_network(result, conn): - network = conn.network.find_network(NET_NAME) - if network is None: - network = conn.network.create_network(name=NET_NAME, - description=NET_DESCRIPTION) - - result['changed'] = True - - return network.id - - -def port_exists(conn, net_id, tags, name): - try: - next(conn.network.ports(network_id=net_id, name=name, tags=tags)) - except StopIteration: - return False - - return True - - -def create_ovn_mac_address_ports(result, conn, net_id, tags, physnets, - server): - for physnet in physnets: - name = '_'.join([server, 'ovn_physnet', physnet]) - if port_exists(conn, net_id, tags, name): - continue - - port = conn.network.create_port(network_id=net_id, name=name, - dns_name=server) - conn.network.set_tags( - port, tags + ['tripleo_ovn_physnet={}'.format(physnet)]) - - result['changed'] = True - - -def remove_obsolete_ports(result, conn, net_id, tags, servers, physnets): - ports = conn.network.ports(network_id=net_id, tags=tags) - for port in ports: - tags = network_data_v2.tags_to_dict(port.tags) - if (port.dns_name not in servers - or tags['tripleo_ovn_physnet'] not in physnets): - conn.network.delete_port(port) - result['changed'] = True - - -def validate_ovn_bridge_mac_addr_var_file(ovn_bridge_mac_addr_var_file): - if not os.path.isfile(ovn_bridge_mac_addr_var_file): - raise Exception( - 'ERROR: OVN bridge MAC address var file {} is not a file'.format( - ovn_bridge_mac_addr_var_file)) - - -def write_vars_file(conn, playbook_dir, net_id, tags, static_mappings): - - playbook_dir_path = os.path.abspath(playbook_dir) - network_data_v2.validate_playbook_dir(playbook_dir) - - ovn_bridge_mac_addr_var_file = os.path.join( - playbook_dir_path, 'ovn_bridge_mac_address_vars.yaml') - - if not os.path.exists(ovn_bridge_mac_addr_var_file): - data = dict() - else: - validate_ovn_bridge_mac_addr_var_file(ovn_bridge_mac_addr_var_file) - with open(ovn_bridge_mac_addr_var_file, 'r') as f: - data = yaml.safe_load(f.read()) - - if not static_mappings: - ports = conn.network.ports(network_id=net_id, tags=tags) - - for port in ports: - tag_dict = network_data_v2.tags_to_dict(port.tags) - hostname = port.dns_name - physnet = tag_dict.get('tripleo_ovn_physnet') - if hostname and physnet: - host = data.setdefault(hostname, dict()) - host[physnet] = port.mac_address - else: - data = static_mappings - - with open(ovn_bridge_mac_addr_var_file, 'w') as f: - f.write(yaml.safe_dump(data, default_flow_style=False)) - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **openstack_module_kwargs() - ) - - stack = module.params.get('stack_name', 'overcloud') - bridge_mappings = module.params['ovn_bridge_mappings'] or [] - servers = module.params.get('server_resource_names') or [] - playbook_dir = module.params['playbook_dir'] - concurrency = module.params.get('concurrency', 0) - static_mappings = module.params.get( - 'ovn_static_bridge_mac_mappings', {}) - physnets = [x.split(':')[0] for x in bridge_mappings] - conn = tags = net_id = None - - try: - if not static_mappings: - _, conn = openstack_cloud_from_module(module) - net_id = create_ovn_mac_address_network(result, conn) - tags = ['tripleo_stack_name={}'.format(stack)] - - # no limit on concurrency, create a worker for every server - if concurrency < 1: - concurrency = len(servers) - - if servers: - jobs = [] - exceptions = [] - with futures.ThreadPoolExecutor(max_workers=concurrency) as p: - for server in servers: - jobs.append(p.submit(create_ovn_mac_address_ports, - result, conn, net_id, tags, - physnets, server)) - - for job in futures.as_completed(jobs): - e = job.exception() - if e: - exceptions.append(e) - - if exceptions: - raise exceptions[0] - - try: - remove_obsolete_ports(result, conn, net_id, tags, servers, - physnets) - except Exception: - pass - if static_mappings or servers: - write_vars_file(conn, playbook_dir, net_id, tags, static_mappings) - - result['success'] = True - module.exit_json(**result) - - except Exception as err: - result['error'] = str(err) - result['msg'] = ('ERROR: Failed creating OVN MAC address resources!' - ' {}'.format(err)) - module.fail_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_ovs_upgrade.py b/tripleo_ansible/ansible_plugins/modules/tripleo_ovs_upgrade.py deleted file mode 100644 index 75944ccfe..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_ovs_upgrade.py +++ /dev/null @@ -1,337 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -import glob -import os -import re - -from ansible.module_utils._text import to_native -from ansible.module_utils.basic import AnsibleModule - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = """ ---- -module: tripleo_ovs_update -author: - - Sofer Athlan-Guyot -version_added: '2.8' -short_description: Handle special ovs update. -notes: [] -description: - - This module check if ovs need a special treatment during update of the - package. -options: - debug: - description: - - Whether or not debug is enabled. - default: False - required: False - type: bool -""" - -EXAMPLES = """ -- name: Special treatment for ovs upgrade. - tripleo_ovs_upgrade: -""" - -RETURN = """ -msg: - description: Descrption of the action taken. - returned: always - type: str -changed: - description: Was the ovs package update or not. - returned: always - type: bool -""" - - -def run_locale_safe(module, *args, **kwargs): - if isinstance(*args, str): - cmd = 'env LANG=C.UTF-8' + str(*args) - else: - cmd = ['env', 'LANG=C.UTF-8'] + list(*args) - return module.run_command(cmd, **kwargs) - - -def pkg_manager(module, downloader=False): - dnf = module.get_bin_path('dnf') - if dnf: - module.debug("Using dnf as package manager") - if not downloader: - return dnf - else: - return ['dnf', 'download'] - if not downloader: - return module.get_bin_path('yum') - else: - return ['yumdownloader'] - - -def get_current_ovs_pkg_name(module): - """ Get currently installed ovs pkg name, layered or not.""" - cmd = ['rpm', '-qa'] - _, output, _ = run_locale_safe(module, cmd, check_rc=True) - ovs_re = re.compile(r""" - ^(openvswitch[0-9]+\.[0-9]+-[0-9]+\.[0-9]+\.[0-9]+ # layered - | # or - openvswitch(?!-[a-z]+)) # non-layered - """, re.X) - for pkg in output.split("\n"): - ovs = re.search(ovs_re, pkg) - if ovs: - return ovs.group(0) - return None - - -# Process rhosp-openvswitch layered package for new version number -# return stuff like ["2.11"] in original module -def get_version(module, pkg, new=True): - if new: - cmd = [pkg_manager(module), 'info', '-q', pkg] - else: - cmd = ['rpm', '-qi', pkg] - # This may fail if the package is not around for non-lp product. - _, output, _ = run_locale_safe(module, cmd, check_rc=False) - versions = re.findall(r'Version[^:]*:[^0-9]*([0-9.]+)', output) - found = [] - for version in versions: - if version: - # we are only interested in major/minor number here. - if new: - # We can have several version here - found.append(version.split('.')[:2]) - else: - found = version.split('.')[:2] - return found - - -def flatten_version(versions, join_str=''): - flatten_str = "" - if not isinstance(versions, list): - versions = [versions] - if len(versions) >= 1 and isinstance(versions[0], list): - for version in versions: - flatten_str += join_str.join(version) - else: - flatten_str += join_str.join(versions) - return flatten_str - - -def get_current_ovs_pkg_names(module, pkg): - cmd = ['rpm', '-qa', pkg] - _, output, _ = run_locale_safe(module, cmd, check_rc=True) - # Make sure we remove empty element. - return [pkg for pkg in output.split("\n") if pkg] - - -def remove_package_noaction(module, pkgs, excludes=[]): - cmd = ['rpm', '-e', '--noscripts', '--nopreun', - '--nopostun', '--notriggers', '--nodeps'] - pkgs_to_remove = [] - for pkg in pkgs: - for exclude in excludes: - if not re.match(r'{}'.format(exclude), pkg): - pkgs_to_remove.append(pkg) - _, output, _ = run_locale_safe(module, cmd + pkgs_to_remove, check_rc=True) - return output - - -def upgrade_pkg(module, pkg): - cmd = [pkg_manager(module), 'upgrade', '-y', pkg] - _, output, _ = run_locale_safe(module, cmd, check_rc=True) - return output - - -def set_openflow_version_on_bridges(module, bridges=None): - if bridges is None: - bridges = ['br-int'] - for bridge in bridges: - cmd = ['ovs-vsctl', 'set', 'bridge', bridge, - 'protocols=OpenFlow10,OpenFlow13,OpenFlow15'] - rc, out, err = run_locale_safe(module, cmd) - if rc != 0: - module.warn('Cannot set new OpenFlow protocols on a bridge: ' - '%s: %s.' % - (bridge, to_native(err))) - - -def layer_product_upgrade(module, result, ovs_pkg, lp_ovs_current_version): - """Actually do the layered ovs upgrade with workaround. - - So we have a layered package (rhosp|rdo)-openvswitch. To prevent - any cut in networking during update/upgrade, we update ovs without - triggering the scripts in the package that stop the service. - - So first it determines if the package has a upgrade coming and - then erases it making sure no package script is triggered and - finally it re-install the new package. - - It also prevents incomptible issues between ovs database schema - during a rolling update. - - No cut in service at the cost of a needed reboot to get the new - binaries in place. - - """ - layered_product_name = get_layered_product_name() - lp_ovs_coming_versions = get_version(module, layered_product_name) - ovs_current_version = get_version(module, ovs_pkg, new=False) - - pkg_suffix = '' - if int(ovs_current_version[0]) >= 3 or int(ovs_current_version[1]) >= 10: - pkg_suffix = '.'.join(ovs_current_version) - - if ovs_pkg == 'openvswitch': - pkg_base_name = 'openvswitch*' - else: - pkg_base_name = 'openvswitch{}*'.format(pkg_suffix) - - if len(lp_ovs_coming_versions) == 0: - result['msg'] += "Couldn't get the version of rhosp-openvswitch, " + \ - "check dnf info -q rhosp-openvswitch on this host." - result['failed'] = True - elif len(ovs_current_version) == 0: - result['msg'] += "Couldn't get the current version of the ovs-package, " + \ - f"check rpm -qi {ovs_pkg} on this host." - result['failed'] = True - elif flatten_version(lp_ovs_coming_versions) \ - != flatten_version(ovs_current_version): - # NOTE(mjozefcz): Workaround for bz1863024. - if '2.11' == flatten_version(ovs_current_version, join_str='.'): - set_openflow_version_on_bridges(module) - ovs_pkgs = get_current_ovs_pkg_names(module, pkg_base_name) - remove_package_noaction(module, ovs_pkgs, - excludes=['selinux']) - upgraded = upgrade_pkg(module, layered_product_name) - result['msg'] += \ - """ Layer product update workaround applied for {} \ -Upgraded:'{}'""".format(ovs_pkgs, upgraded) - result['changed'] = True - else: - result['msg'] += " No need to upgrade ovs." - - -def pkg_has_disruption(module): - """Check if the current ovs pkg include a disruptive action.""" - awk_cmds = ["awk '/postuninstall/,/*/' | grep -q 'systemctl.*try-restart'", - "awk '/preun/,/*/' | grep -q 'systemctl.*disable'"] - rc = 1 - for awk in awk_cmds: - cmd = "rpm -q --scripts openvswitch | {}".format(awk) - rc, _, _ = run_locale_safe(module, - cmd, check_rc=False, - use_unsafe_shell=True) - if rc == 0: - break - return rc == 0 - - -def upgrade_non_layered_ovs(module, result): - tmp_dir = '/root/OVS_UPGRADE' - cmds = [ - ['rm', '-rf', tmp_dir], - ['install', '-d', '-o', 'root', '-g', 'root', '-m', '0750', tmp_dir], - [pkg_manager(module), 'makecache'], - pkg_manager(module, downloader=True) - + ['--destdir', tmp_dir, '--resolve', 'openvswitch']] - for cmd in cmds: - run_locale_safe(module, cmd, check_rc=True) - - for pkg in glob.glob(tmp_dir + '/*.rpm'): - cmd = ['rpm', '-U', - '--replacepkgs', - '--notriggerun', - '--nopostun', - pkg] - run_locale_safe(module, cmd, check_rc=True) - result['msg'] += " {} handled".format(pkg) - result['changed'] = True - - -def non_layered_ovs_upgrade(module, result): - if not pkg_has_disruption(module): - result['msg'] += 'Nothing to be done for non layered ovs upgrade, ' \ - "post-script doesn't have restart." - else: - result['msg'] += "OVS upgrade special handling." - upgrade_non_layered_ovs(module, result) - - -def get_distro(): - """Get the distro as defined in /etc/os-release[ID].""" - distro = None - os_release_file = '/etc/os-release' - if os.path.isfile(os_release_file): - with open(os_release_file) as release_file: - for line in release_file.readlines(): - match = re.match('^ *ID *="?([^"]+)"?$', line) - if match: - distro = match.group(1) - break - return distro - - -def get_layered_product_name(): - """Get the layer product name version depending on os. - - It's rhosp-openvswitch on redhat, and rdo-openvswitch on centos. - - """ - distro = get_distro() - if distro is not None and distro == 'centos': - return 'rdo-openvswitch' - return 'rhosp-openvswitch' - - -def main(): - module = AnsibleModule(argument_spec={}, supports_check_mode=False) - - result = dict( - changed=False, - msg='' - ) - - layered_product_name = get_layered_product_name() - ovs_current_pkg = get_current_ovs_pkg_name(module) - if ovs_current_pkg: - # We found a ovs package, let's dive in. - ovs_current_version = get_version(module, - layered_product_name, - new=False) - if ovs_current_version: - result['msg'] += "Found a layered product ovs - {} - " \ - .format(layered_product_name) - layer_product_upgrade(module, result, - ovs_current_pkg, ovs_current_version) - else: - result['msg'] += "Found ovs. " - non_layered_ovs_upgrade(module, result) - else: - result['msg'] += "No ovs installed, nothing to do." - - module.exit_json(**result) - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_passwords_rotate.py b/tripleo_ansible/ansible_plugins/modules/tripleo_passwords_rotate.py deleted file mode 100644 index 505fbf8f7..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_passwords_rotate.py +++ /dev/null @@ -1,154 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2018 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import os -import yaml - -from ansible.module_utils import tripleo_common_utils as tc -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - -from tripleo_common.utils import plan as plan_utils -from tripleo_common import constants - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_passwords_rotate - -short_description: Rotate Passwords - -version_added: "2.8" - -description: - - "Rotate Passwords." - -options: - container: - description: - - Overcloud plan container name - default: overcloud - rotate_passwords: - description: flag for rotate passwords or not - default: true - type: bool - password_list: - description: - - Password list to be rotated - type: list - default: [] - no_log: true - password_file: - description: - - file containing the current passwords for the stack - type: str - default: "" - no_log: true -author: - - Rabi Mishra (@ramishra) -requirements: ["openstacksdk", "tripleo-common"] -''' - -EXAMPLES = ''' -- name: Rotate passwords and update plan - tripleo_password_rotate: - container: overcloud - rotate_passwords: true - password_list: [] -''' - -RETURN = ''' -passwords: - description: Rotated passwords - returned: always - type: dict - no_log: true -''' - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - passwords={} - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **openstack_module_kwargs() - ) - - try: - container = module.params.get('container') - rotate_passwords = module.params.get('rotate_passwords') - password_list = module.params.get('password_list') - password_file = module.params.get('password_file') - _, conn = openstack_cloud_from_module(module) - tripleo = tc.TripleOCommon(session=conn.session) - heat = tripleo.get_orchestration_client() - - # Which file to look for passwords - if not password_file: - password_file = os.path.join( - constants.DEFAULT_WORKING_DIR_FORMAT.format(container), - constants.PASSWORDS_ENV_FORMAT.format(container)) - # Check whether the password file exists - if os.path.exists(password_file): - with open(password_file, 'r') as f: - passwords_env = yaml.safe_load(f.read()) - else: - passwords_env = None - - rotated_passwords = plan_utils.generate_passwords( - heat=heat, container=container, - rotate_passwords=rotate_passwords, - rotate_pw_list=password_list, - passwords_env=passwords_env - ) - result['success'] = True - result['passwords'] = rotated_passwords - result['changed'] = True - except Exception as err: - result['error'] = str(err) - result['msg'] = ("Error rotating passwords for plan %s: %s" % ( - container, err)) - module.fail_json(**result) - - # in the event of a successful module execution, you will want to - # simple AnsibleModule.exit_json(), passing the key/value results - module.exit_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_service_vip.py b/tripleo_ansible/ansible_plugins/modules/tripleo_service_vip.py deleted file mode 100644 index 6141d4ab5..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_service_vip.py +++ /dev/null @@ -1,358 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2021 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import os -import yaml - -try: - from ansible.module_utils import network_data_v2 -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils import network_data_v2 -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_service_vip - -short_description: Create a Virtual IP address for a service - -version_added: "2.8" - -description: - - "Create a Virtual IP address for a service" - -options: - playbook_dir: - description: - - The path to the directory of the playbook that was passed to the - ansible-playbook command line. - type: str - render_path: - description: - - The output path to the file that will be produced by executing this - module. - type: str - stack_name: - description: - - Name of the overcloud stack which will be deployed on these instances - type: str - default: overcloud - service_name: - description: - - Name of the service the Virtual IP is intended for - type: str - state: - description: - - The desired provision state, "present" to provision, "absent" to - unprovision - default: present - choices: - - present - - absent - network: - description: - - Neutron network where the Virtual IP port will be created - type: str - fixed_ips: - description: - - A list of ip allocation definitions - type: list - elements: dict - suboptions: - ip_address: - description: - - IP address - type: str - subnet: - description: - - Neutron subnet name or id - type: str - use_neutron: - description: - - Boolean option to allow not to create a neutron port. - type: bool - -author: - - Harald Jensås -''' - -RETURN = ''' -''' - -EXAMPLES = ''' -- name: Create redis Virtual IP - tripleo_service_vip: - stack_name: overcloud - service_name: redis - network: internal_api - fixed_ip: - - subnet: internal_api_subnet - register: redis_vip -- name: Create foo Virtual IP (Not creating a neutron port) - tripleo_service_vip: - stack_name: overcloud - service_name: foo - network: foo - fixed_ip: - - ip_address: 192.0.2.5 - use_neutron: false - register: redis_vip -''' - -VIRTUAL_IP_NAME_SUFFIX = '_virtual_ip' - - -class FakePort: - def __init__(self, fixed_ips): - self.fixed_ips = fixed_ips - - -def create_or_update_port(conn, net, stack=None, service=None, - fixed_ips=None): - if not fixed_ips: - raise Exception('ERROR: No IP allocation definition provided. ' - 'Please provide at least one IP allocation ' - 'definition using the fixed_ips argument.') - - tags = {'tripleo_stack_name={}'.format(stack), - 'tripleo_service_vip={}'.format(service)} - port_def = dict(name=service + VIRTUAL_IP_NAME_SUFFIX, network_id=net.id) - - try: - port = next(conn.network.ports(tags=list(tags), network_id=net.id)) - except StopIteration: - port = None - - fixed_ips_def = port_def['fixed_ips'] = [] - - for fixed_ip in fixed_ips: - ip_address = fixed_ip.get('ip_address') - subnet_name = fixed_ip.get('subnet') - ip_def = {} - if ip_address: - ip_def['ip_address'] = ip_address - if subnet_name: - subnet = conn.network.find_subnet(subnet_name, network_id=net.id) - if subnet is None: - raise Exception('ERROR: Subnet {} does not exist for network ' - '{}. Service {} is mapped to a subnet that ' - 'does not exist. Verify that the VipSubnetMap ' - 'parameter has the correct values.'.format( - subnet_name, net.name, service)) - ip_def['subnet_id'] = subnet.id - - fixed_ips_def.append(ip_def) - - if not port: - port = conn.network.create_port(**port_def) - else: - # TODO: Check if port needs update - port = conn.network.update_port(port, **port_def) - - p_tags = set(port.tags) - if not tags.issubset(p_tags): - p_tags.update(tags) - conn.network.set_tags(port, list(p_tags)) - - return port - - -def find_ctlplane_vip(conn, stack=None, service=None): - tags = ['tripleo_stack_name={}'.format(stack), - 'tripleo_vip_net=ctlplane'] - try: - port = next(conn.network.ports(tags=tags)) - except StopIteration: - raise Exception('Virtual IP address on the ctlplane network for stack ' - '{} not found. Service {} is mapped to the ctlplane ' - 'network and thus require a virtual IP address to be ' - 'present on the ctlplane network.'.format(stack, - service)) - - return port - - -def validate_service_vip_vars_file(service_vip_var_file): - if not os.path.isfile(service_vip_var_file): - raise Exception( - 'ERROR: Service VIP var file {} is not a file'.format( - service_vip_var_file)) - - -def write_vars_file(port, service, playbook_dir, out=None): - ips = [x['ip_address'] for x in port.fixed_ips] - if len(ips) == 1: - ips = ips[0] - - if out is not None: - service_vip_var_file = os.path.abspath(out) - else: - playbook_dir_path = os.path.abspath(playbook_dir) - network_data_v2.validate_playbook_dir(playbook_dir) - service_vip_var_file = os.path.join(playbook_dir_path, - 'service_vip_vars.yaml') - - if not os.path.exists(service_vip_var_file): - data = dict() - else: - validate_service_vip_vars_file(service_vip_var_file) - with open(service_vip_var_file, 'r') as f: - data = yaml.safe_load(f.read()) - - data.update({service: ips}) - with open(service_vip_var_file, 'w') as f: - f.write(yaml.safe_dump(data, default_flow_style=False)) - - return data - - -def use_neutron(conn, stack, service, network, fixed_ips): - - net = conn.network.find_network(network) - - # NOTE: If the network does'nt exist fall back to use the ctlplane VIP - if net is None or net.name == 'ctlplane': - port = find_ctlplane_vip(conn, stack=stack, service=service) - else: - port = create_or_update_port(conn, net, stack=stack, service=service, - fixed_ips=fixed_ips) - - return port - - -def use_fake(service, fixed_ips): - if [fixed_ip for fixed_ip in fixed_ips if 'ip_address' in fixed_ip]: - port = FakePort(fixed_ips) - else: - raise Exception('Neutron service is not available and no fixed IP ' - 'address provided for {} service virtual IP. When ' - 'neutron service is not available a fixed IP ' - 'address must be provided'.format(service)) - - return port - - -# This method is here so that openstack_cloud_from_module -# can be mocked in tests. -def _openstack_cloud_from_module(module): - _, conn = openstack_cloud_from_module(module) - - return _, conn - - -def delete_service_vip(module, stack, service='all'): - try: - _, conn = _openstack_cloud_from_module(module) - if service == 'all': - tags = {'tripleo_stack_name={}'.format(stack)} - ports = conn.network.ports(tags=list(tags)) - matching = [p for p in ports - if any("tripleo_service_vip" in tag for tag in p.tags)] - else: - tags = {'tripleo_stack_name={}'.format(stack), - 'tripleo_service_vip={}'.format(service)} - matching = conn.network.ports(tags=list(tags)) - for p in matching: - conn.network.delete_port(p.id) - except Exception: - pass - - -def create_service_vip(module, stack, service, network, fixed_ips, - playbook_dir, out=None): - _use_neutron = True - for fixed_ip in fixed_ips: - if ('use_neutron', False) in fixed_ip.items(): - _use_neutron = False - break - - if _use_neutron: - _, conn = _openstack_cloud_from_module(module) - port = use_neutron(conn, stack, service, network, fixed_ips) - else: - port = use_fake(service, fixed_ips) - - return write_vars_file(port, service, playbook_dir, out) - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **openstack_module_kwargs() - ) - - stack = module.params.get('stack_name') - state = module.params.get('state') - service = module.params.get('service_name') or 'all' - - out = module.params.get('render_path', None) - playbook_dir = module.params.get('playbook_dir', None) - data = dict() - - try: - - if out is None and playbook_dir is None and state != 'absent': - raise Exception("Provide a playbook_dir or an output path file.") - - if state == 'present' and service == 'all': - raise Exception("Provide service_name for service_vip creation.") - - if state == 'absent': - delete_service_vip(module, stack, service) - else: - network = module.params['network'] - fixed_ips = module.params.get('fixed_ips', []) - data = create_service_vip(module, stack, service, network, fixed_ips, - playbook_dir, out) - result['changed'] = True - result['success'] = True - result['data'] = data - module.exit_json(**result) - except Exception as err: - result['error'] = str(err) - result['msg'] = ('ERROR: Failed creating/deleting service virtual IP!' - ' {}'.format(err)) - result['data'] = {} - module.fail_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_unmanaged_populate_environment.py b/tripleo_ansible/ansible_plugins/modules/tripleo_unmanaged_populate_environment.py deleted file mode 100644 index b14f8c37c..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_unmanaged_populate_environment.py +++ /dev/null @@ -1,179 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2020 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import yaml - -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_unmanaged_populate_environment - -short_description: Add unmanaged node to existing heat environment - -version_added: "2.8" - -description: - - "Add unmanaged node to existing heat environment" - -options: - environment: - description: - - Existing heat environment data to add to - type: dict - default: {} - instances: - description: - - List of unmanaged instances - required: true - type: list - elements: dict - node_port_map: - description: - - Structure with port data mapped by node and network, in the format - returned by the tripleo_overcloud_network_ports module. - type: dict - default: {} - ctlplane_network: - description: - - Name of control plane network - default: ctlplane - type: str -author: - - Harald Jensås -''' - -RETURN = ''' -parameter_defaults: - FooParam: foo - DeployedServerPortMap: - controller-0-ctlplane: - fixed_ips: - - ip_address': 1.1.1.1 - compute-0-ctlplane: - fixed_ips: - - ip_address': 1.1.1.2 - instance3-ctlplane: - fixed_ips: - - ip_address': 1.1.1.3 -resource_registry: - OS::Fake::Resource: /path/to/fake/resource.yaml -''' - -EXAMPLES = ''' -- name: Populate environment with network port data - tripleo_unmanaged_populate_environment: - ctlplane_network: ctlplane - environment: - parameter_defaults: - FooParam: foo - DeployedServerPortMap: - instance3-ctlplane: - fixed_ips: - - ip_address': 1.1.1.3 - resource_registry: - OS::Fake::Resource: /path/to/fake/resource.yaml - instances: - - hostname: controller-0 - managed: false - networks: - - network: ctlplane - fixed_ip: 1.1.1.1 - - hostname': compute-0 - managed: false - networks: - - network: ctlplane - fixed_ip: 1.1.1.2 - node_port_map: - controller-0: - ctlplane: - ip_address: 1.1.1.1 - ip_subnet: 1.1.1.1/24 - ip_address_uri: 1.1.1.1 - compute-0: - ctlplane: - ip_address: 1.1.1.2 - ip_subnet: 1.1.1.2/24 - ip_address_uri: 1.1.1.2 - register: environment -''' - - -def update_environment(environment, ctlplane_network, node_port_map, - instances): - parameter_defaults = environment.setdefault('parameter_defaults', {}) - port_map = parameter_defaults.setdefault('DeployedServerPortMap', {}) - for instance in instances: - if instance.get('managed', True): - continue - - hostname = instance['hostname'] - ip_address = node_port_map[hostname][ctlplane_network]['ip_address'] - ctlplane = {} - ctlplane['fixed_ips'] = [{'ip_address': ip_address}] - port_map['%s-%s' % (hostname, ctlplane_network)] = ctlplane - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - environment={}, - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **openstack_module_kwargs() - ) - - environment = result['environment'] = module.params['environment'] - instances = module.params['instances'] - node_port_map = module.params['node_port_map'] - ctlplane_network = module.params['ctlplane_network'] - - try: - update_environment(environment, ctlplane_network, node_port_map, - instances) - result['success'] = True - module.exit_json(**result) - - except Exception as err: - result['error'] = str(err) - result['msg'] = ("Error overcloud network provision failed!") - module.fail_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/modules/tripleo_unprovision_network.py b/tripleo_ansible/ansible_plugins/modules/tripleo_unprovision_network.py deleted file mode 100644 index c7b8eadfc..000000000 --- a/tripleo_ansible/ansible_plugins/modules/tripleo_unprovision_network.py +++ /dev/null @@ -1,144 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright (c) 2021 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import yaml - -try: - from ansible.module_utils import network_data_v2 -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils import network_data_v2 -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: tripleo_unprovision_network - -short_description: Unprovision TripleO networks - -version_added: "2.9" - -description: - - "Delete TripleO Composable networks" - -options: - net_data: - description: - - Structure describing a TripleO composable network - type: dict -author: - - Sandeep Yadav -''' - -EXAMPLES = ''' -- name: Unprovision TripleO composable networks - tripleo_unprovision_network: - net_data: - name: Storage - name_lower: storage - dns_domain: storage.localdomain. - mtu: 1442 - subnets: - storage_subnet: - ip_subnet: 172.18.0.0/24 - gateway_ip: 172.18.0.254 - allocation_pools: - - start: 172.18.0.10 - end: 172.18.0.250 - routes: - - destination: 172.18.1.0/24 - nexthop: 172.18.0.254 - vip: true - vlan: 20 -''' - -RETURN = ''' -''' - - -def unprovision_subnet_and_network(conn, net_data): - changed = False - - for subnet_name in net_data['subnets']: - subnet = conn.network.find_subnet(subnet_name) - if subnet: - conn.network.delete_subnet(subnet.id) - changed = True - - network = conn.network.find_network(net_data['name_lower']) - if network: - if not network.subnet_ids: - conn.network.delete_network(network.id) - changed = True - else: - raise Exception( - 'Cannot delete Network {} because it have following subnets ' - 'attached {}'.format(network.id, network.subnet_ids)) - - return changed - - -def run_module(): - result = dict( - success=False, - changed=False, - error="", - ) - - argument_spec = openstack_full_argument_spec( - **yaml.safe_load(DOCUMENTATION)['options'] - ) - - module = AnsibleModule( - argument_spec, - supports_check_mode=False, - **openstack_module_kwargs() - ) - - net_data = module.params['net_data'] - error_messages = network_data_v2.validate_json_schema(net_data) - if error_messages: - module.fail_json(msg='\n\n'.join(error_messages)) - - try: - _, conn = openstack_cloud_from_module(module) - changed = unprovision_subnet_and_network(conn, net_data) - result['changed'] = changed if changed else result['changed'] - result['success'] = True - module.exit_json(**result) - - except Exception as err: - result['error'] = str(err) - result['msg'] = ("Error overcloud network unprovisioning failed!") - module.fail_json(**result) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/ansible_plugins/strategy/tripleo_base.py b/tripleo_ansible/ansible_plugins/strategy/tripleo_base.py deleted file mode 100644 index 760a56686..000000000 --- a/tripleo_ansible/ansible_plugins/strategy/tripleo_base.py +++ /dev/null @@ -1,206 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -from ansible.errors import AnsibleError -from ansible.module_utils._text import to_text -from ansible.playbook.included_file import IncludedFile -from ansible.plugins.loader import action_loader -from ansible.plugins.strategy import StrategyBase -from ansible.utils.display import Display - -DOCUMENTATION = ''' - strategy: tripleo_base - short_description: Base tripleo strategy shared with linear & free - description: - version_added: "2.9" - author: Alex Schultz -''' - -display = Display() - - -class TripleoBase(StrategyBase): - - def __init__(self, *args, **kwargs): - super(TripleoBase, self).__init__(*args, **kwargs) - self._any_errors_fatal = False - self._callback_sent = False - self._has_work = False - self._host_pinned = False - self._hosts_left = [] - self._iterator = None - self._play_context = None - self._strat_results = [] - self.noop_task = None - self._fail_cache = {} - # these were defined in 2.9 - self._has_hosts_cache = False - self._has_hosts_cache_all = False - - def _print(self, msg, host=None, level=1): - # host needs to be a string or bad things happen. LP#1904917 - if host and not isinstance(host, str): - host = None - display.verbose(msg, host=host, caplevel=level) - - def _debug(self, msg, host=None): - self._print(msg, host, 3) - - def _get_action(self, task): - """Get action based on task""" - self._debug('_get_action...') - try: - action = action_loader.get(task.action, class_only=True) - except KeyError: - action = None - return action - - def _send_task_callback(self, task, templar): - """Send a task callback for task start""" - self._debug('_send_task_callback...') - if self._callback_sent: - return - name = task.name - try: - task.name = to_text(templar.template(task.name, - fail_on_undefined=False), - nonstring='empty') - except Exception: - self._debug('templating failed') - self._tqm.send_callback('v2_playbook_on_task_start', - task, - is_conditional=False) - task.name = name - self._callback_sent = True - - def _get_fail_percent(self, host): - """Return maximum percentage failure per role""" - if host and host in self._fail_cache: - return self._fail_cache[host] - - fail_vars = self._variable_manager.get_vars(play=self._iterator._play, - host=host, - task=None) - percent = fail_vars.get('max_fail_percentage', 0) - role = fail_vars.get('tripleo_role_name', 'default') - self._fail_cache[host] = (percent, role) - return (percent, role) - - def _check_fail_percent(self, host, current_failures): - """Check if max fail pourcentage was reached - - When a failure occurs for a host, check if we reached - the max percentage of failure for the group in which - the host is part from. - """ - percent, role = self._get_fail_percent(host) - current_failed = current_failures.get(role, 1) - - groups = self._inventory.get_groups_dict() - group_count = len(groups.get(role, [])) - if group_count == 0: - return True - failed_percent = (current_failed / group_count) * 100 - if failed_percent > percent: - return True - return False - - def _get_current_failures(self): - """Return the number of failures per role""" - failures = {} - for host, _ in self._iterator.get_failed_hosts().items(): - host_obj = self._inventory.get_host(host) - per, role = self._get_fail_percent(host_obj) - if role in failures: - failures[role] += 1 - else: - failures[role] = 1 - return failures - - def _get_task_attr(self, task, name): - # Ansible < 2.14 replaced _valid_attrs by FieldAttributes - # https://github.com/ansible/ansible/pull/73908 - if hasattr(task, 'fattributes'): - return task.fattributes.get(name) - return task._valid_attrs[name] - - def _get_task_errors_fatal(self, task, templar): - """Return parsed any_errors_fatal from a task""" - return task.get_validated_value( - 'any_errors_fatal', - self._get_task_attr(task, 'any_errors_fatal'), - templar.template(task.any_errors_fatal), - None) - - def process_includes(self, host_results, noop=False): - """Handle includes - - This function processes includes and adds them tasks to the hosts. - It will return False if there was a failure during the include - """ - self._debug('process_includes...') - include_files = IncludedFile.process_include_results( - host_results, - iterator=self._iterator, - loader=self._loader, - variable_manager=self._variable_manager - ) - - include_success = True - if len(include_files) == 0: - self._debug('No include files') - return include_success - - all_blocks = dict((host, []) for host in self._hosts_left) - for include in include_files: - self._debug('Adding include...{}'.format(include)) - try: - if include._is_role: - ir = self._copy_included_file(include) - new_blocks, handler_blocks = ir.get_block_list( - play=self._iterator._play, - variable_manager=self._variable_manager, - loader=self._loader) - else: - new_blocks = self._load_included_file( - include, iterator=self._iterator) - for block in new_blocks: - vars_params = {'play': self._iterator._play, - 'task': block._parent} - # ansible <2.9 compatibility - if self._has_hosts_cache: - vars_params['_hosts'] = self._hosts_cache - if self._has_hosts_cache_all: - vars_params['_hosts_all'] = self._hosts_cache_all - - task_vars = self._variable_manager.get_vars(**vars_params) - final_block = block.filter_tagged_tasks(task_vars) - - for host in self._hosts_left: - if host in include._hosts: - all_blocks[host].append(final_block) - except AnsibleError as e: - for host in include._hosts: - self._tqm._failed_hosts[host.get_name()] = True - self._iterator.mark_host_failed(host) - display.error(to_text(e), wrap_text=False) - include_success = False - continue - - for host in self._hosts_left: - self._iterator.add_tasks(host, all_blocks[host]) - - return include_success diff --git a/tripleo_ansible/ansible_plugins/strategy/tripleo_free.py b/tripleo_ansible/ansible_plugins/strategy/tripleo_free.py deleted file mode 100644 index 66c63017d..000000000 --- a/tripleo_ansible/ansible_plugins/strategy/tripleo_free.py +++ /dev/null @@ -1,340 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -import os -import time - -from ansible import constants as C -from ansible.errors import AnsibleError -from ansible.module_utils._text import to_text -from ansible.template import Templar -from ansible.utils.display import Display - -try: - import importlib.util - BASESPEC = importlib.util.spec_from_file_location( - 'tripleo_base', - os.path.join(os.path.dirname(__file__), 'tripleo_base.py') - ) - BASE = importlib.util.module_from_spec(BASESPEC) - BASESPEC.loader.exec_module(BASE) -except ImportError: - import imp - BASE = imp.load_source( - 'tripleo_base', - os.path.join(os.path.dirname(__file__), 'tripleo_base.py') - ) - -DOCUMENTATION = ''' - strategy: tripleo_free - short_description: TripleO specific free strategy - description: - - Based on the 'free' strategy from Ansible - - Logic broken up to allow for future improvements/extending - - Will fail playbook if any hosts have a failure during the - execution and any_errors_fatal is true (free does not do this). - - Should be backwards compatible for Ansible 2.8 - version_added: "2.9" - author: Alex Schultz -''' - -display = Display() - - -class TripleoFreeBreak(Exception): - """Exception used to break loops""" - pass - - -class TripleoFreeContinue(Exception): - """Exception used to continue loops""" - pass - - -class StrategyModule(BASE.TripleoBase): - - # this strategy handles throttling - ALLOW_BASE_THROTTLING = False - - def __init__(self, *args, **kwargs): - super(StrategyModule, self).__init__(*args, **kwargs) - self._last_host = 0 - self._workers_free = 0 - self._run_once_tasks = set() - - def _filter_notified_hosts(self, notified_hosts): - """Filter notified hosts""" - return [host for host in notified_hosts - if host in self._flushed_hosts and self._flushed_hosts[host]] - - def _increment_last_host(self): - """Increment last host pointer - - If the last host pointer exceeds the number of hosts, we set it back to - zero so we can start checking again with the first host - """ - self._debug('_increment_last_host') - self._last_host += 1 - self._debug('last_host is {}'.format(self._last_host)) - if self._last_host > len(self._hosts_left) - 1: - self._debug('resetting last host') - self._last_host = 0 - - def _check_throttle(self, throttle, task): - """Check if we should throttle""" - if throttle > 0: - same_task = 0 - for worker in self._workers: - if (worker and worker.is_alive() - and worker._task._uuid == task._uuid): - same_task += 1 - if same_task >= throttle: - return True - return False - - def _check_failures(self, results): - """Check results for failures - - If any errors are fatal, kill the playbook at the end of - execution. All non-failed hosts will continue to run the - playbook but it won't move on to the next playbook. This - function returns True if there were failures and False if - there are no failures. - """ - fail_lookup = self._get_current_failures() - if self._any_errors_fatal: - for res in results: - if ((res.is_failed() or res._task.action == 'meta') - and self._iterator.is_failed(res._host) - and self._check_fail_percent(res._host, fail_lookup)): - return True - return False - - def _send_task_callback(self, task, templar): - """Send task start callback""" - self._debug('_send_task_callback...') - name = task.name - try: - task.name = to_text(templar.template(task.name, - fail_on_undefined=False), - nonstring='empty') - except Exception: - self._debug('templating failed') - self._tqm.send_callback('v2_playbook_on_task_start', - task, - is_conditional=False) - task.name = name - - def _advance_host(self, host, task): - """Advance the host's task as necessary""" - self._debug('_advance_host {}'.format(host)) - host_name = host.get_name() - - # build get_vars call params - vars_params = {'play': self._iterator._play, - 'host': host, - 'task': task} - # If we have >= 2.9 we can use the hosts cache - if self._has_hosts_cache: - vars_params['_hosts'] = self._hosts_cache - if self._has_hosts_cache_all: - vars_params['_hosts_all'] = self._hosts_cache_all - - task_vars = self._variable_manager.get_vars(**vars_params) - self.add_tqm_variables(task_vars, play=self._iterator._play) - templar = Templar(loader=self._loader, variables=task_vars) - - # if task has a throttle attribute, check throttle e.g. ansible > 2.9 - throttle = getattr(task, 'throttle', None) - if throttle is not None: - try: - throttle = int(templar.template(throttle)) - except Exception as e: - raise AnsibleError("Failed to throttle: {}".format(e), - obj=task._df, - orig_exc=e) - if self._check_throttle(throttle, task): - raise TripleoFreeBreak() - - # _blocked_hosts is used in the base strategy to keep track of hosts in - # that have tasks in queue - self._blocked_hosts[host_name] = True - - # Refetch the task without peek - (_, task) = self._iterator.get_next_task_for_host(host) - action = self._get_action(task) - - try: - task.name = to_text(templar.template(task.name, - fail_on_undefined=False), - nonstring='empty') - except Exception: - display.warning('templating of task name failed', host=host_name) - - # run once doesn't work with free because we run all of them - run_once = (templar.template(task.run_once) or action - and getattr(action, 'BYPASS_HOST_LOOP', False)) - - if run_once: - if action and getattr(action, 'BYPASS_HOST_LOOP', False): - raise AnsibleError('Cannot bypass host loop with ansible_free strategy') - else: - display.warning("Using run_once with the tripleo_free strategy is not currently supported. " - "This task will still be executed for every host in the inventory list.") - - # handle role deduplication logic - if task._role and task._role.has_run(host): - if (task._role._metadata is None or task._role._metadata - and not task._role._metadata.allow_duplicates): - del self._blocked_hosts[host_name] - raise TripleoFreeContinue() - - if task.action == 'meta': - self._execute_meta(task, self._play_context, self._iterator, - target_host=host) - self._blocked_hosts[host_name] = False - else: - if not self._step or self._take_step(task, host_name): - if self._get_task_errors_fatal(task, templar): - display.warning('any_errors_fatal only stops any future ' - 'tasks running on the host that fails ' - 'with the tripleo_free strategy.') - self._any_errors_fatal = True - self._send_task_callback(task, templar) - self._queue_task(host, task, task_vars, self._play_context) - self._workers_free -= 1 - del task_vars - return True - - def process_work(self): - """Run pending tasks""" - self._debug('process_work....') - result = self._tqm.RUN_OK - start_host = self._last_host - self._strat_results = [] - while True: - self._debug('process_work loop') - host = self._hosts_left[self._last_host] - host_name = host.get_name() - - self._increment_last_host() - - (s, t) = self._iterator.get_next_task_for_host(host, peek=True) - self._print("host: {}, task: {}".format(host, t)) - - if host_name not in self._tqm._unreachable_hosts and t: - self._debug('{} has work to do, has_work = True'.format( - host_name)) - self._has_work = True - if not self._blocked_hosts.get(host_name, False): - try: - self._advance_host(host, t) - except TripleoFreeBreak: - break - except TripleoFreeContinue: - continue - else: - self._print('{} still blocked'.format(host_name)) - else: - self._debug('{} is unreachable or no task'.format(host_name)) - - # handle host pinned by going back to the start and waiting - # for the next free host - if (self._host_pinned and self._workers_free == 0 - and self._has_work): - self._last_host = start_host - - if self._last_host == start_host: - self._debug('We hit the start host, break our loop') - break - - self._debug('pending results....') - results = self._process_pending_results(self._iterator) - self._debug('results: {}'.format(results)) - self._strat_results.extend(results) - - if self._check_failures(results): - # NOTE(mwhahaha): this is the bit of code that the upstream free - # does not do - result |= self._tqm.RUN_FAILED_BREAK_PLAY - - self._workers_free += len(results) - self._debug('update connections....') - self.update_active_connections(results) - - return result - - def run(self, iterator, play_context): - """Run out strategy""" - self._iterator = iterator - self._play_context = play_context - self._has_work = True - self._workers_free = len(self._workers) - - result = self._tqm.RUN_OK - - # check for < 2.9 and set vars so we know if we can use hosts cache - if getattr(self, '_set_hosts_cache', False): - self._set_hosts_cache(self._iterator._play) - self._has_hosts_cache = True - if getattr(self, '_set_hosts_cache_all', False): - self._has_hosts_cache_all = True - - # while we still have tasks and ansible is still running - while self._has_work and not self._tqm._terminated: - self._has_work = False - self._debug('play: {}'.format(self._iterator._play)) - try: - # get the hosts with tasks - self._hosts_left = self.get_hosts_left(self._iterator) - if len(self._hosts_left) == 0: - self._tqm.send_callback( - 'v2_playbook_on_no_hosts_remaining') - # check if we previously had an error... - if result == self._tqm.RUN_OK: - # by setting this to false, the parent run function - # will determine if the run was ok based on a check - # of the unreachable/failed hosts. - result = False - break - # do work - result |= self.process_work() - # handle includes - include_result = self.process_includes(self._strat_results) - if self._any_errors_fatal and not include_result: - # NOTE(mwhahaha): This bit of code fails the playbook if - # an include fails. Upstream free does not have this today - display.error('An include failure occurred, we will not ' - 'continue to process after this play ' - 'completes.') - result |= self._tqm.RUN_FAILED_BREAK_PLAY - except (IOError, EOFError) as e: - display.error("Exception while running task loop: " - "{}".format(e)) - return self._tqm.RUN_UNKNOWN_ERROR - - self._debug('sleeping... {}'.format( - C.DEFAULT_INTERNAL_POLL_INTERVAL) - ) - time.sleep(C.DEFAULT_INTERNAL_POLL_INTERVAL) - - # wait for any pending results - _ = self._wait_on_pending_results(iterator) - - # call parent run to handle status - return super(StrategyModule, self).run(self._iterator, - self._play_context, - result) diff --git a/tripleo_ansible/ansible_plugins/strategy/tripleo_linear.py b/tripleo_ansible/ansible_plugins/strategy/tripleo_linear.py deleted file mode 100644 index ef528eeb2..000000000 --- a/tripleo_ansible/ansible_plugins/strategy/tripleo_linear.py +++ /dev/null @@ -1,371 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -__metaclass__ = type - -import os -import time - -from ansible import constants as C -from ansible.errors import AnsibleAssertionError -from ansible.executor.play_iterator import FailedStates -from ansible.executor.play_iterator import IteratingStates -from ansible.playbook.block import Block -from ansible.playbook.task import Task -from ansible.template import Templar -from ansible.utils.display import Display - -try: - import importlib.util - BASESPEC = importlib.util.spec_from_file_location( - 'tripleo_base', - os.path.join(os.path.dirname(__file__), 'tripleo_base.py') - ) - BASE = importlib.util.module_from_spec(BASESPEC) - BASESPEC.loader.exec_module(BASE) -except ImportError: - import imp - BASE = imp.load_source( - 'tripleo_base', - os.path.join(os.path.dirname(__file__), 'tripleo_base.py') - ) - -DOCUMENTATION = ''' - strategy: tripleo_linear - short_description: TripleO specific linear strategy - description: - - Based on the 'linear' strategy from Ansible - - Logic broken up to allow for future improvements - version_added: "2.9" - author: Alex Schultz -''' - -display = Display() - - -class TripleoLinearTerminated(Exception): - """Exception for terminated state""" - pass - - -class TripleoLinearNoHostTask(Exception): - """Exception for no host task""" - pass - - -class TripleoLinearRunOnce(Exception): - """Exception for run once""" - pass - - -class StrategyModule(BASE.TripleoBase): - - def __init__(self, *args, **kwargs): - super(StrategyModule, self).__init__(*args, **kwargs) - - def _create_noop_task(self): - """Create noop task""" - self._debug('_create_noop_task...') - noop_task = Task() - noop_task.action = 'meta' - noop_task.args['_raw_params'] = 'noop' - noop_task.set_loader(self._iterator._play._loader) - return noop_task - - def _advance_hosts(self, hosts, host_tasks, cur_block, cur_state): - """Move hosts to next task""" - self._debug('_advance_hosts...') - noop_task = self._create_noop_task() - returns = [] - for host in hosts: - host_state_task = host_tasks.get(host.name) - if host_state_task is None: - continue - (s, t) = host_state_task - self._print('task: {}'.format(t)) - s = self._iterator.get_active_state(s) - if t is None: - continue - self._print('task.action: {}'.format(t.action)) - if s.run_state == cur_state and s.cur_block == cur_block: - _ = self._iterator.get_next_task_for_host(host) - returns.append((host, t)) - else: - returns.append((host, noop_task)) - return returns - - def _get_next_tasks(self, hosts): - """Get next set of tasks""" - self._debug('_get_next_tasks...') - host_tasks = {} - task_counts = {} - - self._debug('populate next tasks for all hosts') - for host in hosts: - host_tasks[host.name] = self._iterator.get_next_task_for_host( - host, peek=True) - - self._debug('organize tasks by state') - host_tasks_to_run = [(host, state_task) - for host, state_task in host_tasks.items() - if state_task and state_task[1]] - - # figure out our current block - if host_tasks_to_run: - try: - lowest_cur_block = min( - (self._iterator.get_active_state(s).cur_block - for h, (s, t) in host_tasks_to_run - if s.run_state != IteratingStates.COMPLETE)) - except ValueError: - lowest_cur_block = None - else: - lowest_cur_block = None - - # build counts for tasks by run state - for (k, v) in host_tasks_to_run: - (s, t) = v - s = self._iterator.get_active_state(s) - if s.cur_block > lowest_cur_block: - continue - - # count up tasks based on state, we only care about: - # IteratingStates.SETUP - # IteratingStates.TASKS - # IteratingStates.RESCUE - # IteratingStates.ALWAYS - if not task_counts.get(s.run_state): - task_counts[s.run_state] = 1 - else: - task_counts[s.run_state] += 1 - - # Iterate through the different task states we care about - # to execute them in a specific order. If there are tasks - # in that state, we run all those tasks and then noop the - # rest of the hosts with tasks not currently in that state - for state_type in [IteratingStates.SETUP, - IteratingStates.TASKS, - IteratingStates.RESCUE, - IteratingStates.ALWAYS]: - if state_type in task_counts: - return self._advance_hosts(hosts, - host_tasks, - lowest_cur_block, - state_type) - - # all done so move on by returning None for the next task in - # the return value. - return [(host, None) for host in hosts] - - def _replace_with_noop(self, target): - """Replace task with a noop task""" - self._debug('_replace_with_noop...') - if self.noop_task is None: - raise AnsibleAssertionError('noop_task is None') - - result = [] - for t in target: - if isinstance(t, Task): - result.append(self.noop_task) - elif isinstance(t, Block): - result.append(self._create_noop_block_from(t, t._parent)) - return result - - def _create_noop_block_from(self, original_block, parent): - """Create a noop block from a block""" - self._debug('_create_noop_block_from...') - noop_block = Block(parent_block=parent) - noop_block.block = self._replace_with_noop(original_block.block) - noop_block.always = self._replace_with_noop(original_block.always) - noop_block.rescue = self._replace_with_noop(original_block.rescue) - return noop_block - - def _prepare_and_create_noop_block_from(self, original_block, parent): - """Create noop block""" - self._debug('_prepare_and_create_noop_block_from...') - self.noop_task = self._create_noop_task() - return self._create_noop_block_from(original_block, parent) - - def _process_host_tasks(self, host, task): - """Process host task and execute""" - self._debug('process_host_tasks...') - results = [] - - if self._tqm._terminated: - raise TripleoLinearTerminated() - run_once = False - - action = self._get_action(task) - - # Skip already executed roles - if task._role and task._role.has_run(host): - if (task._role._metadata is None or task._role._metadata - and not task._role._metadata.allow_duplicates): - raise TripleoLinearNoHostTask() - - # todo handle steps like in linear - # build get_vars call params - vars_params = {'play': self._iterator._play, - 'host': host, - 'task': task} - # if we have >= 2.9 we can use the hosts cache - if self._has_hosts_cache: - vars_params['_hosts'] = self._hosts_cache - if self._has_hosts_cache_all: - vars_params['_hosts_all'] = self._hosts_cache_all - - task_vars = self._variable_manager.get_vars(**vars_params) - - self.add_tqm_variables(task_vars, play=self._iterator._play) - templar = Templar(loader=self._loader, variables=task_vars) - - run_once = (templar.template(task.run_once) or action - and getattr(action, 'BYPASS_HOST_LOOP', False)) - - if task.action == 'meta': - results.extend(self._execute_meta(task, - self._play_context, - self._iterator, - host)) - if (task.args.get('_raw_params', None) not in ('noop', - 'reset_connection', - 'end_host')): - run_once = True - if (self._get_task_errors_fatal(task, templar) - or run_once and not task.ignore_errors): - self._any_errors_fatal = True - else: - self._send_task_callback(task, templar) - self._blocked_hosts[host.get_name()] = True - self._queue_task(host, task, task_vars, self._play_context) - del task_vars - - if run_once: - raise TripleoLinearRunOnce() - - max_passes = max(1, int(len(self._tqm._workers) * 0.1)) - results.extend(self._process_pending_results( - self._iterator, max_passes=max_passes)) - return results - - def _process_failures(self): - """Handle failures""" - self._debug('_process_failures...') - non_fail_states = frozenset([IteratingStates.RESCUE, - IteratingStates.ALWAYS]) - result = self._tqm.RUN_OK - for host in self._hosts_left: - (s, _) = self._iterator.get_next_task_for_host(host, peek=True) - s = self._iterator.get_active_state(s) - if ((s.run_state not in non_fail_states) - or (s.run_state == IteratingStates.RESCUE - and s.fail_state & FailedStates.RESCUE != 0)): - self._tqm._failed_hosts[host.name] = True - result |= self._tqm.RUN_FAILED_BREAK_PLAY - return result - - def process_work(self): - """Run pending tasks""" - self._debug('process_work...') - self._callback_sent = False - result = self._tqm.RUN_OK - - host_tasks = self._get_next_tasks(self._hosts_left) - self._strat_results = [] - results = [] - for (host, task) in host_tasks: - if not task: - continue - try: - self._has_work = True - results.extend(self._process_host_tasks(host, task)) - except TripleoLinearNoHostTask: - continue - except (TripleoLinearTerminated, TripleoLinearRunOnce): - break - if self._pending_results > 0: - results.extend(self._wait_on_pending_results( - self._iterator)) - - self._strat_results.extend(results) - self.update_active_connections(results) - - return result - - def run(self, iterator, play_context): - """Run our straregy""" - self._debug('run...') - self._iterator = iterator - self._play_context = play_context - self._has_work = True - - result = self._tqm.RUN_OK - - # check for < 2.9 and set vars so we know if we can use hosts cache - if getattr(self, '_set_hosts_cache', False): - self._set_hosts_cache(self._iterator._play) - self._has_hosts_cache = True - if getattr(self, '_set_hosts_cache_all', False): - self._has_hosts_cache_all = True - - while self._has_work and not self._tqm._terminated: - self._has_work = False - self._print('play: {}'.format(iterator._play)) - try: - self._hosts_left = self.get_hosts_left(self._iterator) - result = self.process_work() - - # NOTE(mwhahaha): process_includes returns a status however - # we will pick up on these failures further down because - # failed_hosts will be set. We don't need the status - # in this strategy so we just ignore it. - self.process_includes(self._strat_results, noop=True) - - failed_hosts = [] - unreachable_hosts = [] - fail_lookup = self._get_current_failures() - for res in self._strat_results: - if ((res.is_failed() or res._task.action == 'meta') - and self._iterator.is_failed(res._host)): - failed_hosts.append(res._host) - elif res.is_unreachable(): - unreachable_hosts.append(res._host) - - errored = False - for host in set(failed_hosts + unreachable_hosts): - errored = self._check_fail_percent(host, fail_lookup) - if errored: - break - if (errored and self._any_errors_fatal - and (len(failed_hosts) > 0 - or len(unreachable_hosts) > 0)): - result = self._process_failures() - - failed_hosts = len(self._tqm._failed_hosts) - hosts_left = len(self._hosts_left) - if (result != self._tqm.RUN_OK - and (failed_hosts >= hosts_left)): - self._tqm.send_callback( - 'v2_playbook_on_no_hosts_remaining') - return result - except (IOError, EOFError) as e: - display.warning("Exception while in task loop: {}".format(e)) - return self._tqm.RUN_UNKNOWN_ERROR - - self._debug('sleeping... {}'.format( - C.DEFAULT_INTERNAL_POLL_INTERVAL) - ) - time.sleep(C.DEFAULT_INTERNAL_POLL_INTERVAL) - - return super(StrategyModule, self).run(iterator, play_context, result) diff --git a/tripleo_ansible/ansible_plugins/tests/.yamllint b/tripleo_ansible/ansible_plugins/tests/.yamllint deleted file mode 100644 index 882767605..000000000 --- a/tripleo_ansible/ansible_plugins/tests/.yamllint +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Based on ansible-lint config -extends: default - -rules: - braces: - max-spaces-inside: 1 - level: error - brackets: - max-spaces-inside: 1 - level: error - colons: - max-spaces-after: -1 - level: error - commas: - max-spaces-after: -1 - level: error - comments: disable - comments-indentation: disable - document-start: disable - empty-lines: - max: 3 - level: error - hyphens: - level: error - indentation: disable - key-duplicates: enable - line-length: disable - new-line-at-end-of-file: disable - new-lines: - type: unix - trailing-spaces: disable - truthy: disable diff --git a/tripleo_ansible/ansible_plugins/tests/molecule/container_startup_config/converge.yml b/tripleo_ansible/ansible_plugins/tests/molecule/container_startup_config/converge.yml deleted file mode 100644 index 5d5abae67..000000000 --- a/tripleo_ansible/ansible_plugins/tests/molecule/container_startup_config/converge.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - tasks: - - name: Create temporary for container configs - tempfile: - state: directory - suffix: container_startup_config_tmp - register: container_startup_config_tmp_dir - - name: Generate container startup configs - container_startup_config: - config_data: "{{ lookup('file', playbook_dir + '/files/container-configs.yml', errors='ignore') | default({}, True) | from_yaml }}" - config_base_dir: "{{ container_startup_config_tmp_dir.path }}" - - name: Check that HAproxy container configuration file was created - stat: - path: "{{ container_startup_config_tmp_dir.path }}/step_1/haproxy.json" - register: st_haproxy - failed_when: - - not st_haproxy.stat.exists - - name: Check that HAproxy container configuration is correct - slurp: - src: "{{ container_startup_config_tmp_dir.path }}/step_1/haproxy.json" - register: slurp_haproxy - failed_when: - - ('openstack-haproxy' not in slurp_haproxy['content']|b64decode) diff --git a/tripleo_ansible/ansible_plugins/tests/molecule/container_startup_config/files/container-configs.yml b/tripleo_ansible/ansible_plugins/tests/molecule/container_startup_config/files/container-configs.yml deleted file mode 100644 index 9cbc04de4..000000000 --- a/tripleo_ansible/ansible_plugins/tests/molecule/container_startup_config/files/container-configs.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -step_1: - haproxy: - environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - image: 192.168.24.1:8787/myregistry/openstack-haproxy:latest - keepalived: - image: 192.168.24.1:8787/myregistry/openstack-keepalived:latest -step_2: - mysql: - image: 192.168.24.1:8787/myregistry/openstack-mysql:latest - swift: - image: 192.168.24.1:8787/myregistry/openstack-swift:latest -step_3: - keystone: - image: 192.168.24.1:8787/myregistry/openstack-keystone:latest diff --git a/tripleo_ansible/ansible_plugins/tests/molecule/container_startup_config/molecule.yml b/tripleo_ansible/ansible_plugins/tests/molecule/container_startup_config/molecule.yml deleted file mode 100644 index d3c58732d..000000000 --- a/tripleo_ansible/ansible_plugins/tests/molecule/container_startup_config/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH:-/usr/share/ansible/roles}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - name: container_startup_config - test_sequence: - - prepare - - converge - -verifier: - name: testinfra diff --git a/tripleo_ansible/ansible_plugins/tests/molecule/container_startup_config/prepare.yml b/tripleo_ansible/ansible_plugins/tests/molecule/container_startup_config/prepare.yml deleted file mode 100644 index 805f61ee9..000000000 --- a/tripleo_ansible/ansible_plugins/tests/molecule/container_startup_config/prepare.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Prepare - hosts: all - roles: - - role: test_deps diff --git a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_container_config_scripts/converge.yml b/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_container_config_scripts/converge.yml deleted file mode 100644 index 7ff4cad2f..000000000 --- a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_container_config_scripts/converge.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -- name: Converge - hosts: all - tasks: - - name: Create temporary directory for container config scripts - tempfile: - state: directory - suffix: container_config_scripts_tmp - register: container_config_scripts_tmp_dir - - name: Write container config scripts - tripleo_container_config_scripts: - config_data: - container_puppet_apply.sh: - content: "#!/bin/bash\npuppet apply" - mode: "0700" - config_dir: "{{ container_config_scripts_tmp_dir.path }}" - when: - - not ansible_check_mode|bool - - name: Check that container_puppet_apply.sh file was created with right permissions - stat: - path: "{{ container_config_scripts_tmp_dir.path }}/container_puppet_apply.sh" - register: st_config - failed_when: - - not st_config.stat.exists - - not (st_config.stat.mode == '0700') - when: - - not ansible_check_mode|bool - - name: Check that container_puppet_apply.sh script is correct - slurp: - src: "{{ container_config_scripts_tmp_dir.path }}/container_puppet_apply.sh" - register: slurp_config - failed_when: - - ('puppet apply' not in slurp_config['content']|b64decode) - when: - - not ansible_check_mode|bool diff --git a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_container_config_scripts/molecule.yml b/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_container_config_scripts/molecule.yml deleted file mode 100644 index ed8fda0f9..000000000 --- a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_container_config_scripts/molecule.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH:-/usr/share/ansible/roles}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - name: tripleo_container_config_scripts - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_container_config_scripts/prepare.yml b/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_container_config_scripts/prepare.yml deleted file mode 100644 index 805f61ee9..000000000 --- a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_container_config_scripts/prepare.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Prepare - hosts: all - roles: - - role: test_deps diff --git a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_container_configs/converge.yml b/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_container_configs/converge.yml deleted file mode 100644 index 5b22439b7..000000000 --- a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_container_configs/converge.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- name: Converge - hosts: all - tasks: - - name: Write container config json files - tripleo_container_configs: - config_data: - /tmp/container_config1.json: - command: /usr/bin/ceilometer-polling compute - config_files: - - dest: / - merge: true - preserve_properties: true - source: /var/lib/kolla/config_files/src/* - /tmp/container_config2.json: - command: /usr/bin/ceilometer-agent-notification - config_files: - - dest: / - merge: true - preserve_properties: true - source: /var/lib/kolla/config_files/src/* - - name: Check that container_config1.json file was created - stat: - path: "/tmp/container_config1.json" - register: st_config - failed_when: - - not st_config.stat.exists - when: - - not ansible_check_mode|bool - - name: Check that container_config1.json configuration is correct - slurp: - src: "/tmp/container_config1.json" - register: slurp_config - failed_when: - - ('ceilometer-polling' not in slurp_config['content']|b64decode) - when: - - not ansible_check_mode|bool diff --git a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_container_configs/molecule.yml b/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_container_configs/molecule.yml deleted file mode 100644 index 645db92c7..000000000 --- a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_container_configs/molecule.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH:-/usr/share/ansible/roles}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - name: tripleo_container_configs - test_sequence: - - prepare - - converge - - check - - cleanup - -verifier: - name: testinfra diff --git a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_container_configs/prepare.yml b/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_container_configs/prepare.yml deleted file mode 100644 index 805f61ee9..000000000 --- a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_container_configs/prepare.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Prepare - hosts: all - roles: - - role: test_deps diff --git a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_dnf_stream/converge.yml b/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_dnf_stream/converge.yml deleted file mode 100644 index 3eb532e14..000000000 --- a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_dnf_stream/converge.yml +++ /dev/null @@ -1,140 +0,0 @@ ---- -- name: Converge - hosts: ubi8 - become: true - tasks: - - name: List available modules at test start for debugging purposes - command: dnf module list - register: module_list - - debug: - msg: "{{ module_list.stdout_lines }}" - - debug: - msg: | - "================================================================ - PREPARE: enable maven:3.5 - ================================================================" - - name: Make sure the module is removed before starting - command: dnf module -C -y remove maven:3.5 - - name: Disable the module - command: dnf module -C -y reset maven:3.5 - - debug: - msg: | - "================================================================ - START: enable maven:3.5 - ================================================================" - - name: Enable maven:3.5 module - tripleo_dnf_stream: - name: "maven:3.5" - state: enabled - - debug: - msg: | - "================================================================ - VERIFY: enable maven:3.5 - ================================================================" - - name: Ensure the module got enabled - shell: "dnf module -C -y list --enabled | grep 'maven\\s*3.5'" - failed_when: false - register: check_module - - name: Fail if module not found enabled - fail: - msg: Module maven:3.5 not found - when: check_module.rc != 0 - - debug: - msg: | - "================================================================ - PREPARE: change php:7.2 to php:7.3 - ================================================================" - - name: Make sure the module is enabled before starting - command: dnf module -C -y reset php - - name: Enable the module nginx (php has dependencies on nginx) and php - command: "dnf module -y install {{ item }}" - loop: - - "nginx" - - "php:7.2" - - debug: - msg: | - "================================================================ - START: change php:7.2 to php:7.3 - ================================================================" - - name: Enable php:7.3 module - tripleo_dnf_stream: - name: "php:7.3" - state: enabled - - debug: - msg: | - "================================================================ - VERIFY: change php:7.2 to php:7.3 - ================================================================" - - name: Ensure the module got enabled - shell: "dnf module -C -y list --enabled | grep 'php\\s*7.3'" - failed_when: false - register: check_module - - name: Fail if module not found enabled - fail: - msg: Module php:7.3 not found - when: check_module.rc != 0 - - debug: - msg: | - "================================================================ - PREPARE: enable and disable multiple streams - ================================================================" - - name: Make sure the module is disabled before starting - command: "dnf module -C -y remove nodejs:12 javapackages-runtime:201801" - - name: Disable the module - command: "dnf module -C -y reset nodejs javapackages-runtime" - - debug: - msg: | - "================================================================ - START 1: enable multiple streams - ================================================================" - - name: Enable nodejs:12 and javapackages-runtime:201801 module - tripleo_dnf_stream: - name: - - "nodejs:12" - - "javapackages-runtime:201801" - state: enabled - - debug: - msg: | - "================================================================ - VERIFY 1: enable multiple streams - ================================================================" - - name: Ensure the module got enabled - shell: "dnf module -C -y list --enabled | grep '{{ item.split(\":\")[0] }}\\s*{{ item.split(\":\")[1] }}'" - failed_when: false - register: check_module - loop: - - "nodejs:12" - - "javapackages-runtime:201801" - - name: Fail if module not found enabled - fail: - msg: "Module {{ item.item }} not found" - when: item.rc != 0 - loop: "{{ check_module.results }}" - - debug: - msg: | - "================================================================ - START 2: disable multiple streams - ================================================================" - - name: Disable all enabled modules - tripleo_dnf_stream: - name: - - "nodejs:12" - - "javapackages-runtime:201801" - state: disabled - - debug: - msg: | - "================================================================ - VERIFY 2: disable multiple streams - ================================================================" - - name: Ensure all modules got disabled - shell: "dnf module -C -y list --enabled | grep '{{ item.split(\":\")[0] }}\\s*{{ item.split(\":\")[1] }}'" - failed_when: false - register: check_module - loop: - - "nodejs:12" - - "javapackages-runtime:201801" - - name: Fail if module found enabled - fail: - msg: "Module {{ item.item }} found enabled when it shouldn't" - when: item.rc == 0 - loop: "{{ check_module.results }}" diff --git a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_dnf_stream/molecule.yml b/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_dnf_stream/molecule.yml deleted file mode 100644 index c8ebec2d0..000000000 --- a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_dnf_stream/molecule.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -driver: - name: podman - -# It is not discovered by default podman molecule config -# due to different directory structure. -# That's why the config is kept here - -platforms: - - name: ubi9 - hostname: ubi9 - image: ubi9/ubi-init - registry: - url: registry.access.redhat.com - dockerfile: Dockerfile.j2 - pkg_extras: python*setuptools - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg - - /opt/yum.repos.d:/etc/yum.repos.d:rw - - /etc/dnf/vars:/etc/dnf/vars - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - ulimits: &ulimit - - host - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - ubi9: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - name: tripleo_dnf_stream - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_dnf_stream/prepare.yml b/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_dnf_stream/prepare.yml deleted file mode 100644 index 7d9f4b27b..000000000 --- a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_dnf_stream/prepare.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Prepare - hosts: ubi9 - roles: - - role: test_deps - tasks: - - debug: - msg: | - "================================================================ - STARTING TEST tripleo_dnf_stream - ================================================================" diff --git a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_os_net_config/converge.yml b/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_os_net_config/converge.yml deleted file mode 100644 index c0d2cf112..000000000 --- a/tripleo_ansible/ansible_plugins/tests/molecule/tripleo_os_net_config/converge.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - tasks: - - name: create os-net-config config file - tempfile: - state: file - prefix: os-net-config - register: onc_cfg - # This is a simple test to reconfigure the loopback interface - # because it's not easy to know what nics are available on the host - # and not breaking the current network configs. - - name: write os-net-config config file - copy: - content: - network_config: - - - type: interface - name: lo - use_dhcp: false - use_dhcpv6: false - addresses: - - - ip_netmask: 127.0.0.1/8 - dest: "{{ onc_cfg.path }}" - - name: Create safe os-net-config defaults for all interfaces - become: true - shell: | - set -eux - cat > {{ onc_cfg.path }} </dev/null - HAS_LINK="$(cat /sys/class/net/${iface}/carrier || echo 0)" - if [ "$HAS_LINK" == "1" ]; then - break - else - sleep 1 - fi - TRIES=$(( TRIES - 1 )) - done - if [ "$HAS_LINK" == "1" ] ; then - cat >> {{ onc_cfg.path }} < {{ public_key }}" - when: - - not public_key_stat.stat.exists - -- hosts: allovercloud - gather_facts: false - become: true - pre_tasks: - - name: Get local private key - slurp: - src: "{{ hostvars['undercloud']['private_key'] }}" - register: private_key_get - delegate_to: localhost - no_log: true - - name: Get local public key - slurp: - src: "{{ hostvars['undercloud']['public_key'] }}" - register: public_key_get - delegate_to: localhost - roles: - - role: tripleo_create_admin - tripleo_admin_user: "{{ tripleo_admin_user }}" - tripleo_admin_pubkey: "{{ public_key_get['content'] | b64decode }}" - tripleo_admin_prikey: "{{ private_key_get['content'] | b64decode }}" - no_log: true diff --git a/tripleo_ansible/playbooks/ceph-backup.yaml b/tripleo_ansible/playbooks/ceph-backup.yaml deleted file mode 100644 index 4600eef23..000000000 --- a/tripleo_ansible/playbooks/ceph-backup.yaml +++ /dev/null @@ -1,107 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Ceph MON - become: true - hosts: overcloud_ceph_mon - tasks: - - name: Stop monitor services - import_role: - name: backup_and_restore - tasks_from: ceph_mon_stop - tags: backup - -- name: Ceph MGR - become: true - hosts: overcloud_ceph_mgr - tasks: - - name: Stop manager services - import_role: - name: backup_and_restore - tasks_from: ceph_mgr_stop - tags: backup - -- name: Ceph NFS - become: true - hosts: overcloud_ceph_nfs - tasks: - - name: Stop ceph_nfs services - import_role: - name: backup_and_restore - tasks_from: ceph_nfs_stop - tags: backup - -- name: Ceph MDS - hosts: undercloud - tasks: - - name: Set variables - set_fact: - ceph_ansible_path: "{{ ceph_ansible_path_dir is defined | ternary ( ceph_ansible_path_dir, '/usr/share/ceph-ansible' ) }}" - ansible_log: "{{ ceph_deactivate_log is defined | ternary ( ceph_deactivate_log, '/home/stack/ceph_deactivate_mds.log' ) }}" - ceph_ansible_inventory: | - "{{ ansible_inventory is defined | ternary (ansible_inventory, '/home/stack/config-download/overcloud/ceph-ansible/inventory.yml' ) }}" - ceph_deactivate_mds_file_path: | - "{{ ceph_deactivate_mds_file is defined | ternary (ceph_deactivate_mds_file, '/usr/share/ansible/tripleo_playbooks/ceph_deactivate_mds.yaml') }}" - ceph_extra_vars_file_path: | - "{{ ceph_extra_vars_file is defined | ternary (ceph_extra_vars_file, '@/home/stack/config-download/overcloud/ceph-ansible/extra_vars.yml') }}" - when: - - groups["overcloud_ceph_mds"] is defined - - groups["overcloud_ceph_mds"]|length>0 - - - name: Execute the deactivate_mds ansible playbook - shell: | - set -o pipefail - ANSIBLE_ACTION_PLUGINS={{ ceph_ansible_path }}/plugins/actions/ \ - ANSIBLE_CALLBACK_PLUGINS={{ ceph_ansible_path }}/plugins/callback/ \ - ANSIBLE_FILTER_PLUGINS={{ ceph_ansible_path }}/plugins/filter/ \ - ANSIBLE_ROLES_PATH={{ ceph_ansible_path }}/roles/ \ - ANSIBLE_LIBRARY={{ ceph_ansible_path }}/library/ \ - ANSIBLE_CONFIG={{ ceph_ansible_path }}/ansible.cfg \ - ANSIBLE_REMOTE_TEMP=/tmp/ceph_ansible_tmp \ - ANSIBLE_FORKS=25 \ - ANSIBLE_GATHER_TIMEOUT=60 \ - ANSIBLE_CALLBACK_WHITELIST=profile_tasks \ - ANSIBLE_STDOUT_CALLBACK=default \ - ANSIBLE_LOG_PATH={{ ansible_log }} \ - ansible-playbook --skip-tags package-install,with_pkg \ - -e ansible_python_interpreter=/usr/libexec/platform-python \ - --extra-vars {{ ceph_extra_vars_file_path }} \ - -i {{ ceph_ansible_inventory }} \ - {{ ceph_deactivate_mds_file_path }} - tags: backup - when: - - groups["overcloud_ceph_mds"] is defined - - groups["overcloud_ceph_mds"]|length>0 - -- name: Ceph RGW - become: true - hosts: overcloud_ceph_rgw - tasks: - - name: Stop ceph_rgw services - import_role: - name: backup_and_restore - tasks_from: ceph_rgw_stop - tags: backup - -- name: Backup Ceph directory - become: true - hosts: overcloud_ceph_mon - tasks: - - name: Backup ceph directory and storage on the shared directory - import_role: - name: backup_and_restore - tasks_from: ceph_backup - tags: backup diff --git a/tripleo_ansible/playbooks/ceph_deactivate_mds.yaml b/tripleo_ansible/playbooks/ceph_deactivate_mds.yaml deleted file mode 100644 index 519c40996..000000000 --- a/tripleo_ansible/playbooks/ceph_deactivate_mds.yaml +++ /dev/null @@ -1,96 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: gather facts - hosts: all - -- name: upgrade ceph mdss cluster, deactivate all rank > 0 - hosts: "{{ groups[mon_group_name|default('mons')][0]|default([]) }}" - become: true - tasks: - - name: deactivate all mds rank > 0 - when: groups.get(mds_group_name, []) | length > 0 - block: - - import_role: - name: ceph-defaults - - import_role: - name: ceph-facts - - - name: deactivate all mds rank > 0 if any - when: groups.get(mds_group_name, []) | length > 1 - block: - - name: set max_mds 1 on ceph fs - command: "{{ container_exec_cmd | default('') }} ceph --cluster {{ cluster }} fs set {{ cephfs }} max_mds 1" - changed_when: false - - - name: wait until only rank 0 is up - command: "{{ container_exec_cmd | default('') }} ceph --cluster {{ cluster }} fs get {{ cephfs }} -f json" - changed_when: false - register: wait_rank_zero - retries: 720 - delay: 5 - until: (wait_rank_zero.stdout | from_json).mdsmap.in | length == 1 and (wait_rank_zero.stdout | from_json).mdsmap.in[0] == 0 - - - name: get name of remaining active mds - command: "{{ container_exec_cmd | default('') }} ceph --cluster {{ cluster }} fs dump -f json" - changed_when: false - register: _mds_active_name - - - name: set_fact mds_active_name - set_fact: - mds_active_name: "{{ (_mds_active_name.stdout | from_json)['filesystems'][0]['mdsmap']['info'][item.key]['name'] }}" - with_dict: "{{ (_mds_active_name.stdout | default('{}') | from_json).filesystems[0]['mdsmap']['info'] | default({}) }}" - - - name: set_fact mds_active_host - set_fact: - mds_active_host: "{{ [hostvars[item]['inventory_hostname']] }}" - with_items: "{{ groups[mds_group_name] }}" - when: hostvars[item]['ansible_hostname'] == mds_active_name - - - name: create standby_mdss group - add_host: - name: "{{ item }}" - groups: standby_mdss - ansible_host: "{{ hostvars[item]['ansible_host'] | default(omit) }}" - ansible_port: "{{ hostvars[item]['ansible_port'] | default(omit) }}" - with_items: "{{ groups[mds_group_name] | difference(mds_active_host) }}" - - - name: stop standby ceph mds - systemd: - name: "ceph-mds@{{ hostvars[item]['ansible_hostname'] }}" - state: stopped - enabled: false - delegate_to: "{{ item }}" - with_items: "{{ groups['standby_mdss'] }}" - when: groups['standby_mdss'] | default([]) | length > 0 - - # dedicated task for masking systemd unit - # somehow, having a single task doesn't work in containerized context - - name: mask systemd units for standby ceph mds - systemd: - name: "ceph-mds@{{ hostvars[item]['ansible_hostname'] }}" - masked: true - delegate_to: "{{ item }}" - with_items: "{{ groups['standby_mdss'] }}" - when: groups['standby_mdss'] | default([]) | length > 0 - - - name: wait until all standbys mds are stopped - command: "{{ container_exec_cmd | default('') }} ceph --cluster {{ cluster }} fs dump -f json" - changed_when: false - register: wait_standbys_down - retries: 300 - delay: 5 - until: (wait_standbys_down.stdout | from_json).standbys | length == 0 diff --git a/tripleo_ansible/playbooks/cephadm.yml b/tripleo_ansible/playbooks/cephadm.yml deleted file mode 100644 index 78f91be03..000000000 --- a/tripleo_ansible/playbooks/cephadm.yml +++ /dev/null @@ -1,118 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Deploy Ceph with cephadm - hosts: ceph_mon[0] - tasks: - - name: Satisfy Ceph prerequisites - import_role: - name: tripleo_cephadm - tasks_from: pre - - - name: Bootstrap Ceph - import_role: - name: tripleo_cephadm - tasks_from: bootstrap - when: - - not tripleo_cephadm_deployed_ceph | bool - - - name: Apply ceph_conf_overrides on update - import_role: - name: tripleo_cephadm - tasks_from: apply_ceph_conf_overrides - when: - - tripleo_cephadm_apply_ceph_conf_overrides_on_update | bool - - - name: Run ceph config set to prepare additional parameters - import_role: - name: tripleo_cephadm - tasks_from: cephadm_config_set.yaml - - - name: Apply Ceph spec - import_role: - name: tripleo_cephadm - tasks_from: apply_spec - when: - - not tripleo_cephadm_spec_on_bootstrap | bool - - not tripleo_cephadm_deployed_ceph | bool - - - name: Set crush rules if provided - import_role: - name: tripleo_cephadm - tasks_from: crush_rules - when: - - tripleo_cephadm_crush_rules | length > 0 - - - name: Create Pools - import_role: - name: tripleo_cephadm - tasks_from: pools - - - name: Config RGW - import_role: - name: tripleo_cephadm - tasks_from: rgw - - - name: Config MDS and Ganesha daemons - block: - - name: Config MDS - import_role: - name: tripleo_cephadm - tasks_from: mds - - - name: Config Ganesha - include_role: - name: tripleo_cephadm - tasks_from: nfs - when: - - groups['ceph_nfs'] | default([]) | length > 0 - when: - - cephfs_data_pool is defined - - cephfs_metadata_pool is defined - - - name: Configure Monitoring Stack - import_role: - name: tripleo_cephadm - tasks_from: monitoring - - - name: Create Keys - import_role: - name: tripleo_cephadm - tasks_from: keys - - - name: Configure RBD Mirror - import_role: - name: tripleo_cephadm - tasks_from: rbd_mirror - - - name: Export configuration for tripleo_ceph_client - import_role: - name: tripleo_cephadm - tasks_from: export - - - name: Show the Ceph cluster status - import_role: - name: tripleo_cephadm - tasks_from: post - -- name: Distribute the admin keyring - hosts: ceph_mon - tasks: - - name: Distribute the admin keyring - import_role: - name: tripleo_ceph_distribute_keys - vars: - tripleo_ceph_distribute_keys_config_home: "{{ tripleo_cephadm_config_home | default('/etc/ceph') }}" - tripleo_ceph_distribute_keys_cluster: "{{ tripleo_cephadm_cluster | default('ceph') }}" diff --git a/tripleo_ansible/playbooks/cli-baremetal-bios-apply.yaml b/tripleo_ansible/playbooks/cli-baremetal-bios-apply.yaml deleted file mode 100644 index 3823652a5..000000000 --- a/tripleo_ansible/playbooks/cli-baremetal-bios-apply.yaml +++ /dev/null @@ -1,77 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Baremetal bios reset for multiple Ironic Nodes - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - concurrency: 20 - max_retries: 2 - node_timeout: 1200 - pre_tasks: - - name: Check for required inputs - fail: - msg: > - Input missing `{{ item }}` - when: - - hostvars[inventory_hostname][item] is undefined - loop: - - node_uuids - - bios_configuration - - tasks: - - name: Set node_uuids_apply fact - set_fact: - node_uuids_apply: "{{ node_uuids }}" - - # NOTE(cloudnull): This limits the concurrency so that we're not adding - # more threads than needed. - - name: Set concurrency fact - set_fact: - runtime_concurrency: "{{ - ((concurrency | int) > (node_uuids_apply | length)) | - ternary((node_uuids_apply | length), (concurrency | int)) - }}" - - - name: exit if nothing to do - block: - - name: Notice - debug: - msg: No nodes are manageable at this time. - - - name: end play - meta: end_play - when: - - (node_uuids_apply | length) < 1 - - - name: Notice - debug: - msg: >- - Running raid config on the following nodes, {{ node_uuids_apply }}. - - - name: Start baremetal bios apply - os_baremetal_clean_node: - node_uuid: "{{ node_uuids_apply }}" - concurrency: "{{ runtime_concurrency }}" - timeout: "{{ node_timeout }}" - clean_steps: - - interface: bios - step: apply_configuration - args: - settings: "{{ bios_configuration }}" diff --git a/tripleo_ansible/playbooks/cli-baremetal-bios-reset.yaml b/tripleo_ansible/playbooks/cli-baremetal-bios-reset.yaml deleted file mode 100644 index 8627d9aee..000000000 --- a/tripleo_ansible/playbooks/cli-baremetal-bios-reset.yaml +++ /dev/null @@ -1,74 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Baremetal bios reset for multiple Ironic Nodes - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - concurrency: 20 - max_retries: 2 - node_timeout: 1200 - pre_tasks: - - name: Check for required inputs - fail: - msg: > - Input missing `{{ item }}` - when: - - hostvars[inventory_hostname][item] is undefined - loop: - - node_uuids - - tasks: - - name: Set node_uuids_reset fact - set_fact: - node_uuids_reset: "{{ node_uuids }}" - - # NOTE(cloudnull): This limits the concurrency so that we're not adding - # more threads than needed. - - name: Set concurrency fact - set_fact: - runtime_concurrency: "{{ - ((concurrency | int) > (node_uuids_reset | length)) | - ternary((node_uuids_reset | length), (concurrency | int)) - }}" - - - name: exit if nothing to do - block: - - name: Notice - debug: - msg: No nodes are manageable at this time. - - - name: end play - meta: end_play - when: - - (node_uuids_reset | length) < 1 - - - name: Notice - debug: - msg: >- - Running raid config on the following nodes, {{ node_uuids_reset }}. - - - name: Start baremetal bios reset - os_baremetal_clean_node: - node_uuid: "{{ node_uuids_reset }}" - concurrency: "{{ runtime_concurrency }}" - timeout: "{{ node_timeout }}" - clean_steps: - - interface: bios - step: factory_reset diff --git a/tripleo_ansible/playbooks/cli-baremetal-clean.yaml b/tripleo_ansible/playbooks/cli-baremetal-clean.yaml deleted file mode 100644 index b1cd92c1c..000000000 --- a/tripleo_ansible/playbooks/cli-baremetal-clean.yaml +++ /dev/null @@ -1,75 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Baremetal cleaning for multiple Ironic Nodes - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - run_validations: false - concurrency: 20 - max_retries: 2 - node_timeout: 1200 - pre_tasks: - - name: Check for required inputs - fail: - msg: >- - Required input `node_uuids` is undefined. - when: - - node_uuids is undefined - - tasks: - - name: Set node_uuids_clean fact - set_fact: - node_uuids_clean: "{{ node_uuids }}" - - # NOTE(cloudnull): This limits the concurrency so that we're not adding - # more threads than needed. - - name: Set concurrency fact - set_fact: - runtime_concurrency: "{{ - ((concurrency | int) > (node_uuids_clean | length)) | - ternary((node_uuids_clean | length), (concurrency | int)) - }}" - - - name: exit if nothing to do - when: - - (node_uuids_clean | length) < 1 - block: - - name: Notice - debug: - msg: No nodes are manageable at this time. - - - name: end play - meta: end_play - - - name: Notice - debug: - msg: >- - Running cleaning on the following nodes, {{ node_uuids_clean }}. - - # Clean nodes - - name: Start baremetal cleaning - os_baremetal_clean_node: - node_uuid: "{{ node_uuids_clean }}" - concurrency: "{{ runtime_concurrency }}" - # max_retries: "{{ max_retries }}" NotImplemented - timeout: "{{ node_timeout }}" - clean_steps: - - interface: deploy - step: erase_devices_metadata diff --git a/tripleo_ansible/playbooks/cli-baremetal-introspect.yaml b/tripleo_ansible/playbooks/cli-baremetal-introspect.yaml deleted file mode 100644 index bfc42d8b0..000000000 --- a/tripleo_ansible/playbooks/cli-baremetal-introspect.yaml +++ /dev/null @@ -1,121 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Baremetal Introspection for multiple Ironic Nodes - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - run_validations: false - concurrency: 20 - max_retries: 1 - node_timeout: 1200 - retry_timeout: 120 - pre_tasks: - - name: Check for required inputs - fail: - msg: > - Input missing `{{ item }}` - when: - - hostvars[inventory_hostname][item] is undefined - loop: - - node_uuids - tasks: - - name: Set node_uuids_intro fact - set_fact: - node_uuids_intro: "{{ node_uuids }}" - - - name: exit if nothing to do - block: - - name: Notice - fail: - msg: No nodes are manageable at this time. - when: - - node_uuids_intro == [] - - # NOTE(cloudnull): This limits the concurrency so that we're not adding - # more threads than needed. - - name: Set concurrency fact - set_fact: - runtime_concurrency: "{{ - ((concurrency | int) > (node_uuids_intro | length)) | - ternary((node_uuids_intro | length), (concurrency | int)) - }}" - - # Pre-introspection validation - - name: Validations block - when: - - run_validations | bool - block: - - name: Check if validation enabled - set_fact: - validations_enabled: "{{ lookup('hiera', 'tripleo_validations_enabled') }}" - run_once: true - become: true - - # Pre-introspection validation - # NOTE(cloudnull): The stackrc file is sourced because validations are not - # 100% compatible with clouds.yaml at this time. - - name: Run Validations - shell: |- - source "{{ ansible_home }}/stackrc" - openstack --os-cloud undercloud tripleo validator run --group "pre-introspection" - when: - - validations_enabled | bool - - - name: Fail if validations are disabled - fail: - msg: >- - Run validations were enabled but via hiera information disabled. - Check the configuration and try again. - when: - - not (validations_enabled | bool) - - # Introspect nodes - - name: Start baremetal introspection - os_tripleo_baremetal_node_introspection: - node_uuids: "{{ node_uuids_intro }}" - concurrency: "{{ runtime_concurrency }}" - max_retries: "{{ max_retries }}" - node_timeout: "{{ node_timeout }}" - retry_timeout: "{{ retry_timeout }}" - log_level: info - register: baremetal_introspection_result - failed_when: false - - - name: Introspection log - debug: - var: baremetal_introspection_result.logging - - - name: Node introspection summary - debug: - msg: |- - Passed: [{{ baremetal_introspection_result.passed_nodes | join(', ') }}] - Failed: [{{ baremetal_introspection_result.failed_nodes | join(', ') }}] - {% if baremetal_introspection_result.passed_nodes == [] %} - No nodes passed introspection - {% elif baremetal_introspection_result.failed_nodes == [] %} - All nodes completed introspection successfully! - {% endif %} - - - name: Node introspection failed and no results are provided - fail: - msg: >- - Nodes failed introspection - when: - - baremetal_introspection_result.failed_nodes != [] diff --git a/tripleo_ansible/playbooks/cli-baremetal-raid.yaml b/tripleo_ansible/playbooks/cli-baremetal-raid.yaml deleted file mode 100644 index c80d5403f..000000000 --- a/tripleo_ansible/playbooks/cli-baremetal-raid.yaml +++ /dev/null @@ -1,80 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Baremetal cleaning for multiple Ironic Nodes - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - concurrency: 20 - max_retries: 2 - node_timeout: 1200 - pre_tasks: - - name: Check for required inputs - fail: - msg: > - Input missing `{{ item }}` - when: - - hostvars[inventory_hostname][item] is undefined - loop: - - node_uuids - - raid_configuration - - tasks: - - name: Set node_uuids_raid fact - set_fact: - node_uuids_raid: "{{ node_uuids }}" - - # NOTE(cloudnull): This limits the concurrency so that we're not adding - # more threads than needed. - - name: Set concurrency fact - set_fact: - runtime_concurrency: "{{ - ((concurrency | int) > (node_uuids_raid | length)) | - ternary((node_uuids_raid | length), (concurrency | int)) - }}" - - - name: exit if nothing to do - block: - - name: Notice - debug: - msg: No nodes are manageable at this time. - - - name: end play - meta: end_play - when: - - (node_uuids_raid | length) < 1 - - - name: Notice - debug: - msg: >- - Running raid config on the following nodes, {{ node_uuids_raid }}. - - - name: Start baremetal raid configuration - os_baremetal_clean_node: - node_uuid: "{{ node_uuids_raid }}" - concurrency: "{{ runtime_concurrency }}" - raid_config: "{{ raid_configuration }}" - timeout: "{{ node_timeout }}" - clean_steps: - - interface: raid - step: delete_configuration - - interface: deploy - step: erase_devices_metadata - - interface: raid - step: create_configuration diff --git a/tripleo_ansible/playbooks/cli-config-download.yaml b/tripleo_ansible/playbooks/cli-config-download.yaml deleted file mode 100644 index 776263051..000000000 --- a/tripleo_ansible/playbooks/cli-config-download.yaml +++ /dev/null @@ -1,83 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Download config - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - plan: overcloud - ssh_network: ctlplane - ansible_ssh_user: tripleo-admin - ansible_ssh_private_key_file: /home/stack/.ssh/id_rsa - python_interpreter: null - config_type: null - preserve_config: true - - tasks: - - name: Set output_dir - set_fact: - output_dir: "{{ lookup('env', 'HOME')~'/config-download'}}" - when: output_dir is not defined - - - name: Set work_dir - set_fact: - work_dir: "{{ output_dir ~ '/' ~ plan }}" - - - name: Clean work_dir - file: - path: "{{ work_dir }}" - state: absent - when: not preserve_config | bool - - - name: Create config dir if does not exist - file: - path: "{{ work_dir }}" - state: directory - - - name: Download config - tripleo_config_download: - plan: "{{ plan }}" - work_dir: "{{ work_dir }}" - download: true - config_type: "{{ config_type }}" - - - name: Generate ansible inventory - tripleo_generate_ansible_inventory: - plan: "{{ plan }}" - work_dir: "{{ work_dir }}" - ssh_network: "{{ ssh_network }}" - ansible_ssh_user: "{{ ansible_ssh_user }}" - ansible_python_interpreter: "{{ python_interpreter }}" - ansible_ssh_private_key_file: "{{ ansible_ssh_private_key_file }}" - when: inventory_path is not defined or inventory_path != None - - # TODO(mwhahaha): switch tripleo_generate_ansible_inventory to do this - # when we've nuked all the tripleo-ansible-inventory.yaml everywhere - - name: Copy inventory to AnsibleRunner location - block: - - name: Create inventory directory - ansible.builtin.file: - path: "{{ output_dir ~ '/' ~ plan }}/inventory" - state: directory - mode: 0700 - - name: Copy generated inventory - ansible.builtin.copy: - src: "{{ work_dir }}/tripleo-ansible-inventory.yaml" - dest: "{{work_dir }}/inventory/tripleo" - remote_src: true diff --git a/tripleo_ansible/playbooks/cli-container-image-prepare.yaml b/tripleo_ansible/playbooks/cli-container-image-prepare.yaml deleted file mode 100644 index 361db5a6c..000000000 --- a/tripleo_ansible/playbooks/cli-container-image-prepare.yaml +++ /dev/null @@ -1,73 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Container Image Prepare - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - roles_file: /usr/share/openstack-tripleo-heat-templates/roles_data.yaml - environment_files: [] - environment_directories: [] - cleanup: full - dry_run: false - debug: false - log_file: container_image_prepare.log - - tasks: - - name: Fetch roles_data - slurp: - src: "{{ roles_file | tht_abspath }}" - register: roles_data - - name: Set fact for log file - set_fact: - cip_log_file: "{{ lookup('env', 'HOME') ~ '/' ~ log_file }}" - - name: Get all files in directories - find: - paths: "{{ environment_directories | tht_abspath(ignore_error=true) }}" - patterns: '*.yaml' - when: environment_directories|list|length > 0 - register: out_env_files - - name: Build environment_files - set_fact: - env_files: "{{ out_env_files.files | map( - attribute='path') | list + (environment_files | tht_abspath) }}" - - name: Build heat stack environment - tripleo_build_heat_environment: - env_files: "{{ env_files }}" - register: env_result - - name: Prepare container images, check logs in {{ cip_log_file }} - become: true - tripleo_container_image_prepare: - roles_data: "{{ roles_data['content'] | b64decode | from_yaml}}" - environment: "{{ env_result.environment }}" - cleanup: "{{ cleanup }}" - dry_run: "{{ dry_run }}" - log_file: "{{ cip_log_file }}" - debug: "{{ debug }}" - register: prepare_result - - name: Write output to file to {{ output_env_file }} - copy: - content: "{{ prepare_result.params | to_nice_yaml }}" - backup: true - dest: "{{ output_env_file }}" - when: output_env_file is defined - - name: Write output to console - debug: - msg: "{{ prepare_result.params | to_nice_yaml }}" - when: output_env_file is not defined diff --git a/tripleo_ansible/playbooks/cli-container-registry-config.yaml b/tripleo_ansible/playbooks/cli-container-registry-config.yaml deleted file mode 100644 index cfc405e06..000000000 --- a/tripleo_ansible/playbooks/cli-container-registry-config.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Used by deployed ceph to configure container registry before overcloud deploy - -- name: Configure overcloud container registry - hosts: allovercloud - become: true - tasks: - - name: Configure podman and include insecure registries - include_role: - name: tripleo_podman - tasks_from: install.yml diff --git a/tripleo_ansible/playbooks/cli-deployed-ceph.yaml b/tripleo_ansible/playbooks/cli-deployed-ceph.yaml deleted file mode 100644 index 96fb5a258..000000000 --- a/tripleo_ansible/playbooks/cli-deployed-ceph.yaml +++ /dev/null @@ -1,287 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Create Ceph Spec - hosts: undercloud - gather_facts: false - vars: - osd_spec: - data_devices: - all: true - tripleo_roles_path: "/usr/share/openstack-tripleo-heat-templates/roles_data.yaml" - dynamic_ceph_spec: true - cephadm_admin_hosts: [] - cephadm_non_admin_hosts: [] - pre_tasks: - - name: Ensure required inputs if using dynamic_ceph_spec - when: - - dynamic_ceph_spec | bool - block: - - fail: - msg: baremetal_deployed_path is a required input - when: - - baremetal_deployed_path is undefined - - fail: - msg: deployed_ceph_tht_path is a required input - when: - - deployed_ceph_tht_path is undefined - - - name: Ensure working_dir is provided - fail: - msg: working_dir is a required input - when: - - working_dir is undefined - tasks: - - name: ensure ceph_spec_path is defined - set_fact: - ceph_spec_path: "{{ working_dir }}/generated_ceph_spec.yaml" - when: - - ceph_spec_path is undefined - - - name: Override osd_spec if osd_spec_path is provided - set_fact: - osd_spec: "{{ osd_spec_path_content | from_yaml }}" - vars: - osd_spec_path_content: "{{ lookup('file', osd_spec_path) }}" - when: - - osd_spec_path is defined - - osd_spec_path | length > 0 - tags: - - ceph_spec - - - name: Override crush hierarchy if a custom crush path is provided - set_fact: - crush_hierarchy: "{{ crush_spec_content | from_yaml }}" - vars: - crush_spec_content: "{{ lookup('file', crush_hierarchy_path) }}" - when: - - crush_hierarchy_path is defined - - crush_hierarchy_path | length > 0 - tags: - - ceph_spec - - - name: Create Ceph spec based on baremetal_deployed_path and tripleo_roles - ceph_spec_bootstrap: - new_ceph_spec: "{{ ceph_spec_path }}" - tripleo_roles: "{{ tripleo_roles_path }}" - osd_spec: "{{ osd_spec }}" - crush_hierarchy: "{{ crush_hierarchy | default({}) }}" - deployed_metalsmith: "{{ baremetal_deployed_path }}" - tripleo_ansible_inventory: "{{ inventory_file }}" - method: 'both' - when: - - dynamic_ceph_spec | bool - tags: - - ceph_spec - - - name: Get list of hosts which need ceph-admin user - vars: - cephadm_spec_content: "{{ lookup('file', ceph_spec_path) }}" - block: - - name: Add hosts with mon label to the cephadm_admin_hosts list - set_fact: - cephadm_admin_hosts: "{{ cephadm_admin_hosts + [ item.hostname ] }}" - loop: "{{ cephadm_spec_content | from_yaml_all | list }}" - when: - - item | length > 0 - - item.hostname is defined - - item.service_type is defined - - item.service_type == 'host' - - item.labels is defined - - '"mon" in item.labels | list' - - - name: Add hosts with osd label to the cephadm_non_admin_hosts list - set_fact: - cephadm_non_admin_hosts: "{{ cephadm_non_admin_hosts + [ item.hostname ] }}" - loop: "{{ cephadm_spec_content | from_yaml_all | list }}" - when: - - item | length > 0 - - item.hostname is defined - - item.service_type is defined - - item.service_type == 'host' - - item.labels is defined - - '"osd" in item.labels | list' - - - name: Ensure there is at least one monitor in the spec file - fail: - msg: "No hosts with the mon label were in the spec {{ ceph_spec_path }}" - when: - - not cephadm_admin_hosts | length > 0 - - - name: Add hosts with mon label to ceph_mon inventory group for next play - add_host: - name: "{{ item }}" - groups: ceph_mon - loop: "{{ cephadm_admin_hosts }}" - - - name: Add mds and nfs labels - block: - - name: Add hosts with mds label to ceph_mds inventory group for next play - add_host: - name: "{{ item }}" - groups: ceph_mds - loop: "{{ cephadm_admin_hosts }}" - - - name: Add hosts with nfs label to ceph_nfs inventory group for next play - add_host: - name: "{{ item }}" - groups: ceph_nfs - loop: "{{ cephadm_admin_hosts }}" - when: tripleo_cephadm_daemon_ceph_nfs | default(False) - - - name: Prepare cephadm user and keys - include_role: - name: tripleo_run_cephadm - tasks_from: enable_ceph_admin_user.yml - vars: - ceph_working_dir: "{{ working_dir }}" - tags: - - cephadm_ssh_user - - -- name: Bootstrap Ceph and apply spec - hosts: ceph_mon[0] - gather_facts: false - vars: - tripleo_cephadm_spec_on_bootstrap: false - tripleo_cephadm_spec_ansible_host: "{{ ceph_spec_path }}" - tripleo_cephadm_bootstrap_host: "{{ inventory_hostname_short }}" - pre_tasks: - - name: Ensure ceph_spec_path is defined - set_fact: - ceph_spec_path: "{{ working_dir }}/generated_ceph_spec.yaml" - when: - - ceph_spec_path is undefined - - - name: Ensure public_network and cluster_network are defined - fail: - msg: > - The following four variables must be passed to this playbook - public_network ({{ public_network }}) | - public_network_name ({{ public_network_name }}) | - cluster_network ({{ cluster_network }}) | - cluster_network_name ({{ cluster_network_name }}) - when: - - (public_network is undefined or public_network | length == 0) or - (public_network_name is undefined or public_network_name | length == 0) or - (cluster_network is undefined or cluster_network | length == 0) or - (cluster_network_name is undefined or cluster_network_name | length == 0) - - - name: Set IP address of first monitor - set_fact: - tripleo_cephadm_first_mon_ip: "{{ hv[public_network_name + '_ip'] }}" - vars: - hv: "{{ hostvars[inventory_hostname_short] }}" - when: - - tripleo_cephadm_first_mon_ip is undefined - - tasks: - - name: Satisfy Ceph prerequisites - import_role: - name: tripleo_cephadm - tasks_from: pre - - - name: Bootstrap Ceph - import_role: - name: tripleo_cephadm - tasks_from: bootstrap - - - name: Configure public/private network and ms_bind ipv4/v6 - import_role: - name: tripleo_cephadm - tasks_from: network_config_set - - - name: Prepare Ceph VIPs - import_role: - name: tripleo_cephadm - tasks_from: ceph_vip - delegate_to: localhost - when: - - tripleo_cephadm_ha_services_path is defined - - tripleo_cephadm_ingress | default(true) - - - name: Apply Ceph spec - import_role: - name: tripleo_cephadm - tasks_from: apply_spec - when: - - not tripleo_cephadm_spec_on_bootstrap - - - name: Create ceph pools if tripleo_cephadm_pools was set - import_role: - name: tripleo_cephadm - tasks_from: pools - when: - - tripleo_cephadm_pools is defined - - tripleo_cephadm_pools | length > 0 - - - name: Create Keys if tripleo_cephadm_keys was set - import_role: - name: tripleo_cephadm - tasks_from: keys - when: - - tripleo_cephadm_keys is defined - - tripleo_cephadm_keys | length > 0 - - - name: Export configuration for tripleo_ceph_client - import_role: - name: tripleo_cephadm - tasks_from: export - when: - - tripleo_cephadm_pools is defined - - tripleo_cephadm_pools | length > 0 - - tripleo_cephadm_keys is defined - - tripleo_cephadm_keys | length > 0 - - - name: Config MDS and Ganesha daemons - when: tripleo_cephadm_daemon_ceph_nfs | default(False) - block: - - fail: - msg: Vips are required to configure HA services - when: - - tripleo_cephadm_ha_services_path is not defined - - tripleo_cephadm_ingress | default(true) - - name: Config MDS - import_role: - name: tripleo_cephadm - tasks_from: mds - vars: - cephfs_data_pool: - name: "{{ cephfs_data | default('manila_data') }}" - application: cephfs - cephfs_metadata_pool: - application: cephfs - name: "{{ cephfs_metadata | default('manila_metadata') }}" - - name: Config Ganesha - include_role: - name: tripleo_cephadm - tasks_from: ceph_nfs - vars: - tripleo_cephadm_ceph_nfs_address_block: "{{ public_network }}" - when: - - groups['ceph_nfs'] | default([]) | length > 0 - - - name: Show the Ceph cluster status - import_role: - name: tripleo_cephadm - tasks_from: post - - - name: Create Deployed Ceph environment file for overcloud deployment - import_role: - name: tripleo_cephadm - tasks_from: make_deployed_ceph_tht - vars: - tripleo_cephadm_deployed_ceph_tht_path: "{{ deployed_ceph_tht_path }}" diff --git a/tripleo_ansible/playbooks/cli-enable-ssh-admin.yaml b/tripleo_ansible/playbooks/cli-enable-ssh-admin.yaml deleted file mode 100644 index 9b8a9fcd1..000000000 --- a/tripleo_ansible/playbooks/cli-enable-ssh-admin.yaml +++ /dev/null @@ -1,196 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Playbook for establishing ssh keys - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - distribute_private_key: false - handlers: - - name: Remove mistral tmp file - file: - path: "{{ tempfile_1.path }}" - state: absent - tasks: - - name: No ssh servers defined - fail: - msg: >- - The ssh_servers option was undefined. - when: - - ssh_servers is undefined - - - name: Set local connection user facts - set_fact: - ansible_home: "{{ lookup('env', 'HOME') }}" - ansible_user: "{{ lookup('env', 'USER') }}" - run_once: true - when: - - (tripleo_target_host is defined) | ternary('ssh', 'local') == 'local' - - - name: Set facts for ssh servers and user private key file - set_fact: - set_ssh_servers: "{{ ssh_servers }}" - defined_user_private_key_file: "{{ user_private_key_file | default(ansible_home ~ '/.ssh/id_rsa_tripleo') }}" - run_once: true - - - name: Ensure .ssh directory - file: - path: "{{ ansible_home }}/.ssh" - state: directory - mode: "0700" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - become: true - - - name: Ensure ssh key pair - user: - name: "{{ ansible_user }}" - generate_ssh_key: true - ssh_key_bits: 4096 - ssh_key_file: "{{ ansible_home }}/.ssh/id_rsa" - become: true - - - name: Stat key file - stat: - path: "{{ defined_user_private_key_file }}" - register: key_check - - - name: Key block - when: - - user_public_key is undefined - - user_private_key is undefined - - user_private_key_file is undefined - block: - - name: Read key block - run_once: true - when: - - key_check.stat.exists | bool - block: - - name: Get local private key - slurp: - src: "{{ defined_user_private_key_file }}" - register: private_key_get - become: true - - - name: Get local public key - slurp: - src: "{{ defined_user_private_key_file }}.pub" - register: public_key_get - become: true - - - name: Set key facts - set_fact: - user_public_key: "{{ public_key_get['content'] | b64decode }}" - user_private_key: "{{ private_key_get['content'] | b64decode }}" - user_private_key_file: "{{ defined_user_private_key_file }}" - - - name: Read and create key block - run_once: true - when: - - not (key_check.stat.exists | bool) - block: - - name: Get local private key - slurp: - src: "{{ ansible_home }}/.ssh/id_rsa" - register: private_key_get - become: true - - - name: Get local public key - slurp: - src: "{{ ansible_home }}/.ssh/id_rsa.pub" - register: public_key_get - become: true - - - name: Write tripleo private key - copy: - content: "{{ private_key_get['content'] | b64decode }}" - dest: "{{ defined_user_private_key_file }}" - mode: "0600" - - - name: Write tripleo public key - copy: - content: "{{ public_key_get['content'] | b64decode }}" - dest: "{{ defined_user_private_key_file }}.pub" - mode: "0640" - - - name: Set key file fact - set_fact: - user_public_key: "{{ public_key_get['content'] | b64decode }}" - user_private_key: "{{ private_key_get['content'] | b64decode }}" - user_private_key_file: "{{ defined_user_private_key_file }}" - - - name: Ensure user can ssh to localhost - authorized_key: - user: "{{ ansible_user }}" - key: "{{ user_public_key }}" - become: true - - - name: Set node key fact - set_fact: - node_key_fact: "{{ lookup('env', 'ANSIBLE_PRIVATE_KEY_FILE') or (ansible_ssh_private_key_file | default(ansible_home ~ '/.ssh/id_rsa')) }}" - - - name: Add ssh-servers - add_host: - hostname: "{{ item }}" - groups: tripleo_queues - user_public_key: "{{ user_public_key }}" - user_private_key: "{{ user_private_key }}" - user_private_key_file: "{{ user_private_key_file }}" - ansible_user: "{{ ssh_user | default(ansible_user) }}" - ansible_ssh_private_key_file: "{{ node_key_fact }}" - changed_when: false - loop: '{{ set_ssh_servers }}' - - -- name: Run Create admin - hosts: localhost:tripleo_queues - become: true - any_errors_fatal: true - gather_facts: false - pre_tasks: - # NOTE(cloudnull): The connection will allow for 40 minutes before failing. This time was chosen - # because a server may take anywhere from 5 to 40 minutes to boot, and in large - # deployments the number of "forks" may not accomodate all nodes running this - # task in parallel. Because we don't know the all of the characteristics of the - # machine being used, there's no way to compute the value appropriate for a - # given node(s), so 40 minutes should accommodate most environments. - - name: Wait for connection to become available - wait_for_connection: - sleep: 4 - timeout: 2400 - - - name: Gather facts with an active connection - setup: - gather_subset: - - '!facter' - - '!ohai' - roles: - - role: tripleo_create_admin - tripleo_admin_user: tripleo-admin - tripleo_admin_pubkey: "{{ user_public_key }}" - tripleo_admin_prikey: "{{ user_private_key }}" - -- name: Validate TripleO Admin Access - hosts: localhost:tripleo_queues - user: tripleo-admin - gather_facts: false - vars: - ansible_ssh_private_key_file: "{{ user_private_key_file }}" - tasks: - - name: Ping host - ping: {} diff --git a/tripleo_ansible/playbooks/cli-generate-containerfile.yaml b/tripleo_ansible/playbooks/cli-generate-containerfile.yaml deleted file mode 100644 index 10712bec7..000000000 --- a/tripleo_ansible/playbooks/cli-generate-containerfile.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate container file(s) - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - roles: - - role: tripleo_container_image_build diff --git a/tripleo_ansible/playbooks/cli-grant-local-access.yaml b/tripleo_ansible/playbooks/cli-grant-local-access.yaml deleted file mode 100644 index fbd8b9c83..000000000 --- a/tripleo_ansible/playbooks/cli-grant-local-access.yaml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Playbook for granting a given user local access - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - become: true - pre_tasks: - - name: Check for required inputs - fail: - msg: > - Input missing `{{ item }}` - when: - - hostvars[inventory_hostname][item] is undefined - loop: - - access_path - - execution_user - tasks: - - name: Ensure access path exists - file: - path: "{{ access_path }}" - state: directory - - - name: Grant privileges to the execution user - acl: - path: "{{ access_path }}" - entry: "user:{{ item }}:rwx" - state: present - recursive: true - loop: - - "{{ execution_user }}" - - tripleo-admin diff --git a/tripleo_ansible/playbooks/cli-hosts-file-config.yaml b/tripleo_ansible/playbooks/cli-hosts-file-config.yaml deleted file mode 100644 index 670447383..000000000 --- a/tripleo_ansible/playbooks/cli-hosts-file-config.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Used by deployed ceph to configure /etc/hosts before overcloud deploy - -- name: Configure overcloud hosts file - hosts: allovercloud - become: true - tasks: - - name: Add hosts to /etc/hosts - include_role: - name: tripleo_hosts_entries diff --git a/tripleo_ansible/playbooks/cli-overcloud-backup-cron.yaml b/tripleo_ansible/playbooks/cli-overcloud-backup-cron.yaml deleted file mode 100644 index e6c0a4cbe..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-backup-cron.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Do nothing if one of the hosts is unreachable - hosts: '{{ tripleo_controller_group_name }}' - become: true - vars_files: - ../roles/backup_and_restore/defaults/main.yml - tasks: - - name: Check ALL hosts are reacheable - fail: - msg: > - [REQUIRED] ALL hosts to be reachable, so flagging {{ inventory_hostname }} as failed, - because host {{ item }} has no facts, meaning it is UNREACHABLE. - when: "hostvars[item].ansible_facts|list|length == 0" - with_items: "{{ groups[tripleo_controller_group_name] }}" - run_once: true - -- name: TripleO Controller backup - hosts: Undercloud - become: true - tasks: - - name: Create cron programming - include_role: - name: backup_and_restore - tasks_from: setup_cron_overcloud diff --git a/tripleo_ansible/playbooks/cli-overcloud-backup.yaml b/tripleo_ansible/playbooks/cli-overcloud-backup.yaml deleted file mode 100644 index 7b9838005..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-backup.yaml +++ /dev/null @@ -1,64 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Stop executing if one of the hosts is unreachable - hosts: '{{ tripleo_controller_group_name }}' - become: true - vars_files: - ../roles/backup_and_restore/defaults/main.yml - tasks: - - name: Check ALL hosts are reacheable - fail: - msg: > - [REQUIRED] ALL hosts to be reachable, so flagging {{ inventory_hostname }} as failed, - because host {{ item }} has no facts, meaning it is UNREACHABLE. - when: "hostvars[item].ansible_facts|list|length == 0" - with_items: "{{ groups[tripleo_controller_group_name] }}" - run_once: true - -- name: Backup ceph authentication - hosts: ceph_mon - become: true - tasks: - - name: Backup ceph authentication role - include_role: - name: backup_and_restore - tasks_from: ceph_authentication - tags: - - bar_create_recover_image - -- name: Check Controller group - hosts: localhost - vars_files: - ../roles/backup_and_restore/defaults/main.yml - tasks: - - assert: - that: - - item in groups - - ( groups[item] | length ) > 0 - fail_msg: "There is no server on {{ item }} groups" - with_items: "{{ tripleo_controller_group_name }}" - tags: - - bar_create_recover_image - -- name: TripleO Controller backup - hosts: '{{ tripleo_controller_group_name }}' - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - serial: "{{ (tripleo_controller_group_name|length > 1) or (tripleo_backup_and_restore_enable_snapshots|bool) | ternary(1, groups[tripleo_controller_group_name]|length) }}" - vars_files: - ../roles/backup_and_restore/defaults/main.yml - become: true - roles: - - role: backup_and_restore diff --git a/tripleo_ansible/playbooks/cli-overcloud-conf-ironic.yaml b/tripleo_ansible/playbooks/cli-overcloud-conf-ironic.yaml deleted file mode 100644 index a42e41e63..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-conf-ironic.yaml +++ /dev/null @@ -1,46 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Get undercloud data - hosts: Undercloud - tasks: - - name: Get networking - setup: - gather_subset: network - tags: - - bar_setup_rear - -- name: TripleO Ironic ReaR installation and configuration on Overcloud - hosts: "{{ tripleo_backup_and_restore_overcloud_prepare_ironic | default('Controller') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - become: true - vars: - tripleo_backup_and_restore_pxe_output_url: "nfs://{{ hostvars['undercloud']['ansible_facts']['br_ctlplane']['ipv4']['address'] }}{{ tripleo_backup_and_restore_ironic_images_path }}" - tripleo_backup_and_restore_local_config: - OUTPUT: PXE - OUTPUT_PREFIX_PXE: "{{ tripleo_backup_and_restore_hostname.stdout }}" - BACKUP: NETFS - PXE_RECOVER_MODE: '"unattended"' - PXE_CREATE_LINKS: '"IP"' - USE_STATIC_NETWORKING: y - PXE_CONFIG_GRUB_STYLE: y - KERNEL_CMDLINE: '"unattended"' - POST_RECOVERY_SCRIPT: poweroff - USER_INPUT_TIMEOUT: "10" - PXE_TFTP_URL: "{{ tripleo_backup_and_restore_pxe_output_url }}" - BACKUP_URL: "{{ tripleo_backup_and_restore_backup_url }}" - PXE_CONFIG_URL: "{{ tripleo_backup_and_restore_pxe_output_url }}/pxelinux.cfg" - roles: - - role: backup_and_restore diff --git a/tripleo_ansible/playbooks/cli-overcloud-delete.yaml b/tripleo_ansible/playbooks/cli-overcloud-delete.yaml deleted file mode 100644 index 3be8441c9..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-delete.yaml +++ /dev/null @@ -1,66 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Overcloud Delete - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - pre_tasks: - - name: Check for required inputs - fail: - msg: > - Input missing `{{ item }}` - when: - - hostvars[inventory_hostname][item] is undefined - loop: - - stack_name - - name: Set overcloud_deploy_path - set_fact: - overcloud_deploy_path: "{{ lookup('env', 'HOME') ~ '/overcloud-deploy' }}" - when: overcloud_deploy_path is not defined - - name: Set config_download_path - set_fact: - config_download_path: "{{ lookup('env', 'HOME') ~ '/config-download' }}" - when: config_download_path is not defined - tasks: - - name: Delete service vips used - tripleo_service_vip: - stack_name: "{{ stack_name }}" - state: absent - - name: Delete OVN MAC Address ports - tripleo_ovn_mac_addresses: - stack_name: "{{ stack_name }}" - - name: Remove the config download stack - file: - path: "{{ config_download_path }}/{{ stack_name }}" - state: absent - - name: Remove the deploy stack - become: true - file: - path: "{{ overcloud_deploy_path }}/{{ stack_name }}" - state: absent - - name: Delete overcloud network Virtual IPs - tripleo_overcloud_network_vip_provision: - stack_name: "{{ stack_name }}" - post_tasks: - - name: Workflow notice - debug: - msg: Ansible workflow completed. - - tags: - - tripleo-overcloud-delete diff --git a/tripleo_ansible/playbooks/cli-overcloud-kernel-ddp-pkg.yaml b/tripleo_ansible/playbooks/cli-overcloud-kernel-ddp-pkg.yaml deleted file mode 100644 index 9900dfc55..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-kernel-ddp-pkg.yaml +++ /dev/null @@ -1,84 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -- name: Overcloud Node kernel Ddp package select - hosts: allovercloud - any_errors_fatal: true - gather_facts: false - # 'ddp' is the OS-default package for all platforms - vars: - ddp_package: 'ddp' - pre_tasks: - - name: Wait for provisioned nodes to boot - wait_for_connection: - timeout: 600 - delay: 10 - connection: local - - tasks: - - name: gather facts - setup: - - name: Apply user provided Ddp package - block: - - name: Get latest version of specified Ddp package(s) - shell: "ls --sort=version -r /lib/firmware/intel/ice/{{ ddp_package }}/ice[_-]?*.pkg*" - register: ddp_package_files - - - name: List available ddp_package_files - debug: - var: ddp_package_files.stdout - - - name: Remove existing Ddp package - become: true - block: - - name: Check if previous ddp/ice.pkg exists - stat: - path: "/lib/firmware/intel/ice/ddp/ice.pkg" - register: ice_pkg - - name: Remove ddp/ice.pkg if it exists - file: - path: "/lib/firmware/intel/ice/ddp/ice.pkg" - state: absent - when: ice_pkg.stat.exists - - name: Check if ddp/ice.pkg.xz exists(rhel9) - stat: - path: "/lib/firmware/intel/ice/ddp/ice.pkg.xz" - register: ice_pkg_xz - - name: Remove ddp/ice.pkg.xz if it exists - file: - path: "/lib/firmware/intel/ice/ddp/ice.pkg.xz" - state: absent - when: ice_pkg_xz.stat.exists - - - name: Select and deploy Ddp package - become: true - block: - - name: Confiure ddp/ice.pkg - vars: - ddp_package_file: "{{ ddp_package_files.stdout.split('\n')[0] }}" - file: - src: '{{ ddp_package_file }}' - dest: "/lib/firmware/intel/ice/ddp/ice.pkg.xz" - state: link - when: (ddp_package|string) != '' - - - name: Load the new ice package - shell: |- - dracut -f - rmmod ice - modprobe ice - when: ddp_package_files is defined - - when: ddp_package|string != "" diff --git a/tripleo_ansible/playbooks/cli-overcloud-network-extract.yaml b/tripleo_ansible/playbooks/cli-overcloud-network-extract.yaml deleted file mode 100644 index 0a7975fc9..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-network-extract.yaml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -- name: Overcloud Network Extract Networks - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - pre_tasks: - - fail: - msg: stack_name is a required input - when: - - stack_name is undefined - - fail: - msg: output is a required input - when: - - output is undefined - - name: Check if output file exists - stat: - path: "{{ output }}" - register: stat_output_file - - fail: - msg: Output file exists - when: - - stat_output_file.stat.exists and not overwrite|bool - - tasks: - - - name: Get network data from overcloud stack - tripleo_overcloud_network_extract: - stack_name: "{{ stack_name }}" - register: overcloud_network_data - - name: Write network data to output file - copy: - content: "{{ overcloud_network_data.network_data | to_nice_yaml(indent=2) }}" - dest: "{{ output }}" diff --git a/tripleo_ansible/playbooks/cli-overcloud-network-provision.yaml b/tripleo_ansible/playbooks/cli-overcloud-network-provision.yaml deleted file mode 100644 index 5932c470c..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-network-provision.yaml +++ /dev/null @@ -1,70 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -- name: Overcloud Network Provision - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - overwrite: false - templates: /usr/share/openstack-tripleo-heat-templates - pre_tasks: - - fail: - msg: network_data_path is a required input - when: - - network_data_path is undefined - - fail: - msg: network_deployed_path is required input - when: - - network_deployed_path is undefined - - name: Check if network deployment file already exist - stat: - path: "{{ network_deployed_path }}" - register: stat_network_deployed_path_file - - fail: - msg: "Output file {{ network_deployed_path }} already exists" - when: - - stat_network_deployed_path_file.stat.exists and not overwrite|bool - - tasks: - - - name: Load config from file - set_fact: - network_data: "{{ lookup('file', network_data_path) | from_yaml}}" - when: - - network_data is undefined - - - name: Create/Update composable networks - tripleo_composable_network: - net_data: "{{ item }}" - idx: "{{ idx }}" - loop: "{{ network_data }}" - loop_control: - index_var: idx - - - name: Populate environment - tripleo_network_populate_environment: - net_data: "{{ network_data }}" - templates: "{{ templates }}" - register: network_environment - - - name: Write deployed networks environment file - copy: - dest: "{{ network_deployed_path }}" - content: "{{ network_environment.environment | default({}) | to_nice_yaml(indent=2) }}" diff --git a/tripleo_ansible/playbooks/cli-overcloud-network-unprovision.yaml b/tripleo_ansible/playbooks/cli-overcloud-network-unprovision.yaml deleted file mode 100644 index 0aac778ee..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-network-unprovision.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -- name: Overcloud Network Unprovision - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - overwrite: false - pre_tasks: - - fail: - msg: network_data_path is a required input - when: - - network_data_path is undefined - - tasks: - - - name: Load config from file - set_fact: - network_data: "{{ lookup('file', network_data_path) | from_yaml}}" - when: - - network_data is undefined - - - name: Unprovision composable network - tripleo_unprovision_network: - net_data: "{{ item }}" - loop: "{{ network_data }}" diff --git a/tripleo_ansible/playbooks/cli-overcloud-network-vip-extract.yaml b/tripleo_ansible/playbooks/cli-overcloud-network-vip-extract.yaml deleted file mode 100644 index 923024fe4..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-network-vip-extract.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -- name: Overcloud Virtuap IPs Extract - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - pre_tasks: - - name: Validate that stack name is provided - fail: - msg: stack_name is a required input - when: - - stack_name is undefined - - name: Validate that output is provided - fail: - msg: output is a required input - when: - - output is undefined - - name: Check if output file exists - stat: - path: "{{ output }}" - register: stat_output_file - - name: Fail if output file already exists and overwrite not set - fail: - msg: Output file exists - when: - - stat_output_file.stat.exists and not overwrite|bool - - tasks: - - - name: Get Virtual IPs data from overcloud stack - tripleo_overcloud_network_vip_extract: - stack_name: "{{ stack_name }}" - register: overcloud_vip_data - - - name: Write Virtual IPs data to output file - copy: - content: "{{ overcloud_vip_data.vip_data | to_nice_yaml(indent=2) }}" - dest: "{{ output }}" diff --git a/tripleo_ansible/playbooks/cli-overcloud-network-vip-provision.yaml b/tripleo_ansible/playbooks/cli-overcloud-network-vip-provision.yaml deleted file mode 100644 index 7ec890ebf..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-network-vip-provision.yaml +++ /dev/null @@ -1,71 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -- name: Overcloud Virtual IPs Provision - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - overwrite: false - templates: /usr/share/openstack-tripleo-heat-templates - pre_tasks: - - fail: - msg: stack_name is a required input - when: - - stack_name is undefined - - fail: - msg: vip_data_path is a required input - when: - - vip_data_path is undefined - - fail: - msg: vip_deployed_path is required input - when: - - vip_deployed_path is undefined - - name: Check if Virtual IPs deployment file already exist - stat: - path: "{{ vip_deployed_path }}" - register: stat_vip_deployed_path_file - - fail: - msg: "Output file {{ vip_deployed_path }} already exists" - when: - - stat_vip_deployed_path_file.stat.exists and not overwrite|bool - - tasks: - - - name: Load Virtual IP data config from file - set_fact: - vip_data: "{{ lookup('file', vip_data_path) | from_yaml }}" - when: - - vip_data is undefined - - - name: Create/Update Overcloud Virtual IPs - tripleo_overcloud_network_vip_provision: - vip_data: "{{ vip_data | default([]) }}" - stack_name: "{{ stack_name | default('overcloud') }}" - - - name: Populate Overcloud Virtual IPs environment - tripleo_overcloud_network_vip_populate_environment: - stack_name: "{{ stack_name | default('overcloud') }}" - vip_data: "{{ vip_data | default([]) }}" - templates: "{{ templates }}" - register: vip_environment - - - name: Write deployed Virtual IPs environment file - copy: - dest: "{{ vip_deployed_path }}" - content: "{{ vip_environment.env | default({}) | to_nice_yaml(indent=2) }}" diff --git a/tripleo_ansible/playbooks/cli-overcloud-network-vip-unprovision.yaml b/tripleo_ansible/playbooks/cli-overcloud-network-vip-unprovision.yaml deleted file mode 100644 index aa49d1194..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-network-vip-unprovision.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -- name: Overcloud Virtual IPs Unprovision - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - overwrite: false - pre_tasks: - - fail: - msg: stack_name is a required input - when: - - stack_name is undefined - - tasks: - - - name: Delete Overcloud Virtual IPs - tripleo_overcloud_network_vip_provision: - stack_name: "{{ stack_name | default('overcloud') }}" diff --git a/tripleo_ansible/playbooks/cli-overcloud-node-growvols.yaml b/tripleo_ansible/playbooks/cli-overcloud-node-growvols.yaml deleted file mode 100644 index 96ee8ca34..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-node-growvols.yaml +++ /dev/null @@ -1,86 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -- name: Overcloud Node Grow Volumes - hosts: allovercloud - any_errors_fatal: true - gather_facts: false - vars: - role_growvols_args: - default: - /=8GB - /tmp=1GB - /var/log=10GB - /var/log/audit=2GB - /home=1GB - /var=100% - Controller: - /=8GB - /tmp=1GB - /var/log=10GB - /var/log/audit=2GB - /home=1GB - /var=90% - /srv=10% - ObjectStorage: - /=8GB - /tmp=1GB - /var/log=10GB - /var/log/audit=2GB - /home=1GB - /var=10% - /srv=90% - - pre_tasks: - - name: Wait for provisioned nodes to boot - wait_for_connection: - timeout: 600 - delay: 10 - - tasks: - - - name: Set growvols_args - set_fact: - growvols_args: "{{ role_growvols_args[tripleo_role_name] | default(role_growvols_args['default']) }}" - when: growvols_args is not defined - - - name: Output growvols_args - debug: - var: growvols_args - - - name: Find the growvols utility - shell: > - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin - which growvols - failed_when: false - become: true - register: find_growvols - - - name: Run growvols block - when: find_growvols.rc == 0 - block: - - name: Setting growvols path - set_fact: - growvols_path: "{{ find_growvols.stdout_lines[0] }}" - - - name: "Running {{ growvols_path }} {{growvols_args}}" - shell: "{{ growvols_path }} --yes {{growvols_args}}" - become: true - register: run_growvols - - - name: Output of growvols stdout - debug: - var: run_growvols.stdout diff --git a/tripleo_ansible/playbooks/cli-overcloud-node-kernelargs.yaml b/tripleo_ansible/playbooks/cli-overcloud-node-kernelargs.yaml deleted file mode 100644 index 14f22b39f..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-node-kernelargs.yaml +++ /dev/null @@ -1,51 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -- name: Overcloud Node Set Kernel Args - hosts: allovercloud - any_errors_fatal: true - gather_facts: false - vars: - kernel_args: '' - reboot_wait_timeout: 900 - defer_reboot: false - tuned_profile: 'throughput-performance' - tuned_isolated_cores: '' - pre_tasks: - - name: Wait for provisioned nodes to boot - wait_for_connection: - timeout: 600 - delay: 10 - tasks: - - name: gather facts - setup: - - name: Kernel args block - become: true - block: - - name: Configure tuned before reboot - include_role: - name: tuned - vars: - tuned_profile: '{{ tuned_profile }}' - tuned_isolated_cores: '{{ tuned_isolated_cores }}' - - name: Configure kernel args and reboot - include_role: - name: tripleo_kernel - tasks_from: kernelargs.yml - vars: - tripleo_kernel_args: '{{ kernel_args }}' - tripleo_kernel_reboot_timeout: '{{ reboot_wait_timeout }}' - tripleo_kernel_defer_reboot: '{{ defer_reboot }}' diff --git a/tripleo_ansible/playbooks/cli-overcloud-node-network-config.yaml b/tripleo_ansible/playbooks/cli-overcloud-node-network-config.yaml deleted file mode 100644 index 75d327f21..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-node-network-config.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -- name: Overcloud Node Network Config - hosts: allovercloud - any_errors_fatal: true - gather_facts: false - pre_tasks: - - name: Wait for provisioned nodes to boot - wait_for_connection: - timeout: 600 - delay: 10 - roles: - - role: tripleo_network_config - vars: - # The conditions here are when we want to apply the - # NetworkConfig. They are: - # - If tripleo_network_config_update is True - # - Or the previous run of NetworkConfig failed. - # - Or it has never run - # This will match the prior behavior of when a Heat - # SoftwareDeployment was used. - # It also ensures the script does exist as a sine qua non - # condition - tripleo_network_config_update: True diff --git a/tripleo_ansible/playbooks/cli-overcloud-node-provide.yaml b/tripleo_ansible/playbooks/cli-overcloud-node-provide.yaml deleted file mode 100644 index 350460323..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-node-provide.yaml +++ /dev/null @@ -1,99 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -- name: Overcloud Node Provide - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - pre_tasks: - - name: Check for required inputs - fail: - msg: > - Input missing `{{ item }}` - when: - - hostvars[inventory_hostname][item] is undefined - loop: - - node_uuids - tasks: - - name: Set node_uuids_provide fact - set_fact: - node_uuids_provide: "{{ node_uuids }}" - - - name: exit if nothing to do - block: - - name: Notice - debug: - msg: No nodes are manageable at this time. - - - name: end play - meta: end_play - when: - - node_uuids_provide == [] - - # Set nodes to available - - name: Make nodes available - os_baremetal_provide_node: - node_uuid: "{{ node_uuids_provide }}" - timeout: 1200 - wait_for_bridge_mappings: true - - - name: Detect nova service endpoint - command: >- - openstack compute service list - register: compute_service_list - failed_when: false - - - name: Nova cell host discovery - when: - - "'Could not find requested endpoint' not in compute_service_list.stderr" - - "'not found' not in compute_service_list.stderr" - block: - # Run cellv2 discovery of hosts - - name: Run cell_v2 host discovery - command: podman exec nova_api /bin/nova-manage cell_v2 discover_hosts --verbose - changed_when: false - become: true - - - name: Wait for nova resources - command: >- - openstack hypervisor show {{ item }} - loop: "{{ node_uuids_provide }}" - changed_when: false - register: hypervisor_check - until: hypervisor_check is success - delay: 30 - retries: 30 - - # Power off nodes the nodes - - name: Power off nodes - command: >- - openstack baremetal node power off {{ item }} - loop: "{{ node_uuids_provide }}" - async: 2400 - poll: 0 - register: node_power_off - - - name: poll for completion - async_status: - jid: "{{ item.ansible_job_id }}" - loop: "{{ node_power_off.results }}" - loop_control: - label: "{{ item.item }}" - register: wait - until: wait.finished - retries: 120 diff --git a/tripleo_ansible/playbooks/cli-overcloud-node-provision.yaml b/tripleo_ansible/playbooks/cli-overcloud-node-provision.yaml deleted file mode 100644 index bc01f9a74..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-node-provision.yaml +++ /dev/null @@ -1,222 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -- name: Overcloud Node Provision - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - node_timeout: 3600 - concurrency: 20 - ssh_network: ctlplane - python_interpreter: null - ssh_private_key_file: /home/stack/.ssh/id_rsa - templates: /usr/share/openstack-tripleo-heat-templates - overwrite: false - - pre_tasks: - - fail: - msg: stack_name is a required input - when: - - stack_name is undefined - - fail: - msg: baremetal_deployment is a required input - when: - - baremetal_deployment is undefined - - fail: - msg: baremetal_deployed_path is a required input - when: - - baremetal_deployed_path is undefined - - name: Check if baremetal deployment file already exist - stat: - path: "{{ baremetal_deployed_path }}" - register: stat_baremetal_deployed_path_file - - fail: - msg: "Output file {{ baremetal_deployed_path }} already exists" - when: - - stat_baremetal_deployed_path_file.stat.exists and not overwrite|bool - - tasks: - - name: Detect default overcloud-full image - block: - - name: stat overcloud-full.raw - stat: - path: /var/lib/ironic/images/overcloud-full.raw - get_checksum: false - register: overcloud_full_stat - - - name: stat overcloud-hardened-uefi-full.raw - stat: - path: /var/lib/ironic/images/overcloud-hardened-uefi-full.raw - get_checksum: false - register: overcloud_hardened_uefi_full_stat - - - name: stat overcloud-full.initrd - stat: - path: /var/lib/ironic/images/overcloud-full.initrd - get_checksum: false - register: overcloud_full_initrd_stat - - - name: Set partition file based default image - set_fact: - default_image: - href: file:///var/lib/ironic/images/overcloud-full.raw - kernel: file:///var/lib/ironic/images/overcloud-full.vmlinuz - ramdisk: file:///var/lib/ironic/images/overcloud-full.initrd - when: - - overcloud_full_stat.stat.exists|bool - - overcloud_full_initrd_stat.stat.exists|bool - - not overcloud_hardened_uefi_full_stat.stat.exists|bool - - - name: Set whole-disk file based default image - set_fact: - default_image: - href: file:///var/lib/ironic/images/overcloud-hardened-uefi-full.raw - when: - - overcloud_hardened_uefi_full_stat.stat.exists|bool - - - name: Set glance based default image - set_fact: - default_image: - href: overcloud-full - when: - - not overcloud_full_stat.stat.exists|bool - - not overcloud_hardened_uefi_full_stat.stat.exists|bool - - - name: Expand roles - tripleo_baremetal_expand_roles: - baremetal_deployment: "{{ baremetal_deployment }}" - state: present - stack_name: "{{ stack_name }}" - ssh_public_keys: "{{ ssh_public_keys }}" - user_name: "{{ ssh_user_name }}" - default_image: "{{ default_image }}" - register: baremetal_instances - - - name: Find existing instances - tripleo_baremetal_check_existing: - instances: "{{ baremetal_instances.instances }}" - register: baremetal_existing - - - name: Reserve instances - metalsmith_instances: - instances: "{{ baremetal_existing.not_found }}" - state: reserved - clean_up: true - log_level: info - register: baremetal_reserved - - - name: Metalsmith log for reserve instances - debug: - var: baremetal_reserved.logging - - # NOTE(cloudnull): This limits the concurrency so that we're not adding - # more threads than needed. - - name: Set concurrency fact - set_fact: - runtime_concurrency: "{{ - ((concurrency | int) > (baremetal_reserved.instances | length)) | - ternary((baremetal_reserved.instances | length), (concurrency | int)) - }}" - - - name: Provision instances - metalsmith_instances: - instances: "{{ baremetal_reserved.instances }}" - state: present - wait: true - clean_up: false - timeout: "{{ node_timeout }}" - concurrency: "{{ runtime_concurrency }}" - log_level: info - register: baremetal_provisioned - - - name: Metalsmith log for provision instances - debug: - var: baremetal_provisioned.logging - - - name: Provision instance network ports - tripleo_overcloud_network_ports: - stack_name: "{{ stack_name }}" - concurrency: "{{ runtime_concurrency }}" - instances: "{{ baremetal_instances.instances }}" - provisioned_instances: "{{ baremetal_provisioned.instances + baremetal_existing.instances }}" - hostname_role_map: "{{ baremetal_instances.hostname_role_map }}" - state: present - register: instance_network_ports - when: manage_network_ports|default(false) - - - name: Populate environment - tripleo_baremetal_populate_environment: - environment: "{{ baremetal_instances.environment }}" - instances: "{{ baremetal_provisioned.instances + baremetal_existing.instances }}" - templates: "{{ templates }}" - register: baremetal_environment - - - name: Populate environment with unmanaged nodes - tripleo_unmanaged_populate_environment: - environment: "{{ baremetal_environment.environment }}" - instances: "{{ baremetal_existing.pre_provisioned }}" - node_port_map: "{{ instance_network_ports.node_port_map }}" - register: unmanaged_environment - when: manage_network_ports|default(false) - - - name: Populate environment with network port data - tripleo_network_ports_populate_environment: - environment: "{{ unmanaged_environment.environment }}" - role_net_map: "{{ baremetal_instances.role_net_map }}" - node_port_map: "{{ instance_network_ports.node_port_map }}" - templates: "{{ templates }}" - register: network_ports_environment - when: manage_network_ports|default(false) - - - name: Write environment to {{ baremetal_deployed_path }} - copy: - dest: "{{ baremetal_deployed_path }}" - content: "{{ baremetal_environment.environment | default({}) | to_nice_yaml(indent=2) }}" - when: not manage_network_ports|default(false) - - - name: Write environment to {{ baremetal_deployed_path }} - copy: - dest: "{{ baremetal_deployed_path }}" - content: "{{ network_ports_environment.environment | default({}) | to_nice_yaml(indent=2) }}" - when: manage_network_ports|default(false) - - - name: Generate network config for ansible inventory - tripleo_generate_inventory_network_config: - instances: "{{ baremetal_instances.instances }}" - hostname_role_map: "{{ baremetal_instances.hostname_role_map }}" - register: inventory_network_config - when: configure_networking|default(false) - - - name: Store inventory network config - copy: - dest: "{{ working_dir }}/inventory-network-config.yaml" - content: "{{ inventory_network_config.config | default({}) | to_nice_yaml(indent=2) }}" - force: true - mode: '0664' - when: configure_networking|default(false) - - - name: Generate ansible inventory - tripleo_generate_ansible_inventory: - plan: "{{ stack_name }}" - work_dir: "{{ working_dir }}" - ssh_network: "{{ ssh_network }}" - ansible_ssh_user: "{{ ssh_user_name }}" - ansible_python_interpreter: "{{ python_interpreter }}" - ansible_ssh_private_key_file: "{{ ssh_private_key_file }}" - when: manage_network_ports|default(false) diff --git a/tripleo_ansible/playbooks/cli-overcloud-node-unprovision.yaml b/tripleo_ansible/playbooks/cli-overcloud-node-unprovision.yaml deleted file mode 100644 index 01141d8c6..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-node-unprovision.yaml +++ /dev/null @@ -1,76 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -- name: Overcloud Node Unprovision - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - prompt: true - all: false - concurrency: 20 - pre_tasks: - - fail: - msg: stack_name is a required input - when: - - stack_name is undefined - - fail: - msg: baremetal_deployment is a required input - when: - - baremetal_deployment is undefined - - fail: - msg: unprovision_confirm is required when prompt is true - when: - - prompt - - unprovision_confirm is undefined - - tasks: - - - name: Expand roles - tripleo_baremetal_expand_roles: - baremetal_deployment: "{{ baremetal_deployment }}" - stack_name: "{{ stack_name }}" - state: "{{ all|bool and 'all' or 'absent' }}" - register: baremetal_instances - - - name: Find existing instances - tripleo_baremetal_check_existing: - instances: "{{ baremetal_instances.instances }}" - register: baremetal_existing - - - name: Write unprovision confirmation - copy: - dest: "{{ unprovision_confirm }}" - content: "{{ {'instances':baremetal_existing.instances, 'pre_provisioned':baremetal_existing.pre_provisioned} | to_json }}" - when: prompt|bool and unprovision_confirm is defined - - - name: Unprovision instances - metalsmith_instances: - instances: "{{ baremetal_existing.instances }}" - state: absent - when: not prompt|bool - - - name: Unprovision instance network ports - tripleo_overcloud_network_ports: - stack_name: "{{ stack_name }}" - concurrency: "{{ concurrency }}" - instances: "{{ baremetal_instances.instances }}" - state: absent - when: - - not prompt|bool - - manage_network_ports|default(false) diff --git a/tripleo_ansible/playbooks/cli-overcloud-openvswitch-dpdk.yaml b/tripleo_ansible/playbooks/cli-overcloud-openvswitch-dpdk.yaml deleted file mode 100644 index 8c9ba9416..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-openvswitch-dpdk.yaml +++ /dev/null @@ -1,78 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Overcloud Node ovs-dpdk Configuration - hosts: allovercloud - any_errors_fatal: true - gather_facts: true - - # "socket_mem" and "pmd" are mandatory parameters - vars: - pmd: '' - socket_mem: '' - memory_channels: '' - lcore: '' - disable_emc: false - enable_tso: false - revalidator: '' - handler: '' - pmd_auto_lb: false - pmd_load_threshold: '' - pmd_improvement_threshold: '' - pmd_rebal_interval: '' - nova_postcopy: true - tuned_profile: 'cpu-partitioning' - - pre_tasks: - - name: Wait for provisioned nodes to boot - wait_for_connection: - timeout: 600 - delay: 10 - - tasks: - - name: ovs-dpdk role specific config block - become: true - block: - - name: Set nova post copy for migration - set_fact: - tripleo_ovs_dpdk_vhost_postcopy_support: "{{ nova_postcopy }}" - when: tuned_profile != 'realtime-virtual-host' - - - name: Disable nova post copy for migration - set_fact: - tripleo_ovs_dpdk_vhost_postcopy_support: false - when: tuned_profile == 'realtime-virtual-host' - - - name: Set insertion probablity based on emc cache flag - set_fact: - tripleo_ovs_dpdk_emc_insertion_probablity: 0 - when: disable_emc|bool - - - name: Configure ovs-dpdk role params - include_role: - name: tripleo_ovs_dpdk - vars: - tripleo_ovs_dpdk_lcore_list: "{{ lcore }}" - tripleo_ovs_dpdk_pmd_core_list: "{{ pmd }}" - tripleo_ovs_dpdk_memory_channels: "{{ memory_channels }}" - tripleo_ovs_dpdk_socket_memory: "{{ socket_mem }}" - tripleo_ovs_dpdk_enable_tso: "{{ enable_tso }}" - tripleo_ovs_dpdk_revalidator_cores: "{{ revalidator }}" - tripleo_ovs_dpdk_handler_cores: "{{ handler }}" - tripleo_ovs_dpdk_pmd_auto_lb: "{{ pmd_auto_lb }}" - tripleo_ovs_dpdk_pmd_load_threshold: "{{ pmd_load_threshold }}" - tripleo_ovs_dpdk_pmd_improvement_threshold: "{{ pmd_improvement_threshold }}" - tripleo_ovs_dpdk_pmd_rebal_interval: "{{ pmd_rebal_interval }}" diff --git a/tripleo_ansible/playbooks/cli-overcloud-restore-node.yaml b/tripleo_ansible/playbooks/cli-overcloud-restore-node.yaml deleted file mode 100644 index 84ebdb350..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-restore-node.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: TripleO Restore a node - hosts: Undercloud - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - tasks: - - name: Restore one node - include_role: - name: backup_and_restore - tasks_from: restore_node.yml diff --git a/tripleo_ansible/playbooks/cli-overcloud-snapshot.yaml b/tripleo_ansible/playbooks/cli-overcloud-snapshot.yaml deleted file mode 100644 index 4d0cf2f74..000000000 --- a/tripleo_ansible/playbooks/cli-overcloud-snapshot.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: TripleO Compute Snapshots - hosts: "{{ tripleo_compute_group_name }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - become: true - pre_tasks: - - name: Gather facts with an active connection - setup: - gather_subset: - - 'devices' - tags: - - always - roles: - - role: snapshot_and_revert - -- name: TripleO Controller Snapshots - hosts: "{{ tripleo_controller_group_name }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - serial: "{{ tripleo_snapshot_revert_snapshot_inactive_nodes|bool | ternary('1', omit) }}" - become: true - pre_tasks: - - name: Gather facts with an active connection - setup: - gather_subset: - - 'devices' - tags: - - always - roles: - - role: snapshot_and_revert diff --git a/tripleo_ansible/playbooks/cli-standalone-ceph-spec.yaml b/tripleo_ansible/playbooks/cli-standalone-ceph-spec.yaml deleted file mode 100644 index ae273c17f..000000000 --- a/tripleo_ansible/playbooks/cli-standalone-ceph-spec.yaml +++ /dev/null @@ -1,52 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Create Ceph Spec for Standalone Deployment - hosts: undercloud - gather_facts: false - vars: - osd_spec: - data_devices: - all: true - tasks: - - name: Fail if tripleo_cephadm_first_mon_ip is undefined - fail: - msg: "--mon-ip (tripleo_cephadm_first_mon_ip) was not provided" - when: - - tripleo_cephadm_first_mon_ip is undefined - - tripleo_cephadm_first_mon_ip | length == 0 - - - name: Ensure ceph_spec_path is defined - set_fact: - ceph_spec_path: "{{ working_dir }}/generated_ceph_spec.yaml" - when: - - ceph_spec_path is undefined - - - name: Override osd_spec if osd_spec_path is provided - set_fact: - osd_spec: "{{ osd_spec_path_content | from_yaml }}" - vars: - osd_spec_path_content: "{{ lookup('file', osd_spec_path) }}" - when: - - osd_spec_path is defined - - osd_spec_path | length > 0 - - - name: Create Ceph spec for standalone deployment - ceph_spec_bootstrap: - new_ceph_spec: "{{ ceph_spec_path }}" - osd_spec: "{{ osd_spec }}" - mon_ip: "{{ tripleo_cephadm_first_mon_ip }}" - standalone: True diff --git a/tripleo_ansible/playbooks/cli-support-collect-logs.yaml b/tripleo_ansible/playbooks/cli-support-collect-logs.yaml deleted file mode 100644 index 61ebf4144..000000000 --- a/tripleo_ansible/playbooks/cli-support-collect-logs.yaml +++ /dev/null @@ -1,144 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Playbook sos-report log collection - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - sos_options: - - boot - - cluster - - container - - hardware - - kernel - - memory - - nfs - - openstack - - packagemanager - - performance - - services - - storage - - system - - webserver - - virt - tasks: - - name: No server_name defined - fail: - msg: >- - The server_name option was undefined. - when: - - server_name is undefined - - - name: No sos destination defined - fail: - msg: >- - The sos_destination option was undefined. - when: - - sos_destination is undefined - - - name: Create the support directory - become: true - file: - path: "{{ sos_destination }}" - state: directory - mode: '0755' - - - name: Set local connection user facts - set_fact: - ansible_home: "{{ lookup('env', 'HOME') }}" - ansible_user: "{{ lookup('env', 'USER') }}" - run_once: true - when: - - (tripleo_target_host is defined) | ternary('ssh', 'local') == 'local' - - - name: Add ssh-servers - add_host: - hostname: "{{ item }}" - groups: tripleo_queues - ansible_ssh_private_key_file: "{{ ansible_home }}/.ssh/id_rsa_tripleo" - sos_destination: "{{ sos_destination }}" - sos_options: "{{ sos_options | join(',') }}" - archive_file: "/var/tmp/sos-report-{{ item }}-{{ lookup('pipe','date +%Y%m%d%H%M%S') }}.tgz" - changed_when: false - loop: '{{ (server_name == "all") | ternary( - groups["all"], - (server_name in groups) | ternary( - groups[server_name], - (server_name in groups["all"]) | ternary( - [server_name], - (groups["all"] | select("match", server_name ~ ".*") | list) - ) - ) - ) - }}' - - -- name: Run Log collection - hosts: tripleo_queues - user: tripleo-admin - gather_facts: false - strategy: free - become: true - handlers: - - name: Remove tmp directory - file: - path: "{{ tempfile_1.path }}" - state: absent - - - name: Remove archive - file: - path: "{{ archive_file }}" - state: absent - tasks: - - name: Ensure sos is installed - package: - name: sos - - - name: Create temporary directory - tempfile: - state: directory - suffix: build - register: tempfile_1 - notify: - - Remove tmp directory - - - name: Run sos-report - command: >- - /usr/sbin/sosreport --batch -p {{ sos_options }} --tmp-dir {{ tempfile_1.path }} - - - name: Compress sos-report directory - archive: - path: "{{ tempfile_1.path }}" - dest: "{{ archive_file }}" - - - name: Retrieve the sos report - fetch: - src: "{{ archive_file }}" - dest: "/tmp/" - flat: true - - - name: Move archive into place - command: >- - mv /tmp/{{ archive_file | basename }} {{ sos_destination }}/ - become: true - connection: local - - - name: Archive notice - debug: - msg: "Log collection archive: {{ archive_file }}, stored here: {{ sos_destination }}/{{ archive_file | basename }}" diff --git a/tripleo_ansible/playbooks/cli-undercloud-backup-cron.yaml b/tripleo_ansible/playbooks/cli-undercloud-backup-cron.yaml deleted file mode 100644 index e1e7da54f..000000000 --- a/tripleo_ansible/playbooks/cli-undercloud-backup-cron.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: TripleO Controller backup - hosts: Undercloud - become: true - tasks: - - name: Create cron programming - include_role: - name: backup_and_restore - tasks_from: setup_cron_undercloud diff --git a/tripleo_ansible/playbooks/cli-undercloud-backup-legacy.yaml b/tripleo_ansible/playbooks/cli-undercloud-backup-legacy.yaml deleted file mode 100644 index 7130be226..000000000 --- a/tripleo_ansible/playbooks/cli-undercloud-backup-legacy.yaml +++ /dev/null @@ -1,162 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: TripleO Undercloud backup workflows - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - sources_path: "{{ lookup('env', 'HOME') }}" - handlers: - # Perform some cleanup - - name: cleanup the backup - become: true - file: - path: "{{ item }}" - state: absent - with_items: - - "{{ bkp_path }}" - - "{{ tmpdir.path }}/" - - pre_tasks: - - name: Set local connection user facts - set_fact: - ansible_home: "{{ lookup('env', 'HOME') }}" - ansible_user: "{{ lookup('env', 'USER') }}" - run_once: true - when: - - (tripleo_target_host is defined) | ternary('ssh', 'local') == 'local' - - # Action to know if there is enough available space - # to run the Undercloud backup - - name: Get free space - shell: | - set -o pipefail - if [[ $(df -T /var/tmp | tail -n 1 | awk '{print $2}') == "btrfs" ]]; then - btrfs fi usage --gbytes / | awk '/^.*Free / {print $3}'| sed 's/\..*//' - else - df -BG /var/tmp | awk '!/^Filesystem/ {print $4}' | sed 's/G//' - fi - register: var_space_available - - - name: Fail if any of the volumes are too small - fail: - msg: > - Minimum free space required for /var/tmp: 10G - - current free space: {{ var_space_available.stdout|int |round(1) }}G - when: - - (var_space_available.stdout | int) < 10 - tasks: - - name: Create a timestamp variable - set_fact: - timestamp: "{{ lookup('pipe','date +%Y%m%d%H%M%S') }}" - - - name: Create staging directory - tempfile: - state: directory - prefix: "undercloud-backup-" - path: "/var/tmp" - register: tmpdir - notify: - - cleanup the backup - - - name: Mysql root password block - block: - - name: Read tripleo password file - slurp: - src: "{{ ansible_home }}/tripleo-undercloud-passwords.yaml" - register: tripleo_undercloud_passwords - no_log: true - - - name: Set mysql root password - set_fact: - MysqlRootPassword: "{{ (tripleo_undercloud_passwords['content'] | b64decode | from_yaml)['parameter_defaults']['MysqlRootPassword'] }}" - no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" - rescue: - - name: Set mysql root password (fallback) - set_fact: - MysqlRootPassword: "{{ lookup('ini', 'undercloud_mysql_root_password section=auth file=' ~ ansible_home ~ '/undercloud-passwords.conf') }}" - no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" - - - name: Create the names for the temporary backup files - set_fact: - db_path: "{{ tmpdir.path }}/all-databases-{{ timestamp }}.sql.gz" - fs_path: "{{ tmpdir.path }}/filesystem-{{ timestamp }}.sql.gz" - bkp_path: "/tmp/UC-backup-{{ timestamp }}.tar" - - # We use the undercloud database password for the root - # to backup the databases - - name: Backup the databases - become: true - shell: |- - set -o pipefail - podman exec -i mysql mysqldump \ - -u root \ - -p{{ MysqlRootPassword }} \ - --opt \ - --all-databases | gzip > {{ db_path }} - no_log: true - - - name: Backup the filesystem - become: true - shell: | - tar --xattrs --ignore-failed-read -C / -cf {{ fs_path }} {{ sources_path }} - chown {{ lookup('env', 'USER') }} {{ fs_path }} - - - name: compress all the files in tar.gz - archive: - path: "{{ tmpdir.path }}" - dest: "{{ bkp_path }}" - format: tar - notify: - - cleanup the backup - - - name: Swift save block - when: - - save_swift is defined and save_swift - block: - - name: Save the backup to swift - shell: |- - swift upload --header "X-Delete-After: 86400" undercloud-backups {{ bkp_path }} - - - name: Backup saved - debug: - msg: "The undercloud backup was saved to swift" - - - name: Local save block - when: - - save_swift is not defined or not save_swift - block: - - name: Create the backup directory - become: true - file: - path: /var/lib/tripleo/backups - state: directory - mode: '0755' - - - name: Copy backup file - become: true - copy: - src: "{{ bkp_path }}" - dest: "/var/lib/tripleo/backups/{{ bkp_path | basename }}" - remote_src: true - - - name: Print out the backup location - debug: - msg: >- - The undercloud backup was saved in - "/var/lib/tripleo/backups/{{ bkp_path | basename }}" diff --git a/tripleo_ansible/playbooks/cli-undercloud-backup.yaml b/tripleo_ansible/playbooks/cli-undercloud-backup.yaml deleted file mode 100644 index 5509b22d2..000000000 --- a/tripleo_ansible/playbooks/cli-undercloud-backup.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: TripleO Undercloud backup. - hosts: Undercloud - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - become: true - roles: - - role: backup_and_restore diff --git a/tripleo_ansible/playbooks/cli-undercloud-db-backup.yaml b/tripleo_ansible/playbooks/cli-undercloud-db-backup.yaml deleted file mode 100644 index ffd387782..000000000 --- a/tripleo_ansible/playbooks/cli-undercloud-db-backup.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: TripleO Undercloud DB backup. - hosts: Undercloud - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - become: true - tasks: - - name: Create DB Backup for the undercloud - vars: - tripleo_backup_and_restore_service_manager: false - tripleo_backup_and_restore_mysql_backup_file: "{{ lookup('env', 'HOME') }}/openstack-backup-mysql-{{ lookup('pipe', 'date +%F_%H_%M_%S') }}.sql" - tripleo_backup_and_restore_mysql_grants_file: "{{ lookup('env', 'HOME') }}/openstack-backup-mysql-grants-{{ lookup('pipe', 'date +%F_%H_%M_%S') }}.sql" - include_role: - name: backup_and_restore - tasks_from: db_backup.yml diff --git a/tripleo_ansible/playbooks/cli-undercloud-get-horizon-url.yaml b/tripleo_ansible/playbooks/cli-undercloud-get-horizon-url.yaml deleted file mode 100644 index fe3175029..000000000 --- a/tripleo_ansible/playbooks/cli-undercloud-get-horizon-url.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Overcloud Get Horizon URL - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - pre_tasks: - - name: Check for required inputs - fail: - msg: > - Input missing `{{ item }}` - when: - - hostvars[inventory_hostname][item] is undefined - loop: - - stack_name - - horizon_url_output_file - tasks: - - name: Fetch stack data - shell: >- - openstack stack output show {{ stack_name }} EndpointMap -f yaml - register: stack_data_cmd - changed_when: false - - - name: Create horizon url temp file - copy: - content: "{{ (stack_data_cmd.stdout | from_yaml).output_value.HorizonPublic.uri }}" - dest: "{{ horizon_url_output_file }}" diff --git a/tripleo_ansible/playbooks/cli-undercloud-local-artifacts.yaml b/tripleo_ansible/playbooks/cli-undercloud-local-artifacts.yaml deleted file mode 100644 index 0face2af2..000000000 --- a/tripleo_ansible/playbooks/cli-undercloud-local-artifacts.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Ensure Local Artifact Cache - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('localhost') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - stack: overcloud - artifact_dir: /var/lib/tripleo - pre_tasks: - - name: Set local connection user facts - set_fact: - ansible_user: "{{ lookup('env', 'SUDO_USER') | default(ansible_user, true) }}" - run_once: true - when: - - (tripleo_target_host is defined) | ternary('ssh', 'local') == 'local' - tasks: - - name: Create Artifact Directory - become: true - file: - path: "{{ artifact_dir }}/stacks/{{ stack }}" - state: directory - owner: "{{ ansible_user }}" - setype: var_lib_t - selevel: s0 diff --git a/tripleo_ansible/playbooks/cli-undercloud-prepare-ironic.yaml b/tripleo_ansible/playbooks/cli-undercloud-prepare-ironic.yaml deleted file mode 100644 index 9a0c0c4fc..000000000 --- a/tripleo_ansible/playbooks/cli-undercloud-prepare-ironic.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: TripleO PXE installation and configuration. - hosts: Undercloud - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - become: true - vars: - tripleo_backup_and_restore_shared_storage_folder: "{{ tripleo_backup_and_restore_ironic_images_path }}" - tripleo_backup_and_restore_shared_storage_subfolders: ["pxelinux.cfg"] - roles: - - role: backup_and_restore diff --git a/tripleo_ansible/playbooks/container-cleanup.yml b/tripleo_ansible/playbooks/container-cleanup.yml deleted file mode 100644 index e8f32cdd4..000000000 --- a/tripleo_ansible/playbooks/container-cleanup.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Cleanup container items - hosts: "{{ target_hosts | default('all') }}" - become: true - tasks: - - name: Cleanup unused images, containers, and volumes - import_role: - name: openstack-operations - tasks_from: container_cleanup.yml diff --git a/tripleo_ansible/playbooks/create-nova-cell-v2.yaml b/tripleo_ansible/playbooks/create-nova-cell-v2.yaml deleted file mode 100644 index 9825c0d3c..000000000 --- a/tripleo_ansible/playbooks/create-nova-cell-v2.yaml +++ /dev/null @@ -1,68 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: Controller[0] - remote_user: stack - gather_facts: true - vars: - tripleo_cellv2_cell_name: "{{ tripleo_cellv2_cell_name }}" - # containercli can be tropped when we fully switched to podman - tripleo_cellv2_cellcontroller_group: "{{ groups['CellController'] }}" - tasks: - - import_role: - name: tripleo_cellv2 - tasks_from: check_cell_exist.yml - -- hosts: CellController[0] - remote_user: stack - gather_facts: true - vars: - tripleo_cellv2_cell_name: "{{ tripleo_cellv2_cell_name }}" - tripleo_cellv2_cellcontroller_group: "{{ groups['CellController'] }}" - tasks: - - import_role: - name: tripleo_cellv2 - tasks_from: extract_cell_information.yml - -- hosts: Controller[0] - remote_user: stack - gather_facts: true - vars: - tripleo_cellv2_cell_name: "{{ tripleo_cellv2_cell_name }}" - tripleo_cellv2_cellcontroller_group: "{{ groups['CellController'] }}" - tasks: - - import_role: - name: tripleo_cellv2 - tasks_from: create_cell.yml - -- hosts: Controller - remote_user: stack - gather_facts: true - vars: - tripleo_cellv2_cell_name: "{{ tripleo_cellv2_cell_name }}" - tripleo_cellv2_cellcontroller_group: "{{ groups['CellController'] }}" - tasks: - - import_role: - name: tripleo_cellv2 - tasks_from: add_internalapi_hosts_entries.yml - -- hosts: Controller[0] - remote_user: stack - gather_facts: true - tasks: - - import_role: - name: tripleo_cellv2 - tasks_from: discover_hosts.yml diff --git a/tripleo_ansible/playbooks/deploy-overcloud-compute.yml b/tripleo_ansible/playbooks/deploy-overcloud-compute.yml deleted file mode 100644 index 70fd539ba..000000000 --- a/tripleo_ansible/playbooks/deploy-overcloud-compute.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Deploy TripleO facts playbook - ansible.builtin.import_playbook: deploy-tripleo-facts.yml - -- name: Deploy TripleO SELinux playbook - ansible.builtin.import_playbook: deploy-tripleo-selinux.yml - -- name: Deploy TripleO pre-network playbook - ansible.builtin.import_playbook: deploy-tripleo-pre-network.yml - -- name: Deploy TripleO network playbook - ansible.builtin.import_playbook: deploy-tripleo-network-configure.yml - -- name: Deploy TripleO network validation playbook - ansible.builtin.import_playbook: deploy-tripleo-network-validate.yml - -- name: Deploy TripleO install operating system playbook - ansible.builtin.import_playbook: deploy-tripleo-os-install.yml - -- name: Deploy TripleO configure operating system playbook - ansible.builtin.import_playbook: deploy-tripleo-os-configure.yml - -- name: Deploy TripleO run operating system playbook - ansible.builtin.import_playbook: deploy-tripleo-os-run.yml - -- name: Deploy TripleO install OpenStack playbook - ansible.builtin.import_playbook: deploy-tripleo-openstack-install.yml - -- name: Deploy TripleO configure OpenStack playbook - ansible.builtin.import_playbook: deploy-tripleo-openstack-configure.yml - -- name: Deploy TripleO run OpenStack playbook - ansible.builtin.import_playbook: deploy-tripleo-openstack-run.yml diff --git a/tripleo_ansible/playbooks/deploy-tripleo-facts.yml b/tripleo_ansible/playbooks/deploy-tripleo-facts.yml deleted file mode 100644 index 94fcc7dec..000000000 --- a/tripleo_ansible/playbooks/deploy-tripleo-facts.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- hosts: all - name: Clear cached facts - # We don't want to gather facts, just clear them - gather_facts: false - tasks: - - ansible.builtin.meta: clear_facts - tags: - - facts - -- hosts: "{{ deploy_source_host | default([]) }}:{{ deploy_target_host | default('overcloud') }}" - name: Gather facts - strategy: tripleo_free - gather_facts: true - tasks: - - name: Set legacy facts - ansible.builtin.set_fact: - ansible_distribution: "{{ ansible_facts['distribution'] }}" - ansible_distribution_major_version: "{{ ansible_facts['distribution_major_version'] }}" - ansible_distribution_release: "{{ ansible_facts['distribution_release'] }}" - ansible_distribution_version: "{{ ansible_facts['distribution_version'] }}" - ansible_os_family: "{{ ansible_facts['os_family'] }}" - tags: - - facts diff --git a/tripleo_ansible/playbooks/deploy-tripleo-network-configure.yml b/tripleo_ansible/playbooks/deploy-tripleo-network-configure.yml deleted file mode 100644 index ef41039fc..000000000 --- a/tripleo_ansible/playbooks/deploy-tripleo-network-configure.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- hosts: "{{ primary_role_name | default([]) }}:{{ deploy_target_host | default('overcloud') }}" - strategy: tripleo_free - name: Deploy TripleO Network - gather_facts: "{{ gather_facts | default(false) }}" - any_errors_fatal: true - tasks: - - name: Run Network Config - import_role: - name: tripleo_network_config - vars: - tripleo_network_config_with_ansible: true - tags: - - tripleo_network_config diff --git a/tripleo_ansible/playbooks/deploy-tripleo-network-validate.yml b/tripleo_ansible/playbooks/deploy-tripleo-network-validate.yml deleted file mode 100644 index 362cd4ece..000000000 --- a/tripleo_ansible/playbooks/deploy-tripleo-network-validate.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- hosts: "{{ primary_role_name | default([]) }}:{{ deploy_target_host | default('overcloud') }}" - strategy: tripleo_free - name: Server Network Validation - gather_facts: "{{ gather_facts | default(false) }}" - any_errors_fatal: true - tasks: - - name: Basic Network Validation - import_role: - name: tripleo_nodes_validation - tags: - - tripleo_nodes_validation diff --git a/tripleo_ansible/playbooks/deploy-tripleo-openstack-configure.yml b/tripleo_ansible/playbooks/deploy-tripleo-openstack-configure.yml deleted file mode 100644 index 7b7f50b68..000000000 --- a/tripleo_ansible/playbooks/deploy-tripleo-openstack-configure.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- hosts: "{{ deploy_target_host | default('overcloud') }}" - name: Deploy TripleO OpenStack Configure - strategy: tripleo_free - gather_facts: "{{ gather_facts | default(false) }}" - any_errors_fatal: true - tasks: - - name: Configure tripleo_ssh_known_hosts - import_role: - name: tripleo_ssh_known_hosts - tags: - - tripleo_ssh_known_hosts - - name: Configure tripleo_logrotate_crond - import_role: - name: tripleo_logrotate_crond - tasks_from: configure.yml - tags: - - tripleo_logrotate_crond - - name: Configure tripleo_iscsid - import_role: - name: tripleo_iscsid - tasks_from: configure.yml - tags: - - tripleo_iscsid - - name: Configure tripleo_nova_libvirt - import_role: - name: tripleo_nova_libvirt - tasks_from: configure.yml - tags: - - tripleo_nova_libvirt - - name: Configure tripleo_nova_compute - import_role: - name: tripleo_nova_compute - tasks_from: configure.yml - tags: - - tripleo_nova_compute diff --git a/tripleo_ansible/playbooks/deploy-tripleo-openstack-install.yml b/tripleo_ansible/playbooks/deploy-tripleo-openstack-install.yml deleted file mode 100644 index 731180383..000000000 --- a/tripleo_ansible/playbooks/deploy-tripleo-openstack-install.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- hosts: "{{ deploy_target_host | default('overcloud') }}" - name: Deploy TripleO OpenStack Install - strategy: tripleo_free - gather_facts: "{{ gather_facts | default(false) }}" - any_errors_fatal: true - tasks: - - name: Install tripleo_logrotate_crond - import_role: - name: tripleo_logrotate_crond - tasks_from: install.yml - tags: - - tripleo_logrotate_crond - - name: Install tripleo_iscsid - import_role: - name: tripleo_iscsid - tasks_from: install.yml - tags: - - tripleo_iscsid - - name: Install tripleo_nova-libvirt - import_role: - name: tripleo_nova_libvirt - tasks_from: install.yml - tags: - - tripleo_nova_libvirt - - name: Install tripleo_nova_compute - import_role: - name: tripleo_nova_compute - tasks_from: install.yml - tags: - - tripleo_nova_compute diff --git a/tripleo_ansible/playbooks/deploy-tripleo-openstack-run.yml b/tripleo_ansible/playbooks/deploy-tripleo-openstack-run.yml deleted file mode 100644 index c377a3ebf..000000000 --- a/tripleo_ansible/playbooks/deploy-tripleo-openstack-run.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- hosts: "{{ deploy_target_host | default('overcloud') }}" - name: Deploy TripleO OpenStack Run - strategy: tripleo_free - gather_facts: "{{ gather_facts | default(false) }}" - any_errors_fatal: true - tasks: - - name: Run tripleo_logrotate_crond - import_role: - name: tripleo_logrotate_crond - tasks_from: run.yml - tags: - - tripleo_logrotate_crond - - name: Run tripleo_iscsid - import_role: - name: tripleo_iscsid - tasks_from: run.yml - tags: - - tripleo_iscsid - - name: Run tripleo_nova_libvirt - import_role: - name: tripleo_nova_libvirt - tasks_from: run.yml - tags: - - tripleo_nova_libvirt - - name: Run tripleo_nova_compute - import_role: - name: tripleo_nova_compute - tasks_from: run.yml - tags: - - tripleo_nova_compute diff --git a/tripleo_ansible/playbooks/deploy-tripleo-os-configure.yml b/tripleo_ansible/playbooks/deploy-tripleo-os-configure.yml deleted file mode 100644 index 0ce072de5..000000000 --- a/tripleo_ansible/playbooks/deploy-tripleo-os-configure.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- hosts: "{{ primary_role_name | default([]) }}:{{ deploy_target_host | default('overcloud') }}" - name: Deploy TripleO Operating System Configure - strategy: tripleo_free - gather_facts: "{{ gather_facts | default(false) }}" - any_errors_fatal: true - become: true - tasks: - - name: Configure tripleo_podman - import_role: - name: tripleo_podman - tasks_from: configure.yml - tags: - - tripleo_podman - - name: Manage tripleo container services - import_role: - name: tripleo_container_manage - tasks_from: shutdown.yml - tags: - - tripleo_container_manage - - name: Configure tripleo_sshd - import_role: - name: tripleo_sshd - tasks_from: configure.yml - tags: - - tripleo_sshd - - name: Configure chrony - import_role: - name: chrony - tasks_from: config.yml - tags: - - chrony - - name: Configure tripleo_timezone - import_role: - name: tripleo_timezone - tasks_from: configure.yml - tags: - - tripleo_timezone - - name: Configure tripleo_ovn - import_role: - name: tripleo_ovn - tasks_from: configure.yml - tags: - - tripleo_ovn diff --git a/tripleo_ansible/playbooks/deploy-tripleo-os-install.yml b/tripleo_ansible/playbooks/deploy-tripleo-os-install.yml deleted file mode 100644 index 85db584e9..000000000 --- a/tripleo_ansible/playbooks/deploy-tripleo-os-install.yml +++ /dev/null @@ -1,93 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- hosts: "{{ primary_role_name | default([]) }}:{{ deploy_target_host | default('overcloud') }}" - strategy: tripleo_free - gather_facts: "{{ gather_facts | default(false) }}" - any_errors_fatal: true - become: true - tasks: - - name: Ensure /var/log/journal exists - become: true - file: - path: /var/log/journal - state: directory - mode: 0750 - owner: root - group: root - setype: var_log_t - - name: Check cloud-init status - shell: systemctl is-active cloud-init.service || systemctl is-enabled cloud-init.service - failed_when: false - become: true - register: cloud_init_enabled - - debug: - var: cloud_init_enabled - - name: Check if cloud-init is disabled via kernel args - shell: cat /proc/cmdline | grep -q cloud-init=disabled - failed_when: false - check_mode: false - register: cloud_init_vendor_disabled - - name: Wait for cloud-init to finish, if enabled - community.general.cloud_init_data_facts: - filter: status - register: res - until: > - res.cloud_init_data_facts.status.v1.stage is defined and - not res.cloud_init_data_facts.status.v1.stage - retries: 50 - delay: 5 - when: - - not ansible_check_mode - - cloud_init_enabled.rc is defined - - cloud_init_enabled.rc == 0 - - cloud_init_vendor_disabled.rc is not defined or cloud_init_vendor_disabled.rc != 0 - - name: Install tripleo_bootstrap - import_role: - name: tripleo_bootstrap - tasks_from: bootstrap.yml - tags: - - tripleo_bootstrap - - name: Install tripleo_kernel - import_role: - name: tripleo_kernel - tags: - - tripleo_kernel - - name: Install tripleo_podman - import_role: - name: tripleo_podman - tasks_from: install.yml - tags: - - tripleo_podman - - name: Install tripleo_sshd - import_role: - name: tripleo_sshd - tasks_from: install.yml - tags: - - tripleo_sshd - - name: Install chrony - import_role: - name: chrony - tasks_from: install.yml - tags: - - chrony - - name: Install tripleo_ovn - import_role: - name: tripleo_ovn - tasks_from: install.yml - tags: - - tripleo_ovn diff --git a/tripleo_ansible/playbooks/deploy-tripleo-os-run.yml b/tripleo_ansible/playbooks/deploy-tripleo-os-run.yml deleted file mode 100644 index 258bf543a..000000000 --- a/tripleo_ansible/playbooks/deploy-tripleo-os-run.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- hosts: "{{ primary_role_name | default([]) }}:{{ deploy_target_host | default('overcloud') }}" - name: Deploy TripleO Operating System Run - strategy: tripleo_free - gather_facts: "{{ gather_facts | default(false) }}" - any_errors_fatal: true - become: true - tasks: - - name: Run tripleo_sshd - import_role: - name: tripleo_sshd - tasks_from: run.yml - tags: - - tripleo_sshd - - name: Run chrony - import_role: - name: chrony - tasks_from: run.yml - tags: - - chrony - - name: Run chrony (online) - import_role: - name: chrony - tasks_from: online.yml - tags: - - chrony - - name: Run chrony (sync) - import_role: - name: chrony - tasks_from: sync.yml - tags: - - chrony - - name: Run tripleo_timezone - import_role: - name: tripleo_timezone - tasks_from: run.yml - tags: - - tripleo_timezone - - name: Run tripleo_ovn - import_role: - name: tripleo_ovn - tasks_from: run.yml - tags: - - tripleo_ovn diff --git a/tripleo_ansible/playbooks/deploy-tripleo-pre-network.yml b/tripleo_ansible/playbooks/deploy-tripleo-pre-network.yml deleted file mode 100644 index c7d01ad81..000000000 --- a/tripleo_ansible/playbooks/deploy-tripleo-pre-network.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- hosts: "{{ primary_role_name | default([]) }}:{{ deploy_target_host | default('overcloud') }}" - strategy: tripleo_free - name: Deploy TripleO Pre Network - gather_facts: "{{ gather_facts | default(false) }}" - any_errors_fatal: true - tasks: - - - name: Configure Hosts Entries - import_role: - name: tripleo_hosts_entries - vars: - tripleo_hosts_entries_undercloud_hosts_entries: "{{ undercloud_hosts_entries }}" - tripleo_hosts_entries_extra_hosts_entries: "{{ extra_hosts_entries }}" - tripleo_hosts_entries_vip_hosts_entries: "{{ vip_hosts_entries }}" - tags: - - tripleo_hosts_entries diff --git a/tripleo_ansible/playbooks/deploy-tripleo-selinux.yml b/tripleo_ansible/playbooks/deploy-tripleo-selinux.yml deleted file mode 100644 index 69d67d0b8..000000000 --- a/tripleo_ansible/playbooks/deploy-tripleo-selinux.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- hosts: "{{ deploy_target_host | default('overcloud') }}" - strategy: tripleo_linear - name: Manage SELinux - gather_facts: "{{ gather_facts | default(false) }}" - any_errors_fatal: true - tasks: - - name: Set selinux state - become: true - selinux: - policy: targeted - state: "{{ tripleo_selinux_mode }}" diff --git a/tripleo_ansible/playbooks/derive-local-hci-parameters.yml b/tripleo_ansible/playbooks/derive-local-hci-parameters.yml deleted file mode 100644 index 5c31736af..000000000 --- a/tripleo_ansible/playbooks/derive-local-hci-parameters.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- name: Derive HCI parameters before deployment - hosts: localhost - gather_facts: false - vars: - # Set the following variables for your environment - ironic_node_id: # provide your Ironic UUID here - role: ComputeHCI - average_guest_cpu_utilization_percentage: 50 - average_guest_memory_size_in_mb: 8192 - heat_environment_input_file: /home/stack/ceph_overrides.yaml - new_heat_environment_output_file: /home/stack/hci_result.yaml - report_path: /home/stack/hci_report.txt - tasks: - - name: Get baremetal inspection data - tripleo_get_introspected_data: - node_id: "{{ ironic_node_id }}" - register: ironic - - - name: Get tripleo CephDisks environment paramters - set_fact: - heat_env: "{{ lookup('file', heat_environment_input_file) | from_yaml }}" - - - name: Derive HCI parameters - tripleo_derive_hci_parameters: - tripleo_role_name: "{{ role }}" - average_guest_cpu_utilization_percentage: "{{ average_guest_cpu_utilization_percentage }}" - average_guest_memory_size_in_mb: "{{ average_guest_memory_size_in_mb }}" - introspection_data: "{{ ironic }}" - tripleo_environment_parameters: "{{ heat_env['parameter_defaults'] }}" - new_heat_environment_path: "{{ new_heat_environment_output_file }}" - report_path: "{{ report_path }}" - register: derived_parameters_result - - - name: Display steps on what to do next - debug: - msg: >- - You may deploy your overcloud using -e {{ new_heat_environment_output_file }} - so that the role {{ role }} has its Nova configuration tuned to reserve - CPU and Memory for its collocated Ceph OSDs. For an explanation see - {{ report_path }}. diff --git a/tripleo_ansible/playbooks/disable_cephadm.yml b/tripleo_ansible/playbooks/disable_cephadm.yml deleted file mode 100644 index edb52e6b4..000000000 --- a/tripleo_ansible/playbooks/disable_cephadm.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# TODO: check the orchestrator is up - -- name: Pause cephadm - hosts: allovercloud - tasks: - - name: Pause cephadm - run_once: true - import_role: - name: tripleo_cephadm - tasks_from: toggle_cephadm - vars: - backend: '' - action: disable diff --git a/tripleo_ansible/playbooks/docker-vfs-setup.yml b/tripleo_ansible/playbooks/docker-vfs-setup.yml deleted file mode 100644 index 6e8857d57..000000000 --- a/tripleo_ansible/playbooks/docker-vfs-setup.yml +++ /dev/null @@ -1,110 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Docker vfs setup - hosts: all - gather_facts: true - handlers: - - name: Stop docker daemon - become: true - systemd: - name: docker - state: stopped - listen: Restart docker - - - name: Start docker daemon - become: true - systemd: - name: docker - state: started - listen: Restart docker - - - name: Cleanup temp json file - become: true - file: - path: "{{ tripleo_docker_temp_file }}" - state: absent - pre_tasks: - - name: Set temp file fact - set_fact: - tripleo_docker_temp_file: "{{ ansible_user_dir }}/.ansible/tmp/docker-daemon-{{ inventory_hostname }}.json" - when: - - tripleo_docker_temp_file is undefined - tasks: - - name: Storage driver block - become: true - when: - - (tripleo_docker_enable_vfs | default(false)) | bool - block: - - name: Create ansible temp directory - file: - path: "{{ tripleo_docker_temp_file | dirname }}" - state: directory - - - name: Check for docker json file - stat: - path: /etc/docker/daemon.json - register: daemon_json - - - name: Store config file - fetch: - src: /etc/docker/daemon.json - dest: "{{ tripleo_docker_temp_file }}" - flat: true - register: stored_file - when: - - daemon_json.stat.exists | bool - notify: - - Cleanup temp json file - - - name: Insert storage-driver into docker daemon config (existing) - include_role: - name: tripleo_config - vars: - tripleo_config_src: "{{ tripleo_docker_temp_file }}" - tripleo_config_type: json - tripleo_config_dest: /etc/docker/daemon.json - tripleo_config_overrides: - storage-driver: vfs - when: - - daemon_json.stat.exists | bool - - - name: Insert storage-driver into docker daemon config (new) - include_role: - name: tripleo_config - vars: - tripleo_config_type: json - tripleo_config_dest: /etc/docker/daemon.json - tripleo_config_overrides: - storage-driver: vfs - when: - - not (daemon_json.stat.exists | bool) - post_tasks: - - name: Get checksum from running docker config - stat: - path: /etc/docker/daemon.json - register: running_file - - - name: Notify config changes - debug: - msg: "Configuration changes detected notifying handlers" - changed_when: true - when: - - (not (stored_file.changed | bool)) or - (stored_file.checksum != running_file.stat.checksum) - notify: - - Restart docker diff --git a/tripleo_ansible/playbooks/fetch-logs.yml b/tripleo_ansible/playbooks/fetch-logs.yml deleted file mode 100644 index a646b95cc..000000000 --- a/tripleo_ansible/playbooks/fetch-logs.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Fetch logs - hosts: "{{ target_hosts | default('all') }}" - become: true - tasks: - - name: Fetch logs from remote systems - import_role: - name: openstack-operations - tasks_from: fetch_logs.yml diff --git a/tripleo_ansible/playbooks/group_vars/.gitkeep b/tripleo_ansible/playbooks/group_vars/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/playbooks/host_vars/.gitkeep b/tripleo_ansible/playbooks/host_vars/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/playbooks/octavia-dcn-deployment.yaml b/tripleo_ansible/playbooks/octavia-dcn-deployment.yaml deleted file mode 100644 index 5f580d192..000000000 --- a/tripleo_ansible/playbooks/octavia-dcn-deployment.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- hosts: undercloud - gather_facts: false - environment: - OS_CLOUD: "{{ stack }}" - roles: - - octavia_overcloud_dcn_config - -- hosts: octavia_health_manager,octavia_worker,octavia_housekeeping - gather_facts: false - vars: - # Get variables defined for the undercloud in the inventory - username: "{{ hostvars['undercloud'].username }}" - project_name: "{{ hostvars['undercloud'].project_name }}" - overcloud_admin_password: "{{ hostvars['undercloud'].overcloud_admin_password }}" - overcloud_keystone_url: "{{ hostvars['undercloud'].overcloud_keystone_url }}" - - environment: - OS_CLOUD: "{{ stack }}" - roles: - - octavia_controller_dcn_config diff --git a/tripleo_ansible/playbooks/octavia-files.yaml b/tripleo_ansible/playbooks/octavia-files.yaml deleted file mode 100644 index a70e2f966..000000000 --- a/tripleo_ansible/playbooks/octavia-files.yaml +++ /dev/null @@ -1,116 +0,0 @@ ---- -- hosts: Undercloud[0] - remote_user: stack - gather_facts: true - vars: - amp_ssh_key_name: "{{ amp_ssh_key_name }}" - amp_ssh_key_path: "{{ amp_ssh_key_path }}" - amp_to_raw: "{{ amp_to_raw | bool }}" - auth_username: "{{ auth_username }}" - auth_password: "{{ auth_password }}" - auth_project_name: "{{ auth_project_name }}" - environment: - OS_USERNAME: "{{ os_username }}" - OS_USER_DOMAIN_NAME: "Default" - OS_PROJECT_DOMAIN_NAME: "Default" - NOVA_VERSION: "1.1" - OS_PROJECT_NAME: "{{ os_project_name }}" - OS_PASSWORD: "{{ os_password }}" - COMPUTE_API_VERSION: "1.1" - OS_CLOUDNAME: "overcloud" - OS_AUTH_URL: "{{ os_auth_url }}" - OS_IDENTITY_API_VERSION: "{{ os_identity_api_version }}" - OS_IMAGE_API_VERSION: "2" - OS_AUTH_TYPE: "{{ os_auth_type }}" - roles: - - octavia_undercloud - -- hosts: octavia_nodes - gather_facts: true - vars: - generate_certs: "{{ generate_certs }}" - octavia_confd_prefix: "/var/lib/config-data/puppet-generated/octavia" - ca_cert_path: "{{ ca_cert_path }}" - ca_private_key_path: "{{ ca_private_key_path }}" - client_cert_path: "{{ client_cert_path }}" - tasks: - - include_role: - name: octavia_controller_check - when: - - generate_certs | bool - -- hosts: octavia_nodes[0] - gather_facts: true - vars: - generate_certs: "{{ generate_certs }}" - octavia_confd_prefix: "/var/lib/config-data/puppet-generated/octavia" - openssl_temp_dir: "/tmp/octavia-ssl" - ca_cert_path: "{{ ca_cert_path }}" - ca_private_key_path: "{{ ca_private_key_path }}" - ca_passphrase: "{{ ca_passphrase }}" - client_cert_path: "{{ client_cert_path }}" - auth_project_name: "{{ auth_project_name }}" - auth_username: "{{ auth_username }}" - auth_password: "{{ auth_password }}" - environment: - OS_USERNAME: "{{ os_username }}" - OS_USER_DOMAIN_NAME: "Default" - OS_PROJECT_DOMAIN_NAME: "Default" - NOVA_VERSION: "1.1" - OS_PROJECT_NAME: "{{ os_project_name }}" - OS_PASSWORD: "{{ os_password }}" - COMPUTE_API_VERSION: "1.1" - OS_CLOUDNAME: "overcloud" - OS_AUTH_URL: "{{ os_int_auth_url }}" - OS_INTERFACE: "internal" - OS_ENDPOINT_TYPE: "internal" - OS_IDENTITY_API_VERSION: "{{ os_identity_api_version }}" - OS_IMAGE_API_VERSION: "2" - OS_AUTH_TYPE: "{{ os_auth_type }}" - roles: - - octavia_overcloud_config - -- hosts: octavia_nodes - gather_facts: true - vars: - octavia_confd_prefix: "/var/lib/config-data/puppet-generated/octavia" - lb_mgmt_net_id: "{{ hostvars[groups['octavia_nodes'][0]]['lb_mgmt_net_id'] }}" - lb_mgmt_secgroup_id: "{{ hostvars[groups['octavia_nodes'][0]]['lb_mgmt_secgroup_id'] }}" - updated_private_key_content: "{{ hostvars[groups['octavia_nodes'][0]]['private_key_content'] | default('') }}" - updated_ca_cert_content: "{{ hostvars[groups['octavia_nodes'][0]]['ca_cert_content'] | default('') }}" - updated_service_pem_content: "{{ hostvars[groups['octavia_nodes'][0]]['service_pem_content'] | default('') }}" - update_certs: "{{ hostvars[groups['octavia_nodes'][0]]['update_certs'] | default(true) }}" - generate_certs: "{{ generate_certs }}" - ca_cert_path: "{{ ca_cert_path }}" - ca_private_key_path: "{{ ca_private_key_path }}" - ca_passphrase: "{{ ca_passphrase }}" - client_cert_path: "{{ client_cert_path }}" - auth_project_name: "{{ auth_project_name }}" - environment: - OS_USERNAME: "{{ os_username }}" - OS_USER_DOMAIN_NAME: "Default" - OS_PROJECT_DOMAIN_NAME: "Default" - NOVA_VERSION: "1.1" - OS_PROJECT_NAME: "{{ os_project_name }}" - OS_PASSWORD: "{{ os_password }}" - COMPUTE_API_VERSION: "1.1" - OS_CLOUDNAME: "overcloud" - OS_AUTH_URL: "{{ os_int_auth_url }}" - OS_INTERFACE: "internal" - OS_ENDPOINT_TYPE: "internal" - OS_IDENTITY_API_VERSION: "{{ os_identity_api_version }}" - OS_IMAGE_API_VERSION: "2" - OS_AUTH_TYPE: "{{ os_auth_type }}" - roles: - - octavia_controller_config - -- hosts: octavia_nodes - gather_facts: true - vars: - octavia_confd_prefix: "/var/lib/config-data/puppet-generated/octavia" - container_cli: "{{ container_cli }}" - enable_log_offloading: "{{ enable_log_offloading }}" - admin_log_targets: "{{ octavia_admin_log_targets | default([]) }}" - tenant_log_targets: "{{ octavia_tenant_log_targets | default([]) }}" - roles: - - octavia_controller_post_config diff --git a/tripleo_ansible/playbooks/prepare-nfs-backup.yaml b/tripleo_ansible/playbooks/prepare-nfs-backup.yaml deleted file mode 100644 index b4aed3dfc..000000000 --- a/tripleo_ansible/playbooks/prepare-nfs-backup.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Check BackupNode group - hosts: localhost - tasks: - - assert: - that: - - nfs_server_group_name | default("BackupNode") in groups - - ( groups[nfs_server_group_name | default("BackupNode") ] | length ) > 0 - fail_msg: "There is no server on {{ nfs_server_group_name | default('BackupNode') }} groups" - tags: bar_setup_nfs_server - -- name: TripleO BackupNode NFS installation and configuration. - hosts: '{{ nfs_server_group_name | default("BackupNode") }}' - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - become: true - roles: - - role: backup_and_restore diff --git a/tripleo_ansible/playbooks/prepare-overcloud-backup.yaml b/tripleo_ansible/playbooks/prepare-overcloud-backup.yaml deleted file mode 100644 index c0de0dd52..000000000 --- a/tripleo_ansible/playbooks/prepare-overcloud-backup.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Stop executing if one of the hosts is unreachable - hosts: '{{ tripleo_controller_group_name }}' - become: true - vars_files: - ../roles/backup_and_restore/defaults/main.yml - tasks: - - name: Check ALL hosts are reacheable - fail: - msg: > - [REQUIRED] ALL hosts to be reachable, so flagging {{ inventory_hostname }} as failed, - because host {{ item }} has no facts, meaning it is UNREACHABLE. - when: "hostvars[item].ansible_facts|list|length == 0" - with_items: "{{ groups[tripleo_controller_group_name] }}" - run_once: true - -- name: TripleO Controller ReaR installation and configuration. - hosts: '{{ tripleo_controller_group_name }}' - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - become: true - roles: - - role: backup_and_restore diff --git a/tripleo_ansible/playbooks/prepare-test-host.yml b/tripleo_ansible/playbooks/prepare-test-host.yml deleted file mode 100644 index e870fc279..000000000 --- a/tripleo_ansible/playbooks/prepare-test-host.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: pre prepare - hosts: all - gather_facts: false - tasks: - - name: set basic user fact - fail: - msg: >- - The variable `ansible_user` set this option and try again. On the - CLI this can be defined with "-e ansible_user=${USER}" - when: - - ansible_user is undefined - - - name: set basic home fact - fail: - msg: >- - The variable `ansible_user_dir` set this option and try again. On - the CLI this can be defined with "-e ansible_user_dir=${HOME}" - when: - - ansible_user_dir is undefined - - - name: Ensure the user has a .ssh directory - file: - path: "{{ ansible_user_dir }}/.ssh" - state: directory - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: "0700" - - - name: Create ssh key pair - user: - name: "{{ ansible_user }}" - generate_ssh_key: true - ssh_key_bits: 2048 - ssh_key_file: "{{ ansible_user_dir }}/.ssh/id_rsa" - - - name: Slurp pub key - slurp: - src: "{{ ansible_user_dir ~ '/.ssh/id_rsa.pub' }}" - register: pub_key - - - name: Ensure can ssh to can connect to localhost - authorized_key: - user: "{{ ansible_user }}" - key: "{{ pub_key['content'] | b64decode }}" - - - name: Get the zuul/zuul-jobs repo - git: - repo: https://opendev.org/zuul/zuul-jobs - dest: "{{ ansible_user_dir }}/zuul-jobs" - version: master - force: true diff --git a/tripleo_ansible/playbooks/prepare-undercloud-backup.yaml b/tripleo_ansible/playbooks/prepare-undercloud-backup.yaml deleted file mode 100644 index e30f5ee86..000000000 --- a/tripleo_ansible/playbooks/prepare-undercloud-backup.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: TripleO Undercloud ReaR installation and configuration. - hosts: Undercloud - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - become: true - roles: - - role: backup_and_restore diff --git a/tripleo_ansible/playbooks/restart-service.yml b/tripleo_ansible/playbooks/restart-service.yml deleted file mode 100644 index 95f7bcb74..000000000 --- a/tripleo_ansible/playbooks/restart-service.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Restart OpenStack services - hosts: "{{ target_hosts | default('all') }}" - become: true - tasks: - - name: Restart services - import_role: - name: openstack-operations - tasks_from: restart_service.yml diff --git a/tripleo_ansible/playbooks/rotate-fernet-keys.yaml b/tripleo_ansible/playbooks/rotate-fernet-keys.yaml deleted file mode 100644 index a1cf6613c..000000000 --- a/tripleo_ansible/playbooks/rotate-fernet-keys.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Rotate fernet keys - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('undercloud') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - container: overcloud - hide_sensitive_logs: true - - tasks: - - name: Set fernet_keys_environment_path - set_fact: - fernet_keys_environment_path: "{{ lookup('env', 'HOME')~'/rotated_fernet_keys.yaml'}}" - when: fernet_keys_environment_path is not defined - - - name: Rotate keys - tripleo_fernet_keys_rotate: - container: "{{ container }}" - register: fernet_keys - no_log: "{{ hide_sensitive_logs | bool }}" - - - name: Write fernet_keys file - no_log: "{{ hide_sensitive_logs | bool }}" - block: - - name: Create fernet_keys parameter fact - set_fact: - fernet_params_env: "{{ {'parameter_defaults': (fernet_keys['fernet_keys'] | default({}))} }}" - - - name: Write fernet_keys environment file - copy: - dest: "{{ fernet_keys_environment_path }}" - content: "{{ fernet_params_env | to_nice_yaml(indent=2) }}" - when: - - fernet_keys_environment_path is defined - - fernet_keys is defined - -- name: Rotate fernet keys on controller nodes - import_playbook: rotate-keys.yaml fernet_keys="{{ hostvars['undercloud']['fernet_keys']['fernet_keys'] }}" - - tags: - - rotate-fernet-keys diff --git a/tripleo_ansible/playbooks/rotate-keys.yaml b/tripleo_ansible/playbooks/rotate-keys.yaml deleted file mode 100644 index 657a1a136..000000000 --- a/tripleo_ansible/playbooks/rotate-keys.yaml +++ /dev/null @@ -1,88 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: keystone - vars: - hide_sensitive_logs: true - tasks: - - name: Check for containerized keystone fernet repository - stat: - path: /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/ - register: containerized_keystone_dir - - - name: populate service facts - service_facts: - - - name: Set container facts - set_fact: - is_container: "{{ containerized_keystone_dir.stat.isdir is defined and containerized_keystone_dir.stat.isdir }}" - podman_enabled: "{{ 'tripleo_keystone.service' in ansible_facts.services }}" - - - name: Rotate fernet keys for keystone container - block: - - name: Set keystone facts - set_fact: - keystone_base: /var/lib/config-data/puppet-generated/keystone - - - name: Remove previous fernet keys - shell: rm -rf /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/* - - - name: Persist fernet keys to repository - copy: - dest: "{{ keystone_base }}{{ item.key }}" - content: "{{ item.value.content }}" - mode: 0600 - with_dict: "{{ fernet_keys }}" - no_log: "{{ hide_sensitive_logs | bool }}" - - - name: Set permissions to match container's user - shell: chown --reference={{ keystone_base }}/etc/keystone/fernet-keys {{ keystone_base }}{{ item.key }} - with_dict: "{{ fernet_keys }}" - no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" - - - name: Restart keystone container with docker - shell: docker restart keystone - when: not podman_enabled - - - name: Restart keystone container - service: - name: tripleo_keystone - state: restarted - when: podman_enabled - when: - - is_container | bool - - - name: Rotate fernet keys for keystone (no container) - block: - - name: Remove previous fernet keys - shell: rm -rf /etc/keystone/fernet-keys/* - - - name: Persist fernet keys to repository - copy: - dest: "{{ item.key }}" - content: "{{ item.value.content }}" - mode: 0600 - owner: keystone - group: keystone - with_dict: "{{ fernet_keys }}" - no_log: "{{ hide_sensitive_logs | bool }}" - - - name: Reload apache - service: - name: httpd - state: reloaded - when: - - not (is_container | bool) diff --git a/tripleo_ansible/playbooks/rotate-passwords.yaml b/tripleo_ansible/playbooks/rotate-passwords.yaml deleted file mode 100644 index 8de08f338..000000000 --- a/tripleo_ansible/playbooks/rotate-passwords.yaml +++ /dev/null @@ -1,55 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Rotate passwords - connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" - hosts: "{{ tripleo_target_host | default('undercloud') }}" - remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" - gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" - any_errors_fatal: true - vars: - stack: overcloud - password_list: [] - hide_sensitive_logs: true - tasks: - - name: Set passwords_environment_path - set_fact: - passwords_environment_path: "{{ lookup('env', 'HOME')~'/rotated_passwords.yaml'}}" - when: passwords_environment_path is not defined - - - name: Rotate passwords - tripleo_passwords_rotate: - container: "{{ container }}" - password_list: "{{ password_list }}" - no_log: "{{ hide_sensitive_logs | bool }}" - register: rotated_passwords_result - - - name: Write password file - no_log: "{{ hide_sensitive_logs | bool }}" - block: - - name: Create password parameter fact - set_fact: - passwords_params_env: "{{ {'parameter_defaults': (rotated_passwords_result['passwords'] | default({}))} }}" - - - name: Write password environment file - copy: - dest: "{{ passwords_environment_path }}" - content: "{{ passwords_params_env | to_nice_yaml(indent=2) }}" - when: - - passwords_environment_path is defined - - rotated_passwords_result is defined - tags: - - rotate-passwords diff --git a/tripleo_ansible/playbooks/tripleo_nova_image_cache.yml b/tripleo_ansible/playbooks/tripleo_nova_image_cache.yml deleted file mode 100644 index c36c9dbf8..000000000 --- a/tripleo_ansible/playbooks/tripleo_nova_image_cache.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: TripleO Nova image cache management - hosts: "{{ tripleo_nova_image_cache_plan + '_nova_compute' if tripleo_nova_image_cache_plan|default('') else 'nova_compute'}}" - environment: - # export everything in overcloudrc for openstacksdk - NOVA_VERSION: "{{ lookup('env', 'NOVA_VERSION') }}" - COMPUTE_API_VERSION: "{{ lookup('env', 'COMPUTE_API_VERSION') }}" - OS_USERNAME: "{{ lookup('env', 'OS_USERNAME') }}" - OS_PROJECT_NAME: "{{ lookup('env', 'OS_PROJECT_NAME') }}" - OS_USER_DOMAIN_NAME: "{{ lookup('env', 'OS_USER_DOMAIN_NAME') }}" - OS_PROJECT_DOMAIN_NAME: "{{ lookup('env', 'OS_PROJECT_DOMAIN_NAME') }}" - OS_NO_CACHE: "{{ lookup('env', 'OS_NO_CACHE') }}" - no_proxy: "{{ lookup('env', 'no_proxy') }}" - OS_AUTH_TYPE: "{{ lookup('env', 'OS_AUTH_TYPE') }}" - OS_PASSWORD: "{{ lookup('env', 'OS_PASSWORD') }}" - OS_AUTH_URL: "{{ lookup('env', 'OS_AUTH_URL') }}" - OS_IDENTITY_API_VERSION: "{{ lookup('env', 'OS_IDENTITY_API_VERSION') }}" - OS_IMAGE_API_VERSION: "{{ lookup('env', 'OS_IMAGE_API_VERSION') }}" - OS_VOLUME_API_VERSION: "{{ lookup('env', 'OS_VOLUME_API_VERSION') }}" - OS_REGION_NAME: "{{ lookup('env', 'OS_REGION_NAME') }}" - roles: - - role: tripleo_nova_image_cache - -# Standard inventory: -# -# ansible-playbook -i inventory.yml --extra-vars "@test_args1.yml" tripleo_nova_image_cache.yml -# test_args1.yml -# tripleo_nova_image_cache_images: -# - id: d23c6b8f-e166-4a02-afd8-0ae8d6f73f18 -# - id: 81bbb16-d589-4730-be70-822a82ab6bb9 -# -# Multi-stack inventory: -# -# ansible-playbook -i inventory_multi.yml --extra-vars "@test_args2.yml" tripleo_nova_image_cache.yml -# test_args2.yml: -# tripleo_nova_image_cache_plan: edge0 -# tripleo_nova_image_cache_images: -# - id: d23c6b8f-e166-4a02-afd8-0ae8d6f73f18 -# - id: 81bbb16-d589-4730-be70-822a82ab6bb9 -# tripleo_nova_image_cache_use_proxy: true -# tripleo_nova_image_cache_proxy_hostname: compute-1 # optional, first nova_compute host is used otherwise -# diff --git a/tripleo_ansible/releasenotes/notes/add_designate_bind_configuration-358db5e73e573b5b.yaml b/tripleo_ansible/releasenotes/notes/add_designate_bind_configuration-358db5e73e573b5b.yaml deleted file mode 100644 index f318292be..000000000 --- a/tripleo_ansible/releasenotes/notes/add_designate_bind_configuration-358db5e73e573b5b.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Added ``designate_bind_config`` to configure bind9 backend containers to - work with designate worker services. diff --git a/tripleo_ansible/releasenotes/notes/add_designate_rndc_configuration-00a84578acfb4df5.yaml b/tripleo_ansible/releasenotes/notes/add_designate_rndc_configuration-00a84578acfb4df5.yaml deleted file mode 100644 index 7512a6043..000000000 --- a/tripleo_ansible/releasenotes/notes/add_designate_rndc_configuration-00a84578acfb4df5.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Add ``designate_rndc_config`` role for distributing rndc key information - where necessary for designate. diff --git a/tripleo_ansible/requirements.yml b/tripleo_ansible/requirements.yml deleted file mode 100644 index 872c20340..000000000 --- a/tripleo_ansible/requirements.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -roles: - - name: openstack-operations - scm: git - src: https://opendev.org/openstack/ansible-role-openstack-operations - version: master - trackbranch: master - - # ansible-config_template action plugin - - name: config_template - scm: git - src: https://opendev.org/openstack/ansible-config_template - version: master - trackbranch: master - - - name: chrony - scm: git - src: https://opendev.org/openstack/ansible-role-chrony - version: master - trackbranch: master - -collections: - - ansible.netcommon - - ansible.posix - - community.general - - name: https://opendev.org/openstack/ansible-collections-openstack.git - type: git - version: ed36d82a0c60a841d2f30c61a50d60531481b2cc - - containers.podman - - community.crypto diff --git a/tripleo_ansible/roles.galaxy/.gitkeep b/tripleo_ansible/roles.galaxy/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/roles/aide/defaults/main.yml b/tripleo_ansible/roles/aide/defaults/main.yml deleted file mode 100644 index 689c95b96..000000000 --- a/tripleo_ansible/roles/aide/defaults/main.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# Packages installed on the local system. Allows user to define this list -# otherwise it will inherit from the OS specific variable file(s). -aide_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" -aide_system_packages: "{{ _aide_system_packages | default([]) }}" - -# A hash of Aide rules -aide_rules: {} - -# Aide configuration file -aide_conf_path: /etc/aide.conf - -# Aide integrity database location -aide_db_path: /var/lib/aide/aide.db - -# Aide integrity database temp location -aide_db_temp_path: /var/lib/aide/aide.db.new - -# User which creates and runs the cron job for aide -aide_cron_user: root - -# Hour value for Cron Job -aide_hour: 11 - -# Minute value for Cron Job -aide_minute: 30 - -# Email address to send reports on Cron Job -aide_email: '' - -# Full POSIX path to mail binary -aide_mua_path: /bin/mail diff --git a/tripleo_ansible/roles/aide/meta/main.yml b/tripleo_ansible/roles/aide/meta/main.yml deleted file mode 100644 index 7b555ac04..000000000 --- a/tripleo_ansible/roles/aide/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- aide - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/aide/molecule/default/converge.yml b/tripleo_ansible/roles/aide/molecule/default/converge.yml deleted file mode 100644 index 22cf4717b..000000000 --- a/tripleo_ansible/roles/aide/molecule/default/converge.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "aide" - post_tasks: - - include_role: - name: aide # Role is include as a post task to test upgrade logic diff --git a/tripleo_ansible/roles/aide/molecule/default/molecule.yml b/tripleo_ansible/roles/aide/molecule/default/molecule.yml deleted file mode 100644 index 5b32dc746..000000000 --- a/tripleo_ansible/roles/aide/molecule/default/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/aide/molecule/default/prepare.yml b/tripleo_ansible/roles/aide/molecule/default/prepare.yml deleted file mode 100644 index de57f3847..000000000 --- a/tripleo_ansible/roles/aide/molecule/default/prepare.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - cronie - - role: env_data diff --git a/tripleo_ansible/roles/aide/tasks/aide_config.yml b/tripleo_ansible/roles/aide/tasks/aide_config.yml deleted file mode 100644 index 5a60d7568..000000000 --- a/tripleo_ansible/roles/aide/tasks/aide_config.yml +++ /dev/null @@ -1,94 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Check for aide db - stat: - path: "{{ aide_db_path }}" - register: aide_db_path_check - -- name: Ensure aide DB config is set - lineinfile: - path: "{{ aide_conf_path }}" - line: "{{ item.line }}" - create: true - when: - - item.condition | bool - with_items: - - line: "database=file:{{ aide_db_path }}" - condition: true - - line: "database_out=file:{{ aide_db_temp_path }}" - condition: "{{ not (aide_db_path_check.stat.exists | bool) }}" - - line: "database_new=file:{{ aide_db_temp_path }}" - condition: "{{ not (aide_db_path_check.stat.exists | bool) }}" - -- name: Initialize aide database - command: >- - /usr/sbin/aide --init --config {{ aide_conf_path }} - changed_when: false - no_log: "{{ not (aide_debug | bool) }}" - args: - creates: "{{ aide_db_path }}" - -- name: Check for tmp aide db - stat: - path: "{{ aide_db_temp_path }}" - register: aide_db_temp_path_check - -- name: Copy aide db - copy: - src: "{{ aide_db_temp_path }}" - dest: "{{ aide_db_path }}" - remote_src: true - when: - - aide_db_temp_path_check.stat.exists | bool - - not (aide_db_path_check.stat.exists | bool) - -- name: Set aide command fact with email - set_fact: - aide_command: >- - /usr/sbin/aide - --check - --config {{ aide_conf_path }} - | {{ aide_mua_path }} - -s '{{ ansible_facts['fqdn'] }} - AIDE integrity check' {{ aide_email }} - when: - - aide_email.find("v=" ~ "@") == -1 - -- name: Email aide block - when: - - aide_email.find("v=" ~ "@") != -1 - block: - - name: Ensure audit directory exists - file: - path: "/var/log/audit" - state: directory - - - name: Set aide command fact - set_fact: - aide_command: >- - /usr/sbin/aide - --check - --config {{ aide_conf_path }} - > /var/log/audit/aide_$(date +%Y-%m-%d).log - -- name: Create aide cron entry - cron: - name: "aide" - job: "{{ aide_command }}" - user: "{{ aide_cron_user }}" - hour: "{{ aide_hour | string }}" - minute: "{{ aide_minute | string }}" diff --git a/tripleo_ansible/roles/aide/tasks/aide_install.yml b/tripleo_ansible/roles/aide/tasks/aide_install.yml deleted file mode 100644 index 83b207af9..000000000 --- a/tripleo_ansible/roles/aide/tasks/aide_install.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Ensure Aide is installed - package: - name: "{{ aide_system_packages }}" - state: present - -- include_tasks: aide_config.yml diff --git a/tripleo_ansible/roles/aide/tasks/aide_upgrade.yml b/tripleo_ansible/roles/aide/tasks/aide_upgrade.yml deleted file mode 100644 index 839b904ee..000000000 --- a/tripleo_ansible/roles/aide/tasks/aide_upgrade.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Ensure Aide is installed and updated - package: - name: "{{ aide_system_packages }}" - state: latest - -- name: Initialize aide database - command: >- - /usr/sbin/aide --init --config {{ aide_conf_path }} - changed_when: false - no_log: "{{ not (aide_debug | bool) }}" - -- name: Check for tmp aide db - stat: - path: "{{ aide_db_temp_path }}" - register: aide_db_temp_path_check - -- name: Copy new aide db - copy: - src: "{{ aide_db_temp_path }}" - dest: "{{ aide_db_path }}" - remote_src: true - when: - - aide_db_temp_path_check.stat.exists | bool diff --git a/tripleo_ansible/roles/aide/tasks/main.yml b/tripleo_ansible/roles/aide/tasks/main.yml deleted file mode 100644 index 757523b8f..000000000 --- a/tripleo_ansible/roles/aide/tasks/main.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "aide" will search for and load any operating system variable file -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Check for aide - stat: - path: "/usr/sbin/aide" - register: aide_path_check - -- include_tasks: "aide_install.yml" - when: - - not (aide_path_check.stat.exists | bool) - -- include_tasks: "aide_upgrade.yml" - when: - - aide_path_check.stat.exists | bool diff --git a/tripleo_ansible/roles/aide/vars/redhat.yml b/tripleo_ansible/roles/aide/vars/redhat.yml deleted file mode 100644 index f18c17fd8..000000000 --- a/tripleo_ansible/roles/aide/vars/redhat.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_aide_system_packages: - - aide diff --git a/tripleo_ansible/roles/backup_and_restore/defaults/main.yml b/tripleo_ansible/roles/backup_and_restore/defaults/main.yml deleted file mode 100644 index d1b3bbaa3..000000000 --- a/tripleo_ansible/roles/backup_and_restore/defaults/main.yml +++ /dev/null @@ -1,154 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. -tripleo_backup_and_restore_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" -tripleo_backup_and_restore_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" -tripleo_controller_group_name: "{{ controller_group_name | default('Controller') }}" - -# Set the container command line entry-point -tripleo_container_cli: "{{ container_cli | default('podman') }}" -tripleo_container_cli_flags: "" -# Stop and start all running services before backup is ran. -tripleo_backup_and_restore_service_manager: true - -# If this is false, backup of the overcloud is taken by stopping it completely. Enable it to do a -# backup stopping only one node at a time, maintaining the controller active during the backup duration. -tripleo_backup_and_restore_enable_snapshots: true - -# Set the name of the mysql container -tripleo_backup_and_restore_mysql_container: mysql - -# Default name for the Undercloud mysql DB backup file -tripleo_backup_and_restore_mysql_backup_file: "openstack-backup-mysql.sql" - -# Default name for the Undercloud mysql DB grants file -tripleo_backup_and_restore_mysql_grants_file: "openstack-backup-mysql-grants.sql" - -# All variables within this role should have a prefix of "tripleo_backup_and_restore" -# By default this should be the Undercloud node -tripleo_backup_and_restore_server: 192.168.24.1 -tripleo_backup_and_restore_shared_storage_folder: /ctl_plane_backups -tripleo_backup_and_restore_shared_storage_subfolders: [] -tripleo_backup_and_restore_clients_nets: ['192.168.24.0/24', '10.0.0.0/24', '172.16.0.0/24'] -tripleo_backup_and_restore_rear_simulate: false -tripleo_backup_and_restore_using_uefi_bootloader: 0 -tripleo_backup_and_restore_exclude_paths_common: ['/data/*', '/tmp/*', '{{ tripleo_backup_and_restore_shared_storage_folder }}/*'] -tripleo_backup_and_restore_exclude_paths_controller_non_bootstrapnode: false -tripleo_backup_and_restore_exclude_paths_controller: ['/var/lib/mysql/*'] -tripleo_backup_and_restore_exclude_paths_compute: ['/var/lib/nova/instances/*'] -tripleo_backup_and_restore_hiera_config_file: "/etc/puppet/hiera.yaml" - -# This var is a dictionary of the configuration of the /etc/rear/local.conf -# The key:value will be interpreted as key=value on the configuration file. -# To set that the value is a string, it needs to be single quoted followed by -# double quoted as it will be interpreted by BASH. -tripleo_backup_and_restore_local_config: - ISO_DEFAULT: '"automatic"' - OUTPUT: ISO - BACKUP: NETFS - BACKUP_PROG_COMPRESS_OPTIONS: '( --gzip)' - BACKUP_PROG_COMPRESS_SUFFIX: '".gz"' - OUTPUT_URL: "{{ tripleo_backup_and_restore_output_url }}" - ISO_PREFIX: "{{ tripleo_backup_and_restore_hostname.stdout }}" - BACKUP_URL: "{{ tripleo_backup_and_restore_backup_url }}" - BACKUP_PROG_CRYPT_ENABLED: "{{ tripleo_backup_and_restore_crypt_backup_enabled | default(false) }}" - BACKUP_PROG_CRYPT_KEY: "{{ tripleo_backup_and_restore_crypt_backup_password | default('REPLACE_ME') }}" - -# This var is used to define the commands to be run for preparing the network -# during the restoration phase. Because ReaR does not support ovs, it is required -# to setup the network for connecting to the backup node. -# This is configured on /etc/rear/local.conf -# as an example -# ('ip l a br-ex type bridge' 'ip l s ens3 up' 'ip l s br-ex up' 'ip l s ens3 master br-ex' 'dhclient br-ex') -tripleo_backup_and_restore_network_preparation_commands: "()" - -# This var is a dictionary of the configuration of the /etc/rear/rescue.conf -# The key:value will be interpreted as key=value on the configuration file. -# To set that the value is a string, it needs to be single quoted followed by -# double quoted as it will be interpreted by BASH. -tripleo_backup_and_restore_rescue_config: {} - -tripleo_backup_and_restore_output_url: "nfs://{{ tripleo_backup_and_restore_server }}{{ tripleo_backup_and_restore_shared_storage_folder }}" -tripleo_backup_and_restore_backup_url: "nfs://{{ tripleo_backup_and_restore_server }}{{ tripleo_backup_and_restore_shared_storage_folder }}" - -# Ceph authentication backup file -tripleo_backup_and_restore_ceph_auth_file: "ceph_auth_export.bak" - -# Ceph backup file -tripleo_backup_and_restore_ceph_backup_file: "/var/lib/ceph.tar.gz" - -# Ceph directory to back up -tripleo_backup_and_restore_ceph_path: "/var/lib/ceph" - -# If there is a firewalld active, setup the zone where the NFS server ports need to be opened -tripleo_backup_and_restore_firewalld_zone: "libvirt" - -# The ReaR rpm installs a cronjob at 1:30 each day by default. This variable deactivate that behaviour. -tripleo_backup_and_restore_remove_default_cronjob: true - -# Skip the ping test to the server on rear setup -tripleo_backup_and_restore_skip_server_test: false - -# How many seconds do we want to wait fir pcs cluster stop to finish -tripleo_backup_and_restore_pcs_timeout: 3600 - -# Date argument to get the string of the backup -tripleo_backup_and_restore_date_argument: '%Y%m%d%H%M' - -# Enable historical backups -tripleo_backup_and_restore_historical: true - -# Cron programming, by default, run cron weekly at midnight on Sundays -tripleo_backup_and_restore_cron: "0 0 * * 0" - -# The user that will run the backup command. If empty, root will run the backup command -tripleo_backup_and_restore_cron_user: "stack" - -# Any extra parameters that will be added to the backup command when it is executed by cron -tripleo_backup_and_restore_cron_extra: "" - -# The role which handles the ceph on the controllers -tripleo_backup_and_restore_ceph_mon_role: "ceph_mon" - -# The cephadm path -tripleo_backup_and_restore_cephadm_path: "/usr/sbin/cephadm" - -# The name of the node to restore -tripleo_backup_and_restore_overcloud_restore_name: undercloud - -# Ironic images path -tripleo_backup_and_restore_ironic_images_path: "/var/lib/ironic/images" - -# Restore retries -tripleo_backup_and_restore_restore_retries: 300 - -# Restore delay -tripleo_backup_and_restore_restore_delay: 10 - -# Galera retries -tripleo_backup_and_restore_galera_retries: 300 - -# Galera delay -tripleo_backup_and_restore_galera_delay: 10 - -# Ironic ubdirectory where the kernel and initrd are uploaded -backup_and_restore_history_path: "" - -# Ceph cluster name -tripleo_backup_and_restore_ceph_cluster: "ceph" -tripleo_backup_and_restore_ceph_admin_keyring: "/etc/ceph/{{ tripleo_backup_and_restore_ceph_cluster }}.client.admin.keyring" diff --git a/tripleo_ansible/roles/backup_and_restore/meta/main.yml b/tripleo_ansible/roles/backup_and_restore/meta/main.yml deleted file mode 100644 index acc22e485..000000000 --- a/tripleo_ansible/roles/backup_and_restore/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- backup_and_restore - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/backup_and_restore/molecule/cli_undercloud_backup_db/converge.yml b/tripleo_ansible/roles/backup_and_restore/molecule/cli_undercloud_backup_db/converge.yml deleted file mode 100644 index 6b81d39d1..000000000 --- a/tripleo_ansible/roles/backup_and_restore/molecule/cli_undercloud_backup_db/converge.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - become: true - hosts: all - -- import_playbook: ../../../../playbooks/cli-undercloud-db-backup.yaml diff --git a/tripleo_ansible/roles/backup_and_restore/molecule/cli_undercloud_backup_db/molecule.yml b/tripleo_ansible/roles/backup_and_restore/molecule/cli_undercloud_backup_db/molecule.yml deleted file mode 100644 index 02670d293..000000000 --- a/tripleo_ansible/roles/backup_and_restore/molecule/cli_undercloud_backup_db/molecule.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -provisioner: - name: ansible - options: - 'extra-vars': 'tripleo_backup_and_restore_hide_sensitive_logs=false tripleo_backup_and_restore_hiera_config_file={{ ansible_user_dir }}/hiera.yaml' - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - Undercloud: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - name: cli_undercloud_backup_db - test_sequence: - - destroy - - create - - prepare - - converge - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/backup_and_restore/molecule/cli_undercloud_backup_db/prepare.yml b/tripleo_ansible/roles/backup_and_restore/molecule/cli_undercloud_backup_db/prepare.yml deleted file mode 100644 index 80990ff5c..000000000 --- a/tripleo_ansible/roles/backup_and_restore/molecule/cli_undercloud_backup_db/prepare.yml +++ /dev/null @@ -1,115 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - become: true - gather_facts: true - pre_tasks: - - name: set basic user fact - set_fact: - ansible_user: "{{ lookup('env', 'USER') }}" - when: - - ansible_user is undefined - - - name: set basic home fact - set_fact: - ansible_user_dir: "{{ lookup('env', 'HOME') }}" - when: - - ansible_user_dir is undefined - - - name: Disable SELinux - selinux: - state: disabled - - roles: - - role: test_deps - test_deps_setup_tripleo: true - test_deps_tripleo_packages: - - hiera - - podman - test_deps_extra_packages: - - rear - - syslinux - - genisoimage - - kbd - - role: env_data - - post_tasks: - - name: Create hiera config file - file: - path: "{{ ansible_user_dir }}/hiera.yaml" - state: touch - - - name: Create hieradata directory - file: - path: "{{ ansible_user_dir }}/hieradata" - state: directory - mode: '0755' - - - name: Insert some data into hiera.yaml - copy: - dest: "{{ ansible_user_dir }}/hiera.yaml" - content: | - --- - :backends: - - json - :json: - :datadir: {{ ansible_user_dir }}/hieradata - :hierarchy: - - service_configs - - - name: Insert some data into service_configs.json - copy: - dest: "{{ ansible_user_dir }}/hieradata/service_configs.json" - content: | - { - "mysql::server::root_password": "password" - } - - - name: pull some images - containers.podman.podman_image: - name: "{{ item }}" - with_items: - - registry.access.redhat.com/ubi9/ubi-minimal - - quay.io/mariadb-foundation/mariadb-devel:10.11 - - - name: Create a data container - containers.podman.podman_container: - name: "{{ item }}" - image: ubi-minimal - state: started - command: sleep 1d - with_items: - - test-container1 - - test-container2 - - - name: Start mysql container - containers.podman.podman_container: - name: mysql - image: quay.io/mariadb-foundation/mariadb-devel:10.11 - state: started - env: - MYSQL_ROOT_PASSWORD: password - MYSQL_PORT: 3306 - - - name: Wait until mysql is up - shell: podman exec mysql bash -c "find /run/mysqld/mysqld.sock -type s" - register: mysql_result - until: mysql_result.rc == 0 - retries: 20 - delay: 5 diff --git a/tripleo_ansible/roles/backup_and_restore/molecule/default/converge.yml b/tripleo_ansible/roles/backup_and_restore/molecule/default/converge.yml deleted file mode 100644 index b802a27a5..000000000 --- a/tripleo_ansible/roles/backup_and_restore/molecule/default/converge.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - become: true - hosts: all - roles: - - role: backup_and_restore - tripleo_backup_and_restore_server: localhost - tripleo_backup_and_restore_rear_simulate: true - tripleo_backup_and_restore_hiera_config_file: "{{ ansible_user_dir }}/hiera.yaml" diff --git a/tripleo_ansible/roles/backup_and_restore/molecule/default/molecule.yml b/tripleo_ansible/roles/backup_and_restore/molecule/default/molecule.yml deleted file mode 100644 index e3b013ba9..000000000 --- a/tripleo_ansible/roles/backup_and_restore/molecule/default/molecule.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -provisioner: - name: ansible - options: - 'extra-vars': 'tripleo_backup_and_restore_hide_sensitive_logs=false tripleo_backup_and_restore_hiera_config_file="{{ ansible_user_dir }}/hiera.yaml"' - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - name: default - test_sequence: - - destroy - - create - - prepare - - converge - - destroy - - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/backup_and_restore/molecule/default/prepare.yml b/tripleo_ansible/roles/backup_and_restore/molecule/default/prepare.yml deleted file mode 100644 index 0d6b9783a..000000000 --- a/tripleo_ansible/roles/backup_and_restore/molecule/default/prepare.yml +++ /dev/null @@ -1,107 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - become: true - gather_facts: true - pre_tasks: - - name: set basic user fact - set_fact: - ansible_user: "{{ lookup('env', 'USER') }}" - when: - - ansible_user is undefined - - - name: set basic home fact - set_fact: - ansible_user_dir: "{{ lookup('env', 'HOME') }}" - when: - - ansible_user_dir is undefined - - - name: Disable SELinux - selinux: - state: disabled - - roles: - - role: test_deps - test_deps_setup_tripleo: true - test_deps_tripleo_packages: - - hiera - - puppet-tripleo - test_deps_extra_packages: - - rear - - syslinux - - genisoimage - - kbd - - role: env_data - - post_tasks: - - name: Create hiera config file - file: - path: "{{ ansible_user_dir }}/hiera.yaml" - state: touch - - - name: Create hieradata directory - file: - path: "{{ ansible_user_dir }}/hieradata" - state: directory - mode: '0755' - - - name: Insert some data into hiera.yaml - copy: - dest: "{{ ansible_user_dir }}/hiera.yaml" - content: | - --- - :backends: - - json - :json: - :datadir: {{ ansible_user_dir }}/hieradata - :hierarchy: - - service_configs - - - name: Insert some data into service_configs.json - copy: - dest: "{{ ansible_user_dir }}/hieradata/service_configs.json" - content: | - { - "mysql::server::root_password": "password" - } - - - name: pull some images - containers.podman.podman_image: - name: "{{ item }}" - with_items: - - registry.access.redhat.com/ubi9/ubi-minimal - - quay.io/mariadb-foundation/mariadb-devel:10.11 - - - name: Create a data container - containers.podman.podman_container: - name: "{{ item }}" - image: ubi-minimal - state: started - command: sleep 1d - with_items: - - test-container1 - - test-container2 - - - name: Start mysql container - containers.podman.podman_container: - name: mysql - image: quay.io/mariadb-foundation/mariadb-devel:10.11 - state: started - env: - MYSQL_ROOT_PASSWORD: password diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/ceph.yml b/tripleo_ansible/roles/backup_and_restore/tasks/ceph.yml deleted file mode 100644 index 4b5a50666..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/ceph.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Ceph installed with ceph ansible - tags: bar_create_recover_image - when: - - cephadm_ls.stdout is not defined or cephadm_ls.stdout == "[]" - block: - - - name: Set ceph monitor {{ ceph_systemd_state }} - systemd: - state: "{{ ceph_systemd_state }}" - name: "ceph-mon@{{ inventory_hostname }}" - - - name: Set ceph management {{ ceph_systemd_state }} - systemd: - state: "{{ ceph_systemd_state }}" - name: "ceph-mgr@{{ inventory_hostname }}" - - - name: Get the node names of the mds nodes - command: hiera -c '{{ tripleo_backup_and_restore_hiera_config_file }}' 'ceph_mds_short_node_names' - register: bar_ceph_mds_nodes - - - name: Set ceph mds {{ ceph_systemd_state }} - systemd: - state: "{{ ceph_systemd_state }}" - name: "ceph-mds@{{ inventory_hostname }}" - when: - - bar_ceph_mds_nodes.stdout != "nil" - - inventory_hostname in bar_ceph_mds_nodes.stdout - - - name: Get the node names of the rgw nodes - command: hiera -c '{{ tripleo_backup_and_restore_hiera_config_file }}' 'ceph_rgw_short_node_names' - register: bar_ceph_rgw_nodes - - - name: Set ceph rgw {{ ceph_systemd_state }} - command: systemctl start "ceph-radosgw@rgw.{{ inventory_hostname }}.*" - when: - - bar_ceph_rgw_nodes != "nil" - - inventory_hostname in bar_ceph_rgw_nodes.stdout diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/ceph_authentication.yml b/tripleo_ansible/roles/backup_and_restore/tasks/ceph_authentication.yml deleted file mode 100644 index 3913951cb..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/ceph_authentication.yml +++ /dev/null @@ -1,89 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "backup_and_restore" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Stat cephadm file - stat: - path: "{{ tripleo_backup_and_restore_cephadm_path }}" - register: stat_cephadm - become: true - ignore_errors: true - tags: - - bar_create_recover_image - -- name: List Ceph daemon instances on this host - shell: "{{ tripleo_backup_and_restore_cephadm_path }} ls --no-detail" - register: cephadm_ls - become: true - when: stat_cephadm.stat.exists - tags: - - bar_create_recover_image - -- name: Ceph installed with ceph ansible - when: - - cephadm_ls.stdout is not defined or cephadm_ls.stdout == "[]" - tags: bar_create_recover_image - block: - - name: Ensure cephmon container is running - command: "{{ tripleo_container_cli }} {{ tripleo_container_cli_flags }} unpause ceph-mon-{{ inventory_hostname }}" - failed_when: false - - - name: Export ceph authentication - shell: | - set -o pipefail - {{ tripleo_container_cli }} {{ tripleo_container_cli_flags }} exec ceph-mon-{{ inventory_hostname }} \ - bash -c "ceph --cluster {{ tripleo_backup_and_restore_ceph_cluster | default('ceph') }} auth export" - register: bar_ceph_authentication_content - - - name: Save ceph authentication at {{ tripleo_backup_and_restore_ceph_auth_file }} - copy: - dest: "{{ tripleo_backup_and_restore_ceph_auth_file }}" - content: | - {{ bar_ceph_authentication_content.stdout }} - -- name: Ceph installed with cephadm - when: - - cephadm_ls.stdout is defined - - cephadm_ls.stdout != '[]' - tags: bar_create_recover_image - block: - - name: Export ceph authentication - command: | - cephadm shell -k {{ tripleo_backup_and_restore_ceph_admin_keyring }} -- ceph auth export - register: bar_ceph_authentication_content - - - name: Save ceph authentication at {{ tripleo_backup_and_restore_ceph_auth_file }} - copy: - dest: "{{ tripleo_backup_and_restore_ceph_auth_file }}" - content: | - {{ bar_ceph_authentication_content.stdout }} diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/ceph_backup.yml b/tripleo_ansible/roles/backup_and_restore/tasks/ceph_backup.yml deleted file mode 100644 index 689142e89..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/ceph_backup.yml +++ /dev/null @@ -1,90 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "backup_and_restore" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -# The shell command is used because the archive ansible module can not use -# extra flags needed. -- name: Tar and Compress the /var/lib/ceph directory - shell: |- - tar -zcv --xattrs-include=*.* \ - --xattrs \ - --xattrs-include=security.capability \ - --xattrs-include=security.selinux \ - --acls \ - -f {{ tripleo_backup_and_restore_ceph_backup_file }} \ - {{ tripleo_backup_and_restore_ceph_path }} - tags: - - bar_create_recover_image - -- name: Create temporary file - tempfile: - state: directory - suffix: bar - register: tripleo_backup_and_restore_temporary_dir - tags: - - bar_create_recover_image - -- name: Mount nfs shared directory - mount: - path: "{{ tripleo_backup_and_restore_temporary_dir.path }}" - src: "{{ tripleo_backup_and_restore_server }}:{{ tripleo_backup_and_restore_shared_storage_folder }}" - fstype: nfs - opts: rw,noatime - state: mounted - tags: - - bar_create_recover_image - -- name: Copy the backup to the shared directory - copy: - src: "{{ tripleo_backup_and_restore_ceph_backup_file }}" - dest: "{{ tripleo_backup_and_restore_temporary_dir.path }}/{{ ansible_facts['hostname'] }}" - remote_src: true - tags: - - bar_create_recover_image - -- name: Umount nfs shared directory - mount: - path: "{{ tripleo_backup_and_restore_temporary_dir.path }}" - state: unmounted - tags: - - bar_create_recover_image - -- name: Delete the mount point from /etc/fstab - mount: - path: "{{ tripleo_backup_and_restore_temporary_dir.path }}" - src: "{{ tripleo_backup_and_restore_server }}:{{ tripleo_backup_and_restore_shared_storage_folder }}" - fstype: nfs - opts: rw,noatime - state: absent - tags: - - bar_create_recover_image diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/ceph_mgr_stop.yml b/tripleo_ansible/roles/backup_and_restore/tasks/ceph_mgr_stop.yml deleted file mode 100644 index 31dab8da7..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/ceph_mgr_stop.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "backup_and_restore" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Stop ceph management - systemd: - state: stopped - name: "ceph-mgr@{{ ansible_facts['hostname'] }}" - tags: - - bar_create_recover_image diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/ceph_mon_stop.yml b/tripleo_ansible/roles/backup_and_restore/tasks/ceph_mon_stop.yml deleted file mode 100644 index bb527df11..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/ceph_mon_stop.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "backup_and_restore" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Stop ceph monitor - systemd: - state: stopped - name: "ceph-mon@{{ ansible_facts['hostname'] }}" - tags: - - bar_create_recover_image diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/ceph_nfs_stop.yml b/tripleo_ansible/roles/backup_and_restore/tasks/ceph_nfs_stop.yml deleted file mode 100644 index 14816bfd6..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/ceph_nfs_stop.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "backup_and_restore" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Check pacemaker presence - command: type pcs - register: bar_pcs_exits - ignore_errors: true - tags: - - bar_create_recover_image - -- name: Check ceph-nfs presence - shell: | - set -o pipefail - pcs status | grep ceph-nfs | wc -l - register: bar_ceph_nfs_exits - ignore_errors: true - when: bar_pcs_exits is succeeded - tags: - - bar_create_recover_image - -- name: Stop ceph-nfs with pacemaker - shell: | - pcs resource disable ceph-nfs - when: - - bar_pcs_exits is succeeded - - bar_ceph_nfs_exits.stdout!="0" - run_once: true - tags: - - bar_create_recover_image diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/ceph_rgw_stop.yml b/tripleo_ansible/roles/backup_and_restore/tasks/ceph_rgw_stop.yml deleted file mode 100644 index a0c632a91..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/ceph_rgw_stop.yml +++ /dev/null @@ -1,61 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "backup_and_restore" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Check ceph rgw presence - shell: | - set -o pipefail - {{ tripleo_container_cli }} {{ tripleo_container_cli_flags }} ps -a | grep ceph-rgw | wc -l - register: bar_ceph_rgw_exits - ignore_errors: true - tags: - - bar_create_recover_image - -- name: Get the rgw name - shell: | - set -o pipefail - podman ps -a | grep ceph-r | cut -c150- | awk -F- '{print $6}' - register: bar_ceph_rgw_name - when: bar_ceph_rgw_exits.stdout!="0" - tags: - - bar_create_recover_image - -- name: Stop ceph rgw - systemd: - state: stopped - name: "ceph-radosgw@rgw.{{ ansible_facts['hostname'] }}.{{ bar_ceph_rgw_name.stdout }}" - when: - - bar_ceph_rgw_exits.stdout!="0" - - bar_ceph_rgw_name.stdout!="" - tags: - - bar_create_recover_image diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/ceph_start.yml b/tripleo_ansible/roles/backup_and_restore/tasks/ceph_start.yml deleted file mode 100644 index edc2ae4fe..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/ceph_start.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Stat cephadm file - import_tasks: cephadm_stat.yml - -- name: Start ceph with ceph-ansible - import_tasks: ceph.yml - vars: - ceph_systemd_state: started - -- name: Ceph installed with cephadm - when: - - cephadm_ls.stdout is defined - - cephadm_ls.stdout != "[]" - tags: bar_create_recover_image - block: - - - name: Start ceph - systemd: - state: started - name: "ceph.target" - become: true diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/ceph_stop.yml b/tripleo_ansible/roles/backup_and_restore/tasks/ceph_stop.yml deleted file mode 100644 index 0e1a49a4e..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/ceph_stop.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Stat cephadm file - import_tasks: cephadm_stat.yml - -- name: Stop ceph with ceph-ansible - import_tasks: ceph.yml - vars: - ceph_systemd_state: stopped - -- name: Ceph installed with cephadm - when: - - cephadm_ls.stdout is defined - - cephadm_ls.stdout != "[]" - tags: bar_create_recover_image - block: - - - name: Stop ceph\*.service - command: systemctl stop ceph\*.service - become: true - - - name: Stop ceph\*.target - command: systemctl stop ceph\*.target - become: true diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/cephadm_stat.yml b/tripleo_ansible/roles/backup_and_restore/tasks/cephadm_stat.yml deleted file mode 100644 index 93d9fdc23..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/cephadm_stat.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Stat cephadm file - stat: - path: "{{ tripleo_backup_and_restore_cephadm_path }}" - register: stat_cephadm - become: true - ignore_errors: true - tags: - - bar_create_recover_image - -- name: List Ceph daemon instances on this host - shell: "{{ tripleo_backup_and_restore_cephadm_path }} ls --no-detail" - register: cephadm_ls - become: true - when: stat_cephadm.stat.exists - tags: - - bar_create_recover_image diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/db_backup.yml b/tripleo_ansible/roles/backup_and_restore/tasks/db_backup.yml deleted file mode 100644 index f8862bc3f..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/db_backup.yml +++ /dev/null @@ -1,193 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Create a backup for each database into separate files. -- name: Get database root password - command: | - hiera -c '{{ tripleo_backup_and_restore_hiera_config_file }}' 'mysql::server::root_password' - when: mysql_password is undefined - register: mysql_password - no_log: "{{ tripleo_backup_and_restore_hide_sensitive_logs | bool }}" - tags: - - bar_create_recover_image - -- name: Get galera bind_address - command: | - hiera -c '{{ tripleo_backup_and_restore_hiera_config_file }}' 'tripleo::profile::pacemaker::database::mysql::bind_address' - when: tripleo_backup_and_restore_pacemaker_galera_bind_address is undefined - register: tripleo_backup_and_restore_pacemaker_galera_bind_address - tags: - - bar_create_recover_image - -- name: Disable galera when there is no pacemaker mysql bind address - set_fact: - enabled_galera: false - when: tripleo_backup_and_restore_pacemaker_galera_bind_address.stdout == 'nil' - tags: - - bar_create_recover_image - -- name: Enable galera when there is pacemaker mysql bind address - set_fact: - enabled_galera: true - when: tripleo_backup_and_restore_pacemaker_galera_bind_address.stdout != 'nil' - tags: - - bar_create_recover_image - -- name: Ensure pacemaker is running - command: pcs cluster start --all - when: - - enabled_galera - - tripleo_backup_and_restore_service_manager|bool - - not tripleo_backup_and_restore_enable_snapshots|bool - run_once: true - tags: - - bar_create_recover_image - -- name: Ensure the node is back into the cluster - command: pcs cluster start - when: - - enabled_galera - - tripleo_backup_and_restore_enable_snapshots|bool - tags: - - bar_create_recover_image - -- name: Wait until pacemaker has Galera up&running - shell: /var/lib/container-config-scripts/pacemaker_wait_bundle.sh galera galera-bundle Master - when: - - enabled_galera - tags: - - bar_create_recover_image - -- name: Get the mysql container id when galera is enabled - shell: | - set -o pipefail - {{ tripleo_container_cli }} {{ tripleo_container_cli_flags }} ps -q --filter='name=galera' - when: enabled_galera - register: galera_container_id - tags: - - bar_create_recover_image - -- name: Set the tripleo_backup_and_restore_mysql_container id - set_fact: - tripleo_backup_and_restore_mysql_container: "{{ galera_container_id.stdout }}" - when: enabled_galera - tags: - - bar_create_recover_image - -- name: Ensure mysql container is running - command: "{{ tripleo_container_cli }} {{ tripleo_container_cli_flags }} unpause {{ tripleo_backup_and_restore_mysql_container }}" - when: - - mysql_password.stderr is defined - - tripleo_backup_and_restore_mysql_container == "mysql" - - not enabled_galera - - tripleo_backup_and_restore_service_manager|bool - failed_when: false - tags: - - bar_create_recover_image - -- name: Galera desync the MySQL node - shell: | - set -o pipefail - {{ tripleo_container_cli }} {{ tripleo_container_cli_flags }} exec {{ tripleo_backup_and_restore_mysql_container }} bash -c "mysql -p -u root \ - -p{{ mysql_password.stdout }} --execute 'SET GLOBAL wsrep_desync = ON'" - register: desync_output - retries: "{{ tripleo_backup_and_restore_galera_retries }}" - delay: "{{ tripleo_backup_and_restore_galera_delay }}" - until: desync_output.stderr == "" or '"WARN" in desync_output.stderr' - when: - - mysql_password.stderr is defined - - enabled_galera - - tripleo_backup_and_restore_enable_snapshots|bool or not tripleo_backup_and_restore_service_manager|bool - tags: - - bar_create_recover_image - no_log: "{{ tripleo_backup_and_restore_hide_sensitive_logs | bool }}" - -- name: MySQL BBDDs backup - shell: | - set -o pipefail - {{ tripleo_container_cli }} {{ tripleo_container_cli_flags }} exec {{ tripleo_backup_and_restore_mysql_container }} bash -c "mysqldump -uroot -p{{ mysql_password.stdout }} --opt --all-databases" > {{ tripleo_backup_and_restore_mysql_backup_file }} - when: - - mysql_password.stderr is defined - - not enabled_galera - tags: - - bar_create_recover_image - no_log: "{{ tripleo_backup_and_restore_hide_sensitive_logs | bool }}" - -- name: Galera Grants backup - shell: | - set -o pipefail - {{ tripleo_container_cli }} {{ tripleo_container_cli_flags }} exec {{ tripleo_backup_and_restore_mysql_container }} bash -c "mysql -uroot \ - -p{{ mysql_password.stdout }} -s -N \ - -e \"SELECT CONCAT('\\\"SHOW GRANTS FOR ''',user,'''@''',host,''';\\\"') \ - FROM mysql.user where (length(user) > 0 and \ - (Host = 'localhost' or Host='%' or IS_IPV4(Host) or IS_IPV6(Host)))\" | xargs -n1 mysql \ - -uroot -p{{ mysql_password.stdout }} -s -N -e | sed 's/$/;/' " > {{ tripleo_backup_and_restore_mysql_grants_file }} - when: - - mysql_password.stderr is defined - - enabled_galera - tags: - - bar_create_recover_image - no_log: "{{ tripleo_backup_and_restore_hide_sensitive_logs | bool }}" - -- name: Galera BBDDs backup - shell: | - set -o pipefail - {{ tripleo_container_cli }} {{ tripleo_container_cli_flags }} exec {{ tripleo_backup_and_restore_mysql_container }} bash -c "mysql -uroot \ - -p{{ mysql_password.stdout }} -s -N \ - -e \"select distinct table_schema from information_schema.tables \ - where engine='innodb' and table_schema != 'mysql';\" | xargs mysqldump -uroot \ - -p{{ mysql_password.stdout }} --single-transaction --databases" > {{ tripleo_backup_and_restore_mysql_backup_file }} - when: - - mysql_password.stderr is defined - - enabled_galera - tags: - - bar_create_recover_image - no_log: "{{ tripleo_backup_and_restore_hide_sensitive_logs | bool }}" - -- name: Galera sync the MySQL node - shell: | - set -o pipefail - {{ tripleo_container_cli }} {{ tripleo_container_cli_flags }} exec {{ tripleo_backup_and_restore_mysql_container }} bash -c "mysql -p -u root \ - -p{{ mysql_password.stdout }} --execute 'SET GLOBAL wsrep_desync = OFF'" - when: - - mysql_password.stderr is defined - - enabled_galera - - tripleo_backup_and_restore_enable_snapshots|bool or not tripleo_backup_and_restore_service_manager|bool - tags: - - bar_create_recover_image - no_log: "{{ tripleo_backup_and_restore_hide_sensitive_logs | bool }}" - -- name: Pause mysql. - command: "{{ tripleo_container_cli }} {{ tripleo_container_cli_flags }} pause {{ tripleo_backup_and_restore_mysql_container }}" - when: - - mysql_password.stderr is defined - - tripleo_backup_and_restore_mysql_container == "mysql" - - not enabled_galera - - tripleo_backup_and_restore_service_manager|bool - - not tripleo_backup_and_restore_enable_snapshots|bool - failed_when: false - tags: - - bar_create_recover_image - -- name: Stop pacemaker - command: pcs cluster stop --all - when: - - enabled_galera - - tripleo_backup_and_restore_service_manager|bool - - not tripleo_backup_and_restore_enable_snapshots|bool - run_once: true - tags: - - bar_create_recover_image diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/main.yml b/tripleo_ansible/roles/backup_and_restore/tasks/main.yml deleted file mode 100644 index 7ef427503..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/main.yml +++ /dev/null @@ -1,111 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# "backup_and_restore" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Getting enabled_services - command: | - puppet lookup --explain enabled_services - register: tripleo_backup_and_restore_enabled_services - tags: - - bar_create_recover_image - -- name: Set pacemaker variable as false by default - set_fact: - pacemaker_enabled: false - tags: - - bar_create_recover_image - -- name: Check pacemaker status - block: - - name: - command: | - pcs status - register: pacemaker_result - failed_when: - - '"error running crm_mon" not in pacemaker_result.stderr' - - pacemaker_result.stderr| length > 0 - - - name: Set pacemaker variable - set_fact: - pacemaker_enabled: "{{ pacemaker_result.rc == 0| ternary(true,false) }}" - when: tripleo_backup_and_restore_enabled_services.stdout is search('pacemaker') - tags: - - bar_create_recover_image - -- name: Setup NFS server - import_tasks: setup_nfs.yml - -- name: Setup ReaR - import_tasks: setup_rear.yml - -- name: Service management - import_tasks: service_manager_pause.yml - when: - - tripleo_backup_and_restore_service_manager|bool - - not tripleo_backup_and_restore_enable_snapshots|bool - -- name: Backup the database - import_tasks: db_backup.yml - when: "'mysql' in tripleo_backup_and_restore_enabled_services.stdout" - -- name: Backup pacemaker configuration - import_tasks: pacemaker_backup.yml - when: pacemaker_enabled - -- name: Perform backup - block: - - name: Stop ceph services - import_tasks: ceph_stop.yml - when: - - tripleo_backup_and_restore_ceph_mon_role in groups - - inventory_hostname in groups[tripleo_backup_and_restore_ceph_mon_role] - - - name: Create recovery images with ReaR - import_tasks: run_backup.yml - always: - - name: Service management - import_tasks: service_manager_unpause.yml - when: - - tripleo_backup_and_restore_service_manager|bool - - not tripleo_backup_and_restore_enable_snapshots|bool - - - name: Pacemaker management - import_tasks: pacemaker_start.yml - when: - - pacemaker_enabled - - tripleo_backup_and_restore_enable_snapshots|bool - - - name: Start ceph services - import_tasks: ceph_start.yml - when: - - tripleo_backup_and_restore_ceph_mon_role in groups - - inventory_hostname in groups[tripleo_backup_and_restore_ceph_mon_role] diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/pacemaker_backup.yml b/tripleo_ansible/roles/backup_and_restore/tasks/pacemaker_backup.yml deleted file mode 100644 index c13d7ee8e..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/pacemaker_backup.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -- name: Delete previous backup files if exists - file: - path: "{{ item }}" - state: absent - with_items: - - pacemaker_backup.tar.bz2 - - cib.xml - when: pacemaker_enabled - tags: - - bar_create_recover_image - -- name: Backup the pacemaker configuration - shell: | - set -o pipefail - pcs cluster cib cib.xml - pcs config backup pacemaker_backup - when: pacemaker_enabled - tags: - - bar_create_recover_image diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/pacemaker_start.yml b/tripleo_ansible/roles/backup_and_restore/tasks/pacemaker_start.yml deleted file mode 100644 index a73db8f31..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/pacemaker_start.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Start again pacemaker -- name: Add the node to the pacemaker cluster - command: pcs cluster start - tags: - - bar_create_recover_image - -- name: Read Services running on the host - command: hiera -c '{{ tripleo_backup_and_restore_hiera_config_file }}' 'service_names' - register: bar_services_enabled - tags: - - bar_create_recover_image - -- name: Read the servives out as json - set_fact: - bar_services_enabled_json: "{{ bar_services_enabled.stdout | from_json }}" - when: - - bar_services_enabled is defined - - bar_services_enabled != '' - tags: - - bar_create_recover_image - -- name: Wait until pacemaker has Galera up&running - shell: /var/lib/container-config-scripts/pacemaker_wait_bundle.sh galera galera-bundle Master - when: - - bar_services_enabled is defined - - "'mysql' in bar_services_enabled_json" - tags: - - bar_create_recover_image diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/restore_node.yml b/tripleo_ansible/roles/backup_and_restore/tasks/restore_node.yml deleted file mode 100644 index f487df049..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/restore_node.yml +++ /dev/null @@ -1,152 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Get the name of the node - environment: - OS_CLOUD: undercloud - command: metalsmith -f value -c Hostname show {{ tripleo_backup_and_restore_overcloud_restore_name }} - register: instance_name - tags: - - bar_restore_image - -- name: Get metalsmith instance informartion - environment: - OS_CLOUD: undercloud - command: metalsmith -f json show {{ instance_name.stdout }} - register: instance_information - tags: - - bar_restore_image - -- name: Parse instance informatation - set_fact: - instance_information_json: "{{ instance_information.stdout | from_json }}" - tags: - - bar_restore_image - -- name: Get node name - set_fact: - node_name: "{{ instance_information_json[instance_name.stdout]['node']['name'] }}" - node_hostname: "{{ instance_name.stdout }}" - tags: - - bar_restore_image - -- name: Set kernel and initrd - set_fact: - restore_kernel: "{{ (backup_and_restore_history_path == '') | ternary(node_hostname, backup_and_restore_history_path+'/'+node_hostname) + '.kernel' }}" - restore_initrd: "{{ (backup_and_restore_history_path == '') | ternary(node_hostname, backup_and_restore_history_path+'/'+node_hostname) + '.initrd.cgz' }}" - tags: - - bar_restore_image - -- name: Power off node - environment: - OS_CLOUD: undercloud - command: openstack baremetal node power off {{ node_name }} - tags: - - bar_restore_image - -- name: Set node in maintenance - environment: - OS_CLOUD: undercloud - command: openstack baremetal node maintenance set {{ node_name }} - tags: - - bar_restore_image - -- name: Change node settings - environment: - OS_CLOUD: undercloud - command: openstack baremetal node set \ - --instance-info kernel=file://{{ tripleo_backup_and_restore_ironic_images_path }}/{{ restore_kernel }} \ - --instance-info ramdisk=file://{{ tripleo_backup_and_restore_ironic_images_path }}/{{ restore_initrd }} \ - --instance-info kernel_append_params="unattended" \ - --deploy-interface ramdisk \ - {{ node_name }} - tags: - - bar_restore_image - -- name: Unset node from maintenance - environment: - OS_CLOUD: undercloud - command: openstack baremetal node maintenance unset {{ node_name }} - tags: - - bar_restore_image - -- name: Rebuild node - environment: - OS_CLOUD: undercloud - command: openstack baremetal node rebuild {{ node_name }} - tags: - - bar_restore_image - -- name: Wait node is active - environment: - OS_CLOUD: undercloud - command: openstack baremetal node show {{ node_name }} --fields provision_state -f value - register: node_provision_state - retries: "{{ tripleo_backup_and_restore_restore_retries }}" - until: node_provision_state.stdout == 'active' - delay: "{{ tripleo_backup_and_restore_restore_delay }}" - tags: - - bar_restore_image - -- name: Wait node is power off - environment: - OS_CLOUD: undercloud - command: openstack baremetal node show {{ node_name }} --fields power_state -f value - register: node_power_status - retries: "{{ tripleo_backup_and_restore_restore_retries }}" - until: '"off" in node_power_status.stdout' - delay: "{{ tripleo_backup_and_restore_restore_delay }}" - tags: - - bar_restore_image - -- name: Set node to maintenance - environment: - OS_CLOUD: undercloud - command: openstack baremetal node maintenance set {{ node_name }} - tags: - - bar_restore_image - -- name: Change back configuration node - environment: - OS_CLOUD: undercloud - command: openstack baremetal node set \ - --instance-info kernel="file://{{ tripleo_backup_and_restore_ironic_images_path }}/overcloud-full.vmlinuz" \ - --instance-info ramdisk="file://{{ tripleo_backup_and_restore_ironic_images_path }}/overcloud-full.initrd" \ - --deploy-interface direct \ - {{ node_name }} - tags: - - bar_restore_image - -- name: Change boot device to disk - environment: - OS_CLOUD: undercloud - command: openstack baremetal node boot device set {{ node_name }} disk - tags: - - bar_restore_image - -- name: Unset maintenance from node - environment: - OS_CLOUD: undercloud - command: openstack baremetal node maintenance unset {{ node_name }} - tags: - - bar_restore_image - -- name: Power on instance - environment: - OS_CLOUD: undercloud - command: openstack baremetal node power on {{ node_name }} - tags: - - bar_restore_image diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/run_backup.yml b/tripleo_ansible/roles/backup_and_restore/tasks/run_backup.yml deleted file mode 100644 index c7ec32a71..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/run_backup.yml +++ /dev/null @@ -1,89 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "backup_and_restore" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Take this node out of pacemaker - command: pcs cluster stop --request-timeout={{ tripleo_backup_and_restore_pcs_timeout }} - when: - - tripleo_backup_and_restore_enabled_services.stdout is search('pacemaker') - - pacemaker_enabled - - tripleo_backup_and_restore_enable_snapshots|bool - tags: - - bar_create_recover_image - -- name: Tasks in case historical backups are activated - block: - - name: Get date and time to add to the backup prefix - command: "date +\"{{ tripleo_backup_and_restore_date_argument }}\"" - register: bar_timestamp - - - name: Modify on LOG_FILE on /etc/rear/local.conf - lineinfile: - path: /etc/rear/local.conf - regexp: "^LOGFILE.*" - line: LOGFILE="$LOG_DIR/rear-$HOSTNAME-{{ bar_timestamp.stdout }}.log" - - - name: Configuring /etc/rear/local.conf - replace: - path: /etc/rear/local.conf - regexp: "^{{ item }}.*" - replace: "{{ item }}=$HOSTNAME-{{ bar_timestamp.stdout }}" - loop: - - ISO_PREFIX - - BACKUP_PROG_ARCHIVE - - OUTPUT_PREFIX_PXE - when: tripleo_backup_and_restore_historical | bool - tags: - - bar_create_recover_image - -- name: Create the node backup - command: rear {{ (tripleo_backup_and_restore_rear_simulate | bool) | ternary('-s ', '') }}-d -v mkbackup - register: tripleo_backup_and_restore_rear_output - when: tripleo_backup_and_restore_rear_output is undefined - tags: - - bar_create_recover_image - -- name: Display ReaR recovery image creation output - debug: - var: tripleo_backup_and_restore_rear_output - tags: - - bar_create_recover_image - -- name: Clean old backups - shell: | - set -o pipefail - rm -rf /tmp/rear.* || true - rm -rf /var/lib/rear/output/* - failed_when: false - tags: - - bar_create_recover_image diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/service_manager_pause.yml b/tripleo_ansible/roles/backup_and_restore/tasks/service_manager_pause.yml deleted file mode 100644 index 9383e6b8c..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/service_manager_pause.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Call to podman to list running containers then commit all state to -# disk. Once services state has been flushed dump the database then allow -# the backup to start. - -- name: Get Container cli - command: hiera -c /etc/puppet/hiera.yaml container_cli - register: tripleo_backup_and_restore_container_cli - changed_when: tripleo_backup_and_restore_container_cli.stdout is undefined - tags: - - bar_create_recover_image - -- name: set tripleo_container_cli - set_fact: - tripleo_container_cli: "{{ tripleo_backup_and_restore_container_cli.stdout }}" - when: - - tripleo_backup_and_restore_container_cli.stdout != 'nil' - tags: - - bar_create_recover_image - -- name: Gather Container Service Name - shell: | - set -o pipefail - /usr/bin/{{ tripleo_container_cli }} ps --format '{{ '{{' }}.Names {{ '}}' }} ' | /usr/bin/egrep -v 'galera|mysql|bundle' - register: container_services - changed_when: container_services.stdout is undefined - failed_when: false - tags: - - bar_create_recover_image - -- name: Pause containers for database backup. - command: "{{ tripleo_container_cli }} pause {{ item }}" - with_items: "{{ container_services.stdout_lines }}" - when: container_services is defined - tags: - - bar_create_recover_image diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/service_manager_unpause.yml b/tripleo_ansible/roles/backup_and_restore/tasks/service_manager_unpause.yml deleted file mode 100644 index 7e24db6c7..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/service_manager_unpause.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Call to podman to list running containers then commit all state to -# disk. Once services state has been flushed dump the database then allow -# the backup to start. - -- name: Enable pacemaker - command: pcs cluster start --all - when: enabled_galera - run_once: true - tags: - - bar_create_recover_image - -- name: unPause database container - command: "{{ tripleo_container_cli }} {{ tripleo_container_cli_flags }} unpause {{ tripleo_backup_and_restore_mysql_container }}" - when: - - tripleo_container_cli is defined - - not enabled_galera - - tripleo_backup_and_restore_mysql_container is defined - tags: - - bar_create_recover_image - -- name: Gather Container Service Name - shell: | - set -o pipefail - /usr/bin/{{ tripleo_container_cli }} {{ tripleo_container_cli_flags }} ps -a --filter='status=paused' --format '{{ '{{' }}.Names {{ '}}' }} ' - register: container_services - changed_when: container_services.stdout is defined - tags: - - bar_create_recover_image - -- name: unPause containers - command: "{{ tripleo_container_cli }} {{ tripleo_container_cli_flags }} unpause {{ item }}" - with_items: "{{ container_services.stdout_lines }}" - when: tripleo_container_cli is defined - tags: - - bar_create_recover_image diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/setup_cron_overcloud.yml b/tripleo_ansible/roles/backup_and_restore/tasks/setup_cron_overcloud.yml deleted file mode 100644 index 7d1b5bac3..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/setup_cron_overcloud.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Program cron tasks -- name: Program a backup cron task for the overcloud - lineinfile: - path: /etc/cron.d/overcloud-backup - regexp: "bash -c" - line: "{{ tripleo_backup_and_restore_cron }} {{ tripleo_backup_and_restore_cron_user }} bash -c 'source /home/stack/stackrc && /usr/bin/openstack overcloud backup {{ tripleo_backup_and_restore_cron_extra }} > /tmp/overcloud-backup.log'" - create: true diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/setup_cron_undercloud.yml b/tripleo_ansible/roles/backup_and_restore/tasks/setup_cron_undercloud.yml deleted file mode 100644 index b4ff5b82e..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/setup_cron_undercloud.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Program cron tasks -- name: Program a backup cron task for the undercloud - lineinfile: - path: /etc/cron.d/undercloud-backup - regexp: "bash -c" - line: "{{ tripleo_backup_and_restore_cron }} {{ tripleo_backup_and_restore_cron_user }} bash -c 'source /home/stack/stackrc && /usr/bin/openstack undercloud backup {{ tripleo_backup_and_restore_cron_extra }} > /tmp/undercloud-backup.log'" - create: true diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/setup_nfs.yml b/tripleo_ansible/roles/backup_and_restore/tasks/setup_nfs.yml deleted file mode 100644 index a0b029dab..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/setup_nfs.yml +++ /dev/null @@ -1,145 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "backup_and_restore" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Install required packages for the NFS server - package: - name: "{{ tripleo_backup_and_restore_nfs_packages }}" - state: present - tags: - - bar_setup_nfs_server - -- name: Allow NFS connections port 111. - iptables: - action: insert - rule_num: '1' - chain: INPUT - ctstate: NEW - protocol: tcp - destination_port: '111' - jump: ACCEPT - comment: Accept new NFS connections (111). - tags: - - bar_setup_nfs_server - -- name: Allow NFS connections port 2049. - iptables: - action: insert - rule_num: '1' - chain: INPUT - ctstate: NEW - protocol: tcp - destination_port: '2049' - jump: ACCEPT - comment: Accept new NFS connections (2049). - tags: - - bar_setup_nfs_server - -- name: Gather status of services running on the system - service_facts: - register: services_state - ignore_errors: true - tags: - - bar_setup_nfs_server - -- name: Open ports in firewalld - block: - - name: Allow NFS port 111 in the firewall - firewalld: - port: 111/tcp - permanent: true - immediate: true - state: enabled - zone: "{{ tripleo_backup_and_restore_firewalld_zone }}" - - - name: Allow NFS port 2049 in the firewall - firewalld: - port: 2049/tcp - permanent: true - immediate: true - state: enabled - zone: "{{ tripleo_backup_and_restore_firewalld_zone }}" - when: > - services_state is defined and - services_state.ansible_facts.services['firewalld.service'] is defined and - services_state.ansible_facts.services['firewalld.service'].state == "running" - tags: - - bar_setup_nfs_server - -- name: Enable the NFS service in the NFS server - systemd: - name: nfs-server - enabled: true - tags: - - bar_setup_nfs_server - -- name: Create backup folder in the NFS server - file: - path: "{{ tripleo_backup_and_restore_shared_storage_folder }}" - state: directory - mode: '0777' - tags: - - bar_setup_nfs_server - -- name: Create backup subfolders in the NFS server - file: - path: "{{ tripleo_backup_and_restore_shared_storage_folder }}/{{ item }}" - state: directory - mode: '0777' - with_items: - - "{{ tripleo_backup_and_restore_shared_storage_subfolders }}" - tags: - - bar_setup_nfs_server - -- name: Get the lines - set_fact: - bar_exportfs_lines: "{% for net in tripleo_backup_and_restore_clients_nets %}\ - {{ tripleo_backup_and_restore_shared_storage_folder }} {{ net }}(rw,sync,no_root_squash,no_subtree_check)\n{% endfor %}" - tags: - - bar_setup_nfs_server - -- name: NFS - blockinfile: - path: /etc/exports - block: "{{bar_exportfs_lines}}" - backup: true - marker: "# {mark} ANSIBLE MANAGED BLOCK {{ tripleo_backup_and_restore_shared_storage_folder }}" - tags: - - bar_setup_nfs_server - -- name: Reload the NFS service - systemd: - name: nfs-server - state: reloaded - tags: - - bar_setup_nfs_server diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/setup_rear.yml b/tripleo_ansible/roles/backup_and_restore/tasks/setup_rear.yml deleted file mode 100644 index 5568abca9..000000000 --- a/tripleo_ansible/roles/backup_and_restore/tasks/setup_rear.yml +++ /dev/null @@ -1,241 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "backup_and_restore" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Check if EFI directory exists - stat: - path: /sys/firmware/efi - register: efi_dir - tags: - - bar_setup_rear - - bar_create_recover_image - -- name: Install required packages for ReaR - package: - name: "{{ tripleo_backup_and_restore_rear_packages }}" - state: present - tags: - - bar_setup_rear - -- name: Install required packages if the OS is booting with UEFI - package: - name: "{{ tripleo_backup_and_restore_uefi_packages }}" - state: present - when: efi_dir.stat.exists - tags: - - bar_setup_rear - -- name: Remove ReaR rpm default cron programming - file: - path: /etc/cron.d/rear - state: absent - when: tripleo_backup_and_restore_remove_default_cronjob | bool - tags: - - bar_setup_rear - -- name: Get local hostname - command: hostname - register: tripleo_backup_and_restore_hostname - when: tripleo_backup_and_restore_hostname is undefined - tags: - - bar_setup_rear - -- name: Set bootstrap nodeid - register: tripleo_backup_and_restore_bootstrap_nodeid - command: | - hiera -c {{ tripleo_backup_and_restore_hiera_config_file }} 'mysql_short_bootstrap_node_name' - tags: - - bar_setup_rear - -- name: List enabled services by node - register: tripleo_backup_and_restore_enabled_services - command: | - hiera -c {{ tripleo_backup_and_restore_hiera_config_file }} 'service_names' - tags: - - bar_setup_rear - -- name: Calculate exclude paths - set_fact: - tripleo_backup_and_restore_exclude_paths: - - "{{ tripleo_backup_and_restore_exclude_paths_common }}" - - "{{ (tripleo_backup_and_restore_enabled_services.stdout is search('nova_compute')) | - ternary(tripleo_backup_and_restore_exclude_paths_compute, []) }}" - - "{{ (tripleo_backup_and_restore_bootstrap_nodeid.stdout != tripleo_backup_and_restore_hostname.stdout and - tripleo_backup_and_restore_enabled_services.stdout is search('pacemaker') and - tripleo_backup_and_restore_enabled_services.stdout is search('mysql') and - tripleo_backup_and_restore_exclude_paths_controller_non_bootstrapnode|bool) | - ternary(tripleo_backup_and_restore_exclude_paths_controller, []) }}" - tags: - - bar_setup_rear - -- name: Check backup server IP - command: ping -c 1 '{{ tripleo_backup_and_restore_server }}' - when: not (tripleo_backup_and_restore_skip_server_test | bool) - tags: - - bar_setup_rear - -- name: Generate ReaR config file - template: - src: local.conf.j2 - dest: /etc/rear/local.conf - owner: root - group: root - mode: '0644' - backup: true - tags: - - bar_setup_rear - -- name: Generate ReaR rescue file - template: - src: rescue.conf.j2 - dest: /etc/rear/rescue.conf - owner: root - group: root - mode: '0644' - backup: true - tags: - - bar_setup_rear - -- name: Set USING_UEFI_BOOTLOADER parameter - lineinfile: - path: /etc/rear/local.conf - regexp: "USING_UEFI_BOOTLOADER" - line: "{{ efi_dir.stat.exists | ternary('USING_UEFI_BOOTLOADER=1', 'USING_UEFI_BOOTLOADER=0') }}" - create: false - tags: - - bar_setup_rear - -- name: Delete the encrypt key line if encrypted backup is disabled - lineinfile: - path: /etc/rear/local.conf - regexp: "BACKUP_PROG_CRYPT_KEY" - state: absent - when: - - tripleo_backup_and_restore_local_config is defined - - tripleo_backup_and_restore_local_config["BACKUP_PROG_CRYPT_ENABLED"] is defined - - not (tripleo_backup_and_restore_local_config["BACKUP_PROG_CRYPT_ENABLED"] | bool) - tags: - - bar_setup_rear - -- name: Load rear config - slurp: - src: /etc/rear/local.conf - register: rear_config - tags: - - bar_setup_rear - -- name: Extract OUTPUT_URL from rear config - set_fact: - output_url: "{{ ('OUTPUT_URL' in tripleo_backup_and_restore_local_config.keys())| ternary(tripleo_backup_and_restore_local_config['OUTPUT_URL'],'') }}" - tags: - - bar_setup_rear - -- name: Check if this is a SFTP backup - set_fact: - sftp_backup: "{{ output_url is search ('sftp://') }}" - tags: - - bar_setup_rear - -- name: Extract the SFTP hostname - set_fact: - sftp_host: "{{ output_url | regex_search('(?<=@)(.*?)(?=/)') }}" - when: sftp_backup - tags: - - bar_setup_rear - -- name: Retrieve host ssh fingerprint - shell: "ssh-keyscan -H {{ sftp_host }} >> ~/.ssh/known_hosts" - when: sftp_backup - tags: - - bar_setup_rear - -- name: Is this machine a ceph node? - stat: - path: /var/lib/ceph - register: varlibceph_dir - tags: - - bar_setup_rear - -- name: Get the directory where /var/lib/ceph is mounted on - shell: | - set -o pipefail - df /var/lib/ceph | grep -v Filesystem | awk '{print $6}' - register: tripleo_backup_and_restore_ceph_dir - when: varlibceph_dir.stat.exists - tags: - - bar_setup_rear - -- name: Get the device where /var/lib/ceph is mounted on - shell: | - set -o pipefail - df /var/lib/ceph | grep -v Filesystem | awk '{print $1}' - register: tripleo_backup_and_restore_ceph_device - when: varlibceph_dir.stat.exists - tags: - - bar_setup_rear - -- name: Get the filesystem format of the device where /var/lib/ceph is mounted on - shell: | - set -o pipefail - grep {{ tripleo_backup_and_restore_ceph_device.stdout }} /etc/mtab | grep '{{ tripleo_backup_and_restore_ceph_dir.stdout }} ' | awk '{print $3}' - register: tripleo_backup_and_restore_ceph_device_format - when: varlibceph_dir.stat.exists - tags: - - bar_setup_rear - -- name: Program a script that will trigger during restore backuping /var/lib/ceph if it exists just before restore - copy: - dest: /usr/share/rear/setup/default/011_backup_ceph.sh - content: | - echo "Taking a fresh ceph data backup if this controller has co-located cephs" - mount -t {{ tripleo_backup_and_restore_ceph_device_format.stdout }} {{ tripleo_backup_and_restore_ceph_device.stdout }} /mnt/local - cd /mnt/local - [ -d "lib/ceph" ] && tar cvfz /tmp/ceph.tar.gz lib/ceph --xattrs --xattrs-include='*.*' --acls - cd / - umount {{ tripleo_backup_and_restore_ceph_device.stdout }} - when: varlibceph_dir.stat.exists - tags: - - bar_setup_rear - -- name: Program a script that will trigger during restoration to restore /var/lib/ceph backup after a full recovery - copy: - dest: /usr/share/rear/wrapup/default/501_restore_ceph.sh - content: | - echo "Restoring ceph backup if it exists" - if [ -f "/tmp/ceph.tar.gz" ]; then - rm -rf /mnt/local/lib/ceph/* - tar xvC /mnt/local -f /tmp/ceph.tar.gz lib/ceph --xattrs --xattrs-include='*.*' - fi - when: varlibceph_dir.stat.exists - tags: - - bar_setup_rear diff --git a/tripleo_ansible/roles/backup_and_restore/templates/local.conf.j2 b/tripleo_ansible/roles/backup_and_restore/templates/local.conf.j2 deleted file mode 100644 index f16d4a01b..000000000 --- a/tripleo_ansible/roles/backup_and_restore/templates/local.conf.j2 +++ /dev/null @@ -1,17 +0,0 @@ -# This configuration file is generated automatically -# by the backup_and_restore role part of TripleO -# Ansible. Do not edit this file, all changes -# will be lost. Refer to the following URL for -# more information and implementation details: -# https://opendev.org/openstack/tripleo-ansible - -export TMPDIR="${TMPDIR-/var/tmp}" -{% for item in (tripleo_backup_and_restore_local_config | dict2items) %} -{{ item.key }}={{ item.value }} -{% endfor %} -{% if tripleo_backup_and_restore_network_preparation_commands != '()' %} -NETWORKING_PREPARATION_COMMANDS={{ tripleo_backup_and_restore_network_preparation_commands }} -{% endif %} -BACKUP_PROG_OPTIONS+=( --anchored --xattrs-include='*.*' --xattrs ) -BACKUP_PROG_EXCLUDE=( {{ tripleo_backup_and_restore_exclude_paths | sum(start=[]) | map('quote') | join(' ') }} ) -EXCLUDE_RECREATE+=( "/dev/cinder-volumes" ) diff --git a/tripleo_ansible/roles/backup_and_restore/templates/rescue.conf.j2 b/tripleo_ansible/roles/backup_and_restore/templates/rescue.conf.j2 deleted file mode 100644 index 156a56289..000000000 --- a/tripleo_ansible/roles/backup_and_restore/templates/rescue.conf.j2 +++ /dev/null @@ -1,11 +0,0 @@ -# This configuration file is generated automatically -# by the backup_and_restore role part of TripleO -# Ansible. Do not edit this file, all changes -# will be lost. Refer to the following URL for -# more information and implementation details: -# https://opendev.org/openstack/tripleo-ansible - -BACKUP_PROG_OPTIONS+=( --anchored --xattrs-include='*.*' --xattrs ) -{% for item in (tripleo_backup_and_restore_rescue_config | dict2items) %} -{{ item.key }}={{ item.value }} -{% endfor %} diff --git a/tripleo_ansible/roles/backup_and_restore/vars/redhat.yml b/tripleo_ansible/roles/backup_and_restore/vars/redhat.yml deleted file mode 100644 index 1d8509ba0..000000000 --- a/tripleo_ansible/roles/backup_and_restore/vars/redhat.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "tripleo_{{ role_name | replace('-', '_') }}" - -tripleo_backup_and_restore_rear_packages: - - rear - - syslinux - - xorriso - - nfs-utils - - lftp - - grub2-tools-extra -tripleo_backup_and_restore_nfs_packages: - - nfs-utils -tripleo_backup_and_restore_uefi_packages: - - dosfstools - - efibootmgr - - grub2-efi-x64-modules diff --git a/tripleo_ansible/roles/designate_bind_config/defaults/main.yml b/tripleo_ansible/roles/designate_bind_config/defaults/main.yml deleted file mode 100644 index ad9ae2326..000000000 --- a/tripleo_ansible/roles/designate_bind_config/defaults/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -designate_named_conf_path: '/var/lib/config-data/ansible-generated/designate/etc' -designate_worker_node_ips: [] -designate_bind_enable_query_logging: false diff --git a/tripleo_ansible/roles/designate_bind_config/meta/main.yml b/tripleo_ansible/roles/designate_bind_config/meta/main.yml deleted file mode 100644 index 5a417ad51..000000000 --- a/tripleo_ansible/roles/designate_bind_config/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- designate_bind_pool - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -# dependencies: diff --git a/tripleo_ansible/roles/designate_bind_config/molecule/default/converge.yml b/tripleo_ansible/roles/designate_bind_config/molecule/default/converge.yml deleted file mode 100644 index e7a330671..000000000 --- a/tripleo_ansible/roles/designate_bind_config/molecule/default/converge.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: designate_bind_config - vars: - designate_named_conf_path: "/etc" - designate_rndc_key: "dummy-rndc-key" - rndc_allowed_addresses: ["172.17.2.0/24"] - tripleo_dns_listen_interfaces: ["172.168.10.99"] - designate_worker_node_ips: ["10.0.0.5", "10.0.0.6", "10.0.0.7"] diff --git a/tripleo_ansible/roles/designate_bind_config/molecule/default/molecule.yml b/tripleo_ansible/roles/designate_bind_config/molecule/default/molecule.yml deleted file mode 100644 index 20d7e2005..000000000 --- a/tripleo_ansible/roles/designate_bind_config/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/designate_bind_config/molecule/default/prepare.yml b/tripleo_ansible/roles/designate_bind_config/molecule/default/prepare.yml deleted file mode 100644 index 037d015f5..000000000 --- a/tripleo_ansible/roles/designate_bind_config/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/designate_bind_config/tasks/configure_interfaces.yml b/tripleo_ansible/roles/designate_bind_config/tasks/configure_interfaces.yml deleted file mode 100644 index b1b8aab05..000000000 --- a/tripleo_ansible/roles/designate_bind_config/tasks/configure_interfaces.yml +++ /dev/null @@ -1,91 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Find the interface for the public API network - tripleo_findif_for_ip: - ip_address: "{{ lookup('vars', tripleo_designate_bind_network + '_ip') }}" - register: - _public_api_interface - -# Using ifup-local to ensure the IP address is always set follows a pattern used -# for resetting VF counts used in the SR-IOV support. The file shouldn't be -# wiped clean because it may be being used for other things (e.g. SR-IOV) -- name: create ifup-local if it doesn't exist - become: true - lineinfile: - create: true - path: "/sbin/ifup-local" - state: present - line: "#!/bin/bash" - insertbefore: BOF - mode: 0755 - -# The following two blocks set the IP on the interface and add a line to -# ifup-local to make sure the IP persists through reboots or ifup/ifdown -# cycles. The comment at the end of the line in ifup-local serves as an anchor -# to the regexp parameter to lineinfile. These will have to be modified when -# moving to NetworkManager only environments. -- name: If specified, have the dns service listen on a different IP (version 4) - when: - - tripleo_dns_listen_interfaces[0]|ipv4 - - (_public_api_interface.interface is defined) and (_public_api_interface.interface|length > 0) - become: true - block: - - name: Check if the address is already on the device. - shell: "ip -o addr show dev {{ _public_api_interface.interface }} | grep {{ tripleo_dns_listen_interfaces[0] }}" - failed_when: false - register: - _current_addr_search - - - name: Set the unbound additional IPv4 address on the required device. - command: "ip addr add {{ tripleo_dns_listen_interfaces[0] }}/32 dev {{ _public_api_interface.interface }}" - when: - _current_addr_search.rc == 1 - - - name: Add line to ifup-local to make sure unbound's listen IPv4 address is set on restart - become: true - lineinfile: - path: "/sbin/ifup-local" - line: '[ "{{ _public_api_interface.interface }}" == "$1" ] && ip addr add {{ tripleo_dns_listen_interfaces[0] }}/32 dev {{ _public_api_interface.interface }} # Designate collocated DNS services' - regexp: 'collocated_unbound_bind' - state: present - - -- name: If specified, have the dns service listen on a different IP (version 6) - when: - - tripleo_dns_listen_interfaces[0]|ipv6 - - (_public_api_interface.interface is defined) and (_public_api_interface.interface|length > 0) - become: true - block: - - name: Check if the address is already on the device. - shell: "ip -o addr show dev {{ _public_api_interface.interface }} | grep {{ tripleo_dns_listen_interfaces[0] }}" - failed_when: false - register: - _current_addr_search - - - name: Set the unbound additional IPv6 address on the required device. - command: "ip addr add {{ tripleo_dns_listen_interfaces[0] }}/128 dev {{ _public_api_interface.interface }}" - when: - _current_addr_search.rc == 1 - - - - name: Add line to ifup-local to make sure unbound's listen IPv6 address is set on restart - become: true - lineinfile: - path: "/sbin/ifup-local" - line: '[ "{{ _public_api_interface.interface }}" == "$1" ] && ip addr add {{ tripleo_dns_listen_interfaces[0] }}/128 dev {{ _public_api_interface.interface }} # Designate collocated DNS services' - regexp: 'collocated_unbound_bind' - state: present diff --git a/tripleo_ansible/roles/designate_bind_config/tasks/create_collocated_ips.yml b/tripleo_ansible/roles/designate_bind_config/tasks/create_collocated_ips.yml deleted file mode 100644 index befab7be7..000000000 --- a/tripleo_ansible/roles/designate_bind_config/tasks/create_collocated_ips.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Create a neutron port for a new address - os_port: - state: present - network: "{{ network_name }}" - fixed_ips: - - subnet_id: "{{ subnet_id }}" - no_security_groups: True - name: "designate-{{ item }}-integration-port" - register: _dns_designate_ports - with_items: - - "{{ hosts_for_ports }}" - -- name: Set the unbound host ip fact - set_fact: - tripleo_dns_listen_interfaces: "[ '{{ item.port.fixed_ips[0].ip_address }}' ]" - delegate_to: "{{ item.item }}" - delegate_facts: true - with_items: - - "{{ _dns_designate_ports.results }}" diff --git a/tripleo_ansible/roles/designate_bind_config/tasks/distribute_extra_ips.yml b/tripleo_ansible/roles/designate_bind_config/tasks/distribute_extra_ips.yml deleted file mode 100644 index 7ff48e07a..000000000 --- a/tripleo_ansible/roles/designate_bind_config/tasks/distribute_extra_ips.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Distribute unique designate bind/unbound IPs across hosts - set_fact: - tripleo_extra_dns_interface: "[ '{{ item.0 }}' ]" - delegate_to: "{{ item.1 }}" - delegate_facts: true - with_together: - - "{{ designate_collocate_ips }}" - - "{{ hosts_for_ports }}" diff --git a/tripleo_ansible/roles/designate_bind_config/tasks/main.yml b/tripleo_ansible/roles/designate_bind_config/tasks/main.yml deleted file mode 100644 index 927318022..000000000 --- a/tripleo_ansible/roles/designate_bind_config/tasks/main.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- name: ensure target directory exists - become: true - file: - path: "{{ designate_named_conf_path}}/named" - state: directory - -- name: generate named/options.conf - become: true - template: - src: options.conf.j2 - dest: "{{ designate_named_conf_path }}/named/options.conf" - vars: - notify_sources: "{{ designate_worker_node_ips }}" - -- name: generate named/rndc.conf - become: true - template: - src: rndc.conf.j2 - dest: "{{ designate_named_conf_path}}/named/rndc.conf" - -- name: generate named/logging.conf - become: true - template: - src: logging.conf.j2 - dest: "{{ designate_named_conf_path}}/named/logging.conf" - -- name: generate named.conf - become: true - template: - src: named.conf.j2 - dest: "{{ designate_named_conf_path}}/named.conf" - -- include_tasks: configure_interfaces.yml - when: - - tripleo_designate_bind_network is defined - - tripleo_dns_listen_interfaces is defined diff --git a/tripleo_ansible/roles/designate_bind_config/templates/logging.conf.j2 b/tripleo_ansible/roles/designate_bind_config/templates/logging.conf.j2 deleted file mode 100644 index d8f63eb57..000000000 --- a/tripleo_ansible/roles/designate_bind_config/templates/logging.conf.j2 +++ /dev/null @@ -1,30 +0,0 @@ -logging { - channel default_channel { - file "/var/log/bind/designate-{{ designate_bind_instance_name|default('bind') }}.log"; - print-time yes; - print-category yes; - print-severity yes; - severity info; - }; - - channel debug_channel { - file "/var/log/bind/designate-{{ designate_bind_instance_name|default('bind') }}-debug.log"; - print-time yes; - print-category yes; - print-severity yes; - severity dynamic; - }; - - category default { default_channel; default_debug; }; - - {% if designate_bind_enable_query_logging|default(false) %} - channel query_channel { - file "/var/log/bind/designate-{{ designate_bind_instance_name|default('bind') }}-query.log"; - print-time yes; - print-category yes; - print-severity yes; - severity info; - } - category queries { query_channel; }; - {% endif %} -}; diff --git a/tripleo_ansible/roles/designate_bind_config/templates/named.conf.j2 b/tripleo_ansible/roles/designate_bind_config/templates/named.conf.j2 deleted file mode 100644 index e11f93e26..000000000 --- a/tripleo_ansible/roles/designate_bind_config/templates/named.conf.j2 +++ /dev/null @@ -1,4 +0,0 @@ -include "/etc/named/rndc.conf"; -include "/etc/named/options.conf"; -include "/etc/named.rfc1912.zones"; -include "/etc/named/logging.conf"; diff --git a/tripleo_ansible/roles/designate_bind_config/templates/options.conf.j2 b/tripleo_ansible/roles/designate_bind_config/templates/options.conf.j2 deleted file mode 100644 index c096225d4..000000000 --- a/tripleo_ansible/roles/designate_bind_config/templates/options.conf.j2 +++ /dev/null @@ -1,29 +0,0 @@ -options { - allow-new-zones yes; - directory "/var/named-persistent"; - - # The default for named is to listen on everything and it's controlled - # by different settings for different IP versions. If the objective is to - # restrict to listening on a given address, we need to explicitly turn - # listening *off* for the different IP version. - {% if tripleo_dns_listen_interfaces[0]|ipv4 %} - listen-on port 53 { {{ tripleo_dns_listen_interfaces[0] }}; }; - listen-on-v6 { none; }; - {% elif tripleo_dns_listen_interfaces[0]|ipv6 %} - listen-on-v6 port 53 { {{ tripleo_dns_listen_interfaces[0] }}; }; - listen-on { none; }; - {% endif %} - - allow-notify { {{ tripleo_dns_listen_interfaces[0] }};{{ notify_sources|join(';') }}; }; - - {% if bind_lmdb_mapsize is defined %} - lmdb-mapsize {{ bind_lmdb_mapsize }}; - {% endif %} - - minimal-responses yes; - multi-master yes; - querylog {{ designate_bind_enable_query_logging }}; - recursion no; - version none; - allow-query-cache { none; }; -}; diff --git a/tripleo_ansible/roles/designate_bind_config/templates/rndc.conf.j2 b/tripleo_ansible/roles/designate_bind_config/templates/rndc.conf.j2 deleted file mode 100644 index 3d03768a7..000000000 --- a/tripleo_ansible/roles/designate_bind_config/templates/rndc.conf.j2 +++ /dev/null @@ -1,8 +0,0 @@ -key "rndc-key" { - algorithm hmac-sha256; - secret "{{ designate_rndc_key }}"; -}; - -controls { - inet {{ tripleo_dns_listen_interfaces[0] }} allow { {{ rndc_allowed_addresses|join(';') }}; } keys { "rndc-key"; }; -}; diff --git a/tripleo_ansible/roles/designate_bind_pool/defaults/main.yml b/tripleo_ansible/roles/designate_bind_pool/defaults/main.yml deleted file mode 100644 index 8808a457d..000000000 --- a/tripleo_ansible/roles/designate_bind_pool/defaults/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -designate_pool_config_file_path: '/var/lib/config-data/puppet-generated/designate/etc/designate/pools.yaml' -designate_bind_pool_key_file_path: '/var/lib/config-data/puppet-generated/designate/etc/designate/private' -pool_zone_domain: 'example.org' -tripleo_external_bind_servers: [] diff --git a/tripleo_ansible/roles/designate_bind_pool/meta/main.yml b/tripleo_ansible/roles/designate_bind_pool/meta/main.yml deleted file mode 100644 index 5a417ad51..000000000 --- a/tripleo_ansible/roles/designate_bind_pool/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- designate_bind_pool - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -# dependencies: diff --git a/tripleo_ansible/roles/designate_bind_pool/tasks/main.yml b/tripleo_ansible/roles/designate_bind_pool/tasks/main.yml deleted file mode 100644 index 15645b207..000000000 --- a/tripleo_ansible/roles/designate_bind_pool/tasks/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# XXX (beagles) which permissions? -- name: create bind pool configuration for designate with framework IPS - become: true - template: - src: pools.yaml.j2 - dest: "{{ designate_pool_config_file_path }}" diff --git a/tripleo_ansible/roles/designate_bind_pool/templates/pools.yaml.j2 b/tripleo_ansible/roles/designate_bind_pool/templates/pools.yaml.j2 deleted file mode 100644 index 63dd108d4..000000000 --- a/tripleo_ansible/roles/designate_bind_pool/templates/pools.yaml.j2 +++ /dev/null @@ -1,64 +0,0 @@ -- name: default - # The name is immutable. There will be no option to change the name after - # creation and the only way will to change it will be to delete it - # (and all zones associated with it) and recreate it. - description: Default Pool - - attributes: {} - - # List out the NS records for zones hosted within this pool - # This should be a record that is created outside of designate, that - # points to the public IP of the controller node. - ns_records: - {% for nameserver in designate_bind_node_ips -%} - - hostname: ns{{ loop.index }}.{{ pool_zone_domain }}. - priority: {{ loop.index }} - {% endfor %} - - nameservers: - {% for nameserver in groups.designate_bind -%} - - - host: {{ hostvars[nameserver].tripleo_dns_listen_interfaces[0] }} - port: 53 - {% endfor %} - - targets: - {% for server in groups.designate_bind -%} - - type: bind9 - description: BIND9 Server {{ loop.index }} - - masters: - {% for minidns_server in designate_mdns_node_ips -%} - - host: {{ net_vip_map[service_net_map['public_network']] }} - port: {{ minidns_proxy_base_port + loop.index -1 }} - {% endfor %} - - # BIND Configuration options - options: - host: {{ hostvars[server].tripleo_dns_listen_interfaces[0] }} - port: 53 - rndc_host: {{ hostvars[server].tripleo_dns_listen_interfaces[0] }} - rndc_port: 953 - rndc_config_file: {{ keyfile_base_path|default('/etc/designate/private/bind') }}{{ loop.index }}.conf - - {% endfor %} - - # Configure targets for user provided bind servers. - {% for server in tripleo_external_bind_servers -%} - - type: bind9 - description: External BIND9 Server {{ loop.index }} - - masters: - {% for minidns_server in designate_mdns_node_ips -%} - - host: {{ net_vip_map[service_net_map['public_network']] }} - port: {{ minidns_proxy_base_port + loop.index -1 }} - {% endfor %} - - # BIND options: - options: - host: {{ server.host }} - port: {{ server.port|default(53) }} - rndc_host: {{ server.rndc_host|default(server.host) }} - rndc_port: {{ server.rndc_port|default(953) }} - rndc_config_file: {{ keyfile_base_path|default('/etc/designate/private/xbind') }}{{ loop.index }}.conf - {% endfor %} diff --git a/tripleo_ansible/roles/designate_rndc_config/defaults/main.yml b/tripleo_ansible/roles/designate_rndc_config/defaults/main.yml deleted file mode 100644 index cb20adbe3..000000000 --- a/tripleo_ansible/roles/designate_rndc_config/defaults/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -designate_rndc_key_file_path: '/var/lib/config-data/puppet-generated/designate/etc' -designate_worker_config_file_path: '/var/lib/config-data/puppet-generated/designate/etc/designate' -tripleo_external_bind_servers: [] diff --git a/tripleo_ansible/roles/designate_rndc_config/meta/main.yml b/tripleo_ansible/roles/designate_rndc_config/meta/main.yml deleted file mode 100644 index 5a417ad51..000000000 --- a/tripleo_ansible/roles/designate_rndc_config/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- designate_bind_pool - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -# dependencies: diff --git a/tripleo_ansible/roles/designate_rndc_config/tasks/main.yml b/tripleo_ansible/roles/designate_rndc_config/tasks/main.yml deleted file mode 100644 index 822fe8404..000000000 --- a/tripleo_ansible/roles/designate_rndc_config/tasks/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# TODO(beagles): this should probably just move to the bind config role -# because the worker is writing rndc conf files instead. -- name: ensure rndc key path exists - become: true - file: - path: "{{ designate_rndc_key_file_path }}" - state: directory - -- name: create rndc key files for each bind instance - become: true - template: - src: rndc.key.j2 - dest: "{{ designate_rndc_key_file_path }}/rndc.key" - -# TODO(beagles): This is run here to deal with a a dependency issue, but -# should be removed when the partner heat template patch lands. -- name: included the rndc conf file generation if enabled - include_tasks: worker_config.yml diff --git a/tripleo_ansible/roles/designate_rndc_config/tasks/worker_config.yml b/tripleo_ansible/roles/designate_rndc_config/tasks/worker_config.yml deleted file mode 100644 index 0b6581e6f..000000000 --- a/tripleo_ansible/roles/designate_rndc_config/tasks/worker_config.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: ensure rndc configuration path exists - become: true - file: - path: "{{ designate_worker_config_file_path }}/private" - state: directory - -- name: create rndc configurations for each bind instance - become: true - template: - src: rndc.conf.j2 - dest: "{{ designate_worker_config_file_path }}/private/bind{{ index|int + 1 }}.conf" - loop: "{{ designate_bind_node_ips|flatten(levels=1) }}" - loop_control: - index_var: index - -- name: create rndc configurations for each external bind instance - become: true - template: - src: rndc.conf.j2 - dest: "{{ designate_worker_config_file_path }}/private/xbind{{ index|int + 1 }}.conf" - vars: - server_rndc_key: "{{ item.rndc_key }}" - loop: "{{ tripleo_external_bind_servers|flatten(levels=1) }}" - loop_control: - index_var: index diff --git a/tripleo_ansible/roles/designate_rndc_config/templates/rndc.conf.j2 b/tripleo_ansible/roles/designate_rndc_config/templates/rndc.conf.j2 deleted file mode 100644 index 901cfbfff..000000000 --- a/tripleo_ansible/roles/designate_rndc_config/templates/rndc.conf.j2 +++ /dev/null @@ -1,15 +0,0 @@ -key "rndc-key" { - algorithm hmac-sha256; - secret "{{ server_rndc_key|default(designate_rndc_key) }}"; -}; - -options { -{% set designate_worker_source_address = hostvars[inventory_hostname][designate_worker_network + "_ip"] %} - -{% if designate_worker_source_address|ipv4 %} - default-source-address {{ designate_worker_source_address }}; -{% elif designate_worker_source_address|ipv6 %} - default-source-address-v6 {{ designate_worker_source_address }}; -{% endif %} - default-key "rndc-key"; -}; diff --git a/tripleo_ansible/roles/designate_rndc_config/templates/rndc.key.j2 b/tripleo_ansible/roles/designate_rndc_config/templates/rndc.key.j2 deleted file mode 100644 index dda80769a..000000000 --- a/tripleo_ansible/roles/designate_rndc_config/templates/rndc.key.j2 +++ /dev/null @@ -1,4 +0,0 @@ -key "rndc-key" { - algorithm hmac-sha256; - secret "{{ designate_rndc_key }}"; -}; diff --git a/tripleo_ansible/roles/env_data/molecule/default/converge.yml b/tripleo_ansible/roles/env_data/molecule/default/converge.yml deleted file mode 100644 index 436b30fd1..000000000 --- a/tripleo_ansible/roles/env_data/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "env_data" diff --git a/tripleo_ansible/roles/env_data/molecule/default/molecule.yml b/tripleo_ansible/roles/env_data/molecule/default/molecule.yml deleted file mode 100644 index 93b3c5b7e..000000000 --- a/tripleo_ansible/roles/env_data/molecule/default/molecule.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -driver: - name: podman - -log: true - -platforms: - - name: centos - hostname: centos - image: centos/centos:stream9 - registry: - url: quay.io - dockerfile: Dockerfile.j2 - pkg_extras: python*setuptools - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg - - /etc/dnf/vars:/etc/dnf/vars - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - ulimits: &ulimit - - host - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/env_data/molecule/default/prepare.yml b/tripleo_ansible/roles/env_data/molecule/default/prepare.yml deleted file mode 100644 index ec16f729a..000000000 --- a/tripleo_ansible/roles/env_data/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/env_data/tasks/main.yml b/tripleo_ansible/roles/env_data/tasks/main.yml deleted file mode 100644 index fccae474e..000000000 --- a/tripleo_ansible/roles/env_data/tasks/main.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Gather all installed packages - ansible.builtin.shell: rpm -qa | sort - register: package_list -- name: Gather repository list - ansible.builtin.command: dnf repolist - register: repo_list -- name: Output installed packages - ansible.builtin.debug: - msg: | - #### INSTALLED PACKAGES - {{ package_list.stdout }} - #### REPOSITORIES - {{ repo_list.stdout }} diff --git a/tripleo_ansible/roles/login_defs/defaults/main.yml b/tripleo_ansible/roles/login_defs/defaults/main.yml deleted file mode 100644 index 7e493adab..000000000 --- a/tripleo_ansible/roles/login_defs/defaults/main.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -tripleo_login_defs_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" - -# The maximum number of days a password may be used -tripleo_login_defs_password_max_days: 60 -# The minimum number of days allowed between password changes -tripleo_login_defs_password_min_days: 1 -# The minimal number of significant characters in the password -tripleo_login_defs_password_min_len: 5 -# The number of days warning given before a password expires -tripleo_login_defs_password_warn_age: 7 -# Delay in seconds before being allowed another attempt after a login failure -tripleo_login_defs_fail_delay: 4 diff --git a/tripleo_ansible/roles/login_defs/meta/main.yml b/tripleo_ansible/roles/login_defs/meta/main.yml deleted file mode 100644 index a5ae73ed0..000000000 --- a/tripleo_ansible/roles/login_defs/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- login_defs - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/login_defs/molecule/default/converge.yml b/tripleo_ansible/roles/login_defs/molecule/default/converge.yml deleted file mode 100644 index e104e3517..000000000 --- a/tripleo_ansible/roles/login_defs/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "login_defs" diff --git a/tripleo_ansible/roles/login_defs/molecule/default/molecule.yml b/tripleo_ansible/roles/login_defs/molecule/default/molecule.yml deleted file mode 100644 index 5b32dc746..000000000 --- a/tripleo_ansible/roles/login_defs/molecule/default/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/login_defs/molecule/default/prepare.yml b/tripleo_ansible/roles/login_defs/molecule/default/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/login_defs/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/login_defs/molecule/default/verify.yml b/tripleo_ansible/roles/login_defs/molecule/default/verify.yml deleted file mode 100644 index 24b82ef9f..000000000 --- a/tripleo_ansible/roles/login_defs/molecule/default/verify.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: all - tasks: - - name: Check the file exits - stat: - path: /etc/login.defs - register: file - - - name: Verify - assert: - that: - - file.stat.exists - - file.stat.gr_name == 'root' - - file.stat.pw_name == 'root' - - file.stat.mode == '0644' - fail_msg: "File login.defs doesn't exist or has wrong attributes!" - - - name: Check the file contains all required values - command: grep "^{{ item.0 }} {{ item.1 }}$" /tmp/login.defs - loop: - - - PASS_MAX_DAYS - - "{{ tripleo_login_defs_password_max_days }}" - - - PASS_MIN_DAYS - - "{{ tripleo_login_defs_password_min_days }}" - - - PASS_MIN_LEN - - "{{ tripleo_login_defs_password_min_len }}" - - - PASS_WARN_AGE - - "{{ tripleo_login_defs_password_warn_age }}" - - - FAIL_DELAY - - "{{ tripleo_login_defs_fail_delay }}" diff --git a/tripleo_ansible/roles/login_defs/tasks/main.yml b/tripleo_ansible/roles/login_defs/tasks/main.yml deleted file mode 100644 index 29abb24e8..000000000 --- a/tripleo_ansible/roles/login_defs/tasks/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "login_defs" will search for and load any operating system variable file - -- name: Install shadow-utils - package: - name: shadow-utils - state: present - -- name: Change login defs file - lineinfile: - line: "{{ item.0 }} {{ item.1 }}" - regexp: "^[#]*{{ item.0 }}.*" - dest: /etc/login.defs - owner: root - group: root - mode: 0644 - loop: - - - PASS_MAX_DAYS - - "{{ tripleo_login_defs_password_max_days }}" - - - PASS_MIN_DAYS - - "{{ tripleo_login_defs_password_min_days }}" - - - PASS_MIN_LEN - - "{{ tripleo_login_defs_password_min_len }}" - - - PASS_WARN_AGE - - "{{ tripleo_login_defs_password_warn_age }}" - - - FAIL_DELAY - - "{{ tripleo_login_defs_fail_delay }}" diff --git a/tripleo_ansible/roles/octavia_common/defaults/main.yml b/tripleo_ansible/roles/octavia_common/defaults/main.yml deleted file mode 100644 index 4c9581906..000000000 --- a/tripleo_ansible/roles/octavia_common/defaults/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -amp_image_name: "" -amp_image_filename: "" -amp_image_tag: "amphora-image" -amp_ssh_key_name: "octavia-ssh-key" -amp_ssh_key_path: "" -amp_to_raw: false -amp_hw_arch: "x86_64" -auth_username: "octavia" -auth_project_name: "service" -lb_mgmt_net_name: "lb-mgmt-net" -lb_mgmt_subnet_name: "lb-mgmt-subnet" -lb_mgmt_subnet_cidr: "172.24.0.0/16" -lb_mgmt_subnet_gateway: "172.24.0.1" -lb_mgmt_subnet_pool_start: "172.24.0.2" -lb_mgmt_subnet_pool_end: "172.24.255.254" -lb_mgmt_sec_grp_name: "lb-mgmt-sec-grp" -lb_health_mgr_sec_grp_name: "lb-health-mgr-sec-grp" -mgmt_port_dev: "o-hm0" -enable_log_offloading: false -log_offload_protocol: "udp" diff --git a/tripleo_ansible/roles/octavia_common/meta/main.yml b/tripleo_ansible/roles/octavia_common/meta/main.yml deleted file mode 100644 index ff8241e1f..000000000 --- a/tripleo_ansible/roles/octavia_common/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- octavia_common - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/octavia_controller_check/meta/main.yml b/tripleo_ansible/roles/octavia_controller_check/meta/main.yml deleted file mode 100644 index 0c9d8b36c..000000000 --- a/tripleo_ansible/roles/octavia_controller_check/meta/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- octavia_controller_check - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: - - octavia_common diff --git a/tripleo_ansible/roles/octavia_controller_check/tasks/main.yml b/tripleo_ansible/roles/octavia_controller_check/tasks/main.yml deleted file mode 100644 index b4b541293..000000000 --- a/tripleo_ansible/roles/octavia_controller_check/tasks/main.yml +++ /dev/null @@ -1,98 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Check if octavia CA file exists on host - become: true - stat: - path: "{{ octavia_confd_prefix }}/{{ ca_cert_path }}" - register: ca_file_stat - -- name: Get and store CA data - block: - - name: Get CA file if exists - become: true - slurp: - src: "{{ octavia_confd_prefix }}/{{ ca_cert_path }}" - register: ca_file_data - - name: Store CA data - set_fact: - ca_cert: "{{ ca_file_data.content | b64decode }}" - - - name: Get remaining validity period of the CA - shell: | - now=$(date +%s) - enddate=$(date +%s -d "$(openssl x509 -enddate -noout -in {{ octavia_confd_prefix }}/{{ ca_cert_path }} | cut -d= -f2)") - echo $((enddate - now)) - register: validity_period - - - name: Force CA update if remaining validity is less than 1 year - set_fact: - force_certs_update: true - when: - - (validity_period.stdout| int) < 31622400 # 31622400 seconds == 366 days - when: - - ca_file_stat.stat.exists | bool - -- name: Check if octavia CA private key exists on host - become: true - stat: - path: "{{ octavia_confd_prefix }}/{{ ca_private_key_path }}" - register: ca_key_file_stat - -- name: Get and store CA private key - block: - - name: Get CA private key file if exists - become: true - slurp: - src: "{{ octavia_confd_prefix }}/{{ ca_private_key_path }}" - register: key_file_data - - name: Store CA private key - set_fact: - ca_private_key: "{{ key_file_data.content | b64decode }}" - - - name: Detect if key is encrypted with AES256 - shell: grep -q 'AES-256-CBC' {{ octavia_confd_prefix }}/{{ ca_private_key_path }} - failed_when: false - register: ca_private_key_aes_256 - - name: Store flag if a private key update is required - set_fact: - force_private_key_update: true - force_certs_update: true - when: - - ca_private_key_aes_256.rc != 0 - when: - - ca_key_file_stat.stat.exists | bool - -- name: Check if octavia client certificate exists on host - become: true - stat: - path: "{{ octavia_confd_prefix }}/{{ client_cert_path }}" - register: client_cert_file_stat - -# TODO(gthiemon) Remove those tasks when we support per-controller and -# per-process client certificates for Octavia. -- name: Get and store client certificate - block: - - name: Get client certificate file if exists - become: true - slurp: - src: "{{ octavia_confd_prefix }}/{{ client_cert_path }}" - register: client_file_data - - name: Store client certificate data - set_fact: - service_pem_content: "{{ client_file_data.content | b64decode }}" - when: - - client_cert_file_stat.stat.exists | bool diff --git a/tripleo_ansible/roles/octavia_controller_config/defaults/main.yml b/tripleo_ansible/roles/octavia_controller_config/defaults/main.yml deleted file mode 100644 index 1d0029aba..000000000 --- a/tripleo_ansible/roles/octavia_controller_config/defaults/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. -octavia_controller_config_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" diff --git a/tripleo_ansible/roles/octavia_controller_config/handlers/main.yml b/tripleo_ansible/roles/octavia_controller_config/handlers/main.yml deleted file mode 100644 index b9cab0cb4..000000000 --- a/tripleo_ansible/roles/octavia_controller_config/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- name: octavia config updated - set_fact: - octavia_config_updated: true diff --git a/tripleo_ansible/roles/octavia_controller_config/meta/main.yml b/tripleo_ansible/roles/octavia_controller_config/meta/main.yml deleted file mode 100644 index 488fe34b2..000000000 --- a/tripleo_ansible/roles/octavia_controller_config/meta/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- octavia_controller_config - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: - - octavia_common diff --git a/tripleo_ansible/roles/octavia_controller_config/tasks/certificate.yml b/tripleo_ansible/roles/octavia_controller_config/tasks/certificate.yml deleted file mode 100644 index cda98948b..000000000 --- a/tripleo_ansible/roles/octavia_controller_config/tasks/certificate.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- - -- name: making sure octavia worker configuration directory exists - file: - path: "{{ octavia_confd_prefix }}{{ ca_private_key_path | dirname }}" - state: directory - selevel: s0 - setype: svirt_sandbox_file_t - become: true - -- name: Copying key info to octavia if not already there - become: true - copy: - content: "{{ item.content }}" - dest: "{{ octavia_confd_prefix }}/{{ item.path }}" - selevel: s0 - setype: svirt_sandbox_file_t - no_log: "{{ octavia_controller_config_hide_sensitive_logs | bool }}" - loop: - - content: "{{ updated_private_key_content }}" - path: "{{ ca_private_key_path }}" - - content: "{{ updated_ca_cert_content }}" - path: "{{ ca_cert_path }}" - - content: "{{ updated_service_pem_content }}" - path: "{{ client_cert_path }}" - notify: - - octavia config updated diff --git a/tripleo_ansible/roles/octavia_controller_config/tasks/main.yml b/tripleo_ansible/roles/octavia_controller_config/tasks/main.yml deleted file mode 100644 index 1e5e3a134..000000000 --- a/tripleo_ansible/roles/octavia_controller_config/tasks/main.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Set node name fact - set_fact: - node_hostname: "{{ canonical_hostname }}" - -- include_tasks: certificate.yml - when: - - generate_certs | bool - - update_certs | bool - -- include_tasks: netport.yml -- include_tasks: netinterface.yml -- include_tasks: octavia.yml diff --git a/tripleo_ansible/roles/octavia_controller_config/tasks/netinterface.yml b/tripleo_ansible/roles/octavia_controller_config/tasks/netinterface.yml deleted file mode 100644 index 0feaeeec7..000000000 --- a/tripleo_ansible/roles/octavia_controller_config/tasks/netinterface.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: create br-int interface file - become: true - become_user: root - template: - dest: "/etc/sysconfig/network-scripts/ifcfg-br-int" - src: "ifcfg-br-int.j2" - force: false - -- name: create octavia management interface - become: true - become_user: root - template: - dest: "/etc/sysconfig/network-scripts/ifcfg-{{ mgmt_port_dev }}" - src: "ifcfg.j2" - register: octavia_ifcfg_file - -- name: Bring the management port interface up - become: true - become_user: root - command: "ifup {{ mgmt_port_dev }}" - notify: - - octavia config updated - when: - - octavia_ifcfg_file.changed|bool diff --git a/tripleo_ansible/roles/octavia_controller_config/tasks/netport.yml b/tripleo_ansible/roles/octavia_controller_config/tasks/netport.yml deleted file mode 100644 index 5fc16a1fc..000000000 --- a/tripleo_ansible/roles/octavia_controller_config/tasks/netport.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- -- name: create management port - shell: |- - set -o pipefail - port_id="$(openstack port show octavia-health-manager-{{ node_hostname }}-listen-port -f value -c id 2> /dev/null)" - if [[ -z "${port_id}" ]]; then - openstack port create --network {{ lb_mgmt_net_name }} \ - --host {{node_hostname}} \ - --security-group {{ lb_health_mgr_sec_grp_name }} \ - --device-owner Octavia:health-mgr \ - octavia-health-manager-{{ node_hostname }}-listen-port \ - -f value -c id - fi - register: out_mgmt_port - changed_when: (out_mgmt_port.stdout | length) > 0 - notify: - - octavia config updated - -- name: getting management port - shell: | - openstack port show octavia-health-manager-{{ node_hostname }}-listen-port -f value -c id - register: out_mgmt_port_id - changed_when: false - -- name: setting fact for management network controller port ID - set_fact: - mgmt_port_id: "{{ out_mgmt_port_id.stdout }}" - -- name: get management port mac - shell: | - openstack port show {{ mgmt_port_id }} -f value -c mac_address - register: out_mgmt_port_mac - changed_when: false - -- name: setting fact for management network controller port MAC - set_fact: - mgmt_port_mac: "{{ out_mgmt_port_mac.stdout }}" - -- name: get fixed ip info - shell: | - openstack port show {{ mgmt_port_id }} -f json -c fixed_ips - register: mgmt_port_fixed_ip_out - -- name: get management port detail result - set_fact: - mgmt_port_details: "{{ mgmt_port_fixed_ip_out.stdout }}" - -- name: parse management port details - set_fact: - mgmt_port_ip: "{{ mgmt_port_details | json_query('fixed_ips[*].ip_address') | first }}" - mgmt_port_subnet: "{{ mgmt_port_details | json_query('fixed_ips[*].subnet_id') | first }}" - -- name: get management port net mask - shell: | - openstack subnet show {{ mgmt_port_subnet }} -f value -c cidr 2> /dev/null - register: out_mgmt_subnet_cidr - -- name: setting fact for management subnet cidr - set_fact: - mgmt_subnet_cidr: "{{ out_mgmt_subnet_cidr.stdout }}" - -- name: setting fact for management network prefix - set_fact: - mgmt_port_prefix: "{{ mgmt_subnet_cidr | ansible.netcommon.ipaddr('prefix') }}" - -- name: get MTU for management port - shell: | - openstack network show {{ lb_mgmt_net_name }} -f value -c mtu - register: out_mgmt_port_mtu - -- name: setting fact for management port MTU - set_fact: - mgmt_port_mtu: "{{ out_mgmt_port_mtu.stdout }}" - -- name: creating fact for management network health manager controller IP - set_fact: - o_hm_ip: "{{ mgmt_port_ip }}:5555" diff --git a/tripleo_ansible/roles/octavia_controller_config/tasks/octavia.yml b/tripleo_ansible/roles/octavia_controller_config/tasks/octavia.yml deleted file mode 100644 index 905dca5eb..000000000 --- a/tripleo_ansible/roles/octavia_controller_config/tasks/octavia.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- - -- name: setting [controller_worker]/amp_boot_network_list - become: true - become_user: root - ini_file: - path: "{{ octavia_confd_prefix }}/etc/octavia/post-deploy.conf" - section: controller_worker - option: amp_boot_network_list - value: "{{ lb_mgmt_net_id }}" - selevel: s0 - setype: svirt_sandbox_file_t - -- name: setting [controller_worker]/amp_secgroup_list - become: true - become_user: root - ini_file: - path: "{{ octavia_confd_prefix }}/etc/octavia/post-deploy.conf" - section: controller_worker - option: amp_secgroup_list - value: "{{ lb_mgmt_secgroup_id }}" - selevel: s0 - setype: svirt_sandbox_file_t - -- name: setting [health_manager]/bind_ip - become: true - become_user: root - ini_file: - path: "{{ octavia_confd_prefix }}/etc/octavia/post-deploy.conf" - section: health_manager - option: bind_ip - value: "{{ mgmt_port_ip }}" - selevel: s0 - setype: svirt_sandbox_file_t - -- name: gather facts about the service project - shell: | - openstack project show "{{ auth_project_name }}" -c id -f value - register: project_id_result - -- name: setting [controller_worker]/amp_image_owner_id - become: true - become_user: root - ini_file: - path: "{{ octavia_confd_prefix }}/etc/octavia/post-deploy.conf" - section: controller_worker - option: amp_image_owner_id - value: "{{ project_id_result.stdout }}" diff --git a/tripleo_ansible/roles/octavia_controller_config/templates/ifcfg-br-int.j2 b/tripleo_ansible/roles/octavia_controller_config/templates/ifcfg-br-int.j2 deleted file mode 100644 index 78d904f8b..000000000 --- a/tripleo_ansible/roles/octavia_controller_config/templates/ifcfg-br-int.j2 +++ /dev/null @@ -1,6 +0,0 @@ -DEVICETYPE=ovs -TYPE=OVSBridge -BOOTPROTO=none -DEVICE=br-int -NM_CONTROLLED=no -ONBOOT=yes diff --git a/tripleo_ansible/roles/octavia_controller_config/templates/ifcfg.j2 b/tripleo_ansible/roles/octavia_controller_config/templates/ifcfg.j2 deleted file mode 100644 index a0e7c0446..000000000 --- a/tripleo_ansible/roles/octavia_controller_config/templates/ifcfg.j2 +++ /dev/null @@ -1,21 +0,0 @@ -TYPE=OVSIntPort -OVS_BRIDGE=br-int -DEVICETYPE=ovs -ONBOOT=yes -BOOTPROTO=static -IPV6_AUTOCONF=no -DEVICE={{ mgmt_port_dev }} -IPADDR={{ mgmt_port_ip }} -PREFIX={{ mgmt_port_prefix }} -{% if lb_mgmt_net_ip_version == 6 -%} -IPV6INIT=yes -{% endif -%} -NM_CONTROLLED=no -MACADDR={{ mgmt_port_mac }} -MTU={{ mgmt_port_mtu }} -OVS_EXTRA="-- set Interface {{ mgmt_port_dev }} external-ids:iface-status=active \ - -- set Interface {{ mgmt_port_dev }} external-ids:attached-mac={{ mgmt_port_mac }} \ - -- set Interface {{ mgmt_port_dev }} external-ids:iface-id={{mgmt_port_id }} \ - -- set Interface {{ mgmt_port_dev }} external-ids:skip_cleanup=true \ - -- set Interface {{ mgmt_port_dev }} mac=\"{{ mgmt_port_mac }}\" \ - -- set Interface {{ mgmt_port_dev }} other-config:hwaddr={{ mgmt_port_mac }}" diff --git a/tripleo_ansible/roles/octavia_controller_config/vars/main.yml b/tripleo_ansible/roles/octavia_controller_config/vars/main.yml deleted file mode 100644 index c640be0a6..000000000 --- a/tripleo_ansible/roles/octavia_controller_config/vars/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Copyright Red Hat -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -lb_mgmt_net_ip_version: "{{ 6 if lb_mgmt_subnet_cidr | ansible.netcommon.ipv6 else 4 }}" diff --git a/tripleo_ansible/roles/octavia_controller_dcn_config/defaults/main.yaml b/tripleo_ansible/roles/octavia_controller_dcn_config/defaults/main.yaml deleted file mode 100644 index 29b5d4e4a..000000000 --- a/tripleo_ansible/roles/octavia_controller_dcn_config/defaults/main.yaml +++ /dev/null @@ -1,2 +0,0 @@ -lb_mgmt_prefix: "lb-mgmt" -lb_health_mgr_sec_grp_name: "lb-health-mgr-sec-grp" diff --git a/tripleo_ansible/roles/octavia_controller_dcn_config/meta/main.yaml b/tripleo_ansible/roles/octavia_controller_dcn_config/meta/main.yaml deleted file mode 100644 index 80fadb1ae..000000000 --- a/tripleo_ansible/roles/octavia_controller_dcn_config/meta/main.yaml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- octavia_controller_dcn_config - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: - - octavia_common diff --git a/tripleo_ansible/roles/octavia_controller_dcn_config/tasks/main.yaml b/tripleo_ansible/roles/octavia_controller_dcn_config/tasks/main.yaml deleted file mode 100644 index 138e9a2bb..000000000 --- a/tripleo_ansible/roles/octavia_controller_dcn_config/tasks/main.yaml +++ /dev/null @@ -1,46 +0,0 @@ -- name: Get controller network fixed IPs - shell: | - openstack port show -c fixed_ips -f json \ - octavia-health-manager-{{ canonical_hostname }}-listen-port - delegate_to: undercloud - changed_when: false - register: port_fixed_ips - -- name: Get router interfaces - shell: | - openstack router show -c interfaces_info -f json {{ lb_mgmt_prefix }}-router - delegate_to: undercloud - changed_when: false - run_once: true - register: router_interfaces - -- name: Set facts for router gateway - set_fact: - gateway: "{{ router_interfaces.stdout | from_json | json_query(query) | first }}" - vars: - query: "interfaces_info[?subnet_id=='{{ port_subnet_id }}'].ip_address" - port_subnet_id: "{{ port_fixed_ips.stdout | from_json | json_query('fixed_ips[0].subnet_id') }}" - -- name: Get subnets CIDRs - shell: | - openstack subnet show -c cidr -f value {{ lb_mgmt_prefix }}-{{ item }}-subnet - delegate_to: undercloud - changed_when: false - run_once: true - register: cidrs - loop: "{{ octavia_availability_zones | difference([octavia_controller_availability_zone]) }}" - -- name: Create route file for o-hm0 - copy: - dest: /etc/sysconfig/network-scripts/route-o-hm0 - content: | - {% for cidr in cidrs.results %} - {{ cidr.stdout }} via {{ gateway }} - {% endfor %} - become: true - -- name: Set o-hm0 up - shell: | - ifdown o-hm0 - ifup o-hm0 - become: true diff --git a/tripleo_ansible/roles/octavia_controller_post_config/defaults/main.yml b/tripleo_ansible/roles/octavia_controller_post_config/defaults/main.yml deleted file mode 100644 index 487a9990a..000000000 --- a/tripleo_ansible/roles/octavia_controller_post_config/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -octavia_config_updated: false diff --git a/tripleo_ansible/roles/octavia_controller_post_config/meta/main.yml b/tripleo_ansible/roles/octavia_controller_post_config/meta/main.yml deleted file mode 100644 index 209917613..000000000 --- a/tripleo_ansible/roles/octavia_controller_post_config/meta/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- octavia-overcloud-post-config - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: - - octavia_common diff --git a/tripleo_ansible/roles/octavia_controller_post_config/tasks/main.yml b/tripleo_ansible/roles/octavia_controller_post_config/tasks/main.yml deleted file mode 100644 index 112e5ff9f..000000000 --- a/tripleo_ansible/roles/octavia_controller_post_config/tasks/main.yml +++ /dev/null @@ -1,187 +0,0 @@ ---- - -- name: Show debug information - debug: - msg: "Octavia services will be restarted because of updated configuration" - when: - - octavia_config_updated - -- name: create ip list - set_fact: - o_hm_ip_list: "{% for octavia_node in groups['octavia_nodes'] %}{{ hostvars[octavia_node].o_hm_ip }}, {%endfor%}" - -- name: create ip list (remove the last two characters) - set_fact: - o_hm_ip_list: "{{ o_hm_ip_list[:-2] }}" - -- name: configure amphora log offloading - block: - - name: create ip list (rsyslog) - set_fact: - o_rsyslog_ip_list: "{% for octavia_node in groups['octavia_nodes'] %}{{ hostvars[octavia_node].mgmt_port_ip }}:514, {%endfor%}" - - - name: create ip list (remove the last two characters) (rsyslog) - set_fact: - o_rsyslog_ip_list: "{{ o_rsyslog_ip_list[:-2] }}" - - - name: create /etc/rsyslog.d - become: true - become_user: root - file: - state: directory - path: "{{ octavia_confd_prefix }}/etc/rsyslog.d" - selevel: s0 - setype: svirt_sandbox_file_t - - - name: create rsyslog 10-octavia.conf - become: true - become_user: root - template: - src: templates/10-octavia.conf.j2 - dest: "{{ octavia_confd_prefix }}/etc/rsyslog.d/10-octavia.conf" - selevel: s0 - setype: svirt_sandbox_file_t - - - name: check if octavia rsyslog is running - become: true - become_user: root - shell: | - systemctl is-active --quiet tripleo_octavia_rsyslog - failed_when: false - register: octavia_rsyslog_service - - - name: restart octavia rsyslog service - become: true - become_user: root - systemd: - name: tripleo_octavia_rsyslog - state: restarted - when: - - octavia_rsyslog_service.rc == 0 - when: enable_log_offloading | bool - -- name: read the current IP list - become: true - become_user: root - shell: | - awk -F '=' -e '/^controller_ip_port_list/ { print $2; }' "{{ octavia_confd_prefix }}/etc/octavia/post-deploy.conf" - register: config_contents - failed_when: config_contents.rc != 0 - changed_when: false - -- name: retrieve current ip list - set_fact: - current_ip_list: "{{ config_contents.stdout | trim }}" - -# This isn't perfect as they execution order will make them not match, but we can avoid a restart -# if things have stayed the same. -- name: check if ip list needs updating - set_fact: - octavia_config_updated: true - when: - - current_ip_list != o_hm_ip_list - -- name: setting [health_manager]/controller_ip_port_list - become: true - become_user: root - ini_file: - section: "health_manager" - option: "controller_ip_port_list" - value: "{{ o_hm_ip_list }}" - path: "{{ octavia_confd_prefix }}/etc/octavia/post-deploy.conf" - selevel: s0 - setype: svirt_sandbox_file_t - when: - - octavia_config_updated - -- name: setting [amphora_agent]/tenant_log_targets - become: true - become_user: root - ini_file: - section: "amphora_agent" - option: "tenant_log_targets" - value: "{{ o_rsyslog_ip_list }}" - path: "{{ octavia_confd_prefix }}/etc/octavia/post-deploy.conf" - selevel: s0 - setype: svirt_sandbox_file_t - when: - - enable_log_offloading | bool - -- name: setting [amphora_agent]/log_protocol - become: true - become_user: root - ini_file: - section: "amphora_agent" - option: "log_protocol" - value: "{{ log_offload_protocol | upper }}" - path: "{{ octavia_confd_prefix }}/etc/octavia/post-deploy.conf" - selevel: s0 - setype: svirt_sandbox_file_t - when: - - enable_log_offloading | bool - -- name: setting [amphora_agent]/admin_log_targets - become: true - become_user: root - ini_file: - section: "amphora_agent" - option: "admin_log_targets" - value: "{{ o_rsyslog_ip_list }}" - path: "{{ octavia_confd_prefix }}/etc/octavia/post-deploy.conf" - selevel: s0 - setype: svirt_sandbox_file_t - when: - - enable_log_offloading | bool - -- name: get list of running octavia services - become: true - become_user: root - shell: | - systemctl is-active --quiet {{ item }} && echo {{ item }} - failed_when: false - register: octavia_active_services - loop: - - tripleo_octavia_api - - tripleo_octavia_worker - - tripleo_octavia_health_manager - - tripleo_octavia_housekeeping - - tripleo_octavia_driver_agent - when: - - container_cli == "podman" - - octavia_config_updated - -- name: restart octavia services - become: true - become_user: root - systemd: - name: "{{ item.stdout }}" - state: restarted - loop: "{{ octavia_active_services.results }}" - when: - - container_cli == "podman" - - octavia_config_updated - - item.rc == 0 - -- name: get list of running octavia containers - become: true - become_user: root - shell: | - "{{ container_cli }}" ps -f name=octavia -q - register: running_octavia_containers - when: - - container_cli == "docker" - - octavia_config_updated - -- name: restart octavia containers - become: true - become_user: root - shell: "{{ container_cli }} restart {{ running_octavia_containers.stdout_lines|join(' ') }}" - when: - - container_cli == "docker" - - octavia_config_updated - - (running_octavia_containers.stdout|length) > 0 - -- name: remove directory /etc/octavia/conf.d/common (LP#1836074) - file: - path: "{{ octavia_confd_prefix }}/etc/octavia/conf.d/common" - state: absent diff --git a/tripleo_ansible/roles/octavia_controller_post_config/templates/10-octavia.conf.j2 b/tripleo_ansible/roles/octavia_controller_post_config/templates/10-octavia.conf.j2 deleted file mode 100644 index 9d9b0ddfc..000000000 --- a/tripleo_ansible/roles/octavia_controller_post_config/templates/10-octavia.conf.j2 +++ /dev/null @@ -1,41 +0,0 @@ -module(load="im{{ log_offload_protocol }}") -input(type="im{{ log_offload_protocol }}" address="{{ mgmt_port_ip }}" port="514") - -{% macro forwarder(type, log_targets) %} -{% if (log_targets|length) > 0 %} -ruleset(name="{{ type }}_forwarding" queue.type="linkedList" queue.size="10000") { -{% for target in log_targets %} - action(type="omfwd" - {%- set host, port = target.split(':') -%} - target="{{ host }}" - port="{{ port }}" - protocol="{{ log_offload_protocol }}" - action.resumeRetryCount="5" - action.resumeInterval="2" - {% if not loop.first %}action.execOnlyWhenPreviousIsSuspended="on"{%- endif %} - ) -{% endfor %} -} -{% endif %} -{% endmacro %} - -{{ forwarder('tenant', tenant_log_targets) }} -{{ forwarder('admin', admin_log_targets) }} - -# Output the amphora tenant traffic flow logs -if ($inputname == "im{{ log_offload_protocol }}" and $syslogfacility-text == "local0" and $syslogseverity-text == "info" and $hostname startswith "amphora") then { - action(type="omfile" FileCreateMode="0644" File="/var/log/octavia/octavia-tenant-traffic.log") -{% if (tenant_log_targets|length) > 0 %} - call tenant_forwarding -{% endif %} - stop -} - -# Output the amphora administrative logs -if ($inputname == "im{{ log_offload_protocol }}" and $syslogfacility-text != "local0" and $hostname startswith "amphora") then { - action(type="omfile" FileCreateMode="0644" File="/var/log/octavia/octavia-amphora.log") -{% if (admin_log_targets|length) > 0 %} - call admin_forwarding -{% endif %} - stop -} diff --git a/tripleo_ansible/roles/octavia_overcloud_config/meta/main.yml b/tripleo_ansible/roles/octavia_overcloud_config/meta/main.yml deleted file mode 100644 index 9834575ed..000000000 --- a/tripleo_ansible/roles/octavia_overcloud_config/meta/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- octavia_overcloud_config - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: - - octavia_common diff --git a/tripleo_ansible/roles/octavia_overcloud_config/tasks/certs_gen.yml b/tripleo_ansible/roles/octavia_overcloud_config/tasks/certs_gen.yml deleted file mode 100644 index 88b7971a3..000000000 --- a/tripleo_ansible/roles/octavia_overcloud_config/tasks/certs_gen.yml +++ /dev/null @@ -1,125 +0,0 @@ ---- - -- name: delete temporary ssl directory - become: true - file: path={{ openssl_temp_dir }} state=absent - -- name: create temporary ssl directories - become: true - file: path={{ openssl_temp_dir }}/private recurse=yes - -- name: create temporary ssl newcerts directory - become: true - file: path={{ openssl_temp_dir }}/newcerts recurse=yes - -- name: create index.txt - become: true - copy: content="" dest={{ openssl_temp_dir }}/index.txt force=no - -- name: create serial file - become: true - copy: content="01" dest={{ openssl_temp_dir }}/serial - -- name: create openssl configuration file from template - become: true - ansible.builtin.template: - src: openssl.cnf.j2 - dest: "{{ openssl_temp_dir }}/openssl.cnf" - mode: '0640' - -- name: Generating certificate authority private key - become: true - shell: | - openssl genpkey -algorithm RSA -pass env:CA_PASSPHRASE -aes-256-cbc \ - -out {{ openssl_temp_dir }}/private/cakey.pem - environment: - CA_PASSPHRASE: "{{ ca_passphrase }}" - when: - - not (force_certs_update | default(false) | bool) - -- name: Reuse previous CA private key - block: - - name: Write previous CA private key - copy: - content: "{{ private_key_content }}" - dest: "{{ openssl_temp_dir }}/private/cakey.pem" - no_log: true - when: - - force_certs_update | default(false) | bool - - not (force_private_key_update | default(false) | bool) - -- name: Reuse and update previous CA private key - block: - - name: Write previous CA private key - copy: - content: "{{ private_key_content }}" - dest: "{{ openssl_temp_dir }}/private/cakey.old.pem" - no_log: true - - - name: Update CA private key - shell: | - openssl rsa -aes256 \ - -passin env:CA_PASSPHRASE \ - -passout env:CA_PASSPHRASE \ - -in {{ openssl_temp_dir }}/private/cakey.old.pem \ - -out {{ openssl_temp_dir }}/private/cakey.pem - environment: - CA_PASSPHRASE: "{{ ca_passphrase }}" - when: - - force_certs_update | default(false) | bool - - force_private_key_update | default(false) | bool - -- name: Reading private key - become: true - shell: cat {{ openssl_temp_dir }}/private/cakey.pem - register: private_key_data - -- name: Setting private key fact - set_fact: - private_key_content: "{{ private_key_data.stdout }}" - -- name: Generating certificate authority certificate - become: true - shell: | - openssl req -x509 -passin env:CA_PASSPHRASE -new -nodes \ - -key {{ openssl_temp_dir }}/private/cakey.pem \ - -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" \ - -days 18250 -config {{ openssl_temp_dir }}/openssl.cnf \ - -out {{ openssl_temp_dir }}/ca_01.pem - environment: - CA_PASSPHRASE: "{{ ca_passphrase }}" - -- name: Reading CA certificate - become: true - shell: cat {{ openssl_temp_dir }}/ca_01.pem - register: ca_cert_data - -- name: Setting CA certificate fact - set_fact: - ca_cert_content: "{{ ca_cert_data.stdout }}" - -- name: Generating service private key & certificate request - become: true - shell: | - openssl req -newkey rsa:2048 -nodes -config {{ openssl_temp_dir }}/openssl.cnf -keyout {{ openssl_temp_dir }}/client.key \ - -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" \ - -out {{ openssl_temp_dir }}/client.csr - -- name: Signing service certificate request - become: true - shell: | - openssl ca -config {{ openssl_temp_dir }}/openssl.cnf \ - -passin env:CA_PASSPHRASE -in {{ openssl_temp_dir }}/client.csr \ - -days 3650 -out {{ openssl_temp_dir }}/client-.pem -batch - environment: - CA_PASSPHRASE: "{{ ca_passphrase }}" - -- name: Read service private key and public certifcate - become: true - shell: | - cat {{ openssl_temp_dir }}/client-.pem {{ openssl_temp_dir }}/client.key - register: service_key_data - -- name: Set service key fact - set_fact: - service_pem_content: "{{ service_key_data.stdout }}" diff --git a/tripleo_ansible/roles/octavia_overcloud_config/tasks/check_existing_certs.yml b/tripleo_ansible/roles/octavia_overcloud_config/tasks/check_existing_certs.yml deleted file mode 100644 index 8ee192c82..000000000 --- a/tripleo_ansible/roles/octavia_overcloud_config/tasks/check_existing_certs.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# TODO(gthiemon) remove service_pem when we support per-controller/per-process -# client certificates. -- name: gather all of the CAs - set_fact: - ca_certs: "{{ groups['octavia_nodes'] | map('extract', hostvars, 'ca_cert') | select('defined') | list }}" - private_keys: "{{ groups['octavia_nodes'] | map('extract', hostvars, 'ca_private_key') | select('defined') | list }}" - service_pems: "{{ groups['octavia_nodes'] | map('extract', hostvars, 'service_pem_content') | select('defined') | list }}" - generate_ca: true - update_certs: true - -- name: grab first values as long as they are unique - block: - - name: count unique CAs and keys - set_fact: - unique_ca_count: "{{ ca_certs | unique | length }}" - unique_pkey_count: "{{ private_keys | unique | length }}" - octavia_node_count: "{{ groups['octavia_nodes'] | list | length }}" - - - name: fail if CA or private key do not match in all Octavia nodes - fail: - msg: | - Inconsistent Octavia configuration detected: - Existing CAs and/or private keys do not match between all Octavia - nodes. To avoid further harm, the deployment will exit with error - now. - when: - - (unique_ca_count | int) > 1 or (unique_pkey_count | int) > 1 - - - name: fail if the number of CA and private key doesn't match - fail: - msg: | - Inconsistent Octavia configuration detected: - Mismatched count for CAs and private keys on controllers. - when: - - (unique_ca_count | int) != (unique_pkey_count | int) - - - name: record cert so others can use it - set_fact: - ca_cert_content: "{{ ca_certs | first }}" - private_key_content: "{{ private_keys | first }}" - service_pem_content: "{{ service_pems | first }}" - - - name: disable CA generation - set_fact: - generate_ca: false - - - name: don't update certificates if CA is present on all octavia nodes - set_fact: - update_certs: false - when: - - (octavia_node_count | int) == (ca_certs | length) - - not (force_certs_update | default(false)) - when: - - (ca_certs | length) > 0 diff --git a/tripleo_ansible/roles/octavia_overcloud_config/tasks/flavor.yml b/tripleo_ansible/roles/octavia_overcloud_config/tasks/flavor.yml deleted file mode 100644 index 4c5de59af..000000000 --- a/tripleo_ansible/roles/octavia_overcloud_config/tasks/flavor.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- - -- name: create nova flavor for Octavia - shell: | - if ! openstack flavor show octavia_{{ octavia_flavor_id }} > /dev/null; then - openstack flavor create -vv \ - --id {{ octavia_flavor_id }} \ - --ram {{ octavia_flavor_properties.ram }} \ - --disk {{ octavia_flavor_properties.disk }} \ - --vcpus {{ octavia_flavor_properties.vcpus }} \ - --private \ - octavia_{{ octavia_flavor_id }} - fi - run_once: true - when: octavia_manage_nova_flavor | default(false) | bool diff --git a/tripleo_ansible/roles/octavia_overcloud_config/tasks/main.yml b/tripleo_ansible/roles/octavia_overcloud_config/tasks/main.yml deleted file mode 100644 index aa9ad65c2..000000000 --- a/tripleo_ansible/roles/octavia_overcloud_config/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- - -# Previously was a stack in the overcloud -- include_tasks: network.yml - -- include_tasks: quotas.yml - -- include_tasks: flavor.yml - -- import_tasks: check_existing_certs.yml - when: - - generate_certs | bool - -- include_tasks: certs_gen.yml - when: - - generate_certs | bool - - (generate_ca | default(true)) | bool or (force_certs_update | default(false) | bool) diff --git a/tripleo_ansible/roles/octavia_overcloud_config/tasks/network.yml b/tripleo_ansible/roles/octavia_overcloud_config/tasks/network.yml deleted file mode 100644 index 13d3d7382..000000000 --- a/tripleo_ansible/roles/octavia_overcloud_config/tasks/network.yml +++ /dev/null @@ -1,141 +0,0 @@ ---- -- name: create management network for load balancers - shell: | - if [[ $(openstack network show {{ lb_mgmt_net_name }} > /dev/null; echo $?) -eq 1 ]]; then - openstack network create -f value -c id {{ lb_mgmt_net_name }} - fi - register: out_lb_mgmt_net - changed_when: (out_lb_mgmt_net.stdout | length) > 0 - -- name: getting management network ID - shell: | - openstack network show {{ lb_mgmt_net_name }} -f value -c id - register: out_lb_mgmt_net_id - changed_when: false - -- name: setting management network ID fact - set_fact: - lb_mgmt_net_id: "{{ out_lb_mgmt_net_id.stdout }}" - -- name: create subnet - shell: | - set -o pipefail - if [[ $(openstack subnet show {{ lb_mgmt_subnet_name }} > /dev/null; echo $?) -eq 1 ]]; then - openstack subnet create {{ lb_mgmt_subnet_name }} \ - --allocation-pool=start={{ lb_mgmt_subnet_pool_start }},end={{ lb_mgmt_subnet_pool_end }} \ - --gateway none \ - --network {{ lb_mgmt_net_id }} \ - --subnet-range {{ lb_mgmt_subnet_cidr }} - else - openstack subnet set --gateway none {{ lb_mgmt_subnet_name }} - fi - when: lb_mgmt_net_ip_version == "4" - register: lb_mgmt_subnet_result - changed_when: (lb_mgmt_subnet_result.stdout | length) > 0 - -- name: create IPv6 subnet and router for SLAAC - shell: | - set -o pipefail - if [[ $(openstack subnet show {{ lb_mgmt_subnet_name }} > /dev/null; echo $?) -eq 1 ]]; then - openstack subnet create {{ lb_mgmt_subnet_name }} \ - --allocation-pool=start={{ lb_mgmt_subnet_pool_start }},end={{ lb_mgmt_subnet_pool_end }} \ - --ip-version 6 --ipv6-address-mode slaac --ipv6-ra-mode slaac \ - --network {{ lb_mgmt_net_id }} \ - --subnet-range {{ lb_mgmt_subnet_cidr }} - # SLAAC needs a router on the subnet to advertise the prefix. - openstack router create lb-mgmt-router - openstack router add subnet lb-mgmt-router lb-mgmt-subnet - else - openstack subnet set {{ lb_mgmt_subnet_name }} - fi - when: lb_mgmt_net_ip_version == "6" - register: lb_mgmt_subnet_result - changed_when: (lb_mgmt_subnet_result.stdout | length) > 0 - -- name: create security group (get the security group id) - shell: | - set -o pipefail - if [[ $(openstack security group show {{ lb_mgmt_sec_grp_name }} > /dev/null; echo $?) -eq 1 ]]; then - openstack security group create --project service --project-domain Default {{ lb_mgmt_sec_grp_name }} -f value -c id - else - openstack security group show {{ lb_mgmt_sec_grp_name }} -f value -c id - fi - register: lb_mgmt_secgroup_result - changed_when: (lb_mgmt_secgroup_result.stdout | length) > 0 - -- name: setting fact for management network security group - set_fact: - lb_mgmt_secgroup_id: "{{ lb_mgmt_secgroup_result.stdout }}" - -- name: create security group rule to open amphora management ssh port - shell: |- - set -o pipefail - SECGROUP="$(openstack security group rule list {{ lb_mgmt_sec_grp_name }} --protocol tcp \ - --ingress -f value 2>&1 | grep "{{ ip_all_range }} 22:22")" - if [[ -z "${SECGROUP}" ]]; then - openstack security group rule create --protocol tcp --dst-port 22 \ - --ethertype IPv{{ lb_mgmt_net_ip_version }} {{ lb_mgmt_sec_grp_name }} - fi - register: sec_group_rule_one - changed_when: (sec_group_rule_one.stdout | length) > 0 - environment: - OS_USERNAME: "{{ auth_username }}" - OS_PASSWORD: "{{ auth_password }}" - OS_PROJECT_NAME: "{{ auth_project_name }}" - -- name: create security group rule to open amphora management API port - shell: |- - set -o pipefail - SECGROUP="$(openstack security group rule list {{ lb_mgmt_sec_grp_name }} --protocol tcp \ - --ingress -f value 2>&1 | grep "{{ ip_all_range }} 9443:9443")" - if [[ -z "${SECGROUP}" ]]; then - openstack security group rule create --protocol tcp --dst-port 9443 \ - --ethertype IPv{{ lb_mgmt_net_ip_version }} {{ lb_mgmt_sec_grp_name }} - fi - register: sec_group_rule_two - changed_when: (sec_group_rule_two.stdout | length) > 0 - environment: - OS_USERNAME: "{{ auth_username }}" - OS_PASSWORD: "{{ auth_password }}" - OS_PROJECT_NAME: "{{ auth_project_name }}" - -- name: create security group for health manager - shell: |- - set -o pipefail - if [[ $(openstack security group show {{ lb_health_mgr_sec_grp_name }} > /dev/null; echo $?) -eq 1 ]]; then - openstack security group create --project service --project-domain Default {{ lb_health_mgr_sec_grp_name }} -f value -c id - else - openstack security group show {{ lb_health_mgr_sec_grp_name }} -f value -c id - fi - register: lb_health_manager_sec_grp_result - changed_when: (lb_health_manager_sec_grp_result.stdout | length) > 0 - -- name: create security group rule for health manager - shell: |- - set -o pipefail - SECGROUP="$(openstack security group rule list {{ lb_health_mgr_sec_grp_name }} \ - --protocol udp \ - --ingress -f value 2>&1 | grep "{{ ip_all_range }} 5555:5555")" - if [[ -z "${SECGROUP}" ]]; then - openstack security group rule create --protocol udp --dst-port 5555 \ - --ethertype IPv{{ lb_mgmt_net_ip_version }} {{ lb_health_mgr_sec_grp_name }} - fi - register: health_mgr_sec_grp_rule - changed_when: (health_mgr_sec_grp_rule.stdout | length) > 0 - environment: - OS_USERNAME: "{{ auth_username }}" - OS_PASSWORD: "{{ auth_password }}" - OS_PROJECT_NAME: "{{ auth_project_name }}" - -- name: create security group rule for log offloading - openstack.cloud.security_group_rule: - security_group: "{{ lb_health_mgr_sec_grp_name }}" - protocol: "{{ log_offload_protocol }}" - port_range_min: 514 - port_range_max: 514 - remote_ip_prefix: "{{ ip_all_range }}" - ethertype: "IPv{{ lb_mgmt_net_ip_version }}" - environment: - OS_USERNAME: "{{ auth_username }}" - OS_PASSWORD: "{{ auth_password }}" - OS_PROJECT_NAME: "{{ auth_project_name }}" diff --git a/tripleo_ansible/roles/octavia_overcloud_config/tasks/quotas.yml b/tripleo_ansible/roles/octavia_overcloud_config/tasks/quotas.yml deleted file mode 100644 index 6cae41806..000000000 --- a/tripleo_ansible/roles/octavia_overcloud_config/tasks/quotas.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- - -- name: increase quotas for project used for amphora - shell: | - openstack quota set --cores -1 --ram -1 --ports -1 --instances -1 \ - --secgroups -1 --secgroup-rules -1 \ - --server-group-members -1 --server-groups -1 \ - {{ auth_project_name }} diff --git a/tripleo_ansible/roles/octavia_overcloud_config/templates/openssl.cnf.j2 b/tripleo_ansible/roles/octavia_overcloud_config/templates/openssl.cnf.j2 deleted file mode 100644 index f2decf685..000000000 --- a/tripleo_ansible/roles/octavia_overcloud_config/templates/openssl.cnf.j2 +++ /dev/null @@ -1,106 +0,0 @@ -# OpenSSL root CA configuration file. - -[ ca ] -# `man ca` -default_ca = CA_default - -[ CA_default ] -# Directory and file locations. -dir = "{{ openssl_temp_dir }}" -certs = $dir/certs -crl_dir = $dir/crl -new_certs_dir = $dir/newcerts -database = $dir/index.txt -serial = $dir/serial -RANDFILE = $dir/private/.rand - -# The root key and root certificate. -private_key = $dir/private/cakey.pem -certificate = $dir/ca_01.pem - -# For certificate revocation lists. -crlnumber = $dir/crlnumber -crl = $dir/crl.pem -crl_extensions = crl_ext -default_crl_days = 30 - -# SHA-1 is deprecated, so use SHA-2 instead. -default_md = sha256 - -name_opt = ca_default -cert_opt = ca_default -default_days = 3650 -preserve = no -policy = policy_strict - -[ policy_strict ] -# The root CA should only sign intermediate certificates that match. -# See the POLICY FORMAT section of `man ca`. -countryName = match -stateOrProvinceName = match -organizationName = match -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -[ req ] -# Options for the `req` tool (`man req`). -default_bits = 2048 -distinguished_name = req_distinguished_name -string_mask = utf8only - -# SHA-1 is deprecated, so use SHA-2 instead. -default_md = sha256 - -# Extension to add when the -x509 option is used. -x509_extensions = v3_ca - -[ req_distinguished_name ] -# See . -countryName = Country Name (2 letter code) -stateOrProvinceName = State or Province Name -localityName = Locality Name -0.organizationName = Organization Name -organizationalUnitName = Organizational Unit Name -commonName = Common Name -emailAddress = Email Address - -# Optionally, specify some defaults. -countryName_default = US -stateOrProvinceName_default = Oregon -localityName_default = -0.organizationName_default = OpenStack -organizationalUnitName_default = Octavia -emailAddress_default = -commonName_default = example.org - -[ v3_ca ] -# Extensions for a typical CA (`man x509v3_config`). -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer -basicConstraints = critical, CA:true -keyUsage = critical, digitalSignature, cRLSign, keyCertSign - -[ usr_cert ] -# Extensions for client certificates (`man x509v3_config`). -basicConstraints = CA:FALSE -nsCertType = client, email -nsComment = "OpenSSL Generated Client Certificate" -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer -keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, emailProtection - -[ server_cert ] -# Extensions for server certificates (`man x509v3_config`). -basicConstraints = CA:FALSE -nsCertType = server -nsComment = "OpenSSL Generated Server Certificate" -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = serverAuth - -[ crl_ext ] -# Extension for CRLs (`man x509v3_config`). -authorityKeyIdentifier=keyid:always diff --git a/tripleo_ansible/roles/octavia_overcloud_config/vars/main.yml b/tripleo_ansible/roles/octavia_overcloud_config/vars/main.yml deleted file mode 100644 index 0cb9b9a74..000000000 --- a/tripleo_ansible/roles/octavia_overcloud_config/vars/main.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright Red Hat -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -lb_mgmt_net_ip_version: "{{ 6 if lb_mgmt_subnet_cidr | ansible.netcommon.ipv6 else 4 }}" -ip_all_range: "{{ '::/0' if lb_mgmt_net_ip_version == '6' else '0.0.0.0/0' }}" diff --git a/tripleo_ansible/roles/octavia_overcloud_dcn_config/defaults/main.yaml b/tripleo_ansible/roles/octavia_overcloud_dcn_config/defaults/main.yaml deleted file mode 100644 index 083cb35af..000000000 --- a/tripleo_ansible/roles/octavia_overcloud_dcn_config/defaults/main.yaml +++ /dev/null @@ -1 +0,0 @@ -lb_mgmt_prefix: "lb-mgmt" diff --git a/tripleo_ansible/roles/octavia_overcloud_dcn_config/meta/main.yaml b/tripleo_ansible/roles/octavia_overcloud_dcn_config/meta/main.yaml deleted file mode 100644 index efe6f026e..000000000 --- a/tripleo_ansible/roles/octavia_overcloud_dcn_config/meta/main.yaml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- octavia_overcloud_dcn_config - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: - - octavia_common diff --git a/tripleo_ansible/roles/octavia_overcloud_dcn_config/tasks/main.yaml b/tripleo_ansible/roles/octavia_overcloud_dcn_config/tasks/main.yaml deleted file mode 100644 index 0ffaa3104..000000000 --- a/tripleo_ansible/roles/octavia_overcloud_dcn_config/tasks/main.yaml +++ /dev/null @@ -1,153 +0,0 @@ -- name: Ensure octavia_availability_zones variable is correctly defined - fail: - msg: "octavia_availability_zones parameter should contain at least one element (is '{{ octavia_availability_zones | default(None) }}')" - when: - - octavia_availability_zones is not defined or (octavia_availability_zones | default([]) | length) == 0 - -- name: Ensure octavia_controller_availability_zone variable is correctly defined - fail: - msg: "octavia_controller_availability_zone parameter should contain at least one element (is '{{ octavia_controller_availability_zone | default(None) }}')" - when: - - octavia_controller_availability_zone is not defined or (octavia_controller_availability_zone | length) == 0 - -- name: Create lb-mgmt networks - shell: | - if ! openstack network show {{ network_name }} > /dev/null 2>&1; then - openstack network create {{ network_name }} - fi - vars: - network_item: "{% if item != octavia_controller_availability_zone %}-{{ item }}{% endif %}" - network_name: "{{ lb_mgmt_prefix }}{{ network_item }}-net" - register: result - changed_when: "'created_at' in result.stdout" - loop: "{{ ['backbone'] | union(octavia_availability_zones | list) }}" - -- name: Create lb-mgmt subnets - shell: | - if ! openstack subnet show {{ subnet_name }} > /dev/null 2>&1; then - openstack subnet create --network {{ network_name }} \ - --ip-version 4 \ - --subnet-range {{ subnet_cidr }} \ - {{ subnet_name }} - fi - vars: - subnet_cidr: "{{ octavia_availability_zones[item]['lb_mgmt_subnet_cidr'] | default(default_subnet_cidr) }}" - default_subnet_cidr: "{% if item == 'backbone' %}{{ octavia_backbone_tenant_cidr | default(None) }}{% else %}None{% endif %}" - network_item: "{% if item != octavia_controller_availability_zone %}-{{ item }}{% endif %}" - network_name: "{{ lb_mgmt_prefix }}{{ network_item }}-net" - subnet_name: "{{ lb_mgmt_prefix }}{{ network_item }}-subnet" - register: result - changed_when: "'created_at' in result.stdout" - loop: "{{ ['backbone'] | union(octavia_availability_zones | list) }}" - -- name: Get main lb-mgmt subnet - shell: | - openstack subnet show -f json {{ subnet_name }} - vars: - subnet_name: "{{ lb_mgmt_prefix }}-subnet" - register: subnet_output - -- name: Ensure that lb-mgmt-subnet has a gateway - shell: | - openstack subnet set --gateway {{ subnet.cidr | ipaddr('next_usable') }} {{ subnet_name }} - vars: - subnet_name: "{{ lb_mgmt_prefix }}-subnet" - subnet: "{{ subnet_output.stdout | from_json }}" - when: - - subnet.gateway_ip == None - -- name: Create lb-mgmt routers - shell: | - if ! openstack router show {{ router_name }} > /dev/null 2>&1; then - openstack router create \ - --availability-zone-hint {{ item }} \ - {{ router_name }} - fi - vars: - network_item: "{% if item != octavia_controller_availability_zone %}-{{ item }}{% endif %}" - router_name: "{{ lb_mgmt_prefix }}{{ network_item }}-router" - register: result - changed_when: "'created_at' in result.stdout" - loop: "{{ octavia_availability_zones | list }}" - -- name: Add subnets to lb-mgmt routers - shell: | - subnet_id=$(openstack subnet show -f value -c id {{ subnet_name }}) - if ! openstack router show {{ router_name }} -f json -c interfaces_info | \ - jq -r ".interfaces_info[].subnet_id" | grep -q $subnet_id; then - openstack router add subnet \ - {{ router_name }} \ - {{ subnet_name }} - echo "subnet added" - fi - vars: - network_item: "{% if item != octavia_controller_availability_zone %}-{{ item }}{% endif %}" - router_name: "{{ lb_mgmt_prefix }}{{ network_item }}-router" - subnet_name: "{{ lb_mgmt_prefix }}{{ network_item }}-subnet" - register: result - changed_when: "'subnet added' in result.stdout" - loop: "{{ octavia_availability_zones | list }}" - -- name: Create lb-mgmt ports - shell: | - if ! openstack port show {{ port_name }} > /dev/null 2>&1; then - openstack port create \ - --network {{ lb_mgmt_prefix }}-backbone-net \ - {{ port_name }} - fi - vars: - network_item: "{% if item != octavia_controller_availability_zone %}-{{ item }}{% endif %}" - port_name: "{{ lb_mgmt_prefix }}{{ network_item }}-router-port" - register: result - changed_when: "'created_at' in result.stdout" - loop: "{{ octavia_availability_zones | list }}" - -- name: Add ports to lb-mgmt routers - shell: | - port_id=$(openstack port show {{ port_name }} -f value -c id) - if ! openstack router show {{ router_name }} -f json -c interfaces_info | \ - jq -r ".interfaces_info[].port_id" | grep -q $port_id; then - openstack router add port \ - {{ router_name }} \ - {{ port_name }} - echo "port added" - fi - vars: - network_item: "{% if item != octavia_controller_availability_zone %}-{{ item }}{% endif %}" - port_name: "{{ lb_mgmt_prefix }}{{ network_item }}-router-port" - router_name: "{{ lb_mgmt_prefix }}{{ network_item }}-router" - register: result - changed_when: "'port added' in result.stdout" - loop: "{{ octavia_availability_zones | list }}" - -- name: Get addresses of lb-mgmt ports - shell: | - openstack port show {{ port_name }} -c fixed_ips -f json | \ - jq -r .fixed_ips[0].ip_address - vars: - network_item: "{% if item != octavia_controller_availability_zone %}-{{ item }}{% endif %}" - port_name: "{{ lb_mgmt_prefix }}{{ network_item }}-router-port" - register: port_addresses - changed_when: false - loop: "{{ octavia_availability_zones | list }}" - -- name: Get CIDRs of lb-mgmt subnets - shell: | - openstack subnet show {{ subnet_name }} -c cidr -f value - vars: - network_item: "{% if item != octavia_controller_availability_zone %}-{{ item }}{% endif %}" - subnet_name: "{{ lb_mgmt_prefix }}{{ network_item }}-subnet" - register: subnet_cidrs - changed_when: false - loop: "{{ octavia_availability_zones | list }}" - -- name: Add routes to lb-mgmt routers - shell: | - openstack router set \ - --no-route \ - {% for address in port_addresses.results %}{% if item != address.item %}--route destination={% for cidr in subnet_cidrs.results %}{% if address.item == cidr.item %}{{ cidr.stdout }}{% endif %}{% endfor %},gateway={{ address.stdout }} {% endif %}{% endfor %} \ - {{ router_name }} - vars: - network_item: "{% if item != octavia_controller_availability_zone %}-{{ item }}{% endif %}" - router_name: "{{ lb_mgmt_prefix }}{{ network_item }}-router" - loop: "{{ octavia_availability_zones | list }}" diff --git a/tripleo_ansible/roles/octavia_undercloud/defaults/main.yml b/tripleo_ansible/roles/octavia_undercloud/defaults/main.yml deleted file mode 100644 index 599365d89..000000000 --- a/tripleo_ansible/roles/octavia_undercloud/defaults/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. -octavia_undercloud_config_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" diff --git a/tripleo_ansible/roles/octavia_undercloud/meta/main.yml b/tripleo_ansible/roles/octavia_undercloud/meta/main.yml deleted file mode 100644 index ec3c59651..000000000 --- a/tripleo_ansible/roles/octavia_undercloud/meta/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- octavia_undercloud - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: - - octavia_common diff --git a/tripleo_ansible/roles/octavia_undercloud/tasks/image_mgmt.yml b/tripleo_ansible/roles/octavia_undercloud/tasks/image_mgmt.yml deleted file mode 100644 index 20a5a528c..000000000 --- a/tripleo_ansible/roles/octavia_undercloud/tasks/image_mgmt.yml +++ /dev/null @@ -1,214 +0,0 @@ ---- -- name: check if name is a symlink - stat: - path: "{{ image_filename }}" - register: symlnk_check - -- name: bypass image naming logic if image name is provided (backwards-compatibility) - set_fact: - amphora_image: "{{ amphora_image_name }}" - when: - - amphora_image_name is defined - - not ((amphora_image_name | length) < 1) - -- name: set the actual glance image name if it is a symlink - set_fact: - amphora_image: "{{ (symlnk_check.stat.lnk_target | basename | splitext)[0] }}" - when: - - amphora_image is undefined - - symlnk_check is defined and (symlnk_check.stat.islnk | bool) - -- name: set the actual glance image name if it is not a symlink - set_fact: - amphora_image: "{{ (image_file_result.stat.path | basename | splitext)[0] }}" - when: - - amphora_image is undefined - - (image_file_result.stat.exists | bool) and (not (symlnk_check.stat.islnk | bool)) - -- name: Capture the file's checksum - set_fact: - image_checksum: "{{ image_file_result.stat.checksum }}" - when: - - image_file_result.stat.exists | bool - -- name: Check the amphora image file format - command: | - qemu-img info --output=json "{{ image_filename }}" - register: image_file_format - -- name: Set the image format - set_fact: - img_format: "{{ (image_file_format.stdout | from_json).format }}" - -- name: Convert image if indicated - when: - - amp_to_raw | bool - - img_format != "raw" - block: - - name: create temporary directory - tempfile: - state: directory - register: amp_tmp_dir - - - name: set RAW file name - set_fact: - raw_filename: "{{ amp_tmp_dir.path }}/{{ image_filename|splitext|first|basename }}.img" - - - name: convert image from qcow2 to raw - shell: | - qemu-img convert -f qcow2 -O raw {{ image_filename }} {{ raw_filename }} - - - name: get the checksum for the converted file - stat: - path: "{{ raw_filename }}" - get_checksum: true - register: raw_file_result - - - name: update image_checksum with checksum of the converted file - set_fact: - image_checksum: "{{ raw_file_result.stat.checksum }}" - - - name: setting amphora format to raw - set_fact: - img_format: raw - -- name: gather facts about the service project - shell: | - openstack project show "{{ auth_project_name }}" -c id -f value - register: project_id_result - -- name: check there's an image in glance already - shell: | - openstack image list --property owner={{ project_id_result.stdout }} --private --name {{ amphora_image }} -c ID -f value - environment: - OS_USERNAME: "{{ auth_username }}" - OS_PASSWORD: "{{ auth_password }}" - OS_PROJECT_NAME: "{{ auth_project_name }}" - register: glance_id_result - failed_when: false - -- name: set image id fact - set_fact: - image_id: "{{ glance_id_result.stdout }}" - when: - - glance_id_result.rc is defined - - glance_id_result.rc == 0 - - glance_id_result.stdout != "" - -- name: get checksum if there's an image in glance already - shell: | - openstack image show {{ glance_id_result.stdout }} -c properties -f json - environment: - OS_USERNAME: "{{ auth_username }}" - OS_PASSWORD: "{{ auth_password }}" - OS_PROJECT_NAME: "{{ auth_project_name }}" - when: - - image_id is defined - register: glance_results - failed_when: false - -- name: set current_checksum fact from glance if image already exists there - set_fact: - current_image_facts: "{{ glance_results.stdout | from_json }}" - when: - - glance_results.rc is defined - - glance_results.rc == 0 - -- name: store the current checksum if available - when: - - current_image_facts.properties.image_checksum is defined - set_fact: - current_checksum: "{{ current_image_facts.properties.image_checksum }}" - -- name: calculate the image checksum if it is missing - when: - - image_id is defined - - current_checksum is not defined - block: - - name: create temporary directory - tempfile: - state: directory - register: amp_tmp_dir - - - name: download the current amphora image - command: | - openstack image save --file "{{ amp_tmp_dir.path }}/{{ image_id }}.tmp" {{ image_id }} - environment: - OS_USERNAME: "{{ auth_username }}" - OS_PASSWORD: "{{ auth_password }}" - OS_PROJECT_NAME: "{{ auth_project_name }}" - - - name: calculate the missing checksum - stat: - path: "{{ amp_tmp_dir.path }}/{{ image_id }}.tmp" - get_checksum: true - register: tmp_file_result - - - name: update current checksum fact - set_fact: - current_checksum: "{{ tmp_file_result.stat.checksum }}" - - - name: store the property on the image so it is there next time - command: | - openstack image set --property image_checksum={{ current_checksum }} {{ image_id }} - environment: - OS_USERNAME: "{{ auth_username }}" - OS_PASSWORD: "{{ auth_password }}" - OS_PROJECT_NAME: "{{ auth_project_name }}" - - - name: remove the temporary copy of the current amphora image - file: - path: "{{ amp_tmp_dir.path }}/{{ image_id }}.tmp" - state: absent - - -- name: determine if the image needs to be replaced - set_fact: - replace_image: "{{ current_checksum != image_checksum }}" - when: - - current_checksum is defined - - image_checksum is defined - -- name: move existing image if the names match and the checksums are not the same - shell: | - ts=`openstack image show {{ image_id }} -f value -c created_at` - ts=${ts//:/} - ts=${ts//-/} - openstack image set {{ image_id }} --name "{{ amphora_image }}_$ts" - environment: - OS_USERNAME: "{{ auth_username }}" - OS_PASSWORD: "{{ auth_password }}" - OS_PROJECT_NAME: "{{ auth_project_name }}" - when: - - replace_image is defined and replace_image | bool - -- name: decide whether to upload new image - set_fact: - upload_image: true - when: - - (current_checksum is not defined) or (replace_image is defined and replace_image | bool) - -- name: upload image to glance - shell: | - openstack image create --disk-format {{ img_format|default('qcow2') }} \ - --container-format bare --tag {{ amp_image_tag }} \ - --file {{ raw_filename|default(image_filename) }} \ - --property hw_architecture={{ amp_hw_arch }} \ - --property image_checksum={{ image_checksum }} \ - --private {{ amphora_image }} - environment: - OS_USERNAME: "{{ auth_username }}" - OS_PASSWORD: "{{ auth_password }}" - OS_PROJECT_NAME: "{{ auth_project_name }}" - register: image_result - changed_when: (image_result.stdout | length) < 1 - when: - - image_file_result.stat.exists | bool - - upload_image is defined - -- name: delete converted raw image - when: - - amp_tmp_dir.path is defined - file: - path: "{{ amp_tmp_dir.path }}" - state: absent diff --git a/tripleo_ansible/roles/octavia_undercloud/tasks/main.yml b/tripleo_ansible/roles/octavia_undercloud/tasks/main.yml deleted file mode 100644 index c3bdcc470..000000000 --- a/tripleo_ansible/roles/octavia_undercloud/tasks/main.yml +++ /dev/null @@ -1,135 +0,0 @@ ---- - -- name: set file if already set by heat variable (backwards-compatibility) - set_fact: - image_filename: "{{ amp_image_filename }}" - when: - - amp_image_filename is defined - - not ((amp_image_filename | length) < 1) - -- name: set location if CentOS - set_fact: - image_filename: "/usr/share/openstack-octavia-amphora-images/amphora-x64-haproxy.qcow2" - when: - - ansible_facts['distribution'] == 'CentOS' - - not (image_filename is defined) - -- name: set location if Red Hat - set_fact: - image_filename: "/usr/share/openstack-octavia-amphora-images/octavia-amphora.qcow2" - when: - - ansible_facts['distribution'] == 'RedHat' - - not (image_filename is defined) - -# If the image path was not defined by the user, ensure that the RPM is -# installed. -# Ignore errors if the package doesn't exist (RDO CI). -- name: Ensure amphora image RPM in installed - package: - name: octavia-amphora-image - state: present - ignore_errors: true - vars: - # override the ansible_become variable from the inventory - ansible_become: true - when: - - amp_image_filename is not defined or (amp_image_filename | length) < 1 - -- name: check if amphora image file exists - stat: - path: "{{ image_filename }}" - follow: true - get_checksum: true - register: image_file_result - -- include_tasks: image_mgmt.yml - when: - - image_file_result.stat.exists | bool - -- name: use ssh pub key file if provided and is readable - block: - - name: check if pub key file exists - stat: path="{{ amp_ssh_key_path }}" - register: key_file_result - - - name: fail if ssh pub key file does not exist or is not readable - fail: msg="{{ amp_ssh_key_path }} does not exist or is not readable by user {{ ansible_user }}" - when: - - (not (key_file_result.stat.exists | bool)) or (not (key_file_result.stat.readable | bool)) - - - name: Set ssh key path fact - set_fact: - amp_ssh_key_path_final: "{{ amp_ssh_key_path }}" - when: - - amp_ssh_key_path is defined - - (amp_ssh_key_path | length) > 0 - -- name: Generate ssh public key for Octavia - block: - - name: Create ssh key dir - file: - path: "{{ ssh_key_dir }}" - state: directory - - - name: Generate ssh key for Octavia - shell: "ssh-keygen -q -t rsa -N '' -f {{ ssh_key_dir }}/octavia_id_rsa" - args: - creates: "{{ ssh_key_dir }}/octavia_id_rsa" - no_log: "{{ octavia_undercloud_config_hide_sensitive_logs | bool }}" - - - name: Set ssh key path fact - set_fact: - amp_ssh_key_path_final: "{{ ssh_key_dir }}/octavia_id_rsa.pub" - vars: - ssh_key_dir: "{{ amp_ssh_key_dir|default('/etc/octavia/ssh/') }}" - when: - - amp_ssh_key_path is not defined or ((amp_ssh_key_path | length) < 1) - -- name: get the desired sha-256 public key fingerprint - shell: | - set -o pipefail - ssh-keygen -E sha256 -lf {{ amp_ssh_key_path_final }} | awk '{ print $2 }' - no_log: "{{ octavia_undercloud_config_hide_sensitive_logs | bool }}" - register: ssh_keygen_results - -- name: get existing public key sha-256 fingerprint - shell: | - set -o pipefail - openstack keypair show --public-key {{ amp_ssh_key_name }} | \ - ssh-keygen -E sha256 -lf - | awk '{ print $2 }' - ignore_errors: true - no_log: "{{ octavia_undercloud_config_hide_sensitive_logs | bool }}" - environment: - OS_USERNAME: "{{ auth_username }}" - OS_PASSWORD: "{{ auth_password }}" - OS_PROJECT_NAME: "{{ auth_project_name }}" - register: os_keypair_results - -# os_keypair doesn't allow updating a keypair, we need to remove the previous -# keypair in case we need to update it. -- name: delete previous Octavia ssh key - openstack.cloud.keypair: - state: absent - name: "{{ amp_ssh_key_name }}" - auth: - username: "{{ auth_username }}" - password: "{{ auth_password }}" - project_name: "{{ auth_project_name }}" - no_log: "{{ octavia_undercloud_config_hide_sensitive_logs | bool }}" - when: - - os_keypair_results.stdout != '' - - os_keypair_results.stdout != ssh_keygen_results.stdout - -- name: Create keypair - openstack.cloud.keypair: - state: present - name: "{{ amp_ssh_key_name }}" - public_key_file: "{{ amp_ssh_key_path_final }}" - auth: - username: "{{ auth_username }}" - password: "{{ auth_password }}" - project_name: "{{ auth_project_name }}" - no_log: "{{ octavia_undercloud_config_hide_sensitive_logs | bool }}" - register: keypair_fingerprint - when: - - os_keypair_results.stdout == '' or os_keypair_results.stdout != ssh_keygen_results.stdout diff --git a/tripleo_ansible/roles/snapshot_and_revert/defaults/main.yml b/tripleo_ansible/roles/snapshot_and_revert/defaults/main.yml deleted file mode 100644 index f7353aa05..000000000 --- a/tripleo_ansible/roles/snapshot_and_revert/defaults/main.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -tripleo_controller_group_name: "{{ controller_group_name | default('Controller') }}" -tripleo_compute_group_name: "{{ compute_group_name | default('Compute') }}" - -tripleo_snapshot_revert_audit_size: 512M -tripleo_snapshot_revert_home_size: 512M -tripleo_snapshot_revert_log_size: 1G -tripleo_snapshot_revert_root_size: 2G -tripleo_snapshot_revert_srv_size: 512M -tripleo_snapshot_revert_var_size: 3G - -# These parameters ensure that nodes are taken out from Pacemaker cluster -# before taking a snapshot, one node at a time to not cause any downtimes. -tripleo_snapshot_revert_snapshot_inactive_nodes: "{{ snapshot_inactive_nodes | default('true') }}" -tripleo_snapshot_revert_pcs_timeout: 3600 diff --git a/tripleo_ansible/roles/snapshot_and_revert/meta/main.yml b/tripleo_ansible/roles/snapshot_and_revert/meta/main.yml deleted file mode 100644 index 0d73710b0..000000000 --- a/tripleo_ansible/roles/snapshot_and_revert/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- snapshot_and_revert - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/snapshot_and_revert/molecule/default/converge.yml b/tripleo_ansible/roles/snapshot_and_revert/molecule/default/converge.yml deleted file mode 100644 index 5a0a2a189..000000000 --- a/tripleo_ansible/roles/snapshot_and_revert/molecule/default/converge.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Converge - become: true - hosts: all - tasks: - - name: "Include snapshot_and_revert" - include_role: - name: "snapshot_and_revert" diff --git a/tripleo_ansible/roles/snapshot_and_revert/molecule/default/molecule.yml b/tripleo_ansible/roles/snapshot_and_revert/molecule/default/molecule.yml deleted file mode 100644 index 18c391c1d..000000000 --- a/tripleo_ansible/roles/snapshot_and_revert/molecule/default/molecule.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -driver: - name: delegated - options: - managed: false - login_cmd_template: >- - ssh - -o UserKnownHostsFile=/dev/null - -o StrictHostKeyChecking=no - -o Compression=no - -o TCPKeepAlive=yes - -o VerifyHostKeyDNS=no - -o ForwardX11=no - -o ForwardAgent=no - {instance} - ansible_connection_options: - ansible_connection: ssh - -log: true - -platforms: - - name: instance - -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - name: default - test_sequence: - - prepare - - converge - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/snapshot_and_revert/molecule/default/prepare.yml b/tripleo_ansible/roles/snapshot_and_revert/molecule/default/prepare.yml deleted file mode 100644 index 393d33eba..000000000 --- a/tripleo_ansible/roles/snapshot_and_revert/molecule/default/prepare.yml +++ /dev/null @@ -1,90 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - become: true - gather_facts: true - pre_tasks: - - name: set basic user fact - set_fact: - ansible_user: "{{ lookup('env', 'USER') }}" - when: - - ansible_user is undefined - - - name: set basic home fact - set_fact: - ansible_user_dir: "{{ lookup('env', 'HOME') }}" - when: - - ansible_user_dir is undefined - - - name: Disable SELinux - selinux: - state: disabled - - roles: - - role: test_deps - test_deps_setup_tripleo: true - test_deps_tripleo_packages: - - hiera - - puppet-tripleo - - role: env_data - - post_tasks: - - name: Create hiera config file - file: - path: "{{ ansible_user_dir }}/hiera.yaml" - state: touch - - - name: Create hieradata directory - file: - path: "{{ ansible_user_dir }}/hieradata" - state: directory - mode: '0755' - - - name: Insert some data into hiera.yaml - copy: - dest: "{{ ansible_user_dir }}/hiera.yaml" - content: | - --- - :backends: - - json - :json: - :datadir: {{ ansible_user_dir }}/hieradata - :hierarchy: - - service_configs - - service_names - - - name: Insert some data into service_configs.json - copy: - dest: "{{ ansible_user_dir }}/hieradata/service_configs.json" - content: | - { - "mysql::server::root_password": "password" - } - - - name: Insert some data into service_names.json - copy: - dest: "{{ ansible_user_dir }}/hieradata/service_names.json" - content: | - { - "service_names": [ - "mysql", - "mysql_client", - "tripleo_validations" - ] - } diff --git a/tripleo_ansible/roles/snapshot_and_revert/tasks/main.yml b/tripleo_ansible/roles/snapshot_and_revert/tasks/main.yml deleted file mode 100644 index 241d54f72..000000000 --- a/tripleo_ansible/roles/snapshot_and_revert/tasks/main.yml +++ /dev/null @@ -1,177 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Revert LVM snapshots to main disks - when: - - ansible_facts.lvm is defined - - ansible_facts.lvm.lvs is defined - - ansible_facts.lvm.vgs is defined - - ansible_facts.lvm.vgs.vg is defined - block: - - name: Revert audit snapshot volume - command: lvconvert --merge /dev/vg/ss_audit - when: ansible_facts.lvm.lvs.ss_audit is defined - - - name: Revert home snapshot volume - command: lvconvert --merge /dev/vg/ss_home - when: ansible_facts.lvm.lvs.ss_home is defined - - - name: Revert log snapshot volume - command: lvconvert --merge /dev/vg/ss_log - when: ansible_facts.lvm.lvs.ss_log is defined - - - name: Revert root snapshot volume - command: lvconvert --merge /dev/vg/ss_root - when: ansible_facts.lvm.lvs.ss_root is defined - - - name: Revert srv snapshot volume - command: lvconvert --merge /dev/vg/ss_srv - when: ansible_facts.lvm.lvs.ss_srv is defined - - - name: Revert var snapshot volume - command: lvconvert --merge /dev/vg/ss_var - when: ansible_facts.lvm.lvs.ss_var is defined - tags: - - revert_snapshots - -- name: Delete the lv_snapshot volume if it exists - command: lvremove -f /dev/vg/lv_snapshot - when: - - ansible_facts.lvm is defined - - ansible_facts.lvm.lvs is defined - - ansible_facts.lvm.vgs is defined - - ansible_facts.lvm.vgs.vg is defined - - ansible_facts.lvm.lvs.lv_snapshot is defined - - ansible_facts.lvm.lvs.lv_snapshot.size_g|float >= 8.00 - tags: - - create_snapshots - - remove_lv_snapshot - -- name: Remove LVM snapshots - when: - - ansible_facts.lvm is defined - - ansible_facts.lvm.lvs is defined - - ansible_facts.lvm.vgs is defined - - ansible_facts.lvm.vgs.vg is defined - block: - - name: Clean home snapshot volume - command: lvremove -f /dev/vg/ss_home - when: ansible_facts.lvm.lvs.ss_home is defined - - - name: Clean log snapshot volume - command: lvremove -f /dev/vg/ss_log - when: ansible_facts.lvm.lvs.ss_log is defined - - - name: Clean root snapshot volume - command: lvremove -f /dev/vg/ss_root - when: ansible_facts.lvm.lvs.ss_root is defined - - - name: Clean srv snapshot volume - command: lvremove -f /dev/vg/ss_srv - when: ansible_facts.lvm.lvs.ss_srv is defined - - - name: Clean var snapshot volume - command: lvremove -f /dev/vg/ss_var - when: ansible_facts.lvm.lvs.ss_var is defined - - - name: Clean audit snapshot volume - command: lvremove -f /dev/vg/ss_audit - when: ansible_facts.lvm.lvs.ss_audit is defined - tags: - - remove_snapshots - -- name: Check existing snapshots - block: - - name: Find snapshot files - find: - path: /dev/vg - patterns: ['ss_home','ss_log','ss_root','ss_srv','ss_var','ss_audit'] - file_type: "link" - register: snapshots_found - - - name: Evaluate result - fail: msg="Snapshot {{ item['path'] }} already exist in the filesystem" - loop: "{{ snapshots_found.files }}" - when: snapshots_found.matched > 0 - tags: - - create_snapshots - -- name: Read Services running on the host - command: puppet lookup --explain 'service_names' - when: tripleo_snapshot_revert_snapshot_inactive_nodes|bool - register: services_enabled - changed_when: false - failed_when: false - tags: - - create_snapshots - -- name: Take out the node from Pacemaker cluster before taking a snapshot - command: pcs cluster stop --request-timeout={{ tripleo_snapshot_revert_pcs_timeout }} - when: - - tripleo_snapshot_revert_snapshot_inactive_nodes|bool - - services_enabled is defined - - '"pacemaker" in services_enabled.stdout' - tags: - - create_snapshots - -- name: Create lvm snapshot if there are at least 8GB of free space in the vg volumegroup - when: - - ansible_facts.lvm is defined - - ansible_facts.lvm.lvs is defined - - ansible_facts.lvm.vgs is defined - - ansible_facts.lvm.vgs.vg is defined - - ansible_facts.lvm.vgs.vg.free_g|float >= 8.00 - block: - - name: Create audit snapshot volume - command: lvcreate -s -n ss_audit -L {{ tripleo_snapshot_revert_audit_size }} /dev/vg/lv_audit - when: ansible_facts.lvm.lvs.lv_audit is defined - - - name: Create home snapshot volume - command: lvcreate -s -n ss_home -L {{ tripleo_snapshot_revert_home_size }} /dev/vg/lv_home - when: ansible_facts.lvm.lvs.lv_home is defined - - - name: Create log snapshot volume - command: lvcreate -s -n ss_log -L {{ tripleo_snapshot_revert_log_size }} /dev/vg/lv_log - when: ansible_facts.lvm.lvs.lv_log is defined - - - name: Create root snapshot volume - command: lvcreate -s -n ss_root -L {{ tripleo_snapshot_revert_root_size }} /dev/vg/lv_root - when: ansible_facts.lvm.lvs.lv_root is defined - - - name: Create srv snapshot volume - command: lvcreate -s -n ss_srv -L {{ tripleo_snapshot_revert_srv_size }} /dev/vg/lv_srv - when: ansible_facts.lvm.lvs.lv_srv is defined - - - name: Create var snapshot volume - command: lvcreate -s -n ss_var -L {{ tripleo_snapshot_revert_var_size }} /dev/vg/lv_var - when: ansible_facts.lvm.lvs.lv_var is defined - tags: - - create_snapshots - -- name: Pacemaker management - when: - - services_enabled is defined - - tripleo_snapshot_revert_snapshot_inactive_nodes|bool - - "'pacemaker' in services_enabled.stdout" - block: - - name: Add the node to the pacemaker cluster - command: pcs cluster start - - - name: Wait until pacemaker has Galera up&running - shell: /var/lib/container-config-scripts/pacemaker_wait_bundle.sh galera galera-bundle Master - when: "'mysql' in services_enabled.stdout" - tags: - - create_snapshots diff --git a/tripleo_ansible/roles/test_deps/defaults/main.yml b/tripleo_ansible/roles/test_deps/defaults/main.yml deleted file mode 100644 index 2f22da7b4..000000000 --- a/tripleo_ansible/roles/test_deps/defaults/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -test_deps_extra_packages: [] -test_deps_setup_tripleo: false -test_deps_repo_version: "{{ ansible_facts['distribution'] | lower }}{{ ansible_facts['distribution_major_version'] }}-master" -test_deps_mirrors_file_path: /etc/ci/mirror_info.sh -test_deps_setup_stream: true -test_deps_setup_ceph: false diff --git a/tripleo_ansible/roles/test_deps/meta/main.yml b/tripleo_ansible/roles/test_deps/meta/main.yml deleted file mode 100644 index ff0d5c1b8..000000000 --- a/tripleo_ansible/roles/test_deps/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- test_deps - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/test_deps/molecule/default/converge.yml b/tripleo_ansible/roles/test_deps/molecule/default/converge.yml deleted file mode 100644 index 7982e9249..000000000 --- a/tripleo_ansible/roles/test_deps/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "test_deps" diff --git a/tripleo_ansible/roles/test_deps/molecule/default/molecule.yml b/tripleo_ansible/roles/test_deps/molecule/default/molecule.yml deleted file mode 100644 index 5b32dc746..000000000 --- a/tripleo_ansible/roles/test_deps/molecule/default/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/test_deps/molecule/default/prepare.yml b/tripleo_ansible/roles/test_deps/molecule/default/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/test_deps/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/test_deps/tasks/main.yml b/tripleo_ansible/roles/test_deps/tasks/main.yml deleted file mode 100644 index 2e21e230f..000000000 --- a/tripleo_ansible/roles/test_deps/tasks/main.yml +++ /dev/null @@ -1,150 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Gather facts if they don't exist - setup: - gather_subset: min - when: "'distribution' not in ansible_facts" - tags: - - always - -# "{{ role_name }}" will search for and load any operating system variable file -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Detect mirrors file - stat: - path: "{{ test_deps_mirrors_file_path }}" - register: mirrors_file - -- name: RHEL Block - become: true - when: - - (ansible_facts['os_family'] | lower) == 'redhat' - - mirrors_file.stat.exists | bool - block: - - name: Disable ubi host subscription-manager integration - file: - path: /etc/rhsm-host - state: absent - - - name: Disable ubi 9 repos - when: ansible_facts['distribution_major_version'] is version(9, '>=') - become: true - yum_repository: - name: "{{ item }}" - state: absent - keepcache: false - with_items: - - ubi-9-appstream - - ubi-9-baseos - - ubi-9-codeready-builder - -- name: tripleo-repos Block - become: true - when: - - (ansible_facts['os_family'] | lower) == 'redhat' - block: - - name: Fetch latest repo version - uri: - url: https://trunk.rdoproject.org/centos{{ ansible_facts['distribution_major_version'] }}/current/delorean.repo - return_content: true - register: tripleo_packages - - - name: Create default repo file - copy: - content: "{{ tripleo_packages.content }}" - dest: /etc/yum.repos.d/delorean.repo - -- name: Install tripleo-repos package - become: true - package: - name: "python*tripleo-repos" - state: present - -- name: Tripleo setup block - become: true - when: - - (ansible_facts['os_family'] | lower) == 'redhat' - - test_deps_setup_tripleo | bool - block: - - name: Create tripleo repos - command: tripleo-repos -d ubi9 {{ test_deps_setup_stream | ternary('--stream', '--no-stream', omit) }} \ - -b master current-tripleo {{ test_deps_setup_ceph | ternary('ceph', '', omit) }} - - - name: look for redhat-release rpm - shell: | - rpm -qe redhat-release - register: rpm_found - ignore_errors: yes - - - name: Workaround of redhat-release binary on ubi9 - when: rpm_found.rc == 0 - block: - - name: Remove redhat-release - shell: | - rpm -e --nodeps redhat-release - - - name: Install centos-stream-release - package: - name: "centos-stream-release" - state: latest - releasever: "{{ ansible_facts['distribution_major_version'] }}" - - - name: Install tripleo packages - package: - name: "{{ test_deps_tripleo_packages }}" - state: present - releasever: "{{ ansible_facts['distribution_major_version'] }}" - -- name: Package block - become: true - block: - - name: Install selinux python libs - package: - name: "{{ test_deps_selinux_packages }}" - state: present - releasever: "{{ ansible_facts['distribution_major_version'] }}" - when: - - (ansible_facts['os_family'] | lower) == 'redhat' - - - name: Install python yaml libs - package: - name: "{{ test_deps_yaml_packages }}" - state: present - releasever: "{{ ansible_facts['distribution_major_version'] }}" - when: - - (ansible_facts['os_family'] | lower) == 'redhat' - - - name: Install extra packages - package: - name: "{{ test_deps_extra_packages }}" - state: present - releasever: "{{ ansible_facts['distribution_major_version'] }}" - when: - - (test_deps_extra_packages | length) > 0 diff --git a/tripleo_ansible/roles/test_deps/vars/centos-7.yml b/tripleo_ansible/roles/test_deps/vars/centos-7.yml deleted file mode 100644 index c31d830db..000000000 --- a/tripleo_ansible/roles/test_deps/vars/centos-7.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -test_deps_repo: https://trunk.rdoproject.org/centos7/current -test_deps_yaml_packages: - - PyYAML -test_deps_selinux_packages: - - libselinux-python -test_deps_tripleo_packages: - - python-tripleoclient - - python-openstacksdk -test_deps_tripleo_repos: current-tripleo-dev diff --git a/tripleo_ansible/roles/test_deps/vars/centos-8.yml b/tripleo_ansible/roles/test_deps/vars/centos-8.yml deleted file mode 100644 index 5f25002a6..000000000 --- a/tripleo_ansible/roles/test_deps/vars/centos-8.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -test_deps_repo: https://trunk.rdoproject.org/centos8-master/current -test_deps_yaml_packages: - - python3-pyyaml -test_deps_selinux_packages: - - python3-libselinux -test_deps_tripleo_packages: - - python3-tripleoclient - - python3-openstacksdk -test_deps_tripleo_repos: current-tripleo diff --git a/tripleo_ansible/roles/test_deps/vars/centos-9.yml b/tripleo_ansible/roles/test_deps/vars/centos-9.yml deleted file mode 100644 index 938b26c13..000000000 --- a/tripleo_ansible/roles/test_deps/vars/centos-9.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -test_deps_repo: https://trunk.rdoproject.org/centos9-master/current -test_deps_yaml_packages: - - python3-pyyaml -test_deps_selinux_packages: - - python3-libselinux -test_deps_tripleo_packages: - - python3-tripleoclient - - python3-openstacksdk - - openssh -test_deps_tripleo_repos: current-tripleo diff --git a/tripleo_ansible/roles/test_deps/vars/fedora.yml b/tripleo_ansible/roles/test_deps/vars/fedora.yml deleted file mode 100644 index d0193f36b..000000000 --- a/tripleo_ansible/roles/test_deps/vars/fedora.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -test_deps_repo: https://trunk.rdoproject.org/fedora/current -test_deps_selinux_packages: - - python3-libselinux - - python2-libselinux -test_deps_tripleo_packages: - - python3-tripleoclient - - python3-openstacksdk -test_deps_tripleo_repos: current-tripleo diff --git a/tripleo_ansible/roles/test_deps/vars/redhat-8.yml b/tripleo_ansible/roles/test_deps/vars/redhat-8.yml deleted file mode 100644 index af702fc0f..000000000 --- a/tripleo_ansible/roles/test_deps/vars/redhat-8.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -test_deps_repo: https://trunk.rdoproject.org/redhat8-master/current -test_deps_yaml_packages: - - python3-pyyaml -test_deps_selinux_packages: - - python3-libselinux -test_deps_tripleo_packages: - - python3-tripleoclient - - python3-openstacksdk -test_deps_tripleo_repos: current-tripleo diff --git a/tripleo_ansible/roles/test_deps/vars/redhat-9.yml b/tripleo_ansible/roles/test_deps/vars/redhat-9.yml deleted file mode 100644 index 4c1554658..000000000 --- a/tripleo_ansible/roles/test_deps/vars/redhat-9.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -test_deps_repo: https://trunk.rdoproject.org/centos9-master/current -test_deps_yaml_packages: - - python3-pyyaml -test_deps_selinux_packages: - - python3-libselinux -test_deps_tripleo_packages: - - python3-tripleoclient - - python3-openstacksdk - - centos-stream-release - - openssh -test_deps_tripleo_repos: current-tripleo diff --git a/tripleo_ansible/roles/test_package_action/meta/main.yml b/tripleo_ansible/roles/test_package_action/meta/main.yml deleted file mode 100644 index 64d7e97a7..000000000 --- a/tripleo_ansible/roles/test_package_action/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- test_package_action - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/test_package_action/molecule/default/converge.yml b/tripleo_ansible/roles/test_package_action/molecule/default/converge.yml deleted file mode 100644 index 1b3d9a3d9..000000000 --- a/tripleo_ansible/roles/test_package_action/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "test_package_action" diff --git a/tripleo_ansible/roles/test_package_action/molecule/default/molecule.yml b/tripleo_ansible/roles/test_package_action/molecule/default/molecule.yml deleted file mode 100644 index 5b32dc746..000000000 --- a/tripleo_ansible/roles/test_package_action/molecule/default/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/test_package_action/molecule/default/prepare.yml b/tripleo_ansible/roles/test_package_action/molecule/default/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/test_package_action/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/test_package_action/molecule/default/tests/test_default.py b/tripleo_ansible/roles/test_package_action/molecule/default/tests/test_default.py deleted file mode 100644 index 3af5a6563..000000000 --- a/tripleo_ansible/roles/test_package_action/molecule/default/tests/test_default.py +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import os - -import testinfra.utils.ansible_runner - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_package_installed(host): - assert host.package("bison").is_installed diff --git a/tripleo_ansible/roles/test_package_action/molecule/default/verify.yml b/tripleo_ansible/roles/test_package_action/molecule/default/verify.yml deleted file mode 100644 index 8a7b2cc09..000000000 --- a/tripleo_ansible/roles/test_package_action/molecule/default/verify.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Verify - hosts: all - tasks: - - name: Check for tripleo-ansible package - debug: - msg: >- - test message diff --git a/tripleo_ansible/roles/test_package_action/molecule/negative/converge.yml b/tripleo_ansible/roles/test_package_action/molecule/negative/converge.yml deleted file mode 100644 index 0f90a461e..000000000 --- a/tripleo_ansible/roles/test_package_action/molecule/negative/converge.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "test_package_action" - # Role variable used to interact with the package module shim - tripleo_enable_package_install: false diff --git a/tripleo_ansible/roles/test_package_action/molecule/negative/molecule.yml b/tripleo_ansible/roles/test_package_action/molecule/negative/molecule.yml deleted file mode 100644 index 8182b2f5f..000000000 --- a/tripleo_ansible/roles/test_package_action/molecule/negative/molecule.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -driver: - name: podman -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/test_package_action/molecule/negative/prepare.yml b/tripleo_ansible/roles/test_package_action/molecule/negative/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/test_package_action/molecule/negative/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/test_package_action/molecule/negative/tests/test_negative.py b/tripleo_ansible/roles/test_package_action/molecule/negative/tests/test_negative.py deleted file mode 100644 index c56417baa..000000000 --- a/tripleo_ansible/roles/test_package_action/molecule/negative/tests/test_negative.py +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import os - -import testinfra.utils.ansible_runner - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_package_installed(host): - assert host.package("bison").is_installed is False diff --git a/tripleo_ansible/roles/test_package_action/molecule/negative/verify.yml b/tripleo_ansible/roles/test_package_action/molecule/negative/verify.yml deleted file mode 100644 index 87beedd74..000000000 --- a/tripleo_ansible/roles/test_package_action/molecule/negative/verify.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Verify - hosts: all - tasks: - - name: Check for tripleo-ansible package - debug: - msg: >- - Negative test message diff --git a/tripleo_ansible/roles/test_package_action/molecule/positive/converge.yml b/tripleo_ansible/roles/test_package_action/molecule/positive/converge.yml deleted file mode 100644 index 69a59e87a..000000000 --- a/tripleo_ansible/roles/test_package_action/molecule/positive/converge.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "test_package_action" - # Role variable used to interact with the package module shim - tripleo_enable_package_install: true diff --git a/tripleo_ansible/roles/test_package_action/molecule/positive/molecule.yml b/tripleo_ansible/roles/test_package_action/molecule/positive/molecule.yml deleted file mode 100644 index 5b32dc746..000000000 --- a/tripleo_ansible/roles/test_package_action/molecule/positive/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/test_package_action/molecule/positive/prepare.yml b/tripleo_ansible/roles/test_package_action/molecule/positive/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/test_package_action/molecule/positive/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/test_package_action/molecule/positive/tests/test_positive.py b/tripleo_ansible/roles/test_package_action/molecule/positive/tests/test_positive.py deleted file mode 100644 index 3af5a6563..000000000 --- a/tripleo_ansible/roles/test_package_action/molecule/positive/tests/test_positive.py +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import os - -import testinfra.utils.ansible_runner - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_package_installed(host): - assert host.package("bison").is_installed diff --git a/tripleo_ansible/roles/test_package_action/molecule/positive/verify.yml b/tripleo_ansible/roles/test_package_action/molecule/positive/verify.yml deleted file mode 100644 index 87beedd74..000000000 --- a/tripleo_ansible/roles/test_package_action/molecule/positive/verify.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Verify - hosts: all - tasks: - - name: Check for tripleo-ansible package - debug: - msg: >- - Negative test message diff --git a/tripleo_ansible/roles/test_package_action/tasks/main.yml b/tripleo_ansible/roles/test_package_action/tasks/main.yml deleted file mode 100644 index 9f9122743..000000000 --- a/tripleo_ansible/roles/test_package_action/tasks/main.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "{{ role_name }}" will search for and load any operating system variable file -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Install test packages - package: - name: "{{ test_install_packages }}" - state: present diff --git a/tripleo_ansible/roles/test_package_action/vars/redhat.yml b/tripleo_ansible/roles/test_package_action/vars/redhat.yml deleted file mode 100644 index 2a4674e00..000000000 --- a/tripleo_ansible/roles/test_package_action/vars/redhat.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# This is a random package which is likely to not be installed by default. -test_install_packages: - - bison diff --git a/tripleo_ansible/roles/tripleo_auditd/defaults/main.yml b/tripleo_ansible/roles/tripleo_auditd/defaults/main.yml deleted file mode 100644 index 65b72ab3d..000000000 --- a/tripleo_ansible/roles/tripleo_auditd/defaults/main.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -tripleo_auditd_pkg: 'audit' -tripleo_auditd_service: 'auditd' -tripleo_auditd_rules: {} - -tripleo_auditd_config: {} -tripleo_auditd_config_default: - log_file: '/var/log/audit/audit.log' - log_format: 'RAW' - log_group: 'root' - write_logs: 'yes' - priority_boost: '4' - flush: 'incremental_async' - freq: '20' - num_logs: '5' - disp_qos: 'lossy' - dispatcher: '/sbin/audispd' - name_format: 'none' - max_log_file: '6' - max_log_file_action: 'rotate' - space_left: '75' - space_left_action: 'syslog' - action_mail_acct: 'root' - admin_space_left: '50' - admin_space_left_action: 'suspend' - disk_full_action: 'suspend' - disk_error_action: 'suspend' - tcp_listen_queue: '5' - tcp_max_per_addr: '1' - tcp_client_max_idle: '0' - enable_krb5: 'no' - krb5_principal: 'auditd' diff --git a/tripleo_ansible/roles/tripleo_auditd/meta/main.yml b/tripleo_ansible/roles/tripleo_auditd/meta/main.yml deleted file mode 100644 index 7d77ef5a6..000000000 --- a/tripleo_ansible/roles/tripleo_auditd/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: TripleO OpenStack Role -- tripleo_auditd - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - namespace: openstack - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 8 - - 9 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_auditd/molecule/custom_rules/converge.yml b/tripleo_ansible/roles/tripleo_auditd/molecule/custom_rules/converge.yml deleted file mode 100644 index dfcd80f43..000000000 --- a/tripleo_ansible/roles/tripleo_auditd/molecule/custom_rules/converge.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - ordered_rules: - - '-a always,exit -F arch=b64 -S adjtimex -F key=audit_time_rules' - - '-a always,exit -F arch=b64 -S settimeofday -F key=audit_time_rules' - - '-a always,exit -F arch=b64 -S clock_settime -F key=audit_time_rules' - tasks: - - name: Push some rules - vars: - tripleo_auditd_rules: - 'Record attempts to alter time through settimeofday': - content: '-a always,exit -F arch=b64 -S settimeofday -k audit_time_rules' - order : 2 - 'Record attempts to alter time through adjtimex': - content: '-a always,exit -F arch=b64 -S adjtimex -k audit_time_rules' - order : 1 - 'Record Attempts to Alter Time Through clock_settime': - content: '-a always,exit -F arch=b64 -S clock_settime -k audit_time_rules' - order : 3 - include_role: - name: "tripleo_auditd" - - - name: Get auditd rules - become: true - register: auditctl_listing - command: /sbin/auditctl -l - - - name: Ensure rules are present in the correct order - assert: - that: - - auditctl_listing.stdout_lines == ordered_rules diff --git a/tripleo_ansible/roles/tripleo_auditd/molecule/custom_rules/molecule.yml b/tripleo_ansible/roles/tripleo_auditd/molecule/custom_rules/molecule.yml deleted file mode 100644 index 27fe53df4..000000000 --- a/tripleo_ansible/roles/tripleo_auditd/molecule/custom_rules/molecule.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - name: custom_rules - test_sequence: - - destroy - - create - - prepare - - converge - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_auditd/molecule/custom_rules/prepare.yml b/tripleo_ansible/roles/tripleo_auditd/molecule/custom_rules/prepare.yml deleted file mode 100644 index 65b8ced72..000000000 --- a/tripleo_ansible/roles/tripleo_auditd/molecule/custom_rules/prepare.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - become: true - roles: - - role: test_deps - test_deps_extra_packages: - - audit - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_auditd/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_auditd/molecule/default/converge.yml deleted file mode 100644 index 3afd02864..000000000 --- a/tripleo_ansible/roles/tripleo_auditd/molecule/default/converge.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - tasks: - - name: Default install without custom rules - include_role: - name: "tripleo_auditd" diff --git a/tripleo_ansible/roles/tripleo_auditd/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_auditd/molecule/default/molecule.yml deleted file mode 100644 index 187a4cede..000000000 --- a/tripleo_ansible/roles/tripleo_auditd/molecule/default/molecule.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_auditd/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_auditd/molecule/default/prepare.yml deleted file mode 100644 index 65b8ced72..000000000 --- a/tripleo_ansible/roles/tripleo_auditd/molecule/default/prepare.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - become: true - roles: - - role: test_deps - test_deps_extra_packages: - - audit - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_auditd/tasks/configure.yaml b/tripleo_ansible/roles/tripleo_auditd/tasks/configure.yaml deleted file mode 100644 index f8fe8f5c6..000000000 --- a/tripleo_ansible/roles/tripleo_auditd/tasks/configure.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Push auditd configuration file - register: auditd_config - template: - dest: /etc/audit/auditd.conf - src: auditd.conf.j2 - -- name: Generate auditd rules - template: - dest: /etc/audit/rules.d/tripleo.rules - src: audit.rules.j2 diff --git a/tripleo_ansible/roles/tripleo_auditd/tasks/install.yaml b/tripleo_ansible/roles/tripleo_auditd/tasks/install.yaml deleted file mode 100644 index 0ff60fc16..000000000 --- a/tripleo_ansible/roles/tripleo_auditd/tasks/install.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Ensure package is installed - package: - name: "{{ tripleo_auditd_pkg }}" - state: present diff --git a/tripleo_ansible/roles/tripleo_auditd/tasks/main.yaml b/tripleo_ansible/roles/tripleo_auditd/tasks/main.yaml deleted file mode 100644 index f0c78f9f9..000000000 --- a/tripleo_ansible/roles/tripleo_auditd/tasks/main.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: All is to be launched as root - become: true - block: - - include_tasks: install.yaml - - include_tasks: configure.yaml - - include_tasks: run.yaml diff --git a/tripleo_ansible/roles/tripleo_auditd/tasks/run.yaml b/tripleo_ansible/roles/tripleo_auditd/tasks/run.yaml deleted file mode 100644 index 73826cca9..000000000 --- a/tripleo_ansible/roles/tripleo_auditd/tasks/run.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Ensure auditd service is enabled and running - register: service_startup - systemd: - name: "{{ tripleo_auditd_service }}" - state: started - enabled: true - -# We cannot restart auditd using systemctl. The only way to make it reload -# its configuration is with a SIGHUP. -- name: Reload service configuration - when: - - service_startup is not changed - - auditd_config is changed - command: "killall -HUP {{ tripleo_auditd_service }}" - -- name: Reload ruleset if needed - command: /sbin/augenrules --load diff --git a/tripleo_ansible/roles/tripleo_auditd/templates/audit.rules.j2 b/tripleo_ansible/roles/tripleo_auditd/templates/audit.rules.j2 deleted file mode 100644 index ea6c7ce1a..000000000 --- a/tripleo_ansible/roles/tripleo_auditd/templates/audit.rules.j2 +++ /dev/null @@ -1,6 +0,0 @@ -# File managed by tripleo_ansible -{% set rules = tripleo_auditd_rules|dict2items|sort(attribute='value.order') %} -{% for rule in rules %} -# {{ rule['value']['order'] }} {{ rule['key'] }} -{{ rule['value']['content'] }} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_auditd/templates/auditd.conf.j2 b/tripleo_ansible/roles/tripleo_auditd/templates/auditd.conf.j2 deleted file mode 100644 index 5e98beabf..000000000 --- a/tripleo_ansible/roles/tripleo_auditd/templates/auditd.conf.j2 +++ /dev/null @@ -1,7 +0,0 @@ -# File managed by tripleo_ansible -{% set merged_config = tripleo_auditd_config_default | combine(tripleo_auditd_config) %} -{% for key, value in merged_config.items() %} -{% if value != '' %} -{{ key }} = {{ value }} -{% endif %} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_bootstrap/defaults/main.yml b/tripleo_ansible/roles/tripleo_bootstrap/defaults/main.yml deleted file mode 100644 index d9790f068..000000000 --- a/tripleo_ansible/roles/tripleo_bootstrap/defaults/main.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# List of packages that are requred to bootstrap TripleO. -tripleo_bootstrap_packages_bootstrap: "{{ _tripleo_bootstrap_packages_bootstrap | default([]) }}" - -tripleo_bootstrap_release_version_package: "{{ _tripleo_bootstrap_release_version_package | default([]) }}" - -# List of packages that are required for legacy networking to function. -# NOTE: We are using 'network' service provided by 'network-scripts' (initscripts) -# which deprecated in recent releases but os-net-config doesn't support yet -# NetworkManager. Until it happens, we need to ensure that network is started -# at boot, as it'll take care of restarting the network interfaces managed by -# OVS. Note that OVS unit service is already configure to start before -# network.service. -tripleo_bootstrap_legacy_network_packages: "{{ _tripleo_bootstrap_legacy_network_packages | default([]) }}" -tripleo_bootstrap_network_service: network diff --git a/tripleo_ansible/roles/tripleo_bootstrap/meta/main.yml b/tripleo_ansible/roles/tripleo_bootstrap/meta/main.yml deleted file mode 100644 index 5c2fe25e5..000000000 --- a/tripleo_ansible/roles/tripleo_bootstrap/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_bootstrap - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_bootstrap/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_bootstrap/molecule/default/converge.yml deleted file mode 100644 index 5aa039b50..000000000 --- a/tripleo_ansible/roles/tripleo_bootstrap/molecule/default/converge.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - become: true - hosts: all - roles: - - role: "tripleo_bootstrap" diff --git a/tripleo_ansible/roles/tripleo_bootstrap/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_bootstrap/molecule/default/molecule.yml deleted file mode 100644 index 61c228c9e..000000000 --- a/tripleo_ansible/roles/tripleo_bootstrap/molecule/default/molecule.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_bootstrap/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_bootstrap/molecule/default/prepare.yml deleted file mode 100644 index 7b9ec4cdf..000000000 --- a/tripleo_ansible/roles/tripleo_bootstrap/molecule/default/prepare.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_setup_tripleo: true - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_bootstrap/molecule/default/tests/test_default.py b/tripleo_ansible/roles/tripleo_bootstrap/molecule/default/tests/test_default.py deleted file mode 100644 index 12e5a7c35..000000000 --- a/tripleo_ansible/roles/tripleo_bootstrap/molecule/default/tests/test_default.py +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import os - -import testinfra.utils.ansible_runner - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_package_installed(host): - assert host.package("puppet-tripleo").is_installed - - -def test_iptables_exists(host): - assert host.file("/etc/sysconfig/iptables").exists - assert host.file("/etc/sysconfig/ip6tables").exists diff --git a/tripleo_ansible/roles/tripleo_bootstrap/tasks/bootstrap.yml b/tripleo_ansible/roles/tripleo_bootstrap/tasks/bootstrap.yml deleted file mode 100644 index 89e04382b..000000000 --- a/tripleo_ansible/roles/tripleo_bootstrap/tasks/bootstrap.yml +++ /dev/null @@ -1,120 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_bootstrap" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -# Currently only supported on RHEL as tripleo does not have a version package -- name: Release version package - when: - - (ansible_facts['distribution'] | lower) == 'redhat' - - (tripleo_bootstrap_release_version_package |list | length) > 0 - block: - - name: Check release version package is installed - command: "rpm -q --whatprovides {{ tripleo_bootstrap_release_version_package | join(' ') }}" - register: rpm_query_result - failed_when: false - - name: Deploy release version package - become: true - package: - name: "{{ tripleo_bootstrap_release_version_package }}" - state: present - when: - - rpm_query_result.rc > 0 - -- name: Import packages tasks - import_tasks: packages.yml - -- name: Enable openvswitch service if installed - become: true - service: - name: openvswitch - enabled: true - state: started - register: openvswitch_service_start - failed_when: - - not 'Could not find the requested service' in openvswitch_service_start.msg|default('') - - openvswitch_service_start is failed - -- name: Create /var/lib/heat-config/tripleo-config-download directory for deployment data - become: true - file: - path: /var/lib/heat-config/tripleo-config-download - state: directory - -- name: Deploy and enable network service - become: true - when: - - (tripleo_bootstrap_legacy_network_packages | length) > 0 - block: - - name: Check required legacy network packages for bootstrap TripleO is installed - command: "rpm -q --whatprovides {{ tripleo_bootstrap_legacy_network_packages | join(' ') }}" - register: rpm_query_result - failed_when: false - - - name: Deploy network-scripts required for deprecated network service - package: - name: "{{ tripleo_bootstrap_legacy_network_packages }}" - state: present - when: - - rpm_query_result.rc > 0 - - - name: Ensure network service is enabled - systemd: - name: "{{ tripleo_bootstrap_network_service }}" - enabled: true - -- name: Stop NetworkManager from updating resolv.conf - become: true - when: tripleo_bootstrap_network_service == 'NetworkManager' - block: - - name: Set 'dns=none' in /etc/NetworkManager/NetworkManager.conf - ini_file: - path: /etc/NetworkManager/NetworkManager.conf - state: present - no_extra_spaces: true - section: main - option: dns - value: none - backup: true - - name: Set 'rc-manager=unmanaged' in /etc/NetworkManager/NetworkManager.conf - ini_file: - path: /etc/NetworkManager/NetworkManager.conf - state: present - no_extra_spaces: true - section: main - option: rc-manager - value: unmanaged - backup: true - - name: Reload NetworkManager - service: - name: NetworkManager - state: reloaded diff --git a/tripleo_ansible/roles/tripleo_bootstrap/tasks/main.yml b/tripleo_ansible/roles/tripleo_bootstrap/tasks/main.yml deleted file mode 100644 index 206599a3a..000000000 --- a/tripleo_ansible/roles/tripleo_bootstrap/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Import tripleo_bootstrap bootstrap tasks - import_tasks: bootstrap.yml - -- name: Import tripleo_bootstrap puppet tasks - import_tasks: puppet.yml diff --git a/tripleo_ansible/roles/tripleo_bootstrap/tasks/packages.yml b/tripleo_ansible/roles/tripleo_bootstrap/tasks/packages.yml deleted file mode 100644 index 711c52914..000000000 --- a/tripleo_ansible/roles/tripleo_bootstrap/tasks/packages.yml +++ /dev/null @@ -1,66 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Gather facts if they don't exist - setup: - gather_subset: min - when: "'distribution' not in ansible_facts" - tags: - - always - - # found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Check required packages to bootstrap TripleO is installed - command: "rpm -q --whatprovides {{ tripleo_bootstrap_packages_bootstrap | join(' ') }}" - register: rpm_query_result - failed_when: false - -- name: Deploy required packages to bootstrap TripleO - become: true - package: - name: "{{ tripleo_bootstrap_packages_bootstrap }}" - state: present - # When a node is deployed with overcloud-minimal, OVS isn't required so let's - # ignore the case where the package can't be found (e.g. missing subscription). - # https://bugzilla.redhat.com/show_bug.cgi?id=1820306 - failed_when: - - (ansible_facts['distribution'] | lower) == 'redhat' - - not ansible_check_mode|bool - - (tripleo_bootstrap_packages_bootstrap_result.rc | int) == 1 - - not ('No package openvswitch available.' in tripleo_bootstrap_packages_bootstrap_result.failures | default([])) - register: tripleo_bootstrap_packages_bootstrap_result - when: - - rpm_query_result.rc > 0 - -- name: Ensure packages are actually well installed - become: true - command: "rpm -V {{ tripleo_bootstrap_packages_bootstrap | join(' ') }}" - register: rpm_verify_result - failed_when: - - "'%verify' in rpm_verify_result.stderr" diff --git a/tripleo_ansible/roles/tripleo_bootstrap/tasks/puppet.yml b/tripleo_ansible/roles/tripleo_bootstrap/tasks/puppet.yml deleted file mode 100644 index afb4c28da..000000000 --- a/tripleo_ansible/roles/tripleo_bootstrap/tasks/puppet.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Symlink puppet modules under /etc/puppet/modules - become: true - shell: >- - ln -f -s /usr/share/openstack-puppet/modules/* /etc/puppet/modules/ - register: result - failed_when: false - tags: - - skip_ansible_lint diff --git a/tripleo_ansible/roles/tripleo_bootstrap/vars/fedora-28.yml b/tripleo_ansible/roles/tripleo_bootstrap/vars/fedora-28.yml deleted file mode 100644 index c20b3b9e7..000000000 --- a/tripleo_ansible/roles/tripleo_bootstrap/vars/fedora-28.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -_tripleo_bootstrap_packages_bootstrap: - - driverctl - - openstack-heat-agents - - crudini - - jq - - puppet-tripleo - - os-net-config - - openvswitch - - openstack-selinux - - libselinux-python - - rsync - -_tripleo_bootstrap_legacy_network_packages: - - initscripts diff --git a/tripleo_ansible/roles/tripleo_bootstrap/vars/redhat-8.yml b/tripleo_ansible/roles/tripleo_bootstrap/vars/redhat-8.yml deleted file mode 100644 index 25170ae1c..000000000 --- a/tripleo_ansible/roles/tripleo_bootstrap/vars/redhat-8.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -_tripleo_bootstrap_packages_bootstrap: - - driverctl - - lvm2 - - crudini - - jq - - openvswitch - - openstack-heat-agents - - openstack-selinux - - os-net-config - - python3-libselinux - - python3-pyyaml - - puppet-tripleo - - rsync - - tmpwatch - - sysstat - -_tripleo_bootstrap_legacy_network_packages: - - network-scripts - -tripleo_bootstrap_network_service: NetworkManager - -_tripleo_bootstrap_release_version_package: - - rhosp-release diff --git a/tripleo_ansible/roles/tripleo_bootstrap/vars/redhat-9.yml b/tripleo_ansible/roles/tripleo_bootstrap/vars/redhat-9.yml deleted file mode 100644 index e7f9574ce..000000000 --- a/tripleo_ansible/roles/tripleo_bootstrap/vars/redhat-9.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -_tripleo_bootstrap_packages_bootstrap: - - driverctl - - lvm2 - - crudini - - jq - - nftables - - openvswitch - - openstack-heat-agents - - openstack-selinux - - os-net-config - - python3-libselinux - - python3-pyyaml - - puppet-tripleo - - rsync - - tmpwatch - - sysstat - -_tripleo_bootstrap_legacy_network_packages: - - openstack-network-scripts - -tripleo_bootstrap_network_service: NetworkManager - -_tripleo_bootstrap_release_version_package: - - rhosp-release diff --git a/tripleo_ansible/roles/tripleo_bootstrap/vars/redhat.yml b/tripleo_ansible/roles/tripleo_bootstrap/vars/redhat.yml deleted file mode 100644 index e3acc49c9..000000000 --- a/tripleo_ansible/roles/tripleo_bootstrap/vars/redhat.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -_tripleo_bootstrap_packages_bootstrap: - - driverctl - - libselinux-python - - lvm2 - - crudini - - jq - - os-net-config - - openstack-heat-agents - - openstack-selinux - - openvswitch - - puppet-tripleo - - rsync - - tmpwatch - - sysstat diff --git a/tripleo_ansible/roles/tripleo_cellv2/defaults/main.yml b/tripleo_ansible/roles/tripleo_cellv2/defaults/main.yml deleted file mode 100644 index b83360c4c..000000000 --- a/tripleo_ansible/roles/tripleo_cellv2/defaults/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -tripleo_cellv2_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_cellv2_cell_name: "" - -tripleo_cellv2_cellcontroller_group: "{{ groups['CellController'] }}" -tripleo_cellv2_cell_database_vip: "{{ hostvars[tripleo_cellv2_cellcontroller_group[0]]['cell_database_vip'] }}" -tripleo_cellv2_cell_transport_url: "{{ hostvars[tripleo_cellv2_cellcontroller_group[0]]['cell_transport_url'] }}" diff --git a/tripleo_ansible/roles/tripleo_cellv2/meta/main.yml b/tripleo_ansible/roles/tripleo_cellv2/meta/main.yml deleted file mode 100644 index 01caf7f4f..000000000 --- a/tripleo_ansible/roles/tripleo_cellv2/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_cellv2 - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_cellv2/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_cellv2/molecule/default/converge.yml deleted file mode 100644 index 2e3e09ceb..000000000 --- a/tripleo_ansible/roles/tripleo_cellv2/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_cellv2" diff --git a/tripleo_ansible/roles/tripleo_cellv2/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_cellv2/molecule/default/molecule.yml deleted file mode 100644 index 5b32dc746..000000000 --- a/tripleo_ansible/roles/tripleo_cellv2/molecule/default/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_cellv2/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_cellv2/molecule/default/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/tripleo_cellv2/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_cellv2/tasks/add_internalapi_hosts_entries.yml b/tripleo_ansible/roles/tripleo_cellv2/tasks/add_internalapi_hosts_entries.yml deleted file mode 100644 index 583e7fc76..000000000 --- a/tripleo_ansible/roles/tripleo_cellv2/tasks/add_internalapi_hosts_entries.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Add CellController internalapi to control plan controller - become: true - lineinfile: - dest: "/etc/hosts" - regexp: ".*{{ hostvars[item]['internal_api_hostname'] }}.*$" - line: >- - {{ hostvars[item]['internal_api_ip'] }} - {{ hostvars[item]['internal_api_hostname'] }} - {{ hostvars[item]['internal_api_hostname'].split('.')[:2] | join('.') }} - insertafter: "# END_HOST_ENTRIES_FOR_STACK:.*" - state: present - when: - - hostvars[item]['internal_api_ip'] is defined - - hostvars[item]['internal_api_hostname'] is defined - with_items: "{{ tripleo_cellv2_cellcontroller_group }}" - register: hosts_result - tags: - - hosts - - create - -- name: Add Cell internalapi VIP to control plan controller - become: true - vars: - cell_domain_name: >- - {{ hostvars[item]['internal_api_hostname'] | regex_replace(item ~ '\.?', '') }} - lineinfile: - dest: "/etc/hosts" - regexp: "\\s*{{ tripleo_cellv2_cell_name }}\\.?{{ cell_domain_name }}.*$" - line: >- - {{ hostvars[item]['internal_api_vip'] }} - {{ cell_domain_name | ternary(tripleo_cellv2_cell_name ~ '.' ~ cell_domain_name, tripleo_cellv2_cell_name) }} - insertafter: "# END_HOST_ENTRIES_FOR_STACK:.*" - state: present - when: - - hostvars[item]['internal_api_vip'] is defined - - hostvars[item]['internal_api_hostname'] is defined - with_items: "{{ tripleo_cellv2_cellcontroller_group }}" - register: hosts_result2 - tags: - - hosts - - create - -- name: Restart nova services - become: true - systemd: - name: "{{ item }}" - state: restarted - with_items: - - tripleo_nova_api - - tripleo_nova_conductor - - tripleo_nova_scheduler - when: - - hosts_result.changed or hosts_result2.changed - tags: - - hosts - - create diff --git a/tripleo_ansible/roles/tripleo_cellv2/tasks/check_cell_exist.yml b/tripleo_ansible/roles/tripleo_cellv2/tasks/check_cell_exist.yml deleted file mode 100644 index c7f4decdb..000000000 --- a/tripleo_ansible/roles/tripleo_cellv2/tasks/check_cell_exist.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Check if cell exist - block: - - name: Fail if cell_name is not passed - fail: msg="tripleo_cellv2_cell_name is a mandatory parameter!" - when: tripleo_cellv2_cell_name is not defined - - name: Check if cell is already created - become: true - shell: |- - set -o pipefail - podman exec -i -u root nova_api \ - nova-manage {{ (tripleo_cellv2_debug | bool) | ternary('--debug', '') }} \ - cell_v2 list_cells | grep {{ tripleo_cellv2_cell_name }} - failed_when: false - register: cell_check_result - - name: Fail if cell already exists - fail: msg="Cell with name {{ tripleo_cellv2_cell_name }} already exist!" - when: cell_check_result.rc == 0 - tags: - - check - - extract - - create diff --git a/tripleo_ansible/roles/tripleo_cellv2/tasks/create_cell.yml b/tripleo_ansible/roles/tripleo_cellv2/tasks/create_cell.yml deleted file mode 100644 index 976c0c65b..000000000 --- a/tripleo_ansible/roles/tripleo_cellv2/tasks/create_cell.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Create new Cell - become: true - block: - - name: Create Cell - shell: >- - podman exec -i -u root nova_api - nova-manage cell_v2 create_cell --name {{ tripleo_cellv2_cell_name }} - --database_connection "{scheme}://{username}:{password}@{{ tripleo_cellv2_cell_database_vip }}/nova?{query}" - --transport-url "{{ tripleo_cellv2_cell_transport_url }}" - - - name: List Cells - shell: > - podman exec -i -u root nova_api - nova-manage cell_v2 list_cells - register: cells - - - debug: var=cells.stdout_lines - tags: - - create diff --git a/tripleo_ansible/roles/tripleo_cellv2/tasks/discover_hosts.yml b/tripleo_ansible/roles/tripleo_cellv2/tasks/discover_hosts.yml deleted file mode 100644 index 504d91560..000000000 --- a/tripleo_ansible/roles/tripleo_cellv2/tasks/discover_hosts.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Discover cell nodes - become: true - block: - - name: Discover hosts - shell: >- - podman exec -i -u root nova_api - nova-manage cell_v2 discover_hosts --by-service --verbose - - - name: List Cells - shell: >- - podman exec -i -u root nova_api - nova-manage cell_v2 list_cells - tags: - - discover diff --git a/tripleo_ansible/roles/tripleo_cellv2/tasks/extract_cell_information.yml b/tripleo_ansible/roles/tripleo_cellv2/tasks/extract_cell_information.yml deleted file mode 100644 index 089c59536..000000000 --- a/tripleo_ansible/roles/tripleo_cellv2/tasks/extract_cell_information.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Extract transport_url and database connection from one CellController - become: true - block: - - name: Extract transport_url from CellController - command: >- - crudini --get /var/lib/config-data/nova/etc/nova/nova.conf DEFAULT transport_url - register: cell_transport_url_result - - - name: Set fact cell_transport_url - set_fact: - cell_transport_url: "{{ cell_transport_url_result.stdout }}" - - - name: Extract database connection from CellController - command: >- - crudini --get /var/lib/config-data/nova/etc/nova/nova.conf database connection - register: cell_database_vip_result - - - name: Set fact cell_database_vip - set_fact: - cell_database_vip: "{{ cell_database_vip_result.stdout |regex_replace('.*@(.*?)/.*$', '\\1') }}" - tags: - - extract - - create diff --git a/tripleo_ansible/roles/tripleo_ceph_client/defaults/main.yml b/tripleo_ansible/roles/tripleo_ceph_client/defaults/main.yml deleted file mode 100644 index 6a3a68cd6..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client/defaults/main.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_ceph_client" -tripleo_ceph_client_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_ceph_client_hide_sensitive_logs: true -tripleo_ceph_client_config_home: "/etc/ceph" -tripleo_ceph_client_fetch_dir: "{{ playbook_dir }}/ceph_client_fetch_dir" -tripleo_ceph_client_cluster: "{{ tripleo_ceph_cluster_name | default('ceph', true) }}" -tripleo_ceph_client_fsid: "{{ tripleo_ceph_cluster_fsid | default('', true) }}" -tripleo_ceph_client_mon_ips: [] -tripleo_ceph_client_keys: "{{ tripleo_ceph_cluster_keys | default([], true) }}" -tripleo_ceph_client_config_overrides: {} -tripleo_ceph_client_rbd_admin_socket_path: '/var/run/ceph' -tripleo_ceph_client_rbd_log_path: '/var/log/ceph' -tripleo_ceph_client_rbd_log_file: "{{ tripleo_ceph_client_rbd_log_path }}/qemu-guest-$pid.log" -external_cluster_mon_ips: '' diff --git a/tripleo_ansible/roles/tripleo_ceph_client/meta/main.yml b/tripleo_ansible/roles/tripleo_ceph_client/meta/main.yml deleted file mode 100644 index 43d4c3904..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_ceph_client - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_ceph_client/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_ceph_client/molecule/default/converge.yml deleted file mode 100644 index 5535bdd8c..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client/molecule/default/converge.yml +++ /dev/null @@ -1,200 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_ceph_client" - tripleo_ceph_client_config_home: "/etc/ceph" - tripleo_ceph_client_fsid: "1dee28aa-2eba-11eb-b30b-244200b898e6" - tripleo_ceph_client_mon_ips: - - 172.16.3.10 - - 172.16.3.11 - - 172.16.3.12 - tripleo_ceph_client_keys: - - caps: - mgr: allow * - mon: profile rbd - osd: profile rbd pool=vms, profile rbd pool=volumes, profile rbd pool=metrics, - profile rbd pool=backups, profile rbd pool=pool2, profile rbd pool=pool3, - profile rbd pool=altrbd - key: AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw== - mode: '0600' - name: client.glance - - caps: - mgr: allow * - mon: profile rbd - osd: profile rbd pool=images - key: AQBRgQ9eAAAAABAAv84zEilJYZPNuJ0Iwn9Ndg== - mode: '0600' - name: client.manila - tripleo_ceph_client_config_overrides: - global: - osd_pool_default_pg_num: 16 - osd_pool_default_pgp_num: 16 - osd_pool_default_size: 1 - topkey: 'topvalue' - client: - rbd_cache: true - rbd_cache_writethrough_until_flush: true - rbd_concurrent_management_ops: 20 - osdkey: 'osdvalue' - - tasks: - - name: Check the tripleo_ceph_client_fetch_dir content - block: - - name: Check current file - stat: - path: "{{ tripleo_ceph_client_fetch_dir }}/{{ item }}" - register: st - loop: "{{ expected_files }}" - - fail: - msg: "The file {{ item }} doesn't exist" - when: not item.stat.exists - loop: "{{ st.results }}" - - name: Show the content of the generated Ceph config file - shell: "cat {{ tripleo_ceph_client_fetch_dir +'/'+ tripleo_ceph_client_cluster + '.conf' }}" - register: cat_ceph_conf - when: verbosity - - debug: - msg: "{{ cat_ceph_conf.stdout }}" - when: verbosity - vars: - tripleo_ceph_client_cluster: "ceph" - verbosity: true - expected_files: - - '{{ tripleo_ceph_client_cluster }}.client.glance.keyring' - - '{{ tripleo_ceph_client_cluster }}.client.manila.keyring' - - '{{ tripleo_ceph_client_cluster }}.conf' - - - name: Run tripleo_ceph_client with ceph_external_multi_config - block: - - include_role: - name: tripleo_ceph_client - name: Call tripleo_ceph_client and pass multiple - vars: - tripleo_ceph_client_config_home: "/var/lib/tripleo-config/ceph" - multiple: "{{ item }}" - loop: "{{ ceph_external_multi_config }}" - - - name: grep expected content from generated Ceph config files for dcn0/dcn1 - shell: "grep {{ item.fsid }} {{ tripleo_ceph_client_fetch_dir +'/'+ item.cluster +'.conf' }} | wc -l" - register: grep_ceph_conf_dcn - loop: - - {cluster: 'dcn0', fsid: 'b6d6c1b9-cb48-4e1f-a48b-63b27a704ab1'} - - {cluster: 'dcn1', fsid: 'cf9b830d-8c6a-418f-b6ce-a9156ae014ba'} - - - name: Fail if expected FSID is not found in dcn0 or dcn1 Ceph conf file - fail: - msg: "'{{ item.cmd }}' returned {{ item.stdout }} instead of 1" - when: not item.stdout == '1' - loop: "{{ grep_ceph_conf_dcn.results }}" - - - name: grep expected content from generated cephx files for dcn0/dcn1 - shell: "grep {{ item.key }} {{ tripleo_ceph_client_fetch_dir +'/'+ item.cluster + '.client.openstack.keyring' }} | wc -l" - register: grep_cephx_dcn - loop: - - {cluster: 'dcn0', key: 'AQAqFN1fAAAAABAAkHoVtZxSvvRbwYtZ4LwNZA=='} - - {cluster: 'dcn1', key: 'AQAqJt1fAAAAABAATLe3ZcGWrahsG2wp17nPVQ=='} - - - name: Fail if expected cephx key is not found in dcn0 or dcn1 keyring file - fail: - msg: "'{{ item.cmd }}' returned {{ item.stdout }} instead of 1" - when: not item.stdout == '1' - loop: "{{ grep_cephx_dcn.results }}" - - vars: - ceph_external_multi_config: - - cluster: dcn0 - ceph_conf_overrides: - client: - keyring: /etc/ceph/dcn0.client.openstack.keyring - dashboard_enabled: false - external_cluster_mon_ips: 192.168.24.7,192.168.24.14,192.168.24.24 - fsid: b6d6c1b9-cb48-4e1f-a48b-63b27a704ab1 - keys: - - caps: - mgr: allow * - mon: profile rbd - osd: profile rbd pool=vms, profile rbd pool=volumes, profile rbd pool=images - key: AQAqFN1fAAAAABAAkHoVtZxSvvRbwYtZ4LwNZA== - mode: '0600' - name: client.openstack - - cluster: dcn1 - ceph_conf_overrides: - client: - keyring: /etc/ceph/dcn1.client.openstack.keyring - dashboard_enabled: false - external_cluster_mon_ips: 192.168.25.7,192.168.25.14,192.168.25.24 - fsid: cf9b830d-8c6a-418f-b6ce-a9156ae014ba - keys: - - caps: - mgr: allow * - mon: profile rbd - osd: profile rbd pool=vms, profile rbd pool=volumes, profile rbd pool=images - key: AQAqJt1fAAAAABAATLe3ZcGWrahsG2wp17nPVQ== - mode: '0600' - name: client.openstack - - name: Test effective client tasks file - block: - - name: Test include case - include_tasks: ../../tasks/effective_clients_limit.yml - vars: # I am overriding this magic variable only for testing purposes - ansible_limit: 'undercloud:controller-2' - - name: Fail if include case has an unxpected value - fail: - msg: "tripleo_ceph_client_effective_clients returned - '{{ tripleo_ceph_client_effective_clients }}' - instead of ['controller-2']" - when: tripleo_ceph_client_effective_clients != ['controller-2'] - - name: reset facts - set_fact: - tripleo_ceph_client_exclude: [] - tripleo_ceph_client_include: [] - - - name: Test exclude case - include_tasks: ../../tasks/effective_clients_limit.yml - vars: # I am overriding this magic variable only for testing purposes - ansible_limit: 'undercloud:!controller-2' - - name: Fail if exclude case has an unxpected value - fail: - msg: "tripleo_ceph_client_effective_clients returned - '{{ tripleo_ceph_client_effective_clients }}' instead - of ['compute-0', 'controller-0', 'controller-1']" - when: tripleo_ceph_client_effective_clients | sort != - ['compute-0', 'controller-0', 'controller-1'] | sort - - name: reset facts - set_fact: - tripleo_ceph_client_exclude: [] - tripleo_ceph_client_include: [] - - - name: Test include/exclude case - include_tasks: ../../tasks/effective_clients_limit.yml - vars: # I am overriding this magic variable only for testing purposes - ansible_limit: 'undercloud,!controller-2,controller-1' - - name: Fail if include/exclude case has an unxpected value - fail: - msg: "tripleo_ceph_client_effective_clients returned - '{{ tripleo_ceph_client_effective_clients }}' - instead of ['controller-1']" - when: tripleo_ceph_client_effective_clients != ['controller-1'] - vars: - client_group: - - controller-0 - - controller-1 - - controller-2 - - compute-0 diff --git a/tripleo_ansible/roles/tripleo_ceph_client/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_ceph_client/molecule/default/molecule.yml deleted file mode 100644 index d403c92c7..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client/molecule/default/molecule.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - vars: - ansible_user: root - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_ceph_client/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_ceph_client/molecule/default/prepare.yml deleted file mode 100644 index 73b034f0f..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client/molecule/default/prepare.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data - post_tasks: - - name: Ensure tripleo_ceph_client_config_home exists on all clients - become: true - file: - path: "{{ tripleo_ceph_client_config_home | default('/etc/ceph') }}" - state: "directory" diff --git a/tripleo_ansible/roles/tripleo_ceph_client/tasks/ceph_ansible.yml b/tripleo_ansible/roles/tripleo_ceph_client/tasks/ceph_ansible.yml deleted file mode 100644 index 65edd8dd1..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client/tasks/ceph_ansible.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Get values if ceph-ansible deployed - block: - - name: Get ceph_mon_ip addresses - set_fact: - tripleo_ceph_client_mon_ips: "{{ (tripleo_ceph_client_mon_ips | default([])) - | union([hostvars[item][tripleo_ceph_client_net]]) }}" - loop: "{{ groups['ceph_mon'] | list }}" - vars: - tripleo_ceph_client_net: "{{ service_net_map['ceph_mon_network'] + '_ip' }}" - when: - - (tripleo_enabled_services | intersect(['ceph_mon'])) and - (groups['ceph_mon'] | length > 0) - - - name: Set external_cluster_mon_ips - set_fact: - external_cluster_mon_ips: "{{ ceph_ansible_group_vars_clients.external_cluster_mon_ips }}" - tripleo_ceph_client_mon_ips: [] - when: - - (ceph_ansible_group_vars_clients.external_cluster_mon_ips is defined) and - (not tripleo_enabled_services | intersect(['ceph_mon'])) - - - name: Prepare ceph config variables - set_fact: - tripleo_ceph_client_fsid: "{{ ceph_ansible_group_vars_all.fsid }}" - tripleo_ceph_client_cluster_network: "{{ ceph_ansible_group_vars_all.cluster_network }}" - tripleo_ceph_client_cluster: "{{ ceph_ansible_group_vars_all.cluster }}" diff --git a/tripleo_ansible/roles/tripleo_ceph_client/tasks/create_ceph_conf.yml b/tripleo_ansible/roles/tripleo_ceph_client/tasks/create_ceph_conf.yml deleted file mode 100644 index 21630be95..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client/tasks/create_ceph_conf.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: create ceph.conf - become: true - template: - src: templates/ceph_conf.j2 - dest: "{{ tripleo_ceph_client_fetch_dir }}/{{ tripleo_ceph_client_cluster | default('ceph') }}.conf" - group: root - owner: root - mode: 0644 - force: true diff --git a/tripleo_ansible/roles/tripleo_ceph_client/tasks/create_keys.yml b/tripleo_ansible/roles/tripleo_ceph_client/tasks/create_keys.yml deleted file mode 100644 index c19f7ec93..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client/tasks/create_keys.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: create cephx key(s) - template: - src: templates/ceph_key.j2 - dest: "{{ tripleo_ceph_client_fetch_dir }}/{{ tripleo_ceph_client_cluster | default('ceph') }}.{{ item.name }}.keyring" - mode: 0600 - force: true - loop: "{{ ceph_keys| default([]) }}" diff --git a/tripleo_ansible/roles/tripleo_ceph_client/tasks/effective_clients_limit.yml b/tripleo_ansible/roles/tripleo_ceph_client/tasks/effective_clients_limit.yml deleted file mode 100644 index 33f001ab5..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client/tasks/effective_clients_limit.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# sanitize limit to always use ':' -# external_deploy_steps_tasks with limit must always include undercloud -# but we do not want undercloud given how we will delegate from it -- name: set limit list - set_fact: - tripleo_ceph_client_limit_list: "{{ ( ansible_limit | - regex_replace(':|,', ':') | - regex_replace('undercloud:', '') ).split(':') }}" - -# 'a:!b:c' --> only 'b' (without '!') -- name: set exclude hosts - set_fact: - tripleo_ceph_client_exclude: "{{ tripleo_ceph_client_exclude|default([]) - + [ item | regex_replace('!') ] }}" - when: item is regex('^\!') - loop: "{{ tripleo_ceph_client_limit_list }}" - -# 'a:!b:c' --> only 'a:c' -- name: set include hosts - set_fact: - tripleo_ceph_client_include: "{{ tripleo_ceph_client_include|default([]) - + [item] }}" - when: item is not regex('^\!') - loop: "{{ tripleo_ceph_client_limit_list }}" - -- name: set effective deny list with exclude - set_fact: - tripleo_ceph_client_effective_clients: "{{ client_group | - symmetric_difference(tripleo_ceph_client_exclude) | - list }}" - when: - - tripleo_ceph_client_exclude is defined - - tripleo_ceph_client_exclude | length > 0 - -# if include list is used, then exclude list does not matter, so then -# reset the effective clients fact; this task must be after exclude task -- name: set effective allow list with include - set_fact: - tripleo_ceph_client_effective_clients: "{{ client_group | - intersect(tripleo_ceph_client_include) | - list }}" - when: - - tripleo_ceph_client_include is defined - - tripleo_ceph_client_include | length > 0 diff --git a/tripleo_ansible/roles/tripleo_ceph_client/tasks/fetch_dir.yml b/tripleo_ansible/roles/tripleo_ceph_client/tasks/fetch_dir.yml deleted file mode 100644 index 4ab24e295..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client/tasks/fetch_dir.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Build fetch_dir - block: - - name: Clean any old fetch directory path - tags: 'clean_fetch_dir' - file: - state: absent - path: "{{ tripleo_ceph_client_fetch_dir }}/" - when: clean - - name: Create ceph_client_fetch_dir for the current execution - tags: 'build_fetch_dir' - file: - path: "{{ tripleo_ceph_client_fetch_dir }}" - state: directory - when: build diff --git a/tripleo_ansible/roles/tripleo_ceph_client/tasks/main.yml b/tripleo_ansible/roles/tripleo_ceph_client/tasks/main.yml deleted file mode 100644 index 376abc7c7..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client/tasks/main.yml +++ /dev/null @@ -1,85 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: get the list of enabled services on the overcloud - set_fact: - tripleo_enabled_services: "{{ enabled_services | default([]) }}" - -- include_tasks: fetch_dir.yml - name: Create ceph_client_fetch_dir - vars: - clean: true - build: true - -- name: Check if the input variables exist - stat: - path: '{{ tripleo_ceph_client_vars }}' - register: ceph_input_vars - when: tripleo_ceph_client_vars is defined - -- name: Load variables produced by the cephadm provisioning process - include_vars: '{{ tripleo_ceph_client_vars }}' - when: - - tripleo_ceph_client_vars is defined - - ceph_input_vars.stat.exists == True - -- name: Get Ceph Cluster variables if ceph-ansible deployed - include_tasks: ceph_ansible.yml - when: - - tripleo_ceph_client_vars is not defined - - ceph_ansible_group_vars_all is defined - -- name: Configure multiple external ceph clusters - include_tasks: multiple_external_ceph_clusters.yml - when: - - multiple is defined and multiple | length > 0 - -- include_tasks: create_keys.yml - name: Render keys provided for the Ceph cluster - vars: - ceph_keys: | - {% if tripleo_ceph_client_keys | length > 0 %} - {% set client_keys = tripleo_ceph_client_keys %} - {% elif keys is defined and keys is mapping %} - {% set client_keys = keys.get('keys', {}) %} - {% else %} - {% set client_keys = keys %} - {% endif %} - {{ client_keys }} - when: - - (tripleo_ceph_client_keys is defined) or (keys is defined) - -- include_tasks: create_ceph_conf.yml - name: Render ceph config for the Ceph Clients - vars: - config_overrides: | - {% if tripleo_ceph_client_config_overrides is defined and tripleo_ceph_client_config_overrides | length > 0 %} - {% set overrides = tripleo_ceph_client_config_overrides %} - {% elif ceph_overrides is defined %} - {% set overrides = ceph_overrides.get('ceph_conf_overrides', {}) %} - {% else %} - {% set overrides = {} %} - {% endif %} - {{ overrides }} - -- include_tasks: sync.yml - name: Configure Ceph Clients - -- include_tasks: fetch_dir.yml - name: Clean ceph_client_fetch_dir - vars: - clean: true - build: false diff --git a/tripleo_ansible/roles/tripleo_ceph_client/tasks/multiple_external_ceph_clusters.yml b/tripleo_ansible/roles/tripleo_ceph_client/tasks/multiple_external_ceph_clusters.yml deleted file mode 100644 index 21c198e8c..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client/tasks/multiple_external_ceph_clusters.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Get values for multiple external ceph clusters - block: - - name: Prepare ceph config variables - set_fact: - external_cluster_mon_ips: "{{ multiple.external_cluster_mon_ips }}" - tripleo_ceph_client_fsid: "{{ multiple.fsid | default(multiple.tripleo_ceph_cluster_fsid, true) }}" - tripleo_ceph_client_cluster_network: '' - tripleo_ceph_client_mon_ips: [] - tripleo_ceph_client_cluster: "{{ multiple.cluster | default(multiple.tripleo_ceph_cluster_name, true) }}" - tripleo_ceph_client_keys: "{{ multiple.get('keys',[]) }}" - tripleo_ceph_client_config_overrides: "{{ multiple.get('ceph_conf_overrides',{}) }}" diff --git a/tripleo_ansible/roles/tripleo_ceph_client/tasks/sync.yml b/tripleo_ansible/roles/tripleo_ceph_client/tasks/sync.yml deleted file mode 100644 index fe0430028..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client/tasks/sync.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: copy keys around - tags: 'ceph_client_rsync' - block: - - name: set effective ceph_clients without limit - set_fact: - tripleo_ceph_client_effective_clients: "{{ groups['ceph_client'] }}" - when: - - (ansible_limit is not defined) or (ansible_limit|length < 1) - - - name: set effective ceph_clients with limit - include_tasks: effective_clients_limit.yml - vars: - client_group: "{{ groups['ceph_client'] }}" - when: - - (ansible_limit is defined) and (ansible_limit|length > 0) - - # The ceph_external_multi_config usecase requires mon_client_hosts - # which is defined in roles/tripleo_ceph_work_dir/tasks/prepare.yml - - name: set distribution list from cross product of files and effective clients - set_fact: - tripleo_ceph_client_dist: "{{ lookup('fileglob', - tripleo_ceph_client_fetch_dir ~ '/*', - wantlist=True) - | product(mon_client_hosts|default([]) - | union(tripleo_ceph_client_effective_clients | default([])) - | unique) - | list }}" - - - name: Ensure /etc/ceph exists on all clients - become: true - file: - path: "{{ tripleo_ceph_client_config_home }}" - state: "directory" - delegate_to: "{{ item[1] }}" - loop: "{{ tripleo_ceph_client_dist }}" - - - name: push files to the other nodes of cluster - become: true - copy: - src: "{{ item[0] }}" - dest: "{{ tripleo_ceph_client_config_home }}/{{ item[0] | basename }}" - mode: "{{ '600' if item[0] | regex_search('.*.keyring$') else '644' }}" - delegate_to: "{{ item[1] }}" - loop: "{{ tripleo_ceph_client_dist }}" diff --git a/tripleo_ansible/roles/tripleo_ceph_client/templates/ceph_conf.j2 b/tripleo_ansible/roles/tripleo_ceph_client/templates/ceph_conf.j2 deleted file mode 100644 index 69c4ac731..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client/templates/ceph_conf.j2 +++ /dev/null @@ -1,38 +0,0 @@ -# {{ ansible_managed }} -{# MACRO AREA #} -{% macro render_map(root) -%} -{% for key, value in root.items() %} -{{ key}} = {{ value }} -{% endfor %} -{% endmacro %} - -[global] - -{% if tripleo_ceph_client_cluster_network is defined and tripleo_ceph_client_cluster_network | length > 0 %} -cluster network = {{ tripleo_ceph_client_cluster_network | regex_replace(' ', '') }} -{% endif %} -fsid = {{ tripleo_ceph_client_fsid }} -mon host = {% if tripleo_ceph_client_mon_ips is defined and tripleo_ceph_client_mon_ips | length > 0 %} -{% for ip in tripleo_ceph_client_mon_ips %}{{ip}}{% if not loop.last %},{% endif %}{% endfor %} -{% else %} -{{ external_cluster_mon_ips }} -{% endif %} - -{# Build the remaining sections #} -{% for key, value in (config_overrides | default({})).items() %} -{% if (['client']) | intersect([key]) %} -[{{ key }}] -{# Render the current section #} -{{ render_map(value) }} -{% endif %} -{% endfor %} - -[client.libvirt] -admin socket = {{ tripleo_ceph_client_rbd_admin_socket_path }}/$cluster-$type.$id.$pid.$cctid.asok -log file = {{ tripleo_ceph_client_rbd_log_file }} - -{% if tripleo_cephadm_ceph_nfs_ceph_user is defined %} -[client.{{ tripleo_cephadm_ceph_nfs_ceph_user }}] -client mount uid = 0 -client mount gid = 0 -{% endif %} diff --git a/tripleo_ansible/roles/tripleo_ceph_client/templates/ceph_key.j2 b/tripleo_ansible/roles/tripleo_ceph_client/templates/ceph_key.j2 deleted file mode 100644 index 39b372f4b..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client/templates/ceph_key.j2 +++ /dev/null @@ -1,5 +0,0 @@ -[{{ item.name }}] - key = "{{ item.key }}" -{% for key, value in item.caps.items() %} - caps {{ key }} = {{ value }} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_ceph_client_files/defaults/main.yml b/tripleo_ansible/roles/tripleo_ceph_client_files/defaults/main.yml deleted file mode 100644 index 897d5871a..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client_files/defaults/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_ceph_client_files" -tripleo_ceph_client_files_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_ceph_client_files_hide_sensitive_logs: true -tripleo_ceph_client_files_source: "" -tripleo_ceph_client_files_config_home: "{{ tripleo_ceph_client_config_home | default('/var/lib/tripleo-config/ceph/') }}" diff --git a/tripleo_ansible/roles/tripleo_ceph_client_files/handlers/main.yml b/tripleo_ansible/roles/tripleo_ceph_client_files/handlers/main.yml deleted file mode 100644 index dfe6723b5..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client_files/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. diff --git a/tripleo_ansible/roles/tripleo_ceph_client_files/meta/main.yml b/tripleo_ansible/roles/tripleo_ceph_client_files/meta/main.yml deleted file mode 100644 index 770016044..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client_files/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: TripleO OpenStack Role -- tripleo_ceph_client_files - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - namespace: openstack - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 8 - - 9 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_ceph_client_files/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_ceph_client_files/molecule/default/converge.yml deleted file mode 100644 index 133a47934..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client_files/molecule/default/converge.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_ceph_client_files" - vars: - tripleo_ceph_client_files_source: "/home/stack/ceph_files/" diff --git a/tripleo_ansible/roles/tripleo_ceph_client_files/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_ceph_client_files/molecule/default/molecule.yml deleted file mode 100644 index 20d7e2005..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client_files/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_ceph_client_files/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_ceph_client_files/molecule/default/prepare.yml deleted file mode 100644 index ec16f729a..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client_files/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_ceph_client_files/tasks/main.yml b/tripleo_ansible/roles/tripleo_ceph_client_files/tasks/main.yml deleted file mode 100644 index 5d97b44f5..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client_files/tasks/main.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Fail if tripleo_ceph_client_files_source is missing - fail: - msg: >- - tripleo_ceph_client_files_source must be set to a path that - already exists on the Ansible host which contains Ceph - configuration and Cephx key files. - when: - - tripleo_ceph_client_files_source is not defined or - (tripleo_ceph_client_files_source is defined and - tripleo_ceph_client_files_source | length < 1) - -- name: Get list ceph files to copy from localhost tripleo_ceph_client_files_source - delegate_to: localhost - become: true - set_fact: - tripleo_ceph_client_dist: "{{ lookup('fileglob', - tripleo_ceph_client_files_source ~ '/*', - wantlist=True) | list }}" - -- name: Ensure tripleo_ceph_client_config_home exists on all hosts - file: - path: "{{ tripleo_ceph_client_files_config_home }}" - state: directory - become: true - -- name: Push files from tripleo_ceph_client_files_source to all hosts - become: true - copy: - src: "{{ item }}" - dest: "{{ tripleo_ceph_client_files_config_home }}/{{ item | basename }}" - mode: "{{ '600' if item | regex_search('.*.keyring$') else '644' }}" - loop: "{{ tripleo_ceph_client_dist }}" diff --git a/tripleo_ansible/roles/tripleo_ceph_client_files/vars/main.yml b/tripleo_ansible/roles/tripleo_ceph_client_files/vars/main.yml deleted file mode 100644 index 025c19d46..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_client_files/vars/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "tripleo_ceph_client_files" diff --git a/tripleo_ansible/roles/tripleo_ceph_distribute_keys/defaults/main.yml b/tripleo_ansible/roles/tripleo_ceph_distribute_keys/defaults/main.yml deleted file mode 100644 index aaa5c76bf..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_distribute_keys/defaults/main.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_ceph_distribute_keys" -tripleo_ceph_distribute_keys_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_ceph_distribute_keys_hide_sensitive_logs: true -tripleo_ceph_distribute_keys_config_home: /etc/ceph -tripleo_ceph_distribute_keys_cluster: "ceph" -tripleo_ceph_distribute_keys_keyring_prefix: "{{ tripleo_ceph_distribute_keys_config_home }}/{{ tripleo_ceph_distribute_keys_cluster }}.client" -tripleo_ceph_distribute_keys_admin_keyring: "{{ tripleo_ceph_distribute_keys_keyring_prefix }}.admin.keyring" -tripleo_ceph_distribute_keys_ceph_uid: 167 diff --git a/tripleo_ansible/roles/tripleo_ceph_distribute_keys/meta/main.yml b/tripleo_ansible/roles/tripleo_ceph_distribute_keys/meta/main.yml deleted file mode 100644 index 4cec5ddb1..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_distribute_keys/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_ceph_distribute_keys - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_ceph_distribute_keys/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_ceph_distribute_keys/molecule/default/converge.yml deleted file mode 100644 index df5b7546f..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_distribute_keys/molecule/default/converge.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_ceph_distribute_keys" - slurp_key: - content: "W2NsaWVudC5hZG1pbl0KCWtleSA9IEFRQmt3OUpnL0hnakh4QUFaRXBWTjRqNUxJUlpjbkJIbEFEcUdBPT0K" - encoding: "base64" - failed: false - source: "/etc/ceph/foo.client.admin.keyring" diff --git a/tripleo_ansible/roles/tripleo_ceph_distribute_keys/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_ceph_distribute_keys/molecule/default/molecule.yml deleted file mode 100644 index 20d7e2005..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_distribute_keys/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_ceph_distribute_keys/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_ceph_distribute_keys/molecule/default/prepare.yml deleted file mode 100644 index b17f36011..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_distribute_keys/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_ceph_distribute_keys/tasks/distribute_conf_and_keys.yaml b/tripleo_ansible/roles/tripleo_ceph_distribute_keys/tasks/distribute_conf_and_keys.yaml deleted file mode 100644 index 640948876..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_distribute_keys/tasks/distribute_conf_and_keys.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -- name: Ensure tripleo_cephadm_config_home (e.g. /etc/ceph) exists - file: - path: "{{ tripleo_ceph_distribute_keys_config_home }}" - state: directory - become: true - -- name: push the admin keyring to the admin nodes of the cluster - tags: - - ceph_admin_key_rsync - copy: - dest: "{{ slurp_key.source }}" - content: "{{ slurp_key.content | b64decode }}" - mode: "0600" - owner: "{{ tripleo_ceph_distribute_keys_ceph_uid }}" - group: "{{ tripleo_ceph_distribute_keys_ceph_uid }}" - when: - - inventory_hostname != bootstrap_node diff --git a/tripleo_ansible/roles/tripleo_ceph_distribute_keys/tasks/main.yml b/tripleo_ansible/roles/tripleo_ceph_distribute_keys/tasks/main.yml deleted file mode 100644 index 8dae0c0fe..000000000 --- a/tripleo_ansible/roles/tripleo_ceph_distribute_keys/tasks/main.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_ceph_distribute_keys" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: client.admin.keyring distribution - become: true - block: - - name: Fetch the ceph.client.admin.keyring from the bootstrap node - tags: - - ceph_fetch_admin_keyring - slurp: - src: "{{ tripleo_ceph_distribute_keys_admin_keyring }}" - register: slurp_key - delegate_to: "{{ groups['ceph_mon'][0] }}" - run_once: true - - include: distribute_conf_and_keys.yaml - name: Distribute the admin keyring via ansible - vars: - - bootstrap_node: "{{ groups['ceph_mon'][0] }}" diff --git a/tripleo_ansible/roles/tripleo_cephadm/defaults/main.yml b/tripleo_ansible/roles/tripleo_cephadm/defaults/main.yml deleted file mode 100644 index 7f9c3c8e6..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/defaults/main.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -# defaults file for tripleo_cephadm -tripleo_cephadm_spec_on_bootstrap: false # not recommended due to https://tracker.ceph.com/issues/49277 -tripleo_cephadm_ssh_user: ceph-admin -tripleo_cephadm_bin: /usr/sbin/cephadm -tripleo_cephadm_cluster: ceph -tripleo_cephadm_config_home: /etc/ceph -tripleo_cephadm_config_home_container: "/var/lib/ceph/{{ tripleo_cephadm_fsid }}/config/" -tripleo_cephadm_verbose: false -tripleo_cephadm_container_ns: "quay.io/ceph" -tripleo_cephadm_container_image: "ceph" -tripleo_cephadm_container_tag: "v16" -tripleo_cephadm_container_cli: "podman" -tripleo_cephadm_container_options: "--net=host --ipc=host" -tripleo_cephadm_registry_password: '' -tripleo_cephadm_registry_username: '' -tripleo_cephadm_registry_url: '' -tripleo_cephadm_keyring_prefix: "{{ tripleo_cephadm_config_home }}/{{ tripleo_cephadm_cluster }}.client" -tripleo_cephadm_admin_keyring: "{{ tripleo_cephadm_keyring_prefix }}.admin.keyring" -tripleo_cephadm_conf: "{{ tripleo_cephadm_config_home }}/{{ tripleo_cephadm_cluster }}.conf" -tripleo_cephadm_assimilate_conf: "/home/{{ tripleo_cephadm_ssh_user }}/assimilate_{{ tripleo_cephadm_cluster }}.conf" -tripleo_cephadm_assimilate_conf_container: "/home/assimilate_{{ tripleo_cephadm_cluster }}.conf" -# path on ansible host (i.e. undercloud) of the ceph spec -tripleo_cephadm_spec_ansible_host: "{{ playbook_dir }}/ceph_spec.yaml" -# path on bootstrap node of ceph spec (scp'd from above var) -tripleo_cephadm_spec: "/home/{{ tripleo_cephadm_ssh_user }}/specs/ceph_spec.yaml" -# path in container on bootstrap node of spec (podman -v'd from above var) -tripleo_cephadm_container_spec: /home/ceph_spec.yaml -# path of other ceph specs podman -v mounted into running container -tripleo_cephadm_spec_home: "/home/{{ tripleo_cephadm_ssh_user }}/specs" -tripleo_cephadm_bootstrap_files: - - "/home/{{ tripleo_cephadm_ssh_user }}/.ssh/id_rsa" - - "/home/{{ tripleo_cephadm_ssh_user }}/.ssh/id_rsa.pub" -tripleo_cephadm_uid: "167" -tripleo_cephadm_mode: "0755" -tripleo_cephadm_keyring_permissions: "0644" -tripleo_ceph_client_config_home: "/etc/ceph" -tripleo_cephadm_dashboard_enabled: false -tripleo_cephadm_observability_data_only: false -tripleo_cephadm_wait_for_mons: true -tripleo_cephadm_wait_for_mons_retries: 10 -tripleo_cephadm_wait_for_mons_delay: 20 -tripleo_cephadm_wait_for_mons_ignore_errors: false -tripleo_cephadm_wait_for_osds: true -tripleo_cephadm_wait_for_osds_retries: 40 -tripleo_cephadm_wait_for_osds_delay: 30 -tripleo_cephadm_wait_for_osds_ignore_errors: false -tripleo_cephadm_num_osd_expected: 1 -tripleo_cephadm_predeployed: true -tripleo_cephadm_conf_overrides: {} -tripleo_cephadm_fsid_list: [] -tripleo_cephadm_fqdn: false -tripleo_cephadm_crush_rules: [] -tripleo_cephadm_internal_tls_enabled: false -tripleo_cephadm_nfs_rados_export_index: 'ganesha-export-index' -tripleo_cephadm_ceph_nfs_rados_backend: true -tripleo_cephadm_certs: /etc/pki/tls -tripleo_cephadm_idmap_conf: "/etc/ganesha/idmap.conf" -tripleo_cephadm_idmap_overrides: {} -tripleo_cephadm_rbd_mirror_pool: '' -tripleo_cephadm_rbd_mirror_remote_cluster: not-ceph -tripleo_cephadm_rbd_mirror_remote_user: '' -tripleo_cephadm_debug: false -tripleo_cephadm_min_compat_client: '' -tripleo_cephadm_deployed_ceph: false -tripleo_cephadm_deployed_ceph_tht_path: "/home/stack/deployed_ceph.yaml" -tripleo_cephadm_backend: '' -tripleo_cephadm_action: disable -tripleo_cephadm_rbd_trash_interval: 15 -tripleo_cephadm_enable_trash_scheduler: false -tripleo_cephadm_apply_ceph_conf_overrides_on_update: false -tripleo_cephadm_standalone: false -tripleo_cephadm_single_host_defaults: false -tripleo_cephadm_vip_path: "/home/stack/ceph_vips.yaml" -tripleo_cephadm_default_container: false -tripleo_cephadm_nfs_ingress_frontend_port: 2049 -tripleo_cephadm_nfs_ingress_monitor_port: 8999 -tripleo_cephadm_ceph_vips: {} -tripleo_cephadm_extra_args: "" -tripleo_cephadm_pacific_filter: "16.*" diff --git a/tripleo_ansible/roles/tripleo_cephadm/meta/main.yml b/tripleo_ansible/roles/tripleo_cephadm/meta/main.yml deleted file mode 100644 index 19e1b1d49..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_cephadm - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_cephadm/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_cephadm/molecule/default/converge.yml deleted file mode 100644 index 7db0408a3..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/molecule/default/converge.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Converge - hosts: all - vars: - tripleo_cephadm_wait_for_mons: false - tripleo_ceph_client_vars: ceph_client.yaml - tripleo_cephadm_fsid_list: - - "cc7adc82-32eb-531e-b173-54047020ea3c" - tasks: - - name: Satisfy Ceph prerequisites - import_role: - name: tripleo_cephadm - tasks_from: pre - - - name: Bootstrap Ceph - import_role: - name: tripleo_cephadm - tasks_from: bootstrap - - - name: Mock ceph_mon_dump command - shell: "cat mock/mock_ceph_mon_dump.json" - register: ceph_mon_mock_dump - delegate_to: localhost - - - name: Mock ceph_keys_module_output - include_vars: mock_ceph_keys.yml - - - name: Export configuration for tripleo_ceph_client - import_role: - name: tripleo_cephadm - tasks_from: export - vars: - ceph_mon_dump: "{{ ceph_mon_mock_dump }}" - tripleo_cephadm_client_keys: "{{ mock_ceph_keys }}" - - - name: Run verify tasks - include_tasks: tasks/verify.yml diff --git a/tripleo_ansible/roles/tripleo_cephadm/molecule/default/mock/mock_ceph_mon_dump.json b/tripleo_ansible/roles/tripleo_cephadm/molecule/default/mock/mock_ceph_mon_dump.json deleted file mode 100644 index 17444ee82..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/molecule/default/mock/mock_ceph_mon_dump.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "epoch": 3, - "fsid": "ca9bf37b-ed0f-4e5a-bb21-e5b5f9b75135", - "modified": "2021-01-26T19:23:44.536193Z", - "created": "2021-01-26T19:19:33.377161Z", - "min_mon_release": 15, - "min_mon_release_name": "octopus", - "features": { - "persistent": [ - "kraken", - "luminous", - "mimic", - "osdmap-prune", - "nautilus", - "octopus" - ], - "optional": [] - }, - "mons": [ - { - "rank": 0, - "name": "oc0-controller-0", - "public_addrs": { - "addrvec": [ - { - "type": "v2", - "addr": "172.16.11.241:3300", - "nonce": 0 - }, - { - "type": "v1", - "addr": "172.16.11.241:6789", - "nonce": 0 - } - ] - }, - "addr": "172.16.11.241:6789/0", - "public_addr": "172.16.11.241:6789/0", - "priority": 0, - "weight": 0 - }, - { - "rank": 1, - "name": "oc0-controller-1", - "public_addrs": { - "addrvec": [ - { - "type": "v2", - "addr": "172.16.11.176:3300", - "nonce": 0 - }, - { - "type": "v1", - "addr": "172.16.11.176:6789", - "nonce": 0 - } - ] - }, - "addr": "172.16.11.176:6789/0", - "public_addr": "172.16.11.176:6789/0", - "priority": 0, - "weight": 0 - }, - { - "rank": 2, - "name": "oc0-controller-2", - "public_addrs": { - "addrvec": [ - { - "type": "v2", - "addr": "172.16.11.82:3300", - "nonce": 0 - }, - { - "type": "v1", - "addr": "172.16.11.82:6789", - "nonce": 0 - } - ] - }, - "addr": "172.16.11.82:6789/0", - "public_addr": "172.16.11.82:6789/0", - "priority": 0, - "weight": 0 - } - ], - "quorum": [ - 0, - 1, - 2 - ] -} diff --git a/tripleo_ansible/roles/tripleo_cephadm/molecule/default/mock/mock_deployed_metal.yaml b/tripleo_ansible/roles/tripleo_cephadm/molecule/default/mock/mock_deployed_metal.yaml deleted file mode 100644 index 5ddcd71f2..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/molecule/default/mock/mock_deployed_metal.yaml +++ /dev/null @@ -1,40 +0,0 @@ ---- -parameter_defaults: - CephStorageCount: 3 - CephStorageHostnameFormat: '%stackname%-cephstorage-%index%' - ComputeCount: 1 - ComputeHostnameFormat: '%stackname%-novacompute-%index%' - ControllerCount: 3 - ControllerHostnameFormat: '%stackname%-controller-%index%' - DeployedServerPortMap: - oc0-ceph-0-ctlplane: - fixed_ips: - - ip_address: 192.168.24.13 - oc0-ceph-1-ctlplane: - fixed_ips: - - ip_address: 192.168.24.11 - oc0-ceph-2-ctlplane: - fixed_ips: - - ip_address: 192.168.24.14 - oc0-compute-0-ctlplane: - fixed_ips: - - ip_address: 192.168.24.21 - oc0-controller-0-ctlplane: - fixed_ips: - - ip_address: 192.168.24.23 - oc0-controller-1-ctlplane: - fixed_ips: - - ip_address: 192.168.24.15 - oc0-controller-2-ctlplane: - fixed_ips: - - ip_address: 192.168.24.7 - HostnameMap: - oc0-cephstorage-0: oc0-ceph-0 - oc0-cephstorage-1: oc0-ceph-1 - oc0-cephstorage-2: oc0-ceph-2 - oc0-controller-0: oc0-controller-0 - oc0-controller-1: oc0-controller-1 - oc0-controller-2: oc0-controller-2 - oc0-novacompute-0: oc0-compute-0 -resource_registry: - OS::TripleO::DeployedServer::ControlPlanePort: /usr/share/openstack-tripleo-heat-templates/deployed-server/deployed-neutron-port.yaml diff --git a/tripleo_ansible/roles/tripleo_cephadm/molecule/default/mock/mock_inventory.yml b/tripleo_ansible/roles/tripleo_cephadm/molecule/default/mock/mock_inventory.yml deleted file mode 100644 index 6bd2cb544..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/molecule/default/mock/mock_inventory.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -Standalone: - hosts: - standalone: - ansible_host: 192.168.24.1 - canonical_hostname: standalone.localdomain - ctlplane_hostname: standalone.ctlplane.localdomain - ctlplane_ip: 192.168.24.1 -ceph_osd: - children: - Standalone: {} - vars: - ansible_ssh_user: root -ceph_mgr: - children: - Standalone: {} - vars: - ansible_ssh_user: root -ceph_client: - children: - Standalone: {} - vars: - ansible_ssh_user: root -ceph_mon: - children: - Standalone: {} - vars: - ansible_ssh_user: root -nova_libvirt: - children: - Standalone: {} - vars: - ansible_ssh_user: root diff --git a/tripleo_ansible/roles/tripleo_cephadm/molecule/default/mock/mock_overcloud_roles.yaml b/tripleo_ansible/roles/tripleo_cephadm/molecule/default/mock/mock_overcloud_roles.yaml deleted file mode 100644 index 605b57907..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/molecule/default/mock/mock_overcloud_roles.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: Controller - HostnameFormatDefault: '%stackname%-controller-%index%' - ServicesDefault: - - OS::TripleO::Services::Aide - - OS::TripleO::Services::CephClient - - OS::TripleO::Services::CephExternal - - OS::TripleO::Services::CephGrafana - - OS::TripleO::Services::CephMds - - OS::TripleO::Services::CephMgr - - OS::TripleO::Services::CephMon - - OS::TripleO::Services::CephRbdMirror - - OS::TripleO::Services::CephRgw - - OS::TripleO::Services::ManilaBackendCephFs - - OS::TripleO::Services::Zaqar -- name: Compute - HostnameFormatDefault: '%stackname%-novacompute-%index%' - ServicesDefault: - - OS::TripleO::Services::Aide - - OS::TripleO::Services::CephClient - - OS::TripleO::Services::CephExternal - - OS::TripleO::Services::OVNMetadataAgent -- name: CephStorage - ServicesDefault: - - OS::TripleO::Services::Aide - - OS::TripleO::Services::CephOSD - - OS::TripleO::Services::CertmongerUser diff --git a/tripleo_ansible/roles/tripleo_cephadm/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_cephadm/molecule/default/molecule.yml deleted file mode 100644 index 20d7e2005..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_cephadm/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_cephadm/molecule/default/prepare.yml deleted file mode 100644 index cc939467e..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/molecule/default/prepare.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_setup_tripleo: true - test_deps_setup_stream: true - test_deps_setup_ceph: true - test_deps_extra_packages: - - openssh - - role: env_data - tasks: - - name: Ensure ceph-admin group exists - become: true - group: - name: ceph-admin - state: present - - name: Ensure ceph-admin user exists - become: true - user: - name: ceph-admin - comment: ceph-admin - group: ceph-admin - groups: wheel - generate_ssh_key: true - - name: Create ceph_spec - ceph_spec_bootstrap: - new_ceph_spec: "{{ playbook_dir }}/ceph_spec.yaml" - deployed_metalsmith: mock/mock_deployed_metal.yaml - tripleo_roles: mock/mock_overcloud_roles.yaml - delegate_to: localhost diff --git a/tripleo_ansible/roles/tripleo_cephadm/molecule/default/tasks/verify.yml b/tripleo_ansible/roles/tripleo_cephadm/molecule/default/tasks/verify.yml deleted file mode 100644 index af6c89157..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/molecule/default/tasks/verify.yml +++ /dev/null @@ -1,137 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Fail if the FSID is not defined or not valid - fail: - msg: "The tripleo_cephadm_fsid {{ tripleo_ceph_client_fsid|default('') }} variable is either undefined or not valid" - when: - - tripleo_cephadm_fsid is not defined - - tripleo_cephadm_fsid | regex_search(regex) - vars: - - regex: '\b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b' - -- name: Stat pre ceph conf file - stat: - path: "{{ tripleo_cephadm_assimilate_conf }}" - register: tripleo_cephadm_assimilate_conf_stat - become: true - -- name: Fail if pre ceph conf file is missing - fail: - msg: "{{ tripleo_cephadm_assimilate_conf }} does not exist according to stat" - when: - - tripleo_cephadm_assimilate_conf_stat.stat.exists is not defined - -- name: Stat spec file on bootstrap node - stat: - path: "{{ item }}" - register: tripleo_cephadm_spec_files_stat - become: true - loop: - - "{{ tripleo_cephadm_spec }}" - -- name: Fail if spec file is missing - fail: - msg: "{{ item.invocation.module_args.path }} does not exist" - loop: "{{ tripleo_cephadm_spec_files_stat.results | list }}" - when: not item.stat.exists - -- name: Get ceph_cli - include_tasks: "../../tasks/ceph_cli.yaml" - vars: - mount_spec: true - -- name: Assert that ceph_cli contains expected parameters - assert: - that: - - tripleo_cephadm_ceph_cli | regex_search('^' + tripleo_cephadm_container_cli + ' run --rm') - - tripleo_cephadm_ceph_cli | regex_search(tripleo_cephadm_container_options) - - tripleo_cephadm_ceph_cli | regex_search(ceph_vol) - - tripleo_cephadm_ceph_cli | regex_search(spec_vol) - - tripleo_cephadm_ceph_cli | regex_search('--entrypoint ceph') - - tripleo_cephadm_ceph_cli | regex_search(image) - - tripleo_cephadm_ceph_cli | regex_search('--fsid ' + tripleo_cephadm_fsid) - - tripleo_cephadm_ceph_cli | regex_search('-c ' + tripleo_cephadm_conf) - - tripleo_cephadm_ceph_cli | regex_search('-k ' + tripleo_cephadm_admin_keyring) - vars: - ceph_vol: "--volume {{ tripleo_cephadm_config_home_container }}:{{ tripleo_cephadm_config_home }}:z" - spec_vol: "--volume {{ tripleo_cephadm_spec }}:{{ tripleo_cephadm_container_spec }}:z" - image: "{{ tripleo_cephadm_container_ns }}/{{ tripleo_cephadm_container_image }}:{{ tripleo_cephadm_container_tag }}" - -- name: Confirm we can inlcude_vars the generated tripleo_ceph_client input file - include_vars: "{{ tripleo_ceph_client_vars }}" - delegate_to: localhost - -- name: Assert that the generated client vars are correct - assert: - that: - - tripleo_ceph_client_fsid == tripleo_cephadm_fsid - - external_cluster_mon_ips == ips - - keys[0].name == 'client.openstack' - - keys[0].key == 'AQATZBBgAAAAABAAUl/GZvcldk6G74AoZ2v2rg==' - - keys[0].caps.mgr == 'allow *' - - keys[0].caps.mon == 'profile rbd' - - keys[0].caps.osd == osd_profile - vars: - osd_profile: 'profile rbd pool=vms, profile rbd pool=volumes, profile rbd pool=images' - ips: '[v2:172.16.11.241:3300/0,v1:172.16.11.241:6789/0],[v2:172.16.11.176:3300/0,v1:172.16.11.176:6789/0],[v2:172.16.11.82:3300/0,v1:172.16.11.82:6789/0]' - -- name: Read spec file genereated from ceph_spec_bootstrap module - shell: "cat {{ tripleo_cephadm_spec_ansible_host }}" - register: cat_ceph_spec - delegate_to: localhost - -- name: Assert expected values about hosts entries - assert: - that: - - item.hostname is match("oc0-(controller|ceph)-(0|1|2)") - - item.addr is match("192.168.24.[0-9]{1,2}") - - (item.labels | join(' ')) is match ("mgr|mon|osd|_admin") - when: - - item.service_type == 'host' - loop: "{{ cat_ceph_spec.stdout | from_yaml_all | list }}" - -- name: Assert expected values about mon and mgr daemon entries - assert: - that: - - item.placement.hosts == expected_hosts - - item.service_id == item.service_name - when: - - item.service_type == 'mon' or item.service_type == 'mgr' - loop: "{{ cat_ceph_spec.stdout | from_yaml_all | list }}" - vars: - expected_hosts: - - oc0-controller-0 - - oc0-controller-1 - - oc0-controller-2 - -- name: Assert expected values about osd daemon entries - assert: - that: - - item.placement.hosts == expected_hosts - - item.service_id == 'default_drive_group' - - item.service_name == 'osd.default_drive_group' - - item.data_devices == expected_devices - when: - - item.service_type == 'osd' - loop: "{{ cat_ceph_spec.stdout | from_yaml_all | list }}" - vars: - expected_hosts: - - oc0-ceph-0 - - oc0-ceph-1 - - oc0-ceph-2 - expected_devices: - all: true diff --git a/tripleo_ansible/roles/tripleo_cephadm/molecule/default/vars/mock_ceph_keys.yml b/tripleo_ansible/roles/tripleo_cephadm/molecule/default/vars/mock_ceph_keys.yml deleted file mode 100644 index c0313af82..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/molecule/default/vars/mock_ceph_keys.yml +++ /dev/null @@ -1,109 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -mock_ceph_keys: - results: - - ansible_facts: - discovered_interpreter_python: /usr/libexec/platform-python - ansible_loop_var: item - changed: false - cmd: - - podman - - run - - --rm - - --net=host - - -v - - /etc/ceph:/etc/ceph:z - - -v - - /var/lib/ceph/:/var/lib/ceph/:z - - -v - - /var/log/ceph/:/var/log/ceph/:z - - --entrypoint=ceph - - undercloud.ctlplane.mydomain.tld:8787/ceph-ci/daemon:v5.0.7-stable-5.0-octopus-centos-8-x86_64 - - -n - - client.admin - - -k - - /etc/ceph/ceph.client.admin.keyring - - --cluster - - ceph - - auth - - get - - client.openstack - - -f - - json - delta: '0:00:01.501594' - end: '2021-01-29 19:48:16.372821' - failed: false - invocation: - module_args: - attributes: null - backup: null - caps: null - cluster: ceph - content: null - delimiter: null - dest: /etc/ceph/ - directory_mode: null - follow: false - force: null - group: null - import_key: true - mode: null - name: client.openstack - output_format: json - owner: null - regexp: null - remote_src: null - secret: null - selevel: null - serole: null - setype: null - seuser: null - src: null - state: info - unsafe_writes: null - user: client.admin - user_key: null - item: - caps: - mgr: allow * - mon: profile rbd - osd: profile rbd pool=vms, profile rbd pool=volumes, profile rbd pool=images - key: AQATZBBgAAAAABAAUl/GZvcldk6G74AoZ2v2rg== - mode: '0600' - name: client.openstack - rc: 0 - start: '2021-01-29 19:48:14.871227' - stderr: exported keyring for client.openstack - stderr_lines: - - exported keyring for client.openstack - stdout: >- - [{"entity":"client.openstack", - "key":"AQATZBBgAAAAABAAUl/GZvcldk6G74AoZ2v2rg==", - "caps":{ - "mgr":"allow *", - "mon":"profile rbd", - "osd":"profile rbd pool=vms, profile rbd pool=volumes, profile rbd pool=images" - }}] - stdout_lines: >- - - '' - - '[{"entity":"client.openstack", - "key":"AQATZBBgAAAAABAAUl/GZvcldk6G74AoZ2v2rg==", - "caps":{ - "mgr":"allow *", - "mon":"profile rbd", - "osd":"profile rbd pool=vms, profile rbd pool=volumes, profile rbd pool=images" - }}]' diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/apply_ceph_conf_overrides.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/apply_ceph_conf_overrides.yaml deleted file mode 100644 index a8c168bc6..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/apply_ceph_conf_overrides.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Ensure tripleo_cephadm_ceph_cli is set - include_tasks: ceph_cli.yaml - when: - - tripleo_cephadm_ceph_cli is not defined - -# pre.yml populated tripleo_cephadm_assimilate_conf with the latest config - -- name: Assimilate configuration from tripleo_cephadm_assimilate_conf - command: | - {{ tripleo_cephadm_ceph_cli }} config assimilate-conf - -i {{ tripleo_cephadm_assimilate_conf_container }} - changed_when: false - become: true diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/apply_spec.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/apply_spec.yaml deleted file mode 100644 index 0d2112b43..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/apply_spec.yaml +++ /dev/null @@ -1,62 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Stat spec file on bootstrap node - stat: - path: "{{ item }}" - register: tripleo_cephadm_spec_files_stat - become: true - loop: - - "{{ tripleo_cephadm_spec }}" - -- name: Fail if spec file is missing - fail: - msg: "{{ item.invocation.module_args.path }} does not exist" - loop: "{{ tripleo_cephadm_spec_files_stat.results | list }}" - when: not item.stat.exists - -- name: Get ceph_cli - include_tasks: ceph_cli.yaml - vars: - mount_spec: true - -- name: Get the ceph orchestrator status - command: "{{ tripleo_cephadm_ceph_cli }} orch status --format json" - register: ceph_orch_status - become: true - -- name: Fail if ceph orchestrator is not available - fail: - msg: "'ceph orch status' returned {{ ceph_orch_status.stdout | from_json }}" - when: - - not (ceph_orch_status.stdout | from_json).available - -- name: Run ceph config set for parameters before applying the spec - include_tasks: cephadm_config_set.yaml - -- name: Apply spec - command: "{{ tripleo_cephadm_ceph_cli }} orch apply --in-file {{ tripleo_cephadm_container_spec }}" - register: tripleo_cephadm_apply_spec_out - become: true - -- name: Show results of spec apply - debug: - msg: "{{ tripleo_cephadm_apply_spec_out }}" - when: tripleo_cephadm_verbose | bool - -- name: Wait for the expected number of osds to be running - include_tasks: wait_for_expected_num_osds.yaml - when: tripleo_cephadm_wait_for_osds | bool diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/bootstrap.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/bootstrap.yaml deleted file mode 100644 index ea9fe5547..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/bootstrap.yaml +++ /dev/null @@ -1,86 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Add spec to necessary file list when using spec to bootstrap - set_fact: - tripleo_cephadm_bootstrap_files: "{{ tripleo_cephadm_bootstrap_files + [ tripleo_cephadm_spec ] }}" - when: tripleo_cephadm_spec_on_bootstrap | bool - -- name: Stat necessary files to bootstrap with cephadm - stat: - path: "{{ item }}" - register: tripleo_cephadm_bootstrap_files_stat - become: true - loop: "{{ tripleo_cephadm_bootstrap_files }}" - -- name: Fail if necessary files are missing - fail: - msg: "{{ item.invocation.module_args.path }} does not exist" - loop: "{{ tripleo_cephadm_bootstrap_files_stat.results | list }}" - when: not item.stat.exists - -- name: Stat pre ceph conf file in case we should bootrap with it - stat: - path: "{{ tripleo_cephadm_assimilate_conf }}" - register: tripleo_cephadm_assimilate_conf_stat - become: true - -# cephadm_ls should be registered by pre.yaml - -- name: Bootstrap Ceph if there are no running Ceph Daemons - block: - - name: Run cephadm bootstrap - shell: | - {{ tripleo_cephadm_bin }} \ - {% if not tripleo_cephadm_default_container %}--image {{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag|string }} \{% endif %} - bootstrap \ - --skip-firewalld \ - --ssh-private-key /home/{{ tripleo_cephadm_ssh_user }}/.ssh/id_rsa \ - --ssh-public-key /home/{{ tripleo_cephadm_ssh_user }}/.ssh/id_rsa.pub \ - --ssh-user {{ tripleo_cephadm_ssh_user }} \ - --allow-fqdn-hostname \ - --output-keyring {{ tripleo_cephadm_admin_keyring }} \ - --output-config {{ tripleo_cephadm_conf }} \ - --fsid {{ tripleo_cephadm_fsid }} \ - {% if tripleo_cephadm_registry_url|length > 0 %}--registry-url {{ tripleo_cephadm_registry_url }} \{% endif %} - {% if tripleo_cephadm_registry_username|length > 0 %}--registry-username {{ tripleo_cephadm_registry_username }} \{% endif %} - {% if tripleo_cephadm_registry_password|length > 0 %}--registry-password {{ tripleo_cephadm_registry_password }} \{% endif %} - {% if tripleo_cephadm_spec_on_bootstrap %}--apply-spec {{ tripleo_cephadm_spec }} \{% endif %} - {% if tripleo_cephadm_assimilate_conf_stat.stat.exists %}--config {{ tripleo_cephadm_assimilate_conf }} \{% endif %} - {% if tripleo_cephadm_single_host_defaults %}--single-host-defaults \{% endif %} - --skip-monitoring-stack --skip-dashboard \ - {% if tripleo_cephadm_extra_args|length > 0 %}{{ tripleo_cephadm_extra_args }} \{% endif %} - --mon-ip {{ tripleo_cephadm_first_mon_ip }} - register: cephadm_bootstrap - become: true - - name: Show results of bootstrap - debug: - msg: "{{ cephadm_bootstrap }}" - when: tripleo_cephadm_verbose | bool - when: - - cephadm_ls is defined - - cephadm_ls.stdout == '[]' - tags: - - cephadm_bootstrap - -- name: If cephadm bootstrap was not run report the reason - debug: - msg: | - 'cephadm bootstrap' was not run because 'cephadm ls' - indicates that Ceph containers are already running. - when: - - cephadm_ls is defined - - cephadm_ls.stdout != '[]' diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/ceph_cli.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/ceph_cli.yaml deleted file mode 100644 index 62891c71b..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/ceph_cli.yaml +++ /dev/null @@ -1,46 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Set ceph CLI - set_fact: - tripleo_cephadm_ceph_cli: >- - {{ tripleo_cephadm_container_cli }} run --rm {{ tripleo_cephadm_container_options }} - {% if mount_certs|default(false) %} - --volume {{ tripleo_cephadm_certs }}:/etc/pki/tls:z - {% endif %} - {% if sensitive_data|default(false) %} - --interactive - {% endif %} - --volume {{ tripleo_cephadm_config_home_container }}:/etc/ceph:z - {% if not external_cluster|default(false) -%} - --volume {{ tripleo_cephadm_assimilate_conf }}:{{ tripleo_cephadm_assimilate_conf_container }}:z - {% endif %} - {% if mount_spec|default(false) %} - --volume {{ tripleo_cephadm_spec }}:{{ tripleo_cephadm_container_spec }}:z - {% endif %} - {% if admin_daemon|default(false) %} - --volume /var/run/ceph/{{ tripleo_cephadm_fsid }}:/var/run/ceph:z - {% endif %} - --entrypoint {{ ceph_command | default('ceph') }} - {{ tripleo_cephadm_container_ns }}/{{ tripleo_cephadm_container_image }}:{{ tripleo_cephadm_container_tag }} - {% if ceph_command|default('ceph') == 'ceph' or ceph_command|default('ceph') == 'rados' or ceph_command|default('ceph') == 'rbd' -%} - {% if not admin_daemon|default(false) -%} - --fsid {{ tripleo_cephadm_fsid }} -c /etc/ceph/{{ tripleo_cephadm_cluster }}.conf -k /etc/ceph/{{ tripleo_cephadm_cluster }}.client.{{ select_keyring| default('admin') }}.keyring - {%- endif %} - {% if external_cluster|default(false) -%} - -n client.{{ select_keyring }} - {%- endif %} - {%- endif %} diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/ceph_nfs.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/ceph_nfs.yaml deleted file mode 100644 index c85ffa7b8..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/ceph_nfs.yaml +++ /dev/null @@ -1,67 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Assumes the following module is in ANSIBLE_LIBRARY=/usr/share/ansible/library/ -# https://github.com/ceph/ceph-ansible/blob/master/library/ceph_pool.py - -# Using two tasks with a boolean due to the ansible bug: https://github.com/ansible/ansible/issues/68364 -- name: Collect the host and build the resulting host list - set_fact: - _hosts: "{{ _hosts|default([]) + [ hostvars[item].canonical_hostname ] }}" - with_items: "{{ groups['ceph_mds'] }}" - when: tripleo_cephadm_fqdn | bool - -- name: Collect the host and build the resulting host list - set_fact: - _hosts: "{{ _hosts|default([]) + [ hostvars[item].inventory_hostname ] }}" - with_items: "{{ groups['ceph_mds'] }}" - when: not tripleo_cephadm_fqdn | bool - -- name: Create the nfs Daemon spec definition - become: true - ceph_mkspec: - service_type: nfs - service_name: default - service_id: default - cluster: "{{ tripleo_cephadm_cluster }}" - apply: true - hosts: "{{ _hosts | unique }}" - render_path: "{{ tripleo_cephadm_spec_home }}" - networks: "{{ tripleo_cephadm_ceph_nfs_address_block }}" - environment: - CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}" - CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}" - CEPH_FSID: "{{ tripleo_cephadm_fsid }}" - -- name: Create the ingress Daemon spec definition for nfs - when: tripleo_cephadm_ingress | default(true) - become: true - ceph_mkspec: - service_type: ingress - cluster: "{{ tripleo_cephadm_cluster }}" - apply: true - hosts: "{{ _hosts | unique }}" - render_path: "{{ tripleo_cephadm_spec_home }}" - spec: - backend_service: nfs.nfs - frontend_port: "{{ tripleo_cephadm_nfs_ingress_frontend_port }}" - monitor_port: "{{ tripleo_cephadm_nfs_ingress_monitor_port }}" - virtual_ip: "{{ tripleo_cephadm_ceph_vips.get('ceph_nfs', '0.0.0.0') }}" - virtual_interface_networks: "{{ tripleo_cephadm_ceph_nfs_address_block }}" - environment: - CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}" - CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}" - CEPH_FSID: "{{ tripleo_cephadm_fsid }}" diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/ceph_vip.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/ceph_vip.yaml deleted file mode 100644 index 8c2a13d3d..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/ceph_vip.yaml +++ /dev/null @@ -1,91 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Assumes the following module is in ANSIBLE_LIBRARY=/usr/share/ansible/library/ -# https://github.com/ceph/ceph-ansible/blob/master/library/ceph_pool.py - -- fail: - msg: stack_name is a required input - when: - - stack_name is undefined -- fail: - msg: ceph_service_mapping is a required input - when: - - tripleo_cephadm_ha_services_path is undefined - -- name: Load Virtual IP Ceph networks data config from file - set_fact: - ceph_vip_map: "{{ lookup('file', tripleo_cephadm_ha_services_path) | from_yaml }}" - when: - - ceph_vip_map is undefined - -- name: Store reserved vip info - set_fact: - render_path: '{{ working_dir }}/ceph_vips.yaml' - -- name: Network/Subnet based Ceph VIPs build - block: - - name: Sanity check on user input - fail: - msg: ERROR, subnet or network missing! - when: - - item.get('network', '') | length == 0 - - item.get('subnet', '') | length == 0 - loop: "{{ ceph_vip_map.get('ceph_services', {}) }}" - - - name: Build Ceph VIPs (subnet) - tripleo_service_vip: - render_path: "{{ render_path }}" - stack_name: "{{ stack_name }}" - service_name: "{{ item.service }}" - network: "{{ item.network }}" - fixed_ips: - - {"subnet": "{{ item.get('subnet', item.network + '_subnet') }}"} - loop: "{{ ceph_vip_map.get('ceph_services', {}) }}" - register: services_subnet - when: not ceph_vip_map.get('fixed') - -- name: Fixed IPs based Ceph VIPs build - block: - - name: Sanity check on user input - fail: - msg: ERROR, missing fixed ip_address! - when: - - item.get('ip_address','') | length == 0 - loop: "{{ ceph_vip_map.get('ceph_services', {}) }}" - - - name: Build Ceph VIPs (fixed_ips) - tripleo_service_vip: - render_path: "{{ render_path }}" - stack_name: "{{ stack_name }}" - service_name: "{{ item.service }}" - network: "{{ item.network }}" - fixed_ips: - - {"ip_address": "{{ item.get('ip_address', None) }}"} - loop: "{{ ceph_vip_map.get('ceph_services', {}) }}" - register: services_fixed - when: ceph_vip_map.get('fixed') - -- name: set ceph services vip data - set_fact: - tripleo_cephadm_ceph_vips: | - {% if ceph_vip_map.get('fixed') %} - {% set _len = (services_fixed.results | length | int) -1 %} - {{ services_fixed.results[_len].data }} - {% else %} - {% set _len = (services_subnet.results | length | int) -1 %} - {{ services_subnet.results[_len].data }} - {% endif %} diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/cephadm_config_set.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/cephadm_config_set.yaml deleted file mode 100644 index 400b6de31..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/cephadm_config_set.yaml +++ /dev/null @@ -1,104 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Ensure tripleo_cephadm_ceph_cli is set - include_tasks: ceph_cli.yaml - when: - - tripleo_cephadm_ceph_cli is not defined - -- name: set cephadm debug level - command: | - {{ tripleo_cephadm_ceph_cli }} config set mgr mgr/cephadm/log_to_cluster_level debug - changed_when: false - become: true - when: tripleo_cephadm_debug | bool - -- name: set default container image in ceph configuration - command: | - {{ tripleo_cephadm_ceph_cli }} config set global container_image \ - {{ tripleo_cephadm_container_ns }}/{{ tripleo_cephadm_container_image }}:{{ tripleo_cephadm_container_tag }} - changed_when: false - become: true - when: - - not (tripleo_cephadm_default_container | default(false) | bool) - -- name: enforce minimum ceph clients version - command: | - {{ tripleo_cephadm_ceph_cli }} osd set-require-min-compat-client \ - {{ tripleo_cephadm_min_compat_client }} - changed_when: false - become: true - when: - - tripleo_cephadm_min_compat_client is defined - - tripleo_cephadm_min_compat_client | length > 0 - -- name: set container image base in ceph configuration - command: | - {{ tripleo_cephadm_ceph_cli }} config set mgr mgr/cephadm/container_image_base \ - {{ tripleo_cephadm_container_ns }}/{{ tripleo_cephadm_container_image }} - changed_when: false - become: true - when: - - not (tripleo_cephadm_default_container | default(false) | bool) - -- name: set dashboard container image in ceph mgr configuration - when: - - tripleo_cephadm_dashboard_enabled | bool - - not (tripleo_cephadm_default_container | default(false) | bool) - become: true - block: - - name: set alertmanager container image in ceph configuration - command: | - {{ tripleo_cephadm_ceph_cli }} config set mgr mgr/cephadm/container_image_alertmanager \ - {{ tripleo_cephadm_alertmanager_container_image }} - changed_when: false - - - name: set grafana container image in ceph configuration - command: | - {{ tripleo_cephadm_ceph_cli }} config set mgr mgr/cephadm/container_image_grafana \ - {{ tripleo_cephadm_grafana_container_image }} - changed_when: false - - - name: set node-exporter container image in ceph configuration - command: | - {{ tripleo_cephadm_ceph_cli }} config set mgr mgr/cephadm/container_image_node_exporter \ - {{ tripleo_cephadm_node_exporter_container_image }} - changed_when: false - - - name: set prometheus container image in ceph configuration - command: | - {{ tripleo_cephadm_ceph_cli }} config set mgr mgr/cephadm/container_image_prometheus \ - {{ tripleo_cephadm_prometheus_container_image }} - changed_when: false - -- name: set ingress container images in ceph mgr configuration - when: - - tripleo_cephadm_haproxy_container_image is defined - - tripleo_cephadm_keepalived_container_image is defined - - not (tripleo_cephadm_default_container | default(false) | bool) - become: true - block: - - name: set haproxy container image in ceph configuration - command: | - {{ tripleo_cephadm_ceph_cli }} config set mgr mgr/cephadm/container_image_haproxy \ - {{ tripleo_cephadm_haproxy_container_image }} - changed_when: false - - - name: set keepalived container image in ceph configuration - command: | - {{ tripleo_cephadm_ceph_cli }} config set mgr mgr/cephadm/container_image_keepalived \ - {{ tripleo_cephadm_keepalived_container_image }} - changed_when: false diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/crush_rules.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/crush_rules.yaml deleted file mode 100644 index 24e9a3654..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/crush_rules.yaml +++ /dev/null @@ -1,71 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Assumes the following module is in ANSIBLE_LIBRARY=/usr/share/ansible/library/ -# https://github.com/ceph/ceph-ansible/blob/master/library/ceph_pool.py - -- name: Get ceph_cli - include_tasks: ceph_cli.yaml - vars: - admin_daemon: true - -- name: create configured crush rules - ceph_crush_rule: - name: "{{ item.name }}" - cluster: "{{ tripleo_cephadm_cluster }}" - rule_type: replicated - bucket_root: "{{ item.root }}" - bucket_type: "{{ item.type }}" - device_class: "{{ item.class | default(omit) }}" - environment: - CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}" - CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}" - CEPH_FSID: "{{ tripleo_cephadm_fsid }}" - with_items: "{{ tripleo_cephadm_crush_rules | unique }}" - run_once: true - -- name: get id for new default crush rule - ceph_crush_rule: - name: "{{ item.name }}" - cluster: "{{ tripleo_cephadm_cluster }}" - state: info - environment: - CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}" - CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}" - CEPH_FSID: "{{ tripleo_cephadm_fsid }}" - register: info_ceph_default_crush_rule - with_items: "{{ tripleo_cephadm_crush_rules | unique }}" - run_once: true - when: item.default | default(False) | bool - -- name: set_fact info_ceph_default_crush_rule_yaml, ceph_osd_pool_default_crush_rule_name - set_fact: - info_ceph_default_crush_rule_yaml: "{{ item.stdout | from_json() }}" - ceph_osd_pool_default_crush_rule_name: "{{ (item.stdout | from_json).rule_name }}" - with_items: "{{ info_ceph_default_crush_rule.results }}" - run_once: true - when: not item.get('skipped', false) - -- name: insert new default crush rule into daemon to prevent restart - command: | - {{ tripleo_cephadm_ceph_cli }} --admin-daemon /var/run/ceph/{{ tripleo_cephadm_cluster }}-mon.{{ hostvars[item].canonical_hostname }}.asok \ - config set osd_pool_default_crush_rule {{ info_ceph_default_crush_rule_yaml.rule_id }} - changed_when: false - delegate_to: "{{ item }}" - with_items: "{{ groups['ceph_mon'] }}" - run_once: true - when: - - info_ceph_default_crush_rule_yaml | default('') | length > 0 diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/dashboard/configure_dashboard_backends.yml b/tripleo_ansible/roles/tripleo_cephadm/tasks/dashboard/configure_dashboard_backends.yml deleted file mode 100644 index bfa8d7e1e..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/dashboard/configure_dashboard_backends.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Get the current mgr - command: | - {{ container_cli }} ps -a -f 'name=ceph-?(.*)-mgr.*' --format \{\{\.Command\}\} --no-trunc - register: ceph_mgr - become: true - delegate_to: "{{ dashboard_backend }}" - -- name: Check the resulting mgr container instance - set_fact: - current_mgr: "{{ ceph_mgr.stdout | regex_replace('^-n mgr.(.*)(?P) -f (.*)+$', '\\1') }}" - -- name: Check the resulting mgr container instance - debug: - msg: "{{ current_mgr }}" - when: tripleo_cephadm_verbose | bool - -- name: config the current dashboard backend - command: | - {{ tripleo_cephadm_ceph_cli }} config set \ - mgr mgr/dashboard/{{ current_mgr }}/server_addr \ - {{ hostvars[dashboard_backend][tripleo_ceph_dashboard_net] }} - become: true - vars: - tripleo_ceph_dashboard_net: "{{ service_net_map['ceph_grafana_network'] + '_ip' }}" diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/dashboard/dashboard.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/dashboard/dashboard.yaml deleted file mode 100644 index fbac56712..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/dashboard/dashboard.yaml +++ /dev/null @@ -1,127 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Get ceph_cli - include_tasks: ceph_cli.yaml - vars: - mount_spec: true - sensitive_data: true - mount_certs: "{{ (tripleo_cephadm_dashboard_protocol == 'https' and tripleo_cephadm_dashboard_crt | length > 0 and tripleo_cephadm_dashboard_key | length > 0) | bool }}" - -- name: Configure the Ceph Dashboard port - become: true - block: - - name: "set the dashboard port ({{ tripleo_cephadm_dashboard_port }})" - command: "{{ tripleo_cephadm_ceph_cli }} config set mgr mgr/dashboard/server_port {{ tripleo_cephadm_dashboard_port }}" - changed_when: false - - name: "set the dashboard SSL port ({{ dashboard_port }})" - command: "{{ tripleo_cephadm_ceph_cli }} config set mgr mgr/dashboard/ssl_server_port {{ tripleo_cephadm_dashboard_port }}" - run_once: true - -- name: disable SSL for dashboard - become: true - command: "{{ tripleo_cephadm_ceph_cli }} config set mgr mgr/dashboard/ssl false" - when: tripleo_cephadm_dashboard_protocol == "http" - -- name: Configure SSL key/cert for the Ceph Dashboard if provided - become: true - block: - - name: enable SSL for dashboard - command: "{{ tripleo_cephadm_ceph_cli }} config set mgr mgr/dashboard/ssl true" - run_once: true - - - name: import dashboard certificate file - command: "{{ tripleo_cephadm_ceph_cli }} config-key set mgr/dashboard/crt -i {{ tripleo_cephadm_dashboard_crt }}" - changed_when: false - - - name: import dashboard certificate key - command: "{{ tripleo_cephadm_ceph_cli }} config-key set mgr/dashboard/key -i {{ tripleo_cephadm_dashboard_key }}" - changed_when: false - when: tripleo_cephadm_dashboard_protocol == "https" and - tripleo_cephadm_dashboard_crt | length > 0 and - tripleo_cephadm_dashboard_key | length > 0 - -- include_tasks: configure_dashboard_backends.yml - with_items: "{{ groups['ceph_mgr'] | default(groups['ceph_mon']) }}" - vars: - dashboard_backend: '{{ item }}' - -# Restart the dashboard and refresh the config (backends and port) -- name: Restart the Ceph dashboard - become: true - block: - - name: disable mgr dashboard module (restart) - command: "{{ tripleo_cephadm_ceph_cli }} mgr module disable dashboard" - - name: enable mgr dashboard module (restart) - command: "{{ tripleo_cephadm_ceph_cli }} mgr module enable dashboard" - -- name: create dashboard admin user - become: true - ceph_dashboard_user: - name: "{{ tripleo_cephadm_dashboard_admin_user }}" - cluster: "{{ tripleo_cephadm_cluster }}" - password: "{{ tripleo_cephadm_dashboard_admin_password }}" - roles: ["{{ 'read-only' if tripleo_cephadm_dashboard_admin_user_ro | bool else 'administrator' }}"] - environment: - CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}" - CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}" - CEPH_FSID: "{{ tripleo_cephadm_fsid }}" - -- name: Configure Monitoring Stack - become: true - block: - - name: get Grafana instance(s) addresses - set_fact: - grafana_server_addrs: "{{ (grafana_server_addr | default([])) | union([hostvars[item][tripleo_ceph_dashboard_net]]) }}" - loop: "{{ groups['ceph_mgr'] | list }}" - vars: - tripleo_ceph_dashboard_net: "{{ service_net_map['ceph_dashboard_network'] + '_ip' }}" - - name: set grafana api user - command: "{{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-username {{ tripleo_cephadm_grafana_admin_user }}" - - name: set grafana api password - command: "{{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-password -i -" - args: - stdin: "{{ tripleo_cephadm_grafana_admin_password }}" - stdin_add_newline: false - - name: disable ssl verification for grafana - command: "{{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-ssl-verify False" - changed_when: false - when: - - tripleo_cephadm_dashboard_protocol == "https" - - name: set alertmanager host - command: | - {{ tripleo_cephadm_ceph_cli }} dashboard set-alertmanager-api-host http://{{ grafana_server_addrs | first }}:9093 - - name: set prometheus host - command: | - {{ tripleo_cephadm_ceph_cli }} dashboard set-prometheus-api-host \ - http://{{ grafana_server_addrs | first }}:{{ tripleo_cephadm_prometheus_port }} - - name: config grafana api url vip - command: | - {{ tripleo_cephadm_ceph_cli }} dashboard set-grafana-api-url \ - {{ tripleo_cephadm_dashboard_protocol }}://{{ tripleo_cephadm_dashboard_frontend_vip }}:{{ tripleo_cephadm_grafana_port }} - changed_when: false - when: - - tripleo_cephadm_dashboard_frontend_vip is defined - - tripleo_cephadm_dashboard_frontend_vip |length > 0 - -- name: Restart the Ceph dashboard - become: true - block: - - name: disable mgr dashboard module (restart) - command: "{{ tripleo_cephadm_ceph_cli }} mgr module disable dashboard" - - - name: enable mgr dashboard module (restart) - command: "{{ tripleo_cephadm_ceph_cli }} mgr module enable dashboard" diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/export.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/export.yaml deleted file mode 100644 index c13153997..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/export.yaml +++ /dev/null @@ -1,93 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Creates a file which tripleo_ceph_client role can pass to include_vars -# The file will be saved in the path "{{ tripleo_ceph_client_vars }}" -# Assumes the following module is in ANSIBLE_LIBRARY=/usr/share/ansible/library/ -# https://github.com/ceph/ceph-ansible/blob/master/library/ceph_key.py - -- name: Get ceph_cli - include_tasks: ceph_cli.yaml - -- name: Wait for the expected number of monitors to be running - include_tasks: wait_for_expected_num_mons.yaml - when: - - not tripleo_cephadm_deployed_ceph | bool - - tripleo_cephadm_wait_for_mons | bool - -- name: Run ceph mon dump to get all monitors - command: "{{ tripleo_cephadm_ceph_cli }} mon dump --format json" - register: ceph_mon_dump - become: true - tags: - - cephadm_mon_dump - -- name: Extract mons_json - set_fact: - tripleo_cephadm_mons_json: "{{ (ceph_mon_dump.stdout | from_json).mons | - map(attribute='public_addrs') | - map(attribute='addrvec') | - list }}" - -- name: Build mons_list - set_fact: - tripleo_cephadm_mons_list: "{{ tripleo_cephadm_mons_list | default([]) + - [ '[' ~ - item[0].type ~ ':' ~ item[0].addr ~ '/' ~ item[0].nonce - ~ ',' ~ - item[1].type ~ ':' ~ item[1].addr ~ '/' ~ item[1].nonce - ~ ']' - ] }}" - loop: "{{ tripleo_cephadm_mons_json }}" - -- name: Set external_cluster_mon_ips from mons_list - set_fact: - external_cluster_mon_ips: "{{ tripleo_cephadm_mons_list | join(',') }}" - -- name: Extract keys - ceph_key: - name: "{{ item.name }}" - cluster: "{{ tripleo_cephadm_cluster }}" - state: info - environment: - CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}" - CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}" - CEPH_FSID: "{{ tripleo_cephadm_fsid }}" - register: tripleo_cephadm_client_keys - become: true - loop: "{{ tripleo_cephadm_keys }}" - when: - - tripleo_cephadm_keys is defined - - tripleo_cephadm_keys | length > 0 - tags: - - cephadm_extract_keys - -- name: Ensure tripleo_ceph_client_vars path exists - file: - path: "{{ tripleo_ceph_client_vars | dirname }}" - state: directory - recurse: yes - delegate_to: localhost - when: - - (tripleo_ceph_client_vars | dirname) | length > 0 - -- name: Save tripleo_ceph_client_vars file - template: - src: templates/ceph_client.yaml.j2 - dest: "{{ tripleo_ceph_client_vars }}" - mode: 0644 - force: true - delegate_to: localhost diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/ganesha/distribute_keys.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/ganesha/distribute_keys.yaml deleted file mode 100644 index 4e7d0b53d..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/ganesha/distribute_keys.yaml +++ /dev/null @@ -1,61 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: create keyring directory - become: true - file: - name: "{{ item }}" - state: directory - owner: "167" - group: "167" - mode: "0755" - delegate_to: "{{ nfs_node }}" - with_items: - - "/var/log/ceph" - - "/var/run/ceph" - - "/var/lib/ceph/bootstrap-rgw" - - "/var/lib/nfs/rpc_pipefs/nfs" - - "/var/lib/ceph/radosgw/ceph-rgw.{{ tripleo_cephadm_ceph_nfs_ceph_user }}" - - "/var/lib/ceph/radosgw/{{ tripleo_cephadm_cluster }}-rgw.{{ nfs_node }}" - -- name: copy ceph keys - block: - - name: copy ceph key(s) if needed - internal - become: true - copy: - dest: "{{ item.item.path }}" - content: "{{ item.stdout + '\n' }}" - owner: "167" - group: "167" - mode: "0755" - with_items: "{{ _rgw_keys_int.results }}" - delegate_to: "{{ nfs_node }}" - when: not external_cluster - - - name: copy ceph key(s) if needed - external - become: true - copy: - dest: "{{ item }}" - content: "{{ _rgw_keys_ext['content'] | b64decode }}" - owner: "167" - group: "167" - mode: "0755" - with_items: - - "/var/lib/ceph/bootstrap-rgw/ceph.keyring" - - "/var/lib/ceph/radosgw/{{ tripleo_cephadm_cluster }}-rgw.{{ tripleo_cephadm_ceph_nfs_ceph_user }}/keyring" - - "/var/lib/ceph/radosgw/{{ tripleo_cephadm_cluster }}-rgw.{{ nfs_node }}/keyring" - delegate_to: "{{ nfs_node }}" - when: external_cluster diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/ganesha/start_nfs.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/ganesha/start_nfs.yaml deleted file mode 100644 index f5adceae8..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/ganesha/start_nfs.yaml +++ /dev/null @@ -1,107 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: dbus related tasks - become: true - block: - - name: create dbus service file - copy: - content: "{{ dbus_ganesha_file.stdout }}" - dest: /etc/dbus-1/system.d/org.ganesha.nfsd.conf - owner: "root" - group: "root" - mode: "0644" - - - name: reload dbus configuration - command: "killall -r -SIGHUP dbus-*" - when: tripleo_cephadm_ceph_nfs_dynamic_exports | bool - delegate_to: "{{ nfs_node }}" - -- name: Render config files - become: true - delegate_to: "{{ nfs_node }}" - block: - - name: Make sure /etc/ganesha exists - file: - path: /etc/ganesha - state: directory - owner: root - group: root - mode: "0755" - - - name: create exports directory - file: - path: /etc/ganesha/export.d - state: directory - owner: "root" - group: "root" - mode: "0755" - when: tripleo_cephadm_ceph_nfs_dynamic_exports | bool - - - name: create exports dir index file - copy: - content: "" - force: false - dest: /etc/ganesha/export.d/INDEX.conf - owner: "root" - group: "root" - mode: "0644" - when: tripleo_cephadm_ceph_nfs_dynamic_exports | bool - - - name: Render ganesha config file - template: - src: ganesha.conf.j2 - dest: /etc/ganesha/ganesha.conf - become: true - - - name: generate ganesha idmap.conf file - action: config_template - args: - src: "idmap.conf.j2" - dest: "{{ tripleo_cephadm_idmap_conf }}" - owner: "root" - group: "root" - mode: "0644" - config_overrides: "{{ tripleo_cephadm_idmap_overrides }}" - config_type: ini - - - name: Render ganesha systemd unit - template: - src: ceph-nfs.service.j2 - dest: /etc/systemd/system/ceph-nfs@.service - owner: "root" - group: "root" - mode: "0644" - become: true - - - name: systemd start nfs container - systemd: - name: ceph-nfs@{{ tripleo_cephadm_ceph_nfs_service_suffix | default(ansible_facts['hostname']) }} - state: started - enabled: true - masked: false - daemon_reload: true - when: - - tripleo_cephadm_ceph_nfs_enable_service | bool - - - name: start nfs gateway service - systemd: - name: nfs-ganesha - state: started - enabled: true - masked: false - when: - - tripleo_cephadm_ceph_nfs_enable_service | bool diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/keys.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/keys.yaml deleted file mode 100644 index 3f1966f6d..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/keys.yaml +++ /dev/null @@ -1,61 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Assumes the following module is in ANSIBLE_LIBRARY=/usr/share/ansible/library/ -# https://github.com/ceph/ceph-ansible/blob/master/library/ceph_key.py - -- name: Create cephx key(s) - ceph_key: - import_key: true - name: "{{ item.name }}" - caps: "{{ item.caps }}" - mode: "{{ item.mode }}" - secret: "{{ item.key | default('') }}" - cluster: "{{ tripleo_cephadm_cluster }}" - dest: "{{ tripleo_cephadm_config_home_container }}" - owner: "{{ tripleo_cephadm_uid }}" - group: "{{ tripleo_cephadm_uid }}" - environment: - CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}" - CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}" - CEPH_FSID: "{{ tripleo_cephadm_fsid }}" - become: true - loop: "{{ tripleo_cephadm_keys }}" - when: - - tripleo_cephadm_keys is defined - - tripleo_cephadm_keys | length > 0 - -- name: Find the generated key(s) - ansible.builtin.find: - paths: "{{ tripleo_cephadm_config_home_container }}" - patterns: "*.{{ item.name }}.*" - register: keyring_files - become: true - loop: "{{ tripleo_cephadm_keys }}" - when: - - tripleo_cephadm_keys is defined - - tripleo_cephadm_keys | length > 0 - -- name: Copy key(s) to /etc/ceph - ansible.builtin.copy: - remote_src: true - src: "{{ item.path }}" - dest: "{{ tripleo_cephadm_config_home }}" - owner: "{{ tripleo_cephadm_uid }}" - group: "{{ tripleo_cephadm_uid }}" - mode: '0644' - become: true - with_items: "{{ keyring_files.results | map(attribute='files') | list }}" diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/main.yml b/tripleo_ansible/roles/tripleo_cephadm/tasks/main.yml deleted file mode 100644 index bafb2036c..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# tasks file for tripleo_cephadm diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/make_deployed_ceph_tht.yml b/tripleo_ansible/roles/tripleo_cephadm/tasks/make_deployed_ceph_tht.yml deleted file mode 100644 index 52680b9e6..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/make_deployed_ceph_tht.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Create Deployed Ceph Heat Environment file to pass to overcloud deploy - template: - src: templates/deployed_ceph.yaml.j2 - dest: "{{ tripleo_cephadm_deployed_ceph_tht_path }}" - mode: 0644 - force: true - delegate_to: localhost diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/mds.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/mds.yaml deleted file mode 100644 index bc411b4c2..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/mds.yaml +++ /dev/null @@ -1,81 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Assumes the following module is in ANSIBLE_LIBRARY=/usr/share/ansible/library/ -# https://github.com/ceph/ceph-ansible/blob/master/library/ceph_pool.py - -# Using two tasks with a boolean due to the ansible bug: https://github.com/ansible/ansible/issues/68364 -- name: Collect the host and build the resulting host list - set_fact: - _hosts: "{{ _hosts|default([]) + [ hostvars[item].canonical_hostname ] }}" - with_items: "{{ groups['ceph_mds'] }}" - when: tripleo_cephadm_fqdn | bool - -- name: Collect the host and build the resulting host list - set_fact: - _hosts: "{{ _hosts|default([]) + [ hostvars[item].inventory_hostname ] }}" - with_items: "{{ groups['ceph_mds'] }}" - when: not tripleo_cephadm_fqdn | bool - -- name: Create the mds Daemon spec definition - become: true - ceph_mkspec: - service_type: mds - cluster: "{{ tripleo_cephadm_cluster }}" - apply: true - hosts: "{{ _hosts | unique }}" - render_path: "{{ tripleo_cephadm_spec_home }}" - register: spc - environment: - CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}" - CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}" - CEPH_FSID: "{{ tripleo_cephadm_fsid }}" - -- name: create filesystem pools - ceph_pool: - name: "{{ item.name }}" - cluster: "{{ tripleo_cephadm_cluster }}" - pg_num: "{{ item.pg_num | default(omit) }}" - pgp_num: "{{ item.pgp_num | default(omit) }}" - size: "{{ item.size | default(omit) }}" - min_size: "{{ item.min_size | default(omit) }}" - pool_type: "{{ item.type | default('replicated') }}" - rule_name: "{{ item.rule_name | default(omit) }}" - erasure_profile: "{{ item.erasure_profile | default(omit) }}" - pg_autoscale_mode: "{{ item.pg_autoscale_mode | default(omit) }}" - target_size_ratio: "{{ item.target_size_ratio | default(omit) }}" - environment: - CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}" - CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}" - CEPH_FSID: "{{ tripleo_cephadm_fsid }}" - with_items: "{{ cephfs_pools }}" - become: true - vars: - cephfs_pools: - - "{{ cephfs_data_pool }}" - - "{{ cephfs_metadata_pool }}" - -- name: create ceph filesystem - ceph_fs: - name: "{{ cephfs|default('cephfs') }}" - cluster: "{{ tripleo_cephadm_cluster }}" - data: "{{ cephfs_data_pool.name }}" - metadata: "{{ cephfs_metadata_pool.name }}" - become: true - environment: - CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}" - CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}" - CEPH_FSID: "{{ tripleo_cephadm_fsid }}" diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/monitoring.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/monitoring.yaml deleted file mode 100644 index 6dfc3079b..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/monitoring.yaml +++ /dev/null @@ -1,94 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Apply node-exporter(s) - become: true - ceph_mkspec: - service_type: "node-exporter" - service_id: "node-exporter" - service_name: "node-exporter" - cluster: "{{ tripleo_cephadm_cluster }}" - apply: true - host_pattern: "*" - render_path: "{{ tripleo_cephadm_spec_home }}" - networks: "{{ tripleo_cephadm_monitoring_address_block }}" - environment: - CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}" - CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}" - CEPH_FSID: "{{ tripleo_cephadm_fsid }}" - when: tripleo_cephadm_dashboard_enabled | default(false) | bool or - tripleo_cephadm_observability_data_only | default(false) | bool - -- name: Build and apply the monitoring stack daemons - block: - # Using two tasks with a boolean due to the ansible bug: https://github.com/ansible/ansible/issues/68364 - - name: Collect the host and build the resulting host list - set_fact: - _hosts: "{{ _hosts|default([]) + [ hostvars[item].canonical_hostname ] }}" - with_items: "{{ groups['ceph_mgr'] }}" - when: tripleo_cephadm_fqdn | bool - - - name: Collect the host and build the resulting host list - set_fact: - _hosts: "{{ _hosts|default([]) + [ hostvars[item].inventory_hostname ] }}" - with_items: "{{ groups['ceph_mgr'] }}" - when: not tripleo_cephadm_fqdn | bool - - - name: Config ssl cert(s) and key(s) for the exposed components - become: true - block: - - name: Get ceph_cli - include_tasks: ceph_cli.yaml - vars: - mount_certs: true - - - name: import grafana certificate file - command: "{{ tripleo_cephadm_ceph_cli }} config-key set mgr/cephadm/grafana_crt -i {{ tripleo_cephadm_grafana_crt }}" - changed_when: false - - - name: import grafana certificate key - command: "{{ tripleo_cephadm_ceph_cli }} config-key set mgr/cephadm/grafana_key -i {{ tripleo_cephadm_grafana_key }}" - changed_when: false - when: tripleo_cephadm_dashboard_protocol == "https" and - tripleo_cephadm_grafana_crt | length > 0 and tripleo_cephadm_grafana_key | length > 0 - - - name: Create the monitoring stack Daemon spec definition - become: true - ceph_mkspec: - service_type: "{{ item.daemon }}" - service_id: "{{ item.daemon }}" - service_name: "{{ item.daemon }}" - cluster: "{{ tripleo_cephadm_cluster }}" - apply: true - hosts: "{{ _hosts | unique }}" - render_path: "{{ tripleo_cephadm_spec_home }}" - networks: "{{ tripleo_cephadm_monitoring_address_block }}" - spec: - port: "{{ item.port }}" - environment: - CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}" - CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}" - CEPH_FSID: "{{ tripleo_cephadm_fsid }}" - with_items: - - {"daemon": "grafana", "port": "{{ tripleo_cephadm_grafana_port | default(3100) }}"} - - {"daemon": "prometheus", "port": "{{ tripleo_cephadm_prometheus_port | default(9092) }}"} - - {"daemon": "alertmanager", "port": "{{ tripleo_cephadm_alertmanager_port | default(9093) }}"} - when: - - tripleo_cephadm_dashboard_enabled | default(false) | bool - - not tripleo_cephadm_observability_data_only | default(false) | bool - -- include_tasks: dashboard/dashboard.yaml - when: tripleo_cephadm_dashboard_enabled | bool diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/network_config_set.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/network_config_set.yaml deleted file mode 100644 index a8723b221..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/network_config_set.yaml +++ /dev/null @@ -1,53 +0,0 @@ ---- -- name: Ensure tripleo_cephadm_ceph_cli is set - include_tasks: ceph_cli.yaml - when: - - tripleo_cephadm_ceph_cli is not defined - -- name: Define list of keys to search for in initial ceph conf file - set_fact: - keys_in_ceph_conf: [] - ceph_network_keys: - - 'public_network' - - 'cluster_network' - - 'ms_bind_ipv4' - - 'ms_bind_ipv6' - -- name: Expand list of keys to include versions of themselves with spaces - set_fact: - ceph_network_keys: "{{ ceph_network_keys + [ key | regex_replace('_', ' ') ] }}" - loop: "{{ ceph_network_keys }} " - loop_control: - loop_var: key - -- name: Build list of underscored keys found in initial ceph conf file - ignore_errors: true - delegate_to: localhost - set_fact: - keys_in_ceph_conf: "{{ keys_in_ceph_conf + [ key | regex_replace(' ', '_') ] }}" - vars: - conf: "{{ tripleo_cephadm_bootstrap_conf }}" - value: "{{ lookup('ini', - key ~ ' section=global default= file=' ~ conf) }}" - when: - - tripleo_cephadm_bootstrap_conf | default('') | length > 0 - - value | default('') | string | length > 0 - loop: "{{ ceph_network_keys }}" - loop_control: - loop_var: key - -- name: Set public/cluster network and v4/v6 ms_bind unless already in ceph.conf - command: | - {{ tripleo_cephadm_ceph_cli }} config set global {{ item.key }} {{ item.value }} - loop: "{{ net_data | dict2items }}" - when: - - item.value | length > 0 - - item.key not in keys_in_ceph_conf - changed_when: false - become: true - vars: - net_data: # these variables are usually passed via --extra-vars - public_network: "{{ public_network | default('') | string }}" - cluster_network: "{{ cluster_network | default('') | string }}" - ms_bind_ipv4 : "{{ ms_bind_ipv4 | default('') | string }}" - ms_bind_ipv6 : "{{ ms_bind_ipv6 | default('') | string }}" diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/nfs.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/nfs.yaml deleted file mode 100644 index 2cd3dcc59..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/nfs.yaml +++ /dev/null @@ -1,111 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Get ceph_cli - include_tasks: ceph_cli.yaml - vars: - ceph_command: 'rados' - # ceph cli needs manila cephx keyring if admin is not available - select_keyring: "{{ 'manila' if groups['ceph_mon'] | default([]) | length == 0 else 'admin' }}" - # when ceph is external and admin keyring is not available we're passing -n client.{{ selected_keyring }} - external_cluster: "{{ true if groups['ceph_mon'] | default([]) | length == 0 else false }}" - -- name: check if rados index object exists - shell: | - {{ tripleo_cephadm_ceph_cli }} -p {{ cephfs_data_pool.name }} --cluster {{ tripleo_cephadm_cluster }} \ - ls | grep {{ tripleo_cephadm_nfs_rados_export_index }} - changed_when: false - failed_when: false - register: rados_index_exists - check_mode: false - when: tripleo_cephadm_ceph_nfs_rados_backend | bool - -- name: create an empty rados index object - become: true - command: | - {{ tripleo_cephadm_ceph_cli }} -p {{ cephfs_data_pool.name }} --cluster {{ tripleo_cephadm_cluster }} \ - put {{ tripleo_cephadm_nfs_rados_export_index }} /dev/null - when: - - tripleo_cephadm_ceph_nfs_rados_backend | bool - - rados_index_exists.rc != 0 - delegate_to: "{{ groups['ceph_nfs'][0] }}" - -- name: Extract keys - block: - - name: Extract key - internal - ceph_key: - name: "{{ item.name }}" - cluster: "{{ tripleo_cephadm_cluster }}" - output_format: plain - state: info - environment: - CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}" - CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}" - CEPH_FSID: "{{ tripleo_cephadm_fsid }}" - register: _rgw_keys_int - become: true - with_items: - - { name: "client.bootstrap-rgw", path: "/var/lib/ceph/bootstrap-rgw/{{ tripleo_cephadm_cluster }}.keyring", copy_key: true } - run_once: true - delegate_to: "{{ groups['ceph_nfs'][0] }}" - when: not external_cluster - - - name: slurp manila key from remote host - external - become: true - slurp: - src: "{{ tripleo_cephadm_config_home }}/{{ tripleo_cephadm_cluster }}.client.{{ tripleo_cephadm_ceph_nfs_ceph_user }}.keyring" - register: _rgw_keys_ext - delegate_to: "{{ groups['ceph_nfs'][0] }}" - when: external_cluster - vars: - external_cluster: "{{ true if groups['ceph_mon'] | default([]) | length == 0 else false }}" - -- name: Distribute Ceph keys to the nfs nodes - include_tasks: ganesha/distribute_keys.yaml - vars: - nfs_node: "{{ node }}" - rgw_keys_int: "{{ _rgw_keys_int }}" - rgw_keys_ext: "{{ _rgw_keys_ext }}" - external_cluster: "{{ true if groups['ceph_mon'] | default([]) | length == 0 else false }}" - loop: "{{ groups['ceph_nfs'] }}" - loop_control: - loop_var: node - -- name: get dbus-1 file - command: | - {{ container_cli }} run --rm --entrypoint=cat \ - {{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }} \ - /etc/dbus-1/system.d/org.ganesha.nfsd.conf - register: _dbus_ganesha - run_once: true - changed_when: false - delegate_to: "{{ groups['ceph_nfs'][0] }}" - -- name: Get Ceph version - command: "{{ tripleo_cephadm_container_cli }} run --rm --entrypoint=ceph {{ ceph_container }} -v" - register: ceph_version - vars: - ceph_container: "{{ tripleo_cephadm_container_ns }}/{{ tripleo_cephadm_container_image }}:{{ tripleo_cephadm_container_tag }}" - -- name: Render Ganesha templates and files - include_tasks: ganesha/start_nfs.yaml - vars: - nfs_node: "{{ node }}" - dbus_ganesha_file: "{{ _dbus_ganesha }}" - tripleo_cephadm_ceph_version: "{{ ceph_version.stdout.split(' ')[2] }}" - loop: "{{ groups['ceph_nfs'] }}" - loop_control: - loop_var: node diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/pools.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/pools.yaml deleted file mode 100644 index f19f277e1..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/pools.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Assumes the following module is in ANSIBLE_LIBRARY=/usr/share/ansible/library/ -# https://github.com/ceph/ceph-ansible/blob/master/library/ceph_pool.py - -- name: Create pool(s) - ceph_pool: - name: "{{ item.name }}" - cluster: "{{ tripleo_cephadm_cluster }}" - pg_num: "{{ item.pg_num | default(omit) }}" - pgp_num: "{{ item.pgp_num | default(omit) }}" - pg_autoscale_mode: "{{ item.pg_autoscale_mode | default(omit) }}" - target_size_ratio: "{{ item.target_size_ratio | default(omit) }}" - size: "{{ item.size | default(omit) }}" - min_size: "{{ item.min_size | default(omit) }}" - pool_type: "{{ item.type | default('replicated') }}" - rule_name: "{{ item.rule_name | default(omit) }}" - erasure_profile: "{{ item.erasure_profile | default(omit) }}" - application: "{{ item.application | default(omit) }}" - environment: - CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}" - CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}" - CEPH_FSID: "{{ tripleo_cephadm_fsid }}" - become: true - with_items: "{{ tripleo_cephadm_pools }}" - when: - - tripleo_cephadm_pools is defined - - tripleo_cephadm_pools | length > 0 - -- name: Configure the RBD trash purge scheduler - when: - - tripleo_enabled_services | default([]) | intersect(['cinder_volume']) - - tripleo_cephadm_enable_trash_scheduler | default(false) - block: - - name: Get the RBD ceph_cli - include_tasks: ceph_cli.yaml - vars: - ceph_command: rbd - - - name: Set trash interval - command: | - {{ tripleo_cephadm_ceph_cli }} trash purge schedule add \ - {{ tripleo_cephadm_rbd_trash_interval | default(15) }} --pool {{ item }} - changed_when: false - become: true - loop: "{{ [ cinder_pool.name | default('volumes') ] + cinder_pool.cinder_extra_pools | default([]) }}" diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/post.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/post.yaml deleted file mode 100644 index 70a829914..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/post.yaml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Get ceph_cli - include_tasks: ceph_cli.yaml - -- name: Get the ceph orchestrator status - command: "{{ tripleo_cephadm_ceph_cli }} orch status --format json" - register: ceph_orch_status - become: true - -- name: Fail if ceph orchestrator is not available - fail: - msg: "'ceph orch status' returned {{ ceph_orch_status.stdout | from_json }}" - when: - - not (ceph_orch_status.stdout | from_json).available - -- name: Show the status of the resulting deployed Ceph cluster - block: - - name: Show the deployed daemons - command: "{{ tripleo_cephadm_ceph_cli }} orch ls --export" - become: true - register: ceph_orch_ls - - name: Deployed daemons - debug: - msg: "{{ ceph_orch_ls.stdout_lines }}" - when: tripleo_cephadm_verbose | bool - - name: Print the status of the deployed Ceph cluster - command: "{{ tripleo_cephadm_ceph_cli }} -s" - become: true - register: ceph_health - - name: Ceph cluster status - debug: - msg: "{{ ceph_health.stdout_lines }}" diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/pre.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/pre.yaml deleted file mode 100644 index 197f11488..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/pre.yaml +++ /dev/null @@ -1,149 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Gather distribution facts if they don't exist - setup: - gather_subset: distribution - when: ansible_facts['distribution_major_version'] is not defined - tags: - - always - -- name: Install cephadm package - become: true - package: - name: cephadm - state: latest - releasever: "{{ ansible_facts['distribution_major_version'] }}" - when: - - tripleo_cephadm_predeployed | bool - -- name: Stat cephadm file - stat: - path: "{{ tripleo_cephadm_bin }}" - register: stat_cephadm - become: true - ignore_errors: true - -- name: Fail if cephadm is not available - fail: - msg: "{{ tripleo_cephadm_bin }} does not exist" - when: not stat_cephadm.stat.exists - -- name: List Ceph daemon instances on this host - shell: "{{ tripleo_cephadm_bin }} ls --no-detail" - register: cephadm_ls - become: true - tags: - - cephadm_bootstrap - -- name: Ensure tripleo_cephadm_fsid variable is set if none was provided - block: - - name: Set list of found FSIDs - set_fact: - tripleo_cephadm_fsid_list: "{{ cephadm_ls.stdout | from_json | map(attribute='fsid') | sort | unique }}" - when: - - cephadm_ls is defined - - cephadm_ls.stdout is defined - - cephadm_ls.stdout != '[]' - - name: Fail if >1 FSID was discovered - fail: - msg: | - Multiple FSIDs were found. This Ansible role does not - support management of multiple Ceph clusters on one host. - when: tripleo_cephadm_fsid_list | length > 1 - - name: Set FSID to the discovered value - set_fact: - tripleo_cephadm_fsid: "{{ tripleo_cephadm_fsid_list[0] }}" - when: tripleo_cephadm_fsid_list | length == 1 - - name: Set random tripleo_cephadm_fsid if no running ceph containers were found - set_fact: - tripleo_cephadm_fsid: "{{ 99999999 | random | to_uuid | lower }}" - when: tripleo_cephadm_fsid_list | length == 0 - when: tripleo_cephadm_fsid is not defined or (tripleo_cephadm_fsid is defined and tripleo_cephadm_fsid | length == 0) - -- name: Set first monitor IP if it was not passed - set_fact: - tripleo_cephadm_first_mon_ip: "{{ ansible_host }}" - when: tripleo_cephadm_first_mon_ip is not defined or (tripleo_cephadm_first_mon_ip is defined and tripleo_cephadm_first_mon_ip | length == 0) - -- name: Ensure tripleo_cephadm_config_home (e.g. /etc/ceph) exists - file: - path: "{{ tripleo_cephadm_config_home }}" - state: directory - become: true - -- name: Ensure specs directory exists - file: - path: "/home/{{ tripleo_cephadm_ssh_user }}/specs" - owner: "{{ tripleo_cephadm_ssh_user }}" - group: "{{ tripleo_cephadm_ssh_user }}" - mode: '0755' - state: directory - become: true - -- name: Stat spec file on ansible host - stat: - path: "{{ tripleo_cephadm_spec_ansible_host }}" - register: tripleo_cephadm_spec_stat_host - delegate_to: localhost - -- name: push tripleo_cephadm_spec to bootstrap node if spec file exsits - copy: - src: "{{ tripleo_cephadm_spec_ansible_host }}" - dest: "{{ tripleo_cephadm_spec }}" - owner: "{{ tripleo_cephadm_ssh_user }}" - group: "{{ tripleo_cephadm_ssh_user }}" - mode: '0644' - become: true - when: tripleo_cephadm_spec_stat_host.stat.exists - -- name: was a tripleo_cephadm_bootstrap_conf passed? - when: - - tripleo_cephadm_bootstrap_conf is defined - - tripleo_cephadm_bootstrap_conf | length > 0 - block: - - name: stat tripleo_cephadm_bootstrap_conf file - stat: - path: "{{ tripleo_cephadm_bootstrap_conf }}" - register: stat_bootstrap_conf - become: true - delegate_to: localhost - ignore_errors: true - - - name: push it to tripleo_cephadm_assimilate_conf on bootstrap node - copy: - src: "{{ tripleo_cephadm_bootstrap_conf }}" - dest: "{{ tripleo_cephadm_assimilate_conf }}" - owner: "{{ tripleo_cephadm_ssh_user }}" - group: "{{ tripleo_cephadm_ssh_user }}" - mode: '0644' - become: true - when: stat_bootstrap_conf.stat.exists - -- name: generate tripleo_cephadm_assimilate_conf on bootstrap node - action: config_template - args: - src: "ceph.conf.j2" - dest: "{{ tripleo_cephadm_assimilate_conf }}" - owner: "{{ tripleo_cephadm_uid }}" - group: "{{ tripleo_cephadm_uid }}" - mode: "0644" - config_overrides: "{{ tripleo_cephadm_conf_overrides }}" - config_type: ini - become: true - when: - - tripleo_cephadm_bootstrap_conf is not defined or - tripleo_cephadm_bootstrap_conf | length == 0 diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/rbd_mirror.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/rbd_mirror.yaml deleted file mode 100644 index d16cae12f..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/rbd_mirror.yaml +++ /dev/null @@ -1,76 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Deploy the RBD Mirror daemon - block: - # Using two tasks with a boolean due to the ansible bug: https://github.com/ansible/ansible/issues/68364 - - name: Collect the host and build the resulting host list - set_fact: - _hosts: "{{ _hosts|default([]) + [ hostvars[item].canonical_hostname ] }}" - with_items: "{{ groups['ceph_rbdmirror'] }}" - when: tripleo_cephadm_fqdn | bool - - - name: Collect the host and build the resulting host list - set_fact: - _hosts: "{{ _hosts|default([]) + [ hostvars[item].inventory_hostname ] }}" - with_items: "{{ groups['ceph_rbdmirror'] }}" - when: not tripleo_cephadm_fqdn | bool - - - name: Create the RBD Mirror Daemon spec definition - become: true - ceph_mkspec: - service_type: rbd-mirror - apply: true - hosts: "{{ _hosts | unique }}" - render_path: "{{ tripleo_cephadm_spec_home }}" - networks: "{{ radosgw_address_block }}" - register: spc - environment: - CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}" - CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}" - CEPH_FSID: "{{ tripleo_cephadm_fsid }}" - when: - - tripleo_enabled_services | intersect(['ceph_rbdmirror']) - -- name: Configure RBD mirror - when: tripleo_cephadm_rbd_mirror_pool | default('') | length > 0 - block: - - name: Get ceph_cli - include_tasks: ceph_cli.yaml - vars: - ceph_command: rbd - - - name: enable mirroring on the pool - command: "{{ tripleo_cephadm_ceph_cli }} --cluster {{ tripleo_cephadm_cluster }} mirror pool enable {{ tripleo_cephadm_rbd_mirror_pool }} pool" - register: result - changed_when: false - retries: 90 - delay: 1 - until: result is succeeded - - - name: list mirroring peer - command: "{{ tripleo_cephadm_ceph_cli }} --cluster {{ tripleo_cephadm_cluster }} mirror pool info {{ tripleo_cephadm_rbd_mirror_pool }}" - changed_when: false - register: mirror_peer - - - name: add a mirroring peer - command: "{{ tripleo_cephadm_ceph_cli }} --cluster {{ tripleo_cephadm_cluster }} mirror pool peer add \ - {{ tripleo_cephadm_rbd_mirror_pool }} {{ tripleo_cephadm_rbd_mirror_remote_user }}_{{ tripleo_cephadm_rbd_mirror_remote_cluster }}" - changed_when: false - when: - - tripleo_cephadm_rbd_mirror_remote_user | length > 0 - - tripleo_cephadm_rbd_mirror_remote_cluster | length > 0 - - tripleo_cephadm_rbd_mirror_remote_user not in mirror_peer.stdout diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/rgw.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/rgw.yaml deleted file mode 100644 index f18f63e94..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/rgw.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Deploy the RGW daemon - block: - # Using two tasks with a boolean due to the ansible bug: https://github.com/ansible/ansible/issues/68364 - - name: Collect the host and build the resulting host list - set_fact: - _hosts: "{{ _hosts|default([]) + [ hostvars[item].canonical_hostname ] }}" - with_items: "{{ groups['ceph_rgw'] }}" - when: tripleo_cephadm_fqdn | bool - - - name: Collect the host and build the resulting host list - set_fact: - _hosts: "{{ _hosts|default([]) + [ hostvars[item].inventory_hostname ] }}" - with_items: "{{ groups['ceph_rgw'] }}" - when: not tripleo_cephadm_fqdn | bool - - - name: Get certificate from remote node if needed - become: true - when: - - tripleo_cephadm_internal_tls_enabled | bool - register: slurp_cert - ansible.builtin.slurp: - src: "{{ radosgw_frontend_ssl_certificate | default('/etc/pki/tls/certs/ceph_rgw.crt')}}" - - - name: Create the RGW Daemon spec definition - become: true - ceph_mkspec: - service_type: rgw - cluster: "{{ tripleo_cephadm_cluster }}" - apply: true - hosts: "{{ _hosts | unique }}" - spec: - rgw_frontend_port: "{{ radosgw_frontend_port }}" - rgw_realm: 'default' - rgw_zone: 'default' - rgw_frontend_ssl_certificate: "{{ rgw_frontend_cert }}" - ssl: "{{ tripleo_cephadm_internal_tls_enabled|default(false)|bool }}" - render_path: "{{ tripleo_cephadm_spec_home }}" - networks: "{{ radosgw_address_block }}" - register: spc - environment: - CEPH_CONTAINER_IMAGE: "{{ tripleo_cephadm_container_ns + '/' + tripleo_cephadm_container_image + ':' + tripleo_cephadm_container_tag }}" - CEPH_CONTAINER_BINARY: "{{ tripleo_cephadm_container_cli }}" - CEPH_FSID: "{{ tripleo_cephadm_fsid }}" - vars: - rgw_frontend_cert: "{{ slurp_cert.get('content', '') | b64decode }}" - when: - - tripleo_enabled_services | intersect(['ceph_rgw']) diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/toggle_cephadm.yml b/tripleo_ansible/roles/tripleo_cephadm/tasks/toggle_cephadm.yml deleted file mode 100644 index 2b3f8db4c..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/toggle_cephadm.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Fail if FSID is missing - fail: - msg: "The Ceph FSID is required to use the Ceph CLI in admin mode" - when: - - (tripleo_cephadm_fsid is not defined) or - (tripleo_cephadm_fsid | length < 1) - -- name: Get ceph_cli - include_tasks: ceph_cli.yaml - -- name: Set tripleo_cephadm_toggle_cmds - set_fact: - tripleo_cephadm_toggle_cmds: - - "{{ tripleo_cephadm_ceph_cli }} orch set backend {{ tripleo_cephadm_backend|default('') }}" - - "{{ tripleo_cephadm_ceph_cli }} mgr module {{ tripleo_cephadm_action|default('disable') }} cephadm" - -- name: Reverse the toggle command order when enabling - set_fact: - tripleo_cephadm_toggle_cmds: "{{ tripleo_cephadm_toggle_cmds | reverse | list }}" - when: - - tripleo_cephadm_action == 'enable' - -- name: Toggle Ceph - command: "{{ item }}" - changed_when: false - become: true - loop: "{{ tripleo_cephadm_toggle_cmds }}" diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/wait_for_expected_num_mons.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/wait_for_expected_num_mons.yaml deleted file mode 100644 index 865f4eb7e..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/wait_for_expected_num_mons.yaml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Get the expected number of mons - block: - - name: Read the spec file - set_fact: - tripleo_cephadm_spec_content: "{{ lookup('file', tripleo_cephadm_spec_ansible_host) }}" - - name: Parse each yaml document in the spec file looking for the list of mons - set_fact: - tripleo_cephadm_num_mons_expected: "{{ item.placement.hosts | list | length | int }}" - loop: "{{ tripleo_cephadm_spec_content | from_yaml_all | list }}" - when: - - item | length > 0 - - item.service_type is defined - - item.service_type == 'mon' - - item.placement is defined - - item.placement.hosts is defined - when: - - tripleo_cephadm_num_mons_expected is not defined - - tripleo_cephadm_spec_ansible_host is defined - - tripleo_cephadm_spec_ansible_host | length > 0 - -- name: Wait for expected number of mons to be running - shell: "{{ tripleo_cephadm_ceph_cli }} status --format json | jq .monmap.num_mons" - register: ceph_status - become: true - until: (ceph_status.stdout | int) >= ((tripleo_cephadm_num_mons_expected | int) | default(1)) - retries: "{{ tripleo_cephadm_wait_for_mons_retries }}" - delay: "{{ tripleo_cephadm_wait_for_mons_delay }}" - ignore_errors: "{{ tripleo_cephadm_wait_for_mons_ignore_errors }}" diff --git a/tripleo_ansible/roles/tripleo_cephadm/tasks/wait_for_expected_num_osds.yaml b/tripleo_ansible/roles/tripleo_cephadm/tasks/wait_for_expected_num_osds.yaml deleted file mode 100644 index ebf832c99..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/tasks/wait_for_expected_num_osds.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Wait for expected number of osds to be running - shell: "{{ tripleo_cephadm_ceph_cli }} status --format json | jq .osdmap.num_up_osds" - register: ceph_status - become: true - until: (ceph_status.stdout | int) >= ((tripleo_cephadm_num_osd_expected | int) | default(1)) - retries: "{{ tripleo_cephadm_wait_for_osds_retries }}" - delay: "{{ tripleo_cephadm_wait_for_osds_delay }}" - ignore_errors: "{{ tripleo_cephadm_wait_for_osds_ignore_errors }}" diff --git a/tripleo_ansible/roles/tripleo_cephadm/templates/ceph-nfs.service.j2 b/tripleo_ansible/roles/tripleo_cephadm/templates/ceph-nfs.service.j2 deleted file mode 100644 index 159c78780..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/templates/ceph-nfs.service.j2 +++ /dev/null @@ -1,54 +0,0 @@ -[Unit] -Description=NFS-Ganesha file server -Documentation=http://github.com/nfs-ganesha/nfs-ganesha/wiki -After=network.target - -[Service] -EnvironmentFile=-/etc/environment -{% if container_cli == 'podman' %} -ExecStartPre=-/usr/bin/rm -f /%t/%n-pid /%t/%n-cid -ExecStartPre=-/usr/bin/{{ container_cli }} rm --storage ceph-nfs-%i -ExecStartPre=-/usr/bin/mkdir -p /var/log/ceph /var/log/ganesha -{% endif %} -ExecStartPre=-/usr/bin/{{ container_cli }} rm ceph-nfs-%i -ExecStartPre=/usr/bin/mkdir -p /etc/ceph /etc/ganesha /var/lib/nfs/ganesha /var/log/ganesha -ExecStart=/usr/bin/{{ container_cli }} run --rm --net=host \ - --pids-limit={{ 0 if container_cli == 'podman' else -1 }} \ - -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \ - -v /var/lib/ceph:/var/lib/ceph:z \ - -v {{ tripleo_ceph_client_config_home }}:/etc/ceph:z \ - -v /var/lib/nfs/ganesha:/var/lib/nfs/ganesha:z \ - -v /etc/ganesha:/etc/ganesha:z \ - -v /var/run/ceph:/var/run/ceph:z \ - -v /var/log/ceph:/var/log/ceph:z \ - -v /var/log/ganesha:/var/log/ganesha:z \ - -v /etc/localtime:/etc/localtime:ro \ - -v /var/lib/nfs/rpc_pipefs/nfs:/var/lib/nfs/rpc_pipefs/nfs \ - --name=ceph-nfs-{{ tripleo_cephadm_ceph_nfs_service_suffix | default(ansible_facts['hostname']) }} \ - {% if tripleo_cephadm_ceph_nfs_dynamic_exports | bool %} - --privileged \ - -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket \ - {% endif -%} - {# Ceph Pacific is defined in the form "v16.x.y": filtering "16.*" is enough #} - {% if (tripleo_cephadm_ceph_version is defined) and - (tripleo_cephadm_ceph_version is match(tripleo_cephadm_pacific_filter)) %} - -e CLUSTER={{ tripleo_cephadm_cluster }} \ - -e CEPH_DAEMON=NFS \ - -e CONTAINER_IMAGE={{ tripleo_cephadm_container_ns }}/{{ tripleo_cephadm_container_image }}:{{ tripleo_cephadm_container_tag }} \ - {{ tripleo_cephadm_container_ns }}/{{ tripleo_cephadm_container_image }}:{{ tripleo_cephadm_container_tag }} - {% else %} - --entrypoint=/bin/sh \ - {{ tripleo_cephadm_container_ns }}/{{ tripleo_cephadm_container_image }}:{{ tripleo_cephadm_container_tag }} \ - -c 'rpcbind && rpc.statd -L && rpc.idmapd && /usr/bin/ganesha.nfsd -F -L STDOUT' - {% endif -%} -ExecStop=-/usr/bin/sh -c "/usr/bin/{{ container_cli }} rm -f `cat /%t/%n-cid`" -KillMode=none -Restart=always -RestartSec=10s -TimeoutStartSec=120 -TimeoutStopSec=15 -Type=forking -PIDFile=/%t/%n-pid - -[Install] -WantedBy=multi-user.target diff --git a/tripleo_ansible/roles/tripleo_cephadm/templates/ceph.conf.j2 b/tripleo_ansible/roles/tripleo_cephadm/templates/ceph.conf.j2 deleted file mode 100644 index f73c01aef..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/templates/ceph.conf.j2 +++ /dev/null @@ -1,33 +0,0 @@ -#jinja2: trim_blocks: "true", lstrip_blocks: "true" -# {{ ansible_managed }} -# Generated by tripleo_cephadm for initial bootstrap of first Ceph Mon - -{# MACRO AREA #} -{% macro render_map(root) -%} -{% for key, value in root.items() %} -{{ key}} = {{ value }} -{% endfor %} -{% endmacro %} - -[global] -fsid = {{ tripleo_cephadm_fsid }} -mon host = {{ tripleo_cephadm_first_mon_ip }} - -{# Build CephConfigOverrides #} -{% for key, value in (ceph_conf_overrides | default({})).items() %} -{% if not (['global', 'mon', 'mgr', 'osd', 'mds', 'client']) | intersect([key]) %} -{{ key }} = {{ value }} -{% elif (['global']) | intersect([key]) %} -{# Merge global defined values into this section #} -{{ render_map(value) }} -{% endif %} -{% endfor %} - -{# Build the remaining sections #} -{% for key, value in (ceph_conf_overrides | default({})).items() %} -{% if (['mon', 'mgr', 'osd', 'mds', 'client']) | intersect([key]) %} -[{{ key }}] -{# Render the current section #} -{{ render_map(value) }} -{% endif %} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_cephadm/templates/ceph_client.yaml.j2 b/tripleo_ansible/roles/tripleo_cephadm/templates/ceph_client.yaml.j2 deleted file mode 100644 index bbd4baa6d..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/templates/ceph_client.yaml.j2 +++ /dev/null @@ -1,15 +0,0 @@ ---- -tripleo_ceph_client_fsid: {{ tripleo_cephadm_fsid }} -tripleo_ceph_client_cluster: {{ tripleo_cephadm_cluster }} -external_cluster_mon_ips: "{{ external_cluster_mon_ips }}" -keys: -{% for ceph_key_cmd in tripleo_cephadm_client_keys.results %} -{% for cephx in (ceph_key_cmd.stdout | from_json) %} -- name: {{ cephx.entity }} - key: {{ cephx.key }} - caps: -{% for key, value in cephx.caps.items() %} - {{ key }}: {{ value }} -{% endfor %} -{% endfor %} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_cephadm/templates/deployed_ceph.yaml.j2 b/tripleo_ansible/roles/tripleo_cephadm/templates/deployed_ceph.yaml.j2 deleted file mode 100644 index 19ef31eee..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/templates/deployed_ceph.yaml.j2 +++ /dev/null @@ -1,25 +0,0 @@ ---- -parameter_defaults: - CephClusterFSID: {{ tripleo_cephadm_fsid }} - CephDynamicSpec: false - DeployedCeph: true - {% if tripleo_cephadm_standalone -%} - CephSpecFqdn: true - {% endif -%} - CephadmDefaultContainer: {{ tripleo_cephadm_default_container }} - ContainerCephDaemonImage: {{ tripleo_cephadm_container_ns }}/{{ tripleo_cephadm_container_image }}:{{ tripleo_cephadm_container_tag | string }} - CephClusterName: {{ tripleo_cephadm_cluster }} - {% if tripleo_cephadm_pools | default([]) | length > 0 -%} - CephPools: {{ tripleo_cephadm_pools }} - {% endif -%} - {% if tripleo_ceph_client_vars | default('') | length > 0 -%} - CephClientConfigVars: {{ tripleo_ceph_client_vars }} - {% endif -%} - {% if ceph_client_username | default('') | length > 0 -%} - CephClientUserName: {{ ceph_client_username }} - {% endif -%} - {% if ceph_client_key | default('') | length > 0 -%} - CephClientKey: {{ ceph_client_key }} - {% endif -%} - # Recommendation: set the following to false after overcloud is deployed - ApplyCephConfigOverridesOnUpdate: true diff --git a/tripleo_ansible/roles/tripleo_cephadm/templates/ganesha.conf.j2 b/tripleo_ansible/roles/tripleo_cephadm/templates/ganesha.conf.j2 deleted file mode 100644 index 01c41e91a..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/templates/ganesha.conf.j2 +++ /dev/null @@ -1,53 +0,0 @@ -#jinja2: trim_blocks: "true", lstrip_blocks: "true" -# {{ ansible_managed }} - -{% if tripleo_cephadm_ceph_nfs_dynamic_exports | bool and not tripleo_cephadm_ceph_nfs_rados_backend | bool %} -%include /etc/ganesha/export.d/INDEX.conf -{% endif %} - -NFS_Core_Param -{ -{% if tripleo_cephadm_ceph_nfs_bind_addr is defined %} - Bind_Addr={{ tripleo_cephadm_ceph_nfs_bind_addr }}; -{% endif %} -} - -{% if tripleo_cephadm_ceph_nfs_disable_caching | bool or nfs_file_gw | bool %} -EXPORT_DEFAULTS { - Attr_Expiration_Time = 0; -} - -CACHEINODE { - Dir_Chunk = 0; - - NParts = 1; - Cache_Size = 1; -} -{% endif %} - -{% if tripleo_cephadm_ceph_nfs_rados_backend | bool %} -RADOS_URLS { - ceph_conf = '/etc/ceph/{{ tripleo_cephadm_cluster }}.conf'; - userid = "{{ tripleo_cephadm_ceph_nfs_ceph_user }}"; -} -%url rados://{{ cephfs_data_pool.name }}/{{ tripleo_cephadm_nfs_rados_export_index }} - -NFSv4 { - RecoveryBackend = 'rados_kv'; - IdmapConf = "{{ tripleo_cephadm_idmap_conf }}"; -} -RADOS_KV { - ceph_conf = '/etc/ceph/{{ tripleo_cephadm_cluster }}.conf'; - userid = "{{ tripleo_cephadm_ceph_nfs_ceph_user }}"; - pool = "{{ cephfs_data_pool.name }}"; -} -{% endif %} - - -LOG { - Facility { - name = FILE; - destination = "/var/log/ganesha/ganesha.log"; - enable = active; - } -} diff --git a/tripleo_ansible/roles/tripleo_cephadm/templates/idmap.conf.j2 b/tripleo_ansible/roles/tripleo_cephadm/templates/idmap.conf.j2 deleted file mode 100644 index debfd13ea..000000000 --- a/tripleo_ansible/roles/tripleo_cephadm/templates/idmap.conf.j2 +++ /dev/null @@ -1,137 +0,0 @@ -[General] -#Verbosity = 0 -# The following should be set to the local NFSv4 domain name -# The default is the host's DNS domain name. -#Domain = local.domain.edu - -# In multi-domain environments, some NFS servers will append the identity -# management domain to the owner and owner_group in lieu of a true NFSv4 -# domain. This option can facilitate lookups in such environments. If -# set to a value other than "none", the nsswitch plugin will first pass -# the name to the password/group lookup function without stripping the -# domain off. If that mapping fails then the plugin will try again using -# the old method (comparing the domain in the string to the Domain value, -# stripping it if it matches, and passing the resulting short name to the -# lookup function). Valid values are "user", "group", "both", and -# "none". The default is "none". -#No-Strip = none - -# Winbind has a quirk whereby doing a group lookup in UPN format -# (e.g. staff@americas.example.com) will cause the group to be -# displayed prefixed with the full domain in uppercase -# (e.g. AMERICAS.EXAMPLE.COM\staff) instead of in the familiar netbios -# name format (e.g. AMERICAS\staff). Setting this option to true -# causes the name to be reformatted before passing it to the group -# lookup function in order to work around this. This setting is -# ignored unless No-Strip is set to either "both" or "group". -# The default is "false". -#Reformat-Group = false - -# The following is a comma-separated list of Kerberos realm -# names that should be considered to be equivalent to the -# local realm, such that @REALM.A can be assumed to -# be the same user as @REALM.B -# If not specified, the default local realm is the domain name, -# which defaults to the host's DNS domain name, -# translated to upper-case. -# Note that if this value is specified, the local realm name -# must be included in the list! -#Local-Realms = - -[Mapping] - -#Nobody-User = nobody -#Nobody-Group = nobody - -[Translation] - -# Translation Method is an comma-separated, ordered list of -# translation methods that can be used. Distributed methods -# include "nsswitch", "umich_ldap", and "static". Each method -# is a dynamically loadable plugin library. -# New methods may be defined and inserted in the list. -# The default is "nsswitch". -#Method = nsswitch - -# Optional. This is a comma-separated, ordered list of -# translation methods to be used for translating GSS -# authenticated names to ids. -# If this option is omitted, the same methods as those -# specified in "Method" are used. -#GSS-Methods = - -#-------------------------------------------------------------------# -# The following are used only for the "static" Translation Method. -#-------------------------------------------------------------------# -[Static] - -# A "static" list of GSS-Authenticated names to -# local user name mappings - -#someuser@REALM = localuser - - -#-------------------------------------------------------------------# -# The following are used only for the "umich_ldap" Translation Method. -#-------------------------------------------------------------------# - -[UMICH_SCHEMA] - -# server information (REQUIRED) -LDAP_server = ldap-server.local.domain.edu - -# the default search base (REQUIRED) -LDAP_base = dc=local,dc=domain,dc=edu - -#-----------------------------------------------------------# -# The remaining options have defaults (as shown) -# and are therefore not required. -#-----------------------------------------------------------# - -# whether or not to perform canonicalization on the -# name given as LDAP_server -#LDAP_canonicalize_name = true - -# absolute search base for (people) accounts -#LDAP_people_base = - -# absolute search base for groups -#LDAP_group_base = - -# Set to true to enable SSL - anything else is not enabled -#LDAP_use_ssl = false - -# You must specify a CA certificate location if you enable SSL -#LDAP_ca_cert = /etc/ldapca.cert - -# Objectclass mapping information - -# Mapping for the person (account) object class -#NFSv4_person_objectclass = NFSv4RemotePerson - -# Mapping for the nfsv4name attribute the person object -#NFSv4_name_attr = NFSv4Name - -# Mapping for the UID number -#NFSv4_uid_attr = UIDNumber - -# Mapping for the GSSAPI Principal name -#GSS_principal_attr = GSSAuthName - -# Mapping for the account name attribute (usually uid) -# The value for this attribute must match the value of -# the group member attribute - NFSv4_member_attr -#NFSv4_acctname_attr = uid - -# Mapping for the group object class -#NFSv4_group_objectclass = NFSv4RemoteGroup - -# Mapping for the GID attribute -#NFSv4_gid_attr = GIDNumber - -# Mapping for the Group NFSv4 name -#NFSv4_group_attr = NFSv4Name - -# Mapping for the Group member attribute (usually memberUID) -# The value of this attribute must match the value of NFSv4_acctname_attr -#NFSv4_member_attr = memberUID diff --git a/tripleo_ansible/roles/tripleo_clients_install/defaults/main.yml b/tripleo_ansible/roles/tripleo_clients_install/defaults/main.yml deleted file mode 100644 index 5ed0b5c27..000000000 --- a/tripleo_ansible/roles/tripleo_clients_install/defaults/main.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_clients_install" -tripleo_clients_install_pkg_state: present - -tripleo_clients_install_dict: - aodhclient: present - barbicanclient: present - cinderclient: present - designateclient: present - glanceclient: present - gnocchiclient: present - heatclient: present - ironicclient: present - keystoneclient: present - manilaclient: present - neutronclient: present - novaclient: present - openstackclient: present - osc-placement: present - swiftclient: present diff --git a/tripleo_ansible/roles/tripleo_clients_install/meta/main.yml b/tripleo_ansible/roles/tripleo_clients_install/meta/main.yml deleted file mode 100644 index 92492050f..000000000 --- a/tripleo_ansible/roles/tripleo_clients_install/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_clients_install - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_clients_install/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_clients_install/molecule/default/converge.yml deleted file mode 100644 index 239008e72..000000000 --- a/tripleo_ansible/roles/tripleo_clients_install/molecule/default/converge.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - tripleo_clients_install_dict: - aodhclient: installed - barbicanclient: installed - osc-placement: installed - roles: - - role: "tripleo_clients_install" diff --git a/tripleo_ansible/roles/tripleo_clients_install/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_clients_install/molecule/default/molecule.yml deleted file mode 100644 index b8aa37228..000000000 --- a/tripleo_ansible/roles/tripleo_clients_install/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_clients_install/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_clients_install/molecule/default/prepare.yml deleted file mode 100644 index 9298337d4..000000000 --- a/tripleo_ansible/roles/tripleo_clients_install/molecule/default/prepare.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_setup_tripleo: true - test_deps_setup_stream: true - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_clients_install/tasks/main.yml b/tripleo_ansible/roles/tripleo_clients_install/tasks/main.yml deleted file mode 100644 index c567bb975..000000000 --- a/tripleo_ansible/roles/tripleo_clients_install/tasks/main.yml +++ /dev/null @@ -1,63 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Set packages facts - set_fact: - client_package_facts: |- - {% set package_sets = { - 'absent': [], - 'installed': [], - 'latest': [], - 'present': [], - 'removed': [] - } - %} - {% for k, v in tripleo_clients_install_dict.items() %} - {% set pkg_name = tripleo_clients_install_python_prefix ~ '-' ~ k %} - {% if (tripleo_clients_install_pkg_state == 'present') and (v != tripleo_clients_install_pkg_state) %} - {% set _ = package_sets[v].append(pkg_name) %} - {% else %} - {% set _ = package_sets[tripleo_clients_install_pkg_state].append(pkg_name) %} - {% endif %} - {% endfor %} - {{ package_sets }} - -- name: "Manage package" - package: - name: "{{ pkg.value }}" - state: "{{ pkg.key }}" - releasever: "{{ ansible_facts['distribution_major_version'] }}" - when: - - (pkg.value | length) > 0 - loop: "{{ client_package_facts | dict2items }}" - loop_control: - label: "{{ pkg.value }}: {{ pkg.key }}" - loop_var: pkg diff --git a/tripleo_ansible/roles/tripleo_clients_install/vars/redhat.yml b/tripleo_ansible/roles/tripleo_clients_install/vars/redhat.yml deleted file mode 100644 index af19af25e..000000000 --- a/tripleo_ansible/roles/tripleo_clients_install/vars/redhat.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "tripleo_clients_install_" - -tripleo_clients_install_python_prefix: python3 diff --git a/tripleo_ansible/roles/tripleo_collectd/defaults/main.yml b/tripleo_ansible/roles/tripleo_collectd/defaults/main.yml deleted file mode 100644 index b6673e535..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/defaults/main.yml +++ /dev/null @@ -1,228 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# Corresponds to MetricsQdrPort in THT -# Service name or port number on which the qdrouterd will accept connections. -metrics_qdr_port: 5666 - -# Corresponds to MetricsQdrUsername in THT -# Username which should be used to authenticate to the deployed qdrouterd. -metrics_qdr_username: guest - -# Corresponds to MetricsQdrPassword in THT -# Password which should be used to authenticate to the deployed qdrouterd. -metrics_qdr_password: guest - -# Corresponds to MonitoringSubscriptionCollectd in THT -tripleo_collectd_monitoring_subscription: overcloud-collectd - -# Corresponds to CollectdConnectionType in THT -# Define which write plugin should collectd use. Currently supported are 'amqp1', -# 'network' and 'gnocchi'. -tripleo_collectd_connection_type: amqp1 - -# Corresponds to CollectdDefaultPollingInterval in THT -# Controls how often registered read functions are called and with that the -# resolution of the collected data. This value can be overridden per plugin(per -# role) by setting "::collectd::plugin::::interval" key in -# ExtraConfig(ExtraConfig). -tripleo_collectd_default_polling_interval: 120 - -# Corresponds to CollectdDefaultPlugins in THT -# List of collectd plugins to activate on all overcloud hosts. See the -# documentation for the puppet-collectd module for a list plugins supported by -# the module (https://github.com/voxpupuli/puppet-collectd). Set this key to -# override the default list of plugins. Use CollectdExtraPlugins if you want to -# load additional plugins without overriding the defaults. -tripleo_collectd_default_plugins: ['cpu', 'df', 'disk', 'hugepages', 'interface', 'load', 'memory', 'processes', 'unixsock', 'uptime'] - -# Corresponds to CollectdExtraPlugins in THT -# List of collectd plugins to activate on all overcloud hosts. See the -# documentation for the puppet-collectd module for a list plugins supported by -# the module (https://github.com/voxpupuli/puppet-collectd). Set this key to load -# plugins in addition to those in CollectdDefaultPlugins. -tripleo_collectd_extra_plugins: [] - -# Corresponds to CollectdServer in THT -# Address of remote collectd server to which we will send metrics. -tripleo_collectd_server: - -# Corresponds to CollectdServerPort in THT -# Port on remote collectd server to which we will send metrics. -tripleo_collectd_server_port: 25826 - -# Corresponds to CollectdUsername in THT -# Username for authenticating to the remote collectd server. The default is to -# not configure any authentication. -tripleo_collectd_username: - -# Corresponds to CollectdPassword in THT -# Password for authenticating to the remote collectd server. The default is to -# not configure any authentication. -tripleo_collectd_password: - -# Corresponds to CollectdSecurityLevel in THT -# Security level setting for remote collectd connection. If it is set to Sign or -# Encrypt the CollectdPassword and CollectdUsername parameters need to be set. -tripleo_collectd_security_level: None - -# Corresponds to EnableSQLAlchemyCollectd in THT -# Set to true to enable the SQLAlchemy-collectd server plugin -tripleo_collectd_enable_sqlalchemy: false - -# Corresponds to CollectdSQLAlchemyLogMessages in THT -# set to "debug" to enable message logging. -tripleo_collectd_sqlalchemy_log_messages: info - -# Corresponds to CollectdSQLAlchemyBindHost in THT -# hostname for SQLAlchemy-collectd plugin to bind on. defaults to localhost. -tripleo_collectd_sqlalchemy_bind_host: localhost - -# Corresponds to CollectdAmqpHost in THT -# Hostname or IP address of the AMQP 1.0 intermediary. -tripleo_collectd_amqp_host: nil - -# Corresponds to CollectdAmqpPort in THT -# Service name or port number on which the AMQP 1.0 intermediary accepts -# connections. This argument must be a string, even if the numeric form is used. -tripleo_collectd_amqp_port: 5666 - -# Corresponds to CollectdAmqpUser in THT -# User part of credentials used to authenticate to the AMQP 1.0 intermediary. -tripleo_collectd_amqp_user: guest - -# Corresponds to CollectdAmqpPassword in THT -# Password part of credentials used to authenticate to the AMQP 1.0 intermediary. -tripleo_collectd_amqp_password: guest - -# Corresponds to CollectdAmqpTransportName in THT -# Name of the AMQP 1.0 transport. -tripleo_collectd_amqp_transport_name: metrics - -# Corresponds to CollectdAmqpAddress in THT -# This option specifies the prefix for the send-to value in the message. -tripleo_collectd_amqp_address: collectd - -# Corresponds to CollectdAmqpInstances in THT -# Hash of hashes. Each inner hash represent Instance block in plugin -# configuration file. Key of outter hash represents instance name. The 'address' -# value concatenated with the 'name' given will be used as the send-to address -# for communications over the messaging link. -tripleo_collectd_amqp_instances: {} - -# Corresponds to CollectdAmqpRetryDelay in THT -# When the AMQP 1.0 connection is lost, defines the time in seconds to wait -# before attempting to reconnect. -tripleo_collectd_amqp_retry_delay: 1 - -# Corresponds to CollectdAmqpInterval in THT -# Interval on which metrics should be sent to AMQP intermediary. If not set the -# default for all collectd plugins is used. -tripleo_collectd_amqp_interval: -666 - -# Corresponds to CollectdAmqpSendQueueLimit in THT -# Number of data sets to be kept in memory, older sets will be discarded, -# if set to -1, this feature is disabled. -tripleo_collectd_amqp_send_queue_limit: -1 - -# Corresponds to CollectdEnableSensubility in THT -# Set to true if sensubility should be executed by exec plugin. -tripleo_collectd_enable_sensubility: false - -# Corresponds to CollectdSensubilityExecSudoRule in THT -# Given rule will be created in /etc/sudoers.d for sensubility to enable it -# calling restricted commands via sensubility executor. -tripleo_collectd_sensubility_exec_sudo_rule: '' - -# Corresponds to CollectdSensubilityLogLevel in THT -# Use for override the default logging level (WARNING). -tripleo_collectd_sensubility_log_level: WARNING - -# Corresponds to CollectdSensubilityConnection in THT -# URL to Sensu sever side -tripleo_collectd_sensubility_connection: amqp://sensu:sensu@localhost:5672//sensu - -tripleo_collectd_sensubility_subscriptions: [] - -# Corresponds to CollectdSensubilityKeepaliveInterval in THT -# Interval in seconds for sending keepalive messages to Sensu server side. -tripleo_collectd_sensubility_keepalive_interval: 20 - -# Corresponds to CollectdSensubilityTmpDir in THT -# Path to temporary directory which is used for creation of check scripts. -tripleo_collectd_sensubility_tmp_dir: /var/tmp/collectd-sensubility-checks - -# Corresponds to CollectdSensubilityShellPath in THT -# Path to shell used for executing check scripts. -tripleo_collectd_sensubility_shell_path: /usr/bin/sh - -# Corresponds to CollectdSensubilityWorkerCount in THT -# Number of goroutines spawned for executing check scripts. -tripleo_collectd_sensubility_worker_count: 2 - -# Corresponds to CollectdSensubilityChecks in THT -# JSON formated definition of standalone checks to be scheduled on client side. -tripleo_collectd_sensubility_checks: {} - -# Corresponds to CollectdSensubilityTransport in THT -# Bus type for sent data. Options are 'sensu' (rabbitmq) and 'amqp1' -tripleo_collectd_sensubility_transport: sensu - -# Corresponds to CollectdSensubilityResultsChannel in THT -# AMQP1 channel address -tripleo_collectd_sensubility_results_channel: 'collectd/notify' - -# Corresponds to CollectdEnableContainerHealthCheck in THT -# Set to false if container health check should not be defined and attached to -# CollectdEnableContainerHealthCheck. -tripleo_collectd_enable_container_health_check: true - -# Corresponds to CollectdContainerHealthCheckCommand in THT -# The command to be run by sensubility when the health check is enabled. -# Defaults to a script that is expected to be placed by TripleO at the given -# location. -tripleo_collectd_container_health_check_command: /scripts/collectd_check_health.py - -# Corresponds to CollectdContainerHealthCheckInterval in THT -# The frequency in seconds the docker health check is executed. -tripleo_collectd_container_health_check_interval: 10 - -# Corresponds to CollectdContainerHealthCheckHandlers in THT -# The Sensu event handler to use for events created by the docker health check. -tripleo_collectd_container_health_check_handlers: [] - -# Corresponds to CollectdContainerHealthCheckOccurrences in THT -# The number of event occurrences before sensu-plugin-aware handler should take -# action. -tripleo_collectd_container_health_check_occurrences: 3 - -# Corresponds to CollectdContainerHealthCheckRefresh in THT -# The number of seconds sensu-plugin-aware handlers should wait before taking -# second action. -tripleo_collectd_container_health_check_refresh: 90 - -# Corresponds to EnableSTF in THT -# Set to true to enable configuration for STF client. -tripleo_collectd_enable_stf: false - -# Corresponds to CollectdEnableMcelog in THT -# Set to true to enable mcelog -tripleo_collectd_enable_mcelog: false - -# Corresponds to CollectdEnableLibpodstats in THT -# Set to true if collectd should run the libpodstats plugin -tripleo_collectd_enable_libpodstats: false diff --git a/tripleo_ansible/roles/tripleo_collectd/files/openstack-healthcheck.conf b/tripleo_ansible/roles/tripleo_collectd/files/openstack-healthcheck.conf deleted file mode 100644 index 0a8d86b2a..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/files/openstack-healthcheck.conf +++ /dev/null @@ -1,2 +0,0 @@ -if ($programname startswith 'podman' and ($msg contains 'container exec' or $msg contains 'healthy')) or ($programname startswith 'systemd' and $msg contains 'podman healthcheck run') then -/var/log/containers/collectd/healthchecks.stdout -& stop diff --git a/tripleo_ansible/roles/tripleo_collectd/meta/main.yml b/tripleo_ansible/roles/tripleo_collectd/meta/main.yml deleted file mode 100644 index 00eb7b3d5..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/meta/main.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_collectd - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.9 - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_collectd/molecule/amqp_connection_default_interval/converge.yml b/tripleo_ansible/roles/tripleo_collectd/molecule/amqp_connection_default_interval/converge.yml deleted file mode 100644 index 3ecc9c223..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/molecule/amqp_connection_default_interval/converge.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: collectd-test - tasks: - - name: "Set up expected THT vars" - set_fact: - tripleo_role_name: "SomeRole" - service_net_map: - some_role_metrics_qdr_network: "ctlplane" - ctlplane_ip: "10.0.0.42" - - - name: "Use tripleo_collectd to configure collectd using the default interval for amqp" - include_role: - name: "{{ playbook_dir }}/../../../tripleo_collectd" - tasks_from: configure_collectd - vars: - collectd_conf_output_dir: "/etc/collectd.d/" - tripleo_collectd_amqp_host: collectd-test - tripleo_collectd_connection_type: 'amqp1' - tripleo_collectd_amqp_interval: -666 diff --git a/tripleo_ansible/roles/tripleo_collectd/molecule/amqp_connection_default_interval/molecule.yml b/tripleo_ansible/roles/tripleo_collectd/molecule/amqp_connection_default_interval/molecule.yml deleted file mode 100644 index 3cbc78f2c..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/molecule/amqp_connection_default_interval/molecule.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -driver: - name: podman - -platforms: - - name: collectd-test - hostname: collectd-test - image: ubi9/ubi-init - registry: - url: registry.access.redhat.com - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg:O - - /opt/yum.repos.d:/etc/yum.repos.d:O - - /etc/dnf/vars:/etc/dnf/vars:O - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - CONTAINER_BIN: podman - ulimits: &ulimit - - host - -provisioner: - inventory: - hosts: - all: - hosts: - collectd-test: - ansible_python_interpreter: /usr/bin/python3 - host_vars: - collectd-test: - collectd_conf_output_dir: "/etc/collectd.d/" - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-\ - /usr/share/ansible/plugins/filter}" - playbooks: - prepare: ../common/prepare.yml - -verifier: - name: ansible - -dependency: - name: galaxy - options: - role-file: molecule/common/requirements.yml - -scenario: - test_sequence: - - destroy - - dependency - - create - - prepare - - converge - - check - - verify - - destroy diff --git a/tripleo_ansible/roles/tripleo_collectd/molecule/amqp_connection_default_interval/verify.yml b/tripleo_ansible/roles/tripleo_collectd/molecule/amqp_connection_default_interval/verify.yml deleted file mode 100644 index cdfd4cb45..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/molecule/amqp_connection_default_interval/verify.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- import_playbook: ../common/verify.yml - -- name: Verify - hosts: collectd-test - tasks: - - name: "Get amqp conf" - stat: - path: "{{ collectd_conf_output_dir }}/amqp1.conf" - register: amqp_conf - failed_when: - - not amqp_conf.stat.exists - - - name: "Check that default interval was unchanged" - command: - grep "Interval" {{ collectd_conf_output_dir }}/amqp1.conf - register: interval - changed_when: false - failed_when: - - ( interval.stdout | length != 0 ) or ( interval.stderr_lines | length != 0 ) diff --git a/tripleo_ansible/roles/tripleo_collectd/molecule/collectd_connection/converge.yml b/tripleo_ansible/roles/tripleo_collectd/molecule/collectd_connection/converge.yml deleted file mode 100644 index cb34f4b40..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/molecule/collectd_connection/converge.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: collectd-test - tasks: - - name: "Use tripleo_collectd to configure collectd to sent metrics using the network plugin" - include_role: - name: "{{ playbook_dir }}/../../../tripleo_collectd" - tasks_from: configure_collectd - vars: - collectd_conf_output_dir: "/etc/collectd.d/" - tripleo_collectd_connection_type: 'network' - tripleo_collectd_server: '192.168.42.2' - -- name: Converge collectd-server - hosts: collectd-server - tasks: - - name: "Configure collectd on the server to receive metrics" - include_role: - name: collectd_config - vars: - collectd_conf_output_dir: "/etc/collectd.d/" - collectd_plugin_network_listen: - - address: "192.168.42.2" - collectd_plugins: - - logfile - - network - - unixsock diff --git a/tripleo_ansible/roles/tripleo_collectd/molecule/collectd_connection/molecule.yml b/tripleo_ansible/roles/tripleo_collectd/molecule/collectd_connection/molecule.yml deleted file mode 100644 index 81e20ab40..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/molecule/collectd_connection/molecule.yml +++ /dev/null @@ -1,90 +0,0 @@ ---- -dependency: - name: galaxy - options: - role-file: molecule/common/requirements.yml -driver: - name: podman - -platforms: - - name: collectd-test - hostname: collectd-test - image: ubi9/ubi-init - registry: - url: registry.access.redhat.com - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg:O - - /opt/yum.repos.d:/etc/yum.repos.d:O - - /etc/dnf/vars:/etc/dnf/vars:O - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - CONTAINER_BIN: podman - ulimits: &ulimit - - host - docker_networks: - - name: collectd - ipam_config: - - subnet: "192.168.42.0/24" - gateway: "192.168.42.254" - networks: - - name: collectd - ipv4_address: "192.168.42.1" - - - name: collectd-server - hostname: collectd-server - image: ubi9/ubi-init - registry: - url: registry.access.redhat.com - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg:O - - /opt/yum.repos.d:/etc/yum.repos.d:O - - /etc/dnf/vars:/etc/dnf/vars:O - privileged: true - environment: - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - CONTAINER_BIN: podman - ulimits: - - host - networks: - - name: collectd - ipv4_address: "192.168.42.2" - -provisioner: - inventory: - hosts: - all: - hosts: - collectd-test: - ansible_python_interpreter: /usr/bin/python3 - collectd-server: - ansible_python_interpreter: /usr/bin/python3 - host_vars: - collectd-test: - collectd_conf_output_dir: "/etc/collectd.d/" - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-\ - /usr/share/ansible/plugins/filter}" - playbooks: - prepare: ../common/prepare.yml - -verifier: - name: ansible - -scenario: - test_sequence: - - destroy - - dependency - - create - - prepare - - converge - - verify - - destroy - - cleanup diff --git a/tripleo_ansible/roles/tripleo_collectd/molecule/collectd_connection/verify.yml b/tripleo_ansible/roles/tripleo_collectd/molecule/collectd_connection/verify.yml deleted file mode 100644 index a717c2436..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/molecule/collectd_connection/verify.yml +++ /dev/null @@ -1,99 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# TODO: Reconsider this later, but it seems like a bad fit right now, since -# there are two hosts in the scenario, and this relies on there being one, and -# using podman -# - import_playbook: ../common/verify.yml -- name: Verify collectd-test - hosts: collectd-test - tasks: - - name: "Check that network.conf exists" - stat: - path: "{{ collectd_conf_output_dir }}/network.conf" - register: network_conf - failed_when: - - not network_conf.stat.exists - - - name: "Get the network.conf is configuration" - slurp: - path: "{{ collectd_conf_output_dir }}/network.conf" - register: network_conf - - - name: "Check the contents of network.conf" - assert: - that: - - '"" in network_conf.content | b64decode' - - '"SecurityLevel \"None\"" in network_conf.content | b64decode' - - not "Username" in network_conf.content | b64decode - - not "Password" in network_conf.content | b64decode - fail_msg: "Incorrect contents in network.conf: {{ network_conf.content | b64decode }}" - -- name: "(Re)start collectd service" - hosts: - - collectd-test - - collectd-server - tasks: - - name: "Kill running collectd process" - command: - pkill -e -c collectd - ignore_errors: true - changed_when: false - - - name: "Start collectd" - command: - /usr/sbin/collectd -C /etc/collectd.conf - changed_when: false - -- name: Verify collectd-server - hosts: collectd-server - tasks: - - name: Check for files in conf output dir - find: - paths: /etc/collectd.d - patterns: '*.conf' - register: output - failed_when: - - output.files | length == 0 - - - name: "Check for collectd.conf" - find: - paths: /etc/ - patterns: collectd.conf - register: conf - failed_when: - - conf.files | length != 1 - - - name: "Check for metrics received by the collectd server" - command: - collectdctl -s /var/run/collectd-socket listval - retries: 3 - delay: 5 - register: plugins - until: plugins.stdout_lines | length > 0 - changed_when: false - failed_when: - - ( plugins.stderr | length > 0 ) or ( plugins.rc != 0 ) - - - name: "Make sure the metrics on collectd-server are from collectd-test" - shell: | - set -o pipefail - collectdctl -s /var/run/collectd-socket listval | grep ^collectd-test/ | wc -l - register: test_plugins - changed_when: false - failed_when: - - plugins.stdout_lines | length != test_plugins.stdout | int diff --git a/tripleo_ansible/roles/tripleo_collectd/molecule/common/prepare.yml b/tripleo_ansible/roles/tripleo_collectd/molecule/common/prepare.yml deleted file mode 100644 index d2376a21b..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/molecule/common/prepare.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: - - collectd-test - - collectd-server - roles: - - role: test_deps - test_deps_setup_tripleo: true - test_deps_setup_stream: true - test_deps_extra_packages: - - collectd - - collectd-amqp1 - - collectd-disk - - collectd-hugepages - # for collectdctl - - collectd-utils - # enable_stf - - collectd-connectivity - - collectd-ipmi - - collectd-procevent - - collectd-rdt - # enable_sqlalchemy - - collectd-python - - python3-sqlalchemy-collectd - # libpodstats - - collectd-libpod-stats - - procps-ng - - role: env_data - tasks: - - name: "Create a directory for the log file" - file: - path: /var/log/collectd/ - state: directory - mode: 0766 diff --git a/tripleo_ansible/roles/tripleo_collectd/molecule/common/requirements.yml b/tripleo_ansible/roles/tripleo_collectd/molecule/common/requirements.yml deleted file mode 100644 index 0cfeb1600..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/molecule/common/requirements.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -roles: - - src: git+https://github.com/infrawatch/functional-tests - name: functional_tests - - - src: git+http://github.com/infrawatch/collectd-config-ansible-role - name: collectd_config diff --git a/tripleo_ansible/roles/tripleo_collectd/molecule/common/verify.yml b/tripleo_ansible/roles/tripleo_collectd/molecule/common/verify.yml deleted file mode 100644 index 734c6a59e..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/molecule/common/verify.yml +++ /dev/null @@ -1,89 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: "Common Verify tasks" - hosts: collectd-test - tasks: - - name: Check for files in conf output dir - find: - paths: "{{ collectd_conf_output_dir }}" - patterns: '*.conf' - register: plugins - failed_when: - - plugins.files | length == 0 - - - name: "Check for collectd.conf" - stat: - path: "{{ collectd_conf_output_dir }}/../collectd.conf" - register: conf - failed_when: - - not conf.stat.exists - - - name: "Check what plugins were enabled." - command: | - ls {{ collectd_conf_output_dir }} - register: plugins - changed_when: false - failed_when: > - ( plugins.stdout_lines | length < 1 ) or - ( 'logfile.conf' not in plugins.stdout_lines ) - - - name: "Debug -- list of plugins, one per line" - debug: - var: plugins.stdout_lines - - - name: "(Re)start collectd service" - block: - - name: "Kill running collectd process" - command: - pkill -e -c collectd - ignore_errors: true - - - name: "Start collectd" - command: - /usr/sbin/collectd -C /etc/collectd.conf - - - name: "Get logfile path" - shell: | - set -o pipefail - grep "File" {{ collectd_conf_output_dir }}/logfile.conf | awk '{ print $NF }' - register: logfile_path - changed_when: false - - - name: "Make sure there is a directory for the logfile to live in since collectd doesn't seem to create this by default" - stat: - path: "{{ logfile_path.stdout | regex_replace('\"', '') | dirname }}" - register: logfile_stat - failed_when: - - not logfile_stat.stat.exists - - - name: "Make sure the logfile is created" - stat: - path: "{{ logfile_path.stdout | regex_replace('\"', '') }}" - register: logfile_stat - failed_when: - - not logfile_stat.stat.exists - -- hosts: localhost - tasks: - - name: "Run the collectd test from STF functional-tests" - include_role: - name: functional_tests - tasks_from: test_collectd - vars: - collectd_container_name: 'collectd-test' - container_bin: "{{ lookup('env', 'CONTAINER_BIN') | default('podman', True) }}" diff --git a/tripleo_ansible/roles/tripleo_collectd/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_collectd/molecule/default/converge.yml deleted file mode 100644 index ade494980..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/molecule/default/converge.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: collectd-test - tasks: - - name: "Set up expected THT vars" - set_fact: - tripleo_role_name: "SomeRole" - service_net_map: - some_role_metrics_qdr_network: "ctlplane" - ctlplane_ip: "10.0.0.42" - - - name: "Use tripleo_collectd to configure collectd with defaults" - include_role: - name: "{{ playbook_dir }}/../../../tripleo_collectd" - tasks_from: configure_collectd - vars: - collectd_conf_output_dir: "/etc/collectd.d/" diff --git a/tripleo_ansible/roles/tripleo_collectd/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_collectd/molecule/default/molecule.yml deleted file mode 100644 index e5f4a2102..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/molecule/default/molecule.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -driver: - name: podman - -platforms: - - name: collectd-test - hostname: collectd-test - image: ubi9/ubi-init - registry: - url: registry.access.redhat.com - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg:O - - /opt/yum.repos.d:/etc/yum.repos.d:O - - /etc/dnf/vars:/etc/dnf/vars:O - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - CONTAINER_BIN: podman - ulimits: &ulimit - - host - -provisioner: - inventory: - hosts: - all: - hosts: - collectd-test: - ansible_python_interpreter: /usr/bin/python3 - host_vars: - collectd-test: - collectd_conf_output_dir: "/etc/collectd.d/" - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-\ - /usr/share/ansible/plugins/filter}" - playbooks: - prepare: ../common/prepare.yml - verify: ../common/verify.yml - -lint: | - ansible-lint **/*.yml - -verifier: - name: ansible - -dependency: - name: galaxy - options: - role-file: molecule/common/requirements.yml - -scenario: - name: default - test_sequence: - - destroy - - dependency - - create - - prepare - - converge - - check - - verify - - destroy diff --git a/tripleo_ansible/roles/tripleo_collectd/molecule/default/verify.yml b/tripleo_ansible/roles/tripleo_collectd/molecule/default/verify.yml deleted file mode 100644 index cde5e7d1a..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/molecule/default/verify.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- import_playbook: ../common/verify.yml - -- name: Verify - hosts: collectd-test - tasks: - - name: "Check that the right plugins are enabled" - stat: - path: "{{ collectd_conf_output_dir }}/{{ item }}.conf" - register: conf - failed_when: - - not conf.stat.exists - loop: - - cpu - - df - - disk - - hugepages - - interface - - load - - memory - - processes - - unixsock - - uptime diff --git a/tripleo_ansible/roles/tripleo_collectd/molecule/enable_sensubility_libpodstats_sqlalchemy/converge.yml b/tripleo_ansible/roles/tripleo_collectd/molecule/enable_sensubility_libpodstats_sqlalchemy/converge.yml deleted file mode 100644 index 48020b870..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/molecule/enable_sensubility_libpodstats_sqlalchemy/converge.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Converge - hosts: collectd-test - tasks: - - set_fact: - tripleo_role_name: "SomeRole" - service_net_map: - some_role_metrics_qdr_network: "ctlplane" - ctlplane_ip: "10.0.0.42" - fqdn_ctlplane: "standalone.ctlplane.localdomain" - - - include_role: - name: '{{ playbook_dir }}/../../../tripleo_collectd' - tasks_from: configure_collectd - vars: - collectd_conf_output_dir: "/etc/collectd.d/" - tripleo_collectd_enable_sensubility: true - tripleo_collectd_enable_libpodstats: true - tripleo_collectd_enable_sqlalchemy: true - tripleo_collectd_sensubility_exec_sudo_rule: "collectd ALL = NOPASSWD: ALL" diff --git a/tripleo_ansible/roles/tripleo_collectd/molecule/enable_sensubility_libpodstats_sqlalchemy/molecule.yml b/tripleo_ansible/roles/tripleo_collectd/molecule/enable_sensubility_libpodstats_sqlalchemy/molecule.yml deleted file mode 100644 index 3cbc78f2c..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/molecule/enable_sensubility_libpodstats_sqlalchemy/molecule.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -driver: - name: podman - -platforms: - - name: collectd-test - hostname: collectd-test - image: ubi9/ubi-init - registry: - url: registry.access.redhat.com - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg:O - - /opt/yum.repos.d:/etc/yum.repos.d:O - - /etc/dnf/vars:/etc/dnf/vars:O - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - CONTAINER_BIN: podman - ulimits: &ulimit - - host - -provisioner: - inventory: - hosts: - all: - hosts: - collectd-test: - ansible_python_interpreter: /usr/bin/python3 - host_vars: - collectd-test: - collectd_conf_output_dir: "/etc/collectd.d/" - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-\ - /usr/share/ansible/plugins/filter}" - playbooks: - prepare: ../common/prepare.yml - -verifier: - name: ansible - -dependency: - name: galaxy - options: - role-file: molecule/common/requirements.yml - -scenario: - test_sequence: - - destroy - - dependency - - create - - prepare - - converge - - check - - verify - - destroy diff --git a/tripleo_ansible/roles/tripleo_collectd/molecule/enable_sensubility_libpodstats_sqlalchemy/verify.yml b/tripleo_ansible/roles/tripleo_collectd/molecule/enable_sensubility_libpodstats_sqlalchemy/verify.yml deleted file mode 100644 index effe2203d..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/molecule/enable_sensubility_libpodstats_sqlalchemy/verify.yml +++ /dev/null @@ -1,123 +0,0 @@ ---- -- import_playbook: ../common/verify.yml - -- name: "Verify collectd exec plugin" - hosts: collectd-test - tasks: - - name: "Check that the exec plugin config file exists" - stat: - path: '/etc/collectd.d/exec.conf' - register: output - failed_when: - - not output.stat.exists - - - name: "Get contents of exec file" - slurp: - path: /etc/collectd.d/exec.conf - register: exec_conf - failed_when: - - '"Exec \"collectd:collectd\" \"collectd-sensubility\"" not in exec_conf.content | b64decode' - - - name: Check that the sensubility file exists - stat: - path: '/etc/collectd-sensubility.conf' - register: output - failed_when: - - not output.stat.exists - - - name: "Get contents of the generated collectd-sensubility file" - slurp: - src: /etc/collectd-sensubility.conf - register: sensubility_conf - - - name: "Show the contents of generated collectd-sensubility file" - debug: - msg: "{{ sensubility_conf.content | b64decode }}" - - - name: "Check the contents of generated collectd-sensubility.conf file" - assert: - that: - - '"connection=amqp://sensu:sensu@localhost:5672//sensu" in sensubility_conf.content | b64decode' - - '"client_name=standalone.ctlplane.localdomain" in sensubility_conf.content | b64decode' - - '"client_address=10.0.0.42" in sensubility_conf.content | b64decode' - - '"keepalive_interval=20" in sensubility_conf.content | b64decode' - - '"tmp_base_dir=/var/tmp/collectd-sensubility-checks" in sensubility_conf.content | b64decode' - - '"shell_path=/usr/bin/sh" in sensubility_conf.content | b64decode' - - '"worker_count=2" in sensubility_conf.content | b64decode' - success_msg: "Expected content found in collectd-sensubility.conf" - - - name: "Check that the sensubility sudoers file has been created" - stat: - path: /etc/sudoers.d/sensubility_collectd - register: sudoer_file - failed_when: - - not sudoer_file.stat.exists - - - name: "Check that the sensubility sudoers file has been populated" - slurp: - src: /etc/sudoers.d/sensubility_collectd - register: sensubility_sudoers - failed_when: - - 'not "collectd ALL = NOPASSWD: ALL" in sensubility_sudoers.content | b64decode' - -- name: "Verify collectd libpodstats plugin" - hosts: collectd-test - tasks: - - name: Check that the libpodstats conf file exists - stat: - path: '/etc/collectd.d/libpodstats.conf' - register: output - failed_when: - - not output.stat.exists - - - name: Get contents of libpodstats.conf - slurp: - src: /etc/collectd.d/libpodstats.conf - register: libpodstats_conf - failed_when: - - not 'LoadPlugin "libpodstats"' in libpodstats_conf.content | b64decode - - not '' in libpodstats_conf.content | b64decode - - not '' in libpodstats_conf.content | b64decode - - - name: "Check that the TypesDB has been updated" - slurp: - src: /etc/collectd.conf - register: output - failed_when: - - not "TypesDB \"/etc/collectd.d//types.db.libpodstats\"" in output.content | b64decode - - - name: "Check that the contents of types.db.libpodstats are as expected" - slurp: - src: /etc/collectd.d/types.db.libpodstats - register: typesdb - failed_when: - - not "pod_cpu percent:GAUGE:0:100.1, time:DERIVE:0:U" in typesdb.content | b64decode - - not "pod_memory value:GAUGE:0:281474976710656" in typesdb.content | b64decode - -- name: Verify collectd sqlalchemy plugin - hosts: collectd-test - tasks: - - name: "Make sure python.conf exists" - stat: - path: "{{ collectd_conf_output_dir }}/python.conf" - register: python_conf - failed_when: - - not python_conf.stat.exists - - - name: "Get contents of python.conf" - slurp: - path: "{{ collectd_conf_output_dir }}/python.conf" - register: python_conf - - - name: "Check that the config imports sqlalchemy" - assert: - that: - - '"Import \"sqlalchemy_collectd.server.plugin\"" in python_conf.content | b64decode' - fail_msg: "SQLAlchemy is not imported by python config" - - - name: "Check that collectd_sqlalchemy is configured as expected" - assert: - that: - - '"" in python_conf.content | b64decode' - - '"listen \"localhost\" 25827" in python_conf.content | b64decode' - - '"loglevel \"info\"" in python_conf.content | b64decode' diff --git a/tripleo_ansible/roles/tripleo_collectd/molecule/enable_stf/converge.yml b/tripleo_ansible/roles/tripleo_collectd/molecule/enable_stf/converge.yml deleted file mode 100644 index 5d8262971..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/molecule/enable_stf/converge.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: collectd-test - tasks: - - name: "Set up expected THT vars" - set_fact: - tripleo_role_name: "SomeRole" - service_net_map: - some_role_metrics_qdr_network: "ctlplane" - ctlplane_ip: "10.0.0.42" - - - name: "Include tripleo-collectd-ansible-role" - include_role: - name: "{{ playbook_dir }}/../../../tripleo_collectd" - tasks_from: configure_collectd - vars: - collectd_conf_output_dir: "/etc/collectd.d/" - tripleo_collectd_enable_stf: true diff --git a/tripleo_ansible/roles/tripleo_collectd/molecule/enable_stf/molecule.yml b/tripleo_ansible/roles/tripleo_collectd/molecule/enable_stf/molecule.yml deleted file mode 100644 index 3cbc78f2c..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/molecule/enable_stf/molecule.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -driver: - name: podman - -platforms: - - name: collectd-test - hostname: collectd-test - image: ubi9/ubi-init - registry: - url: registry.access.redhat.com - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg:O - - /opt/yum.repos.d:/etc/yum.repos.d:O - - /etc/dnf/vars:/etc/dnf/vars:O - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - CONTAINER_BIN: podman - ulimits: &ulimit - - host - -provisioner: - inventory: - hosts: - all: - hosts: - collectd-test: - ansible_python_interpreter: /usr/bin/python3 - host_vars: - collectd-test: - collectd_conf_output_dir: "/etc/collectd.d/" - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-\ - /usr/share/ansible/plugins/filter}" - playbooks: - prepare: ../common/prepare.yml - -verifier: - name: ansible - -dependency: - name: galaxy - options: - role-file: molecule/common/requirements.yml - -scenario: - test_sequence: - - destroy - - dependency - - create - - prepare - - converge - - check - - verify - - destroy diff --git a/tripleo_ansible/roles/tripleo_collectd/molecule/enable_stf/verify.yml b/tripleo_ansible/roles/tripleo_collectd/molecule/enable_stf/verify.yml deleted file mode 100644 index 13cb3fb82..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/molecule/enable_stf/verify.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- import_playbook: ../common/verify.yml - -- name: Verify - hosts: collectd-test - tasks: - - name: "Check that the right plugins are enabled" - stat: - path: "{{ collectd_conf_output_dir }}/{{ item }}.conf" - register: conf - failed_when: - - not conf.stat.exists - loop: - - cpu - - df - - load - - connectivity - - intel_rdt - - ipmi - - procevent diff --git a/tripleo_ansible/roles/tripleo_collectd/tasks/configure_collectd.yml b/tripleo_ansible/roles/tripleo_collectd/tasks/configure_collectd.yml deleted file mode 100644 index 2d14a4d6b..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/tasks/configure_collectd.yml +++ /dev/null @@ -1,226 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: "Create initial plugins list and other vars for collectd_config" - set_fact: - collectd_plugins: "{{ tripleo_collectd_default_plugins | union(tripleo_collectd_extra_plugins) | union(['logfile']) | unique }}" - collectd_interval: "{{ tripleo_collectd_default_polling_interval }}" - -- name: "Enable read plugins for STF" - when: - - tripleo_collectd_enable_stf | bool - set_fact: - collectd_plugins: "{{ collectd_plugins | union(['cpu', 'df', 'load', 'connectivity', 'intel_rdt', 'ipmi', 'procevent']) | unique }}" - -- name: Set up amqp connection to collectd - when: - - tripleo_collectd_connection_type == 'amqp1' - block: - - name: "Enable amqp1 plugin and configure transport, address, instances and retry_delay" - set_fact: - collectd_plugins: "{{ collectd_plugins | union(['amqp1']) | unique }}" - collectd_plugin_amqp1_transport: "{{ tripleo_collectd_amqp_transport_name }}" - collectd_plugin_amqp1_address: "{{ tripleo_collectd_amqp_address }}" - collectd_plugin_amqp1_instances: "{{ tripleo_collectd_amqp_instances }}" - collectd_plugin_amqp1_retry_delay: "{{ tripleo_collectd_amqp_retry_delay }}" - - - name: "Set the interval for the amqp1 plugin" - when: - - tripleo_collectd_amqp_interval | int != -666 - set_fact: - collectd_plugin_amqp1_interval: "{{ tripleo_collectd_amqp_interval }}" - - - name: "Set amqp send_queue_limit" - when: - - tripleo_collectd_amqp_send_queue_limit != -1 - set_fact: - collectd_plugin_amqp1_send_queue_limit: "{{ tripleo_collectd_amqp_send_queue_limit }}" - - - name: "Use the default values for the AMQP connection" - when: - - tripleo_collectd_amqp_host == 'nil' - set_fact: - collectd_plugin_amqp1_host: "{{ lookup('vars', service_net_map[(tripleo_role_name + 'MetricsQdrNetwork') | snake_case] + '_ip' ) }}" - collectd_plugin_amqp1_port: "{{ metrics_qdr_port }}" - collectd_plugin_amqp1_user: "{{ metrics_qdr_username }}" - collectd_plugin_amqp1_password: "{{ metrics_qdr_password }}" - - - name: "Set up user-defined amqp connection" - when: - - tripleo_collectd_amqp_host != 'nil' - set_fact: - collectd_plugin_amqp1_host: "{{ tripleo_collectd_amqp_host }}" - collectd_plugin_amqp1_port: "{{ tripleo_collectd_amqp_port }}" - collectd_plugin_amqp1_user: "{{ tripleo_collectd_amqp_user }}" - collectd_plugin_amqp1_password: "{{ tripleo_collectd_amqp_password }}" - -- name: Set up collectd connection to external collectd instance - when: - - tripleo_collectd_connection_type == 'network' - block: - - name: "Add network to the list of plugins to enable" - set_fact: - collectd_plugins: "{{ collectd_plugins | union(['network']) | unique }}" - - - name: "Create the collectd network config." - when: - - tripleo_collectd_server | length > 0 - block: - - name: "Populate the initial config for network server." - set_fact: - collectd_plugin_network_server: - name: "{{ tripleo_collectd_server }}" - port: "{{ tripleo_collectd_server_port | default(omit) }}" - username: "{{ tripleo_collectd_username | default(omit) }}" - password: "{{ tripleo_collectd_password | default(omit) }}" - securitylevel: "{{ tripleo_collectd_security_level | default(omit) }}" - - - name: "Filter out the empty string values from the network server config" - set_fact: - collectd_plugin_network_server: - - '{{ collectd_plugin_network_server | dict2items | rejectattr("value", "equalto", "") | list | items2dict }}' - -- name: Enable sqlalchemy - when: - - tripleo_collectd_enable_sqlalchemy | bool - set_fact: - collectd_plugins: "{{ collectd_plugins | union(['python']) | unique }}" - collectd_plugin_python_modules: "{{ collectd_plugin_python_module | default({}) | combine( { - 'sqlalchemy': { - 'config': { - 'listen': [tripleo_collectd_sqlalchemy_bind_host, 25827], - 'loglevel': tripleo_collectd_sqlalchemy_log_messages - }, - 'module_import': 'sqlalchemy_collectd.server.plugin' - }}) }}" - -- name: "Configure collectd to run collectd-sensubility via collectd-exec" - when: - - tripleo_collectd_enable_sensubility | bool - block: - - name: Set-up sensubility config for exec - set_fact: - sensubility_exec: - - user: collectd - group: collectd - exec: "collectd-sensubility" - - - name: Configure the exec plugin - set_fact: - collectd_plugins: "{{ collectd_plugins | union(['exec']) | unique }}" - collectd_plugin_exec_exec: "{{ ( collectd_plugin_exec_exec | default([]) ) | union( sensubility_exec ) }}" - - - name: "Update sudoers file" - when: - - (tripleo_collectd_sensubility_exec_sudo_rule | length > 0 ) | default(false) - block: - - name: "Set sudoers path" - set_fact: - sensubility_sudoers_file: "{{ collectd_conf_output_dir }}/../sudoers.d/sensubility_collectd" - - - name: "Create sudoers.d if it does not exist" - file: - path: "{{ sensubility_sudoers_file | dirname }}" - mode: 0750 - state: directory - - - name: "Populate the file in {{ sensubility_sudoers_file }}" - copy: - content: "{{ tripleo_collectd_sensubility_exec_sudo_rule }}" - dest: "{{ sensubility_sudoers_file }}" - mode: 0440 - validate: 'visudo -c -f %s' - - - name: "Set up the healthcheck check" - when: - - tripleo_collectd_enable_container_health_check | bool - set_fact: - healthcheck_check: - check-container-health: - standalone: true - command: "{{ tripleo_collectd_container_health_check_command }}" - interval: "{{ tripleo_collectd_container_health_check_interval }}" - handlers: "{{ tripleo_collectd_container_health_check_handlers }}" - occurences: "{{ tripleo_collectd_container_health_check_occurrences }}" - refresh: "{{ tripleo_collectd_container_health_check_refresh }}" - - - name: "Set the values for collectd-sensubility.conf" - set_fact: - collectd_sensubility_log_file: "/var/log/collectd/sensubility.log" - collectd_sensubility_log_level: "{{ tripleo_collectd_sensubility_log_level }}" - collectd_sensubility_transport: "{{ tripleo_collectd_sensubility_transport }}" - collectd_sensubility_connection: "{{ tripleo_collectd_sensubility_connection }}" - collectd_sensubility_subscriptions: "{{ tripleo_collectd_sensubility_subscriptions }}" - collectd_sensubility_keepalive_interval: "{{ tripleo_collectd_sensubility_keepalive_interval }}" - collectd_sensubility_tmp_dir: "{{ tripleo_collectd_sensubility_tmp_dir }}" - collectd_sensubility_shell_path: "{{ tripleo_collectd_sensubility_shell_path }}" - collectd_sensubility_worker_count: "{{ tripleo_collectd_sensubility_worker_count }}" - collectd_sensubility_amqp_port: "{{ tripleo_collectd_amqp_port }}" - collectd_sensubility_results_channel: "{{ tripleo_collectd_sensubility_results_channel }}" - collectd_sensubility_results_format: 'smartgateway' - collectd_sensubility_client_name: "{{ lookup('vars', 'fqdn_' + service_net_map[ (tripleo_role_name + 'MetricsQdrNetwork' )| snake_case] ) }}" - collectd_sensubility_client_address: "{{ lookup('vars', service_net_map[( tripleo_role_name + 'MetricsQdrNetwork') | snake_case ] + '_ip' ) }}" - collectd_sensubility_checks: "{{ tripleo_collectd_sensubility_checks | combine(healthcheck_check | default({})) }}" - - - name: "Create directory for collectd-sensubility.conf" - file: - path: "{{ collectd_conf_output_dir }}/../" - mode: 0750 - state: directory - - - name: "Render collectd-sensubility template in {{ collectd_conf_output_dir }}/../" - template: - src: collectd-sensubility.conf.j2 - dest: "{{ collectd_conf_output_dir }}/../collectd-sensubility.conf" - mode: 0644 - -- name: "Configure collectd to run libpodstats" - when: - - tripleo_collectd_enable_libpodstats - block: - - set_fact: - typesdb_libpodstats: - name: "libpodstats" - path: "{{ collectd_conf_output_dir }}" - types: - pod_cpu: - - ds_type: 'GAUGE' - min: 0 - max: 100.1 - ds_name: 'percent' - - ds_type: 'DERIVE' - min: 0 - max: 'U' - ds_name: 'time' - pod_memory: - - ds_type: 'GAUGE' - min: 0 - max: 281474976710656 - ds_name: 'value' - - set_fact: - collectd_plugins: "{{ collectd_plugins | union(['libpodstats']) | unique }}" - collectd_typesdb_extra: "{{ collectd_typesdb_extra | default([]) | union([typesdb_libpodstats]) }}" - -- name: "Generate the collectd config files" - include_role: - name: collectd_config - -- name: "Update config file path" - replace: - path: "{{ collectd_conf_output_dir }}/../collectd.conf" - regexp: "^(.*){{ collectd_conf_output_dir }}(.*)$" - replace: '\1/etc/collectd.d/\2' diff --git a/tripleo_ansible/roles/tripleo_collectd/tasks/configure_healthcheck.yml b/tripleo_ansible/roles/tripleo_collectd/tasks/configure_healthcheck.yml deleted file mode 100644 index 3a0ddb91d..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/tasks/configure_healthcheck.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Check if rsyslog exists - shell: systemctl list-unit-files --type=service | grep -q rsyslog - register: rsyslog_config - failed_when: - - rsyslog_config.rc == 2 -- name: Configure if we can - when: - - rsyslog_config is changed - - rsyslog_config.rc == 0 - block: - - name: Log healthchecks in dedicated file - when: - - tripleo_collectd_enable_sensubility | bool - register: logconfig_add - copy: - dest: /etc/rsyslog.d/ - src: files/openstack-healthcheck.conf - - name: Remove healthcheck log - when: - - not tripleo_collectd_enable_sensubility | bool - register: logconfig_rm - file: - path: /etc/rsyslog.d/openstack-healthcheck.conf - state: absent - - name: Reload rsyslogd if needed - when: - - logconfig_add is changed or logconfig_rm is changed - service: - name: rsyslog - state: restarted diff --git a/tripleo_ansible/roles/tripleo_collectd/tasks/configure_host_software.yml b/tripleo_ansible/roles/tripleo_collectd/tasks/configure_host_software.yml deleted file mode 100644 index 4f36e9d59..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/tasks/configure_host_software.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: import provision_mcelog - import_role: - name: tripleo_provision_mcelog - when: - - tripleo_collectd_enable_mcelog | bool diff --git a/tripleo_ansible/roles/tripleo_collectd/tasks/create_persistent_directories.yml b/tripleo_ansible/roles/tripleo_collectd/tasks/create_persistent_directories.yml deleted file mode 100644 index 3a6ce8297..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/tasks/create_persistent_directories.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Gather SELinux fact if needed - when: - - ansible_facts.selinux is undefined - setup: - gather_subset: - - "!all" - - "!min" - - "selinux" - -- name: create fcontext entry for collectd data - when: - - ansible_facts.selinux.status == "enabled" - sefcontext: - target: "{{ collectd_conf_output_dir }}(/.*)?" - setype: container_file_t - state: present - -- name: create persistent directories - file: - path: "{{ item.path }}" - state: directory - setype: "{{ item.setype }}" - mode: "{{ item.mode }}" - with_items: - - path: /var/log/containers/collectd - setype: container_file_t - mode: '0750' - - path: "{{ collectd_conf_output_dir }}" - setype: container_file_t - mode: '0750' diff --git a/tripleo_ansible/roles/tripleo_collectd/tasks/main.yml b/tripleo_ansible/roles/tripleo_collectd/tasks/main.yml deleted file mode 100644 index dbff8b0ba..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/tasks/main.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_collectd" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always diff --git a/tripleo_ansible/roles/tripleo_collectd/templates/collectd-sensubility.conf.j2 b/tripleo_ansible/roles/tripleo_collectd/templates/collectd-sensubility.conf.j2 deleted file mode 100644 index 4a86ac8fa..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/templates/collectd-sensubility.conf.j2 +++ /dev/null @@ -1,52 +0,0 @@ -[default] -{% if collectd_sensubility_log_file is defined %} -log_file={{ collectd_sensubility_log_file }} -{% endif %} -{% if collectd_sensubility_log_level is defined %} -log_level={{ collectd_sensubility_log_level }} -{% endif %} - -[sensu] -{% if collectd_sensubility_transport == 'sensu' %} -{% if collectd_sensubility_connection is defined %} -connection={{ collectd_sensubility_connection }} -{% endif %} -subscriptions={{ collectd_sensubility_subscriptions | default([]) | join(',') }} -{% if collectd_sensubility_client_name is defined %} -client_name={{ collectd_sensubility_client_name }} -{% endif %} -{% if collectd_sensubility_client_address is defined %} -client_address={{ collectd_sensubility_client_address }} -{% endif %} -{% endif %} -{% if collectd_sensubility_keepalive_interval is defined %} -keepalive_interval={{ collectd_sensubility_keepalive_interval }} -{% endif %} -{% if collectd_sensubility_tmp_dir is defined %} -tmp_base_dir={{ collectd_sensubility_tmp_dir }} -{% endif %} -{% if collectd_sensubility_shell_path is defined %} -shell_path={{ collectd_sensubility_shell_path }} -{% endif %} -{% if collectd_sensubility_worker_count is defined %} -worker_count={{ collectd_sensubility_worker_count }} -{% endif %} -{% if collectd_sensubility_checks is defined %} -checks={{ collectd_sensubility_checks | to_json }} -{% endif %} - -[amqp1] -{% if collectd_sensubility_transport == 'amqp1' %} -{% if collectd_sensubility_client_address is defined and collectd_sensubility_amqp_port is defined %} -connection=amqp://{{ collectd_sensubility_client_address }}:{{ collectd_sensubility_amqp_port }} -{% endif %} -{% if collectd_sensubility_results_channel is defined %} -results_channel={{ collectd_sensubility_results_channel }} -{% endif %} -{% if collectd_sensubility_client_name is defined %} -client_name={{ collectd_sensubility_client_name }} -{% endif %} -{% if collectd_sensubility_results_format is defined %} -results_format={{ collectd_sensubility_results_format }} -{% endif %} -{% endif %} diff --git a/tripleo_ansible/roles/tripleo_collectd/vars/main.yml b/tripleo_ansible/roles/tripleo_collectd/vars/main.yml deleted file mode 100644 index 4f0632871..000000000 --- a/tripleo_ansible/roles/tripleo_collectd/vars/main.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# Vars to be passed to the collectd_config role -collectd_conf_output_dir: "/var/lib/config-data/ansible-generated/collectd/etc/collectd.d" - -# TODO: Add actions for these to collectd-config-ansible-role -# - collectd::manage_repo: false -# collectd::purge: true -# collectd::recurse: true -# collectd::purge_config: true -# collectd::minimum_version: "5.7" - -# Plugin configuration -collectd_plugin_cpu_reportbycpu: true -collectd_plugin_cpu_reportbystate: true -collectd_plugin_cpu_reportnumcpu: false -collectd_plugin_cpu_valuespercentage: true - -collectd_plugin_df_fstypes: - - 'xfs' -collectd_plugin_df_ignoreselected: true -collectd_plugin_df_reportbydevice: true - -collectd_plugin_load_reportrelative: true - -collectd_plugin_logfile_file: /var/log/collectd/collectd.log - -collectd_plugin_unixsock_socketgroup: root -collectd_plugin_unixsock_socketfile: /run/collectd-socket -collectd_plugin_unixsock_delete_socket: true - -collectd_plugin_virt_connection: "qemu:///system" -collectd_plugin_virt_extrastats: >- - "pcpu cpu_util vcpupin vcpu memory disk disk_err disk_allocation disk_capacity disk_physical domain_state job_stats_background perf" -collectd_plugin_virt_hostnameformat: "hostname" diff --git a/tripleo_ansible/roles/tripleo_compute_node/defaults/main.yml b/tripleo_ansible/roles/tripleo_compute_node/defaults/main.yml deleted file mode 100644 index b38db14ed..000000000 --- a/tripleo_ansible/roles/tripleo_compute_node/defaults/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_compute_node" -tripleo_compute_node_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_compute_node_hide_sensitive_logs: true diff --git a/tripleo_ansible/roles/tripleo_compute_node/files/.gitkeep b/tripleo_ansible/roles/tripleo_compute_node/files/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/roles/tripleo_compute_node/handlers/main.yml b/tripleo_ansible/roles/tripleo_compute_node/handlers/main.yml deleted file mode 100644 index dfe6723b5..000000000 --- a/tripleo_ansible/roles/tripleo_compute_node/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. diff --git a/tripleo_ansible/roles/tripleo_compute_node/meta/main.yml b/tripleo_ansible/roles/tripleo_compute_node/meta/main.yml deleted file mode 100644 index 70afeb206..000000000 --- a/tripleo_ansible/roles/tripleo_compute_node/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: TripleO OpenStack Role -- tripleo_compute_node - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - namespace: openstack - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 8 - - 9 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_compute_node/molecule/default/Dockerfile.j2 b/tripleo_ansible/roles/tripleo_compute_node/molecule/default/Dockerfile.j2 deleted file mode 100644 index 43116590e..000000000 --- a/tripleo_ansible/roles/tripleo_compute_node/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,59 +0,0 @@ -# Molecule managed -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash python*setuptools systemd {{ item.pkg_extras | default('') }} && dnf clean all; - -RUN dnf -y update && \ - rpm --setcaps shadow-utils 2>/dev/null && \ - dnf -y install podman fuse-overlayfs \ - --exclude container-selinux && \ - dnf clean all && \ - rm -rf /var/cache /var/log/dnf* /var/log/yum.* - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} - -ARG _REPO_URL="https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable" -ADD $_REPO_URL/containers.conf /etc/containers/containers.conf - -RUN sed -i -e 's|^#mount_program|mount_program|g' \ - -e '/additionalimage.*/a "/var/lib/shared",' \ - -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \ - /etc/containers/storage.conf - -VOLUME /var/lib/containers - -RUN mkdir -p /var/lib/shared/overlay-images \ - /var/lib/shared/overlay-layers \ - /var/lib/shared/vfs-images \ - /var/lib/shared/vfs-layers && \ - touch /var/lib/shared/overlay-images/images.lock && \ - touch /var/lib/shared/overlay-layers/layers.lock && \ - touch /var/lib/shared/vfs-images/images.lock && \ - touch /var/lib/shared/vfs-layers/layers.lock - -ENV _CONTAINERS_USERNS_CONFIGURED="" - -CMD {{ item.command }} diff --git a/tripleo_ansible/roles/tripleo_compute_node/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_compute_node/molecule/default/converge.yml deleted file mode 100644 index 23ef63fed..000000000 --- a/tripleo_ansible/roles/tripleo_compute_node/molecule/default/converge.yml +++ /dev/null @@ -1,111 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: tripleo_compute_node - gather_facts: true - tasks: - - # Needed by tripleo_ssh_known_hosts role which expects the allovercloud - # group in the inventory. - - name: Create allovercloud inventory group and add hosts - ansible.builtin.add_host: - groups: - - allovercloud - - overcloud - name: tripleo_compute_node - tags: - - always - - - name: Set memlock limit to unlimited for iscsid - shell: | - {% raw %} - set -x - exec 2>&1 - for pid in $(pstree -lps $$ | grep -o '[0-9]*'); do - sudo prlimit --pid $pid --memlock=unlimited - done - ulimit -l - echo "$USER - memlock unlimited" | sudo tee -a /etc/security/limits.d/tripleo-ansible.conf - # podman stop tripleo_compute_node - # podman start tripleo_compute_node - podman exec -it tripleo_compute_node ulimit -l - {% endraw %} - delegate_to: localhost - register: memlock - - - debug: - var: memlock.stdout - - - name: Include tripleo_compute_node vars - include_vars: ../inventory/host_vars/tripleo_compute_node - -- import_playbook: ../../../../playbooks/deploy-tripleo-facts.yml - name: deploy-tripleo-facts.yml - vars: - deploy_target_host: tripleo_compute_node - tags: - - facts - -- import_playbook: ../../../../playbooks/deploy-tripleo-os-install.yml - name: deploy-tripleo-os-install.yml - vars: - deploy_target_host: tripleo_compute_node - tags: - - os_install - -- import_playbook: ../../../../playbooks/deploy-tripleo-os-configure.yml - name: deploy-tripleo-os-configure.yml - vars: - deploy_target_host: tripleo_compute_node - tags: - - os_configure - -- import_playbook: ../../../../playbooks/deploy-tripleo-os-run.yml - name: deploy-tripleo-os-run.yml - vars: - deploy_target_host: tripleo_compute_node - tags: - - os_run - -- import_playbook: ../../../../playbooks/deploy-tripleo-openstack-install.yml - name: deploy-tripleo-openstack-install.yml - vars: - deploy_target_host: tripleo_compute_node - tags: - - openstack_install - -- import_playbook: ../../../../playbooks/deploy-tripleo-openstack-configure.yml - name: deploy-tripleo-openstack-configure.yml - vars: - deploy_target_host: tripleo_compute_node - tripleo_nova_compute_config_overrides: - default: - transport_url: rabbit:// - oslo_messaging_notifications: - transport_url: rabbit:// - tags: - - openstack_configure - -- import_playbook: ../../../../playbooks/deploy-tripleo-openstack-run.yml - name: deploy-tripleo-openstack-run.yml - vars: - deploy_target_host: tripleo_compute_node - tripleo_logrotate_crond_podman_pid: private - tripleo_nova_libvirt_container_pid: private - tags: - - openstack_run diff --git a/tripleo_ansible/roles/tripleo_compute_node/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_compute_node/molecule/default/molecule.yml deleted file mode 100644 index afa881246..000000000 --- a/tripleo_ansible/roles/tripleo_compute_node/molecule/default/molecule.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -driver: - name: podman - -platforms: - - name: tripleo_compute_node - hostname: tripleo_compute_node - image: centos/centos:stream9 - registry: - url: quay.io - dockerfile: Dockerfile.j2 - command: /sbin/init - volumes: ${TRIPLEO_ANSIBLE_COMPUTE_NODE_MOLECULE_VOLUMES:-['/sys/fs/cgroup:/sys/fs/cgroup:rw','/etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro','/etc/pki/rpm-gpg:/etc/pki/rpm-gpg:O','/opt/yum.repos.d:/etc/yum.repos.d:O','/etc/dnf/vars:/etc/dnf/vars:O']} - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - ulimits: &ulimit - - host - -provisioner: - inventory: - hosts: - all: - hosts: - tripleo_compute_node: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles:${MOLECULE_PROJECT_DIRECTORY}/../../roles.galaxy" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY}:${MOLECULE_PROJECT_DIRECTORY}/../../ansible_plugins/modules" - ANSIBLE_ACTION_PLUGINS: "${ANSIBLE_ACTION_PLUGINS}:${MOLECULE_PROJECT_DIRECTORY}/../../ansible_plugins/action" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS}:${MOLECULE_PROJECT_DIRECTORY}/../../ansible_plugins/filter" - ANSIBLE_STRATEGY_PLUGINS: "${ANSIBLE_STRATEGY_PLUGINS}:${MOLECULE_PROJECT_DIRECTORY}/../../ansible_plugins/strategy" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: ansible diff --git a/tripleo_ansible/roles/tripleo_compute_node/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_compute_node/molecule/default/prepare.yml deleted file mode 100644 index e18bfcca1..000000000 --- a/tripleo_ansible/roles/tripleo_compute_node/molecule/default/prepare.yml +++ /dev/null @@ -1,90 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: tripleo_compute_node - tasks: - - name: test_deps - include_role: - name: test_deps - vars: - test_deps_setup_tripleo: true - test_deps_tripleo_packages: [] - - name: env_data - include_role: - name: env_data - - # The openvswitch kernel module needs to be loaded on the host, since - # tripleo_bootstrap assumes it can start the service. - - name: install and modprobe openvswitch - shell: | - sudo dnf -y install openvswitch - sudo modprobe openvswitch - delegate_to: localhost - run_once: true - - - name: Mock items when not running podman as root - when: ansible_user_id != 0 - block: - - - name: Install packages that would otherwise be installed or needing to be mocked - package: - name: - - cronie - - rsyslog - - procps-ng - - systemd-udev - state: present - - - name: Mock systemd-modules-load.service service - shell: | - sed -i 's/ExecStart=.*/ExecStart=\/bin\/true/' /lib/systemd/system/systemd-modules-load.service - systemctl daemon-reload - - - name: Mock sysctl - shell: | - cat >/usr/local/sbin/sysctl</etc/sysconfig/chronyd</usr/local/bin/chronyc<- - The option `tripleo_config_dest` is undefined. Check your settings. - when: - - tripleo_config_dest is undefined - -- name: "Generate {{ tripleo_config_dest }} config" - become: true - config_template: - src: "{{ tripleo_config_src }}" - dest: "{{ tripleo_config_dest }}" - owner: "{{ tripleo_config_owner }}" - group: "{{ tripleo_config_group }}" - mode: "{{ tripleo_config_mode }}" - config_overrides: "{{ tripleo_config_overrides }}" - config_type: "{{ tripleo_config_type }}" - remote_src: "{{ tripleo_config_remote_src }}" diff --git a/tripleo_ansible/roles/tripleo_config/templates/ini-config.j2 b/tripleo_ansible/roles/tripleo_config/templates/ini-config.j2 deleted file mode 100644 index e2bb15330..000000000 --- a/tripleo_ansible/roles/tripleo_config/templates/ini-config.j2 +++ /dev/null @@ -1 +0,0 @@ -# {{ ansible_managed }} diff --git a/tripleo_ansible/roles/tripleo_config/templates/json-config.j2 b/tripleo_ansible/roles/tripleo_config/templates/json-config.j2 deleted file mode 100644 index 0967ef424..000000000 --- a/tripleo_ansible/roles/tripleo_config/templates/json-config.j2 +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/tripleo_ansible/roles/tripleo_container_image_build/defaults/main.yml b/tripleo_ansible/roles/tripleo_container_image_build/defaults/main.yml deleted file mode 100644 index 6e1f786ef..000000000 --- a/tripleo_ansible/roles/tripleo_container_image_build/defaults/main.yml +++ /dev/null @@ -1,78 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. -tcib_path: "{{ lookup('env', 'HOME') }}" - -# Dictionary, single level key:value pairs, optional, implements https://docs.docker.com/engine/reference/builder/#arg -tcib_args: {} - -# String, required, 'item', implements https://docs.docker.com/engine/reference/builder/#from -tcib_from: "quay.io/centos/centos:stream8" - -# Dictionary, single level key:value pairs, optional, implements https://docs.docker.com/engine/reference/builder/#label -tcib_labels: {} - -# Dictionary, single level key:value pairs, optional, implements https://docs.docker.com/engine/reference/builder/#env -tcib_envs: {} - -# List of Strings, optional, , implements https://docs.docker.com/engine/reference/builder/#onbuild -tcib_onbuilds: [] - -# List of Strings, optional, , implements https://docs.docker.com/engine/reference/builder/#volume -tcib_volumes: [] - -# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#workdir -tcib_workdir: '' - -# List of Strings, optional, , implements https://docs.docker.com/engine/reference/builder/#add -tcib_adds: [] - -# List of Strings, optional, , implements https://docs.docker.com/engine/reference/builder/#copy -tcib_copies: [] - -# List of Strings, optional, , implements https://docs.docker.com/engine/reference/builder/#expose -tcib_exposes: [] - -# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#user -tcib_user: '' - -# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#shell -tcib_shell: '' - -# List of Strings, optional, , implements https://docs.docker.com/engine/reference/builder/#run -tcib_runs: [] - -# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#healthcheck -tcib_healthcheck: '' - -# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#stopsignal -tcib_stopsignal: '' - -# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#entrypoint -tcib_entrypoint: '' - -# String, optional, 'item', implements https://docs.docker.com/engine/reference/builder/#cmd -tcib_cmd: '' - -# List of Dictionaries, single level key:value pairs, key=VERB, value=verb action. -# NOTE(cloudnull): This allows for arbitrary docker verbs and maintains ordering. -# all available verbs can be found here: https://docs.docker.com/engine/reference/builder -tcib_actions: [] - -# List of Strings, optional, , Collects file from the host and stores them in the build directory. -tcib_gather_files: [] diff --git a/tripleo_ansible/roles/tripleo_container_image_build/meta/main.yml b/tripleo_ansible/roles/tripleo_container_image_build/meta/main.yml deleted file mode 100644 index 4790e6c05..000000000 --- a/tripleo_ansible/roles/tripleo_container_image_build/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_container_image_build - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_container_image_build/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_container_image_build/molecule/default/converge.yml deleted file mode 100644 index 2ef588f3d..000000000 --- a/tripleo_ansible/roles/tripleo_container_image_build/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_container_image_build" diff --git a/tripleo_ansible/roles/tripleo_container_image_build/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_container_image_build/molecule/default/molecule.yml deleted file mode 100644 index b8aa37228..000000000 --- a/tripleo_ansible/roles/tripleo_container_image_build/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_container_image_build/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_container_image_build/molecule/default/prepare.yml deleted file mode 100644 index b17f36011..000000000 --- a/tripleo_ansible/roles/tripleo_container_image_build/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_container_image_build/tasks/main.yml b/tripleo_ansible/roles/tripleo_container_image_build/tasks/main.yml deleted file mode 100644 index 19bdc5939..000000000 --- a/tripleo_ansible/roles/tripleo_container_image_build/tasks/main.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_container_image_build" will search for and load any operating system variable file - -- name: "Ensure {{ tcib_path }} exists" - file: - path: "{{ tcib_path }}" - state: "directory" - -- name: Gather files - fetch: - src: "{{ item }}" - dest: "{{ tcib_path }}/{{ item }}" - flat: true - loop: "{{ tcib_gather_files }}" - -- name: Create a container file - template: - src: "Containerfile.j2" - dest: "{{ tcib_path }}/Dockerfile" - -- name: Create a buildah file - template: - src: "buildahfile.sh.j2" - dest: "{{ tcib_path }}/buildahfile.sh" - mode: "0755" diff --git a/tripleo_ansible/roles/tripleo_container_image_build/templates/Containerfile.j2 b/tripleo_ansible/roles/tripleo_container_image_build/templates/Containerfile.j2 deleted file mode 100644 index 64731a1a9..000000000 --- a/tripleo_ansible/roles/tripleo_container_image_build/templates/Containerfile.j2 +++ /dev/null @@ -1,78 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -FROM {{ tcib_from }} -{% for key, value in tcib_args.items() %} -ARG {{ key }}={{ value | to_json }} -{% endfor %} -{% for key, value in tcib_labels.items() %} -LABEL {{ key }}={{ value | to_json }} -{% endfor %} -{% for key, value in tcib_envs.items() %} -ENV {{ key }}={{ value | to_json }} -{% endfor %} -USER root -{% for item in tcib_onbuilds %} -ONBUILD {{ item }} -{% endfor %} -{% if tcib_volumes | length > 0 %} -VOLUME {{ tcib_volumes }} -{% endif %} -{% if tcib_workdir | length > 0 %} -WORKDIR {{ tcib_workdir | to_json }} -{% endif %} -{% for item in tcib_adds %} -ADD {{ item }} -{% endfor %} -{% for item in tcib_exposes %} -EXPOSE {{ item }} -{% endfor %} -{% for item in tcib_copies %} -COPY {{ item }} -{% endfor %} -{% if tcib_shell | length > 0 %} -SHELL {{ tcib_shell.split() | to_json }} -{% endif %} -{% for item in tcib_runs %} -{% if item is iterable and item is not string %} -RUN {{ item | to_json }} -{% else %} -RUN {{ item }} -{% endif %} -{% endfor %} -{% for item in tcib_actions %} -{% for key, value in item.items() %} -{% if value is iterable and value is not string %} -{{ key.upper() }} {{ value | to_json }} -{% else %} -{{ key.upper() }} {{ value }} -{% endif %} -{% endfor %} -{% endfor %} -{% if tcib_healthcheck | length > 0 %} -HEALTHCHECK {{ tcib_healthcheck }} -{% endif %} -{% if tcib_stopsignal | length > 0 %} -STOPSIGNAL {{ tcib_stopsignal }} -{% endif %} -{% if tcib_entrypoint | length > 0 %} -ENTRYPOINT {{ tcib_entrypoint.split() | to_json }} -{% endif %} -{% if tcib_cmd | length > 0 %} -CMD {{ tcib_cmd.split() | to_json }} -{% endif %} -{% if tcib_user | length > 0 %} -USER {{ tcib_user }} -{% endif %} diff --git a/tripleo_ansible/roles/tripleo_container_image_build/templates/buildahfile.sh.j2 b/tripleo_ansible/roles/tripleo_container_image_build/templates/buildahfile.sh.j2 deleted file mode 100644 index efb4a5852..000000000 --- a/tripleo_ansible/roles/tripleo_container_image_build/templates/buildahfile.sh.j2 +++ /dev/null @@ -1,102 +0,0 @@ -#!/usr/bin/env bash -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -set -ev - -{% set verb_matrix = { - 'label': 'label', - 'cmd': 'cmd', - 'entrypoint': 'entrypoint', - 'env': 'env', - 'expose': 'port', - 'healthcheck': 'healthcheck', - 'onbuild': 'onbuild', - 'shell': 'shell', - 'stopsignal': 'stop-signal', - 'user': 'user', - 'volume': 'volume', - 'workdir': 'workingdir' - } -%} -{% for key, value in tcib_args.items() %} -export {{ key }}={{ value | to_json }} -{% endfor %} -CONTAINER=$(buildah from {{ tcib_from }}) -MOUNTPOINT=$(buildah mount ${CONTAINER}) -{% for key, value in tcib_labels.items() %} -buildah config --label {{ key }}={{ value | to_json }} ${CONTAINER} -{% endfor %} -{% for key, value in tcib_envs.items() %} -buildah config --env {{ key }}={{ value | to_json }} ${CONTAINER} -{% endfor %} -{% if tcib_workdir | length > 0 %} -buildah config --workingdir {{ tcib_workdir | to_json }} ${CONTAINER} -{% endif %} -{% for item in tcib_onbuilds %} -buildah config --onbuild {{ item }} ${CONTAINER} -{% endfor %} -{% for item in tcib_volumes %} -buildah config --volume {{ item }} ${CONTAINER} -{% endfor %} -{% for item in tcib_exposes %} -buildah config --port {{ item }} ${CONTAINER} -{% endfor %} -{% if tcib_shell | length > 0 %} -buildah config --shell {{ tcib_shell | to_json }} ${CONTAINER} -{% endif %} -{% if tcib_healthcheck | length > 0 %} -buildah config --healthcheck {{ tcib_healthcheck | to_json }} ${CONTAINER} -{% endif %} -{% if tcib_stopsignal | length > 0 %} -buildah config --stop-signal {{ tcib_stopsignal }} ${CONTAINER} -{% endif %} -{% if tcib_entrypoint | length > 0 %} -buildah config --entrypoint {{ tcib_entrypoint | to_json }} ${CONTAINER} -{% endif %} -{% if tcib_cmd | length > 0 %} -buildah config --cmd {{ tcib_cmd | to_json }} ${CONTAINER} -{% endif %} -{% for item in tcib_adds %} -buildah add ${CONTAINER} {{ item }} -{% endfor %} -{% for item in tcib_copies %} -buildah copy ${CONTAINER} {{ item }} -{% endfor %} -{% for item in tcib_runs %} -{% if item is iterable and item is not string %} -buildah run ${CONTAINER} {{ item | join(' ') }} -{% else %} -buildah run ${CONTAINER} {{ item }} -{% endif %} -{% endfor %} -{% for item in tcib_actions %} -{% for key, value in item.items() %} -{% if key.lower() in verb_matrix.keys() %} -buildah config --{{ verb_matrix[key.lower()] | to_json }} ${CONTAINER} -{% else %} -{% if value is iterable and value is not string %} -buildah {{ key.lower() }} ${CONTAINER} {{ value | join(' ') }} -{% else %} -buildah {{ key.lower() }} ${CONTAINER} {{ value }} -{% endif %} -{% endif %} -{% endfor %} -{% endfor %} -{% if tcib_user | length > 0 %} -buildah config --user {{ tcib_user }} ${CONTAINER} -{% endif %} -buildah commit ${CONTAINER} {{ tcib_path | basename }} -buildah unmount ${CONTAINER} diff --git a/tripleo_ansible/roles/tripleo_container_image_prepare/defaults/main.yml b/tripleo_ansible/roles/tripleo_container_image_prepare/defaults/main.yml deleted file mode 100644 index 1621fe6f4..000000000 --- a/tripleo_ansible/roles/tripleo_container_image_prepare/defaults/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_container_image_prepare" -tripleo_container_image_prepare_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_container_image_prepare_content: {} -tripleo_container_image_prepare_roles: [] -tripleo_container_image_prepare_log_file: /var/log/tripleo-container-image-prepare.log diff --git a/tripleo_ansible/roles/tripleo_container_image_prepare/meta/main.yml b/tripleo_ansible/roles/tripleo_container_image_prepare/meta/main.yml deleted file mode 100644 index e0befc0c5..000000000 --- a/tripleo_ansible/roles/tripleo_container_image_prepare/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_container_image_prepare - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_container_image_prepare/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_container_image_prepare/molecule/default/converge.yml deleted file mode 100644 index fc5e29495..000000000 --- a/tripleo_ansible/roles/tripleo_container_image_prepare/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_container_image_prepare" diff --git a/tripleo_ansible/roles/tripleo_container_image_prepare/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_container_image_prepare/molecule/default/molecule.yml deleted file mode 100644 index 343b61a98..000000000 --- a/tripleo_ansible/roles/tripleo_container_image_prepare/molecule/default/molecule.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_container_image_prepare/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_container_image_prepare/molecule/default/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/tripleo_container_image_prepare/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_container_image_prepare/tasks/main.yml b/tripleo_ansible/roles/tripleo_container_image_prepare/tasks/main.yml deleted file mode 100644 index 38dd2dd59..000000000 --- a/tripleo_ansible/roles/tripleo_container_image_prepare/tasks/main.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Container image prepare - become: true - tripleo_container_image_prepare: - roles_data: "{{ tripleo_container_image_prepare_roles }}" - environment: "{{ tripleo_container_image_prepare_content }}" - cleanup: partial - log_file: "{{ tripleo_container_image_prepare_log_file }}" - debug: "{{ tripleo_container_image_prepare_debug | bool }}" - when: - - (tripleo_container_image_prepare_content | dict2items | length) > 0 - - (tripleo_container_image_prepare_roles | length) > 0 - tags: - - container_image_prepare diff --git a/tripleo_ansible/roles/tripleo_container_manage/defaults/main.yml b/tripleo_ansible/roles/tripleo_container_manage/defaults/main.yml deleted file mode 100644 index b2a860d4a..000000000 --- a/tripleo_ansible/roles/tripleo_container_manage/defaults/main.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should place placed in this file. -tripleo_container_manage_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" -tripleo_container_manage_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" -tripleo_container_manage_clean_orphans: true - -# All variables within this role should have a prefix of "tripleo_container_manage" -tripleo_container_manage_check_puppet_config: false -tripleo_container_manage_cli: podman -tripleo_container_manage_concurrency: 1 -tripleo_container_manage_config: "/var/lib/tripleo-config/" -tripleo_container_manage_config_id: tripleo -tripleo_container_manage_config_overrides: {} -tripleo_container_manage_config_patterns: '*.json' -# Some containers where Puppet is run, can take up to 10 minutes to finish -# in slow environments. -tripleo_container_manage_create_retries: 120 -# Default delay is 5s so 120 retries makes a timeout of 10 minutes which is -# what we have observed a necessary value for nova and neutron db-sync execs. -tripleo_container_manage_exec_retries: 120 -tripleo_container_manage_healthcheck_disabled: false -tripleo_container_manage_log_path: '/var/log/containers/stdouts' -tripleo_container_manage_systemd_teardown: true diff --git a/tripleo_ansible/roles/tripleo_container_manage/files/91-netns-placeholder-preset b/tripleo_ansible/roles/tripleo_container_manage/files/91-netns-placeholder-preset deleted file mode 100644 index 8bf2ba2b0..000000000 --- a/tripleo_ansible/roles/tripleo_container_manage/files/91-netns-placeholder-preset +++ /dev/null @@ -1 +0,0 @@ -enable netns-placeholder.service diff --git a/tripleo_ansible/roles/tripleo_container_manage/files/91-tripleo-container-shutdown-preset b/tripleo_ansible/roles/tripleo_container_manage/files/91-tripleo-container-shutdown-preset deleted file mode 100644 index 675a9c7cb..000000000 --- a/tripleo_ansible/roles/tripleo_container_manage/files/91-tripleo-container-shutdown-preset +++ /dev/null @@ -1 +0,0 @@ -enable tripleo-container-shutdown.service diff --git a/tripleo_ansible/roles/tripleo_container_manage/files/netns-placeholder-service b/tripleo_ansible/roles/tripleo_container_manage/files/netns-placeholder-service deleted file mode 100644 index 57326edaa..000000000 --- a/tripleo_ansible/roles/tripleo_container_manage/files/netns-placeholder-service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Create netns directory -Before=tripleo-container-shutdown.service -Wants=network.target -[Service] -Type=oneshot -ExecStart=/sbin/ip netns add placeholder -ExecStop=/sbin/ip netns delete placeholder -KillMode=process -[Install] -WantedBy=multi-user.target diff --git a/tripleo_ansible/roles/tripleo_container_manage/files/tripleo-container-shutdown b/tripleo_ansible/roles/tripleo_container_manage/files/tripleo-container-shutdown deleted file mode 100644 index cba9ecaec..000000000 --- a/tripleo_ansible/roles/tripleo_container_manage/files/tripleo-container-shutdown +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash - -TIMEOUT=${1:-90} -PARALLEL=${2:-10} - -if command -v dnf >/dev/null;then - if command -v podman >/dev/null; then - containers=$(podman ps --filter label=managed_by=tripleo_ansible --format {{.Names}}) - for c in $containers; do - logger -p warning "WARNING ($c) Container $c managed by tripleo-ansible is not stopped yet" - logger -p warning "WARNING ($c) Check systemd logs: journalctl -u tripleo_$c" - done - fi -else - if command -v docker >/dev/null; then - /usr/bin/docker ps --format \"{{.Names}}\" --filter "label=managed_by=tripleo_ansible" | \ - /usr/bin/xargs -n 1 -P $PARALLEL /usr/bin/docker stop --time=$TIMEOUT - fi -fi diff --git a/tripleo_ansible/roles/tripleo_container_manage/files/tripleo-container-shutdown-service b/tripleo_ansible/roles/tripleo_container_manage/files/tripleo-container-shutdown-service deleted file mode 100644 index e30c9b1a1..000000000 --- a/tripleo_ansible/roles/tripleo_container_manage/files/tripleo-container-shutdown-service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=TripleO Container Shutdown -Documentation=https://docs.openstack.org/tripleo-docs/ -# Note: docker.service will be removed once CentOS8 / RHEL8 will be the default -# platform, but for now we keep it for Pacemaker testing. -# pacemaker.service is needed here, to make sure that all non-Pacemaker managed -# containers are stopped before Pacemaker. -After=pacemaker.service docker.service network-online.target iptables.service ip6tables.service -Before=shutdown.target -RefuseManualStop=yes - -[Service] -Type=oneshot -ExecStart=/bin/true -RemainAfterExit=yes -ExecStop=/usr/libexec/tripleo-container-shutdown -# Wait at most 900 seconds for all containers to shutdown -TimeoutStopSec=900 - -[Install] -WantedBy=multi-user.target diff --git a/tripleo_ansible/roles/tripleo_container_manage/files/tripleo-start-podman-container b/tripleo_ansible/roles/tripleo_container_manage/files/tripleo-start-podman-container deleted file mode 100644 index 3423b5df6..000000000 --- a/tripleo_ansible/roles/tripleo_container_manage/files/tripleo-start-podman-container +++ /dev/null @@ -1,83 +0,0 @@ -#!/usr/bin/env bash - -PODMAN=/usr/bin/podman - -NAME=$1 - -if [ -z "$NAME" ]; then - echo "No name provided, cannot start container. Aborting" >&2 - exit 1 -fi - -# Start container. Podman does not fail if container is already started -$PODMAN start $NAME -rc=$? - -if [ $rc -ne 0 ]; then - echo "Error starting podman container $NAME: $rc" >&2 - exit $rc -fi - -# The environment can ben configured to create additional drop-in -# dependencies for the scopes associated with the container. This is -# done to prevent systemd from stopping the scopes early and break the -# configured dependencies in tripleo_*.services -# Stop here otherwise. -if [ ! -f "/etc/sysconfig/podman_drop_in" ]; then - exit 0 -fi - -# Retrieve the container's ID -# Note: currently the only API to retrieve the CID is either -# 1) via "podman inspect" but we don't want to use it because it can be -# very slow under IO load. -# 2) by running "podman start $NAME" but that command only returns the CID -# if the container is already running. Otherwise it returns the container -# name, which would break us. -# The only other means is via "podman ps". ps option "--filter" cannot -# enforce full name matches, so use grep instead and stop at first match. -CID=$($PODMAN ps --no-trunc --format '{{.ID}} {{.Names}}' | grep -F -w -m1 "$NAME" | cut -d' ' -f1) - -if [ -z "$CID" ]; then - echo "Container ID not found for \"$NAME\". Not creating drop-in dependency" 2>&1 - exit 1 -else - echo "Creating additional drop-in dependency for \"$NAME\" ($CID)" -fi - -# Note: a tripleo-ansible container has three systemd files associated with it: -# 1. tripleo_*.service - the regular systemd service generated by tripleo-ansible -# 2. libpod-conmon*.scope - created dynamically by podman. runs a conmon -# process that creates a pidfile for tripleo_*.service and monitor it. -# 3. libpod-*.scope - created dynamically by runc. for cgroups accounting -# -# tripleo-ansible can only set start/stop dependencies on 1., not 2. and 3. -# On reboot, systemd is allowed to stop 2. or 3. at any time, which can -# cause 1. to stop before its deps as set up by tripleo-ansible. -# -# To prevent an unexpected stop of 1. from happening, inject a dependency -# in 2. and 3. so that systemd is forbidden to stop those scopes -# automatically until tripleo-container-shutdown.service is stopped. -# That way, when systemd stops 1., the two scopes 2. and 3. will -# finish in sequence and tripleo-ansible dependencies will be respected. - -for scope in "libpod-$CID.scope.d" "libpod-conmon-$CID.scope.d"; do - if [ $rc -eq 0 ] && [ ! -d /run/systemd/transient/"$scope" ]; then - mkdir -p /run/systemd/transient/"$scope" && \ - echo -e "[Unit]\nBefore=tripleo-container-shutdown.service" > /run/systemd/transient/"$scope"/dep.conf && \ - chmod ago+r /run/systemd/transient/"$scope" /run/systemd/transient/"$scope"/dep.conf - rc=$? - fi -done - -if [ $rc -ne 0 ]; then - echo "Could not create drop-in dependency for \"$NAME\" ($CID)" >&2 - exit 1 -fi - -systemctl daemon-reload -rc=$? -if [ $rc -ne 0 ]; then - echo "Could not refresh service definition after creating drop-in for \"$NAME\": $rc" >&2 - exit 1 -fi diff --git a/tripleo_ansible/roles/tripleo_container_manage/meta/main.yml b/tripleo_ansible/roles/tripleo_container_manage/meta/main.yml deleted file mode 100644 index 53f1a130c..000000000 --- a/tripleo_ansible/roles/tripleo_container_manage/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_container_manage - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_container_manage/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_container_manage/molecule/default/converge.yml deleted file mode 100644 index 5b62ef03b..000000000 --- a/tripleo_ansible/roles/tripleo_container_manage/molecule/default/converge.yml +++ /dev/null @@ -1,403 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Create fedora container from /tmp/container-configs with old healthcheck - become: true - hosts: all - gather_facts: false - vars: - tripleo_container_manage_config: '/tmp/container-configs' - tripleo_container_manage_healthcheck_disabled: true - tripleo_container_manage_debug: true - tripleo_container_manage_config_patterns: 'fedora.json' - tasks: - - include_role: - name: tripleo_container_manage - post_tasks: - - name: Verify that Fedora container was created correctly and manually create old healthcheck for migration testing - when: - - not ansible_check_mode|bool - block: - # Reproduce what was done before to create and enable healthchecks - - name: "Enable and start systemd timers" - systemd: - state: started - name: "tripleo_fedora_healthcheck.timer" - enabled: true - daemon_reload: false - - name: "Add systemd requires for healthchecks" - command: "systemctl add-requires tripleo_fedora.service tripleo_fedora_healthcheck.timer" - # Check that migration is ready to be tested - - name: Check for fedora container - command: podman container exists fedora - - name: Check if tripleo_fedora systemd healthcheck service is active - command: systemctl is-active --quiet tripleo_fedora_healthcheck.timer - register: tripleo_fedora_healthcheck_active_result - - name: Assert that tripleo_fedora systemd healthcheck service is active - assert: - that: - - tripleo_fedora_healthcheck_active_result.rc == 0 - fail_msg: 'tripleo_fedora systemd healthcheck service is not active' - success_msg: 'tripleo_fedora systemd healthcheck service is active' - -- name: Create all containers from /tmp/container-configs - become: true - hosts: all - gather_facts: false - vars: - tripleo_container_manage_config: '/tmp/container-configs' - tripleo_container_manage_debug: true - tripleo_container_manage_config_patterns: '*.json' - tasks: - - include_role: - name: tripleo_container_manage - post_tasks: - - name: Verify that Fedora container was created correctly - when: - - not ansible_check_mode|bool - block: - - name: Check for fedora container - command: podman container exists fedora - - name: Gather facts about fedora container - containers.podman.podman_container_info: - name: fedora - register: fedora_infos - - name: Assert that fedora container has the right image - assert: - that: - - "'fedora:latest' in fedora_infos.containers.0.ImageName" - fail_msg: 'fedora container has wrong image' - success_msg: 'fedora container has the right image' - - name: Check if tripleo_fedora systemd service is active - command: systemctl is-active --quiet tripleo_fedora - register: tripleo_fedora_active_result - - name: Assert that tripleo_fedora systemd service is active - assert: - that: - - tripleo_fedora_active_result.rc == 0 - fail_msg: 'tripleo_fedora systemd service is not active' - success_msg: 'tripleo_fedora systemd service is active' - - name: Check if tripleo_fedora healthcheck is active and healthy - assert: - that: - - "'healthy' in fedora_infos.containers.0.State.Health.Status" - fail_msg: 'fedora container healthcheck is not healthy' - success_msg: 'fedora container healthcheck is healthy' - - name: Verify that Fedora systemd healthcheck container was removed correctly - command: systemctl is-active --quiet tripleo_fedora_healthcheck.timer - register: tripleo_fedora_healthcheck_active_result - failed_when: - - tripleo_fedora_healthcheck_active_result.rc == 0 - - name: Verify that Fedora bis container was created correctly - block: - - name: Check for fedora_bis container - command: podman container exists fedora_bis - - name: Gather facts about fedora_bis container - containers.podman.podman_container_info: - name: fedora_bis - register: fedora_bis_infos - - name: Assert that fedora_bis container has the right image - assert: - that: - - "'fedora:latest' in fedora_bis_infos.containers.0.ImageName" - fail_msg: 'fedora_bis container has wrong image' - success_msg: 'fedora_bis container has the right image' - - name: Verify that Fedora three container was created correctly - block: - - name: Check for fedora_three container - command: podman container exists fedora_three - - name: Gather facts about fedora_three container - containers.podman.podman_container_info: - name: fedora_three - register: fedora_three_infos - - name: Assert that fedora_three container has the right image - assert: - that: - - "'fedora:latest' in fedora_three_infos.containers.0.ImageName" - fail_msg: 'fedora_three container has wrong image' - success_msg: 'fedora_three container has the right image' - -- name: Test idempotency on fedora container - become: true - hosts: all - gather_facts: false - vars: - tripleo_container_manage_config: '/tmp/container-configs' - tripleo_container_manage_debug: true - tripleo_container_manage_config_patterns: '*.json' - tasks: - - name: Gather facts about fedora container before new run - containers.podman.podman_container_info: - name: fedora - register: fedora_infos_old - when: - - not ansible_check_mode|bool - - include_role: - name: tripleo_container_manage - - name: Gather facts about fedora container after new run - containers.podman.podman_container_info: - name: fedora - register: fedora_infos_new - when: - - not ansible_check_mode|bool - post_tasks: - - name: Assert that fedora container has not been re-created - assert: - that: - - fedora_infos_new['containers'][0]['Id'] == fedora_infos_old['containers'][0]['Id'] - fail_msg: 'fedora container was wrongly re-created' - success_msg: 'fedora container was not re-created' - when: - - not ansible_check_mode|bool - -- name: Test systemd state on fedora container after a manual stop - become: true - hosts: all - gather_facts: false - vars: - tripleo_container_manage_config: '/tmp/container-configs' - tripleo_container_manage_debug: true - tripleo_container_manage_config_patterns: '*.json' - tasks: - - name: Stop systemd service for tripleo_fedora in a manual stop - systemd: - name: tripleo_fedora.service - state: stopped - enabled: false - daemon_reload: true - # https://github.com/ansible/ansible/pull/68136 - ignore_errors: "{{ ansible_check_mode }}" - - include_role: - name: tripleo_container_manage - post_tasks: - - name: Check if tripleo_fedora systemd service is active after a manual stop - command: systemctl is-active --quiet tripleo_fedora - register: tripleo_fedora_active_result - - name: Assert that tripleo_fedora systemd service is active after a manual stop - when: - - not ansible_check_mode|bool - assert: - that: - - tripleo_fedora_active_result.rc == 0 - fail_msg: 'tripleo_fedora systemd service is not active after a manual stop' - success_msg: 'tripleo_fedora systemd service is active after a manual stop' - -- name: Manage only one container - become: true - hosts: all - gather_facts: false - vars: - tripleo_container_manage_config: '/tmp/container-configs' - tripleo_container_manage_debug: true - tripleo_container_manage_config_patterns: 'fedora.json' - tripleo_container_manage_clean_orphans: false - tripleo_container_manage_config_overrides: - fedora: - image: fedora:rawhide - tasks: - - include_role: - name: tripleo_container_manage - post_tasks: - - name: Verify that all containers still exist - when: - - not ansible_check_mode|bool - block: - - name: Check for fedora container - command: podman container exists fedora - - name: Gather facts about fedora container - containers.podman.podman_container_info: - name: fedora - register: fedora_infos - - name: Assert that fedora container has the right image - assert: - that: - - "'fedora:rawhide' in fedora_infos.containers.0.ImageName" - fail_msg: "fedora container has wrong image {{ fedora_infos.containers }}" - success_msg: 'fedora container has the right image' - - name: Check if tripleo_fedora systemd service is active - command: systemctl is-active --quiet tripleo_fedora - register: tripleo_fedora_active_result - - name: Assert that tripleo_fedora systemd service is active - assert: - that: - - tripleo_fedora_active_result.rc == 0 - fail_msg: 'tripleo_fedora systemd service is not active' - success_msg: 'tripleo_fedora systemd service is active' - - name: Check if tripleo_fedora healthcheck is active and healthy - assert: - that: - - "'healthy' in fedora_infos.containers.0.State.Health.Status" - fail_msg: 'fedora container healthcheck is not healthy' - success_msg: 'fedora container healthcheck is healthy' - - name: Check for fedora_bis container - command: podman container exists fedora_bis - - name: Check for fedora_three container - command: podman container exists fedora_three - -- name: Manage a wrong container (user error) - become: true - hosts: all - gather_facts: false - vars: - tripleo_container_manage_config: '/tmp/container-configs' - tripleo_container_manage_debug: true - tripleo_container_manage_config_patterns: 'feduraaa.json' - tripleo_container_manage_clean_orphans: false - tasks: - - include_role: - name: tripleo_container_manage - post_tasks: - - name: Verify that all containers still exist - when: - - not ansible_check_mode|bool - block: - - name: Check for fedora container - command: podman container exists fedora - - name: Gather facts about fedora container - containers.podman.podman_container_info: - name: fedora - register: fedora_infos - - name: Check if tripleo_fedora systemd service is active - command: systemctl is-active --quiet tripleo_fedora - register: tripleo_fedora_active_result - - name: Assert that tripleo_fedora systemd service is active - assert: - that: - - tripleo_fedora_active_result.rc == 0 - fail_msg: 'tripleo_fedora systemd service is not active' - success_msg: 'tripleo_fedora systemd service is active' - - name: Check if tripleo_fedora healthcheck is active and healthy - assert: - that: - - "'healthy' in fedora_infos.containers.0.State.Health.Status" - fail_msg: 'fedora container healthcheck is not healthy' - success_msg: 'fedora container healthcheck is healthy' - - name: Check for fedora_bis container - command: podman container exists fedora_bis - - name: Check for fedora_three container - command: podman container exists fedora_three - -- name: Test a container removal - become: true - hosts: all - gather_facts: false - vars: - tripleo_container_manage_config: '/tmp/container-configs' - tripleo_container_manage_debug: true - tripleo_container_manage_config_patterns: 'fedora_*.json' - tasks: - - name: Remove fedora container config - file: - path: '/tmp/container-configs/fedora.json' - state: absent - - include_role: - name: tripleo_container_manage - post_tasks: - - name: Verify that all containers still exist - when: - - not ansible_check_mode|bool - block: - - name: Check that fedora container was removed - command: podman container exists fedora - register: container_exist - failed_when: container_exist.rc == 0 - - name: Check if tripleo_fedora systemd service is still active - command: systemctl is-active --quiet tripleo_fedora - register: tripleo_fedora_active_result - failed_when: tripleo_fedora_active_result.rc == 0 - - name: Check for fedora_bis container - command: podman container exists fedora_bis - - name: Check for fedora_three container - command: podman container exists fedora_three - -- name: Test a container update - become: true - hosts: all - gather_facts: false - vars: - tripleo_container_manage_config: '/tmp/container-configs' - tripleo_container_manage_debug: true - tripleo_container_manage_config_patterns: 'fedora_*.json' - tasks: - - name: Modify the fedora_bis container config - copy: - content: | - { - "image": "fedora:rawhide", - "net": "host", - "command": "sleep 10" - } - dest: '/tmp/container-configs/fedora_bis.json' - - include_role: - name: tripleo_container_manage - post_tasks: - - name: Verify that Fedora bis container was re-created correctly - when: - - not ansible_check_mode|bool - block: - - name: Check for fedora_bis container - command: podman container exists fedora_bis - - name: Gather facts about fedora_bis container - containers.podman.podman_container_info: - name: fedora_bis - register: fedora_bis_infos - - name: Assert that fedora_bis container has the right image - assert: - that: - - "'fedora:rawhide' in fedora_bis_infos.containers.0.ImageName" - fail_msg: 'fedora_bis container has wrong image' - success_msg: 'fedora_bis container has the right image' - - name: Check for fedora_three container - command: podman container exists fedora_three - when: - - not ansible_check_mode|bool - -- name: Test a container config override - become: true - hosts: all - gather_facts: false - vars: - tripleo_container_manage_config: '/tmp/container-configs' - tripleo_container_manage_debug: true - tripleo_container_manage_config_patterns: 'fedora_*.json' - tripleo_container_manage_config_overrides: - fedora_bis: - image: fedora:latest - tasks: - - include_role: - name: tripleo_container_manage - post_tasks: - - name: Verify that Fedora bis container was re-created correctly - when: - - not ansible_check_mode|bool - block: - - name: Check for fedora_bis container - command: podman container exists fedora_bis - - name: Gather facts about fedora_bis container - containers.podman.podman_container_info: - name: fedora_bis - register: fedora_bis_infos - - name: Assert that fedora_bis container has the right image - assert: - that: - - "'fedora:latest' in fedora_bis_infos.containers.0.ImageName" - fail_msg: 'fedora_bis container has wrong image' - success_msg: 'fedora_bis container has the right image' - - name: Check for fedora_three container - command: podman container exists fedora_three - when: - - not ansible_check_mode|bool diff --git a/tripleo_ansible/roles/tripleo_container_manage/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_container_manage/molecule/default/molecule.yml deleted file mode 100644 index d970bb144..000000000 --- a/tripleo_ansible/roles/tripleo_container_manage/molecule/default/molecule.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - ansible_connection: local - ansible_distribution: centos9 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH:-/usr/share/ansible/roles}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_container_manage/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_container_manage/molecule/default/prepare.yml deleted file mode 100644 index 988b6226c..000000000 --- a/tripleo_ansible/roles/tripleo_container_manage/molecule/default/prepare.yml +++ /dev/null @@ -1,95 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - become: true - roles: - - role: test_deps - test_deps_extra_packages: - - podman - - role: env_data - tasks: - - name: Prepare the container configs directory - file: - path: '/tmp/container-configs' - state: directory - - name: Create a configuration file for a fedora container - # ipc mode added as WA for podman 4.1.x - copy: - content: | - { - "image": "fedora:latest", - "net": "host", - "ipc": "shareable", - "command": "sleep 3600", - "restart": "always", - "check_interval": "500s", - "healthcheck": { "test": "echo test" } - } - dest: '/tmp/container-configs/fedora.json' - - name: Create a secondary configuration file for a fedora container - copy: - content: | - { - "image": "fedora:latest", - "net": "host", - "ipc": "shareable", - "command": "sleep 5" - } - dest: '/tmp/container-configs/fedora_bis.json' - - name: Create a third configuration file for a fedora container - copy: - content: | - { - "image": "fedora:latest", - "net": "host", - "ipc": "shareable", - "command": "sleep 5" - } - dest: '/tmp/container-configs/fedora_three.json' - - name: Create old healthcheck service for fedora container - copy: - content: | - [Unit] - Description=tripleo_fedora healthcheck - Requisite=tripleo_fedora.service - [Service] - Type=oneshot - ExecStart=/usr/bin/podman exec --user root fedora sleep 3600 }} - [Install] - WantedBy=multi-user.target - dest: '/etc/systemd/system/tripleo_fedora_healthcheck.service' - mode: '0644' - owner: root - group: root - - name: Create old healthcheck timer for fedora container - copy: - content: | - [Unit] - Description=tripleo_fedora container healthcheck - PartOf=tripleo_fedora.service - [Timer] - OnActiveSec=120 - OnUnitActiveSec=60 - RandomizedDelaySec=5 - [Install] - WantedBy=timers.target - dest: '/etc/systemd/system/tripleo_fedora_healthcheck.timer' - mode: '0644' - owner: root - group: root diff --git a/tripleo_ansible/roles/tripleo_container_manage/tasks/create.yml b/tripleo_ansible/roles/tripleo_container_manage/tasks/create.yml deleted file mode 100644 index 55ac86726..000000000 --- a/tripleo_ansible/roles/tripleo_container_manage/tasks/create.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: "Create containers managed by Podman for {{ tripleo_container_manage_config }}" - tripleo_container_manage: - config_id: "{{ tripleo_container_manage_config_id }}" - config_dir: "{{ tripleo_container_manage_config }}" - config_patterns: "{{ tripleo_container_manage_config_patterns }}" - config_overrides: "{{ tripleo_container_manage_config_overrides }}" - concurrency: "{{ tripleo_container_manage_concurrency }}" - -- name: Check if /etc/sysconfig/podman_drop_in exists - stat: - path: /etc/sysconfig/podman_drop_in - register: podman_drop_in_file - -# NOTE(mwhahaha): this fact is used as part of the container_systemd templating -- name: Set podman_drop_in fact - set_fact: - podman_drop_in: true - when: - - podman_drop_in_file.stat.exists - -- name: "Manage container systemd services and cleanup old systemd healthchecks for {{ tripleo_container_manage_config }}" - become: true - container_systemd: - container_config: "{{ container_config }}" - debug: "{{ tripleo_container_manage_debug | bool }}" - systemd_healthchecks: "{{ (not tripleo_container_manage_healthcheck_disabled | bool) }}" - vars: - container_config: "{{ all_containers_hash | dict_to_list | haskey(attribute='restart', value=['always','unless-stopped'], any=True) | default([]) }}" - when: - - tripleo_container_manage_cli == 'podman' - - (container_config|length) > 0 diff --git a/tripleo_ansible/roles/tripleo_container_manage/tasks/delete_orphan.yml b/tripleo_ansible/roles/tripleo_container_manage/tasks/delete_orphan.yml deleted file mode 100644 index 2094943a5..000000000 --- a/tripleo_ansible/roles/tripleo_container_manage/tasks/delete_orphan.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Gather podman infos - containers.podman.podman_container_info: {} - register: podman_containers - no_log: "{{ not (tripleo_container_manage_debug | bool) }}" - when: - - tripleo_container_manage_cli == 'podman' - -- name: "Delete orphan containers managed by Podman for {{ tripleo_container_manage_config }}" - when: - - tripleo_container_manage_systemd_teardown | bool - include_role: - name: tripleo_container_rm - vars: - tripleo_container_cli: "{{ tripleo_container_manage_cli }}" - tripleo_containers_to_rm: >- - {{ podman_containers.containers | needs_delete(config=all_containers_hash, - config_id=tripleo_container_manage_config_id, check_config=False, - clean_orphans=True) }} diff --git a/tripleo_ansible/roles/tripleo_container_manage/tasks/main.yml b/tripleo_ansible/roles/tripleo_container_manage/tasks/main.yml deleted file mode 100644 index e90ebc224..000000000 --- a/tripleo_ansible/roles/tripleo_container_manage/tasks/main.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_container_manage" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Create container logs path - file: - path: "{{ tripleo_container_manage_log_path }}" - state: directory - owner: root - group: root - become: true - -- name: Generate containers configs data - no_log: "{{ not tripleo_container_manage_debug }}" - block: - - name: "Find all matching configs configs for in {{ tripleo_container_manage_config }}" - container_config_data: - config_path: "{{ tripleo_container_manage_config }}" - config_pattern: "{{ tripleo_container_manage_config_patterns }}" - config_overrides: "{{ tripleo_container_manage_config_overrides }}" - debug: "{{ tripleo_container_manage_debug }}" - register: container_config_data - - name: Finalise hashes for all containers - set_fact: - all_containers_hash: "{{ container_config_data.configs }}" - -- name: "Manage containers from {{ tripleo_container_manage_config }}" - when: - - (all_containers_hash|length) > 0 - - tripleo_container_manage_cli == 'podman' - become: true - block: - - name: "Update container configs with new config hashes" - include_tasks: puppet_config.yml - when: - - tripleo_container_manage_check_puppet_config|bool - - name: "Delete orphan containers from {{ tripleo_container_manage_config }}" - include_tasks: delete_orphan.yml - when: - - tripleo_container_manage_clean_orphans|bool - - name: "Create containers from {{ tripleo_container_manage_config }}" - include_tasks: create.yml diff --git a/tripleo_ansible/roles/tripleo_container_manage/tasks/puppet_config.yml b/tripleo_ansible/roles/tripleo_container_manage/tasks/puppet_config.yml deleted file mode 100644 index d4dc170d2..000000000 --- a/tripleo_ansible/roles/tripleo_container_manage/tasks/puppet_config.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -- name: Update config hashes for container startup configs - container_puppet_config: - update_config_hash_only: true diff --git a/tripleo_ansible/roles/tripleo_container_manage/tasks/shutdown.yml b/tripleo_ansible/roles/tripleo_container_manage/tasks/shutdown.yml deleted file mode 100644 index ac60afe2f..000000000 --- a/tripleo_ansible/roles/tripleo_container_manage/tasks/shutdown.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Create TripleO Container systemd service - become: true - block: - - name: "Deploy tripleo-container-shutdown and tripleo-start-podman-container" - copy: - src: "{{ role_path }}/files/{{ item }}" - dest: "/usr/libexec/{{ item }}" - mode: '0700' - owner: root - group: root - loop: - - 'tripleo-container-shutdown' - - 'tripleo-start-podman-container' - - name: "Create /usr/lib/systemd/system/tripleo-container-shutdown.service" - copy: - src: "{{ role_path }}/files/tripleo-container-shutdown-service" - dest: "/usr/lib/systemd/system/tripleo-container-shutdown.service" - mode: '0644' - owner: root - group: root - - name: "Create /usr/lib/systemd/system-preset/91-tripleo-container-shutdown.preset" - copy: - src: "{{ role_path }}/files/91-tripleo-container-shutdown-preset" - dest: "/usr/lib/systemd/system-preset/91-tripleo-container-shutdown.preset" - mode: '0644' - owner: root - group: root - - name: Enable and start tripleo-container-shutdown - systemd: - name: tripleo-container-shutdown - state: started - enabled: true - daemon_reload: true - - name: "Create /usr/lib/systemd/system/netns-placeholder.service" - copy: - src: "{{ role_path }}/files/netns-placeholder-service" - dest: "/usr/lib/systemd/system/netns-placeholder.service" - mode: '0644' - owner: root - group: root - - name: "Create /usr/lib/systemd/system-preset/91-netns-placeholder.preset" - copy: - src: "{{ role_path }}/files/91-netns-placeholder-preset" - dest: "/usr/lib/systemd/system-preset/91-netns-placeholder.preset" - mode: '0644' - owner: root - group: root - - name: Enable and start netns-placeholder - systemd: - name: netns-placeholder - state: started - enabled: true - daemon_reload: true diff --git a/tripleo_ansible/roles/tripleo_container_manage/templates/systemd-service.j2 b/tripleo_ansible/roles/tripleo_container_manage/templates/systemd-service.j2 deleted file mode 100644 index def368863..000000000 --- a/tripleo_ansible/roles/tripleo_container_manage/templates/systemd-service.j2 +++ /dev/null @@ -1,34 +0,0 @@ -[Unit] -Description={{ lookup('dict', container_data_unit).key }} container -After=tripleo-container-shutdown.service -{% if lookup('dict', container_data_unit).value.depends_on | default([]) | length > 0 %} -After={{ lookup('dict', container_data_unit).value.depends_on | default([]) | join(' ') }} -Wants={{ lookup('dict', container_data_unit).value.depends_on | default([]) | join(' ') }} -{% endif %} -[Service] -Restart=always -{% if lookup('dict', container_data_unit).value.depends_on is defined and (lookup('dict', container_data_unit).value.depends_on | length > 0) and podman_drop_in | default('false') %} -ExecStart=/usr/libexec/tripleo-start-podman-container {{ lookup('dict', container_data_unit).key }} -{% else %} -ExecStart=/usr/bin/podman start {{ lookup('dict', container_data_unit).key }} -{% endif %} -{% if not (lookup('dict', container_data_unit).value.no_reload | default(false) | bool) %} -ExecReload=/usr/bin/podman kill --signal {{ lookup('dict', container_data_unit).value.reload_signal | default('SIGHUP') | regex_replace('^SIG', '') }} {{ lookup('dict', container_data_unit).key }} -{% endif %} -{% if lookup('dict', container_data_unit).value.pre_stop_exec is defined %} -ExecStop=-/usr/bin/podman exec {{ lookup('dict', container_data_unit).key }} {{ lookup('dict', container_data_unit).value.pre_stop_exec }} -{% endif %} -ExecStop=/usr/bin/podman stop -t {{ lookup('dict', container_data_unit).value.stop_grace_period | default(42) | int }} {{ lookup('dict', container_data_unit).key }} -ExecStopPost=/usr/bin/podman stop -t {{ lookup('dict', container_data_unit).value.stop_grace_period | default(42) | int }} {{ lookup('dict', container_data_unit).key }} -SuccessExitStatus=137 142 143 -TimeoutStopSec={{ 2*(lookup('dict', container_data_unit).value.stop_grace_period | default(42) | int) }} -KillMode={{ lookup('dict', container_data_unit).value.kill_mode | default('control-group') }} -Type=forking -PIDFile=/run/{{ lookup('dict', container_data_unit).key }}.pid -{% if lookup('dict', container_data_unit).value.systemd_exec_flags is defined %} -{% for s_flag, s_value in lookup('dict', container_data_unit).value.systemd_exec_flags.items() %} -{{ s_flag }}={{ s_value }} -{% endfor %} -{% endif %} -[Install] -WantedBy=multi-user.target diff --git a/tripleo_ansible/roles/tripleo_container_rm/defaults/main.yml b/tripleo_ansible/roles/tripleo_container_rm/defaults/main.yml deleted file mode 100644 index 04b5a144c..000000000 --- a/tripleo_ansible/roles/tripleo_container_rm/defaults/main.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# NOTE(cloudnull): This role used to use a non-namespaced option, which has a high -# probability of creating conflicts with other roles in the greater -# ansible ecosystem. To ensure that we're able to retain existing -# variable functionality the "modules" option will supersede -# "tripleo_modules" if defined. This default should be removed -# just as soon as we're validate that the non-namespaced option -# is no longer in use. -# -# Set the container command line entry-point -tripleo_container_cli: "{{ container_cli | default('podman') }}" - -# List of containers to delete -tripleo_containers_to_rm: "{{ containers_to_rm | default([]) }}" diff --git a/tripleo_ansible/roles/tripleo_container_rm/meta/main.yml b/tripleo_ansible/roles/tripleo_container_rm/meta/main.yml deleted file mode 100644 index 54aba6d72..000000000 --- a/tripleo_ansible/roles/tripleo_container_rm/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_container_rm - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_container_rm/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_container_rm/molecule/default/converge.yml deleted file mode 100644 index 2d0ecd166..000000000 --- a/tripleo_ansible/roles/tripleo_container_rm/molecule/default/converge.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - become: true - hosts: all - roles: - - role: tripleo_container_rm - tripleo_container_cli: podman - tripleo_containers_to_rm: - - podman-container1 - - podman-container2 diff --git a/tripleo_ansible/roles/tripleo_container_rm/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_container_rm/molecule/default/molecule.yml deleted file mode 100644 index 61c228c9e..000000000 --- a/tripleo_ansible/roles/tripleo_container_rm/molecule/default/molecule.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_container_rm/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_container_rm/molecule/default/prepare.yml deleted file mode 100644 index 337424878..000000000 --- a/tripleo_ansible/roles/tripleo_container_rm/molecule/default/prepare.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - become: true - gather_facts: true - vars: - required_packages: - - podman - roles: - - role: test_deps - test_deps_extra_packages: "{{ required_packages }}" - - role: env_data - post_tasks: - - name: Pull container image - containers.podman.podman_image: - name: fedora - - - name: Create test containers - containers.podman.podman_container: - name: "{{ item }}" - interactive: true - tty: true - detach: true - image: fedora - command: bash - with_items: - - podman-container1 - - podman-container2 diff --git a/tripleo_ansible/roles/tripleo_container_rm/molecule/legacy_vars/converge.yml b/tripleo_ansible/roles/tripleo_container_rm/molecule/legacy_vars/converge.yml deleted file mode 100644 index 6f7ca4ba4..000000000 --- a/tripleo_ansible/roles/tripleo_container_rm/molecule/legacy_vars/converge.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - become: true - hosts: all - roles: - - role: tripleo_container_rm - container_cli: podman - containers_to_rm: - - podman-legacy-container1 - - podman-legacy-container2 diff --git a/tripleo_ansible/roles/tripleo_container_rm/molecule/legacy_vars/molecule.yml b/tripleo_ansible/roles/tripleo_container_rm/molecule/legacy_vars/molecule.yml deleted file mode 100644 index 61c228c9e..000000000 --- a/tripleo_ansible/roles/tripleo_container_rm/molecule/legacy_vars/molecule.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_container_rm/molecule/legacy_vars/prepare.yml b/tripleo_ansible/roles/tripleo_container_rm/molecule/legacy_vars/prepare.yml deleted file mode 100644 index 78ae14844..000000000 --- a/tripleo_ansible/roles/tripleo_container_rm/molecule/legacy_vars/prepare.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - become: true - gather_facts: true - vars: - required_packages: - - podman - roles: - - role: test_deps - required_packages: "{{ required_packages }}" - - role: env_data - post_tasks: - - name: Pull container image - containers.podman.podman_image: - name: fedora - - - name: Create test containers - containers.podman.podman_container: - name: "{{ item }}" - interactive: true - tty: true - detach: true - image: fedora - command: bash - with_items: - - podman-legacy-container1 - - podman-legacy-container2 diff --git a/tripleo_ansible/roles/tripleo_container_rm/molecule/podman-rm-stopped/converge.yml b/tripleo_ansible/roles/tripleo_container_rm/molecule/podman-rm-stopped/converge.yml deleted file mode 100644 index 2d0ecd166..000000000 --- a/tripleo_ansible/roles/tripleo_container_rm/molecule/podman-rm-stopped/converge.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - become: true - hosts: all - roles: - - role: tripleo_container_rm - tripleo_container_cli: podman - tripleo_containers_to_rm: - - podman-container1 - - podman-container2 diff --git a/tripleo_ansible/roles/tripleo_container_rm/molecule/podman-rm-stopped/molecule.yml b/tripleo_ansible/roles/tripleo_container_rm/molecule/podman-rm-stopped/molecule.yml deleted file mode 100644 index 61c228c9e..000000000 --- a/tripleo_ansible/roles/tripleo_container_rm/molecule/podman-rm-stopped/molecule.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_container_rm/molecule/podman-rm-stopped/prepare.yml b/tripleo_ansible/roles/tripleo_container_rm/molecule/podman-rm-stopped/prepare.yml deleted file mode 100644 index 2e59609f7..000000000 --- a/tripleo_ansible/roles/tripleo_container_rm/molecule/podman-rm-stopped/prepare.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - become: true - gather_facts: true - vars: - required_packages: - - podman - roles: - - role: test_deps - test_deps_extra_packages: "{{ required_packages }}" - - role: env_data - post_tasks: - - name: Pull container image - containers.podman.podman_image: - name: fedora - - - name: Create test containers - containers.podman.podman_container: - name: "{{ item }}" - interactive: true - tty: true - detach: true - image: fedora - command: bash - with_items: - - podman-container1 - - podman-container2 - - - name: Stop test containers - containers.podman.podman_container: - name: "{{ item }}" - state: stopped - with_items: - - podman-container1 - - podman-container2 diff --git a/tripleo_ansible/roles/tripleo_container_rm/tasks/main.yml b/tripleo_ansible/roles/tripleo_container_rm/tasks/main.yml deleted file mode 100644 index ec7598452..000000000 --- a/tripleo_ansible/roles/tripleo_container_rm/tasks/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- include_tasks: "tripleo_{{ tripleo_container_cli }}_container_rm.yml" - loop: "{{ tripleo_containers_to_rm }}" - loop_control: - loop_var: container diff --git a/tripleo_ansible/roles/tripleo_container_rm/tasks/tripleo_docker_container_rm.yml b/tripleo_ansible/roles/tripleo_container_rm/tasks/tripleo_docker_container_rm.yml deleted file mode 100644 index 7cf5fde1c..000000000 --- a/tripleo_ansible/roles/tripleo_container_rm/tasks/tripleo_docker_container_rm.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: "Check if {{ container }} is running in docker backend" - command: "docker inspect --type container --format exists {{ container }}" - register: stat_docker_container - failed_when: false - -- name: remove "{{ container }}" container - command: "docker rm --force {{ container }}" - when: - - stat_docker_container.rc is defined - - stat_docker_container.rc == 0 diff --git a/tripleo_ansible/roles/tripleo_container_rm/tasks/tripleo_podman_container_rm.yml b/tripleo_ansible/roles/tripleo_container_rm/tasks/tripleo_podman_container_rm.yml deleted file mode 100644 index b78ac60ca..000000000 --- a/tripleo_ansible/roles/tripleo_container_rm/tasks/tripleo_podman_container_rm.yml +++ /dev/null @@ -1,88 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: "check if {{ container }} service healthcheck exists in systemd" - stat: - path: "/etc/systemd/system/tripleo_{{ container }}_healthcheck.service" - register: systemd_healthcheck_exists - -- name: "tear-down {{ container }} healthcheck" - when: - - systemd_healthcheck_exists.stat.exists - block: - - name: "stop and disable {{ container }} healthcheck" - systemd: - name: "tripleo_{{ container }}_healthcheck" - state: stopped - enabled: false - - - name: "remove {{ container }} healthcheck service" - file: - path: "/etc/systemd/system/tripleo_{{ container }}_healthcheck.service" - state: absent - - - name: "remove {{ container }} healthcheck timer" - file: - path: "/etc/systemd/system/tripleo_{{ container }}_healthcheck.timer" - state: absent - -- name: "check if {{ container }} service exists in systemd" - stat: - path: "/etc/systemd/system/tripleo_{{ container }}.service" - register: systemd_exists - -- name: "tear-down {{ container }} container" - when: - - systemd_exists.stat.exists - block: - - name: "stop and disable {{ container }}" - systemd: - name: "tripleo_{{ container }}" - state: stopped - enabled: false - - - name: "remove {{ container }} systemd service" - file: - path: "/etc/systemd/system/tripleo_{{ container }}.service" - state: absent - -- name: "check if {{ container }} service requires exists in systemd" - stat: - path: "/etc/systemd/system/tripleo_{{ container }}.service.requires" - register: systemd_requires_exists - -- name: "remove {{ container }} systemd requires" - file: - path: "/etc/systemd/system/tripleo_{{ container }}.service.requires" - state: absent - when: - - systemd_requires_exists.stat.exists - -- name: Reload systemd services if needed - when: - - systemd_healthcheck_exists.stat.exists or systemd_exists.stat.exists or systemd_requires_exists.stat.exists - systemd: - daemon_reload: true - -- name: Stop and remove container if exists - containers.podman.podman_container: - name: "{{ container }}" - state: absent - register: result - until: result is success - retries: 5 - delay: 10 diff --git a/tripleo_ansible/roles/tripleo_container_standalone/defaults/main.yml b/tripleo_ansible/roles/tripleo_container_standalone/defaults/main.yml deleted file mode 100644 index b36671d6c..000000000 --- a/tripleo_ansible/roles/tripleo_container_standalone/defaults/main.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_container_standalone" -tripleo_container_standalone_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" - -tripleo_container_standalone_hide_sensitive_logs: true - -# Service name. Use for creating directories, container labels, etc -tripleo_container_standalone_service : "" -# Directory for kolla config files -tripleo_container_standalone_kolla_config_dir: /var/lib/kolla/config_files -# Directory for container startup configs -tripleo_container_standalone_container_startup_config_dir: /var/lib/tripleo-config/container-startup-config -# Hash with keys of container name and value of YAML kolla config file. -tripleo_container_standalone_kolla_config_files: {} -# Hash with keys of container name and value of YAML container definition -tripleo_container_standalone_container_defs: {} - -# List of common volumes that can be included in the template of a container -# definition to include the most common volumes. -tripleo_container_standalone_common_volumes: - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - # OpenSSL trusted CAs - - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro - - /etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro - - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro - - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro - - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro - # Syslog socket - - /dev/log:/dev/log - # required for bootstrap_host_exec - - /etc/puppet:/etc/puppet:ro - -# List of volumes included when internal tls is enabled -tripleo_container_standalone_internal_tls_volumes: - - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro - -# Internal TLS vars. These vars are not prefixed with the role name as they are -# intended to be set from other services/roles. -tripleo_enable_internal_tls: false -tripleo_internal_tls_ca_file: /etc/ipa/ca.crt - -tripleo_container_standalone_volumes: "{{ - tripleo_enable_internal_tls | - ternary( - tripleo_container_standalone_common_volumes + - tripleo_container_standalone_internal_tls_volumes + - [tripleo_internal_tls_ca_file ~ ':' ~ tripleo_internal_tls_ca_file ~ ':ro'], - tripleo_container_standalone_common_volumes) - }}" - -tripleo_debug: False -tripleo_deploy_identifier: '' diff --git a/tripleo_ansible/roles/tripleo_container_standalone/files/.gitkeep b/tripleo_ansible/roles/tripleo_container_standalone/files/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/roles/tripleo_container_standalone/handlers/main.yml b/tripleo_ansible/roles/tripleo_container_standalone/handlers/main.yml deleted file mode 100644 index ede65b54e..000000000 --- a/tripleo_ansible/roles/tripleo_container_standalone/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. diff --git a/tripleo_ansible/roles/tripleo_container_standalone/meta/main.yml b/tripleo_ansible/roles/tripleo_container_standalone/meta/main.yml deleted file mode 100644 index ac6e4571b..000000000 --- a/tripleo_ansible/roles/tripleo_container_standalone/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: TripleO OpenStack Role -- tripleo_container_standalone - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - namespace: openstack - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_container_standalone/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_container_standalone/molecule/default/converge.yml deleted file mode 100644 index c5743b24c..000000000 --- a/tripleo_ansible/roles/tripleo_container_standalone/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_container_standalone" diff --git a/tripleo_ansible/roles/tripleo_container_standalone/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_container_standalone/molecule/default/molecule.yml deleted file mode 100644 index 20d7e2005..000000000 --- a/tripleo_ansible/roles/tripleo_container_standalone/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_container_standalone/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_container_standalone/molecule/default/prepare.yml deleted file mode 100644 index b17f36011..000000000 --- a/tripleo_ansible/roles/tripleo_container_standalone/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_container_standalone/tasks/main.yml b/tripleo_ansible/roles/tripleo_container_standalone/tasks/main.yml deleted file mode 100644 index cbefdbad3..000000000 --- a/tripleo_ansible/roles/tripleo_container_standalone/tasks/main.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_container_standalone" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Ensure {{ tripleo_container_standalone_kolla_config_dir }} exists - file: - path: "{{ tripleo_container_standalone_kolla_config_dir }}" - state: directory - recurse: true - setype: container_file_t - -- name: Create kolla config files - copy: - content: "{{ item.value | to_nice_json }}" - dest: "{{ tripleo_container_standalone_kolla_config_dir ~ '/' ~ item.key ~ '.json' }}" - mode: 0600 - loop: "{{ tripleo_container_standalone_kolla_config_files | dict2items }}" - -- name: Create {{ tripleo_container_standalone_container_startup_config_dir }}/{{ tripleo_container_standalone_service }} - file: - path: "{{ tripleo_container_standalone_container_startup_config_dir }}/{{ tripleo_container_standalone_service }}" - state: directory - -- name: Render {{ tripleo_container_standalone_service }} container definitions - copy: - content: "{{ item.value | to_nice_json }}" - dest: "{{ tripleo_container_standalone_container_startup_config_dir }}/{{ tripleo_container_standalone_service }}/{{ item.key }}.json" - # NOTE(tkajinam): Some containers (eg. keystone_bootstrap) contain secrets - # in its environments. Hide the output to avoid dumping these - # to output. - no_log: true - loop: "{{ tripleo_container_standalone_container_defs | dict2items }}" - -- name: Run {{ tripleo_container_standalone_service }} containers - include_role: - name: tripleo_container_manage - vars: - tripleo_container_manage_config: "{{ tripleo_container_standalone_container_startup_config_dir }}/{{ tripleo_container_standalone_service }}" - tripleo_container_manage_config_patterns: "*.json" - tripleo_container_manage_config_id: "{{ tripleo_container_standalone_service }}" diff --git a/tripleo_ansible/roles/tripleo_container_standalone/vars/main.yml b/tripleo_ansible/roles/tripleo_container_standalone/vars/main.yml deleted file mode 100644 index 82720befd..000000000 --- a/tripleo_ansible/roles/tripleo_container_standalone/vars/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "tripleo_container_standalone" diff --git a/tripleo_ansible/roles/tripleo_container_stop/defaults/main.yml b/tripleo_ansible/roles/tripleo_container_stop/defaults/main.yml deleted file mode 100644 index abe5c5280..000000000 --- a/tripleo_ansible/roles/tripleo_container_stop/defaults/main.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -tripleo_containers_to_stop: "{{ default([]) }}" -tripleo_delegate_to: ["localhost"] diff --git a/tripleo_ansible/roles/tripleo_container_stop/meta/main.yml b/tripleo_ansible/roles/tripleo_container_stop/meta/main.yml deleted file mode 100644 index 39f90f5fc..000000000 --- a/tripleo_ansible/roles/tripleo_container_stop/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_container_stop - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_container_stop/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_container_stop/molecule/default/converge.yml deleted file mode 100644 index 8a017f6ab..000000000 --- a/tripleo_ansible/roles/tripleo_container_stop/molecule/default/converge.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - become: true - hosts: all - roles: - - role: tripleo_container_stop - tripleo_containers_to_stop: - - podman-container1 - - podman-container2 diff --git a/tripleo_ansible/roles/tripleo_container_stop/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_container_stop/molecule/default/molecule.yml deleted file mode 100644 index f7d89df0e..000000000 --- a/tripleo_ansible/roles/tripleo_container_stop/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_container_stop/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_container_stop/molecule/default/prepare.yml deleted file mode 100644 index 337424878..000000000 --- a/tripleo_ansible/roles/tripleo_container_stop/molecule/default/prepare.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - become: true - gather_facts: true - vars: - required_packages: - - podman - roles: - - role: test_deps - test_deps_extra_packages: "{{ required_packages }}" - - role: env_data - post_tasks: - - name: Pull container image - containers.podman.podman_image: - name: fedora - - - name: Create test containers - containers.podman.podman_container: - name: "{{ item }}" - interactive: true - tty: true - detach: true - image: fedora - command: bash - with_items: - - podman-container1 - - podman-container2 diff --git a/tripleo_ansible/roles/tripleo_container_stop/tasks/main.yml b/tripleo_ansible/roles/tripleo_container_stop/tasks/main.yml deleted file mode 100644 index 7baad396f..000000000 --- a/tripleo_ansible/roles/tripleo_container_stop/tasks/main.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_container_stop" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. - -- name: Fail if tripleo_delegate_to is undefined - fail: msg="tripleo_delegate_to is a mandatory variable" - when: - - not ((tripleo_delegate_to is defined) and (tripleo_delegate_to | length > 0)) - -- include_tasks: "tripleo_container_stop.yaml" - vars: - container: "{{ item }}" - with_items: "{{ tripleo_containers_to_stop }}" diff --git a/tripleo_ansible/roles/tripleo_container_stop/tasks/tripleo_container_stop.yaml b/tripleo_ansible/roles/tripleo_container_stop/tasks/tripleo_container_stop.yaml deleted file mode 100644 index b79c9de0e..000000000 --- a/tripleo_ansible/roles/tripleo_container_stop/tasks/tripleo_container_stop.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Make sure the container {{ container }} is stopped even if container_cli do not match - become: true - shell: |- - # We need to make sure that containers are stopped - # as we might have different CLIs to interact with - # them. I.e the container_cli might be setted to be podman - # but we might have the containers running with docker. - set -eu - if command -v podman && podman exec {{ container }} /bin/true; then - if systemctl status {{ container }}.service; then - systemctl stop {{ container }}.service - else - podman kill {{ container }} - fi - fi - if type docker &> /dev/null && docker exec {{ container }} /bin/true; then - docker stop {{ container }} - fi - delegate_to: "{{ tripleo_delegate_to_item }}" - with_items: "{{ tripleo_delegate_to }}" - loop_control: - loop_var: tripleo_delegate_to_item diff --git a/tripleo_ansible/roles/tripleo_container_tag/defaults/main.yml b/tripleo_ansible/roles/tripleo_container_tag/defaults/main.yml deleted file mode 100644 index 2ab6e529a..000000000 --- a/tripleo_ansible/roles/tripleo_container_tag/defaults/main.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_container_tag" - -# NOTE(cloudnull): This role used to use a non-namespaced option, which has a high -# probability of creating conflicts with other roles in the greater -# ansible ecosystem. To ensure that we're able to retain existing -# variable functionality the "modules" option will supersede -# "tripleo_modules" if defined. This default should be removed -# just as soon as we're validate that the non-namespaced option -# is no longer in use. -# -# Set the container command line entry-point -tripleo_container_cli: "{{ container_cli | default('podman') }}" - -# Enable or disable pulling images. -tripleo_container_pull_image: "{{ pull_image | default(true) }}" - -# Name of the tag -tripleo_container_image_latest: "{{ container_image_latest | default('latest') }}" - -# Set the default container image if undefined -tripleo_container_image: "{{ container_image | default('') }}" diff --git a/tripleo_ansible/roles/tripleo_container_tag/meta/main.yml b/tripleo_ansible/roles/tripleo_container_tag/meta/main.yml deleted file mode 100644 index 33530ff72..000000000 --- a/tripleo_ansible/roles/tripleo_container_tag/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_container_tag - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_container_tag/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_container_tag/molecule/default/converge.yml deleted file mode 100644 index e8d944b35..000000000 --- a/tripleo_ansible/roles/tripleo_container_tag/molecule/default/converge.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - become: true - roles: - - role: "tripleo_container_tag" - tripleo_container_image: quay.io/centos/centos:stream8 - tripleo_container_image_latest: test-latest - tripleo_container_cli: podman - - role: "tripleo_container_tag" - tripleo_container_image: quay.io/centos/centos:stream8 - tripleo_container_image_latest: test-latest-2 - tripleo_container_cli: podman - tripleo_container_pull_image: false diff --git a/tripleo_ansible/roles/tripleo_container_tag/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_container_tag/molecule/default/molecule.yml deleted file mode 100644 index 61c228c9e..000000000 --- a/tripleo_ansible/roles/tripleo_container_tag/molecule/default/molecule.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_container_tag/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_container_tag/molecule/default/prepare.yml deleted file mode 100644 index bda439a9f..000000000 --- a/tripleo_ansible/roles/tripleo_container_tag/molecule/default/prepare.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - become: true - gather_facts: true - vars: - required_packages: - - podman - roles: - - role: test_deps - test_deps_extra_packages: "{{ required_packages }}" - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_container_tag/molecule/legacy_vars/converge.yml b/tripleo_ansible/roles/tripleo_container_tag/molecule/legacy_vars/converge.yml deleted file mode 100644 index d2f7813e7..000000000 --- a/tripleo_ansible/roles/tripleo_container_tag/molecule/legacy_vars/converge.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - become: true - roles: - - role: "tripleo_container_tag" - container_image: quay.io/centos/centos:stream8 - container_image_latest: test-latest - container_cli: podman - - role: "tripleo_container_tag" - container_image: quay.io/centos/centos:stream8 - container_image_latest: test-latest-2 - container_cli: podman - container_pull_image: false diff --git a/tripleo_ansible/roles/tripleo_container_tag/molecule/legacy_vars/molecule.yml b/tripleo_ansible/roles/tripleo_container_tag/molecule/legacy_vars/molecule.yml deleted file mode 100644 index 61c228c9e..000000000 --- a/tripleo_ansible/roles/tripleo_container_tag/molecule/legacy_vars/molecule.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_container_tag/molecule/legacy_vars/prepare.yml b/tripleo_ansible/roles/tripleo_container_tag/molecule/legacy_vars/prepare.yml deleted file mode 100644 index bda439a9f..000000000 --- a/tripleo_ansible/roles/tripleo_container_tag/molecule/legacy_vars/prepare.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - become: true - gather_facts: true - vars: - required_packages: - - podman - roles: - - role: test_deps - test_deps_extra_packages: "{{ required_packages }}" - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_container_tag/tasks/main.yml b/tripleo_ansible/roles/tripleo_container_tag/tasks/main.yml deleted file mode 100644 index 7c7915ba9..000000000 --- a/tripleo_ansible/roles/tripleo_container_tag/tasks/main.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_container_tag" will search for and load any operating system variable file - -- name: Fail if container image is undefined - fail: - msg: >- - The variable `tripleo_container_image` is an empty set. Check the settings. - when: - - not tripleo_container_image - -- name: Pull {{ tripleo_container_image }} image - shell: "{{ tripleo_container_cli }} pull {{ tripleo_container_image }}" - when: - - tripleo_container_pull_image | bool - -- name: Tag {{ tripleo_container_image_latest }} to latest {{ tripleo_container_image }} image - shell: "{{ tripleo_container_cli }} tag {{ tripleo_container_image }} {{ tripleo_container_image_latest }}" diff --git a/tripleo_ansible/roles/tripleo_create_admin/defaults/main.yml b/tripleo_ansible/roles/tripleo_create_admin/defaults/main.yml deleted file mode 100644 index 30489608c..000000000 --- a/tripleo_ansible/roles/tripleo_create_admin/defaults/main.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# Set the default admin user -tripleo_admin_user: tripleo-admin - -# Enable or disable key generation for the defined user -tripleo_admin_generate_key: false - -# When `tripleo_admin_pubkey` is defined an additional authorized key will -# added to the admin users authroized_keys file. -# tripleo_admin_pubkey: ssh-rsa AAAA... - -# When `tripleo_admin_prikey` is defined and not empty and when -# distribute_private_key is true, then a private key will -# be added to the admin user's home dir. It will be called -# "~/.ssh/id_rsa" and contain something like: -# tripleo_admin_prikey: -----BEGIN OPENSSH PRIVATE KEY-----\nb3B... - -distribute_private_key: false diff --git a/tripleo_ansible/roles/tripleo_create_admin/meta/main.yml b/tripleo_ansible/roles/tripleo_create_admin/meta/main.yml deleted file mode 100644 index 6ac05f981..000000000 --- a/tripleo_ansible/roles/tripleo_create_admin/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_create_admin - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_create_admin/molecule/addkey/converge.yml b/tripleo_ansible/roles/tripleo_create_admin/molecule/addkey/converge.yml deleted file mode 100644 index dc4e665e1..000000000 --- a/tripleo_ansible/roles/tripleo_create_admin/molecule/addkey/converge.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_create_admin" - post_tasks: - - import_role: - name: tripleo_create_admin - tasks_from: authorize_user.yml - vars: - tripleo_admin_user: tripleo-admin - tripleo_admin_pubkey: ssh-rsa AAAATEST - - - import_role: - name: tripleo_create_admin - tasks_from: distribute_key_files.yml - vars: - tripleo_admin_user: tripleo-admin - distribute_private_key: true - tripleo_admin_prikey: '-----BEGIN OPENSSH PRIVATE KEY-----' diff --git a/tripleo_ansible/roles/tripleo_create_admin/molecule/addkey/molecule.yml b/tripleo_ansible/roles/tripleo_create_admin/molecule/addkey/molecule.yml deleted file mode 100644 index b8aa37228..000000000 --- a/tripleo_ansible/roles/tripleo_create_admin/molecule/addkey/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_create_admin/molecule/addkey/prepare.yml b/tripleo_ansible/roles/tripleo_create_admin/molecule/addkey/prepare.yml deleted file mode 100644 index d4426a92c..000000000 --- a/tripleo_ansible/roles/tripleo_create_admin/molecule/addkey/prepare.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - openssh - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_create_admin/molecule/addkey/tests/test_keyadd.py b/tripleo_ansible/roles/tripleo_create_admin/molecule/addkey/tests/test_keyadd.py deleted file mode 100644 index 3826b5c83..000000000 --- a/tripleo_ansible/roles/tripleo_create_admin/molecule/addkey/tests/test_keyadd.py +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import os - -import testinfra.utils.ansible_runner - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_user_key_add(host): - auth_keys = host.file("/home/tripleo-admin/.ssh/authorized_keys") - assert 'ssh-rsa AAAATEST' in auth_keys.content_string - private_key = host.file("/home/tripleo-admin/.ssh/id_rsa") - assert '-----BEGIN OPENSSH PRIVATE KEY-----' in private_key.content_string diff --git a/tripleo_ansible/roles/tripleo_create_admin/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_create_admin/molecule/default/converge.yml deleted file mode 100644 index 18ec8ae13..000000000 --- a/tripleo_ansible/roles/tripleo_create_admin/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_create_admin" diff --git a/tripleo_ansible/roles/tripleo_create_admin/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_create_admin/molecule/default/molecule.yml deleted file mode 100644 index b8aa37228..000000000 --- a/tripleo_ansible/roles/tripleo_create_admin/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_create_admin/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_create_admin/molecule/default/prepare.yml deleted file mode 100644 index d4426a92c..000000000 --- a/tripleo_ansible/roles/tripleo_create_admin/molecule/default/prepare.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - openssh - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_create_admin/molecule/default/tests/test_default.py b/tripleo_ansible/roles/tripleo_create_admin/molecule/default/tests/test_default.py deleted file mode 100644 index e82fee990..000000000 --- a/tripleo_ansible/roles/tripleo_create_admin/molecule/default/tests/test_default.py +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import os - -import testinfra.utils.ansible_runner - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_user_exists(host): - assert host.user('tripleo-admin').home == "/home/tripleo-admin" diff --git a/tripleo_ansible/roles/tripleo_create_admin/molecule/keygen/converge.yml b/tripleo_ansible/roles/tripleo_create_admin/molecule/keygen/converge.yml deleted file mode 100644 index c728ad22a..000000000 --- a/tripleo_ansible/roles/tripleo_create_admin/molecule/keygen/converge.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_create_admin" - tripleo_admin_generate_key: true diff --git a/tripleo_ansible/roles/tripleo_create_admin/molecule/keygen/molecule.yml b/tripleo_ansible/roles/tripleo_create_admin/molecule/keygen/molecule.yml deleted file mode 100644 index b8aa37228..000000000 --- a/tripleo_ansible/roles/tripleo_create_admin/molecule/keygen/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_create_admin/molecule/keygen/prepare.yml b/tripleo_ansible/roles/tripleo_create_admin/molecule/keygen/prepare.yml deleted file mode 100644 index d4426a92c..000000000 --- a/tripleo_ansible/roles/tripleo_create_admin/molecule/keygen/prepare.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - openssh - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_create_admin/molecule/keygen/tests/test_keygen.py b/tripleo_ansible/roles/tripleo_create_admin/molecule/keygen/tests/test_keygen.py deleted file mode 100644 index 2672b5c92..000000000 --- a/tripleo_ansible/roles/tripleo_create_admin/molecule/keygen/tests/test_keygen.py +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import os - -import testinfra.utils.ansible_runner - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_user_key_exists(host): - assert host.file("/home/tripleo-admin/.ssh/id_rsa.pub").exists diff --git a/tripleo_ansible/roles/tripleo_create_admin/tasks/authorize_user.yml b/tripleo_ansible/roles/tripleo_create_admin/tasks/authorize_user.yml deleted file mode 100644 index afa9ee1d7..000000000 --- a/tripleo_ansible/roles/tripleo_create_admin/tasks/authorize_user.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: authorize TripleO key for user {{ tripleo_admin_user }} - lineinfile: - path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys - line: '{{ tripleo_admin_pubkey }}' - regexp: 'Generated by TripleO' - when: - - tripleo_admin_pubkey is defined diff --git a/tripleo_ansible/roles/tripleo_create_admin/tasks/create_user.yml b/tripleo_ansible/roles/tripleo_create_admin/tasks/create_user.yml deleted file mode 100644 index ecc41c153..000000000 --- a/tripleo_ansible/roles/tripleo_create_admin/tasks/create_user.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: create user {{ tripleo_admin_user }} - user: - name: '{{ tripleo_admin_user }}' - generate_ssh_key: '{{ tripleo_admin_generate_key }}' - -- name: grant admin rights to user {{ tripleo_admin_user }} - copy: - dest: /etc/sudoers.d/{{ tripleo_admin_user }} - content: | - {{ tripleo_admin_user }} ALL=(ALL) NOPASSWD:ALL - mode: 0440 - owner: root - group: root - -# workaround for https://bugs.launchpad.net/tripleo/+bug/1917856 -- name: ensure home dir has the right owner/group for user {{ tripleo_admin_user }} - file: - path: /home/{{ tripleo_admin_user }} - state: directory - owner: '{{ tripleo_admin_user }}' - group: '{{ tripleo_admin_user }}' - mode: 0700 - -- name: ensure .ssh dir exists for user {{ tripleo_admin_user }} - file: - path: /home/{{ tripleo_admin_user }}/.ssh - state: directory - owner: '{{ tripleo_admin_user }}' - group: '{{ tripleo_admin_user }}' - mode: 0700 - -- name: ensure authorized_keys file exists for user {{ tripleo_admin_user }} - file: - path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys - state: touch - owner: '{{ tripleo_admin_user }}' - group: '{{ tripleo_admin_user }}' - mode: 0600 - -- name: get remote {{ tripleo_admin_user }} public key - slurp: - src: /home/{{ tripleo_admin_user }}/.ssh/id_rsa.pub - register: key - when: - - tripleo_admin_generate_key | bool - -- name: append {{ tripleo_admin_user }} public key to authorized_keys - lineinfile: - path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys - line: "{{ key['content'] | b64decode }}" - state: present - owner: '{{ tripleo_admin_user }}' - group: '{{ tripleo_admin_user }}' - mode: 0600 - when: - - tripleo_admin_generate_key | bool diff --git a/tripleo_ansible/roles/tripleo_create_admin/tasks/distribute_key_files.yml b/tripleo_ansible/roles/tripleo_create_admin/tasks/distribute_key_files.yml deleted file mode 100644 index 05c5a1cde..000000000 --- a/tripleo_ansible/roles/tripleo_create_admin/tasks/distribute_key_files.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Install private key on nodes for user {{ tripleo_admin_user }} - copy: - dest: /home/{{ tripleo_admin_user }}/.ssh/id_rsa - content: "{{ tripleo_admin_prikey }}" - owner: "{{ tripleo_admin_user }}" - group: "{{ tripleo_admin_user }}" - mode: '0600' - when: - - distribute_private_key | bool - - tripleo_admin_prikey is defined - - tripleo_admin_prikey | length > 0 - -- name: Install public key on nodes for user {{ tripleo_admin_user }} - copy: - dest: /home/{{ tripleo_admin_user }}/.ssh/id_rsa.pub - content: "{{ tripleo_admin_pubkey }}" - owner: "{{ tripleo_admin_user }}" - group: "{{ tripleo_admin_user }}" - mode: '0644' - when: - - distribute_private_key | bool - - tripleo_admin_pubkey is defined - - tripleo_admin_pubkey | length > 0 diff --git a/tripleo_ansible/roles/tripleo_create_admin/tasks/main.yml b/tripleo_ansible/roles/tripleo_create_admin/tasks/main.yml deleted file mode 100644 index b597a323d..000000000 --- a/tripleo_ansible/roles/tripleo_create_admin/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- import_tasks: create_user.yml -- import_tasks: authorize_user.yml -- import_tasks: distribute_key_files.yml - when: distribute_private_key | bool diff --git a/tripleo_ansible/roles/tripleo_etcd/defaults/main.yml b/tripleo_ansible/roles/tripleo_etcd/defaults/main.yml deleted file mode 100644 index b87d9662d..000000000 --- a/tripleo_ansible/roles/tripleo_etcd/defaults/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# defaults file for tripleo_etcd -tripleo_etcd_name: "{{ lookup('vars', 'fqdn_' ~ etcd_network) }}" -tripleo_etcd_ip: "{{ lookup( 'vars', etcd_network ~ '_ip' ) }}" -tripleo_etcd_wal_dir: '' -tripleo_etcd_snapshot_count: 10000 -tripleo_etcd_heartbeat_interval : 100 -tripleo_etcd_election_timeout: 1000 -tripleo_etcd_quota_backend_bytes: 0 -tripleo_etcd_max_snapshots: 5 -tripleo_etcd_max_wals: 5 -tripleo_etcd_cors: '' -tripleo_etcd_protocol: "{{ 'https' if tripleo_etcd_enable_internal_tls else 'http' }}" -tripleo_etcd_client_port: '2379' -tripleo_etcd_peer_port: '2380' -tripleo_etcd_discovery: '' -tripleo_etcd_discovery_failback: "proxy" -tripleo_etcd_discovery_proxy: '' -tripleo_etcd_discovery_srv: '' -tripleo_etcd_initial_cluster_state: 'new' -tripleo_etcd_strict_reconfig_check: false -tripleo_etcd_enable_pprof: true -tripleo_etcd_proxy: 'off' -tripleo_etcd_proxy_failure_wait: 5000 -tripleo_etcd_refresh_interval: 30000 -tripleo_etcd_dial_timeout: 1000 -tripleo_etcd_write_timeout: 5000 -tripleo_etcd_read_timeout: 0 -tripleo_etcd_certificate_specs_service_certificate: '' -tripleo_etcd_certificate_specs_service_key: '' -tripleo_etcd_trusted_ca_file: -tripleo_etcd_peer_trusted_ca_file: -tripleo_etcd_auto_tls: false -tripleo_etcd_peer_auto_tls: false -tripleo_etcd_enable_internal_tls: false -tripleo_etcd_debug: false -tripleo_etcd_logger: "zap" -tripleo_etcd_log_outputs: [stderr] -tripleo_etcd_force_new_cluster: false -tripleo_etcd_auto_compaction_mode: "periodic" -tripleo_etcd_auto_compaction_retention: "1" -tripleo_etcd_config_dir: /var/lib/config-data/ansible-generated/etcd -tripleo_etcd_enable_grpc_gateway: true diff --git a/tripleo_ansible/roles/tripleo_etcd/meta/main.yml b/tripleo_ansible/roles/tripleo_etcd/meta/main.yml deleted file mode 100644 index 9e63643c9..000000000 --- a/tripleo_ansible/roles/tripleo_etcd/meta/main.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_etcd - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: Fedora - versions: - - 28 - - name: CentOS - versions: - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_etcd/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_etcd/molecule/default/converge.yml deleted file mode 100644 index 2ef56c1fe..000000000 --- a/tripleo_ansible/roles/tripleo_etcd/molecule/default/converge.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - tasks: - - name: Prep host for etcd - include_role: - name: tripleo_etcd - tasks_from: host_prep - - name: create etcd config - include_role: - name: tripleo_etcd - vars: - etcd_network: "network1" - etcd_node_names: [ 'node1', 'node2' ] - fqdn_network1: "node1" - network1_ip: '192.2.0.0' - tripleo_etcd_initial_cluster_token: "xyz" diff --git a/tripleo_ansible/roles/tripleo_etcd/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_etcd/molecule/default/molecule.yml deleted file mode 100644 index 3f36bd94f..000000000 --- a/tripleo_ansible/roles/tripleo_etcd/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: ansible diff --git a/tripleo_ansible/roles/tripleo_etcd/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_etcd/molecule/default/prepare.yml deleted file mode 100644 index 89a9fac71..000000000 --- a/tripleo_ansible/roles/tripleo_etcd/molecule/default/prepare.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps diff --git a/tripleo_ansible/roles/tripleo_etcd/molecule/default/verify.yml b/tripleo_ansible/roles/tripleo_etcd/molecule/default/verify.yml deleted file mode 100644 index dabf792a7..000000000 --- a/tripleo_ansible/roles/tripleo_etcd/molecule/default/verify.yml +++ /dev/null @@ -1,61 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Verify - hosts: all - gather_facts: false - tasks: - - name: Check etcd.yml parameters - lineinfile: - name: /var/lib/config-data/ansible-generated/etcd/etc/etcd/etcd.yml - regexp: "^\\s+{{ item.var }}" - line: "{{ item.var }}: {{ item.value }}" - loop: - - {var: enable-pprof, value: 'True'} - - {var: enable-grpc-gateway, value: 'True'} - - {var: listen-client-urls, value: '"http://192.2.0.0:2379"'} - - {var: name, value: '"node1"'} - - {var: initial-cluster, value: '"node1=http://node1:2380,node2=http://node2:2380"'} - register: etcd_yaml_result - - - name: Check etcd.conf parameters - lineinfile: - name: /var/lib/config-data/ansible-generated/etcd/etc/etcd/etcd.conf - regexp: "^\\s+{{ item.var }}" - line: "{{ item.var }}={{ item.value }}" - loop: - - {var: ETCD_LOGGER, value: '"zap"'} - - {var: ETCD_DISCOVERY_FAILBACK, value: '"proxy"'} - - {var: ETCD_LISTEN_PEER_URLS, value: '"http://192.2.0.0:2380"'} - - {var: ETCD_NAME, value: '"node1"'} - - {var: ETCD_INITIAL_CLUSTER, value: '"node1=http://node1:2380,node2=http://node2:2380"'} - register: etcd_conf_result - - - name: Fail if etcd.yml parameters are not correct - debug: - msg: "/var/lib/config-data/ansible-generated/etcd/etc/etcd/etcd.yml settings are not correct." - when: - - etcd_yaml_result.changed - failed_when: - - true - - - name: Fail if etcd.conf parameters are not correct - debug: - msg: "/var/lib/config-data/ansible-generated/etcd/etc/etcd/etcd.conf settings are not correct." - when: - - etcd_conf_result.changed - failed_when: - - true diff --git a/tripleo_ansible/roles/tripleo_etcd/tasks/host_prep.yml b/tripleo_ansible/roles/tripleo_etcd/tasks/host_prep.yml deleted file mode 100644 index 9d6640a55..000000000 --- a/tripleo_ansible/roles/tripleo_etcd/tasks/host_prep.yml +++ /dev/null @@ -1,13 +0,0 @@ -- name: create /var/lib/etcd - file: - path: /var/lib/etcd - state: directory - setype: container_file_t - -- name: Ensure "{{ tripleo_etcd_config_dir }}/etc/etcd" exists - file: - path: "{{ tripleo_etcd_config_dir }}/etc/etcd" - state: directory - setype: container_file_t - mode: '755' - recurse: true diff --git a/tripleo_ansible/roles/tripleo_etcd/tasks/main.yml b/tripleo_ansible/roles/tripleo_etcd/tasks/main.yml deleted file mode 100644 index eb0c037e6..000000000 --- a/tripleo_ansible/roles/tripleo_etcd/tasks/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Create /etc/etcd/etcd.conf - template: - dest: "{{ tripleo_etcd_config_dir }}/etc/etcd/etcd.conf" - src: etc/etcd/etcd.conf.j2 - -- name: Create /etc/etcd/etcd.yml - template: - dest: "{{ tripleo_etcd_config_dir }}/etc/etcd/etcd.yml" - src: etc/etcd/etcd.yml.j2 diff --git a/tripleo_ansible/roles/tripleo_etcd/templates/etc/etcd/etcd.conf.j2 b/tripleo_ansible/roles/tripleo_etcd/templates/etc/etcd/etcd.conf.j2 deleted file mode 100644 index f7675ec89..000000000 --- a/tripleo_ansible/roles/tripleo_etcd/templates/etc/etcd/etcd.conf.j2 +++ /dev/null @@ -1,54 +0,0 @@ -#Etcd configuration - -ETCD_NAME="{{ tripleo_etcd_name }}" -ETCD_DATA_DIR="/var/lib/etcd/{{ tripleo_etcd_name }}.etcd" -ETCD_WAL_DIR="{{ tripleo_etcd_wal_dir }}" -ETCD_SNAPSHOT_COUNT="{{ tripleo_etcd_snapshot_count }}" -ETCD_HEARTBEAT_INTERVAL="{{ tripleo_etcd_heartbeat_interval }}" -ETCD_ELECTION_TIMEOUT="{{ tripleo_etcd_election_timeout }}" -ETCD_QUOTA_BACKEND_BYTES= "{{ tripleo_etcd_quota_backend_bytes }}" -ETCD_LISTEN_PEER_URLS="{{ tripleo_etcd_protocol }}://{{ tripleo_etcd_ip }}:{{ tripleo_etcd_peer_port}}" -ETCD_LISTEN_CLIENT_URLS="{{ tripleo_etcd_protocol }}://{{ tripleo_etcd_ip }}:{{ tripleo_etcd_client_port}}" -ETCD_MAX_SNAPSHOTS="{{ tripleo_etcd_max_snapshots }}" -ETCD_MAX_WALS="{{ tripleo_etcd_max_wals }}" -ETCD_CORS="{{ tripleo_etcd_cors }}" -ETCD_INITIAL_ADVERTISE_PEER_URLS="{{ tripleo_etcd_protocol }}://{{ tripleo_etcd_ip }}:{{ tripleo_etcd_peer_port}}" -ETCD_ADVERTISE_CLIENT_URLS="{{ tripleo_etcd_protocol }}://{{ tripleo_etcd_ip }}:{{ tripleo_etcd_client_port}}" -ETCD_DISCOVERY="{{ tripleo_etcd_discovery }}" -ETCD_DISCOVERY_FAILBACK="{{ tripleo_etcd_discovery_failback }}" -ETCD_DISCOVERY_PROXY="{{ tripleo_etcd_discovery_proxy }}" -ETCD_DISCOVERY_SRV="{{ tripleo_etcd_discovery_srv }}" - -{% set tripleo_etcd_initial_cluster = [] %} -{% for node in etcd_node_names %} -{{ tripleo_etcd_initial_cluster.append(node+'='+tripleo_etcd_protocol+'://'+node+":"+tripleo_etcd_peer_port) }} -{% endfor %} - -ETCD_INITIAL_CLUSTER="{{ tripleo_etcd_initial_cluster | join(',') }}" -ETCD_INITIAL_CLUSTER_TOKEN="{{ tripleo_etcd_initial_cluster_token }}" -ETCD_INITIAL_CLUSTER_STATE="{{ tripleo_etcd_initial_cluster_state }}" -ETCD_STRICT_RECONFIG_CHECK={{ tripleo_etcd_strict_reconfig_check }} -ETCD_ENABLE_PPROF={{ tripleo_etcd_enable_pprof }} -ETCD_PROXY="{{ tripleo_etcd_proxy }}" -ETCD_PROXY_FAILURE_WAIT={{ tripleo_etcd_proxy_failure_wait }} -ETCD_REFRESH_INTERVAL={{ tripleo_etcd_refresh_interval }} -ETCD_DIAL_TIMEOUT={{ tripleo_etcd_dial_timeout }} -ETCD_WRITE_TIMEOUT={{ tripleo_etcd_write_timeout }} -ETCD_READ_TIMEOUT={{ tripleo_etcd_read_timeout }} -ETCD_CERT_FILE="{{ tripleo_etcd_certificate_specs_service_certificate }}" -ETCD_KEY_FILE="{{ tripleo_etcd_certificate_specs_service_key }}" -ETCD_CLIENT_CERT_AUTH="{{ tripleo_etcd_enable_internal_tls }}" -ETCD_PEER_CERT_FILE="{{ tripleo_etcd_certificate_specs_service_certificate }}" -ETCD_PEER_KEY_FILE="{{ tripleo_etcd_certificate_specs_service_key }}" -ETCD_PEER_CLIENT_CERT_AUTH="{{ tripleo_etcd_enable_internal_tls }}" -ETCD_TRUSTED_CA_FILE="{{ tripleo_etcd_trusted_ca_file }}" -ETCD_AUTO_TLS={{ tripleo_etcd_auto_tls }} -ETCD_PEER_TRUSTED_CA_FILE="{{ tripleo_etcd_trusted_ca_file }}" -ETCD_PEER_AUTO_TLS={{ tripleo_etcd_peer_auto_tls }} -ETCD_DEBUG={{ tripleo_etcd_debug }} -ETCD_LOGGER="{{ tripleo_etcd_logger }}" -ETCD_LOG_OUTPUTS={{ tripleo_etcd_log_outputs }} -ETCD_FORCE_NEW_CLSUTER={{ tripleo_etcd_force_new_cluster }} -ETCD_AUTO_COMPACTION_NODE="{{ tripleo_etcd_auto_compaction_mode }}" -ETCD_AUTO_COMPACTION_RETENTION="{{ tripleo_etcd_auto_compaction_retention }}" -ETCD_ENABLE_GRPC_GATEWAY={{ tripleo_etcd_enable_grpc_gateway }} diff --git a/tripleo_ansible/roles/tripleo_etcd/templates/etc/etcd/etcd.yml.j2 b/tripleo_ansible/roles/tripleo_etcd/templates/etc/etcd/etcd.yml.j2 deleted file mode 100644 index 8fe9bbeff..000000000 --- a/tripleo_ansible/roles/tripleo_etcd/templates/etc/etcd/etcd.yml.j2 +++ /dev/null @@ -1,150 +0,0 @@ -# Source URL: https://raw.githubusercontent.com/coreos/etcd/master/etcd.conf.yml.sample -# This is the configuration file for the etcd server. - -# Human-readable name for this member. -name: "{{ tripleo_etcd_name }}" - -# Path to the data directory. -data-dir: "/var/lib/etcd/{{ tripleo_etcd_name }}.etcd" - -# Path to the dedicated wal directory. -wal-dir: "{{ tripleo_etcd_wal_dir }}" - -# Number of committed transactions to trigger a snapshot to disk -snapshot-count: {{ tripleo_etcd_snapshot_count }} - -# Time (in milliseconds) of a heartbeat interval. -heartbeat-interval: {{ tripleo_etcd_heartbeat_interval }} - -# Time (in milliseconds) for an election to timeout. -election-timeout: {{ tripleo_etcd_election_timeout }} - -# Raise alarms when backend size exceeds the given quota. 0 means use the -# default quota. -quota-backend-bytes: {{ tripleo_etcd_quota_backend_bytes }} - -# List of comma separated URLs to listen on for peer traffic. -listen-peer-urls: "{{ tripleo_etcd_protocol }}://{{ tripleo_etcd_ip }}:{{ tripleo_etcd_peer_port}}" - -# List of comma separated URLs to listen on for client traffic. -listen-client-urls: "{{ tripleo_etcd_protocol }}://{{ tripleo_etcd_ip }}:{{ tripleo_etcd_client_port}}" - -# Maximum number of snapshot files to retain (0 is unlimited) -max-snapshots: {{ tripleo_etcd_max_snapshots }} - -# Maximum number of wal files to retain (0 is unlimited). -max-wals: {{ tripleo_etcd_max_wals }} - -# Comma-separated white list of origins for CORS (cross-origin resource sharing). -cors: "{{ tripleo_etcd_cors }}" - -# List of this member's peer URLs to advertise to the rest of the cluster. -# The URLs needed to be a comma-separated list. -initial-advertise-peer-urls: "{{ tripleo_etcd_protocol }}://{{ tripleo_etcd_ip }}:{{ tripleo_etcd_peer_port}}" - -# List of this member's client URLs to advertise to the public. -# The URLs needed to be a comma-separated list. -advertise-client-urls: "{{ tripleo_etcd_protocol }}://{{ tripleo_etcd_ip }}:{{ tripleo_etcd_client_port}}" - -# Discovery URL used to bootstrap the cluster. -discovery: "{{ tripleo_etcd_discovery }}" - -# Valid values include 'exit', 'proxy' -discovery-fallback: "{{ tripleo_etcd_discovery_failback }}" - -# HTTP proxy to use for traffic to discovery service. -discovery-proxy: "{{ tripleo_etcd_discovery_proxy }}" - -# DNS domain used to bootstrap initial cluster. -discovery-srv: "{{ tripleo_etcd_discovery_srv }}" - -{% set tripleo_etcd_initial_cluster = [] %} -{% for node in etcd_node_names %} -{{ tripleo_etcd_initial_cluster.append(node+'='+tripleo_etcd_protocol+'://'+node+':'+tripleo_etcd_peer_port) }} -{% endfor %} - -# Initial cluster configuration for bootstrapping. -initial-cluster: "{{ tripleo_etcd_initial_cluster | join(',') }}" - -# Initial cluster token for the etcd cluster during bootstrap. -initial-cluster-token: "{{ tripleo_etcd_initial_cluster_token }}" - -# Initial cluster state ('new' or 'existing'). -initial-cluster-state: "{{ tripleo_etcd_initial_cluster_state }}" - -# Reject reconfiguration requests that would cause quorum loss. -strict-reconfig-check: {{ tripleo_etcd_strict_reconfig_check }} - -# Enable runtime profiling data via HTTP server -enable-pprof: {{ tripleo_etcd_enable_pprof }} - -# proxy -proxy: "{{ tripleo_etcd_proxy }}" - -# Time (in milliseconds) an endpoint will be held in a failed state. -proxy-failure-wait: {{ tripleo_etcd_proxy_failure_wait }} - -# Time (in milliseconds) of the endpoints refresh interval. -proxy-refresh-interval: {{ tripleo_etcd_refresh_interval }} - -# Time (in milliseconds) for a dial to timeout. -proxy-dial-timeout: {{ tripleo_etcd_dial_timeout }} - -# Time (in milliseconds) for a write to timeout. -proxy-write-timeout: {{ tripleo_etcd_write_timeout }} - -# Time (in milliseconds) for a read to timeout. -proxy-read-timeout: {{ tripleo_etcd_read_timeout }} - -client-transport-security: - # Path to the client server TLS cert file. - cert-file: "{{ tripleo_etcd_certificate_specs_service_certificate }}" - - # Path to the client server TLS key file. - key-file: "{{ tripleo_etcd_certificate_specs_service_key }}" - - # Enable client cert authentication. - client-cert-auth: {{ tripleo_etcd_enable_internal_tls }} - - # Path to the client server TLS trusted CA key file. - trusted-ca-file: "{{ tripleo_etcd_trusted_ca_file }}" - - # Client TLS using generated certificates - auto-tls: {{ tripleo_etcd_auto_tls }} - -peer-transport-security: - # Path to the peer server TLS cert file. - cert-file: "{{ tripleo_etcd_certificate_specs_service_certificate }}" - - # Path to the peer server TLS key file. - key-file: "{{ tripleo_etcd_certificate_specs_service_key }}" - - # Enable peer client cert authentication. - client-cert-auth: {{ tripleo_etcd_enable_internal_tls }} - - # Path to the peer server TLS trusted CA key file. - trusted-ca-file: "{{ tripleo_etcd_peer_trusted_ca_file }}" - - # Peer TLS using generated certificates. - auto-tls: {{ tripleo_etcd_peer_auto_tls }} - -# Enable debug-level logging for etcd. -debug: {{ tripleo_etcd_debug }} - -# logger logs server-side operation -logger: "{{ tripleo_etcd_logger }}" - -# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd. -log-outputs: {{ tripleo_etcd_log_outputs }} - -# Force to create a new one member cluster. -force-new-cluster: {{ tripleo_etcd_force_new_cluster }} - -# Compaction mode , can be periodic|revison -auto-compaction-mode: "{{ tripleo_etcd_auto_compaction_mode }}" - -# Duration based compaction retention, defaulting to hours if no time unit is provided -auto-compaction-retention: "{{ tripleo_etcd_auto_compaction_retention }}" - -# Enable etcd's grpc gateway for tooz etcd3gw driver -enable-grpc-gateway: {{ tripleo_etcd_enable_grpc_gateway }} diff --git a/tripleo_ansible/roles/tripleo_firewall/defaults/main.yml b/tripleo_ansible/roles/tripleo_firewall/defaults/main.yml deleted file mode 100644 index 0f8a47965..000000000 --- a/tripleo_ansible/roles/tripleo_firewall/defaults/main.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_firewall" - -# Example rule definition -# -# '003 accept ssh from all': -# proto: 'tcp' -# dport: 22 -# '002 remove ssh from all': -# proto: 'tcp' -# dport: 22 -# extras: -# ensure: 'absent' - -tripleo_firewall_rules: {} - -tripleo_firewall_frontend_enabled: false - -tripleo_firewall_frontend_rules: {} - -tripleo_firewall_ssl_frontend_enabled: false - -tripleo_firewall_ssl_frontend_rules: {} - -tripleo_firewall_edge_frontend_enabled: false - -tripleo_firewall_edge_frontend_rules: {} - -tripleo_firewall_edge_ssl_frontend_rules: {} diff --git a/tripleo_ansible/roles/tripleo_firewall/meta/main.yml b/tripleo_ansible/roles/tripleo_firewall/meta/main.yml deleted file mode 100644 index d43f614ad..000000000 --- a/tripleo_ansible/roles/tripleo_firewall/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_firewall - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_firewall/molecule/nftables/converge.yml b/tripleo_ansible/roles/tripleo_firewall/molecule/nftables/converge.yml deleted file mode 100644 index dff44bd44..000000000 --- a/tripleo_ansible/roles/tripleo_firewall/molecule/nftables/converge.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_firewall" - tripleo_firewall_engine: 'nftables' - tasks: - - name: Clean everything nftables related - import_role: - name: tripleo_nftables - tasks_from: cleanup.yml diff --git a/tripleo_ansible/roles/tripleo_firewall/molecule/nftables/molecule.yml b/tripleo_ansible/roles/tripleo_firewall/molecule/nftables/molecule.yml deleted file mode 100644 index 8cb5361ef..000000000 --- a/tripleo_ansible/roles/tripleo_firewall/molecule/nftables/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - -scenario: - name: nftables - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_firewall/molecule/nftables/prepare.yml b/tripleo_ansible/roles/tripleo_firewall/molecule/nftables/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/tripleo_firewall/molecule/nftables/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_firewall/tasks/main.yml b/tripleo_ansible/roles/tripleo_firewall/tasks/main.yml deleted file mode 100644 index b4ff6e69a..000000000 --- a/tripleo_ansible/roles/tripleo_firewall/tasks/main.yml +++ /dev/null @@ -1,105 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_firewall" will search for and load any operating system variable file -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Get masquerade rules - import_tasks: masquerade.yaml - -- name: Set the default frontend firewall rules - set_fact: - tripleo_firewall_frontend_rules_real: {} - -- name: When frontend rules are required - when: tripleo_firewall_frontend_enabled - block: - - name: Not in edge site - when: not tripleo_firewall_edge_frontend_enabled - block: - - name: Set frontend rule fact (non-ssl rules) - set_fact: - tripleo_firewall_frontend_rules_real: "{{ - tripleo_firewall_frontend_rules_real | - combine(tripleo_firewall_frontend_rules) - }}" - - - name: Set frontend rule fact (ssl rules) - when: tripleo_firewall_ssl_frontend_enabled - set_fact: - tripleo_firewall_frontend_rules_real: "{{ - tripleo_firewall_frontend_rules_real | - combine(tripleo_firewall_ssl_frontend_rules) - }}" - - - name: In edge site - when: tripleo_firewall_edge_frontend_enabled - block: - - name: Set frontend rule fact (non-ssl rules) - set_fact: - tripleo_firewall_frontend_rules_real: "{{ - tripleo_firewall_frontend_rules_real | - combine(tripleo_firewall_edge_frontend_rules) - }}" - - - name: Set frontend rule fact (ssl rules) - when: tripleo_firewall_ssl_frontend_enabled - set_fact: - tripleo_firewall_frontend_rules_real: "{{ - tripleo_firewall_frontend_rules_real | - combine(tripleo_firewall_edge_ssl_frontend_rules) - }}" - -- name: Set rule fact - set_fact: - firewall_rules_sorted: "{{ - tripleo_firewall_rules | - combine(tripleo_firewall_frontend_rules_real) | - combine(masquerade_rules|from_yaml) | - dict2items(key_name='rule_name', value_name='rule') | - sort(attribute='rule_name') | - list - }}" - -- name: Ensures rule snippets directory exists - become: true - file: - path: /var/lib/tripleo-config/firewall - state: directory - owner: root - group: root - mode: 0750 - -- name: Output rule snippet - become: true - tripleo_nftables_snippet: - dest: /var/lib/tripleo-config/firewall/tripleo-generated-rules.yaml - content: "{{ firewall_rules_sorted | to_nice_yaml }}" - -- name: Manage rules via nftables - include_role: - name: tripleo_nftables diff --git a/tripleo_ansible/roles/tripleo_firewall/tasks/masquerade.yaml b/tripleo_ansible/roles/tripleo_firewall/tasks/masquerade.yaml deleted file mode 100644 index 1ed59aba3..000000000 --- a/tripleo_ansible/roles/tripleo_firewall/tasks/masquerade.yaml +++ /dev/null @@ -1,52 +0,0 @@ ---- -- name: Create empty var for masquerade rules - set_fact: - masquerade_rules: {} - -- name: Enable masquerade - when: - - tripleo_masquerade_networks is defined - - tripleo_masquerade_networks|length > 0 - set_fact: - masquerade_rules: |- - {% for source, destinations in tripleo_masquerade_networks.items() %} - {% for destination in destinations %} - "137 routed_network return src {{ source }} dest {{ destination }}": - chain: "POSTROUTING" - destination: "{{ destination }}" - jump: "RETURN" - proto: "all" - source: "{{ source }}" - state: - - 'ESTABLISHED' - - 'NEW' - - 'RELATED' - table: "nat" - {% endfor %} - "138 routed_network masquerade {{ source }}": - chain: "POSTROUTING" - jump: "MASQUERADE" - proto: "all" - source: "{{ source }}" - state: - - 'ESTABLISHED' - - 'NEW' - - 'RELATED' - table: "nat" - "139 routed_network forward source {{ source }}": - chain: "FORWARD" - proto: "all" - source: "{{ source }}" - state: - - 'ESTABLISHED' - - 'NEW' - - 'RELATED' - "140 routed_network forward destinations {{ source }}": - chain: "FORWARD" - proto: "all" - source: "{{ source }}" - state: - - 'ESTABLISHED' - - 'NEW' - - 'RELATED' - {% endfor %} diff --git a/tripleo_ansible/roles/tripleo_firewall/vars/main.yml b/tripleo_ansible/roles/tripleo_firewall/vars/main.yml deleted file mode 100644 index e4eff3d7a..000000000 --- a/tripleo_ansible/roles/tripleo_firewall/vars/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# All variables within this role should have a prefix of "tripleo_firewall" - -# Converts the expected state options to functional states when -# interacting with ports. -tripleo_firewall_port_states: - enabled: 'present' - present: 'present' - absent: 'absent' - disabled: 'absent' diff --git a/tripleo_ansible/roles/tripleo_firewall/vars/redhat.yml b/tripleo_ansible/roles/tripleo_firewall/vars/redhat.yml deleted file mode 100644 index 54f6b6362..000000000 --- a/tripleo_ansible/roles/tripleo_firewall/vars/redhat.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -tripleo_firewall_packages: - - nftables diff --git a/tripleo_ansible/roles/tripleo_frr/defaults/main.yml b/tripleo_ansible/roles/tripleo_frr/defaults/main.yml deleted file mode 100644 index 675966343..000000000 --- a/tripleo_ansible/roles/tripleo_frr/defaults/main.yml +++ /dev/null @@ -1,85 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_frr" - -tripleo_frr_bfd: false -# Configures the detection multiplier to determine packet loss. -# The remote transmission interval will be multiplied by this -# value to determine the connection loss detection timer. -tripleo_frr_bfd_detect_multiplier: 3 -# The minimum transmission interval (less jitter) that this -# system wants to use to send BFD control packets. (milliseconds) -tripleo_frr_bfd_transmit_interval: 300 -# Configures the minimum interval that this system is capable of -# receiving control packets. (milliseconds) -tripleo_frr_bfd_receive_interval: 300 -tripleo_frr_bgp: false -tripleo_frr_bgp_ipv4: true -tripleo_frr_bgp_ipv4_allowas_in: false -tripleo_frr_bgp_ipv4_src_network: ctlplane -tripleo_frr_bgp_ipv6: true -tripleo_frr_bgp_ipv6_allowas_in: false -tripleo_frr_bgp_ipv6_src_network: ctlplane -tripleo_frr_bgp_l2vpn: true -tripleo_frr_bgp_l2vpn_ebgp_multihop: 0 -tripleo_frr_bgp_l2vpn_uplink_activate: true -tripleo_frr_bgp_l2vpn_peers: ['192.168.0.1', '192.168.0.2'] -tripleo_frr_bgp_l2vpn_peers_scope: external -# BGP RFCs only cover md5 auth for now, so setting this -# won't work on a FIPS-enabled environment -tripleo_frr_bgp_neighbor_password: '' -tripleo_frr_bgp_neighbor_ttl_security_hops: 1 -# List of ips or hostnames frr should peer with -tripleo_frr_bgp_peers: [] -# List of interfaces frr should use to set up peering -tripleo_frr_bgp_uplinks: [] -tripleo_frr_bgp_uplinks_scope: internal -tripleo_frr_config_basedir: "/var/lib/config-data/ansible-generated/frr" -tripleo_frr_defaults: traditional -tripleo_frr_hostname: "{{ ansible_facts['hostname'] }}" -tripleo_frr_log_level: informational -tripleo_frr_log_timestamp_precision: 3 -tripleo_frr_version: 7.0 -tripleo_frr_watchfrr: true -tripleo_frr_watchfrr_options: '' -tripleo_frr_zebra: false -tripleo_frr_zebra_nht_resolve_via_default: true -tripleo_frr_conf_custom_globals: '' -tripleo_frr_conf_custom_router_bgp: '' -tripleo_frr_conf_custom_ipv4: '' -tripleo_frr_conf_custom_ipv6: '' - -# BGP agent -tripleo_frr_ovn_bgp_agent_enable: true -tripleo_frr_ovn_bgp_agent_debug: true -tripleo_frr_ovn_bgp_agent_reconcile_interval: 120 -tripleo_frr_ovn_bgp_agent_expose_tenant_networks: false -tripleo_frr_ovn_bgp_agent_expose_ipv6_gua_tenant_networks: false -tripleo_frr_ovn_bgp_agent_driver: ovn_bgp_driver -tripleo_frr_ovn_bgp_agent_private_key: /etc/pki/tls/private/ovn_bgp_agent.key -tripleo_frr_ovn_bgp_agent_certificate: /etc/pki/tls/certs/ovn_bgp_agent.crt -tripleo_frr_ovn_bgp_agent_ca_cert: /etc/ipa/ca.crt -tripleo_frr_ovn_bgp_agent_internal_tls_enable: false -tripleo_frr_ovn_bgp_agent_config_basedir: "/var/lib/config-data/ansible-generated/ovn-bgp-agent" -tripleo_frr_ovn_bgp_agent_bgp_as: 64999 -tripleo_frr_ovn_bgp_agent_root_helper: "sudo ovn-bgp-agent-rootwrap /etc/ovn-bgp-agent/rootwrap.conf" -tripleo_frr_ovn_bgp_agent_root_helper_daemon: "sudo ovn-bgp-agent-rootwrap-daemon /etc/ovn-bgp-agent/rootwrap.conf" -tripleo_frr_ovn_bgp_agent_ovsdb_connection: "tcp:127.0.0.1:6640" -tripleo_frr_ovn_bgp_agent_ovs_manager: "ptcp:6640:127.0.0.1" diff --git a/tripleo_ansible/roles/tripleo_frr/meta/main.yml b/tripleo_ansible/roles/tripleo_frr/meta/main.yml deleted file mode 100644 index 3935e16b3..000000000 --- a/tripleo_ansible/roles/tripleo_frr/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_frr - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_frr/tasks/main.yml b/tripleo_ansible/roles/tripleo_frr/tasks/main.yml deleted file mode 100644 index 7d4eee0fe..000000000 --- a/tripleo_ansible/roles/tripleo_frr/tasks/main.yml +++ /dev/null @@ -1,105 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Gather SELinux fact if needed - when: - - ansible_facts.selinux is undefined - setup: - gather_subset: - - "!all" - - "!min" - - "selinux" - -- name: create fcontext entry for frr base directory - when: - - ansible_facts.selinux.status == "enabled" - become: true - community.general.sefcontext: - target: "{{ tripleo_frr_config_basedir }}/etc/frr(/.*)?" - setype: container_file_t - state: present - -- name: create directory {{ tripleo_frr_config_basedir }} - become: true - ansible.builtin.file: - path: "{{ tripleo_frr_config_basedir }}/etc/frr" - recurse: true - state: directory - selevel: s0 - setype: container_file_t - -- name: identify the real interfaces via os-net-config - shell: os-net-config -i - register: os_net_config_result - -- name: os-net-config from json - set_fact: - iface_map: "{{ os_net_config_result.stdout }}" - -- name: FRR uplink interfaces - block: - - name: construct FRR uplink interfaces from os-net-config mappings - set_fact: - tripleo_frr_bgp_uplinks_mapped: "{{ tripleo_frr_bgp_uplinks | map('extract', iface_map) | list }}" - rescue: - - name: failed to construct FRR uplink interfaces - ansible.builtin.fail: - msg: | - Failed to map at least one interface from {{ tripleo_frr_bgp_uplinks }} to {{ iface_map }}. - Please check value of Ansible variable tripleo_frr_bgp_uplinks. - when: tripleo_frr_bgp_uplinks - -- name: configure FRR - become: true - ansible.builtin.template: - src: frr.conf.j2 - dest: "{{ tripleo_frr_config_basedir }}/etc/frr/frr.conf" - mode: '640' - selevel: s0 - setype: container_file_t - register: _frr_config_result - -- name: configure FRR daemons - become: true - ansible.builtin.template: - src: daemons.j2 - dest: "{{ tripleo_frr_config_basedir }}/etc/frr/daemons" - mode: '640' - selevel: s0 - setype: container_file_t - register: _frr_daemons_result - -- name: restart FRR - when: - - _frr_config_result.changed or _frr_daemons_result.changed - block: - - name: check if tripleo_frr systemd service is active - become: true - shell: systemctl is-active --quiet tripleo_frr - failed_when: false - register: frr_active_service - - - name: restart frr container - become: true - systemd: - name: tripleo_frr - state: restarted - when: - - frr_active_service.rc == 0 - -- name: include OVN BGP agent - include_tasks: ovn_bgp_agent.yml - when: tripleo_frr_ovn_bgp_agent_enable | bool diff --git a/tripleo_ansible/roles/tripleo_frr/tasks/ovn_bgp_agent.yml b/tripleo_ansible/roles/tripleo_frr/tasks/ovn_bgp_agent.yml deleted file mode 100644 index ab74e0d56..000000000 --- a/tripleo_ansible/roles/tripleo_frr/tasks/ovn_bgp_agent.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: create OVN BGP agent directories - ansible.builtin.file: - path: "{{ tripleo_frr_ovn_bgp_agent_config_basedir }}/etc/ovn-bgp-agent/rootwrap.d" - recurse: true - state: directory - selevel: s0 - setype: container_file_t - -- name: configure OVN BGP agent - ansible.builtin.template: - src: ovn-bgp-agent.conf.j2 - dest: "{{ tripleo_frr_ovn_bgp_agent_config_basedir }}/etc/ovn-bgp-agent/bgp-agent.conf" - mode: '640' - selevel: s0 - setype: container_file_t - register: _ovn_bgp_agent_config_result - -- name: configure OVN BGP agent rootwrap - ansible.builtin.template: - src: rootwrap.conf.j2 - dest: "{{ tripleo_frr_ovn_bgp_agent_config_basedir }}/etc/ovn-bgp-agent/rootwrap.conf" - mode: '640' - selevel: s0 - setype: container_file_t - register: _ovn_bgp_agent_rootwrap_result - -- name: configure OVN BGP agent rootwrap filters - ansible.builtin.template: - src: rootwrap.filters.j2 - dest: "{{ tripleo_frr_ovn_bgp_agent_config_basedir }}/etc/ovn-bgp-agent/rootwrap.d/rootwrap.filters" - mode: '640' - selevel: s0 - setype: container_file_t - register: _ovn_bgp_agent_rootwrap_filters_result - -- name: configure ovs manager - command: ovs-vsctl set-manager "{{ tripleo_frr_ovn_bgp_agent_ovs_manager }}" - -- name: restart OVN BGP agent - when: - - _ovn_bgp_agent_config_result.changed or - _ovn_bgp_agent_rootwrap_result.changed or - _ovn_bgp_agent_rootwrap_filters_result.changed - block: - - name: check if tripleo_ovn_bgp_agent systemd service is active - shell: systemctl is-active --quiet tripleo_ovn_bgp_agent - failed_when: false - register: ovn_bgp_agent_active_service - - - name: restart tripleo_ovn_bgp_agent container - systemd: - name: tripleo_ovn_bgp_agent - state: restarted - when: - - ovn_bgp_agent_active_service.rc == 0 diff --git a/tripleo_ansible/roles/tripleo_frr/templates/daemons.j2 b/tripleo_ansible/roles/tripleo_frr/templates/daemons.j2 deleted file mode 100644 index 81badfe65..000000000 --- a/tripleo_ansible/roles/tripleo_frr/templates/daemons.j2 +++ /dev/null @@ -1,52 +0,0 @@ -# {{ ansible_managed }} - -watchfrr_enable={{ 'yes' if tripleo_frr_watchfrr else 'no' }} -{% if tripleo_frr_watchfrr and tripleo_frr_watchfrr_options != '' %} -watchfrr_options="{{ tripleo_frr_watchfrr_options }}" -{% endif %} -# -zebra={{ 'yes' if tripleo_frr_zebra else 'no' }} -bgpd={{ 'yes' if tripleo_frr_bgp else 'no' }} -ospfd=no -ospf6d=no -ripd=no -ripngd=no -isisd=no -pimd=no -nhrpd=no -eigrpd=no -sharpd=no -pbrd=no -staticd=no -bfdd={{ 'yes' if tripleo_frr_bfd else 'no' }} -fabricd=no - -# -# Command line options for the daemons -# -zebra_options=("-A 127.0.0.1 -r") -bgpd_options=("-A 127.0.0.1") -ospfd_options=("-A 127.0.0.1") -ospf6d_options=("-A ::1") -ripd_options=("-A 127.0.0.1") -ripngd_options=("-A ::1") -isisd_options=("-A 127.0.0.1") -pimd_options=("-A 127.0.0.1") -nhrpd_options=("-A 127.0.0.1") -eigrpd_options=("-A 127.0.0.1") -sharpd_options=("-A 127.0.0.1") -pbrd_options=("-A 127.0.0.1") -staticd_options=("-A 127.0.0.1") -bfdd_options=("-A 127.0.0.1") -fabricd_options=("-A 127.0.0.1") - -# -# If the vtysh_enable is yes, then the unified config is read -# and applied if it exists. If no unified frr.conf exists -# then the per-daemon .conf files are used) -# If vtysh_enable is no or non-existant, the frr.conf is ignored. -# it is highly suggested to have this set to yes -vtysh_enable=yes - -# Allow frr to be started by non-root users -FRR_NO_ROOT="yes" diff --git a/tripleo_ansible/roles/tripleo_frr/templates/frr.conf.j2 b/tripleo_ansible/roles/tripleo_frr/templates/frr.conf.j2 deleted file mode 100644 index 065286990..000000000 --- a/tripleo_ansible/roles/tripleo_frr/templates/frr.conf.j2 +++ /dev/null @@ -1,119 +0,0 @@ -! {{ ansible_managed }} - -frr version {{ tripleo_frr_version }} -frr defaults {{ tripleo_frr_defaults }} -hostname {{ tripleo_frr_hostname }} -log file /var/log/frr/frr.log {{ tripleo_frr_log_level }} -log timestamp precision {{ tripleo_frr_log_timestamp_precision }} -service integrated-vtysh-config -line vty -{{ tripleo_frr_conf_custom_globals }} - -router bgp {{ tripleo_frr_bgp_asn }} - bgp router-id {{ hostvars[inventory_hostname][tripleo_frr_bgp_ipv4_src_network ~ '_ip'] }} - bgp log-neighbor-changes - bgp graceful-shutdown - no bgp default ipv4-unicast - no bgp ebgp-requires-policy - {{ tripleo_frr_conf_custom_router_bgp }} - - neighbor uplink peer-group - neighbor uplink remote-as {{ tripleo_frr_bgp_uplinks_scope }} -{% if tripleo_frr_bgp_neighbor_password|length %} - neighbor uplink password {{ tripleo_frr_bgp_neighbor_password }} -{% endif %} - ! neighbor uplink capability extended-nexthop -{% if tripleo_frr_bfd %} - neighbor uplink bfd - neighbor uplink bfd profile tripleo -{% endif %} -{% if tripleo_frr_bgp_peers %} -{% for peer in tripleo_frr_bgp_peers %} - neighbor {{ peer }} peer-group uplink -{% endfor %} -{% else %} -{% for iface in tripleo_frr_bgp_uplinks_mapped %} - neighbor {{ iface }} interface peer-group uplink -{% endfor %} -{% endif %} - -{% if tripleo_frr_bgp_neighbor_ttl_security_hops | int > 0 %} - neighbor uplink ttl-security hops {{ tripleo_frr_bgp_neighbor_ttl_security_hops }} -{% endif %} -{% if tripleo_frr_bgp_l2vpn|bool and tripleo_frr_bgp_l2vpn_peers|length %} - neighbor evpn-peer peer-group - neighbor evpn-peer remote-as {{ tripleo_frr_bgp_l2vpn_peers_scope }} -{% if tripleo_frr_bgp_l2vpn_ebgp_multihop | int > 0 %} - neighbor evpn-peer ebgp-multihop {{ tripleo_frr_bgp_l2vpn_ebgp_multihop }} -{% endif %} -{% endif %} - -{% if tripleo_frr_bgp_ipv4 %} - address-family ipv4 unicast - redistribute connected - neighbor uplink activate -{% if tripleo_frr_bgp_ipv4_allowas_in %} - neighbor uplink allowas-in origin -{% endif %} - neighbor uplink prefix-list only-host-prefixes out - exit-address-family -{% endif %} - -{% if tripleo_frr_bgp_ipv6 %} - address-family ipv6 unicast - redistribute connected - neighbor uplink activate -{% if tripleo_frr_bgp_ipv6_allowas_in %} - neighbor uplink allowas-in origin -{% endif %} - neighbor uplink prefix-list only-host-prefixes out - exit-address-family -{% endif %} - -{% if tripleo_frr_bgp_l2vpn %} - address-family l2vpn evpn -{% if tripleo_frr_bgp_l2vpn_uplink_activate|bool %} - neighbor uplink activate -{% endif %} -{% if tripleo_frr_bgp_l2vpn_peers|length %} - neighbor evpn-peer activate -{% endif %} - advertise-all-vni - exit-address-family -{% endif %} - -{% if tripleo_frr_bgp_ipv4 %} -ip prefix-list only-default permit 0.0.0.0/0 -ip prefix-list only-host-prefixes permit 0.0.0.0/0 ge 32 - -route-map rm-only-default permit 10 - match ip address prefix-list only-default - set src {{ hostvars[inventory_hostname][tripleo_frr_bgp_ipv4_src_network ~ '_ip'] }} - -ip protocol bgp route-map rm-only-default -{{ tripleo_frr_conf_custom_ipv4 }} -{% endif %} {# tripleo_frr_bgp_ipv4 #} - -{% if tripleo_frr_bgp_ipv6 %} -ipv6 prefix-list only-default permit ::/0 -ipv6 prefix-list only-host-prefixes permit ::/0 ge 128 - -route-map rm-only-default permit 11 - match ipv6 address prefix-list only-default - set src {{ hostvars[inventory_hostname][tripleo_frr_bgp_ipv6_src_network ~ '_ip'] }} - -ipv6 protocol bgp route-map rm-only-default -{{ tripleo_frr_conf_custom_ipv6 }} -{% endif %} - -{% if tripleo_frr_zebra_nht_resolve_via_default %} -ip nht resolve-via-default -{% endif %} - -{% if tripleo_frr_bfd %} -bfd - profile tripleo - detect-multiplier {{ tripleo_frr_bfd_detect_multiplier }} - transmit-interval {{ tripleo_frr_bfd_transmit_interval }} - receive-interval {{ tripleo_frr_bfd_receive_interval }} -{% endif %} diff --git a/tripleo_ansible/roles/tripleo_frr/templates/ovn-bgp-agent.conf.j2 b/tripleo_ansible/roles/tripleo_frr/templates/ovn-bgp-agent.conf.j2 deleted file mode 100644 index 09815c100..000000000 --- a/tripleo_ansible/roles/tripleo_frr/templates/ovn-bgp-agent.conf.j2 +++ /dev/null @@ -1,18 +0,0 @@ -[DEFAULT] -debug={{ tripleo_frr_ovn_bgp_agent_debug }} -reconcile_interval={{ tripleo_frr_ovn_bgp_agent_reconcile_interval }} -expose_tenant_networks={{ tripleo_frr_ovn_bgp_agent_expose_tenant_networks }} -expose_ipv6_gua_tenant_networks={{ tripleo_frr_ovn_bgp_agent_expose_ipv6_gua_tenant_networks }} -driver={{ tripleo_frr_ovn_bgp_agent_driver }} -bgp_AS={{ tripleo_frr_ovn_bgp_agent_bgp_as }} -ovsdb_connection={{ tripleo_frr_ovn_bgp_agent_ovsdb_connection }} - -{% if tripleo_frr_ovn_bgp_agent_internal_tls_enable %} -ovn_sb_private_key={{ tripleo_frr_ovn_bgp_agent_private_key }} -ovn_sb_certificate={{ tripleo_frr_ovn_bgp_agent_certificate }} -ovn_sb_ca_cert={{ tripleo_frr_ovn_bgp_agent_ca_cert }} -{% endif %} - -[agent] -root_helper={{ tripleo_frr_ovn_bgp_agent_root_helper }} -root_helper_daemon={{ tripleo_frr_ovn_bgp_agent_root_helper_daemon }} diff --git a/tripleo_ansible/roles/tripleo_frr/templates/rootwrap.conf.j2 b/tripleo_ansible/roles/tripleo_frr/templates/rootwrap.conf.j2 deleted file mode 100644 index 675fa64cf..000000000 --- a/tripleo_ansible/roles/tripleo_frr/templates/rootwrap.conf.j2 +++ /dev/null @@ -1,27 +0,0 @@ -# Configuration for ovn-bgp-agent-rootwrap -# This file should be owned by (and only-writeable by) the root user - -[DEFAULT] -# List of directories to load filter definitions from (separated by ','). -# These directories MUST all be only writeable by root ! -filters_path=/etc/ovn-bgp-agent/rootwrap.d,/usr/share/ovn-bgp-agent/rootwrap - -# List of directories to search executables in, in case filters do not -# explicitely specify a full path (separated by ',') -# If not specified, defaults to system PATH environment variable. -# These directories MUST all be only writeable by root ! -exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin - -# Enable logging to syslog -# Default value is False -use_syslog=False - -# Which syslog facility to use. -# Valid values include auth, authpriv, syslog, local0, local1... -# Default value is 'syslog' -syslog_log_facility=syslog - -# Which messages to log. -# INFO means log all usage -# ERROR means only log unsuccessful attempts -syslog_log_level=ERROR diff --git a/tripleo_ansible/roles/tripleo_frr/templates/rootwrap.filters.j2 b/tripleo_ansible/roles/tripleo_frr/templates/rootwrap.filters.j2 deleted file mode 100644 index da3cc0cdd..000000000 --- a/tripleo_ansible/roles/tripleo_frr/templates/rootwrap.filters.j2 +++ /dev/null @@ -1,13 +0,0 @@ -# ovn-bgp-agent-rootwrap command filters for scripts -# This file should be owned by (and only-writable by) the root user - -[Filters] -# privileged/__init__.py: priv_context.PrivContext(default) -# This line ties the superuser privs with the config files, context name, -# and (implicitly) the actual python code invoked. -privsep-rootwrap: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, ovn_bgp_agent.privileged.default, --privsep_sock_path, /tmp/.* - -ovs-vsctl: CommandFilter, ovs-vsctl, root -sysctl: CommandFilter, sysctl, root -ip: IpFilter, ip, root -vtysh: CommandFilter, vtysh, root diff --git a/tripleo_ansible/roles/tripleo_ha_wrapper/defaults/main.yml b/tripleo_ansible/roles/tripleo_ha_wrapper/defaults/main.yml deleted file mode 100644 index 9827ae316..000000000 --- a/tripleo_ansible/roles/tripleo_ha_wrapper/defaults/main.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should place placed in this file. - -# All variables within this role should have a prefix of "tripleo_ha_wrapper" -tripleo_ha_wrapper_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_ha_wrapper_hide_sensitive_logs: true -tripleo_ha_wrapper_config_basedir: "/var/lib/config-data/puppet-generated" -tripleo_ha_wrapper_config_suffix: ".previous_run" -tripleo_ha_wrapper_puppet_modulepath: "/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules" -tripleo_ha_wrapper_pcmk_restart_script: "/var/lib/container-config-scripts/pacemaker_restart_bundle.sh" diff --git a/tripleo_ansible/roles/tripleo_ha_wrapper/meta/main.yml b/tripleo_ansible/roles/tripleo_ha_wrapper/meta/main.yml deleted file mode 100644 index a7d16cd87..000000000 --- a/tripleo_ansible/roles/tripleo_ha_wrapper/meta/main.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_ha_wrapper - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_ha_wrapper/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_ha_wrapper/molecule/default/converge.yml deleted file mode 100644 index 4af0c52bc..000000000 --- a/tripleo_ansible/roles/tripleo_ha_wrapper/molecule/default/converge.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_ha_wrapper" - vars: - tripleo_ha_wrapper_service_name: "foo" - tripleo_ha_wrapper_resource_name: "foo" - tripleo_ha_wrapper_bundle_name: "foo-bundle" - tripleo_ha_wrapper_resource_state: "Master" - tripleo_ha_wrapper_puppet_execute: "notify{ foo: }" - tripleo_ha_wrapper_puppet_tags: "file" - tripleo_ha_wrapper_puppet_config_volume: "haproxy" diff --git a/tripleo_ansible/roles/tripleo_ha_wrapper/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_ha_wrapper/molecule/default/molecule.yml deleted file mode 100644 index ccd0d0a64..000000000 --- a/tripleo_ansible/roles/tripleo_ha_wrapper/molecule/default/molecule.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_ha_wrapper/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_ha_wrapper/molecule/default/prepare.yml deleted file mode 100644 index 7fe89b7a8..000000000 --- a/tripleo_ansible/roles/tripleo_ha_wrapper/molecule/default/prepare.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data - - post_tasks: - - name: Create paths - file: - path: "{{ item }}" - state: directory - recurse: true - with_items: - - "/var/lib/container-config-scripts" - - "/var/lib/config-data/puppet-generated" - - - name: Create haproxy md5sum - lineinfile: - path: "/var/lib/config-data/puppet-generated/haproxy.md5sum" - line: "faa59b504dcd9b2c7fb9b0ebf3569daa" - create: true - - - name: Create fake puppet script - lineinfile: - path: "/usr/bin/puppet" - line: "#!/bin/bash" - create: true - mode: 0755 - - - name: Create bash script - lineinfile: - path: "/var/lib/container-config-scripts/pacemaker_restart_bundle.sh" - line: "#!/bin/bash" - create: true - mode: 0755 diff --git a/tripleo_ansible/roles/tripleo_ha_wrapper/tasks/main.yml b/tripleo_ansible/roles/tripleo_ha_wrapper/tasks/main.yml deleted file mode 100644 index 826641448..000000000 --- a/tripleo_ansible/roles/tripleo_ha_wrapper/tasks/main.yml +++ /dev/null @@ -1,90 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the# License for the specific language governing permissions and limitations -# under the License. -# -# This role is used to simplify the management of HA containers within TripleO -# Specifically it does the following: -# 1) It runs the so-called init bundles on the host which are in charge of creating the pcmk resources -# via puppet (or to tweak them in case they changed on a redeploy) -# 2) They trigger calling the pacemaker_restart.sh script when the config for the HA service has changed -# This script will restart the HA resource globally from the bootstrap node in case the config changed there -# and it will only restart the service on the single node when the configuration changed and we are doing -# a minor update. - -# The following variables are required: -# - tripleo_ha_wrapper_service_name: The name of the tripleo_service being used (e.g. mysql) -# - tripleo_ha_wrapper_resource_name: The name of the ocf resource being used (e.g. galera) -# - tripleo_ha_wrapper_bundle_name: The name of the pacemaker bundle being used (e.g. galera-bundle) -# - tripleo_ha_wrapper_resource_state: The desired state of the resource (e.g. Master) -# - tripleo_ha_wrapper_puppet_execute: 'include ::tripleo::....' -# - tripleo_ha_wrapper_puppet_tags: 'pacemaker::resource::bundle,...' -# - tripleo_ha_wrapper_puppet_config_volume: the folder name to lookd for md5 hashes -# - tripleo_ha_wrapper_puppet_debug: Should puppet be run in debug mode (defaults to false) -# - tripleo_ha_wrapper_minor_update: (true|'') is this a minor update workflow or not - -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -# There is not Stack UPDATE any longer so we need to figure out if a resource -# is being created or updated on our own before-hand. -- name: "Detect if resource is being created or already exists" - shell: | - pcs resource config "{{ tripleo_ha_wrapper_bundle_name }}" - register: pcs_resource_exists - failed_when: false - -- name: "Run init bundle puppet on the host for {{ tripleo_ha_wrapper_service_name }}" - shell: | - puppet apply {{ (tripleo_ha_wrapper_puppet_debug | default(false) | bool) | ternary('--debug --verbose', '') }} --detailed-exitcodes \ - --summarize --color=false --modulepath '{{ tripleo_ha_wrapper_puppet_modulepath }}' --tags '{{ tripleo_ha_wrapper_puppet_tags }}' \ - -e '{{ tripleo_ha_wrapper_puppet_execute }}' - failed_when: false - no_log: true - register: puppet_run - -- name: "Debug output for task: Run init bundle puppet on the host for {{ tripleo_ha_wrapper_service_name }}" - debug: - var: puppet_run.stdout_lines | default([]) | union(puppet_run.stderr_lines | default([])) - changed_when: puppet_run.rc == 2 - failed_when: puppet_run.rc != 2 and puppet_run.rc != 0 - -- name: "Check if {{ tripleo_ha_wrapper_config_basedir }}/{{ tripleo_ha_wrapper_puppet_config_volume }} exists" - stat: - path: "{{ tripleo_ha_wrapper_config_basedir }}/{{ tripleo_ha_wrapper_puppet_config_volume }}.md5sum" - register: config_volume_md5 - -- name: Run pacemaker restart if the config file for the service changed - tripleo_diff_exec: - command: >- - {{ tripleo_ha_wrapper_pcmk_restart_script }} {{ tripleo_ha_wrapper_service_name }} - {{ tripleo_ha_wrapper_resource_name }} {{ tripleo_ha_wrapper_bundle_name }} - {{ tripleo_ha_wrapper_resource_state }} - state_file: "{{ tripleo_ha_wrapper_config_basedir }}/{{ tripleo_ha_wrapper_puppet_config_volume }}.md5sum" - state_file_suffix: "{{ tripleo_ha_wrapper_config_suffix }}" - environment: - TRIPLEO_MINOR_UPDATE: "{{ tripleo_ha_wrapper_minor_update|default('') | string }}" - TRIPLEO_HA_WRAPPER_RESOURCE_EXISTS: "{{ (pcs_resource_exists.rc == 0) | string }}" - when: - - (config_volume_md5.stat.exists | bool) diff --git a/tripleo_ansible/roles/tripleo_hieradata/defaults/main.yml b/tripleo_ansible/roles/tripleo_hieradata/defaults/main.yml deleted file mode 100644 index 32f6471b9..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/defaults/main.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# `hieradata_content` can be formatted for all hosts or for specific hosts -# containing potentially different values. -# -# Host specific example: -# -# controller1: -# extraconfig: -# foo: bar -# foo2: bar2 -# other_hierafile: -# foo: bar3 -# controller2: -# extraconfig: -# foo: bar2 -# foo2: bar3 -# other_hierafile: -# foo: bar -# -# -# Global format example: -# -# extraconfig: -# foo: bar -# foo2: bar2 -# other_hierafile: -# foo: bar3 -# -hieradata_template: "" -hieradata_files: [] -# jinja2 escape trick for simple {{ and }} strings: -hieradata_variable_start_string: "{{ '{{' }}" -hieradata_variable_end_string: "{{ '}}' }}" -hieradata_per_host: false -hieradata_templates_list: - - bootstrap_node - - all_nodes - - vip_data -# define a local address. If the ipv6 is found to be enable on the -# loopback device the local address will be set to "localhost" otherwise -# the local address will be defined as "127.0.0.1". -hieradata_localhost_address: "{{ ('ipv6' in (ansible_lo | default({}))) | ternary('localhost', '127.0.0.1') }}" -# file included in hieradata hierarchy for ansible to pass data to puppet -hieradata_ansible_file: /etc/puppet/hieradata/ansible_managed.json diff --git a/tripleo_ansible/roles/tripleo_hieradata/meta/main.yml b/tripleo_ansible/roles/tripleo_hieradata/meta/main.yml deleted file mode 100644 index 9c7624897..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_hieradata - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/converge.yml b/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/converge.yml deleted file mode 100644 index 352a96b18..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/converge.yml +++ /dev/null @@ -1,89 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - pre_tasks: - - name: Create puppet hieradata directory - file: - path: /etc/puppet/hieradata - state: directory - tasks: - - name: Create ansible_managed.json - include_role: - name: tripleo_hieradata - tasks_from: ansible_hieradata.yml - - - name: Check file exists - when: - - not ansible_check_mode|bool - block: - - name: Stat file - stat: - path: /etc/puppet/hieradata/ansible_managed.json - become: true - register: _managed_file - - name: Assert file exists - assert: - that: - - _managed_file.stat.exists - - - name: Check file contents - when: - - not ansible_check_mode|bool - block: - - name: Get contents - slurp: - src: /etc/puppet/hieradata/ansible_managed.json - become: true - register: _managed_file - - name: Set contents fact - set_fact: - _data: "{{ _managed_file['content'] | b64decode }}" - - name: Assert file contents - assert: - that: - - _data == {} - - - name: Configure data - include_role: - name: tripleo_hieradata - tasks_from: ansible_hieradata.yml - vars: - hieradata_ansible_data: - my_var: foo - - - name: Check file contents - when: - - not ansible_check_mode|bool - block: - - name: Get contents - slurp: - src: /etc/puppet/hieradata/ansible_managed.json - become: true - register: _managed_file - - name: Set contents fact - set_fact: - _data: "{{ _managed_file['content'] | b64decode }}" - - name: Set expected - set_fact: - expected: - my_var: foo - - name: Assert file contents - assert: - that: - - _data == expected diff --git a/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/molecule.yml b/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/molecule.yml deleted file mode 100644 index 9713b7fc9..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/molecule.yml +++ /dev/null @@ -1,250 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - vars: - all_nodes_extra_map_data: {} - cloud_domain: localdomain - cloud_names: - cloud_name_ctlplane: standalone.ctlplane.localdomain - container_cli: podman - control_virtual_ip: 192.168.24.1 - ctlplane_ip: 192.168.24.2 - ctlplane_subnet_cidr: 24 - deploy_artifact_urls: '' - deploy_identifier: '1564455089' - deploy_steps_max: 6 - enable_internal_tls: false - enabled_networks: [] - enabled_services: - - keystone_admin_api - - keystone_public_api - - ca_certs - - ceph_client - - ceph_mds - - ceph_mgr - - ceph_mon - - ceph_rgw - - ceph_osd - - certmonger_user - - clustercheck - - container_image_prepare - - logrotate_crond - - docker - - docker_registry - - glance_api - - haproxy - - iscsid - - kernel - - keystone - - manila_api - - manila_backend_cephfs - - manila_scheduler - - manila_share - - memcached - - mysql - - mysql_client - - neutron_api - - neutron_plugin_ml2_ovn - - nova_api - - nova_compute - - nova_conductor - - nova_libvirt - - nova_metadata - - nova_migration_target - - nova_scheduler - - nova_vnc_proxy - - ovn_controller - - ovn_dbs - - ovn_metadata - - openstack_clients - - oslo_messaging_notify - - oslo_messaging_rpc - - pacemaker - - placement - - podman - - snmp - - sshd - - chrony - - timezone - - logrotate_tmpwatch - - tripleo_firewall - - tripleo_packages - - tuned - extraconfig: - foo: bar1 - foo2: bar2 - hosts_entry: ' - - 192.168.24.1 standalone.localdomain standalone - - 192.168.24.1 standalone.ctlplane.localdomain standalone.ctlplane - - ' - net_vip_map: - ctlplane: 192.168.24.1 - ctlplane_subnet: 192.168.24.1/24 - ctlplane_uri: 192.168.24.1 - redis: 192.168.24.1 - ovn_dbs: 192.168.24.1 - network_virtual_ips: - ctlplane: - index: 1 - ip_address: 192.168.24.1 - network_cidrs: - External_cidr: 192.168.24.2/24 - networks: null - nova_additional_cell: false - ping_test_ips: - Standalone: 192.168.24.1 - primary_role_name: Standalone - role_networks: - - Internal - service_configs: - foo: bar3 - service_names: - - ca_certs - - ceph_client - - ceph_mds - - ceph_mgr - - ceph_mon - - ceph_rgw - - ceph_osd - - certmonger_user - - clustercheck - - container_image_prepare - - logrotate_crond - - docker - - docker_registry - - glance_api - - haproxy - - iscsid - - kernel - - keystone - - manila_api - - manila_backend_cephfs - - manila_scheduler - - manila_share - - memcached - - mysql - - mysql_client - - neutron_api - - neutron_plugin_ml2_ovn - - nova_api - - nova_compute - - nova_conductor - - nova_libvirt - - nova_metadata - - nova_migration_target - - nova_scheduler - - nova_vnc_proxy - - ovn_controller - - ovn_dbs - - ovn_metadata - - openstack_clients - - oslo_messaging_notify - - oslo_messaging_rpc - - pacemaker - - placement - - podman - - snmp - - sshd - - chrony - - timezone - - logrotate_tmpwatch - - tripleo_firewall - - tripleo_packages - - tuned - service_net_map: - aodh_api_network: ctlplane - apache_network: ctlplane - barbican_api_network: ctlplane - bindnetwork: ctlplane - ceph_cluster_network: ctlplane - ceph_grafana_network: ctlplane - ceph_mon_network: ctlplane - ceph_rgw_network: ctlplane - cinder_api_network: ctlplane - cinder_iscsi_network: ctlplane - designate_api_network: ctlplane - docker_registry_network: ctlplane - ec2_api_metadata_network: ctlplane - ec2_api_network: ctlplane - etcd_network: ctlplane - ganesha_network: ctlplane - glance_api_network: ctlplane - gnocchi_api_network: ctlplane - haproxy_network: ctlplane - heat_api_cfn_network: ctlplane - heat_api_cloudwatch_network: ctlplane - heat_api_network: ctlplane - horizon_network: ctlplane - ironic_api_network: ctlplane - ironic_inspector_network: ctlplane - ironic_network: ctlplane - keystone_admin_api_network: ctlplane - keystone_public_api_network: ctlplane - manila_api_network: ctlplane - memcached_network: ctlplane - metrics_qdr_network: ctlplane - mistral_api_network: ctlplane - mongodb_network: ctlplane - mysql_network: ctlplane - neutron_api_network: ctlplane - neutron_tenant_network: ctlplane - nova_api_network: ctlplane - nova_libvirt_network: ctlplane - nova_metadata_network: ctlplane - nova_vnc_proxy_network: ctlplane - novajoin_network: ctlplane - octavia_api_network: ctlplane - openshift_infra_network: ctlplane - openshift_master_network: ctlplane - oslo_messaging_notify_network: ctlplane - oslo_messaging_rpc_network: ctlplane - ovn_dbs_network: ctlplane - pacemaker_network: ctlplane - pacemaker_remote_network: ctlplane - placement_network: ctlplane - public_network: ctlplane - qdr_network: ctlplane - rabbitmq_network: ctlplane - redis_network: ctlplane - snmpd_network: ctlplane - standalone_hostname_resolve_network: ctlplane - swift_proxy_network: ctlplane - swift_storage_network: ctlplane - tacker_api_network: ctlplane - zaqar_api_network: ctlplane - tripleo_role_name: Standalone - validate_controllers_icmp: true - validate_fqdn: false - validate_gateways_icmp: true - validate_ntp: true - Standalone: - hosts: - centos: {} - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/prepare.yml b/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_hieradata/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_hieradata/molecule/default/converge.yml deleted file mode 100644 index 99a180977..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: tripleo_hieradata diff --git a/tripleo_ansible/roles/tripleo_hieradata/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_hieradata/molecule/default/molecule.yml deleted file mode 100644 index b8aa37228..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_hieradata/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_hieradata/molecule/default/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_hieradata/molecule/hieradata_vars/converge.yml b/tripleo_ansible/roles/tripleo_hieradata/molecule/hieradata_vars/converge.yml deleted file mode 100644 index 4059b44b8..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/molecule/hieradata_vars/converge.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - pre_tasks: - - name: Create puppet hieradata directory - file: - path: /etc/puppet/hieradata - state: directory - - - name: Set mock network ip facts - set_fact: - CTRLPlane_ip: 192.168.24.2 - ctlplane_ip: 192.168.24.2 - Internal_ip: 192.168.25.2 - - tasks: - - name: Create hieradata from templates - include_role: - name: tripleo_hieradata - tasks_from: hieradata_vars.yaml - vars: - hieradata_templates_list: - - all_nodes - - bootstrap_node - - cloud_domain - - extraconfig - - fqdn - - net_ip_map - - service_configs - - service_names - - vip_data - - ovn_chassis_mac_map diff --git a/tripleo_ansible/roles/tripleo_hieradata/molecule/hieradata_vars/group_vars/overcloud.json b/tripleo_ansible/roles/tripleo_hieradata/molecule/hieradata_vars/group_vars/overcloud.json deleted file mode 100644 index 0967ef424..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/molecule/hieradata_vars/group_vars/overcloud.json +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/tripleo_ansible/roles/tripleo_hieradata/molecule/hieradata_vars/molecule.yml b/tripleo_ansible/roles/tripleo_hieradata/molecule/hieradata_vars/molecule.yml deleted file mode 100644 index 1a26bfc6e..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/molecule/hieradata_vars/molecule.yml +++ /dev/null @@ -1,253 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - vars: - all_nodes_extra_map_data: {} - cloud_domain: localdomain - cloud_names: - cloud_name_ctlplane: standalone.ctlplane.localdomain - container_cli: podman - control_virtual_ip: 192.168.24.1 - ctlplane_ip: 192.168.24.2 - ctlplane_subnet_cidr: 24 - deploy_artifact_urls: '' - deploy_identifier: '1564455089' - deploy_steps_max: 6 - enable_internal_tls: false - enabled_networks: [] - enabled_services: - - keystone_admin_api - - keystone_public_api - - ca_certs - - ceph_client - - ceph_mds - - ceph_mgr - - ceph_mon - - ceph_rgw - - ceph_osd - - certmonger_user - - clustercheck - - container_image_prepare - - logrotate_crond - - docker - - docker_registry - - glance_api - - haproxy - - iscsid - - kernel - - keystone - - manila_api - - manila_backend_cephfs - - manila_scheduler - - manila_share - - memcached - - mysql - - mysql_client - - neutron_api - - neutron_plugin_ml2_ovn - - nova_api - - nova_compute - - nova_conductor - - nova_libvirt - - nova_metadata - - nova_migration_target - - nova_scheduler - - nova_vnc_proxy - - ovn_controller - - ovn_dbs - - ovn_metadata - - openstack_clients - - oslo_messaging_notify - - oslo_messaging_rpc - - pacemaker - - placement - - podman - - snmp - - sshd - - chrony - - timezone - - logrotate_tmpwatch - - tripleo_firewall - - tripleo_packages - - tuned - extraconfig: - foo: bar1 - foo2: bar2 - hosts_entry: ' - - 192.168.24.1 standalone.localdomain standalone - - 192.168.24.1 standalone.ctlplane.localdomain standalone.ctlplane - - ' - net_vip_map: - ctlplane: 192.168.24.1 - ctlplane_subnet: 192.168.24.1/24 - ctlplane_uri: 192.168.24.1 - redis: 192.168.24.1 - ovn_dbs: 192.168.24.1 - network_virtual_ips: - ctlplane: - index: 1 - ip_address: 192.168.24.1 - network_cidrs: - External_cidr: 192.168.24.2/24 - networks: null - nova_additional_cell: false - ping_test_ips: - Standalone: 192.168.24.1 - primary_role_name: Standalone - role_networks: - - Internal - service_configs: - foo: bar3 - service_names: - - ca_certs - - ceph_client - - ceph_mds - - ceph_mgr - - ceph_mon - - ceph_rgw - - ceph_osd - - certmonger_user - - clustercheck - - container_image_prepare - - logrotate_crond - - docker - - docker_registry - - glance_api - - haproxy - - iscsid - - kernel - - keystone - - manila_api - - manila_backend_cephfs - - manila_scheduler - - manila_share - - memcached - - mysql - - mysql_client - - neutron_api - - neutron_plugin_ml2_ovn - - nova_api - - nova_compute - - nova_conductor - - nova_libvirt - - nova_metadata - - nova_migration_target - - nova_scheduler - - nova_vnc_proxy - - ovn_controller - - ovn_dbs - - ovn_metadata - - openstack_clients - - oslo_messaging_notify - - oslo_messaging_rpc - - pacemaker - - placement - - podman - - snmp - - sshd - - chrony - - timezone - - logrotate_tmpwatch - - tripleo_firewall - - tripleo_packages - - tuned - service_net_map: - aodh_api_network: ctlplane - apache_network: ctlplane - barbican_api_network: ctlplane - bindnetwork: ctlplane - ceph_cluster_network: ctlplane - ceph_dashboard_network: ctlplane - ceph_grafana_network: ctlplane - ceph_mon_network: ctlplane - ceph_rgw_network: ctlplane - cinder_api_network: ctlplane - cinder_iscsi_network: ctlplane - designate_api_network: ctlplane - docker_registry_network: ctlplane - ec2_api_metadata_network: ctlplane - ec2_api_network: ctlplane - etcd_network: ctlplane - ganesha_network: ctlplane - glance_api_network: ctlplane - gnocchi_api_network: ctlplane - haproxy_network: ctlplane - heat_api_cfn_network: ctlplane - heat_api_cloudwatch_network: ctlplane - heat_api_network: ctlplane - horizon_network: ctlplane - internal_api_network: ctlplane - ironic_api_network: ctlplane - ironic_inspector_network: ctlplane - ironic_network: ctlplane - keystone_admin_api_network: ctlplane - keystone_public_api_network: ctlplane - manila_api_network: ctlplane - memcached_network: ctlplane - metrics_qdr_network: ctlplane - mistral_api_network: ctlplane - mongodb_network: ctlplane - mysql_network: ctlplane - neutron_api_network: ctlplane - neutron_tenant_network: ctlplane - nova_api_network: ctlplane - nova_libvirt_network: ctlplane - nova_metadata_network: ctlplane - nova_vnc_proxy_network: ctlplane - novajoin_network: ctlplane - octavia_api_network: ctlplane - openshift_infra_network: ctlplane - openshift_master_network: ctlplane - oslo_messaging_notify_network: ctlplane - oslo_messaging_rpc_network: ctlplane - ovn_dbs_network: ctlplane - pacemaker_network: ctlplane - pacemaker_remote_network: ctlplane - placement_network: ctlplane - public_network: ctlplane - qdr_network: ctlplane - rabbitmq_network: ctlplane - redis_network: ctlplane - snmpd_network: ctlplane - standalone_hostname_resolve_network: ctlplane - swift_proxy_network: ctlplane - swift_storage_network: ctlplane - tacker_api_network: ctlplane - zaqar_api_network: ctlplane - tripleo_role_name: Standalone - validate_controllers_icmp: true - validate_fqdn: false - validate_gateways_icmp: true - validate_ntp: true - Standalone: - hosts: - centos: - datacentre: bb:bb:bb:bb:bb:bb - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_hieradata/molecule/hieradata_vars/prepare.yml b/tripleo_ansible/roles/tripleo_hieradata/molecule/hieradata_vars/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/molecule/hieradata_vars/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_hieradata/molecule/hieradata_vars/templates/mock-hieradata.j2.yaml b/tripleo_ansible/roles/tripleo_hieradata/molecule/hieradata_vars/templates/mock-hieradata.j2.yaml deleted file mode 100644 index c593bbb80..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/molecule/hieradata_vars/templates/mock-hieradata.j2.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -datafiles: {} diff --git a/tripleo_ansible/roles/tripleo_hieradata/molecule/hieradata_vars/tests/test_hieradata_vars.py b/tripleo_ansible/roles/tripleo_hieradata/molecule/hieradata_vars/tests/test_hieradata_vars.py deleted file mode 100644 index 171725725..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/molecule/hieradata_vars/tests/test_hieradata_vars.py +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import os -import json - -import testinfra.utils.ansible_runner - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_json_render(host): - rendered_files = [ - "all_nodes", - "bootstrap_node", - "cloud_domain", - "extraconfig", - "fqdn", - "net_ip_map", - "service_configs", - "service_names", - "vip_data", - "ovn_chassis_mac_map" - ] - - for f in rendered_files: - json.loads( - host.file( - '/etc/puppet/hieradata/{}.json'.format(f) - ).content_string - ) diff --git a/tripleo_ansible/roles/tripleo_hieradata/tasks/ansible_hieradata.yml b/tripleo_ansible/roles/tripleo_hieradata/tasks/ansible_hieradata.yml deleted file mode 100644 index f38fa9b96..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/tasks/ansible_hieradata.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Check for hieradata file - become: true - stat: - path: - src: "{{ hieradata_ansible_file }}" - register: _hiera_file -- block: - - name: Get existing data - slurp: "{{ hieradata_ansible_file }}" - register: _file_data - become: true - - name: Set data fact - set_fact: - hieradata_content: "{{ _file_data['content'] | b64decode }}" - when: - - _hiera_file.stat is defined - - _hiera_file.stat.exists -- name: Write ansible hieradata file - copy: - dest: "{{ hieradata_ansible_file }}" - content: "{{ hieradata_content | default({}) | combine(hieradata_ansible_data | default({})) | to_json }}" - owner: root - group: root - mode: '0644' - become: true diff --git a/tripleo_ansible/roles/tripleo_hieradata/tasks/hieradata_vars.yaml b/tripleo_ansible/roles/tripleo_hieradata/tasks/hieradata_vars.yaml deleted file mode 100644 index 0e086b973..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/tasks/hieradata_vars.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Copy overcloud.json to all_nodes.json - become: true - copy: - src: "{{ playbook_dir }}/group_vars/overcloud.json" - dest: "{{ dest_path | default('/etc/puppet/hieradata/all_nodes.json') }}" - -- name: Render hieradata from template - become: true - template: - src: templates/{{ item }}.j2 - dest: "{{ dest_path | default('/etc/puppet/hieradata/' ~ item ~ '.json') }}" - loop: "{{ hieradata_templates_list | difference(['all_nodes']) }}" diff --git a/tripleo_ansible/roles/tripleo_hieradata/tasks/main.yml b/tripleo_ansible/roles/tripleo_hieradata/tasks/main.yml deleted file mode 100644 index ae250763e..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/tasks/main.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Create /etc/puppet/hieradata - become: true - file: - path: /etc/puppet/hieradata - state: directory - mode: 0700 - -- name: Write hiera config - become: true - when: - - (hieradata_files | length) > 0 - copy: - mode: 0600 - dest: /etc/puppet/hiera.yaml - # TODO(emilien) Switch to Hiera5 format once we stop calling Hiera CLI - # which is deprecated and should be replaced by "puppet lookup" command. - content: | - --- - :backends: - - json - :json: - :datadir: /etc/puppet/hieradata - :hierarchy: - {{ hieradata_files | to_nice_yaml }} diff --git a/tripleo_ansible/roles/tripleo_hieradata/templates/all_nodes.j2 b/tripleo_ansible/roles/tripleo_hieradata/templates/all_nodes.j2 deleted file mode 100644 index c8720fa4e..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/templates/all_nodes.j2 +++ /dev/null @@ -1,67 +0,0 @@ -{% set all_nodes = {} %} -{% set all_enabled_services = ((enabled_services + all_nodes_extra_map_data['enabled_services'] | default ([])) | unique) %} -{% set _ = all_nodes.__setitem__('enabled_services', all_enabled_services) %} -{% for service in all_enabled_services %} -{# _enabled: true #} -{% set _ = all_nodes.__setitem__((service ~ '_enabled'), true) %} -{# _node_ips: #} -{% set _ = all_nodes.__setitem__((service ~ '_node_ips'), (groups[service] | default ([]) | map('extract', hostvars, service_net_map[service ~ '_network'] | default('ctlplane') ~ '_ip') | list) + all_nodes_extra_map_data[service ~ '_node_ips'] | default([])) %} -{% if nova_additional_cell %} -{# _cell_node_names: #} -{% set _ = all_nodes.__setitem__((service ~ '_cell_node_names'), (groups[service] | default ([]) | map('extract', hostvars, service_net_map[service ~ '_network'] | default('ctlplane') ~ '_hostname') | list)) %} -{% else %} -{# _node_names: #} -{% set _ = all_nodes.__setitem__((service ~ '_node_names'), (groups[service] | default ([]) | map('extract', hostvars, service_net_map[service ~ '_network'] | default('ctlplane') ~ '_hostname') | list) + all_nodes_extra_map_data[service ~ '_node_names'] | default([])) %} -{% endif %} -{# _short_node_names: #} -{% set _ = all_nodes.__setitem__((service ~ '_short_node_names'), (groups[service] | default ([]) | map('extract', hostvars, 'inventory_hostname') | list) + all_nodes_extra_map_data[service ~ '_short_node_names'] | default([])) %} -{# _short_bootstrap_node_name: hostname #} -{% set services = (groups[service] | default ([]) | list ) %} -{% if all_nodes_extra_map_data[service ~ '_short_bootstrap_node_name'] is defined %} -{% set services = services + [all_nodes_extra_map_data[service ~ '_short_bootstrap_node_name']] %} -{% endif %} -{% if (services | length) > 0 %} -{% set _ = all_nodes.__setitem__((service ~ '_short_bootstrap_node_name'), (services | sort | first)) %} -{% endif %} -{# _bootstrap_node_ip: hostname #} -{% set services = (groups[service] | default ([]) | sort | map('extract', hostvars, service_net_map[service ~ '_network'] | default('ctlplane') ~ '_ip')) | list %} -{% if all_nodes_extra_map_data[service ~ '_short_bootstrap_node_ip'] is defined %} -{% set services = services + [all_nodes_extra_map_data[service ~ '_short_bootstrap_node_ip']] %} -{% endif %} -{% if (services | length) > 0 %} -{% set _ = all_nodes.__setitem__((service ~ '_bootstrap_node_ip'), (services | first)) %} -{% endif %} -{% endfor %} -{# _network: #} -{% for key, value in service_net_map.items() %} -{% set _ = all_nodes.__setitem__(key, value) %} -{% endfor %} -{% if nova_additional_cell %} -{% for key, value in all_nodes_extra_map_data.items() %} -{% set _ = all_nodes.__setitem__(key, value) %} -{% endfor %} -{% endif %} -{% if 'redis' in all_enabled_services or nova_additional_cell %} -{% if 'redis_vip' in all_nodes_extra_map_data %} -{% set _ = all_nodes.__setitem__('redis_vip', all_nodes_extra_map_data['redis_vip']) %} -{% elif net_vip_map.redis is defined %} -{% set _ = all_nodes.__setitem__('redis_vip', (net_vip_map.redis)) %} -{% elif service_vip_vars.redis is defined %} -{% set _ = all_nodes.__setitem__('redis_vip', (service_vip_vars.redis)) %} -{% endif %} -{% endif %} -{% if 'ovn_dbs' in all_enabled_services or nova_additional_cell %} -{% if 'ovn_dbs_vip' in all_nodes_extra_map_data %} -{% set _ = all_nodes.__setitem__('ovn_dbs_vip', all_nodes_extra_map_data['ovn_dbs_vip']) %} -{% elif service_vip_vars.ovn_dbs is defined %} -{% set _ = all_nodes.__setitem__('ovn_dbs_vip', (service_vip_vars.ovn_dbs)) %} -{% elif net_vip_map.ovn_dbs is defined %} -{% set _ = all_nodes.__setitem__('ovn_dbs_vip', (net_vip_map.ovn_dbs)) %} -{% endif %} -{% endif %} -{% set _ = all_nodes.__setitem__('deploy_identifier', deploy_identifier) %} -{% set _ = all_nodes.__setitem__('container_cli', container_cli) %} -{% set _ = all_nodes.__setitem__('controller_node_ips', (groups[primary_role_name] | default([]) | map('extract', hostvars, 'ctlplane_ip') | list | join(','))) %} -{% set _ = all_nodes.__setitem__('controller_node_names', (groups[primary_role_name] | default([]) | map('extract', hostvars, 'inventory_hostname') | list | join(','))) %} -{# RENDER #} -{{ all_nodes | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo_hieradata/templates/bootstrap_node.j2 b/tripleo_ansible/roles/tripleo_hieradata/templates/bootstrap_node.j2 deleted file mode 100644 index 667023f52..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/templates/bootstrap_node.j2 +++ /dev/null @@ -1,4 +0,0 @@ -{% set boostrap_node = {} %} -{% set _ = boostrap_node.__setitem__('boostrap_node_id', groups[tripleo_role_name] | sort | first) %} -{# RENDER #} -{{ boostrap_node | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo_hieradata/templates/cloud_domain.j2 b/tripleo_ansible/roles/tripleo_hieradata/templates/cloud_domain.j2 deleted file mode 100644 index 6c95d6c4a..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/templates/cloud_domain.j2 +++ /dev/null @@ -1,4 +0,0 @@ -{% set cloud_domain_data = {} %} -{% set _ = cloud_domain_data.__setitem__('tripleo::clouddomain', cloud_domain) %} -{# RENDER #} -{{ cloud_domain_data | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo_hieradata/templates/extraconfig.j2 b/tripleo_ansible/roles/tripleo_hieradata/templates/extraconfig.j2 deleted file mode 100644 index fb6bcd890..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/templates/extraconfig.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ extraconfig | default({}) | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo_hieradata/templates/fqdn.j2 b/tripleo_ansible/roles/tripleo_hieradata/templates/fqdn.j2 deleted file mode 100644 index a6bc9e7ba..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/templates/fqdn.j2 +++ /dev/null @@ -1,12 +0,0 @@ -{% set fqdn = {} %} -{% set _ = fqdn.__setitem__('fqdn_ctlplane', (inventory_hostname ~ '.ctlplane.' ~ cloud_domain)) %} -{% set _ = fqdn.__setitem__('fqdn_canonical', (inventory_hostname ~ '.' ~ cloud_domain)) %} -{% if enabled_networks is defined and enabled_networks %} -{% for network in enabled_networks %} -{% if role_networks is defined and role_networks and network in role_networks %} -{% set _ = fqdn.__setitem__(('fqdn_' ~ networks[network]['name_lower']), (inventory_hostname ~ '.' ~ network | lower ~ '.' ~ cloud_domain)) %} -{% endif %} -{% endfor %} -{% endif %} -{# RENDER #} -{{ fqdn | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo_hieradata/templates/net_ip_map.j2 b/tripleo_ansible/roles/tripleo_hieradata/templates/net_ip_map.j2 deleted file mode 100644 index 05895da67..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/templates/net_ip_map.j2 +++ /dev/null @@ -1,28 +0,0 @@ -{% set net_ip_map = {} %} -{% if ctlplane_ip is defined %} -{% set _ = net_ip_map.__setitem__('ctlplane', ctlplane_ip) %} -{% set _ = net_ip_map.__setitem__('ctlplane_uri', (ctlplane_ip | ansible.netcommon.ipwrap)) %} -{% if ctlplane_subnet is defined %} -{% set _ = net_ip_map.__setitem__('ctlplane_subnet', ctlplane_ip ~ '/' ~ ctlplane_subnet_cidr) %} -{% endif %} -{% endif %} -{% if enabled_networks is defined and enabled_networks %} -{% for network in enabled_networks %} -{% if network_cidrs is defined and network_cidrs and ((network ~ '_cidr') in network_cidrs) %} -{% set _ = net_ip_map.__setitem__(networks[network]['name'], (hostvars[inventory_hostname][networks[network]['name'] ~ '_ip'])) %} -{% set _ = net_ip_map.__setitem__((networks[network]['name'] ~ '_subnet'), (hostvars[inventory_hostname][networks[network]['name'] ~ '_ip'] ~ '/' ~ network_cidrs[network ~ '_cidr'])) %} -{% set _ = net_ip_map.__setitem__((networks[network]['name'] ~ '_uri'), (hostvars[inventory_hostname][networks[network]['name'] ~ '_ip'] | ansible.netcommon.ipwrap)) %} -{% else %} -{# just add empty entries for this network if it doesn't apply to this role. matches previous behavior from Heat #} -{% set _ = net_ip_map.__setitem__(networks[network]['name'], "") %} -{% set _ = net_ip_map.__setitem__((networks[network]['name'] ~ '_subnet'), "") %} -{% set _ = net_ip_map.__setitem__((networks[network]['name'] ~ '_uri'), "") %} -{% endif %} -{% endfor %} -{% endif %} -{% if hieradata_localhost_address is undefined %} -{% set hieradata_localhost_address = ('ipv6' in (ansible_lo | default({}))) | ternary('localhost', '127.0.0.1') %} -{% endif %} -{% set _ = net_ip_map.__setitem__('localhost_address', hieradata_localhost_address) %} -{# RENDER #} -{{ net_ip_map | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo_hieradata/templates/ovn_chassis_mac_map.j2 b/tripleo_ansible/roles/tripleo_hieradata/templates/ovn_chassis_mac_map.j2 deleted file mode 100644 index 8f8d71822..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/templates/ovn_chassis_mac_map.j2 +++ /dev/null @@ -1,7 +0,0 @@ -{% set ovn_chassis_mac_map_data = {} %} -{% if ovn_bridge_mac_address_vars is defined %} -{% set _ = ovn_chassis_mac_map_data.__setitem__('ovn_chassis_mac_map', ovn_bridge_mac_address_vars[inventory_hostname] | default({})) %} -{% else %} -{% set _ = ovn_chassis_mac_map_data.__setitem__('ovn_chassis_mac_map', hostvars[inventory_hostname].get('ovn_chassis_mac_map', {})) %} -{% endif %} -{{ ovn_chassis_mac_map_data | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo_hieradata/templates/role_extraconfig.j2 b/tripleo_ansible/roles/tripleo_hieradata/templates/role_extraconfig.j2 deleted file mode 100644 index 3cf3f1322..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/templates/role_extraconfig.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ role_extraconfig | default({}) | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo_hieradata/templates/service_configs.j2 b/tripleo_ansible/roles/tripleo_hieradata/templates/service_configs.j2 deleted file mode 100644 index c5d980b66..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/templates/service_configs.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ service_configs | default({}) | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo_hieradata/templates/service_names.j2 b/tripleo_ansible/roles/tripleo_hieradata/templates/service_names.j2 deleted file mode 100644 index 7a4f56342..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/templates/service_names.j2 +++ /dev/null @@ -1,4 +0,0 @@ -{% set service_names_data = {} %} -{% set _ = service_names_data.__setitem__('service_names', service_names | default([])) %} -{# RENDER #} -{{ service_names_data | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo_hieradata/templates/vip_data.j2 b/tripleo_ansible/roles/tripleo_hieradata/templates/vip_data.j2 deleted file mode 100644 index 74d4e385f..000000000 --- a/tripleo_ansible/roles/tripleo_hieradata/templates/vip_data.j2 +++ /dev/null @@ -1,56 +0,0 @@ -{# Exclude networks in network_virtual_ips based on service_net_map #} -{# External virtual ip is currently being handled separately as public_virtual_ip. #} -{# Likewise, optional StorageNFS virtual ip is handled separately as ganesha_vip. #} -{% set _network_virtual_ips = {} %} -{% for key, value in network_virtual_ips.items() %} -{% if key not in [service_net_map['public_network'], - service_net_map['ganesha_network']] %} -{% set _ = _network_virtual_ips.update({key: value}) %} -{% endif %} -{% endfor %} -{% set vip_data = {} %} -{% set _ = vip_data.__setitem__('controller_virtual_ip', control_virtual_ip) %} -{% set _ = vip_data.__setitem__('keystone_admin_api_vip', (net_vip_map[service_net_map['keystone_admin_api_network']])) %} -{% set _ = vip_data.__setitem__('keystone_public_api_vip', (net_vip_map[service_net_map['keystone_public_api_network']])) %} -{% set _ = vip_data.__setitem__('public_virtual_ip', (net_vip_map[service_net_map['public_network']])) %} -{# the internal_api_virtual_ip is needed for contrail only #} -{% set _ = vip_data.__setitem__('internal_api_virtual_ip', (net_vip_map[service_net_map['internal_api_network']])) %} -{% set _ = vip_data.__setitem__('network_virtual_ips', _network_virtual_ips) %} -{% set _ = vip_data.__setitem__('ceph_dashboard_vip', (net_vip_map[service_net_map['ceph_dashboard_network']])) %} -{% set _ = vip_data.__setitem__('ganesha_vip', (net_vip_map[service_net_map['ganesha_network']])) %} -{# public_virtual_ip and controller_virtual_ip are needed in both HAproxy & keepalived. #} -{% set _ = vip_data.__setitem__('tripleo::haproxy::public_virtual_ip', (net_vip_map[service_net_map['public_network']])) %} -{% set _ = vip_data.__setitem__('tripleo::keepalived::public_virtual_ip', (net_vip_map[service_net_map['public_network']])) %} -{% set _ = vip_data.__setitem__('tripleo::haproxy::controller_virtual_ip', (net_vip_map.ctlplane)) %} -{% set _ = vip_data.__setitem__('tripleo::keepalived::controller_virtual_ip', (net_vip_map.ctlplane)) %} -{% if service_vip_vars.redis is defined %} -{% set _ = vip_data.__setitem__('tripleo::keepalived::redis_virtual_ip', (service_vip_vars.redis)) %} -{% elif net_vip_map.redis is defined %} -{% set _ = vip_data.__setitem__('tripleo::keepalived::redis_virtual_ip', (net_vip_map.redis)) %} -{% endif %} -{% set _ = vip_data.__setitem__('tripleo::redis_notification::haproxy_monitor_ip', (net_vip_map.ctlplane)) %} -{% if 'ovn_dbs' in enabled_services %} -{% if service_vip_vars.ovn_dbs is defined %} -{% set _ = vip_data.__setitem__('tripleo::keepalived::ovndbs_virtual_ip', (service_vip_vars.ovn_dbs)) %} -{% elif net_vip_map.ovn_dbs is defined %} -{% set _ = vip_data.__setitem__('tripleo::keepalived::ovndbs_virtual_ip', (net_vip_map.ovn_dbs)) %} -{% endif %} -{% endif %} -{% for key, value in cloud_names.items() %} -{% set _ = vip_data.__setitem__(key, value) %} -{% endfor %} -{% set _ = vip_data.__setitem__('enable_internal_tls', (enable_internal_tls | lower | bool)) %} -{% for service in enabled_services %} -{% if service_net_map.get(service ~ '_network', 'noop') in net_vip_map %} -{# we set explicit vips for these services, no need to calculate them dynamically #} -{% if service not in ['ovn_dbs', 'redis', 'ganesha', 'keystone_admin_api_vip', 'keystone_public_api_vip'] %} -{% set _ = vip_data.__setitem__((service ~ '_vip'), (net_vip_map[service_net_map[service ~ '_network']])) %} -{% endif %} -{# we set the ovn_dbs_vip to the per-network VIP *if* we detect that there is no separate ovn_dbs VIP set (I.e. THT patch for separate OVN VIP is missing) #} -{% if service in ['ovn_dbs'] and net_vip_map.ovn_dbs is not defined and service_vip_vars.ovn_dbs is not defined%} -{% set _ = vip_data.__setitem__((service ~ '_vip'), (net_vip_map[service_net_map[service ~ '_network']])) %} -{% endif %} -{% endif %} -{% endfor %} -{# RENDER #} -{{ vip_data | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo_hosts_entries/defaults/main.yml b/tripleo_ansible/roles/tripleo_hosts_entries/defaults/main.yml deleted file mode 100644 index 197f255aa..000000000 --- a/tripleo_ansible/roles/tripleo_hosts_entries/defaults/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_hosts_entries" -tripleo_hosts_entries_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_hosts_entries_hosts_path: /etc/hosts -tripleo_hosts_entries_undercloud_hosts_entries: "" -tripleo_hosts_entries_extra_hosts_entries: "" -tripleo_hosts_entries_overcloud_hosts_entries: "{{ hosts_entry }}" diff --git a/tripleo_ansible/roles/tripleo_hosts_entries/files/.gitkeep b/tripleo_ansible/roles/tripleo_hosts_entries/files/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/roles/tripleo_hosts_entries/meta/main.yml b/tripleo_ansible/roles/tripleo_hosts_entries/meta/main.yml deleted file mode 100644 index 9b93e8645..000000000 --- a/tripleo_ansible/roles/tripleo_hosts_entries/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_hosts_entries - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_hosts_entries/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_hosts_entries/molecule/default/converge.yml deleted file mode 100644 index 0ca51ce98..000000000 --- a/tripleo_ansible/roles/tripleo_hosts_entries/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_hosts_entries" diff --git a/tripleo_ansible/roles/tripleo_hosts_entries/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_hosts_entries/molecule/default/molecule.yml deleted file mode 100644 index 2134091b4..000000000 --- a/tripleo_ansible/roles/tripleo_hosts_entries/molecule/default/molecule.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -driver: - name: podman - -provisioner: - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - vars: - # use a tmp hosts path since /etc/hosts isn't writeable in the - # molecule test containers - tripleo_hosts_entries_hosts_path: /tmp/hosts - tripleo_hosts_entries_overcloud_hosts_entries: - - 192.168.24.1 centos.localdomain centos - - 192.168.24.1 centos.ctlplane.localdomain centos.ctlplane - - 172.17.0.1 centos.internalapi.localdomain centos.internalapi - tripleo_hosts_entries_undercloud_hosts_entries: [] - tripleo_hosts_entries_extra_hosts_entries: [] - tripleo_stack_name: overcloud - plan: overcloud - children: - allovercloud: - hosts: - centos: - hostname_resolve_network: ctlplane - ctlplane_ip: 192.168.24.1 - internal_api_ip: 172.17.0.1 - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: ansible diff --git a/tripleo_ansible/roles/tripleo_hosts_entries/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_hosts_entries/molecule/default/prepare.yml deleted file mode 100644 index 9217ab270..000000000 --- a/tripleo_ansible/roles/tripleo_hosts_entries/molecule/default/prepare.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data - post_tasks: - - name: Create temp host file - copy: - content: | - # START_HOST_ENTRIES_FOR_STACK: undercloud - 192.168.24.1 tripleo-director.localdomain tripleo-director - 192.168.24.1 tripleo-director.external.localdomain - 192.168.24.1 tripleo-director.ctlplane.localdomain - # END_HOST_ENTRIES_FOR_STACK: undercloud - # START_HOST_ENTRIES_FOR_STACK: overcloud - 192.168.24.1 tripleo-director.ctlplane.localdomain - 192.168.24.18 overcloud.ctlplane.localdomain - 172.16.1.90 overcloud.storage.localdomain - 172.16.3.53 overcloud.storagemgmt.localdomain - 172.16.2.132 overcloud.internalapi.localdomain - 172.20.10.25 openstack.example.net - # END_HOST_ENTRIES_FOR_STACK: overcloud - dest: "{{ tripleo_hosts_entries_hosts_path }}" diff --git a/tripleo_ansible/roles/tripleo_hosts_entries/molecule/default/verify.yml b/tripleo_ansible/roles/tripleo_hosts_entries/molecule/default/verify.yml deleted file mode 100644 index 4b4f309f6..000000000 --- a/tripleo_ansible/roles/tripleo_hosts_entries/molecule/default/verify.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Verify - hosts: all - become: true - gather_facts: false - tasks: - - name: Check if hosts lines were written to hosts file - lineinfile: - path: /tmp/hosts - line: "{{ item }}" - register: hosts_result - check_mode: true - loop: - - 192.168.24.1 centos.localdomain centos - - 192.168.24.1 centos.ctlplane.localdomain centos.ctlplane - - 172.17.0.1 centos.internalapi.localdomain centos.internalapi - - - name: slurp /tmp/hosts - slurp: - path: /tmp/hosts - register: slurp_hosts - - - name: Show /tmp/hosts - debug: - var: slurp_hosts['content'] | b64decode - - - name: Fail if hosts was changed - debug: - msg: "hosts was changed" - failed_when: hosts_result is changed diff --git a/tripleo_ansible/roles/tripleo_hosts_entries/tasks/main.yml b/tripleo_ansible/roles/tripleo_hosts_entries/tasks/main.yml deleted file mode 100644 index 11ba6dc2f..000000000 --- a/tripleo_ansible/roles/tripleo_hosts_entries/tasks/main.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Create temporary file for hosts - become: true - tempfile: - state: file - suffix: tmphosts - register: tripleo_hosts_entries_tmp_hosts - check_mode: false - tags: - - tripleo_hosts_entries - -- name: Prepare temporary /etc/hosts - become: true - copy: - remote_src: true - src: "{{ tripleo_hosts_entries_hosts_path }}" - dest: "{{ tripleo_hosts_entries_tmp_hosts.path }}" - mode: preserve - tags: - - tripleo_hosts_entries - -- name: Render out the hosts entries - run_once: true - set_fact: - tripleo_hosts_entries_block: | - {% for host in tripleo_hosts_entries_overcloud_hosts_entries | default([]) + - tripleo_hosts_entries_undercloud_hosts_entries | default([]) + - tripleo_hosts_entries_extra_hosts_entries | default([]) %} - {{ host }} - {% endfor %} - tags: - - tripleo_hosts_entries - -- name: Prepare new /etc/hosts - become: true - blockinfile: - create: true - path: "{{ tripleo_hosts_entries_tmp_hosts.path }}" - # BOF denotes the beginning of the file. - insertbefore: BOF - block: "{{ tripleo_hosts_entries_block }}" - marker: "# {mark}" - marker_begin: "START_HOST_ENTRIES_FOR_STACK: {{ tripleo_stack_name | default(plan) }}" - marker_end: "END_HOST_ENTRIES_FOR_STACK: {{ tripleo_stack_name | default(plan) }}" - register: tripleo_hosts_entries_new_entries - tags: - - tripleo_hosts_entries - -- name: Update /etc/hosts contents (if changed) - become: true - # cp preserves the inode of the existing file tripleo_hosts_entries_hosts_path - command: cp "{{ tripleo_hosts_entries_tmp_hosts.path }}" "{{ tripleo_hosts_entries_hosts_path }}" - when: tripleo_hosts_entries_new_entries.changed - tags: - - tripleo_hosts_entries - -- name: Clean up temporary hosts file - become: true - file: - path: "{{ tripleo_hosts_entries_tmp_hosts.path }}" - state: absent - when: tripleo_hosts_entries_tmp_hosts.path is defined - tags: - - tripleo_hosts_entries diff --git a/tripleo_ansible/roles/tripleo_hosts_entries/vars/main.yml b/tripleo_ansible/roles/tripleo_hosts_entries/vars/main.yml deleted file mode 100644 index f07fc5f76..000000000 --- a/tripleo_ansible/roles/tripleo_hosts_entries/vars/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "tripleo_{{ role_name | replace('-', '_') }}" diff --git a/tripleo_ansible/roles/tripleo_httpd_config/defaults/main.yml b/tripleo_ansible/roles/tripleo_httpd_config/defaults/main.yml deleted file mode 100644 index a76233273..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/defaults/main.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_httpd_config" -tripleo_httpd_config_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_httpd_config_hide_sensitive_logs: true - -tripleo_httpd_config_service: null -tripleo_httpd_config_mods: {} -tripleo_httpd_config_server_name: "{{ ansible_facts['fqdn'] }}" -tripleo_httpd_config_server_root: '/etc/httpd' -tripleo_httpd_config_root_directory_options: - - '+FollowSymLinks' - - '-Indexes' -tripleo_httpd_config_directory: "{{ tripleo_httpd_config_base_dir }}/{{ tripleo_httpd_config_service }}" -tripleo_httpd_config_httpd_conf: {} diff --git a/tripleo_ansible/roles/tripleo_httpd_config/files/apache-status.conf b/tripleo_ansible/roles/tripleo_httpd_config/files/apache-status.conf deleted file mode 100644 index 7cbf6ecc0..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/files/apache-status.conf +++ /dev/null @@ -1,10 +0,0 @@ - - SetHandler server-status - Require ip 127.0.0.1 ::1 - -ExtendedStatus On - - - # Show Proxy LoadBalancer status in mod_status - ProxyStatus On - diff --git a/tripleo_ansible/roles/tripleo_httpd_config/meta/main.yml b/tripleo_ansible/roles/tripleo_httpd_config/meta/main.yml deleted file mode 100644 index 5856704f4..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: TripleO OpenStack Role -- tripleo_httpd_config - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - namespace: openstack - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 8 - - 9 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/converge.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/converge.yml deleted file mode 100644 index a35699246..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/converge.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - tripleo_httpd_config_directory: /etc/httpd - tripleo_httpd_config_service: custom-modules - tripleo_httpd_config_default_mods: - alias: [] - tripleo_httpd_config_mods: - wsgi: - - so_name: wsgi_python3 - - WSGISocketPrefix: '/var/run/wsgi' - roles: - - role: "tripleo_httpd_config" - tasks: - - name: Check httpd configuration - command: apachectl -t diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/molecule.yml deleted file mode 100644 index 6073d010b..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - name: custom-module - test_sequence: - - destroy - - create - - prepare - - converge - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/prepare.yml deleted file mode 100644 index c629501a6..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/prepare.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - httpd - - mod_ssl - - python3-mod_wsgi - - role: env_data - tasks: - - name: Empty default config files - file: - path: /etc/httpd/conf.d - state: absent diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/default/converge.yml deleted file mode 100644 index 39fe88b66..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/molecule/default/converge.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - tripleo_httpd_config_directory: /etc/httpd - tripleo_httpd_config_service: default - roles: - - role: "tripleo_httpd_config" - tasks: - - name: Check httpd configuration - command: apachectl -t diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/default/molecule.yml deleted file mode 100644 index 0d6a35358..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/molecule/default/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - name: default - test_sequence: - - destroy - - create - - prepare - - converge - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/default/prepare.yml deleted file mode 100644 index db902b85f..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/molecule/default/prepare.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - httpd - - mod_ssl - - role: env_data - tasks: - - name: Empty default config files - file: - path: /etc/httpd/conf.d - state: absent diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/converge.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/converge.yml deleted file mode 100644 index e278b7386..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/converge.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - tripleo_httpd_config_directory: /etc/httpd - tripleo_httpd_config_service: wsgi - tripleo_httpd_config_default_mods: - alias: [] - tripleo_httpd_config_mods: - wsgi: - - so_name: wsgi_python3 - - WSGISocketPrefix: '/var/run/wsgi' - roles: - - role: "tripleo_httpd_config" - tasks: - - name: Check httpd configuration - command: apachectl -t - - name: Ensure we load wsgi module - register: wsgi_loading - lineinfile: - path: /etc/httpd/conf/modules.conf - line: 'LoadModule wsgi_module modules/mod_wsgi_python3.so' - - name: Fail if file changed - when: wsgi_loading is changed - fail: - msg: 'WSGI module is not loaded' - - name: Ensure wsgi option is set - register: wsgi_option - lineinfile: - path: /etc/httpd/conf/modules.conf - line: 'WSGISocketPrefix /var/run/wsgi' - - name: Fail if file changed - when: wsgi_option is changed - fail: - msg: 'WSGI option is not set' diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/molecule.yml deleted file mode 100644 index 6de80452b..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - name: mod_wsgi - test_sequence: - - destroy - - create - - prepare - - converge - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/prepare.yml deleted file mode 100644 index c629501a6..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/prepare.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - httpd - - mod_ssl - - python3-mod_wsgi - - role: env_data - tasks: - - name: Empty default config files - file: - path: /etc/httpd/conf.d - state: absent diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/converge.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/converge.yml deleted file mode 100644 index 595131881..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/converge.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - tasks: - - name: Catch error block - block: - - name: Include role - include_role: - role: "tripleo_httpd_config" - rescue: - - name: Clear host errors - meta: clear_host_errors - - name: Successful output - debug: - msg: "Play failed as expected" - - name: Exit run - meta: end_play - - name: Error not detected - fail: - msg: "Play didn't detect the error properly" diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/molecule.yml deleted file mode 100644 index 01f80b727..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - name: no-service-name - test_sequence: - - destroy - - create - - prepare - - converge - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/prepare.yml deleted file mode 100644 index ec16f729a..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_httpd_config/tasks/configure.yml b/tripleo_ansible/roles/tripleo_httpd_config/tasks/configure.yml deleted file mode 100644 index c8206a463..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/tasks/configure.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate httpd.conf - ansible.builtin.template: - dest: "{{ tripleo_httpd_config_directory }}/conf/httpd.conf" - src: httpd.conf.j2 - -- name: Generate modules.conf - ansible.builtin.template: - dest: "{{ tripleo_httpd_config_directory }}/conf/modules.conf" - src: modules.conf.j2 - -- name: Push status module configuration - when: "'status' in (tripleo_httpd_config_default_mods|combine(tripleo_httpd_config_mods))" - ansible.builtin.copy: - dest: "{{ tripleo_httpd_config_directory }}/conf.d/apache-status.conf" - src: apache-status.conf diff --git a/tripleo_ansible/roles/tripleo_httpd_config/tasks/install.yml b/tripleo_ansible/roles/tripleo_httpd_config/tasks/install.yml deleted file mode 100644 index 87988292d..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/tasks/install.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Note: it does NOT install any package. They are already in the containers. -# Here we mostly create the needed directory tree. -- name: Create directory tree - ansible.builtin.file: - path: "{{ item }}" - state: directory - owner: root - group: root - mode: 0755 - setype: container_file_t - loop: - - "{{ tripleo_httpd_config_directory }}/conf" - - "{{ tripleo_httpd_config_directory }}/conf.d" - -- name: Create empty mandatory files - ansible.builtin.file: - path: "{{ tripleo_httpd_config_directory }}/conf/{{ item }}.conf" - state: touch - owner: root - group: root - mode: 0644 - loop: - - modules - - ports diff --git a/tripleo_ansible/roles/tripleo_httpd_config/tasks/main.yml b/tripleo_ansible/roles/tripleo_httpd_config/tasks/main.yml deleted file mode 100644 index ea170e631..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/tasks/main.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Ensure we get the minimal subset of parameters - ansible.builtin.fail: - msg: "{{ item.k }} must be set to an actual value!" - when: item.v == '' or item.v == None - loop: - - k: 'tripleo_httpd_config_service' - v: "{{ tripleo_httpd_config_service }}" - -- name: Gather fact subset - ansible.builtin.setup: - gather_subset: - - '!all' -- ansible.builtin.include_tasks: install.yml -- ansible.builtin.include_tasks: configure.yml diff --git a/tripleo_ansible/roles/tripleo_httpd_config/templates/httpd.conf.j2 b/tripleo_ansible/roles/tripleo_httpd_config/templates/httpd.conf.j2 deleted file mode 100644 index 4c1bf4bf0..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/templates/httpd.conf.j2 +++ /dev/null @@ -1,28 +0,0 @@ -# File managed by tripleo-ansible/tripleo_httpd_config -{% set config_params = tripleo_httpd_config_default_httpd_conf|combine(tripleo_httpd_config_httpd_conf) %} -{% for conf_key, conf_val in config_params.items() %} -{{ conf_key }} {{ conf_val }} -{% endfor %} - -ServerName "{{ tripleo_httpd_config_server_name }}" -ServerRoot "{{ tripleo_httpd_config_server_root }}" - - - Require all denied - - - - Options {{ tripleo_httpd_config_root_directory_options |join(' ') }} - AllowOverride None - - -Include "/etc/httpd/conf/modules.conf" -Include "/etc/httpd/conf/ports.conf" - -LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%a %l %u %t \"%r\" %>s %b" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent -LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded - -IncludeOptional "/etc/httpd/conf.d/*.conf" diff --git a/tripleo_ansible/roles/tripleo_httpd_config/templates/modules.conf.j2 b/tripleo_ansible/roles/tripleo_httpd_config/templates/modules.conf.j2 deleted file mode 100644 index ae2f8c22c..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/templates/modules.conf.j2 +++ /dev/null @@ -1,18 +0,0 @@ -# File managed by tripleo_ansible/tripleo_httpd_config -{% set modules_list = tripleo_httpd_config_default_mods|combine(tripleo_httpd_config_mods) %} -{% for module_name in modules_list %} -{% set so_name = modules_list[module_name]|json_query('[].so_name')|join('') %} -{% if so_name == '' %} -{% set so_name = module_name %} -{% endif %} -# BEGIN load module {{ module_name }} -LoadModule {{ module_name }}_module modules/mod_{{ so_name }}.so -{% for module_config in modules_list[module_name] %} -{% for config_key, config_value in module_config.items() %} -{% if config_key != 'so_name' %} -{{ config_key }} {{ config_value }} -{% endif %} -{% endfor %} -{% endfor %} -# END load module {{ module_name }} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_httpd_config/vars/main.yml b/tripleo_ansible/roles/tripleo_httpd_config/vars/main.yml deleted file mode 100644 index 15e6ba8c3..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_config/vars/main.yml +++ /dev/null @@ -1,117 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "tripleo_httpd_config" - -tripleo_httpd_config_base_dir: '/var/lib/config-data/ansible-generated' - -# Those are the default modules loaded by apache when managed by puppetlabs -# with apache::default_mods set to false. -# We also enable ssl module by default, but not wsgi. -tripleo_httpd_config_default_mods: - authz_core: [] - authz_host: [] - filter: [] - log_config: [] - mime: - - TypesConfig: "/etc/mime.types" - - AddType: "application/x-compress .Z" - - AddType: "application/x-gzip .gz .tgz" - - AddType: "application/x-bzip2 .bz2" - - AddType: "text/html .shtml" - - AddLanguage: "ca .ca" - - AddLanguage: "cs .cz .cs" - - AddLanguage: "da .dk" - - AddLanguage: "de .de" - - AddLanguage: "el .el" - - AddLanguage: "en .en" - - AddLanguage: "eo .eo" - - AddLanguage: "es .es" - - AddLanguage: "et .et" - - AddLanguage: "fr .fr" - - AddLanguage: "he .he" - - AddLanguage: "hr .hr" - - AddLanguage: "it .it" - - AddLanguage: "ja .ja" - - AddLanguage: "ko .ko" - - AddLanguage: "ltz .ltz" - - AddLanguage: "nl .nl" - - AddLanguage: "nn .nn" - - AddLanguage: "no .no" - - AddLanguage: "pl .po" - - AddLanguage: "pt .pt" - - AddLanguage: "pt-BR .pt-br" - - AddLanguage: "ru .ru" - - AddLanguage: "sv .sv" - - AddLanguage: "zh-CN .zh-cn" - - AddLanguage: "zh-TW .zh-tw" - - AddHandler: "type-map var" - - AddOutputFilter: "INCLUDES .shtml" - mpm_prefork: - - StartServers: 8 - - MinSpareServers: 5 - - MaxSpareServers: 20 - - ServerLimit: " {{ tripleo_httpd_config_prefork_serverlimit | default(100) }}" - - MaxRequestWorkers: "{{ tripleo_httpd_config_prefork_maxrequestworkers | default(100) }}" - - MaxRequestsPerChild: 4000 - - ListenBacklog: 511 - setenvif: - - BrowserMatch: '"Mozilla/2" nokeepalive' - - BrowserMatch: '"MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0' - - BrowserMatch: '"RealPlayer 4\.0" force-response-1.0' - - BrowserMatch: '"Java/1\.0" force-response-1.0' - - BrowserMatch: '"JDK/1\.0" force-response-1.0' - - BrowserMatch: '"Microsoft Data Access Internet Publishing Provider" redirect-carefully' - - BrowserMatch: '"MS FrontPage" redirect-carefully' - - BrowserMatch: '"^WebDrive" redirect-carefully' - - BrowserMatch: '"^WebDAVFS/1.[0123]" redirect-carefully' - - BrowserMatch: '"^gnome-vfs/1.0" redirect-carefully' - - BrowserMatch: '"^gvfs/1" redirect-carefully' - - BrowserMatch: '"^XML Spy" redirect-carefully' - - BrowserMatch: '"^Dreamweaver-WebDAV-SCM1" redirect-carefully' - - BrowserMatch: '" Konqueror/4" redirect-carefully' - - BrowserMatch: '"MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0' - - BrowserMatch: '"MSIE [17-9]" ssl-unclean-shutdown' - socache_shmcb: [] - status: [] - systemd: [] - unixd: [] - -# These configurations are the same as provided by default by puppetlabs-apache -tripleo_httpd_config_default_httpd_conf: - ServerTokens: 'Prod' - ServerSignature: 'Off' - TraceEnable: 'Off' - ServerRoot: '/etc/httpd' - PidFile: 'run/httpd.pid' - TimeOut: 90 - KeepAlive: 'On' - MaxKeepAliveRequests: 100 - KeepAliveTimeout: 15 - LimitRequestFieldSize: 8190 - LimitRequestFields: 100 - User: 'apache' - Group: 'apache' - AccessFileName: '.htaccess' - HostnameLookups: 'Off' - ErrorLog: '/var/log/httpd/error_log' - LogLevel: 'warn' - EnableSendfile: 'On' diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/defaults/main.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/defaults/main.yml deleted file mode 100644 index cb9861ac8..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/defaults/main.yml +++ /dev/null @@ -1,84 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_httpd_vhost" -tripleo_httpd_vhost_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_httpd_vhost_hide_sensitive_logs: true - -tripleo_httpd_vhost_service_name: null -tripleo_httpd_vhost_config: "{{ tripleo_httpd_vhost_base_dir }}/{{ tripleo_httpd_vhost_service_name }}/etc/httpd" - -tripleo_httpd_vhost_access_log_name: "{{ tripleo_httpd_vhost_service_name }}" -tripleo_httpd_vhost_access_log_file: "/var/log/httpd/{{ tripleo_httpd_vhost_access_log_name }}_access.log" -tripleo_httpd_vhost_access_log_format: 'combined' -tripleo_httpd_vhost_aliases: null -tripleo_httpd_vhost_allow_encoded_slashes: null -tripleo_httpd_vhost_bind_host: '*' -tripleo_httpd_vhost_custom_options: {} -tripleo_httpd_vhost_bind_port: 80 -tripleo_httpd_vhost_custom_wsgi_process_options: {} -tripleo_httpd_vhost_document_root: '/var/www/cgi-bin' -tripleo_httpd_vhost_error_log_file: "/var/log/httpd/{{ tripleo_httpd_vhost_access_log_name }}_error.log" -tripleo_httpd_vhost_group: 'apache' -tripleo_httpd_vhost_headers: [] -tripleo_httpd_vhost_locations: {} -tripleo_httpd_vhost_options: - - '-Indexes' - - '+FollowSymLinks' - - '+MultiViews' -tripleo_httpd_vhost_path: '/' -tripleo_httpd_vhost_priority: 10 -tripleo_httpd_vhost_proxy: false -tripleo_httpd_vhost_proxy_requests: 'Off' -tripleo_httpd_vhost_proxy_preserve_host: 'Off' -tripleo_httpd_vhost_proxy_path: '/' -tripleo_httpd_vhost_proxy_host: null -tripleo_httpd_vhost_proxy_port: null -tripleo_httpd_vhost_proxy_params: - retry: 10 -tripleo_httpd_vhost_request_headers: [] -tripleo_httpd_vhost_servername: "{{ ansible_facts['fqdn'] }}" -tripleo_httpd_vhost_setenv: [] -tripleo_httpd_vhost_set_wsgi_import_script: false -tripleo_httpd_vhost_ssl_ca: null -tripleo_httpd_vhost_ssl_certs_dir: null -tripleo_httpd_vhost_ssl_cert: null -tripleo_httpd_vhost_ssl_chain: null -tripleo_httpd_vhost_ssl_crl_path: null -tripleo_httpd_vhost_ssl_crl: null -tripleo_httpd_vhost_ssl: false -tripleo_httpd_vhost_ssl_key: null -tripleo_httpd_vhost_ssl_verify_client: null -tripleo_httpd_vhost_threads: 1 -tripleo_httpd_vhost_user: 'apache' -tripleo_httpd_vhost_vhost_custom_fragment: null -# Originaly, in openstacklib, it's using a custom $::os_workers fact -# https://github.com/openstack/puppet-openstacklib/blob/master/manifests/wsgi/apache.pp#L103-L105 -# https://github.com/openstack/puppet-openstacklib/blob/master/lib/facter/os_workers.rb#L42-L47 -tripleo_httpd_vhost_workers: "{{ ([12, [ansible_facts['processor_count'] / 2, 2]|max ]|min)|int }}" -tripleo_httpd_vhost_wsgi: false -tripleo_httpd_vhost_wsgi_application_group: '%{GLOBAL}' -tripleo_httpd_vhost_wsgi_chunked_request: null -tripleo_httpd_vhost_wsgi_daemon_process: "{{ tripleo_httpd_vhost_service_name }}" -tripleo_httpd_vhost_wsgi_import_script_options: {} -tripleo_httpd_vhost_wsgi_import_script: false -tripleo_httpd_vhost_wsgi_pass_authorization: null -tripleo_httpd_vhost_wsgi_process_display_name: "{{ tripleo_httpd_vhost_service_name }}" -tripleo_httpd_vhost_wsgi_process_group: "{{ tripleo_httpd_vhost_service_name }}" -tripleo_httpd_vhost_wsgi_script_alias: null diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/meta/main.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/meta/main.yml deleted file mode 100644 index 16b0d4d53..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: TripleO OpenStack Role -- tripleo_httpd_vhost - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - namespace: openstack - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 8 - - 9 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/converge.yml deleted file mode 100644 index 59eabf144..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/converge.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - tripleo_httpd_vhost_config: /etc/httpd - tripleo_httpd_vhost_service_name: default - tripleo_httpd_vhost_user: bar - tripleo_httpd_vhost_priority: 20 - roles: - - "tripleo_httpd_vhost" - tasks: - - name: Validate httpd configuration - command: apachectl -t - - name: Validate some content in the generated file - register: validate_lines - lineinfile: - path: /etc/httpd/conf.d/20-default.conf - line: "{{ item }}" - loop: - - "" - - " ServerName {{ ansible_facts['fqdn'] }}" - - name: Fail if file changed - when: item.changed|bool - fail: - msg: 'Configuration is missing some content' - loop: "{{ validate_lines.results }}" diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/molecule.yml deleted file mode 100644 index 0d6a35358..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - name: default - test_sequence: - - destroy - - create - - prepare - - converge - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/prepare.yml deleted file mode 100644 index 16004e465..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/prepare.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - httpd - - mod_ssl - - role: env_data - tasks: - - name: Create bar user - user: - name: bar - - name: Empty default config files - file: - path: /etc/httpd/conf.d - state: absent diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/locations/converge.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/locations/converge.yml deleted file mode 100644 index 93b6f97a0..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/locations/converge.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - tripleo_httpd_vhost_service_name: proxy - tripleo_httpd_vhost_user: bar - tripleo_httpd_vhost_proxy: true - tripleo_httpd_vhost_proxy_host: 127.0.0.1 - tripleo_httpd_vhost_proxy_port: 8080 - tripleo_httpd_config_mods: - headers: [] - tripleo_httpd_config_locations: - '/v3/OS-FEDERATION/identity_providers/IDENTITYPROVIDER/protocols/PROTOCOL/auth': - - 'Options': '+Indexes -MultiViews +FollowSymLinks' - - 'Require': 'valid-user' - '/v3/auth/OS-FEDERATION/websso/PROTOCOL': - - 'Header': 'set MyHeader "%D %t"' - roles: - - "tripleo_httpd_vhost" - tasks: - - name: Validate httpd configuration - command: apachectl -t diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/locations/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/locations/molecule.yml deleted file mode 100644 index 1cad71b1f..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/locations/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - name: locations - test_sequence: - - destroy - - create - - prepare - - converge - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/locations/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/locations/prepare.yml deleted file mode 100644 index 16004e465..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/locations/prepare.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - httpd - - mod_ssl - - role: env_data - tasks: - - name: Create bar user - user: - name: bar - - name: Empty default config files - file: - path: /etc/httpd/conf.d - state: absent diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/converge.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/converge.yml deleted file mode 100644 index 65c2e7482..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/converge.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - tasks: - - name: Missing all vars - block: - - name: Set up wsgi - include_role: - role: "tripleo_httpd_vhost" - rescue: - - name: Clean host errors - meta: clear_host_errors - - name: Successful output - debug: - msg: "Properly failed as expected" - - - name: Missing only one var - vars: - tripleo_httpd_vhost_user: foo - block: - - name: Set up wsgi - include_role: - role: "tripleo_httpd_vhost" - rescue: - - name: Clean host errors - meta: clear_host_errors - - name: Successful output - debug: - msg: "Properly failed as expected" - - name: Exit play - meta: end_play - - - name: Fail at this point - fail: - msg: 'Did not catch missing vars' diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/molecule.yml deleted file mode 100644 index d066b399f..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - name: missing-vars - test_sequence: - - destroy - - create - - prepare - - converge - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/prepare.yml deleted file mode 100644 index ec16f729a..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/converge.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/converge.yml deleted file mode 100644 index c7a850d32..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/converge.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - tripleo_httpd_vhost_service_name: proxy - tripleo_httpd_vhost_user: bar - tripleo_httpd_vhost_proxy: true - tripleo_httpd_vhost_proxy_host: 127.0.0.1 - tripleo_httpd_vhost_proxy_port: 8080 - tripleo_httpd_config_mods: - proxy: [] - roles: - - "tripleo_httpd_vhost" - tasks: - - name: Validate httpd configuration - command: apachectl -t diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/molecule.yml deleted file mode 100644 index 5ef5423c2..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - name: proxy - test_sequence: - - destroy - - create - - prepare - - converge - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/prepare.yml deleted file mode 100644 index 16004e465..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/prepare.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - httpd - - mod_ssl - - role: env_data - tasks: - - name: Create bar user - user: - name: bar - - name: Empty default config files - file: - path: /etc/httpd/conf.d - state: absent diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/converge.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/converge.yml deleted file mode 100644 index ba42de2ad..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/converge.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - tripleo_httpd_vhost_config: /etc/httpd - tripleo_httpd_vhost_service_name: ssl - tripleo_httpd_vhost_user: bar - tripleo_httpd_vhost_ssl: true - tripleo_httpd_vhost_ssl_key: /etc/pki/foo.key - tripleo_httpd_vhost_ssl_cert: /etc/pki/foo.pem - tripleo_httpd_config_mods: - ssl: - - SSLCipherSuite: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES' - - SSLProtocol: 'all -SSLv2 -SSLv3 -TLSv1' - - SSLOptions: 'StdEnvVars' - roles: - - "tripleo_httpd_vhost" - tasks: - - name: Validate httpd configuration - command: apachectl -t diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/molecule.yml deleted file mode 100644 index b410376c1..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - name: ssl - test_sequence: - - destroy - - create - - prepare - - converge - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/prepare.yml deleted file mode 100644 index e694ee8fc..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/prepare.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - httpd - - mod_ssl - - python3-cryptography - - role: env_data - tasks: - - name: Create bar user - user: - name: bar - - name: Empty default config files - file: - path: /etc/httpd/conf.d - state: absent - - name: Create private key - community.crypto.openssl_privatekey: - path: /etc/pki/foo.key - - name: Generate CSR - community.crypto.openssl_csr: - path: /etc/pki/foo.csr - privatekey_path: /etc/pki/foo.key - common_name: foo.bar - - name: Generate fake certificate - community.crypto.x509_certificate: - path: /etc/pki/foo.pem - privatekey_path: /etc/pki/foo.key - csr_path: /etc/pki/foo.csr - provider: selfsigned diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/converge.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/converge.yml deleted file mode 100644 index d20bdb505..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/converge.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - tripleo_httpd_vhost_config: /etc/httpd - tripleo_httpd_vhost_service_name: wsgi - tripleo_httpd_vhost_user: bar - tripleo_httpd_vhost_wsgi: true - tripleo_httpd_vhost_wsgi_script_alias: - '/': '/var/www/cgi-bin/app' - tripleo_httpd_config_mods: - wsgi: - - so_name: 'wsgi_python3' - roles: - - "tripleo_httpd_vhost" - tasks: - - name: Validate httpd configuration - command: apachectl -t diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/molecule.yml deleted file mode 100644 index 00f890b24..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - name: wsgi - test_sequence: - - destroy - - create - - prepare - - converge - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/prepare.yml deleted file mode 100644 index f001c63ff..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/prepare.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - httpd - - mod_ssl - - python3-mod_wsgi - - role: env_data - tasks: - - name: Create bar user - user: - name: bar - - name: Empty default config files - file: - path: /etc/httpd/conf.d - state: absent diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/tasks/install.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/tasks/install.yml deleted file mode 100644 index 7f9fed902..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/tasks/install.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Call httpd_config role with appropriate parameters - vars: - tripleo_httpd_config_service: "{{ tripleo_httpd_vhost_service_name }}" - tripleo_httpd_config_directory: "{{ tripleo_httpd_vhost_config }}" - ansible.builtin.include_role: - role: tripleo_httpd_config diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/tasks/main.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/tasks/main.yml deleted file mode 100644 index f1af28b16..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/tasks/main.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- -# Copyright Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Ensure some of the parameters are properly set - ansible.builtin.fail: - msg: "{{ item.k }} must be set to an actual value!" - when: item.v == None - loop: - - k: 'tripleo_httpd_vhost_service_name' - v: "{{ tripleo_httpd_vhost_service_name }}" - - k: 'tripleo_httpd_vhost_user' - v: "{{ tripleo_httpd_vhost_user }}" - -- name: Check TLS parameters if needed - when: - - tripleo_httpd_vhost_ssl|bool - block: - - name: Ensure TLS related parameters are set - ansible.builtin.fail: - msg: "{{ item.k }} must be set if you enable TLS" - when: item.v == None - loop: - - k: 'tripleo_httpd_vhost_ssl_key' - v: "{{ tripleo_httpd_vhost_ssl_key }}" - - k: 'tripleo_httpd_vhost_ssl_cert' - v: "{{ tripleo_httpd_vhost_ssl_cert }}" - -- name: Check proxy parameters if needed - when: - - tripleo_httpd_vhost_proxy|bool - block: - - name: Ensure proxy parameters are set - ansible.builtin.fail: - msg: "{{ item.k }} must be set if you enable proxy" - when: item.v == None - loop: - - k: 'tripleo_httpd_vhost_proxy_host' - v: "{{ tripleo_httpd_vhost_proxy_host }}" - - k: 'tripleo_httpd_vhost_proxy_port' - v: "{{ tripleo_httpd_vhost_proxy_port }}" - -- name: Check wsgi parameters if needed - when: - - tripleo_httpd_vhost_wsgi|bool - block: - - name: Ensure wsgi parameters are set - ansible.builtin.fail: - msg: "{{ item.k }} must be set if you enable WSGI" - when: item.v == None - loop: - - k: 'tripleo_httpd_vhost_wsgi_script_alias' - v: "{{ tripleo_httpd_vhost_wsgi_script_alias }}" - -- name: Gather some facts - when: "'processor_count' not in ansible_facts or 'fqdn' not in ansible_facts" - ansible.builtin.setup: - gather_subset: - - '!all' - - 'min' - - 'processor_count' - -- name: Create needed directories - ansible.builtin.import_tasks: install.yml - -- name: Configure vhost - ansible.builtin.import_tasks: vhost.yml diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/tasks/vhost.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/tasks/vhost.yml deleted file mode 100644 index 61f6c1286..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/tasks/vhost.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Push vhost port - ansible.builtin.lineinfile: - path: "{{ tripleo_httpd_vhost_config }}/conf/ports.conf" - line: 'Listen {{ tripleo_httpd_vhost_bind_host }}:{{ tripleo_httpd_vhost_bind_port }}' - create: true - group: root - owner: root - mode: 0644 - -- name: Push vhost configuration file - ansible.builtin.template: - dest: "{{ tripleo_httpd_vhost_config }}/conf.d/{{ tripleo_httpd_vhost_priority }}-{{ tripleo_httpd_vhost_service_name }}.conf" - src: vhost.conf.j2 diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/templates/locations.inc.j2 b/tripleo_ansible/roles/tripleo_httpd_vhost/templates/locations.inc.j2 deleted file mode 100644 index 4d04191d4..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/templates/locations.inc.j2 +++ /dev/null @@ -1,9 +0,0 @@ -# Specific locations -{% for location, options in tripleo_httpd_vhost_locations.items() %} - -{% for option, value in options.items() %} - {{ option }} {{ value }} -{% endfor %} - -{% endfor %} -# End of specific locations diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/templates/proxy.inc.j2 b/tripleo_ansible/roles/tripleo_httpd_vhost/templates/proxy.inc.j2 deleted file mode 100644 index 14c2c988c..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/templates/proxy.inc.j2 +++ /dev/null @@ -1,5 +0,0 @@ - # Proxy configuration - ProxyRequests {{ tripleo_httpd_vhost_proxy_requests }} - ProxyPreserveHost {{ tripleo_httpd_vhost_proxy_preserve_host }} - ProxyPass {{ tripleo_httpd_vhost_proxy_path }} http://{{ tripleo_httpd_vhost_proxy_host }}:{{ tripleo_httpd_vhost_proxy_port }}/ {{ tripleo_httpd_vhost_proxy_params.items() | map('join', '=') | join(' ') }} - ProxyPassReverse / http://{{ tripleo_httpd_vhost_proxy_host }}:{{ tripleo_httpd_vhost_proxy_port }}/ diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/templates/ssl.inc.j2 b/tripleo_ansible/roles/tripleo_httpd_vhost/templates/ssl.inc.j2 deleted file mode 100644 index bcdddf11c..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/templates/ssl.inc.j2 +++ /dev/null @@ -1,22 +0,0 @@ - # TLS configuration - SSLEngine on - SSLCertificateFile "{{ tripleo_httpd_vhost_ssl_cert }}" - SSLCertificateKeyFile "{{ tripleo_httpd_vhost_ssl_key }}" -{% if tripleo_httpd_vhost_ssl_ca %} - SSLCACertificateFile "{{ tripleo_httpd_vhost_ssl_ca }}" -{% endif %} -{% if tripleo_httpd_vhost_ssl_verify_client %} - SSLVerifyClient {{ tripleo_httpd_vhost_ssl_verify_client }} -{% endif %} -{% if tripleo_httpd_vhost_ssl_chain %} - SSLCertificateChainFile "{{ tripleo_httpd_vhost_ssl_chain }}" -{% endif %} -{% if tripleo_httpd_vhost_ssl_crl_path %} - SSLCARevocationPath "{{ tripleo_httpd_vhost_ssl_crl_path }}" -{% endif %} -{% if tripleo_httpd_vhost_ssl_crl %} - SSLCARevocationFile "{{ tripleo_httpd_vhost_ssl_crl }}" -{% endif %} -{% if tripleo_httpd_vhost_ssl_certs_dir %} - SSLCACertificatePath "{{ tripleo_httpd_vhost_ssl_certs_dir }}" -{% endif %} diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/templates/vhost.conf.j2 b/tripleo_ansible/roles/tripleo_httpd_vhost/templates/vhost.conf.j2 deleted file mode 100644 index c05effea7..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/templates/vhost.conf.j2 +++ /dev/null @@ -1,44 +0,0 @@ -# File managed by tripleo-ansible/tripleo_httpd_vhost - - ServerName {{ tripleo_httpd_vhost_servername }} - - ## Vhost docroot - DocumentRoot "{{ tripleo_httpd_vhost_document_root }}" - - - Options {{ tripleo_httpd_vhost_options | join(' ') }} - AllowOverride None - Require all granted - - -{% include 'templates/locations.inc.j2' %} - - ## Logging - ErrorLog "{{ tripleo_httpd_vhost_error_log_file }}" - ServerSignature Off - CustomLog "{{ tripleo_httpd_vhost_access_log_file }}" {{ tripleo_httpd_vhost_access_log_format }} - SetEnvIf X-Forwarded-Proto https HTTPS=1 -{% for request_header in tripleo_httpd_vhost_request_headers %} - RequestHeader {{ request_header }} -{% endfor -%} -{% for header in tripleo_httpd_vhost_headers %} - Header {{ header }} -{% endfor %} -{% if tripleo_httpd_vhost_allow_encoded_slashes != None %} - AllowEncodedSlashes {{ tripleo_httpd_vhost_allow_encoded_slashes }} -{% endif %} - -{% if tripleo_httpd_vhost_wsgi|bool %} -{% include 'templates/wsgi.inc.j2' %} -{% endif %} -{% if tripleo_httpd_vhost_ssl|bool %} -{% include 'templates/ssl.inc.j2' %} -{% endif %} -{% if tripleo_httpd_vhost_proxy|bool %} -{% include 'templates/proxy.inc.j2' %} -{% endif %} - -{%- for option, value in tripleo_httpd_vhost_custom_options.items() %} - {{ option }} {{ value }} -{% endfor %} - diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/templates/wsgi.inc.j2 b/tripleo_ansible/roles/tripleo_httpd_vhost/templates/wsgi.inc.j2 deleted file mode 100644 index 88d2cf958..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/templates/wsgi.inc.j2 +++ /dev/null @@ -1,38 +0,0 @@ - ## WSGI configuration -{% set default_wsgi_opts = {'user': tripleo_httpd_vhost_user, 'group': tripleo_httpd_vhost_group, 'processes': tripleo_httpd_vhost_workers, 'threads': tripleo_httpd_vhost_threads, 'display-name': tripleo_httpd_vhost_wsgi_process_display_name} -%} -{% set default_script_opts = {'process-group': tripleo_httpd_vhost_wsgi_daemon_process, 'application-group': tripleo_httpd_vhost_wsgi_application_group} -%} -{% set wsgi_opt = default_wsgi_opts|combine(tripleo_httpd_vhost_custom_wsgi_process_options) -%} -{% set script_opt = default_script_opts|combine(tripleo_httpd_vhost_wsgi_import_script_options) -%} -{% set path_real = tripleo_httpd_vhost_path | regex_replace('(^/.*)/$', '\1') -%} - -{% if tripleo_httpd_vhost_wsgi_daemon_process is string %} - WSGIDaemonProcess {{ tripleo_httpd_vhost_wsgi_daemon_process }} {{ wsgi_opt.items()|map('join', '=')|join(' ') }} -{% elif tripleo_httpd_vhost_wsgi_daemon_process is mapping %} -{% for key, value in tripleo_httpd_vhost_wsgi_daemon_process.items() %} -{% if value %} - WSGIDaemonProcess {{ key }} {{ value.items()|map('join', '=')|join(' ') }} -{% else %} - WSGIDaemonProcess {{ key }} -{% endif %} -{% endfor -%} -{% endif %} - -{%- if tripleo_httpd_vhost_wsgi_process_group %} - WSGIProcessGroup "{{ tripleo_httpd_vhost_wsgi_process_group }}" -{% endif %} - -{%- for key, value in tripleo_httpd_vhost_wsgi_script_alias.items() %} - WSGIScriptAlias {{ key }} "{{ value }}" -{% endfor %} - -{%- if tripleo_httpd_vhost_wsgi_application_group %} - WSGIApplicationGroup "{{ tripleo_httpd_vhost_wsgi_application_group }}" -{% endif -%} - -{%- if tripleo_httpd_vhost_wsgi_pass_authorization %} - WSGIPassAuthorization {{ tripleo_httpd_vhost_wsgi_pass_authorization }} -{% endif -%} - -{%- if tripleo_httpd_vhost_wsgi_chunked_request %} - WSGIChunkedRequest {{ tripleo_httpd_vhost_wsgi_chunked_request }} -{% endif -%} diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/vars/main.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/vars/main.yml deleted file mode 100644 index 9f1658170..000000000 --- a/tripleo_ansible/roles/tripleo_httpd_vhost/vars/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "tripleo_httpd_vhost" - -tripleo_httpd_vhost_base_dir: '/var/lib/config-data/ansible-generated' diff --git a/tripleo_ansible/roles/tripleo_image_serve/defaults/main.yml b/tripleo_ansible/roles/tripleo_image_serve/defaults/main.yml deleted file mode 100644 index 0ce2d73c9..000000000 --- a/tripleo_ansible/roles/tripleo_image_serve/defaults/main.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# NOTE(cloudnull): This role used to use a non-namespaced option, which has a high -# probability of creating conflicts with other roles in the greater -# ansible ecosystem. To ensure that we're able to retain existing -# variable functionality the "modules" option will supersede -# "tripleo_modules" if defined. This default should be removed -# just as soon as we're validate that the non-namespaced option -# is no longer in use. - -# defaults file for apache-image-serve - -tripleo_container_registry_host: "{{ container_registry_host | default('localhost') }}" -tripleo_container_registry_port: "{{ container_registry_port | default('8787') }}" -tripleo_image_data_dir: "{{ image_data_dir | default('/var/lib/image-serve') }}" diff --git a/tripleo_ansible/roles/tripleo_image_serve/meta/main.yml b/tripleo_ansible/roles/tripleo_image_serve/meta/main.yml deleted file mode 100644 index 2d449c0f0..000000000 --- a/tripleo_ansible/roles/tripleo_image_serve/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_image_serve - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_image_serve/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_image_serve/molecule/default/converge.yml deleted file mode 100644 index 48985e418..000000000 --- a/tripleo_ansible/roles/tripleo_image_serve/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_image_serve" diff --git a/tripleo_ansible/roles/tripleo_image_serve/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_image_serve/molecule/default/molecule.yml deleted file mode 100644 index 20d7e2005..000000000 --- a/tripleo_ansible/roles/tripleo_image_serve/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_image_serve/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_image_serve/molecule/default/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/tripleo_image_serve/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_image_serve/molecule/default/tests/test_default.py b/tripleo_ansible/roles/tripleo_image_serve/molecule/default/tests/test_default.py deleted file mode 100644 index f5725b721..000000000 --- a/tripleo_ansible/roles/tripleo_image_serve/molecule/default/tests/test_default.py +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import os - -import testinfra.utils.ansible_runner - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_package_installed(host): - assert host.package("httpd").is_installed - - -def test_image_serve_conf_exists(host): - assert host.file("/etc/httpd/conf.d/image-serve.conf").exists - - -def test_image_serve_dir_exists(host): - assert host.file("/var/lib/image-serve").exists - - -def test_httpd_running(host): - assert host.service("httpd").is_running - - -def test_httpd_enabled(host): - assert host.service("httpd").is_enabled diff --git a/tripleo_ansible/roles/tripleo_image_serve/molecule/legacy_vars/converge.yml b/tripleo_ansible/roles/tripleo_image_serve/molecule/legacy_vars/converge.yml deleted file mode 100644 index 234abc8e4..000000000 --- a/tripleo_ansible/roles/tripleo_image_serve/molecule/legacy_vars/converge.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_image_serve" - container_registry_host: 'localhost' - container_registry_port: 8787 - image_data_dir: "/var/lib/image-serve-legacy" diff --git a/tripleo_ansible/roles/tripleo_image_serve/molecule/legacy_vars/molecule.yml b/tripleo_ansible/roles/tripleo_image_serve/molecule/legacy_vars/molecule.yml deleted file mode 100644 index 20d7e2005..000000000 --- a/tripleo_ansible/roles/tripleo_image_serve/molecule/legacy_vars/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_image_serve/molecule/legacy_vars/prepare.yml b/tripleo_ansible/roles/tripleo_image_serve/molecule/legacy_vars/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/tripleo_image_serve/molecule/legacy_vars/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_image_serve/molecule/legacy_vars/tests/test_default.py b/tripleo_ansible/roles/tripleo_image_serve/molecule/legacy_vars/tests/test_default.py deleted file mode 100644 index a52e5b3dd..000000000 --- a/tripleo_ansible/roles/tripleo_image_serve/molecule/legacy_vars/tests/test_default.py +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import os - -import testinfra.utils.ansible_runner - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_package_installed(host): - assert host.package("httpd").is_installed - - -def test_image_serve_conf_exists(host): - assert host.file("/etc/httpd/conf.d/image-serve.conf").exists - - -def test_image_serve_dir_exists(host): - assert host.file("/var/lib/image-serve-legacy").exists - - -def test_httpd_running(host): - assert host.service("httpd").is_running - - -def test_httpd_enabled(host): - assert host.service("httpd").is_enabled diff --git a/tripleo_ansible/roles/tripleo_image_serve/tasks/main.yml b/tripleo_ansible/roles/tripleo_image_serve/tasks/main.yml deleted file mode 100644 index 4c213231a..000000000 --- a/tripleo_ansible/roles/tripleo_image_serve/tasks/main.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: ensure apache is installed - package: - name: httpd - state: present - register: tripleo_image_serve_pkg_result - -- name: create image data directory - file: - state: directory - path: "{{ tripleo_image_data_dir }}/v2" - mode: 0755 - owner: root - group: root - setype: httpd_sys_content_t - -- name: create /v2/ response file - copy: - content: "{}" - dest: "{{ tripleo_image_data_dir }}/v2/index.json" - mode: 0644 - owner: root - group: root - setype: httpd_sys_content_t - -- name: Add listen line - lineinfile: - path: /etc/httpd/conf/httpd.conf - regexp: '^\s*Listen(.*)$' - line: '# Listen \1' - register: tripleo_image_serve_httpd_config_result - -- name: manage /etc/httpd/conf.d/image-serve.conf - template: - src: image-serve.conf.j2 - dest: /etc/httpd/conf.d/image-serve.conf - register: tripleo_image_serve_config_result - -- name: Image-Serve | restart httpd - systemd: - name: httpd - state: restarted - enabled: true - daemon_reload: true - when: - - (tripleo_image_serve_pkg_result.changed or - tripleo_image_serve_httpd_config_result.changed or - tripleo_image_serve_config_result.changed) diff --git a/tripleo_ansible/roles/tripleo_image_serve/templates/image-serve.conf.j2 b/tripleo_ansible/roles/tripleo_image_serve/templates/image-serve.conf.j2 deleted file mode 100644 index d64c9e070..000000000 --- a/tripleo_ansible/roles/tripleo_image_serve/templates/image-serve.conf.j2 +++ /dev/null @@ -1,61 +0,0 @@ -# {{ ansible_managed }} - -Listen {{ tripleo_container_registry_port }} - - DocumentRoot {{ tripleo_image_data_dir }} - ErrorLog "/var/log/httpd/image_serve_error.log" - ServerSignature Off - CustomLog "/var/log/httpd/image_serve_access.log" combined - SetEnvIf X-Forwarded-Proto https HTTPS=1 - RedirectMatch ^/$ /v2 - TraceEnable off - - - # This assumes a file exists containing {} at - # {{ tripleo_image_data_dir }}/index.json - DirectoryIndex index.json - - Options FollowSymLinks MultiViews - AllowOverride FileInfo - Require all granted - - Header set Docker-Distribution-Api-Version registry/2.0 - - - # LP#1953198 / rhbz#2026654 - - Options FollowSymLinks - AllowOverride None - AddHandler type-map .type-map - RewriteEngine On - ReWriteCond %{REQUEST_URI} !(\.json|\.type-map)$ - RewriteRule ^(.*) $1.type-map [PT,L] - - - - Options FollowSymLinks - AllowOverride None - AddHandler type-map .type-map - RewriteEngine On - ReWriteCond %{REQUEST_URI} !(\.json|\.type-map)$ - RewriteRule ^(.*) $1.type-map [PT,L] - - - - SetEnvIf Request_URI "sha256:(.*)$" digest=sha256:$1 - Header set Docker-Content-Digest "%{digest}e" - Header set ETag "%{digest}e" - Header set Cache-Control "max-age=31536000" - Header set Content-Type "application/octet-stream" - - - - SetEnvIf Request_URI "sha256:(.*)$" digest=sha256:$1 - Header set Docker-Content-Digest "%{digest}e" - Header set ETag "%{digest}e" - Header set Cache-Control "max-age=31536000" - Header set Content-Type "application/octet-stream" - - - - diff --git a/tripleo_ansible/roles/tripleo_ironic/defaults/main.yml b/tripleo_ansible/roles/tripleo_ironic/defaults/main.yml deleted file mode 100644 index 5cbdd82d9..000000000 --- a/tripleo_ansible/roles/tripleo_ironic/defaults/main.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_ironic_" - -tripleo_ironic_api_httpd_config_httpd_conf: null -tripleo_ironic_api_httpd_config_prefork_serverlimit: null -tripleo_ironic_api_httpd_config_prefork_maxrequestworkers: null -tripleo_ironic_api_httpd_config_mods: null -tripleo_ironic_api_httpd_vhost_ssl_ca: null diff --git a/tripleo_ansible/roles/tripleo_ironic/meta/main.yml b/tripleo_ansible/roles/tripleo_ironic/meta/main.yml deleted file mode 100644 index c17481447..000000000 --- a/tripleo_ansible/roles/tripleo_ironic/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: TripleO OpenStack Role -- tripleo_ironic - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - namespace: openstack - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 8 - - 9 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_ironic/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_ironic/molecule/default/converge.yml deleted file mode 100644 index 9d57f8e56..000000000 --- a/tripleo_ansible/roles/tripleo_ironic/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_ironic" diff --git a/tripleo_ansible/roles/tripleo_ironic/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_ironic/molecule/default/molecule.yml deleted file mode 100644 index 20d7e2005..000000000 --- a/tripleo_ansible/roles/tripleo_ironic/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_ironic/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_ironic/molecule/default/prepare.yml deleted file mode 100644 index ec16f729a..000000000 --- a/tripleo_ansible/roles/tripleo_ironic/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_ironic/tasks/api_httpd.yaml b/tripleo_ansible/roles/tripleo_ironic/tasks/api_httpd.yaml deleted file mode 100644 index d3a688043..000000000 --- a/tripleo_ansible/roles/tripleo_ironic/tasks/api_httpd.yaml +++ /dev/null @@ -1,42 +0,0 @@ ---- -- name: Ensure needed params are set - fail: - msg: "{{ item.k }} must be set to an actual value" - when: item.v == None - loop: - - k: "tripleo_ironic_api_httpd_config_httpd_conf" - v: "{{ tripleo_ironic_api_httpd_config_httpd_conf }}" - - k: "tripleo_ironic_api_httpd_config_prefork_serverlimit" - v: "{{ tripleo_ironic_api_httpd_config_prefork_serverlimit }}" - - k: "tripleo_ironic_api_httpd_config_prefork_maxrequestworkers" - v: "{{ tripleo_ironic_api_httpd_config_prefork_maxrequestworkers }}" - - k: "tripleo_ironic_api_httpd_config_mods" - v: "{{ tripleo_ironic_api_httpd_config_mods }}" - -- name: Create httpd config and vhost - vars: - tripleo_httpd_config_httpd_conf: "{{ tripleo_ironic_api_httpd_config_httpd_conf }}" - tripleo_httpd_config_prefork_serverlimit: "{{ tripleo_ironic_api_httpd_config_prefork_serverlimit }}" - tripleo_httpd_config_prefork_maxrequestworkers: "{{ tripleo_ironic_api_httpd_config_prefork_maxrequestworkers }}" - tripleo_httpd_config_mods: "{{ tripleo_ironic_api_httpd_config_mods }}" - tripleo_httpd_vhost_ssl_ca: "{{ tripleo_ironic_api_httpd_vhost_ssl_ca }}" - # Fixed params - tripleo_httpd_vhost_user: 'ironic' - tripleo_httpd_vhost_service_name: 'ironic_api' - tripleo_httpd_vhost_group: "{{ tripleo_httpd_vhost_user }}" - tripleo_httpd_vhost_access_log_format: 'forwarded' - tripleo_httpd_vhost_access_log_name: 'ironic_wsgi' - tripleo_httpd_vhost_document_root: '/var/www/cgi-bin/ironic' - tripleo_httpd_vhost_wsgi_process_group: "{{ tripleo_httpd_vhost_user }}" - tripleo_httpd_vhost_wsgi_daemon_process: - ironic: - 'display-name': 'ironic_wsgi' - group: "{{ tripleo_httpd_vhost_user }}" - processes: 6 - threads: 15 - user: "{{ tripleo_httpd_vhost_user }}" - tripleo_httpd_vhost_wsgi: true - tripleo_httpd_vhost_wsgi_script_alias: - '/': '/var/www/cgi-bin/ironic/app' - import_role: - name: tripleo_httpd_vhost diff --git a/tripleo_ansible/roles/tripleo_ironic/tasks/ipxe_httpd.yaml b/tripleo_ansible/roles/tripleo_ironic/tasks/ipxe_httpd.yaml deleted file mode 100644 index 08fefc6a5..000000000 --- a/tripleo_ansible/roles/tripleo_ironic/tasks/ipxe_httpd.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Create httpd config and vhost - vars: - tripleo_httpd_vhost_user: 'ironic' - tripleo_httpd_vhost_service_name: 'ironic' - tripleo_httpd_vhost_servername: 'ipxe_vhost' - tripleo_httpd_vhost_group: "{{ tripleo_httpd_vhost_user }}" - tripleo_httpd_vhost_access_log_name: "{{ tripleo_httpd_vhost_servername }}" - tripleo_httpd_vhost_document_root: '/var/lib/ironic/httpboot' - tripleo_httpd_vhost_options: - - 'Indexes' - - 'FollowSymLinks' - tripleo_httpd_vhost_wsgi: false - tripleo_httpd_vhost_ssl: false - import_role: - name: tripleo_httpd_vhost diff --git a/tripleo_ansible/roles/tripleo_iscsid/defaults/main.yml b/tripleo_ansible/roles/tripleo_iscsid/defaults/main.yml deleted file mode 100644 index 6c49abb1f..000000000 --- a/tripleo_ansible/roles/tripleo_iscsid/defaults/main.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_iscsid" -tripleo_iscsid_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" - -tripleo_iscsid_hide_sensitive_logs: true - -tripleo_iscsid_image: "quay.io/tripleomastercentos9/openstack-iscsid:current-tripleo" -tripleo_iscsid_config_image: "{{ tripleo_iscsid_image }}" -tripleo_iscsid_volumes: - - /var/lib/kolla/config_files/iscsid.json:/var/lib/kolla/config_files/config.json:ro - - /dev:/dev - - /run:/run - - /sys:/sys - - /lib/modules:/lib/modules:ro - - /etc/iscsi:/etc/iscsi:z - - /etc/target:/etc/target:z - - /var/lib/iscsi:/var/lib/iscsi:z - -tripleo_iscsid_chap_algs: 'SHA3-256,SHA256,SHA1,MD5' diff --git a/tripleo_ansible/roles/tripleo_iscsid/files/iscsid.yaml b/tripleo_ansible/roles/tripleo_iscsid/files/iscsid.yaml deleted file mode 100644 index 6d022911e..000000000 --- a/tripleo_ansible/roles/tripleo_iscsid/files/iscsid.yaml +++ /dev/null @@ -1 +0,0 @@ -command: /usr/sbin/iscsid -f diff --git a/tripleo_ansible/roles/tripleo_iscsid/meta/main.yml b/tripleo_ansible/roles/tripleo_iscsid/meta/main.yml deleted file mode 100644 index 6372cf1d8..000000000 --- a/tripleo_ansible/roles/tripleo_iscsid/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: TripleO OpenStack Role -- tripleo_iscsid - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - namespace: openstack - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 8 - - 9 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_iscsid/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_iscsid/molecule/default/converge.yml deleted file mode 100644 index 6c667ec4b..000000000 --- a/tripleo_ansible/roles/tripleo_iscsid/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_iscsid" diff --git a/tripleo_ansible/roles/tripleo_iscsid/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_iscsid/molecule/default/molecule.yml deleted file mode 100644 index 20d7e2005..000000000 --- a/tripleo_ansible/roles/tripleo_iscsid/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_iscsid/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_iscsid/molecule/default/prepare.yml deleted file mode 100644 index ec16f729a..000000000 --- a/tripleo_ansible/roles/tripleo_iscsid/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_iscsid/tasks/configure.yml b/tripleo_ansible/roles/tripleo_iscsid/tasks/configure.yml deleted file mode 100644 index f94e17991..000000000 --- a/tripleo_ansible/roles/tripleo_iscsid/tasks/configure.yml +++ /dev/null @@ -1,78 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Check if the iSCSI initiator name (IQN) has been reset - ansible.builtin.stat: - path: /etc/iscsi/.initiator_reset - register: initiator_reset_state - -# NOTE: Each overcloud node must have its own, unique iSCSI Qualified Name -# (IQN) but it has to be reset once, and only once as all the services on the -# node must use the same IQN. It is reset based on the existence of -# .initiator_reset sentinel file. - -- name: Ensure the system has a unique IQN - when: initiator_reset_state.stat.exists == False - block: - - - name: Generate a unique IQN - ansible.builtin.command: podman run -ti --rm --name iscsid_config {{ tripleo_iscsid_config_image }} /usr/sbin/iscsi-iname - register: iscsi_iname - - - name: Save the new IQN - ansible.builtin.copy: - dest: /etc/iscsi/initiatorname.iscsi - content: "InitiatorName={{ iscsi_iname.stdout }}" - - - name: Record the IQN has been reset - ansible.builtin.file: - path: /etc/iscsi/.initiator_reset - state: touch - -- name: Check if /etc/iscsi/iscsid.conf exists - ansible.builtin.stat: - path: /etc/iscsi/iscsid.conf - register: result - -- name: Create /etc/iscsi/iscsid.conf if necessary - when: result.stat.exists == False - block: - - - name: Fetch iscsid.conf from the iscsid container - ansible.builtin.command: podman run -ti --rm --name iscsid_config {{ tripleo_iscsid_config_image }} cat /etc/iscsi/iscsid.conf - register: iscsid_conf - - - name: Create a local copy of iscsid.conf - copy: - dest: /etc/iscsi/iscsid.conf - content: "{{ iscsid_conf.stdout }}" - mode: 0600 - check_mode: false - -- name: Write CHAP algorithms - ansible.builtin.lineinfile: - path: "/etc/iscsi/iscsid.conf" - line: "node.session.auth.chap_algs = {{ tripleo_iscsid_chap_algs }}" - regexp: "^node.session.auth.chap_algs" - insertafter: "^#node.session.auth.chap.algs" - register: modify_stat - -- name: Record the iscsid container restart is required - when : modify_stat.changed - ansible.builtin.file: - path: /etc/iscsi/.iscsid_restart_required - state: touch diff --git a/tripleo_ansible/roles/tripleo_iscsid/tasks/install.yml b/tripleo_ansible/roles/tripleo_iscsid/tasks/install.yml deleted file mode 100644 index 5a9c009c8..000000000 --- a/tripleo_ansible/roles/tripleo_iscsid/tasks/install.yml +++ /dev/null @@ -1,62 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Create persistent directories - ansible.builtin.file: - path: "{{ item.path }}" - setype: "{{ item.setype }}" - state: directory - loop: - - { 'path': /etc/iscsi, 'setype': container_file_t } - - { 'path': /etc/target, 'setype': container_file_t } - - { 'path': /var/lib/iscsi, 'setype': container_file_t } - -- name: Create fcontext entry for iscsi - community.general.sefcontext: - target: "{{ item.path }}(/.*)?" - setype: "{{ item.setype }}" - state: present - loop: - - { 'path': /etc/iscsi, 'setype': container_file_t } - - { 'path': /etc/target, 'setype': container_file_t } - - { 'path': /var/lib/iscsi, 'setype': container_file_t } - when: ansible_facts.selinux.status == "enabled" - -- name: Stat /lib/systemd/system/iscsid.socket - ansible.builtin.stat: - path: /lib/systemd/system/iscsid.socket - register: stat_iscsid_socket - -- name: Stop and disable iscsid.socket service - ansible.builtin.service: - name: iscsid.socket - state: stopped - enabled: no - when: stat_iscsid_socket.stat.exists - -- name: Check if iscsi.service is enabled - ansible.builtin.command: systemctl is-enabled --quiet iscsi.service - failed_when: false - register: iscsi_service_enabled_result - -- name: Stop iscsi.service - ansible.builtin.service: - name: iscsi.service - state: stopped - enabled: no - when: - - iscsi_service_enabled_result is changed - - iscsi_service_enabled_result.rc == 0 diff --git a/tripleo_ansible/roles/tripleo_iscsid/tasks/iscsid.yaml b/tripleo_ansible/roles/tripleo_iscsid/tasks/iscsid.yaml deleted file mode 120000 index c6e36e959..000000000 --- a/tripleo_ansible/roles/tripleo_iscsid/tasks/iscsid.yaml +++ /dev/null @@ -1 +0,0 @@ -run.yml \ No newline at end of file diff --git a/tripleo_ansible/roles/tripleo_iscsid/tasks/iscsid_install.yaml b/tripleo_ansible/roles/tripleo_iscsid/tasks/iscsid_install.yaml deleted file mode 120000 index d3c44d3c7..000000000 --- a/tripleo_ansible/roles/tripleo_iscsid/tasks/iscsid_install.yaml +++ /dev/null @@ -1 +0,0 @@ -install.yml \ No newline at end of file diff --git a/tripleo_ansible/roles/tripleo_iscsid/tasks/main.yml b/tripleo_ansible/roles/tripleo_iscsid/tasks/main.yml deleted file mode 100644 index 80367a30a..000000000 --- a/tripleo_ansible/roles/tripleo_iscsid/tasks/main.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "iscsid" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always diff --git a/tripleo_ansible/roles/tripleo_iscsid/tasks/run.yml b/tripleo_ansible/roles/tripleo_iscsid/tasks/run.yml deleted file mode 100644 index 22d3f278d..000000000 --- a/tripleo_ansible/roles/tripleo_iscsid/tasks/run.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Manage iscsid containers - include_role: - name: tripleo_container_standalone - vars: - tripleo_container_standalone_service: iscsid - tripleo_container_standalone_container_defs: - iscsid: "{{ lookup('template', 'iscsid.yaml.j2') | from_yaml }}" - tripleo_container_standalone_kolla_config_files: - iscsid: "{{ lookup('file', 'files/iscsid.yaml') | from_yaml }}" - register: manage_iscsid_stat - -- name: Check if the iscsid container restart is required - ansible.builtin.stat: - path: /etc/iscsi/.iscsid_restart_required - register: iscsi_restart_stat - -# Existence of sentinel file (.iscsid_restart_required) on the host -# indicates that restart of the iscisd container is needed to refresh -# /etc/iscsid.conf -# sentinel file will exist on an initial deployment, but the restart is -# actually needed only if the service is already running, so we check if -# the manage_iscsid_stat changed. - -- name: Restart iscsid container to refresh /etcd/iscsid.conf - when: - - not manage_iscsid_stat.changed|bool - - iscsi_restart_stat.stat.exists|bool - systemd: - name: tripleo_iscsid - state: restarted - -- name: Remove iscsid container restart sentinel file - ansible.builtin.file: - path: /etc/iscsi/.iscsid_restart_required - state: absent diff --git a/tripleo_ansible/roles/tripleo_iscsid/templates/iscsid.yaml.j2 b/tripleo_ansible/roles/tripleo_iscsid/templates/iscsid.yaml.j2 deleted file mode 100644 index 2e5684f43..000000000 --- a/tripleo_ansible/roles/tripleo_iscsid/templates/iscsid.yaml.j2 +++ /dev/null @@ -1,10 +0,0 @@ -image: {{ tripleo_iscsid_image }} -net: host -privileged: true -restart: always -healthcheck: - test: /openstack/healthcheck -volumes: - {{ tripleo_container_standalone_common_volumes | default([]) + tripleo_iscsid_volumes }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/tripleo_ansible/roles/tripleo_kernel/defaults/main.yml b/tripleo_ansible/roles/tripleo_kernel/defaults/main.yml deleted file mode 100644 index 5aa510cc8..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/defaults/main.yml +++ /dev/null @@ -1,61 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. -tripleo_kernel_extra_modules: {} -tripleo_kernel_extra_packages: {} -tripleo_kernel_args: "" -tripleo_kernel_reboot_timeout: 3600 -tripleo_kernel_post_reboot_delay: 60 -tripleo_kernel_defer_reboot: false -tripleo_kernel_hugepages: {} -tripleo_kernel_hugepages_remove: false -tripleo_kernel_sysctl_extra_settings: - net.ipv6.conf.default.disable_ipv6: - value: 0 - net.ipv4.ip_local_reserved_ports: - value: "35357,49000-49001" - net.ipv6.conf.all.disable_ipv6: - value: 0 - net.ipv6.conf.lo.disable_ipv6: - value: 0 - net.ipv4.ip_forward: - value: 1 - net.ipv4.conf.all.rp_filter: - value: 1 - net.ipv6.conf.all.forwarding: - value: 0 - net.ipv4.ip_nonlocal_bind: - value: 1 - net.ipv6.ip_nonlocal_bind: - value: 1 - kernel.pid_max: - value: 1048576 - net.ipv4.neigh.default.gc_thresh1: - value: 1024 - net.ipv4.neigh.default.gc_thresh2: - value: 2048 - net.ipv4.neigh.default.gc_thresh3: - value: 4096 - net.bridge.bridge-nf-call-arptables: - value: 1 - net.bridge.bridge-nf-call-iptables: - value: 1 - net.bridge.bridge-nf-call-ip6tables: - value: 1 - fs.inotify.max_user_instances: - value: 1024 diff --git a/tripleo_ansible/roles/tripleo_kernel/meta/main.yml b/tripleo_ansible/roles/tripleo_kernel/meta/main.yml deleted file mode 100644 index 6086e3b40..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_kernel - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/default/converge.yml deleted file mode 100644 index 9ba1daca1..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/default/converge.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - pre_tasks: - - name: Backing up /etc/default/grub - import_tasks: ../../resources/molecule/backup_grub.yml - roles: - - role: "tripleo_kernel" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/default/molecule.yml deleted file mode 100644 index eb19d1827..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/default/molecule.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# inherits .config/molecule/config.yml -provisioner: - inventory: - hosts: - all: - hosts: - instance: - ansible_connection: local - ansible_host: localhost - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - cleanup: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/cleanup.yml" - -scenario: - name: default - test_sequence: - - prepare - - converge - - check - - cleanup - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/extra/converge.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/extra/converge.yml deleted file mode 100644 index a0a88b96f..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/extra/converge.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - pre_tasks: - - name: Backing up /etc/default/grub - import_tasks: ../../resources/molecule/backup_grub.yml - roles: - - role: "tripleo_kernel" - tripleo_kernel_extra_modules: - dummy: {} - tripleo_kernel_extra_packages: - 'kmod-kvdo': {} - tripleo_kernel_sysctl_extra_settings: - kernel.ftrace_dump_on_oops: - value: 1 diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/extra/molecule.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/extra/molecule.yml deleted file mode 100644 index 46c97a29e..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/extra/molecule.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# inherits .config/molecule/config.yml -provisioner: - inventory: - hosts: - all: - hosts: - instance: - ansible_connection: local - ansible_host: localhost - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - cleanup: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/cleanup.yml" - -scenario: - name: extra - test_sequence: - - prepare - - converge - - check - - cleanup - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-adding/molecule.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-adding/molecule.yml deleted file mode 100644 index 2fef9aca8..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-adding/molecule.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# inherits .config/molecule/config.yml -provisioner: - inventory: - hosts: - all: - hosts: - instance: - ansible_connection: local - ansible_host: localhost - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - cleanup: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/cleanup.yml" - verify: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/verify.yml" - converge: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/converge.yml" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-adding/test_vars.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-adding/test_vars.yml deleted file mode 100644 index f21656b17..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-adding/test_vars.yml +++ /dev/null @@ -1,7 +0,0 @@ -expected_line: 'GRUB_TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS=" test=1 default_hugepagesz=2048 hugepagesz=2048 hugepages=10 "' -_mocked_cmdline: "" -tripleo_kernel_args: "test=1" -tripleo_kernel_hugepages: - "2048": - count: "10" - default: true diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-existing-kernelargs/molecule.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-existing-kernelargs/molecule.yml deleted file mode 100644 index 2fef9aca8..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-existing-kernelargs/molecule.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# inherits .config/molecule/config.yml -provisioner: - inventory: - hosts: - all: - hosts: - instance: - ansible_connection: local - ansible_host: localhost - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - cleanup: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/cleanup.yml" - verify: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/verify.yml" - converge: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/converge.yml" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-existing-kernelargs/test_vars.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-existing-kernelargs/test_vars.yml deleted file mode 100644 index 015070aaa..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-existing-kernelargs/test_vars.yml +++ /dev/null @@ -1,9 +0,0 @@ -expected_line: 'GRUB_TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS=" test=1 test3=4 default_hugepagesz=2048 hugepagesz=2048 hugepages=10 hugepagesz=4096 hugepages=10 hugepagesz=1048576 hugepages=12 "' -_mocked_cmdline: test=1 default_hugepagesz=1GB hugepagesz=1G hugepages=12 hugepagesz=4096 hugepages=5 -tripleo_kernel_args: "test=1 default_hugepagesz=1GB hugepagesz=1G hugepages=12 hugepagesz=4096 hugepages=5 test3=4" -tripleo_kernel_hugepages: - "2048": - count: "10" - default: true - "4096": - count: "10" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-idempotency-change/converge.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-idempotency-change/converge.yml deleted file mode 100644 index 786b39e86..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-idempotency-change/converge.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Converge - hosts: all - become: true - pre_tasks: - - name: Importing test_vars - include_vars: test_vars.yml - - name: Backing up /etc/default/grub - import_tasks: ../../resources/molecule/backup_grub.yml - tasks: - - include_role: - name: "tripleo_kernel" - tasks_from: kernelargs.yml - vars: - tripleo_kernel_defer_reboot: true - cmdline: - stdout: "{{ _mocked_cmdline_original }}" - stdout_lines: ["{{ _mocked_cmdline_original }}"] - - include_role: - name: "tripleo_kernel" - tasks_from: kernelargs.yml - vars: - tripleo_kernel_hugepages: - "2048": - count: "10" - 4096: - count: "12" - default: true - tripleo_kernel_defer_reboot: true - cmdline: - stdout: "{{ _mocked_cmdline_updated }}" - stdout_lines: ["{{ _mocked_cmdline_updated }}"] diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-idempotency-change/molecule.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-idempotency-change/molecule.yml deleted file mode 100644 index 9cba70a08..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-idempotency-change/molecule.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# inherits .config/molecule/config.yml -provisioner: - inventory: - hosts: - all: - hosts: - instance: - ansible_connection: local - ansible_host: localhost - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - cleanup: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/cleanup.yml" - verify: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/verify.yml" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-idempotency-change/test_vars.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-idempotency-change/test_vars.yml deleted file mode 100644 index 9acf13d26..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-idempotency-change/test_vars.yml +++ /dev/null @@ -1,10 +0,0 @@ -expected_line: 'GRUB_TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS=" test=1 default_hugepagesz=4096 hugepagesz=2048 hugepages=10 hugepagesz=4096 hugepages=12 hugepagesz=1048576 hugepages=12 "' -_mocked_cmdline_original: test=1 default_hugepagesz=1GB hugepagesz=1G hugepages=12 hugepagesz=4096 hugepages=5 -_mocked_cmdline_updated: test=1 default_hugepagesz=2048 hugepagesz=2048 hugepages=10 hugepagesz=4096 hugepages=10 -tripleo_kernel_args: "test=1" -tripleo_kernel_hugepages: - "2048": - count: "10" - default: true - "4096": - count: "10" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-idempotency-nochange/converge.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-idempotency-nochange/converge.yml deleted file mode 100644 index 0221ed23d..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-idempotency-nochange/converge.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Converge - hosts: all - become: true - pre_tasks: - - name: Importing test_vars - include_vars: test_vars.yml - - name: Backing up /etc/default/grub - import_tasks: ../../resources/molecule/backup_grub.yml - tasks: - - include_role: - name: "tripleo_kernel" - tasks_from: kernelargs.yml - vars: - tripleo_kernel_defer_reboot: true - cmdline: - stdout: "{{ _mocked_cmdline_original }}" - stdout_lines: ["{{ _mocked_cmdline_original }}"] - - include_role: - name: "tripleo_kernel" - tasks_from: kernelargs.yml - vars: - tripleo_kernel_defer_reboot: true - cmdline: - stdout: "{{ _mocked_cmdline_updated }}" - stdout_lines: ["{{ _mocked_cmdline_updated }}"] diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-idempotency-nochange/molecule.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-idempotency-nochange/molecule.yml deleted file mode 100644 index 9cba70a08..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-idempotency-nochange/molecule.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# inherits .config/molecule/config.yml -provisioner: - inventory: - hosts: - all: - hosts: - instance: - ansible_connection: local - ansible_host: localhost - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - cleanup: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/cleanup.yml" - verify: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/verify.yml" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-idempotency-nochange/test_vars.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-idempotency-nochange/test_vars.yml deleted file mode 100644 index aa5dcb539..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-idempotency-nochange/test_vars.yml +++ /dev/null @@ -1,10 +0,0 @@ -expected_line: 'GRUB_TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS=" test=1 default_hugepagesz=2048 hugepagesz=2048 hugepages=10 hugepagesz=4096 hugepages=10 hugepagesz=1048576 hugepages=12 "' -_mocked_cmdline_original: test=1 default_hugepagesz=1GB hugepagesz=1G hugepages=12 hugepagesz=4096 hugepages=5 -_mocked_cmdline_updated: test=1 default_hugepagesz=2048 hugepagesz=2048 hugepages=10 hugepagesz=4096 hugepages=10 -tripleo_kernel_args: "test=1" -tripleo_kernel_hugepages: - "2048": - count: "10" - default: true - "4096": - count: "10" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-integer/molecule.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-integer/molecule.yml deleted file mode 100644 index 2fef9aca8..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-integer/molecule.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# inherits .config/molecule/config.yml -provisioner: - inventory: - hosts: - all: - hosts: - instance: - ansible_connection: local - ansible_host: localhost - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - cleanup: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/cleanup.yml" - verify: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/verify.yml" - converge: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/converge.yml" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-integer/test_vars.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-integer/test_vars.yml deleted file mode 100644 index 91024aecf..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-integer/test_vars.yml +++ /dev/null @@ -1,9 +0,0 @@ -expected_line: 'GRUB_TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS=" test=1 default_hugepagesz=2048 hugepagesz=2048 hugepages=10 hugepagesz=4096 hugepages=10 hugepagesz=1048576 hugepages=12 "' -_mocked_cmdline: test=1 default_hugepagesz=1GB hugepagesz=1G hugepages=12 hugepagesz=4096 hugepages=5 -tripleo_kernel_args: "test=1" -tripleo_kernel_hugepages: - 2048: - count: "10" - default: true - 4096: - count: "10" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-remove/molecule.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-remove/molecule.yml deleted file mode 100644 index 2fef9aca8..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-remove/molecule.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# inherits .config/molecule/config.yml -provisioner: - inventory: - hosts: - all: - hosts: - instance: - ansible_connection: local - ansible_host: localhost - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - cleanup: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/cleanup.yml" - verify: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/verify.yml" - converge: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/converge.yml" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-remove/test_vars.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-remove/test_vars.yml deleted file mode 100644 index 36b33b89a..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify-remove/test_vars.yml +++ /dev/null @@ -1,10 +0,0 @@ -_mocked_cmdline: test=1 default_hugepagesz=1GB hugepagesz=1G hugepages=12 hugepagesz=4096 hugepages=5 -expected_line: 'GRUB_TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS=" test=1 default_hugepagesz=2048 hugepagesz=2048 hugepages=10 hugepagesz=4096 hugepages=10 "' -tripleo_kernel_args: "test=1" -tripleo_kernel_hugepages_remove: true -tripleo_kernel_hugepages: - "2048": - count: "10" - default: true - "4096": - count: "10" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify/molecule.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify/molecule.yml deleted file mode 100644 index 2fef9aca8..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify/molecule.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# inherits .config/molecule/config.yml -provisioner: - inventory: - hosts: - all: - hosts: - instance: - ansible_connection: local - ansible_host: localhost - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - cleanup: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/cleanup.yml" - verify: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/verify.yml" - converge: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/converge.yml" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify/test_vars.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify/test_vars.yml deleted file mode 100644 index a9d2bdc96..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-modify/test_vars.yml +++ /dev/null @@ -1,9 +0,0 @@ -expected_line: 'GRUB_TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS=" test=1 default_hugepagesz=2048 hugepagesz=2048 hugepages=10 hugepagesz=4096 hugepages=10 hugepagesz=1048576 hugepages=12 "' -_mocked_cmdline: test=1 default_hugepagesz=1GB hugepagesz=1G hugepages=12 hugepagesz=4096 hugepages=5 -tripleo_kernel_args: "test=1" -tripleo_kernel_hugepages: - "2048": - count: "10" - default: true - "4096": - count: "10" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-nochange-remove/molecule.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-nochange-remove/molecule.yml deleted file mode 100644 index 2fef9aca8..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-nochange-remove/molecule.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# inherits .config/molecule/config.yml -provisioner: - inventory: - hosts: - all: - hosts: - instance: - ansible_connection: local - ansible_host: localhost - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - cleanup: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/cleanup.yml" - verify: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/verify.yml" - converge: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/converge.yml" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-nochange-remove/test_vars.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-nochange-remove/test_vars.yml deleted file mode 100644 index 171c61f71..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-nochange-remove/test_vars.yml +++ /dev/null @@ -1,9 +0,0 @@ -expected_line: 'GRUB_TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS=" default_hugepagesz=2048 hugepagesz=2048 hugepages=10 hugepagesz=4096 hugepages=10 "' -_mocked_cmdline: default_hugepagesz=2M hugepagesz=2048 hugepages=10 hugepagesz=4096 hugepages=10 hugepagesz=10240 hugepages=10 -tripleo_kernel_hugepages_remove: true -tripleo_kernel_hugepages: - "2048": - count: "10" - default: true - "4096": - count: "10" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-nochange/converge.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-nochange/converge.yml deleted file mode 100644 index 8b388179e..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-nochange/converge.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Converge - hosts: all - become: true - pre_tasks: - - name: Importing test_vars - include_vars: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/test_vars.yml" - - name: Backing up /etc/default/grub - import_tasks: ../../resources/molecule/backup_grub.yml - tasks: - - include_role: - name: "tripleo_kernel" - tasks_from: kernelargs.yml - vars: - tripleo_kernel_defer_reboot: true - cmdline: - stdout: "{{ _mocked_cmdline }}" - stdout_lines: ["{{ _mocked_cmdline }}"] - - include_role: - name: "tripleo_kernel" - tasks_from: kernelargs.yml - vars: - tripleo_kernel_defer_reboot: true - cmdline: - stdout: "{{ _mocked_cmdline }}" - stdout_lines: ["{{ _mocked_cmdline }}"] diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-nochange/molecule.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-nochange/molecule.yml deleted file mode 100644 index 9cba70a08..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-nochange/molecule.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# inherits .config/molecule/config.yml -provisioner: - inventory: - hosts: - all: - hosts: - instance: - ansible_connection: local - ansible_host: localhost - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - cleanup: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/cleanup.yml" - verify: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/verify.yml" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-nochange/test_vars.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-nochange/test_vars.yml deleted file mode 100644 index bd1a50329..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-hugepages-nochange/test_vars.yml +++ /dev/null @@ -1,9 +0,0 @@ -_mocked_cmdline: default_hugepagesz=2M hugepagesz=2048 hugepages=10 hugepagesz=4096 hugepages=10 -expected_line: 'GRUB_TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS=" test=1 default_hugepagesz=2M hugepagesz=2048 hugepages=10 hugepagesz=4096 hugepages=10 "' -tripleo_kernel_args: test=1 default_hugepagesz=2M hugepagesz=2048 hugepages=10 hugepagesz=4096 hugepages=10 -tripleo_kernel_hugepages: - "2048": - count: "10" - default: true - "4096": - count: "10" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-update/converge.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-update/converge.yml deleted file mode 100644 index d59a05e37..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-update/converge.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Converge - hosts: all - become: true - vars: - tripleo_kernel_args: "test=1" - pre_tasks: - - name: Backing up /etc/default/grub - import_tasks: ../../resources/molecule/backup_grub.yml - tasks: - - name: create kernelargs entry with the older name - lineinfile: - dest: /etc/default/grub - regexp: '^TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS.*' - insertafter: '^GRUB_CMDLINE_LINUX.*' - line: 'TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS=" {{ tripleo_kernel_args }} "' - - name: create append entry with older name - lineinfile: - dest: /etc/default/grub - line: 'GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX:+$GRUB_CMDLINE_LINUX }${TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS}"' - insertafter: '^TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS.*' - - include_role: - name: "tripleo_kernel" - tasks_from: kernelargs.yml - vars: - tripleo_kernel_defer_reboot: true diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-update/molecule.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-update/molecule.yml deleted file mode 100644 index 1742b5057..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-update/molecule.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# inherits .config/molecule/config.yml -provisioner: - inventory: - hosts: - all: - hosts: - instance: - ansible_connection: local - ansible_host: localhost - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - cleanup: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/cleanup.yml" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-update/verify.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-update/verify.yml deleted file mode 100644 index 7240042df..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs-update/verify.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Verify - hosts: all - become: true - gather_facts: false - tasks: - - name: Check if the kernel args is applied to the grub file - lineinfile: - path: /etc/default/grub - line: 'GRUB_TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS=" test=1 "' - state: present - check_mode: true - register: grub - failed_when: (grub is changed) or (grub is failed) - - name: Check if the older name entries are removed - lineinfile: - path: /etc/default/grub - regexp: '^TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS.*' - state: absent - check_mode: true - register: grub - failed_when: (grub is changed) or (grub is failed) - - name: Check if the older name entries are removed for append - lineinfile: - path: /etc/default/grub - regexp: '.*{TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS}.*' - state: absent - check_mode: true - register: grub - failed_when: (grub is changed) or (grub is failed) diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs/molecule.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs/molecule.yml deleted file mode 100644 index 2fef9aca8..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs/molecule.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# inherits .config/molecule/config.yml -provisioner: - inventory: - hosts: - all: - hosts: - instance: - ansible_connection: local - ansible_host: localhost - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - cleanup: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/cleanup.yml" - verify: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/verify.yml" - converge: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/converge.yml" diff --git a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs/test_vars.yml b/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs/test_vars.yml deleted file mode 100644 index 07ac4dfc0..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/molecule/kernelargs/test_vars.yml +++ /dev/null @@ -1,3 +0,0 @@ -expected_line: 'GRUB_TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS=" test=1 "' -tripleo_kernel_args: test=1 -_mocked_cmdline: "" diff --git a/tripleo_ansible/roles/tripleo_kernel/resources/molecule/backup_grub.yml b/tripleo_ansible/roles/tripleo_kernel/resources/molecule/backup_grub.yml deleted file mode 100644 index 8cf1f3c1c..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/resources/molecule/backup_grub.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: Backup the default grub file - become: true - copy: - src: /etc/default/grub - dest: "/etc/default/grub.{{ molecule_yml.scenario.name }}" - mode: preserve - remote_src: true diff --git a/tripleo_ansible/roles/tripleo_kernel/resources/molecule/cleanup.yml b/tripleo_ansible/roles/tripleo_kernel/resources/molecule/cleanup.yml deleted file mode 100644 index de9123b60..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/resources/molecule/cleanup.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Restore environment - hosts: all - tasks: - - name: Restore the default grub file - become: true - copy: - src: "/etc/default/grub.{{ molecule_yml.scenario.name }}" - dest: /etc/default/grub - mode: preserve - remote_src: true diff --git a/tripleo_ansible/roles/tripleo_kernel/resources/molecule/converge.yml b/tripleo_ansible/roles/tripleo_kernel/resources/molecule/converge.yml deleted file mode 100644 index 8b2ed4f43..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/resources/molecule/converge.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Converge - hosts: all - become: true - pre_tasks: - - name: Importing test_vars - include_vars: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/test_vars.yml" - - name: Backing up /etc/default/grub - import_tasks: ../../resources/molecule/backup_grub.yml - tasks: - - include_role: - name: "tripleo_kernel" - tasks_from: kernelargs.yml - vars: - tripleo_kernel_defer_reboot: true - cmdline: - stdout: "{{ _mocked_cmdline }}" - stdout_lines: ["{{ _mocked_cmdline }}"] diff --git a/tripleo_ansible/roles/tripleo_kernel/resources/molecule/prepare.yml b/tripleo_ansible/roles/tripleo_kernel/resources/molecule/prepare.yml deleted file mode 100644 index ec16f729a..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/resources/molecule/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_kernel/resources/molecule/print_grub_content.yml b/tripleo_ansible/roles/tripleo_kernel/resources/molecule/print_grub_content.yml deleted file mode 100644 index 7d1e08833..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/resources/molecule/print_grub_content.yml +++ /dev/null @@ -1,10 +0,0 @@ -- name: Debug - getting content of /etc/default/grub - command: cat /etc/default/grub - register: grub_content -- name: Debug - printing content of /etc/default/grub - debug: - var: grub_content -- name: Debug - Scenario name - debug: - msg: | - {{ molecule_yml.scenario.name }} diff --git a/tripleo_ansible/roles/tripleo_kernel/resources/molecule/verify.yml b/tripleo_ansible/roles/tripleo_kernel/resources/molecule/verify.yml deleted file mode 100644 index 89e2fc17b..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/resources/molecule/verify.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Verify - hosts: all - become: true - gather_facts: false - pre_tasks: - - name: Importing test_vars - include_vars: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/test_vars.yml" - tasks: - - name: Grub config validation - block: - - name: Check if the kernel args is applied to the grub file - lineinfile: - path: /etc/default/grub - line: "{{ expected_line }}" - state: present - check_mode: true - register: grub - failed_when: (grub is changed) or (grub is failed) - - name: Checking reboot_required - fail: - msg: | - reboot_required is defined and reboot_required is enabled - when: - - reboot_required is defined and reboot_required - rescue: - - name: Output /etc/default/grub - import_tasks: ../../resources/molecule/print_grub_content.yml - - name: Grub config validation failed - fail: - msg: | - reboot_required is defined and reboot_required is enabled: {{ reboot_required | default(false) }} - Grub config validation failed. Expected: - {{ expected_line }} - Validation task returned: - {{ grub }} diff --git a/tripleo_ansible/roles/tripleo_kernel/tasks/hugepages_parsing.yaml b/tripleo_ansible/roles/tripleo_kernel/tasks/hugepages_parsing.yaml deleted file mode 100644 index df72f9cbd..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/tasks/hugepages_parsing.yaml +++ /dev/null @@ -1,23 +0,0 @@ -- name: Find hugepages in cmdline - set_fact: - hugepages: >- - {{ cmdline_text | regex_findall('hugepagesz=([\S]+)[\s]+hugepages=([0-9]+)') }} - _configured_default_size: >- - {% set _default_size = cmdline_text | regex_findall('default_hugepagesz=([\S]+)', '\1') | default([]) | first -%} - {% if not _default_size is regex("^[0-9]+$") -%} - {% set _default_size = (_default_size | human_to_bytes) / 1024 -%} - {% endif -%} - {{ _default_size | int }} - -- name: Finding human-readable hugepages in cmdline - set_fact: - _converted_hugepages: >- - {% set _tmp_dict = {} -%} - {% for hp in hugepages -%} - {% if hp[0] is regex("^[0-9]+$") -%} - {% set _ = _tmp_dict.update({ hp[0] | int: hp[1] | int }) -%} - {% else -%} - {% set _ = _tmp_dict.update({ ((hp[0] | replace('B', '') | human_to_bytes) / 1024) | int: hp[1] | int }) -%} - {% endif -%} - {% endfor -%} - {{ _tmp_dict }} diff --git a/tripleo_ansible/roles/tripleo_kernel/tasks/hugepages_validations.yaml b/tripleo_ansible/roles/tripleo_kernel/tasks/hugepages_validations.yaml deleted file mode 100644 index 4df6a3e91..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/tasks/hugepages_validations.yaml +++ /dev/null @@ -1,63 +0,0 @@ -- name: Find desired default hugepage size - when: hp.value.default | default(false) | bool - set_fact: - _tripleo_default_hugepages: "{{ hp.key }}" - loop: "{{ _tripleo_kernel_hugepages | dict2items }}" - loop_control: - loop_var: hp - -- name: Storing non-configured hugepages - set_fact: - _nonconfig_hugepages: >- - {% if (hp.key | int not in _tripleo_kernel_hugepages) -%} - {{ _nonconfig_hugepages | - combine({ - hp.key | int: _converted_hugepages[hp.key | int] - }) - -}} - {% else -%} - {{ _nonconfig_hugepages |combine({}) -}} - {% endif -%} - loop: "{{ _converted_hugepages | dict2items }}" - loop_control: - loop_var: hp - - - -- name: Validating against hugepages config received from TripleO - set_fact: - _validated_hugepages: >- - {% set validated = false -%} - {% set _tmp_dict = {} -%} - {% for hp in _tripleo_kernel_hugepages | dict2items -%} - {% if ( - hp.key | int in _converted_hugepages and - _converted_hugepages[hp.key | int] | int == hp.value.count | int and - (_configured_default_size | int == hp.key | int) == hp.value.default | default(false) - ) -%} - {% set validated = true -%} - {% endif -%} - {% set _ = _tmp_dict.update({ hp.key | int: validated }) -%} - {% endfor -%} - {% if tripleo_kernel_hugepages_remove | bool -%} - {% for hp in _nonconfig_hugepages | dict2items -%} - {% set _ = _tmp_dict.update({ hp.key | int: false }) -%} - {% endfor -%} - {% endif -%} - {{ _tmp_dict }} - -- name: Determining the default hugepagesz - set_fact: - _desired_default_hugepages: "{{ _tripleo_default_hugepages | default(_configured_default_size | default(0)) | int }}" - -- name: Determining if any hugepage configuration needs to be re-written - set_fact: - _hugepages_modification: >- - {{ (not _validated_hugepages.values() is all) | bool -}} - -- name: Making sure that we have a default hugepagesz - when: _desired_default_hugepages | int == 0 - fail: - msg: | - Unable to determine a default hugepagesize. - Please enable the default flag on at least one pagesize parameter. diff --git a/tripleo_ansible/roles/tripleo_kernel/tasks/kernelargs.yml b/tripleo_ansible/roles/tripleo_kernel/tasks/kernelargs.yml deleted file mode 100644 index 48751adb9..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/tasks/kernelargs.yml +++ /dev/null @@ -1,226 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Get the command line args of the node - command: cat /proc/cmdline - register: cmdline - -- name: TSX KernelArgs compute node reboot prevention - when: - - '"nova_libvirt" in groups' - block: - - name: Check if node has a nova.conf - stat: - path: /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova/nova.conf - register: nova_conf_check - - - name: Enabling defer_reboot when TSX was added or appended - when: - - nova_conf_check.stat.exists - - tripleo_kernel_args is regex("^[\s]*tsx=[\S]+[\s]*$") - block: - - name: Warn operator about workload protection - debug: - msg: | - Automated reboot for this node has been defered because it is already provisionned. - Please schedule a manual reboot after this deployment is completed. - - - name: Setting workload protection fact - set_fact: - _workload_protection: true - -- name: TripleO Hugepages configuration - vars: - _converted_hugepages: {} - _nonconfig_hugepages: {} - _hugepages_modification: false - when: tripleo_kernel_hugepages | length - block: - - name: Rewrite tripleo_kernel_hugepages to use integers as keys - set_fact: - _tripleo_kernel_hugepages: "{{ _tripleo_kernel_hugepages | default({}) | combine({ hp.key | int: hp.value }) }}" - loop: "{{ tripleo_kernel_hugepages | dict2items }}" - loop_control: - loop_var: hp - - - name: Parsing running hugepage configuration from /proc/cmdline - when: > - "default_hugepagesz" in cmdline.stdout - import_tasks: hugepages_parsing.yaml - vars: - cmdline_text: "{{ cmdline.stdout }}" - - - name: Validating hugepage config from /proc/cmdline against TripleO parameter - import_tasks: hugepages_validations.yaml - - - name: Rewrite kernel args - when: _hugepages_modification - block: - - name: Warn about possible modifications - debug: - msg: | - TripleO hugepage modification differs from how the host is actually having. - Current default pagesize: {{ _configured_default_size | default("None configured") }} - TripleO default pagesize: {{ _tripleo_default_hugepages }} - Desired default pagesize: {{ _desired_default_hugepages }} - - From TripleO Hugepages configuration: - {% for pagesize, config in _tripleo_kernel_hugepages.items() %} - - {{ pagesize }} - expected: {{ config.count }} pages - default: {{ config.default | default(false) }} - current: {{ _converted_hugepages.get(pagesize | int, 0) }} - {% endfor %} - {% if _nonconfig_hugepages | length %} - There's also some hugepages on the host that are not part of the TripleO configuration - {% for pagesize, config in _nonconfig_hugepages.items() %} - - {{ pagesize }}: {{ config }} pages - {% endfor %} - {% endif %} - - - name: Remove hugepage settings from kernelargs - set_fact: - _kernel_args: >- - {{ tripleo_kernel_args | regex_replace('[\s]*(default_)*hugepages[z]*=[\S]+[\s]*', ' ') }} - default_hugepagesz={{ _desired_default_hugepages }} - {% for hp, values in _tripleo_kernel_hugepages.items() -%} - hugepagesz={{ hp }} hugepages={{ values.count }} - {% endfor -%} - {% if not tripleo_kernel_hugepages_remove | bool -%} - {% for hp, values in _nonconfig_hugepages.items() -%} - hugepagesz={{ hp }} hugepages={{ values }} - {% endfor -%} - {% endif -%} - - - name: Cleaning up whitespaces - set_fact: - tripleo_kernel_args: >- - {{ _kernel_args | - regex_replace('[\s]+default_hugepagesz=', ' default_hugepagesz=') | - regex_replace('[\s]+', ' ') | - regex_replace('[\s]+$', '') - }} - -- name: Check if the kernelargs entry is already present in the file - replace: - regexp: TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS - dest: /etc/default/grub - replace: '' - check_mode: true - register: grub_file_entry_check - -# Kernel Args Configuration -- block: - # Leapp does not recognise grun entries starting other than GRUB - # It results wrong formatting of entries in file /etc/default/grub - # In order to fix it for FFU (queens to train), TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS has been renamed - # Ensure the fresh deployment is also alinged with the same name - - name: Delete older name TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS entries if present - lineinfile: - dest: /etc/default/grub - regexp: 'TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS' - state: absent - - name: Ensure the kernel args ( {{ tripleo_kernel_args }} ) is present as GRUB_TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS - lineinfile: - dest: /etc/default/grub - regexp: '^GRUB_TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS.*' - insertafter: '^GRUB_CMDLINE_LINUX.*' - line: 'GRUB_TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS=" {{ tripleo_kernel_args }} "' - - name: Add GRUB_TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS to the GRUB_CMDLINE_LINUX parameter - lineinfile: - dest: /etc/default/grub - line: 'GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX:+$GRUB_CMDLINE_LINUX }${GRUB_TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS}"' - insertafter: '^GRUB_TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS.*' - - name: Check grub config paths - stat: - path: "{{ item }}" - register: grub_stat - loop: - - /boot/efi/EFI/BOOT - - /boot/efi/EFI/redhat - - /boot/efi/EFI/centos - - /boot/efi/EFI/fedora - - name: Generate grub config - command: "grub2-mkconfig -o /boot/grub2/grub.cfg" - - - name: Generate EFI grub config - command: "grub2-mkconfig -o {{ item.stat.path }}/grub.cfg" - when: item.stat.exists|bool - loop: "{{ grub_stat.results }}" - - - name: Copy grubenv to EFI directory - copy: - remote_src: true - src: /boot/grub2/grubenv - dest: "{{ item.stat.path }}/grubenv" - when: item.stat.exists|bool - loop: "{{ grub_stat.results }}" - - - name: Check for active tuned profile - stat: - path: "/etc/tuned/active_profile" - register: tuned_active_profile - - - name: Ensure $tuned_params is restored to /boot/loader/entries files - shell: >- - tuned-adm profile $(cat /etc/tuned/active_profile) - environment: - PATH: "/bin:/usr/bin:/sbin:/usr/sbin" - when: - - tuned_active_profile.stat.exists - - tuned_active_profile.stat.size | int > 0 - - - name: Set reboot required fact - set_fact: - reboot_required: true - become: true - when: - - cmdline.stdout_lines is defined - - tripleo_kernel_args|string - - tripleo_kernel_args not in cmdline.stdout - -# Apply DPDK workarounds before reboot -- name: Apply DPDK workarounds - include_role: - name: tripleo_ovs_dpdk - tasks_from: workarounds.yml - when: reboot_required is defined and reboot_required - -# Kernel modules loading -- name: Load type1 IOMMU driver for VFIO on boot - import_role: - name: tripleo_module_load - vars: - modules: - - name: vfio_iommu_type1 - when: tripleo_kernel_args is search("iommu") - -- name: Reboot block - when: - - reboot_required is defined and reboot_required - - not tripleo_kernel_defer_reboot|bool - - not _workload_protection|default(false)|bool - block: - - name: Reboot tasks - include_tasks: reboot.yaml - when: - - grub_file_entry_check is not changed - - - name: Skipping reboot for deployed node - debug: - msg: "Reboot is skipped for kernel arg change, user has to plan the reboot with migration and downtime" - when: - - grub_file_entry_check is changed diff --git a/tripleo_ansible/roles/tripleo_kernel/tasks/main.yml b/tripleo_ansible/roles/tripleo_kernel/tasks/main.yml deleted file mode 100644 index 76e26a869..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/tasks/main.yml +++ /dev/null @@ -1,90 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_kernel" will search for and load any operating system variable file - -- name: Kernel tuning block - become: true - block: - - name: Install additional packages - package: - name: "{{ item.key }}" - state: "{{ item.opt.state | default('present') }}" - loop: "{{ tripleo_kernel_extra_packages | dict2items(key_name='key', value_name='opt') }}" - register: _install_packages_result - - - name: Remove dracut-config-generic - package: - name: 'dracut-config-generic' - state: absent - - - name: Ensure the /etc/modules-load.d/ directory exists - file: - path: /etc/modules-load.d - state: directory - mode: 0755 - owner: root - group: root - setype: etc_t - - - name: Write list of modules to load at boot - template: - src: "tripleo-modprobe.conf.j2" - dest: "/etc/modules-load.d/99-tripleo.conf" - mode: 0644 - owner: root - group: root - setype: etc_t - register: _modprobe_result - - - name: Modules reload - systemd: - name: systemd-modules-load.service - state: restarted - when: - - _install_packages_result.changed or _modprobe_result.changed - - - name: Set default sysctl options - template: - src: "tripleo-sysctl.conf.j2" - dest: "/etc/sysctl.d/99-tripleo.conf" - mode: 0644 - owner: root - group: root - setype: etc_t - register: _default_sysctl_result - - - name: Set extra sysctl options - sysctl: - name: "{{ setting.key }}" - value: "{{ setting.opt.value }}" - sysctl_set: "{{ setting.opt.set | default(true) }}" - state: "{{ setting.opt.state | default('present') }}" - sysctl_file: "/etc/sysctl.d/99-tripleo.conf" - reload: false - loop: "{{ tripleo_kernel_sysctl_extra_settings | dict2items(key_name='key', value_name='opt') }}" - loop_control: - label: "{{ setting.key }}" - loop_var: setting - register: _extra_sysctl_result - - - name: Sysctl reload - systemd: - name: systemd-sysctl.service - state: restarted - when: - - _extra_sysctl_result.changed or _default_sysctl_result.changed diff --git a/tripleo_ansible/roles/tripleo_kernel/tasks/reboot.yaml b/tripleo_ansible/roles/tripleo_kernel/tasks/reboot.yaml deleted file mode 100644 index 447577560..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/tasks/reboot.yaml +++ /dev/null @@ -1,76 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Check if os-net-config has run once, if yes, no need for the below workaround -- name: Find the ifcfg file generated by os-net-config - find: - paths: /etc/sysconfig/network-scripts/ - patterns: ifcfg-* - contains: "# This file is autogenerated by os-net-config" - register: os_net_ifcfg_files - -# Provisioning Network workaround -# The script will be executed before os-net-config, in which case, only Provisioning network will have IP -# BOOTPROTO of all interface config files (except provisioning), will be set to "none" to avoid reboot failing to acquire IP on other networks -- name: Apply workaround for node reboot - block: - - name: Find the ifcfg files - find: - paths: /etc/sysconfig/network-scripts/ - patterns: ifcfg-* - register: ifcfg_files - # NOTE(mwhahaha): On computes collecting all the network facts is a huge - # performance issue. So let's only get the ansible facts for the ifcfg - # files which will avoid all the tap interfaces. This takes a while but - # results in less memory utilization for the rest of the deployment. - - name: Get ifcfg facts - setup: - gather_subset: - - '!all' - - '!min' - - network - filter: "{{ 'ansible_' + item.path | regex_replace('(^.*ifcfg-)(.*)', '\\2') | replace('-', '_') }}" - loop: "{{ ifcfg_files.files |flatten(levels=1)}}" - loop_control: - label: "{{ item.path | regex_replace('(^.*ifcfg-)(.*)', '\\2') | replace('-', '_') }}" - - name: Replace BOOTPROTO to none for interfaces which does not have IP - replace: - dest: "{{ item.path }}" - regexp: '^BOOTPROTO=.*' - replace: 'BOOTPROTO=none' - when: - - item.path | regex_replace('(^.*ifcfg-)(.*)', '\\2') != "lo" - # Ensure the interface information is available in the facts - - hostvars[inventory_hostname]['ansible_facts'][item.path | regex_replace('(^.*ifcfg-)(.*)', '\\2') | replace('-', '_')] is defined - # This condition will list all the interfaces except the one with valid IP (which is Provisioning network at this stage) - # Simpler Version - hostvars[inventory_hostname]['ansible_' + iface_name ]['ipv4'] is undefined - - hostvars[inventory_hostname]['ansible_facts'][item.path | regex_replace('(^.*ifcfg-)(.*)', '\\2') | replace('-', '_')]['ipv4'] is undefined - with_items: - - "{{ ifcfg_files.files }}" - become: true - when: - - os_net_ifcfg_files.matched is defined - - os_net_ifcfg_files.matched == 0 - -- name: Reboot debug message - debug: - msg: "Going to reboot the node after applying kernel args..." - -# Reboot the node -- name: Reboot after kernel args update - reboot: - post_reboot_delay: "{{ tripleo_kernel_post_reboot_delay }}" - reboot_timeout: "{{ tripleo_kernel_reboot_timeout }}" diff --git a/tripleo_ansible/roles/tripleo_kernel/tasks/upgrade_tasks.yml b/tripleo_ansible/roles/tripleo_kernel/tasks/upgrade_tasks.yml deleted file mode 100644 index b8000fa08..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/tasks/upgrade_tasks.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: fix grub entries to have name start with GRUB_ - replace: - path: '/etc/default/grub' - regexp: '^(TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS)(.*)' - replace: 'GRUB_\1\2' -- name: fix grub entries in append statement - replace: - path: '/etc/default/grub' - regexp: '(.*){(TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS)}(.*)' - replace: '\1{GRUB_\2}\3' diff --git a/tripleo_ansible/roles/tripleo_kernel/templates/tripleo-modprobe.conf.j2 b/tripleo_ansible/roles/tripleo_kernel/templates/tripleo-modprobe.conf.j2 deleted file mode 100644 index e6746bcdf..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/templates/tripleo-modprobe.conf.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# {{ ansible_managed }} - -{% for item in tripleo_kernel_modules | combine(tripleo_kernel_extra_modules) | dict2items(key_name='key', value_name='opt') %} -{{ item.key }} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_kernel/templates/tripleo-sysctl.conf.j2 b/tripleo_ansible/roles/tripleo_kernel/templates/tripleo-sysctl.conf.j2 deleted file mode 100644 index 32c539121..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/templates/tripleo-sysctl.conf.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# {{ ansible_managed }} - -{% for item in tripleo_kernel_sysctl_settings | dict2items(key_name='key', value_name='opt') %} -{{ item.key }} = {{ item.opt.value }} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_kernel/vars/main.yml b/tripleo_ansible/roles/tripleo_kernel/vars/main.yml deleted file mode 100644 index f0f4f2126..000000000 --- a/tripleo_ansible/roles/tripleo_kernel/vars/main.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -tripleo_kernel_modules: - br_netfilter: {} - nf_conntrack: {} - -tripleo_kernel_sysctl_settings: - net.ipv4.tcp_keepalive_intvl: - value: 1 - net.ipv4.tcp_keepalive_probes: - value: 5 - net.ipv4.tcp_keepalive_time: - value: 5 - net.ipv4.conf.default.send_redirects: - value: 0 - net.ipv4.conf.all.send_redirects: - value: 0 - net.ipv4.conf.all.arp_accept: - value: 1 - net.ipv4.conf.default.accept_redirects: - value: 0 - net.ipv4.conf.default.secure_redirects: - value: 0 - net.ipv4.conf.all.secure_redirects: - value: 0 - net.ipv4.conf.default.log_martians: - value: 1 - net.ipv4.conf.all.log_martians: - value: 1 - net.nf_conntrack_max: - value: 500000 - net.netfilter.nf_conntrack_max: - value: 500000 - net.ipv6.conf.all.accept_ra: - value: 0 - net.ipv6.conf.default.accept_ra: - value: 0 - net.ipv6.conf.all.autoconf: - value: 0 - net.ipv6.conf.default.autoconf: - value: 0 - net.ipv6.conf.default.accept_redirects: - value: 0 - net.ipv6.conf.all.accept_redirects: - value: 0 - net.ipv4.conf.all.arp_notify: - value: 1 - net.ipv6.conf.all.ndisc_notify: - value: 1 - net.core.netdev_max_backlog: - value: 10000 - kernel.dmesg_restrict: - value: 1 - fs.suid_dumpable: - value: 0 diff --git a/tripleo_ansible/roles/tripleo_keystone/defaults/main.yml b/tripleo_ansible/roles/tripleo_keystone/defaults/main.yml deleted file mode 100644 index 9eb3488ee..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/defaults/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_keystone" -tripleo_keystone_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" - -tripleo_keystone_hide_sensitive_logs: true - -tripleo_keystone_image: "" - -tripleo_keystone_volumes: - - /etc/openldap:/etc/openldap:ro - - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/keystone:/var/lib/kolla/config_files/src:ro - -tripleo_keystone_logging_volumes: - - /var/log/containers/keystone:/var/log/keystone:z - - /var/log/containers/httpd/keystone:/var/log/httpd:z - -tripleo_keystone_environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - -tripleo_keystone_db_sync_environment: - KOLLA_BOOTSTRAP: true - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - TRIPLEO_DEPLOY_IDENTIFIER: "{{ tripleo_deploy_identifier | default('') }}" - -tripleo_keystone_logging_environment: {} diff --git a/tripleo_ansible/roles/tripleo_keystone/files/.gitkeep b/tripleo_ansible/roles/tripleo_keystone/files/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/roles/tripleo_keystone/files/keystone.yaml b/tripleo_ansible/roles/tripleo_keystone/files/keystone.yaml deleted file mode 100644 index 653c9ea92..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/files/keystone.yaml +++ /dev/null @@ -1,18 +0,0 @@ -command: /usr/sbin/httpd -config_files: - - source: "/var/lib/kolla/config_files/src/etc/keystone/fernet-keys" - dest: "/etc/keystone/fernet-keys" - merge: false - preserve_properties: true - - source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d" - dest: "/etc/httpd/conf.d" - merge: false - preserve_properties: true - - source: "/var/lib/kolla/config_files/src/etc/httpd/conf.modules.d" - dest: "/etc/httpd/conf.modules.d" - merge: false - preserve_properties: true - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true diff --git a/tripleo_ansible/roles/tripleo_keystone/files/keystone_cron.yaml b/tripleo_ansible/roles/tripleo_keystone/files/keystone_cron.yaml deleted file mode 100644 index 836ceab34..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/files/keystone_cron.yaml +++ /dev/null @@ -1,6 +0,0 @@ -command: /usr/sbin/crond -n -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true diff --git a/tripleo_ansible/roles/tripleo_keystone/handlers/main.yml b/tripleo_ansible/roles/tripleo_keystone/handlers/main.yml deleted file mode 100644 index ede65b54e..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. diff --git a/tripleo_ansible/roles/tripleo_keystone/meta/main.yml b/tripleo_ansible/roles/tripleo_keystone/meta/main.yml deleted file mode 100644 index f14fa9f39..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: TripleO OpenStack Role -- tripleo_keystone - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - namespace: openstack - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_keystone/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_keystone/molecule/default/converge.yml deleted file mode 100644 index e9443fdd5..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_keystone" diff --git a/tripleo_ansible/roles/tripleo_keystone/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_keystone/molecule/default/molecule.yml deleted file mode 100644 index 20d7e2005..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_keystone/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_keystone/molecule/default/prepare.yml deleted file mode 100644 index b17f36011..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_keystone/tasks/keystone-bootstrap.yaml b/tripleo_ansible/roles/tripleo_keystone/tasks/keystone-bootstrap.yaml deleted file mode 100644 index fcf722562..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/tasks/keystone-bootstrap.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Manage keystone-bootstrap containers - include_role: - name: tripleo_container_standalone - vars: - tripleo_container_standalone_service: keystone-bootstrap - tripleo_container_standalone_container_defs: - keystone_cron: "{{ lookup('template', 'keystone_cron.yaml.j2') | from_yaml }}" - keystone_bootstrap: "{{ lookup('template', 'keystone_bootstrap.yaml.j2') | from_yaml }}" - tripleo_container_standalone_kolla_config_files: - keystone_cron: "{{ lookup('file', 'files/keystone_cron.yaml') | from_yaml }}" diff --git a/tripleo_ansible/roles/tripleo_keystone/tasks/keystone-db-sync.yaml b/tripleo_ansible/roles/tripleo_keystone/tasks/keystone-db-sync.yaml deleted file mode 100644 index fd3b4a737..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/tasks/keystone-db-sync.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Manage keystone-db-sync containers - include_role: - name: tripleo_container_standalone - vars: - tripleo_container_standalone_service: keystone-db-sync - tripleo_container_standalone_container_defs: - keystone_db_sync: "{{ lookup('template', 'keystone_db_sync.yaml.j2') | from_yaml }}" - tripleo_container_standalone_kolla_config_files: - keystone: "{{ lookup('file', 'files/keystone.yaml') | from_yaml }}" diff --git a/tripleo_ansible/roles/tripleo_keystone/tasks/keystone-install.yaml b/tripleo_ansible/roles/tripleo_keystone/tasks/keystone-install.yaml deleted file mode 100644 index 18b92f386..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/tasks/keystone-install.yaml +++ /dev/null @@ -1,25 +0,0 @@ -- name: Check if file certs_valid exist - stat: - path: "/etc/openldap/certs/certs_valid" - register: certs_valid_stat -- name: Check if file cert9.db exist - stat: - path: "/etc/openldap/certs/cert9.db" - register: cert9_stat - when: not certs_valid_stat.stat.exists -- name: Check if file key4.db exist - stat: - path: "/etc/openldap/certs/key4.db" - register: key4_stat - when: not certs_valid_stat.stat.exists -- fail: - msg: > - Keys and/or certificates were found in /etc/openldap/certs - but these conflicts with keystone python LDAP calls. If - you know those certificates are valid and not causing any - conflicts, you can touch /etc/openldap/certs/certs_valid - in order to skip this failure and retry or you can delete - the files located in /etc/openldap/certs and retry. - when: >- - ( cert9_stat.stat.exists or key4_stat.stat.exists ) and - not certs_valid_stat.stat.exists diff --git a/tripleo_ansible/roles/tripleo_keystone/tasks/keystone-logging-install.yaml b/tripleo_ansible/roles/tripleo_keystone/tasks/keystone-logging-install.yaml deleted file mode 100644 index 40d56618f..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/tasks/keystone-logging-install.yaml +++ /dev/null @@ -1,9 +0,0 @@ -- name: create persistent directories - file: - path: "{{ item.path }}" - state: directory - setype: "{{ item.setype }}" - mode: "{{ item.mode }}" - with_items: - - { 'path': /var/log/containers/keystone, 'setype': container_file_t, 'mode': '0750' } - - { 'path': /var/log/containers/httpd/keystone, 'setype': container_file_t, 'mode': '0750' } diff --git a/tripleo_ansible/roles/tripleo_keystone/tasks/keystone.yaml b/tripleo_ansible/roles/tripleo_keystone/tasks/keystone.yaml deleted file mode 100644 index c9166e7af..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/tasks/keystone.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Manage keystone containers - include_role: - name: tripleo_container_standalone - vars: - tripleo_container_standalone_service: keystone - tripleo_container_standalone_container_defs: - keystone: "{{ lookup('template', 'keystone.yaml.j2') | from_yaml }}" - keystone_bootstrap: "{{ lookup('template', 'keystone_bootstrap.yaml.j2') | from_yaml }}" - tripleo_container_standalone_kolla_config_files: - keystone: "{{ lookup('file', 'files/keystone.yaml') | from_yaml }}" diff --git a/tripleo_ansible/roles/tripleo_keystone/tasks/main.yml b/tripleo_ansible/roles/tripleo_keystone/tasks/main.yml deleted file mode 100644 index 145069760..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/tasks/main.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_keystone" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always diff --git a/tripleo_ansible/roles/tripleo_keystone/templates/keystone.yaml.j2 b/tripleo_ansible/roles/tripleo_keystone/templates/keystone.yaml.j2 deleted file mode 100644 index 9550fe6bc..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/templates/keystone.yaml.j2 +++ /dev/null @@ -1,11 +0,0 @@ -start_order: 2 -image: "{{ tripleo_keystone_image }}" -net: host -privileged: false -restart: always -healthcheck: - test: /openstack/healthcheck -volumes: - {{ tripleo_container_standalone_volumes | default([]) + tripleo_keystone_volumes + tripleo_keystone_logging_volumes }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/tripleo_ansible/roles/tripleo_keystone/templates/keystone_bootstrap.yaml.j2 b/tripleo_ansible/roles/tripleo_keystone/templates/keystone_bootstrap.yaml.j2 deleted file mode 100644 index 4e9292643..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/templates/keystone_bootstrap.yaml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -start_order: 3 -action: exec -user: root -command: - [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap' ] -environment: - KOLLA_BOOTSTRAP: true - OS_BOOTSTRAP_PASSWORD: {{ tripleo_keystone_admin_password }} - OS_BOOTSTRAP_USERNAME: 'admin' - OS_BOOTSTRAP_PROJECT_NAME: 'admin' - OS_BOOTSTRAP_ROLE_NAME: 'admin' - OS_BOOTSTRAP_SERVICE_NAME: 'keystone' - OS_BOOTSTRAP_ADMIN_URL: {{ tripleo_keystone_admin_url }} - OS_BOOTSTRAP_PUBLIC_URL: {{ tripleo_keystone_public_url }} - OS_BOOTSTRAP_INTERNAL_URL: {{ tripleo_keystone_internal_url }} - OS_BOOTSTRAP_REGION_ID: {{ tripleo_keystone_region }} diff --git a/tripleo_ansible/roles/tripleo_keystone/templates/keystone_cron.yaml.j2 b/tripleo_ansible/roles/tripleo_keystone/templates/keystone_cron.yaml.j2 deleted file mode 100644 index 76d206fd4..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/templates/keystone_cron.yaml.j2 +++ /dev/null @@ -1,13 +0,0 @@ -start_order: 4 -image: {{ tripleo_keystone_image }} -user: root -net: host -privileged: false -restart: always -healthcheck: - test: '/usr/share/openstack-tripleo-common/healthcheck/cron keystone' -command: ['/bin/bash', '-c', '/usr/local/bin/kolla_set_configs && /usr/sbin/crond -n'] -volumes: - {{ tripleo_container_standalone_volumes | default([]) + tripleo_keystone_volumes + tripleo_keystone_logging_volumes }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/tripleo_ansible/roles/tripleo_keystone/templates/keystone_db_sync.yaml.j2 b/tripleo_ansible/roles/tripleo_keystone/templates/keystone_db_sync.yaml.j2 deleted file mode 100644 index ec0a411b2..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/templates/keystone_db_sync.yaml.j2 +++ /dev/null @@ -1,9 +0,0 @@ -image: "{{ tripleo_keystone_image }}" -net: host -user: root -privileged: false -detach: false -volumes: - {{ tripleo_container_standalone_volumes | default([]) + tripleo_keystone_volumes + tripleo_keystone_logging_volumes }} -environment: {{ tripleo_keystone_db_sync_environment | combine(tripleo_keystone_logging_environment | default({}, true)) }} -command: ['/usr/bin/bootstrap_host_exec', 'keystone', '/usr/local/bin/kolla_start'] diff --git a/tripleo_ansible/roles/tripleo_keystone/vars/main.yml b/tripleo_ansible/roles/tripleo_keystone/vars/main.yml deleted file mode 100644 index 80c127929..000000000 --- a/tripleo_ansible/roles/tripleo_keystone/vars/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "tripleo_keystone" diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/defaults/main.yml b/tripleo_ansible/roles/tripleo_keystone_resources/defaults/main.yml deleted file mode 100644 index 7891d6ae3..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/defaults/main.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. -tripleo_keystone_resources_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" -tripleo_keystone_resources_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" - -# All variables within this role should have a prefix of "tripleo_keystone_resources" -tripleo_keystone_resources_cloud_name: openstack -tripleo_keystone_resources_cloud_config: {} -tripleo_keystone_resources_clouds_file_path: /etc/openstack/clouds.yaml -tripleo_keystone_resources_clouds_file_owner: root -tripleo_keystone_resources_clouds_file_group: root -tripleo_keystone_resources_clouds_file_mode: '0600' -tripleo_keystone_resources_catalog_config: {} -tripleo_keystone_resources_member_role_enabled: false -tripleo_keystone_resources_batch: 10 -tripleo_keystone_removed_services: {} -tripleo_keystone_resources_cleanup: True diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/meta/main.yml b/tripleo_ansible/roles/tripleo_keystone_resources/meta/main.yml deleted file mode 100644 index eed1fb18d..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_keystone_resources - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/molecule/default/Dockerfile.keystone b/tripleo_ansible/roles/tripleo_keystone_resources/molecule/default/Dockerfile.keystone deleted file mode 100644 index 907122e61..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/molecule/default/Dockerfile.keystone +++ /dev/null @@ -1,15 +0,0 @@ -FROM centos:stream9 -LABEL maintainer="dev@cloudesire.com" - -ENV OS_RELEASE=yoga - -RUN yum clean all \ - && yum -y update \ - && yum -y install centos-release-openstack-${OS_RELEASE} \ - && yum -y install openstack-keystone python-openstackclient \ - && yum clean all - -COPY start_keystone.sh / -EXPOSE 5000 35357 - -CMD ["/start_keystone.sh"] diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_keystone_resources/molecule/default/converge.yml deleted file mode 100644 index 8d74eadb6..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/molecule/default/converge.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - become: true - tasks: - - name: Create openstack directory - file: - path: /etc/openstack - state: directory - - name: Configure /etc/openstack/clouds.yaml - include_role: - name: tripleo_keystone_resources - tasks_from: clouds - vars: - tripleo_keystone_resources_cloud_name: openstack - tripleo_keystone_resources_cloud_config: - auth: - auth_url: http://localhost:5000/ - project_name: "admin" - username: "admin" - password: "ADMIN_PASS" - project_domain_id: default - user_domain_id: default - identity_api_version: 3 - region_name: RegionOne - - name: Create keystone admin resources - include_role: - name: tripleo_keystone_resources - tasks_from: admin - vars: - tripleo_keystone_resources_cloud_name: openstack - tripleo_keystone_resources_region: RegionOne - tripleo_keystone_resources_admin_password: "ADMIN_PASS" - tripleo_keystone_resources_admin_endpoint: "http://localhost:35357" - tripleo_keystone_resources_internal_endpoint: "http://localhost:5000" - tripleo_keystone_resources_public_endpoint: "http://localhost:5000" diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_keystone_resources/molecule/default/molecule.yml deleted file mode 100644 index e7d461d63..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/molecule/default/molecule.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_COLLECTIONS_PATHS: "${ANSIBLE_COLLECTIONS_PATHS:-/usr/share/ansible/collections}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - name: default - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_keystone_resources/molecule/default/prepare.yml deleted file mode 100644 index 68971b639..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/molecule/default/prepare.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Prepare - hosts: localhost - become: true - connection: local - pre_tasks: - - name: Disable SELinux - selinux: - state: disabled - - roles: - - role: test_deps - test_deps_setup_tripleo: true - test_deps_extra_packages: - - python3-openstacksdk - - python3-openstackclient - - python3-keystoneclient - - ansible-core - - ansible-collections-openstack - - role: env_data - - tasks: - - name: Build keystone container - shell: "podman build -t keystone-img -f {{ playbook_dir }}/Dockerfile.keystone ." - become: false - - - name: Create test containers - containers.podman.podman_container: - name: keystone-podman - image: keystone-img - detach: true - ports: - - "5000:5000" - become: false - - - name: Give keystone time to go up - pause: - seconds: 30 diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/molecule/default/start_keystone.sh b/tripleo_ansible/roles/tripleo_keystone_resources/molecule/default/start_keystone.sh deleted file mode 100755 index 2d3381787..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/molecule/default/start_keystone.sh +++ /dev/null @@ -1,92 +0,0 @@ -#!/bin/bash -set -x - -### Openstack Keystone - -: ${IPADDR:=127.0.0.1} -# Identity service configuration -: ${OS_IDENTITY_URL_IPADDR:=$IPADDR} -: ${OS_IDENTITY_API_VERSION:=3} -: ${OS_IDENTITY_SERVICE_REGION:=RegionOne} -: ${OS_IDENTITY_SERVICE_NAME:=keystone} -: ${OS_IDENTITY_ADMIN_DOMAIN:=default} -: ${OS_IDENTITY_ADMIN_PROJECT:=admin} -: ${OS_IDENTITY_ADMIN_USERNAME:=admin} -: ${OS_IDENTITY_ADMIN_PASSWD:=ADMIN_PASS} -: ${OS_IDENTITY_ADMIN_ROLE:=admin} -: ${OS_IDENTITY_URL_ADMIN:=http://${IPADDR}:35357} -: ${OS_IDENTITY_URL_INTERNAL:=http://${IPADDR}:5000} -: ${OS_IDENTITY_URL_PUBLIC:=http://${IPADDR}:5000} -# Object store configuration -: ${OS_OBJECTSTORE_URL_IPADDR:=$IPADDR} -: ${OS_OBJECTSTORE_SERVICE_REGION:=RegionOne} -: ${OS_OBJECTSTORE_SERVICE_NAME:=openio-swift} -: ${OS_OBJECTSTORE_SERVICE_DESC:=OpenIO Swift Object Storage Service} -: ${OS_OBJECTSTORE_DOMAIN:=default} -: ${OS_OBJECTSTORE_PROJECT:=service} -: ${OS_OBJECTSTORE_USERNAME:=swift} -: ${OS_OBJECTSTORE_PASSWD:=SWIFT_PASS} -: ${OS_OBJECTSTORE_ROLE:=admin} -: ${OS_OBJECTSTORE_URL_ADMIN:=http://${IPADDR}:6007/v1} -: ${OS_OBJECTSTORE_URL_INTERNAL:=http://${IPADDR}:6007/v1/AUTH_%(tenant_id)s} -: ${OS_OBJECTSTORE_URL_PUBLIC:=http://${IPADDR}:6007/v1/AUTH_%(tenant_id)s} -# Demo user setup -: ${OS_USER_DEMO_DOMAIN:=default} -: ${OS_USER_DEMO_PROJECT:=demo} -: ${OS_USER_DEMO_USERNAME:=demo} -: ${OS_USER_DEMO_PASSWD:=DEMO_PASS} -: ${OS_USER_DEMO_ROLE:=admin} - -echo '> Configuring Keystone ...' -# Set log to stderr for Docker -openstack-config --set /etc/keystone/keystone.conf DEFAULT use_stderr True -# Use a local sqlite database for demo purposes -openstack-config --set /etc/keystone/keystone.conf database connection 'sqlite:////var/lib/keystone/keystone.db' -keystone-manage credential_setup \ - --keystone-user keystone \ - --keystone-group keystone -keystone-manage fernet_setup \ - --keystone-user keystone \ - --keystone-group keystone -keystone-manage db_sync -keystone-manage bootstrap \ - --bootstrap-project-name "$OS_IDENTITY_ADMIN_PROJECT" \ - --bootstrap-username "$OS_IDENTITY_ADMIN_USERNAME" \ - --bootstrap-username "$OS_IDENTITY_ADMIN_USERNAME" \ - --bootstrap-password "$OS_IDENTITY_ADMIN_PASSWD" \ - --bootstrap-role-name "$OS_IDENTITY_ADMIN_ROLE" \ - --bootstrap-service-name "$OS_IDENTITY_SERVICE_NAME" \ - --bootstrap-region-id "$OS_IDENTITY_SERVICE_REGION" \ - --bootstrap-admin-url "$OS_IDENTITY_URL_ADMIN" \ - --bootstrap-public-url "$OS_IDENTITY_URL_PUBLIC" \ - --bootstrap-internal-url "$OS_IDENTITY_URL_INTERNAL" - -# Using uwsgi for demo purposes -echo '> Starting Keystone admin service ...' -/usr/bin/keystone-wsgi-admin --port 35357 & - - -# Admin credentials -cat </keystone_adminrc -export OS_IDENTITY_API_VERSION="$OS_IDENTITY_API_VERSION" -#export OS_AUTH_URL="$OS_IDENTITY_URL_PUBLIC" -export OS_AUTH_URL="$OS_IDENTITY_URL_ADMIN" -export OS_USER_DOMAIN_ID="$OS_IDENTITY_ADMIN_DOMAIN" -export OS_PROJECT_DOMAIN_ID="$OS_IDENTITY_ADMIN_DOMAIN" -export OS_PROJECT_NAME="$OS_IDENTITY_ADMIN_PROJECT" -export OS_USERNAME="$OS_IDENTITY_ADMIN_USERNAME" -export OS_PASSWORD="$OS_IDENTITY_ADMIN_PASSWD" -EOF -source /keystone_adminrc - -# Keystone policy -cat </etc/keystone/policy.json -{ - "admin_or_owner": "role:admin or project_id:%(project_id)s", - "default": "rule:admin_or_owner", - "admin_api": "role:admin" -} -EOF - -echo '> Starting Keystone public service ...' -/usr/bin/keystone-wsgi-public --port 5000 diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/admin.yml b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/admin.yml deleted file mode 100644 index 267c4122a..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/admin.yml +++ /dev/null @@ -1,109 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Create default domain - openstack.cloud.identity_domain: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - name: default - -- name: Create admin and service projects - include_tasks: projects.yml - vars: - batched_tripleo_keystone_resources_projects: - - admin - - service - -- name: Create admin role - openstack.cloud.identity_role: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - name: admin - -- name: Create _member_ role - openstack.cloud.identity_role: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - name: _member_ - when: - - keystone_enable_member | default(tripleo_keystone_resources_member_role_enabled) - -- name: Check admin password - openstack.cloud.identity_user_info: - name: admin - auth_type: "v3password" - auth: - auth_url: "{{ tripleo_keystone_resources_public_endpoint }}" - username: admin - password: "{{ tripleo_keystone_resources_admin_password }}" - user_domain_id: default - project_name: admin - project_domain_id: default - register: user_info_result - ignore_errors: true - -- name: Create admin user - no_log: "{{ tripleo_keystone_resources_hide_sensitive_logs | bool }}" - openstack.cloud.identity_user: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - name: admin - password: "{{ tripleo_keystone_resources_admin_password }}" - update_password: "{{ user_info_result is failed | ternary('always', 'on_create') }}" - email: "admin@localhost" - domain: default - -- name: Assign admin role to admin project for admin user - openstack.cloud.role_assignment: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - user: admin - project: admin - role: admin - -- name: Assign _member_ role to admin project for admin user - openstack.cloud.role_assignment: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - user: admin - project: admin - role: '_member_' - when: - - keystone_enable_member | default(tripleo_keystone_resources_member_role_enabled) - -- name: Create identity service - openstack.cloud.catalog_service: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - name: keystone - service_type: identity - -- name: Create identity public endpoint - openstack.cloud.endpoint: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - service: keystone - url: "{{ tripleo_keystone_resources_public_endpoint }}" - endpoint_interface: public - region: "{{ tripleo_keystone_resources_region }}" - -- name: Create identity internal endpoint - openstack.cloud.endpoint: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - service: keystone - url: "{{ tripleo_keystone_resources_internal_endpoint }}" - endpoint_interface: internal - region: "{{ tripleo_keystone_resources_region }}" - -- name: Create identity admin endpoint - openstack.cloud.endpoint: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - service: keystone - url: "{{ tripleo_keystone_resources_admin_endpoint }}" - endpoint_interface: admin - region: "{{ tripleo_keystone_resources_region }}" diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/cleanup.yml b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/cleanup.yml deleted file mode 100644 index 45d926727..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/cleanup.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Cleanup keystone services that have been removed - block: - - name: Get list of enabled services - shell: openstack service list -c "Name" -c "Type" -f json 2>/dev/null - register: keystone_service_list - - - name: List services to be disabled - set_fact: - tripleo_keystone_removed_services: "{{ tripleo_keystone_removed_services | combine({item.Name: item.Type}) }}" - loop: "{{ keystone_service_list.stdout }}" - when: - - item.Name not in tripleo_keystone_resources_catalog_config - - item.Name != "keystone" - - - name: Delete keystone services not enabled - openstack.cloud.catalog_service: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - name: "{{ item.key }}" - service_type: "{{ item.value }}" - state: absent - loop: "{{ tripleo_keystone_removed_services | dict2items }}" - register: cleanup_result - environment: - OS_CLOUD: "{{ tripleo_keystone_resources_cloud_name }}" diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/clouds.yml b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/clouds.yml deleted file mode 100644 index cee982d56..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/clouds.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -- name: "Check if {{ tripleo_keystone_resources_clouds_file_path }} exists" - become: true - stat: - path: "{{ tripleo_keystone_resources_clouds_file_path }}" - register: attr_clouds - -# This task is required or config_template will fail if the src file didn't exist -- name: "Create empty {{ tripleo_keystone_resources_clouds_file_path }} if it does not exist" - become: true - copy: - content: |- - --- - clouds: {} - dest: "{{ tripleo_keystone_resources_clouds_file_path }}" - when: - - not attr_clouds.stat.exists - -- name: "Configure {{ tripleo_keystone_resources_clouds_file_path }}" - include_role: - name: tripleo_config - vars: - tripleo_config_dest: "{{ tripleo_keystone_resources_clouds_file_path }}" - tripleo_config_group: "{{ tripleo_keystone_resources_clouds_file_group }}" - tripleo_config_mode: "{{ tripleo_keystone_resources_clouds_file_mode }}" - tripleo_config_overrides: |- - {% set cloud_config = {'clouds': {}} %} - {% set _ = cloud_config['clouds'].__setitem__( - tripleo_keystone_resources_cloud_name, - tripleo_keystone_resources_cloud_config - ) - %} - {{ cloud_config }} - tripleo_config_owner: "{{ tripleo_keystone_resources_clouds_file_owner }}" - tripleo_config_remote_src: true - tripleo_config_src: "{{ tripleo_keystone_resources_clouds_file_path }}" - tripleo_config_type: yaml diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/domains.yml b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/domains.yml deleted file mode 100644 index 53a2bd552..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/domains.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Async creation of Keystone domains - openstack.cloud.identity_domain: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - name: "{{ tripleo_keystone_resources_domain }}" - state: present - async: "{{ (not ansible_check_mode | bool) | ternary('60', omit) }}" - poll: "{{ (not ansible_check_mode | bool) | ternary('0', omit) }}" - register: tripleo_keystone_resources_domain_results - loop: "{{ batched_tripleo_keystone_resources_domains }}" - loop_control: - loop_var: tripleo_keystone_resources_domain - -- name: Check Keystone domain status - async_status: - jid: "{{ tripleo_keystone_resources_domain_async_result_item.ansible_job_id }}" - loop: "{{ tripleo_keystone_resources_domain_results.results }}" - loop_control: - label: "{{ tripleo_keystone_resources_domain_async_result_item.tripleo_keystone_resources_domain }}" - loop_var: "tripleo_keystone_resources_domain_async_result_item" - register: tripleo_keystone_resources_domain_async_poll_results - until: tripleo_keystone_resources_domain_async_poll_results.finished - retries: 30 - when: - - not ansible_check_mode|bool diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/endpoints.yml b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/endpoints.yml deleted file mode 100644 index 5f61a315a..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/endpoints.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: "Async creation of Keystone {{ keystone_endpoint_type }} endpoint" - openstack.cloud.endpoint: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - service: "{{ tripleo_keystone_resources_data.key }}" - url: "{{ tripleo_keystone_resources_data['value']['endpoints'][keystone_endpoint_type] }}" - endpoint_interface: "{{ keystone_endpoint_type }}" - region: "{{ tripleo_keystone_resources_data.value.region }}" - state: present - async: "{{ (not ansible_check_mode | bool) | ternary('60', omit) }}" - poll: "{{ (not ansible_check_mode | bool) | ternary('0', omit) }}" - register: tripleo_keystone_resources_endpoint_results - loop: "{{ batched_tripleo_keystone_resources_data }}" - loop_control: - label: "{{ tripleo_keystone_resources_data.key }}" - loop_var: tripleo_keystone_resources_data - -- name: "Check Keystone {{ keystone_endpoint_type }} endpoint status" - async_status: - jid: "{{ tripleo_keystone_resources_endpoint_async_result_item.ansible_job_id }}" - loop: "{{ tripleo_keystone_resources_endpoint_results.results }}" - loop_control: - label: "{{ tripleo_keystone_resources_endpoint_async_result_item.tripleo_keystone_resources_data.key }}" - loop_var: "tripleo_keystone_resources_endpoint_async_result_item" - register: tripleo_keystone_resources_endpoint_async_poll_results - until: tripleo_keystone_resources_endpoint_async_poll_results.finished - retries: 30 - when: - - not ansible_check_mode|bool diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/gather_domains.yml b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/gather_domains.yml deleted file mode 100644 index a323c4268..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/gather_domains.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Collect OpenStack Keystone domains infos - openstack.cloud.identity_domain_info: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - register: domain_result - -- name: Set openstack_domains fact - set_fact: - openstack_domains: "{{ domain_result.openstack_domains }}" diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/loop-endpoints.yml b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/loop-endpoints.yml deleted file mode 100644 index d8b8c0208..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/loop-endpoints.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: "Create Keystone {{ keystone_endpoint_type }} endpoints" - include_tasks: endpoints.yml - loop: "{{ tripleo_keystone_resources_catalog_config | dict2items | haskey(attribute='endpoints') | batch(tripleo_keystone_resources_batch) | list }}" - loop_control: - loop_var: batched_tripleo_keystone_resources_data diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/main.yml b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/main.yml deleted file mode 100644 index cb11489cb..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/main.yml +++ /dev/null @@ -1,76 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_keystone_resources" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Create Keystone Admin resources - include_tasks: admin.yml - -- name: Create Keystone Projects - include_tasks: projects.yml - loop: "{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='project', default='service') | batch(tripleo_keystone_resources_batch) | list }}" - loop_control: - loop_var: batched_tripleo_keystone_resources_projects - -- name: Create Keystone Domains - include_tasks: domains.yml - loop: "{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='domains') | batch(tripleo_keystone_resources_batch) | list }}" - loop_control: - loop_var: batched_tripleo_keystone_resources_domains - -- name: Gather all OpenStack domains for Ansible >= 2.9.0 - include_tasks: gather_domains.yml - -- name: Create Keystone Services - include_tasks: services.yml - loop: "{{ tripleo_keystone_resources_catalog_config | dict2items | haskey(attribute='service') | batch(tripleo_keystone_resources_batch) | list }}" - loop_control: - loop_var: batched_tripleo_keystone_resources_data - -- name: Create Keystone Endpoints - include_tasks: loop-endpoints.yml - loop: - - public - - admin - - internal - loop_control: - loop_var: keystone_endpoint_type - -- name: Run cleanup tasks - include_tasks: cleanup.yml - when: tripleo_keystone_resources_cleanup - -- name: Create Keystone Roles - include_tasks: roles.yml - loop: "{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='roles', default='service') | batch(tripleo_keystone_resources_batch) | list }}" - loop_control: - loop_var: batched_tripleo_keystone_resources_roles - -- name: "Create Keystone Users" - include_tasks: users.yml - loop: "{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='users') | batch(tripleo_keystone_resources_batch) | list }}" - loop_control: - loop_var: batched_tripleo_keystone_resources_data - -- name: "Assign Keystone Users to Roles" - include_tasks: user_roles.yml - loop: >- - {{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='users') | - get_role_assignments(default_project=tripleo_keystone_resources_service_project) | dict2items }} - loop_control: - loop_var: batched_tripleo_keystone_resources_roles_data diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/projects.yml b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/projects.yml deleted file mode 100644 index a3ad69e75..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/projects.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Async creation of Keystone project - openstack.cloud.project: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - name: "{{ tripleo_keystone_resources_project }}" - domain_id: default - state: present - async: "{{ (not ansible_check_mode | bool) | ternary('60', omit) }}" - poll: "{{ (not ansible_check_mode | bool) | ternary('0', omit) }}" - register: tripleo_keystone_resources_project_results - loop: "{{ batched_tripleo_keystone_resources_projects }}" - loop_control: - loop_var: tripleo_keystone_resources_project - -- name: Check Keystone project status - async_status: - jid: "{{ tripleo_keystone_resources_project_async_result_item.ansible_job_id }}" - loop: "{{ tripleo_keystone_resources_project_results.results }}" - loop_control: - label: "{{ tripleo_keystone_resources_project_async_result_item.tripleo_keystone_resources_project }}" - loop_var: "tripleo_keystone_resources_project_async_result_item" - register: tripleo_keystone_resources_project_async_poll_results - until: tripleo_keystone_resources_project_async_poll_results.finished - retries: 30 - when: - - not ansible_check_mode|bool diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/roles.yml b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/roles.yml deleted file mode 100644 index a45a6eb18..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/roles.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Async creation of Keystone role - openstack.cloud.identity_role: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - name: "{{ tripleo_keystone_resources_role }}" - state: present - async: "{{ (not ansible_check_mode | bool) | ternary('60', omit) }}" - poll: "{{ (not ansible_check_mode | bool) | ternary('0', omit) }}" - register: tripleo_keystone_resources_role_results - loop: "{{ batched_tripleo_keystone_resources_roles }}" - loop_control: - loop_var: tripleo_keystone_resources_role - -- name: Check Keystone role status - async_status: - jid: "{{ tripleo_keystone_resources_role_async_result_item.ansible_job_id }}" - loop: "{{ tripleo_keystone_resources_role_results.results }}" - loop_control: - label: "{{ tripleo_keystone_resources_role_async_result_item.tripleo_keystone_resources_role }}" - loop_var: "tripleo_keystone_resources_role_async_result_item" - register: tripleo_keystone_resources_role_async_poll_results - until: tripleo_keystone_resources_role_async_poll_results.finished - retries: 30 - when: - - not ansible_check_mode|bool diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/services.yml b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/services.yml deleted file mode 100644 index 604e63a99..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/services.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Async creation of Keystone service - openstack.cloud.catalog_service: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - name: "{{ tripleo_keystone_resources_data.key }}" - service_type: "{{ tripleo_keystone_resources_data.value.service }}" - description: "OpenStack {{ tripleo_keystone_resources_data.value.service | title() }} Service" - state: present - async: "{{ (not ansible_check_mode | bool) | ternary('60', omit) }}" - poll: "{{ (not ansible_check_mode | bool) | ternary('0', omit) }}" - register: tripleo_keystone_resources_service_results - loop: "{{ batched_tripleo_keystone_resources_data }}" - loop_control: - label: "{{ tripleo_keystone_resources_data.key }}" - loop_var: tripleo_keystone_resources_data - -- name: Check Keystone service status - async_status: - jid: "{{ tripleo_keystone_resources_service_async_result_item.ansible_job_id }}" - loop: "{{ tripleo_keystone_resources_service_results.results }}" - loop_control: - label: "{{ tripleo_keystone_resources_service_async_result_item.tripleo_keystone_resources_data.key }}" - loop_var: "tripleo_keystone_resources_service_async_result_item" - register: tripleo_keystone_resources_service_async_poll_results - until: tripleo_keystone_resources_service_async_poll_results.finished - retries: 30 - when: - - not ansible_check_mode|bool diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/user_per_role.yml b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/user_per_role.yml deleted file mode 100644 index 52fb5b0bd..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/user_per_role.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: "Async assignment of Keystone user to roles" - openstack.cloud.role_assignment: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - user: "{{ lookup('dict', tripleo_keystone_resources_data_user).key }}" - project: "{{ lookup('dict', tripleo_keystone_resources_data_user).value.project | default(omit) }}" - # TODO(emilien) remove the custom filter once the module moved to OpenStack collections and we can make changes - domain: >- - {{ lookup('dict', tripleo_keystone_resources_data_user).value.domain | default('') | - get_domain_id(all_domains=openstack_domains) | default(omit) }} - role: "{{ batched_tripleo_keystone_resources_roles_data.key }}" - state: present - async: "{{ (not ansible_check_mode | bool) | ternary('60', omit) }}" - poll: "{{ (not ansible_check_mode | bool) | ternary('0', omit) }}" - register: tripleo_keystone_resources_user_role_results - loop: "{{ tripleo_keystone_resources_data_users }}" - loop_control: - label: "{{ lookup('dict', tripleo_keystone_resources_data_user).key }}" - loop_var: tripleo_keystone_resources_data_user - -- name: "Check Keystone user assignment to roles status" - async_status: - jid: "{{ tripleo_keystone_resources_user_role_async_result_item.ansible_job_id }}" - loop: "{{ tripleo_keystone_resources_user_role_results.results }}" - loop_control: - label: "{{ lookup('dict', tripleo_keystone_resources_user_role_async_result_item.tripleo_keystone_resources_data_user).key }}" - loop_var: "tripleo_keystone_resources_user_role_async_result_item" - register: tripleo_keystone_resources_user_role_async_poll_results - until: tripleo_keystone_resources_user_role_async_poll_results.finished - retries: 30 - when: - - not ansible_check_mode|bool diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/user_roles.yml b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/user_roles.yml deleted file mode 100644 index bd260b522..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/user_roles.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: "Async assignment of Keystone user per role" - include_tasks: user_per_role.yml - # This loop is required as a user can have multiple roles but the role_assignment module doesn't handle it. - loop: "{{ batched_tripleo_keystone_resources_roles_data.value | batch(tripleo_keystone_resources_batch) | list }}" - loop_control: - loop_var: tripleo_keystone_resources_data_users diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/users.yml b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/users.yml deleted file mode 100644 index ed70b5edd..000000000 --- a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/users.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: "Check password of Keystone user" - # needed because the module dumps the raw output in case auth fails - no_log: "{{ tripleo_keystone_resources_hide_sensitive_logs | bool }}" - openstack.cloud.identity_user_info: - name: "{{ lookup('dict', tripleo_keystone_resources_data).value.name | default(lookup('dict', tripleo_keystone_resources_data).key) }}" - auth_type: "v3password" - auth: - auth_url: "{{ tripleo_keystone_resources_public_endpoint }}" - username: "{{ lookup('dict', tripleo_keystone_resources_data).value.name | default(lookup('dict', tripleo_keystone_resources_data).key) }}" - password: "{{ lookup('dict', tripleo_keystone_resources_data).value.password }}" - user_domain_id: "{{ lookup('dict', tripleo_keystone_resources_data).value.domain | default('default') }}" - project_name: "{{ tripleo_keystone_resources_service_project }}" - project_domain_id: default - register: tripleo_keystone_resources_user_info_results - ignore_errors: true - loop: "{{ batched_tripleo_keystone_resources_data }}" - loop_control: - label: "{{ lookup('dict', tripleo_keystone_resources_data).value.name | default(lookup('dict', tripleo_keystone_resources_data).key) }}" - loop_var: tripleo_keystone_resources_data - -- name: "Async creation of Keystone user" - # needed because it'll throw a warning if you have update_password without it - no_log: "{{ tripleo_keystone_resources_hide_sensitive_logs | bool }}" - openstack.cloud.identity_user: - cloud: "{{ tripleo_keystone_resources_cloud_name }}" - name: "{{ lookup('dict', tripleo_keystone_resources_data.0).value.name | default(lookup('dict', tripleo_keystone_resources_data.0).key) }}" - password: "{{ lookup('dict', tripleo_keystone_resources_data.0).value.password }}" - update_password: "{{ tripleo_keystone_resources_data.1 is failed | ternary('always', 'on_create') }}" - email: "{{ lookup('dict', tripleo_keystone_resources_data.0).key }}@localhost" - domain: "{{ lookup('dict', tripleo_keystone_resources_data.0).value.domain | default('default') }}" - state: present - async: "{{ (not ansible_check_mode | bool) | ternary('60', omit) }}" - poll: "{{ (not ansible_check_mode | bool) | ternary('0', omit) }}" - register: tripleo_keystone_resources_user_results - loop: "{{ batched_tripleo_keystone_resources_data|zip(tripleo_keystone_resources_user_info_results.results)|list }}" - loop_control: - label: "{{ lookup('dict', tripleo_keystone_resources_data.0).value.name | default(lookup('dict', tripleo_keystone_resources_data.0).key) }}" - loop_var: tripleo_keystone_resources_data - -- name: "Check Keystone user status" - # needed because the results may have the full information when verbosity is turned up - no_log: "{{ tripleo_keystone_resources_hide_sensitive_logs | bool }}" - async_status: - jid: "{{ tripleo_keystone_resources_user_async_result_item.ansible_job_id }}" - loop: "{{ tripleo_keystone_resources_user_results.results }}" - loop_control: - label: "{{ lookup('dict', tripleo_keystone_resources_user_async_result_item.tripleo_keystone_resources_data.0).key }}" - loop_var: "tripleo_keystone_resources_user_async_result_item" - register: tripleo_keystone_resources_user_async_poll_results - until: tripleo_keystone_resources_user_async_poll_results.finished - retries: 30 - when: - - not ansible_check_mode|bool diff --git a/tripleo_ansible/roles/tripleo_logrotate_crond/defaults/main.yml b/tripleo_ansible/roles/tripleo_logrotate_crond/defaults/main.yml deleted file mode 100644 index a0e49bc64..000000000 --- a/tripleo_ansible/roles/tripleo_logrotate_crond/defaults/main.yml +++ /dev/null @@ -1,63 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_logrotate_crond" -tripleo_logrotate_crond_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" - -tripleo_logrotate_crond_hide_sensitive_logs: true - -tripleo_logrotate_crond_cronie_package: cronie - -# Pid namespace for podman container. Only change for testing. -tripleo_logrotate_crond_podman_pid: host - -tripleo_logrotate_crond_image: "quay.io/tripleomastercentos9/openstack-cron:current-tripleo" -tripleo_logrotate_crond_config_use_ansible: true -tripleo_logrotate_crond_config_dir: /var/lib/config-data/ansible-generated/crond -tripleo_logrotate_crond_volumes: - - /var/lib/kolla/config_files/logrotate_crond.json:/var/lib/kolla/config_files/config.json:ro - - "{{ tripleo_logrotate_crond_config_dir ~ ':/var/lib/kolla/config_files/src:ro' }}" - - /var/log/containers:/var/log/containers:z - -# Enforces life time (days) of rotated and compressed files. -# Overrides the rotation and rotate settings. -tripleo_logrotate_crond_purge_after_days: 14 - -# Configures the logrotate rotation interval. -tripleo_logrotate_crond_rotation: daily -# Configures the logrotate rotate parameter. -tripleo_logrotate_crond_rotate: 14 -# Configures the logrotate minsize parameter. -tripleo_logrotate_crond_minsize: 1 -# Configures the logrotate maxsize parameter. -tripleo_logrotate_crond_maxsize: 10M -# Configures the logrotate notifempty parameter. -tripleo_logrotate_crond_notifempty: true -# Configures the logrotate copytruncate parameter. -tripleo_logrotate_crond_copytruncate: true -# Configures the logrotate delaycompress parameter. -tripleo_logrotate_crond_delaycompress: true -# Configures the logrotate compress parameter. -tripleo_logrotate_crond_compress: true -# Configures the dateext parameter. -tripleo_logrotate_crond_dateext: null -# Configures the dateformat parameter used with dateext parameter. -tripleo_logrotate_crond_dateformat: null -# Configures the dateyesterday parameter used with dateext parameter. -tripleo_logrotate_crond_dateyesterday: null diff --git a/tripleo_ansible/roles/tripleo_logrotate_crond/files/logrotate_crond.yaml b/tripleo_ansible/roles/tripleo_logrotate_crond/files/logrotate_crond.yaml deleted file mode 100644 index 63b71ae2a..000000000 --- a/tripleo_ansible/roles/tripleo_logrotate_crond/files/logrotate_crond.yaml +++ /dev/null @@ -1,6 +0,0 @@ -command: /usr/sbin/crond -s -n -config_files: -- source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true diff --git a/tripleo_ansible/roles/tripleo_logrotate_crond/meta/main.yml b/tripleo_ansible/roles/tripleo_logrotate_crond/meta/main.yml deleted file mode 100644 index 43e3d5acd..000000000 --- a/tripleo_ansible/roles/tripleo_logrotate_crond/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: TripleO OpenStack Role -- tripleo_logrotate_crond - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - namespace: openstack - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 8 - - 9 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_logrotate_crond/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_logrotate_crond/molecule/default/converge.yml deleted file mode 100644 index 992e2bc24..000000000 --- a/tripleo_ansible/roles/tripleo_logrotate_crond/molecule/default/converge.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - tripleo_container_manage_debug: true - tasks: - - - name: install tripleo_logrotate_crond - include_role: - name: "tripleo_logrotate_crond" - tasks_from: install.yml - - - name: configure tripleo_logrotate_crond - include_role: - name: "tripleo_logrotate_crond" - tasks_from: configure.yml diff --git a/tripleo_ansible/roles/tripleo_logrotate_crond/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_logrotate_crond/molecule/default/molecule.yml deleted file mode 100644 index 812b84e7e..000000000 --- a/tripleo_ansible/roles/tripleo_logrotate_crond/molecule/default/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -log: true - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy diff --git a/tripleo_ansible/roles/tripleo_logrotate_crond/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_logrotate_crond/molecule/default/prepare.yml deleted file mode 100644 index 79238c2f9..000000000 --- a/tripleo_ansible/roles/tripleo_logrotate_crond/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - tasks: [] diff --git a/tripleo_ansible/roles/tripleo_logrotate_crond/molecule/default/verify.yml b/tripleo_ansible/roles/tripleo_logrotate_crond/molecule/default/verify.yml deleted file mode 100644 index f452f07c1..000000000 --- a/tripleo_ansible/roles/tripleo_logrotate_crond/molecule/default/verify.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -- name: Verify - hosts: all - tasks: - - - name: Include defaults/main.yml - include_vars: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/defaults/main.yml" - - - name: Push script - stat: - path: /usr/local/sbin/containers-tmpwatch - register: stat_result - failed_when: not stat_result.stat.exists - - - name: Insert cronjob in root crontab - shell: - crontab -l - register: crontab - failed_when: "'@daily /usr/local/sbin/containers-tmpwatch' not in crontab.stdout" - - - name: Ensure config directories exist - stat: - path: "{{ item }}" - loop: - - "{{ tripleo_logrotate_crond_config_dir }}/etc" - - "{{ tripleo_logrotate_crond_config_dir }}/var/spool/cron" - register: config_dirs - failed_when: not config_dirs.stat.exists - - - name: Render logrotate-crond.conf - stat: - path: "{{ tripleo_logrotate_crond_config_dir }}/etc/logrotate-crond.conf" - register: stat_result - failed_when: not stat_result.stat.exists - - - name: Configure cron entry command - stat: - path: "{{ tripleo_logrotate_crond_config_dir }}/var/spool/cron/root" - register: stat_result - failed_when: not stat_result.stat.exists - - - name: Configure cron entry $PATH env var - stat: - path: "{{ tripleo_logrotate_crond_config_dir }}/var/spool/cron/root" - register: stat_result - failed_when: not stat_result.stat.exists - - - name: Configure cron entry $SHELL env var - stat: - path: "{{ tripleo_logrotate_crond_config_dir }}/var/spool/cron/root" - register: stat_result - failed_when: not stat_result.stat.exists diff --git a/tripleo_ansible/roles/tripleo_logrotate_crond/tasks/configure.yml b/tripleo_ansible/roles/tripleo_logrotate_crond/tasks/configure.yml deleted file mode 100644 index d3e673f4c..000000000 --- a/tripleo_ansible/roles/tripleo_logrotate_crond/tasks/configure.yml +++ /dev/null @@ -1,87 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: configure tmpwatch on the host - become: true - block: - - name: Push script - copy: - dest: /usr/local/sbin/containers-tmpwatch - owner: root - group: root - mode: 0755 - content: | - #!/bin/sh - tmpwatch --nodirs \ - -X "/var/log/containers/*/*log" \ - -X "/var/log/containers/*/*/*log" \ - -X "/var/log/containers/*/*err" \ - {{ tripleo_logrotate_crond_purge_after_days|int + 1 }}d \ - /var/log/containers/ 2>&1 | logger -t container-tmpwatch - - name: Insert cronjob in root crontab - cron: - name: "Remove old logs" - special_time: "daily" - user: "root" - job: "/usr/local/sbin/containers-tmpwatch" - -- name: Configure logrotate_crond - become: true - when: tripleo_logrotate_crond_config_use_ansible - block: - - name: Ensure config directories exist - file: - path: "{{ item }}" - state: directory - recurse: true - loop: - - "{{ tripleo_logrotate_crond_config_dir }}/etc" - - "{{ tripleo_logrotate_crond_config_dir }}/var/spool/cron" - - - name: Render logrotate-crond.conf - template: - src: logrotate-crond.conf.j2 - dest: "{{ tripleo_logrotate_crond_config_dir }}/etc/logrotate-crond.conf" - - - name: Configure cron entry command - cron: - cron_file: "{{ tripleo_logrotate_crond_config_dir }}/var/spool/cron/root" - user: root - minute: 0 - hour: "*" - month: "*" - day: "*" - weekday: "*" - env: false - name: openstack - job: sleep `expr ${RANDOM} \% 90`; /usr/sbin/logrotate -s /var/lib/logrotate/logrotate-crond.status /etc/logrotate-crond.conf 2>&1|logger -t logrotate-crond - - - name: Configure cron entry $PATH env var - cron: - cron_file: "{{ tripleo_logrotate_crond_config_dir }}/var/spool/cron/root" - user: root - env: true - name: PATH - job: /bin:/usr/bin:/usr/sbin - - - name: Configure cron entry $SHELL env var - cron: - cron_file: "{{ tripleo_logrotate_crond_config_dir }}/var/spool/cron/root" - user: root - env: true - name: SHELL - job: /bin/sh diff --git a/tripleo_ansible/roles/tripleo_logrotate_crond/tasks/install.yml b/tripleo_ansible/roles/tripleo_logrotate_crond/tasks/install.yml deleted file mode 100644 index 3b82a9950..000000000 --- a/tripleo_ansible/roles/tripleo_logrotate_crond/tasks/install.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: install cronie - become: true - package: - name: "{{ tripleo_logrotate_crond_cronie_package }}" - state: present - -- name: allow logrotate to read inside containers - become: true - seboolean: - name: logrotate_read_inside_containers - persistent: true - state: true - when: - - ansible_facts.selinux is defined - - ansible_facts.selinux.status == "enabled" diff --git a/tripleo_ansible/roles/tripleo_logrotate_crond/tasks/logrotate_crond.yml b/tripleo_ansible/roles/tripleo_logrotate_crond/tasks/logrotate_crond.yml deleted file mode 100644 index 78243d03c..000000000 --- a/tripleo_ansible/roles/tripleo_logrotate_crond/tasks/logrotate_crond.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Manage logroate_crond containers - include_role: - name: tripleo_container_standalone - vars: - tripleo_container_standalone_service: logrotate_crond - tripleo_container_standalone_container_defs: - logrotate_crond: "{{ lookup('template', 'logrotate_crond.yaml.j2') | from_yaml }}" - tripleo_container_standalone_kolla_config_files: - logrotate_crond: "{{ lookup('file', 'files/logrotate_crond.yaml') | from_yaml }}" diff --git a/tripleo_ansible/roles/tripleo_logrotate_crond/tasks/run.yml b/tripleo_ansible/roles/tripleo_logrotate_crond/tasks/run.yml deleted file mode 100644 index 8b43c39b0..000000000 --- a/tripleo_ansible/roles/tripleo_logrotate_crond/tasks/run.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Manage logrotate_crond containers - include_role: - name: tripleo_container_standalone - vars: - tripleo_container_standalone_service: logrotate_crond - tripleo_container_standalone_container_defs: - logrotate_crond: "{{ lookup('template', 'logrotate_crond.yaml.j2') | from_yaml }}" - tripleo_container_standalone_kolla_config_files: - logrotate_crond: "{{ lookup('file', 'files/logrotate_crond.yaml') | from_yaml }}" diff --git a/tripleo_ansible/roles/tripleo_logrotate_crond/tasks/update.yml b/tripleo_ansible/roles/tripleo_logrotate_crond/tasks/update.yml deleted file mode 100644 index 9dd1e14da..000000000 --- a/tripleo_ansible/roles/tripleo_logrotate_crond/tasks/update.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Ensure old cron.daily is absent - become: true - file: - path: /etc/cron.daily/containers-tmpwatch - state: absent diff --git a/tripleo_ansible/roles/tripleo_logrotate_crond/tasks/upgrade.yml b/tripleo_ansible/roles/tripleo_logrotate_crond/tasks/upgrade.yml deleted file mode 100644 index ac383d5a2..000000000 --- a/tripleo_ansible/roles/tripleo_logrotate_crond/tasks/upgrade.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Include logrotate-crond update tasks - ansible.builtin.include_tasks: update.yaml diff --git a/tripleo_ansible/roles/tripleo_logrotate_crond/templates/logrotate-crond.conf.j2 b/tripleo_ansible/roles/tripleo_logrotate_crond/templates/logrotate-crond.conf.j2 deleted file mode 100644 index 213cd860c..000000000 --- a/tripleo_ansible/roles/tripleo_logrotate_crond/templates/logrotate-crond.conf.j2 +++ /dev/null @@ -1,25 +0,0 @@ -/var/log/containers/*/*log /var/log/containers/*/*/*log /var/log/containers/*/*err { - {{ tripleo_logrotate_crond_rotation }} - rotate {{ tripleo_logrotate_crond_rotate }} - maxage {{ tripleo_logrotate_crond_purge_after_days }} - # minsize 1 is required for GDPR compliance, all files in - # /var/log/containers not managed with logrotate will be purged! - minsize {{ tripleo_logrotate_crond_minsize | default(1) }} - # Do not use size as it's not compatible with time-based rotation rules - # required for GDPR compliance. - maxsize {{ tripleo_logrotate_crond_maxsize | default(1) }} - missingok - {{ tripleo_logrotate_crond_notifempty | ternary('notifempty', '', omit) }} - {{ tripleo_logrotate_crond_copytruncate | ternary('copytruncate', '', omit) }} - {{ tripleo_logrotate_crond_delaycompress | ternary('delaycompress', '', omit) }} - {{ tripleo_logrotate_crond_compress | ternary('compress', '', omit) }} -{% if tripleo_logrotate_crond_dateext -%} - dateext - {% if tripleo_logrotate_crond_dateformat -%} - dateformat {{ tripleo_logrotate_crond_dateformat }} - {% endif -%} - {% if tripleo_logrotate_crond_dateyesterday -%} - dateyesterday {{ tripleo_logrotate_crond_dateyesterday }} - {% endif -%} -{% endif -%} -} diff --git a/tripleo_ansible/roles/tripleo_logrotate_crond/templates/logrotate_crond.yaml.j2 b/tripleo_ansible/roles/tripleo_logrotate_crond/templates/logrotate_crond.yaml.j2 deleted file mode 100644 index 60cddb966..000000000 --- a/tripleo_ansible/roles/tripleo_logrotate_crond/templates/logrotate_crond.yaml.j2 +++ /dev/null @@ -1,12 +0,0 @@ -image: {{ tripleo_logrotate_crond_image }} -net: none -pid: {{ tripleo_logrotate_crond_podman_pid }} -privileged: true -user: root -restart: always -healthcheck: - test: '/usr/share/openstack-tripleo-common/healthcheck/cron' -volumes: - {{ tripleo_container_standalone_common_volumes | default([]) + tripleo_logrotate_crond_volumes }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/tripleo_ansible/roles/tripleo_lvmfilter/defaults/main.yml b/tripleo_ansible/roles/tripleo_lvmfilter/defaults/main.yml deleted file mode 100644 index 883876fd5..000000000 --- a/tripleo_ansible/roles/tripleo_lvmfilter/defaults/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_tripleo_lvmfilter" -tripleo_tripleo_lvmfilter_enabled: false -tripleo_tripleo_lvmfilter_dry_run: false -tripleo_tripleo_lvmfilter_devices_allowlist: [] -tripleo_tripleo_lvmfilter_devices_denylist: [] diff --git a/tripleo_ansible/roles/tripleo_lvmfilter/handlers/main.yml b/tripleo_ansible/roles/tripleo_lvmfilter/handlers/main.yml deleted file mode 100644 index 60cb71e9c..000000000 --- a/tripleo_ansible/roles/tripleo_lvmfilter/handlers/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Refresh LVM caches - become: true - command: vgscan diff --git a/tripleo_ansible/roles/tripleo_lvmfilter/meta/main.yml b/tripleo_ansible/roles/tripleo_lvmfilter/meta/main.yml deleted file mode 100644 index e172a9f25..000000000 --- a/tripleo_ansible/roles/tripleo_lvmfilter/meta/main.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_lvmfilter - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo diff --git a/tripleo_ansible/roles/tripleo_lvmfilter/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_lvmfilter/molecule/default/converge.yml deleted file mode 100644 index 42f0a0721..000000000 --- a/tripleo_ansible/roles/tripleo_lvmfilter/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_lvmfilter" diff --git a/tripleo_ansible/roles/tripleo_lvmfilter/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_lvmfilter/molecule/default/molecule.yml deleted file mode 100644 index 20d7e2005..000000000 --- a/tripleo_ansible/roles/tripleo_lvmfilter/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_lvmfilter/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_lvmfilter/molecule/default/prepare.yml deleted file mode 100644 index 0db1c118b..000000000 --- a/tripleo_ansible/roles/tripleo_lvmfilter/molecule/default/prepare.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - vars: - test_deps_extra_packages: - - lvm2 - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_lvmfilter/tasks/main.yml b/tripleo_ansible/roles/tripleo_lvmfilter/tasks/main.yml deleted file mode 100644 index 7f36f8bdd..000000000 --- a/tripleo_ansible/roles/tripleo_lvmfilter/tasks/main.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Check if lvm2 is installed - shell: rpm -q lvm2 - become: true - failed_when: false - register: lvm_pkg_check -- name: gather allowed block devices list - when: - - lvm_pkg_check.rc is defined - - lvm_pkg_check.rc == 0 - - tripleo_tripleo_lvmfilter_enabled or tripleo_tripleo_lvmfilter_dry_run - block: - - name: collect ansible devices - become: true - setup: - gather_subset: - - '!all' - - devices - filter: 'ansible_devices' - - name: collect in-use lvm2 devices list - become: true - lvm2_physical_devices_facts: - - name: set allowed_devices - set_fact: - allowed_devices: "{{ (ansible_facts['lvm2_active_pvs'] | default([]) | list) - | intersect(ansible_facts['devices'].keys()) - + (tripleo_tripleo_lvmfilter_devices_allowlist | default([])) - | unique }}" - - name: build lvm2 allow list - set_fact: - lvm2_allow_list: "{{ allowed_devices - | map('regex_replace', '(.+)', 'a|\\1|') | list }}" - - name: build lvm2 deny list - set_fact: - lvm2_deny_list: "{{ tripleo_tripleo_lvmfilter_devices_denylist | default([]) - | map('regex_replace', '(.+)', 'r|\\1|') | list }}" - - name: build lvm2 filter - set_fact: - lvm2_filter: "\"{{ (lvm2_allow_list + lvm2_deny_list) | join('\",\"') }}\"" - - name: regenerate lvm config - become: true - command: > - lvmconfig -f /tmp/tripleo_lvmfilter.conf - --mergedconfig --withgeneralpreamble --withspaces --withsummary --withcomments --ignorelocal --showdeprecated - --config devices/global_filter='[{{ lvm2_filter }}]' - - name: copy new lvm.conf in place - become: true - copy: - remote_src: true - src: /tmp/tripleo_lvmfilter.conf - dest: /etc/lvm/lvm.conf - owner: root - group: root - mode: '0644' - backup: true - when: tripleo_tripleo_lvmfilter_enabled - notify: - - Refresh LVM caches diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/defaults/main.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/defaults/main.yml deleted file mode 100644 index a76c959c9..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/defaults/main.yml +++ /dev/null @@ -1,103 +0,0 @@ ---- - -# Corresponds to MetricsQdrAddresses in THT -# Addresses configuration (array of hashes). -tripleo_metrics_qdr_addresses: - - prefix: collectd - distribution: multicast - - prefix: ceilometer - distribution: multicast - -# Corresponds to MetricsQdrAutoLinks in THT -# AutoLinks for the Configured Addresses -tripleo_metrics_qdr_autolink_addresses: [] - -# Where to write the config file -tripleo_metrics_qdr_conf_output_dir: /var/lib/config-data/ansible-generated/metrics_qdr - -# Corresponds to MetricsQdrConnectors in THT -# Connectors configuration (array of hashes). -tripleo_metrics_qdr_connectors: [] - -# Set to edge-only or controller-mesh -tripleo_metrics_qdr_deployment_mode: edge-only - -tripleo_metrics_qdr_extra_listeners: [] - -tripleo_metrics_qdr_extra_ssl_profiles: [] - -# Corresponds to MetricsQdrAuthenticateClient in THT -# Authenticate the client using SSL/TLS -tripleo_metrics_qdr_listener_auth_peer: false - -# Corresponds to MetricsQdrPort in THT -# Service name or port number on which the qdrouterd will accept connections. -tripleo_metrics_qdr_listener_port: 5666 - -# Corresponds to MetricsQdrUseSSL in THT -# Set to true if required to use SSL or TLS on the connection for listener. -tripleo_metrics_qdr_listener_require_ssl: false - -# Corresponds to MetricsQdrSaslMechanisms in THT -# List of SASL auth mechanisms for listener as of comma separated list. -tripleo_metrics_qdr_listener_sasl_mech: ANONYMOUS - -# Corresponds to MetricsQdrSslCertFile in THT -# Path to SSL certificate file for listener. -tripleo_metrics_qdr_listener_ssl_cert_file: /etc/pki/tls/certs/metrics_qdr.crt - -# Corresponds to MetricsQdrSslCertDb in THT -# Path to SSL certificate db for listener. -tripleo_metrics_qdr_listener_ssl_cert_db: /etc/pki/tls/certs/ca-bundle.crt - -# Corresponds to MetricsQdrSslKeyFile in THT -# Path to SSL private key file for listener. -tripleo_metrics_qdr_listener_ssl_key_file: /etc/pki/tls/certs/metrics_qdr.key - -# Corresponds to MetricsQdrSslPassword in THT -# SSL password to be supplied for listener. -tripleo_metrics_qdr_listener_ssl_password: - -# Corresponds to MetricsQdrSslPwFile in THT -# Path to SSL password file for certificate key for listener. -tripleo_metrics_qdr_listener_ssl_pw_file: - -# Corresponds to MetricsQdrTrustedCerts in THT -# Path to file containing trusted certificates for listener. -tripleo_metrics_qdr_listener_trusted_certs: - -# Corresponds to MetricsQdrUseEncryption in THT -# Set to true if it is required to encrypt connection to the peer for listener. -tripleo_metrics_qdr_listener_use_encryption: false - -tripleo_metrics_qdr_log_output: /var/log/qdrouterd/metrics_qdr.log - -# Corresponds to MetricsQdrPassword in THT -# Password which should be used to authenticate to the deployed qdrouterd. -tripleo_metrics_qdr_password: guest - -tripleo_metrics_qdr_router_mode: edge - -# Corresponds to MetricsQdrSSLProfiles in THT -# SSL Profiles for the connectors (array of hashes). -tripleo_metrics_qdr_ssl_profiles: - - name: sslProfile - -tripleo_metrics_qdr_ssl_profile_base_mesh: {} - -# Corresponds to MetricsQdrUsername in THT -# Username which should be used to authenticate to the deployed qdrouterd. -tripleo_metrics_qdr_username: guest - -# Corresponds to MetricsQdrExternalEndpoint in THT -# Whether QDR should listen on external network interface. To enable listening -# on external network one must deploy QDRs in mesh mode. -metrics_qdr_external_endpoint: false - -# Corresponds to EnableInternalTLS in THT -tripleo_enable_internal_tls: false - -# Corresponds to InternalTLSCAFile in THT -# Specifies the default CA cert to use if TLS is used for services in the -# internal network. -tripleo_internal_tlscafile: /etc/ipa/ca.crt diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/meta/main.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/meta/main.yml deleted file mode 100644 index 98fb6f895..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/meta/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_metrics_qdr - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - platforms: - - name: CentOS - versions: - - 8 - galaxy_tags: - - tripleo -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/common/converge.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/common/converge.yml deleted file mode 100644 index 079ac49e6..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/common/converge.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Create host dirs for QDR - hosts: centos - tasks: - - name: Set defaults for testing - set_fact: - tripleo_metrics_qdr_conf_output_dir: /etc/qpid-dispatch/ - tripleo_metrics_qdr_log_output: /var/log/qdrouterd/metrics_qdr.log diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/common/prepare.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/common/prepare.yml deleted file mode 100644 index 42ffebee2..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/common/prepare.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Prepare - hosts: centos - roles: - - role: test_deps - test_deps_setup_tripleo: true - test_deps_extra_packages: - - qpid-dispatch-router - - qpid-dispatch-tools - - role: env_data - tasks: - - name: "Make sure that /var/log/qdrouterd exists" - file: - path: "/var/log/qdrouterd" - state: directory - owner: qdrouterd - mode: 0755 diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/common/requirements.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/common/requirements.yml deleted file mode 100644 index abd0a8cb6..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/common/requirements.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# TODO: Mirror these someplace cacheable outside of github -roles: - - src: git+https://github.com/infrawatch/functional-tests - name: functional_tests - - src: git+https://github.com/infrawatch/qdr-config-ansible-role - name: qdr_config diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/common/verify.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/common/verify.yml deleted file mode 100644 index 3b8ba1ea3..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/common/verify.yml +++ /dev/null @@ -1,88 +0,0 @@ ---- -- name: Dump the config file and start the QDR - hosts: centos - tasks: - - name: Check for qdrouterd.conf - find: - paths: "{{ tripleo_metrics_qdr_conf_output_dir }}" - patterns: qdrouterd.conf - register: conf - failed_when: conf.files|length != 1 - - - name: Read the config file - slurp: - src: "{{ tripleo_metrics_qdr_conf_output_dir }}/qdrouterd.conf" - register: qdrconfig - - - name: Decode the content - set_fact: - qdrconfig_content: "{{ qdrconfig['content'] | b64decode }}" - - - name: Split into lines - debug: - msg: "{{ qdrconfig_content.split('\n') }}" - - - name: Start qdrouterd # noqa 301 - command: qdrouterd -U qdrouterd -d - -- name: Functional tests - hosts: localhost - tasks: - - block: - - name: Clear the failure flag - set_fact: functest_failed_flag="unknown" - - - name: Run the qdr test from STF functional-tests - include_role: - name: functional_tests - tasks_from: test_qdr - vars: - qdr_container_name: 'centos' - container_bin: podman - - rescue: - - name: Set flag if functional tests failed - set_fact: functest_failed_flag="failed" - -- name: Check functional test failure flag - hosts: localhost - tasks: - - assert: - that: - - functest_failed_flag != "failed" - name: Functional tests passed - -- name: Process qdr log - hosts: centos - tasks: - - name: Slurp the file - slurp: - src: /var/log/qdrouterd/metrics_qdr.log - register: qdrlog - - - name: Decode the content - set_fact: - qdrlog_content: "{{ qdrlog['content'] | b64decode }}" - - - name: Split into lines - debug: - msg: "{{ qdrlog_content.split('\n') }}" - - - name: Check for errors - debug: - msg: "[WARNING] Found errors in the log. Please review above" - when: qdrlog_content.find('ERROR (error)') != -1 - -- name: Check log for correct config of common QDR functionality - hosts: centos - tasks: - - assert: - that: - - "{{ qdrlog_content is search ('Configured Listener: ' - + ansible_default_ipv4.address + ':5666 proto=any, role=normal') }}" - name: Local listener configured - - - assert: - that: - - qdrlog_content is search('Created SSL Profile with name sslProfile') - name: default sslProfile for external connector configured diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/controller-mesh-edge-node/converge.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/controller-mesh-edge-node/converge.yml deleted file mode 100644 index 3f645cf48..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/controller-mesh-edge-node/converge.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- import_playbook: ../common/converge.yml - -- name: Converge controller-mesh edge node config - hosts: centos - tasks: - - name: Invoke tripleo_metrics_qdr for edge node - include_role: - name: "{{ playbook_dir }}/../../../tripleo_metrics_qdr" - tasks_from: create_config - vars: - tripleo_metrics_qdr_connectors: - - host: stf-default-interconnect-5671-service-telemetry.example.com - port: 443 - role: edge - sslProfile: sslProfile - verifyHostname: false - tripleo_metrics_qdr_deployment_mode: controller-mesh - controller_node_ips: 10.0.0.20,10.0.0.30 - ctlplane_ip: 10.0.0.10 - internal_api_ip: "{{ ansible_default_ipv4.address }}" - service_net_map: - compute_metrics_qdr_network: internal_api - tripleo_role_name: Compute diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/controller-mesh-edge-node/molecule.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/controller-mesh-edge-node/molecule.yml deleted file mode 100644 index c4686990d..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/controller-mesh-edge-node/molecule.yml +++ /dev/null @@ -1,66 +0,0 @@ ---- -driver: - name: podman - -log: true - -platforms: - - name: ubi - hostname: ubi - image: ubi9/ubi-init - registry: - url: registry.access.redhat.com - pkg_extras: python*setuptools - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - # Had to comment this out or I get "No URLs in mirrorlist" - #- /etc/dnf/vars:/etc/dnf/vars - - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - CONTAINER_BIN: podman - ulimits: &ulimit - - host - -provisioner: - inventory: - hosts: - all: - hosts: - ubi: - ansible_python_interpreter: /usr/bin/python3 - vars: - ansible_user: root - tripleo_metrics_qdr_conf_output_dir: /etc/qpid-dispatch/ - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-\ - /usr/share/ansible/plugins/filter}" - playbooks: - prepare: ../common/prepare.yml - - -verifier: - name: ansible - -dependency: - name: galaxy - options: - role-file: molecule/common/requirements.yml - -scenario: - name: controller-mesh-edge-node - test_sequence: - - destroy - - dependency - - create - - prepare - - converge - - check - - verify - - destroy - - cleanup diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/controller-mesh-edge-node/verify.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/controller-mesh-edge-node/verify.yml deleted file mode 100644 index 07bb24789..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/controller-mesh-edge-node/verify.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- import_playbook: ../common/verify.yml - -- name: Check log for correct config of controller-mesh edge nodes - hosts: centos - tasks: - - assert: - that: - - qdrlog_content.find('Router started in Edge mode') != -1 - name: Router started in Edge mode - - - assert: - that: - - >- - qdrlog_content is - search('Configured Connector: 10.0.0.20:5668 proto=any, role=edge') - - >- - qdrlog_content is - search('Configured Connector: 10.0.0.30:5668 proto=any, role=edge') - name: Connectors to internal mesh configured - - - assert: - that: - - >- - qdrlog_content is not - search('stf-default-interconnect-5671-service-telemetry.example.com') - name: External connector correctly supressed for mesh edge nodes diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/controller-mesh-interior-node/converge.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/controller-mesh-interior-node/converge.yml deleted file mode 100644 index 8ac53d3e0..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/controller-mesh-interior-node/converge.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- import_playbook: ../common/converge.yml - -- name: Converge controller-mesh interior node config - hosts: centos - tasks: - - name: Invoke tripleo_metrics_qdr for interior node - include_role: - name: "{{ playbook_dir }}/../../../tripleo_metrics_qdr" - tasks_from: create_config - vars: - tripleo_metrics_qdr_connectors: - - host: stf-default-interconnect-5671-service-telemetry.example.com - port: 443 - role: edge - sslProfile: sslProfile - verifyHostname: false - tripleo_metrics_qdr_deployment_mode: controller-mesh - controller_node_ips: "10.0.0.20,10.0.0.30,10.0.0.40,\ - {{ ansible_default_ipv4.address }}" - ctlplane_ip: "{{ ansible_default_ipv4.address }}" - internal_api_ip: "{{ ansible_default_ipv4.address }}" - service_net_map: - controller_metrics_qdr_network: internal_api - tripleo_role_name: Controller diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/controller-mesh-interior-node/molecule.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/controller-mesh-interior-node/molecule.yml deleted file mode 100644 index 9e54a227b..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/controller-mesh-interior-node/molecule.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -driver: - name: podman - -log: true - -platforms: - - name: ubi - hostname: ubi - image: ubi9/ubi-init - registry: - url: registry.access.redhat.com - pkg_extras: python*setuptools - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - # Had to comment this out or I get "No URLs in mirrorlist" - #- /etc/dnf/vars:/etc/dnf/vars - - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - CONTAINER_BIN: podman - ulimits: &ulimit - - host - -provisioner: - inventory: - hosts: - all: - hosts: - ubi: - ansible_python_interpreter: /usr/bin/python3 - vars: - ansible_user: root - tripleo_metrics_qdr_conf_output_dir: /etc/qpid-dispatch/ - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-\ - /usr/share/ansible/plugins/filter}" - playbooks: - prepare: ../common/prepare.yml - - -verifier: - name: ansible - -dependency: - name: galaxy - options: - role-file: molecule/common/requirements.yml - -scenario: - name: controller-mesh-interior-node - test_sequence: - - destroy - - dependency - - create - - prepare - - converge - - check - - verify - - destroy diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/controller-mesh-interior-node/verify.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/controller-mesh-interior-node/verify.yml deleted file mode 100644 index 37ca60336..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/controller-mesh-interior-node/verify.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -- import_playbook: ../common/verify.yml - -- name: Check log for correct config of controller-mesh interior nodes - hosts: centos - tasks: - - assert: - that: - - qdrlog_content.find('Router started in Interior mode') != -1 - name: Router started in Interior mode - - - assert: - that: - - >- - qdrlog_content is search('Configured Listener:.*:5667 proto=any, - role=inter-router') - name: Mesh-to-mesh listener configured - - - assert: - that: - - >- - qdrlog_content is search('Configured Listener:.*:5668 proto=any, - role=edge') - name: Edge-to-mesh listener configured - - - assert: - that: - - >- - qdrlog_content is - search('Configured Connector: 10.0.0.20:5667 proto=any, - role=inter-router') - - >- - qdrlog_content is - search('Configured Connector: 10.0.0.30:5667 proto=any, - role=inter-router') - - >- - qdrlog_content is - search('Configured Connector: 10.0.0.40:5667 proto=any, - role=inter-router') - name: Connectors to other mesh nodes configured - - - assert: - that: - - >- - qdrlog_content is - search('Configured Connector: - stf-default-interconnect-5671-service-telemetry.example.com:443 - .* role=edge') - name: Connector to STF configured diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/default/converge.yml deleted file mode 100644 index f810aadf7..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/default/converge.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- import_playbook: ../common/converge.yml - -- name: Converge edge-only config - hosts: centos - tasks: - - name: Invoke tripleo_metrics_qdr for edge-only - include_role: - name: "{{ playbook_dir }}/../../../tripleo_metrics_qdr" - tasks_from: create_config - vars: - tripleo_metrics_qdr_connectors: - - host: stf-default-interconnect-5671-service-telemetry.example.com - port: 443 - role: edge - sslProfile: sslProfile - verifyHostname: false - controller_node_ips: 10.0.0.20,10.0.0.30,10.0.0.40 - ctlplane_ip: 10.0.0.10 - internal_api_ip: "{{ ansible_default_ipv4.address }}" - service_net_map: - standalone_metrics_qdr_network: internal_api - tripleo_role_name: Standalone diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/default/molecule.yml deleted file mode 100644 index 2a4f5529b..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/default/molecule.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -driver: - name: podman - -log: true - -platforms: - - name: ubi - hostname: ubi - image: ubi9/ubi-init - registry: - url: registry.access.redhat.com - pkg_extras: python*setuptools - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - # Had to comment this out or I get "No URLs in mirrorlist" - #- /etc/dnf/vars:/etc/dnf/vars - - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - CONTAINER_BIN: podman - ulimits: &ulimit - - host - -provisioner: - inventory: - hosts: - all: - hosts: - ubi: - ansible_python_interpreter: /usr/bin/python3 - vars: - ansible_user: root - tripleo_metrics_qdr_conf_output_dir: /etc/qpid-dispatch/ - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-\ - /usr/share/ansible/plugins/filter}" - playbooks: - prepare: ../common/prepare.yml - - -verifier: - name: ansible - -dependency: - name: galaxy - options: - role-file: molecule/common/requirements.yml - -scenario: - name: default - test_sequence: - - destroy - - dependency - - create - - prepare - - converge - - check - - verify - - destroy diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/default/verify.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/default/verify.yml deleted file mode 100644 index 5692c9d0b..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/default/verify.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- import_playbook: ../common/verify.yml - - -- name: Check log for correct config - hosts: centos - tasks: - - assert: - that: - - qdrlog_content.find('Router started in Edge mode') != -1 - name: Router started in Edge mode - - - assert: - that: - - >- - qdrlog_content is - search('Configured Connector: - stf-default-interconnect-5671-service-telemetry.example.com:443 - proto=any, role=edge, sslProfile=sslProfile') - name: Connector to STF configured diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/internal-tls/converge.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/internal-tls/converge.yml deleted file mode 100644 index dd1a7fd6f..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/internal-tls/converge.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- import_playbook: ../common/converge.yml - -- name: Converge edge-only config - hosts: centos - tasks: - - name: Invoke tripleo_metrics_qdr for internal-tls interior node - include_role: - name: "{{ playbook_dir }}/../../../tripleo_metrics_qdr" - tasks_from: create_config - vars: - tripleo_metrics_qdr_conf_output_dir: /etc/qpid-dispatch/ - tripleo_metrics_qdr_connectors: - - host: stf-default-interconnect-5671-service-telemetry.example.com - port: 443 - role: edge - sslProfile: sslProfile - verifyHostname: false - tripleo_metrics_qdr_deployment_mode: controller-mesh - controller_node_ips: "10.0.0.20,10.0.0.30,10.0.0.40,\ - {{ ansible_default_ipv4.address }}" - ctlplane_ip: "{{ ansible_default_ipv4.address }}" - internal_api_ip: "{{ ansible_default_ipv4.address }}" - service_net_map: - controller_metrics_qdr_network: internal_api - tripleo_role_name: Controller - tripleo_enable_internal_tls: true diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/internal-tls/molecule.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/internal-tls/molecule.yml deleted file mode 100644 index 3218840f4..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/internal-tls/molecule.yml +++ /dev/null @@ -1,66 +0,0 @@ ---- -driver: - name: podman - -log: true - -platforms: - - name: ubi - hostname: ubi - image: ubi9/ubi-init - registry: - url: registry.access.redhat.com - pkg_extras: python*setuptools - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - - /etc/dnf/vars:/etc/dnf/vars - # Had to comment this out to fix a problem installing rdo-release-victoria - # see common/prepare.yml - # - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - CONTAINER_BIN: podman - ulimits: &ulimit - - host - -provisioner: - inventory: - hosts: - all: - hosts: - ubi: - ansible_python_interpreter: /usr/bin/python3 - vars: - ansible_user: root - tripleo_metrics_qdr_conf_output_dir: /etc/qpid-dispatch/ - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-\ - /usr/share/ansible/plugins/filter}" - playbooks: - prepare: ../common/prepare.yml - - -verifier: - name: ansible - -dependency: - name: galaxy - options: - role-file: molecule/common/requirements.yml - -scenario: - name: internal-tls - test_sequence: - - destroy - - dependency - - create - - prepare - - converge - - check - - verify - - destroy diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/internal-tls/verify.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/internal-tls/verify.yml deleted file mode 100644 index 08043fa0d..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/molecule/internal-tls/verify.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- import_playbook: ../common/verify.yml - - -- name: Check log for correct config - hosts: centos - tasks: - - assert: - that: - - qdrlog_content is search('Created SSL Profile with name tlsProfile') - name: tlsProfile configured - - - assert: - that: - - >- - qdrlog_content is search('Configured Listener:.*:5667 proto=any, - role=inter-router, sslProfile=tlsProfile') - name: Mesh-to-mesh listener configured with tls - - - assert: - that: - - >- - qdrlog_content is search('Configured Listener:.*:5668 proto=any, - role=edge, sslProfile=tlsProfile') - name: Edge-to-mesh listener configured with tls - - - assert: - that: - - >- - qdrlog_content is - search('Configured Connector: 10.0.0.20:5667 proto=any, - role=inter-router, sslProfile=tlsProfile') - - >- - qdrlog_content is - search('Configured Connector: 10.0.0.30:5667 proto=any, - role=inter-router, sslProfile=tlsProfile') - - >- - qdrlog_content is - search('Configured Connector: 10.0.0.40:5667 proto=any, - role=inter-router, sslProfile=tlsProfile') - name: Connectors to other mesh nodes configured with tls diff --git a/tripleo_ansible/roles/tripleo_metrics_qdr/tasks/create_config.yml b/tripleo_ansible/roles/tripleo_metrics_qdr/tasks/create_config.yml deleted file mode 100644 index df747af21..000000000 --- a/tripleo_ansible/roles/tripleo_metrics_qdr/tasks/create_config.yml +++ /dev/null @@ -1,155 +0,0 @@ ---- -# These tasks handle tripleo-driven additions to the qdr config: -# -# 1) Mesh mode - Controllers form a QDR mesh which connects to the external -# endpoint, all other nodes connect to the mesh -# 2) TLS Everywhere - Enabling SSL for mesh-to-mesh and edge-to-mesh connections - -- name: Set mutable and derivative vars - run_once: true - set_fact: - # Mutable connectors so we can supress it on edge nodes if in mesh mode - connectors: "{{ tripleo_metrics_qdr_connectors }}" - qdr_listener_addr: "{{ - lookup('vars', (service_net_map[(tripleo_role_name + 'MetricsQdrNetwork') | snake_case] + '_ip') ) - }}" - # RFE? Should be in QdrVars, right now there is no good way to alter it - qdr_log_enable: 'info+' - -- name: Augment tripleo_metrics_qdr_extra_ssl_profiles if EnableInternalTLS - when: tripleo_enable_internal_tls - run_once: true - set_fact: - tripleo_metrics_qdr_extra_ssl_profiles: "{{ tripleo_metrics_qdr_extra_ssl_profiles | union( - [{ 'name': 'tlsProfile', - 'certFile': tripleo_metrics_qdr_listener_ssl_cert_file, - 'keyFile': tripleo_metrics_qdr_listener_ssl_key_file, - 'caCertFile': tripleo_internal_tlscafile - }]) }}" - tripleo_metrics_qdr_ssl_profile_base_mesh: - sslProfile: tlsProfile - -- name: Configure the mesh mode settings if requested - when: tripleo_metrics_qdr_deployment_mode == 'controller-mesh' - block: - - - name: Set the list of interior mesh nodes - run_once: true - set_fact: - # Form mesh on controller nodes - RFE? Make placement configurable - interior_nodes_list: "{{ controller_node_ips.split(',') }}" - - # TODO(BZ1816046): metrics should have it's own network, not use ctlplane - - name: Set interior IP for mesh mode connections to use ctlplane - set_fact: - interior_ip: "{{ ctlplane_ip }}" - - - name: Define connectors for edge->interior, replacing existing connectors - when: not (interior_ip in interior_nodes_list) - block: - - name: Remove existing connector - set_fact: - connectors: [] - - - name: Create connectors to two random interior nodes - loop: "{{ (interior_nodes_list | - shuffle(seed=inventory_hostname))[0:2] }}" - set_fact: - # *CS TODO: Add the SSL support to mesh mode like node_base from - # the puppet (internal_tls), see https://git.io/Jt8oP - connectors: "{{ connectors | union( - [ tripleo_metrics_qdr_ssl_profile_base_mesh | combine( - { 'host': item, - 'port': '5668', - 'role': 'edge', - 'verifyHostname': 'no', - 'saslMechanisms': 'ANONYMOUS' - }) - ]) - }}" - - - name: Configure interior mesh node - when: interior_ip in interior_nodes_list - block: - - name: Set additional listeners, connectors, mode - set_fact: - tripleo_metrics_qdr_router_mode: interior - - # Set list of OTHER interior nodes with which to form mesh - # connections (ones with a lower ordinal position than us) - mesh_connection_nodes_list: "{{ - interior_nodes_list[0:interior_nodes_list.index(interior_ip)] }}" - - # *CS TODO: Add the SSL support to mesh mode like node_base from - # the puppet (internal_tls), see https://git.io/Jt8oP - # Add extra listener for edge -> interior - tripleo_metrics_qdr_extra_listeners: "{{ tripleo_metrics_qdr_extra_listeners | union( - [ tripleo_metrics_qdr_ssl_profile_base_mesh | combine( - { 'host': interior_ip, - 'port': '5668', - 'role': 'edge', - 'authenticatePeer': 'no', - 'saslMechanisms': 'ANONYMOUS' - }) - ]) - }}" - - - name: Add extra listener for mesh connections - set_fact: - # *CS TODO: Add the SSL support to mesh mode like node_base from - # the puppet (internal_tls), see https://git.io/Jt8oP - tripleo_metrics_qdr_extra_listeners: "{{ tripleo_metrics_qdr_extra_listeners | union( - [ tripleo_metrics_qdr_ssl_profile_base_mesh | combine( - { 'host': interior_ip, - 'port': '5667', - 'role': 'inter-router', - 'authenticatePeer': 'no', - 'saslMechanisms': 'ANONYMOUS' - }) - ]) - }}" - - - name: Add mesh connections - loop: "{{ mesh_connection_nodes_list }}" - set_fact: - # *CS TODO: Add the SSL support to mesh mode like node_base from - # the puppet (internal_tls), see https://git.io/Jt8oP - connectors: "{{ connectors | union( - [ tripleo_metrics_qdr_ssl_profile_base_mesh | combine( - { 'host': item, - 'port': '5667', - 'role': 'inter-router', - 'verifyHostname': 'no', - 'saslMechanisms': 'ANONYMOUS' - }) - ]) - }}" -# End of mesh-mode block - -- name: "Include QDR config role" - include_role: - name: qdr_config - vars: - qdr_addresses: "{{ tripleo_metrics_qdr_addresses }}" - qdr_autolink_addresses: "{{ tripleo_metrics_qdr_autolink_addresses }}" - qdr_conf_output_dir: "{{ tripleo_metrics_qdr_conf_output_dir }}" - qdr_connectors: "{{ connectors }}" - qdr_deployment_mode: "{{ tripleo_metrics_qdr_deployment_mode }}" - qdr_extra_listeners: "{{ tripleo_metrics_qdr_extra_listeners }}" - qdr_extra_ssl_profiles: "{{ tripleo_metrics_qdr_extra_ssl_profiles }}" - qdr_listener_auth_peer: "{{ tripleo_metrics_qdr_listener_auth_peer }}" - qdr_listener_port: "{{ tripleo_metrics_qdr_listener_port }}" - qdr_listener_require_ssl: "{{ tripleo_metrics_qdr_listener_require_ssl }}" - qdr_listener_sasl_mech: "{{ tripleo_metrics_qdr_listener_sasl_mech }}" - qdr_listener_ssl_cert_file: "{{ tripleo_metrics_qdr_listener_ssl_cert_file }}" - qdr_listener_ssl_cert_db: "{{ tripleo_metrics_qdr_listener_ssl_cert_db }}" - qdr_listener_ssl_key_file: "{{ tripleo_metrics_qdr_listener_ssl_key_file }}" - qdr_listener_ssl_password: "{{ tripleo_metrics_qdr_listener_ssl_password }}" - qdr_listener_ssl_pw_file: "{{ tripleo_metrics_qdr_listener_ssl_pw_file }}" - qdr_listener_trusted_certs: "{{ tripleo_metrics_qdr_listener_trusted_certs }}" - qdr_listener_use_encryption: "{{ tripleo_metrics_qdr_listener_use_encryption }}" - qdr_log_output: "{{ tripleo_metrics_qdr_log_output }}" - qdr_password: "{{ tripleo_metrics_qdr_password }}" - qdr_router_mode: "{{ tripleo_metrics_qdr_router_mode }}" - qdr_ssl_profiles: "{{ tripleo_metrics_qdr_ssl_profiles }}" - qdr_username: "{{ tripleo_metrics_qdr_username }}" diff --git a/tripleo_ansible/roles/tripleo_module_load/defaults/main.yml b/tripleo_ansible/roles/tripleo_module_load/defaults/main.yml deleted file mode 100644 index 1510430b3..000000000 --- a/tripleo_ansible/roles/tripleo_module_load/defaults/main.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# Load specific kernel modules using a list of hashes. This variable also -# takes the keyword "params" and "state". Params is assumed to be `null` and -# state is assumed to be "present"; tate can be either "present" or "absent". -# -# modules: -# - name: foo -# params: 'bar baz' -# - name: starwars -# - name: starwars -# state: absent -# -# NOTE(cloudnull): This role used to use a non-namespaced option, which has a high -# probability of creating conflicts with other roles in the greater -# ansible ecosystem. To ensure that we're able to retain existing -# variable functionality the "modules" option will supersede -# "tripleo_modules" if defined. This default should be removed -# just as soon as we're validate that the non-namespaced option -# is no longer in use. -tripleo_modules: "{{ modules | default([]) }}" diff --git a/tripleo_ansible/roles/tripleo_module_load/meta/main.yml b/tripleo_ansible/roles/tripleo_module_load/meta/main.yml deleted file mode 100644 index d5ae2eadc..000000000 --- a/tripleo_ansible/roles/tripleo_module_load/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_module_load - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_module_load/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_module_load/molecule/default/converge.yml deleted file mode 100644 index e46390b64..000000000 --- a/tripleo_ansible/roles/tripleo_module_load/molecule/default/converge.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_module_load" - tripleo_modules: - - name: dummy diff --git a/tripleo_ansible/roles/tripleo_module_load/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_module_load/molecule/default/molecule.yml deleted file mode 100644 index 2b39cf66d..000000000 --- a/tripleo_ansible/roles/tripleo_module_load/molecule/default/molecule.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - -scenario: - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_module_load/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_module_load/molecule/default/prepare.yml deleted file mode 100644 index 2ab9a4393..000000000 --- a/tripleo_ansible/roles/tripleo_module_load/molecule/default/prepare.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - kmod - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_module_load/molecule/legacy_vars/converge.yml b/tripleo_ansible/roles/tripleo_module_load/molecule/legacy_vars/converge.yml deleted file mode 100644 index 389a3c593..000000000 --- a/tripleo_ansible/roles/tripleo_module_load/molecule/legacy_vars/converge.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_module_load" - modules: - - name: dummy diff --git a/tripleo_ansible/roles/tripleo_module_load/molecule/legacy_vars/molecule.yml b/tripleo_ansible/roles/tripleo_module_load/molecule/legacy_vars/molecule.yml deleted file mode 100644 index 2b39cf66d..000000000 --- a/tripleo_ansible/roles/tripleo_module_load/molecule/legacy_vars/molecule.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - -scenario: - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_module_load/molecule/legacy_vars/prepare.yml b/tripleo_ansible/roles/tripleo_module_load/molecule/legacy_vars/prepare.yml deleted file mode 100644 index 2ab9a4393..000000000 --- a/tripleo_ansible/roles/tripleo_module_load/molecule/legacy_vars/prepare.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - kmod - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_module_load/molecule/remove_module/converge.yml b/tripleo_ansible/roles/tripleo_module_load/molecule/remove_module/converge.yml deleted file mode 100644 index fbf53e71a..000000000 --- a/tripleo_ansible/roles/tripleo_module_load/molecule/remove_module/converge.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_module_load" - tripleo_modules: - - name: dummy - - role: "tripleo_module_load" - tripleo_modules: - - name: dummy - state: absent diff --git a/tripleo_ansible/roles/tripleo_module_load/molecule/remove_module/molecule.yml b/tripleo_ansible/roles/tripleo_module_load/molecule/remove_module/molecule.yml deleted file mode 100644 index 00c3ba8b9..000000000 --- a/tripleo_ansible/roles/tripleo_module_load/molecule/remove_module/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - -scenario: - name: remove_module - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_module_load/molecule/remove_module/prepare.yml b/tripleo_ansible/roles/tripleo_module_load/molecule/remove_module/prepare.yml deleted file mode 100644 index 2ab9a4393..000000000 --- a/tripleo_ansible/roles/tripleo_module_load/molecule/remove_module/prepare.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - kmod - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_module_load/tasks/main.yml b/tripleo_ansible/roles/tripleo_module_load/tasks/main.yml deleted file mode 100644 index 7d08dfa13..000000000 --- a/tripleo_ansible/roles/tripleo_module_load/tasks/main.yml +++ /dev/null @@ -1,76 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_module_load" will search for and load any operating system variable file - -- name: Kernel module block - become: true - block: - - name: Ensure /etc/modules-load.d exists - file: - path: /etc/modules-load.d - state: directory - setype: etc_t - selevel: s0 - - - name: "Load modules" - modprobe: - name: "{{ item.name }}" - params: "{{ item.params | default(omit) }}" - state: "{{ item.state | default('present') }}" - loop: "{{ tripleo_modules }}" - loop_control: - label: "{{ item.name }}" - - - name: "Persist modules via modules-load.d" - template: - dest: "/etc/modules-load.d/{{ item.name }}.conf" - src: module-load.conf.j2 - loop: "{{ tripleo_modules }}" - loop_control: - label: "{{ item.name }}" - register: _tripleo_modules_add - when: - - (item.state | default('present')) == 'present' - - - name: "Drop module persistence" - file: - path: "/etc/modules-load.d/{{ item.name }}.conf" - state: absent - loop: "{{ tripleo_modules }}" - loop_control: - label: "{{ item.name }}" - register: _tripleo_modules_remove - when: - - (item.state | default('present')) == 'absent' - - - name: "Set modules persistence via /etc/modules" - lineinfile: - dest: /etc/modules - line: "{{ item.name }} {{ item.params | default('') }}" - state: "{{ item.state | default('present') }}" - create: true - loop: "{{ tripleo_modules }}" - loop_control: - label: "{{ item.name }}" - - - name: Modules reload - systemd: - name: systemd-modules-load.service - state: restarted - when: - - _tripleo_modules_add.changed or _tripleo_modules_remove.changed diff --git a/tripleo_ansible/roles/tripleo_module_load/templates/module-load.conf.j2 b/tripleo_ansible/roles/tripleo_module_load/templates/module-load.conf.j2 deleted file mode 100644 index 21808b95f..000000000 --- a/tripleo_ansible/roles/tripleo_module_load/templates/module-load.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -# {{ ansible_managed }} -{{ item.name }} {{ item.params |default('') }} diff --git a/tripleo_ansible/roles/tripleo_multipathd/defaults/main.yml b/tripleo_ansible/roles/tripleo_multipathd/defaults/main.yml deleted file mode 100644 index 5bb2a0a50..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/defaults/main.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -tripleo_container_cli: "{{ container_cli | default('podman') }}" - -tripleo_multipathd_custom_config_file: '' -tripleo_multipathd_enable: true -tripleo_multipathd_find_multipaths: true -tripleo_multipathd_skip_kpartx: true -tripleo_multipathd_user_friendly_names: false -tripleo_boot_from_multipath_device: false diff --git a/tripleo_ansible/roles/tripleo_multipathd/files/multipath.conf b/tripleo_ansible/roles/tripleo_multipathd/files/multipath.conf deleted file mode 100644 index 55ad657da..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/files/multipath.conf +++ /dev/null @@ -1,93 +0,0 @@ -# This is a basic configuration file with some examples, for device mapper -# multipath. -# -# For a complete list of the default configuration values, run either -# multipath -t -# or -# multipathd show config -# -# For a list of configuration options with descriptions, see the multipath.conf -# man page - -## By default, devices with vendor = "IBM" and product = "S/390.*" are -## blacklisted. To enable mulitpathing on these devies, uncomment the -## following lines. -#blacklist_exceptions { -# device { -# vendor "IBM" -# product "S/390.*" -# } -#} - -## Use user friendly names, instead of using WWIDs as names. -defaults { - user_friendly_names yes - find_multipaths yes -} -## -## Here is an example of how to configure some standard options. -## -# -#defaults { -# udev_dir /dev -# polling_interval 10 -# selector "round-robin 0" -# path_grouping_policy multibus -# prio alua -# path_checker readsector0 -# rr_min_io 100 -# max_fds 8192 -# rr_weight priorities -# failback immediate -# no_path_retry fail -# user_friendly_names yes -#} -## -## The wwid line in the following blacklist section is shown as an example -## of how to blacklist devices by wwid. The 2 devnode lines are the -## compiled in default blacklist. If you want to blacklist entire types -## of devices, such as all scsi devices, you should use a devnode line. -## However, if you want to blacklist specific devices, you should use -## a wwid line. Since there is no guarantee that a specific device will -## not change names on reboot (from /dev/sda to /dev/sdb for example) -## devnode lines are not recommended for blacklisting specific devices. -## -#blacklist { -# wwid 26353900f02796769 -# devnode "^(ram|raw|loop|fd|md|dm-|sr|scd|st)[0-9]*" -# devnode "^hd[a-z]" -#} -#multipaths { -# multipath { -# wwid 3600508b4000156d700012000000b0000 -# alias yellow -# path_grouping_policy multibus -# path_checker readsector0 -# path_selector "round-robin 0" -# failback manual -# rr_weight priorities -# no_path_retry 5 -# } -# multipath { -# wwid 1DEC_____321816758474 -# alias red -# } -#} -#devices { -# device { -# vendor "COMPAQ " -# product "HSV110 (C)COMPAQ" -# path_grouping_policy multibus -# path_checker readsector0 -# path_selector "round-robin 0" -# hardware_handler "0" -# failback 15 -# rr_weight priorities -# no_path_retry queue -# } -# device { -# vendor "COMPAQ " -# product "MSA1000 " -# path_grouping_policy multibus -# } -#} diff --git a/tripleo_ansible/roles/tripleo_multipathd/meta/main.yml b/tripleo_ansible/roles/tripleo_multipathd/meta/main.yml deleted file mode 100644 index 73b51a1ea..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/meta/main.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_multipathd - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: Fedora - versions: - - 28 - - name: CentOS - versions: - - 7 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_multipathd/molecule/custom_config/converge.yml b/tripleo_ansible/roles/tripleo_multipathd/molecule/custom_config/converge.yml deleted file mode 100644 index 4bdcdb60e..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/molecule/custom_config/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Run the default converge playbook - import_playbook: ../default/converge.yml - vars: - tripleo_multipathd_custom_config_file: ../custom_config/custom_multipath.conf diff --git a/tripleo_ansible/roles/tripleo_multipathd/molecule/custom_config/custom_multipath.conf b/tripleo_ansible/roles/tripleo_multipathd/molecule/custom_config/custom_multipath.conf deleted file mode 100644 index ffc8cbd4f..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/molecule/custom_config/custom_multipath.conf +++ /dev/null @@ -1,9 +0,0 @@ -# This represents a custom configuration file the user wishes to deploy. - -defaults { - user_friendly_names yes - find_multipaths yes - # Use custom_variable as a marker to ensure this custom config file - # gets deployed. - custom_variable custom_value -} diff --git a/tripleo_ansible/roles/tripleo_multipathd/molecule/custom_config/molecule.yml b/tripleo_ansible/roles/tripleo_multipathd/molecule/custom_config/molecule.yml deleted file mode 100644 index 3f36bd94f..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/molecule/custom_config/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: ansible diff --git a/tripleo_ansible/roles/tripleo_multipathd/molecule/custom_config/prepare.yml b/tripleo_ansible/roles/tripleo_multipathd/molecule/custom_config/prepare.yml deleted file mode 100644 index cc993e5f4..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/molecule/custom_config/prepare.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Run the default prepare playbook - import_playbook: ../default/prepare.yml diff --git a/tripleo_ansible/roles/tripleo_multipathd/molecule/custom_config/verify.yml b/tripleo_ansible/roles/tripleo_multipathd/molecule/custom_config/verify.yml deleted file mode 100644 index d70acddf8..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/molecule/custom_config/verify.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Run the default verify playbook - import_playbook: ../default/verify.yml - -- name: Verify (custom) - hosts: all - gather_facts: false - tasks: - - name: Verify the custom setting is present - command: grep 'custom_variable custom_value' /etc/multipath.conf - changed_when: false diff --git a/tripleo_ansible/roles/tripleo_multipathd/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_multipathd/molecule/default/converge.yml deleted file mode 100644 index 455b1902d..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/molecule/default/converge.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: tripleo_multipathd - vars: - tripleo_container_cli: 'true' diff --git a/tripleo_ansible/roles/tripleo_multipathd/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_multipathd/molecule/default/molecule.yml deleted file mode 100644 index 3f36bd94f..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: ansible diff --git a/tripleo_ansible/roles/tripleo_multipathd/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_multipathd/molecule/default/prepare.yml deleted file mode 100644 index 9e6445c9f..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/molecule/default/prepare.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - vars: - test_deps_extra_packages: - - device-mapper-multipath - - python*setuptools - - libselinux-python* - - policycoreutils-python-utils - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_multipathd/molecule/default/verify.yml b/tripleo_ansible/roles/tripleo_multipathd/molecule/default/verify.yml deleted file mode 100644 index 40282d7fe..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/molecule/default/verify.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Verify - hosts: all - gather_facts: false - tasks: - - name: Check /etc/multipath.conf settings - lineinfile: - name: /etc/multipath.conf - regexp: "^\\s+{{ item.var }}" - line: " {{ item.var }} {{ item.value }}" - loop: - - {var: find_multipaths, value: 'yes'} - - {var: skip_kpartx, value: 'yes'} - - {var: user_friendly_names, value: 'no'} - loop_control: - index_var: multipath_var_index - register: multipath_result - - - name: Fail if /etc/multipath.conf settings are not correct - debug: - msg: "/etc/multipath.conf settings are not correct." - when: - - multipath_result.changed - failed_when: - - true diff --git a/tripleo_ansible/roles/tripleo_multipathd/molecule/preexisting_config/converge.yml b/tripleo_ansible/roles/tripleo_multipathd/molecule/preexisting_config/converge.yml deleted file mode 100644 index 3e55377ae..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/molecule/preexisting_config/converge.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Run the default converge playbook - import_playbook: ../default/converge.yml diff --git a/tripleo_ansible/roles/tripleo_multipathd/molecule/preexisting_config/molecule.yml b/tripleo_ansible/roles/tripleo_multipathd/molecule/preexisting_config/molecule.yml deleted file mode 100644 index 3f36bd94f..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/molecule/preexisting_config/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: ansible diff --git a/tripleo_ansible/roles/tripleo_multipathd/molecule/preexisting_config/prepare.yml b/tripleo_ansible/roles/tripleo_multipathd/molecule/preexisting_config/prepare.yml deleted file mode 100644 index 6527c8f21..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/molecule/preexisting_config/prepare.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - become: true - - pre_tasks: - - name: Precreate /etc/multipath.conf - copy: - src: ../../files/multipath.conf - dest: /etc/multipath.conf - - - name: Add a preexisting setting - lineinfile: - path: /etc/multipath.conf - insertafter: '^defaults' - line: ' preexisting_variable preexisting_value' - -- name: Run the default prepare playbook - import_playbook: ../default/prepare.yml diff --git a/tripleo_ansible/roles/tripleo_multipathd/molecule/preexisting_config/verify.yml b/tripleo_ansible/roles/tripleo_multipathd/molecule/preexisting_config/verify.yml deleted file mode 100644 index 0cf08554e..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/molecule/preexisting_config/verify.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Run the default verify playbook - import_playbook: ../default/verify.yml - -- name: Verify (preexisting) - hosts: all - gather_facts: false - tasks: - - name: Verify the preexisting setting is present - command: grep 'preexisting_variable preexisting_value' /etc/multipath.conf - changed_when: false diff --git a/tripleo_ansible/roles/tripleo_multipathd/tasks/configure.yml b/tripleo_ansible/roles/tripleo_multipathd/tasks/configure.yml deleted file mode 100644 index d43e6d346..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/tasks/configure.yml +++ /dev/null @@ -1,113 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Gather SELinux fact if needed - when: - - ansible_facts.selinux is undefined - setup: - gather_subset: - - "!all" - - "!min" - - "selinux" - -- name: Create fcontext entry for multipath locations - when: - - ansible_facts.selinux.status == "enabled" - sefcontext: - target: "/etc/multipath.conf" - setype: container_file_t - state: present - -- name: Install custom multipath.conf if one is specified - copy: - src: "{{ tripleo_multipathd_custom_config_file }}" - dest: /etc/multipath.conf - mode: 0644 - when: - - tripleo_multipathd_custom_config_file|length > 0 - -- name: Ensure /etc/multipath.conf exists - when: - - tripleo_multipathd_custom_config_file|length == 0 - block: - - name: Check for existing /etc/multipath.conf - stat: - path: /etc/multipath.conf - register: result - check_mode: false - - name: Create /etc/multipath.conf if file is missing - copy: - src: "{{ role_path }}/files/multipath.conf" - dest: /etc/multipath.conf - mode: 0644 - when: - - not result.stat.exists or result.stat.size == 0 - -- name: Set setype on /etc/multipath.conf - file: - path: /etc/multipath.conf - setype: container_file_t - -- name: Check if a blacklist section is present - shell: grep -q '^blacklist\s*{' /etc/multipath.conf - failed_when: false - changed_when: false - register: blacklist_section - -- name: Add a blacklist section if it's missing - block: - - name: Start the blacklist section - lineinfile: - path: /etc/multipath.conf - line: 'blacklist {' - - name: Terminate the blacklist section - replace: - path: /etc/multipath.conf - regexp: '^(blacklist {)' - replace: '\1\n}' - when: - - blacklist_section.rc|int == 1 - -- name: Remove global blacklist if multipathd is enabled - replace: - path: /etc/multipath.conf - regexp: '^blacklist\s*{\n[\s]+devnode \"\.\*\"' - replace: 'blacklist {' - when: - - tripleo_multipathd_enable | bool - -- name: Add global blacklist if multipathd is disabled - lineinfile: - path: /etc/multipath.conf - insertafter: '^blacklist\s*{' - regexp: '^[\s]+devnode \"\.\*\"' - line: ' devnode ".*"' - when: - - not (tripleo_multipathd_enable|bool) - -- name: Configure /etc/multipath.conf variables - lineinfile: - path: /etc/multipath.conf - insertafter: '^defaults' - firstmatch: true - regexp: "^\\s+{{ item.var }}" - line: " {{ item.var }} {{ (item.value|bool) | ternary('yes', 'no') }}" - loop: - - {var: find_multipaths, value: "{{tripleo_multipathd_find_multipaths}}"} - - {var: skip_kpartx, value: "{{tripleo_multipathd_skip_kpartx}}"} - - {var: user_friendly_names, value: "{{tripleo_multipathd_user_friendly_names}}"} - loop_control: - index_var: multipath_var_index diff --git a/tripleo_ansible/roles/tripleo_multipathd/tasks/host_prep.yml b/tripleo_ansible/roles/tripleo_multipathd/tasks/host_prep.yml deleted file mode 100644 index a7484d1fc..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/tasks/host_prep.yml +++ /dev/null @@ -1,92 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Gather SELinux fact if needed - when: - - ansible_facts.selinux is undefined - setup: - gather_subset: - - "!all" - - "!min" - - "selinux" - -- name: Create fcontext entry for multipath directory - when: - - ansible_facts.selinux.status == "enabled" - sefcontext: - target: "/etc/multipath(/.*)?" - setype: container_file_t - state: present - -- name: Check if multipathd is deployed on the host - command: systemctl is-enabled --quiet multipathd - failed_when: false - register: multipathd_enabled_result - check_mode: false - -- name: Set fact multipathd_enabled - set_fact: - multipathd_enabled: "{{ multipathd_enabled_result.rc == 0 }}" - -- name: Stop multipathd service on the host - service: - name: "{{ item }}" - state: stopped - enabled: false - when: - - multipathd_enabled|bool - ignore_errors: true - loop: - - multipathd.service - - multipathd.socket - loop_control: - index_var: multipath_service_index - -- name: Load dm-multipath - import_role: - name: tripleo_module_load - vars: - modules: - - name: dm-multipath - -- name: Prepare /etc/multipath directory - file: - path: /etc/multipath - state: directory - setype: container_file_t - -- name: Configure multipath dracut module - when: - - tripleo_boot_from_multipath_device | bool - block: - - name: Check if multipath module is already configured in dracut - lineinfile: - state: absent - path: "/etc/dracut.conf" - regexp: "add_dracutmodules.*multipath.*" - check_mode: true - changed_when: false - register: check - - name: Add multipath dracut module if it's missing and refresh dracut - when: check.found == 0 - block: - - name: Add multipath dracut module if it's missing - lineinfile: - state: present - path: "/etc/dracut.conf" - line: 'add_dracutmodules+="multipath"' - - name: Refresh dracut - shell: dracut -f diff --git a/tripleo_ansible/roles/tripleo_multipathd/tasks/main.yml b/tripleo_ansible/roles/tripleo_multipathd/tasks/main.yml deleted file mode 100644 index 64b2dded8..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/tasks/main.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Note the previous multipath configuration - stat: - path: /etc/multipath.conf - register: stat_before - check_mode: false - -- name: Configure multipath - include_tasks: configure.yml - -- name: Check the new multipath configuration - stat: - path: /etc/multipath.conf - register: stat_after - check_mode: false - -- name: Update containers when the multipath configuration changes - when: - - not stat_before.stat.exists or stat_after.stat.checksum != stat_before.stat.checksum - become: true - block: - - name: Identify containers using /etc/multipath.conf - command: "{{ tripleo_container_cli }} ps --filter volume=/etc/multipath.conf --format {{ '{{' }}.Names{{ '}}' }}" - register: multipath_conf_containers - changed_when: false - - - name: Restart containers in order to refresh their /etc/multipath.conf - include_tasks: restart.yml - loop: "{{ multipath_conf_containers.stdout_lines | default([]) }}" - loop_control: - loop_var: multipath_container diff --git a/tripleo_ansible/roles/tripleo_multipathd/tasks/restart.yml b/tripleo_ansible/roles/tripleo_multipathd/tasks/restart.yml deleted file mode 100644 index 16d06ca5f..000000000 --- a/tripleo_ansible/roles/tripleo_multipathd/tasks/restart.yml +++ /dev/null @@ -1,18 +0,0 @@ -# Most containers are managed by systemd, but some are managed by pacemaker. -- name: "Check if the {{ multipath_container }} container is managed by systemd" - systemd: - name: "tripleo_{{ multipath_container }}" - enabled: yes - failed_when: false - changed_when: false - register: systemd_service - -- name: "Restart {{ multipath_container }} using systemd" - systemd: - name: "tripleo_{{ multipath_container }}" - state: restarted - when: "'status' in systemd_service" - -- name: "Restart {{ multipath_container }} using {{ tripleo_container_cli }}" - command: "{{ tripleo_container_cli }} restart {{ multipath_container }}" - when: "'status' not in systemd_service" diff --git a/tripleo_ansible/roles/tripleo_mysql_client/defaults/main.yml b/tripleo_ansible/roles/tripleo_mysql_client/defaults/main.yml deleted file mode 100644 index da94422af..000000000 --- a/tripleo_ansible/roles/tripleo_mysql_client/defaults/main.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_mysql_client" -tripleo_mysql_client_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" - -tripleo_mysql_client_hide_sensitive_logs: true - -tripleo_mysql_client_read_default_file: /etc/my.cnf.d/tripleo.cnf -tripleo_mysql_client_read_default_group: tripleo -tripleo_mysql_client_bind_address: "" -tripleo_mysql_client_enable_ssl: false -tripleo_mysql_client_ssl_ca: "/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt" diff --git a/tripleo_ansible/roles/tripleo_mysql_client/meta/main.yml b/tripleo_ansible/roles/tripleo_mysql_client/meta/main.yml deleted file mode 100644 index 61f16ac79..000000000 --- a/tripleo_ansible/roles/tripleo_mysql_client/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: TripleO OpenStack Role -- tripleo_mysql_client - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - namespace: openstack - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 8 - - 9 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_mysql_client/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_mysql_client/molecule/default/converge.yml deleted file mode 100644 index a8f695d47..000000000 --- a/tripleo_ansible/roles/tripleo_mysql_client/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_mysql_client" diff --git a/tripleo_ansible/roles/tripleo_mysql_client/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_mysql_client/molecule/default/molecule.yml deleted file mode 100644 index 20d7e2005..000000000 --- a/tripleo_ansible/roles/tripleo_mysql_client/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_mysql_client/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_mysql_client/molecule/default/prepare.yml deleted file mode 100644 index ec16f729a..000000000 --- a/tripleo_ansible/roles/tripleo_mysql_client/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_mysql_client/tasks/configure.yml b/tripleo_ansible/roles/tripleo_mysql_client/tasks/configure.yml deleted file mode 100644 index 9d17a9f68..000000000 --- a/tripleo_ansible/roles/tripleo_mysql_client/tasks/configure.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Create /etc/my.cnf.d - become: true - file: - state: directory - path: /etc/my.cnf.d - -- name: Render {{ tripleo_mysql_client_read_default_file }} - become: true - template: - src: tripleo.cnf.j2 - dest: "{{ tripleo_mysql_client_read_default_file }}" diff --git a/tripleo_ansible/roles/tripleo_mysql_client/tasks/main.yml b/tripleo_ansible/roles/tripleo_mysql_client/tasks/main.yml deleted file mode 100644 index d12225c87..000000000 --- a/tripleo_ansible/roles/tripleo_mysql_client/tasks/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Configure MySQL client - import_tasks: configure.yml diff --git a/tripleo_ansible/roles/tripleo_mysql_client/templates/tripleo.cnf.j2 b/tripleo_ansible/roles/tripleo_mysql_client/templates/tripleo.cnf.j2 deleted file mode 100644 index 3f138668e..000000000 --- a/tripleo_ansible/roles/tripleo_mysql_client/templates/tripleo.cnf.j2 +++ /dev/null @@ -1,11 +0,0 @@ -[{{ tripleo_mysql_client_read_default_group }}] -{% if (tripleo_mysql_client_bind_address | ansible.netcommon.ipaddr) %} -bind_address={{ tripleo_mysql_client_bind_address }}] -{% endif %} -{% if tripleo_mysql_client_enable_ssl %} -ssl=1 -ssl-ca={{ tripleo_mysql_client_ssl_ca }} -[client] -ssl=1 -ssl-ca={{ tripleo_mysql_client_ssl_ca }} -{% endif %} diff --git a/tripleo_ansible/roles/tripleo_network_config/defaults/main.yml b/tripleo_ansible/roles/tripleo_network_config/defaults/main.yml deleted file mode 100644 index cb4f388ad..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/defaults/main.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_network_config" -tripleo_network_config_update: False -tripleo_network_config_async_poll: 3 -tripleo_network_config_async_timeout: 300 -tripleo_network_config_bridge_name: br-ex -tripleo_network_config_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_network_config_hide_sensitive_logs: true -tripleo_network_config_interface_name: nic1 -tripleo_network_config_manage_service: true -tripleo_network_config_nmstate: false -tripleo_network_config_os_net_config_mappings: {} -tripleo_network_config_safe_defaults: true -tripleo_network_config_with_ansible: true -tripleo_network_config_template: templates/single_nic_vlans/single_nic_vlans.j2 -tripleo_network_config_override: {} diff --git a/tripleo_ansible/roles/tripleo_network_config/meta/main.yml b/tripleo_ansible/roles/tripleo_network_config/meta/main.yml deleted file mode 100644 index 374fae7dd..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_network_config - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_network_config/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_network_config/molecule/default/converge.yml deleted file mode 100644 index 786f79bf4..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/molecule/default/converge.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - tripleo_network_config_template: templates/standalone.j2 - tripleo_network_config_manage_service: false - tripleo_network_config_hide_sensitive_logs: false - ctlplane_mtu: 1500 - ctlplane_ip: 203.0.113.1 - ctlplane_subnet_cidr: 24 - ctlplane_host_routes: [] - ctlplane_dns_nameservers: [] - dns_search_domains: [] - neutron_public_interface_name: dummy0 - net_vip_map: - ctlplane: 203.0.113.3 - ctlplane_subnet: 203.0.113.0/24 - ctlplane_uri: 203.0.113.3 - vip_port_map: - external: - ip_address: 203.0.113.1 - ip_address_uri: 203.0.113.1 - ip_subnet: 203.0.113.0/24 - roles: - - role: "tripleo_network_config" diff --git a/tripleo_ansible/roles/tripleo_network_config/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_network_config/molecule/default/molecule.yml deleted file mode 100644 index 650e29844..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/molecule/default/molecule.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -platforms: - - name: instance - pkg_extras: libselinux-python* policycoreutils-python-utils - -provisioner: - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - -scenario: - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_network_config/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_network_config/molecule/default/prepare.yml deleted file mode 100644 index 48b522c2b..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/molecule/default/prepare.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_setup_tripleo: true - - role: env_data - - tasks: - - name: Ensure legacy scripts installed - become: true - package: - name: network-scripts - state: present - when: - - ansible_facts['distribution_major_version'] is version('8', '==') - - name: Create a dummy network interface - become: true - command: "ip link add dummy0 type dummy" diff --git a/tripleo_ansible/roles/tripleo_network_config/tasks/main.yml b/tripleo_ansible/roles/tripleo_network_config/tasks/main.yml deleted file mode 100644 index ed438d9cb..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/tasks/main.yml +++ /dev/null @@ -1,147 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Gather SELinux fact if needed - when: - - ansible_facts.selinux is undefined - setup: - gather_subset: - - "!all" - - "!min" - - "selinux" - -- name: Create fcontext entry for tripleoconfig - become: true - when: - - ansible_facts.selinux.status == "enabled" - sefcontext: - target: "/var/lib/tripleo-config(/.*)?" - setype: container_file_t - selevel: s0 - state: present - -- name: Ensure requirements are satisfied - include_role: - name: tripleo_bootstrap - tasks_from: packages.yml - -- name: Ensure /var/lib/tripleo-config directory exists - become: true - file: - path: /var/lib/tripleo-config - state: directory - setype: container_file_t - selevel: s0 - -- name: Check for previous run of NetworkConfig - become: true - stat: - path: /var/lib/tripleo-config/os-net-config.returncode - register: os_net_config_returncode_stat - -- name: Check result of previous run of NetworkConfig - become: true - slurp: - path: /var/lib/tripleo-config/os-net-config.returncode - when: os_net_config_returncode_stat.stat.exists - register: os_net_config_returncode_slurp - -- name: Ensure we get cloud-init - stat: - path: /etc/cloud/cloud.cfg.d - register: cloud_init_exists - -- name: NetworkConfig - become: true - block: - - name: Create /etc/os-net-config directory - become: true - file: - path: /etc/os-net-config - state: directory - recurse: true - - - name: Create os-net-config mappings from lookup data - tripleo_os_net_config_mappings: - net_config_data_lookup: - "{{ tripleo_network_config_os_net_config_mappings }}" - when: not ansible_check_mode|bool - register: os_net_config_mappings_result - - - name: Write os-net-config mappings file /etc/os-net-config/mapping.yaml - copy: - content: "{{ os_net_config_mappings_result.mapping | to_nice_yaml }}" - dest: /etc/os-net-config/mapping.yaml - mode: 0644 - when: os_net_config_mappings_result.changed|bool - - - name: Manage NetworkConfig with tripleo_os_net_config module - block: - - name: Remove /var/lib/tripleo-config/scripts directory - file: - path: /var/lib/tripleo-config/scripts - state: absent - - - name: Run NetworkConfig with tripleo_os_net_config - include_tasks: os_net_config.yml - - - name: Write rc of NetworkConfig script - copy: - content: "{{ NetworkConfig_result.rc }}" - dest: /var/lib/tripleo-config/os-net-config.returncode - when: - - NetworkConfig_result.rc is defined - - # LP Bug: https://bugs.launchpad.net/tripleo/+bug/1958332 - - name: Disable cloud-init network config - copy: - content: | - network: - config: disabled - dest: /etc/cloud/cloud.cfg.d/99-tripleo-disable-network-config.cfg - when: - - NetworkConfig_result.rc is defined - - NetworkConfig_result.rc == 0 - - cloud_init_exists.stat.exists - - cloud_init_exists.stat.isdir - - # os-net-config currently relies on the legacy network - # so we need to ensure it's enabled on boot. This should - # be removed when we switch to NetworkManager or replaced - # with something that ensures NetworkManager is enabled. - - name: Ensure network service is enabled - systemd: - name: network - enabled: true - when: - - tripleo_network_config_manage_service - - not tripleo_network_config_nmstate|bool - - not ansible_check_mode|bool - - # The conditions here are when we want to apply the - # NetworkConfig. They are: - # - If tripleo_network_config_update is True - # - Or the previous run of NetworkConfig failed. - # - Or it has never run - # This will match the prior behavior of when a Heat - # SoftwareDeployment was used. - # It also ensures the script does exist as a sine qua non - # condition - when: - - (tripleo_network_config_update) or - (os_net_config_returncode_stat.stat.exists and - ((os_net_config_returncode_slurp.content | b64decode | int) != 0)) or - (not os_net_config_returncode_stat.stat.exists) diff --git a/tripleo_ansible/roles/tripleo_network_config/tasks/os_net_config.yml b/tripleo_ansible/roles/tripleo_network_config/tasks/os_net_config.yml deleted file mode 100644 index 250451673..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/tasks/os_net_config.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Apply network configuration with os-net-config. -# - -- name: Apply os-net-config configuration - become: true - block: - - name: Set nic_config_file fact - set_fact: - nic_config_file: "/etc/os-net-config/config.yaml" - - name: Render overidden network config - no_log: "{{ tripleo_network_config_hide_sensitive_logs | bool }}" - copy: - content: "{{tripleo_network_config_override | to_yaml}}" - dest: "{{ nic_config_file }}" - mode: 0644 - backup: true - when: - - tripleo_network_config_override.keys()|length > 0 - - name: Render network_config from template - no_log: "{{ tripleo_network_config_hide_sensitive_logs | bool }}" - template: - src: "{{ tripleo_network_config_template }}" - dest: "{{ nic_config_file }}" - mode: 0644 - backup: true - when: - - tripleo_network_config_override.keys()|length == 0 - - name: Run tripleo_os_net_config_module with network_config - tripleo_os_net_config: - config_file: "{{ nic_config_file }}" - debug: "{{ tripleo_network_config_debug|bool }}" - detailed_exit_codes: true - safe_defaults: "{{ tripleo_network_config_safe_defaults | bool }}" - use_nmstate: "{{ tripleo_network_config_nmstate | bool }}" - async: "{{ tripleo_network_config_async_timeout }}" - poll: "{{ tripleo_network_config_async_poll }}" - register: NetworkConfig_result - when: not ansible_check_mode diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/2_linux_bonds_vlans/2_linux_bonds_vlans.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/2_linux_bonds_vlans/2_linux_bonds_vlans.j2 deleted file mode 100644 index 2b2d0d524..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/2_linux_bonds_vlans/2_linux_bonds_vlans.j2 +++ /dev/null @@ -1,79 +0,0 @@ ---- -{% set mtu_ctlplane_list = [ctlplane_mtu] %} -{% set mtu_dataplane_list = [] %} -{% for network in role_networks %} -{# This block resolves the minimum viable MTU for interfaces connected to #} -{# the dataplane network(s), which start by "Tenant", and also bonds #} -{# and bridges that carry multiple VLANs. Each VLAN may have different MTU. #} -{# The bridge, bond or interface must have an MTU to allow the VLAN with the #} -{# largest MTU. #} -{% if network.startswith('Tenant') %} -{{ mtu_dataplane_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} -{# This block resolves the minimum viable MTU for interfaces connected to #} -{# the control plane network(s) (don't start by "Tenant"), and also bonds #} -{# and bridges that carry multiple VLANs. Each VLAN may have different MTU. #} -{# The bridge, bond or interface must have an MTU to allow the VLAN with the #} -{# largest MTU. #} -{% else %} -{{ mtu_ctlplane_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} -{%- endif %} -{%- endfor %} -{% set min_viable_mtu_ctlplane = mtu_ctlplane_list | max %} -{% set min_viable_mtu_dataplane = mtu_dataplane_list | max %} -network_config: -- type: interface - name: nic1 - mtu: {{ ctlplane_mtu }} - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - routes: {{ ctlplane_host_routes }} -- type: linux_bond - name: bond_api - mtu: {{ min_viable_mtu_ctlplane }} - use_dhcp: false - bonding_options: {{ bond_interface_ovs_options }} - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - members: - - type: interface - name: nic2 - mtu: {{ min_viable_mtu_ctlplane }} - primary: true - - type: interface - name: nic3 - mtu: {{ min_viable_mtu_ctlplane }} -{% for network in role_networks if not network.startswith('Tenant') %} -- type: vlan - device: bond_api - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - addresses: - - ip_netmask: {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% endfor %} -- type: ovs_bridge - name: {{ neutron_physical_bridge_name }} - dns_servers: {{ ctlplane_dns_nameservers }} - members: - - type: linux_bond - name: bond-data - mtu: {{ min_viable_mtu_dataplane }} - bonding_options: {{ bond_interface_ovs_options }} - members: - - type: interface - name: nic4 - mtu: {{ min_viable_mtu_dataplane }} - primary: true - - type: interface - name: nic5 - mtu: {{ min_viable_mtu_dataplane }} -{% for network in role_networks if network.startswith('Tenant') %} - - type: vlan - device: bond-data - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - addresses: - - ip_netmask: {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/2_linux_bonds_vlans/2_linux_bonds_vlans_dpdk.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/2_linux_bonds_vlans/2_linux_bonds_vlans_dpdk.j2 deleted file mode 100644 index c87325cc5..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/2_linux_bonds_vlans/2_linux_bonds_vlans_dpdk.j2 +++ /dev/null @@ -1,72 +0,0 @@ ---- -{# This block resolves the minimum viable MTU for interfaces, bonds and #} -{# bridges that carry multiple VLANs. Each VLAN may have different MTU. The #} -{# bridge, bond or interface must have an MTU to allow the VLAN with the #} -{# largest MTU. #} -{% set mtu_list = [] %} -{{ mtu_list.append(lookup('vars', ctlplane_mtu)) }} -{% for network in role_networks %} -{{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} -{%- endfor %} -{% set min_viable_mtu = mtu_list | max %} -network_config: -- type: interface - name: nic1 - mtu: {{ ctlplane_mtu }} - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - routes: {{ ctlplane_host_routes }} -- type: linux_bond - name: bond_api - mtu: {{ min_viable_mtu }} - use_dhcp: false - bonding_options: {{ bond_interface_ovs_options }} - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - members: - - type: interface - name: nic2 - mtu: {{ min_viable_mtu }} - primary: true - - type: interface - name: nic3 - mtu: {{ min_viable_mtu }} -{% for network in role_networks if not network.startswith('Tenant') %} -- type: vlan - device: bond_api - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - addresses: - - ip_netmask: {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% endfor %} -{# Special config for OVS DPDK #} -- type: ovs_user_bridge - name: br-dpdk0 - use_dhcp: false -{% for network in role_networks if network.startswith('Tenant') %} - ovs_extra: "set port br-dpdk0 tag={{ lookup('vars', networks_lower[network] ~ '_vlan_id') }}" - addresses: - - ip_netmask: {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr')}} -{% if default_route_networks and network in default_route_networks %} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') + [{'default': true, 'next_hop': lookup('vars', networks_lower[network] ~ '_gateway_ip')}] }} -{% else %} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% endif %} -{% endfor %} - members: - - type: ovs_dpdk_bond - name: dpdkbond0 - rx_queue: {{ num_dpdk_interface_rx_queues }} - members: - - type: ovs_dpdk_port - name: dpdk0 - members: - - type: interface - name: nic4 - - type: ovs_dpdk_port - name: dpdk1 - members: - - type: interface - name: nic5 diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/bonds_vlans/bonds_vlans.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/bonds_vlans/bonds_vlans.j2 deleted file mode 100644 index 2a5a0ca3a..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/bonds_vlans/bonds_vlans.j2 +++ /dev/null @@ -1,39 +0,0 @@ ---- -{% set mtu_list = [ctlplane_mtu] %} -{% for network in role_networks %} -{{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} -{%- endfor %} -{% set min_viable_mtu = mtu_list | max %} -network_config: -- type: interface - name: nic1 - mtu: {{ ctlplane_mtu }} - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - routes: {{ ctlplane_host_routes }} -- type: ovs_bridge - name: {{ neutron_physical_bridge_name }} - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - members: - - type: ovs_bond - name: bond1 - mtu: {{ min_viable_mtu }} - ovs_options: {{ bond_interface_ovs_options }} - members: - - type: interface - name: nic2 - mtu: {{ min_viable_mtu }} - primary: true - - type: interface - name: nic3 - mtu: {{ min_viable_mtu }} -{% for network in role_networks %} - - type: vlan - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - addresses: - - ip_netmask: {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/bonds_vlans/bonds_vlans_dpdk.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/bonds_vlans/bonds_vlans_dpdk.j2 deleted file mode 100644 index b41259c67..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/bonds_vlans/bonds_vlans_dpdk.j2 +++ /dev/null @@ -1,55 +0,0 @@ ---- -{% set mtu_list = [ctlplane_mtu] %} -{% for network in role_networks %} -{{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} -{%- endfor %} -{% set min_viable_mtu = mtu_list | max %} -network_config: -- type: interface - name: nic1 - mtu: {{ ctlplane_mtu }} - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - routes: {{ ctlplane_host_routes }} -- type: linux_bond - name: bond_api - mtu: {{ min_viable_mtu }} - bonding_options: {{ bond_interface_ovs_options }} - use_dhcp: false - dns_servers: {{ ctlplane_dns_nameservers }} - members: - - type: interface - name: nic2 - mtu: {{ min_viable_mtu }} - primary: true - - type: interface - name: nic3 - mtu: {{ min_viable_mtu }} -{% for network in role_networks %} -- type: vlan - device: bond_api - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - addresses: - - ip_netmask: {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% endfor %} -{# Used as a provider network with external DHCP #} -- type: ovs_user_bridge - name: br-dpdk0 - members: - - type: ovs_dpdk_bond - name: dpdkbond0 - rx_queue: {{ num_dpdk_interface_rx_queues }} - members: - - type: ovs_dpdk_port - name: dpdk0 - members: - - type: interface - name: nic4 - - type: ovs_dpdk_port - name: dpdk1 - members: - - type: interface - name: nic5 diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/bonds_vlans/bonds_vlans_storage.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/bonds_vlans/bonds_vlans_storage.j2 deleted file mode 100644 index ad5968772..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/bonds_vlans/bonds_vlans_storage.j2 +++ /dev/null @@ -1,39 +0,0 @@ ---- -{% set mtu_list = [ctlplane_mtu] %} -{% for network in role_networks %} -{{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} -{%- endfor %} -{% set min_viable_mtu = mtu_list | max %} -network_config: -- type: interface - name: nic1 - mtu: {{ ctlplane_mtu }} - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - routes: {{ ctlplane_host_routes }} -- type: ovs_bridge - name: br-bond - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - members: - - type: ovs_bond - name: bond1 - mtu: {{ min_viable_mtu }} - ovs_options: {{ bond_interface_ovs_options }} - members: - - type: interface - name: nic2 - mtu: {{ min_viable_mtu }} - primary: true - - type: interface - name: nic3 - mtu: {{ min_viable_mtu }} -{% for network in role_networks %} - - type: vlan - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - addresses: - - ip_netmask: {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/bonds_vlans/controller_no_external.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/bonds_vlans/controller_no_external.j2 deleted file mode 100644 index dbab70b67..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/bonds_vlans/controller_no_external.j2 +++ /dev/null @@ -1,39 +0,0 @@ ---- -{% set mtu_list = [ctlplane_mtu] %} -{% for network in role_networks %} -{{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} -{%- endfor %} -{% set min_viable_mtu = mtu_list | max %} -network_config: -- type: interface - name: nic1 - mtu: {{ ctlplane_mtu }} - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - routes: {{ ctlplane_host_routes }} -- type: ovs_bridge - name: {{ neutron_physical_bridge_name }} - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - members: - - type: ovs_bond - name: bond1 - mtu: {{ min_viable_mtu }} - ovs_options: {{ bond_interface_ovs_options }} - members: - - type: interface - name: nic2 - mtu: {{ min_viable_mtu }} - primary: true - - type: interface - name: nic3 - mtu: {{ min_viable_mtu }} -{% for network in role_networks if network != 'External' %} - - type: vlan - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - addresses: - - ip_netmask: {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/ci/custom_network_multiple_nics.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/ci/custom_network_multiple_nics.j2 deleted file mode 100644 index 5fb902711..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/ci/custom_network_multiple_nics.j2 +++ /dev/null @@ -1,69 +0,0 @@ ---- -network_config: -- type: interface - name: nic1 - mtu: 1350 - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} -{% if 'ExternalCloud1' not in role_networks %} - routes: - - default: true - next_hop: {{ ctlplane_gateway_ip }} -{% endif %} -{% if 'ExternalCloud1' in role_networks or 'external_bridge' in role_tags %} -- type: ovs_bridge - name: br-ex - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - use_dhcp: false - members: - - type: interface - name: nic2 - mtu: 1350 - primary: true -{% endif %} -{% if 'ExternalCloud1' in role_networks %} - routes: - - ip_netmask: 0.0.0.0/0 - next_hop: {{ external_cloud_1_gateway_ip | default('10.0.0.1') }} - addresses: - - ip_netmask: {{ external_cloud_1_ip }}/{{ external_cloud_1_cidr }} -{% endif %} -{% if 'InternalApiCloud1' in role_networks %} -- type: interface - name: nic3 - mtu: 1350 - use_dhcp: false - addresses: - - ip_netmask: {{ internal_api_cloud_1_ip }}/{{ internal_api_cloud_1_cidr }} -{% endif %} -{% if 'StorageCloud1' in role_networks %} -- type: interface - name: nic4 - mtu: 1350 - use_dhcp: false - addresses: - - ip_netmask: {{ storage_cloud_1_ip }}/{{ storage_cloud_1_cidr }} -{% endif %} -{% if 'StorageMgmtCloud1' in role_networks %} -- type: interface - name: nic5 - mtu: 1350 - use_dhcp: false - addresses: - - ip_netmask: {{ storage_mgmt_cloud_1_ip }}/{{ storage_mgmt_cloud_1_cidr }} -{% endif %} -{% if 'TenantCloud1' in role_networks %} -- type: ovs_bridge - name: br-tenant - dns_servers: {{ ctlplane_dns_nameservers }} - use_dhcp: false - addresses: - - ip_netmask: {{ tenant_cloud_1_ip }}/{{ tenant_cloud_1_cidr }} - members: - - type: interface - name: nic6 - mtu: 1350 - primary: true -{% endif %} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/ci/multinode.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/ci/multinode.j2 deleted file mode 100644 index 76280a94b..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/ci/multinode.j2 +++ /dev/null @@ -1,6 +0,0 @@ -network_config: -- type: ovs_bridge - name: br-ex - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/ci/multiple_nics.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/ci/multiple_nics.j2 deleted file mode 100644 index 8b025a0ec..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/ci/multiple_nics.j2 +++ /dev/null @@ -1,69 +0,0 @@ ---- -network_config: -- type: interface - name: nic1 - mtu: 1350 - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} -{% if 'External' not in role_networks %} - routes: - - default: true - next_hop: {{ ctlplane_gateway_ip }} -{% endif %} -{% if 'External' in role_networks or 'external_bridge' in role_tags %} -- type: ovs_bridge - name: br-ex - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - use_dhcp: false - members: - - type: interface - name: nic2 - mtu: 1350 - primary: true -{% endif %} -{% if 'External' in role_networks %} - routes: - - ip_netmask: 0.0.0.0/0 - next_hop: {{ external_gateway_ip | default('10.0.0.1') }} - addresses: - - ip_netmask: {{ external_ip }}/{{ external_cidr }} -{% endif %} -{% if 'InternalApi' in role_networks %} -- type: interface - name: nic3 - mtu: 1350 - use_dhcp: false - addresses: - - ip_netmask: {{ internal_api_ip }}/{{ internal_api_cidr }} -{% endif %} -{% if 'Storage' in role_networks %} -- type: interface - name: nic4 - mtu: 1350 - use_dhcp: false - addresses: - - ip_netmask: {{ storage_ip }}/{{ storage_cidr }} -{% endif %} -{% if 'StorageMgmt' in role_networks %} -- type: interface - name: nic5 - mtu: 1350 - use_dhcp: false - addresses: - - ip_netmask: {{ storage_mgmt_ip }}/{{ storage_mgmt_cidr }} -{% endif %} -{% if 'Tenant' in role_networks %} -- type: ovs_bridge - name: br-tenant - dns_servers: {{ ctlplane_dns_nameservers }} - use_dhcp: false - addresses: - - ip_netmask: {{ tenant_ip }}/{{ tenant_cidr }} - members: - - type: interface - name: nic6 - mtu: 1350 - primary: true -{% endif %} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/ci/multiple_nics_ipv6.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/ci/multiple_nics_ipv6.j2 deleted file mode 100644 index f685d415e..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/ci/multiple_nics_ipv6.j2 +++ /dev/null @@ -1,67 +0,0 @@ ---- -network_config: -- type: interface - name: nic1 - mtu: 1350 - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - routes: - - default: true - next_hop: {{ ctlplane_gateway_ip }} -{% if 'External' in role_networks or 'external_bridge' in role_tags %} -- type: ovs_bridge - name: br-ex - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - use_dhcp: false - routes: - - ip_netmask: ::/0 - next_hop: {{ external_gateway_ip | default('fe80::1') }} - members: - - type: interface - name: nic2 - mtu: 1350 - primary: true -{% endif %} -{% if 'External' in role_networks %} - addresses: - - ip_netmask: {{ external_ip }}/{{ external_cidr }} -{% endif %} -{% if 'InternalApi' in role_networks %} -- type: interface - name: nic3 - mtu: 1350 - use_dhcp: false - addresses: - - ip_netmask: {{ internal_api_ip }}/{{ internal_api_cidr }} -{% endif %} -{% if 'Storage' in role_networks %} -- type: interface - name: nic4 - mtu: 1350 - use_dhcp: false - addresses: - - ip_netmask: {{ storage_ip }}/{{ storage_cidr }} -{% endif %} -{% if 'StorageMgmt' in role_networks %} -- type: interface - name: nic5 - mtu: 1350 - use_dhcp: false - addresses: - - ip_netmask: {{ storage_mgmt_ip }}/{{ storage_mgmt_cidr }} -{% endif %} -{% if 'Tenant' in role_networks %} -- type: ovs_bridge - name: br-tenant - dns_servers: {{ ctlplane_dns_nameservers }} - use_dhcp: false - addresses: - - ip_netmask: {{ tenant_ip }}/{{ tenant_cidr }} - members: - - type: interface - name: nic6 - mtu: 1350 - primary: true -{% endif %} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/ci/public_bond.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/ci/public_bond.j2 deleted file mode 100644 index afe3a32b0..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/ci/public_bond.j2 +++ /dev/null @@ -1,75 +0,0 @@ ---- -network_config: -- type: interface - name: nic1 - mtu: 1350 - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - routes: - - default: true - next_hop: {{ ctlplane_gateway_ip }} -{% if 'External' in role_networks or 'external_bridge' in role_tags %} -- type: ovs_bridge - name: br-ex - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - use_dhcp: false - routes: - - ip_netmask: 0.0.0.0/0 - next_hop: {{ external_gateway_ip | default('10.0.0.1') }} - members: - - type: ovs_bond - name: bond1 - ovs_options: {{ bond_interface_ovs_options }} - members: - - type: interface - name: nic2 - mtu: 1350 - primary: true - - type: interface - name: nic3 - mtu: 1350 - primary: true -{% endif %} -{% if 'External' in role_networks %} - addresses: - - ip_netmask: {{ external_ip }}/{{ external_cidr }} -{% endif %} -{% if 'InternalApi' in role_networks %} -- type: interface - name: nic4 - mtu: 1350 - use_dhcp: false - addresses: - - ip_netmask: {{ internal_api_ip }}/{{ internal_api_cidr }} -{% endif %} -{% if 'Storage' in role_networks %} -- type: interface - name: nic5 - mtu: 1350 - use_dhcp: false - addresses: - - ip_netmask: {{ storage_ip }}/{{ storage_cidr }} -{% endif %} -{% if 'StorageMgmt' in role_networks %} -- type: interface - name: nic6 - mtu: 1350 - use_dhcp: false - addresses: - - ip_netmask: {{ storage_mgmt_ip }}/{{ storage_mgmt_cidr }} -{% endif %} -{% if 'Tenant' in role_networks %} -- type: ovs_bridge - name: br-tenant - dns_servers: {{ ctlplane_dns_nameservers }} - use_dhcp: false - addresses: - - ip_netmask: {{ tenant_ip }}/{{ tenant_cidr }} - members: - - type: interface - name: nic7 - mtu: 1350 - primary: true -{% endif %} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/multiple_nics/multiple_nics.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/multiple_nics/multiple_nics.j2 deleted file mode 100644 index 6135f1fde..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/multiple_nics/multiple_nics.j2 +++ /dev/null @@ -1,43 +0,0 @@ ---- -network_config: -- type: interface - name: nic1 - mtu: {{ ctlplane_mtu }} - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - routes: {{ ctlplane_host_routes }} - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} -{% for network in networks_all if network not in networks_skip_config %} -{% if network not in ["External", "Tenant"] and network in role_networks %} -- type: interface - name: nic{{ loop.index +1 }} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - use_dhcp: false - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% elif network in role_networks or 'external_bridge' in role_tags %} -- type: ovs_bridge -{% if network == 'External' %} - name: {{ neutron_physical_bridge_name }} -{% else %} - name: {{ 'br-' ~ networks_lower[network] }} -{% endif %} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - dns_servers: {{ ctlplane_dns_nameservers }} - use_dhcp: false - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} - members: - - type: interface - name: nic{{loop.index + 1}} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - use_dhcp: false - primary: true -{% endif %} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/multiple_nics/multiple_nics_dpdk.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/multiple_nics/multiple_nics_dpdk.j2 deleted file mode 100644 index 9b906c0ec..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/multiple_nics/multiple_nics_dpdk.j2 +++ /dev/null @@ -1,62 +0,0 @@ ---- -network_config: -- type: interface - name: nic1 - mtu: {{ ctlplane_mtu }} - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - routes: {{ ctlplane_host_routes }} - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} -{% set nics_used = [1] %} -{% for network in networks_all if network not in networks_skip_config %} -{% if network not in ["External", "Tenant"] and network in role_networks %} -- type: interface - name: nic{{ loop.index +1 }} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - use_dhcp: false - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% elif network in role_networks or 'external_bridge' in role_tags %} -- type: ovs_bridge -{% if network == 'External' %} - name: {{ neutron_physical_bridge_name }} -{% else %} - name: {{ 'br-' ~ networks_lower[network] }} -{% endif %} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - dns_servers: {{ ctlplane_dns_nameservers }} - use_dhcp: false - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} - members: - - type: interface - name: nic{{loop.index + 1}} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - use_dhcp: false - primary: true -{% endif %} -{% set _ = nics_used.append(loop.index) %} -{% endfor %} -- type: ovs_user_bridge - name: br-dpdk0 - members: - - type: ovs_dpdk_bond - name: dpdkbond0 - rx_queue: {{ num_dpdk_interface_rx_queues }} - members: - - type: ovs_dpdk_port - name: dpdk0 - members: - - type: interface - name: nic{{nics_used[-1] + 1}} - - type: ovs_dpdk_port - name: dpdk1 - members: - - type: interface - name: nic{{nics_used[-1] + 2}} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/multiple_nics/multiple_nics_dvr.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/multiple_nics/multiple_nics_dvr.j2 deleted file mode 100644 index fb0f818dd..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/multiple_nics/multiple_nics_dvr.j2 +++ /dev/null @@ -1,56 +0,0 @@ ---- -network_config: -- type: interface - name: nic1 - mtu: {{ ctlplane_mtu }} - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - routes: {{ ctlplane_host_routes }} - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} -{% for network in networks_all if network not in networks_skip_config|default([]) %} -{% if network == 'External' %} -- type: ovs_bridge - name: {{ neutron_physical_bridge_name }} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - dns_servers: {{ ctlplane_dns_nameservers }} - use_dhcp: false -{% if network in role_networks %} - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% endif %} - members: - - type: interface - name: nic{{ loop.index +1 }} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - primary: true -{% elif network not in ["External", "Tenant"] and network in role_networks %} -- type: interface - name: nic{{ loop.index +1 }} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - use_dhcp: false - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% elif network == 'Tenant' and network in role_networks %} -- type: ovs_bridge - name: {{ 'br-' ~ networks_lower[network] }} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - dns_servers: {{ ctlplane_dns_nameservers }} - use_dhcp: false - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} - members: - - type: interface - name: nic{{loop.index + 1}} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - use_dhcp: false - primary: true -{% endif %} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/multiple_nics_vlans/multiple_nics_vlans.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/multiple_nics_vlans/multiple_nics_vlans.j2 deleted file mode 100644 index 93c771fad..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/multiple_nics_vlans/multiple_nics_vlans.j2 +++ /dev/null @@ -1,50 +0,0 @@ ---- -network_config: -- type: interface - name: nic1 - mtu: {{ ctlplane_mtu }} - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - routes: {{ ctlplane_host_routes }} - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} -{% for network in networks_all if network not in networks_skip_config %} -{% if network not in ["External", "Tenant"] and network in role_networks %} -- type: interface - name: nic{{ loop.index + 1 }} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - use_dhcp: false -- type: vlan - device: nic{{ loop.index + 1 }} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% elif network in role_networks or 'external_bridge' in role_tags %} -- type: ovs_bridge -{% if network == 'External' %} - name: {{ neutron_physical_bridge_name }} -{% else %} - name: {{ 'br-' ~ networks_lower[network] }} -{% endif %} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - dns_servers: {{ ctlplane_dns_nameservers }} - use_dhcp: false - members: - - type: interface - name: nic{{ loop.index + 1 }} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - use_dhcp: false - primary: true - - type: vlan - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% endif %} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/multiple_nics_vlans/multiple_nics_vlans_dpdk.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/multiple_nics_vlans/multiple_nics_vlans_dpdk.j2 deleted file mode 100644 index ec919d2b5..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/multiple_nics_vlans/multiple_nics_vlans_dpdk.j2 +++ /dev/null @@ -1,69 +0,0 @@ ---- -network_config: -- type: interface - name: nic1 - mtu: {{ ctlplane_mtu }} - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - routes: {{ ctlplane_host_routes }} - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} -{% set nics_used = [1] %} -{% for network in networks_all if network not in networks_skip_config %} -{% if network not in ["External", "Tenant"] and network in role_networks %} -- type: interface - name: nic{{ loop.index + 1 }} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - use_dhcp: false -- type: vlan - device: nic{{ loop.index + 1 }} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% elif network in role_networks or 'external_bridge' in role_tags %} -- type: ovs_bridge -{% if network == 'External' %} - name: {{ neutron_physical_bridge_name }} -{% else %} - name: {{ 'br-' ~ networks_lower[network] }} -{% endif %} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - dns_servers: {{ ctlplane_dns_nameservers }} - use_dhcp: false - members: - - type: interface - name: nic{{ loop.index + 1 }} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - use_dhcp: false - primary: true - - type: vlan - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% endif %} -{% set _ = nics_used.append(loop.index) %} -{% endfor %} -- type: ovs_user_bridge - name: br-dpdk0 - members: - - type: ovs_dpdk_bond - name: dpdkbond0 - rx_queue: {{ num_dpdk_interface_rx_queues }} - members: - - type: ovs_dpdk_port - name: dpdk0 - members: - - type: interface - name: nic{{nics_used[-1] + 1}} - - type: ovs_dpdk_port - name: dpdk1 - members: - - type: interface - name: nic{{nics_used[-1] + 2}} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/multiple_nics_vlans/multiple_nics_vlans_dvr.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/multiple_nics_vlans/multiple_nics_vlans_dvr.j2 deleted file mode 100644 index 9eef12149..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/multiple_nics_vlans/multiple_nics_vlans_dvr.j2 +++ /dev/null @@ -1,66 +0,0 @@ ---- -network_config: -- type: interface - name: nic1 - mtu: {{ ctlplane_mtu }} - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - routes: {{ ctlplane_host_routes }} - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} -{% for network in networks_all if network not in networks_skip_config|default([]) %} -{% if network == 'External' %} -- type: ovs_bridge - name: {{ neutron_physical_bridge_name }} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - dns_servers: {{ ctlplane_dns_nameservers }} - use_dhcp: false - members: - - type: interface - name: nic{{ loop.index + 1 }} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - primary: true -{% if network in role_networks %} - - type: vlan - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% endif %} -{% elif network not in ["External", "Tenant"] and network in role_networks %} -- type: interface - name: nic{{ loop.index + 1 }} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - use_dhcp: false -- type: vlan - device: nic{{ loop.index + 1 }} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% elif network == 'Tenant' and network in role_networks %} -- type: ovs_bridge - name: {{ 'br-' ~ networks_lower[network] }} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - dns_servers: {{ ctlplane_dns_nameservers }} - use_dhcp: false - members: - - type: interface - name: nic{{ loop.index + 1 }} - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - use_dhcp: false - primary: true - - type: vlan - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% endif %} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/net_config_bond.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/net_config_bond.j2 deleted file mode 100644 index 33b95eb24..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/net_config_bond.j2 +++ /dev/null @@ -1,17 +0,0 @@ ---- -network_config: -- type: ovs_bridge - name: {{ neutron_physical_bridge_name }} - use_dhcp: true - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - members: - - type: ovs_bond - name: bond1 - use_dhcp: true - ovs_options: {{ bond_interface_ovs_options }} - members: - - type: interface - name: nic1 - - type: interface - name: nic2 diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/net_config_bridge.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/net_config_bridge.j2 deleted file mode 100644 index 19998deac..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/net_config_bridge.j2 +++ /dev/null @@ -1,12 +0,0 @@ ---- -network_config: -- type: ovs_bridge - name: {{ neutron_physical_bridge_name }} - use_dhcp: true - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - members: - - type: interface - name: {{ neutron_public_interface_name }} - # force the MAC address of the bridge to this interface - primary: true diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/net_config_linux_bridge.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/net_config_linux_bridge.j2 deleted file mode 100644 index 6e9bd34e9..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/net_config_linux_bridge.j2 +++ /dev/null @@ -1,17 +0,0 @@ ---- -network_config: -- type: linux_bridge - name: {{ neutron_physical_bridge_name }} - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - members: - - type: interface - name: {{ neutron_public_interface_name }} - # force the MAC address of the bridge to this interface - primary: true - routes: - - ip_netmask: 0.0.0.0/0 - next_hop: {{ ctlplane_gateway_ip }} - default: true diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/net_config_static.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/net_config_static.j2 deleted file mode 100644 index 8083ed332..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/net_config_static.j2 +++ /dev/null @@ -1,12 +0,0 @@ ---- -network_config: -- type: interface - name: {{ neutron_public_interface_name }} - use_dhcp: false - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - routes: - - default: true - next_hop: {{ ctlplane_gateway_ip }} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/net_config_static_bridge.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/net_config_static_bridge.j2 deleted file mode 100644 index b8557871f..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/net_config_static_bridge.j2 +++ /dev/null @@ -1,17 +0,0 @@ ---- -network_config: -- type: ovs_bridge - name: {{ neutron_physical_bridge_name }} - use_dhcp: false - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - routes: - - default: true - next_hop: {{ ctlplane_gateway_ip }} - members: - - type: interface - name: {{ neutron_public_interface_name }} - # force the MAC address of the bridge to this interface - primary: true diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/net_config_static_bridge_with_external_dhcp.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/net_config_static_bridge_with_external_dhcp.j2 deleted file mode 100644 index 39ec3e359..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/net_config_static_bridge_with_external_dhcp.j2 +++ /dev/null @@ -1,19 +0,0 @@ ---- -network_config: -- type: ovs_bridge - name: {{ neutron_physical_bridge_name }} - use_dhcp: true - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - members: - - type: interface - name: {{ neutron_public_interface_name }} - # force the MAC address of the bridge to this interface - primary: true -- type: interface - name: br-ex:0 - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - routes: - - default: true - next_hop: {{ ctlplane_gateway_ip }} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/single_nic_linux_bridge_vlans/single_nic_linux_bridge_vlans.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/single_nic_linux_bridge_vlans/single_nic_linux_bridge_vlans.j2 deleted file mode 100644 index e4784905b..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/single_nic_linux_bridge_vlans/single_nic_linux_bridge_vlans.j2 +++ /dev/null @@ -1,32 +0,0 @@ ---- -{% set mtu_list = [ctlplane_mtu] %} -{% for network in role_networks %} -{{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} -{%- endfor %} -{% set min_viable_mtu = mtu_list | max %} -network_config: -- type: linux_bridge - name: {{ neutron_physical_bridge_name }} - mtu: {{ min_viable_mtu }} - use_dhcp: false - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - routes: {{ ctlplane_host_routes }} - members: - - type: interface - name: {{ neutron_public_interface_name }} - mtu: {{ min_viable_mtu }} - # force the MAC address of the bridge to this interface - primary: true -{% for network in role_networks if network not in networks_skip_config %} - - type: vlan - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - device: {{ neutron_physical_bridge_name }} - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/single_nic_linux_bridge_vlans/single_nic_linux_bridge_vlans_storage.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/single_nic_linux_bridge_vlans/single_nic_linux_bridge_vlans_storage.j2 deleted file mode 100644 index c573f0703..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/single_nic_linux_bridge_vlans/single_nic_linux_bridge_vlans_storage.j2 +++ /dev/null @@ -1,32 +0,0 @@ ---- -{% set mtu_list = [ctlplane_mtu] %} -{% for network in role_networks %} -{{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} -{%- endfor %} -{% set min_viable_mtu = mtu_list | max %} -network_config: -- type: linux_bridge - name: br-storage - mtu: {{ min_viable_mtu }} - use_dhcp: false - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - routes: {{ ctlplane_host_routes }} - members: - - type: interface - name: {{ neutron_public_interface_name }} - mtu: {{ min_viable_mtu }} - # force the MAC address of the bridge to this interface - primary: true -{% for network in role_networks if network not in networks_skip_config) %} - - type: vlan - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - device: br-storage - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/single_nic_vlans/controller_no_external.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/single_nic_vlans/controller_no_external.j2 deleted file mode 100644 index ef31c9ed0..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/single_nic_vlans/controller_no_external.j2 +++ /dev/null @@ -1,31 +0,0 @@ ---- -{% set mtu_list = [ctlplane_mtu] %} -{% for network in role_networks %} -{{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} -{%- endfor %} -{% set min_viable_mtu = mtu_list | max %} -network_config: -- type: ovs_bridge - name: {{ neutron_physical_bridge_name }} - mtu: {{ min_viable_mtu }} - use_dhcp: false - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - routes: {{ ctlplane_host_routes }} - members: - - type: interface - name: nic1 - mtu: {{ min_viable_mtu }} - # force the MAC address of the bridge to this interface - primary: true -{% for network in role_networks if network != 'External' %} - - type: vlan - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/single_nic_vlans/single_nic_vlans.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/single_nic_vlans/single_nic_vlans.j2 deleted file mode 100644 index 5e7cebd99..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/single_nic_vlans/single_nic_vlans.j2 +++ /dev/null @@ -1,31 +0,0 @@ ---- -{% set mtu_list = [ctlplane_mtu] %} -{% for network in role_networks %} -{{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} -{%- endfor %} -{% set min_viable_mtu = mtu_list | max %} -network_config: -- type: ovs_bridge - name: {{ neutron_physical_bridge_name }} - mtu: {{ min_viable_mtu }} - use_dhcp: false - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - routes: {{ ctlplane_host_routes }} - members: - - type: interface - name: nic1 - mtu: {{ min_viable_mtu }} - # force the MAC address of the bridge to this interface - primary: true -{% for network in role_networks %} - - type: vlan - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/single_nic_vlans/single_nic_vlans_storage.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/single_nic_vlans/single_nic_vlans_storage.j2 deleted file mode 100644 index d218c338b..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/single_nic_vlans/single_nic_vlans_storage.j2 +++ /dev/null @@ -1,31 +0,0 @@ ---- -{% set mtu_list = [ctlplane_mtu] %} -{% for network in role_networks %} -{{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} -{%- endfor %} -{% set min_viable_mtu = mtu_list | max %} -network_config: -- type: ovs_bridge - name: br-storage - mtu: {{ min_viable_mtu }} - use_dhcp: false - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - routes: {{ ctlplane_host_routes }} - members: - - type: interface - name: nic1 - mtu: {{ min_viable_mtu }} - # force the MAC address of the bridge to this interface - primary: true -{% for network in role_networks %} - - type: vlan - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/standalone.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/standalone.j2 deleted file mode 100644 index 364b6b455..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/standalone.j2 +++ /dev/null @@ -1,32 +0,0 @@ ---- -{% set control_virtual_ip = net_vip_map.ctlplane %} -{% set public_virtual_ip = vip_port_map.external.ip_address %} -{% if ':' in control_virtual_ip %} -{% set control_virtual_cidr = 128 %} -{% else %} -{% set control_virtual_cidr = 32 %} -{% endif %} -{% if ':' in public_virtual_ip %} -{% set public_virtual_cidr = 128 %} -{% else %} -{% set public_virtual_cidr = 32 %} -{% endif %} -network_config: -- type: ovs_bridge - name: br-ctlplane - use_dhcp: false - mtu: {{ ctlplane_mtu }} - ovs_extra: - - br-set-external-id br-ctlplane bridge-id br-ctlplane - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - - ip_netmask: {{ control_virtual_ip}}/{{ control_virtual_cidr }} - - ip_netmask: {{ public_virtual_ip}}/{{ public_virtual_cidr }} - routes: {{ ctlplane_host_routes }} - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - members: - - type: interface - name: {{ neutron_public_interface_name }} - primary: true - mtu: {{ ctlplane_mtu }} diff --git a/tripleo_ansible/roles/tripleo_network_config/templates/undercloud.j2 b/tripleo_ansible/roles/tripleo_network_config/templates/undercloud.j2 deleted file mode 100644 index f8d911439..000000000 --- a/tripleo_ansible/roles/tripleo_network_config/templates/undercloud.j2 +++ /dev/null @@ -1,31 +0,0 @@ ---- -{% set control_virtual_ip = net_vip_map.ctlplane %} -{% set public_virtual_ip = net_vip_map[service_net_map['public_network']] %} -{% if ':' in control_virtual_ip %} -{% set control_virtual_cidr = 128 %} -{% else %} -{% set control_virtual_cidr = 32 %} -{% endif %} -{% if ':' in public_virtual_ip %} -{% set public_virtual_cidr = 128 %} -{% else %} -{% set public_virtual_cidr = 32 %} -{% endif %} -network_config: -- type: ovs_bridge - name: br-ctlplane - use_dhcp: false - ovs_extra: - - br-set-external-id br-ctlplane bridge-id br-ctlplane - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - - ip_netmask: {{ control_virtual_ip}}/{{ control_virtual_cidr }} - - ip_netmask: {{ public_virtual_ip}}/{{ public_virtual_cidr }} - routes: {{ ctlplane_host_routes }} - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - members: - - type: interface - name: {{ neutron_public_interface_name }} - primary: true - mtu: {{ local_mtu }} diff --git a/tripleo_ansible/roles/tripleo_nftables/defaults/main.yml b/tripleo_ansible/roles/tripleo_nftables/defaults/main.yml deleted file mode 100644 index d1f64dc70..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/defaults/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_nftables_" -tripleo_nftables_src: /var/lib/tripleo-config/firewall diff --git a/tripleo_ansible/roles/tripleo_nftables/files/00-base-rules.yaml b/tripleo_ansible/roles/tripleo_nftables/files/00-base-rules.yaml deleted file mode 100644 index 20d8311d0..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/files/00-base-rules.yaml +++ /dev/null @@ -1,38 +0,0 @@ -- rule: - proto: all - state: - - RELATED - - ESTABLISHED - rule_name: 000 accept related established rules -- rule: - ipversion: ipv4 - proto: icmp - rule_name: 001 accept all icmp -- rule: - ipversion: ipv6 - proto: ipv6-icmp - state: [] - rule_name: 001 accept all ipv6-icmp -- rule: - interface: lo - proto: all - state: [] - rule_name: 002 accept all to lo interface -- rule: - destination: fe80::/64 - dport: 546 - ipversion: ipv6 - proto: udp - state: - - NEW - rule_name: 004 accept ipv6 dhcpv6 -- rule: - jump: LOG - limit: 20/min - limit_burst: 15 - proto: all - level: 'warn' - flags: 'all' - prefix: 'DROPPING: ' - state: [] - rule_name: 999 log all diff --git a/tripleo_ansible/roles/tripleo_nftables/files/iptables.nft b/tripleo_ansible/roles/tripleo_nftables/files/iptables.nft deleted file mode 100644 index f957e981f..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/files/iptables.nft +++ /dev/null @@ -1,97 +0,0 @@ -#!/usr/sbin/nft -f -# -# Managed by tripleo-ansible/tripleo_nftables -# -# Ensure we get the iptables layout to make the whole thing 100% compatible, -# even if some other tools are still relying on iptables-nft compatibility -# wrapper - -# We will push our tripleo rules in the inet table - it avoids rule duplication -# and allows to keep good compatibility with the iptables-nft layer -table inet filter { - chain INPUT { - type filter hook input priority filter; policy accept; - } - chain FORWARD { - type filter hook forward priority filter; policy accept; - } - chain OUTPUT { - type filter hook output priority filter; policy accept; - } -} -table inet raw { - chain PREROUTING { - type filter hook prerouting priority raw; policy accept; - } - chain OUTPUT { - type filter hook output priority raw; policy accept; - } -} -table inet nat { - chain PREROUTING { - type nat hook prerouting priority dstnat; policy accept; - } - chain INPUT { - type nat hook input priority 100; policy accept; - } - chain OUTPUT { - type nat hook output priority -100; policy accept; - } - chain POSTROUTING { - type nat hook postrouting priority srcnat; policy accept; - } -} -# Compatibility tables and chains for iptables-nft -table ip filter { - chain INPUT { - type filter hook input priority filter; policy accept; - } - chain FORWARD { - type filter hook forward priority filter; policy accept; - } - chain OUTPUT { - type filter hook output priority filter; policy accept; - } -} -table ip raw { - chain PREROUTING { - type filter hook prerouting priority raw; policy accept; - } - chain OUTPUT { - type filter hook output priority raw; policy accept; - } -} -table ip nat { - chain PREROUTING { - type nat hook prerouting priority dstnat; policy accept; - } - chain INPUT { - type nat hook input priority 100; policy accept; - } - chain OUTPUT { - type nat hook output priority -100; policy accept; - } - chain POSTROUTING { - type nat hook postrouting priority srcnat; policy accept; - } -} - -table ip6 raw { - chain PREROUTING { - type filter hook prerouting priority raw; policy accept; - } - chain OUTPUT { - type filter hook output priority raw; policy accept; - } -} -table ip6 filter { - chain INPUT { - type filter hook input priority filter; policy accept; - } - chain FORWARD { - type filter hook forward priority filter; policy accept; - } - chain OUTPUT { - type filter hook output priority filter; policy accept; - } -} diff --git a/tripleo_ansible/roles/tripleo_nftables/meta/main.yml b/tripleo_ansible/roles/tripleo_nftables/meta/main.yml deleted file mode 100644 index 4611c235c..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: TripleO OpenStack Role -- tripleo_nftables - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - namespace: openstack - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 8 - - 9 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_nftables/molecule/action/converge.yml b/tripleo_ansible/roles/tripleo_nftables/molecule/action/converge.yml deleted file mode 100644 index c6eeced2a..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/molecule/action/converge.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - become: true - vars: - tripleo_nftables_src: /opt/tripleo-firewall - tasks: - - name: Run role - ansible.builtin.import_role: - name: tripleo_nftables - - name: "Ensure we drop connections on TCP/1211" - lineinfile: - path: /etc/nftables/tripleo-rules.nft - line: 'add rule inet filter TRIPLEO_INPUT tcp dport { 1211 } ct state new counter drop comment "010 testing action"' - register: line_in_file - - - name: Clean everything nftables related - import_role: - name: tripleo_nftables - tasks_from: cleanup.yml - - - name: Fail if file was changed - when: line_in_file is changed - fail: - msg: "tripleo-rules.nft has been changed, meaning rule generation is wrong." diff --git a/tripleo_ansible/roles/tripleo_nftables/molecule/action/molecule.yml b/tripleo_ansible/roles/tripleo_nftables/molecule/action/molecule.yml deleted file mode 100644 index 900ce1b2c..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/molecule/action/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -log: true - -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - -scenario: - name: action - test_sequence: - - prepare - - converge - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_nftables/molecule/action/prepare.yml b/tripleo_ansible/roles/tripleo_nftables/molecule/action/prepare.yml deleted file mode 100644 index 86b3bed1f..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/molecule/action/prepare.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - vars: - tripleo_nftables_src: /opt/tripleo-firewall - roles: - - role: test_deps - test_deps_extra_packages: - - nftables - - role: env_data - tasks: - - name: Cleanup nftables - ansible.builtin.import_role: - name: tripleo_nftables - tasks_from: cleanup.yml - - name: Create snippet directory - become: true - ansible.builtin.file: - path: /opt/tripleo-firewall - state: directory - - name: Inject snippet for action - become: true - tripleo_nftables_snippet: - dest: /opt/tripleo-firewall/action.yaml - content: | - - rule_name: '000 related established' - rule: - proto: all - state: - - established - - related - - rule_name: '001 local' - rule: - proto: all - interface: lo - state: [] - - rule_name: '010 testing action' - rule: - proto: tcp - dport: 1211 - action: drop diff --git a/tripleo_ansible/roles/tripleo_nftables/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_nftables/molecule/default/converge.yml deleted file mode 100644 index d249d204f..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/molecule/default/converge.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_nftables" - tasks: - - name: Cleanup nftables - import_role: - name: tripleo_nftables - tasks_from: cleanup.yml diff --git a/tripleo_ansible/roles/tripleo_nftables/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_nftables/molecule/default/molecule.yml deleted file mode 100644 index 6e6f966a6..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/molecule/default/molecule.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -log: true - -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - -scenario: - name: default - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_nftables/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_nftables/molecule/default/prepare.yml deleted file mode 100644 index dc15f8d28..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/molecule/default/prepare.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - nftables - - role: env_data - tasks: - - name: Cleanup nftables - import_role: - name: tripleo_nftables - tasks_from: cleanup.yml diff --git a/tripleo_ansible/roles/tripleo_nftables/molecule/destination/converge.yml b/tripleo_ansible/roles/tripleo_nftables/molecule/destination/converge.yml deleted file mode 100644 index ca43c358d..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/molecule/destination/converge.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - tripleo_nftables_src: /opt/tripleo-firewall - roles: - - role: "tripleo_nftables" - tasks: - - name: Cleanup nftables - import_role: - name: tripleo_nftables - tasks_from: cleanup.yml diff --git a/tripleo_ansible/roles/tripleo_nftables/molecule/destination/molecule.yml b/tripleo_ansible/roles/tripleo_nftables/molecule/destination/molecule.yml deleted file mode 100644 index 343f8a14a..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/molecule/destination/molecule.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -log: true - -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - -scenario: - name: destination - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_nftables/molecule/destination/prepare.yml b/tripleo_ansible/roles/tripleo_nftables/molecule/destination/prepare.yml deleted file mode 100644 index 80dfd1445..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/molecule/destination/prepare.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - nftables - - role: env_data - tasks: - - name: Cleanup nftables - vars: - tripleo_nftables_src: /opt/tripleo-firewall - import_role: - name: tripleo_nftables - tasks_from: cleanup.yml - - name: Create snippet directory - become: true - ansible.builtin.file: - path: /opt/tripleo-firewall - state: directory - - name: Push snippet for destination - become: true - tripleo_nftables_snippet: - dest: /opt/tripleo-firewall/destination.yml - content: | - - rule_name: '000 related established' - rule: - proto: all - state: - - established - - related - - rule_name: '001 local' - rule: - proto: all - interface: lo - state: [] - - rule_name: '010 testing destination' - rule: - proto: tcp - destination: "fd00:fd00:fd00:2000::/64" - dport: 1211 diff --git a/tripleo_ansible/roles/tripleo_nftables/molecule/source/converge.yml b/tripleo_ansible/roles/tripleo_nftables/molecule/source/converge.yml deleted file mode 100644 index ca43c358d..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/molecule/source/converge.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - tripleo_nftables_src: /opt/tripleo-firewall - roles: - - role: "tripleo_nftables" - tasks: - - name: Cleanup nftables - import_role: - name: tripleo_nftables - tasks_from: cleanup.yml diff --git a/tripleo_ansible/roles/tripleo_nftables/molecule/source/molecule.yml b/tripleo_ansible/roles/tripleo_nftables/molecule/source/molecule.yml deleted file mode 100644 index 7b99b72cc..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/molecule/source/molecule.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -log: true - -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - -scenario: - name: source - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_nftables/molecule/source/prepare.yml b/tripleo_ansible/roles/tripleo_nftables/molecule/source/prepare.yml deleted file mode 100644 index bd95aee14..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/molecule/source/prepare.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - nftables - - role: env_data - tasks: - - name: Cleanup nftables - import_role: - name: tripleo_nftables - tasks_from: cleanup.yml - - name: Create snippet directory - become: true - ansible.builtin.file: - path: /opt/tripleo-firewall - state: directory - - name: Push snippet for source - become: true - tripleo_nftables_snippet: - dest: /opt/tripleo-firewall/source.yml - content: | - - rule_name: '000 related established' - rule: - proto: all - state: - - established - - related - - rule_name: '001 local' - rule: - proto: all - interface: lo - state: [] - - rule_name: '010 testing source' - rule: - proto: tcp - source: "fd00:fd00:fd00:2000::/64" - dport: 1211 diff --git a/tripleo_ansible/roles/tripleo_nftables/molecule/update_rules/converge.yml b/tripleo_ansible/roles/tripleo_nftables/molecule/update_rules/converge.yml deleted file mode 100644 index 14af74897..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/molecule/update_rules/converge.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - tripleo_nftables_src: /opt/tripleo-firewall - roles: - - role: "tripleo_nftables" - tasks: - - name: Update snippet - become: true - tripleo_nftables_snippet: - dest: /opt/tripleo-firewall/ruleset.yml - content: | - - rule_name: '00 related established' - rule: - proto: all - state: - - related - - established - - rule_name: '01 local link' - rule: - proto: all - interface: lo - state: [] - - rule_name: '02 ssh from all' - rule: - proto: tcp - dport: 22 - - name: Cleanup nftables - ansible.builtin.import_role: - name: tripleo_nftables - tasks_from: cleanup.yml diff --git a/tripleo_ansible/roles/tripleo_nftables/molecule/update_rules/molecule.yml b/tripleo_ansible/roles/tripleo_nftables/molecule/update_rules/molecule.yml deleted file mode 100644 index 6fb40bba4..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/molecule/update_rules/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -log: true - -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - -scenario: - name: update_rules - test_sequence: - - prepare - - converge - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_nftables/molecule/update_rules/prepare.yml b/tripleo_ansible/roles/tripleo_nftables/molecule/update_rules/prepare.yml deleted file mode 100644 index 258aff70c..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/molecule/update_rules/prepare.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - nftables - - role: env_data - tasks: - - name: Cleanup nftables - ansible.builtin.import_role: - name: tripleo_nftables - tasks_from: cleanup.yml - - name: Create snippet directory - become: true - ansible.builtin.file: - path: /opt/tripleo-firewall - state: directory - - name: Inject snippet for action - become: true - tripleo_nftables_snippet: - dest: /opt/tripleo-firewall/ruleset.yml - content: | - - rule_name: '000 related established' - rule: - proto: all - state: - - established - - related - - rule_name: '001 local' - rule: - proto: all - interface: lo - state: [] - - rule_name: '002 ssh' - rule: - proto: tcp - dport: 22 diff --git a/tripleo_ansible/roles/tripleo_nftables/tasks/cleanup.yml b/tripleo_ansible/roles/tripleo_nftables/tasks/cleanup.yml deleted file mode 100644 index 49f0aa784..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/tasks/cleanup.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- name: Execute nftables cleaning tasks as root - become: true - block: - - name: Empty ruleset - ansible.builtin.command: nft flush ruleset - - - name: Remove generated files - ansible.builtin.file: - path: "/etc/nftables/{{ item }}" - state: absent - loop: - - iptables.nft - - tripleo-chains.nft - - tripleo-flushes.nft - - tripleo-jumps.nft - - tripleo-rules.nft - - tripleo-update-jumps.nft - - - name: Clean sysconfig content - ansible.builtin.blockinfile: - path: /etc/sysconfig/nftables.conf - state: absent - backup: false - block: | - include "/etc/nftables/iptables.nft" - include "/etc/nftables/tripleo-chains.nft" - include "/etc/nftables/tripleo-rules.nft" - include "/etc/nftables/tripleo-jumps.nft" - - - name: Remove snippets directory - ansible.builtin.file: - path: "{{ tripleo_nftables_src }}" - state: absent diff --git a/tripleo_ansible/roles/tripleo_nftables/tasks/configure.yml b/tripleo_ansible/roles/tripleo_nftables/tasks/configure.yml deleted file mode 100644 index 6d0b94518..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/tasks/configure.yml +++ /dev/null @@ -1,139 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Basic config steps and basic rules - become: true - block: - - name: Create snipets directory - ansible.builtin.file: - path: "{{ tripleo_nftables_src }}" - state: directory - owner: root - group: root - mode: 0750 - - - name: Push default ruleset snipet - ansible.builtin.copy: - dest: "{{ tripleo_nftables_src }}/tripleo-nftables-base.yaml" - src: 00-base-rules.yaml - -- name: IPtables compatibility layout - become: true - block: - - name: Push empty ruleset - ansible.builtin.copy: - dest: /etc/nftables/iptables.nft - src: iptables.nft - - - name: Load empty ruleset - ansible.builtin.command: nft -f /etc/nftables/iptables.nft - -# Get current nft rules in JSON format, with our iptables compat content. -- name: Get current nftables content - become: true - ansible.builtin.command: nft -j list ruleset - register: nft_current_rules - -- name: Load firewall snippets - become: true - register: tripleo_nftables_rules_list - tripleo_nftables_from_files: - src: "{{ tripleo_nftables_src }}" - -- name: nftables files generation - become: true - when: - - not ansible_check_mode|bool - block: - # Create a dedicated file for jumps - makes easier to manage afterward. - # That one will be loaded upon boot only. - - name: Generate chain jumps - ignore_errors: "{{ ansible_check_mode|bool }}" - vars: - current_nft: "{{ nft_current_rules }}" - nft_is_update: false - tripleo_nftables_rules: "{{ tripleo_nftables_rules_list['rules'] }}" - ansible.builtin.template: - dest: /etc/nftables/tripleo-jumps.nft - src: jump-chain.j2 - - # Create a special "update chain jumps" file, adding just the MISSING - # jumps in the main, default chains. This will avoid useless duplication - # upon update/day-2 operation, since we cannot really flush INPUT and other - # default chains. - - name: Generate chain jumps - ignore_errors: "{{ ansible_check_mode|bool }}" - vars: - current_nft: "{{ nft_current_rules }}" - nft_is_update: true - tripleo_nftables_rules: "{{ tripleo_nftables_rules_list['rules'] }}" - ansible.builtin.template: - dest: /etc/nftables/tripleo-update-jumps.nft - src: jump-chain.j2 - - # Note: we do NOT include this one for boot, since chains are - # already empty! - - name: Generate nft flushes - register: nft_flushes - vars: - tripleo_nftables_rules: "{{ tripleo_nftables_rules_list['rules'] }}" - ansible.builtin.template: - dest: /etc/nftables/tripleo-flushes.nft - src: flush-chain.j2 - - - name: Generate nft tripleo chains - register: nft_chains - vars: - tripleo_nftables_rules: "{{ tripleo_nftables_rules_list['rules'] }}" - ansible.builtin.template: - dest: /etc/nftables/tripleo-chains.nft - src: chains.j2 - - - name: Generate nft ruleset in static file - register: nft_ruleset - vars: - tripleo_nftables_rules: "{{ tripleo_nftables_rules_list['rules'] }}" - ansible.builtin.template: - dest: /etc/nftables/tripleo-rules.nft - src: ruleset.j2 - -# We cannot use the "validate" parameter from the "template" module, since -# we don't load the chains before. So let's validate now, with all the things. -# Remember, the "iptables" compat layout is already loaded at this point. -- name: Validate all of the generated content before loading - when: - - not ansible_check_mode|bool - ansible.builtin.shell: >- - cat /etc/nftables/tripleo-chains.nft - /etc/nftables/tripleo-flushes.nft - /etc/nftables/tripleo-rules.nft - /etc/nftables/tripleo-update-jumps.nft - /etc/nftables/tripleo-jumps.nft | nft -c -f - - -# Order is important here. -# Please keep that in mind in case you want to add some new ruleset in their -# dedicated file! -- name: Ensure we load our different nft rulesets on boot - become: true - ansible.builtin.blockinfile: - path: /etc/sysconfig/nftables.conf - backup: false - validate: nft -c -f %s - block: | - include "/etc/nftables/iptables.nft" - include "/etc/nftables/tripleo-chains.nft" - include "/etc/nftables/tripleo-rules.nft" - include "/etc/nftables/tripleo-jumps.nft" diff --git a/tripleo_ansible/roles/tripleo_nftables/tasks/main.yml b/tripleo_ansible/roles/tripleo_nftables/tasks/main.yml deleted file mode 100644 index 5d8f8302f..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/tasks/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- ansible.builtin.include_tasks: service-bootstrap.yml -- ansible.builtin.include_tasks: configure.yml -- ansible.builtin.include_tasks: run.yml diff --git a/tripleo_ansible/roles/tripleo_nftables/tasks/run.yml b/tripleo_ansible/roles/tripleo_nftables/tasks/run.yml deleted file mode 100644 index 90251c09d..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/tasks/run.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Inject our custom chains in nftables - become: true - ansible.builtin.command: nft -f /etc/nftables/tripleo-chains.nft - -# Load all the ruleset in a single transaction. -# This prevents accidental lock-outs. -- name: Reload custom nftables ruleset files - become: true - ansible.builtin.shell: >- - cat /etc/nftables/tripleo-flushes.nft - /etc/nftables/tripleo-rules.nft - /etc/nftables/tripleo-update-jumps.nft | nft -f - - when: - - nft_ruleset is defined - - nft_ruleset is changed diff --git a/tripleo_ansible/roles/tripleo_nftables/tasks/service-bootstrap.yml b/tripleo_ansible/roles/tripleo_nftables/tasks/service-bootstrap.yml deleted file mode 100644 index a65920fcc..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/tasks/service-bootstrap.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# systemctl will return 0 if enabled, 3 if disabled -- name: Get nftables service state - ansible.builtin.command: systemctl status nftables - register: nftables_status - failed_when: nftables_status.rc not in [0, 3] - -- name: Switch firewall engine - become: true - when: - - nftables_status.rc == 3 - block: - # systemctl will return 0 if success, 1 if unit not found - - name: Ensure legacy iptables services are off - ansible.builtin.command: "systemctl disable --now {{ item }}" - register: ipt_service - failed_when: - - ipt_service.rc not in [0, 1] - loop: - - iptables.service - - ip6tables.service - - - name: Ensure nftables service is enabled and running - ansible.builtin.systemd: - name: nftables - state: started - enabled: true - - - name: Empty nftables from anything that may lay around - ansible.builtin.command: nft flush ruleset diff --git a/tripleo_ansible/roles/tripleo_nftables/templates/chains.j2 b/tripleo_ansible/roles/tripleo_nftables/templates/chains.j2 deleted file mode 100644 index 74c97fd7f..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/templates/chains.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Managed by tripleo-ansible/tripleo_nftables - -{% set chains = namespace(chains=[]) %} -{%- for ruleset in tripleo_nftables_rules %} -{% set rule=ruleset['rule'] %} -{% set chain_key = rule.get('chain', 'INPUT') ~ rule.get('table', 'filter') %} -{%- if chain_key not in chains.chains %} -{%- if 'extras' not in rule or rule['extras'].get('ensure', 'present') in ['enabled', 'present'] %} -# Create chain TRIPLEO_{{ rule.get('chain', 'INPUT') }} in {{rule.get('table', 'filter') }} table -add chain inet {{ rule.get('table', 'filter') }} TRIPLEO_{{ rule.get('chain', 'INPUT') }} -{% endif %} -{% set _ = chains.chains.append(chain_key) %} -{% endif %} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_nftables/templates/destination.j2 b/tripleo_ansible/roles/tripleo_nftables/templates/destination.j2 deleted file mode 100644 index d5c1d7d19..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/templates/destination.j2 +++ /dev/null @@ -1,8 +0,0 @@ -{%- if 'destination' in rule %} -{%- if 'ipversion' in rule and rule['ipversion'] == 'ipv6' or ':' in rule['destination'] %} - ip6 -{%- else %} - ip -{%- endif %} - daddr {{ rule['destination'] }} -{%- endif %} diff --git a/tripleo_ansible/roles/tripleo_nftables/templates/dport.j2 b/tripleo_ansible/roles/tripleo_nftables/templates/dport.j2 deleted file mode 100644 index ed3049158..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/templates/dport.j2 +++ /dev/null @@ -1,19 +0,0 @@ -{%- set ns = namespace(_dport='') %} -{%- if 'dport' in rule %} -{% if rule['dport'] is iterable -%} -{% set ns._dport = rule['dport'] |join(',') -%} -{% else -%} -{% set ns._dport = rule['dport'] -%} -{% endif -%} -{%- endif %} -{#- This is for legacy things - Really, use dport... #} -{%- if 'port' in rule %} -{% if rule['port'] is iterable -%} -{% set ns._dport = rule['port'] |join(',') -%} -{% else -%} -{% set ns._dport = rule['port'] -%} -{% endif -%} -{%- endif %} -{%- if ns._dport != '' %} - {{ rule.get('proto', false)|ternary('', 'tcp ') }}dport { {{ ns._dport |replace(':', '-') }} } -{%- endif %} diff --git a/tripleo_ansible/roles/tripleo_nftables/templates/flush-chain.j2 b/tripleo_ansible/roles/tripleo_nftables/templates/flush-chain.j2 deleted file mode 100644 index 91c1a3a6b..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/templates/flush-chain.j2 +++ /dev/null @@ -1,13 +0,0 @@ -# Managed by tripleo-ansible/tripleo_nftables - -{% set chains = namespace(chains=[]) %} -{%- for ruleset in tripleo_nftables_rules %} -{% set rule=ruleset['rule'] %} -{% set chain_key = rule.get('chain', 'INPUT') ~ rule.get('table', 'filter') %} -{% if chain_key not in chains.chains %} -{% if 'extras' not in rule or rule['extras'].get('ensure', 'present') in ['enabled', 'present'] %} -flush chain inet {{ rule.get('table', 'filter') }} TRIPLEO_{{ rule.get('chain', 'INPUT') }} -{% endif %} -{% set _ = chains.chains.append(chain_key) %} -{% endif %} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_nftables/templates/interface.j2 b/tripleo_ansible/roles/tripleo_nftables/templates/interface.j2 deleted file mode 100644 index b44111214..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/templates/interface.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{%- if 'interface' in rule %} - iifname {{ rule['interface'] }} -{%- endif %} diff --git a/tripleo_ansible/roles/tripleo_nftables/templates/ipversion.j2 b/tripleo_ansible/roles/tripleo_nftables/templates/ipversion.j2 deleted file mode 100644 index a709b0382..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/templates/ipversion.j2 +++ /dev/null @@ -1,4 +0,0 @@ -{# We force everything into the "inet" family so that we cover both - ip and ip6. This also ensures proper compat with iptables-nft. -#} - inet diff --git a/tripleo_ansible/roles/tripleo_nftables/templates/jump-chain.j2 b/tripleo_ansible/roles/tripleo_nftables/templates/jump-chain.j2 deleted file mode 100644 index 19ac6d2e6..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/templates/jump-chain.j2 +++ /dev/null @@ -1,31 +0,0 @@ -# Managed by tripleo-ansible/tripleo_nftables -{% set chains = namespace(chains=[]) %} -{% if nft_is_update|default(false)|bool %} - -{# Add missing jumps only (usually during day-2 operations) #} -{% set existing = (current_nft['stdout']|from_json)['nftables']|map(attribute='rule', default={})|list %} -{% for ruleset in tripleo_nftables_rules %} -{% set rule=ruleset['rule'] %} -{% set query="[? table==`"~rule.get('table', 'filter')~"` && family==`inet` && chain==`"~rule.get('chain', 'INPUT')~"`].expr[*].jump.target" %} -{% set chain_key = rule.get('chain', 'INPUT') ~ rule.get('table', 'filter') %} -{% if chain_key not in chains.chains %} -{% if 'TRIPLEO_'~rule.get('chain', 'INPUT') not in (existing|json_query(query)|flatten) %} -insert rule inet {{ rule.get('table', 'filter') }} {{ rule.get('chain', 'INPUT') }} position 0 jump TRIPLEO_{{ rule.get('chain', 'INPUT') }} -{% endif %} -{% set _ = chains.chains.append(chain_key) %} -{% endif %} -{% endfor %} -{% else %} - -{# Insert all jumps to custom chains (usually during boot) #} -{% for ruleset in tripleo_nftables_rules %} -{% set rule=ruleset['rule'] %} -{% if 'extras' not in rule or rule['extras'].get('ensure', 'present') in ['enabled', 'present'] %} -{% set chain_key = rule.get('chain', 'INPUT') ~ rule.get('table', 'filter') %} -{% if chain_key not in chains.chains %} -insert rule inet {{ rule.get('table', 'filter') }} {{ rule.get('chain', 'INPUT') }} position 0 jump TRIPLEO_{{ rule.get('chain', 'INPUT') }} -{% set _ = chains.chains.append(chain_key) %} -{% endif %} -{% endif %} -{% endfor %} -{% endif %} diff --git a/tripleo_ansible/roles/tripleo_nftables/templates/jump-log.j2 b/tripleo_ansible/roles/tripleo_nftables/templates/jump-log.j2 deleted file mode 100644 index c686f01d8..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/templates/jump-log.j2 +++ /dev/null @@ -1,19 +0,0 @@ - log -{%- if 'group' in rule or 'nft_group' in rule %} - group {{ rule.get('group', rule.get('nft_group')) }} -{%- endif %} -{%- if 'prefix' in rule or 'nft_prefix' in rule %} - prefix "{{ rule.get('prefix', rule.get('nft_prefix')) }}" -{%- endif %} -{%- if 'level' in rule or 'nft_level' in rule%} - level {{ rule.get('level', rule.get('nft_level')) }} -{%- endif %} -{%- if 'flags' in rule or 'nft_flags' in rule%} - flags {{ rule.get('flags', rule.get('nft_flags')) }} -{%- endif %} -{%- if 'queue_threshold' in rule or 'nft_queue_threshold' in rule%} - queue-threshold {{ rule.get('queue_threshold', rule.get('nft_queue_threshold')) }} -{%- endif %} -{%- if 'snaplen' in rule or 'nft_snaplen' in rule %} - snaplen {{ rule.get('snaplen', rule.get('nft_snaplen')) }} -{%- endif %} diff --git a/tripleo_ansible/roles/tripleo_nftables/templates/jump.j2 b/tripleo_ansible/roles/tripleo_nftables/templates/jump.j2 deleted file mode 100644 index 5599da3e3..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/templates/jump.j2 +++ /dev/null @@ -1,16 +0,0 @@ -{%- if 'action' in rule %} -{%- if (rule['action']|lower) not in ['insert', 'append'] %} -{%- set _ = rule.update({'jump': rule['action']}) %} -{%- endif %} -{%- endif %} -{%- if 'jump' in rule %} -{% if (rule['jump']|lower) not in ['accept', 'drop', 'log', 'masquerade', 'notrack', 'return'] %} - jump {{ rule['jump'] }} -{%- elif (rule['jump']|lower) == 'log' %} -{%- include 'templates/jump-log.j2' %} -{%- else %} - {{ rule['jump']|lower }} -{%- endif %} -{%- else %} - accept -{%- endif %} diff --git a/tripleo_ansible/roles/tripleo_nftables/templates/limit.j2 b/tripleo_ansible/roles/tripleo_nftables/templates/limit.j2 deleted file mode 100644 index 2ccfe1b4f..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/templates/limit.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{%- if 'limit' in rule %} - limit rate {{ rule['limit']|regex_replace('([0-9]+)/min', '\\1/minute') }} -{%- endif %} diff --git a/tripleo_ansible/roles/tripleo_nftables/templates/limit_burst.j2 b/tripleo_ansible/roles/tripleo_nftables/templates/limit_burst.j2 deleted file mode 100644 index 1c8b51104..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/templates/limit_burst.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{%- if 'limit_burst' in rule %} - burst {{ rule['limit_burst'] }} packets -{%- endif %} diff --git a/tripleo_ansible/roles/tripleo_nftables/templates/protocol.j2 b/tripleo_ansible/roles/tripleo_nftables/templates/protocol.j2 deleted file mode 100644 index 066e521c3..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/templates/protocol.j2 +++ /dev/null @@ -1,6 +0,0 @@ -{%- if 'proto' in rule and (rule['proto']|lower) != 'all' %} -{%- if (rule['proto']|lower) not in ['tcp', 'udp'] %} - meta l4proto -{%- endif %} - {{ rule['proto']|lower }} -{%- endif %} diff --git a/tripleo_ansible/roles/tripleo_nftables/templates/ruleset.j2 b/tripleo_ansible/roles/tripleo_nftables/templates/ruleset.j2 deleted file mode 100644 index ddc85f19b..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/templates/ruleset.j2 +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/sbin/nft -f -# Managed by tripleo-ansible/tripleo_nftables -# Valid starting nft-0.9.8 - -{% for ruleset in tripleo_nftables_rules %} -{% set rule=ruleset['rule'] %} -{% set name=ruleset['rule_name'] %} -{%- if 'extras' not in rule or rule['extras'].get('ensure', 'present') in ['enabled', 'present'] %} -# {{ rule.get('rule_name', name) }} {{ rule }} -add rule -{%- include 'templates/ipversion.j2' %} - {{ rule.get('table', 'filter') }} TRIPLEO_{{ rule.get('chain', 'INPUT') }} -{%- include 'templates/interface.j2' %} -{%- include 'templates/source.j2' %} -{%- include 'templates/sport.j2' %} -{%- include 'templates/destination.j2' %} -{%- include 'templates/protocol.j2' %} -{%- include 'templates/dport.j2' %} -{%- include 'templates/state.j2' %} -{%- include 'templates/limit.j2' %} -{%- include 'templates/limit_burst.j2' %} - counter -{%- include 'templates/jump.j2' %} - comment "{{rule.get('rule_name', name) }}" -{% endif %} -{% endfor %} - -# Lock down INPUT chains -add chain inet filter INPUT { policy drop; } diff --git a/tripleo_ansible/roles/tripleo_nftables/templates/source.j2 b/tripleo_ansible/roles/tripleo_nftables/templates/source.j2 deleted file mode 100644 index c41eac5d2..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/templates/source.j2 +++ /dev/null @@ -1,8 +0,0 @@ -{%- if 'source' in rule %} -{%- if 'ipversion' in rule and rule['ipversion'] == 'ipv6' or ':' in rule['source'] %} - ip6 -{%- else %} - ip -{%- endif %} - saddr {{ rule['source'] }} -{%- endif %} diff --git a/tripleo_ansible/roles/tripleo_nftables/templates/sport.j2 b/tripleo_ansible/roles/tripleo_nftables/templates/sport.j2 deleted file mode 100644 index d2d40d409..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/templates/sport.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{%- if 'sport' in rule %} - {{ rule.get('proto', false)|ternary('', 'tcp ') }}sport {{ rule['sport'] }} -{%- endif %} diff --git a/tripleo_ansible/roles/tripleo_nftables/templates/state.j2 b/tripleo_ansible/roles/tripleo_nftables/templates/state.j2 deleted file mode 100644 index 307c533fc..000000000 --- a/tripleo_ansible/roles/tripleo_nftables/templates/state.j2 +++ /dev/null @@ -1,7 +0,0 @@ -{%- if 'state' in rule %} -{%- if rule['state']|length > 0 %} - ct state {{ rule['state'] |join(',')|lower }} -{%- endif %} -{%- else %} - ct state new -{%- endif %} diff --git a/tripleo_ansible/roles/tripleo_nodes_validation/defaults/main.yml b/tripleo_ansible/roles/tripleo_nodes_validation/defaults/main.yml deleted file mode 100644 index 89d8f87cd..000000000 --- a/tripleo_ansible/roles/tripleo_nodes_validation/defaults/main.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_nodes_validation" -tripleo_nodes_validation_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_nodes_validation_hide_sensitive_logs: true -tripleo_nodes_validation_ping_test_ips: [] -tripleo_nodes_validation_tripleo_role_name: true -tripleo_nodes_validation_validate_controllers_icmp: true -tripleo_nodes_validation_validate_fqdn: false -tripleo_nodes_validation_validate_gateway_icmp: true -tripleo_nodes_validation_ping_test_gateway_ips: [] diff --git a/tripleo_ansible/roles/tripleo_nodes_validation/meta/main.yml b/tripleo_ansible/roles/tripleo_nodes_validation/meta/main.yml deleted file mode 100644 index 5498120df..000000000 --- a/tripleo_ansible/roles/tripleo_nodes_validation/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_nodes_validation - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_nodes_validation/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_nodes_validation/molecule/default/converge.yml deleted file mode 100644 index 0eefef8ea..000000000 --- a/tripleo_ansible/roles/tripleo_nodes_validation/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_nodes_validation" diff --git a/tripleo_ansible/roles/tripleo_nodes_validation/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_nodes_validation/molecule/default/molecule.yml deleted file mode 100644 index a593806c6..000000000 --- a/tripleo_ansible/roles/tripleo_nodes_validation/molecule/default/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_nodes_validation/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_nodes_validation/molecule/default/prepare.yml deleted file mode 100644 index 30d0a0bf6..000000000 --- a/tripleo_ansible/roles/tripleo_nodes_validation/molecule/default/prepare.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - iputils - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_nodes_validation/tasks/main.yml b/tripleo_ansible/roles/tripleo_nodes_validation/tasks/main.yml deleted file mode 100644 index 4ec918def..000000000 --- a/tripleo_ansible/roles/tripleo_nodes_validation/tasks/main.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Collect default network fact - setup: - gather_subset: - - '!all' - - '!min' - - network - filter: 'ansible_default_ipv4' - -- name: Check Default IPv4 Gateway availability - command: "ping -w 10 -c 5 {{ ansible_facts.default_ipv4.gateway }}" - retries: 10 - delay: 60 - changed_when: false - check_mode: false - register: ping_result - until: ping_result.rc == 0 - when: - - tripleo_nodes_validation_validate_gateway_icmp|bool - - ansible_facts.default_ipv4 is defined - - ansible_facts.default_ipv4.gateway is defined - -# Ping test the gateway IPs before nodes, see RHBZ#1875962 -- name: Check all networks Gateway availability - command: "{{ (':' in gateway_ip) | ternary('ping6', 'ping') }} -w 10 -c 5 {{ gateway_ip }}" - retries: 10 - delay: 60 - loop_control: - loop_var: gateway_ip - loop: "{{ tripleo_nodes_validation_ping_test_gateway_ips }}" - changed_when: false - check_mode: false - register: ping_gw_result - until: ping_gw_result.rc == 0 - when: - - tripleo_nodes_validation_validate_gateway_icmp|bool - - tripleo_nodes_validation_ping_test_gateway_ips | length > 0 - -- name: Check Controllers availability - include_tasks: - file: ping.yml - apply: - check_mode: false - loop_control: - loop_var: controller - loop: "{{ tripleo_nodes_validation_ping_test_ips }}" - when: - - tripleo_nodes_validation_validate_controllers_icmp|bool - - tripleo_nodes_validation_ping_test_ips | length > 0 - -- name: Verify the configured FQDN vs /etc/hosts - shell: | - HOSTNAME=$(hostname) - SHORT_NAME=$(hostname -s) - FQDN_FROM_HOSTS=$(awk '$3 == "'${SHORT_NAME}'"{print $2}' /etc/hosts) - if [[ $HOSTNAME != $FQDN_FROM_HOSTS ]]; then - echo "FAILURE" - echo -e "System hostname: ${HOSTNAME}\nEntry from /etc/hosts: ${FQDN_FROM_HOSTS}\n" - exit 1 - fi - exit 0 - changed_when: false - check_mode: false - when: - - tripleo_nodes_validation_validate_fqdn|bool diff --git a/tripleo_ansible/roles/tripleo_nodes_validation/tasks/ping.yml b/tripleo_ansible/roles/tripleo_nodes_validation/tasks/ping.yml deleted file mode 100644 index e18ff2161..000000000 --- a/tripleo_ansible/roles/tripleo_nodes_validation/tasks/ping.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Set IP options - set_fact: - _ping_cmd: "{{ (':' in controller) | ternary('ping6', 'ping') }}" -- name: Lookup interface information - register: _nic_mtu - shell: | - INT=$(ip ro get {{ controller }} | head -1 | sed -nr "s/.* dev (\w+) .*/\1/p") - MTU=$(cat /sys/class/net/${INT}/mtu 2>/dev/null || echo "0") - echo "$INT $MTU" -- name: Set interface vars - set_fact: - _nic: "{{ _nic_mtu.stdout.split()[0] | default('lo') }}" - _mtu: "{{ _nic_mtu.stdout.split()[1] | default(0) | int - 28 }}" -- name: Network availability validation block - when: - - not ansible_check_mode|bool - - _nic != 'lo' - block: - - name: Check IP responsiveness - command: "{{ _ping_cmd }} -w 10 -c 5 {{ controller }}" - retries: 10 - delay: 60 - changed_when: false - register: ping_result - until: ping_result.rc == 0 - - - name: Validate packet with {{ _mtu }} MTU size can reach controller from {{ _nic }} - command: "{{ _ping_cmd }} -w 10 -s {{ _mtu }} -c 5 {{ controller }}" - retries: 10 - delay: 60 - changed_when: false - register: mtu_ping - until: mtu_ping.rc == 0 - when: _mtu | int > 0 diff --git a/tripleo_ansible/roles/tripleo_nova_compute/defaults/main.yml b/tripleo_ansible/roles/tripleo_nova_compute/defaults/main.yml deleted file mode 100644 index 03758d227..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/defaults/main.yml +++ /dev/null @@ -1,356 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_nova_compute" -tripleo_nova_compute_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_nova_compute_deploy_identifier: "{{ tripleo_deploy_identifier | default('') }}" -tripleo_nova_compute_hide_sensitive_logs: true -tripleo_nova_compute_container_image: "quay.io/tripleomastercentos9/openstack-nova-compute:current-tripleo" # role specific -tripleo_nova_compute_container_nova_libvirt_config_image: "{{ tripleo_nova_libvirt_container_config_image | default(tripleo_nova_compute_container_image) }}" -tripleo_nova_compute_docker_ulimit: ['nofile=131072', 'memlock=67108864'] -tripleo_nova_compute_logging_source: - tag: openstack.nova.compute - file: /var/log/containers/nova/nova-compute.log -tripleo_nova_compute_ceph_config_path: "{{ tripleo_ceph_config_path | default('/var/lib/tripleo-config/ceph') }}" -tripleo_nova_compute_ceph_client_user_name: "{{ tripleo_ceph_client_user_name | default('openstack') }}" -tripleo_nova_compute_enable_internal_tls: "{{ tripleo_enable_internal_tls | default (false) }}" -tripleo_nova_compute_use_tls_transport_for_live_migration: "{{ tripleo_use_tls_transport_for_live_migration | default(true) }}" -tripleo_nova_compute_instance_usage_audit: false -tripleo_nova_compute_instance_usage_audit_period: hour -tripleo_nova_compute_enable_rbd_backend: false # role specific -tripleo_nova_compute_cinder_enable_rbd_backend: "{{ tripleo_cinder_enable_rbd_backend | default(false) }}" -tripleo_nova_compute_ceph_client_key: "{{ tripleo_ceph_client_key | default('') }}" # sensitive data -tripleo_nova_compute_ceph_cluster_fsid: "{{ tripleo_ceph_cluster_fsid | default('') }}" -tripleo_nova_compute_ceph_cluster_name: "{{ tripleo_ceph_cluster_name | default('') }}" -tripleo_nova_compute_cinder_rbd_multi_config: "{{ tripleo_cinder_rbd_multi_config | default({}) }}" -tripleo_nova_compute_type: kvm -tripleo_nova_compute_monitoring_subscription: overcloud-nova-compute -tripleo_nova_compute_migration_ssh_key: > - {{ tripleo_migration_ssh_key | default({"public_key": "", "private_key": ""}) }} -tripleo_nova_compute_migration_ssh_port: "{{ tripleo_migration_ssh_port | default(2022) }}" -tripleo_nova_compute_opt_volumes: [] # role specific -tripleo_nova_compute_opt_env_vars: {} # role specific -tripleo_nova_compute_rbd_disk_cachemodes: "{{ tripleo_rbd_disk_cachemodes | default(['network=writeback']) }}" -tripleo_nova_compute_startup_delay: 0 -tripleo_nova_compute_enable_instance_ha: false -tripleo_nova_compute_rbd_pool_name: vms # role specific -tripleo_nova_compute_cinder_enable_nfs_backend: false -tripleo_nova_compute_mkisofs_cmd: mkisofs # role specific -tripleo_nova_compute_nfs_enabled: false # role specific -tripleo_nova_compute_nfs_share: "" # role specific -tripleo_nova_compute_nfs_options: "context=system_u:object_r:nfs_t:s0" # role specific -tripleo_nova_compute_nfs_version: "4.2" # role specific -tripleo_nova_compute_force_raw_images: true # role specific -tripleo_nova_compute_use_cow_images: true # role specific -tripleo_nova_compute_libvirt_pre_allocate_images: "none" # role specific -tripleo_nova_compute_image_cache_manager_interval: 2400 # role specific -tripleo_nova_compute_image_cache_remove_unused_base_images: true # role specific -tripleo_nova_compute_image_cache_remove_unused_resized_minimum_age: 3600 # role specific -tripleo_nova_compute_image_cache_precache_concurrency: 1 # role specific -# NOTE(bogdando): it defaults to '' in t-h-t, use str2dict? -tripleo_nova_compute_pci_passthrough: {} # role specific -tripleo_nova_compute_cpu_shared_set: [] # role specific -tripleo_nova_compute_cpu_dedicated_set: [] # role specific -tripleo_nova_compute_reserved_host_memory: 4096 # role specific -tripleo_nova_compute_reserved_huge_pages: [] -tripleo_nova_compute_kernel_args: "{{ tripleo_kernel_args | default('') }}" # role specific -tripleo_nova_compute_ovs_dpdk_socket_memory: "{{ tripleo_ovs_dpdk_socket_memory | default('') }}" # role specific -tripleo_nova_compute_verify_glance_signatures: false -tripleo_nova_compute_auto_disabling: 10 -tripleo_nova_compute_neutron_physnet_numa_nodes_mapping: {} # role specific -tripleo_nova_compute_neutron_tunnel_numa_nodes: [] # role specific -tripleo_nova_compute_resume_guests_state_on_host_boot: false # role specific -tripleo_nova_compute_rx_queue_size: 512 # role specific -tripleo_nova_compute_tx_queue_size: 512 # role specific -tripleo_nova_compute_file_backed_memory: 0 # role specific -tripleo_nova_compute_volume_use_multipath: false # role specific -tripleo_nova_compute_hw_machine_type: "x86_64=q35" # role specific -tripleo_nova_compute_additional_cell: false -tripleo_nova_compute_enable_ksm: false # role specific -tripleo_nova_compute_cinder_password: "{{ tripleo_cinder_password | default('') }}" # sensitive, assert not empty -tripleo_nova_compute_keystone_region: regionOne -tripleo_nova_compute_num_pcie_ports: 16 # role specific -tripleo_nova_compute_mem_stats_period_seconds: 10 # role specific -tripleo_nova_compute_live_migration_wait_for_vif_plug: true # role specific -tripleo_nova_compute_live_migration_permit_post_copy: true # role specific -tripleo_nova_compute_live_migration_permit_auto_converge: true # role specific -tripleo_nova_compute_multipathd_enable: "{{ tripleo_multipathd_enable | default(false) }}" # role specific -tripleo_nova_compute_cpu_allocation_ratio: 0.0 # role specific -tripleo_nova_compute_ram_allocation_ratio: 1.0 # role specific -tripleo_nova_compute_disk_allocation_ratio: 0.0 # role specific -tripleo_nova_compute_enable_vtpm: false # role specific -tripleo_nova_compute_max_disk_devices_to_attach: -1 # role specific -tripleo_nova_compute_pmem_mappings: "" # role specific -tripleo_nova_compute_pmem_namespaces: "" # role specific -tripleo_nova_compute_mdev_types: {} # role specific -tripleo_nova_compute_image_cache_ttl: 86400 # role specific -tripleo_nova_compute_disable_irq_balance: false # role specific -tripleo_nova_compute_cpu_mode: host-model # role specific -tripleo_nova_compute_cpu_models: [] # role specific -tripleo_nova_compute_cpu_model_extra_flags: "" # role specific -tripleo_nova_compute_disable_image_download_to_rbd: false # role specific -tripleo_nova_compute_disable_compute_service_check_for_ffu: false -tripleo_nova_compute_statedir_ownership_skip: ["triliovault-mounts"] -tripleo_nova_compute_image_type_exclude_list: [] # role specific -tripleo_nova_compute_libvirt_max_queues: 0 # role specific -tripleo_nova_compute_glance_rbd_pool_name: "{{ tripleo_glance_rbd_pool_name | default('images') }}" -tripleo_nova_compute_glance_multistore_config: "{{ tripleo_glance_multistore_config | default({}) }}" -tripleo_nova_compute_glance_enable_rbd_download: false # role specific -tripleo_nova_compute_glance_rbd_download_multistore_id: "" # role specific -tripleo_nova_compute_glance_backend_id: "{{ tripleo_glance_backend_id | default('default_backend') }}" # role specific -tripleo_nova_compute_glance_rbd_copy_poll_interval: 15 # role specific -tripleo_nova_compute_glance_rbd_copy_timeout: 600 # role specific -tripleo_nova_compute_custom_provider_inventories: {} # role specific -tripleo_nova_compute_vcpu_pin_set: [] # role specific, DEPRECATED -tripleo_nova_compute_vgpu_types_device_addresses_mapping: {} # role specific, DEPRECATED -tripleo_nova_compute_root_stack_name: "{{ tripleo_root_stack_name | default('') }}" # assert not empty -tripleo_nova_compute_auth_cloud_name: "{{ tripleo_auth_cloud_name | default('') }}" # assert not empty -tripleo_nova_compute_libvirt_manage_libvirt_services: false - -tripleo_nova_compute_common_volumes: "{{ tripleo_container_standalone_common_volumes }}" - -tripleo_nova_compute_config_use_ansible: true -tripleo_nova_compute_config_dir: /var/lib/config-data/ansible-generated/nova_libvirt - -tripleo_nova_compute_volumes: - - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro - - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro - - "{{ tripleo_nova_compute_config_dir }}:/var/lib/kolla/config_files/src:ro" - - "{{ tripleo_nova_compute_ceph_config_path }}:/var/lib/kolla/config_files/src-ceph:ro" - - /dev:/dev - - /lib/modules:/lib/modules:ro - - /run:/run - - /etc/iscsi:/etc/iscsi:z - - /var/lib/iscsi:/var/lib/iscsi:z - - /var/lib/libvirt:/var/lib/libvirt:shared - - /sys/class/net:/sys/class/net - - /sys/bus/pci:/sys/bus/pci - - /boot:/boot:ro - - /var/lib/nova:/var/lib/nova:shared - -tripleo_nova_compute_logging_volumes: - - /var/log/containers/nova:/var/log/nova:z - -tripleo_nova_compute_environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - -tripleo_nova_compute_logging_environment: {} - -tripleo_nova_compute_DEFAULT_compute_driver: libvirt.LibvirtDriver -tripleo_nova_compute_DEFAULT_dhcp_domain: '' -tripleo_nova_compute_DEFAULT_force_config_drive: true -tripleo_nova_compute_DEFAULT_host: '{{ ansible_facts["nodename"] }}' -tripleo_nova_compute_DEFAULT_log_dir: /var/log/nova -tripleo_nova_compute_DEFAULT_my_ip: '{{ hostvars[inventory_hostname][service_net_map["nova_api_network"] ~ "_ip"] }}' -tripleo_nova_compute_DEFAULT_preallocate_images: none -tripleo_nova_compute_DEFAULT_report_interval: 10 -tripleo_nova_compute_DEFAULT_rootwrap_config: /etc/nova/rootwrap.conf -tripleo_nova_compute_DEFAULT_rpc_response_timeout: 60 -tripleo_nova_compute_DEFAULT_service_down_time: 60 -tripleo_nova_compute_DEFAULT_ssl_only: false -tripleo_nova_compute_DEFAULT_state_path: /var/lib/nova -tripleo_nova_compute_DEFAULT_sync_power_state_interval: 600 -tripleo_nova_compute_DEFAULT_transport_url: '' -tripleo_nova_compute_DEFAULT_vif_plugging_is_fatal: true -tripleo_nova_compute_DEFAULT_vif_plugging_timeout: 300 -tripleo_nova_compute_cinder_auth_type: v3password -tripleo_nova_compute_cinder_auth_url: '' -tripleo_nova_compute_cinder_catalog_info: volumev3:cinderv3:internalURL -tripleo_nova_compute_cross_az_attach: true -tripleo_nova_compute_cinder_project_domain_name: Default -tripleo_nova_compute_cinder_project_name: service -tripleo_nova_compute_cinder_user_domain_name: Default -tripleo_nova_compute_cinder_username: cinder -tripleo_nova_compute_compute_consecutive_build_service_disable_threshold: 10 -tripleo_nova_compute_compute_cpu_dedicated_set: '' -tripleo_nova_compute_compute_cpu_shared_set: '' -tripleo_nova_compute_compute_live_migration_wait_for_vif_plug: true -tripleo_nova_compute_compute_max_disk_devices_to_attach: '-1' -tripleo_nova_compute_compute_provider_config_location: /etc/nova/provider_config -tripleo_nova_compute_key_manager_backend: nova.keymgr.conf_key_mgr.ConfKeyManager -tripleo_nova_compute_libvirt_enabled_perf_events: '' -tripleo_nova_compute_libvirt_inject_key: false -tripleo_nova_compute_libvirt_inject_partition: '-2' -tripleo_nova_compute_libvirt_inject_password: false -tripleo_nova_compute_libvirt_live_migration_inbound_addr: '{{ hostvars[inventory_hostname]["fqdn_" ~ service_net_map["nova_libvirt_network"]] }}' -tripleo_nova_compute_libvirt_live_migration_permit_auto_converge: true -tripleo_nova_compute_libvirt_live_migration_permit_post_copy: true -tripleo_nova_compute_libvirt_live_migration_tunnelled: false -tripleo_nova_compute_libvirt_live_migration_uri: 'qemu+ssh://nova_migration@s:2022/system?keyfile=/etc/nova/migration/identity' -tripleo_nova_compute_libvirt_virt_type: qemu -tripleo_nova_compute_neutron_default_floating_pool: public -tripleo_nova_compute_neutron_extension_sync_interval: 600 -tripleo_nova_compute_neutron_ovs_bridge: br-int -tripleo_nova_compute_neutron_timeout: 30 -tripleo_nova_compute_neutron_valid_interfaces: internal -tripleo_nova_compute_notifications_notification_format: unversioned -tripleo_nova_compute_notifications_notify_on_state_change: vm_and_task_state -tripleo_nova_compute_oslo_concurrency_lock_path: /var/lib/nova/tmp -tripleo_nova_compute_oslo_messaging_notifications_driver: noop -tripleo_nova_compute_oslo_messaging_notifications_transport_url: '' -tripleo_nova_compute_oslo_messaging_rabbit_heartbeat_timeout_threshold: 60 -tripleo_nova_compute_oslo_messaging_rabbit_ssl: false -tripleo_nova_compute_oslo_policy_enforce_new_defaults: false -tripleo_nova_compute_oslo_policy_enforce_scope: false -tripleo_nova_compute_oslo_policy_policy_file: /etc/nova/policy.yaml -tripleo_nova_compute_placement_api_interface: internal -tripleo_nova_compute_spice_enabled: false -tripleo_nova_compute_vendordata_dynamic_auth_project_domain_name: Default -tripleo_nova_compute_vendordata_dynamic_auth_user_domain_name: Default -tripleo_nova_compute_vif_plug_ovs_ovsdb_connection: '' -tripleo_nova_compute_vnc_enabled: true -tripleo_nova_compute_vncproxy_host: '' # EndpointMap, NovaPublic, host_nobrackets -tripleo_nova_compute_vnc_server_listen: '{{ hostvars[inventory_hostname][service_net_map["nova_libvirt_network"] ~ "_ip"] }}' -tripleo_nova_compute_vncserver_proxyclient_address: '{{ hostvars[inventory_hostname][service_net_map["nova_libvirt_network"] ~ "_ip"] }}' - -# TODO(bogdando): wire-in into aansible config templates -# from t-h-t hiera mappings, and/or user-provided config snippets -tripleo_nova_compute_rbd_libvirt_images_rbd_ceph_conf: /etc/ceph/ + {{ tripleo_nova_compute_ceph_cluster_name }} + .conf -tripleo_nova_compute_rbd_rbd_keyring: client. + {{ tripleo_nova_compute_ceph_client_user_name }} -tripleo_nova_compute_libvirt_migration_support: false -tripleo_nova_compute_migration_client_enabled: true -tripleo_nova_compute_migration_client_ssh_private_key: '' # MigrationSshKey, private_key -# False, if is realtime set, or comes from RoleParametersValue nova_permit_auto_converge/nova_permit_post_copy -tripleo_nova_compute_migration_libvirt_live_migration_permit_auto_converge: false -tripleo_nova_compute_migration_libvirt_live_migration_permit_post_copy: false -tripleo_nova_compute_migration_libvirt_live_migration_tunnelled: false -# from ceph multi-store config, set it via facts and jinja, -# or use direct inputs from user/tht -tripleo_nova_compute_glance_rbd_ceph_conf: {} -tripleo_nova_compute_glance_rbd_user: {} -# from t-h-t EndpointMap, NovaVNCProxyCellPublic, host_nobrackets/port/protocol -# or use direct inputs from user/tht -tripleo_nova_compute_vncproxy_common_vncproxy_host: '' -tripleo_nova_compute_vncproxy_common_vncproxy_port: '' -tripleo_nova_compute_vncproxy_common_vncproxy_protocol: '' - -tripleo_nova_compute_config: - DEFAULT: - compute_driver: '{{ tripleo_nova_compute_DEFAULT_compute_driver }}' - cpu_allocation_ratio: '{{ tripleo_nova_compute_cpu_allocation_ratio }}' - debug: '{{ tripleo_nova_compute_debug }}' - dhcp_domain: '{{ tripleo_nova_compute_DEFAULT_dhcp_domain }}' - disk_allocation_ratio: '{{ tripleo_nova_compute_disk_allocation_ratio }}' - force_config_drive: '{{ tripleo_nova_compute_DEFAULT_force_config_drive }}' - force_raw_images: '{{ tripleo_nova_compute_force_raw_images }}' - host: '{{ tripleo_nova_compute_DEFAULT_host }}' - log_dir: '{{ tripleo_nova_compute_DEFAULT_log_dir }}' - mkisofs_cmd: '{{ tripleo_nova_compute_mkisofs_cmd }}' - my_ip: '{{ tripleo_nova_compute_DEFAULT_my_ip }}' - preallocate_images: '{{ tripleo_nova_compute_DEFAULT_preallocate_images }}' - ram_allocation_ratio: '{{ tripleo_nova_compute_ram_allocation_ratio }}' - report_interval: '{{ tripleo_nova_compute_DEFAULT_report_interval }}' - reserved_host_memory_mb: '{{ tripleo_nova_compute_reserved_host_memory }}' - resume_guests_state_on_host_boot: '{{ tripleo_nova_compute_resume_guests_state_on_host_boot }}' - rootwrap_config: '{{ tripleo_nova_compute_DEFAULT_rootwrap_config }}' - rpc_response_timeout: '{{ tripleo_nova_compute_DEFAULT_rpc_response_timeout }}' - service_down_time: '{{ tripleo_nova_compute_DEFAULT_service_down_time }}' - ssl_only: '{{ tripleo_nova_compute_DEFAULT_ssl_only }}' - state_path: '{{ tripleo_nova_compute_DEFAULT_state_path }}' - sync_power_state_interval: '{{ tripleo_nova_compute_DEFAULT_sync_power_state_interval }}' - transport_url: '{{ tripleo_nova_compute_DEFAULT_transport_url }}' - use_cow_images: '{{ tripleo_nova_compute_use_cow_images }}' - vif_plugging_is_fatal: '{{ tripleo_nova_compute_DEFAULT_vif_plugging_is_fatal }}' - vif_plugging_timeout: '{{ tripleo_nova_compute_DEFAULT_vif_plugging_timeout }}' - cinder: - auth_type: '{{ tripleo_nova_compute_cinder_auth_type }}' - auth_url: '{{ tripleo_nova_compute_cinder_auth_url }}' - catalog_info: '{{ tripleo_nova_compute_cinder_catalog_info }}' - cross_az_attach: '{{ tripleo_nova_compute_cross_az_attach }}' - os_region_name: '{{ tripleo_nova_compute_keystone_region }}' - password: '{{ tripleo_nova_compute_cinder_password }}' - project_domain_name: '{{ tripleo_nova_compute_cinder_project_domain_name }}' - project_name: '{{ tripleo_nova_compute_cinder_project_name }}' - user_domain_name: '{{ tripleo_nova_compute_cinder_user_domain_name }}' - username: '{{ tripleo_nova_compute_cinder_username }}' - compute: - consecutive_build_service_disable_threshold: '{{ tripleo_nova_compute_compute_consecutive_build_service_disable_threshold }}' - cpu_dedicated_set: '{{ tripleo_nova_compute_compute_cpu_dedicated_set }}' - cpu_shared_set: '{{ tripleo_nova_compute_compute_cpu_shared_set }}' - live_migration_wait_for_vif_plug: '{{ tripleo_nova_compute_compute_live_migration_wait_for_vif_plug }}' - max_disk_devices_to_attach: '{{ tripleo_nova_compute_compute_max_disk_devices_to_attach }}' - provider_config_location: '{{ tripleo_nova_compute_compute_provider_config_location }}' - image_cache: - manager_interval: '{{ tripleo_nova_compute_image_cache_manager_interval }}' - precache_concurrency: '{{ tripleo_nova_compute_image_cache_precache_concurrency }}' - remove_unused_base_images: '{{ tripleo_nova_compute_image_cache_remove_unused_base_images }}' - remove_unused_original_minimum_age_seconds: '{{ tripleo_nova_compute_image_cache_ttl }}' - remove_unused_resized_minimum_age_seconds: '{{ tripleo_nova_compute_image_cache_remove_unused_resized_minimum_age }}' - key_manager: - backend: '{{ tripleo_nova_compute_key_manager_backend }}' - libvirt: - cpu_mode: '{{ tripleo_nova_compute_cpu_mode }}' - cpu_model_extra_flags: '{{ tripleo_nova_compute_cpu_model_extra_flags }}' - enabled_perf_events: '{{ tripleo_nova_compute_libvirt_enabled_perf_events }}' - file_backed_memory: '{{ tripleo_nova_compute_file_backed_memory }}' - hw_machine_type: '{{ tripleo_nova_compute_hw_machine_type }}' - inject_key: '{{ tripleo_nova_compute_libvirt_inject_key }}' - inject_partition: '{{ tripleo_nova_compute_libvirt_inject_partition }}' - inject_password: '{{ tripleo_nova_compute_libvirt_inject_password }}' - live_migration_inbound_addr: '{{ tripleo_nova_compute_libvirt_live_migration_inbound_addr }}' - live_migration_permit_auto_converge: '{{ tripleo_nova_compute_libvirt_live_migration_permit_auto_converge }}' - live_migration_permit_post_copy: '{{ tripleo_nova_compute_libvirt_live_migration_permit_post_copy }}' - live_migration_tunnelled: '{{ tripleo_nova_compute_libvirt_live_migration_tunnelled }}' - live_migration_uri: '{{ tripleo_nova_compute_libvirt_live_migration_uri }}' - mem_stats_period_seconds: '{{ tripleo_nova_compute_mem_stats_period_seconds }}' - num_pcie_ports: '{{ tripleo_nova_compute_num_pcie_ports }}' - pmem_namespaces: '{{ tripleo_nova_compute_pmem_mappings }}' - rx_queue_size: '{{ tripleo_nova_compute_rx_queue_size }}' - swtpm_enabled: '{{ tripleo_nova_compute_enable_vtpm }}' - tx_queue_size: '{{ tripleo_nova_compute_tx_queue_size }}' - virt_type: '{{ tripleo_nova_compute_libvirt_virt_type }}' - volume_use_multipath: '{{ tripleo_nova_compute_volume_use_multipath }}' - neutron: - default_floating_pool: '{{ tripleo_nova_compute_neutron_default_floating_pool }}' - extension_sync_interval: '{{ tripleo_nova_compute_neutron_extension_sync_interval }}' - ovs_bridge: '{{ tripleo_nova_compute_neutron_ovs_bridge }}' - timeout: '{{ tripleo_nova_compute_neutron_timeout }}' - valid_interfaces: '{{ tripleo_nova_compute_neutron_valid_interfaces }}' - notifications: - notification_format: '{{ tripleo_nova_compute_notifications_notification_format }}' - notify_on_state_change: '{{ tripleo_nova_compute_notifications_notify_on_state_change }}' - oslo_concurrency: - lock_path: '{{ tripleo_nova_compute_oslo_concurrency_lock_path }}' - oslo_messaging_notifications: - driver: '{{ tripleo_nova_compute_oslo_messaging_notifications_driver }}' - transport_url: '{{ tripleo_nova_compute_oslo_messaging_notifications_transport_url }}' - oslo_messaging_rabbit: - heartbeat_timeout_threshold: '{{ tripleo_nova_compute_oslo_messaging_rabbit_heartbeat_timeout_threshold }}' - ssl: '{{ tripleo_nova_compute_oslo_messaging_rabbit_ssl }}' - oslo_policy: - enforce_new_defaults: '{{ tripleo_nova_compute_oslo_policy_enforce_new_defaults }}' - enforce_scope: '{{ tripleo_nova_compute_oslo_policy_enforce_scope }}' - policy_file: '{{ tripleo_nova_compute_oslo_policy_policy_file }}' - spice: - enabled: '{{ tripleo_nova_compute_spice_enabled }}' - vendordata_dynamic_auth: - project_domain_name: '{{ tripleo_nova_compute_vendordata_dynamic_auth_project_domain_name }}' - user_domain_name: '{{ tripleo_nova_compute_vendordata_dynamic_auth_user_domain_name }}' - vif_plug_ovs: - ovsdb_connection: '{{ tripleo_nova_compute_vif_plug_ovs_ovsdb_connection }}' - vnc: - enabled: '{{ tripleo_nova_compute_vnc_enabled }}' - novncproxy_base_url: '{{ tripleo_nova_compute_vncproxy_host }}' - server_listen: '{{ tripleo_nova_compute_vnc_server_listen }}' - server_proxyclient_address: '{{ tripleo_nova_compute_vncserver_proxyclient_address }}' - workarounds: - disable_compute_service_check_for_ffu: '{{ tripleo_nova_compute_disable_compute_service_check_for_ffu }}' - never_download_image_if_on_rbd: '{{ tripleo_nova_compute_disable_image_download_to_rbd }}' - -tripleo_nova_compute_config_overrides: {} diff --git a/tripleo_ansible/roles/tripleo_nova_compute/files/.gitkeep b/tripleo_ansible/roles/tripleo_nova_compute/files/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/roles/tripleo_nova_compute/files/check-run-nova-compute b/tripleo_ansible/roles/tripleo_nova_compute/files/check-run-nova-compute deleted file mode 100644 index be5c8b2fb..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/files/check-run-nova-compute +++ /dev/null @@ -1,168 +0,0 @@ -#!/usr/bin/env python - -import os -import sys -import time -import inspect -import logging -import argparse -import oslo_config.cfg -import requests.exceptions - -def is_forced_down(connection, hostname): - services = connection.services.list(host=hostname, binary="nova-compute") - for service in services: - if service.forced_down: - return True - return False - -def evacuations_done(connection, hostname): - # Get a list of migrations. - # :param host: (optional) filter migrations by host name. - # :param status: (optional) filter migrations by status. - # :param cell_name: (optional) filter migrations for a cell. - # - migrations = connection.migrations.list(host=hostname) - - print("Checking %d migrations" % len(migrations)) - for migration in migrations: - # print migration.to_dict() - # - # { - # u'status': u'error', - # u'dest_host': None, - # u'new_instance_type_id': 2, - # u'old_instance_type_id': 2, - # u'updated_at': u'2018-04-22T20:55:29.000000', - # u'dest_compute': - # u'overcloud-novacompute-2.localdomain', - # u'migration_type': u'live-migration', - # u'source_node': - # u'overcloud-novacompute-0.localdomain', - # u'id': 8, - # u'created_at': u'2018-04-22T20:52:58.000000', - # u'instance_uuid': - # u'd1c82ce8-3dc5-48db-b59f-854b3b984ef1', - # u'dest_node': - # u'overcloud-novacompute-2.localdomain', - # u'source_compute': - # u'overcloud-novacompute-0.localdomain' - # } - # Acceptable: done, completed, failed - if migration.status in ["running", "accepted", "pre-migrating"]: - return False - return True - -def safe_to_start(connection, hostname): - if is_forced_down(connection, hostname): - print("Waiting for fence-down flag to be cleared") - return False - if not evacuations_done(connection, hostname): - print("Waiting for evacuations to complete or fail") - return False - return True - -def create_nova_connection(options): - try: - from novaclient import client - from novaclient.exceptions import NotAcceptable - except ImportError: - print("Nova not found or not accessible") - sys.exit(1) - - from keystoneauth1 import loading - from keystoneauth1 import session - - # Prefer the oldest and strip the leading 'v' - kwargs = dict( - auth_url=options["auth_url"][0], - username=options["username"][0], - password=options["password"][0], - project_name=options["project_name"][0], - user_domain_name=options["user_domain_name"][0], - project_domain_name=options["project_domain_name"][0], - ) - - loader = loading.get_plugin_loader('password') - keystone_auth = loader.load_from_options(**kwargs) - keystone_session = session.Session(auth=keystone_auth, verify=(not options["insecure"])) - - nova_endpoint_type = 'internalURL' - # We default to internalURL but we allow this to be overridden via - # the [placement]/os_interface key. - if 'os_interface' in options and len(options["os_interface"]) == 1: - nova_endpoint_type = options["os_interface"][0] - # Via https://review.opendev.org/#/c/492247/ os_interface has been deprecated in queens - # and we need to use 'valid_interfaces' which is a: - # "List of interfaces, in order of preference, for endpoint URL. (list value)" - # Since it is not explicitely set in nova.conf we still keep the check for os_interface - elif 'valid_interfaces' in options and len(options["valid_interfaces"]) >= 1: - nova_endpoint_type = options["valid_interfaces"][0] - - # This mimicks the code in novaclient/shell.py - if nova_endpoint_type in ['internal', 'public', 'admin']: - nova_endpoint_type += 'URL' - - if 'region_name' in options: - region = options['region_name'][0] - elif 'os_region_name' in options: - region = options['os_region_name'][0] - else: # We actually try to make a client call even with an empty region - region = None - nova_versions = [ "2.23", "2" ] - for version in nova_versions: - nova = client.Client(version, - region_name=region, - session=keystone_session, auth=keystone_auth, - http_log_debug="verbose" in options, - endpoint_type=nova_endpoint_type) - - try: - nova.hypervisors.list() - return nova - - except NotAcceptable as e: - logging.warning(e) - - except Exception as e: - logging.warning("Nova connection failed. %s: %s" % (e.__class__.__name__, e)) - - print("Couldn't obtain a supported connection to nova, tried: %s\n" % repr(nova_versions)) - return None - - -parser = argparse.ArgumentParser(description='Process some integers.') -parser.add_argument('--config-file', dest='nova_config', action='store', - default="/etc/nova/nova.conf", - help='path to nova configuration (default: /etc/nova/nova.conf)') -parser.add_argument('--nova-binary', dest='nova_binary', action='store', - default="/usr/bin/nova-compute", - help='path to nova compute binary (default: /usr/bin/nova-compute)') -parser.add_argument('--enable-file', dest='enable_file', action='store', - default="/var/lib/nova/instanceha/enabled", - help='file exists if instance HA is enabled on this host '\ - '(default: /var/lib/nova/instanceha/enabled)') - - -sections = {} -(args, remaining) = parser.parse_known_args(sys.argv) - -config = oslo_config.cfg.ConfigParser(args.nova_config, sections) -config.parse() -config.sections["placement"]["insecure"] = 0 -config.sections["placement"]["verbose"] = 1 - -if os.path.isfile(args.enable_file): - connection = None - while not connection: - # Loop in case the control plane is recovering when we run - connection = create_nova_connection(config.sections["placement"]) - if not connection: - time.sleep(10) - - while not safe_to_start(connection, config.sections["DEFAULT"]["host"][0]): - time.sleep(10) - -real_args = [args.nova_binary, '--config-file', args.nova_config] -real_args.extend(remaining[1:]) -os.execv(args.nova_binary, real_args) diff --git a/tripleo_ansible/roles/tripleo_nova_compute/files/delay-nova-compute b/tripleo_ansible/roles/tripleo_nova_compute/files/delay-nova-compute deleted file mode 100644 index c7d226a6e..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/files/delay-nova-compute +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/libexec/platform-python -""" -This wrapper was created to add an optional delay to the startup of nova-compute. -We know that instances will fail to boot, after a compute reboot, if ceph is not -healthy. - -Ideally, we would poll ceph to get its health, but it's not guaranteed that the -compute node will have access to the keys. -""" - -import os -import sys -import time -import logging -import argparse - -parser = argparse.ArgumentParser(description='Process some integers.') -parser.add_argument('--config-file', dest='nova_config', action='store', - default="/etc/nova/nova.conf", - help='path to nova configuration (default: /etc/nova/nova.conf)') -parser.add_argument('--nova-binary', dest='nova_binary', action='store', - default="/usr/bin/nova-compute", - help='path to nova compute binary (default: /usr/bin/nova-compute)') -parser.add_argument('--delay', dest='delay', action='store', - default=120, type=int, - help='Number of seconds to wait until nova-compute is started') -parser.add_argument('--state-file', dest='state_file', action='store', - default="/run/nova-compute-delayed", - help='file exists if we already delayed nova-compute startup'\ - '(default: /run/nova-compute-delayed)') - - -sections = {} -(args, remaining) = parser.parse_known_args(sys.argv) - -real_args = [args.nova_binary, '--config-file', args.nova_config] -real_args.extend(remaining[1:]) - -if not os.path.isfile(args.state_file): - logging.info("Delaying nova-compute startup by %s seconds" % args.delay) - time.sleep(args.delay) - open(args.state_file, 'a').close() - -logging.info("Executing %s" % real_args) -os.execv(args.nova_binary, real_args) diff --git a/tripleo_ansible/roles/tripleo_nova_compute/files/nova_statedir_ownership.py b/tripleo_ansible/roles/tripleo_nova_compute/files/nova_statedir_ownership.py deleted file mode 100644 index 727822eb7..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/files/nova_statedir_ownership.py +++ /dev/null @@ -1,247 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2018 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -import logging -import os -import pwd -import selinux -import stat -import sys - -debug = os.getenv('__OS_DEBUG', 'false') - -if debug.lower() == 'true': - loglevel = logging.DEBUG -else: - loglevel = logging.INFO - -logging.basicConfig(stream=sys.stdout, level=loglevel) -LOG = logging.getLogger('nova_statedir') - - -class PathManager(object): - """Helper class to manipulate ownership of a given path""" - def __init__(self, path): - self.path = path - self.uid = None - self.gid = None - self.is_dir = None - self.secontext = None - self._update() - - def _update(self): - try: - statinfo = os.stat(self.path) - self.is_dir = stat.S_ISDIR(statinfo.st_mode) - self.uid = statinfo.st_uid - self.gid = statinfo.st_gid - self.secontext = selinux.lgetfilecon(self.path)[1] - except Exception: - LOG.exception('Could not update metadata for %s', self.path) - raise - - def __str__(self): - return "uid: {} gid: {} path: {}{}".format( - self.uid, - self.gid, - self.path, - '/' if self.is_dir else '' - ) - - def has_owner(self, uid, gid): - return self.uid == uid and self.gid == gid - - def has_either(self, uid, gid): - return self.uid == uid or self.gid == gid - - def chown(self, uid, gid): - target_uid = -1 - target_gid = -1 - if self.uid != uid: - target_uid = uid - if self.gid != gid: - target_gid = gid - if (target_uid, target_gid) != (-1, -1): - LOG.info('Changing ownership of %s from %d:%d to %d:%d', - self.path, - self.uid, - self.gid, - self.uid if target_uid == -1 else target_uid, - self.gid if target_gid == -1 else target_gid) - try: - os.chown(self.path, target_uid, target_gid) - self._update() - except Exception: - LOG.exception('Could not change ownership of %s: ', - self.path) - raise - else: - LOG.info('Ownership of %s already %d:%d', - self.path, - uid, - gid) - - def chcon(self, context): - # If dir returns whether to recusively set context - try: - try: - selinux.lsetfilecon(self.path, context) - LOG.info('Setting selinux context of %s to %s', - self.path, context) - return True - except OSError as e: - if self.is_dir and e.errno == 95: - # Operation not supported, assume NFS mount and skip - LOG.info('Setting selinux context not supported for %s', - self.path) - return False - else: - raise - except Exception: - LOG.exception('Could not set selinux context of %s to %s:', - self.path, context) - raise - - -class NovaStatedirOwnershipManager(object): - """Class to manipulate the ownership of the nova statedir (/var/lib/nova). - - The nova uid/gid differ on the host and container images. An upgrade - that switches from host systemd services to docker requires a change in - ownership. Previously this was a naive recursive chown, however this - causes issues if nova instance are shared via an NFS mount: any open - filehandles in qemu/libvirt fail with an I/O error (LP1778465). - - Instead the upgrade/FFU ansible tasks now lay down a marker file when - stopping and disabling the host systemd services. We use this file to - determine the host nova uid/gid. We then walk the tree and update any - files that have the host uid/gid to the docker nova uid/gid. As files - owned by root/qemu etc... are ignored this avoids the issues with open - filehandles. The marker is removed once the tree has been walked. - - For subsequent runs, or for a new deployment, we simply ensure that the - docker nova user/group owns all directories. This is required as the - directories are created with root ownership in host_prep_tasks (the - docker nova uid/gid is not known in this context). - """ - def __init__(self, statedir, upgrade_marker='upgrade_marker', - nova_user='nova', secontext_marker='../_nova_secontext', - exclude_paths=None): - self.statedir = statedir - self.nova_user = nova_user - - self.upgrade_marker_path = os.path.join(statedir, upgrade_marker) - self.secontext_marker_path = os.path.normpath(os.path.join(statedir, secontext_marker)) - self.upgrade = os.path.exists(self.upgrade_marker_path) - - self.exclude_paths = [self.upgrade_marker_path] - if exclude_paths is not None: - for p in exclude_paths: - if not p.startswith(os.path.sep): - p = os.path.join(self.statedir, p) - self.exclude_paths.append(p) - - self.target_uid, self.target_gid = self._get_nova_ids() - self.previous_uid, self.previous_gid = self._get_previous_nova_ids() - self.id_change = (self.target_uid, self.target_gid) != \ - (self.previous_uid, self.previous_gid) - self.target_secontext = self._get_secontext() - - def _get_nova_ids(self): - nova_uid, nova_gid = pwd.getpwnam(self.nova_user)[2:4] - return nova_uid, nova_gid - - def _get_previous_nova_ids(self): - if self.upgrade: - statinfo = os.stat(self.upgrade_marker_path) - return statinfo.st_uid, statinfo.st_gid - else: - return self._get_nova_ids() - - def _get_secontext(self): - if os.path.exists(self.secontext_marker_path): - return selinux.lgetfilecon(self.secontext_marker_path)[1] - else: - return None - - def _walk(self, top, chcon=True): - for f in os.listdir(top): - pathname = os.path.join(top, f) - - if pathname in self.exclude_paths: - continue - - try: - pathinfo = PathManager(pathname) - LOG.info("Checking %s", pathinfo) - if pathinfo.is_dir: - # Always chown the directories - pathinfo.chown(self.target_uid, self.target_gid) - chcon_r = chcon - if chcon: - chcon_r = pathinfo.chcon(self.target_secontext) - self._walk(pathname, chcon_r) - elif self.id_change: - # Only chown files if it's an upgrade and the file is owned by - # the host nova uid/gid - pathinfo.chown( - self.target_uid if pathinfo.uid == self.previous_uid - else pathinfo.uid, - self.target_gid if pathinfo.gid == self.previous_gid - else pathinfo.gid - ) - if chcon: - pathinfo.chcon(self.target_secontext) - except Exception: - # Likely to have been caused by external systems - # interacting with this directory tree, - # especially on NFS e.g snapshot dirs. - # Just ignore it and continue on to the next entry - continue - - def run(self): - LOG.info('Applying nova statedir ownership') - LOG.info('Target ownership for %s: %d:%d', - self.statedir, - self.target_uid, - self.target_gid) - - pathinfo = PathManager(self.statedir) - LOG.info("Checking %s", pathinfo) - pathinfo.chown(self.target_uid, self.target_gid) - chcon = self.target_secontext is not None - - if chcon: - pathinfo.chcon(self.target_secontext) - - self._walk(self.statedir, chcon) - - if self.upgrade: - LOG.info('Removing upgrade_marker %s', - self.upgrade_marker_path) - os.unlink(self.upgrade_marker_path) - - LOG.info('Nova statedir ownership complete') - - -def get_exclude_paths(): - exclude_paths = os.environ.get('NOVA_STATEDIR_OWNERSHIP_SKIP') - if exclude_paths is not None: - exclude_paths = exclude_paths.split(os.pathsep) - return exclude_paths - - -if __name__ == '__main__': - NovaStatedirOwnershipManager('/var/lib/nova', exclude_paths=get_exclude_paths()).run() diff --git a/tripleo_ansible/roles/tripleo_nova_compute/files/nova_wait_for_compute_service.yaml b/tripleo_ansible/roles/tripleo_nova_compute/files/nova_wait_for_compute_service.yaml deleted file mode 100644 index bad736335..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/files/nova_wait_for_compute_service.yaml +++ /dev/null @@ -1,10 +0,0 @@ -command: python3 /container-config-scripts/nova_wait_for_compute_service.py -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true -permissions: - - path: /var/log/nova - owner: nova:nova - recurse: true diff --git a/tripleo_ansible/roles/tripleo_nova_compute/files/tests/test_nova_statedir_ownership.py b/tripleo_ansible/roles/tripleo_nova_compute/files/tests/test_nova_statedir_ownership.py deleted file mode 100644 index 34576fd68..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/files/tests/test_nova_statedir_ownership.py +++ /dev/null @@ -1,426 +0,0 @@ -# -# Copyright 2018 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from unittest import mock - -import contextlib -import os -from os import stat as orig_stat -import stat -import sys - -from oslotest import base - - -class FakeSelinux(object): - @staticmethod - def lgetfilecon(path): - pass - - @staticmethod - def lsetfilecon(path, context): - pass - - -sys.modules["selinux"] = FakeSelinux - -from container_config_scripts.nova_statedir_ownership import get_exclude_paths # noqa: E402 -from container_config_scripts.nova_statedir_ownership import \ - NovaStatedirOwnershipManager # noqa: E402 -from container_config_scripts.nova_statedir_ownership import PathManager # noqa: E402 - -# Real chown would require root, so in order to test this we need to fake -# all of the methods that interact with the filesystem - -current_uid = 100 -current_gid = 100 - - -class FakeStatInfo(object): - def __init__(self, st_mode, st_uid, st_gid): - self.st_mode = st_mode - self.st_uid = st_uid - self.st_gid = st_gid - - def get_ids(self): - return (self.st_uid, self.st_gid) - - -def generate_testtree1(nova_uid, nova_gid): - return { - '/var/lib/nova': { - 'stat': FakeStatInfo(st_mode=stat.S_IFDIR, - st_uid=nova_uid, - st_gid=nova_gid), - 'nfs': False, - }, - '/var/lib/_nova_secontext': { - 'stat': FakeStatInfo(st_mode=stat.S_IFDIR, - st_uid=nova_uid, - st_gid=nova_gid), - 'nfs': False, - }, - - '/var/lib/nova/instances': { - 'stat': FakeStatInfo(st_mode=stat.S_IFDIR, - st_uid=nova_uid, - st_gid=nova_gid), - 'nfs': False, - }, - '/var/lib/nova/instances/removeddir': { - 'stat': FakeStatInfo(st_mode=stat.S_IFDIR, - st_uid=nova_uid, - st_gid=nova_gid), - 'nfs': False, - 'removed_when': 'listdir' - }, - '/var/lib/nova/instances/removedfile': { - 'stat': FakeStatInfo(st_mode=stat.S_IFREG, - st_uid=0, - st_gid=nova_gid), - 'nfs': False, - 'removed_when': 'lgetfilecon' - }, - '/var/lib/nova/instances/removedfile2': { - 'stat': FakeStatInfo(st_mode=stat.S_IFREG, - st_uid=0, - st_gid=nova_gid), - 'nfs': False, - 'removed_when': 'lsetfilecon' - }, - '/var/lib/nova/instances/removedfile3': { - 'nfs': False, - 'removed_when': 'stat' - }, - - '/var/lib/nova/instances/removeddir2': { - 'stat': FakeStatInfo(st_mode=stat.S_IFDIR, - st_uid=nova_uid, - st_gid=nova_gid), - 'nfs': False, - 'removed_when': 'lsetfilecon' - }, - '/var/lib/nova/instances/foo': { - 'stat': FakeStatInfo(st_mode=stat.S_IFDIR, - st_uid=nova_uid, - st_gid=nova_gid), - 'nfs': True, - }, - '/var/lib/nova/instances/foo/bar': { - 'stat': FakeStatInfo(st_mode=stat.S_IFREG, - st_uid=0, - st_gid=0), - 'nfs': True, - }, - '/var/lib/nova/instances/foo/baz': { - 'stat': FakeStatInfo(st_mode=stat.S_IFREG, - st_uid=nova_uid, - st_gid=nova_gid), - 'nfs': True, - }, - '/var/lib/nova/instances/foo/removeddir': { - 'stat': FakeStatInfo(st_mode=stat.S_IFDIR, - st_uid=nova_uid, - st_gid=nova_gid), - 'nfs': True, - 'removed_when': 'listdir' - }, - '/var/lib/nova/instances/foo/removeddir2': { - 'stat': FakeStatInfo(st_mode=stat.S_IFDIR, - st_uid=0, - st_gid=nova_gid), - 'nfs': True, - 'removed_when': 'chown' - }, - '/var/lib/nova/instances/foo/abc': { - 'stat': FakeStatInfo(st_mode=stat.S_IFREG, - st_uid=0, - st_gid=nova_gid), - 'nfs': True, - }, - '/var/lib/nova/instances/foo/def': { - 'stat': FakeStatInfo(st_mode=stat.S_IFREG, - st_uid=nova_uid, - st_gid=0), - 'nfs': True, - }, - } - - -def generate_testtree2(marker_uid, marker_gid, *args, **kwargs): - tree = generate_testtree1(*args, **kwargs) - tree.update({ - '/var/lib/nova/upgrade_marker': { - 'stat': FakeStatInfo(st_mode=stat.S_IFREG, - st_uid=marker_uid, - st_gid=marker_gid), - 'nfs': False, - } - }) - return tree - - -def check_removed(path, op, testtree): - if op == testtree.get(path, {}).get('removed_when', ''): - raise OSError(2, 'No such file or directory: ' + path) - - -def generate_fake_stat(testtree): - def fake_stat(path): - check_removed(path, 'stat', testtree) - if path.startswith('/var'): - return testtree.get(path, {}).get('stat') - else: - # Tracebacks need to use the real stat - return orig_stat(path) - return fake_stat - - -def generate_fake_chown(testtree): - def fake_chown(path, uid, gid): - check_removed(path, 'chown', testtree) - if uid != -1: - testtree[path]['stat'].st_uid = uid - if gid != -1: - testtree[path]['stat'].st_gid = gid - return fake_chown - - -def generate_fake_exists(testtree): - def fake_exists(path): - check_removed(path, 'exists', testtree) - return path in testtree - return fake_exists - - -def generate_fake_listdir(testtree): - def fake_listdir(path): - check_removed(path, 'listdir', testtree) - path_parts = path.split('/') - for entry in testtree: - entry_parts = entry.split('/') - if (entry_parts[:len(path_parts)] == path_parts - and len(entry_parts) == len(path_parts) + 1): - yield entry - return fake_listdir - - -def generate_fake_unlink(testtree): - def fake_unlink(path): - check_removed(path, 'unlink', testtree) - del testtree[path] - return fake_unlink - - -def generate_fake_lgetfilecon(testtree): - def fake_lgetfilecon(path): - check_removed(path, 'lgetfilecon', testtree) - - -def generate_fake_lsetfilecon(testtree): - def fake_lsetfilecon(path, context): - check_removed(path, 'lsetfilecon', testtree) - if testtree[path]['nfs']: - raise OSError(95, 'Operation not supported') - - -@contextlib.contextmanager -def fake_testtree(testtree): - fake_stat = generate_fake_stat(testtree) - fake_chown = generate_fake_chown(testtree) - fake_exists = generate_fake_exists(testtree) - fake_listdir = generate_fake_listdir(testtree) - fake_unlink = generate_fake_unlink(testtree) - fake_lsetfilecon = generate_fake_lsetfilecon(testtree) - fake_lgetfilecon = generate_fake_lgetfilecon(testtree) - with mock.patch('os.chown', - side_effect=fake_chown) as fake_chown: - with mock.patch('os.path.exists', - side_effect=fake_exists) as fake_exists: - with mock.patch('os.listdir', - side_effect=fake_listdir) as fake_listdir: - with mock.patch('pwd.getpwnam', - return_value=(0, 0, current_uid, current_gid)): - with mock.patch('os.stat', - side_effect=fake_stat) as fake_stat: - with mock.patch( - 'os.unlink', - side_effect=fake_unlink - ) as fake_unlink: - with mock.patch( - 'selinux.lgetfilecon', - side_effect=fake_lgetfilecon, - return_value=[10, 'newcontext'] - ) as fake_lgetfilecon: - with mock.patch( - 'selinux.lsetfilecon', - side_effect=fake_lsetfilecon, - ) as fake_lsetfilecon: - yield (fake_chown, - fake_exists, - fake_listdir, - fake_stat, - fake_unlink, - fake_lgetfilecon, - fake_lsetfilecon) - - -def assert_ids(testtree, path, uid, gid): - statinfo = testtree[path]['stat'] - assert (uid, gid) == (statinfo.st_uid, statinfo.st_gid), \ - "{}: expected ownership {}:{} actual {}:{}".format( - path, uid, gid, statinfo.st_uid, statinfo.st_gid - ) - - -class PathManagerCase(base.BaseTestCase): - def test_file(self): - testtree = generate_testtree1(current_uid, current_gid) - - with fake_testtree(testtree): - pathinfo = PathManager('/var/lib/nova/instances/foo/baz') - self.assertTrue(pathinfo.has_owner(current_uid, current_gid)) - self.assertTrue(pathinfo.has_either(current_uid, 0)) - self.assertTrue(pathinfo.has_either(0, current_gid)) - self.assertFalse(pathinfo.is_dir) - self.assertEqual(str(pathinfo), 'uid: {} gid: {} path: {}'.format( - current_uid, current_gid, '/var/lib/nova/instances/foo/baz' - )) - - def test_dir(self): - testtree = generate_testtree1(current_uid, current_gid) - - with fake_testtree(testtree): - pathinfo = PathManager('/var/lib/nova') - self.assertTrue(pathinfo.has_owner(current_uid, current_gid)) - self.assertTrue(pathinfo.has_either(current_uid, 0)) - self.assertTrue(pathinfo.has_either(0, current_gid)) - self.assertTrue(pathinfo.is_dir) - self.assertEqual(str(pathinfo), 'uid: {} gid: {} path: {}'.format( - current_uid, current_gid, '/var/lib/nova/' - )) - - def test_chown(self): - testtree = generate_testtree1(current_uid, current_gid) - - with fake_testtree(testtree): - pathinfo = PathManager('/var/lib/nova/instances/foo/baz') - self.assertTrue(pathinfo.has_owner(current_uid, current_gid)) - pathinfo.chown(current_uid + 1, current_gid) - assert_ids(testtree, pathinfo.path, current_uid + 1, current_gid) - - def test_chgrp(self): - testtree = generate_testtree1(current_uid, current_gid) - - with fake_testtree(testtree): - pathinfo = PathManager('/var/lib/nova/instances/foo/baz') - self.assertTrue(pathinfo.has_owner(current_uid, current_gid)) - pathinfo.chown(current_uid, current_gid + 1) - assert_ids(testtree, pathinfo.path, current_uid, current_gid + 1) - - def test_chown_chgrp(self): - testtree = generate_testtree1(current_uid, current_gid) - - with fake_testtree(testtree): - pathinfo = PathManager('/var/lib/nova/instances/foo/baz') - self.assertTrue(pathinfo.has_owner(current_uid, current_gid)) - pathinfo.chown(current_uid + 1, current_gid + 1) - assert_ids(testtree, pathinfo.path, - current_uid + 1, current_gid + 1) - - -class NovaStatedirOwnershipManagerTestCase(base.BaseTestCase): - def test_no_upgrade_marker(self): - testtree = generate_testtree1(current_uid, current_gid) - - with fake_testtree(testtree) as (fake_chown, _, _, _, _, _, fake_lsetfilecon): - NovaStatedirOwnershipManager('/var/lib/nova').run() - fake_chown.assert_called_once_with('/var/lib/nova/instances/foo/removeddir2', 100, -1) - fake_lsetfilecon.assert_any_call('/var/lib/nova', 'newcontext') - fake_lsetfilecon.assert_any_call('/var/lib/nova/instances/foo', 'newcontext') - chcon_paths = [x[0][0] for x in fake_lsetfilecon.call_args_list] - self.assertNotIn('/var/lib/nova/instances/foo/bar', chcon_paths) - - def test_upgrade_marker_no_id_change(self): - testtree = generate_testtree2(current_uid, - current_gid, - current_uid, - current_gid) - - with fake_testtree(testtree) as (fake_chown, _, _, _, fake_unlink, _, _): - NovaStatedirOwnershipManager('/var/lib/nova').run() - fake_chown.assert_called_once_with('/var/lib/nova/instances/foo/removeddir2', 100, -1) - fake_unlink.assert_called_with('/var/lib/nova/upgrade_marker') - - def test_upgrade_marker_id_change(self): - other_uid = current_uid + 1 - other_gid = current_gid + 1 - testtree = generate_testtree2(other_uid, - other_gid, - other_uid, - other_gid) - - # Determine which paths should change uid/gid - expected_changes = {} - for k, v in testtree.items(): - if k == '/var/lib/nova/upgrade_marker': - # Ignore the marker, it should be deleted - continue - if k == '/var/lib/_nova_secontext': - # Ignore, outside tree - continue - if testtree[k].get('removed_when', False): - # Ignore, deleted - continue - v = v['stat'] - if v.st_uid == other_uid or v.st_gid == other_gid: - expected_changes[k] = ( - current_uid if v.st_uid == other_uid else v.st_uid, - current_gid if v.st_gid == other_gid else v.st_gid - ) - - with fake_testtree(testtree) as (_, _, _, _, fake_unlink, _, _): - NovaStatedirOwnershipManager('/var/lib/nova').run() - for fn, expected in expected_changes.items(): - assert_ids(testtree, fn, expected[0], expected[1]) - fake_unlink.assert_called_with('/var/lib/nova/upgrade_marker') - - def test_exclude_path(self): - testtree = generate_testtree1(current_uid, current_gid) - - with fake_testtree(testtree) as ( - fake_chown, _, fake_listdir, fake_stat, _, _, _): - manager = NovaStatedirOwnershipManager( - '/var/lib/nova', - exclude_paths=['instances/foo/bar', '/var/lib/nova/instances/foo/removeddir'] - ) - manager.run() - self.assertIn('/var/lib/nova/instances/foo/bar', manager.exclude_paths) - self.assertIn('/var/lib/nova/instances/foo/removeddir', manager.exclude_paths) - self.assertNotIn(mock.call('/var/lib/nova/instances/foo/bar'), fake_stat.call_args_list) - self.assertNotIn(mock.call('/var/lib/nova/instances/foo/bar'), fake_chown.call_args_list) - self.assertNotIn(mock.call('/var/lib/nova/instances/foo/removeddir'), fake_stat.call_args_list) - self.assertNotIn(mock.call('/var/lib/nova/instances/foo/removeddir'), fake_chown.call_args_list) - self.assertNotIn(mock.call('/var/lib/nova/instances/foo/removeddir'), fake_listdir.call_args_list) - - @mock.patch.dict(os.environ, {'NOVA_STATEDIR_OWNERSHIP_SKIP': 'foo:bar:foo/bar/baz'}) - def test_get_exclude_paths(self): - expected = [ - 'foo', - 'bar', - 'foo/bar/baz' - ] - exclude_paths = get_exclude_paths() - self.assertEqual(exclude_paths, expected) diff --git a/tripleo_ansible/roles/tripleo_nova_compute/handlers/main.yml b/tripleo_ansible/roles/tripleo_nova_compute/handlers/main.yml deleted file mode 100644 index 1e554d468..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/handlers/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Remove nova_compute_config container - shell: podman rm -f nova_compute_config diff --git a/tripleo_ansible/roles/tripleo_nova_compute/meta/main.yml b/tripleo_ansible/roles/tripleo_nova_compute/meta/main.yml deleted file mode 100644 index bf7cc7e40..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: TripleO OpenStack Role -- tripleo_nova_compute - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - namespace: openstack - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_nova_compute/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_nova_compute/molecule/default/converge.yml deleted file mode 100644 index 46dc8259b..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_nova_compute" diff --git a/tripleo_ansible/roles/tripleo_nova_compute/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_nova_compute/molecule/default/molecule.yml deleted file mode 100644 index 20d7e2005..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_nova_compute/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_nova_compute/molecule/default/prepare.yml deleted file mode 100644 index 89a9fac71..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/molecule/default/prepare.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps diff --git a/tripleo_ansible/roles/tripleo_nova_compute/tasks/configure.yml b/tripleo_ansible/roles/tripleo_nova_compute/tasks/configure.yml deleted file mode 100644 index 1e003ee92..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/tasks/configure.yml +++ /dev/null @@ -1,131 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: manage PMEM namespaces for vPMEM - include_role: - name: tripleo_nvdimm - when: tripleo_nova_compute_pmem_namespaces # not a bool - -- name: manage OS version 9 specific sysctls - when: - - ansible_facts['os_family'] == 'RedHat' - - ansible_facts['distribution_major_version'] is version('9', '==') - block: - - name: Enable post-copy by setting unprivileged_userfaultfd - sysctl: - name: "vm.unprivileged_userfaultfd" - value: 1 - sysctl_set: true - sysctl_file: /etc/sysctl.d/99-tripleo-postcopy.conf - state: present - reload: true - -- name: enable/disable ksm - block: - - name: disable KSM on compute - when: not tripleo_nova_compute_enable_ksm|bool - block: - - name: Check for ksm - shell: systemctl is-active ksm.service || systemctl is-enabled ksm.service - become: true - failed_when: false - register: ksm_service_check - - - name: disable KSM services - service: - name: "{{ item }}" - state: stopped - enabled: false - with_items: - - ksm.service - - ksmtuned.service - when: - - not ansible_check_mode - - ksm_service_check.rc is defined - - ksm_service_check.rc == 0 - register: ksmdisabled - - # When KSM is disabled, any memory pages that were shared prior to - # deactivating KSM are still shared. To delete all of the PageKSM - # in the system, we use: - - name: delete PageKSM after disable ksm on compute - command: echo 2 >/sys/kernel/mm/ksm/run - when: - - ksm_service_check.rc is defined - - ksm_service_check.rc == 0 - - ksmdisabled is changed - - - name: enable KSM on compute - when: tripleo_nova_compute_enable_ksm|bool - block: - - name: make sure package providing ksmtuned is installed (RHEL8 or CentOS8) - package: - name: qemu-kvm-common - state: present - when: - - ansible_facts['distribution_major_version'] is version('8', '==') - - - name: enable ksmtunded - service: - name: "{{ item }}" - state: started - enabled: true - with_items: - - ksm.service - - ksmtuned.service - -- name: Configure nova.conf - when: tripleo_nova_compute_config_use_ansible - block: - - name: Ensure {{ tripleo_nova_compute_config_dir }}/etc/nova exists - file: - path: "{{ tripleo_nova_compute_config_dir }}/etc/nova" - state: directory - recurse: true - - - name: Remove nova_compute_config container if exists - shell: | - podman rm -f nova_compute_config || : - - - name: Run nova_compute_config container - shell: podman run --detach --name nova_compute_config {{ tripleo_nova_compute_container_nova_libvirt_config_image }} sleep infinity - register: config_container_id - - - name: Copy initial config files from nova_libvirt_config container - shell: | - mount_dir=$(podman mount nova_compute_config) - cp -a ${mount_dir}/etc/nova/nova.conf {{ tripleo_nova_compute_config_dir }}/etc/nova/nova.conf - failed_when: false - notify: Remove nova_compute_config container - register: copy_config_files - - - name: Check for failure - debug: - msg: | - Copying config files failed - {{ copy_config_files.stdout }} - {{ copy_config_files.stderr }} - when: - - copy_config_files.rc != 0 - failed_when: true - - - name: Configure nova.conf - config_template: - remote_src: true - src: "{{ tripleo_nova_compute_config_dir }}/etc/nova/nova.conf" - dest: "{{ tripleo_nova_compute_config_dir }}/etc/nova/nova.conf" - config_type: ini - config_overrides: "{{ tripleo_nova_compute_config | combine(tripleo_nova_compute_config_overrides, recursive=True) }}" diff --git a/tripleo_ansible/roles/tripleo_nova_compute/tasks/externaldeploy.yml b/tripleo_ansible/roles/tripleo_nova_compute/tasks/externaldeploy.yml deleted file mode 100644 index 5ed769ce6..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/tasks/externaldeploy.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -- name: check if discover hosts is required - when: - - not tripleo_nova_compute_additional_cell|bool - - nova_cellv2_discovery_done is not defined - block: - - name: discover via nova_manager? - set_fact: - nova_cellv2_discovery_delegate_host: "{{ groups['nova_manager'][0] }}" - nova_cellv2_discovery_container: nova_manager - when: - - groups['nova_manager'] is defined and (groups['nova_manager']|length>0) - - name: discover via nova_api? - set_fact: - nova_cellv2_discovery_delegate_host: "{{ groups['nova_api'][0] }}" - nova_cellv2_discovery_container: nova_api - when: - - nova_cellv2_discovery_delegate_host is not defined - - groups['nova_api'] is defined and (groups['nova_api']|length>0) - - name: Warn if no discovery host available - fail: - msg: 'No hosts available to run nova cell_v2 host discovery.' - ignore_errors: yes - when: - - nova_cellv2_discovery_delegate_host is not defined - - name: Discovering nova hosts - command: /bin/podman exec {{ nova_cellv2_discovery_container }} nova-manage cell_v2 discover_hosts --by-service - become: true - changed_when: false - delegate_to: '{{ nova_cellv2_discovery_delegate_host }}' - when: - - nova_cellv2_discovery_delegate_host is defined - # Could be included multiple times so ensure it only runs once - - set_fact: - nova_cellv2_discovery_done: true diff --git a/tripleo_ansible/roles/tripleo_nova_compute/tasks/install.yml b/tripleo_ansible/roles/tripleo_nova_compute/tasks/install.yml deleted file mode 100644 index 62ba01835..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/tasks/install.yml +++ /dev/null @@ -1,156 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: create persistent directories - file: - path: "{{ item.path }}" - setype: "{{ item.setype }}" - state: directory - mode: "{{ item.mode | default(omit) }}" - with_items: - - { 'path': /var/lib/nova, 'setype': container_file_t } - - { 'path': /var/lib/_nova_secontext, 'setype': container_file_t} - - { 'path': /var/lib/nova/instances, 'setype': container_file_t } - - { 'path': /var/lib/libvirt, 'setype': container_file_t } - - { 'path': /var/log/containers/nova, 'setype': container_file_t, 'mode': '0750' } - -- name: Mount Nova NFS Share - mount: - name: /var/lib/nova/instances - state: mounted - fstype: nfs4 - src: "{{ tripleo_nova_compute_nfs_share }}" - opts: _netdev,bg,{{ tripleo_nova_compute_nfs_options }},nfsvers={{ tripleo_nova_compute_nfs_version }} - when: tripleo_nova_compute_nfs_enabled|bool - -- name: Set up systemd target for libvirt services - copy: - dest: /etc/systemd/system/tripleo_nova_libvirt.target - mode: '0644' - owner: root - group: root - content: | - [Unit] - Wants=tripleo_nova_virtsecretd.service - Wants=tripleo_nova_virtnodedevd.service - Wants=tripleo_nova_virtstoraged.service - Wants=tripleo_nova_virtproxyd.service - Wants=tripleo_nova_virtqemud.service - After=tripleo_nova_virtsecretd.service - After=tripleo_nova_virtnodedevd.service - After=tripleo_nova_virtstoraged.service - After=tripleo_nova_virtproxyd.service - After=tripleo_nova_virtqemud.service - register: libvirt_target_result - -- name: Reload systemd - systemd: - name: tripleo_nova_libvirt.target - enabled: true - state: restarted - daemon_reload: true - when: libvirt_target_result.changed - -- name: install tripleo_nova_libvirt_guests systemd unit file (podman) - when: tripleo_nova_compute_resume_guests_state_on_host_boot|bool - block: - - name: libvirt-guests unit to stop nova_compute container before shutdown VMs - copy: - dest: /etc/systemd/system/tripleo_nova_libvirt_guests.service - content: | - [Unit] - Description=Suspend libvirt Guests in tripleo - Requires=virt-guest-shutdown.target - After=systemd-machined.service - After=network-online.target - After=tripleo_nova_libvirt.target - Before=tripleo_nova_compute.service - Documentation=man:libvirtd(8) - Documentation=https://libvirt.org - - [Service] - EnvironmentFile=-/etc/sysconfig/libvirt-guests - ExecStart=/bin/podman exec nova_virtproxyd /bin/rm -f /var/lib/libvirt/libvirt-guests - ExecStop=/bin/podman exec nova_virtproxyd /bin/sh -x /usr/libexec/libvirt-guests.sh shutdown - Type=oneshot - RemainAfterExit=yes - StandardOutput=journal+console - TimeoutStopSec=0 - - [Install] - WantedBy=multi-user.target - - - name: Making sure virt-guest-shutdown.target is present - copy: - dest: /etc/systemd/system/virt-guest-shutdown.target - content: | - [Unit] - Description=Libvirt guests shutdown - Documentation=https://libvirt.org - - - name: tripleo_nova_libvirt_guests enable VM shutdown on compute reboot/shutdown - systemd: - name: tripleo_nova_libvirt_guests - enabled: true - daemon_reload: true - -- name: ensure ceph configurations exist - file: - path: "{{ tripleo_nova_compute_ceph_config_path }}" - state: directory - -- name: enable virt_sandbox_use_netlink for healthcheck - seboolean: - name: virt_sandbox_use_netlink - persistent: true - state: true - when: - - ansible_facts.selinux is defined - - ansible_facts.selinux.status == "enabled" - -- name: install Instance HA recovery script - when: tripleo_nova_compute_enable_instance_ha|bool - block: - - name: prepare Instance HA script directory - file: - path: /var/lib/nova/instanceha - state: directory - - - name: install Instance HA script that runs nova-compute - copy: - content: check-run-nova-compute - dest: /var/lib/nova/instanceha/check-run-nova-compute - mode: 0755 - - - name: If instance HA is enabled on the node activate the evacuation completed check - file: - path: /var/lib/nova/instanceha/enabled - state: touch - when: inventory_hostname in groups["compute_instanceha"] | default([]) - - - name: install nova-compute delay wrapper script - copy: - content: delay-nova-compute - dest: /var/lib/nova/delay-nova-compute - mode: 0755 - when: tripleo_nova_compute_startup_delay|int > 0 - - - name: disable irqbalance service on compute - when: tripleo_nova_compute_disable_irq_balance|bool - service: - name: irqbalance.service - state: stopped - enabled: false diff --git a/tripleo_ansible/roles/tripleo_nova_compute/tasks/logging-install.yml b/tripleo_ansible/roles/tripleo_nova_compute/tasks/logging-install.yml deleted file mode 100644 index 273d9fe9a..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/tasks/logging-install.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: create persistent directories - file: - path: "{{ item.path }}" - setype: "{{ item.setype }}" - state: directory - mode: "{{ item.mode | default(omit) }}" - with_items: - - { 'path': /var/log/containers/nova, 'setype': container_file_t, 'mode': '0750' } diff --git a/tripleo_ansible/roles/tripleo_nova_compute/tasks/logging-run.yml b/tripleo_ansible/roles/tripleo_nova_compute/tasks/logging-run.yml deleted file mode 100644 index 8cd020fee..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/tasks/logging-run.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Ensure /var/lib/container-config-scripts exists - file: - path: /var/lib/container-config-scripts - state: directory - -- name: Manage nova_compute_init_log container - include_role: - name: tripleo_container_standalone - vars: - tripleo_container_standalone_service: nova_compute_init_log - tripleo_container_standalone_container_defs: - nova_compute_init_log: "{{ lookup('template', 'nova_compute_init_log.yaml.j2') | from_yaml }}" diff --git a/tripleo_ansible/roles/tripleo_nova_compute/tasks/main.yml b/tripleo_ansible/roles/tripleo_nova_compute/tasks/main.yml deleted file mode 100644 index 360a818b9..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/tasks/main.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_nova_compute" will search for and load any operating system variable file - -# TODO: external_post_deploy_tasks, kolla config, docker config - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Set facts for conditions - set_fact: - tripleo_nova_compute_compute_startup_delay: "{{ tripleo_nova_compute_startup_delay != 0 and not tripleo_nova_compute_enable_instance_ha }}" - tripleo_nova_compute_use_tls_for_live_migration: "{{ tripleo_nova_compute_enable_internal_tls|bool and tripleo_nova_compute_use_tls_transport_for_live_migration|bool }}" - tripleo_nova_compute_libvirt_file_backed_memory_enabled: "{{ tripleo_nova_compute_file_backed_memory == '' or tripleo_nova_compute_file_backed_memory == 0 }}" - tripleo_nova_compute_is_realtime: "{{ tripleo_tuned_profile_name | default('throughput-performance') != 'realtime-virtual-host' }}" diff --git a/tripleo_ansible/roles/tripleo_nova_compute/tasks/run.yml b/tripleo_ansible/roles/tripleo_nova_compute/tasks/run.yml deleted file mode 100644 index 4f49ea511..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/tasks/run.yml +++ /dev/null @@ -1,63 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Ensure /var/lib/container-config-scripts exists - file: - path: /var/lib/container-config-scripts - state: directory - -- name: Copy nova_statedir_ownership.py to /var/lib/container-config-scripts - copy: - src: files/nova_statedir_ownership.py - dest: /var/lib/container-config-scripts/nova_statedir_ownership.py - -- name: Manage nova_compute_statedir_owner container - include_role: - name: tripleo_container_standalone - vars: - tripleo_container_standalone_service: nova_compute_statedir_owner - tripleo_container_standalone_container_defs: - nova_compute_statedir_owner: "{{ lookup('template', 'nova_compute_statedir_owner.yaml.j2') | from_yaml }}" - -- name: Manage nova_compute_init_log container - include_role: - name: tripleo_container_standalone - vars: - tripleo_container_standalone_service: nova_compute_init_log - tripleo_container_standalone_container_defs: - nova_compute_init_log: "{{ lookup('template', 'nova_compute_init_log.yaml.j2') | from_yaml }}" - -- name: Manage nova_wait_for_compute_service container - when: tripleo_nova_compute_additional_cell|bool - include_role: - name: tripleo_container_standalone - vars: - tripleo_container_standalone_service: nova_wait_for_compute_service - tripleo_container_standalone_container_defs: - nova_wait_for_compute_service: "{{ lookup('template', 'nova_wait_for_compute_service.yaml.j2') | from_yaml }}" - tripleo_container_standalone_kolla_config_files: - nova_wait_for_compute_service: "{{ lookup('file', 'files/nova_wait_for_compute_service.yaml') | from_yaml }}" - -- name: Manage nova_compute container - include_role: - name: tripleo_container_standalone - vars: - tripleo_container_standalone_service: nova_compute - tripleo_container_standalone_container_defs: - nova_compute: "{{ lookup('template', 'nova_compute.yaml.j2') | from_yaml }}" - tripleo_container_standalone_kolla_config_files: - nova_compute: "{{ lookup('template', 'templates/kolla_config/nova_compute.yaml.j2') | from_yaml }}" diff --git a/tripleo_ansible/roles/tripleo_nova_compute/tasks/scale.yml b/tripleo_ansible/roles/tripleo_nova_compute/tasks/scale.yml deleted file mode 100644 index c055d46f2..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/tasks/scale.yml +++ /dev/null @@ -1,75 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- tags: down - become: true - environment: - OS_CLOUD: >- - {% if auth_cloud_name_set %}{{ tripleo_nova_compute_auth_cloud_name }}{% else %}{{ tripleo_nova_compute_root_stack_name }}{% endif %} - block: - # Some tasks are running from the Undercloud which has - # the OpenStack clients installed. - - name: Get nova-compute service ID - command: openstack compute service list --service nova-compute --column ID --column Host --format yaml - register: nova_compute_service_result - delegate_to: "{{ groups['Undercloud'] | first }}" - check_mode: false - changed_when: false - - - name: Set fact for nova_compute services - set_fact: - nova_compute_service: "{{ nova_compute_service_result.stdout | from_yaml | selectattr('Host', 'match', ansible_facts['fqdn'] ~ '.*') | list }}" - delegate_to: "{{ groups['Undercloud'] | first }}" - check_mode: false - - - name: Check search output - fail: - msg: >- - Found multiple `{{ ansible_facts['fqdn'] }}`, which is unexpected. - This means that the FQDN of the selected device to disable is - either wrong or is sharing a name with another host, which is - also wrong. Please correct this issue before continuing. Nova - service list return data can be found here - -> {{ nova_compute_service }}. - when: - - (nova_compute_service | length) > 1 - - - name: Disable nova services - when: - - (nova_compute_service | length) == 1 - block: - - name: Disable nova-compute service - command: openstack compute service set {{ nova_compute_service[0].Host }} nova-compute --disable - delegate_to: "{{ groups['Undercloud'] | first }}" - check_mode: false - when: - - not tripleo_nova_compute_additional_cell|bool - - - name: Stop nova-compute container - service: - name: tripleo_nova_compute - state: stopped - enabled: false - become: true - register: stop_nova_compute - failed_when: "('msg' in stop_nova_compute and - 'Could not find the requested service tripleo_nova_compute' not in stop_nova_compute.msg) or - ('rc' in stop_nova_compute and stop_nova_compute.rc != 0)" - - - name: Delete nova-compute service - command: openstack compute service delete {{ nova_compute_service[0].ID }} - delegate_to: "{{ groups['Undercloud'] | first }}" - check_mode: false diff --git a/tripleo_ansible/roles/tripleo_nova_compute/tasks/update.yml b/tripleo_ansible/roles/tripleo_nova_compute/tasks/update.yml deleted file mode 100644 index b7b5ba838..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/tasks/update.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Remove old tmpfiles.d config - file: - path: /etc/tmpfiles.d/var-run-libvirt.conf - state: absent diff --git a/tripleo_ansible/roles/tripleo_nova_compute/tasks/upgrade.yml b/tripleo_ansible/roles/tripleo_nova_compute/tasks/upgrade.yml deleted file mode 100644 index b7c017d8a..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/tasks/upgrade.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Inlcude update tasks to upgrade Nova Libvirt - include_tasks: update.yml diff --git a/tripleo_ansible/roles/tripleo_nova_compute/tasks/validate.yml b/tripleo_ansible/roles/tripleo_nova_compute/tasks/validate.yml deleted file mode 100644 index 7a1fc69e6..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/tasks/validate.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: validate nova-compute container state - containers.podman.podman_container_info: - name: nova_compute - register: nova_compute_infos - failed_when: - - nova_compute_infos.containers.0.Healthcheck.Status is defined - - "'healthy' not in nova_compute_infos.containers.0.Healthcheck.Status" - retries: 10 - delay: 30 - tags: - - opendev-validation - - opendev-validation-nova - when: - - not container_healthcheck_disabled | default(false) | bool diff --git a/tripleo_ansible/roles/tripleo_nova_compute/templates/kolla_config/nova_compute.yaml.j2 b/tripleo_ansible/roles/tripleo_nova_compute/templates/kolla_config/nova_compute.yaml.j2 deleted file mode 100644 index 18414a1ff..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/templates/kolla_config/nova_compute.yaml.j2 +++ /dev/null @@ -1,34 +0,0 @@ -command: -{%- if tripleo_nova_compute_startup_delay != 0 -%} - '/var/lib/nova/delay-nova-compute --delay {{ tripleo_nova_compute_startup_delay }} --nova-binary' -{% elif tripleo_nova_compute_enable_instance_ha -%} - '/var/lib/nova/instanceha/check-run-nova-compute' -{% else %} - '/usr/bin/nova-compute' -{% endif -%} -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true -permissions: - - path: /var/log/nova - owner: nova:nova - recurse: true - - path: {{ "/etc/ceph/" ~ tripleo_nova_compute_ceph_cluster_name ~ ".client." ~ tripleo_nova_compute_ceph_client_user_name ~ ".keyring" }} - owner: nova:nova - perm: '0600' -{% for _, store in tripleo_nova_compute_glance_multistore_config.items() %} - - path: /etc/ceph/{{ store.CephClusterName | default(tripleo_nova_compute_ceph_cluster_name) }}.client.{{ store.CephClientUserName | default(tripleo_nova_compute_ceph_client_user_name) }}.keyring - owner: nova:nova - perm: '0600' -{% endfor %} -{% for _, store in tripleo_nova_compute_cinder_rbd_multi_config.items() %} - - path: /etc/ceph/{{ store.CephClusterName | default(tripleo_nova_compute_ceph_cluster_name) }}.client.{{ store.CephClientUserName | default(tripleo_nova_compute_ceph_client_user_name) }}.keyring - owner: nova:nova - perm: '0600' -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_nova_compute/templates/nova_compute.yaml.j2 b/tripleo_ansible/roles/tripleo_nova_compute/templates/nova_compute.yaml.j2 deleted file mode 100644 index 8985a9c29..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/templates/nova_compute.yaml.j2 +++ /dev/null @@ -1,32 +0,0 @@ -start_order: 3 -image: {{ tripleo_nova_compute_container_image }} -ulimit: {{ tripleo_nova_compute_docker_ulimit }} -ipc: host -net: host -privileged: true -user: nova -restart: always -depends_on: - - tripleo_nova_libvirt.target -volumes: - {% set nova_compute_volumes = [] %} - {%- set nova_compute_volumes = - nova_compute_volumes + - tripleo_nova_compute_common_volumes + - tripleo_nova_compute_volumes + - tripleo_nova_compute_opt_volumes -%} - {%- if tripleo_nova_compute_multipathd_enable|bool -%} - {%- set nova_compute_volumes = - nova_compute_volumes + - ['/etc/multipath:/etc/multipath:z'] + - ['/etc/multipath.conf:/etc/multipath.conf:ro'] -%} - {%- endif %} - {%- set nova_compute_volumes = - nova_compute_volumes + - tripleo_nova_compute_logging_volumes -%} - {{ nova_compute_volumes }} -environment: - {% set nova_compute_env = tripleo_nova_compute_opt_env_vars %} - {%- set _ = nova_compute_env.update({'KOLLA_CONFIG_STRATEGY':'COPY_ALWAYS'}) -%} - {%- set _ = nova_compute_env.update({'LIBGUESTFS_BACKEND':'direct'}) -%} - {{ nova_compute_env }} diff --git a/tripleo_ansible/roles/tripleo_nova_compute/templates/nova_compute_init_log.yaml.j2 b/tripleo_ansible/roles/tripleo_nova_compute/templates/nova_compute_init_log.yaml.j2 deleted file mode 100644 index fec0dcc46..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/templates/nova_compute_init_log.yaml.j2 +++ /dev/null @@ -1,9 +0,0 @@ -image: {{ tripleo_nova_compute_container_image }} -net: none -privileged: false -user: root -volumes: - - /var/log/containers/nova:/var/log/nova:z -command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova'] -environment: - TRIPLEO_DEPLOY_IDENTIFIER: {{ tripleo_nova_compute_deploy_identifier }} diff --git a/tripleo_ansible/roles/tripleo_nova_compute/templates/nova_compute_statedir_owner.yaml.j2 b/tripleo_ansible/roles/tripleo_nova_compute/templates/nova_compute_statedir_owner.yaml.j2 deleted file mode 100644 index 00fe16b27..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/templates/nova_compute_statedir_owner.yaml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -image: {{ tripleo_nova_compute_container_image }} -net: none -user: root -security_opt: - - label=disable -privileged: false -detach: false -volumes: - - /var/lib/nova:/var/lib/nova:shared - - /var/lib/_nova_secontext:/var/lib/_nova_secontext:shared,z - - /var/lib/container-config-scripts:/container-config-scripts:z -command: "python3 /container-config-scripts/nova_statedir_ownership.py" -environment: - TRIPLEO_DEPLOY_IDENTIFIER: {{ tripleo_nova_compute_deploy_identifier }} - __OS_DEBUG: {{ tripleo_nova_compute_debug or tripleo_debug }} - NOVA_STATEDIR_OWNERSHIP_SKIP: {{ tripleo_nova_compute_statedir_ownership_skip | join(':') }} diff --git a/tripleo_ansible/roles/tripleo_nova_compute/templates/nova_wait_for_compute_service.yaml.j2 b/tripleo_ansible/roles/tripleo_nova_compute/templates/nova_wait_for_compute_service.yaml.j2 deleted file mode 100644 index 87249113b..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/templates/nova_wait_for_compute_service.yaml.j2 +++ /dev/null @@ -1,17 +0,0 @@ -start_order: 4 -image: {{ tripleo_nova_compute_container_image }} -user: nova -net: host -detach: false -volumes: - {% set nova_compute_volumes = [] %} - {%- set nova_compute_volumes = - nova_compute_volumes + - tripleo_nova_compute_common_volumes + - ['/var/lib/kolla/config_files/nova_wait_for_compute_service.json:/var/lib/kolla/config_files/config.json:ro'] + - ['/var/lib/container-config-scripts:/container-config-scripts'] + - tripleo_nova_compute_logging_volumes -%} - {{ nova_compute_volumes }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - __OS_DEBUG: {{ tripleo_nova_compute_debug or tripleo_debug }} diff --git a/tripleo_ansible/roles/tripleo_nova_compute/vars/main.yml b/tripleo_ansible/roles/tripleo_nova_compute/vars/main.yml deleted file mode 100644 index 2fa7e1a1d..000000000 --- a/tripleo_ansible/roles/tripleo_nova_compute/vars/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "tripleo_nova_compute" diff --git a/tripleo_ansible/roles/tripleo_nova_image_cache/defaults/main.yml b/tripleo_ansible/roles/tripleo_nova_image_cache/defaults/main.yml deleted file mode 100644 index 8b0b33a0a..000000000 --- a/tripleo_ansible/roles/tripleo_nova_image_cache/defaults/main.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should place placed in this file. - -# All variables within this role should have a prefix of "tripleo_nova_image_cache" -tripleo_nova_image_cache_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_nova_image_cache_images: [] -tripleo_nova_image_cache_use_proxy: false -tripleo_nova_image_cache_proxy_hostname: "{{ ansible_play_batch[0] }}" -tripleo_nova_image_cache_proxy_network: internal_api -tripleo_nova_image_cache_ignore_proxy_error: false -tripleo_nova_image_cache_proxy_concurrency: 1 diff --git a/tripleo_ansible/roles/tripleo_nova_image_cache/meta/main.yml b/tripleo_ansible/roles/tripleo_nova_image_cache/meta/main.yml deleted file mode 100644 index 54717930f..000000000 --- a/tripleo_ansible/roles/tripleo_nova_image_cache/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_nova_image_cache - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_nova_image_cache/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_nova_image_cache/molecule/default/converge.yml deleted file mode 100644 index 473321dcd..000000000 --- a/tripleo_ansible/roles/tripleo_nova_image_cache/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_nova_image_cache" diff --git a/tripleo_ansible/roles/tripleo_nova_image_cache/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_nova_image_cache/molecule/default/molecule.yml deleted file mode 100644 index 5b32dc746..000000000 --- a/tripleo_ansible/roles/tripleo_nova_image_cache/molecule/default/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_nova_image_cache/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_nova_image_cache/molecule/default/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/tripleo_nova_image_cache/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_nova_image_cache/tasks/cache.yml b/tripleo_ansible/roles/tripleo_nova_image_cache/tasks/cache.yml deleted file mode 100644 index 97a08644e..000000000 --- a/tripleo_ansible/roles/tripleo_nova_image_cache/tasks/cache.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Show proxy host - debug: - msg: "Proxy host is {{ tripleo_nova_image_cache_proxy_hostname }}" - run_once: true - when: - - tripleo_nova_image_cache_use_proxy | bool - -- name: "Cache image {{ image.id }}" - become: true - tripleo_nova_image_cache: - id: "{{ image.id }}" - any_errors_fatal: "{{ true if tripleo_nova_image_cache_use_proxy and tripleo_nova_image_cache_is_proxy_host else false }}" - when: - - not (tripleo_nova_image_cache_use_proxy | bool) or (tripleo_nova_image_cache_is_proxy_host | bool) - -- name: "Cache image (via proxy) {{ image.id }}" - become: true - tripleo_nova_image_cache: - id: "{{ image.id }}" - scp_source: "{{ tripleo_nova_image_cache_proxy_source_ip }}" - scp_continue_on_error: "{{ tripleo_nova_image_cache_ignore_proxy_error }}" - when: - - tripleo_nova_image_cache_use_proxy | bool - - not (tripleo_nova_image_cache_is_proxy_host | bool) diff --git a/tripleo_ansible/roles/tripleo_nova_image_cache/tasks/main.yml b/tripleo_ansible/roles/tripleo_nova_image_cache/tasks/main.yml deleted file mode 100644 index e59bb35cc..000000000 --- a/tripleo_ansible/roles/tripleo_nova_image_cache/tasks/main.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_nova_image_cache" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Check proxy host - fail: - msg: >- - Inventory does not include the `tripleo_nova_image_cache_proxy_hostname` host ({{ tripleo_nova_image_cache_proxy_hostname }}) - when: - - tripleo_nova_image_cache_use_proxy | bool - - tripleo_nova_image_cache_proxy_hostname not in hostvars - -- name: Cache images - include_tasks: cache.yml - vars: - image: "{{ item }}" - loop: "{{ [ - tripleo_nova_image_cache_images|selectattr('state', 'undefined')|list, - tripleo_nova_image_cache_images|selectattr('state', 'defined')|selectattr('state', 'equalto', 'present')|list - ]|flatten }}" diff --git a/tripleo_ansible/roles/tripleo_nova_image_cache/vars/main.yml b/tripleo_ansible/roles/tripleo_nova_image_cache/vars/main.yml deleted file mode 100644 index 0c294b297..000000000 --- a/tripleo_ansible/roles/tripleo_nova_image_cache/vars/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "tripleo_nova_image_cache" -# -tripleo_nova_image_cache_proxy_source_ip: "{{ hostvars[tripleo_nova_image_cache_proxy_hostname][tripleo_nova_image_cache_proxy_network ~ '_ip'] }}" -tripleo_nova_image_cache_is_proxy_host: "{{ tripleo_nova_image_cache_proxy_hostname == inventory_hostname }}" diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/defaults/main.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/defaults/main.yml deleted file mode 100644 index e2ef50599..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/defaults/main.yml +++ /dev/null @@ -1,211 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_nova_libvirt" -tripleo_nova_libvirt_rootless_podman: false -tripleo_nova_libvirt_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_nova_libvirt_deploy_identifier: "{{ tripleo_deploy_identifier | default('') }}" -tripleo_nova_libvirt_hide_sensitive_logs: true -tripleo_nova_libvirt_container_image: "quay.io/tripleomastercentos9/openstack-nova-libvirt:current-tripleo" # role specific -tripleo_nova_libvirt_container_config_image: "quay.io/tripleomastercentos9/openstack-nova-libvirt:current-tripleo" # role specific -tripleo_nova_libvirt_container_ulimit: ['nofile=131072', 'nproc=126960'] -tripleo_nova_libvirt_container_pid: host -tripleo_nova_libvirt_container_pids_limit: 65536 -tripleo_nova_libvirt_ceph_config_path: "{{ - tripleo_ceph_config_path | default('/var/lib/tripleo-config/ceph', true) }}" -tripleo_nova_libvirt_ceph_client_user_name: "{{ - tripleo_ceph_client_user_name | default('openstack', true) }}" -tripleo_nova_libvirt_enable_internal_tls: "{{ tripleo_enable_internal_tls | default (false) }}" -tripleo_nova_libvirt_use_tls_transport_for_live_migration: "{{ - tripleo_use_tls_transport_for_live_migration | default(true) }}" -tripleo_nova_libvirt_enable_rbd_backend: false # role specific -tripleo_nova_libvirt_cinder_enable_rbd_backend: "{{ tripleo_cinder_enable_rbd_backend | default(false) }}" -tripleo_nova_libvirt_ceph_client_key: "{{ tripleo_ceph_client_key | default('', true) }}" # sensitive data -tripleo_nova_libvirt_ceph_cluster_fsid: "{{ tripleo_ceph_cluster_fsid | default('', true) }}" -tripleo_nova_libvirt_ceph_cluster_name: "{{ tripleo_ceph_cluster_name | default('ceph', true) }}" -tripleo_nova_libvirt_cinder_rbd_multi_config: "{{ tripleo_cinder_rbd_multi_config | default({}, true) }}" -tripleo_nova_libvirt_use_tls_transport_for_vnc: true -tripleo_nova_libvirt_use_tls_transport_for_nbd: true -tripleo_nova_libvirt_internal_tlsca_file: "{{ tripleo_internal_tls_ca_file | default('/etc/ipa/ca.crt', true) }}" -tripleo_nova_libvirt_libvirt_ca_cert_real: "{{ tripleo_nova_libvirt_libvirt_ca_cert | default(tripleo_nova_libvirt_internal_tlsca_file) }}" -tripleo_nova_libvirt_qemu_ca_cert_real: "{{ tripleo_nova_libvirt_qemu_ca_cert | default(tripleo_nova_libvirt_internal_tlsca_file) }}" -tripleo_nova_libvirt_certificate_key_size_real: "{{ - tripleo_nova_libvirt_certificate_key_size | - default(tripleo_certificate_key_size | - default('2048', true) - ) }}" -tripleo_nova_libvirt_qemu_server_certificate_key_size_real: "{{ - tripleo_nova_libvirt_qemu_server_certificate_key_size | - default(tripleo_certificate_key_size | - default('2048', true) - ) }}" -tripleo_nova_libvirt_qemu_client_certificate_key_size_real: "{{ - tripleo_nova_libvirt_qemu_client_certificate_key_size | - default(tripleo_certificate_key_size | - default('2048', true) - ) }}" -tripleo_nova_libvirt_vhostuser_socket_group: qemu # role specific -tripleo_nova_libvirt_qemu_memory_backing_dir: "" # role specific -tripleo_nova_libvirt_nova_compute_libvirt_type: kvm -tripleo_nova_libvirt_enabled_perf_events: [] -tripleo_nova_libvirt_monitoring_subscription: overcloud-nova-libvirt -tripleo_nova_libvirt_migration_ssh_key: > - {{ tripleo_migration_ssh_key | default({"public_key": "", "private_key": ""}, true) }} -tripleo_nova_libvirt_migration_ssh_port: "{{ tripleo_migration_ssh_port | default('2022'. true) }}" -tripleo_nova_libvirt_tls_password: "" # sensitive, assert not empty -tripleo_nova_libvirt_qemu_default_tls_verify: true -tripleo_nova_libvirt_virtlogd_wrapper_virtlogd_process_wrapper: /var/lib/container-config-scripts/virtlogd_wrapper - -# TODO(bogdando): config it with ansible, by converting logic implemented in tht with these hiera mappings: -tripleo_nova_libvirt_manage_libvirt_services: false -tripleo_nova_libvirt_migration_support: false -tripleo_nova_libvirt_qemu_configure_qemu: true # dup for tripleo_nova_libvirt_migration_qemu_configure_qemu in puppet/hiera -tripleo_nova_libvirt_qemu_max_files: 32768 -tripleo_nova_libvirt_qemu_max_processes: 131072 -tripleo_nova_libvirt_migration_qemu_migration_port_min: 61152 -tripleo_nova_libvirt_migration_qemu_migration_port_max: 61215 -tripleo_nova_libvirt_migration_client_libvirt_enabled: true -# TODO(bogdando): use IP / FQDN on tripleo_nova_libvirt_network -tripleo_nova_libvirt_migration_libvirt_listen_address: 0.0.0.0 -tripleo_nova_libvirt_migration_libvirt_live_migration_inbound_addr: "{{ ansible_facts['fqdn'] }}" -tripleo_nova_libvirt_vncserver_listen: 0.0.0.0 -tripleo_nova_libvirt_migration_client_libvirt_tls: "{{ - tripleo_nova_libvirt_enable_internal_tls | bool and - tripleo_nova_libvirt_use_tls_transport_for_live_migration | bool }}" -tripleo_nova_libvirt_qemu_nbd_tls: &tripleo_nova_libvirt_use_tls_for_nbd "{{ - tripleo_nova_libvirt_enable_internal_tls | bool or - tripleo_nova_libvirt_use_tls_transport_for_nbd | bool }}" -tripleo_nova_libvirt_migration_libvirt_live_migration_with_native_tls: *tripleo_nova_libvirt_use_tls_for_nbd -tripleo_nova_libvirt_qemu_vnc_tls: &tripleo_nova_libvirt_use_tls_for_vnc "{{ - tripleo_nova_libvirt_enable_internal_tls | bool or - tripleo_nova_libvirt_use_tls_transport_for_vnc | bool }}" -tripleo_nova_libvirt_qemu_vnc_tls_verify: *tripleo_nova_libvirt_use_tls_for_vnc -tripleo_nova_libvirt_rbd_libvirt_images_rbd_ceph_conf: /etc/ceph/{{ tripleo_nova_libvirt_ceph_cluster_name }}.conf -tripleo_nova_libvirt_rbd_rbd_keyring: client.{{ tripleo_nova_libvirt_ceph_client_user_name }} - -# Redundant mappings, keep it for validation to not complain about missing hiera mappings -#tripleo_nova_libvirt_migration_client_ssh_private_key: "{{ tripleo_nova_libvirt_migration_ssh_key.private_key }}" -#tripleo_nova_libvirt_virtlogd_wrapper_virtlogd_image: "{{ tripleo_nova_libvirt_container_image }}" - -# FIXME(bogdando): monolithic libvirt is not supported, remove these once removed from puppet and tht -# but keep it for new for the mappings validations to not complain about missing hiera mappings -#tripleo_nova_libvirt_modular_libvirt -#tripleo_nova_libvirt_services_modular_libvirt -#tripleo_nova_libvirt_migration_libvirt_modular_libvirt - -tripleo_nova_libvirt_services: - # TODO(bogdando): restore _wrapper handling conditions and add back create_virtlogd_wrapper, - # and conditional nova_virtlogd or nova_virtlogd_wrapper containers to start - - virtlogd - - virtsecretd - - virtnodedevd - - virtstoraged - - virtqemud - - virtproxyd - -# logging configuration options -tripleo_nova_libvirt_virtlogd_log_filters: "1:logging 4:object 4:json 4:event 1:util" -tripleo_nova_libvirt_virtsecretd_log_filters: &logfilters "1:qemu 1:libvirt 4:object 4:json 4:event 1:util" -tripleo_nova_libvirt_virtnodedevd_log_filters: *logfilters -tripleo_nova_libvirt_virtstoraged_log_filters: *logfilters -tripleo_nova_libvirt_virtqemud_log_filters: *logfilters -tripleo_nova_libvirt_virtproxyd_log_filters: *logfilters -# a new one, for ansible config templates engine, has yet a tht mapping -tripleo_nova_libvirt_virtnwfilterd_log_filters: *logfilters - -tripleo_nova_libvirt_virtlogd_log_outputs: "1:file:/var/log/libvirt/virtlogd.log" -tripleo_nova_libvirt_virtsecretd_log_outputs: "1:file:/var/log/libvirt/virtsecretd.log" -tripleo_nova_libvirt_virtnodedevd_log_outputs: "1:file:/var/log/libvirt/virtnodedevd.log" -tripleo_nova_libvirt_virtstoraged_log_outputs: "1:file:/var/log/libvirt/virtstoraged.log" -tripleo_nova_libvirt_virtqemud_log_outputs: "1:file:/var/log/libvirt/virtqemud.log" -tripleo_nova_libvirt_virtproxyd_log_outputs: "1:file:/var/log/libvirt/virtproxyd.log" -# a new one, for ansible config templates engine, has yet a tht mapping -tripleo_nova_libvirt_virtnwfilterd_log_outputs: "1:file:/var/log/libvirt/virtnwfilterd.log" - -tripleo_nova_libvirt_tls_priority: "NORMAL:-VERS-SSL3.0:-VERS-TLS-ALL:+VERS-TLS1.2" -tripleo_nova_libvirt_opt_volumes: [] # role specific -tripleo_nova_libvirt_enable_virtlogd_container_wrapper: false -tripleo_nova_libvirt_virtlogd_wrapper_debug: false -tripleo_nova_libvirt_rbd_disk_cachemodes: "{{ - tripleo_rbd_disk_cachemodes | - default(['network=writeback'], true) }}" -tripleo_nova_libvirt_network: internal_api -tripleo_nova_libvirt_idm_realm: "{{ - tripleo_idm_realm | - default( - lookup('ini', 'realm default=DEFAULT section=global file=/etc/ipa/default.conf') - ) }}" - -tripleo_nova_libvirt_config_use_ansible: true -tripleo_nova_libvirt_config_dir: /var/lib/config-data/ansible-generated/nova_libvirt - -# TODO: align with facts set for https://review.opendev.org/839762 -tripleo_nova_libvirt_common_volumes: - - /lib/modules:/lib/modules:ro - - /dev:/dev - - /run:/run - - /sys/fs/cgroup:/sys/fs/cgroup - - /sys/fs/selinux:/sys/fs/selinux - - /etc/selinux/config:/etc/selinux/config:ro - - /etc/libvirt:/etc/libvirt:shared - - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro - - /run/libvirt:/run/libvirt:shared - - /var/lib/nova:/var/lib/nova:shared - - /var/lib/libvirt:/var/lib/libvirt:shared - - /var/cache/libvirt:/var/cache/libvirt:shared - - /var/lib/vhost_sockets:/var/lib/vhost_sockets - - /var/log/containers/libvirt:/var/log/libvirt:shared,z # +qemu subdir - - "{{ tripleo_nova_libvirt_config_dir ~ - ':/var/lib/kolla/config_files/src:ro' }}" - -tripleo_nova_libvirt_internal_tls_volumes: "{{ - tripleo_nova_libvirt_enable_internal_tls | - ternary( - ['/etc/pki/CA/cacert.pem:/etc/pki/CA/cacert.pem:ro', - '/etc/pki/libvirt:/etc/pki/libvirt:ro', - '/etc/pki/qemu:/etc/pki/qemu:ro'], - []) }}" - -tripleo_nova_libvirt_qemu_memory_backing_dir_volumes: "{{ - tripleo_nova_libvirt_qemu_memory_backing_dir | - ternary( - [tripleo_nova_libvirt_qemu_memory_backing_dir ~ ':' - ~ tripleo_nova_libvirt_qemu_memory_backing_dir], - []) }}" - -tripleo_nova_libvirt_ceph_volumes: - - "{{ tripleo_nova_libvirt_ceph_config_path ~ - ':/var/lib/kolla/config_files/src-ceph:ro' }}" - -# TODO: restore facts and volumes for Ceph multiconfig info, keyring paths, -# Kolla permissions - and use the latter for actual kolla permissions -tripleo_nova_libvirt_volumes: "{{ - tripleo_container_standalone_volumes | default([]) + - tripleo_nova_libvirt_common_volumes + - tripleo_nova_libvirt_internal_tls_volumes + - tripleo_nova_libvirt_qemu_memory_backing_dir_volumes + - tripleo_nova_libvirt_ceph_volumes + - tripleo_nova_libvirt_opt_volumes }}" - -# TODO(bogdando): implement tripleo_nova_libvirt_config, like we do for nova compute -# but also supporting '' empty config section, like its puppet providers -tripleo_nova_libvirt_config: - virtnwfilterd: - log_filters: '{{ tripleo_nova_libvirt_virtnwfilterd_log_filters }}' - log_outputs: '{{ tripleo_nova_libvirt_virtnwfilterd_log_outputs }}' diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/files/.gitkeep b/tripleo_ansible/roles/tripleo_nova_libvirt/files/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/files/create_virtlogd_wrapper.yaml b/tripleo_ansible/roles/tripleo_nova_libvirt/files/create_virtlogd_wrapper.yaml deleted file mode 100644 index 389559745..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/files/create_virtlogd_wrapper.yaml +++ /dev/null @@ -1 +0,0 @@ -#TBD as kolla config diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_libvirt_init_secret.sh b/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_libvirt_init_secret.sh deleted file mode 100755 index 221167096..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_libvirt_init_secret.sh +++ /dev/null @@ -1,82 +0,0 @@ -#!/bin/bash - -set -e - -CEPH_INFO=($*) - -if [ -z "$CEPH_INFO" ]; then - echo "error: At least one CLUSTER:CLIENT tuple must be specified" - exit 1 -fi - -echo "------------------------------------------------" -echo "Initializing virsh secrets for: ${CEPH_INFO[@]}" - -for INFO in ${CEPH_INFO[@]}; do - IFS=: read CLUSTER CLIENT <<< $INFO - if [ ! -f /etc/ceph/${CLUSTER}.conf ]; then - echo "Error: /etc/ceph/${CLUSTER}.conf was not found" - echo "Path to nova_libvirt_init_secret was ${CEPH_INFO}" - exit 1 - fi - FSID=$(awk '$1 == "fsid" {print $3}' /etc/ceph/${CLUSTER}.conf) - if [ -z "${FSID}" ]; then - echo "Error: /etc/ceph/${CLUSTER}.conf contained an empty fsid definition" - echo "Check your ceph configuration" - exit 1 - fi - - echo "--------" - echo "Initializing the virsh secret for '$CLUSTER' cluster ($FSID) '$CLIENT' client" - - # Ensure the secret XML file exists. - # If the tripleo_nova_libvirt role is used standalone without puppet, then - # secret.xml won't exist. Create the first cluster's secret with this script. - if [ ! -f "/etc/nova/secret.xml" ]; then - HAVE_FIRST_SECRET=0 - SECRET_FILE="/etc/nova/secret.xml" - SECRET_NAME="client.${CLIENT} secret" - else - HAVE_FIRST_SECRET=1 # either puppet or this script created it - fi - # If puppet, or this script created, a secret.xml file for the - # first cluster's secret, detect when to use that file. - if [ $HAVE_FIRST_SECRET -eq 1 ]; then - if grep -q $FSID /etc/nova/secret.xml; then - SECRET_FILE="/etc/nova/secret.xml" - SECRET_NAME="client.${CLIENT} secret" - else - SECRET_FILE="/etc/nova/${CLUSTER}-secret.xml" - SECRET_NAME="${CLUSTER}.client.${CLIENT} secret" - fi - fi - - if [ ! -f $SECRET_FILE ]; then - echo "Creating $SECRET_FILE" - cat < $SECRET_FILE - - - ${SECRET_NAME} - - ${FSID} - -EOF - else - echo "The $SECRET_FILE file already exists" - fi - - # Ensure the libvirt secret is defined - if /usr/bin/virsh secret-list | grep -q $FSID; then - echo "The virsh secret for $FSID has already been defined" - else - /usr/bin/virsh secret-define --file $SECRET_FILE - fi - - # Fetch the key from the keyring and ensure the secret is set - KEY=$(awk '$1 == "key" {print $3}' /etc/ceph/${CLUSTER}.client.${CLIENT}.keyring) - if /usr/bin/virsh secret-get-value $FSID 2>/dev/null | grep -q $KEY; then - echo "The virsh secret for $FSID has already been set" - else - /usr/bin/virsh secret-set-value --secret $FSID --base64 $KEY - fi -done diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_libvirt_init_secret.yaml b/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_libvirt_init_secret.yaml deleted file mode 100644 index 389559745..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_libvirt_init_secret.yaml +++ /dev/null @@ -1 +0,0 @@ -#TBD as kolla config diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtlogd.yaml b/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtlogd.yaml deleted file mode 100644 index 80a6cd271..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtlogd.yaml +++ /dev/null @@ -1,11 +0,0 @@ -command: /usr/sbin/virtlogd --config /etc/libvirt/virtlogd.conf -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true -permissions: [] diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtlogd_wrapper.yaml b/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtlogd_wrapper.yaml deleted file mode 100644 index e49b932c2..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtlogd_wrapper.yaml +++ /dev/null @@ -1,11 +0,0 @@ -command: /usr/local/bin/virtlogd_wrapper -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true -permissions: "{{ tripleo_nova_libvirt_ceph_multiconfig_permissions }}" diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtnodedevd.yaml b/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtnodedevd.yaml deleted file mode 100644 index b83224458..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtnodedevd.yaml +++ /dev/null @@ -1,11 +0,0 @@ -command: /usr/sbin/virtnodedevd --config /etc/libvirt/virtnodedevd.conf -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true -permissions: [] diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtproxyd.yaml b/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtproxyd.yaml deleted file mode 100644 index 1640f3b42..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtproxyd.yaml +++ /dev/null @@ -1,11 +0,0 @@ -command: /usr/sbin/virtproxyd --config /etc/libvirt/virtproxyd.conf -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true -permissions: [] diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtqemud.yaml b/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtqemud.yaml deleted file mode 100644 index 53035f62f..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtqemud.yaml +++ /dev/null @@ -1,11 +0,0 @@ -command: /usr/sbin/virtqemud --config /etc/libvirt/virtqemud.conf -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true -permissions: [] diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtsecretd.yaml b/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtsecretd.yaml deleted file mode 100644 index 01d93fe58..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtsecretd.yaml +++ /dev/null @@ -1,11 +0,0 @@ -command: /usr/sbin/virtsecretd --config /etc/libvirt/virtsecretd.conf -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true -permissions: [] diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtstoraged.yaml b/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtstoraged.yaml deleted file mode 100644 index f3e5ae8d2..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/files/nova_virtstoraged.yaml +++ /dev/null @@ -1,11 +0,0 @@ -command: /usr/sbin/virtstoraged --config /etc/libvirt/virtstoraged.conf -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true -permissions: [] diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/handlers/main.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/handlers/main.yml deleted file mode 100644 index 04555ef38..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/handlers/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Remove nova_libvirt_config container - shell: podman rm -f nova_libvirt_config - changed_when: false - failed_when: false diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/meta/main.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/meta/main.yml deleted file mode 100644 index 2e0b2d54e..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/meta/main.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: TripleO OpenStack Role -- tripleo_nova_libvirt - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - namespace: openstack - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/configure/molecule.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/configure/molecule.yml deleted file mode 100644 index 5970e4a64..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/configure/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - # it starts podman containers to create configs, cannot use podman driver - name: delegated - options: - ansible_connection_options: - ansible_connection: local - ansible_host: localhost - -provisioner: - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - verify: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/verify.yml" - converge: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/converge.yml" - -scenario: - name: configure - test_sequence: - - destroy - - create - - prepare - - converge - # TODO(bogdando): enable this after tripleo ansible config template engine - # becomes idempotent - #- idempotence - - check - - verify - - destroy diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/configure/test_vars.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/configure/test_vars.yml deleted file mode 100644 index a4ff4f9d6..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/configure/test_vars.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# A test case to install, configure containers (do not run it), -# then to check a virtqemud container config -config: - - name: /var/lib/config-data/ansible-generated/nova_libvirt/etc/libvirt/virtqemud.conf - expected_lines: - - unix_sock_group = 'libvirt' - - unix_sock_ro_perms = '0444' - - unix_sock_rw_perms = '0770' - - auth_unix_ro = 'none' - - auth_unix_rw = 'none' - - log_filters = '1:qemu 1:libvirt 4:object 4:json 4:event 1:util' - - log_outputs = '1:file:/var/log/libvirt/virtqemud.log' -molecule_tags_enforce: false -test_tags: - - install - - configure -test_skip_tags: - - run diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/default/molecule.yml deleted file mode 100644 index 9a06a8e97..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/default/molecule.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -driver: - name: podman - -provisioner: - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - verify: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/verify.yml" - converge: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/converge.yml" - -scenario: - name: default - test_sequence: - - destroy - - create - - prepare - - converge - - idempotence - - check - - verify - - destroy diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/default/test_vars.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/default/test_vars.yml deleted file mode 100644 index 30b8ad876..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/default/test_vars.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# A test case to install only, no special checks but idempotence -test_skip_tags: - - configure - - run -test_tags: - - install -molecule_tags_enforce: false diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/run/molecule.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/run/molecule.yml deleted file mode 100644 index 91a98ae06..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/run/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: delegated # cannot start containers from podman container - options: - ansible_connection_options: - ansible_connection: local - ansible_host: localhost - -provisioner: - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - verify: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/verify.yml" - converge: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/converge.yml" - -scenario: - name: run - test_sequence: - - destroy - - create - - prepare - - converge - # TODO(bogdando): enable this after tripleo container manager tasks - # become idempotent - #- idempotence - - check - - verify - - destroy diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/run/test_vars.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/run/test_vars.yml deleted file mode 100644 index 15479ced4..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/run/test_vars.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -# A test case to install, configure all, then run all libvirt containers -# No config checks as libvirt containers got same config files generated diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/run_virtqemud/molecule.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/run_virtqemud/molecule.yml deleted file mode 100644 index 06dfbc950..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/run_virtqemud/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: delegated # cannot start containers from podman container - options: - ansible_connection_options: - ansible_connection: local - ansible_host: localhost - -provisioner: - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - verify: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/verify.yml" - converge: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/converge.yml" - -scenario: - name: run_virtqemud - test_sequence: - - destroy - - create - - prepare - - converge - # TODO(bogdando): enable this after tripleo container manager tasks - # become idempotent - #- idempotence - - check - - verify - - destroy diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/run_virtqemud/test_vars.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/run_virtqemud/test_vars.yml deleted file mode 100644 index 6978cbcd1..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/molecule/run_virtqemud/test_vars.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# A test case to install, configure all, then run a virtqemud container -# and check its tripleo configs -config: - - name: /var/lib/tripleo-config/container-startup-config/nova_libvirt/nova_virtqemud.json - expected_lines: - - ' "image": "quay.io/tripleomastercentos9/openstack-nova-libvirt:current-tripleo",' - - ' "nofile=131072",' - - ' "nproc=126960"' - - ' "pids_limit": 65536,' - - name: /var/lib/kolla/config_files/nova_virtqemud.json - expected_lines: - - ' "command": "/usr/sbin/virtqemud --config /etc/libvirt/virtqemud.conf",' -tripleo_container_standalone_container_defs: - nova_virtqemud: "{{ lookup('template', 'nova_virtqemud.yaml.j2') | from_yaml }}" -tripleo_container_standalone_kolla_config_files: - nova_virtqemud: "{{ lookup('file', 'files/nova_virtqemud.yaml') | from_yaml }}" diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/resources/molecule/converge.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/resources/molecule/converge.yml deleted file mode 100644 index 75b060aa1..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/resources/molecule/converge.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Converge - hosts: all - become: true - vars_files: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/test_vars.yml" - pre_tasks: - - name: Importing test_vars - include_vars: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/test_vars.yml" - tasks: - - name: Execute test case tasks - include_role: - name: tripleo_nova_libvirt - tasks_from: "{{ test_task | default('main.yml') }}" - tags: "{{ test_tags | default(omit) }}" diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/resources/molecule/prepare.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/resources/molecule/prepare.yml deleted file mode 100644 index 7c3501eaf..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/resources/molecule/prepare.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_setup_tripleo: true - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/resources/molecule/print_conf_content.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/resources/molecule/print_conf_content.yml deleted file mode 100644 index 52b8341bf..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/resources/molecule/print_conf_content.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Debug - getting content of configs - command: grep -E '^[^#]' {{ item.name }} - register: _conf_content - loop: "{{ _configs }}" - -- name: Set facts for configs, expected lines and contents - set_fact: - _verify_content: "{{ _conf_content.results | map(attribute='stdout_lines') | list }}" - _verify_expected: "{{ _conf_content.results | map(attribute='item') | map(attribute='expected_lines') | list }}" - _verify_configs: "{{ _conf_content.results | map(attribute='item') | map(attribute='name') | list }}" - -- name: Debug - printing expected lines and actual configs contents - vars: - context: "{{ _verify_expected | zip(_verify_content) }}" - debug: - var: dict(_verify_configs|zip(context)) diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/resources/molecule/verify.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/resources/molecule/verify.yml deleted file mode 100644 index acd8cb48c..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/resources/molecule/verify.yml +++ /dev/null @@ -1,63 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Verify - hosts: all - become: true - gather_facts: false - any_errors_fatal: false - pre_tasks: - - name: Import test_vars - include_vars: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/test_vars.yml" - tasks: - - name: Validate configuration - when: config is defined and config - block: - - name: Check if changes applied to config files - lineinfile: - path: "{{ _conf.0.name }}" - line: "{{ _conf.1 }}" - state: present - check_mode: true - register: _conf_result - failed_when: _conf_result is changed or _conf_result is failed - with_subelements: - - "{{ config }}" - - expected_lines - loop_control: - loop_var: _conf - rescue: - - name: Output config - include_tasks: print_conf_content.yml - loop: - - "{{ config }}" - loop_control: - loop_var: _configs - - - name: Print failed lines - fail: - msg: | - - "FAILED: Not found in {{_entry.path}}: {{_entry.line}}" - failed_when: true - loop: "{{ _conf_result.results | selectattr('failed', 'equalto', true) | map(attribute='invocation') | map(attribute='module_args') }}" - loop_control: - loop_var: _entry - - - name: Debug - Scenario name - debug: - var: molecule_yml.scenario.name diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/configure.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/configure.yml deleted file mode 100644 index 7dce1e578..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/configure.yml +++ /dev/null @@ -1,207 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Set facts for conditions - set_fact: - tripleo_nova_libvirt_need_libvirt_secret: "{{ - tripleo_nova_libvirt_enable_rbd_backend | bool or - tripleo_nova_libvirt_cinder_enable_rbd_backend | bool }}" - -- name: Set facts for Ceph multiconfig keyring paths - vars: - _keyrings: - - "{{ tripleo_nova_libvirt_ceph_cluster_name}}.client.{{ tripleo_nova_libvirt_ceph_client_user_name}}.keyring" - set_fact: - tripleo_nova_libvirt_ceph_multiconfig_keyrings: "{{ tripleo_nova_libvirt_ceph_multiconfig_keyrings | default([]) + - [item.value['CephClusterName'] | default(tripleo_nova_libvirt_ceph_cluster_name) ~ '.client.' ~ - item.value['CephClientUserName'] | default(tripleo_nova_libvirt_ceph_client_user_name) ~ '.keyring'] }}" - with_items: "{{ (_keyrings + tripleo_nova_libvirt_cinder_rbd_multi_config | dict2items) | unique }}" - -- name: Set facts for Ceph multiconfig Kolla permissions - set_fact: - tripleo_nova_libvirt_ceph_multiconfig_permissions: "{{ tripleo_nova_libvirt_ceph_multiconfig_permissions | default([]) + - [{'owner': 'nova:nova', 'perm': '0600', 'path': '/etc/ceph/' ~ item}] }}" - with_items: "{{ tripleo_nova_libvirt_ceph_multiconfig_keyrings }}" - -- name: Set facts for Ceph multiconfig info - vars: - _multiconfig_info: - - "{{ tripleo_nova_libvirt_ceph_cluster_name }}:{{ tripleo_nova_libvirt_ceph_client_user_name }}" - set_fact: - tripleo_nova_libvirt_ceph_multiconfig_info: "{{ tripleo_nova_libvirt_ceph_multiconfig_info | default([]) + - [item.value['CephClusterName'] | default(tripleo_nova_libvirt_ceph_cluster_name) ~ ':' ~ - item.value['CephClientUserName'] | default(tripleo_nova_libvirt_ceph_client_user_name)] }}" - with_items: "{{ (_multiconfig_info + tripleo_nova_libvirt_cinder_rbd_multi_config | dict2items) | unique }}" - -- name: Certificate generation for Nova Libvirt and QEMU - when: tripleo_nova_libvirt_enable_internal_tls|bool - block: - - name: Create dirs for certificates and keys - file: - path: "{{ item }}" - state: directory - serole: object_r - setype: cert_t - seuser: system_u - with_items: - - '/etc/pki/libvirt' - - '/etc/pki/libvirt/private' - - '/etc/pki/qemu' - - include_role: - name: linux-system-roles.certificate - vars: - certificate_requests: - - name: libvirt-server-cert - dns: "{{ tripleo_nova_libvirt_network }}" - principal: libvirt/{{ tripleo_nova_libvirt_network }}@{{ tripleo_nova_libvirt_idm_realm }} - run_after: | - # Copy cert and key to libvirt dirs - cp {{ tripleo_nova_libvirt_libvirt_ca_cert_real }} /etc/pki/CA/cacert.pem - chown root:root /etc/pki/CA/cacert.pem - chmod 644 /etc/pki/CA/cacert.pem - cp /etc/pki/tls/certs/libvirt-server-cert.crt /etc/pki/libvirt/servercert.pem - cp /etc/pki/tls/private/libvirt-server-cert.key /etc/pki/libvirt/private/serverkey.pem - systemctl reload tripleo_nova_virtqemud - key_size: "{{ tripleo_nova_libvirt_certificate_key_size_real }}" - ca: ipa - - name: libvirt-client-cert - dns: "{{ tripleo_nova_libvirt_network }}" - principal: libvirt/{{ tripleo_nova_libvirt_network }}@{{ tripleo_nova_libvirt_idm_realm }} - run_after: | - # Copy cert and key to libvirt dirs - cp /etc/pki/tls/certs/libvirt-client-cert.crt /etc/pki/libvirt/clientcert.pem - cp /etc/pki/tls/private/libvirt-client-cert.key /etc/pki/libvirt/private/clientkey.pem - systemctl reload tripleo_nova_virtqemud - key_size: "{{ tripleo_nova_libvirt_certificate_key_size_real }}" - ca: ipa - - name: qemu-server-cert - owner: root - group: qemu - dns: "{{ tripleo_nova_libvirt_network }}" - principal: libvirt/{{ tripleo_nova_libvirt_network }}@{{ tripleo_nova_libvirt_idm_realm }} - run_after: | - # Copy cert and key to qemu dir - cp {{ tripleo_nova_libvirt_qemu_ca_cert_real }} /etc/pki/qemu/ca-cert.pem - chown root:root /etc/pki/qemu/ca-cert.pem - chmod 644 /etc/pki/qemu/ca-cert.pem - cp -a /etc/pki/tls/certs/qemu-server-cert.crt /etc/pki/qemu/server-cert.pem - cp -a /etc/pki/tls/private/qemu-server-cert.key /etc/pki/qemu/server-key.pem - chgrp qemu /etc/pki/qemu/server-* - chmod 0640 /etc/pki/qemu/server-cert.pem - chmod 0640 /etc/pki/qemu/server-key.pem - key_size: "{{ tripleo_nova_libvirt_qemu_server_certificate_key_size_real }}" - ca: ipa - - name: qemu-client-cert - owner: root - group: qemu - dns: "{{ tripleo_nova_libvirt_network }}" - principal: libvirt/{{ tripleo_nova_libvirt_network }}@{{ tripleo_nova_libvirt_idm_realm }} - run_after: | - # Copy cert and key to qemu dir - cp -a /etc/pki/tls/certs/qemu-client-cert.crt /etc/pki/qemu/client-cert.pem - cp -a /etc/pki/tls/private/qemu-client-cert.key /etc/pki/qemu/client-key.pem - chgrp qemu /etc/pki/qemu/client-* - chmod 0640 /etc/pki/qemu/client-cert.pem - chmod 0640 /etc/pki/qemu/client-key.pem - key_size: "{{ tripleo_nova_libvirt_qemu_client_certificate_key_size_real }}" - ca: ipa - -- name: Configure libvirt - when: tripleo_nova_libvirt_config_use_ansible|bool - block: - - name: Ensure {{ tripleo_nova_libvirt_config_dir }}/etc/libvirt exists - file: - path: "{{ tripleo_nova_libvirt_config_dir }}/etc/libvirt" - state: directory - recurse: true - - - name: Remove nova_libvirt_config container if exists - shell: podman rm -f nova_libvirt_config - changed_when: false - failed_when: false - - - name: Run nova_libvirt_config container - shell: podman run --detach --name nova_libvirt_config {{ tripleo_nova_libvirt_container_config_image }} sleep infinity - notify: Remove nova_libvirt_config container - register: config_container_id - - - name: Copy initial config files from nova_libvirt_config container - shell: | - mount_dir=$(podman mount nova_libvirt_config) - cp -a ${mount_dir}/{{ item }} {{ tripleo_nova_libvirt_config_dir }}/etc/libvirt - failed_when: false - changed_when: false - register: copy_config_files - loop: - - /etc/libvirt/virtlockd.conf - - /etc/libvirt/virtlogd.conf - - /etc/libvirt/virtnodedevd.conf - - /etc/libvirt/virtnwfilterd.conf - - /etc/libvirt/virtproxyd.conf - - /etc/libvirt/virtqemud.conf - - /etc/libvirt/virtsecretd.conf - - /etc/libvirt/virtstoraged.conf - - - name: Check for failure - debug: - msg: | - Copying config files failed - {{ copy_config_files.results | map(attribute='stdout') | list }} - {{ copy_config_files.results | map(attribute='stderr') | list }} - when: - - copy_config_files.results | selectattr('rc', 'ne', 0) | list | length != 0 - failed_when: true - - - name: Configure common nova_libvirt config values - ini_file: - path: "{{ tripleo_nova_libvirt_config_dir }}/etc/libvirt/{{ item.1 ~ '.conf' }}" - section: "{{ item.0.section }}" - option: "{{ item.0.option }}" - value: "{{ item.0.value }}" - loop: "{{ configs | product(tripleo_nova_libvirt_services) | list }}" - vars: - configs: - - section: null - option: unix_sock_group - value: "'libvirt'" - - section: null - option: unix_sock_ro_perms - value: "'0444'" - - section: null - option: unix_sock_rw_perms - value: "'0770'" - - section: null - option: auth_unix_ro - value: "'none'" - - section: null - option: auth_unix_rw - value: "'none'" - - - name: Configure nova_libvirt log_filters config values - ini_file: - path: "{{ tripleo_nova_libvirt_config_dir }}/etc/libvirt/{{ item ~ '.conf' }}" - section: null - option: log_filters - value: "'{{ lookup('vars', 'tripleo_nova_libvirt_' ~ item ~ '_log_filters') }}'" - loop: "{{ tripleo_nova_libvirt_services }}" - - - name: Configure nova_libvirt log_outputs config values - ini_file: - path: "{{ tripleo_nova_libvirt_config_dir }}/etc/libvirt/{{ item ~ '.conf' }}" - section: null - option: log_outputs - value: "'{{ lookup('vars', 'tripleo_nova_libvirt_' ~ item ~ '_log_outputs') }}'" - loop: "{{ tripleo_nova_libvirt_services }}" diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/install.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/install.yml deleted file mode 100644 index 30090e9ce..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/install.yml +++ /dev/null @@ -1,110 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: create libvirt persistent data directories - file: - path: "{{ item.path }}" - state: directory - setype: "{{ item.setype | default(omit) }}" - selevel: "{{ item.selevel | default(omit) }}" - recurse: "{{ item.recurse | default(omit) }}" - mode: "{{ item.mode | default(omit) }}" - with_items: - - { 'path': /etc/puppet, 'setype': container_file_t } - - { 'path': /etc/libvirt, 'setype': container_file_t } - - { 'path': /etc/libvirt/secrets, 'setype': container_file_t } - - { 'path': /etc/libvirt/qemu, 'setype': container_file_t } - - { 'path': /var/lib/libvirt, 'setype': container_file_t } - - { 'path': /var/cache/libvirt } - - { 'path': /var/lib/nova, 'setype': container_file_t } - - { 'path': /run/libvirt, 'setype': virt_var_run_t } - # TODO(bogdando): use container_logwriter_t as of container-selinux v2.191.0 - - { 'path': /var/log/containers/libvirt/swtpm, 'setype': container_file_t, 'mode': '0770' } - - { 'path': /var/log/containers/libvirt, 'setype': container_ro_file_t, 'selevel': s0, 'mode': '0750' } - # NOTE(bogdando): this mostly replicates today t-h-t common/common-container-setup-tasks.yaml - # we can tweak it further later, or move to some common tasks later - - { 'path': /var/lib/kolla/config_files, 'setype': container_file_t, 'selevel': s0, 'recurse': true } - - { 'path': /var/lib/tripleo-config, 'setype': container_file_t, 'selevel': s0, 'mode': '0750' } - - { 'path': /var/lib/config-data, 'setype': container_file_t, 'selevel': s0, 'mode': '0755' } - - { 'path': /var/lib/config-data/ansible-generated/nova_libvirt, 'setype': container_file_t, 'mode': '0755' } -- name: ensure /etc/ssh/ssh_known_hosts for libvirt containers bind-mounts - copy: - content: "" - dest: /etc/ssh/ssh_known_hosts - force: false -# qemu user on host will be cretaed by libvirt package install, ensure -# the qemu user created with same uid/gid as like libvirt package. -# These specific values are required since ovs is running on host. -# Once ovs with DPDK is containerized, we could modify this uid/gid -# to match with kolla config values. -- name: ensure qemu group is present on the host - group: - name: qemu - gid: 107 - state: present -- name: ensure qemu user is present on the host - user: - name: qemu - uid: 107 - group: qemu - state: present - shell: /sbin/nologin - comment: qemu user -- name: create directory for vhost-user sockets with qemu ownership - file: - path: /var/lib/vhost_sockets - state: directory - owner: qemu - group: "{{ tripleo_nova_libvirt_vhostuser_socket_group }}" - setype: virt_cache_t - seuser: system_u -- name: ensure ceph configurations exist - file: - path: "{{ tripleo_nova_libvirt_ceph_config_path }}" - state: directory -- name: check if libvirt is installed - command: /usr/bin/rpm -q libvirt-daemon - failed_when: false - register: libvirt_installed - changed_when: false - check_mode: false -- name: make sure libvirt services are disabled and masked - service: - name: "{{ item }}" - state: stopped - enabled: false - masked: true - daemon_reload: true - with_items: - - libvirtd.service - - virtlogd.socket - when: libvirt_installed.rc == 0 -- name: ensure /run/libvirt is present upon reboot - copy: - dest: /etc/tmpfiles.d/run-libvirt.conf - content: | - d /run/libvirt 0755 root root - - -- name: Enable os_enable_vtpm SELinux boolean for vTPM - seboolean: - name: os_enable_vtpm - persistent: true - state: true - when: - - ansible_facts.selinux is defined - - ansible_facts.selinux.status == "enabled" - # (slagle) Disable setting this boolean due to - # https://bugs.launchpad.net/tripleo/+bug/1977873 - - ansible_facts['distribution_major_version'] is version('9', '<') diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/logging-install.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/logging-install.yml deleted file mode 100644 index 462778874..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/logging-install.yml +++ /dev/null @@ -1,29 +0,0 @@ - ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: create libvirt persistent data directories - file: - path: "{{ item.path }}" - state: directory - setype: "{{ item.setype | default(omit) }}" - selevel: "{{ item.selevel | default(omit) }}" - recurse: "{{ item.recurse | default(omit) }}" - mode: "{{ item.mode | default(omit) }}" - with_items: - # TODO(bogdando): use container_logwriter_t as of container-selinux v2.191.0 - - { 'path': /var/log/containers/libvirt/swtpm, 'setype': container_file_t, 'mode': '0770' } - - { 'path': /var/log/containers/libvirt, 'setype': container_ro_file_t, 'selevel': s0, 'mode': '0750' } diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/logging-run.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/logging-run.yml deleted file mode 100644 index 66982f494..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/logging-run.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Ensure /var/lib/container-config-scripts exists - file: - path: /var/lib/container-config-scripts - state: directory - -- name: Manage nova_virtqemud_init_logs container - include_role: - name: tripleo_container_standalone - vars: - tripleo_container_standalone_service: nova_virtqemud_init_logs - tripleo_container_standalone_container_defs: - nova_virtqemud_init_logs: "{{ lookup('template', 'nova_virtqemud_init_logs.yaml.j2') | from_yaml }}" diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/main.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/main.yml deleted file mode 100644 index d6d61c299..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/main.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_nova_libvirt" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Include host prep tasks for Nova libvirt - import_tasks: install.yml - tags: - - install - -- name: Configure Nova libvirt - import_tasks: configure.yml - tags: - - configure - -- name: Ensure containers running for Nova libvirt - import_tasks: run.yml - tags: - - run diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/run.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/run.yml deleted file mode 100644 index 19c47f790..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/run.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Manage containers for Nova - become: "{{ not tripleo_nova_libvirt_rootless_podman|bool }}" - block: - - name: Ensure /usr/libexec/tripleo-start-podman-container exists - import_role: - name: tripleo_container_manage - tasks_from: shutdown.yml - - - name: Init logs for nova_virtqemud container - import_tasks: logging-run.yml - - - name: Run nova_libvirt containers - include_role: - name: tripleo_container_standalone - vars: - tripleo_container_standalone_service: nova_libvirt - tripleo_container_standalone_container_defs: - # TODO(bogdando): restore _wrapper handling conditions and add back create_virtlogd_wrapper, - # and conditional nova_virtlogd or nova_virtlogd_wrapper containers to start - nova_virtlogd: "{{ lookup('template', 'nova_virtlogd.yaml.j2') | from_yaml }}" - nova_virtnodedevd: "{{ lookup('template', 'nova_virtnodedevd.yaml.j2') | from_yaml }}" - nova_virtproxyd: "{{ lookup('template', 'nova_virtproxyd.yaml.j2') | from_yaml }}" - nova_virtqemud: "{{ lookup('template', 'nova_virtqemud.yaml.j2') | from_yaml }}" - nova_virtsecretd: "{{ lookup('template', 'nova_virtsecretd.yaml.j2') | from_yaml }}" - nova_virtstoraged: "{{ lookup('template', 'nova_virtstoraged.yaml.j2') | from_yaml }}" - tripleo_container_standalone_kolla_config_files: - nova_virtlogd: "{{ lookup('file', 'files/nova_virtlogd.yaml') | from_yaml }}" - nova_virtnodedevd: "{{ lookup('file', 'files/nova_virtnodedevd.yaml') | from_yaml }}" - nova_virtproxyd: "{{ lookup('file', 'files/nova_virtproxyd.yaml') | from_yaml }}" - nova_virtqemud: "{{ lookup('file', 'files/nova_virtqemud.yaml') | from_yaml }}" - nova_virtsecretd: "{{ lookup('file', 'files/nova_virtsecretd.yaml') | from_yaml }}" - nova_virtstoraged: "{{ lookup('file', 'files/nova_virtstoraged.yaml') | from_yaml }}" - - - name: Ensure /var/lib/container-config-scripts exists - file: - path: /var/lib/container-config-scripts - state: directory - - - name: Copy nova_libvirt_init_secret.sh to /var/lib/container-config-scripts - copy: - src: files/nova_libvirt_init_secret.sh - dest: /var/lib/container-config-scripts/nova_libvirt_init_secret.sh - - - name: Create libvirt secret for ceph now that nova_virtsecretd is running - when: tripleo_nova_libvirt_need_libvirt_secret|bool - include_role: - name: tripleo_container_standalone - vars: - tripleo_container_standalone_service: nova_libvirt_init_secret - tripleo_container_standalone_container_defs: - nova_libvirt_init_secret: "{{ lookup('template', 'nova_libvirt_init_secret.yaml.j2') | from_yaml }}" - tripleo_container_standalone_kolla_config_files: - nova_libvirt_init_secret: "{{ lookup('file', 'files/nova_libvirt_init_secret.yaml') | from_yaml }}" diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/update.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/update.yml deleted file mode 100644 index b7b5ba838..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/update.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Remove old tmpfiles.d config - file: - path: /etc/tmpfiles.d/var-run-libvirt.conf - state: absent diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/upgrade.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/upgrade.yml deleted file mode 100644 index d3db4469a..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/tasks/upgrade.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Inlcude update tasks to upgrade Nova Libvirt - include_tasks: update.yaml diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/create_virtlogd_wrapper.yaml.j2 b/tripleo_ansible/roles/tripleo_nova_libvirt/templates/create_virtlogd_wrapper.yaml.j2 deleted file mode 100644 index d4b07a31d..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/create_virtlogd_wrapper.yaml.j2 +++ /dev/null @@ -1,24 +0,0 @@ -# TODO: rework it for ansible, no puppet -start_order: 1 -detach: false -cgroupns: host -net: host -pid: {{ tripleo_nova_libvirt_container_pid }} -user: root -command: - - /container_puppet_apply.sh - - '4' - - file - - 'include ::tripleo::profile::base::nova::virtlogd_wrapper' -image: {{ tripleo_nova_libvirt_container_image }} -volumes: - {% set nova_libvirt_volumes = [] %} - {%- set nova_libvirt_volumes += - tripleo_nova_libvirt_container_puppet_apply_volumes + - tripleo_nova_libvirt_internal_tls_volumes + - ['/var/lib/container-config-scripts:/var/lib/container-config-scripts:shared,z'] -%} - {{ tripleo_nova_libvirt_common_volumes + nova_libvirt_volumes }} -environment: - # NOTE: this should force this container to re-run on each - # update (scale-out, etc.) - TRIPLEO_DEPLOY_IDENTIFIER: {{ tripleo_deploy_identifier }} diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_libvirt_init_secret.yaml.j2 b/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_libvirt_init_secret.yaml.j2 deleted file mode 100644 index 666759641..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_libvirt_init_secret.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ -detach: false -image: {{ tripleo_nova_libvirt_container_image }} -security_opt: - - label=disable -privileged: false -user: root -cgroupns: host -net: host -command: bash /nova_libvirt_init_secret.sh {{ tripleo_nova_libvirt_ceph_multiconfig_info | join(' ') }} -volumes: - {% set nova_libvirt_volumes = [] %} - {%- set nova_libvirt_volumes = - ['/var/lib/config-data/ansible-generated/nova_libvirt/etc/nova:/etc/nova', - '/var/lib/container-config-scripts/nova_libvirt_init_secret.sh:/nova_libvirt_init_secret.sh:ro', - tripleo_nova_libvirt_ceph_config_path ~ ':/etc/ceph:ro' ] -%} - {{ tripleo_nova_libvirt_common_volumes + nova_libvirt_volumes | unique | list }} -environment: - LIBVIRT_DEFAULT_URI: qemu:///system diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtlogd.yaml.j2 b/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtlogd.yaml.j2 deleted file mode 100644 index f026b1d08..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtlogd.yaml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -start_order: 0 -image: {{ tripleo_nova_libvirt_container_image }} -ulimit: {{ tripleo_nova_libvirt_container_ulimit }} -cgroupns: host -net: host -pid: {{ tripleo_nova_libvirt_container_pid }} -pids_limit: {{ tripleo_nova_libvirt_container_pids_limit }} -security_opt: - - label=disable -cap_add: SYS_ADMIN -restart: always -volumes: - {{ tripleo_nova_libvirt_volumes + - ['/var/lib/kolla/config_files/nova_virtlogd.json:/var/lib/kolla/config_files/config.json:ro'] }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtlogd_wrapper.yaml.j2 b/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtlogd_wrapper.yaml.j2 deleted file mode 100644 index 2c2f15026..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtlogd_wrapper.yaml.j2 +++ /dev/null @@ -1,19 +0,0 @@ -start_order: 0 -image: {{ tripleo_nova_libvirt_container_image }} -ulimit: {{ tripleo_nova_libvirt_container_ulimit }} -cgroupns: host -net: host -pid: {{ tripleo_nova_libvirt_container_pid }} -pids_limit: {{ tripleo_nova_libvirt_container_pids_limit }} -security_opt: - - label=disable -cap_add: SYS_ADMIN -restart: always -depends_on: {% if tripleo_nova_libvirt_enable_virtlogd_container_wrapper%}tripleo_nova_virtlogd_wrapper.service{% else %}tripleo_nova_virtlogd.service{% endif %} -volumes: - {{ tripleo_nova_libvirt_volumes + - ['/etc/libvirt/qemu:/etc/libvirt/qemu:ro', - '/var/lib/kolla/config_files/nova_virtlogd.json:/var/lib/kolla/config_files/config.json:ro', - tripleo_nova_libvirt_virtlogd_wrapper_virtlogd_process_wrapper ~ ':/usr/local/bin/virtlogd_wrapper:ro'] }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtnodedevd.yaml.j2 b/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtnodedevd.yaml.j2 deleted file mode 100644 index 191d122f0..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtnodedevd.yaml.j2 +++ /dev/null @@ -1,24 +0,0 @@ -start_order: 2 -image: {{ tripleo_nova_libvirt_container_image }} -ulimit: {{ tripleo_nova_libvirt_container_ulimit }} -cgroupns: host -net: host -pid: {{ tripleo_nova_libvirt_container_pid }} -pids_limit: {{ tripleo_nova_libvirt_container_pids_limit }} -privileged: true -security_opt: - - label=level:s0 - - label=type:spc_t - - label=filetype:container_share_t -restart: always -depends_on: -{% if tripleo_nova_libvirt_enable_virtlogd_container_wrapper %} - - tripleo_nova_virtlogd_wrapper.service -{% else %} - - tripleo_nova_virtlogd.service -{% endif -%} -volumes: - {{ tripleo_nova_libvirt_volumes + - ['/var/lib/kolla/config_files/nova_virtnodedevd.json:/var/lib/kolla/config_files/config.json:ro'] }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtproxyd.yaml.j2 b/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtproxyd.yaml.j2 deleted file mode 100644 index 8b96f1fea..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtproxyd.yaml.j2 +++ /dev/null @@ -1,24 +0,0 @@ -start_order: 5 -image: {{ tripleo_nova_libvirt_container_image }} -ulimit: {{ tripleo_nova_libvirt_container_ulimit }} -cgroupns: host -net: host -pid: {{ tripleo_nova_libvirt_container_pid }} -pids_limit: {{ tripleo_nova_libvirt_container_pids_limit }} -privileged: true -security_opt: - - label=level:s0 - - label=type:spc_t - - label=filetype:container_share_t -restart: always -depends_on: -{% if tripleo_nova_libvirt_enable_virtlogd_container_wrapper %} - - tripleo_nova_virtlogd_wrapper.service -{% else %} - - tripleo_nova_virtlogd.service -{% endif -%} -volumes: - {{ tripleo_nova_libvirt_volumes + - ['/var/lib/kolla/config_files/nova_virtproxyd.json:/var/lib/kolla/config_files/config.json:ro'] }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtqemud.yaml.j2 b/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtqemud.yaml.j2 deleted file mode 100644 index 4e39d1d0d..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtqemud.yaml.j2 +++ /dev/null @@ -1,24 +0,0 @@ -start_order: 4 -image: {{ tripleo_nova_libvirt_container_image }} -ulimit: {{ tripleo_nova_libvirt_container_ulimit }} -cgroupns: host -net: host -pid: {{ tripleo_nova_libvirt_container_pid }} -pids_limit: {{ tripleo_nova_libvirt_container_pids_limit }} -privileged: true -security_opt: - - label=level:s0 - - label=type:spc_t - - label=filetype:container_share_t -restart: always -depends_on: -{% if tripleo_nova_libvirt_enable_virtlogd_container_wrapper %} - - tripleo_nova_virtlogd_wrapper.service -{% else %} - - tripleo_nova_virtlogd.service -{% endif -%} -volumes: - {{ tripleo_nova_libvirt_volumes + - ['/var/lib/kolla/config_files/nova_virtqemud.json:/var/lib/kolla/config_files/config.json:ro'] }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtqemud_init_logs.yaml.j2 b/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtqemud_init_logs.yaml.j2 deleted file mode 100644 index cbd8766b7..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtqemud_init_logs.yaml.j2 +++ /dev/null @@ -1,9 +0,0 @@ -image: {{ tripleo_nova_libvirt_container_image }} -net: none -privileged: false -user: root -volumes: - - /var/log/containers/libvirt/swtpm:/var/log/swtpm:shared,z -command: ['/bin/bash', '-c', 'chown -R tss:tss /var/log/swtpm'] -environment: - TRIPLEO_DEPLOY_IDENTIFIER: "{{ tripleo_deploy_identifier | default('') }}" diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtsecretd.yaml.j2 b/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtsecretd.yaml.j2 deleted file mode 100644 index a5bd934b4..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtsecretd.yaml.j2 +++ /dev/null @@ -1,24 +0,0 @@ -start_order: 1 -image: {{ tripleo_nova_libvirt_container_image }} -ulimit: {{ tripleo_nova_libvirt_container_ulimit }} -cgroupns: host -net: host -pid: {{ tripleo_nova_libvirt_container_pid }} -pids_limit: {{ tripleo_nova_libvirt_container_pids_limit }} -privileged: true -security_opt: - - label=level:s0 - - label=type:spc_t - - label=filetype:container_share_t -restart: always -depends_on: -{% if tripleo_nova_libvirt_enable_virtlogd_container_wrapper %} - - tripleo_nova_virtlogd_wrapper.service -{% else %} - - tripleo_nova_virtlogd.service -{% endif -%} -volumes: - {{ tripleo_nova_libvirt_volumes + - ['/var/lib/kolla/config_files/nova_virtsecretd.json:/var/lib/kolla/config_files/config.json:ro'] }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtstoraged.yaml.j2 b/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtstoraged.yaml.j2 deleted file mode 100644 index faef51ab5..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/templates/nova_virtstoraged.yaml.j2 +++ /dev/null @@ -1,24 +0,0 @@ -start_order: 3 -image: {{ tripleo_nova_libvirt_container_image }} -ulimit: {{ tripleo_nova_libvirt_container_ulimit }} -cgroupns: host -net: host -pid: {{ tripleo_nova_libvirt_container_pid }} -pids_limit: {{ tripleo_nova_libvirt_container_pids_limit }} -privileged: true -security_opt: - - label=level:s0 - - label=type:spc_t - - label=filetype:container_share_t -restart: always -depends_on: -{% if tripleo_nova_libvirt_enable_virtlogd_container_wrapper %} - - tripleo_nova_virtlogd_wrapper.service -{% else %} - - tripleo_nova_virtlogd.service -{% endif -%} -volumes: - {{ tripleo_nova_libvirt_volumes + - ['/var/lib/kolla/config_files/nova_virtstoraged.json:/var/lib/kolla/config_files/config.json:ro'] }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/tripleo_ansible/roles/tripleo_nova_libvirt/vars/main.yml b/tripleo_ansible/roles/tripleo_nova_libvirt/vars/main.yml deleted file mode 100644 index 9a7194c2e..000000000 --- a/tripleo_ansible/roles/tripleo_nova_libvirt/vars/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "tripleo_nova_libvirt" diff --git a/tripleo_ansible/roles/tripleo_nova_migration_target/defaults/main.yml b/tripleo_ansible/roles/tripleo_nova_migration_target/defaults/main.yml deleted file mode 100644 index e4d9d7974..000000000 --- a/tripleo_ansible/roles/tripleo_nova_migration_target/defaults/main.yml +++ /dev/null @@ -1,59 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_nova_migration_target" -tripleo_nova_migration_target_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" - -tripleo_nova_migration_target_hide_sensitive_logs: true - -tripleo_nova_migration_target_config_image: "" -tripleo_nova_migration_target_volumes: - - /var/lib/kolla/config_files/nova-migration-target.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/nova_libvirt:/var/lib/kolla/config_files/src:ro - - /etc/ssh:/host-ssh:ro - - /run/libvirt:/run/libvirt:shared,z - - /var/lib/nova:/var/lib/nova:shared -tripleo_nova_migration_target_sshd_port: "{{ tripleo_migration_ssh_port | default('2022'. true) }}" -tripleo_nova_migration_target_ssh_key: > - {{ tripleo_migration_ssh_key | default({"public_key": "", "private_key": ""}, true) }} - -# from t-h-t hiera mappings -tripleo_nova_migration_target_sshd_password_authentication: 'no' # not a boolean -tripleo_nova_migration_target_sshd_listen: internal_api # NovaApiNetwork -tripleo_nova_migration_target_ssh_authorized_keys: > - {{ tripleo_nova_migration_target_ssh_key["public_key"] }} -tripleo_nova_migration_target_sshd_options: - HostKey: - - '/etc/ssh/ssh_host_rsa_key' - - '/etc/ssh/ssh_host_ecdsa_key' - - '/etc/ssh/ssh_host_ed25519_key' - SyslogFacility: 'AUTHPRIV' - AuthorizedKeysFile: '.ssh/authorized_keys' - ChallengeResponseAuthentication: 'no' - GSSAPIAuthentication: 'no' - GSSAPICleanupCredentials: 'no' - UsePAM: 'yes' - UseDNS: 'no' - X11Forwarding: 'yes' - AcceptEnv: - - 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES' - - 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT' - - 'LC_IDENTIFICATION LC_ALL LANGUAGE' - - 'XMODIFIERS' - Subsystem: 'sftp /usr/libexec/openssh/sftp-server' diff --git a/tripleo_ansible/roles/tripleo_nova_migration_target/files/.gitkeep b/tripleo_ansible/roles/tripleo_nova_migration_target/files/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/roles/tripleo_nova_migration_target/files/nova_migration_target.yaml b/tripleo_ansible/roles/tripleo_nova_migration_target/files/nova_migration_target.yaml deleted file mode 100644 index 5ab14d7eb..000000000 --- a/tripleo_ansible/roles/tripleo_nova_migration_target/files/nova_migration_target.yaml +++ /dev/null @@ -1,10 +0,0 @@ -command: /usr/sbin/sshd -D -p "{{ tripleo_nova_migration_target_sshd_port }}" -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: /host-ssh/ssh_host_*_key - dest: /etc/ssh/ - owner: "root" - perm: "0600" diff --git a/tripleo_ansible/roles/tripleo_nova_migration_target/handlers/main.yml b/tripleo_ansible/roles/tripleo_nova_migration_target/handlers/main.yml deleted file mode 100644 index dfe6723b5..000000000 --- a/tripleo_ansible/roles/tripleo_nova_migration_target/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. diff --git a/tripleo_ansible/roles/tripleo_nova_migration_target/meta/main.yml b/tripleo_ansible/roles/tripleo_nova_migration_target/meta/main.yml deleted file mode 100644 index 7741cbee5..000000000 --- a/tripleo_ansible/roles/tripleo_nova_migration_target/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: TripleO OpenStack Role -- tripleo_nova_migration_target - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - namespace: openstack - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 8 - - 9 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_nova_migration_target/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_nova_migration_target/molecule/default/converge.yml deleted file mode 100644 index 06d03ca7f..000000000 --- a/tripleo_ansible/roles/tripleo_nova_migration_target/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_nova_migration_target" diff --git a/tripleo_ansible/roles/tripleo_nova_migration_target/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_nova_migration_target/molecule/default/molecule.yml deleted file mode 100644 index 20d7e2005..000000000 --- a/tripleo_ansible/roles/tripleo_nova_migration_target/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_nova_migration_target/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_nova_migration_target/molecule/default/prepare.yml deleted file mode 100644 index 89a9fac71..000000000 --- a/tripleo_ansible/roles/tripleo_nova_migration_target/molecule/default/prepare.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps diff --git a/tripleo_ansible/roles/tripleo_nova_migration_target/tasks/configure.yaml b/tripleo_ansible/roles/tripleo_nova_migration_target/tasks/configure.yaml deleted file mode 100644 index 773cc5d24..000000000 --- a/tripleo_ansible/roles/tripleo_nova_migration_target/tasks/configure.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: validate nova-migration-target container state - containers.podman.podman_container_info: - name: nova_migration_target - register: nova_migration_target_infos - failed_when: - - nova_migration_target_infos.containers.0.Healthcheck.Status is defined - - "'healthy' not in nova_migration_target_infos.containers.0.Healthcheck.Status" - retries: 10 - delay: 30 diff --git a/tripleo_ansible/roles/tripleo_nova_migration_target/tasks/install.yaml b/tripleo_ansible/roles/tripleo_nova_migration_target/tasks/install.yaml deleted file mode 100644 index 246415313..000000000 --- a/tripleo_ansible/roles/tripleo_nova_migration_target/tasks/install.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Create libvirt persistent data directories - file: - path: "{{ item.path }}" - state: directory - setype: "{{ item.setype }}" - loop: - - { 'path': /run/libvirt, 'setype': virt_var_run_t } -- name: ensure /run/libvirt is present upon reboot - copy: - dest: /etc/tmpfiles.d/run-libvirt.conf - content: | - d /run/libvirt 0755 root root - - diff --git a/tripleo_ansible/roles/tripleo_nova_migration_target/tasks/main.yml b/tripleo_ansible/roles/tripleo_nova_migration_target/tasks/main.yml deleted file mode 100644 index b2b4fd7bd..000000000 --- a/tripleo_ansible/roles/tripleo_nova_migration_target/tasks/main.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_nova_migration_target" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always diff --git a/tripleo_ansible/roles/tripleo_nova_migration_target/tasks/run.yaml b/tripleo_ansible/roles/tripleo_nova_migration_target/tasks/run.yaml deleted file mode 100644 index fec98f8a6..000000000 --- a/tripleo_ansible/roles/tripleo_nova_migration_target/tasks/run.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Manage nova_migration_target containers - include_role: - name: tripleo_container_standalone - vars: - tripleo_container_standalone_service: nova_migration_target - tripleo_container_standalone_container_defs: - nova_migration_target: "{{ lookup('template'), 'nova_migration_target.yaml.j2') | from_yaml }}" - tripleo_container_standalone_kolla_config_files: - nova_migration_target: "{{ lookup('file', 'files/nova_migration_target.yaml') | from_yaml }}" diff --git a/tripleo_ansible/roles/tripleo_nova_migration_target/tasks/update.yaml b/tripleo_ansible/roles/tripleo_nova_migration_target/tasks/update.yaml deleted file mode 100644 index 955b2730e..000000000 --- a/tripleo_ansible/roles/tripleo_nova_migration_target/tasks/update.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: nova migration target tempfile cleanup - file: - path: /etc/tmpfiles.d/var-run-libvirt.conf - state: absent diff --git a/tripleo_ansible/roles/tripleo_nova_migration_target/tasks/upgrade.yaml b/tripleo_ansible/roles/tripleo_nova_migration_target/tasks/upgrade.yaml deleted file mode 100644 index 8a5eaefe8..000000000 --- a/tripleo_ansible/roles/tripleo_nova_migration_target/tasks/upgrade.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: nova migration target tempfile cleanup - include_tasks: nova_migration_target_update.yaml diff --git a/tripleo_ansible/roles/tripleo_nova_migration_target/templates/nova_migration_target.yaml.j2 b/tripleo_ansible/roles/tripleo_nova_migration_target/templates/nova_migration_target.yaml.j2 deleted file mode 100644 index 6c1abdcdf..000000000 --- a/tripleo_ansible/roles/tripleo_nova_migration_target/templates/nova_migration_target.yaml.j2 +++ /dev/null @@ -1,11 +0,0 @@ -image: {{ tripleo_nova_migration_target_config_image }} -net: host -previleged: true -user: root -restart: always -healthcheck: - test: /openstack/healthcheck -volumes: - {{ tripleo_container_standalone_common_volumes | default([]) + tripleo_nova_migration_target_volumes }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/tripleo_ansible/roles/tripleo_nova_migration_target/vars/main.yml b/tripleo_ansible/roles/tripleo_nova_migration_target/vars/main.yml deleted file mode 100644 index f5f7a7114..000000000 --- a/tripleo_ansible/roles/tripleo_nova_migration_target/vars/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "tripleo_nova_migration_target" diff --git a/tripleo_ansible/roles/tripleo_nvdimm/defaults/main.yml b/tripleo_ansible/roles/tripleo_nvdimm/defaults/main.yml deleted file mode 100644 index 044ed8174..000000000 --- a/tripleo_ansible/roles/tripleo_nvdimm/defaults/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_tripleo_nvdimm" -tripleo_tripleo_nvdimm_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" diff --git a/tripleo_ansible/roles/tripleo_nvdimm/files/.gitkeep b/tripleo_ansible/roles/tripleo_nvdimm/files/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/roles/tripleo_nvdimm/meta/main.yml b/tripleo_ansible/roles/tripleo_nvdimm/meta/main.yml deleted file mode 100644 index 1ce66784a..000000000 --- a/tripleo_ansible/roles/tripleo_nvdimm/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_nvdimm - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_nvdimm/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_nvdimm/molecule/default/converge.yml deleted file mode 100644 index 55b2d2021..000000000 --- a/tripleo_ansible/roles/tripleo_nvdimm/molecule/default/converge.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_nvdimm" - vars: - tripleo_nvdimm_pmem_namespaces: "12G:ns12g,12G:ns12g" diff --git a/tripleo_ansible/roles/tripleo_nvdimm/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_nvdimm/molecule/default/molecule.yml deleted file mode 100644 index c85c2ce3c..000000000 --- a/tripleo_ansible/roles/tripleo_nvdimm/molecule/default/molecule.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra - env: - TRIPLEO_NVDIMM_PMEM_NAMESPACES: "12G:ns12g,12G:ns12g" diff --git a/tripleo_ansible/roles/tripleo_nvdimm/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_nvdimm/molecule/default/prepare.yml deleted file mode 100644 index af3742397..000000000 --- a/tripleo_ansible/roles/tripleo_nvdimm/molecule/default/prepare.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_setup_tripleo: true - test_deps_setup_stream: true - test_deps_extra_packages: - - jq - - ndctl - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_nvdimm/molecule/default/tests/test_default.py b/tripleo_ansible/roles/tripleo_nvdimm/molecule/default/tests/test_default.py deleted file mode 100644 index 53b33d122..000000000 --- a/tripleo_ansible/roles/tripleo_nvdimm/molecule/default/tests/test_default.py +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import os -import json -import pytest -import testinfra.utils.ansible_runner - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_ndctl_is_installed(host): - ndctl = host.package("ndctl") - assert ndctl.is_installed - - -def test_namespace_is_created(host): - if not host.check_output('lsmod | grep libnvdimm | cut -d " " -f 1'): - pytest.skip("Skipping because this needs NVDIMM hardware") - pmem_ns = os.environ['TRIPLEO_NVDIMM_PMEM_NAMESPACES'] - ndctl_list_output = host.check_output('ndctl list') - namespaces = {ns.get('name') for ns in json.loads(ndctl_list_output)} - wanted_ns = [ns_name.split(':')[1] for ns_name in pmem_ns.split(',')] - for ns in wanted_ns: - assert ns in namespaces diff --git a/tripleo_ansible/roles/tripleo_nvdimm/tasks/create_namespaces.yml b/tripleo_ansible/roles/tripleo_nvdimm/tasks/create_namespaces.yml deleted file mode 100644 index 3edbdbdf9..000000000 --- a/tripleo_ansible/roles/tripleo_nvdimm/tasks/create_namespaces.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: list current namespaces - shell: | - ndctl list -X | jq -r ".[].name" - register: namespaces - changed_when: false -- name: create namespace - command: >- - ndctl create-namespace -s {{ input[0] }} -m devdax -M mem -n {{ input[1] }} - when: - - namespaces.stdout_lines is defined - - input[1] not in namespaces.stdout_lines - register: ret - changed_when: ret.rc == 0 diff --git a/tripleo_ansible/roles/tripleo_nvdimm/tasks/main.yml b/tripleo_ansible/roles/tripleo_nvdimm/tasks/main.yml deleted file mode 100644 index 3198aa785..000000000 --- a/tripleo_ansible/roles/tripleo_nvdimm/tasks/main.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_nvdimm" will search for and load any operating system variable file - -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: install dependencies - package: - name: "{{ pkgs }}" - state: present - releasever: "{{ ansible_facts['distribution_major_version'] }}" - vars: - pkgs: - - ndctl - - jq - -- name: look for libnvdimm kernel module - shell: | - lsmod | grep -q libnvdimm - register: nvdimm_kernel_mod - check_mode: false - failed_when: false - -- name: create namespaces - include_tasks: create_namespaces.yml - loop: "{{ tripleo_nvdimm_pmem_namespaces.split(',') }}" - vars: - input: "{{ item.split(':') }}" - when: - - nvdimm_kernel_mod.rc is defined - - nvdimm_kernel_mod.rc == 0 diff --git a/tripleo_ansible/roles/tripleo_nvdimm/vars/.gitkeep b/tripleo_ansible/roles/tripleo_nvdimm/vars/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/roles/tripleo_ovn/defaults/main.yml b/tripleo_ansible/roles/tripleo_ovn/defaults/main.yml deleted file mode 100644 index 65cb2c445..000000000 --- a/tripleo_ansible/roles/tripleo_ovn/defaults/main.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -# defaults file for tripleo_ovn -tripleo_ovn_bridge: br-int -tripleo_ovn_bridge_mappings: ["datacentre:br-ex"] -tripleo_ovn_encap_type: geneve -tripleo_ovn_dbs: [] -tripleo_enable_dvr: True -tripleo_enable_hw_offload: False -tripleo_ovn_multi_rhel: False -tripleo_enable_internal_tls: False -tripleo_ovn_sb_server_port: 6642 -tripleo_ovn_of_probe_interval: 60 -tripleo_ovn_remote_probe_interval: 60000 -tripleo_ovn_ofctrl_wait_before_clear: 8000 -tripleo_ovn_controller_image: "quay.io/tripleomastercentos9/openstack-ovn-controller:current-tripleo" -tripleo_ovn_encap_ip: "{{ tenant_ip }}" -tripleo_ovn_protocol: "{% if tripleo_enable_internal_tls | bool %}ssl{% else %}tcp{% endif %}" - -tripleo_ovn_controller_common_volumes: - - /lib/modules:/lib/modules:ro - - /run:/run - - /var/lib/openvswitch/ovn:/run/ovn:shared,z - - /var/log/containers/openvswitch:/var/log/openvswitch:z - - /var/log/containers/openvswitch:/var/log/ovn:z - - /var/lib/kolla/config_files/ovn_controller.json:/var/lib/kolla/config_files/config.json:ro - -tripleo_ovn_controller_tls_volumes: - - /etc/pki/tls/certs/:/etc/pki/tls/certs/ - - /etc/pki/tls/private/:/etc/pki/tls/private/ - -# Set external_id data from provided variables -tripleo_ovn_ovs_external_ids: - hostname: "{{ ansible_facts['fqdn'] }}" - ovn-bridge: "{{ tripleo_ovn_bridge }}" - ovn-bridge-mappings: "{{ tripleo_ovn_bridge_mappings|join(', ') }}" - ovn-encap-ip: "{{ tripleo_ovn_encap_ip }}" - ovn-encap-type: "{{ tripleo_ovn_encap_type }}" - ovn-match-northd-version: True - ovn-monitor-all: True - ovn-openflow-probe-interval: "{{ tripleo_ovn_of_probe_interval }}" - ovn-remote: "{% set db_addresses = [] %}{% for host in tripleo_ovn_dbs %}{{ db_addresses.append([tripleo_ovn_protocol, host, tripleo_ovn_sb_server_port] | join(':')) }}{% endfor %}{{ db_addresses | join(',') }}" - ovn-remote-probe-interval: "{{ tripleo_ovn_remote_probe_interval }}" - ovn-ofctrl-wait-before-clear: "{{ tripleo_ovn_ofctrl_wait_before_clear }}" - rundir: "/var/run/openvswitch" - -# Set openvswitch other_config. -tripleo_ovn_ovs_other_config: - vlan-limit: 0 diff --git a/tripleo_ansible/roles/tripleo_ovn/files/neutron-cleanup b/tripleo_ansible/roles/tripleo_ovn/files/neutron-cleanup deleted file mode 100755 index c994501a3..000000000 --- a/tripleo_ansible/roles/tripleo_ovn/files/neutron-cleanup +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# Cleanup neutron OVS bridges. To be called on startup to avoid -# "difficult-to-debug" issues with partially configured resources. - -NEUTRON_OVS_CONF=/var/lib/config-data/puppet-generated/neutron/etc/neutron/plugins/ml2/openvswitch_agent.ini - -if [ -e ${NEUTRON_OVS_CONF} ]; then - INT_BRIDGE=`crudini --get ${NEUTRON_OVS_CONF} ovs integration_bridge` - TUN_BRIDGE=`crudini --get ${NEUTRON_OVS_CONF} ovs tunnel_bridge` -fi - -for port in `ovs-vsctl list-ports ${INT_BRIDGE:-"br-int"}`; do - skip_cleanup=`ovs-vsctl --if-exists get Interface $port external_ids:skip_cleanup` - if ! [[ "x$skip_cleanup" == "x\"true\"" ]]; then - ovs-vsctl del-port ${INT_BRIDGE:-"br-int"} $port - fi -done - -ovs-vsctl --if-exists del-br ${TUN_BRIDGE:-"br-tun"} - -# Clean up trunk port bridges -for br in $(ovs-vsctl list-br | egrep 'tbr-[0-9a-f\-]+'); do - ovs-vsctl --if-exists del-br $br -done diff --git a/tripleo_ansible/roles/tripleo_ovn/files/neutron-cleanup.service b/tripleo_ansible/roles/tripleo_ovn/files/neutron-cleanup.service deleted file mode 100644 index efbd07f79..000000000 --- a/tripleo_ansible/roles/tripleo_ovn/files/neutron-cleanup.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Neutron cleanup on startup -After=openvswitch.service network.target -Before=tripleo_neutron_ovs_agent.service tripleo_neutron_dhcp.service tripleo_neutron_l3_agent.service tripleo_nova_compute.service -RefuseManualStop=yes - -[Service] -Type=oneshot -ExecStart=/usr/libexec/neutron-cleanup - -[Install] -WantedBy=multi-user.target diff --git a/tripleo_ansible/roles/tripleo_ovn/meta/main.yml b/tripleo_ansible/roles/tripleo_ovn/meta/main.yml deleted file mode 100644 index 2734c7abb..000000000 --- a/tripleo_ansible/roles/tripleo_ovn/meta/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_ovn - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - 9 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_ovn/molecule/default/Dockerfile.j2 b/tripleo_ansible/roles/tripleo_ovn/molecule/default/Dockerfile.j2 deleted file mode 100644 index 43116590e..000000000 --- a/tripleo_ansible/roles/tripleo_ovn/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,59 +0,0 @@ -# Molecule managed -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash python*setuptools systemd {{ item.pkg_extras | default('') }} && dnf clean all; - -RUN dnf -y update && \ - rpm --setcaps shadow-utils 2>/dev/null && \ - dnf -y install podman fuse-overlayfs \ - --exclude container-selinux && \ - dnf clean all && \ - rm -rf /var/cache /var/log/dnf* /var/log/yum.* - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} - -ARG _REPO_URL="https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable" -ADD $_REPO_URL/containers.conf /etc/containers/containers.conf - -RUN sed -i -e 's|^#mount_program|mount_program|g' \ - -e '/additionalimage.*/a "/var/lib/shared",' \ - -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \ - /etc/containers/storage.conf - -VOLUME /var/lib/containers - -RUN mkdir -p /var/lib/shared/overlay-images \ - /var/lib/shared/overlay-layers \ - /var/lib/shared/vfs-images \ - /var/lib/shared/vfs-layers && \ - touch /var/lib/shared/overlay-images/images.lock && \ - touch /var/lib/shared/overlay-layers/layers.lock && \ - touch /var/lib/shared/vfs-images/images.lock && \ - touch /var/lib/shared/vfs-layers/layers.lock - -ENV _CONTAINERS_USERNS_CONFIGURED="" - -CMD {{ item.command }} diff --git a/tripleo_ansible/roles/tripleo_ovn/molecule/default/cleanup.yml b/tripleo_ansible/roles/tripleo_ovn/molecule/default/cleanup.yml deleted file mode 100644 index 0a353bdb0..000000000 --- a/tripleo_ansible/roles/tripleo_ovn/molecule/default/cleanup.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Cleanup - hosts: centos - gather_facts: false - any_errors_fatal: true - become: true - tasks: [] diff --git a/tripleo_ansible/roles/tripleo_ovn/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_ovn/molecule/default/converge.yml deleted file mode 100644 index 7c13581a2..000000000 --- a/tripleo_ansible/roles/tripleo_ovn/molecule/default/converge.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Converge - hosts: all - gather_facts: true - become: true - tasks: - - include_role: - name: "tripleo_ovn" - vars: - tenant_ip: "{{ ansible_host }}" - tripleo_ovn_dbs: - - "{{ ansible_host }}" diff --git a/tripleo_ansible/roles/tripleo_ovn/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_ovn/molecule/default/molecule.yml deleted file mode 100644 index de2297d60..000000000 --- a/tripleo_ansible/roles/tripleo_ovn/molecule/default/molecule.yml +++ /dev/null @@ -1,63 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -driver: - name: podman - -platforms: - - name: centos - hostname: centos - image: ${TRIPLEO_ANSIBLE_MOLECULE_IMAGE:-"ubi9/ubi-init"} - registry: - url: ${TRIPLEO_ANSIBLE_MOLECULE_REGISTRY:-"registry.access.redhat.com"} - dockerfile: Dockerfile.j2 - pkg_extras: python*setuptools systemd - command: "/sbin/init" - volumes: ${TRIPLEO_ANSIBLE_OVN_MOLECULE_VOLUMES:-['/sys/fs/cgroup:/sys/fs/cgroup:rw','/etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro','/etc/pki/rpm-gpg:/etc/pki/rpm-gpg:O','/opt/yum.repos.d:/etc/yum.repos.d:O','/etc/dnf/vars:/etc/dnf/vars:O']} - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - ulimits: &ulimit - - host - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles:${MOLECULE_PROJECT_DIRECTORY}/../../roles.galaxy" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY}:${MOLECULE_PROJECT_DIRECTORY}/../../ansible_plugins/modules" - ANSIBLE_ACTION_PLUGINS: "${ANSIBLE_ACTION_PLUGINS}:${MOLECULE_PROJECT_DIRECTORY}/../../ansible_plugins/action" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS}:${MOLECULE_PROJECT_DIRECTORY}/../../ansible_plugins/filter" - ANSIBLE_STRATEGY_PLUGINS: "${ANSIBLE_STRATEGY_PLUGINS}:${MOLECULE_PROJECT_DIRECTORY}/../../ansible_plugins/strategy" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - cleanup - -verifier: - name: ansible diff --git a/tripleo_ansible/roles/tripleo_ovn/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_ovn/molecule/default/prepare.yml deleted file mode 100644 index 3bb980a4b..000000000 --- a/tripleo_ansible/roles/tripleo_ovn/molecule/default/prepare.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: centos - gather_facts: true - tasks: - - include_role: - name: test_deps - vars: - test_deps_setup_tripleo: true - test_deps_setup_stream: true - test_deps_tripleo_packages: - - openvswitch - - libibverbs - - include_role: - name: env_data - - # The openvswitch kernel module needs to be loaded on the host - - name: install and modprobe openvswitch - shell: | - sudo dnf -y install openvswitch - sudo modprobe openvswitch - delegate_to: localhost - run_once: true - - post_tasks: [] diff --git a/tripleo_ansible/roles/tripleo_ovn/tasks/bootstrap.yml b/tripleo_ansible/roles/tripleo_ovn/tasks/bootstrap.yml deleted file mode 100644 index 4688de8bb..000000000 --- a/tripleo_ansible/roles/tripleo_ovn/tasks/bootstrap.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Ensure the OVS service is running - ansible.builtin.systemd: - name: openvswitch - state: started diff --git a/tripleo_ansible/roles/tripleo_ovn/tasks/cleanup.yml b/tripleo_ansible/roles/tripleo_ovn/tasks/cleanup.yml deleted file mode 100644 index 873e59c66..000000000 --- a/tripleo_ansible/roles/tripleo_ovn/tasks/cleanup.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Cleanup hw-offload when no longer required - ansible.builtin.shell: > - ovs-vsctl remove open . other_config hw-offload - when: not tripleo_enable_hw_offload | bool - -- name: Cleanup enable-chassis-as-gw when DVR not enabled - ansible.builtin.shell: > - ovs-vsctl remove open . external_ids ovn-cms-options - when: not tripleo_enable_dvr | bool diff --git a/tripleo_ansible/roles/tripleo_ovn/tasks/configure.yml b/tripleo_ansible/roles/tripleo_ovn/tasks/configure.yml deleted file mode 100644 index 8da93dc15..000000000 --- a/tripleo_ansible/roles/tripleo_ovn/tasks/configure.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Set DVR setting when enabled - block: - - name: Set enable-chassis-as-gw - set_fact: - cms_options: - ovn-cms-options: "enable-chassis-as-gw" - - - name: Append CMS options to external_ids - set_fact: - tripleo_ovn_ovs_external_ids: "{{ tripleo_ovn_ovs_external_ids | combine(cms_options) }}" - when: tripleo_enable_dvr|default(true) - -- name: Configure hw-offload when required - block: - - name: Add hw-offload if enabled - set_fact: - hw_offload: - hw-offload: True - - - name: append other_config with hw-offload - set_fact: - other_config: "{{ tripleo_ovn_ovs_other_config | combine(hw_offload) }}" - when: tripleo_enable_hw_offload|default(false) - -- name: Configure OVS external_ids - ansible.builtin.shell: > - ovs-vsctl set open . {% for key, value in tripleo_ovn_ovs_external_ids.items() %} external_ids:{{ key }}={{ value }} {% endfor %} - -- name: Configure OVS other_config - ansible.builtin.shell: > - ovs-vsctl set open . {% for key, value in tripleo_ovn_ovs_other_config.items() %} other_config:{{ key }}={{ value }} {% endfor %} diff --git a/tripleo_ansible/roles/tripleo_ovn/tasks/externaldeploy.yml b/tripleo_ansible/roles/tripleo_ovn/tasks/externaldeploy.yml deleted file mode 100644 index 309451139..000000000 --- a/tripleo_ansible/roles/tripleo_ovn/tasks/externaldeploy.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: create ovn mac address for {{ tripleo_role_name }} role nodes - tripleo_ovn_mac_addresses: - playbook_dir: "{{ playbook_dir }}" - stack_name: "{{ stack_name }}" - server_resource_names: "{{ groups[tripleo_role_name] }}" - ovn_bridge_mappings: "{{ tripleo_ovn_bridge_mappings | join(', ') }}" - ovn_static_bridge_mac_mappings: "{{ ovn_static_bridge_mac_mappings }}" diff --git a/tripleo_ansible/roles/tripleo_ovn/tasks/install.yml b/tripleo_ansible/roles/tripleo_ovn/tasks/install.yml deleted file mode 100644 index 0cc24ac3d..000000000 --- a/tripleo_ansible/roles/tripleo_ovn/tasks/install.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: create persistent directories - ansible.builtin.file: - path: "{{ item.path }}" - state: directory - setype: "{{ item.setype }}" - mode: "{{ item.mode|default(omit) }}" - loop: - - { 'path': /var/log/containers/openvswitch, 'setype': container_file_t, 'mode': '0750' } - - { 'path': /var/lib/openvswitch/ovn, 'setype': container_file_t } - -- name: enable virt_sandbox_use_netlink for healthcheck - ansible.builtin.seboolean: - name: virt_sandbox_use_netlink - persistent: true - state: true - when: - - ansible_facts.selinux is defined - - ansible_facts.selinux.status == "enabled" - -- name: Copy in cleanup script - ansible.builtin.copy: - src: neutron-cleanup - dest: '/usr/libexec/neutron-cleanup' - force: true - mode: '0755' - -- name: Copy in cleanup service - ansible.builtin.copy: - src: neutron-cleanup.service - dest: '/usr/lib/systemd/system/neutron-cleanup.service' - force: true - -- name: Enabling the cleanup service - ansible.builtin.service: - name: neutron-cleanup - enabled: true diff --git a/tripleo_ansible/roles/tripleo_ovn/tasks/main.yml b/tripleo_ansible/roles/tripleo_ovn/tasks/main.yml deleted file mode 100644 index 9b9bb83b4..000000000 --- a/tripleo_ansible/roles/tripleo_ovn/tasks/main.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -- name: Include host prep tasks - import_tasks: install.yml - -- name: Include bootstrap tasks - import_tasks: bootstrap.yml - -- name: Configure OVS - import_tasks: configure.yml - -- name: Ensure ovn_controller is running - import_tasks: run.yml - -- name: Cleanup unwanted OVS keys - import_tasks: cleanup.yml diff --git a/tripleo_ansible/roles/tripleo_ovn/tasks/run.yml b/tripleo_ansible/roles/tripleo_ovn/tasks/run.yml deleted file mode 100644 index ae252bfa6..000000000 --- a/tripleo_ansible/roles/tripleo_ovn/tasks/run.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Ensure /usr/libexec/tripleo-start-podman-container exists - import_role: - name: tripleo_container_manage - tasks_from: shutdown.yml - -- name: Run ovn_controller container - include_role: - name: tripleo_container_standalone - vars: - tripleo_container_standalone_service: ovn_controller - tripleo_container_standalone_container_defs: - ovn_controller: "{{ lookup('template', 'ovn_controller.yaml.j2') | from_yaml }}" - tripleo_container_standalone_kolla_config_files: - ovn_controller: "{{ lookup('template', 'kolla_ovn_controller.yaml.j2') | from_yaml }}" diff --git a/tripleo_ansible/roles/tripleo_ovn/templates/kolla_ovn_controller.yaml.j2 b/tripleo_ansible/roles/tripleo_ovn/templates/kolla_ovn_controller.yaml.j2 deleted file mode 100644 index bd38658dc..000000000 --- a/tripleo_ansible/roles/tripleo_ovn/templates/kolla_ovn_controller.yaml.j2 +++ /dev/null @@ -1,8 +0,0 @@ -command: "/usr/bin/ovn-controller --pidfile --log-file unix:/run/openvswitch/db.sock {% if tripleo_enable_internal_tls | bool %} -p /etc/pki/tls/private/ovn_controller.key -c /etc/pki/tls/certs/ovn_controller.crt -C {{ tripleo_internal_tls_ca_file }} {% endif %}" -permissions: - - path: /var/log/openvswitch - owner: root:root - recurse: true - - path: /var/log/ovn - owner: root:root - recurse: true diff --git a/tripleo_ansible/roles/tripleo_ovn/templates/ovn_controller.yaml.j2 b/tripleo_ansible/roles/tripleo_ovn/templates/ovn_controller.yaml.j2 deleted file mode 100644 index 2b93ee583..000000000 --- a/tripleo_ansible/roles/tripleo_ovn/templates/ovn_controller.yaml.j2 +++ /dev/null @@ -1,27 +0,0 @@ -start_order: 1 -image: "{{ tripleo_ovn_controller_image }}" -net: host -privileged: true -user: root -restart: always -depends_on: - - openvswitch.service -{% if tripleo_ovn_cpu_set|default(false) %} -cpuset_cpus: "{{ tripleo_ovn_cpu_set }}" -{% endif -%} -healthcheck: - test: '/openstack/healthcheck {{ tripleo_ovn_sb_server_port }}' -volumes: - {% set tripleo_ovn_controller_volumes = [] %} - {%- set tripleo_ovn_controller_volumes = - tripleo_ovn_controller_volumes + - tripleo_ovn_controller_common_volumes %} - {%- if tripleo_enable_internal_tls|bool -%} - {%- set tripleo_ovn_controller_volumes = - tripleo_ovn_controller_volumes + - tripleo_ovn_controller_common_volumes + - tripleo_ovn_controller_tls_volumes -%} - {% endif %} - {{ tripleo_ovn_controller_volumes }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/tripleo_ansible/roles/tripleo_ovn_cluster/defaults/main.yml b/tripleo_ansible/roles/tripleo_ovn_cluster/defaults/main.yml deleted file mode 100644 index a5765bd08..000000000 --- a/tripleo_ansible/roles/tripleo_ovn_cluster/defaults/main.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_ovn_cluster" - -tripleo_ovn_cluster_config_basedir: /var/lib/config-data/ansible-generated/ovn -tripleo_ovn_cluster_network: ctlplane - -tripleo_ovn_cluster_nb_db_protocol: "{{ enable_internal_tls | bool | ternary('ssl', 'tcp') }}" -tripleo_ovn_cluster_nb_db_port: 6641 -tripleo_ovn_cluster_nb_local_port: 6643 -tripleo_ovn_cluster_nb_remote_port: 6643 -tripleo_ovn_cluster_nb_election_timer: 10 -tripleo_ovn_cluster_nb_ssl_key: /etc/pki/tls/private/ovn_dbs.key -tripleo_ovn_cluster_nb_ssl_cert: /etc/pki/tls/certs/ovn_dbs.crt -tripleo_ovn_cluster_nb_ssl_ca_cert: /etc/ipa/ca.crt - -tripleo_ovn_cluster_sb_db_protocol: "{{ enable_internal_tls | bool | ternary('ssl', 'tcp') }}" -tripleo_ovn_cluster_sb_db_port: 6642 -tripleo_ovn_cluster_sb_local_port: 6644 -tripleo_ovn_cluster_sb_remote_port: 6644 -tripleo_ovn_cluster_sb_election_timer: 16 -tripleo_ovn_cluster_sb_ssl_key: /etc/pki/tls/private/ovn_dbs.key -tripleo_ovn_cluster_sb_ssl_cert: /etc/pki/tls/certs/ovn_dbs.crt -tripleo_ovn_cluster_sb_ssl_ca_cert: /etc/ipa/ca.crt - -tripleo_ovn_cluster_northd_protocol: "{{ enable_internal_tls | bool | ternary('ssl', 'tcp') }}" -tripleo_ovn_cluster_northd_ssl_key: /etc/pki/tls/private/ovn_dbs.key -tripleo_ovn_cluster_northd_ssl_cert: /etc/pki/tls/certs/ovn_dbs.crt -tripleo_ovn_cluster_northd_ssl_ca_cert: /etc/ipa/ca.crt diff --git a/tripleo_ansible/roles/tripleo_ovn_cluster/meta/main.yml b/tripleo_ansible/roles/tripleo_ovn_cluster/meta/main.yml deleted file mode 100644 index a33a52c55..000000000 --- a/tripleo_ansible/roles/tripleo_ovn_cluster/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_ovn_cluster - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_ovn_cluster/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_ovn_cluster/molecule/default/converge.yml deleted file mode 100644 index cacd2c7ba..000000000 --- a/tripleo_ansible/roles/tripleo_ovn_cluster/molecule/default/converge.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Converge - hosts: all - roles: - - role: "tripleo_ovn_cluster" diff --git a/tripleo_ansible/roles/tripleo_ovn_cluster/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_ovn_cluster/molecule/default/molecule.yml deleted file mode 100644 index 6fa83ad0a..000000000 --- a/tripleo_ansible/roles/tripleo_ovn_cluster/molecule/default/molecule.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - vars: - ctlplane_ip: 192.168.24.2 - enable_internal_tls: true - ovn_dbs_bootstrap_node_ip: 10.0.0.20 - ovn_dbs_node_ips: 10.0.0.20,10.0.0.30,10.0.0.40 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_ovn_cluster/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_ovn_cluster/molecule/default/prepare.yml deleted file mode 100644 index e0cb70096..000000000 --- a/tripleo_ansible/roles/tripleo_ovn_cluster/molecule/default/prepare.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_setup_stream: true - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_ovn_cluster/tasks/main.yml b/tripleo_ansible/roles/tripleo_ovn_cluster/tasks/main.yml deleted file mode 100644 index 7eb019e78..000000000 --- a/tripleo_ansible/roles/tripleo_ovn_cluster/tasks/main.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: create directory {{ tripleo_ovn_cluster_config_basedir }} - become: true - ansible.builtin.file: - path: "{{ tripleo_ovn_cluster_config_basedir }}/etc/sysconfig" - recurse: true - state: directory - selevel: s0 - setype: container_file_t - -- name: set is_ovn_dbs_bootstrap_node fact - set_fact: - is_ovn_dbs_bootstrap_node: "{{ ovn_dbs_short_bootstrap_node_name|default('')|lower == ansible_facts['hostname']|lower }}" - when: is_ovn_dbs_bootstrap_node is undefined - -- name: check ovsdb-tool election-timer options - shell: ovsdb-tool --help|grep -q election-timer - register: check_ovsdb_tool_election_timer - failed_when: check_ovsdb_tool_election_timer.rc > 1 - -- name: set has_ovsdb_tool_election_timer fact - set_fact: - has_ovsdb_tool_election_timer: "{{ check_ovsdb_tool_election_timer.rc == 0 }}" - when: has_ovsdb_tool_election_timer is undefined - -- name: render OVN cluster configuration - become: true - ansible.builtin.template: - src: ovn_cluster.j2 - dest: "{{ tripleo_ovn_cluster_config_basedir }}/etc/sysconfig/ovn_cluster" - mode: '640' - selevel: s0 - setype: container_file_t - register: _ovn_cluster_config_result - -- name: restart OVN northd and north and south databases - include_tasks: restart.yml - when: _ovn_cluster_config_result.changed - loop: - - tripleo_cluster_north_db_server - - tripleo_cluster_south_db_server - - tripleo_cluster_northd diff --git a/tripleo_ansible/roles/tripleo_ovn_cluster/tasks/restart.yml b/tripleo_ansible/roles/tripleo_ovn_cluster/tasks/restart.yml deleted file mode 100644 index f54dbb204..000000000 --- a/tripleo_ansible/roles/tripleo_ovn_cluster/tasks/restart.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: check if {{ item }} systemd service is active - become: true - shell: "systemctl is-active --quiet {{ item }}" - failed_when: false - register: ovn_active_service - -- name: restart {{ item }} systemd service - become: true - systemd: - name: "{{ item }}" - state: restarted - when: - - ovn_active_service.rc == 0 diff --git a/tripleo_ansible/roles/tripleo_ovn_cluster/templates/ovn_cluster.j2 b/tripleo_ansible/roles/tripleo_ovn_cluster/templates/ovn_cluster.j2 deleted file mode 100644 index c8b678efc..000000000 --- a/tripleo_ansible/roles/tripleo_ovn_cluster/templates/ovn_cluster.j2 +++ /dev/null @@ -1,54 +0,0 @@ -# {{ ansible_managed }} - -# OVN Northbound Database -OVN_NB_DB_OPTS=" ---db-nb-create-insecure-remote=no \ -{% if tripleo_ovn_cluster_nb_db_protocol == 'ssl' %} ---ovn-nb-db-ssl-key={{ tripleo_ovn_cluster_nb_ssl_key }} \ ---ovn-nb-db-ssl-cert={{ tripleo_ovn_cluster_nb_ssl_cert }} \ ---ovn-nb-db-ssl-ca-cert={{ tripleo_ovn_cluster_nb_ssl_ca_cert }} \ -{% endif %} -{% if not is_ovn_dbs_bootstrap_node|bool %} ---db-nb-cluster-remote-proto={{ tripleo_ovn_cluster_nb_db_protocol }} \ ---db-nb-cluster-remote-addr={{ ovn_dbs_bootstrap_node_ip | ansible.netcommon.ipwrap }} \ ---db-nb-cluster-remote-port={{ tripleo_ovn_cluster_nb_remote_port }} \ -{% elif has_ovsdb_tool_election_timer|bool %} ---db-nb-election-timer={{ tripleo_ovn_cluster_nb_election_timer * 1000 }} \ -{% endif %} ---db-nb-cluster-local-proto={{ tripleo_ovn_cluster_nb_db_protocol }} \ ---db-nb-cluster-local-addr={{ hostvars[inventory_hostname][tripleo_ovn_cluster_network ~ '_ip'] | ansible.netcommon.ipwrap }} \ ---db-nb-cluster-local-port={{ tripleo_ovn_cluster_nb_local_port }} \ ---db-nb-addr={{ hostvars[inventory_hostname][tripleo_ovn_cluster_network ~ '_ip'] | ansible.netcommon.ipwrap }} \ ---db-nb-port={{ tripleo_ovn_cluster_nb_db_port }}" - -# OVN Southbound Database -OVN_SB_DB_OPTS=" ---db-sb-create-insecure-remote=no \ -{% if tripleo_ovn_cluster_sb_db_protocol == 'ssl' %} ---ovn-sb-db-ssl-key={{ tripleo_ovn_cluster_sb_ssl_key }} \ ---ovn-sb-db-ssl-cert={{ tripleo_ovn_cluster_sb_ssl_cert }} \ ---ovn-sb-db-ssl-ca-cert={{ tripleo_ovn_cluster_sb_ssl_ca_cert }} \ -{% endif %} -{% if not is_ovn_dbs_bootstrap_node|bool %} ---db-sb-cluster-remote-proto={{ tripleo_ovn_cluster_sb_db_protocol }} \ ---db-sb-cluster-remote-addr={{ ovn_dbs_bootstrap_node_ip | ansible.netcommon.ipwrap }} \ ---db-sb-cluster-remote-port={{ tripleo_ovn_cluster_sb_remote_port }} \ -{% elif has_ovsdb_tool_election_timer|bool %} ---db-sb-election-timer={{ tripleo_ovn_cluster_sb_election_timer * 1000 }} \ -{% endif %} ---db-sb-cluster-local-proto={{ tripleo_ovn_cluster_sb_db_protocol }} \ ---db-sb-cluster-local-addr={{ hostvars[inventory_hostname][tripleo_ovn_cluster_network ~ '_ip'] | ansible.netcommon.ipwrap }} \ ---db-sb-cluster-local-port={{ tripleo_ovn_cluster_sb_local_port }} \ ---db-sb-addr={{ hostvars[inventory_hostname][tripleo_ovn_cluster_network ~ '_ip'] | ansible.netcommon.ipwrap }} \ ---db-sb-port={{ tripleo_ovn_cluster_sb_db_port }}" - -# OVN Northd -OVN_NORTHD_OPTS=" ---no-chdir -vconsole:emer -vsyslog:err -vfile:info --pidfile=/run/openvswitch/ovn-northd.pid --log-file=/var/log/openvswitch/ovn-northd.log \ -{% if tripleo_ovn_cluster_northd_protocol == 'ssl' %} ---private-key={{ tripleo_ovn_cluster_northd_ssl_key }} \ ---certificate={{ tripleo_ovn_cluster_northd_ssl_cert }} \ ---ca-cert={{ tripleo_ovn_cluster_northd_ssl_ca_cert }} \ -{% endif %} ---ovnnb-db={{ [tripleo_ovn_cluster_nb_db_protocol] | product(ovn_dbs_node_ips | ansible.netcommon.ipwrap) | map('join', ':') | product([tripleo_ovn_cluster_nb_db_port]) | map('join', ':') | join(',') }} \ ---ovnsb-db={{ [tripleo_ovn_cluster_nb_db_protocol] | product(ovn_dbs_node_ips | ansible.netcommon.ipwrap) | map('join', ':') | product([tripleo_ovn_cluster_sb_db_port]) | map('join', ':') | join(',') }}" diff --git a/tripleo_ansible/roles/tripleo_ovs_dpdk/defaults/main.yml b/tripleo_ansible/roles/tripleo_ovs_dpdk/defaults/main.yml deleted file mode 100644 index f4a19d4cf..000000000 --- a/tripleo_ansible/roles/tripleo_ovs_dpdk/defaults/main.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should place placed in this file. - -# All variables within this role should have a prefix of "tripleo_ovs_dpdk" -tripleo_ovs_dpdk_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_ovs_dpdk_pmd_core_list: "" -tripleo_ovs_dpdk_lcore_list: "" -tripleo_ovs_dpdk_memory_channels: 4 -tripleo_ovs_dpdk_extra: "" -tripleo_ovs_dpdk_socket_memory: "" -tripleo_ovs_dpdk_revalidator_cores: "" -tripleo_ovs_dpdk_handler_cores: "" -tripleo_ovs_dpdk_emc_insertion_probablity: "" -tripleo_ovs_dpdk_enable_tso: false -tripleo_ovs_dpdk_pmd_auto_lb: false -tripleo_ovs_dpdk_pmd_load_threshold: "" -tripleo_ovs_dpdk_pmd_improvement_threshold: "" -tripleo_ovs_dpdk_pmd_rebal_interval: "" -tripleo_ovs_dpdk_vhost_postcopy_support: false -tripleo_ovs_dpdk_vhost_postcopy_ovs_options: "--mlockall=no" diff --git a/tripleo_ansible/roles/tripleo_ovs_dpdk/library/openvswitch_db.py b/tripleo_ansible/roles/tripleo_ovs_dpdk/library/openvswitch_db.py deleted file mode 100644 index c722ccfcb..000000000 --- a/tripleo_ansible/roles/tripleo_ovs_dpdk/library/openvswitch_db.py +++ /dev/null @@ -1,238 +0,0 @@ -#!/usr/bin/python -# coding: utf-8 -*- - -# -# (c) 2015, Mark Hamilton -# Portions copyright @ 2015 VMware, Inc. -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -__metaclass__ = type - - -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'network'} - - -DOCUMENTATION = """ ---- -module: openvswitch_db -author: "Mark Hamilton (@markleehamilton) " -version_added: 2.0 -short_description: Configure open vswitch database. -requirements: [ "ovs-vsctl >= 2.3.3" ] -description: - - Set column values in record in database table. -options: - state: - required: false - description: - - Configures the state of the key. When set - to I(present), the I(key) and I(value) pair will be set - on the I(record) and when set to I(absent) the I(key) - will not be set. - default: present - choices: ['present', 'absent'] - version_added: "2.4" - table: - required: true - description: - - Identifies the table in the database. - record: - required: true - description: - - Identifies the record in the table. - col: - required: true - description: - - Identifies the column in the record. - key: - required: false - description: - - Identifies the key in the record column, when the column is a map - type. - value: - required: false - description: - - Expected value for the table, record, column and key. - - Required when I(state) is I(present) - timeout: - required: false - default: 5 - description: - - How long to wait for ovs-vswitchd to respond -""" - -EXAMPLES = ''' -# Increase the maximum idle time to 50 seconds before pruning unused kernel -# rules. -- openvswitch_db: - table: open_vswitch - record: . - col: other_config - key: max-idle - value: 50000 - -# Disable in band copy -- openvswitch_db: - table: Bridge - record: br-int - col: other_config - key: disable-in-band - value: true - -# Remove in band key -- openvswitch_db: - state: absent - table: Bridge - record: br-int - col: other_config - key: disable-in-band - -# Mark port with tag 10 -- openvswitch_db: - table: Port - record: port0 - col: tag - value: 10 -''' -import re - -from ansible.module_utils.basic import AnsibleModule - -# Regular expression for map type, must not be empty -NON_EMPTY_MAP_RE = re.compile(r'{.+}') -# Regular expression for a map column type -MAP_RE = re.compile(r'{.*}') - - -def map_obj_to_commands(want, have, module): - """ Define ovs-vsctl command to meet desired state """ - commands = list() - - if module.params['state'] == 'absent': - if 'key' in have.keys(): - templatized_command = "%(ovs-vsctl)s -t %(timeout)s remove %(table)s %(record)s " \ - "%(col)s %(key)s" - # Append the value only when provided - if 'value' in want.keys(): - templatized_command += "=%(value)s" - commands.append(templatized_command % module.params) - elif module.params['key'] is None: - templatized_command = "%(ovs-vsctl)s -t %(timeout)s remove %(table)s %(record)s " \ - "%(col)s" - commands.append(templatized_command % module.params) - else: - if want == have: - # Nothing to commit - return commands - if module.params['key'] is None: - templatized_command = "%(ovs-vsctl)s -t %(timeout)s set %(table)s %(record)s " \ - "%(col)s=%(value)s" - commands.append(templatized_command % module.params) - else: - templatized_command = "%(ovs-vsctl)s -t %(timeout)s set %(table)s %(record)s " \ - "%(col)s:%(key)s=%(value)s" - commands.append(templatized_command % module.params) - - return commands - - -def map_config_to_obj(module): - templatized_command = "%(ovs-vsctl)s -t %(timeout)s list %(table)s %(record)s" - command = templatized_command % module.params - rc, out, err = module.run_command(command, check_rc=True) - if rc != 0: - module.fail_json(msg=err) - - match = re.search(r'^' + module.params['col'] + r'(\s+):(\s+)(.*)$', out, re.M) - - col_value = match.group(3) - - # Map types require key argument - has_key = module.params['key'] is not None - is_map = MAP_RE.match(col_value) - if is_map and not has_key: - module.fail_json( - msg="missing required arguments: key for map type of column") - - col_value_to_dict = {} - if NON_EMPTY_MAP_RE.match(col_value): - for kv in col_value[1:-1].split(', '): - k, v = kv.split('=', 1) - col_value_to_dict[k.strip()] = v.strip('\"') - - obj = { - 'table': module.params['table'], - 'record': module.params['record'], - 'col': module.params['col'], - } - - if has_key and is_map: - if module.params['key'] in col_value_to_dict: - obj['key'] = module.params['key'] - obj['value'] = col_value_to_dict[module.params['key']] - else: - obj['value'] = str(col_value.strip()) - - return obj - - -def map_params_to_obj(module): - obj = { - 'table': module.params['table'], - 'record': module.params['record'], - 'col': module.params['col'], - } - - if module.params['value'] is not None: - if module.params['value'] in ['True', 'False']: - module.params['value'] = module.params['value'].lower() - obj['value'] = module.params['value'] - - key = module.params['key'] - if key is not None: - obj['key'] = key - - return obj - - -def main(): - """ Entry point for ansible module. """ - argument_spec = { - 'state': {'default': 'present', 'choices': ['present', 'absent']}, - 'table': {'required': True}, - 'record': {'required': True}, - 'col': {'required': True}, - 'key': {'required': False}, - 'value': {'required': False, 'type': 'str'}, - 'timeout': {'default': 5, 'type': 'int'}, - } - - required_if = [('state', 'present', ['value'])] - - module = AnsibleModule(argument_spec=argument_spec, - required_if=required_if, - supports_check_mode=True) - - result = {'changed': False} - - # We add ovs-vsctl to module_params to later build up templatized commands - module.params["ovs-vsctl"] = module.get_bin_path("ovs-vsctl", True) - - want = map_params_to_obj(module) - have = map_config_to_obj(module) - - commands = map_obj_to_commands(want, have, module) - result['commands'] = commands - - if commands: - if not module.check_mode: - for c in commands: - module.run_command(c, check_rc=True) - result['changed'] = True - - module.exit_json(**result) - - -if __name__ == '__main__': - main() diff --git a/tripleo_ansible/roles/tripleo_ovs_dpdk/meta/main.yml b/tripleo_ansible/roles/tripleo_ovs_dpdk/meta/main.yml deleted file mode 100644 index 20cb54ba6..000000000 --- a/tripleo_ansible/roles/tripleo_ovs_dpdk/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_ovs_dpdk - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/default/converge.yml deleted file mode 100644 index 229d961d6..000000000 --- a/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/default/converge.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare for removal - hosts: all - tasks: - - include_role: - name: "tripleo_ovs_dpdk" - tasks_from: "config.yml" - vars: - tripleo_ovs_dpdk_pmd_core_list: "1,13-15" - tripleo_ovs_dpdk_lcore_list: "0,12" - tripleo_ovs_dpdk_socket_memory: "1024,1024" - tripleo_ovs_dpdk_emc_insertion_probablity: 10 - -# By removing tripleo_ovs_dpdk_emc_insertion_probablity and -# tripleo_ovs_dpdk_lcore_list as welle as tripleo_ovs_dpdk_socket_memory -# from the vars, which were set by earlier play, should remove these keys -# from the ovs db. -- name: Converge - hosts: all - tasks: - - include_role: - name: "tripleo_ovs_dpdk" - tasks_from: "config.yml" - vars: - tripleo_ovs_dpdk_pmd_core_list: "1,13-15" diff --git a/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/default/molecule.yml deleted file mode 100644 index e15d7651d..000000000 --- a/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/default/molecule.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY}:/usr/share/ansible/plugins/modules" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS}:/usr/share/ansible/plugins/filter" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/default/prepare.yml deleted file mode 100644 index 9a2a598fd..000000000 --- a/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/default/prepare.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all:localhost - become: true - vars: - test_deps_setup_tripleo: true - test_deps_setup_stream: true - roles: - - role: test_deps - test_deps_extra_packages: - - openvswitch - - libibverbs - - role: env_data - post_tasks: - - name: Create ovs runtime directories - file: - path: "{{ item }}" - state: "directory" - loop: - - /var/log/openvswitch - - /var/run/openvswitch - - - name: Add the openvswitch module - modprobe: - name: openvswitch - state: present - - - name: Start ovs - systemd: - name: openvswitch - state: started - when: - - inventory_hostname != 'localhost' diff --git a/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/default/tests/test_default.py b/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/default/tests/test_default.py deleted file mode 100644 index 1c7728b5a..000000000 --- a/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/default/tests/test_default.py +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import configparser -import os - -import testinfra.utils.ansible_runner - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def get_config(host): - stdout = host.check_output('ovs-vsctl get open_vswitch . other_config') - content = '[default]\n' + stdout.replace('{', '').replace('}', '').replace(', ', '\n') - print(content) - cfg = configparser.RawConfigParser() - cfg.read_string(content) - print(dict(cfg['default'])) - return dict(cfg['default']) - - -def test_positive_dpdk_extra(host): - other_config = get_config(host) - dpdk_extra = other_config['dpdk-extra'].replace('"', '') - assert dpdk_extra == " -n 4" - - -def test_positive_pmd(host): - other_config = get_config(host) - val = other_config['pmd-cpu-mask'].replace('"', '') - assert val == "e002" - - -def test_positive_socket_mem(host): - other_config = get_config(host) - assert 'dpdk-socket-mem' not in other_config - assert 'dpdk-socket-limit' not in other_config - - -def test_positive_lcore(host): - other_config = get_config(host) - assert 'dpdk-lcore-mask' not in other_config - - -def test_positive_validator_threads(host): - other_config = get_config(host) - assert 'n-revalidator-threads' not in other_config - - -def test_positive_handler_threads(host): - other_config = get_config(host) - assert 'n-handler-threads' not in other_config - - -def test_positive_emc_prob(host): - other_config = get_config(host) - assert 'emc-insert-inv-prob' not in other_config - - -def test_positive_enable_tso(host): - other_config = get_config(host) - assert 'userspace-tso-enable' not in other_config - - -def test_positive_pmd_load_threshold(host): - other_config = get_config(host) - assert 'pmd-auto-lb-load-threshold' not in other_config - - -def test_positive_pmd_improvement_threshold(host): - other_config = get_config(host) - assert 'pmd-auto-lb-improvement-threshold' not in other_config - - -def test_positive_pmd_rebal_interval(host): - other_config = get_config(host) - assert 'pmd-auto-lb-rebal-interval' not in other_config diff --git a/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/positive/converge.yml b/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/positive/converge.yml deleted file mode 100644 index 90b4ebcbb..000000000 --- a/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/positive/converge.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - tasks: - - include_role: - name: "tripleo_ovs_dpdk" - tasks_from: "config.yml" - vars: - tripleo_ovs_dpdk_pmd_core_list: "2,3,26,27,64,65,128,127" - tripleo_ovs_dpdk_lcore_list: "0,1,24,25" - tripleo_ovs_dpdk_memory_channels: 3 - tripleo_ovs_dpdk_extra: "--iova-mode=va" - tripleo_ovs_dpdk_socket_memory: "1024,1024" - tripleo_ovs_dpdk_revalidator_cores: 2 - tripleo_ovs_dpdk_handler_cores: 2 - tripleo_ovs_dpdk_emc_insertion_probablity: 0 - tripleo_ovs_dpdk_enable_tso: true - tripleo_ovs_dpdk_pmd_load_threshold: 50 - tripleo_ovs_dpdk_pmd_improvement_threshold: 10 - tripleo_ovs_dpdk_pmd_rebal_interval: 5 diff --git a/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/positive/molecule.yml b/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/positive/molecule.yml deleted file mode 100644 index e15d7651d..000000000 --- a/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/positive/molecule.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY}:/usr/share/ansible/plugins/modules" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS}:/usr/share/ansible/plugins/filter" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/positive/prepare.yml b/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/positive/prepare.yml deleted file mode 100644 index 9a2a598fd..000000000 --- a/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/positive/prepare.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all:localhost - become: true - vars: - test_deps_setup_tripleo: true - test_deps_setup_stream: true - roles: - - role: test_deps - test_deps_extra_packages: - - openvswitch - - libibverbs - - role: env_data - post_tasks: - - name: Create ovs runtime directories - file: - path: "{{ item }}" - state: "directory" - loop: - - /var/log/openvswitch - - /var/run/openvswitch - - - name: Add the openvswitch module - modprobe: - name: openvswitch - state: present - - - name: Start ovs - systemd: - name: openvswitch - state: started - when: - - inventory_hostname != 'localhost' diff --git a/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/positive/tests/test_positive.py b/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/positive/tests/test_positive.py deleted file mode 100644 index ef2cb75b7..000000000 --- a/tripleo_ansible/roles/tripleo_ovs_dpdk/molecule/positive/tests/test_positive.py +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import configparser -import os - -import testinfra.utils.ansible_runner - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def get_config(host): - stdout = host.check_output('ovs-vsctl get open_vswitch . other_config') - content = '[default]\n' + stdout.replace('{', '').replace('}', '').replace(', ', '\n') - print(content) - cfg = configparser.RawConfigParser() - cfg.read_string(content) - print(dict(cfg['default'])) - return dict(cfg['default']) - - -def test_positive_dpdk_extra(host): - other_config = get_config(host) - dpdk_extra = other_config['dpdk-extra'].replace('"', '') - assert dpdk_extra == "--iova-mode=va -n 3" - - -def test_positive_pmd(host): - other_config = get_config(host) - dpdk_extra = other_config['pmd-cpu-mask'].replace('"', '') - assert dpdk_extra == "18000000000000003000000000c00000c" - - -def test_positive_lcore(host): - other_config = get_config(host) - dpdk_extra = other_config['dpdk-lcore-mask'].replace('"', '') - assert dpdk_extra == "3000003" - - -def test_positive_socket_mem(host): - other_config = get_config(host) - socket_mem = other_config['dpdk-socket-mem'].replace('"', '') - socket_limit = other_config['dpdk-socket-limit'].replace('"', '') - assert socket_mem == "1024,1024" - assert socket_limit == "1024,1024" - - -def test_positive_validator_threads(host): - other_config = get_config(host) - dpdk_extra = other_config['n-revalidator-threads'].replace('"', '') - assert dpdk_extra == "2" - - -def test_positive_handler_threads(host): - other_config = get_config(host) - dpdk_extra = other_config['n-handler-threads'].replace('"', '') - assert dpdk_extra == "2" - - -def test_positive_emc_prob(host): - other_config = get_config(host) - dpdk_extra = other_config['emc-insert-inv-prob'].replace('"', '') - assert dpdk_extra == "0" - - -def test_positive_enable_tso(host): - other_config = get_config(host) - tso_enabled = other_config['userspace-tso-enable'].replace('"', '') - assert tso_enabled == "true" - - -def test_positive_pmd_load_threshold(host): - other_config = get_config(host) - pmd_load_threshold = other_config['pmd-auto-lb-load-threshold'].replace('"', '') - assert pmd_load_threshold == "50" - - -def test_positive_pmd_improvement_threshold(host): - other_config = get_config(host) - pmd_improvement_threshold = other_config['pmd-auto-lb-improvement-threshold'].replace('"', '') - assert pmd_improvement_threshold == "10" - - -def test_positive_pmd_rebal_interval(host): - other_config = get_config(host) - pmd_rebal_interval = other_config['pmd-auto-lb-rebal-interval'].replace('"', '') - assert pmd_rebal_interval == "5" diff --git a/tripleo_ansible/roles/tripleo_ovs_dpdk/tasks/config.yml b/tripleo_ansible/roles/tripleo_ovs_dpdk/tasks/config.yml deleted file mode 100644 index d32e90bf8..000000000 --- a/tripleo_ansible/roles/tripleo_ovs_dpdk/tasks/config.yml +++ /dev/null @@ -1,269 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Check valid input for tripleo_ovs_dpdk_pmd_core_list - fail: - msg: "List of PMD cores cannot be empty - tripleo_ovs_dpdk_pmd_core_list" - when: not tripleo_ovs_dpdk_pmd_core_list|string or tripleo_ovs_dpdk_pmd_core_list == 'null' - -- name: Apply PMD cores config - openvswitch_db: - table: open_vswitch - record: . - col: other_config - key: pmd-cpu-mask - value: "{{ tripleo_ovs_dpdk_pmd_core_list | cpu_mask }}" - when: tripleo_ovs_dpdk_pmd_core_list|string - -- name: Set DPDK lcores config - openvswitch_db: - table: open_vswitch - record: . - col: other_config - key: dpdk-lcore-mask - value: "{{ tripleo_ovs_dpdk_lcore_list | cpu_mask }}" - when: tripleo_ovs_dpdk_lcore_list|string - -- name: Remove DPDK lcores config - openvswitch_db: - state: absent - table: open_vswitch - record: . - col: other_config - key: dpdk-lcore-mask - when: not tripleo_ovs_dpdk_lcore_list|string or tripleo_ovs_dpdk_lcore_list == 'null' - -- name: Add memory channels to dpdk extra - set_fact: - tripleo_ovs_dpdk_extra_internal: "{{ tripleo_ovs_dpdk_extra }} -n {{ tripleo_ovs_dpdk_memory_channels }}" - -- name: Apply DPDK extra - openvswitch_db: - table: open_vswitch - record: . - col: other_config - key: dpdk-extra - value: "'{{ tripleo_ovs_dpdk_extra_internal }}'" - -- name: Apply socket-mem and socket-limit config - block: - - openvswitch_db: - table: open_vswitch - record: . - col: other_config - key: dpdk-socket-mem - value: "{{ tripleo_ovs_dpdk_socket_memory }}" - - - openvswitch_db: - table: open_vswitch - record: . - col: other_config - key: dpdk-socket-limit - value: "{{ tripleo_ovs_dpdk_socket_memory }}" - when: tripleo_ovs_dpdk_socket_memory|string - -- name: Remove DPDK socket-mem and socket-limit config - block: - - openvswitch_db: - state: absent - table: open_vswitch - record: . - col: other_config - key: dpdk-socket-mem - - - openvswitch_db: - state: absent - table: open_vswitch - record: . - col: other_config - key: dpdk-socket-limit - when: not tripleo_ovs_dpdk_socket_memory|string or tripleo_ovs_dpdk_socket_memory == 'null' - -- name: Apply Revalidator threads config - openvswitch_db: - table: open_vswitch - record: . - col: other_config - key: n-revalidator-threads - value: "{{ tripleo_ovs_dpdk_revalidator_cores }}" - when: tripleo_ovs_dpdk_revalidator_cores|string - -- name: Remove Revalidator threads config - openvswitch_db: - state: absent - table: open_vswitch - record: . - col: other_config - key: n-revalidator-threads - when: not tripleo_ovs_dpdk_revalidator_cores|string - -- name: Set Handler threads config - openvswitch_db: - table: open_vswitch - record: . - col: other_config - key: n-handler-threads - value: "{{ tripleo_ovs_dpdk_handler_cores }}" - when: tripleo_ovs_dpdk_handler_cores|string - -- name: Remove Handler threads config - openvswitch_db: - state: absent - table: open_vswitch - record: . - col: other_config - key: n-handler-threads - when: not tripleo_ovs_dpdk_handler_cores|string - -- name: Set EMC Insertion Probability config - openvswitch_db: - table: open_vswitch - record: . - col: other_config - key: emc-insert-inv-prob - value: "{{ tripleo_ovs_dpdk_emc_insertion_probablity }}" - when: tripleo_ovs_dpdk_emc_insertion_probablity|string - -- name: Remove EMC Insertion Probability config - openvswitch_db: - state: absent - table: open_vswitch - record: . - col: other_config - key: emc-insert-inv-prob - when: not tripleo_ovs_dpdk_emc_insertion_probablity|string - -- name: Enable TSO in datapath - openvswitch_db: - table: open_vswitch - record: . - col: other_config - key: userspace-tso-enable - value: "{{ tripleo_ovs_dpdk_enable_tso }}" - when: tripleo_ovs_dpdk_enable_tso|bool - -- name: Disable TSO in datapath - openvswitch_db: - state: absent - table: open_vswitch - record: . - col: other_config - key: userspace-tso-enable - when: not tripleo_ovs_dpdk_enable_tso|bool - -- name: Enable postcopy support - when: tripleo_ovs_dpdk_vhost_postcopy_support|bool - block: - - name: Enable vhost-postcopy-support - openvswitch_db: - table: open_vswitch - record: . - col: other_config - key: vhost-postcopy-support - value: "{{ tripleo_ovs_dpdk_vhost_postcopy_support }}" - - name: Disable mlockall in ovs - replace: - path: '/etc/sysconfig/openvswitch' - regexp: '^OPTIONS.*' - replace: 'OPTIONS="{{ tripleo_ovs_dpdk_vhost_postcopy_ovs_options }}"' - -- name: Disable postcopy support - when: not tripleo_ovs_dpdk_vhost_postcopy_support|bool - block: - - name: Disable vhost-postcopy-support - openvswitch_db: - state: absent - table: open_vswitch - record: . - col: other_config - key: vhost-postcopy-support - - name: Return ovs OPTIONS to default - replace: - path: '/etc/sysconfig/openvswitch' - regexp: '^OPTIONS.*' - replace: 'OPTIONS=""' - -- name: Enable DPDK OVS PMD Auto Load Balance - openvswitch_db: - table: open_vswitch - record: . - col: other_config - key: pmd-auto-lb - value: "{{ tripleo_ovs_dpdk_pmd_auto_lb }}" - when: tripleo_ovs_dpdk_pmd_auto_lb|bool - -- name: Disable DPDK OVS PMD Auto Load Balance - openvswitch_db: - state: absent - table: open_vswitch - record: . - col: other_config - key: pmd-auto-lb - when: not tripleo_ovs_dpdk_pmd_auto_lb|bool - -- name: Set minimum PMD thread load threshold - openvswitch_db: - table: open_vswitch - record: . - col: other_config - key: pmd-auto-lb-load-threshold - value: "{{ tripleo_ovs_dpdk_pmd_load_threshold }}" - when: tripleo_ovs_dpdk_pmd_load_threshold|string - -- name: Remove minimum PMD thread load threshold - openvswitch_db: - state: absent - table: open_vswitch - record: . - col: other_config - key: pmd-auto-lb-load-threshold - when: not tripleo_ovs_dpdk_pmd_load_threshold|string - -- name: Set PMD load variance improvement threshold - openvswitch_db: - table: open_vswitch - record: . - col: other_config - key: pmd-auto-lb-improvement-threshold - value: "{{ tripleo_ovs_dpdk_pmd_improvement_threshold }}" - when: tripleo_ovs_dpdk_pmd_improvement_threshold|string - -- name: Remove PMD load variance improvement threshold - openvswitch_db: - state: absent - table: open_vswitch - record: . - col: other_config - key: pmd-auto-lb-improvement-threshold - when: not tripleo_ovs_dpdk_pmd_improvement_threshold|string - -- name: Set PMD auto load balancing interval - openvswitch_db: - table: open_vswitch - record: . - col: other_config - key: pmd-auto-lb-rebal-interval - value: "{{ tripleo_ovs_dpdk_pmd_rebal_interval }}" - when: tripleo_ovs_dpdk_pmd_rebal_interval|string - -- name: Remove PMD auto load balancing interval - openvswitch_db: - state: absent - table: open_vswitch - record: . - col: other_config - key: pmd-auto-lb-rebal-interval - when: not tripleo_ovs_dpdk_pmd_rebal_interval|string diff --git a/tripleo_ansible/roles/tripleo_ovs_dpdk/tasks/main.yml b/tripleo_ansible/roles/tripleo_ovs_dpdk/tasks/main.yml deleted file mode 100644 index c0735e358..000000000 --- a/tripleo_ansible/roles/tripleo_ovs_dpdk/tasks/main.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- include_tasks: config.yml - -- name: Enable DPDK - openvswitch_db: - table: open_vswitch - record: . - col: other_config - key: dpdk-init - value: "true" - timeout: 300 diff --git a/tripleo_ansible/roles/tripleo_ovs_dpdk/tasks/workarounds.yml b/tripleo_ansible/roles/tripleo_ovs_dpdk/tasks/workarounds.yml deleted file mode 100644 index 8c4498994..000000000 --- a/tripleo_ansible/roles/tripleo_ovs_dpdk/tasks/workarounds.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Workaround to allow access of vhostuser sockets from OvS running host to qemu -# running inside the kolla container. GID of the group 'hugetlbfs' is changed -# to the same value as kolla's gid. Apply this workaround for all DPDK nodes, -# along with reboot, so that OvS threads are restarted with this id. -# NOTE: This will not be included in this roles's main.yml, as main.yml should -# be executed after node reboot. -- name: Update gid for hugetlbfs to kolla's gid - group: - name: hugetlbfs - gid: 42477 diff --git a/tripleo_ansible/roles/tripleo_packages/defaults/main.yml b/tripleo_ansible/roles/tripleo_packages/defaults/main.yml deleted file mode 100644 index 9f10351a2..000000000 --- a/tripleo_ansible/roles/tripleo_packages/defaults/main.yml +++ /dev/null @@ -1,92 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should place placed in this file. - -# All variables within this role should have a prefix of "tripleo_packages" - -# Dictionary packing service data -tripleo_packages_service_data: {} - -# Mapping of service_name -> network name. Typically set -# via parameter_defaults in the resource registry. This -# mapping overrides those in ServiceNetMapDefaults. -tripleo_packages_service_net_map: {} -tripleo_packages_default_passwords: {} - -# Role name on which the service is applied -tripleo_packages_role_name: '' - -# Parameters specific to the role -tripleo_packages_role_parameters: {} - -# Mapping of service endpoint -> protocol. Typically set -# via parameter_defaults in the resource registry. -tripleo_packages_endpoint_map: {} - -# Set to true to enable package installation at deploy time -tripleo_packages_enable_package_install: false - -# Allowed values: 'tripleo-repos' or 'custom-script' -tripleo_packages_fast_forward_repo_type: tripleo-repos -tripleo_packages_fast_forward_repo_args: - tripleo_repos: - ocata: -b ocata current - pike: -b pike current - queens: -b queens current -tripleo_packages_fast_forward_custom_repo_script_content: | - #!/bin/bash - set -e - echo "If you use FastForwardRepoType 'custom-script' you have to provide the upgrade repo script content." - echo "It will be installed as /root/ffu_upgrade_repo.sh on the node" - echo "and passed the upstream name (ocata, pike, queens) of the release as first argument" - exit 1 - -# Use Leapp for operating system upgrade -tripleo_packages_upgrade_leapp_enabled: true - -# Print debugging output when running Leapp -tripleo_packages_upgrade_leapp_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" - -# Skip RHSM when running Leapp in development/testing. -tripleo_packages_upgrade_leapp_devel_skip_rhsm: false - -# Timeout (seconds) for the OS upgrade phase via Leapp -tripleo_packages_upgrade_leapp_reboot_timeout: 1800 - -# Command or script snippet to run on all overcloud nodes to -# initialize the upgrade process. E.g. a repository switch. -tripleo_packages_upgrade_init_command: '' - -# Common commands required by the upgrades process. This should not -# normally be modified by the operator and is set and unset in the -# major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml -# environment files. -tripleo_packages_upgrade_init_common_command: '' -tripleo_packages_short_bootstrap_node_name: '' - -# Exclude specific packages from update -tripleo_packages_exclude_from_update: - # Ansbile cannot upgrade itself as it will cause the current execution to fail. - # https://github.com/ansible/ansible/issues/56636 - - ansible - -tripleo_release: "{{ release | default('queens') }}" - -dnf_module_list: [] -skip_rhel_enforcement: false -skip_package_update: false diff --git a/tripleo_ansible/roles/tripleo_packages/meta/main.yml b/tripleo_ansible/roles/tripleo_packages/meta/main.yml deleted file mode 100644 index 86809405f..000000000 --- a/tripleo_ansible/roles/tripleo_packages/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_packages - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_packages/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_packages/molecule/default/converge.yml deleted file mode 100644 index 1b4c03aca..000000000 --- a/tripleo_ansible/roles/tripleo_packages/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_packages" diff --git a/tripleo_ansible/roles/tripleo_packages/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_packages/molecule/default/molecule.yml deleted file mode 100644 index 4cd937f29..000000000 --- a/tripleo_ansible/roles/tripleo_packages/molecule/default/molecule.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -driver: - name: podman - -log: true - -platforms: - - name: centos - hostname: centos - image: ubi9/ubi-init - registry: - url: registry.access.redhat.com - dockerfile: Dockerfile - pkg_extras: python*setuptools - command: /sbin/init - volumes: - - /dev:/dev - - /lib/modules:/lib/modules - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg - - /opt/yum.repos.d:/etc/yum.repos.d:rw - - /etc/dnf/vars:/etc/dnf/vars - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - ulimits: &ulimit - - host - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH:-/usr/share/ansible/roles}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - ANSIBLE_ACTION_PLUGINS: "${ANSIBLE_ACTION_PLUGINS:-/usr/share/ansible/plugins/action}" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_packages/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_packages/molecule/default/prepare.yml deleted file mode 100644 index bac683e15..000000000 --- a/tripleo_ansible/roles/tripleo_packages/molecule/default/prepare.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - vars: - test_deps_setup_stream: false - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_packages/molecule/external_upgrade/converge.yml b/tripleo_ansible/roles/tripleo_packages/molecule/external_upgrade/converge.yml deleted file mode 100644 index 7d5d97919..000000000 --- a/tripleo_ansible/roles/tripleo_packages/molecule/external_upgrade/converge.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - step: 1 - tasks: - - name: Import TripleO packages role - include_role: - name: tripleo_packages - tasks_from: external_upgrade.yml diff --git a/tripleo_ansible/roles/tripleo_packages/molecule/external_upgrade/molecule.yml b/tripleo_ansible/roles/tripleo_packages/molecule/external_upgrade/molecule.yml deleted file mode 100644 index 4cd937f29..000000000 --- a/tripleo_ansible/roles/tripleo_packages/molecule/external_upgrade/molecule.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -driver: - name: podman - -log: true - -platforms: - - name: centos - hostname: centos - image: ubi9/ubi-init - registry: - url: registry.access.redhat.com - dockerfile: Dockerfile - pkg_extras: python*setuptools - command: /sbin/init - volumes: - - /dev:/dev - - /lib/modules:/lib/modules - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg - - /opt/yum.repos.d:/etc/yum.repos.d:rw - - /etc/dnf/vars:/etc/dnf/vars - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - ulimits: &ulimit - - host - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH:-/usr/share/ansible/roles}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - ANSIBLE_ACTION_PLUGINS: "${ANSIBLE_ACTION_PLUGINS:-/usr/share/ansible/plugins/action}" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_packages/molecule/external_upgrade/prepare.yml b/tripleo_ansible/roles/tripleo_packages/molecule/external_upgrade/prepare.yml deleted file mode 100644 index bac683e15..000000000 --- a/tripleo_ansible/roles/tripleo_packages/molecule/external_upgrade/prepare.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - vars: - test_deps_setup_stream: false - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_packages/molecule/ffu/converge.yml b/tripleo_ansible/roles/tripleo_packages/molecule/ffu/converge.yml deleted file mode 100644 index 75575dd94..000000000 --- a/tripleo_ansible/roles/tripleo_packages/molecule/ffu/converge.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - step: 3 - tasks: - - name: Import TripleO packages role - include_role: - name: tripleo_packages - tasks_from: fast_forward_upgrade.yml - - - name: Import TripleO packages role - include_role: - name: tripleo_packages - tasks_from: fast_forward_post_upgrade.yml diff --git a/tripleo_ansible/roles/tripleo_packages/molecule/ffu/molecule.yml b/tripleo_ansible/roles/tripleo_packages/molecule/ffu/molecule.yml deleted file mode 100644 index 0d69d2109..000000000 --- a/tripleo_ansible/roles/tripleo_packages/molecule/ffu/molecule.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -driver: - name: podman - -log: true - -platforms: - - name: centos - hostname: centos - image: ubi9/ubi-init - registry: - url: registry.access.redhat.com - dockerfile: Dockerfile - pkg_extras: python*setuptools - command: /sbin/init - volumes: - - /dev:/dev - - /lib/modules:/lib/modules - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg - - /opt/yum.repos.d:/etc/yum.repos.d:rw - - /etc/dnf/vars:/etc/dnf/vars - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - ulimits: &ulimit - - host - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_packages/molecule/ffu/prepare.yml b/tripleo_ansible/roles/tripleo_packages/molecule/ffu/prepare.yml deleted file mode 100644 index bac683e15..000000000 --- a/tripleo_ansible/roles/tripleo_packages/molecule/ffu/prepare.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - vars: - test_deps_setup_stream: false - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_packages/molecule/update/converge.yml b/tripleo_ansible/roles/tripleo_packages/molecule/update/converge.yml deleted file mode 100644 index cc5c4c8c5..000000000 --- a/tripleo_ansible/roles/tripleo_packages/molecule/update/converge.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - skip_package_update: true - skip_rhel_enforcement: true - tripleo_packages_exclude_from_update: - - ansible - - redhat-release - tasks: - - name: Import TripleO updates bootstrap tasks - include_role: - name: tripleo_packages - tasks_from: update_bootstrap.yml - - name: Import TripleO updates ovs tasks - include_role: - name: tripleo_packages - tasks_from: update_ovs.yml - - name: Import TripleO packages role - include_role: - name: tripleo_packages - tasks_from: update.yml diff --git a/tripleo_ansible/roles/tripleo_packages/molecule/update/molecule.yml b/tripleo_ansible/roles/tripleo_packages/molecule/update/molecule.yml deleted file mode 100644 index 0ed891021..000000000 --- a/tripleo_ansible/roles/tripleo_packages/molecule/update/molecule.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -driver: - name: podman - -log: true - -platforms: - - name: centos - hostname: centos - image: ubi9/ubi-init - registry: - url: registry.access.redhat.com - dockerfile: Dockerfile - pkg_extras: python*setuptools - command: >- - /sbin/init && - /bin/mkdir -p /var/run/dbus && - /usr/bin/dbus-uuidgen > /var/lib/dbus/machine-id && - /usr/bin/dbus-daemon --config-file=/usr/share/dbus-1/system.conf - volumes: - - /dev:/dev - - /lib/modules:/lib/modules - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg - - /opt/yum.repos.d:/etc/yum.repos.d:rw - - /etc/dnf/vars:/etc/dnf/vars - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - ulimits: &ulimit - - host - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH:-/usr/share/ansible/roles}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - ANSIBLE_ACTION_PLUGINS: "${ANSIBLE_ACTION_PLUGINS:-/usr/share/ansible/plugins/action}" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_packages/molecule/update/prepare.yml b/tripleo_ansible/roles/tripleo_packages/molecule/update/prepare.yml deleted file mode 100644 index bac683e15..000000000 --- a/tripleo_ansible/roles/tripleo_packages/molecule/update/prepare.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - vars: - test_deps_setup_stream: false - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_packages/tasks/external_upgrade.yml b/tripleo_ansible/roles/tripleo_packages/tasks/external_upgrade.yml deleted file mode 100644 index 1d4f31a93..000000000 --- a/tripleo_ansible/roles/tripleo_packages/tasks/external_upgrade.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Clean up upgrade artifacts - when: - - (step | int) == 1 - tags: - - never - - system_upgrade_cleanup - block: - - name: cleanup tripleo_persist - include_role: - name: tripleo_persist - tasks_from: cleanup.yml - - - name: cleanup tripleo_transfer - include_role: - name: tripleo_transfer - tasks_from: cleanup.yml diff --git a/tripleo_ansible/roles/tripleo_packages/tasks/fast_forward_post_upgrade.yml b/tripleo_ansible/roles/tripleo_packages/tasks/fast_forward_post_upgrade.yml deleted file mode 100644 index 8ff2713cd..000000000 --- a/tripleo_ansible/roles/tripleo_packages/tasks/fast_forward_post_upgrade.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Debug fast forward upgrade repo variables - debug: - var: "{{ item }}" - loop: - - tripleo_packages_fast_forward_repo_type - - tripleo_packages_fast_forward_repo_args - when: - - (step | int) == 3 - -- when: - - is_bootstrap_node|bool - - tripleo_packages_fast_forward_repo_type == 'tripleo-repos' - block: - - name: clone tripleo-repos - git: - repo: https://github.com/openstack/tripleo-repos.git - dest: /home/stack/tripleo-repos/ - version: master - - - name: install tripleo-repos - command: python setup.py install - args: - chdir: /home/stack/tripleo-repos/ - - - name: Enable tripleo-repos - command: "tripleo-repos {{ tripleo_packages_fast_forward_repo_args['tripleo_repos'][tripleo_release] }}" - -- when: - - is_bootstrap_node|bool - - tripleo_packages_fast_forward_repo_type == 'custom-script' - block: - - name: Create custom Script for upgrading repo. - copy: - dest: /root/ffu_update_repo.sh - content: "{{ tripleo_packages_fast_forward_custom_repo_script_content }}" - mode: 0700 - - - name: Execute custom script for upgrading repo. - shell: "/root/ffu_update_repo.sh {{ tripleo_release }}" diff --git a/tripleo_ansible/roles/tripleo_packages/tasks/fast_forward_upgrade.yml b/tripleo_ansible/roles/tripleo_packages/tasks/fast_forward_upgrade.yml deleted file mode 100644 index d2e282745..000000000 --- a/tripleo_ansible/roles/tripleo_packages/tasks/fast_forward_upgrade.yml +++ /dev/null @@ -1,62 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: set is_bootstrap_node fact - set_fact: - is_bootstrap_node: "{{ tripleo_packages_short_bootstrap_node_name|lower == ansible_facts['hostname']|lower }}" - -- name: Debug fast forward upgrade repo variables - debug: - var: "{{ item }}" - loop: - - tripleo_packages_fast_forward_repo_type - - tripleo_packages_fast_forward_repo_args - when: - - (step | int) == 3 - -- when: - - (step | int) == 3 - - is_bootstrap_node|bool - - tripleo_packages_fast_forward_repo_type == 'tripleo-repos' - block: - - name: clone tripleo-repos - git: - repo: https://github.com/openstack/tripleo-repos.git - dest: /home/stack/tripleo-repos/ - version: master - - - name: install tripleo-repos - command: python setup.py install - args: - chdir: /home/stack/tripleo-repos/ - - - name: Enable tripleo-repos - command: "tripleo-repos {{ tripleo_packages_fast_forward_repo_args.tripleo_repos[tripleo_release] }}" - -- when: - - (step | int) == 3 - - is_bootstrap_node|bool - - tripleo_packages_fast_forward_repo_type == 'custom-script' - block: - - name: Create custom Script for upgrading repo. - copy: - dest: /root/ffu_update_repo.sh - content: "{{ tripleo_packages_fast_forward_custom_repo_script_content }}" - mode: 0700 - - - name: Execute custom script for upgrading repo. - shell: "/root/ffu_update_repo.sh {{ tripleo_release }}" diff --git a/tripleo_ansible/roles/tripleo_packages/tasks/openvswitch.yml b/tripleo_ansible/roles/tripleo_packages/tasks/openvswitch.yml deleted file mode 100644 index 755276a61..000000000 --- a/tripleo_ansible/roles/tripleo_packages/tasks/openvswitch.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - - -# The openvswitch package disables the systemd service on install. When installing -# the layered product we prevent the service from being killed, but it doesn't -# do anything to prevent the systemd service from being removed and it is not -# re-enabled by default by the new package. -- name: Check openvswitch service state - systemd: - name: openvswitch - changed_when: false - failed_when: false - register: openvswitch_service_state - -- name: Ensure openvswitch is running - systemd: - name: openvswitch - enabled: true - state: started - when: - - (openvswitch_service_state.status is defined) and - (((openvswitch_service_state.status['LoadState'] | lower) != 'not-found') and - ((openvswitch_service_state.status['SubState'] | lower) != 'running')) diff --git a/tripleo_ansible/roles/tripleo_packages/tasks/update.yml b/tripleo_ansible/roles/tripleo_packages/tasks/update.yml deleted file mode 100644 index 7b7710ce0..000000000 --- a/tripleo_ansible/roles/tripleo_packages/tasks/update.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Exclude ansible-core due to bz https://bugs.launchpad.net/tripleo/+bug/1998501 -- name: Update all packages - when: - - not skip_package_update|bool - ansible.builtin.dnf: - name: '*' - state: latest - exclude: ansible-core -# This is failsafe unless openvswitch package does something -# to the systemd service state. -- name: Ensure openvswitch is running after update - ansible.builtin.systemd: - name: openvswitch - enabled: true - state: started - ignore_errors: true diff --git a/tripleo_ansible/roles/tripleo_packages/tasks/update_bootstrap.yml b/tripleo_ansible/roles/tripleo_packages/tasks/update_bootstrap.yml deleted file mode 100644 index 2acaa52d9..000000000 --- a/tripleo_ansible/roles/tripleo_packages/tasks/update_bootstrap.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Enforce RHOSP rules regarding subscription. - include_role: - name: tripleo_redhat_enforce - when: - - ansible_facts['distribution'] == 'RedHat' - - not (skip_rhel_enforcement | bool) -- name: Ensure DNF modules have the right stream enabled - tripleo_dnf_stream: - name: "{{ item.module }}:{{ item.stream }}" - state: enabled - loop: "{{ dnf_module_list|list }}" - when: - - dnf_module_list|length > 0 - - item.distribution_version is defined - - ansible_facts['distribution_major_version'] is version(item.distribution_version, '==') diff --git a/tripleo_ansible/roles/tripleo_packages/tasks/update_ovs.yml b/tripleo_ansible/roles/tripleo_packages/tasks/update_ovs.yml deleted file mode 100644 index ccac17d26..000000000 --- a/tripleo_ansible/roles/tripleo_packages/tasks/update_ovs.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Special treatment for OpenvSwitch - tripleo_ovs_upgrade: - register: ovs_upgrade -- name: Always ensure the openvswitch service is enabled and running after upgrades - ansible.builtin.systemd: - name: openvswitch - enabled: true - state: started - when: - - ovs_upgrade.changed|bool diff --git a/tripleo_ansible/roles/tripleo_packages/tasks/upgrade.yml b/tripleo_ansible/roles/tripleo_packages/tasks/upgrade.yml deleted file mode 100644 index 079e19ea7..000000000 --- a/tripleo_ansible/roles/tripleo_packages/tasks/upgrade.yml +++ /dev/null @@ -1,334 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: system_upgrade_prepare step 3 - when: (step | int) == 3 - tags: - - never - - system_upgrade - - system_upgrade_prepare - block: - - name: remove all OpenStack packages - shell: |- - yum -y remove *el7ost* -- \ - -*openvswitch* \ - -python2-babel \ - -python2-dateutil \ - -python2-ipaddress \ - -python2-jinja2 \ - -python2-markupsafe \ - -python2-six - when: - - upgrade_leapp_enabled | bool - - - name: install leapp - package: - name: leapp - state: latest - when: - - upgrade_leapp_enabled | bool - -- name: system_upgrade_prepare step 4 - when: (step | int) == 4 - tags: - - never - - system_upgrade - - system_upgrade_prepare - block: - - name: run leapp upgrade (download packages) - shell: >- - {% if upgrade_leapp_devel_skip_rhsm|default(false) %}LEAPP_NO_RHSM=1{% endif %} - leapp upgrade - {% if upgrade_leapp_debug|default(true) %}--debug{% endif %} - when: - - upgrade_leapp_enabled | bool - -- name: system_upgrade_run step 4 - when: - - (step | int) == 4 - tags: - - never - - system_upgrade - - system_upgrade_run - # In case someone needs to re-run system_upgrade_run post-tasks - # but doesn't want to reboot, they can run with - # `--skip-tags system_upgrade_reboot`. - - system_upgrade_reboot - block: - - name: reboot to perform the upgrade - reboot: - reboot_timeout: "{{ upgrade_leapp_reboot_timeout }}" - when: - - upgrade_leapp_enabled | bool - -- name: Package and repo update tasks - when: - - (step | int) == 0 - block: - - name: Run UpgradeInitCommand - shell: |- - set -o pipefail - if [[ -f /etc/resolv.conf.save ]]; then - rm /etc/resolv.conf.save - fi - {{ tripleo_packages_upgrade_init_command }} - args: - executable: /bin/bash - - name: Run UpgradeInitCommonCommand - shell: |- - set -o pipefail - {{ tripleo_packages_upgrade_init_common_command }} - args: - executable: /bin/bash - when: - - (tripleo_packages_upgrade_init_common_command | length) > 0 - - name: Ensure TripleO prerequisite packages are installed - package: - name: - - jq - - lvm2 - - openstack-selinux - - os-net-config - - puppet-tripleo - - python3-heat-agent* - state: present - when: - - ansible_facts['distribution_major_version'] is version('8', '==') - -# With the layered product packaging, the key package is rhosp-openvswitch. It depends on -# a openvswitch package that includes the version as part of the name (e.g openvswitch2.10). -# This requires some additional special handling: -# - During an upgrade the package name for openvswitch may change so -# upgrading the currently installed package won't do anything. -# - The rhosp-openvswitch package "obsoletes" several packages, -# including older openvswitch packages. This results in a pretty -# severe uninstall/install sequence of operations that stops and -# removes openvswitch which could break network links required to -# continue the upgrade. -# - To prevent rhosp-openvswitch breaking connectivity, the currently -# installed core openvswitch packages need to be erased from the rpm -# database but leave the binaries intact. This effectively -# short-circuits the obsoletes mechanism in rhosp-openvswitch and -# leaves the core elements of openvswitch running. In the future we -# may replace this mechanism with "an upgrade on reboot". We only -# do this for the core openvswitch packages so other packages -# obsoleted by rhosp-openvswitch will be removed when -# rhosp-openvswitch is installed/upgraded. -# - Neither the rhosp-openvswitch nor openvswitch{m.n} package enables -# or starts the systemd service so there must always be a task -# to ensure that it is enabled or OpenvSwitch functionality won't be -# available on reboot. -# - With LP, we expect that the core openvswitch package name will -# change with every major upgrade so this special handling will -# eventually replace the special handling of upgrading the -# openvswitch package "in place" -- name: Block for gathering information for upgrading OpenvSwitch layered product packaging - when: (step | int) == 2 - block: - - name: Process rhosp-openvswitch layered package for new version number - shell: |- - set -o pipefail - yum info -q rhosp-openvswitch | awk '/^Version/{print $NF}' - register: rhosp_package_result - failed_when: false - - - name: Set fact for triggering OpenvSwitch layered product package handling - set_fact: - ovs_lp_packaging: "{{ rhosp_package_result.rc == 0 }}" - - - name: Capture the expected OpenvSwitch version. - set_fact: - new_ovs_version: "{{ rhosp_package_result.stdout }}" - when: - - ovs_lp_packaging | default(false) - - - name: Get current OpenvSwitch package name - register: ovs_pkg_out - shell: |- - set -o pipefail - rpm -qa | awk -F- '/^(openvswitch[0-9]+\.[0-9]+-[0-9]+\.[0-9]+\.[-0]+-|openvswitch-2)/{print $1}' - - - name: Get version from current OpenvSwitch package - register: ovs_version_out - shell: |- - set -o pipefail - rpm -qi "{{ ovs_pkg_out.stdout }}" | awk '/^Version/{print $NF}' - - - name: split numeric version for OpenvSwitch into parts - set_fact: - ovs_version_parts: "{{ ovs_version_out.stdout.split('.') }}" - - - name: get major minor version for OpenvSwitch package naming - set_fact: - current_ovs_version: "{{ ovs_version_parts[0] }}.{{ ovs_version_parts[1] }}" - - - name: get OpenvSwitch major version - set_fact: - current_ovs_major_version: "{{ ovs_version_parts[0]|int }}" - - - name: get OpenvSwitch minor version - set_fact: - current_ovs_minor_version: "{{ ovs_version_parts[1]|int }}" - -- name: Block for upgrading OpenvSwitch when layer package is present - when: - - (step | int) == 2 - - ovs_lp_packaging | default(false) - block: - - name: set current OpenvSwitch package suffix if old version is layered product format - set_fact: - package_suffix: "{{ current_ovs_version }}" - when: - - ((current_ovs_major_version | int) >= 3) or - ((current_ovs_minor_version | int) >= 10) - - - name: remove old OpenvSwitch package(s) if version doesn't match - shell: |- - rpm -e --noscripts \ - --nopreun \ - --nopostun \ - --notriggers \ - --nodeps $(rpm -qa 'openvswitch{{ package_suffix|default('') }}*' | grep -v 'selinux') - when: - - new_ovs_version != current_ovs_version - - - name: install/upgrade OpenvSwitch LP package - package: - name: rhosp-openvswitch - state: latest - register: tripleo_package_openvswitch_result - - - name: set flag to skip other upgrade steps since OpenvSwitch is already upgraded! - set_fact: - run_ovs_update: false - -- name: Check for openvswitch upgrade if not layered package installs - when: - - (step | int) == 2 - - run_ovs_update|default(true) - block: - - name: check if an upgrade is required - register: ovs_need_upgrade - failed_when: false - shell: | - yum check-upgrade openvswitch | awk '/openvswitch/{print}' - - - name: Check openvswitch packaging. - shell: |- - set -o pipefail - rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep -q "systemctl.*try-restart" - register: ovs_packaging_issue - failed_when: false - -- name: Upgrade openvswitch - when: - - (step | int) == 2 - - run_ovs_update | default(true) - - ovs_packaging_issue.rc == 0 - - ovs_need_upgrade.stdout | default('') - block: - - name: "Ensure empty directory: emptying." - file: - state: absent - path: /root/OVS_UPGRADE - - - name: "Ensure empty directory: creating." - file: - state: directory - path: /root/OVS_UPGRADE - owner: root - group: root - mode: 0750 - - - name: Make yum cache. - command: yum makecache - - - name: Download OVS packages - shell: |- - if command -v yumdownloader; then - yumdownloader --destdir /root/OVS_UPGRADE --resolve openvswitch - else - dnf download --destdir /root/OVS_UPGRADE --resolve openvswitch - fi - - - name: Get rpm list for manual upgrade of OVS. - shell: ls -1 /root/OVS_UPGRADE/*.rpm - register: ovs_list_of_rpms - - - name: Manual upgrade of OVS - shell: | - rpm -U --replacepkgs --notriggerun --nopostun {{ item }} - args: - chdir: /root/OVS_UPGRADE - loop: "{{ ovs_list_of_rpms.stdout_lines }}" - register: tripleo_package_openvswitch_result - -- name: Start openvswitch - include_tasks: openvswitch.yml - when: - - (step|int) == 2 - - tripleo_package_openvswitch_result is defined - - tripleo_package_openvswitch_result.changed - -- name: Install libibverbs (https://bugs.launchpad.net/tripleo/+bug/1817743) - when: - - (step | int) == 2 - package: - name: libibverbs - state: installed - -- name: Check for os-net-config upgrade - shell: |- - set -o pipefail - yum check-upgrade | awk '/os-net-config/{print}' - failed_when: false - register: os_net_config_need_upgrade - when: - - (step | int) == 3 - -- name: Check that os-net-config has configuration - shell: test -s /etc/os-net-config/config.json - register: os_net_config_has_config - failed_when: false - when: - - (step | int) == 3 - -- name: os-net-config block - when: - - (step | int) == 3 - - os_net_config_need_upgrade.rc == 0 - - (os_net_config_need_upgrade.stdout | length) > 0 - - os_net_config_has_config.rc == 0 - block: - - name: Upgrade os-net-config - package: - name: os-net-config - state: latest - - - name: take new os-net-config parameters into account now - command: os-net-config --no-activate -c /etc/os-net-config/config.json -v --detailed-exit-codes - register: os_net_config_upgrade - failed_when: os_net_config_upgrade.rc not in [0,2] - changed_when: os_net_config_upgrade.rc == 2 - -# Exclude ansible-core due to bz https://bugs.launchpad.net/tripleo/+bug/1998501 -- name: Update all packages - when: (step | int) == 3 - yum: - name: '*' - state: latest - exclude: ansible-core diff --git a/tripleo_ansible/roles/tripleo_persist/defaults/main.yml b/tripleo_ansible/roles/tripleo_persist/defaults/main.yml deleted file mode 100644 index be88b062d..000000000 --- a/tripleo_ansible/roles/tripleo_persist/defaults/main.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -tripleo_persist_storage_root_dir: /var/lib/mistral/tripleo-persist -tripleo_persist_storage_root_become: false diff --git a/tripleo_ansible/roles/tripleo_persist/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_persist/molecule/default/converge.yml deleted file mode 100644 index ebbc72911..000000000 --- a/tripleo_ansible/roles/tripleo_persist/molecule/default/converge.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - - vars: - tripleo_persist_storage_root_dir: /tmp/tripleo_persist_storage - tripleo_persist_dir: /root - - pre_tasks: - - name: Create directory - file: - path: "{{ tripleo_persist_storage_root_dir }}" - state: directory - mode: 0700 - - tasks: - - name: Run persist - import_role: - name: tripleo_persist - tasks_from: persist.yml - - - name: Run restore - import_role: - name: tripleo_persist - tasks_from: restore.yml - - - name: Run cleanup - import_role: - name: tripleo_persist - tasks_from: cleanup.yml diff --git a/tripleo_ansible/roles/tripleo_persist/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_persist/molecule/default/molecule.yml deleted file mode 100644 index 6894ebdbb..000000000 --- a/tripleo_ansible/roles/tripleo_persist/molecule/default/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_persist/tasks/cleanup.yml b/tripleo_ansible/roles/tripleo_persist/tasks/cleanup.yml deleted file mode 100644 index e7df0120f..000000000 --- a/tripleo_ansible/roles/tripleo_persist/tasks/cleanup.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: ensure tripleo_persist storage directory is removed - file: - path: "{{ tripleo_persist_storage_root_dir }}" - state: absent - delegate_to: localhost - become: true diff --git a/tripleo_ansible/roles/tripleo_persist/tasks/persist.yml b/tripleo_ansible/roles/tripleo_persist/tasks/persist.yml deleted file mode 100644 index ac9ce4eed..000000000 --- a/tripleo_ansible/roles/tripleo_persist/tasks/persist.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: ensure local storage directory exists and has correct permissions - file: - path: "{{ tripleo_persist_storage_root_dir }}" - # Attempting to set an owner fails with "chown failed: failed to - # look up user" so we at least ensure the permissions. - mode: 0700 - state: directory - delegate_to: localhost - become: "{{ tripleo_persist_storage_root_become | bool }}" - -- name: create tempfile for the archive - tempfile: - prefix: ansible.tripleo-persist. - register: tripleo_persist_tempfile - -- name: make sure we don't have a trailing forward slash - set_fact: - tripleo_persist_dir_safe: "{{ tripleo_persist_dir|regex_replace('\\/$', '') }}" - cacheable: false - -# Using the "archive" module lists lists all tarred files in module -# output, if there's too many files, it can crash ansible even with -# "no_log: true". -- name: create the archive - shell: | - tar -czf "{{ tripleo_persist_tempfile.path }}" -C "{{ tripleo_persist_dir_safe|dirname }}" "{{ tripleo_persist_dir_safe|basename }}" - -- name: fetch the archive - fetch: - src: "{{ tripleo_persist_tempfile.path }}" - dest: "{{ tripleo_persist_storage_root_dir }}/{{ inventory_hostname }}{{ tripleo_persist_dir_safe }}.tar.gz" - flat: true - -- name: remove tempfile - file: - name: "{{ tripleo_persist_tempfile.path }}" - state: absent diff --git a/tripleo_ansible/roles/tripleo_persist/tasks/restore.yml b/tripleo_ansible/roles/tripleo_persist/tasks/restore.yml deleted file mode 100644 index 067cfa209..000000000 --- a/tripleo_ansible/roles/tripleo_persist/tasks/restore.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: make sure we don't have a trailing forward slash - set_fact: - tripleo_persist_dir_safe: "{{ tripleo_persist_dir|regex_replace('\\/$', '') }}" - cacheable: false - -- name: make sure the parent directory is present - file: - path: "{{ tripleo_persist_dir_safe|dirname }}" - state: directory - -- name: push and extract the archive - unarchive: - src: "{{ tripleo_persist_storage_root_dir }}/{{ inventory_hostname }}{{ tripleo_persist_dir_safe }}.tar.gz" - dest: "{{ tripleo_persist_dir_safe|dirname }}" diff --git a/tripleo_ansible/roles/tripleo_podman/defaults/main.yml b/tripleo_ansible/roles/tripleo_podman/defaults/main.yml deleted file mode 100644 index 8c3cce962..000000000 --- a/tripleo_ansible/roles/tripleo_podman/defaults/main.yml +++ /dev/null @@ -1,91 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. -tripleo_podman_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" -tripleo_podman_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" - -tripleo_podman_buildah_login: false -tripleo_container_registry_insecure_registries: [] -tripleo_container_registry_login: false -tripleo_container_registry_logins: {} -tripleo_podman_packages: "{{ _tripleo_podman_packages | default([]) }}" -tripleo_buildah_packages: "{{ _tripleo_buildah_packages | default([]) }}" -tripleo_podman_purge_packages: "{{ _tripleo_podman_purge_packages | default([]) }}" -tripleo_podman_enable_socket: false -tripleo_podman_unqualified_search_registries: - - registry.redhat.io - - registry.access.redhat.com - - registry.fedoraproject.org - - registry.centos.org - - quay.io -tripleo_podman_insecure_registries: "{{ tripleo_container_registry_insecure_registries }}" -# this is the default network configuration except the range has been moved -# from 10.88.0.0/16 to 10.255.255.0/24 to try and prevent a conflict in an -# existing cloud -tripleo_podman_default_network_config: - cniVersion: 0.4.0 - name: podman - plugins: - - type: bridge - bridge: cni-podman0 - isGateway: true - ipMasq: true - hairpinMode: true - ipam: - type: host-local - routes: - - dst: 0.0.0.0/0 - ranges: - - - subnet: 10.255.255.0/24 - gateway: 10.255.255.1 - - type: portmap - capabilities: - portMappings: true - - type: firewall - - type: tuning -# tripleo_podman_registries requires a list of dictionaries -# Example: -# tripleo_podman_registries: -# - prefix: quay.io -# insecure: false -# location: quay.io -# mirrors: -# - location: 192.168.0.1:8787 -# insecure: true -# - prefix: registry.redhat.io -# insecure: false -# location: registry.redhat.io -# mirrors: -# - location: 192.168.0.2:8787 -# insecure: false -# - prefix: registry.fedoraproject.org -# blocked: true -tripleo_podman_registries: [] -tripleo_container_default_pids_limit: 4096 -tripleo_container_events_logger_mechanism: journald -tripleo_container_default_runtime: runc -tripleo_container_default_network_backend: "cni" - -# tell the tripleo_container_manage to inject -# additional ordering dependencies for the systemd -# scopes associated to podman containers. -tripleo_podman_systemd_drop_in_dependencies: true - -tripleo_podman_service_unit_name: "tripleo_podman.service" -tripleo_podman_service_unit_description: "Podman API service for TripleO purposes" -tripleo_podman_socket_path: /var/lib/tripleo-podman/podman.sock diff --git a/tripleo_ansible/roles/tripleo_podman/meta/main.yml b/tripleo_ansible/roles/tripleo_podman/meta/main.yml deleted file mode 100644 index 85bc2dce5..000000000 --- a/tripleo_ansible/roles/tripleo_podman/meta/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_podman - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - 9 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_podman/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_podman/molecule/default/converge.yml deleted file mode 100644 index 4fda07a80..000000000 --- a/tripleo_ansible/roles/tripleo_podman/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_podman" diff --git a/tripleo_ansible/roles/tripleo_podman/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_podman/molecule/default/molecule.yml deleted file mode 100644 index f7d89df0e..000000000 --- a/tripleo_ansible/roles/tripleo_podman/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_podman/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_podman/molecule/default/prepare.yml deleted file mode 100644 index 1e515c5fb..000000000 --- a/tripleo_ansible/roles/tripleo_podman/molecule/default/prepare.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - become: true - gather_facts: true - pre_tasks: - - name: set basic user fact - set_fact: - ansible_user: "{{ lookup('env', 'USER') }}" - when: - - ansible_user is undefined - - - name: set basic home fact - set_fact: - ansible_user_dir: "{{ lookup('env', 'HOME') }}" - when: - - ansible_user_dir is undefined - roles: - - role: test_deps - test_deps_extra_packages: - - runc - - containernetworking-plugins - - role: env_data - post_tasks: - - name: pull an image - containers.podman.podman_image: - name: "ubi8:latest" - - - name: Create a data container - containers.podman.podman_container: - name: "{{ item }}" - image: "ubi8:latest" - detach: true - command: sleep 1d - with_items: - - test-container1 - - test-container2 diff --git a/tripleo_ansible/roles/tripleo_podman/molecule/install/converge.yml b/tripleo_ansible/roles/tripleo_podman/molecule/install/converge.yml deleted file mode 100644 index 597c8ee6a..000000000 --- a/tripleo_ansible/roles/tripleo_podman/molecule/install/converge.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - tasks: - - name: Run install - include_role: - name: tripleo_podman - tasks_from: install.yml - vars_from: "redhat.yml" - # https://bugs.launchpad.net/bugs/1889510 - - name: Test podman network ls - become: true - command: podman network ls diff --git a/tripleo_ansible/roles/tripleo_podman/molecule/install/molecule.yml b/tripleo_ansible/roles/tripleo_podman/molecule/install/molecule.yml deleted file mode 100644 index f7d89df0e..000000000 --- a/tripleo_ansible/roles/tripleo_podman/molecule/install/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_podman/molecule/install/prepare.yml b/tripleo_ansible/roles/tripleo_podman/molecule/install/prepare.yml deleted file mode 100644 index 8885e685d..000000000 --- a/tripleo_ansible/roles/tripleo_podman/molecule/install/prepare.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - become: true - gather_facts: true - roles: - - role: test_deps - test_deps_extra_packages: - - runc - - containernetworking-plugins - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_podman/molecule/login/converge.yml b/tripleo_ansible/roles/tripleo_podman/molecule/login/converge.yml deleted file mode 100644 index b75319c13..000000000 --- a/tripleo_ansible/roles/tripleo_podman/molecule/login/converge.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - tripleo_podman_hide_sensitive_logs: false - tripleo_podman_buildah_login: true - tripleo_container_registry_logins: - localhost:5000: - testuser: testpassword - tasks: - - include_role: - name: tripleo_podman - tasks_from: login.yml - - include_role: - name: tripleo_podman - tasks_from: buildah_login.yml diff --git a/tripleo_ansible/roles/tripleo_podman/molecule/login/molecule.yml b/tripleo_ansible/roles/tripleo_podman/molecule/login/molecule.yml deleted file mode 100644 index f7d89df0e..000000000 --- a/tripleo_ansible/roles/tripleo_podman/molecule/login/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_podman/molecule/login/prepare.yml b/tripleo_ansible/roles/tripleo_podman/molecule/login/prepare.yml deleted file mode 100644 index 1baa1bb74..000000000 --- a/tripleo_ansible/roles/tripleo_podman/molecule/login/prepare.yml +++ /dev/null @@ -1,91 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - gather_facts: true - vars: - tripleo_container_registry_insecure_registries: - - localhost:5000 - pre_tasks: - - name: set basic user fact - set_fact: - ansible_user: "{{ lookup('env', 'USER') }}" - when: - - ansible_user is undefined - - - name: set basic home fact - set_fact: - ansible_user_dir: "{{ lookup('env', 'HOME') }}" - when: - - ansible_user_dir is undefined - - roles: - - role: test_deps - test_deps_extra_packages: - - runc - - containernetworking-plugins - - role: env_data - - tasks: - - name: Disable SELinux - become: true - selinux: - state: disabled - - - name: Ensure registry doesn't exist - containers.podman.podman_container: - name: registry - state: absent - - - name: Pull ubuntu image - containers.podman.podman_image: - name: ubuntu - tag: 16.04 - - - name: Create auth directory - file: - state: directory - path: "{{ ansible_user_dir }}/auth" - - - name: Create registry - shell: |- - podman tag ubuntu:16.04 localhost:5000/my-ubuntu - podman run --entrypoint htpasswd registry:2.7.0 -Bbn testuser testpassword > {{ ansible_user_dir }}/auth/htpasswd - args: - executable: /bin/bash - - - name: Create registry - containers.podman.podman_container: - name: registry - image: "registry:2.7.0" - restart_policy: always - detach: true - ports: - - "5000:5000" - volume: - - "{{ ansible_user_dir }}/auth:/auth" - env: - REGISTRY_AUTH: "htpasswd" - REGISTRY_AUTH_HTPASSWD_REALM: "Registry Realm" - REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd" - - - name: Run install - include_role: - name: tripleo_podman - tasks_from: install.yml - vars_from: "redhat.yml" diff --git a/tripleo_ansible/roles/tripleo_podman/tasks/buildah_login.yml b/tripleo_ansible/roles/tripleo_podman/tasks/buildah_login.yml deleted file mode 100644 index a55f517cd..000000000 --- a/tripleo_ansible/roles/tripleo_podman/tasks/buildah_login.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Gather variables for each operating system for installing buildah - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - -- name: ensure buildah is installed - become: true - package: - name: "{{ tripleo_buildah_packages }}" - state: present - -- name: Perform container registry login(s) with buildah - become: true - shell: |- - buildah login --username=$REGISTRY_USERNAME \ - --password=$REGISTRY_PASSWORD \ - $REGISTRY - environment: - REGISTRY_USERNAME: "{{ lookup('dict', item.value).key }}" - REGISTRY_PASSWORD: "{{ lookup('dict', item.value).value }}" - REGISTRY: "{{ item.key }}" - no_log: "{{ tripleo_podman_hide_sensitive_logs | bool }}" - loop: "{{ query('dict', tripleo_container_registry_logins) }}" - register: registry_login_buildah diff --git a/tripleo_ansible/roles/tripleo_podman/tasks/configure.yml b/tripleo_ansible/roles/tripleo_podman/tasks/configure.yml deleted file mode 100644 index c750f89a4..000000000 --- a/tripleo_ansible/roles/tripleo_podman/tasks/configure.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Import login.yml tasks - import_tasks: login.yml -- name: Configure tripleo_container_manage to generate systemd drop-in dependencies - copy: - dest: /etc/sysconfig/podman_drop_in - content: | - This file makes tripleo_container_manage generate additional systemd - dependencies for containers that have special - start/stop ordering constraints. It ensures that - those constraints are enforced on reboot/shutdown. - when: tripleo_podman_systemd_drop_in_dependencies|bool -- name: Configure tripleo_container_manage to not generate drop-in dependencies - file: - path: /etc/sysconfig/podman_drop_in - state: absent - when: not tripleo_podman_systemd_drop_in_dependencies|bool diff --git a/tripleo_ansible/roles/tripleo_podman/tasks/install.yml b/tripleo_ansible/roles/tripleo_podman/tasks/install.yml deleted file mode 100644 index 73b8f5811..000000000 --- a/tripleo_ansible/roles/tripleo_podman/tasks/install.yml +++ /dev/null @@ -1,134 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Load vars id needed - when: tripleo_podman_packages is undefined or tripleo_podman_packages|length == 0 - import_tasks: load_vars.yaml - -- name: Install block - become: true - block: - - name: ensure podman and deps are installed - package: - name: "{{ tripleo_podman_packages }}" - state: present - - - name: Ensure we get the ansible interfaces facts - when: - - ansible_facts['interfaces'] is undefined - setup: - gather_subset: - - '!all' - - '!min' - - 'network' - filter: 'ansible_interfaces' - - - name: Delete legacy cni0 interface (podman < 1.6) - command: ip link delete cni0 - when: - - '"cni0" in ansible_facts["interfaces"]' - - # don't update the network config if the network is already running - # meaning cni-podman0 is running somewhere - - name: Update default network configuration if possible - block: - - name: Make sure /etc/cni/net.d folder exists - file: - path: /etc/cni/net.d - state: directory - recurse: true - mode: 0755 - owner: root - group: root - - - name: Update default network configuration if possible - copy: - dest: /etc/cni/net.d/87-podman-bridge.conflist - content: "{{ tripleo_podman_default_network_config | to_json }}" - mode: '0644' - owner: root - group: root - when: - - '"cni-podman0" not in ansible_facts["interfaces"]' - - tripleo_container_default_network_backend == 'cni' - - - name: Update netavark container network configuration - block: - - name: Make sure /etc/containers/networks exists - file: - path: /etc/containers/networks - state: directory - recurse: true - mode: 0755 - owner: root - group: root - - name: Get current podman network - shell: | - podman network inspect podman - register: podman_network_inspect - - name: Update the default network configuration - template: - src: podman_network_config.j2 - dest: /etc/containers/networks/podman.json - mode: '0644' - owner: root - group: root - when: - - podman_network_inspect is not skipped - when: - - tripleo_container_default_network_backend == 'netavark' - - - name: Write containers registries.conf - template: - src: registries.conf.j2 - dest: /etc/containers/registries.conf - owner: root - group: root - setype: etc_t - mode: '0644' - - - name: Write containers.conf - ini_file: - path: /etc/containers/containers.conf - owner: root - group: root - setype: etc_t - mode: '0644' - create: true - section: "{{ item.section }}" - option: "{{ item.option }}" - value: "{{ item.value }}" - loop: - - section: containers - option: pids_limit - value: "{{ tripleo_container_default_pids_limit }}" - - section: engine - option: events_logger - value: "\"{{ tripleo_container_events_logger_mechanism }}\"" - - section: engine - option: runtime - value: "\"{{ tripleo_container_default_runtime }}\"" - - section: network - option: network_backend - value: "\"{{ tripleo_container_default_network_backend }}\"" - - - name: Enable podman.socket service - when: - - tripleo_podman_enable_socket | bool - systemd: - name: podman.socket - state: started - enabled: true diff --git a/tripleo_ansible/roles/tripleo_podman/tasks/load_vars.yaml b/tripleo_ansible/roles/tripleo_podman/tasks/load_vars.yaml deleted file mode 100644 index e6f91045a..000000000 --- a/tripleo_ansible/roles/tripleo_podman/tasks/load_vars.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_podman" will search for and load any operating system variable file -# found within the "vars/" path. If no OS files are found the task will skip. -# Putting this in a dedicated file allows to just include it wherever is needed. -# Please check https://bugs.launchpad.net/tripleo/+bug/1891465 for more context. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" diff --git a/tripleo_ansible/roles/tripleo_podman/tasks/login.yml b/tripleo_ansible/roles/tripleo_podman/tasks/login.yml deleted file mode 100644 index 01bb15c1b..000000000 --- a/tripleo_ansible/roles/tripleo_podman/tasks/login.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Perform container registry login(s) with podman - become: true - shell: |- - podman login --username=$REGISTRY_USERNAME \ - --password=$REGISTRY_PASSWORD \ - $REGISTRY - environment: - REGISTRY_USERNAME: "{{ lookup('dict', item.value).key }}" - REGISTRY_PASSWORD: "{{ lookup('dict', item.value).value }}" - REGISTRY: "{{ item.key }}" - no_log: "{{ tripleo_podman_hide_sensitive_logs | bool }}" - loop: "{{ query('dict', tripleo_container_registry_logins) }}" - register: registry_login_podman diff --git a/tripleo_ansible/roles/tripleo_podman/tasks/main.yml b/tripleo_ansible/roles/tripleo_podman/tasks/main.yml deleted file mode 100644 index a82107ee5..000000000 --- a/tripleo_ansible/roles/tripleo_podman/tasks/main.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Load vars - import_tasks: load_vars.yaml - -- name: Podman install - import_tasks: install.yml - -- name: Rsyslog configuration - import_tasks: rsyslog.yml - -- name: Podman purge - import_tasks: purge.yml - -- name: Podman install - import_tasks: login.yml - when: - - tripleo_container_registry_login | bool - - tripleo_container_registry_logins - -- name: Buildah setup - import_tasks: buildah_login.yml - when: - - tripleo_podman_buildah_login | bool - - tripleo_container_registry_login | bool - - tripleo_container_registry_logins diff --git a/tripleo_ansible/roles/tripleo_podman/tasks/purge.yml b/tripleo_ansible/roles/tripleo_podman/tasks/purge.yml deleted file mode 100644 index 8afd77cae..000000000 --- a/tripleo_ansible/roles/tripleo_podman/tasks/purge.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Podman image prune - become: true - block: - - name: Clean podman images - command: podman image prune -a -f - rescue: - # In case -f isn't available yet, we fallback to old way. - # https://bugs.launchpad.net/tripleo/+bug/1889418 - - name: Clean podman images - command: podman image prune -a - -- name: Clean podman volumes - become: true - command: podman volume prune -f diff --git a/tripleo_ansible/roles/tripleo_podman/tasks/rsyslog.yml b/tripleo_ansible/roles/tripleo_podman/tasks/rsyslog.yml deleted file mode 100644 index 69c52626c..000000000 --- a/tripleo_ansible/roles/tripleo_podman/tasks/rsyslog.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Check rsyslog service state - systemd: - name: rsyslog - become: true - failed_when: false - register: rsyslog_service_state - -- name: Configure rsyslog if present - become: true - when: - - (rsyslog_service_state is success) and - ((rsyslog_service_state.status['SubState'] | lower) == 'running') - block: - - name: Forward logging to podman.log file - blockinfile: - block: |- - if $programname == 'podman' then -/var/log/podman.log - & stop - create: true - path: /etc/rsyslog.d/podman.conf - register: logconfig - - - name: Restart rsyslog service after logging conf change - service: - name: rsyslog - state: restarted - when: logconfig is changed diff --git a/tripleo_ansible/roles/tripleo_podman/tasks/rsyslog_cleanup.yml b/tripleo_ansible/roles/tripleo_podman/tasks/rsyslog_cleanup.yml deleted file mode 100644 index 23c6e03cc..000000000 --- a/tripleo_ansible/roles/tripleo_podman/tasks/rsyslog_cleanup.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- - -# Note: Previous versions of TripleO used log file with podman exec specific data -# to provide health check execution results to sensubility. This serves for -# cleanup of unneeded rsyslog configuration since sensubility is fetching -# data straight from podman socket - -- name: remove unneeded podman-related rsyslog configuration - ansible.builtin.file: - path: /etc/rsyslog.d/openstack-healthcheck.conf - state: absent - ignore_errors: yes - register: rmcfg -- when: rmcfg is changed - service: - name: rsyslog - state: restarted diff --git a/tripleo_ansible/roles/tripleo_podman/tasks/service.yml b/tripleo_ansible/roles/tripleo_podman/tasks/service.yml deleted file mode 100644 index e315637c3..000000000 --- a/tripleo_ansible/roles/tripleo_podman/tasks/service.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License - -- name: Ensure podman socket directory exists - become: true - ansible.builtin.file: - path: "{{ tripleo_podman_socket_path | dirname }}" - state: directory - -- name: Create required systemd unit file for podman service - become: true - ansible.builtin.template: - src: podman.service.j2 - dest: "/etc/systemd/system/{{ tripleo_podman_service_unit_name }}" - mode: 0644 - -- name: Enable podman service unit - ansible.builtin.service: - name: "{{ tripleo_podman_service_unit_name }}" - state: started - enabled: true diff --git a/tripleo_ansible/roles/tripleo_podman/templates/podman.service.j2 b/tripleo_ansible/roles/tripleo_podman/templates/podman.service.j2 deleted file mode 100644 index cb9620df6..000000000 --- a/tripleo_ansible/roles/tripleo_podman/templates/podman.service.j2 +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description={{ tripleo_podman_service_unit_description }} -Documentation=man:podman-system-service(1) -StartLimitIntervalSec=0 - -[Service] -Delegate=true -Type=exec -KillMode=process -Environment=LOGGING="--log-level=info" -ExecStart=/usr/bin/podman $LOGGING system service --time=0 unix://{{ tripleo_podman_socket_path }} - -[Install] -WantedBy=default.target diff --git a/tripleo_ansible/roles/tripleo_podman/templates/podman_network_config.j2 b/tripleo_ansible/roles/tripleo_podman/templates/podman_network_config.j2 deleted file mode 100644 index 64c3ad97f..000000000 --- a/tripleo_ansible/roles/tripleo_podman/templates/podman_network_config.j2 +++ /dev/null @@ -1,21 +0,0 @@ -{ - "name": "{{ podman_network_inspect.stdout | from_json | first | json_query('name') }}", - "id": "{{ podman_network_inspect.stdout | from_json | first | json_query('id') }}", - "driver": "{{ podman_network_inspect.stdout | from_json | first | json_query('driver') }}", - "network_interface": "{{ podman_network_inspect.stdout | from_json | first | json_query('network_interface') }}", - "created": "{{ podman_network_inspect.stdout | from_json | first | json_query('created') }}", - "subnets": [ - { - "subnet": "10.255.255.0/24", - "gateway": "10.255.255.1" - }, - { - "subnet": "fc00:2222:3333::/64", - "gateway": "fc00:2222:3333::1" - } - ], - "ipv6_enabled": true, - "internal": {{ podman_network_inspect.stdout | from_json | first | json_query('internal') | to_json }}, - "dns_enabled": {{ podman_network_inspect.stdout | from_json | first | json_query('dns_enabled') | to_json }}, - "ipam_options": {{ podman_network_inspect.stdout | from_json | first | json_query('ipam_options') | to_json }} -} diff --git a/tripleo_ansible/roles/tripleo_podman/templates/registries.conf.j2 b/tripleo_ansible/roles/tripleo_podman/templates/registries.conf.j2 deleted file mode 100644 index 26ee36d95..000000000 --- a/tripleo_ansible/roles/tripleo_podman/templates/registries.conf.j2 +++ /dev/null @@ -1,29 +0,0 @@ -# This file is managed via tripleo-ansible - -unqualified-search-registries = {{ tripleo_podman_unqualified_search_registries | list }} - -# registries configuration -{% for reg in tripleo_podman_registries %} -[[registry]] -prefix = "{{ reg.prefix }}" -location = "{{ reg.location | default(reg.prefix) }}" -insecure = {{ reg.insecure | default(False) | bool | ternary('true', 'false') }} -blocked = {{ reg.blocked | default(False) | bool | ternary('true', 'false') }} -{% if 'mirrors' in reg %} -{% for mirror in reg.mirrors %} -[[registry.mirror]] -location = "{{ mirror.location }}" -insecure = {{ mirror.insecure | default(False) | bool | ternary('true', 'false') }} -{% endfor %} -{% endif %} -{% endfor %} - -{% if tripleo_podman_insecure_registries is defined %} -# insecure registry list -{% for reg in tripleo_podman_insecure_registries %} -[[registry]] -prefix = "{{ reg }}" -insecure = true -location = "{{ reg }}" -{% endfor %} -{% endif %} diff --git a/tripleo_ansible/roles/tripleo_podman/vars/redhat-9.yml b/tripleo_ansible/roles/tripleo_podman/vars/redhat-9.yml deleted file mode 100644 index 2239b02fd..000000000 --- a/tripleo_ansible/roles/tripleo_podman/vars/redhat-9.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_tripleo_podman_packages: - - podman - -_tripleo_buildah_packages: - - buildah - -tripleo_container_default_runtime: crun -tripleo_container_default_network_backend: "netavark" diff --git a/tripleo_ansible/roles/tripleo_podman/vars/redhat.yml b/tripleo_ansible/roles/tripleo_podman/vars/redhat.yml deleted file mode 100644 index 5de10171a..000000000 --- a/tripleo_ansible/roles/tripleo_podman/vars/redhat.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -_tripleo_podman_packages: - - podman - -_tripleo_buildah_packages: - - buildah - -_tripleo_podman_purge_packages: - - docker - - docker-ce diff --git a/tripleo_ansible/roles/tripleo_provision_mcelog/defaults/main.yml b/tripleo_ansible/roles/tripleo_provision_mcelog/defaults/main.yml deleted file mode 100644 index cf7a971e7..000000000 --- a/tripleo_ansible/roles/tripleo_provision_mcelog/defaults/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_tripleo_provision_mcelog" -tripleo_tripleo_provision_mcelog_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" diff --git a/tripleo_ansible/roles/tripleo_provision_mcelog/meta/main.yml b/tripleo_ansible/roles/tripleo_provision_mcelog/meta/main.yml deleted file mode 100644 index e50ec004f..000000000 --- a/tripleo_ansible/roles/tripleo_provision_mcelog/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_provision_mcelog - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_provision_mcelog/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_provision_mcelog/molecule/default/converge.yml deleted file mode 100644 index 38f10d835..000000000 --- a/tripleo_ansible/roles/tripleo_provision_mcelog/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_provision_mcelog" diff --git a/tripleo_ansible/roles/tripleo_provision_mcelog/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_provision_mcelog/molecule/default/molecule.yml deleted file mode 100644 index d562155ba..000000000 --- a/tripleo_ansible/roles/tripleo_provision_mcelog/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH:-/usr/share/ansible/roles}:${HOME}/zuul-jobs/roles" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - -scenario: - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_provision_mcelog/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_provision_mcelog/molecule/default/prepare.yml deleted file mode 100644 index b17f36011..000000000 --- a/tripleo_ansible/roles/tripleo_provision_mcelog/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_provision_mcelog/tasks/main.yml b/tripleo_ansible/roles/tripleo_provision_mcelog/tasks/main.yml deleted file mode 100644 index e31e5aa59..000000000 --- a/tripleo_ansible/roles/tripleo_provision_mcelog/tasks/main.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_provision_mcelog" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Ensure mcelog is installed - become: true - package: - name: mcelog - state: installed - -- name: Ensure mcelog is enabled and started - become: true - systemd: - state: started - name: mcelog - enabled: true - daemon-reload: true diff --git a/tripleo_ansible/roles/tripleo_ptp/defaults/main.yml b/tripleo_ansible/roles/tripleo_ptp/defaults/main.yml deleted file mode 100644 index 4917c4e23..000000000 --- a/tripleo_ansible/roles/tripleo_ptp/defaults/main.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -tripleo_ptp_slave_mode: 1 -tripleo_ptp_interfaces: [] -tripleo_ptp_transport: UDPv4 -tripleo_ptp_hardware_offload: false - -tripleo_ptp_packages: "{{ _tripleo_ptp_packages | default([]) }}" - -# The phc2sys interface can be user defined. If this option is undefined, a -# compatible interface will be chosen using the devices set in the device -# array `tripleo_ptp_interfaces`. -# -# To set the phc2sys interface use the following option. -# tripleo_phc_interface: eth0 diff --git a/tripleo_ansible/roles/tripleo_ptp/meta/main.yml b/tripleo_ansible/roles/tripleo_ptp/meta/main.yml deleted file mode 100644 index 018dedefd..000000000 --- a/tripleo_ansible/roles/tripleo_ptp/meta/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_ptp - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: - - role: tripleo_timezone diff --git a/tripleo_ansible/roles/tripleo_ptp/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_ptp/molecule/default/converge.yml deleted file mode 100644 index e042362a1..000000000 --- a/tripleo_ansible/roles/tripleo_ptp/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_ptp" diff --git a/tripleo_ansible/roles/tripleo_ptp/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_ptp/molecule/default/molecule.yml deleted file mode 100644 index 6894ebdbb..000000000 --- a/tripleo_ansible/roles/tripleo_ptp/molecule/default/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_ptp/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_ptp/molecule/default/prepare.yml deleted file mode 100644 index 601e5c373..000000000 --- a/tripleo_ansible/roles/tripleo_ptp/molecule/default/prepare.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - cronie - - rsyslog - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_ptp/tasks/main.yml b/tripleo_ansible/roles/tripleo_ptp/tasks/main.yml deleted file mode 100644 index bcbe5063e..000000000 --- a/tripleo_ansible/roles/tripleo_ptp/tasks/main.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_ptp" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Get default interface network facts - setup: - gather_subset: - - '!all' - - '!any' - - network - filter: 'ansible_default_ipv4' - -- name: Set default ptp interface - set_fact: - tripleo_ptp_interfaces: ["{{ ansible_facts['default_ipv4']['interface'] }}"] - when: - - tripleo_ptp_interfaces | length == 0 - - ansible_facts['default_ipv4'] is defined - - ansible_facts['default_ipv4']['interface'] is defined - -- name: Run ptp tasks - include_tasks: tripleo_ptp.yml - -- name: Run phc2sys tasks - include_tasks: tripleo_phc2sys.yml - -- name: Force all notified handlers to run at this point - meta: flush_handlers diff --git a/tripleo_ansible/roles/tripleo_ptp/tasks/tripleo_ntp_stop.yml b/tripleo_ansible/roles/tripleo_ptp/tasks/tripleo_ntp_stop.yml deleted file mode 100644 index fb590dfa4..000000000 --- a/tripleo_ansible/roles/tripleo_ptp/tasks/tripleo_ntp_stop.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Check NTP service state - systemd: - name: ntpd - register: ntpd_service_state - failed_when: false - -- name: Stop NTP service - systemd: - name: ntpd - enabled: false - state: stopped - when: - - ntpd_service_state is success - - ((ntpd_service_state.status['SubState'] | lower) == 'running') or - ((ntpd_service_state.status['UnitFileState'] | lower) == 'enabled') diff --git a/tripleo_ansible/roles/tripleo_ptp/tasks/tripleo_phc2sys.yml b/tripleo_ansible/roles/tripleo_ptp/tasks/tripleo_phc2sys.yml deleted file mode 100644 index ab8f7ef4f..000000000 --- a/tripleo_ansible/roles/tripleo_ptp/tasks/tripleo_phc2sys.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Check for phc capabilities - command: "phc_ctl -q {{ item }}" - changed_when: false - failed_when: false - with_items: "{{ tripleo_ptp_interfaces }}" - register: device_capabilities - -- name: Validate hardware offload - set_fact: - tripleo_phc_interface: "{{ (device_capabilities.results | selectattr('rc', 'equalto', '0') | map(attribute='item') | list | first) | default('') }}" - when: - - tripleo_phc_interface is undefined - -- name: Create ptp service config - copy: - content: |- - OPTIONS="{{ ((tripleo_phc_interface | length) > 0) | ternary('-s' ~ tripleo_phc_interface ~ '-w', '-a -r') }}" - dest: /etc/sysconfig/phc2sys - when: - - tripleo_phc_interface - register: _ptp_phc2sys_sysconfig_result - -- name: Enable and start the phc2sys service - become: true - systemd: - name: phc2sys - state: restarted - enabled: true - when: - - _ptp_phc2sys_sysconfig_result.changed diff --git a/tripleo_ansible/roles/tripleo_ptp/tasks/tripleo_ptp.yml b/tripleo_ansible/roles/tripleo_ptp/tasks/tripleo_ptp.yml deleted file mode 100644 index a564682c6..000000000 --- a/tripleo_ansible/roles/tripleo_ptp/tasks/tripleo_ptp.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Install ptp packages - package: - name: "{{ tripleo_ptp_packages }}" - state: present - register: _ptp_install_result - -# NOTE(cloudnull): In the future, we could potentially revisit this once the Heat -# template for the "kernel" sysctl settings has been converted into -# an Ansible role and re-use the functionality of that. -# https://github.com/openstack/tripleo-heat-templates/blob/master/deployment/kernel/kernel-baremetal-puppet.yaml -- name: Enable multi-nic ptp - when: - - (tripleo_ptp_interfaces | length) > 1 - block: - - name: Relax rp filter - sysctl: - name: "net.ipv4.conf.{{ item }}.rp_filter" - value: 2 - sysctl_set: true - sysctl_file: /etc/sysctl.d/99-tripleo-ptp.conf - state: present - reload: true - with_items: "{{ tripleo_ptp_interfaces }}" - -- name: Check for hardware capabilities - command: "ethtool -T {{ item }}" - changed_when: false - failed_when: false - with_items: "{{ tripleo_ptp_interfaces }}" - register: device_capabilities - -- name: Validate hardware offload - set_fact: - tripleo_ptp_hardware_offload: "{{ (device_capabilities.results | map(attribute='rc') | list | sum) == 0 }}" - -- name: Create ptp config - template: - src: "ptp4l.conf.j2" - dest: /etc/ptp4l.conf - register: _ptp_config_result - -- name: Create ptp service config - copy: - content: |- - OPTIONS="-f /etc/ptp4l.conf" - dest: /etc/sysconfig/ptp4l - register: _ptp_sysconfig_result - -- name: Enable and start the ptp service - become: true - systemd: - name: ptp4l - state: restarted - enabled: true - when: - - _ptp_install_result.changed or _ptp_config_result.changed or _ptp_sysconfig_result.changed diff --git a/tripleo_ansible/roles/tripleo_ptp/templates/ptp4l.conf.j2 b/tripleo_ansible/roles/tripleo_ptp/templates/ptp4l.conf.j2 deleted file mode 100644 index d36aef146..000000000 --- a/tripleo_ansible/roles/tripleo_ptp/templates/ptp4l.conf.j2 +++ /dev/null @@ -1,12 +0,0 @@ -# {{ ansible_managed }} - -[global] -slaveOnly 1 -domainNumber {{ tripleo_ptp_slave_mode }} -time_stamping {{ (tripleo_ptp_hardware_offload | bool) | ternary('hardware', 'software') }} -network_transport {{ tripleo_ptp_transport }} -udp_ttl 1 - -{% for interface in tripleo_ptp_interfaces %} -[{{ interface }}] -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_ptp/vars/redhat.yml b/tripleo_ansible/roles/tripleo_ptp/vars/redhat.yml deleted file mode 100644 index c90e06c93..000000000 --- a/tripleo_ansible/roles/tripleo_ptp/vars/redhat.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -_tripleo_ptp_packages: - - ethtool - - iproute - - linuxptp diff --git a/tripleo_ansible/roles/tripleo_puppet_cache/defaults/main.yml b/tripleo_ansible/roles/tripleo_puppet_cache/defaults/main.yml deleted file mode 100644 index 1babc7c3a..000000000 --- a/tripleo_ansible/roles/tripleo_puppet_cache/defaults/main.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. -tripleo_puppet_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" -tripleo_puppet_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" - -# All variables within this role should have a prefix of "tripleo_puppet_cache" -tripleo_puppet_cache_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" -tripleo_puppet_cache_base_dir: /var/lib/container-puppet/puppetlabs -tripleo_puppet_cache_config: | - facts : { - blocklist: [ "EC2" ], - ttls: [ - { "kernel" : 8 hour }, - { "memory" : 8 hour }, - { "networking" : 8 hour }, - { "operating system" : 8 hour }, - { "processor" : 8 hour }, - ] - } diff --git a/tripleo_ansible/roles/tripleo_puppet_cache/meta/main.yml b/tripleo_ansible/roles/tripleo_puppet_cache/meta/main.yml deleted file mode 100644 index 77abdffec..000000000 --- a/tripleo_ansible/roles/tripleo_puppet_cache/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_puppet_cache - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_puppet_cache/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_puppet_cache/molecule/default/converge.yml deleted file mode 100644 index 74ff2d452..000000000 --- a/tripleo_ansible/roles/tripleo_puppet_cache/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_puppet_cache" diff --git a/tripleo_ansible/roles/tripleo_puppet_cache/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_puppet_cache/molecule/default/molecule.yml deleted file mode 100644 index b8aa37228..000000000 --- a/tripleo_ansible/roles/tripleo_puppet_cache/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_puppet_cache/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_puppet_cache/molecule/default/prepare.yml deleted file mode 100644 index 8c04c7ba8..000000000 --- a/tripleo_ansible/roles/tripleo_puppet_cache/molecule/default/prepare.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_setup_tripleo: true - test_deps_setup_stream: true - test_deps_extra_packages: - - facter - - rsync - - role: env_data - post_tasks: - - name: Create container-puppet dir - become: true - file: - path: /var/lib/container-puppet - state: directory diff --git a/tripleo_ansible/roles/tripleo_puppet_cache/tasks/main.yml b/tripleo_ansible/roles/tripleo_puppet_cache/tasks/main.yml deleted file mode 100644 index 69412337b..000000000 --- a/tripleo_ansible/roles/tripleo_puppet_cache/tasks/main.yml +++ /dev/null @@ -1,102 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_puppet_cache" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Create puppet caching structures - become: true - check_mode: false - file: - path: "{{ tripleo_puppet_cache_base_dir }}" - state: directory - setype: svirt_sandbox_file_t - selevel: s0 - recurse: true - -- name: Check for facter.conf - check_mode: false - stat: - path: "{{ tripleo_puppet_cache_base_dir }}/facter.conf" - register: _facter_conf_file - -# See LP#1852606 for context -- name: Remove facter.conf if directory - check_mode: false - become: true - file: - path: "{{ tripleo_puppet_cache_base_dir }}/facter.conf" - state: absent - force: true - when: - - _facter_conf_file.stat.isdir is defined - - _facter_conf_file.stat.isdir - -- name: Write facter cache config - become: true - check_mode: false - copy: - dest: "{{ tripleo_puppet_cache_base_dir }}/facter.conf" - content: "{{ tripleo_puppet_cache_config }}" - setype: svirt_sandbox_file_t - selevel: s0 - -- name: Cleanup facter cache if exists - become: true - check_mode: false - file: - path: /opt/puppetlabs/facter - state: absent - -- name: Pre-cache facts - become: true - check_mode: false - shell: facter --config "{{ tripleo_puppet_cache_base_dir }}/facter.conf" - retries: 5 - delay: 5 - no_log: "{{ tripleo_puppet_hide_sensitive_logs | bool }}" - failed_when: false - register: _facter_cache_run - -- name: Failed deployment if facter fails - check_mode: false - fail: - msg: "{{ _facter_cache_run.stderr }}" - when: _facter_cache_run.rc != 0 - -- name: Sync cached facts - become: true - check_mode: false - synchronize: - src: "/opt/puppetlabs/" - dest: "{{ tripleo_puppet_cache_base_dir }}/" - delegate_to: "{{ inventory_hostname }}" - when: _facter_cache_run.rc == 0 diff --git a/tripleo_ansible/roles/tripleo_redhat_enforce/defaults/main.yml b/tripleo_ansible/roles/tripleo_redhat_enforce/defaults/main.yml deleted file mode 100644 index 806afb92c..000000000 --- a/tripleo_ansible/roles/tripleo_redhat_enforce/defaults/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_redhat_enforce" -tripleo_redhat_enforce_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_redhat_enforce: true -tripleo_redhat_enforce_osp: '' -tripleo_redhat_enforce_os: '' diff --git a/tripleo_ansible/roles/tripleo_redhat_enforce/meta/main.yml b/tripleo_ansible/roles/tripleo_redhat_enforce/meta/main.yml deleted file mode 100644 index e5421f24e..000000000 --- a/tripleo_ansible/roles/tripleo_redhat_enforce/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_redhat_enforce - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_redhat_enforce/molecule/default/Dockerfile b/tripleo_ansible/roles/tripleo_redhat_enforce/molecule/default/Dockerfile deleted file mode 100644 index 8fc73a838..000000000 --- a/tripleo_ansible/roles/tripleo_redhat_enforce/molecule/default/Dockerfile +++ /dev/null @@ -1,37 +0,0 @@ -# Molecule managed -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} - - -CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/tripleo_ansible/roles/tripleo_redhat_enforce/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_redhat_enforce/molecule/default/converge.yml deleted file mode 100644 index b263d07cb..000000000 --- a/tripleo_ansible/roles/tripleo_redhat_enforce/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_redhat_enforce" diff --git a/tripleo_ansible/roles/tripleo_redhat_enforce/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_redhat_enforce/molecule/default/molecule.yml deleted file mode 100644 index b0d5a8e09..000000000 --- a/tripleo_ansible/roles/tripleo_redhat_enforce/molecule/default/molecule.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -driver: - name: podman - -log: true - -platforms: - - name: ubi8 - hostname: ubi8 - image: ubi8/ubi-init - registry: - url: registry.access.redhat.com - dockerfile: Dockerfile - pkg_extras: python*setuptools - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - - /etc/pki/rpm-gpg:/etc/pki/rpm-gpg - - /opt/yum.repos.d:/etc/yum.repos.d:rw - - /etc/dnf/vars:/etc/dnf/vars - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - ulimits: &ulimit - - host - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - ubi8: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_redhat_enforce/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_redhat_enforce/molecule/default/prepare.yml deleted file mode 100644 index 482277ce0..000000000 --- a/tripleo_ansible/roles/tripleo_redhat_enforce/molecule/default/prepare.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - vars: - test_deps_setup_stream: false - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_redhat_enforce/tasks/enforce_release.yml b/tripleo_ansible/roles/tripleo_redhat_enforce/tasks/enforce_release.yml deleted file mode 100644 index e14ec43e3..000000000 --- a/tripleo_ansible/roles/tripleo_redhat_enforce/tasks/enforce_release.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# We don't want to get false positive on subscription manager network -# issues, hence the logic in the retries/until. -- name: get current release settings - environment: - SMDEV_CONTAINER_OFF: True - command: 'subscription-manager release --show' - register: subscribed_release - ignore_errors: true - retries: 5 - delay: 3 - until: ('ConnectionRefusedError' not in subscribed_release.stderr and subscribed_release is failed) or subscribed_release is success - -- name: fails if not registered - fail: - msg: >- - Your environment is not subscribed! - If it is expected, please set SkipRhelEnforcement to true in the heat - parameter. - You can also disable it in the role, see rhsm_enforce role parameter. - If this is unexpected, you have to subscribe this node and - ensure that RHEL is pinned to {{ tripleo_redhat_enforce_os }} as - this is the only version supported for {{ tripleo_redhat_enforce_osp }}. - when: - - subscribed_release is failed - - ( 'This system is not yet registered' in subscribed_release.stderr ) - -- name: unknown failure during call to subscription-manager - fail: - msg: >- - Unknow failure during 'subscription-manager release --show': - {{ subscribed_release.stderr }} - when: - - subscribed_release is failed - - ( 'This system is not yet registered' not in subscribed_release.stderr ) - -- name: fails if the release is not correct - fail: - msg: >- - OSP{{ tripleo_redhat_enforce_osp }} is only supported with Red Hat {{ tripleo_redhat_enforce_os }}. - Please make sure to pin rhel to {{ tripleo_redhat_enforce_os }} using: - subscription-manager release --set={{ tripleo_redhat_enforce_os }}. - You can then proceed with the update. You can also disable it in the - role, see rhsm_enforce role parameter, if this is expected. - when: tripleo_redhat_enforce_os not in subscribed_release.stdout diff --git a/tripleo_ansible/roles/tripleo_redhat_enforce/tasks/main.yml b/tripleo_ansible/roles/tripleo_redhat_enforce/tasks/main.yml deleted file mode 100644 index 617ebd947..000000000 --- a/tripleo_ansible/roles/tripleo_redhat_enforce/tasks/main.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_redhat_enforce" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task -# will skip. - -# Note that using "skip: true" is deprecated, but "errors: ignore" -# fails on 2.8 with include_vars. -- name: Gather variables for each operating system - include_vars: "{{ include_file }}" - when: - - include_file is exists - vars: - include_file: "{{ role_path }}/vars/{{ ansible_facts['distribution'] | lower }}.yml" - tags: - - always - -- include_tasks: enforce_release.yml - name: Enforce RHEL/OSP version pair - when: - - (ansible_facts['distribution'] | lower) == "redhat" - - tripleo_redhat_enforce|bool diff --git a/tripleo_ansible/roles/tripleo_redhat_enforce/vars/redhat.yml b/tripleo_ansible/roles/tripleo_redhat_enforce/vars/redhat.yml deleted file mode 100644 index d3120e2a1..000000000 --- a/tripleo_ansible/roles/tripleo_redhat_enforce/vars/redhat.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_redhat_enforce" -tripleo_redhat_enforce_osp: '' -tripleo_redhat_enforce_os: '' diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/README.md b/tripleo_ansible/roles/tripleo_run_cephadm/README.md deleted file mode 100644 index 7a5e5385b..000000000 --- a/tripleo_ansible/roles/tripleo_run_cephadm/README.md +++ /dev/null @@ -1,13 +0,0 @@ -tripleo_run_cephadm -========= - -The purpose of this role is to perform three main actions: - -1. prepare the necessary information for the cephadm playbook execution -3. Enable the ceph-admin user -2. execute the cephadm playbook - -Role Variables --------------- - -- tripleo_run_cephadm_command_log: where the cephadm playbook logs its execution. diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/defaults/main.yml b/tripleo_ansible/roles/tripleo_run_cephadm/defaults/main.yml deleted file mode 100644 index 5151aab7d..000000000 --- a/tripleo_ansible/roles/tripleo_run_cephadm/defaults/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# defaults file for tripleo_ceph_run_cephadm -tripleo_run_cephadm_command_log: "cephadm_command.log" -tripleo_run_cephadm_dynamic_spec: true -tripleo_run_cephadm_spec_path: "{{ playbook_dir }}/cephadm/ceph_spec.yaml" -ceph_osd_spec: - data_devices: - all: true -ceph_spec_fqdn: false -tripleo_cephadm_deployed_ceph: false diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/meta/main.yml b/tripleo_ansible/roles/tripleo_run_cephadm/meta/main.yml deleted file mode 100644 index 2bd3f0acd..000000000 --- a/tripleo_ansible/roles/tripleo_run_cephadm/meta/main.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_cephadm - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: Centos - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/converge.yml deleted file mode 100644 index d4da46f9f..000000000 --- a/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_run_cephadm" diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/molecule.yml deleted file mode 100644 index d403c92c7..000000000 --- a/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/molecule.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - vars: - ansible_user: root - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/prepare.yml deleted file mode 100644 index 6d1db6509..000000000 --- a/tripleo_ansible/roles/tripleo_run_cephadm/molecule/default/prepare.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data - post_tasks: - - name: Ensure the cephadm workdir exists - file: - path: "{{ playbook_dir }}/cephadm" - state: "directory" diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/build_config_overrides.yml b/tripleo_ansible/roles/tripleo_run_cephadm/tasks/build_config_overrides.yml deleted file mode 100644 index 381b6d950..000000000 --- a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/build_config_overrides.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: build ceph orphan set - set_fact: - ceph_orphan: |- - {% set ceph_orphan = {} %} - {% for key, value in (ceph_config_overrides | default({})).items() %} - {% if not (['global', 'mon', 'mgr', 'osd', 'mds', 'client']) | intersect([key]) %} - {% set _ = ceph_orphan.__setitem__(key, value) %} - {% endif %} - {% endfor %} - {{ ceph_orphan }} - -- name: clean ceph_config_overrides list - set_fact: - config_overrides: "{{ config_overrides|default({})|combine({item.key: item.value}, recursive=True) }}" - when: - - not (ceph_orphan.keys() | intersect([item.key])) - with_dict: "{{ ceph_config_overrides|default({}) }}" - -- name: ceph_config_overrides w/o orphans - set_fact: - ceph_orphan: "{{ {'global': ceph_orphan|default({}) } }}" - when: ceph_orphan.keys() | length > 0 - -- name: build ceph config overrides - set_fact: - ceph_overrides: "{'ceph_conf_overrides': {{ ceph_default_overrides|default({}) |combine(config_overrides|default({}), recursive=True) - |combine(ceph_rgw_config_overrides|default({}), recursive=True)|combine(ceph_orphan|default({}), recursive=True) - |combine(ceph_client_config_overrides|default({}),recursive=True)}} }" diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/build_keys.yml b/tripleo_ansible/roles/tripleo_run_cephadm/tasks/build_keys.yml deleted file mode 100644 index f0152235f..000000000 --- a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/build_keys.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: reset profiles string to avoid complex string manipulation - set_fact: - profiles: "" - -- name: build openstack client key - block: - - name: build openstack client profiles per pool - set_fact: - profiles: "{{ 'profile rbd pool='.join((profiles|default(''), (current+', '))) }}" - vars: - current: "{{ item.name }}" - with_items: "{{ openstack_pools.openstack_pools }}" - - - name: set openstack client caps - set_fact: - osp_client_default_caps: {'mgr': 'allow *', 'mon': 'profile rbd'} - - - name: set openstack client osd(s) caps - set_fact: - osp_client_osd_caps: {'osd': "{{ profiles | regex_replace('\\, $', '') }}"} - when: profiles|length > 0 - - - name: Combine caps - set_fact: - osp_client_caps: "{{ osp_client_default_caps | combine(osp_client_osd_caps|default({})) }}" - - - name: set openstack client key - set_fact: - client_key: [{'name': '{{ ".".join(("client", ceph_keys.openstack_client.name)) }}', - 'key': '{{ ceph_keys.openstack_client.key }}', 'mode':'0600', 'caps': '{{ osp_client_caps }}'}] - -- name: build manila key for openstack - vars: - manila_caps: {"mgr": "allow rw", "mon": "allow r", "osd": "allow rw pool {{ manila_pools.data }}"} - set_fact: - manila_key: [{'name': '{{ ".".join(("client", ceph_keys.manila.name)) }}', 'key': '{{ ceph_keys.manila.key }}', - 'mode': '0600', 'caps': '{{ manila_caps }}'}] - when: - - tripleo_enabled_services | intersect(['manila_api']) - -- name: build radosgw key for openstack - vars: - rgw_caps: {"mgr": "allow *", "mon": "allow rw", "osd": "allow rwx"} - set_fact: - rgw_key: [{'name': '{{ ".".join(("client", ceph_keys.radosgw.name)) }}', 'key': '{{ ceph_keys.radosgw.key }}', - 'mode': '0600', 'caps': '{{ rgw_caps }}'}] - when: - - tripleo_enabled_services | intersect(['ceph_rgw']) - -- name: build the resulting keys - set_fact: - openstack_keys: "{ 'openstack_keys': {{ client_key|default([]) + rgw_key|default([]) + manila_key|default([]) + - ceph_keys.extra_keys|default([]) }} }" - keys: "{ 'keys': {{ client_key|default([]) + rgw_key|default([]) + manila_key|default([]) + ceph_keys.extra_keys|default([]) }} }" diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/build_pools.yml b/tripleo_ansible/roles/tripleo_run_cephadm/tasks/build_pools.yml deleted file mode 100644 index e4f0d4513..000000000 --- a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/build_pools.yml +++ /dev/null @@ -1,91 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: build pool list - block: - - name: build filter list - set_fact: - overrides: "{{ overrides|default([]) + [ item.name ] }}" - with_items: "{{ ceph_pools.extra_pools }}" - - - name: add images pool - set_fact: - images: [{'name': '{{ ceph_pools.glance_pool.name }}', 'pg_num': '{{ ceph_pools.pg_num | default(omit) }}', 'rule_name': 'replicated_rule', 'application': 'rbd'}] - when: - - tripleo_pool_images - - ceph_pools.glance_pool.name not in overrides|default([]) - - - name: add volumes pool - set_fact: - volumes: [{'name': '{{ ceph_pools.cinder_pool.name }}', 'pg_num': '{{ ceph_pools.pg_num | default(omit) }}', 'rule_name': 'replicated_rule', 'application': 'rbd'}] - when: - - tripleo_pool_volumes - - ceph_pools.cinder_pool.name not in overrides|default([]) - - - name: add vms pool - set_fact: - vms: [{'name': '{{ ceph_pools.nova_pool.name }}', 'pg_num': '{{ ceph_pools.pg_num | default(omit) }}', 'rule_name': 'replicated_rule', 'application': 'rbd'}] - when: - - tripleo_pool_vms - - ceph_pools.nova_pool.name not in overrides|default([]) - - - name: add gnocchi pool - set_fact: - metrics: [{'name': '{{ ceph_pools.gnocchi_pool.name }}', 'pg_num': '{{ ceph_pools.pg_num | default(omit) }}', 'rule_name': 'replicated_rule', - 'application': 'openstack_gnocchi'}] - when: - - tripleo_pool_metrics - - tripleo_enabled_services | intersect(['gnocchi_api']) - - ceph_pools.gnocchi_pool.name not in overrides|default([]) - - - name: add cinder backup pool - set_fact: - backup: [{'name': '{{ ceph_pools.cinder_backup_pool.name }}', 'pg_num': '{{ ceph_pools.pg_num | default(omit) }}', 'rule_name': 'replicated_rule', - 'application': 'rbd'}] - when: - - tripleo_pool_volumes - - tripleo_pool_backup - - tripleo_enabled_services | intersect(['cinder_backup']) - - ceph_pools.cinder_backup_pool.name not in overrides|default([]) - - - name: add cinder extra pools - set_fact: - cinder_extra: "{{ (cinder_extra|default([]) + [ pool ])|unique }}" - vars: - pool: "{'name': '{{ item }}', 'pg_num': '{{ ceph_pools.pg_num | default(omit) }}', 'rule_name': 'replicated_rule', 'application': 'rbd' }" - with_items: "{{ ceph_pools.cinder_pool.cinder_extra_pools }}" - when: - - tripleo_pool_volumes - - item not in overrides | default([]) - - - name: build resulting pool list - set_fact: - openstack_pools: "{'openstack_pools': {{ vms|default([]) + volumes|default([]) + images|default([]) + metrics|default([]) - + backup|default([]) + cinder_extra|default([]) + ceph_pools.extra_pools|default([]) }} }" - -- name: build manila pool list - block: - - name: add manila data pool - set_fact: - cephfs_data: {'cephfs_data_pool': {'name': '{{ manila_pools.data }}', 'pg_num': '{{ manila_pools.data_pg_num | default(omit) }}', - 'rule_name': 'replicated_rule', 'application': 'cephfs'}} - - - name: add manila metadata pool - set_fact: - cephfs_metadata: {'cephfs_metadata_pool': {'name': '{{ manila_pools.metadata }}', 'pg_num': '{{ manila_pools.metadata_pg_num | default(omit) }}', - 'rule_name': 'replicated_rule', 'application': 'cephfs'}} - when: - - tripleo_enabled_services | intersect(['manila_api']) diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/disable_cephadm.yml b/tripleo_ansible/roles/tripleo_run_cephadm/tasks/disable_cephadm.yml deleted file mode 100644 index 679bf7cea..000000000 --- a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/disable_cephadm.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Setup the disable_cephadm playbook command - set_fact: - cephadm_disable_cephadm_command: - - ANSIBLE_LOG_PATH="{{ playbook_dir }}/cephadm/disable_cephadm.log" - - ANSIBLE_HOST_KEY_CHECKING=false - - ansible-playbook - - '-i' - - '{{ inventory_file }}' - - '{% if ansible_python_interpreter is defined %}-e ansible_python_interpreter={{ ansible_python_interpreter }}{% endif %}' - - '/usr/share/ansible/tripleo-playbooks/disable_cephadm.yml' - - '-e @{{ playbook_dir }}/cephadm/cephadm-extra-vars-heat.yml' - - '-e @{{ playbook_dir }}/global_vars.yaml' - - '--limit ceph_mon[0]' - -- name: Run disable_cephadm - shell: "{{ (cephadm_disable_cephadm_command)|join(' ') }}" - tags: - - disable_cephadm diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/enable_ceph_admin_user.yml b/tripleo_ansible/roles/tripleo_run_cephadm/tasks/enable_ceph_admin_user.yml deleted file mode 100644 index d81637595..000000000 --- a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/enable_ceph_admin_user.yml +++ /dev/null @@ -1,89 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Ensure ceph_working_dir is defined - block: - - name: Set ceph_working_dir based on stack_name - set_fact: - ceph_working_dir: "{{ lookup('env', 'HOME') }}/overcloud-deploy/{{ stack_name }}" - when: - - stack_name is defined - - name: Set ceph_working_dir based on playbook_dir - set_fact: - ceph_working_dir: "{{ playbook_dir }}/cephadm" - when: - - stack_name is undefined - when: - - ceph_working_dir is undefined - -- name: Ensure cephadm_admin_hosts list is defined - set_fact: - cephadm_admin_hosts: - - ceph_mon - - ceph_mgr - when: - - (cephadm_admin_hosts is not defined or - not (cephadm_admin_hosts | length > 0)) - -- name: Ensure cephadm_non_admin_hosts list is defined - set_fact: - cephadm_non_admin_hosts: - - ceph_osd - - ceph_rgw - - ceph_mds - - ceph_nfs - - ceph_rbdmirror - when: - - (cephadm_non_admin_hosts is not defined or - not (cephadm_non_admin_hosts | length > 0)) - -- name: Populate cephadm_admin_limit_file - copy: - dest: "{{ ceph_working_dir }}/cephadm_admin_limit.txt" - content: "undercloud\n{% for host in cephadm_admin_hosts %}{{ host }}\n{% endfor %}" - -- name: Populate cephadm_non_admin_limit_file - copy: - dest: "{{ ceph_working_dir }}/cephadm_non_admin_limit.txt" - content: "undercloud\n{% for host in cephadm_non_admin_hosts %}{{ host }}\n{% endfor %}" - -- name: Prepare call to ceph-admin-user-playbook - set_fact: - cephadm_ssh_list: - - "ANSIBLE_LOG_PATH={{ ceph_working_dir }}/cephadm_enable_user_key.log" - - ANSIBLE_HOST_KEY_CHECKING=false - - ansible-playbook - - '-i' - - '{{ inventory_file }}' - - '{% if ansible_python_interpreter is defined %}-e ansible_python_interpreter={{ ansible_python_interpreter }}{% endif %}' - - '/usr/share/ansible/tripleo-playbooks/ceph-admin-user-playbook.yml' - - "-e tripleo_admin_user={{ tripleo_cephadm_ssh_user|default('ceph-admin') }}" - cephadm_public_private_ssh_list: - - '-e distribute_private_key=true' - - "--limit @{{ ceph_working_dir }}/cephadm_admin_limit.txt" - cephadm_public_ssh_list: - - '-e distribute_private_key=false' - - "--limit @{{ ceph_working_dir }}/cephadm_non_admin_limit.txt" - -- name: Run ceph-admin-user-playbook for public and private keys - shell: "{{ (cephadm_ssh_list + cephadm_public_private_ssh_list)|join(' ') }}" - tags: - - run_cephadm - -- name: Run ceph-admin-user-playbook for public keys - shell: "{{ (cephadm_ssh_list + cephadm_public_ssh_list)|join(' ') }}" - tags: - - run_cephadm diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/main.yml b/tripleo_ansible/roles/tripleo_run_cephadm/tasks/main.yml deleted file mode 100644 index 2b1674e19..000000000 --- a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/main.yml +++ /dev/null @@ -1,87 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# tasks file for tripleo_run_cephadm -- name: set cephadm playbook - set_fact: - tripleo_run_cephadm_playbook: > - {{ tripleo_run_cephadm_playbook|default('/usr/share/ansible/tripleo-playbooks/cephadm.yml') }} - -- name: Setup the log path - set_fact: - tripleo_run_cephadm_log_path: "{{ playbook_dir }}/cephadm/{{ tripleo_run_cephadm_command_log }}" -- name: Setup the cephadm playbook command - set_fact: - triple_run_cephadm_command_list: - - ANSIBLE_LOG_PATH="{{ tripleo_run_cephadm_log_path }}" - - ANSIBLE_HOST_KEY_CHECKING=false - - ansible-playbook - - '{% if ansible_python_interpreter is defined %}-e ansible_python_interpreter={{ ansible_python_interpreter }}{% endif %}' - - '-e @{{ playbook_dir }}/cephadm/cephadm-extra-vars-heat.yml' - - '-e @{{ playbook_dir }}/cephadm/cephadm-extra-vars-ansible.yml' - - '-e @{{ playbook_dir }}/global_vars.yaml' - -- name: rotate cephadm_command.log - become: true - shell: | - if [[ -e cephadm_command.log ]]; then - mv cephadm_command.log cephadm_command.log-$(date "+%Y-%m-%dT%H:%M:%S"); - fi - args: - chdir: "{{ playbook_dir }}/cephadm/" - -- name: save cephadm playbook command to shell script - copy: - dest: "{{ playbook_dir }}/cephadm/cephadm_command.sh" - mode: '0755' - content: | - #!/usr/bin/env bash - set -e - echo "Running $0" >> {{ tripleo_run_cephadm_log_path }} - {% set inv = "-i "+ inventory_file %} - {{ triple_run_cephadm_command_list|join(' ') }} {{ inv }} {{ tripleo_run_cephadm_playbook }} 2>&1 - -- name: "Notify user about upcoming cephadm execution(s)" - debug: - msg: "Running {{ ceph_scripts|default(['cephadm_command.sh'])|length }} cephadm playbook(s) (immediate log at {{ tripleo_run_cephadm_log_path }})" - -- name: run cephadm playbook - shell: "{{ playbook_dir + '/cephadm/cephadm_command.sh' }}" - failed_when: false - register: triple_run_cephadm_output - when: triple_run_cephadm_output.rc is undefined or triple_run_cephadm_output.rc == 0 - tags: - - run_cephadm - -- name: search triple_run_cephadm_output of cephadm run(s) non-zero return codes - set_fact: - tripleo_run_cephadm_std_out_err: "{{ triple_run_cephadm_output.stdout_lines | default([]) | union(triple_run_cephadm_output.stderr_lines | default([])) }}" - no_log: "{{ tripleo_run_cephadm_hide_sensitive_logs | bool }}" - when: - - triple_run_cephadm_output.rc is defined - - triple_run_cephadm_output.rc != 0 - tags: - - run_cephadm - -- name: print cephadm triple_run_cephadm_output in case of failure - debug: - var: tripleo_run_cephadm_std_out_err - when: - - tripleo_run_cephadm_std_out_err is defined - failed_when: - - tripleo_run_cephadm_std_out_err is defined - tags: - - run_cephadm diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/prepare.yml b/tripleo_ansible/roles/tripleo_run_cephadm/tasks/prepare.yml deleted file mode 100644 index 1f8b24462..000000000 --- a/tripleo_ansible/roles/tripleo_run_cephadm/tasks/prepare.yml +++ /dev/null @@ -1,114 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: create cephadm workdir - file: - path: "{{ item }}" - state: directory - with_items: - - "{{ playbook_dir }}/cephadm" - tags: - - run_cephadm - -- name: symbolic link to tripleo inventory from cephadm work directory - file: - src: "{{ inventory_file }}" - dest: "{{ playbook_dir }}/cephadm/inventory.yml" - state: link - force: true - tags: - - run_cephadm - -- name: get the list of enabled services on the overcloud - set_fact: - tripleo_enabled_services: "{{ enabled_services | default([]) }}" - -- name: "Set grafana_vip: {{ net_vip_map[service_net_map['ceph_dashboard_network']] }}" - set_fact: - grafana_vip: "{{ net_vip_map[service_net_map['ceph_dashboard_network']] }}" - when: - - tripleo_enabled_services | intersect(['ceph_grafana']) - -- include_tasks: build_pools.yml - vars: - tripleo_pool_images: "{{ ceph_pools.glance_pool.enabled }}" - tripleo_pool_vms: "{{ ceph_pools.nova_pool.enabled }}" - tripleo_pool_volumes: "{{ ceph_pools.cinder_pool.enabled }}" - tripleo_pool_backup: "{{ ceph_pools.cinder_backup_pool.enabled }}" - tripleo_pool_metrics: "{{ ceph_pools.gnocchi_pool.enabled }}" - -- include_tasks: build_keys.yml - -- include_tasks: build_config_overrides.yml - -- name: generate heat cephadm-extra-vars for running tripleo_cephadm role - copy: - dest: "{{ playbook_dir }}/cephadm/cephadm-extra-vars-heat.yml" - content: "{{ cephadm_extra_vars | combine(ceph_overrides|default({})) - | combine(ceph_monitoring_stack|default({})) - | combine(ceph_dashboard_vars|default({})) - | combine(cephadm_rbdmirror| default({})) - | combine(cephadm_rgw_vars|default({})) - | combine(cephfs_metadata|default({})) - | combine(ceph_nfs_vars|default({})) - | combine(cephfs_data|default({})) - | combine(ceph_pools|default({})) - | to_nice_yaml }}" - -- name: Configure boostrap host info for cephadm - when: "{{ groups['ceph_mon'] | default([]) | length > 0 }}" - block: - - name: Set bootstrap host - set_fact: - tripleo_cephadm_bootstrap_host: "{{ groups['ceph_mon'][0] }}" - - - name: Set first monitor IP - set_fact: - tripleo_cephadm_first_mon_ip: "{{ hostvars[tripleo_cephadm_bootstrap_host][tripleo_run_cephadm_net] | - default(ansible_host) }}" - vars: - tripleo_run_cephadm_net: "{{ service_net_map['ceph_mon_network']|default('') + '_ip' }}" - - - name: genereate ceph_spec for bootstrap - ceph_spec_bootstrap: - new_ceph_spec: "{{ tripleo_run_cephadm_spec_path }}" - tripleo_ansible_inventory: "{{ inventory_file }}" - fqdn: "{{ ceph_spec_fqdn }}" - osd_spec: "{{ ceph_osd_spec }}" - when: - - tripleo_cephadm_dynamic_spec - - not tripleo_cephadm_deployed_ceph - -- name: generate ansible cephadm-extra-vars for running tripleo_cephadm role - copy: - dest: "{{ playbook_dir }}/cephadm/cephadm-extra-vars-ansible.yml" - content: | - tripleo_cephadm_bootstrap_host: {{ tripleo_cephadm_bootstrap_host | default('') }} - tripleo_cephadm_first_mon_ip: {{ tripleo_cephadm_first_mon_ip | default('') }} - tripleo_cephadm_spec_on_bootstrap: false - tripleo_cephadm_pools: {{ openstack_pools.get('openstack_pools', []) }} - tripleo_cephadm_keys: {{ keys.get('keys',[]) }} - tripleo_cephadm_dashboard_frontend_vip: {{ grafana_vip|default() }} - service_net_map: {{ service_net_map|default({}) }} - tripleo_enabled_services: {{ enabled_services | default([]) }} - tripleo_cephadm_fqdn: "{{ ceph_spec_fqdn | bool }}" - tripleo_cephadm_spec_ansible_host: "{{ tripleo_run_cephadm_spec_path }}" - tripleo_cephadm_internal_tls_enabled: "{{ enable_internal_tls }}" - tripleo_cephadm_num_osd_expected: "{{ groups['ceph_osd'] | default([]) | length }}" - tripleo_cephadm_deployed_ceph: {{ tripleo_cephadm_deployed_ceph | default(false) }} - tripleo_cephadm_wait_for_mons: "{{ false if tripleo_cephadm_deployed_ceph else true }}" - tripleo_cephadm_wait_for_osds: "{{ false if tripleo_cephadm_deployed_ceph else true }}" - tripleo_cephadm_predeployed: "{{ false if tripleo_cephadm_deployed_ceph else true }}" diff --git a/tripleo_ansible/roles/tripleo_run_cephadm/vars/main.yml b/tripleo_ansible/roles/tripleo_run_cephadm/vars/main.yml deleted file mode 100644 index c0f9477a2..000000000 --- a/tripleo_ansible/roles/tripleo_run_cephadm/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for tripleo_ceph_run_cephadm diff --git a/tripleo_ansible/roles/tripleo_securetty/defaults/main.yml b/tripleo_ansible/roles/tripleo_securetty/defaults/main.yml deleted file mode 100644 index 3102c9b08..000000000 --- a/tripleo_ansible/roles/tripleo_securetty/defaults/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_securetty" -tripleo_ttys: [] diff --git a/tripleo_ansible/roles/tripleo_securetty/meta/main.yml b/tripleo_ansible/roles/tripleo_securetty/meta/main.yml deleted file mode 100644 index 8d8650425..000000000 --- a/tripleo_ansible/roles/tripleo_securetty/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_securetty - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_securetty/molecule/create/converge.yml b/tripleo_ansible/roles/tripleo_securetty/molecule/create/converge.yml deleted file mode 100644 index 20b7eeffe..000000000 --- a/tripleo_ansible/roles/tripleo_securetty/molecule/create/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_securetty" diff --git a/tripleo_ansible/roles/tripleo_securetty/molecule/create/molecule.yml b/tripleo_ansible/roles/tripleo_securetty/molecule/create/molecule.yml deleted file mode 100644 index 6894ebdbb..000000000 --- a/tripleo_ansible/roles/tripleo_securetty/molecule/create/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_securetty/molecule/create/prepare.yml b/tripleo_ansible/roles/tripleo_securetty/molecule/create/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/tripleo_securetty/molecule/create/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_securetty/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_securetty/molecule/default/converge.yml deleted file mode 100644 index c6072956a..000000000 --- a/tripleo_ansible/roles/tripleo_securetty/molecule/default/converge.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_securetty" - tripleo_ttys: - - console - - vc/1 - - vc/2 - - vc/3 - - vc/4 - - vc/5 - - vc/6 - - vc/7 - - vc/8 - - vc/9 - - vc/10 - - vc/11 - - tty1 - - tty2 - - tty3 - - tty4 - - tty5 - - tty6 - - tty7 - - tty8 - - tty9 - - tty10 - - tty11 diff --git a/tripleo_ansible/roles/tripleo_securetty/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_securetty/molecule/default/molecule.yml deleted file mode 100644 index 56a6e9e08..000000000 --- a/tripleo_ansible/roles/tripleo_securetty/molecule/default/molecule.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -driver: - name: podman - -log: true - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_securetty/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_securetty/molecule/default/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/tripleo_securetty/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_securetty/tasks/main.yml b/tripleo_ansible/roles/tripleo_securetty/tasks/main.yml deleted file mode 100644 index ceedcad6a..000000000 --- a/tripleo_ansible/roles/tripleo_securetty/tasks/main.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Create securetty file - become: true - template: - src: securetty.j2 - dest: /etc/securetty - mode: "0600" - owner: root - group: root - when: - - (tripleo_ttys | length) > 0 diff --git a/tripleo_ansible/roles/tripleo_securetty/templates/securetty.j2 b/tripleo_ansible/roles/tripleo_securetty/templates/securetty.j2 deleted file mode 100644 index 5f06d97c5..000000000 --- a/tripleo_ansible/roles/tripleo_securetty/templates/securetty.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# {{ ansible_managed }} - -{% for tty in tripleo_ttys %} -{{ tty }} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_ssh_known_hosts/defaults/main.yml b/tripleo_ansible/roles/tripleo_ssh_known_hosts/defaults/main.yml deleted file mode 100644 index b79b2b653..000000000 --- a/tripleo_ansible/roles/tripleo_ssh_known_hosts/defaults/main.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. diff --git a/tripleo_ansible/roles/tripleo_ssh_known_hosts/meta/main.yml b/tripleo_ansible/roles/tripleo_ssh_known_hosts/meta/main.yml deleted file mode 100644 index d5ae2eadc..000000000 --- a/tripleo_ansible/roles/tripleo_ssh_known_hosts/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_module_load - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/default/converge.yml deleted file mode 100644 index 11d1bf5df..000000000 --- a/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/default/converge.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - pre_tasks: - - name: Override ssh_host_key_rsa_public test value in ansible_facts - set_fact: - ansible_facts: "{{ ansible_facts|combine({'ssh_host_key_rsa_public': 'AAAATEST'}) }}" - roles: - - role: "tripleo_ssh_known_hosts" diff --git a/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/default/molecule.yml deleted file mode 100644 index 0ccdfa159..000000000 --- a/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/default/molecule.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - children: - allovercloud: - hosts: - centos: - ctlplane_ip: 10.0.0.1 - ctlplane_hostname: centos.ctlplane.localdomain - internal_api_ip: 10.0.1.1 - internal_api_hostname: centos.internalapi.localdomain - management_ip: 10.0.0.1 # no management_hostname - canonical_hostname: centos.localdomain - tripleo_role_networks: [ctlplane, internal_api, management] - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/default/prepare.yml deleted file mode 100644 index d4426a92c..000000000 --- a/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/default/prepare.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - openssh - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/default/tests/test_default.py b/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/default/tests/test_default.py deleted file mode 100644 index 7c9bbc740..000000000 --- a/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/default/tests/test_default.py +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import os - -import testinfra.utils.ansible_runner - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_ssh_host_keys(host): - expected = [ - '[10.0.0.1]*,[centos.ctlplane.localdomain]*,[10.0.1.1]*,[centos.internalapi.localdomain]*,[centos.localdomain]*,[centos]* ssh-rsa AAAATEST', - ] - known_hosts = host.file("/etc/ssh/ssh_known_hosts").content_string - for line in expected: - assert line in host.file("/etc/ssh/ssh_known_hosts").content_string diff --git a/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/no_networks/converge.yml b/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/no_networks/converge.yml deleted file mode 100644 index 11d1bf5df..000000000 --- a/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/no_networks/converge.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - pre_tasks: - - name: Override ssh_host_key_rsa_public test value in ansible_facts - set_fact: - ansible_facts: "{{ ansible_facts|combine({'ssh_host_key_rsa_public': 'AAAATEST'}) }}" - roles: - - role: "tripleo_ssh_known_hosts" diff --git a/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/no_networks/molecule.yml b/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/no_networks/molecule.yml deleted file mode 100644 index a4b630a95..000000000 --- a/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/no_networks/molecule.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - children: - allovercloud: - hosts: - centos: - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/no_networks/prepare.yml b/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/no_networks/prepare.yml deleted file mode 100644 index d4426a92c..000000000 --- a/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/no_networks/prepare.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - openssh - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/no_networks/tests/test_no_networks.py b/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/no_networks/tests/test_no_networks.py deleted file mode 100644 index 1ad69d40d..000000000 --- a/tripleo_ansible/roles/tripleo_ssh_known_hosts/molecule/no_networks/tests/test_no_networks.py +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import os - -import testinfra.utils.ansible_runner - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_ssh_host_keys(host): - expected = [ - '[centos]* ssh-rsa AAAATEST', - ] - known_hosts = host.file("/etc/ssh/ssh_known_hosts").content_string - for line in expected: - assert line in host.file("/etc/ssh/ssh_known_hosts").content_string diff --git a/tripleo_ansible/roles/tripleo_ssh_known_hosts/tasks/main.yml b/tripleo_ansible/roles/tripleo_ssh_known_hosts/tasks/main.yml deleted file mode 100644 index 25d3ebed5..000000000 --- a/tripleo_ansible/roles/tripleo_ssh_known_hosts/tasks/main.yml +++ /dev/null @@ -1,90 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Add host keys in /etc/ssh/ssh_known_hosts for live/cold-migration - become: true - check_mode: false - block: - - name: Create temporary file for ssh_known_hosts - tempfile: - state: file - register: ssh_known_hosts_tmp - - - name: Check for ssh_known_hosts file - stat: - path: /etc/ssh/ssh_known_hosts - register: _ssh_known_hosts - - - name: Create a temporary copy of ssh_known_hosts - slurp: - src: "/etc/ssh/ssh_known_hosts" - register: existing_ssh_known_hosts - when: - - _ssh_known_hosts.stat.exists | bool - - - name: Write temporary file - copy: - content: "{{ existing_ssh_known_hosts['content'] | b64decode }}" - dest: "{{ ssh_known_hosts_tmp.path }}" - when: - - _ssh_known_hosts.stat.exists | bool - - - name: Set ssh_known_hosts fact - run_once: true - set_fact: - ssh_known_hosts_lines: |- - {% for host in groups['allovercloud'] | intersect(play_hosts) %} - {% set hostdata = hostvars[host] %} - {% if 'ssh_host_key_rsa_public' in hostdata['ansible_facts'] %} - {% set entries = [] %} - {% set enabled_host_networks = hostdata['tripleo_role_networks']|default([]) %} - {% for network in enabled_host_networks %} - {% if (network ~ '_ip') in hostdata %} - {% set _ = entries.append('[' ~ hostdata[network ~ '_ip'] ~ ']*') %} - {% endif %} - {% if (network ~ '_hostname') in hostdata %} - {% set _ = entries.append('[' ~ hostdata[network ~ '_hostname'] ~ ']*') %} - {% endif %} - {% endfor %} - {% if 'canonical_hostname' in hostdata %} - {% set _ = entries.append('[' ~ hostdata['canonical_hostname'] ~ ']*') %} - {% endif %} - {% set _ = entries.append('[' ~ host ~ ']*') %} - {% set line = entries|unique|join(',') ~ ' ssh-rsa ' ~ hostdata['ansible_facts']['ssh_host_key_rsa_public'] %} - {{ line }} - {% endif %} - {% endfor %} - - - name: Add host keys to temporary ssh_known_hosts - blockinfile: - path: "{{ ssh_known_hosts_tmp.path }}" - block: "{{ ssh_known_hosts_lines }}" - create: true - - # Workaround https://bugs.launchpad.net/tripleo/+bug/1810932 - # Ansible modules perform a replace instead of in-place modification. - # This breaks propagation of changes to containers that bind mount ssh_known_hosts - - name: In-place update of /etc/ssh_known_hosts - shell: |- - cat '{{ ssh_known_hosts_tmp.path }}' > /etc/ssh/ssh_known_hosts - - - name: Remove temp file - file: - path: "{{ ssh_known_hosts_tmp.path }}" - state: absent - tags: - - tripleo_ssh_known_hosts diff --git a/tripleo_ansible/roles/tripleo_sshd/defaults/main.yml b/tripleo_ansible/roles/tripleo_sshd/defaults/main.yml deleted file mode 100644 index 421369792..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/defaults/main.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_sshd" -# Mapping of sshd_config values - -# Package state for ssh -tripleo_sshd_package_state: present - -tripleo_sshd_motd_enabled: false -tripleo_sshd_message_of_the_day: '' -tripleo_sshd_banner_enabled: false -tripleo_sshd_banner_text: '' - -# SSH configuration options -tripleo_sshd_password_authentication: 'no' -tripleo_sshd_gssapi_authentication: 'no' - -tripleo_sshd_server_options: - HostKey: - - '/etc/ssh/ssh_host_rsa_key' - - '/etc/ssh/ssh_host_ecdsa_key' - - '/etc/ssh/ssh_host_ed25519_key' - SyslogFacility: 'AUTHPRIV' - AuthorizedKeysFile: '.ssh/authorized_keys' - ChallengeResponseAuthentication: 'no' - GSSAPIAuthentication: "{{ tripleo_sshd_gssapi_authentication }}" - GSSAPICleanupCredentials: 'no' - UsePAM: 'yes' - UseDNS: 'no' - X11Forwarding: 'yes' - AcceptEnv: - - 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES' - - 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT' - - 'LC_IDENTIFICATION LC_ALL LANGUAGE' - - 'XMODIFIERS' - Subsystem: 'sftp /usr/libexec/openssh/sftp-server' diff --git a/tripleo_ansible/roles/tripleo_sshd/meta/main.yml b/tripleo_ansible/roles/tripleo_sshd/meta/main.yml deleted file mode 100644 index f765cbc28..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_sshd - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_sshd/molecule/banners/converge.yml b/tripleo_ansible/roles/tripleo_sshd/molecule/banners/converge.yml deleted file mode 100644 index e42fdb749..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/molecule/banners/converge.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - name: tripleo_sshd - tripleo_sshd_motd_enabled: true - tripleo_sshd_banner_enabled: true diff --git a/tripleo_ansible/roles/tripleo_sshd/molecule/banners/molecule.yml b/tripleo_ansible/roles/tripleo_sshd/molecule/banners/molecule.yml deleted file mode 100644 index 99bee3e4c..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/molecule/banners/molecule.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -driver: - name: podman - -platforms: - - name: centos - hostname: centos - image: ${TRIPLEO_ANSIBLE_MOLECULE_IMAGE:-"ubi9/ubi-init"} - registry: - url: ${TRIPLEO_ANSIBLE_MOLECULE_REGISTRY:-"registry.access.redhat.com"} - dockerfile: ../default/Dockerfile.j2 - pkg_extras: python*setuptools - command: "/sbin/init" - volumes: ${TRIPLEO_ANSIBLE_SSHD_MOLECULE_VOLUMES:-['/sys/fs/cgroup:/sys/fs/cgroup:rw','/etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro','/etc/pki/rpm-gpg:/etc/pki/rpm-gpg:O','/opt/yum.repos.d:/etc/yum.repos.d:O','/etc/dnf/vars:/etc/dnf/vars:O']} - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - ulimits: &ulimit - - host - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy diff --git a/tripleo_ansible/roles/tripleo_sshd/molecule/default/Dockerfile.j2 b/tripleo_ansible/roles/tripleo_sshd/molecule/default/Dockerfile.j2 deleted file mode 100644 index ccdda8fc9..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,35 +0,0 @@ -# Molecule managed -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_sshd/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_sshd/molecule/default/converge.yml deleted file mode 100644 index 94071a733..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - name: tripleo_sshd diff --git a/tripleo_ansible/roles/tripleo_sshd/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_sshd/molecule/default/molecule.yml deleted file mode 100644 index f9c2a701d..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/molecule/default/molecule.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -driver: - name: podman - -log: true - -platforms: - - name: centos - hostname: centos - image: ${TRIPLEO_ANSIBLE_MOLECULE_IMAGE:-"ubi9/ubi-init"} - registry: - url: ${TRIPLEO_ANSIBLE_MOLECULE_REGISTRY:-"registry.access.redhat.com"} - dockerfile: Dockerfile.j2 - pkg_extras: python*setuptools systemd - command: "/sbin/init" - volumes: ${TRIPLEO_ANSIBLE_SSHD_MOLECULE_VOLUMES:-['/sys/fs/cgroup:/sys/fs/cgroup:rw','/etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro','/etc/pki/rpm-gpg:/etc/pki/rpm-gpg:O','/opt/yum.repos.d:/etc/yum.repos.d:O','/etc/dnf/vars:/etc/dnf/vars:O']} - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - ulimits: &ulimit - - host - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy diff --git a/tripleo_ansible/roles/tripleo_sshd/molecule/default/verify.yml b/tripleo_ansible/roles/tripleo_sshd/molecule/default/verify.yml deleted file mode 100644 index c1baa6372..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/molecule/default/verify.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- - -- name: Verify - hosts: all - tasks: - - - name: load_vars tripleo_sshd - include_role: - name: tripleo_sshd - tasks_from: load_vars.yml - - - name: Gather package facts - ansible.builtin.package_facts: - - - name: Install the OpenSSH server - debug: - msg: "testing if {{ item }} installed" - failed_when: item not in ansible_facts['packages'] - loop: "{{ tripleo_sshd_packages }}" - - - name: Generate sshd host keys - shell: ls /etc/ssh/ssh_host_* - register: host_keys - failed_when: (host_keys.stdout | length) == 0 - - - name: Gather service facts - ansible.builtin.service_facts: - - - debug: - var: ansible_facts['services'] - - - name: Enable sshd - debug: - msg: "test if sshd enabled" - failed_when: ansible_facts['services']['sshd.service']['status'] != 'enabled' - - - name: Start sshd - debug: - msg: "test if sshd started" - failed_when: ansible_facts['services']['sshd.service']['state'] != 'running' diff --git a/tripleo_ansible/roles/tripleo_sshd/molecule/gssapi/converge.yml b/tripleo_ansible/roles/tripleo_sshd/molecule/gssapi/converge.yml deleted file mode 100644 index 7b2ceb791..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/molecule/gssapi/converge.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - name: tripleo_sshd - tripleo_sshd_gssapi_authentication: "yes" diff --git a/tripleo_ansible/roles/tripleo_sshd/molecule/gssapi/molecule.yml b/tripleo_ansible/roles/tripleo_sshd/molecule/gssapi/molecule.yml deleted file mode 100644 index ed8cbd7ce..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/molecule/gssapi/molecule.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -driver: - name: podman - -platforms: - - name: centos - hostname: centos - image: ${TRIPLEO_ANSIBLE_MOLECULE_IMAGE:-"ubi9/ubi-init"} - registry: - url: ${TRIPLEO_ANSIBLE_MOLECULE_REGISTRY:-"registry.access.redhat.com"} - dockerfile: ../default/Dockerfile.j2 - pkg_extras: python*setuptools systemd - command: "/sbin/init" - volumes: ${TRIPLEO_ANSIBLE_SSHD_MOLECULE_VOLUMES:-['/sys/fs/cgroup:/sys/fs/cgroup:rw','/etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro','/etc/pki/rpm-gpg:/etc/pki/rpm-gpg:O','/opt/yum.repos.d:/etc/yum.repos.d:O','/etc/dnf/vars:/etc/dnf/vars:O']} - privileged: true - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - ulimits: &ulimit - - host - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy diff --git a/tripleo_ansible/roles/tripleo_sshd/molecule/gssapi/verify.yml b/tripleo_ansible/roles/tripleo_sshd/molecule/gssapi/verify.yml deleted file mode 100644 index ba4f9de12..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/molecule/gssapi/verify.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Verify - hosts: all - tasks: - - name: Ensure we activated GSSAPI - lineinfile: - path: /etc/ssh/sshd_config - line: "GSSAPIAuthentication yes" - state: present - register: gssapi - failed_when: - - gssapi is changed diff --git a/tripleo_ansible/roles/tripleo_sshd/tasks/configure.yml b/tripleo_ansible/roles/tripleo_sshd/tasks/configure.yml deleted file mode 100644 index b245facb3..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/tasks/configure.yml +++ /dev/null @@ -1,90 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Import sshd load_vars tasks - import_tasks: load_vars.yml - -- name: Run sshd tasks as root - become: true - block: - - name: PasswordAuthentication notice - debug: - msg: >- - Notice - The option `tripleo_sshd_password_authentication` is set to - "{{ tripleo_sshd_password_authentication }}" but `PermitRootLogin` is - undefined. While this may be perfectly valid, the sshd_config options - should be reviewed to ensure general user access is functional and - meeting expectations. - when: - - tripleo_sshd_password_authentication != 'no' - - not ('PermitRootLogin' in tripleo_sshd_server_options) - - - name: PasswordAuthentication duplication notice - debug: - msg: >- - WARNING - The PasswordAuthentication has been configured in - `tripleo_sshd_server_options` but the values are different. - The `tripleo_sshd_password_authentication` value will be used. - when: - - ('PasswordAuthentication' in tripleo_sshd_server_options) - - tripleo_sshd_password_authentication != tripleo_sshd_server_options['PasswordAuthentication'] - - - name: Motd duplication notice - debug: - msg: >- - WARNING - The Banner or PrintMotd has been configured in - `tripleo_sshd_server_options`. These options may be ignored and - configured using values from `tripleo_sshd_banner_enabled` and - `tripleo_sshd_motd_enabled` - when: - - ('Banner' in tripleo_sshd_server_options or 'PrintMotd' in tripleo_sshd_server_options) - - - name: Configure the banner text - copy: - content: "{{ tripleo_sshd_banner_text }}" - dest: /etc/issue - when: - - tripleo_sshd_banner_enabled | bool - - - name: Configure the motd banner - copy: - content: "{{ tripleo_sshd_message_of_the_day }}" - dest: /etc/motd - when: - - tripleo_sshd_motd_enabled | bool - - - name: Update sshd configuration options from vars - set_fact: - tripleo_sshd_server_options: |- - {% set _ = tripleo_sshd_server_options.__setitem__('PasswordAuthentication', tripleo_sshd_password_authentication) %} - {% if tripleo_sshd_banner_enabled %} - {% set _ = tripleo_sshd_server_options.__setitem__('Banner', '/etc/issue') %} - {% endif %} - {% if tripleo_sshd_motd_enabled %} - {% set _ = tripleo_sshd_server_options.__setitem__('PrintMotd', 'yes') %} - {% endif %} - {{ tripleo_sshd_server_options }} - - - name: Adjust ssh server configuration - template: - dest: /etc/ssh/sshd_config - src: sshd_config_block.j2 - validate: '/usr/sbin/sshd -T -f %s' - register: _sshd_config_result - - - name: Set sshd config changed fact - set_fact: - _sshd_config_result_changed: _sshd_config_result.changed diff --git a/tripleo_ansible/roles/tripleo_sshd/tasks/install.yml b/tripleo_ansible/roles/tripleo_sshd/tasks/install.yml deleted file mode 100644 index b8d4db739..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/tasks/install.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Import sshd load_vars tasks - import_tasks: load_vars.yml - -- name: Run sshd tasks as root - become: true - block: - - name: Install the OpenSSH server - package: - name: "{{ tripleo_sshd_packages }}" - state: "{{ tripleo_sshd_package_state }}" - register: _sshd_install_result - - # NOTE(mwhahaha): we need this here because in order to validate our generated - # config, we need to ensure the host keys exist - - name: Generate sshd host keys - shell: ssh-keygen -A - when: - - _sshd_install_result.changed diff --git a/tripleo_ansible/roles/tripleo_sshd/tasks/load_vars.yml b/tripleo_ansible/roles/tripleo_sshd/tasks/load_vars.yml deleted file mode 100644 index 670598280..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/tasks/load_vars.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- - -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always diff --git a/tripleo_ansible/roles/tripleo_sshd/tasks/main.yml b/tripleo_ansible/roles/tripleo_sshd/tasks/main.yml deleted file mode 100644 index bb9708ce7..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/tasks/main.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Import sshd load_vars tasks - import_tasks: load_vars.yml - -- name: Import sshd install tasks - import_tasks: install.yml - -- name: Import sshd configure tasks - import_tasks: configure.yml - -- name: Import sshd run tasks - import_tasks: run.yml diff --git a/tripleo_ansible/roles/tripleo_sshd/tasks/run.yml b/tripleo_ansible/roles/tripleo_sshd/tasks/run.yml deleted file mode 100644 index 7470db32f..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/tasks/run.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Run sshd tasks as root - become: true - block: - - name: Enable sshd - systemd: - name: sshd - enabled: true - - - name: Start sshd - systemd: - name: sshd - state: started - - - name: Restart sshd due to config change - systemd: - name: sshd - state: reloaded - when: - - _sshd_config_result_changed | default(false) diff --git a/tripleo_ansible/roles/tripleo_sshd/templates/sshd_config_block.j2 b/tripleo_ansible/roles/tripleo_sshd/templates/sshd_config_block.j2 deleted file mode 100644 index f80e3f4e4..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/templates/sshd_config_block.j2 +++ /dev/null @@ -1,12 +0,0 @@ -## {{ ansible_managed }} - -{% for k, v in tripleo_sshd_server_options.items() %} -{% if (v is iterable) and (v is not string) %} -{% set vars = (v | unique) %} -{% for var in vars %} -{{ k }} {{ var }} -{% endfor %} -{% else %} -{{ k }} {{ v }} -{% endif %} -{% endfor %} diff --git a/tripleo_ansible/roles/tripleo_sshd/vars/main.yml b/tripleo_ansible/roles/tripleo_sshd/vars/main.yml deleted file mode 100644 index afe0c7122..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/vars/main.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -tripleo_sshd_banner_text: | - ****************************************************************** - * This system is for the use of authorized users only. Usage of * - * this system may be monitored and recorded by system personnel. * - * Anyone using this system expressly consents to such monitoring * - * and is advised that if such monitoring reveals possible * - * evidence of criminal activity, system personnel may provide * - * the evidence from such monitoring to law enforcement officials.* - ****************************************************************** - -tripleo_sshd_message_of_the_day: | - ALERT! You are entering into a secured area! - This service is restricted to authorized users only. diff --git a/tripleo_ansible/roles/tripleo_sshd/vars/redhat.yml b/tripleo_ansible/roles/tripleo_sshd/vars/redhat.yml deleted file mode 100644 index a1ff907d5..000000000 --- a/tripleo_ansible/roles/tripleo_sshd/vars/redhat.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -tripleo_sshd_packages: - - openssh-server diff --git a/tripleo_ansible/roles/tripleo_systemd_wrapper/defaults/main.yml b/tripleo_ansible/roles/tripleo_systemd_wrapper/defaults/main.yml deleted file mode 100644 index 1aa4d73fb..000000000 --- a/tripleo_ansible/roles/tripleo_systemd_wrapper/defaults/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_systemd_wrapper" -tripleo_systemd_wrapper_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_systemd_wrapper_container_cli: podman diff --git a/tripleo_ansible/roles/tripleo_systemd_wrapper/meta/main.yml b/tripleo_ansible/roles/tripleo_systemd_wrapper/meta/main.yml deleted file mode 100644 index df315cc45..000000000 --- a/tripleo_ansible/roles/tripleo_systemd_wrapper/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_systemd_wrapper - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_systemd_wrapper/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_systemd_wrapper/molecule/default/converge.yml deleted file mode 100644 index 08509ea59..000000000 --- a/tripleo_ansible/roles/tripleo_systemd_wrapper/molecule/default/converge.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - "tripleo_systemd_wrapper" - vars: - tripleo_systemd_wrapper_cmd: "/usr/sbin/dnsmasq -k" - tripleo_systemd_wrapper_config_bind_mount: "/var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro" - tripleo_systemd_wrapper_container_cli: podman - tripleo_systemd_wrapper_image_name: "quay.io/tripleomastercentos9/centos-binary-neutron-dhcp-agent:current-tripleo" - tripleo_systemd_wrapper_service_dir: /var/lib/neutron - tripleo_systemd_wrapper_service_kill_script: dnsmasq-kill - tripleo_systemd_wrapper_service_name: neutron-dnsmasq diff --git a/tripleo_ansible/roles/tripleo_systemd_wrapper/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_systemd_wrapper/molecule/default/molecule.yml deleted file mode 100644 index b8aa37228..000000000 --- a/tripleo_ansible/roles/tripleo_systemd_wrapper/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_systemd_wrapper/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_systemd_wrapper/molecule/default/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/tripleo_systemd_wrapper/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_systemd_wrapper/tasks/main.yml b/tripleo_ansible/roles/tripleo_systemd_wrapper/tasks/main.yml deleted file mode 100644 index 7a7e048a9..000000000 --- a/tripleo_ansible/roles/tripleo_systemd_wrapper/tasks/main.yml +++ /dev/null @@ -1,112 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_systemd_wrapper" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: "Ensure {{ tripleo_systemd_wrapper_service_dir }} exists" - become: true - file: - path: "{{ tripleo_systemd_wrapper_service_dir }}" - state: directory - setype: svirt_sandbox_file_t - selevel: s0 - -- name: "Ensure {{ tripleo_systemd_wrapper_service_dir }}/kill_scripts exists" - become: true - file: - path: "{{ tripleo_systemd_wrapper_service_dir }}/kill_scripts" - state: directory - setype: svirt_sandbox_file_t - selevel: s0 - when: tripleo_systemd_wrapper_service_kill_script is defined - -- name: "Ensure {{ tripleo_systemd_wrapper_service_dir }}/{{ tripleo_systemd_wrapper_service_name }} exists" - become: true - file: - path: "{{ tripleo_systemd_wrapper_service_dir }}/{{ tripleo_systemd_wrapper_service_name }}" - state: directory - setype: svirt_sandbox_file_t - selevel: s0 - mode: '4750' - -- name: "Create {{ tripleo_systemd_wrapper_service_name }} process command script" - become: true - template: - dest: "{{ tripleo_systemd_wrapper_service_dir }}/{{ tripleo_systemd_wrapper_service_name }}/command" - src: service_command.j2 - mode: '0750' - -# TODO(emilien) figure out secure permissions & ownership & labeling -- name: "Create {{ tripleo_systemd_wrapper_service_name }} wrapper script" - become: true - template: - dest: "{{ tripleo_systemd_wrapper_service_dir }}/{{ tripleo_systemd_wrapper_service_name }}/wrapper" - src: service_wrapper.j2 - mode: '0750' - -# TODO(emilien) figure out secure permissions & ownership & labeling -- name: "Create {{ tripleo_systemd_wrapper_service_name }} process sync script" - become: true - template: - dest: "{{ tripleo_systemd_wrapper_service_dir }}/{{ tripleo_systemd_wrapper_service_name }}/sync" - src: service_sync.j2 - mode: '0750' - -- name: "Create {{ tripleo_systemd_wrapper_service_name }} service kill script" - become: true - template: - dest: "{{ tripleo_systemd_wrapper_service_dir }}/kill_scripts/{{ tripleo_systemd_wrapper_service_kill_script }}" - src: service_kill.j2 - mode: '0755' - when: tripleo_systemd_wrapper_service_kill_script is defined - -- name: "Create {{ tripleo_systemd_wrapper_service_name }} systemd path file" - become: true - template: - dest: "/etc/systemd/system/{{ tripleo_systemd_wrapper_service_name }}.path" - src: service.path.j2 - mode: '0644' - -- name: "Create {{ tripleo_systemd_wrapper_service_name }} systemd service file" - become: true - template: - dest: "/etc/systemd/system/{{ tripleo_systemd_wrapper_service_name }}.service" - src: service.service.j2 - mode: '0644' - -- name: "Start {{ tripleo_systemd_wrapper_service_name }} path" - become: true - systemd: - name: "{{ tripleo_systemd_wrapper_service_name }}.path" - enabled: true - state: started - daemon_reload: true diff --git a/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service.path.j2 b/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service.path.j2 deleted file mode 100644 index 59676d05b..000000000 --- a/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service.path.j2 +++ /dev/null @@ -1,5 +0,0 @@ -[Path] -PathModified={{ tripleo_systemd_wrapper_service_dir }}/{{ tripleo_systemd_wrapper_service_name }}/processes-timestamp - -[Install] -WantedBy=multi-user.target diff --git a/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service.service.j2 b/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service.service.j2 deleted file mode 100644 index b6cbf43b8..000000000 --- a/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service.service.j2 +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Tripleo {{ tripleo_systemd_wrapper_service_name }} sync service - -[Service] -{% if tripleo_systemd_wrapper_debug %} -Environment=SYSTEMD_LOG_LEVEL=debug -{% endif %} -Type=oneshot -ExecStart={{ tripleo_systemd_wrapper_service_dir }}/{{ tripleo_systemd_wrapper_service_name }}/sync -User=root diff --git a/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service_command.j2 b/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service_command.j2 deleted file mode 100644 index 9cae163ea..000000000 --- a/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service_command.j2 +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash -# -# We wrap the command in a bash script so we can do complex logic -# to make the command dynamic based on the internals of the container. -# This is necessary for backwards compatibily when commands change their -# args based on version (I'm looking at you haproxy). -# -{{ tripleo_systemd_wrapper_cmd }} $@ diff --git a/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service_kill.j2 b/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service_kill.j2 deleted file mode 100644 index b06ff4828..000000000 --- a/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service_kill.j2 +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash -{% if tripleo_systemd_wrapper_debug|bool -%} -set -x -{% endif -%} -add_date() { - echo "$(date) $@" -} - -# Set up script logging for debugging purpose. -# It will be taken care of by logrotate since there is the .log -# suffix. -exec 3>&1 4>&2 -trap 'exec 2>&4 1>&3' 0 1 2 3 -exec 1>>/var/log/neutron/kill-script.log 2>&1 - -SIG=$1 -PID=$2 -NETNS=$(ip netns identify ${PID}) - -{% if tripleo_systemd_wrapper_container_cli == 'podman' %} -if [ "x${NETNS}" == "x" ]; then - CLI="podman" - SIG=9 -else - CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" -fi -{% elif tripleo_systemd_wrapper_container_cli == 'docker' %} -{% if tripleo_systemd_wrapper_docker_additional_sockets and tripleo_systemd_wrapper_docker_additional_sockets|length > 0-%} -export DOCKER_HOST=unix://{{ tripleo_systemd_wrapper_docker_additional_sockets[0] }} -{% endif -%} -CLI='docker' -{% else %} -CLI='echo noop' -{% endif %} - -kill_container() { - add_date "Stopping container $1 ($2)" - $CLI stop $2 - add_date "Deleting container $1 ($2)" - $CLI rm $2 -} - -signal_container() { - SIGNAL=$3 - if [ -z "$SIGNAL" ]; then - SIGNAL="HUP" - fi - add_date "Sending signal '$SIGNAL' to $1 ($2)" - $CLI kill --signal $SIGNAL $2 -} - -{% raw -%} -if [ -f /proc/$PID/cgroup ]; then - # Get container ID based on process cgroups - CT_ID=$(awk 'BEGIN {FS="[-.]"} /name=/{print $3}' /proc/$PID/cgroup) - CT_NAME=$($CLI inspect -f '{{.Name}}' $CT_ID) - - case $SIG in - HUP) - signal_container $CT_NAME $CT_ID - ;; - 9) - kill_container $CT_NAME $CT_ID - ;; - 15) - signal_container $CT_NAME $CT_ID 15 - ;; - *) - add_date "Unknown action ${SIG} for ${CT_NAME} ${CT_ID}" - exit 1 - ;; - esac - -else - add_date "No such PID: ${PID}" - exit 1 -fi -{% endraw %} diff --git a/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service_sync.j2 b/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service_sync.j2 deleted file mode 100644 index 322d42988..000000000 --- a/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service_sync.j2 +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env bash -{% if tripleo_systemd_wrapper_debug %} -set -x -{% endif %} - -function start_service { - local NETNS=$1 - shift - local NAME=$1 - shift - local CLI='{{ tripleo_systemd_wrapper_container_cli }}' - local CMD="{{ tripleo_systemd_wrapper_service_dir }}/{{ tripleo_systemd_wrapper_service_name }}/command" - local CONTAINER_CMD="ip netns exec ${NETNS} ${CMD}" - {% if tripleo_systemd_wrapper_container_cli == 'podman' %} - local LOGGING="--log-driver k8s-file --log-opt path=/var/log/containers/stdouts/${NAME}.log" - {% else %} - local LOGGING='' - {% endif %} - - $CLI stop $NAME &> /dev/null || true - $CLI rm -f $NAME &> /dev/null || true - $CLI run --detach \ - -v "{{ tripleo_systemd_wrapper_config_bind_mount }}" \ - -v "/run/netns:/run/netns:shared" \ - -v "{{ tripleo_systemd_wrapper_service_dir }}:{{ tripleo_systemd_wrapper_service_dir }}:z,shared" \ - -v "/dev/log:/dev/log" $LOGGING \ - --net host \ - --pid host \ - --privileged \ - -u root \ - --name $NAME \ - {{ tripleo_systemd_wrapper_image_name }} \ - $CONTAINER_CMD $@ -} - -jobs_file="{{ tripleo_systemd_wrapper_service_dir }}/{{ tripleo_systemd_wrapper_service_name }}/processes" -[ -s "$jobs_file" ] || exit 0 # nothing to do, no need for locking, just exit - -exec {lock_fd}>/var/lock/containers/{{ tripleo_systemd_wrapper_service_name }}-processes.lock || exit 1 -# In case service_wrapper script already locked the commands, we just wait for a 10 sec. -flock -w 10 "$lock_fd" || exit 1 - -IFS=$'\n' -for LINE in $(cat ${jobs_file}); do - NETNS=$(echo $LINE | awk '{ print $1 }') - CONTAINER_NAME="{{ tripleo_systemd_wrapper_service_name }}-${NETNS}" - CLI='{{ tripleo_systemd_wrapper_container_cli }}' - - # We do a filter to create a short list and then have to exact name match the results. The reason is that - # containers that partially match the filter will show up in the list. This is a little unlikely but there - # is nothing to prevent that. - start_container=yes - container_list=`$CLI ps --format={% raw %}"{{.Names}}"{% endraw %} --filter="name=$CONTAINER_NAME"` - for name in ${container_list}; - do - if [ "x$name" = "x$CONTAINER_NAME" ]; - then - start_container=no - break - fi - done - if [ "$start_container" = "yes" ]; - then - IFS=$' ' ARGS=$(echo $LINE | sed -e "s|$NETNS ||" | xargs) - start_service $NETNS $CONTAINER_NAME $ARGS - fi -done -# truncate the file so we don't start them again -:> "$jobs_file" - -flock -u "$lock_fd" diff --git a/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service_wrapper.j2 b/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service_wrapper.j2 deleted file mode 100644 index d6e03a19b..000000000 --- a/tripleo_ansible/roles/tripleo_systemd_wrapper/templates/service_wrapper.j2 +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env bash -{% if tripleo_systemd_wrapper_debug %} -set -x -{% endif %} - -ARGS="$@" -NETNS=$(ip netns identify) - -exec {lock_fd}>/var/lock/{{ tripleo_systemd_wrapper_service_name }}-processes.lock || exit 1 -# In case service_sync script already locked the commands, we just wait for a 10 sec. -flock -w 10 "$lock_fd" || exit 1 - -echo "$NETNS $ARGS" >> {{ tripleo_systemd_wrapper_service_dir }}/{{ tripleo_systemd_wrapper_service_name }}/processes -# only update the timestamp which fires systemd if there was an update -flock -u "$lock_fd" # prevents locking the processes file, while updating -date > {{ tripleo_systemd_wrapper_service_dir }}/{{ tripleo_systemd_wrapper_service_name }}/processes-timestamp diff --git a/tripleo_ansible/roles/tripleo_timemaster/defaults/main.yml b/tripleo_ansible/roles/tripleo_timemaster/defaults/main.yml deleted file mode 100644 index 9e5f543b6..000000000 --- a/tripleo_ansible/roles/tripleo_timemaster/defaults/main.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# All variables intended for modification should be placed in this file. -# All variables within this role should have a prefix of "tripleo_timemaster" - -tripleo_timemaster_role_action: all -tripleo_timemaster_manage_service: true -tripleo_timemaster_service_state: started - -tripleo_timemaster_global_server_settings: "{{ chrony_global_server_settings | default('iburst') }}" -tripleo_timemaster_ntp_servers: "{{ chrony_ntp_servers | default([]) }}" -tripleo_timemaster_ntp_pools: "{{ chrony_ntp_pools | default(['pool.ntp.org']) }}" -tripleo_timemaster_ntp_peers: "{{ chrony_ntp_peers | default([]) }}" -tripleo_timemaster_bind_addresses: "{{ chrony_bind_addresses | default(['127.0.0.1','::1']) }}" -tripleo_timemaster_acl_rules: "{{ chrony_acl_rules | default([]) }}" -tripleo_timemaster_extra_options: "{{ chrony_extra_options | default([]) }}" -tripleo_timemaster_makestep: "{{ chrony_makestep | default('1.0 3') }}" -tripleo_timemaster_rtc_settings: "{{ chrony_rtc_settings | default('rtcsync') }}" -tripleo_timemaster_ptpinterfaces: "{{ ptp_interfaces | default('') }}" -tripleo_timemaster_ptptransport: "{{ ptp_transport | default('') }}" diff --git a/tripleo_ansible/roles/tripleo_timemaster/meta/main.yml b/tripleo_ansible/roles/tripleo_timemaster/meta/main.yml deleted file mode 100644 index cc9a8d8e3..000000000 --- a/tripleo_ansible/roles/tripleo_timemaster/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_timemaster - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_timemaster/molecule/defaults/converge.yml b/tripleo_ansible/roles/tripleo_timemaster/molecule/defaults/converge.yml deleted file mode 100644 index 76f5a4677..000000000 --- a/tripleo_ansible/roles/tripleo_timemaster/molecule/defaults/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_timemaster" diff --git a/tripleo_ansible/roles/tripleo_timemaster/molecule/defaults/molecule.yml b/tripleo_ansible/roles/tripleo_timemaster/molecule/defaults/molecule.yml deleted file mode 100644 index ee73541e4..000000000 --- a/tripleo_ansible/roles/tripleo_timemaster/molecule/defaults/molecule.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH:-/usr/share/ansible/roles}:${HOME}/zuul-jobs/roles" - ANSIBLE_MODULE_UTILS: "${ANSIBLE_MODULE_UTILS:-/tripleo_ansible/ansible_plugins/module_utils}" - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" - ANSIBLE_FILTER_PLUGINS: "${ANSIBLE_FILTER_PLUGINS:-/usr/share/ansible/plugins/filter}" - ANSIBLE_ACTION_PLUGINS: "${ANSIBLE_ACTION_PLUGINS:-/usr/share/ansible/plugins/action}" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_timemaster/molecule/defaults/prepare.yml b/tripleo_ansible/roles/tripleo_timemaster/molecule/defaults/prepare.yml deleted file mode 100644 index b17f36011..000000000 --- a/tripleo_ansible/roles/tripleo_timemaster/molecule/defaults/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_timemaster/tasks/config.yml b/tripleo_ansible/roles/tripleo_timemaster/tasks/config.yml deleted file mode 100644 index 4d657190d..000000000 --- a/tripleo_ansible/roles/tripleo_timemaster/tasks/config.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Disable chronyd - systemd: - enabled: false - name: chronyd - state: stopped - when: - - tripleo_timemaster_manage_service|bool - -- name: Disable ptp4l - systemd: - enabled: false - name: ptp4l - state: stopped - when: - - tripleo_timemaster_manage_service|bool - -- name: Disable phc2sys - systemd: - enabled: false - name: phc2sys - state: stopped - when: - - tripleo_timemaster_manage_service|bool - -- name: Install timemaster configuration file - template: - src: timemaster.conf.j2 - dest: "{{ tripleo_timemaster_config_file_location }}" - owner: root - group: root - mode: 0644 - -- name: Restart timemaster with config - systemd: - enabled: "{{ (tripleo_timemaster_service_state|default('started') in ['running', 'started']) |bool }}" - name: "{{ tripleo_timemaster_service_name }}" - state: restarted - when: tripleo_timemaster_manage_service|bool diff --git a/tripleo_ansible/roles/tripleo_timemaster/tasks/main.yml b/tripleo_ansible/roles/tripleo_timemaster/tasks/main.yml deleted file mode 100644 index 68db6491a..000000000 --- a/tripleo_ansible/roles/tripleo_timemaster/tasks/main.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "tripleo_timemaster" will search for and load any operating system variable file -# found within the "vars/" path. If no OS files are found the task will skip. - -- name: Load distro-specific variables - include_vars: "{{ item }}" - with_first_found: - - "{{ ansible_facts['distribution'] }}.yml" - - "{{ ansible_facts['os_family'] }}.yml" - - default.yml - -- name: Configure timemaster - include_tasks: config.yml - when: tripleo_timemaster_role_action in ['all', 'config'] diff --git a/tripleo_ansible/roles/tripleo_timemaster/templates/timemaster.conf.j2 b/tripleo_ansible/roles/tripleo_timemaster/templates/timemaster.conf.j2 deleted file mode 100644 index 97eaf2ea5..000000000 --- a/tripleo_ansible/roles/tripleo_timemaster/templates/timemaster.conf.j2 +++ /dev/null @@ -1,90 +0,0 @@ -# Do not manually edit this file. -# Managed by ansible role tripleo_timemaster - -{% set ptp_ifaces = tripleo_timemaster_ptpinterfaces.split(',') %} -{% set ptp_dict = {} %} -{% for ptp in ptp_ifaces %} -{% if ptp.split(':')[0] not in ptp_dict %} -{% set _ = ptp_dict.update({ptp.split(':')[0]: []}) %} -{% endif %} -{% set _ = ptp_dict[ptp.split(':')[0]].append(ptp.split(':')[1]) %} -{% endfor %} -{% for domain, nic_list in ptp_dict.items() %} -[ptp_domain {{ domain }}] -interfaces {% for nic in nic_list %} -{{ nic }}{% if not loop.last %} {% endif %} -{% endfor %} - -{% endfor %} - -[timemaster] -ntp_program chronyd - -[chrony.conf] -#include /etc/chrony.conf -{% for server in tripleo_timemaster_ntp_servers -%} -{% if server is mapping %} -server {{ server.server_host }} {{ server.server_settings }} -{% else %} -server {{ server }} {{ tripleo_timemaster_global_server_settings|default('') }} -{% endif %} -{% endfor -%} - -{% for pool in tripleo_timemaster_ntp_pools -%} -{% if pool is mapping %} -pool {{ pool.pool_host }} {{ pool.pool_settings }} -{% else %} -pool {{ pool }} {{ tripleo_timemaster_global_pool_settings|default('') }} -{% endif %} -{% endfor -%} - -{% for peer in tripleo_timemaster_ntp_peers -%} -{% if peer is mapping %} -peer {{ peer.peer_host }} {{ peer.peer_settings }} -{% else %} -peer {{ peer }} {{ tripleo_timemaster_global_peer_settings|default('') }} -{% endif %} -{% endfor -%} - -{% if tripleo_timemaster_bind_addresses is defined and tripleo_timemaster_bind_addresses|length > 0 -%} -{% for bind_addr in tripleo_timemaster_bind_addresses %} -bindcmdaddress {{ bind_addr }} -{% endfor %} -{% endif -%} - -{% if tripleo_timemaster_acl_rules is defined and tripleo_timemaster_acl_rules|length > 0 -%} -{{ tripleo_timemaster_acl_rules|join("\n") }} -{% endif -%} - -{% if tripleo_timemaster_rtc_settings is defined -%} -{{ tripleo_timemaster_rtc_settings }} -{% endif -%} - -{% if tripleo_timemaster_makestep is defined -%} -makestep {{ tripleo_timemaster_makestep }}{{ '\n' }} -{% endif -%} - -{% if tripleo_timemaster_extra_options -%} -{{ tripleo_timemaster_extra_options|join("\n") }} -{% endif -%} - -[ntp.conf] -includefile /etc/ntp.conf - -[ptp4l.conf] -#includefile /etc/ptp4l.conf -network_transport {{ tripleo_timemaster_ptptransport }} - -[chronyd] -path /usr/sbin/chronyd - -[ntpd] -path /usr/sbin/ntpd -options -u ntp:ntp -g - -[phc2sys] -path /usr/sbin/phc2sys -#options -w - -[ptp4l] -path /usr/sbin/ptp4l diff --git a/tripleo_ansible/roles/tripleo_timemaster/vars/RedHat.yml b/tripleo_ansible/roles/tripleo_timemaster/vars/RedHat.yml deleted file mode 100644 index 441931932..000000000 --- a/tripleo_ansible/roles/tripleo_timemaster/vars/RedHat.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "tripleo_timemaster" - -tripleo_timemaster_package_name: linuxptp -tripleo_timemaster_service_name: timemaster -tripleo_timemaster_config_file_location: /etc/timemaster.conf diff --git a/tripleo_ansible/roles/tripleo_timezone/defaults/main.yml b/tripleo_ansible/roles/tripleo_timezone/defaults/main.yml deleted file mode 100644 index d10c41fe9..000000000 --- a/tripleo_ansible/roles/tripleo_timezone/defaults/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -tripleo_timezone: 'UTC' diff --git a/tripleo_ansible/roles/tripleo_timezone/meta/main.yml b/tripleo_ansible/roles/tripleo_timezone/meta/main.yml deleted file mode 100644 index 14cb00373..000000000 --- a/tripleo_ansible/roles/tripleo_timezone/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_timezone - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_timezone/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_timezone/molecule/default/converge.yml deleted file mode 100644 index 2cb438735..000000000 --- a/tripleo_ansible/roles/tripleo_timezone/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_timezone" diff --git a/tripleo_ansible/roles/tripleo_timezone/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_timezone/molecule/default/molecule.yml deleted file mode 100644 index b8aa37228..000000000 --- a/tripleo_ansible/roles/tripleo_timezone/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_timezone/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_timezone/molecule/default/prepare.yml deleted file mode 100644 index 601e5c373..000000000 --- a/tripleo_ansible/roles/tripleo_timezone/molecule/default/prepare.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - test_deps_extra_packages: - - cronie - - rsyslog - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_timezone/tasks/configure.yml b/tripleo_ansible/roles/tripleo_timezone/tasks/configure.yml deleted file mode 100644 index 1f5c74acd..000000000 --- a/tripleo_ansible/roles/tripleo_timezone/tasks/configure.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Set timezone - timezone: - name: "{{ tripleo_timezone }}" - register: _timezone_result - -- name: Set fact for timezone result - set_fact: - _timezone_result_changed: _timezone_result.changed diff --git a/tripleo_ansible/roles/tripleo_timezone/tasks/main.yml b/tripleo_ansible/roles/tripleo_timezone/tasks/main.yml deleted file mode 100644 index 3180b6e3e..000000000 --- a/tripleo_ansible/roles/tripleo_timezone/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Configure timezone - import_tasks: configure.yml - -- name: Run timezone - import_tasks: run.yml diff --git a/tripleo_ansible/roles/tripleo_timezone/tasks/run.yml b/tripleo_ansible/roles/tripleo_timezone/tasks/run.yml deleted file mode 100644 index 88bbbfb4f..000000000 --- a/tripleo_ansible/roles/tripleo_timezone/tasks/run.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Restart time services - systemd: - name: "{{ time_svc }}" - state: restarted - loop_control: - loop_var: time_svc - loop: - - rsyslog - - crond - when: - - _timezone_result_changed|default(false) diff --git a/tripleo_ansible/roles/tripleo_transfer/defaults/main.yml b/tripleo_ansible/roles/tripleo_transfer/defaults/main.yml deleted file mode 100644 index 5b659782d..000000000 --- a/tripleo_ansible/roles/tripleo_transfer/defaults/main.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - - -# Required variables: -# * `tripleo_transfer_src_host` -- the inventory name of the source host -# * `tripleo_transfer_src_dir` -- directory on the source host to transfer from -# * `tripleo_transfer_dest_host` -- the inventory name of the destination host -# * `tripleo_transfer_dest_dir` -- directory on the destination host to transfer to -tripleo_transfer_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" -tripleo_transfer_src_become: true -tripleo_transfer_dest_become: true -tripleo_transfer_flag_file: ~ -# tripleo_transfer_key_location: location of the private key used to connect -# from src host to dest host. -tripleo_transfer_key_location: "~/transfer_key" -# tripleo_transfer_cleanup_keys: clean up the keypair from the source host -# and remove public key from destination host when true. -tripleo_transfer_cleanup_keys: true -# tripleo_transfer_exclude: a list of patterns to selectively exclude -# some files from the transfer to the destination host. -tripleo_transfer_exclude: [] -# tripleo_transfer_include: a list of patterns to selectively include -# some files from the transfer to the destination host. Files in this list -# are not filtered out with tripleo_transfer_exclude. -tripleo_transfer_include: [] -# tripleo_transfer_sync_options: override default transfer options -tripleo_transfer_sync_options: - --delay-updates - -F - --ignore-times - --compress - --archive - --delete diff --git a/tripleo_ansible/roles/tripleo_transfer/meta/main.yml b/tripleo_ansible/roles/tripleo_transfer/meta/main.yml deleted file mode 100644 index b3fa22ceb..000000000 --- a/tripleo_ansible/roles/tripleo_transfer/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_transfer - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_transfer/molecule/default/cleanup.yml b/tripleo_ansible/roles/tripleo_transfer/molecule/default/cleanup.yml deleted file mode 100644 index f499fd53f..000000000 --- a/tripleo_ansible/roles/tripleo_transfer/molecule/default/cleanup.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Cleanup - hosts: localhost - connection: local - gather_facts: false - any_errors_fatal: true - tasks: - - name: Remove test files - file: - state: absent - path: "{{ item }}" - loop: - - "{{ test_src_dir }}" - - "{{ test_dst_dir }}" - - "{{ test2_src_dir }}" - - "{{ test2_dst_dir }}" diff --git a/tripleo_ansible/roles/tripleo_transfer/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_transfer/molecule/default/converge.yml deleted file mode 100644 index 795bca55c..000000000 --- a/tripleo_ansible/roles/tripleo_transfer/molecule/default/converge.yml +++ /dev/null @@ -1,83 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Collect facts - hosts: all - gather_facts: false - any_errors_fatal: true - tasks: - - name: Gather a minimal set of facts - setup: - gather_subset: '!all,min' - -- name: Converge - hosts: localhost - connection: local - any_errors_fatal: true - tasks: - - name: Install openssl for file creation - package: - name: openssl - state: present - become: true - - - name: Create test directories - file: - state: directory - path: "{{ item }}" - loop: - - "{{ test_src_dir }}" - - "{{ test_dst_dir }}" - - "{{ test2_src_dir }}" - - "{{ test2_dst_dir }}" - - - name: Create 1GB src test files with random content - shell: >- - openssl rand -out {{ item }} -base64 $(( 2**30 * 3/4 )) - args: - chdir: "{{ test_src_dir }}" - creates: "{{ item }}" - loop: "{{ test_src_files }}" - - - name: Create empty dst test files with random content - file: - path: "{{ test_dst_dir }}/{{ item }}" - state: touch - loop: "{{ test_dst_files }}" - - - include_role: - name: "tripleo_transfer" - vars: - tripleo_transfer_src_host: controller2 - tripleo_transfer_src_dir: "{{ test_src_dir }}" - tripleo_transfer_dest_host: controller1 - tripleo_transfer_dest_dir: "{{ test_dst_dir }}" - - - name: Create empty src test files - file: - state: touch - path: "{{ test2_src_dir }}/{{ item }}" - loop: "{{ test2_src_files + test2_exclude_src_files }}" - - - include_role: - name: "tripleo_transfer" - vars: - tripleo_transfer_src_host: controller2 - tripleo_transfer_src_dir: "{{ test2_src_dir }}" - tripleo_transfer_dest_host: controller1 - tripleo_transfer_dest_dir: "{{ test2_dst_dir }}" - tripleo_transfer_exclude: "{{ test2_exclude_pattern }}" - tripleo_transfer_include: "{{ test2_include_pattern }}" diff --git a/tripleo_ansible/roles/tripleo_transfer/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_transfer/molecule/default/molecule.yml deleted file mode 100644 index 7f8d30991..000000000 --- a/tripleo_ansible/roles/tripleo_transfer/molecule/default/molecule.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -platforms: - - name: controller1 - - name: controller2 - -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - controller1: - ansible_host: 127.0.0.2 - controller2: - ansible_host: 127.0.0.3 - vars: - test_src_dir: "/tmp/src_files" - test_src_files: - - testfile1 - - testfile2 - - testfile3 - test_dst_dir: "/tmp/dst_files" - test_dst_files: - - testfile4 - - testfile5 - - testfile6 - test2_src_dir: "/tmp/src_files_2" - test2_dst_dir: "/tmp/dst_files_2" - test2_src_files: - - transferred - test2_exclude_src_files: - - skip1 - - skip2 - - donotcopy - test2_include_pattern: - - transferred - test2_exclude_pattern: - - 'skip*' - - donotcopy - - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - cleanup - - converge - - verify - - cleanup - -verifier: - name: ansible diff --git a/tripleo_ansible/roles/tripleo_transfer/molecule/default/verify.yml b/tripleo_ansible/roles/tripleo_transfer/molecule/default/verify.yml deleted file mode 100644 index 1a4e99ae7..000000000 --- a/tripleo_ansible/roles/tripleo_transfer/molecule/default/verify.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Verify - hosts: localhost - connection: local - any_errors_fatal: true - tasks: - - name: Collect file system data - find: - paths: - - "{{ test_src_dir }}" - - "{{ test_dst_dir }}" - - "{{ test2_src_dir }}" - - "{{ test2_dst_dir }}" - get_checksum: true - recurse: true - register: _fs_data - - - name: Verify that the src files copied to the dst - assert: - that: - - _fs_data | json_query(srcfilequery) == _fs_data | json_query(dstfilequery) - vars: - srcfilequery: files[?path =='{{ test_src_dir }}/{{ item }}'].checksum - dstfilequery: files[?path =='{{ test_dst_dir }}/{{ item }}'].checksum - loop: "{{ test_src_files }}" - - - set_fact: - result_file_list: "{{ _fs_data | json_query('files[*].path') }}" - test_dst_files: "{{ test_dst_files | map('regex_replace', '(.*)', test_dst_dir ~ '/\\1') }}" - test2_excluded_files: "{{ test2_exclude_src_files | map('regex_replace', '(.*)', test2_dst_dir ~ '/\\1') }}" - - - name: Verify that the dst file are not there any more - assert: - that: - - test_dst_files is not subset(result_file_list) - - - name: Verify that files excluded from a transfer are not copied - assert: - that: - - test2_excluded_files is not subset(result_file_list) - - - name: Verify that the transfer with exclude patterns did work - assert: - that: - - _fs_data | json_query(srcfilequery) == _fs_data | json_query(dstfilequery) - vars: - srcfilequery: files[?path =='{{ test2_src_dir }}/{{ item }}'].checksum - dstfilequery: files[?path =='{{ test2_dst_dir }}/{{ item }}'].checksum - loop: "{{ test2_src_files }}" diff --git a/tripleo_ansible/roles/tripleo_transfer/tasks/flag.yml b/tripleo_ansible/roles/tripleo_transfer/tasks/flag.yml deleted file mode 100644 index 71dbaf325..000000000 --- a/tripleo_ansible/roles/tripleo_transfer/tasks/flag.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: check flag file existence in destination host - stat: - path: "{{ tripleo_transfer_flag_file }}" - register: tripleo_transfer_flag_stat - -- name: fail if flag file exists - fail: - msg: > - Data transfer to '{{ tripleo_transfer_dest_dir }}' was prevented - by flag file existence. This means the transfer was attempted - before and another one would overwrite the data. If this is - desired, remove the flag file at '{{ tripleo_transfer_flag_file }}' - and re-run the data transfer. - when: - - tripleo_transfer_flag_stat.stat.exists - -- name: ensure directory for flag file exists - file: - path: "{{ tripleo_transfer_flag_file|dirname }}" - state: directory - -- name: create the flag file - file: - path: "{{ tripleo_transfer_flag_file }}" - state: touch diff --git a/tripleo_ansible/roles/tripleo_transfer/tasks/main.yml b/tripleo_ansible/roles/tripleo_transfer/tasks/main.yml deleted file mode 100644 index 9950a4bbb..000000000 --- a/tripleo_ansible/roles/tripleo_transfer/tasks/main.yml +++ /dev/null @@ -1,115 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# Note: -# This role is used in a playbook that typically targets the undercloud -# and may target other hosts, so to ensure that it executes against the -# right src and dest it uses delegation throughout. - -- name: tripleo_transfer tasks - run_once: true - block: - - name: install requirements in src and dest hosts - become: true - package: - name: - - rsync - - openssh-clients - state: present - delegate_to: "{{ item }}" - loop: - - "{{ tripleo_transfer_src_host }}" - - "{{ tripleo_transfer_dest_host }}" - - - name: generate ssh key-pair in source host - shell: "ssh-keygen -t rsa -q -N '' -f {{ tripleo_transfer_key_location }}" - args: - creates: "{{ tripleo_transfer_key_location }}" - delegate_to: "{{ tripleo_transfer_src_host }}" - become: "{{ tripleo_transfer_src_become }}" - register: keypair_generation - - - name: register public key - command: "cat {{ tripleo_transfer_key_location }}.pub" - delegate_to: "{{ tripleo_transfer_src_host }}" - become: "{{ tripleo_transfer_src_become }}" - register: keypair_gen - when: keypair_generation is succeeded - - - name: set authorized-keys in destination host - authorized_key: - comment: "Added by tripleo-transfer" - user: "{{ ansible_user|default(ansible_ssh_user|default(hostvars[tripleo_transfer_dest_host].ansible_user_id)) }}" - state: present - key: "{{ keypair_gen.stdout }}" - delegate_to: "{{ tripleo_transfer_dest_host }}" - when: keypair_generation is succeeded - - - import_tasks: flag.yml - when: - - tripleo_transfer_flag_file != None - - tripleo_transfer_flag_file|length > 0 - become: "{{ tripleo_transfer_dest_become }}" - delegate_to: "{{ tripleo_transfer_dest_host }}" - - - name: synchronize both directories - vars: - hostvars_dest_host_ip: >- - {{ hostvars[tripleo_transfer_dest_host].ansible_host | - default(hostvars[tripleo_transfer_dest_host].inventory_hostname) }} - tripleo_transfer_dest_user: >- - {{ hostvars[tripleo_transfer_dest_host].ansible_user | - default(hostvars[tripleo_transfer_dest_host].ansible_ssh_user | - default(hostvars[tripleo_transfer_dest_host].ansible_user_id)) }} - tripleo_transfer_include_parameters: >- - {{ tripleo_transfer_include is string | - ternary([tripleo_transfer_include], tripleo_transfer_include) | - map('regex_replace', '^(.*)$', "--include='\1'") | join(' ') }} - tripleo_transfer_exclude_parameters: >- - {{ tripleo_transfer_exclude is string | - ternary([tripleo_transfer_exclude], tripleo_transfer_exclude) | - map('regex_replace', '^(.*)$', "--exclude='\1'") | join(' ') }} - shell: >- - /usr/bin/rsync - -v - {{ tripleo_transfer_sync_options }} - {{ tripleo_transfer_include_parameters }} - {{ tripleo_transfer_exclude_parameters }} - --rsync-path='sudo rsync' - --rsh='ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i {{ tripleo_transfer_key_location }}' - {{ tripleo_transfer_src_dir_safe }} - {{ tripleo_transfer_dest_user }}@{{ hostvars_dest_host_ip }}:{{ tripleo_transfer_dest_dir_safe }} - become: "{{ tripleo_transfer_src_become }}" - delegate_to: "{{ tripleo_transfer_src_host }}" - always: - - name: clean up keys in source host - file: - path: "{{ item }}" - state: absent - delegate_to: "{{ tripleo_transfer_src_host }}" - become: "{{ tripleo_transfer_src_become }}" - loop: - - "{{ tripleo_transfer_key_location }}" - - "{{ tripleo_transfer_key_location }}.pub" - - - name: remove public key from authorized keys in destination host - lineinfile: - path: "~/.ssh/authorized_keys" - state: absent - regexp: '.*Added by tripleo-transfer.*$' - delegate_to: "{{ tripleo_transfer_dest_host }}" - when: tripleo_transfer_cleanup_keys | bool diff --git a/tripleo_ansible/roles/tripleo_transfer/vars/main.yml b/tripleo_ansible/roles/tripleo_transfer/vars/main.yml deleted file mode 100644 index dd498bc6d..000000000 --- a/tripleo_ansible/roles/tripleo_transfer/vars/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for internal use should be placed in this file. - - -# make sure we have a trailing forward slash in the src, otherwise rsync creates extra dir -tripleo_transfer_src_dir_safe: "{{ tripleo_transfer_src_dir }}/" - -# make sure we do not have a trailing forward slash in the dest -tripleo_transfer_dest_dir_safe: "{{ tripleo_transfer_dest_dir | regex_replace('\\/$', '') }}" diff --git a/tripleo_ansible/roles/tripleo_unbound/defaults/main.yml b/tripleo_ansible/roles/tripleo_unbound/defaults/main.yml deleted file mode 100644 index e7ca4dfb6..000000000 --- a/tripleo_ansible/roles/tripleo_unbound/defaults/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "tripleo_unbound" -tripleo_unbound_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -tripleo_unbound_hide_sensitive_logs: true - -tripleo_unbound_config_basedir: "/var/lib/config-data/ansible-generated/unbound" -tripleo_unbound_allowed_cidrs: [] -tripleo_unbound_log_queries: false -tripleo_unbound_security_harden: true -tripleo_unbound_forward_resolvers: [] -tripleo_external_bind_servers: [] -tripleo_unbound_allow_recursion: true -tripleo_unbound_forward_fallback: true diff --git a/tripleo_ansible/roles/tripleo_unbound/meta/main.yml b/tripleo_ansible/roles/tripleo_unbound/meta/main.yml deleted file mode 100644 index 8b9751be9..000000000 --- a/tripleo_ansible/roles/tripleo_unbound/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_unbound - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_unbound/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_unbound/molecule/default/converge.yml deleted file mode 100644 index fefe69cb5..000000000 --- a/tripleo_ansible/roles/tripleo_unbound/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_unbound" diff --git a/tripleo_ansible/roles/tripleo_unbound/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_unbound/molecule/default/molecule.yml deleted file mode 100644 index 20d7e2005..000000000 --- a/tripleo_ansible/roles/tripleo_unbound/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_unbound/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_unbound/molecule/default/prepare.yml deleted file mode 100644 index 037d015f5..000000000 --- a/tripleo_ansible/roles/tripleo_unbound/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_unbound/tasks/collocated_bind.yml b/tripleo_ansible/roles/tripleo_unbound/tasks/collocated_bind.yml deleted file mode 100644 index cbeb8ed69..000000000 --- a/tripleo_ansible/roles/tripleo_unbound/tasks/collocated_bind.yml +++ /dev/null @@ -1,91 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Find the interface for the public API network - tripleo_findif_for_ip: - ip_address: "{{ lookup('vars', tripleo_unbound_bind_network + '_ip') }}" - register: - _public_api_interface - -# Using ifup-local to ensure the IP address is always set follows a pattern used -# for resetting VF counts used in the SR-IOV support. The file shouldn't be -# wiped clean because it may be being used for other things (e.g. SR-IOV) -- name: create ifup-local if it doesn't exist - become: true - lineinfile: - create: true - path: "/sbin/ifup-local" - state: present - line: "#!/bin/bash" - insertbefore: BOF - mode: 0755 - -# The following two blocks set the IP on the interface and add a line to -# ifup-local to make sure the IP persists through reboots or ifup/ifdown -# cycles. The comment at the end of the line in ifup-local serves as an anchor -# to the regexp parameter to lineinfile. These will have to be modified when -# moving to NetworkManager only environments. -- name: If specified, have Unbound listen on a different IP (version 4) - when: - - tripleo_unbound_listen_interfaces[0]|ipv4 - - (_public_api_interface.interface is defined) and (_public_api_interface.interface|length > 0) - become: true - block: - - name: Check if the address is already on the device. - shell: "ip -o addr show dev {{ _public_api_interface.interface }} | grep {{ tripleo_unbound_listen_interfaces[0] }}" - failed_when: false - register: - _current_addr_search - - - name: Set the unbound additional IPv4 address on the required device. - command: "ip addr add {{ tripleo_unbound_listen_interfaces[0] }}/32 dev {{ _public_api_interface.interface }}" - when: - _current_addr_search.rc == 1 - - - name: Add line to ifup-local to make sure unbound's listen IPv4 address is set on restart - become: true - lineinfile: - path: "/sbin/ifup-local" - line: '[ "{{ _public_api_interface.interface }}" == "$1" ] && ip addr add {{ tripleo_unbound_listen_interfaces[0] }}/32 dev {{ _public_api_interface.interface }} # collocated_unbound_bind' - regexp: 'collocated_unbound_bind' - state: present - - -- name: If specified, have Unbound listen on a different IP (version 6) - when: - - tripleo_unbound_listen_interfaces[0]|ipv6 - - (_public_api_interface.interface is defined) and (_public_api_interface.interface|length > 0) - become: true - block: - - name: Check if the address is already on the device. - shell: "ip -o addr show dev {{ _public_api_interface.interface }} | grep {{ tripleo_unbound_listen_interfaces[0] }}" - failed_when: false - register: - _current_addr_search - - - name: Set the unbound additional IPv6 address on the required device. - command: "ip addr add {{ tripleo_unbound_listen_interfaces[0] }}/128 dev {{ _public_api_interface.interface }}" - when: - _current_addr_search.rc == 1 - - - - name: Add line to ifup-local to make sure unbound's listen IPv6 address is set on restart - become: true - lineinfile: - path: "/sbin/ifup-local" - line: '[ "{{ _public_api_interface.interface }}" == "$1" ] && ip addr add {{ tripleo_unbound_listen_interfaces[0] }}/128 dev {{ _public_api_interface.interface }} # collocated_unbound_bind' - regexp: 'collocated_unbound_bind' - state: present diff --git a/tripleo_ansible/roles/tripleo_unbound/tasks/main.yml b/tripleo_ansible/roles/tripleo_unbound/tasks/main.yml deleted file mode 100644 index 83d924e11..000000000 --- a/tripleo_ansible/roles/tripleo_unbound/tasks/main.yml +++ /dev/null @@ -1,91 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Gather SELinux fact if needed - when: - - ansible_facts.selinux is undefined - setup: - gather_subset: - - "!all" - - "!min" - - "selinux" - -- name: create fcontext entry for unbound config content - when: - - ansible_facts.selinux.status == "enabled" - sefcontext: - target: "{{ tripleo_unbound_config_basedir }}(/.*)?" - setype: container_file_t - selevel: s0 - state: present - -- name: create directory {{ tripleo_unbound_config_basedir }} - become: true - ansible.builtin.file: - path: "{{ tripleo_unbound_config_basedir }}" - recurse: true - state: directory - selevel: s0 - setype: container_file_t - -- name: Create the base TripleO Unbound configuration file - become: true - ansible.builtin.template: - src: tripleo-base-unbound.conf.j2 - dest: "{{ tripleo_unbound_config_basedir }}/tripleo-base-unbound.conf" - mode: '0640' - selevel: s0 - setype: container_file_t - register: _unbound_config_result - -- name: Create the TripleO Unbound forwarders configuration file - become: true - ansible.builtin.template: - src: tripleo-forwarder-unbound.conf.j2 - dest: "{{ tripleo_unbound_config_basedir }}/tripleo-forwarder-unbound.conf" - mode: '0640' - selevel: s0 - setype: container_file_t - when: - - tripleo_unbound_forward_resolvers is defined and ( tripleo_unbound_forward_resolvers | length ) > 0 - register: _unbound_fwd_config_result - -- name: Remove the TripleO Unbound forwarders configuration if no forwarders are configured - become: true - ansible.builtin.file: - path: "{{ tripleo_unbound_config_basedir }}/tripleo-forwarder-unbound.conf" - state: absent - when: - - tripleo_unbound_forward_resolvers is not defined or ( tripleo_unbound_forward_resolvers | length ) == 0 - register: _unbound_fwd_config_result - -- name: Restart Unbound - when: - - _unbound_config_result.changed or _unbound_fwd_config_result.changed - block: - - name: check if tripleo_unbound systemd service is active - become: true - shell: systemctl is-active --quiet tripleo_unbound - failed_when: false - register: unbound_active_service - - - name: Restart the Unbound container - become: true - systemd: - name: tripleo_unbound - state: restarted - when: - - unbound_active_service.rc == 0 diff --git a/tripleo_ansible/roles/tripleo_unbound/templates/tripleo-base-unbound.conf.j2 b/tripleo_ansible/roles/tripleo_unbound/templates/tripleo-base-unbound.conf.j2 deleted file mode 100644 index 37bb81085..000000000 --- a/tripleo_ansible/roles/tripleo_unbound/templates/tripleo-base-unbound.conf.j2 +++ /dev/null @@ -1,91 +0,0 @@ -# {{ ansible_managed }} -{# -This template is for the TripleO base Unbound configuration file. - -No service specific settings should be made in this file. - -It will be placed in the /etc/unbound/conf.d directory and will override the -configuration settings provided in the base Unbound package from the -distribution. -#} -# -# These settings are made by TripleO, do not modify directly. -# The settings in this file will override the package provided settings. -# - -{% import 'unbound_build_vars.j2' as unbound_vars with context %} - -server: - -{# The interface unbound should listen on. x.x.x.x x::x #} -{% for interface in unbound_vars.tripleo_unbound_listen_ips %} - interface: {{ interface }} -{% endfor %} -{# We are in a container, stay in the foreground #} - do-daemonize: no - -{# -Define CIDRs that are allowed to use this resolver. -Note: This is a security feature. Do not open the resolver to the world or - it can be used for DDoS amplification attacks. -#} -# Allow cloud internal subnet CIDRs. -{% for cidr in unbound_vars.tripleo_unbound_allowed_internal_cidrs %} - access-control: {{ cidr }} allow -{% endfor %} - -# Allow cloud external subnet CIDRs. -{% for cidr in unbound_vars.tripleo_unbound_allowed_external_cidrs %} - access-control: {{ cidr }} allow -{% endfor %} - -# Allow deployment configured CIDRs. -{% for cidr in tripleo_unbound_allowed_cidrs %} - access-control: {{ cidr }} allow -{% endfor %} - -{# Set the container log file name and location. #} - logfile: /var/log/unbound/unbound.log - -{# -Only log queries if the user has enabled it. -This can generate very large log files. -#} -{% if tripleo_unbound_log_queries %} - log-queries: yes -{% else %} - log-queries: no -{% endif %} - -{# Set various security hardening settings. This defaults to on. #} -{% if tripleo_unbound_security_harden %} - hide-identity: yes - hide-version: yes - hide-trustanchor: yes - harden-short-bufsize: yes - harden-large-queries: yes -{% endif %} - -{# Allow PTR lookups for private IP address spaces. #} - unblock-lan-zones: yes - -{# Do not try to DNSSEC validate private IP address spaces. #} - insecure-lan-zones: yes -{# Setup the TLS endpoint for TCP queries. #} -{# Not implemented yet - tls-service-key: - tls-service-pem: - tls-port: 853 -#} -{# -Optimize the cache for cloud usage. -https://www.nlnetlabs.nl/documentation/unbound/howto-optimise/ -#} - rrset-cache-size: 100m - msg-cache-size: 50m - -{# -The remote control interface is not needed until we startcollecting metrics. -#} -remote-control: - control-enable: no diff --git a/tripleo_ansible/roles/tripleo_unbound/templates/tripleo-forwarder-unbound.conf.j2 b/tripleo_ansible/roles/tripleo_unbound/templates/tripleo-forwarder-unbound.conf.j2 deleted file mode 100644 index 824cda4ff..000000000 --- a/tripleo_ansible/roles/tripleo_unbound/templates/tripleo-forwarder-unbound.conf.j2 +++ /dev/null @@ -1,26 +0,0 @@ -# {{ ansible_managed }} -{# -This template is for the TripleO forwarder Unbound configuration file. - -No service specific settings should be made in this file. - -It will be placed in the /etc/unbound/conf.d directory and will override the -configuration settings provided in the base Unbound package from the -distribution. -#} -# -# These settings are made by TripleO, do not modify directly. -# The settings in this file will override the package provided settings. -# - -forward-zone: - name: "." - -{% for forwarder in tripleo_unbound_forward_resolvers %} - forward-addr: {{ forwarder }} -{% endfor %} -{% if tripleo_unbound_forward_fallback and tripleo_unbound_allow_recursion %} - forward-first: yes -{% else %} - forward-first: no -{% endif %} diff --git a/tripleo_ansible/roles/tripleo_unbound/templates/unbound_build_vars.j2 b/tripleo_ansible/roles/tripleo_unbound/templates/unbound_build_vars.j2 deleted file mode 100644 index 131f5068d..000000000 --- a/tripleo_ansible/roles/tripleo_unbound/templates/unbound_build_vars.j2 +++ /dev/null @@ -1,45 +0,0 @@ -# {{ ansible_managed }} -{# -This template is for the TripleO base Unbound configuration file. - -No service specific settings should be made in this file. - -This template will generate the required variables needed for the Unbound -configuration file template. - -We were requested to handle the variables in a jinja template instead of in -the ansible task due to an ansible performance issue here: -https://review.opendev.org/c/openstack/tripleo-ansible/+/773784 -#} - -{# Get the unbound listen interface IP address #} - -{% if tripleo_unbound_listen_interfaces is not defined or tripleo_unbound_listen_interfaces == "" %} - {% if hostvars[inventory_hostname].tripleo_unbound_listen_interfaces is defined and hostvars[inventory_hostname].tripleo_unbound_listen_interfaces != "" %} - {% set tripleo_unbound_listen_ips = [hostvars[inventory_hostname].tripleo_unbound_listen_interfaces] %} - {% elif tripleo_unbound_network_name is defined and tripleo_unbound_network_name != "" %} - {% set tripleo_unbound_listen_ips = [hostvars[inventory_hostname][tripleo_unbound_network_name + "_ip"]] %} - {% else %} - {% set tripleo_unbound_listen_ips = ['127.0.0.1'] %} - {% endif %} -{% else %} - {% set tripleo_unbound_listen_ips = tripleo_unbound_listen_interfaces %} -{% endif %} - -{# Get the cloud "external" subnet CIDRs to allow for queries #} -{% if tripleo_unbound_allowed_external_cidrs is not defined or tripleo_unbound_allowed_external_cidrs == "" %} - {% if tripleo_unbound_external_network_name is defined and tripleo_unbound_external_network_name != "" %} - {% set tripleo_unbound_allowed_external_cidrs = vars['net_cidr_map'][tripleo_unbound_external_network_name] %} - {% else %} - {% set tripleo_unbound_allowed_external_cidrs = [] %} - {% endif %} -{% endif %} - -{# Get the cloud "internal" subnet CIDRs to allow for queries #} -{% if tripleo_unbound_allowed_internal_cidrs is not defined or tripleo_unbound_allowed_internal_cidrs == "" %} - {% if tripleo_unbound_internal_network_name is defined and tripleo_unbound_internal_network_name != "" %} - {% set tripleo_unbound_allowed_internal_cidrs = vars['net_cidr_map'][tripleo_unbound_internal_network_name] %} - {% else %} - {% set tripleo_unbound_allowed_internal_cidrs = [] %} - {% endif %} -{% endif %} diff --git a/tripleo_ansible/roles/tripleo_update_trusted_cas/defaults/main.yml b/tripleo_ansible/roles/tripleo_update_trusted_cas/defaults/main.yml deleted file mode 100644 index 0c75e8e00..000000000 --- a/tripleo_ansible/roles/tripleo_update_trusted_cas/defaults/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# All variables intended for modification should be placed in this file. - -tripleo_update_trusted_cas_ca_map: {} diff --git a/tripleo_ansible/roles/tripleo_update_trusted_cas/meta/main.yml b/tripleo_ansible/roles/tripleo_update_trusted_cas/meta/main.yml deleted file mode 100644 index 043841bef..000000000 --- a/tripleo_ansible/roles/tripleo_update_trusted_cas/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_update_trusted_cas - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_update_trusted_cas/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_update_trusted_cas/molecule/default/converge.yml deleted file mode 100644 index 47df5bd00..000000000 --- a/tripleo_ansible/roles/tripleo_update_trusted_cas/molecule/default/converge.yml +++ /dev/null @@ -1,113 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - tripleo_update_trusted_cas_ca_map: - ca1: - content: | - -----BEGIN CERTIFICATE----- - MIIDkTCCAnmgAwIBAgIUbRyjH5xf0yGj7larMhEDIrvOgo4wDQYJKoZIhvcNAQEL - BQAwWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5DMRAwDgYDVQQHDAdSYWxlaWdo - MRQwEgYDVQQKDAtleGFtcGxlLmNvbTEUMBIGA1UEAwwLZXhhbXBsZS5jb20wHhcN - MjAwNzI4MTYxNDM0WhcNMjUwNzI3MTYxNDM0WjBYMQswCQYDVQQGEwJVUzELMAkG - A1UECAwCTkMxEDAOBgNVBAcMB1JhbGVpZ2gxFDASBgNVBAoMC2V4YW1wbGUuY29t - MRQwEgYDVQQDDAtleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC - AQoCggEBAOqk0OJOAa64bjF0k4MFJNZrzEsv1/UBReUF3c7NiYLayy5uk9DJghOH - Ic2Nphyafd4EvcoMkoBUe802iOW5zKjIgza/hVtcC6PPWbhkBdGpx832idjrXnWj - EBSbBZLY3Usikp3va9+7mCLcjnBQZ6ngSiqGnSpWhqvtm4eEIi9+CbmfBtWiBBK+ - w1glCQY/FZdGcJ0W0XgHLI06muSMujENMjSHiODqCx7QA/aNnW0RiYTENtS1yRdd - 8CIGGEf3HkvFFfwrZH6Qj4KW+0GXPkI6VzJCDsVL1YRuayTZl9rn9uGZDOdcljgb - RwbxHQTM3qGvNz2ErhG7PXs0lj/36AECAwEAAaNTMFEwHQYDVR0OBBYEFD8ANnVk - DhcDFLcj0uC3lCG9PMIkMB8GA1UdIwQYMBaAFD8ANnVkDhcDFLcj0uC3lCG9PMIk - MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGsrBZO/vU57lzXh - rFqH8LLPdR8E7amcDj9KZXVLPZlU5DHeyFVbCQ4qq1/p9uCFiJ+VfNKbB1BQW6ds - kK+v7aUmloFS2Yy2cp73CdgXnktglLLxcfp9nCezK+eBsdtAgD0tOSw68rm4Bavd - 2sGwTmOHNLllcOaH0yIL6lFWPeNNnEN4/YrKoe12z/aTLcJsMjn4kB3G/CHSZWIf - T0W5eurx1BCXJmSZb3SBuAB0s3K0m2aggZvzLKtYT0f4vnmjeJ4rw0KPGF7bRmxE - tU0ysc4zecSShj3KcwzV5mV6ZhS3TVq4nHgK8m3vv49aGT8ZCLqGFLxKssqg5NFR - A9Z4Owk= - -----END CERTIFICATE----- - ca2: - content: | - -----BEGIN CERTIFICATE----- - MIIDoTCCAomgAwIBAgIUVk/ek5wON2pd8PYSsULNSVag09MwDQYJKoZIhvcNAQEL - BQAwYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJh - bmNpc2NvMRUwEwYDVQQKDAxleGFtcGxlMi5jb20xFTATBgNVBAMMDGV4YW1wbGUy - LmNvbTAeFw0yMDA3MjgxNjE3NDNaFw0yNTA3MjcxNjE3NDNaMGAxCzAJBgNVBAYT - AlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEVMBMGA1UE - CgwMZXhhbXBsZTIuY29tMRUwEwYDVQQDDAxleGFtcGxlMi5jb20wggEiMA0GCSqG - SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqpNDiTgGuuG4xdJODBSTWa8xLL9f1AUXl - Bd3OzYmC2ssubpPQyYIThyHNjaYcmn3eBL3KDJKAVHvNNojlucyoyIM2v4VbXAuj - z1m4ZAXRqcfN9onY6151oxAUmwWS2N1LIpKd72vfu5gi3I5wUGep4Eoqhp0qVoar - 7ZuHhCIvfgm5nwbVogQSvsNYJQkGPxWXRnCdFtF4ByyNOprkjLoxDTI0h4jg6gse - 0AP2jZ1tEYmExDbUtckXXfAiBhhH9x5LxRX8K2R+kI+ClvtBlz5COlcyQg7FS9WE - bmsk2Zfa5/bhmQznXJY4G0cG8R0EzN6hrzc9hK4Ruz17NJY/9+gBAgMBAAGjUzBR - MB0GA1UdDgQWBBQ/ADZ1ZA4XAxS3I9Lgt5QhvTzCJDAfBgNVHSMEGDAWgBQ/ADZ1 - ZA4XAxS3I9Lgt5QhvTzCJDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA - A4IBAQBZJF7ryuUD03wxwb4NMyR4AVG0C64/HFDLb+z+6Y6nEWhqFrrDVzVfjF34 - vSf7jTx7tckSf0zfRoqnn0q+gqsb0ELenHpmZrMNf6E1GNJIYBsitpV2JB9PPhAi - 8aJAyO9Vbe58+kNgGp/3HV5VZgau65HmJjT/a4PJGj6hu/u5dfFo5CdQ3lXyv4sA - VobNkc0Wwwlr1M1a6zDZKoY/hErGsj4py/k59TKQvmL1EVNAovb/lk8GomgI9+Sv - 7gnsmyBykIQR1jOU/WadcZgdHw6/jdaksDHvwXH1Ome8JcSgV/E9yP+cf4Es/jku - 5fLS6gSAaX1GrrRxqvXNhjvAqb/b - -----END CERTIFICATE----- - ca3: - content: | - -----BEGIN CERTIFICATE----- - MIIDlzCCAn+gAwIBAgIUQYteZnUZo35iDToskO1lP/FVNDAwDQYJKoZIhvcNAQEL - BQAwWzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMREwDwYDVQQHDAhOZXcgWW9y - azEVMBMGA1UECgwMZXhhbXBsZTMuY29tMRUwEwYDVQQDDAxleGFtcGxlMy5jb20w - HhcNMjAwNzI4MTYyMDMwWhcNMjUwNzI3MTYyMDMwWjBbMQswCQYDVQQGEwJVUzEL - MAkGA1UECAwCTlkxETAPBgNVBAcMCE5ldyBZb3JrMRUwEwYDVQQKDAxleGFtcGxl - My5jb20xFTATBgNVBAMMDGV4YW1wbGUzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD - ggEPADCCAQoCggEBAOqk0OJOAa64bjF0k4MFJNZrzEsv1/UBReUF3c7NiYLayy5u - k9DJghOHIc2Nphyafd4EvcoMkoBUe802iOW5zKjIgza/hVtcC6PPWbhkBdGpx832 - idjrXnWjEBSbBZLY3Usikp3va9+7mCLcjnBQZ6ngSiqGnSpWhqvtm4eEIi9+Cbmf - BtWiBBK+w1glCQY/FZdGcJ0W0XgHLI06muSMujENMjSHiODqCx7QA/aNnW0RiYTE - NtS1yRdd8CIGGEf3HkvFFfwrZH6Qj4KW+0GXPkI6VzJCDsVL1YRuayTZl9rn9uGZ - DOdcljgbRwbxHQTM3qGvNz2ErhG7PXs0lj/36AECAwEAAaNTMFEwHQYDVR0OBBYE - FD8ANnVkDhcDFLcj0uC3lCG9PMIkMB8GA1UdIwQYMBaAFD8ANnVkDhcDFLcj0uC3 - lCG9PMIkMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJSL5k5q - V+wfsPhp5kQX4V/aEH0O02Ka8f9HvGcohT/PqFltSIY2LNJvoksgIBFja/UhDtUB - cqmK3v+l4C/vIy6S6ouajtRYQ7VmGLxgOg3btPtfPjrFFYH9AwSqwb4w70rCt7EF - CTv2yt6Arjp08BauwqwIQmlhBcmjsNa4/1v0kWlAmT4YOi6iXFN1lqBu4gZw4XDI - 4UWJIKkcJIYwXV+wU9WRAu9cNtJyAtanoPXVdsk/zwlmp4rgUOg4ttaY1SekIdC1 - z2HOmlkvCVkyuJaHvAwWmUGxMTudLlqQACSHAhprn+r2sKMoCC49j1p1XXR7YVPc - c6FIoPXPEidXLGw= - -----END CERTIFICATE----- - tasks: - - import_role: - name: "tripleo_update_trusted_cas" - - - name: check if anchor file created - stat: - path: "/etc/pki/ca-trust/source/anchors/{{item}}.pem" - register: stat_ca - failed_when: not stat_ca.stat.exists - loop: ['ca1', 'ca2', 'ca3'] - - - name: check if contents in extracted pem - lineinfile: - name: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem - line: "# {{item}}" - state: present - check_mode: true - register: conf - failed_when: (conf is changed) or (conf is failed) - loop: ['example.com', 'example2.com', 'example3.com'] diff --git a/tripleo_ansible/roles/tripleo_update_trusted_cas/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_update_trusted_cas/molecule/default/molecule.yml deleted file mode 100644 index 20d7e2005..000000000 --- a/tripleo_ansible/roles/tripleo_update_trusted_cas/molecule/default/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: podman - -provisioner: - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - check - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_update_trusted_cas/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_update_trusted_cas/molecule/default/prepare.yml deleted file mode 100644 index 482277ce0..000000000 --- a/tripleo_ansible/roles/tripleo_update_trusted_cas/molecule/default/prepare.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - vars: - test_deps_setup_stream: false - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_update_trusted_cas/tasks/main.yml b/tripleo_ansible/roles/tripleo_update_trusted_cas/tasks/main.yml deleted file mode 100644 index 2e121f9f7..000000000 --- a/tripleo_ansible/roles/tripleo_update_trusted_cas/tasks/main.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# tripleo_update_trusted_cas will add a set of certifcates in PEM format -# to the trusted CA store. These are provided in a ca map, which has -# the format: -# -# tripleo_update_trusted_cas_ca_map: -# first-ca-name: -# content: | -# The content of the CA cert goes here -# second-ca-name: -# content: | -# The content of the CA cert goes here -# etc. - -- name: Add ca files - become: true - copy: - dest: "/etc/pki/ca-trust/source/anchors/{{ item.key }}.pem" - content: "{{ item.value.content }}" - mode: "0644" - owner: "root" - loop: "{{ tripleo_update_trusted_cas_ca_map | dict2items }}" - -- name: Update trust - become: true - command: /usr/bin/update-ca-trust extract diff --git a/tripleo_ansible/roles/tripleo_upgrade_hiera/defaults/main.yml b/tripleo_ansible/roles/tripleo_upgrade_hiera/defaults/main.yml deleted file mode 100644 index 822a397ab..000000000 --- a/tripleo_ansible/roles/tripleo_upgrade_hiera/defaults/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -tripleo_upgrade_hiera_file: /etc/puppet/hieradata/upgrade.json diff --git a/tripleo_ansible/roles/tripleo_upgrade_hiera/meta/main.yml b/tripleo_ansible/roles/tripleo_upgrade_hiera/meta/main.yml deleted file mode 100644 index ec32bf4eb..000000000 --- a/tripleo_ansible/roles/tripleo_upgrade_hiera/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_upgrade_hiera - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_upgrade_hiera/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_upgrade_hiera/molecule/default/converge.yml deleted file mode 100644 index 8dd610d51..000000000 --- a/tripleo_ansible/roles/tripleo_upgrade_hiera/molecule/default/converge.yml +++ /dev/null @@ -1,62 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: tripleo_upgrade_hiera - - post_tasks: - - name: test tripleo_upgrade_hiera - add a first value - include_role: - name: tripleo_upgrade_hiera - tasks_from: set.yml - vars: - tripleo_upgrade_key: pacemaker_short_node_names_override - tripleo_upgrade_value: - - "controller-0" - - - name: test tripleo_upgrade_hiera - add another value - include_role: - name: tripleo_upgrade_hiera - tasks_from: set.yml - vars: - tripleo_upgrade_key: mysql_short_node_names_override - tripleo_upgrade_value: - - "controller-0" - - "controller-1" - - - name: test tripleo_upgrade_hiera - update a value - include_role: - name: tripleo_upgrade_hiera - tasks_from: set.yml - vars: - tripleo_upgrade_key: mysql_short_node_names_override - tripleo_upgrade_value: - - "controller-1" - - - name: test tripleo_upgrade_hiera - remove a value - include_role: - name: tripleo_upgrade_hiera - tasks_from: remove.yml - vars: - tripleo_upgrade_key: pacemaker_short_node_names_override - - - name: test tripleo_upgrade_hiera - remove all values - include_role: - name: tripleo_upgrade_hiera - tasks_from: remove-all.yml diff --git a/tripleo_ansible/roles/tripleo_upgrade_hiera/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_upgrade_hiera/molecule/default/molecule.yml deleted file mode 100644 index 6894ebdbb..000000000 --- a/tripleo_ansible/roles/tripleo_upgrade_hiera/molecule/default/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_upgrade_hiera/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_upgrade_hiera/molecule/default/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/tripleo_upgrade_hiera/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_upgrade_hiera/tasks/create-tripleo-upgrade-file.yml b/tripleo_ansible/roles/tripleo_upgrade_hiera/tasks/create-tripleo-upgrade-file.yml deleted file mode 100644 index fc508dc96..000000000 --- a/tripleo_ansible/roles/tripleo_upgrade_hiera/tasks/create-tripleo-upgrade-file.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: create the directory for hiera file - file: - path: "{{ tripleo_upgrade_hiera_file | dirname }}" - owner: "root" - group: "root" - mode: 0755 - state: directory - become: true - -- name: check if the upgrade file exists. - stat: - path: "{{ tripleo_upgrade_hiera_file }}" - register: _tripleo_upgrade_hiera_file - become: true - -- name: check if the file contains valid json - command: "jq . {{ tripleo_upgrade_hiera_file }}" - register: _tripleo_upgrade_hiera_test - become: true - when: - - _tripleo_upgrade_hiera_file.stat.exists | bool - -- name: create the hiera file when no file or empty file. - copy: - dest: "{{ tripleo_upgrade_hiera_file }}" - owner: "root" - group: "root" - mode: 0644 - content: "{}" - become: true - when: - - not (_tripleo_upgrade_hiera_file.stat.exists | bool) or - not (_tripleo_upgrade_hiera_test.stdout | length) > 0 - -- name: load the json hiera data - command: "jq . {{ tripleo_upgrade_hiera_file }}" - register: tripleo_upgrade_hiera_command - become: true diff --git a/tripleo_ansible/roles/tripleo_upgrade_hiera/tasks/main.yml b/tripleo_ansible/roles/tripleo_upgrade_hiera/tasks/main.yml deleted file mode 100644 index 3372d33a7..000000000 --- a/tripleo_ansible/roles/tripleo_upgrade_hiera/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Install jq package - package: - name: jq - state: present diff --git a/tripleo_ansible/roles/tripleo_upgrade_hiera/tasks/remove-all.yml b/tripleo_ansible/roles/tripleo_upgrade_hiera/tasks/remove-all.yml deleted file mode 100644 index 40c6a98fb..000000000 --- a/tripleo_ansible/roles/tripleo_upgrade_hiera/tasks/remove-all.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: delete the upgrade hiera file - file: - path: "{{ tripleo_upgrade_hiera_file }}" - state: absent - become: true diff --git a/tripleo_ansible/roles/tripleo_upgrade_hiera/tasks/remove.yml b/tripleo_ansible/roles/tripleo_upgrade_hiera/tasks/remove.yml deleted file mode 100644 index 92dba8d39..000000000 --- a/tripleo_ansible/roles/tripleo_upgrade_hiera/tasks/remove.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: ensure tripleo-upgrade hiera file exists - include_tasks: create-tripleo-upgrade-file.yml - -- name: reset tripleo_upgrade_hiera_data_del fact - set_fact: - tripleo_upgrade_hiera_data_del: {} - -- name: remove a tripleo-upgrade key - set_fact: - tripleo_upgrade_hiera_data_del: "{{ tripleo_upgrade_hiera_data_del|combine({upgrade_hiera_item.key: upgrade_hiera_item.value}) }}" - cacheable: false - when: upgrade_hiera_item.key != tripleo_upgrade_key - loop_control: - loop_var: upgrade_hiera_item - loop: "{{ tripleo_upgrade_hiera_command.stdout | from_json | default({}) | dict2items }}" - -- name: write the updated tripleo-upgrade hiera data - copy: - content: "{{ tripleo_upgrade_hiera_data_del | to_nice_json }}" - dest: "{{ tripleo_upgrade_hiera_file }}" - become: true diff --git a/tripleo_ansible/roles/tripleo_upgrade_hiera/tasks/set.yml b/tripleo_ansible/roles/tripleo_upgrade_hiera/tasks/set.yml deleted file mode 100644 index b79d6688f..000000000 --- a/tripleo_ansible/roles/tripleo_upgrade_hiera/tasks/set.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: ensure tripleo-upgrade hiera file exists - include_tasks: create-tripleo-upgrade-file.yml - -- name: set/update the tripleo-upgrade key/value - set_fact: - tripleo_upgrade_hiera_data_add: "{{ tripleo_upgrade_hiera_command.stdout | from_json | combine({ tripleo_upgrade_key: tripleo_upgrade_value }) }}" - cacheable: false - -- name: write the updated tripleo-upgrade hiera data - copy: - content: "{{ tripleo_upgrade_hiera_data_add | to_nice_json }}" - dest: "{{ tripleo_upgrade_hiera_file }}" - become: true diff --git a/tripleo_ansible/roles/tripleo_validations_package/meta/main.yml b/tripleo_ansible/roles/tripleo_validations_package/meta/main.yml deleted file mode 100644 index e945ebf4a..000000000 --- a/tripleo_ansible/roles/tripleo_validations_package/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tripleo_validations_package - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_validations_package/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_validations_package/molecule/default/converge.yml deleted file mode 100644 index 0a3419e31..000000000 --- a/tripleo_ansible/roles/tripleo_validations_package/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "tripleo_validations_package" diff --git a/tripleo_ansible/roles/tripleo_validations_package/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_validations_package/molecule/default/molecule.yml deleted file mode 100644 index 6894ebdbb..000000000 --- a/tripleo_ansible/roles/tripleo_validations_package/molecule/default/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: podman - -provisioner: - name: ansible - inventory: - hosts: - all: - hosts: - centos: - ansible_python_interpreter: /usr/bin/python3 - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tripleo_validations_package/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_validations_package/molecule/default/prepare.yml deleted file mode 100644 index f687e399b..000000000 --- a/tripleo_ansible/roles/tripleo_validations_package/molecule/default/prepare.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - vars: - test_deps_setup_stream: false - roles: - - role: test_deps - test_deps_setup_tripleo: true - test_deps_setup_stream: true - - role: env_data diff --git a/tripleo_ansible/roles/tripleo_validations_package/tasks/main.yml b/tripleo_ansible/roles/tripleo_validations_package/tasks/main.yml deleted file mode 100644 index 529b5b13d..000000000 --- a/tripleo_ansible/roles/tripleo_validations_package/tasks/main.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: 'Install tripleo-validations package' - package: - name: 'openstack-tripleo-validations' - state: installed - releasever: "{{ ansible_facts['distribution_major_version'] }}" - -- name: Set group name fact - set_fact: - validations_group_name: "{{ lookup('env', 'SUDO_USER') | default(ansible_user_id, true) }}" - -- name: Ensure 'validations_group_name' exists - group: - name: "{{ validations_group_name }}" - state: present - -- name: 'Create validations logging directory' - file: - path: '/var/log/validations' - state: directory - owner: 'root' - group: "{{ validations_group_name }}" - mode: '2770' diff --git a/tripleo_ansible/roles/tuned/defaults/main.yml b/tripleo_ansible/roles/tuned/defaults/main.yml deleted file mode 100644 index 7bbe1d88b..000000000 --- a/tripleo_ansible/roles/tuned/defaults/main.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -tuned_profile: "throughput-performance" -tuned_custom_profile: "" -tuned_isolated_cores: "" - -# Packages installed on the local system. Allows user to define this list -# otherwise it will inherit from the OS specific variable file(s). -tuned_system_packages: "{{ _tuned_system_packages | default([]) }}" diff --git a/tripleo_ansible/roles/tuned/meta/main.yml b/tripleo_ansible/roles/tuned/meta/main.yml deleted file mode 100644 index 1faa0dca3..000000000 --- a/tripleo_ansible/roles/tuned/meta/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - namespace: openstack - author: OpenStack - description: TripleO OpenStack Role -- tuned - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.7 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - tripleo - - tuned - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/tripleo_ansible/roles/tuned/molecule/default/converge.yml b/tripleo_ansible/roles/tuned/molecule/default/converge.yml deleted file mode 100644 index 45625df67..000000000 --- a/tripleo_ansible/roles/tuned/molecule/default/converge.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - become: true - hosts: all - roles: - - role: "tuned" diff --git a/tripleo_ansible/roles/tuned/molecule/default/molecule.yml b/tripleo_ansible/roles/tuned/molecule/default/molecule.yml deleted file mode 100644 index 2b39cf66d..000000000 --- a/tripleo_ansible/roles/tuned/molecule/default/molecule.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - -scenario: - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tuned/molecule/default/prepare.yml b/tripleo_ansible/roles/tuned/molecule/default/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/tuned/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tuned/molecule/isolated/converge.yml b/tripleo_ansible/roles/tuned/molecule/isolated/converge.yml deleted file mode 100644 index cd5049849..000000000 --- a/tripleo_ansible/roles/tuned/molecule/isolated/converge.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - become: true - hosts: all - vars: - tuned_system_packages: "tuned-profiles-cpu-partitioning" - tuned_profile: "cpu-partitioning" - tuned_isolated_cores: "1" - roles: - - role: "tuned" diff --git a/tripleo_ansible/roles/tuned/molecule/isolated/molecule.yml b/tripleo_ansible/roles/tuned/molecule/isolated/molecule.yml deleted file mode 100644 index 2b39cf66d..000000000 --- a/tripleo_ansible/roles/tuned/molecule/isolated/molecule.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - fact_caching: jsonfile - fact_caching_connection: /tmp/molecule/facts - inventory: - hosts: - all: - hosts: - instance: - ansible_host: localhost - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" - -scenario: - test_sequence: - - prepare - - converge - - check - -verifier: - name: testinfra diff --git a/tripleo_ansible/roles/tuned/molecule/isolated/prepare.yml b/tripleo_ansible/roles/tuned/molecule/isolated/prepare.yml deleted file mode 100644 index b0410e09b..000000000 --- a/tripleo_ansible/roles/tuned/molecule/isolated/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: test_deps - - role: env_data diff --git a/tripleo_ansible/roles/tuned/molecule/isolated/tests/test_isolated.py b/tripleo_ansible/roles/tuned/molecule/isolated/tests/test_isolated.py deleted file mode 100644 index c0f1c900f..000000000 --- a/tripleo_ansible/roles/tuned/molecule/isolated/tests/test_isolated.py +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import configparser -import os - -import testinfra.utils.ansible_runner - - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_isolated_cores(host): - assert host.file('/etc/tuned/cpu-partitioning-variables.conf').contains('^isolated_cores=1$') - - -def test_cpu_affinity(host): - out = host.check_output('nproc --all') - cpus = '' - for i in range(int(out)): - if i == 1: - continue - if cpus: - cpus += ' ' - cpus += str(i) - assert host.file('/etc/systemd/system.conf').contains('^CPUAffinity=' + cpus + '$') diff --git a/tripleo_ansible/roles/tuned/tasks/main.yml b/tripleo_ansible/roles/tuned/tasks/main.yml deleted file mode 100644 index ed3e23279..000000000 --- a/tripleo_ansible/roles/tuned/tasks/main.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "{{ role_name }}" will search for and load any operating system variable file -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- include_tasks: tuned_install.yml - when: - - (tuned_system_packages | length) > 0 - -- name: Check for tuned-adm - command: >- - which tuned-adm - environment: - PATH: "/bin:/usr/bin:/sbin:/usr/sbin" - changed_when: false - failed_when: false - register: tuned_check - -- include_tasks: tuned_config.yml - when: - - not ansible_check_mode - - tuned_check.rc == 0 diff --git a/tripleo_ansible/roles/tuned/tasks/tuned_config.yml b/tripleo_ansible/roles/tuned/tasks/tuned_config.yml deleted file mode 100644 index caf375d4f..000000000 --- a/tripleo_ansible/roles/tuned/tasks/tuned_config.yml +++ /dev/null @@ -1,66 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Ensure profile directory exists - file: - path: "/etc/tuned/{{ tuned_profile }}" - state: directory - when: - - (tuned_custom_profile is defined) and ((tuned_custom_profile | length) > 0) - -- name: Create custom tuned profile - copy: - content: "{{ tuned_custom_profile }}" - dest: "/etc/tuned/{{ tuned_profile }}/tuned.conf" - when: - - (tuned_custom_profile is defined) and ((tuned_custom_profile | length) > 0) - -- name: Check tuned active profile - slurp: - src: "/etc/tuned/active_profile" - register: tuned_active_profile - -- name: Check Tuned Configuration file exists - stat: - path: "/etc/tuned/{{ tuned_profile }}-variables.conf" - register: tuned_conf_stat_result - -- name: Fail if tuned profile conf is absent but isolated cores is provided - fail: - msg: "Tuned profile conf file is not available to configure isolated cores" - when: - - tuned_isolated_cores is defined - - (tuned_isolated_cores | length) > 0 - - not (tuned_conf_stat_result.stat.exists | bool) - -- name: "Configure isolated cores for profile {{ tuned_profile }}" - lineinfile: - dest: "/etc/tuned/{{ tuned_profile }}-variables.conf" - regexp: '^isolated_cores=.*' - line: 'isolated_cores={{ tuned_isolated_cores }}' - when: - - tuned_isolated_cores is defined - - (tuned_isolated_cores | length) > 0 - - (tuned_conf_stat_result.stat.exists | bool) - -- name: Enable tuned profile - command: >- - tuned-adm profile {{ tuned_profile }} - environment: - PATH: "/bin:/usr/bin:/sbin:/usr/sbin" - when: - - ((tuned_active_profile['content'] | b64decode).strip()) != tuned_profile diff --git a/tripleo_ansible/roles/tuned/tasks/tuned_install.yml b/tripleo_ansible/roles/tuned/tasks/tuned_install.yml deleted file mode 100644 index cbc22c733..000000000 --- a/tripleo_ansible/roles/tuned/tasks/tuned_install.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Check tuned package is installed - command: "rpm -q --whatprovides {{ tuned_system_packages }}" - register: rpm_query_result - failed_when: false - -- name: Install tuned - become: true - package: - name: "{{ tuned_system_packages }}" - state: present - register: _tuned_install_result - when: - - rpm_query_result.rc > 0 - -- name: Restart tuned - become: true - systemd: - name: tuned - state: restarted - enabled: true - when: - - _tuned_install_result.changed diff --git a/tripleo_ansible/roles/tuned/vars/redhat.yml b/tripleo_ansible/roles/tuned/vars/redhat.yml deleted file mode 100644 index 03e02d908..000000000 --- a/tripleo_ansible/roles/tuned/vars/redhat.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_tuned_system_packages: - - tuned - - tuned-profiles-cpu-partitioning diff --git a/tripleo_ansible/tests/__init__.py b/tripleo_ansible/tests/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/tests/base.py b/tripleo_ansible/tests/base.py deleted file mode 100644 index b55e76073..000000000 --- a/tripleo_ansible/tests/base.py +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from ansible.plugins import loader - -from oslotest import base - - -def load_module_utils(*args): - """Ensure requested module_utils are loaded into ansible.module_utils""" - if args: - for m in args: - try: - loader.module_utils_loader.get(m) - except AttributeError: - pass - else: - # search and load all module_utils, its noisy and slower - list(loader.module_utils_loader.all()) - - -class TestCase(base.BaseTestCase): - """Test case base class for all unit tests.""" diff --git a/tripleo_ansible/tests/modules/__init__.py b/tripleo_ansible/tests/modules/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/tests/modules/test_ceph_mkspec.py b/tripleo_ansible/tests/modules/test_ceph_mkspec.py deleted file mode 100644 index 5762a5b4f..000000000 --- a/tripleo_ansible/tests/modules/test_ceph_mkspec.py +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -"""Test the methods of the ceph_mkspec module""" - - -from tripleo_ansible.ansible_plugins.modules import ceph_mkspec -try: - from ansible.module_utils.ca_common import generate_ceph_cmd -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils.ca_common import generate_ceph_cmd - -try: - from ansible.module_utils import ceph_spec -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils import ceph_spec - -from tripleo_ansible.tests import base as tests_base - - -class TestCephMKSpec(tests_base.TestCase): - ''' - Test the methods of the ceph_spec_bootstrap module - ''' - - def test_generate_orch_cli(self): - ''' - Test the cmd generation run against the ceph cluster when apply: true - is passed to the module. - This command is supposed to use the orchestrator and apply the spec - rendered in a given input_path - ''' - - input_path = "/tmp/specfile" - cluster = "ceph" - container_image = "quay.ceph.io/ceph-ci/daemon:latest" - args = ['apply', '--in-file', input_path] - - expected_cli_cmd = generate_ceph_cmd(sub_cmd=['orch'], args=args, - spec_path=input_path, cluster=cluster, - container_image=container_image) - - gen_cli_cmd = ceph_mkspec.generate_orch_cli(cluster, input_path, container_image) - self.assertEqual(expected_cli_cmd, gen_cli_cmd) diff --git a/tripleo_ansible/tests/modules/test_ceph_spec_bootstrap.py b/tripleo_ansible/tests/modules/test_ceph_spec_bootstrap.py deleted file mode 100644 index cceceee41..000000000 --- a/tripleo_ansible/tests/modules/test_ceph_spec_bootstrap.py +++ /dev/null @@ -1,230 +0,0 @@ -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -"""Test the methods of the ceph_spec_bootstrap module""" - -import io -import socket -import tempfile -import yaml - -from tripleo_ansible.ansible_plugins.modules import ceph_spec_bootstrap -from tripleo_ansible.tests import base as tests_base - - -class TestCephSpecBootstrap(tests_base.TestCase): - """Test the methods of the ceph_spec_bootstrap module""" - - def test_metal_roles_based_spec(self): - """verify we can build a ceph spec and supporting data - structures from a mealsmith and tripleo roles file - """ - ceph_service_types = ['mon', 'mgr', 'osd'] - metal = "roles/tripleo_cephadm/molecule/default/mock/mock_deployed_metal.yaml" - tripleo_roles = "roles/tripleo_cephadm/molecule/default/mock/mock_overcloud_roles.yaml" - roles_to_svcs = ceph_spec_bootstrap.get_roles_to_svcs_from_roles(tripleo_roles) - expected = { - 'Compute': [], - 'CephStorage': ['CephOSD'], - 'Controller': ['CephMgr', 'CephMon']} - self.assertEqual(roles_to_svcs, expected) - - roles = roles_to_svcs.keys() - roles_to_hosts = ceph_spec_bootstrap.get_deployed_roles_to_hosts(metal, roles) - expected = { - 'Controller': ['oc0-controller-0', 'oc0-controller-1', 'oc0-controller-2'], - 'Compute': ['oc0-compute-0'], - 'CephStorage': ['oc0-ceph-0', 'oc0-ceph-1', 'oc0-ceph-2'] - } - self.assertEqual(roles_to_hosts, expected) - - hosts_to_ips = ceph_spec_bootstrap.get_deployed_hosts_to_ips(metal) - expected = {'oc0-ceph-0': '192.168.24.13', - 'oc0-ceph-1': '192.168.24.11', - 'oc0-ceph-2': '192.168.24.14', - 'oc0-compute-0': '192.168.24.21', - 'oc0-controller-0': '192.168.24.23', - 'oc0-controller-1': '192.168.24.15', - 'oc0-controller-2': '192.168.24.7'} - self.assertEqual(hosts_to_ips, expected) - - label_map = ceph_spec_bootstrap.get_label_map(hosts_to_ips, roles_to_svcs, - roles_to_hosts, ceph_service_types) - expected = {'oc0-ceph-0': ['osd'], - 'oc0-ceph-1': ['osd'], - 'oc0-ceph-2': ['osd'], - 'oc0-compute-0': [], - 'oc0-controller-0': ['mgr', 'mon', '_admin'], - 'oc0-controller-1': ['mgr', 'mon', '_admin'], - 'oc0-controller-2': ['mgr', 'mon', '_admin']} - self.assertEqual(label_map, expected) - - specs = ceph_spec_bootstrap.get_specs(hosts_to_ips, label_map, ceph_service_types) - expected = [ - {'service_type': 'host', 'addr': '192.168.24.13', - 'hostname': 'oc0-ceph-0', 'labels': ['osd']}, - {'service_type': 'host', 'addr': '192.168.24.11', - 'hostname': 'oc0-ceph-1', 'labels': ['osd']}, - {'service_type': 'host', 'addr': '192.168.24.14', - 'hostname': 'oc0-ceph-2', 'labels': ['osd']}, - {'service_type': 'host', 'addr': '192.168.24.23', - 'hostname': 'oc0-controller-0', 'labels': ['mgr', 'mon', '_admin']}, - {'service_type': 'host', 'addr': '192.168.24.15', - 'hostname': 'oc0-controller-1', 'labels': ['mgr', 'mon', '_admin']}, - {'service_type': 'host', 'addr': '192.168.24.7', - 'hostname': 'oc0-controller-2', 'labels': ['mgr', 'mon', '_admin']}, - { - 'service_type': 'mon', - 'service_name': 'mon', - 'service_id': 'mon', - 'placement': { - 'hosts': ['oc0-controller-0', 'oc0-controller-1', 'oc0-controller-2'] - } - }, - { - 'service_type': 'mgr', - 'service_name': 'mgr', - 'service_id': 'mgr', - 'placement': { - 'hosts': ['oc0-controller-0', 'oc0-controller-1', 'oc0-controller-2'] - } - }, - { - 'service_type': 'osd', - 'service_name': 'osd.default_drive_group', - 'service_id': 'default_drive_group', - 'placement': { - 'hosts': ['oc0-ceph-0', 'oc0-ceph-1', 'oc0-ceph-2'] - }, - 'data_devices': {'all': True} - } - ] - for index in range(0, len(expected)): - if expected[index].get('service_type', '') == 'host': - expected[index].get('labels', {}).sort() - specs[index].get('labels', {}).sort() - - self.assertEqual(specs, expected) - - def test_inventory_based_spec(self): - """verify we can build a ceph spec and supporting data - structures from from a tripleo-ansible inventory - """ - ceph_service_types = ['mon', 'mgr', 'osd'] - inventory_file = "roles/tripleo_cephadm/molecule/default/mock/mock_inventory.yml" - with open(inventory_file, 'r') as stream: - inventory = yaml.safe_load(stream) - roles_to_svcs = ceph_spec_bootstrap.get_roles_to_svcs_from_inventory(inventory) - expected = {'Standalone': ['CephOSD', 'CephMgr', 'CephMon']} - self.assertEqual(roles_to_svcs, expected) - - roles = roles_to_svcs.keys() - hosts_to_ips = ceph_spec_bootstrap.get_inventory_hosts_to_ips(inventory, roles) - expected = {'standalone': '192.168.24.1'} - self.assertEqual(hosts_to_ips, expected) - - roles_to_hosts = ceph_spec_bootstrap.get_inventory_roles_to_hosts(inventory, roles) - expected = {'Standalone': ['standalone']} - self.assertEqual(roles_to_hosts, expected) - - label_map = ceph_spec_bootstrap.get_label_map(hosts_to_ips, roles_to_svcs, - roles_to_hosts, ceph_service_types) - expected = {'standalone': ['osd', 'mgr', '_admin', 'mon']} - # the order of the labels does not matter, sort them for consistency - label_map['standalone'].sort() - expected['standalone'].sort() - self.assertEqual(label_map, expected) - - specs = ceph_spec_bootstrap.get_specs(hosts_to_ips, label_map, ceph_service_types) - expected = [{'addr': '192.168.24.1', - 'hostname': 'standalone', - 'labels': ['osd', 'mgr', '_admin', 'mon'], - 'service_type': 'host'}, - {'placement': {'hosts': ['standalone']}, - 'service_id': 'mon', - 'service_name': 'mon', - 'service_type': 'mon'}, - {'placement': {'hosts': ['standalone']}, - 'service_id': 'mgr', - 'service_name': 'mgr', - 'service_type': 'mgr'}, - {'data_devices': {'all': True}, - 'placement': {'hosts': ['standalone']}, - 'service_id': 'default_drive_group', - 'service_name': 'osd.default_drive_group', - 'service_type': 'osd'}] - # the order of the labels does not matter, sort them for consistency - expected[0]['labels'].sort() - specs[0]['labels'].sort() - - self.assertEqual(len(specs), len(expected)) - self.assertEqual(specs, expected) - - def test_standalone_spec(self): - hostname = socket.gethostname() - expected = [] - expected.append(yaml.safe_load(''' - addr: 192.168.122.252 - hostname: %s - labels: - - mon - - _admin - - osd - - mgr - service_type: host - ''' % hostname)) - - expected.append(yaml.safe_load(''' - placement: - hosts: - - %s - service_id: mon - service_name: mon - service_type: mon - ''' % hostname)) - - expected.append(yaml.safe_load(''' - placement: - hosts: - - %s - service_id: mgr - service_name: mgr - service_type: mgr - ''' % hostname)) - - expected.append(yaml.safe_load(''' - data_devices: - all: true - placement: - hosts: - - %s - service_id: default_drive_group - service_name: osd.default_drive_group - service_type: osd - ''' % hostname)) - - expected_spec = tempfile.NamedTemporaryFile() - for spec in expected: - with open(expected_spec.name, 'a') as f: - f.write('---\n') - f.write(yaml.safe_dump(spec)) - - my_spec = tempfile.NamedTemporaryFile() - ceph_spec_bootstrap.ceph_spec_standalone(my_spec.name, - mon_ip='192.168.122.252') - self.assertCountEqual( - list(io.open(expected_spec.name)), - list(io.open(my_spec.name))) - expected_spec.close() - my_spec.close() diff --git a/tripleo_ansible/tests/modules/test_container_config_data.py b/tripleo_ansible/tests/modules/test_container_config_data.py deleted file mode 100644 index 9a053b7a5..000000000 --- a/tripleo_ansible/tests/modules/test_container_config_data.py +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tripleo_ansible.ansible_plugins.modules import container_config_data -from tripleo_ansible.tests import base as tests_base - - -class TestContainerConfigData(tests_base.TestCase): - def test_run(self): - # TODO(emilien) write actual tests - pass diff --git a/tripleo_ansible/tests/modules/test_container_puppet_config.py b/tripleo_ansible/tests/modules/test_container_puppet_config.py deleted file mode 100644 index e8a57cde3..000000000 --- a/tripleo_ansible/tests/modules/test_container_puppet_config.py +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tripleo_ansible.ansible_plugins.modules import container_puppet_config -from tripleo_ansible.tests import base as tests_base - - -class TestContainerPuppetConfig(tests_base.TestCase): - def test_run(self): - # TODO(emilien) write actual tests - pass diff --git a/tripleo_ansible/tests/modules/test_lvm2_physical_devices_facts.py b/tripleo_ansible/tests/modules/test_lvm2_physical_devices_facts.py deleted file mode 100644 index b0caad033..000000000 --- a/tripleo_ansible/tests/modules/test_lvm2_physical_devices_facts.py +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from collections import Counter -from unittest import mock - -from tripleo_ansible.ansible_plugins.modules import lvm2_physical_devices_facts as lvm2 -from tripleo_ansible.tests import base as tests_base - - -class TestLvm2PhysicalDevicesFacts(tests_base.TestCase): - - def test_get_pvs(self): - mock_module = mock.Mock() - - mock_module.run_command.return_value = (0, ' myvgname\n myvgname\n', '') - result = lvm2.get_vgs_with_active_lvs(mock_module) - self.assertEqual(['myvgname'], result) - - mock_module.run_command.return_value = (0, ' /dev/sdb1\n /dev/sdb2\n', '') - result = lvm2.get_vgs_with_active_lvs(mock_module) - self.assertEqual(Counter(['/dev/sdb1', '/dev/sdb2']), Counter(result)) diff --git a/tripleo_ansible/tests/modules/test_network_data_v2.py b/tripleo_ansible/tests/modules/test_network_data_v2.py deleted file mode 100644 index ee5bd84e1..000000000 --- a/tripleo_ansible/tests/modules/test_network_data_v2.py +++ /dev/null @@ -1,491 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import copy -import mock -import yaml - -import openstack - -from tripleo_ansible.tests import base as tests_base - -from tripleo_ansible.ansible_plugins.module_utils import network_data_v2 -from tripleo_ansible.tests import stubs - - -NET_DATA = yaml.safe_load(''' ---- -name: Storage -name_lower: storage -admin_state_up: false -dns_domain: storage.localdomain. -mtu: 1442 -shared: false -service_net_map_replace: storage -ipv6: true -vip: true -subnets: - subnet01: - ip_subnet: 172.18.1.0/24 - gateway_ip: 172.18.1.254 - allocation_pools: - - start: 172.18.1.1 - end: 172.18.1.250 - routes: - - destination: 172.18.0.0/24 - nexthop: 172.18.1.254 - ipv6_subnet: 2001:db8:a::/64 - gateway_ipv6: 2001:db8:a::1 - ipv6_allocation_pools: - - start: 2001:db8:a::0010 - end: 2001:db8:a::fff9 - routes_ipv6: - - destination: 2001:db8:b::/64 - nexthop: 2001:db8:a::1 - ipv6_address_mode: slaac - ipv6_ra_mode: slaac - enable_dhcp: false - physical_network: storage_subnet01 - network_type: flat - segmentation_id: 21 - vlan: 21 - subnet02: - ip_subnet: 172.18.0.0/24 - gateway_ip: 172.18.0.254 - allocation_pools: - - start: 172.18.0.10 - end: 172.18.0.250 - routes: - - destination: 172.18.1.0/24 - nexthop: 172.18.0.254 - ipv6_subnet: 2001:db8:b::/64 - gateway_ipv6: 2001:db8:b::1 - ipv6_allocation_pools: - - start: 2001:db8:b::0010 - end: 2001:db8:b::fff9 - routes_ipv6: - - destination: 2001:db8:a::/64 - nexthop: 2001:db8:b::1 - ipv6_address_mode: slaac - ipv6_ra_mode: slaac - enable_dhcp: false - physical_network: storage_subnet01 - network_type: flat - segmentation_id: 21 - vlan: 20 -''') - -IPV4_SUBNET_KEYS = {'ip_subnet', 'allocation_pools', 'routes', 'gateway_ip'} -IPV6_SUBNET_KEYS = {'ipv6_subnet', 'ipv6_allocation_pools', 'routes_ipv6', - 'gateway_ipv6', 'ipv6_address_mode', 'ipv6_ra_mode'} - - -class TestNetworkDataV2(tests_base.TestCase): - - def setUp(self): - super(TestNetworkDataV2, self).setUp() - # Helper function to convert array to generator - self.a2g = lambda x: (n for n in x) - - def test_validator_ok(self): - ipv4_only = copy.deepcopy(NET_DATA) - ipv6_only = copy.deepcopy(NET_DATA) - ipv4_only.pop('ipv6') - for name, subnet in ipv4_only['subnets'].items(): - [subnet.pop(k) for k in IPV6_SUBNET_KEYS] - for name, subnet in ipv6_only['subnets'].items(): - [subnet.pop(k) for k in IPV4_SUBNET_KEYS] - - error_messages = network_data_v2.validate_json_schema(NET_DATA) - self.assertEqual([], error_messages) - error_messages = network_data_v2.validate_json_schema(ipv4_only) - self.assertEqual([], error_messages) - error_messages = network_data_v2.validate_json_schema(ipv6_only) - self.assertEqual([], error_messages) - - def test_validator_fail(self): - dual = copy.deepcopy(NET_DATA) - dual.pop('name') # Required - dual['mtu'] = 400 # too low - dual['ipv6'] = 'not_bool' - dual['vip'] = 'not_bool' - dual['admin_state_up'] = 'not_bool' - dual['shared'] = 'not_bool' - dual['invalid_key'] = 'foo' - s02 = dual['subnets']['subnet02'] - s02['ip_subnet'] = 'invalid' - s02['gateway_ip'] = '2001:db8:a::1' # Wrong ip version - s02['allocation_pools'][0]['foo'] = 'foo' # Invalid key - s02['allocation_pools'][0]['start'] = '2001:db8:a::1' - s02['routes'][0]['foo'] = 'foo' # Invalid key - s02['routes'][0]['nexthop'] = '172222.18.1.254' - s02['routes'][0]['destination'] = '172.18.0.0/99' # netmask error - s02['enable_dhcp'] = 'not_a_bool' - s02['physical_network'] = dict() # Invalid, should be string - s02['network_type'] = 'invalid' - s02['vlan'] = 'not_an_int' - s02['ipv6_subnet'] = 'invalid' - s02['gateway_ipv6'] = '172.18.1.254' # Wrong ip version - s02['ipv6_allocation_pools'][0]['v6_invalid_key'] = 'foo' - s02['ipv6_allocation_pools'][0]['end'] = '172.18.1.20' - s02['routes_ipv6'][0]['v6_invalid_key'] = 'foo' - s02['routes_ipv6'][0]['destination'] = '2001:XXX8:X::/64' - s02['ipv6_address_mode'] = 'invalid' - s02['ipv6_ra_mode'] = 'invalid' - - ipv4_only = copy.deepcopy(dual) - ipv6_only = copy.deepcopy(dual) - for name, subnet in ipv4_only['subnets'].items(): - [subnet.pop(k) for k in IPV6_SUBNET_KEYS] - for name, subnet in ipv6_only['subnets'].items(): - [subnet.pop(k) for k in IPV4_SUBNET_KEYS] - ipv4_only['subnets']['subnet01'].pop('ip_subnet') # Required - ipv6_only['subnets']['subnet01'].pop('ipv6_subnet') # Required - - error_messages_dual = network_data_v2.validate_json_schema(dual) - error_messages_dual = '\n'.join(error_messages_dual) - error_messages_ipv4 = network_data_v2.validate_json_schema(ipv4_only) - error_messages_ipv4 = '\n'.join(error_messages_ipv4) - error_messages_ipv6 = network_data_v2.validate_json_schema(ipv6_only) - error_messages_ipv6 = '\n'.join(error_messages_ipv6) - - self.assertRegex(error_messages_dual, - (r"Failed schema validation at admin_state_up:\n" - r" 'not_bool' is not of type 'boolean'\n")) - self.assertRegex(error_messages_dual, - (r"Failed schema validation at mtu:\n" - r" 400 is less than the minimum of 1000\n")) - self.assertRegex(error_messages_dual, - (r"Failed schema validation at shared:\n" - r" 'not_bool' is not of type 'boolean'\n")) - self.assertRegex(error_messages_dual, - (r"Failed schema validation at ipv6:\n" - r" 'not_bool' is not of type 'boolean'\n")) - self.assertRegex(error_messages_dual, - (r"Failed schema validation at vip:\n" - r" 'not_bool' is not of type 'boolean'\n")) - self.assertRegex(error_messages_dual, - (r"Failed schema validation at :\n" - r".*Additional properties are not allowed " - r"\('invalid_key' was unexpected\)\n")) - self.assertRegex(error_messages_dual, - (r"Failed schema validation at :\n" - r".*'name' is a required property")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/allocation_pools/items/additionalProperties: " - r"Additional properties are not allowed \('foo' was " - r"unexpected\)\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/allocation_pools/items/start/ip_address_version: " - r"2001:db8:a::1 does not appear to be an IPv4 " - r"address\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/enable_dhcp/type: 'not_a_bool' is not of type " - r"'boolean'\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/gateway_ip/ip_address_version: 2001:db8:a::1 " - r"does not appear to be an IPv4 address\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/gateway_ipv6/ip_address_version: 172.18.1.254 " - r"does not appear to be an IPv6 address\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/ip_subnet/ip_subnet_version: invalid does not " - r"appear to be an IPv4 subnet\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/ipv6_address_mode/enum: 'invalid' is not one of " - r"\['slaac', 'dhcpv6-stateful', 'dhcpv6-stateless'\]" - r"\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/ipv6_allocation_pools/items" - r"/additionalProperties: Additional properties are " - r"not allowed \('v6_invalid_key' was unexpected\)" - r"\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/ipv6_allocation_pools/items/end" - r"/ip_address_version: 172.18.1.20 does not appear " - r"to be an IPv6 address\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/ipv6_ra_mode/enum: 'invalid' is not one of " - r"\['slaac', 'dhcpv6-stateful', 'dhcpv6-stateless'\]\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/ipv6_subnet/ip_subnet_version: invalid does not " - r"appear to be an IPv6 subnet\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/network_type/enum: 'invalid' is not one of " - r"\['flat', 'vlan'\]\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/physical_network/type: {} is not of type 'string'" - r"\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/routes/items/additionalProperties: Additional " - r"properties are not allowed \('foo' was unexpected\)" - r"\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/routes/items/destination/ip_subnet_version: " - r"172.18.0.0/99 does not appear to be an IPv4 subnet" - r"\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/routes/items/nexthop/ip_address_version: " - r"172222.18.1.254 does not appear to be an IPv4 " - r"address\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/routes_ipv6/items/additionalProperties: " - r"Additional properties are not allowed \(" - r"'v6_invalid_key' was unexpected\)\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/routes_ipv6/items/destination/ip_subnet_version: " - r"2001:XXX8:X::/64 does not appear to be an IPv6 " - r"subnet\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/dual_subnet" - r"/vlan/type: 'not_an_int' is not of type 'integer'" - r"\n")) - - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/ipv6_subnet" - r"/additionalProperties: Additional properties are " - r"not allowed \(.*'routes'.* were unexpected\)\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/ipv6_subnet" - r"/additionalProperties: Additional properties are " - r"not allowed \(.*'allocation_pools'.* were " - r"unexpected\)\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/ipv6_subnet" - r"/additionalProperties: Additional properties are " - r"not allowed \(.*'ip_subnet'.* were unexpected\)\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/ipv6_subnet" - r"/additionalProperties: Additional properties are " - r"not allowed \(.*'gateway_ip'.* were unexpected\)" - r"\n")) - - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/ipv4_subnet" - r"/additionalProperties: Additional properties are " - r"not allowed \(.*'routes_ipv6'.* were unexpected\)" - r"\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/ipv4_subnet" - r"/additionalProperties: Additional properties are " - r"not allowed \(.*'ipv6_allocation_pools'.* were " - r"unexpected\)\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/ipv4_subnet" - r"/additionalProperties: Additional properties are " - r"not allowed \(.*'ipv6_subnet'.* were unexpected\)" - r"\n")) - self.assertRegex(error_messages_dual, - (r"- subnets/additionalProperties/oneOf/ipv4_subnet" - r"/additionalProperties: Additional properties are " - r"not allowed \(.*'gateway_ipv6'.* were unexpected\)" - r"\n")) - - self.assertRegex(error_messages_ipv4, - r"Failed schema validation at subnets/subnet01:\n") - self.assertRegex(error_messages_ipv4, - (r"- subnets/additionalProperties/oneOf/ipv4_subnet" - r"/required: 'ip_subnet' is a required property\n")) - self.assertRegex(error_messages_ipv4, - r"Failed schema validation at subnets/subnet02:\n") - self.assertRegex(error_messages_ipv4, - (r"- subnets/additionalProperties/oneOf/ipv4_subnet" - r"/allocation_pools/items/additionalProperties: " - r"Additional properties are not allowed \('foo' was " - r"unexpected\)\n")) - self.assertRegex(error_messages_ipv4, - (r"- subnets/additionalProperties/oneOf/ipv4_subnet" - r"/allocation_pools/items/start/ip_address_version: " - r"2001:db8:a::1 does not appear to be an IPv4 " - r"address\n")) - self.assertRegex(error_messages_ipv4, - (r"- subnets/additionalProperties/oneOf/ipv4_subnet/" - r"enable_dhcp/type: \'not_a_bool\' is not of type " - r"\'boolean\'\n")) - self.assertRegex(error_messages_ipv4, - (r"- subnets/additionalProperties/oneOf/ipv4_subnet" - r"/gateway_ip/ip_address_version: 2001:db8:a::1 does " - r"not appear to be an IPv4 address\n")) - self.assertRegex(error_messages_ipv4, - (r"- subnets/additionalProperties/oneOf/ipv4_subnet" - r"/ip_subnet/ip_subnet_version: invalid does not " - r"appear to be an IPv4 subnet\n")) - self.assertRegex(error_messages_ipv4, - (r"- subnets/additionalProperties/oneOf/ipv4_subnet" - r"/network_type/enum: 'invalid' is not one of " - r"\['flat', 'vlan'\].*")) - self.assertRegex(error_messages_ipv4, - (r"- subnets/additionalProperties/oneOf/ipv4_subnet" - r"/physical_network/type: {} is not of type 'string'" - r"\n")) - self.assertRegex(error_messages_ipv4, - (r"- subnets/additionalProperties/oneOf/ipv4_subnet" - r"/routes/items/additionalProperties: Additional " - r"properties are not allowed \('foo' was " - r"unexpected\)\n")) - self.assertRegex(error_messages_ipv4, - (r"- subnets/additionalProperties/oneOf/ipv4_subnet" - r"/routes/items/destination/ip_subnet_version: " - r"172.18.0.0/99 does not appear to be an IPv4 subnet" - r"\n")) - self.assertRegex(error_messages_ipv4, - (r"- subnets/additionalProperties/oneOf/ipv4_subnet" - r"/routes/items/nexthop/ip_address_version: " - r"172222.18.1.254 does not appear to be an IPv4 " - r"address\n")) - self.assertRegex(error_messages_ipv4, - (r"- subnets/additionalProperties/oneOf/ipv4_subnet" - r"/vlan/type: 'not_an_int' is not of type 'integer'" - r"\n")) - - self.assertRegex(error_messages_ipv6, - (r"- subnets/additionalProperties/oneOf/ipv6_subnet" - r"/enable_dhcp/type: 'not_a_bool' is not of type " - r"'boolean'\n")) - self.assertRegex(error_messages_ipv6, - (r"- subnets/additionalProperties/oneOf/ipv6_subnet" - r"/gateway_ipv6/ip_address_version: 172.18.1.254 " - r"does not appear to be an IPv6 address\n")) - self.assertRegex(error_messages_ipv6, - (r"- subnets/additionalProperties/oneOf/ipv6_subnet" - r"/ipv6_address_mode/enum: 'invalid' is not one of " - r"\['slaac', 'dhcpv6-stateful', 'dhcpv6-stateless'\]" - r"\n")) - self.assertRegex(error_messages_ipv6, - (r"- subnets/additionalProperties/oneOf/ipv6_subnet" - r"/ipv6_allocation_pools/items" - r"/additionalProperties: Additional properties are " - r"not allowed \('v6_invalid_key' was unexpected\)" - r"\n")) - self.assertRegex(error_messages_ipv6, - (r"- subnets/additionalProperties/oneOf/ipv6_subnet" - r"/ipv6_allocation_pools/items/end" - r"/ip_address_version: 172.18.1.20 does not appear " - r"to be an IPv6 address\n")) - self.assertRegex(error_messages_ipv6, - (r"- subnets/additionalProperties/oneOf/ipv6_subnet" - r"/ipv6_subnet/ip_subnet_version: invalid does not " - r"appear to be an IPv6 subnet\n")) - self.assertRegex(error_messages_ipv6, - (r"- subnets/additionalProperties/oneOf/ipv6_subnet" - r"/network_type/enum: 'invalid' is not one of " - r"\['flat', 'vlan'\]\n")) - self.assertRegex(error_messages_ipv6, - (r"- subnets/additionalProperties/oneOf/ipv6_subnet" - r"/physical_network/type: {} is not of type 'string'" - r"\n")) - self.assertRegex(error_messages_ipv6, - (r"- subnets/additionalProperties/oneOf/ipv6_subnet" - r"/routes_ipv6/items/additionalProperties: " - r"Additional properties are not allowed " - r"\('v6_invalid_key' was unexpected\)\n")) - self.assertRegex(error_messages_ipv6, - (r"- subnets/additionalProperties/oneOf/ipv6_subnet" - r"/routes_ipv6/items/destination/ip_subnet_version: " - r"2001:XXX8:X::/64 does not appear to be an IPv6 " - r"subnet\n")) - self.assertRegex(error_messages_ipv6, - (r"- subnets/additionalProperties/oneOf/ipv6_subnet" - r"/vlan/type: 'not_an_int' is not of type 'integer'" - r"\n")) - - def test_tripleo_resource_tags_to_dict(self): - tags = ['foo=bar', 'baz=qux', 'tripleo_foo=bar', 'tripleo_baz=qux', - 'tripleo_net_idx=3'] - expected = {'tripleo_foo': 'bar', 'tripleo_baz': 'qux', - 'tripleo_net_idx': 3} - result = network_data_v2.tags_to_dict(tags) - self.assertEqual(expected, result) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_create_name_id_maps(self, conn_mock): - subnet1 = stubs.FakeNeutronSubnet(id='subnet1_id', - name='subnet1', - cidr='192.168.24.0/24') - subnet2 = stubs.FakeNeutronSubnet(id='subnet2_id', - name='subnet2', - cidr='192.168.25.0/25') - subnet3 = stubs.FakeNeutronSubnet(id='subnet3_id', - name='subnet3', - cidr='192.168.26.0/26') - subnet4 = stubs.FakeNeutronSubnet(id='subnet4_id', - name='subnet4', - cidr='192.168.27.0/27') - network1 = stubs.FakeNeutronNetwork( - id='network1_id', - name='network1', - subnet_ids=['subnet1_id', 'subnet2_id'], - tags=['tripleo_network_name=Network1'] - ) - network2 = stubs.FakeNeutronNetwork( - id='network2_id', - name='network2', - subnet_ids=['subnet3_id', 'subnet4_id'], - tags=['tripleo_network_name=Network2'] - ) - conn_mock.network.networks.return_value = self.a2g([network1, - network2]) - conn_mock.network.subnets.side_effect = [self.a2g([subnet1, subnet2]), - self.a2g([subnet3, subnet4])] - net_maps = network_data_v2.create_name_id_maps(conn_mock) - expected_by_name_map = { - 'network1': { - 'id': 'network1_id', - 'name_upper': 'Network1', - 'subnets': { - 'subnet1': 'subnet1_id', - 'subnet2': 'subnet2_id' - } - }, - 'network2': { - 'id': 'network2_id', - 'name_upper': 'Network2', - 'subnets': { - 'subnet3': 'subnet3_id', - 'subnet4': 'subnet4_id' - } - } - } - expected_by_id_map = { - 'network1_id': 'network1', - 'network2_id': 'network2', - } - expected_cidr_prefix_map = { - 'subnet1_id': '24', - 'subnet2_id': '25', - 'subnet3_id': '26', - 'subnet4_id': '27', - } - self.assertEqual(expected_by_name_map, net_maps['by_name']) - self.assertEqual(expected_by_id_map, net_maps['by_id']) - self.assertEqual(expected_cidr_prefix_map, net_maps['cidr_prefix_map']) diff --git a/tripleo_ansible/tests/modules/test_network_populate_environment.py b/tripleo_ansible/tests/modules/test_network_populate_environment.py deleted file mode 100644 index 92018234a..000000000 --- a/tripleo_ansible/tests/modules/test_network_populate_environment.py +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import mock -import openstack - -from tripleo_ansible.ansible_plugins.modules import ( - tripleo_network_populate_environment as plugin) -from tripleo_ansible.tests import base as tests_base -from tripleo_ansible.tests import stubs - - -class TestNetworkPopulateEnvironment(tests_base.TestCase): - - def test_get_net_ip_version(self): - net_data = {} - subnets = [stubs.FakeNeutronSubnet(ip_version=4), - stubs.FakeNeutronSubnet(ip_version=4)] - self.assertEqual(4, plugin.get_net_ip_version(subnets, net_data)) - subnets = [stubs.FakeNeutronSubnet(ip_version=6), - stubs.FakeNeutronSubnet(ip_version=6)] - self.assertEqual(6, plugin.get_net_ip_version(subnets, net_data)) - subnets = [stubs.FakeNeutronSubnet(ip_version=4), - stubs.FakeNeutronSubnet(ip_version=6)] - self.assertEqual(4, plugin.get_net_ip_version(subnets, net_data)) - net_data = {'ipv6': True} - self.assertEqual(6, plugin.get_net_ip_version(subnets, net_data)) - - def test_get_net_cidrs(self): - subnets = [ - stubs.FakeNeutronSubnet(cidr='192.168.24.0/24', ip_version=4), - stubs.FakeNeutronSubnet(cidr='192.168.25.0/24', ip_version=4), - stubs.FakeNeutronSubnet(cidr='2001:db8:a::/64', ip_version=6), - stubs.FakeNeutronSubnet(cidr='2001:db8:b::/64', ip_version=6)] - self.assertEqual(['192.168.24.0/24', '192.168.25.0/24'], - plugin.get_net_cidrs(subnets, 4)) - self.assertEqual(['2001:db8:a::/64', '2001:db8:b::/64'], - plugin.get_net_cidrs(subnets, 6)) - - def test_get_network_attrs(self): - expected = {'name': 'net_name', - 'mtu': 1500, - 'dns_domain': 'netname.localdomain.', - 'tags': ['tripleo_vlan_id=100']} - fake_network = stubs.FakeNeutronNetwork( - id='net_id', name='net_name', mtu=1500, - dns_domain='netname.localdomain.', tags=['tripleo_vlan_id=100']) - self.assertEqual(expected, plugin.get_network_attrs(fake_network)) - - def test_get_subnet_attrs(self): - fake_subnet = stubs.FakeNeutronSubnet( - name='subnet_name', cidr='192.168.24.0/24', - gateway_ip='192.168.24.1', host_routes=[], - dns_nameservers=['192.168.24.254', '192.168.24.253'], - ip_version=4, tags=['tripleo_vlan_id=1']) - expected = {'name': 'subnet_name', - 'cidr': '192.168.24.0/24', - 'gateway_ip': '192.168.24.1', - 'host_routes': [], - 'dns_nameservers': ['192.168.24.254', '192.168.24.253'], - 'ip_version': 4, 'tags': ['tripleo_vlan_id=1']} - name, attrs = plugin.get_subnet_attrs(fake_subnet) - self.assertEqual('subnet_name', name) - self.assertEqual(expected, attrs) - - def test_get_subnets_attrs(self): - fake_subnets = [ - stubs.FakeNeutronSubnet( - name='subnet01', cidr='192.168.24.0/24', - gateway_ip='192.168.24.1', - host_routes=[{'destination': '192.168.24.0/24', - 'nexthop': '192.168.25.1'}], - dns_nameservers=['192.168.24.254', '192.168.24.253'], - ip_version=4, tags=['tripleo_vlan_id=24']), - stubs.FakeNeutronSubnet( - name='subnet02', cidr='192.168.25.0/24', - gateway_ip='192.168.25.1', - host_routes=[{'destination': '192.168.24.0/24', - 'nexthop': '192.168.25.1'}], - dns_nameservers=['192.168.25.254', '192.168.25.253'], - ip_version=4, tags=['tripleo_vlan_id=25']) - ] - expected = { - 'subnet01': {'name': 'subnet01', - 'cidr': '192.168.24.0/24', - 'gateway_ip': '192.168.24.1', - 'host_routes': [{'destination': '192.168.24.0/24', - 'nexthop': '192.168.25.1'}], - 'dns_nameservers': ['192.168.24.254', - '192.168.24.253'], - 'ip_version': 4, 'tags': ['tripleo_vlan_id=24']}, - 'subnet02': {'name': 'subnet02', - 'cidr': '192.168.25.0/24', - 'gateway_ip': '192.168.25.1', - 'host_routes': [{'destination': '192.168.24.0/24', - 'nexthop': '192.168.25.1'}], - 'dns_nameservers': ['192.168.25.254', - '192.168.25.253'], - 'ip_version': 4, 'tags': ['tripleo_vlan_id=25']} - } - self.assertEqual(expected, plugin.get_subnets_attrs(fake_subnets)) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_set_composable_network_attrs(self, mock_conn): - module = mock.Mock() - net_data = {'name': 'NetName'} - fake_network = stubs.FakeNeutronNetwork( - id='net_id', name='netname', mtu=1500, - dns_domain='netname.localdomain.', tags=['tripleo_vlan_id=100'], - subnet_ids=['subnet01_id', 'subnet02_id']) - fake_subnets = [ - stubs.FakeNeutronSubnet( - name='subnet01', cidr='192.168.24.0/24', - gateway_ip='192.168.24.1', - host_routes=[{'destination': '192.168.24.0/24', - 'nexthop': '192.168.25.1'}], - dns_nameservers=['192.168.24.254', '192.168.24.253'], - ip_version=4, tags=['tripleo_vlan_id=24']), - stubs.FakeNeutronSubnet( - name='subnet02', cidr='192.168.25.0/24', - gateway_ip='192.168.25.1', - host_routes=[{'destination': '192.168.24.0/24', - 'nexthop': '192.168.25.1'}], - dns_nameservers=['192.168.25.254', '192.168.25.253'], - ip_version=4, tags=['tripleo_vlan_id=25'])] - mock_conn.network.find_network.return_value = fake_network - mock_conn.network.get_subnet.side_effect = fake_subnets - attrs = dict() - cidr_map = dict() - ip_version_map = dict() - plugin.set_composable_network_attrs( - module, mock_conn, net_data['name'].lower(), net_data, - attrs=attrs, cidr_map=cidr_map, ip_version_map=ip_version_map) - mock_conn.network.find_network.assert_called_with( - net_data['name'].lower()) - mock_conn.network.get_subnet.assert_has_calls( - [mock.call('subnet01_id'), mock.call('subnet02_id')]) - self.assertEqual( - {'network': {'dns_domain': 'netname.localdomain.', 'mtu': 1500, - 'name': 'netname', 'tags': ['tripleo_vlan_id=100']}, - 'subnets': {'subnet01': {'name': 'subnet01', - 'cidr': '192.168.24.0/24', - 'gateway_ip': '192.168.24.1', - 'host_routes': [{ - 'destination': '192.168.24.0/24', - 'nexthop': '192.168.25.1'}], - 'dns_nameservers': ['192.168.24.254', - '192.168.24.253'], - 'ip_version': 4, - 'tags': ['tripleo_vlan_id=24']}, - 'subnet02': {'name': 'subnet02', - 'cidr': '192.168.25.0/24', - 'gateway_ip': '192.168.25.1', - 'host_routes': [{ - 'destination': '192.168.24.0/24', - 'nexthop': '192.168.25.1'}], - 'dns_nameservers': ['192.168.25.254', - '192.168.25.253'], - 'ip_version': 4, - 'tags': ['tripleo_vlan_id=25']}}}, attrs) - self.assertEqual({'netname': 4}, ip_version_map) - self.assertEqual({'netname': ['192.168.24.0/24', '192.168.25.0/24']}, - cidr_map) diff --git a/tripleo_ansible/tests/modules/test_os_tripleo_baremetal_node_introspection.py b/tripleo_ansible/tests/modules/test_os_tripleo_baremetal_node_introspection.py deleted file mode 100644 index a19bb92fe..000000000 --- a/tripleo_ansible/tests/modules/test_os_tripleo_baremetal_node_introspection.py +++ /dev/null @@ -1,218 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import mock - -from tripleo_ansible.ansible_plugins.modules import ( - os_tripleo_baremetal_node_introspection as module) -from tripleo_ansible.tests import base as tests_base - - -class TestIntrospect(tests_base.TestCase): - - def setUp(self): - super(TestIntrospect, self).setUp() - c = mock.Mock() - self.cloud = c - self.node = mock.Mock( - uuid='1234abcd', - power_state='power on', - provision_state='manageable', - last_error=None, - ) - c.baremetal.get_node.return_value = self.node - c.baremetal.set_node_provision_state.return_value = self.node - c.baremetal.wait_for_node_reservation.return_value = self.node - c.baremetal_introspection.get_introspection_data.return_value = { - 'foo': 'bar' - } - - @mock.patch.object(module, 'prepare_for_attempt') - def test_introspect_node(self, mock_pfa): - mock_pfa.return_value = self.node - c = self.cloud - - result = module.introspect_node( - c, '1234abcd', 1200, 120, 3, True) - self.assertEqual({ - 'status': {'foo': 'bar'}, - 'failed': False, - 'error': None}, - result) - - mock_pfa.assert_called_once_with(c, self.node, 1200, 120) - c.baremetal.set_node_provision_state.assert_called_once_with( - self.node, 'inspect', wait=True, timeout=1200 - ) - c.baremetal.set_node_power_state.assert_called_once_with( - self.node, 'power off', wait=True, timeout=1200 - ) - c.baremetal_introspection.get_introspection_data.assert_called_once_with( - '1234abcd' - ) - - @mock.patch.object(module, 'prepare_for_attempt') - def test_introspect_node_retries(self, mock_pfa): - mock_pfa.return_value = self.node - c = self.cloud - ouch = Exception('ouch') - c.baremetal.set_node_provision_state.side_effect = [ - ouch, - ouch, - ouch, - self.node - ] - - result = module.introspect_node( - c, '1234abcd', 1200, 120, 3, fetch_data=False) - self.assertEqual({ - 'status': '', - 'failed': False, - 'error': None}, - result) - - mock_pfa.assert_has_calls([ - mock.call(c, self.node, 1200, 120), - mock.call(c, self.node, 1200, 120), - mock.call(c, self.node, 1200, 120), - mock.call(c, self.node, 1200, 120) - ]) - c.baremetal.set_node_provision_state.assert_has_calls([ - mock.call(self.node, 'inspect', wait=True, timeout=1200), - mock.call(self.node, 'inspect', wait=True, timeout=1200), - mock.call(self.node, 'inspect', wait=True, timeout=1200), - mock.call(self.node, 'inspect', wait=True, timeout=1200), - ]) - c.baremetal.set_node_power_state.assert_called_once_with( - self.node, 'power off', wait=True, timeout=1200 - ) - # fetch_data is False - c.baremetal_introspection.get_introspection_data.assert_not_called() - - @mock.patch.object(module, 'prepare_for_attempt') - def test_introspect_node_retries_failed(self, mock_pfa): - mock_pfa.return_value = self.node - c = self.cloud - ouch = Exception('ouch') - c.baremetal.set_node_provision_state.side_effect = [ - ouch, - ouch, - ouch, - ouch, - ] - - result = module.introspect_node( - c, '1234abcd', 1200, 120, 3, True) - self.assertEqual({ - 'error': 'Error for introspection node 1234abcd on attempt 4: None ', - 'failed': True, - 'status': 'manageable'}, result) - - mock_pfa.assert_has_calls([ - mock.call(c, self.node, 1200, 120), - mock.call(c, self.node, 1200, 120), - mock.call(c, self.node, 1200, 120), - mock.call(c, self.node, 1200, 120), - ]) - c.baremetal.set_node_provision_state.assert_has_calls([ - mock.call(self.node, 'inspect', wait=True, timeout=1200), - mock.call(self.node, 'inspect', wait=True, timeout=1200), - mock.call(self.node, 'inspect', wait=True, timeout=1200), - mock.call(self.node, 'inspect', wait=True, timeout=1200), - ]) - c.baremetal.set_node_power_state.assert_not_called() - c.baremetal_introspection.get_introspection_data.assert_not_called() - - def test_prepare_for_attempt_noop(self): - c = self.cloud - self.node.provision_state = 'manageable' - self.node.power_state = 'power off' - self.node.reservation = None - - node = module.prepare_for_attempt(c, self.node, 1200, 120) - - self.assertEqual(node, self.node) - c.baremetal.set_node_provision_state.assert_not_called() - c.baremetal.set_node_power_state.assert_not_called() - c.baremetal.wait_for_node_reservation.assert_not_called() - - def test_prepare_for_attempt_not_manageable(self): - c = self.cloud - self.node.provision_state = 'inspect wait' - self.node.power_state = 'power off' - self.node.reservation = None - - node = module.prepare_for_attempt(c, self.node, 1200, 120) - - self.assertEqual(node, self.node) - c.baremetal.set_node_provision_state.assert_called_once_with( - self.node, 'abort', wait=True, timeout=1200 - ) - c.baremetal.set_node_power_state.assert_not_called() - c.baremetal.wait_for_node_reservation.assert_not_called() - - def test_prepare_for_attempt_powered_on(self): - c = self.cloud - self.node.provision_state = 'manageable' - self.node.power_state = 'power on' - self.node.reservation = None - - node = module.prepare_for_attempt(c, self.node, 1200, 120) - - self.assertEqual(node, self.node) - c.baremetal.set_node_provision_state.assert_not_called() - c.baremetal.set_node_power_state.assert_called_once_with( - self.node, 'power off', wait=True, timeout=1200 - ) - c.baremetal.wait_for_node_reservation.assert_not_called() - - def test_prepare_for_attempt_reserved(self): - c = self.cloud - self.node.provision_state = 'manageable' - self.node.power_state = 'power off' - self.node.reservation = 'conductor1' - - node = module.prepare_for_attempt(c, self.node, 1200, 120) - - self.assertEqual(node, self.node) - c.baremetal.set_node_provision_state.assert_not_called() - c.baremetal.set_node_power_state.assert_not_called() - c.baremetal.wait_for_node_reservation.assert_called_once_with( - self.node, timeout=120 - ) - - def test_prepare_for_attempt_everything_failed(self): - c = self.cloud - ouch = Exception('ouch') - c.baremetal.set_node_provision_state.side_effect = ouch - c.baremetal.set_node_power_state.side_effect = ouch - c.baremetal.wait_for_node_reservation.side_effect = ouch - - self.node.provision_state = 'inspect wait' - self.node.power_state = 'power on' - self.node.reservation = 'conductor1' - - node = module.prepare_for_attempt(c, self.node, 1200, 120) - - self.assertEqual(node, self.node) - c.baremetal.set_node_provision_state.assert_called_once_with( - self.node, 'abort', wait=True, timeout=1200 - ) - c.baremetal.set_node_power_state.assert_called_once_with( - self.node, 'power off', wait=True, timeout=1200 - ) - c.baremetal.wait_for_node_reservation.assert_called_once_with( - self.node, timeout=120 - ) diff --git a/tripleo_ansible/tests/modules/test_tripleo_composable_network.py b/tripleo_ansible/tests/modules/test_tripleo_composable_network.py deleted file mode 100644 index 5cd372630..000000000 --- a/tripleo_ansible/tests/modules/test_tripleo_composable_network.py +++ /dev/null @@ -1,627 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import mock -import openstack - -from tripleo_ansible.ansible_plugins.modules import ( - tripleo_composable_network as plugin) -from tripleo_ansible.tests import base as tests_base -from tripleo_ansible.tests import stubs - - -class TestTripleoComposableNetwork(tests_base.TestCase): - - def test_build_network_tag_field(self): - idx = 3 - net_data = {'name': 'foo', - 'service_net_map_replace': 'replacement', - 'vip': True} - expected = ['tripleo_network_name=foo', - 'tripleo_net_idx=3', - 'tripleo_service_net_map_replace=replacement', - 'tripleo_vip=true'] - result = plugin.build_network_tag_field(net_data, idx) - self.assertEqual(expected, result) - - idx = 1 - net_data = {'name': 'foo'} - expected = ['tripleo_network_name=foo', - 'tripleo_net_idx=1'] - result = plugin.build_network_tag_field(net_data, idx) - self.assertEqual(expected, result) - - def test_build_subnet_tag_field(self): - # Default VLAN id 1 - subnet_data = {} - expected = ["tripleo_vlan_id=1"] - result = plugin.build_subnet_tag_field(subnet_data) - self.assertEqual(expected, result) - - subnet_data = {'vlan': 100} - expected = ["tripleo_vlan_id=100"] - result = plugin.build_subnet_tag_field(subnet_data) - self.assertEqual(expected, result) - - def test_create_net_spec(self): - idx = 3 - net_data = {'name': 'NetName'} - overcloud_domain_name = 'example.com.' - expected = { - 'admin_state_up': plugin.DEFAULT_ADMIN_STATE, - 'dns_domain': '.'.join(['netname', overcloud_domain_name]), - 'mtu': plugin.DEFAULT_MTU, - 'name': 'netname', - 'shared': plugin.DEFAULT_SHARED, - 'provider:physical_network': 'netname', - 'provider:network_type': plugin.DEFAULT_NETWORK_TYPE, - 'tags': ['tripleo_network_name=NetName', - 'tripleo_net_idx=3'], - } - - result = plugin.create_net_spec(net_data, overcloud_domain_name, idx) - self.assertEqual(expected, result) - - def test_validate_network_update(self): - net_spec = { - 'admin_state_up': True, - 'dns_domain': 'netname.localdomain', - 'mtu': 1450, - 'name': 'new_name', - 'shared': True, - 'provider:physical_network': 'NEWNAME', - 'provider:network_type': 'vlan', - 'provider:segmentation_id': 101 - } - fake_network = stubs.FakeNeutronNetwork(**{ - 'is_admin_state_up': False, - 'mtu': 1500, - 'is_shared': False, - 'provider:network_type': 'flat', - 'provider:physical_network': 'netname', - 'provider:segmentation_id': 100, - 'dns_domain': 'netname.localdomain', - 'name': 'netname'}) - module = mock.Mock() - module.fail_json = mock.Mock() - result = plugin.validate_network_update(module, fake_network, net_spec) - module.fail_json.assert_has_calls([ - mock.call(msg=('Cannot update provider:network_type in existing ' - 'network')), - mock.call(msg=('Cannot update provider:physical_network in ' - 'existing network')) - ]) - expected = {'mtu': 1450, - 'shared': True, - 'admin_state_up': True, - 'name': 'new_name', - 'provider:segmentation_id': 101} - self.assertEqual(expected, result) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_create_network(self, mock_conn): - mock_module = mock.Mock() - net_spec = { - 'admin_state_up': plugin.DEFAULT_ADMIN_STATE, - 'dns_domain': '.'.join(['netname', plugin.DEFAULT_DOMAIN]), - 'mtu': plugin.DEFAULT_MTU, - 'name': 'netname', - 'shared': plugin.DEFAULT_SHARED, - 'provider:physical_network': 'netname', - 'provider:network_type': plugin.DEFAULT_NETWORK_TYPE, - 'tags': ['tripleo_foo=bar'], - } - fake_network = stubs.FakeNeutronNetwork( - id='foo', - name='netname', - is_shared=False, - dns_domain='.'.join(['netname', plugin.DEFAULT_DOMAIN]), - mtu=plugin.DEFAULT_MTU, - is_admin_state_up=plugin.DEFAULT_ADMIN_STATE, - physical_network='netname', - network_type=plugin.DEFAULT_NETWORK_TYPE, - tags=[], - ) - mock_conn.network.find_network.return_value = None - mock_conn.network.create_network.return_value = fake_network - changed, network = plugin.create_or_update_network( - mock_conn, mock_module, net_spec) - mock_conn.network.create_network.assert_called_once_with(**net_spec) - mock_conn.network.set_tags.assert_called_once_with( - network, ['tripleo_foo=bar']) - self.assertEqual(True, changed) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_update_network(self, mock_conn): - mock_module = mock.Mock() - net_spec = { - 'admin_state_up': plugin.DEFAULT_ADMIN_STATE, - 'dns_domain': '.'.join(['netname', plugin.DEFAULT_DOMAIN]), - 'mtu': plugin.DEFAULT_MTU, - 'name': 'new_name', - 'shared': plugin.DEFAULT_SHARED, - 'provider:physical_network': 'netname', - 'provider:network_type': plugin.DEFAULT_NETWORK_TYPE, - 'tags': ['tripleo_foo=bar'], - } - fake_network = stubs.FakeNeutronNetwork( - id='foo', - name='netname', - is_shared=False, - dns_domain='.'.join(['netname', plugin.DEFAULT_DOMAIN]), - mtu=plugin.DEFAULT_MTU, - is_admin_state_up=plugin.DEFAULT_ADMIN_STATE, - physical_network='netname', - network_type=plugin.DEFAULT_NETWORK_TYPE, - tags=[], - ) - mock_conn.network.find_network.return_value = fake_network - changed, network = plugin.create_or_update_network( - mock_conn, mock_module, net_spec) - mock_conn.network.update_network.assert_called_once_with( - 'foo', **{'name': 'new_name'}) - mock_conn.network.set_tags.assert_called_once_with( - network, ['tripleo_foo=bar']) - self.assertEqual(True, changed) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_update_network_no_change(self, mock_conn): - mock_module = mock.Mock() - net_spec = { - 'admin_state_up': plugin.DEFAULT_ADMIN_STATE, - 'dns_domain': '.'.join(['netname', plugin.DEFAULT_DOMAIN]), - 'mtu': plugin.DEFAULT_MTU, - 'name': 'netname', - 'shared': plugin.DEFAULT_SHARED, - 'provider:physical_network': 'netname', - 'provider:network_type': plugin.DEFAULT_NETWORK_TYPE, - 'tags': ['tripleo_foo=bar'], - } - fake_network = stubs.FakeNeutronNetwork( - id='foo', - name='netname', - is_shared=False, - dns_domain='.'.join(['netname', plugin.DEFAULT_DOMAIN]), - mtu=plugin.DEFAULT_MTU, - is_admin_state_up=plugin.DEFAULT_ADMIN_STATE, - physical_network='netname', - network_type=plugin.DEFAULT_NETWORK_TYPE, - tags=['tripleo_foo=bar'], - ) - mock_conn.network.find_network.return_value = fake_network - changed, network = plugin.create_or_update_network( - mock_conn, mock_module, net_spec) - mock_conn.network.create_network.assert_not_called() - mock_conn.network.update_network.assert_not_called() - mock_conn.network.set_tags.assert_not_called() - self.assertEqual(False, changed) - - def test_create_segment_spec(self): - net_id = 'net_id' - net_name = 'net_name' - subnet_name = 'subnet_name' - expected = {'network_id': 'net_id', 'name': 'net_name_subnet_name', - 'physical_network': 'net_name_subnet_name', - 'network_type': plugin.DEFAULT_NETWORK_TYPE} - result = plugin.create_segment_spec(net_id, net_name, subnet_name) - self.assertEqual(expected, result) - - def test_validate_segment_update(self): - segmnet_spec = { - 'network_id': 'new_net_id', - 'physical_network': 'new_physical_network', - 'name': 'new_name', - 'network_type': 'vlan', - } - fake_segment = stubs.FakeNeutronSegment( - name='net_name_subnet_name', - network_id='net_id', - network_type=plugin.DEFAULT_NETWORK_TYPE, - physical_network='net_name_subnet_name' - ) - - module = mock.Mock() - module.fail_json = mock.Mock() - result = plugin.validate_segment_update( - module, fake_segment, segmnet_spec) - module.fail_json.assert_has_calls([ - mock.call(msg='Cannot update network_id in existing segment'), - mock.call(msg='Cannot update network_type in existing segment'), - mock.call(msg='Cannot update physical_network in existing segment') - ]) - expected = {'name': 'new_name'} - self.assertEqual(expected, result) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_create_segment(self, mock_conn): - mock_module = mock.Mock() - segment_spec = {'network_id': 'net_id', 'name': 'net_name_subnet_name', - 'physical_network': 'net_name_subnet_name', - 'network_type': plugin.DEFAULT_NETWORK_TYPE} - mock_conn.network.find_segment.return_value = None - changed, segment = plugin.create_or_update_segment( - mock_conn, mock_module, segment_spec) - mock_conn.network.create_segment.assert_called_once_with( - **segment_spec) - self.assertEqual(True, changed) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_update_segment(self, mock_conn): - mock_module = mock.Mock() - segment_spec = {'network_id': 'net_id', - 'physical_network': 'net_name_subnet_name', - 'name': 'NEW_NAME', - 'network_type': plugin.DEFAULT_NETWORK_TYPE} - fake_segment = stubs.FakeNeutronSegment( - id='foo', name='net_name_subnet_name', network_id='net_id', - network_type=plugin.DEFAULT_NETWORK_TYPE, - physical_network='net_name_subnet_name') - mock_conn.network.find_segment.return_value = fake_segment - changed, segment = plugin.create_or_update_segment( - mock_conn, mock_module, segment_spec, segment_id='foo') - mock_conn.network.find_segment.assert_called_once_with('foo') - mock_conn.network.update_segment.assert_called_once_with( - fake_segment.id, **{'name': 'NEW_NAME'}) - self.assertEqual(True, changed) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_update_segment_no_change(self, mock_conn): - mock_module = mock.Mock() - segment_spec = {'network_id': 'net_id', - 'physical_network': 'net_name_subnet_name', - 'name': 'net_name_subnet_name', - 'network_type': plugin.DEFAULT_NETWORK_TYPE} - fake_segment = stubs.FakeNeutronSegment( - id='foo', name='net_name_subnet_name', network_id='net_id', - network_type=plugin.DEFAULT_NETWORK_TYPE, - physical_network='net_name_subnet_name') - mock_conn.network.find_segment.return_value = fake_segment - changed, segment = plugin.create_or_update_segment( - mock_conn, mock_module, segment_spec) - mock_conn.network.find_segment.assert_called_once_with( - 'net_name_subnet_name', network_id='net_id') - mock_conn.network.create_segment.assert_not_called() - mock_conn.network.update_segment.assert_not_called() - self.assertEqual(False, changed) - - def test_create_subnet_spec_ipv4(self): - net_id = 'net_id' - name = 'subnet0' - subnet_data = { - 'ip_subnet': '192.168.24.0/24', - 'gateway_ip': '192.168.24.1', - 'allocation_pools': [ - {'start': '192.168.24.100', 'end': '192.168.24.200'} - ], - 'routes': [ - {'destination': '192.168.25.0/24', 'nexthop': '192.168.24.1'} - ], - 'vlan': 100, - } - expected = { - 'ip_version': 4, - 'name': name, - 'network_id': net_id, - 'enable_dhcp': False, - 'gateway_ip': '192.168.24.1', - 'cidr': '192.168.24.0/24', - 'allocation_pools': [ - {'start': '192.168.24.100', 'end': '192.168.24.200'} - ], - 'host_routes': [ - {'destination': '192.168.25.0/24', 'nexthop': '192.168.24.1'} - ], - 'tags': ['tripleo_vlan_id=100'], - } - subnet_v4_spec, subnet_v6_spec = plugin.create_subnet_spec( - net_id, name, subnet_data) - self.assertEqual(expected, subnet_v4_spec) - self.assertEqual(None, subnet_v6_spec) - - def test_create_subnet_spec_ipv6(self): - net_id = 'net_id' - name = 'subnet0' - subnet_data = { - 'ipv6_subnet': '2001:db8:a::/64', - 'gateway_ipv6': '2001:db8:a::1', - 'vlan': 100, - } - expected = { - 'ip_version': 6, - 'name': name, - 'network_id': net_id, - 'enable_dhcp': False, - 'gateway_ip': '2001:db8:a::1', - 'cidr': '2001:db8:a::/64', - 'allocation_pools': [], - 'host_routes': [], - 'tags': ['tripleo_vlan_id=100'], - } - subnet_v4_spec, subnet_v6_spec = plugin.create_subnet_spec( - net_id, name, subnet_data, True) - self.assertEqual(None, subnet_v4_spec) - self.assertEqual(expected, subnet_v6_spec) - - def test_create_subnet_spec_both_ipv4_ipv6(self): - net_id = 'net_id' - name = 'subnet0' - subnet_data = { - 'ip_subnet': '192.168.24.0/24', - 'gateway_ip': '192.168.24.1', - 'allocation_pools': [ - {'start': '192.168.24.100', 'end': '192.168.24.200'}], - 'routes': [ - {'destination': '192.168.25.0/24', 'nexthop': '192.168.24.1'}], - 'ipv6_subnet': '2001:db8:a::/64', - 'gateway_ipv6': '2001:db8:a::1', - 'ipv6_allocation_pools': [ - {'start': '2001:db8:a::0010', 'end': '2001:db8:a::fff9'} - ], - 'routes_ipv6': [ - {'destination': '2001:db8:b::/64', 'nexthop': '2001:db8:a::1'} - ], - 'vlan': 100, - } - expected_ipv4 = { - 'ip_version': 4, - 'name': name, - 'network_id': net_id, - 'enable_dhcp': False, - 'gateway_ip': '192.168.24.1', - 'cidr': '192.168.24.0/24', - 'allocation_pools': [ - {'start': '192.168.24.100', 'end': '192.168.24.200'} - ], - 'host_routes': [ - {'destination': '192.168.25.0/24', 'nexthop': '192.168.24.1'} - ], - 'tags': ['tripleo_vlan_id=100'], - } - expected_ipv6 = { - 'ip_version': 6, - 'name': name, - 'network_id': net_id, - 'enable_dhcp': False, - 'gateway_ip': '2001:db8:a::1', - 'cidr': '2001:db8:a::/64', - 'allocation_pools': [ - {'start': '2001:db8:a::0010', 'end': '2001:db8:a::fff9'} - ], - 'host_routes': [ - {'destination': '2001:db8:b::/64', 'nexthop': '2001:db8:a::1'} - ], - 'tags': ['tripleo_vlan_id=100'], - } - subnet_v4_spec, subnet_v6_spec = plugin.create_subnet_spec( - net_id, name, subnet_data) - self.assertEqual(expected_ipv4, subnet_v4_spec) - self.assertEqual(None, subnet_v6_spec) - subnet_v4_spec, subnet_v6_spec = plugin.create_subnet_spec( - net_id, name, subnet_data, True) - self.assertEqual(None, subnet_v4_spec) - self.assertEqual(expected_ipv6, subnet_v6_spec) - - def test_validate_subnet_update(self): - module = mock.Mock() - module.fail = mock.Mock() - subnet_spec = { - 'ip_version': 6, - 'network_id': 'new_net_id', - 'cidr': '192.168.24.0/25', - 'segment_id': 'new_segment_id', - 'name': 'new_name', - 'enable_dhcp': True, - 'ipv6_address_mode': 'slaac', - 'ipv6_ra_mode': 'slaac', - 'gateway_ip': '192.168.24.254', - 'allocation_pools': [{'start': '192.168.24.100', 'end': '200'}], - 'host_routes': [ - {'destination': '192.168.25.0/24', 'nexthop': '192.168.24.254'} - ], - } - fake_subnet = stubs.FakeNeutronSubnet( - id='foo', - name='subnet01', - cidr='192.168.24.0/24', - gateway_ip='192.168.24.1', - allocation_pools=[{'start': '192.168.24.50', 'end': '99'}], - host_routes={'destination': '192.168.25.0/24', - 'nexthop': '192.168.24.1'}, - ip_version=4, - network_id='net_id', - segment_id='segment_id', - is_dhcp_enabled=False, - - ) - result = plugin.validate_subnet_update( - module, fake_subnet, subnet_spec) - module.fail_json.assert_has_calls([ - mock.call(msg='Cannot update ip_version in existing subnet'), - mock.call(msg='Cannot update network_id in existing subnet'), - mock.call(msg='Cannot update cidr in existing subnet'), - mock.call( - msg='Cannot update segment_id in existing subnet, Current ' - 'segment_id: {} Update segment_id: {}'.format( - 'segment_id', 'new_segment_id') - ), - ]) - expected_spec = { - 'name': 'new_name', - 'enable_dhcp': True, - 'ipv6_address_mode': 'slaac', - 'ipv6_ra_mode': 'slaac', - 'gateway_ip': '192.168.24.254', - 'allocation_pools': [{'start': '192.168.24.100', 'end': '200'}], - 'host_routes': [ - {'destination': '192.168.25.0/24', 'nexthop': '192.168.24.254'} - ], - } - self.assertEqual(expected_spec, result) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_create_subnet(self, mock_conn): - mock_module = mock.Mock() - subnet_spec = { - 'ip_version': 4, - 'name': 'subnet_name', - 'network_id': 'net_id', - 'enable_dhcp': False, - 'gateway_ip': '192.168.24.1', - 'cidr': '192.168.24.0/24', - 'allocation_pools': [ - {'start': '192.168.24.100', 'end': '192.168.24.200'} - ], - 'host_routes': [ - {'destination': '192.168.25.0/24', 'nexthop': '192.168.24.1'} - ], - 'tags': ['tripleo_vlan_id=100'], - } - mock_conn.network.find_subnet.return_value = None - changed = plugin.create_or_update_subnet(mock_conn, mock_module, - subnet_spec) - mock_conn.network.create_subnet.assert_called_once_with(**subnet_spec) - mock_conn.network.set_tags.assert_called_once_with( - mock.ANY, ['tripleo_vlan_id=100']) - self.assertEqual(True, changed) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_update_subnet(self, mock_conn): - mock_module = mock.Mock() - subnet_spec = { - 'ip_version': 4, - 'name': 'subnet_name', - 'network_id': 'net_id', - 'enable_dhcp': False, - 'gateway_ip': '192.168.24.1', - 'cidr': '192.168.24.0/24', - 'allocation_pools': [ - {'start': '192.168.24.100', 'end': '192.168.24.200'} - ], - 'host_routes': [ - {'destination': '192.168.25.0/24', 'nexthop': '192.168.24.1'} - ], - 'tags': ['tripleo_vlan_id=100'], - 'segment_id': 'segment_id', - } - fake_subnet = stubs.FakeNeutronSubnet( - id='foo', - name='subnet_name', - network_id='net_id', - is_dhcp_enabled=False, - gateway_ip='192.168.24.254', - cidr='192.168.24.0/24', - allocation_pools=[ - {'start': '192.168.24.100', 'end': '192.168.24.200'}], - host_routes=[ - {'destination': '192.168.25.0/24', 'nexthop': '192.168.24.254'} - ], - tags=['tripleo_vlan_id=100'], - segment_id='segment_id' - ) - mock_conn.network.find_subnet.return_value = fake_subnet - changed = plugin.create_or_update_subnet(mock_conn, mock_module, - subnet_spec) - mock_conn.network.find_subnet.ssert_called_once_with( - 'subnet_name', network_id='net_id') - mock_conn.network.create_subnet.assert_not_called() - mock_conn.network.update_subnet.assert_called_once_with( - 'foo', **{'gateway_ip': '192.168.24.1', - 'host_routes': [{'destination': '192.168.25.0/24', - 'nexthop': '192.168.24.1'}]} - ) - self.assertTrue(changed) - - @mock.patch.object(plugin, 'create_segment_spec', autospec=True) - @mock.patch.object(plugin, 'create_or_update_segment', autospec=True) - def test_adopt_the_implicit_segment(self, mock_create_or_update_segment, - mock_create_segment_spec): - fake_network = stubs.FakeNeutronNetwork(id='net_id', name='net_name') - fake_segments = [ - stubs.FakeNeutronSegment(id='segment_id', name=None, - physical_network='physical_net')] - fake_subnets = [ - stubs.FakeNeutronSubnet(id='subnet_id', name='subnet_name', - segment_id='segment_id')] - - changed = plugin.adopt_the_implicit_segment( - mock.ANY, mock.ANY, fake_segments, fake_subnets, fake_network) - - mock_create_segment_spec.assert_called_once_with( - fake_network.id, fake_network.name, fake_subnets[0].name, - physical_network=fake_segments[0].physical_network) - mock_create_or_update_segment.assert_called_once_with( - mock.ANY, mock.ANY, mock.ANY, segment_id=fake_segments[0].id) - self.assertTrue(changed) - - def test_implicit_segment_already_adopted(self): - fake_segments = [ - stubs.FakeNeutronSegment(id='segment_id', - name='net_name_subnet_name', - physical_network='physical_net')] - - changed = plugin.adopt_the_implicit_segment( - mock.ANY, mock.ANY, fake_segments, mock.ANY, mock.ANY) - self.assertFalse(changed) - - def test_implicit_segment_unable_to_adopt(self): - mock_module = mock.Mock() - mock_module.fail_json = mock.Mock() - fake_network = stubs.FakeNeutronNetwork(id='net_id', name='net_name') - fake_segments = [ - stubs.FakeNeutronSegment(id='segment_id_01', - name=None, - network_id='net_id', - physical_network='physical_net_01'), - stubs.FakeNeutronSegment(id='segment_id_02', - name=None, - network_id='net_id', - physical_network='physical_net_02') - ] - fake_subnets = [] - - try: - plugin.adopt_the_implicit_segment( - mock.Mock(), mock_module, fake_segments, fake_subnets, - fake_network) - except AttributeError: - mock_module.fail_json.assert_called_once_with( - msg='Multiple segments with no name attribute exist on ' - 'network {}, unable to reliably adopt the implicit ' - 'segment.'.format(fake_network.id)) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_get_overcloud_domain_name(self, mock_conn): - mock_conn.network.find_network.return_value = stubs.FakeNeutronNetwork( - dns_domain='ctlplane.example.com.') - self.assertEqual( - 'example.com.', - plugin.get_overcloud_domain_name(mock_conn, 'ctlplane')) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_get_overcloud_domain_name_no_ctlplane_network(self, mock_conn): - mock_conn.network.find_network.return_value = None - self.assertEqual( - plugin.DEFAULT_DOMAIN, - plugin.get_overcloud_domain_name(mock_conn, 'ctlplane') - ) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_get_overcloud_domain_name_no_ctlplane_dns_domain(self, mock_conn): - mock_conn.network.find_network.return_value = stubs.FakeNeutronNetwork( - dns_domain='') - self.assertEqual( - plugin.DEFAULT_DOMAIN, - plugin.get_overcloud_domain_name(mock_conn, 'ctlplane') - ) diff --git a/tripleo_ansible/tests/modules/test_tripleo_deploy_artifacts.py b/tripleo_ansible/tests/modules/test_tripleo_deploy_artifacts.py deleted file mode 100644 index cc271662e..000000000 --- a/tripleo_ansible/tests/modules/test_tripleo_deploy_artifacts.py +++ /dev/null @@ -1,148 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tripleo_ansible.ansible_plugins.modules import tripleo_deploy_artifacts -from tripleo_ansible.tests import base as tests_base - -from unittest import mock - - -class TestTripleoDeployArtifacts(tests_base.TestCase): - @mock.patch('tripleo_ansible.ansible_plugins.modules.' - 'tripleo_deploy_artifacts.deploy_targz') - @mock.patch('tripleo_ansible.ansible_plugins.modules.' - 'tripleo_deploy_artifacts.deploy_rpm') - @mock.patch('tripleo_ansible.ansible_plugins.modules.' - 'tripleo_deploy_artifacts._get_filetype') - @mock.patch('urllib.request.urlretrieve') - def test_run(self, mock_urlretrieve, mock_filetype, mock_rpm, mock_tgz): - module = mock.MagicMock() - module.params = {'artifact_urls': ['myrpm', 'mytgz']} - mock_exit = mock.MagicMock() - module.exit_json = mock_exit - mock_filetype.side_effect = ['rpm', 'targz'] - mock_urlretrieve.side_effect = [('foo', None), ('bar', None)] - tripleo_deploy_artifacts.run(module) - self.assertEqual(mock_filetype.call_count, 2) - mock_filetype.has_calls([mock.call('myrpm'), mock.call('mytgz')]) - mock_rpm.assert_called_once_with('foo') - mock_tgz.assert_called_once_with('bar') - mock_exit.assert_called_once_with(changed=True) - - @mock.patch('urllib.request.urlretrieve') - def test_run_fail(self, mock_urlretrieve): - module = mock.MagicMock() - module.params = {'artifact_urls': ['myrpm', 'mytgz']} - mock_exit = mock.MagicMock() - module.exit_json = mock_exit - mock_urlretrieve.side_effect = Exception('meh') - tripleo_deploy_artifacts.run(module) - mock_exit.assert_called_once_with(changed=False, error=mock.ANY, - failed=True, - msg='Unhandled exception: meh') - - @mock.patch('tripleo_ansible.ansible_plugins.modules.' - 'tripleo_deploy_artifacts._get_filetype') - @mock.patch('urllib.request.urlretrieve') - def test_run_unknown(self, mock_urlretrieve, mock_filetype): - module = mock.MagicMock() - module.params = {'artifact_urls': ['bad']} - mock_filetype.return_value = 'UNKNOWN' - mock_exit = mock.MagicMock() - module.exit_json = mock_exit - mock_urlretrieve.return_value = ('foo', None) - tripleo_deploy_artifacts.run(module) - mock_exit.assert_called_once_with(changed=False, - error='Invalid file format', - failed=True, - msg=('Unable to determine file ' - 'format for bad')) - - @mock.patch('subprocess.run') - def test_get_filetype_rpm(self, mock_run): - mock_rc = mock.MagicMock() - mock_rc.stdout = 'RPM v3.0 bin i386/x86_64 foo-0.0.1' - mock_run.return_value = mock_rc - self.assertEqual('rpm', tripleo_deploy_artifacts._get_filetype('foo')) - mock_run.assert_called_once_with('file -b foo', shell=True, stderr=-1, - stdout=-1, universal_newlines=True) - - @mock.patch('subprocess.run') - def test_get_filetype_targz(self, mock_run): - mock_rc = mock.MagicMock() - mock_rc.stdout = ('gzip compressed data, last modified: Fri Mar 13 ' - '22:10:46 2020, from Unix, original size modulo ' - '2^32 4280320') - mock_run.return_value = mock_rc - self.assertEqual('targz', - tripleo_deploy_artifacts._get_filetype('foo')) - mock_run.assert_called_once_with('file -b foo', shell=True, stderr=-1, - stdout=-1, universal_newlines=True) - - @mock.patch('subprocess.run') - def test_get_filetype_unknown(self, mock_run): - mock_rc = mock.MagicMock() - mock_rc.stdout = 'ASCII File' - mock_run.return_value = mock_rc - self.assertEqual('UNKNOWN', - tripleo_deploy_artifacts._get_filetype('foo')) - mock_run.assert_called_once_with('file -b foo', shell=True, stderr=-1, - stdout=-1, universal_newlines=True) - - @mock.patch('subprocess.run') - def test_get_filetype_fail(self, mock_run): - mock_run.side_effect = Exception('meh') - self.assertRaises(Exception, - tripleo_deploy_artifacts._get_filetype, - 'foo') - - @mock.patch('os.rename') - @mock.patch('subprocess.run') - def test_deploy_rpm(self, mock_run, mock_rename): - tripleo_deploy_artifacts.deploy_rpm('foo') - mock_run.assert_called_once_with('dnf install -y foo.rpm', check=True, - shell=True, stderr=-1, - universal_newlines=True) - - @mock.patch('os.unlink') - @mock.patch('os.path.exists') - @mock.patch('os.rename') - @mock.patch('subprocess.run') - def test_deploy_rpm_fail(self, mock_run, mock_rename, mock_exists, - mock_unlink): - mock_run.side_effect = Exception('meh') - mock_exists.return_value = True - self.assertRaises(Exception, - tripleo_deploy_artifacts.deploy_rpm, - 'foo') - mock_unlink.assert_called_once_with('foo.rpm') - - @mock.patch('subprocess.run') - def test_deploy_targz(self, mock_run): - tripleo_deploy_artifacts.deploy_targz('foo') - mock_run.assert_called_once_with('tar xvz -C / -f foo', check=True, - shell=True, stderr=-1, - universal_newlines=True) - - @mock.patch('os.unlink') - @mock.patch('os.path.exists') - @mock.patch('subprocess.run') - def test_deploy_targz_fail(self, mock_run, mock_exists, mock_unlink): - mock_run.side_effect = Exception('meh') - mock_exists.return_value = True - self.assertRaises(Exception, - tripleo_deploy_artifacts.deploy_targz, - 'foo') - mock_unlink.assert_called_once_with('foo') diff --git a/tripleo_ansible/tests/modules/test_tripleo_diff_exec.py b/tripleo_ansible/tests/modules/test_tripleo_diff_exec.py deleted file mode 100644 index 9039d886c..000000000 --- a/tripleo_ansible/tests/modules/test_tripleo_diff_exec.py +++ /dev/null @@ -1,168 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tripleo_ansible.ansible_plugins.modules import tripleo_diff_exec -from tripleo_ansible.tests import base as tests_base -from unittest import mock - - -class TestTripleoDiffExec(tests_base.TestCase): - @mock.patch.dict('os.environ', dict(), clear=True) - @mock.patch('shutil.copy2') - @mock.patch('subprocess.run') - @mock.patch('filecmp.cmp') - @mock.patch('os.path.exists') - def test_first_run(self, mock_exists, mock_cmp, mock_run, mock_copy2): - mock_module = mock.MagicMock() - mock_module.params = { - 'command': 'foo', - 'return_codes': [0], - 'environment': {'foo': 'bar'}, - 'state_file': '/tmp/foo', - 'state_file_suffix': '-previous' - } - mock_exists.side_effect = [True, False] - mock_exit = mock.MagicMock() - mock_module.exit_json = mock_exit - mock_return = mock.MagicMock() - mock_return.returncode = 0 - mock_run.return_value = mock_return - tripleo_diff_exec.run(mock_module) - mock_exit.assert_called_once_with(changed=True) - mock_run.assert_called_once_with( - 'foo', shell=True, env={'foo': 'bar'}, stderr=-1, stdout=-1, - universal_newlines=True) - mock_copy2.assert_called_with('/tmp/foo', '/tmp/foo-previous') - - @mock.patch.dict('os.environ', dict(), clear=True) - @mock.patch('shutil.copy2') - @mock.patch('subprocess.run') - @mock.patch('filecmp.cmp') - @mock.patch('os.path.exists') - def test_no_change(self, mock_exists, mock_cmp, mock_run, mock_copy2): - mock_module = mock.MagicMock() - mock_module.params = { - 'command': 'foo', - 'return_codes': [0], - 'state_file': '/tmp/foo', - 'state_file_suffix': '-previous' - } - mock_exists.return_value = True - mock_cmp.return_value = True - mock_exit = mock.MagicMock() - mock_module.exit_json = mock_exit - tripleo_diff_exec.run(mock_module) - self.assertEqual(mock_run.call_count, 0) - self.assertEqual(mock_copy2.call_count, 0) - mock_exit.assert_called_once_with(changed=False) - - @mock.patch.dict('os.environ', dict(), clear=True) - @mock.patch('shutil.copy2') - @mock.patch('subprocess.run') - @mock.patch('filecmp.cmp') - @mock.patch('os.path.exists') - def test_file_changed(self, mock_exists, mock_cmp, mock_run, mock_copy2): - mock_module = mock.MagicMock() - mock_module.params = { - 'command': 'foo', - 'return_codes': [0], - 'state_file': '/tmp/foo', - 'state_file_suffix': '-previous' - } - mock_exists.return_value = True - mock_cmp.return_value = False - mock_exit = mock.MagicMock() - mock_module.exit_json = mock_exit - mock_return = mock.MagicMock() - mock_return.returncode = 0 - mock_run.return_value = mock_return - tripleo_diff_exec.run(mock_module) - mock_run.assert_called_once_with( - 'foo', shell=True, env={}, stderr=-1, stdout=-1, - universal_newlines=True) - mock_copy2.assert_called_with('/tmp/foo', '/tmp/foo-previous') - mock_exit.assert_called_once_with(changed=True) - - @mock.patch.dict('os.environ', dict(), clear=True) - @mock.patch('shutil.copy2') - @mock.patch('subprocess.run') - @mock.patch('filecmp.cmp') - @mock.patch('os.path.exists') - def test_missing_state(self, mock_exists, mock_cmp, mock_run, mock_copy2): - mock_module = mock.MagicMock() - mock_module.params = { - 'command': 'foo', - 'return_codes': [0], - 'state_file': '/tmp/foo', - 'state_file_suffix': '-previous' - } - mock_exists.return_value = False - mock_exit = mock.MagicMock() - mock_module.exit_json = mock_exit - tripleo_diff_exec.run(mock_module) - mock_exit.assert_called_once_with(changed=False, - error='Missing state file', - failed=True, - msg=('State file does not exist: ' - '/tmp/foo')) - - @mock.patch.dict('os.environ', dict(), clear=True) - @mock.patch('shutil.copy2') - @mock.patch('subprocess.run') - @mock.patch('filecmp.cmp') - @mock.patch('os.path.exists') - def test_exec_exception(self, mock_exists, mock_cmp, mock_run, mock_copy2): - mock_module = mock.MagicMock() - mock_module.params = { - 'command': 'foo', - 'return_codes': [0], - 'state_file': '/tmp/foo', - 'state_file_suffix': '-previous' - } - mock_exists.side_effect = [True, False] - mock_exit = mock.MagicMock() - mock_module.exit_json = mock_exit - mock_run.side_effect = Exception('meh') - tripleo_diff_exec.run(mock_module) - mock_exit.assert_called_once_with(changed=False, - error=mock.ANY, - failed=True, - msg='Unhandled exception: meh') - - @mock.patch.dict('os.environ', dict(), clear=True) - @mock.patch('shutil.copy2') - @mock.patch('subprocess.run') - @mock.patch('filecmp.cmp') - @mock.patch('os.path.exists') - def test_exec_failed(self, mock_exists, mock_cmp, mock_run, mock_copy2): - mock_module = mock.MagicMock() - mock_module.params = { - 'command': 'foo', - 'return_codes': [0], - 'state_file': '/tmp/foo', - 'state_file_suffix': '-previous' - } - mock_exists.side_effect = [True, False] - mock_exit = mock.MagicMock() - mock_module.exit_json = mock_exit - mock_return = mock.MagicMock() - mock_return.returncode = 1 - mock_return.stdout = 'out' - mock_return.stderr = 'err' - mock_run.return_value = mock_return - tripleo_diff_exec.run(mock_module) - mock_exit.assert_called_once_with( - changed=False, error='Failed running command', failed=True, - msg=('Error running foo. rc: 1, stdout: out, stderr: err')) diff --git a/tripleo_ansible/tests/modules/test_tripleo_findif_for_ip.py b/tripleo_ansible/tests/modules/test_tripleo_findif_for_ip.py deleted file mode 100644 index 79dd67cb7..000000000 --- a/tripleo_ansible/tests/modules/test_tripleo_findif_for_ip.py +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright 2021 Red Hat, Inc. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tripleo_ansible.ansible_plugins.modules import tripleo_findif_for_ip as fip -from tripleo_ansible.tests import base as tests_base - -from unittest import mock - -test_output = """ -UNKNOWN 127.0.0.1/8 ::1/128 -ens4 UP fe80::5054:ff:fe54:eb48/64 -ovs-system DOWN -br-ex UNKNOWN 192.168.24.23/24 192.168.24.10/32 192.168.24.13/32 192.168.24.16/32 fe80::5054:ff:fe54:eb48/64 -br-int DOWN -br-tun DOWN -vxlan_sys_4789 UNKNOWN fe80::90dc:e2ff:fedd:10a8/64 -""" - - -class TestFindIfForIp(tests_base.TestCase): - - def test_find_ipv6_interface(self): - module = mock.MagicMock() - module.run_command = mock.MagicMock() - module.run_command.return_value = (0, test_output, '') - self.assertEqual(fip.find_interface(module, 'fe80::5054:ff:fe54:eb48')['interface'], - 'ens4') - - def test_find_ipv4_interface(self): - module = mock.MagicMock() - module.run_command = mock.MagicMock() - module.run_command.return_value = (0, test_output, '') - self.assertEqual(fip.find_interface(module, '192.168.24.23')['interface'], - 'br-ex') - - def test_find_ipv4_interface_noresult(self): - module = mock.MagicMock() - module.run_command = mock.MagicMock() - module.run_command.return_value = (0, test_output, '') - self.assertEqual(fip.find_interface(module, '192.168.24.99')['interface'], - '') - - @mock.patch('subprocess.check_output') - def test_find_ipv6_interface_noresult(self, mock_checkoutput): - module = mock.MagicMock() - module.run_command = mock.MagicMock() - module.run_command.return_value = (0, test_output, '') - self.assertEqual(fip.find_interface(module, 'fe80::5054:ff:fe54:eb47')['interface'], - '') diff --git a/tripleo_ansible/tests/modules/test_tripleo_generate_inventory_network_config.py b/tripleo_ansible/tests/modules/test_tripleo_generate_inventory_network_config.py deleted file mode 100644 index 46985c5b0..000000000 --- a/tripleo_ansible/tests/modules/test_tripleo_generate_inventory_network_config.py +++ /dev/null @@ -1,96 +0,0 @@ -# Copyright (c) 2021 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import yaml - -from tripleo_ansible.ansible_plugins.modules import ( - tripleo_generate_inventory_network_config as plugin) -from tripleo_ansible.tests import base as tests_base - - -NETWORK_CONFIG = { - 'template': '/foo/template.j2', - 'net_config_data_lookup': {}, -} - -INSTANCE_WITH_NETWORK_CONFIG = { - 'hostname': 'instance01', - 'network_config': NETWORK_CONFIG, -} - -INSTANCE_WITHOUT_NETWORK_CONFIG = { - 'hostname': 'instance02', -} - -UNPROVISIONED_INSTANCE = { - 'hostname': 'instance03', - 'provisioned': False, - 'network_config': NETWORK_CONFIG, -} - -FAKE_INSTANCES = [INSTANCE_WITH_NETWORK_CONFIG, - INSTANCE_WITHOUT_NETWORK_CONFIG, - UNPROVISIONED_INSTANCE] - -FAKE_HOSTNAME_ROLE_MAP = { - 'instance01': 'RoleA', - 'instance02': 'RoleB', - 'instance03': 'RoleC', -} - - -class TestTripleoGenerateInventoryNetworkConfig(tests_base.TestCase): - - def test_generate_ansible_inventory_network_config(self): - result = {'changed': False, 'config': {}} - module_opts = yaml.safe_load(plugin.DOCUMENTATION)['options'] - expected_inventory_network_config = { - 'RoleA': { - 'hosts': { - 'instance01': { - 'default_route_network': ['ctlplane'], - 'dns_search_domains': [], - 'networks_skip_config': [], - 'neutron_physical_bridge_name': 'br-ex', - 'neutron_public_interface_name': 'nic1', - 'num_dpdk_interface_rx_queues': 1, - 'tripleo_network_config_update': False, - 'tripleo_network_config_os_net_config_mappings': {}, - 'tripleo_network_config_template': '/foo/template.j2'} - }, - 'vars': { - 'tripleo_network_config_hide_sensitive_logs': False, - } - }, - 'RoleB': { - 'hosts': { - 'instance02': { - 'default_route_network': ['ctlplane'], - 'dns_search_domains': [], - 'networks_skip_config': [], - 'neutron_physical_bridge_name': 'br-ex', - 'neutron_public_interface_name': 'nic1', - 'num_dpdk_interface_rx_queues': 1, - 'tripleo_network_config_update': False, - 'tripleo_network_config_template': - 'templates/net_config_bridge.j2'}}, - 'vars': { - 'tripleo_network_config_hide_sensitive_logs': False, - } - } - } - plugin.generate_ansible_inventory_network_config( - result, module_opts, FAKE_INSTANCES, FAKE_HOSTNAME_ROLE_MAP) - self.assertEqual(expected_inventory_network_config, result['config']) diff --git a/tripleo_ansible/tests/modules/test_tripleo_list_overclouds.py b/tripleo_ansible/tests/modules/test_tripleo_list_overclouds.py deleted file mode 100644 index f1af4e17f..000000000 --- a/tripleo_ansible/tests/modules/test_tripleo_list_overclouds.py +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from unittest import mock - -from heatclient import exc as heat_exc - -from tripleo_ansible.ansible_plugins.modules import tripleo_list_overclouds as tlo -from tripleo_ansible.tests import base as tests_base - - -class TestTripleoListOveclouds(tests_base.TestCase): - - def test_get_overclouds(self): - mock_heat = mock.Mock() - mock_stacks = mock.Mock() - mock_heat.stacks = mock_stacks - - mock_stacks.list.return_value = [ - mock.Mock(id='111', stack_name='overcloud'), - mock.Mock(id='222', stack_name='some-other-stack'), - mock.Mock(id='333', stack_name='other-overcloud'), - ] - - output_result = {"output": { - "output_key": "AnsibleHostVarsMap", - "output_value": {} - }} - mock_stacks.output_show.side_effect = [ - output_result, - heat_exc.NotFound(), - output_result - ] - result = list(tlo.get_overclouds(mock_heat)) - self.assertEqual([{ - 'id': '111', - 'stack_name': 'overcloud' - }, { - 'id': '333', - 'stack_name': 'other-overcloud' - }], result) diff --git a/tripleo_ansible/tests/modules/test_tripleo_network_ports_populate_environment.py b/tripleo_ansible/tests/modules/test_tripleo_network_ports_populate_environment.py deleted file mode 100644 index d52a8f679..000000000 --- a/tripleo_ansible/tests/modules/test_tripleo_network_ports_populate_environment.py +++ /dev/null @@ -1,95 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import mock -import openstack - -from tripleo_ansible.ansible_plugins.modules import ( - tripleo_network_ports_populate_environment as plugin) -from tripleo_ansible.tests import base as tests_base -from tripleo_ansible.tests import stubs - - -class TestTripleoNetworkPortsPopulateEnvironment(tests_base.TestCase): - - def test_update_environment(self): - env = { - 'parameter_defaults': { - 'FooParam': 'foo', - 'BarParam': 'bar'}, - 'resource_registry': { - 'OS::Some::Existing::Resource': '/foo/bar/some_resource.yaml'} - } - node_port_map = { - 'role-a-0': {'foo': {'ip_address': '1.1.1.1'}, - 'bar': {'ip_address': '1.1.2.1'}, - 'baz': {'ip_address': '1.1.3.1'}}, - 'role-b-0': {'foo': {'ip_address': '1.1.1.2'}, - 'bar': {'ip_address': '1.1.2.2'}}, - } - role_net_map = { - 'RoleA': ['ctlplane', 'foo', 'bar', 'baz'], - 'RoleB': ['ctlplane', 'foo', 'bar'] - } - net_name_map = {'foo': 'Foo', 'bar': 'Bar', 'baz': 'Baz'} - templates = '/foo/tht_root' - plugin.update_environment(env, node_port_map, role_net_map, - net_name_map, templates) - self.assertEqual( - {'FooParam': 'foo', - 'BarParam': 'bar', - 'NodePortMap': { - 'role-a-0': {'bar': {'ip_address': '1.1.2.1'}, - 'baz': {'ip_address': '1.1.3.1'}, - 'foo': {'ip_address': '1.1.1.1'}}, - 'role-b-0': {'bar': {'ip_address': '1.1.2.2'}, - 'foo': {'ip_address': '1.1.1.2'}}, - }}, env['parameter_defaults']) - self.assertEqual( - {'OS::Some::Existing::Resource': '/foo/bar/some_resource.yaml', - 'OS::TripleO::RoleA::Ports::BarPort': - '/foo/tht_root/network/ports/deployed_bar.yaml', - 'OS::TripleO::RoleA::Ports::BazPort': - '/foo/tht_root/network/ports/deployed_baz.yaml', - 'OS::TripleO::RoleA::Ports::FooPort': - '/foo/tht_root/network/ports/deployed_foo.yaml', - 'OS::TripleO::RoleB::Ports::BarPort': - '/foo/tht_root/network/ports/deployed_bar.yaml', - 'OS::TripleO::RoleB::Ports::FooPort': - '/foo/tht_root/network/ports/deployed_foo.yaml'}, - env['resource_registry']) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_get_net_name_map(self, mock_conn): - fake_networks = [ - stubs.FakeNeutronNetwork(id='bar', name='bar', - tags=['tripleo_network_name=UPPERNAME']), - stubs.FakeNeutronNetwork(id='baz', name='baz', - tags=['tripleo_network_name=UPPERNAME']), - stubs.FakeNeutronNetwork(id='foo', name='foo', - tags=['tripleo_network_name=UPPERNAME']), - ] - mock_conn.network.find_network.side_effect = fake_networks - role_net_map = { - 'RoleA': [plugin.CTLPLANE_NETWORK, 'foo', 'bar', 'baz'], - 'RoleB': [plugin.CTLPLANE_NETWORK, 'foo', 'bar'] - } - # NOTE(hjensas): Different tripleo_network_name in stubs would require - # set to list conversion and sorting. - self.assertEqual({plugin.CTLPLANE_NETWORK: plugin.CTLPLANE_NETWORK, - 'foo': 'UPPERNAME', - 'bar': 'UPPERNAME', - 'baz': 'UPPERNAME'}, - plugin.get_net_name_map(mock_conn, role_net_map)) diff --git a/tripleo_ansible/tests/modules/test_tripleo_os_net_config_mappings.py b/tripleo_ansible/tests/modules/test_tripleo_os_net_config_mappings.py deleted file mode 100644 index ae651dcf6..000000000 --- a/tripleo_ansible/tests/modules/test_tripleo_os_net_config_mappings.py +++ /dev/null @@ -1,82 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tripleo_ansible.ansible_plugins.modules import ( - tripleo_os_net_config_mappings) -from tripleo_ansible.tests import base as tests_base -from unittest import mock - - -@mock.patch('tripleo_ansible.ansible_plugins.modules.' - 'tripleo_os_net_config_mappings._get_interfaces', autospec=True) -@mock.patch('subprocess.Popen', autospec=True) -class TestTripleoOsNetConfigMappings(tests_base.TestCase): - - def test_mac_mappings_match(self, mock_Popen, mock_get_ifaces): - module = mock.MagicMock() - module.params = { - 'net_config_data_lookup': { - 'node0': {'nic1': 'aa:bb:cc:dd:ee:ff', - 'nic2': 'ff:ee:dd:cc:bb:aa'}, - 'node1': {'nic1': '0a:0b:0c:0d:0e:0f', - 'nic2': 'f0:e0:d0:c0:b0:a0'} - } - } - mock_exit = mock.MagicMock() - module.exit_json = mock_exit - mock_get_ifaces.side_effect = ['aa:bb:cc:dd:ee:ff', 'ff:ee:dd:cc:bb:aa'] - expected = module.params['net_config_data_lookup']['node0'] - tripleo_os_net_config_mappings.run(module) - mock_exit.assert_called_once_with( - changed=True, mapping={'interface_mapping': expected}) - - def test_mac_mappings_no_match(self, mock_Popen, mock_get_ifaces): - module = mock.MagicMock() - module.params = { - 'net_config_data_lookup': { - 'node0': {'nic1': 'aa:bb:cc:dd:ee:ff', - 'nic2': 'ff:ee:dd:cc:bb:aa'}, - 'node1': {'nic1': '0a:0b:0c:0d:0e:0f', - 'nic2': 'f0:e0:d0:c0:b0:a0'} - } - } - mock_exit = mock.MagicMock() - module.exit_json = mock_exit - mock_get_ifaces.side_effect = ['01:02:03:04:05:06', '10:20:30:40:50:60'] - tripleo_os_net_config_mappings.run(module) - mock_exit.assert_called_once_with(changed=False, mapping=None) - - def test_dmi_type_string_match(self, mock_Popen, mock_get_ifaces): - module = mock.MagicMock() - module.params = { - 'net_config_data_lookup': { - 'node2': {'dmiString': 'foo-dmi-type', - 'id': 'bar-dmi-id', - 'nic1': 'em3', - 'nic2': 'em4'}, - 'node3': {'nic1': '0a:0b:0c:0d:0e:0f', - 'nic2': 'f0:e0:d0:c0:b0:a0'} - } - } - mock_exit = mock.MagicMock() - module.exit_json = mock_exit - expected = {'nic1': 'em3', - 'nic2': 'em4'} - mock_return = mock.MagicMock() - mock_return.return_value.communicate.return_value = ('bar-dmi-id', '') - mock_Popen.side_effect = mock_return - tripleo_os_net_config_mappings.run(module) - mock_exit.assert_called_once_with( - changed=True, mapping={'interface_mapping': expected}) diff --git a/tripleo_ansible/tests/modules/test_tripleo_overcloud_network_extract.py b/tripleo_ansible/tests/modules/test_tripleo_overcloud_network_extract.py deleted file mode 100644 index fe6497c27..000000000 --- a/tripleo_ansible/tests/modules/test_tripleo_overcloud_network_extract.py +++ /dev/null @@ -1,304 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import mock -import openstack - -try: - from ansible.module_utils import network_data_v2 as n_utils -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils import network_data_v2 as n_utils # noqa -from tripleo_ansible.ansible_plugins.modules import ( - tripleo_overcloud_network_extract as plugin) -from tripleo_ansible.tests import base as tests_base -from tripleo_ansible.tests import stubs - - -class TestTripleoOvercloudNetworkExtract(tests_base.TestCase): - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_is_vip_network_true(self, conn_mock): - net_name = 'external' - net_id = '132f871f-eaec-4fed-9475-0d54465e0f00' - fake_network = stubs.FakeNeutronNetwork(id=net_id, - name=net_name, - tags=['tripleo_vip=True']) - fake_port = stubs.FakeNeutronPort( - name='{}{}'.format(net_name, "IT_DOES_NOT_MATTER"), - fixed_ips=[{'ip_address': '10.10.10.10', 'subnet_id': 'foo'}] - ) - - conn_mock.network.get_network.return_value = fake_network - conn_mock.network.ports.return_value = (x for x in [fake_port]) - - result = plugin.is_vip_network(conn_mock, net_id) - self.assertEqual(True, result) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_is_vip_network_false(self, conn_mock): - net_name = 'external' - net_id = '132f871f-eaec-4fed-9475-0d54465e0f00' - fake_network = stubs.FakeNeutronNetwork(id=net_id, name=net_name) - - conn_mock.network.get_network.return_value = fake_network - conn_mock.network.ports.return_value = (x for x in []) - - result = plugin.is_vip_network(conn_mock, net_id) - self.assertEqual(False, result) - - @mock.patch.object(plugin, 'is_vip_network', autospec=True, - return_value=False) - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_get_network_info(self, conn_mock, is_vip_net_mock): - fake_network = stubs.FakeNeutronNetwork( - id='132f871f-eaec-4fed-9475-0d54465e0f00', - name='public', - dns_domain='public.localdomain.', - mtu=1500, - is_shared=False, - is_admin_state_up=False, - tags=['tripleo_net_idx=3', - 'tripleo_service_net_map_replace=external'] - ) - conn_mock.network.get_network.return_value = fake_network - expected = (3, {'name_lower': 'public', - 'dns_domain': 'public.localdomain.', - 'service_net_map_replace': 'external'}) - result = plugin.get_network_info( - conn_mock, '132f871f-eaec-4fed-9475-0d54465e0f00') - self.assertEqual(expected, result) - - @mock.patch.object(plugin, 'is_vip_network', autospec=True, - return_value=False) - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_dns_not_set_get_network_info(self, conn_mock, is_vip_net_mock): - fake_network = stubs.FakeNeutronNetwork( - id='132f871f-eaec-4fed-9475-0d54465e0f00', - name='public', - dns_domain=None, - mtu=1500, - is_shared=False, - is_admin_state_up=False, - tags=['tripleo_net_idx=3', - 'tripleo_service_net_map_replace=external'] - ) - conn_mock.network.get_network.return_value = fake_network - expected = (3, {'name_lower': 'public', - 'service_net_map_replace': 'external'}) - result = plugin.get_network_info( - conn_mock, '132f871f-eaec-4fed-9475-0d54465e0f00') - self.assertEqual(expected, result) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_get_subnet_info_ipv4(self, conn_mock): - fake_subnet = stubs.FakeNeutronSubnet( - name='public_subnet', - is_dhcp_enabled=False, - tags=['tripleo_vlan_id=100'], - ip_version=4, - cidr='10.0.0.0/24', - allocation_pools=[{'start': '10.0.0.10', 'end': '10.0.0.150'}], - gateway_ip='10.0.0.1', - host_routes=[{'destination': '172.17.1.0/24', - 'nexthop': '10.0.0.1'}], - ) - fake_segment = stubs.FakeNeutronSegment( - name='public_subnet', - network_type='flat', - physical_network='public_subnet' - ) - conn_mock.network.get_subnet.return_value = fake_subnet - conn_mock.network.get_segment.return_value = fake_segment - expected = { - 'vlan': 100, - 'ip_subnet': '10.0.0.0/24', - 'allocation_pools': [{'start': '10.0.0.10', 'end': '10.0.0.150'}], - 'gateway_ip': '10.0.0.1', - 'routes': [{'destination': '172.17.1.0/24', - 'nexthop': '10.0.0.1'}], - 'physical_network': 'public_subnet', - } - name, subnet = plugin.get_subnet_info(conn_mock, mock.Mock()) - self.assertEqual(name, 'public_subnet') - self.assertEqual(expected, subnet) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_get_subnet_info_ipv4_no_gateway_ip(self, conn_mock): - fake_subnet = stubs.FakeNeutronSubnet( - name='public_subnet', - is_dhcp_enabled=False, - tags=['tripleo_vlan_id=100'], - ip_version=4, - cidr='10.0.0.0/24', - allocation_pools=[{'start': '10.0.0.10', 'end': '10.0.0.150'}], - gateway_ip=None, - host_routes=[{'destination': '172.17.1.0/24', - 'nexthop': '10.0.0.1'}], - ) - fake_segment = stubs.FakeNeutronSegment( - name='public_subnet', - network_type='flat', - physical_network='public_subnet' - ) - conn_mock.network.get_subnet.return_value = fake_subnet - conn_mock.network.get_segment.return_value = fake_segment - expected = { - 'vlan': 100, - 'ip_subnet': '10.0.0.0/24', - 'allocation_pools': [{'start': '10.0.0.10', 'end': '10.0.0.150'}], - 'routes': [{'destination': '172.17.1.0/24', - 'nexthop': '10.0.0.1'}], - 'physical_network': 'public_subnet', - } - name, subnet = plugin.get_subnet_info(conn_mock, mock.Mock()) - self.assertEqual(name, 'public_subnet') - self.assertEqual(expected, subnet) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_get_subnet_info_ipv6(self, conn_mock): - fake_subnet = stubs.FakeNeutronSubnet( - name='public_subnet', - is_dhcp_enabled=False, - tags=['tripleo_vlan_id=200'], - ip_version=6, - cidr='2001:db8:a::/64', - allocation_pools=[{'start': '2001:db8:a::0010', - 'end': '2001:db8:a::fff9'}], - gateway_ip='2001:db8:a::1', - host_routes=[{'destination': '2001:db8:b::/64', - 'nexthop': '2001:db8:a::1'}], - ipv6_address_mode=None, - ipv6_ra_mode=None, - ) - fake_segment = stubs.FakeNeutronSegment( - name='public_subnet', - network_type='flat', - physical_network='public_subnet' - ) - conn_mock.network.get_subnet.return_value = fake_subnet - conn_mock.network.get_segment.return_value = fake_segment - expected = { - 'vlan': 200, - 'ipv6_subnet': '2001:db8:a::/64', - 'ipv6_allocation_pools': [{'start': '2001:db8:a::0010', - 'end': '2001:db8:a::fff9'}], - 'gateway_ipv6': '2001:db8:a::1', - 'routes_ipv6': [{'destination': '2001:db8:b::/64', - 'nexthop': '2001:db8:a::1'}], - 'physical_network': 'public_subnet', - } - name, subnet = plugin.get_subnet_info(conn_mock, mock.Mock()) - self.assertEqual(name, 'public_subnet') - self.assertEqual(expected, subnet) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_get_subnet_info_ipv6_no_gateway_ip(self, conn_mock): - fake_subnet = stubs.FakeNeutronSubnet( - name='public_subnet', - is_dhcp_enabled=False, - tags=['tripleo_vlan_id=200'], - ip_version=6, - cidr='2001:db8:a::/64', - allocation_pools=[{'start': '2001:db8:a::0010', - 'end': '2001:db8:a::fff9'}], - gateway_ip=None, - host_routes=[{'destination': '2001:db8:b::/64', - 'nexthop': '2001:db8:a::1'}], - ipv6_address_mode=None, - ipv6_ra_mode=None, - ) - fake_segment = stubs.FakeNeutronSegment( - name='public_subnet', - network_type='flat', - physical_network='public_subnet' - ) - conn_mock.network.get_subnet.return_value = fake_subnet - conn_mock.network.get_segment.return_value = fake_segment - expected = { - 'vlan': 200, - 'ipv6_subnet': '2001:db8:a::/64', - 'ipv6_allocation_pools': [{'start': '2001:db8:a::0010', - 'end': '2001:db8:a::fff9'}], - 'routes_ipv6': [{'destination': '2001:db8:b::/64', - 'nexthop': '2001:db8:a::1'}], - 'physical_network': 'public_subnet', - } - name, subnet = plugin.get_subnet_info(conn_mock, mock.Mock()) - self.assertEqual(name, 'public_subnet') - self.assertEqual(expected, subnet) - - @mock.patch.object(plugin, 'get_subnet_info', autospec=True) - @mock.patch.object(plugin, 'get_network_info', autospec=True) - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_parse_net_resources(self, conn_mock, mock_get_network, - mock_get_subnet): - net_resources = { - 'StorageNetwork': { - 'StorageNetwork': {'physical_resource_id': 'fake-id', - 'resource_type': n_utils.TYPE_NET}, - 'StorageSubnet': {'physical_resource_id': 'fake-id', - 'resource_type': n_utils.TYPE_SUBNET}, - 'StorageSubnet_leaf1': {'physical_resource_id': 'fake-id', - 'resource_type': n_utils.TYPE_SUBNET} - } - } - - fake_network = { - 'name_lower': 'storage', - 'dns_domain': 'storage.localdomain.', - 'mtu': 1500, - 'shared': False, - 'admin_state_up': False, - 'vip': False, - } - fake_subnet_storage = { - 'enable_dhcp': False, - 'vlan': 100, - 'ip_subnet': '10.0.0.0/24', - 'allocation_pools': [{'start': '10.0.0.10', 'end': '10.0.0.150'}], - 'gateway_ip': '10.0.0.1', - 'routes': [{'destination': '10.1.0.0/24', 'nexthop': '10.0.0.1'}], - 'network_type': 'flat', - 'physical_network': 'storage', - } - fake_subnet_storage_leaf1 = { - 'enable_dhcp': False, - 'vlan': 101, - 'ip_subnet': '10.1.0.0/24', - 'allocation_pools': [{'start': '10.1.0.10', 'end': '10.1.0.150'}], - 'gateway_ip': '10.1.0.1', - 'routes': [{'destination': '10.0.0.0/24', 'nexthop': '10.1.0.1'}], - 'network_type': 'flat', - 'physical_network': 'leaf1', - } - - mock_get_network.return_value = (0, fake_network) - mock_get_subnet.side_effect = [ - ('storage', fake_subnet_storage), - ('leaf1', fake_subnet_storage_leaf1)] - - expected = [{'name': 'Storage', - 'mtu': 1500, - 'name_lower': 'storage', - 'dns_domain': 'storage.localdomain.', - 'shared': False, - 'admin_state_up': False, - 'vip': False, - 'subnets': { - 'storage': fake_subnet_storage, - 'leaf1': fake_subnet_storage_leaf1} - }] - result = plugin.parse_net_resources(conn_mock, net_resources) - self.assertEqual(expected, result) diff --git a/tripleo_ansible/tests/modules/test_tripleo_overcloud_network_ports.py b/tripleo_ansible/tests/modules/test_tripleo_overcloud_network_ports.py deleted file mode 100644 index 30bc19d42..000000000 --- a/tripleo_ansible/tests/modules/test_tripleo_overcloud_network_ports.py +++ /dev/null @@ -1,623 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import copy -import metalsmith -import mock -import openstack - -from tripleo_ansible.ansible_plugins.modules import ( - tripleo_overcloud_network_ports as plugin) -from tripleo_ansible.tests import base as tests_base -from tripleo_ansible.tests import stubs - -FAKE_INSTANCE = { - 'hostname': 'instance0', - 'network_config': { - 'default_route_network': ['ctlplane'], - }, - 'networks': [ - {'network': 'ctlplane', 'vif': True}, - {'network': 'foo', 'subnet': 'foo_subnet'}, - {'network': 'bar', 'subnet': 'bar_subnet'}, - ], -} - -FAKE_NET_NAME_MAP = { - 'ctlplane': { - 'id': 'ctlplane_id', - 'name_upper': 'ctlplane', - 'subnets': { - 'ctlplane-subnet': 'ctlplane_subnet_id' - } - }, - 'foo': { - 'id': 'foo_id', - 'name_upper': 'Foo', - 'subnets': { - 'foo_subnet': 'foo_subnet_id', - } - }, - 'bar': { - 'id': 'bar_id', - 'name_upper': 'Bar', - 'subnets': { - 'bar_subnet': 'bar_subnet_id', - } - }, -} - -FAKE_NET_ID_MAP = { - 'ctlplane_id': 'ctlplane', - 'foo_id': 'foo', - 'bar_id': 'bar', -} - -FAKE_CIDR_PREFIX_MAP = { - 'foo_id': '24', - 'bar_id': '64', -} - -FAKE_MAPS = { - 'by_name': FAKE_NET_NAME_MAP, - 'by_id': FAKE_NET_ID_MAP, - 'cidr_prefix_map': FAKE_CIDR_PREFIX_MAP, -} - -STACK = 'overcloud' - - -class TestTripleoOvercloudNetworkPorts(tests_base.TestCase): - - def setUp(self): - super(TestTripleoOvercloudNetworkPorts, self).setUp() - - # Helper function to convert array to generator - self.a2g = lambda x: (n for n in x) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_delete_ports(self, mock_conn): - port1 = stubs.FakeNeutronPort(id='port1_id') - port2 = stubs.FakeNeutronPort(id='port2_id') - plugin.delete_ports(mock_conn, [port1, port2]) - mock_conn.network.delete_port.assert_has_calls([mock.call('port1_id'), - mock.call('port2_id')]) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_pre_provisioned_ports(self, mock_conn): - result = {'changed': False} - inst_ports = [] - tags = set(['tripleo_stack_name=overcloud', - 'tripleo_ironic_uuid=ironic_uuid']) - fake_instance = copy.deepcopy(FAKE_INSTANCE) - fake_instance['networks'] = [{'network': 'foo', 'port': 'some_port'}] - some_port = stubs.FakeNeutronPort(name='some_port', - id='some_port_id', - tags=[]) - mock_conn.network.find_port.return_value = some_port - plugin.pre_provisioned_ports(result, mock_conn, FAKE_MAPS, - fake_instance, inst_ports, tags) - mock_conn.network.find_port.assert_called_with( - 'some_port', network_id=FAKE_NET_NAME_MAP['foo']['id']) - - mock_conn.network.set_tags.assert_called_with(some_port, mock.ANY) - set_tags_args = mock_conn.network.set_tags.call_args.args - self.assertTrue(tags == set(set_tags_args[1])) - - self.assertEqual([some_port], inst_ports) - self.assertTrue(result['changed']) - - def test_generate_port_defs_create(self): - inst_ports = [] - create_port_defs, update_port_defs = plugin.generate_port_defs( - FAKE_MAPS, FAKE_INSTANCE, inst_ports) - self.assertEqual([ - {'name': 'instance0_Foo', - 'dns_name': 'instance0', - 'network_id': 'foo_id', - 'fixed_ips': [{'subnet_id': 'foo_subnet_id'}]}, - {'name': 'instance0_Bar', - 'dns_name': 'instance0', - 'network_id': 'bar_id', - 'fixed_ips': [{'subnet_id': 'bar_subnet_id'}]}, - ], create_port_defs) - self.assertEqual([], update_port_defs) - - def test_generate_port_defs_update(self): - port_foo = stubs.FakeNeutronPort( - name='instance0_Foo', network_id='foo_id', - fixed_ips=[{'subnet_id': 'foo_subnet_id'}]) - port_bar = stubs.FakeNeutronPort( - name='instance0_Bar', network_id='bar_id', - fixed_ips=[{'subnet_id': 'bar_subnet_id'}]) - inst_ports = [port_foo, port_bar] - create_port_defs, update_port_defs = plugin.generate_port_defs( - FAKE_MAPS, FAKE_INSTANCE, inst_ports) - self.assertEqual([], create_port_defs) - self.assertEqual([ - {'name': 'instance0_Foo', - 'dns_name': 'instance0', - 'network_id': 'foo_id', - 'fixed_ips': [{'subnet_id': 'foo_subnet_id'}]}, - {'name': 'instance0_Bar', - 'dns_name': 'instance0', - 'network_id': 'bar_id', - 'fixed_ips': [{'subnet_id': 'bar_subnet_id'}]} - ], update_port_defs) - - def test_generate_port_defs_create_and_update(self): - port_foo = stubs.FakeNeutronPort( - name='instance0_Foo', network_id='foo_id', - fixed_ips=[{'subnet_id': 'foo_subnet_id'}]) - inst_ports = [port_foo] - create_port_defs, update_port_defs = plugin.generate_port_defs( - FAKE_MAPS, FAKE_INSTANCE, inst_ports) - self.assertEqual([ - {'name': 'instance0_Bar', - 'dns_name': 'instance0', - 'network_id': 'bar_id', - 'fixed_ips': [{'subnet_id': 'bar_subnet_id'}]}, - ], create_port_defs) - self.assertEqual([ - {'name': 'instance0_Foo', - 'dns_name': 'instance0', - 'network_id': 'foo_id', - 'fixed_ips': [{'subnet_id': 'foo_subnet_id'}]}, - ], update_port_defs) - - def test_generate_port_defs_subnet_not_set(self): - inst_ports = [] - instance = copy.deepcopy(FAKE_INSTANCE) - del instance['networks'][1]['subnet'] - del instance['networks'][2]['subnet'] - create_port_defs, update_port_defs = plugin.generate_port_defs( - FAKE_MAPS, instance, inst_ports) - self.assertEqual([ - {'name': 'instance0_Foo', - 'dns_name': 'instance0', - 'network_id': 'foo_id', - 'fixed_ips': [{'subnet_id': 'foo_subnet_id'}]}, - {'name': 'instance0_Bar', - 'dns_name': 'instance0', - 'network_id': 'bar_id', - 'fixed_ips': [{'subnet_id': 'bar_subnet_id'}]}, - ], create_port_defs) - self.assertEqual([], update_port_defs) - - def test_generate_port_defs_multi_subnet_raise_if_subnet_not_set(self): - inst_ports = [] - instance = copy.deepcopy(FAKE_INSTANCE) - del instance['networks'][1]['subnet'] - del instance['networks'][2]['subnet'] - maps = copy.deepcopy(FAKE_MAPS) - maps['by_name']['foo']['subnets'].update( - {'bas_subnet': 'baz_subnet_id'}) - msg = ('The "subnet" or "fixed_ip" must be set for the instance0 port ' - 'on the foo network since there are multiple subnets') - self.assertRaisesRegex(Exception, msg, - plugin.generate_port_defs, - maps, instance, inst_ports) - - def test_generate_port_defs_multi_subnet_fixed_ip(self): - inst_ports = [] - instance = copy.deepcopy(FAKE_INSTANCE) - del instance['networks'][1]['subnet'] - del instance['networks'][2]['subnet'] - instance['networks'][1]['fixed_ip'] = 'baz_fixed_ip' - instance['networks'][2]['fixed_ip'] = 'bar_fixed_ip' - maps = copy.deepcopy(FAKE_MAPS) - maps['by_name']['foo']['subnets'].update( - {'bas_subnet': 'baz_subnet_id'}) - create_port_defs, update_port_defs = plugin.generate_port_defs( - maps, instance, inst_ports) - self.assertEqual([ - {'name': 'instance0_Foo', - 'dns_name': 'instance0', - 'network_id': 'foo_id', - 'fixed_ips': [{'ip_address': 'baz_fixed_ip'}]}, - {'name': 'instance0_Bar', - 'dns_name': 'instance0', - 'network_id': 'bar_id', - 'fixed_ips': [{'ip_address': 'bar_fixed_ip'}]}, - ], create_port_defs) - self.assertEqual([], update_port_defs) - - def test_fixed_ips_need_update(self): - fake_port = stubs.FakeNeutronPort( - fixed_ips=[{'ip_address': '192.168.24.24', 'subnet_id': 'foo_id'}]) - - port_def = {'fixed_ips': [{'ip_address': '192.168.24.24'}]} - self.assertFalse(plugin.fixed_ips_need_update(port_def, fake_port)) - - port_def = {'fixed_ips': [{'subnet_id': 'foo_id'}]} - self.assertFalse(plugin.fixed_ips_need_update(port_def, fake_port)) - - port_def = {'fixed_ips': [{'subnet_id': 'bar_id'}]} - self.assertTrue(plugin.fixed_ips_need_update(port_def, fake_port)) - - port_def = {'fixed_ips': [{'subnet_id': 'foo_id'}, - {'ip_address': '192.168.25.24'}]} - self.assertTrue(plugin.fixed_ips_need_update(port_def, fake_port)) - - @mock.patch.object(plugin, 'fixed_ips_need_update', autospec=True) - def test_port_need_update(self, mock_fixed_ips_need_update): - port_def = {'name': 'foo', 'network_id': 'foo_id', 'fixed_ips': []} - - mock_fixed_ips_need_update.return_value = True - self.assertEqual({'fixed_ips': []}, - plugin.port_need_update(port_def, mock.ANY)) - - mock_fixed_ips_need_update.return_value = False - self.assertEqual({}, plugin.port_need_update(port_def, mock.ANY)) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_create_ports(self, mock_conn): - result = {'changed': False} - inst_ports = [] - network_config = {'default_route_network': ['foo']} - tags = set(['tripleo_stack_name=overcloud', - 'tripleo_ironic_uuid=ironic_uuid']) - expected_tags = copy.deepcopy(tags) - port_foo = stubs.FakeNeutronPort( - name='instance0_foo', network_id='foo_id', - fixed_ips=[{'subnet_id': 'foo_subnet_id'}]) - port_bar = stubs.FakeNeutronPort( - name='instance0_bar', network_id='bar_id', - fixed_ips=[{'subnet_id': 'bar_subnet_id'}]) - create_port_defs = [ - dict(name='instance0_foo', network_id='foo_id', - fixed_ips=[{'subnet_id': 'foo_subnet_id'}]), - dict(name='instance0_bar', network_id='bar_id', - fixed_ips=[{'subnet_id': 'bar_subnet_id'}]), - ] - mock_conn.network.create_ports.return_value = self.a2g( - [port_foo, port_bar]) - plugin.create_ports(result, mock_conn, create_port_defs, inst_ports, - tags, FAKE_MAPS, network_config) - mock_conn.network.create_ports.assert_has_calls([ - mock.call([ - {'name': 'instance0_foo', - 'network_id': 'foo_id', - 'fixed_ips': [{'subnet_id': 'foo_subnet_id'}]}, - {'name': 'instance0_bar', - 'network_id': 'bar_id', - 'fixed_ips': [{'subnet_id': 'bar_subnet_id'}]} - ]) - ]) - mock_conn.network.set_tags.assert_has_calls([ - mock.call(port_foo, mock.ANY), - mock.call(port_bar, mock.ANY) - ]) - set_tag_args = mock_conn.network.set_tags.call_args_list - self.assertEqual(set(set_tag_args[1][0][1]), expected_tags) - # Default route tag only on the 'foo' network port - expected_tags.update({'tripleo_default_route=true'}) - self.assertEqual(set(set_tag_args[0][0][1]), expected_tags) - - self.assertEqual([port_foo, port_bar], inst_ports) - self.assertTrue(result['changed']) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_update_ports(self, mock_conn): - result = {'changed': False} - network_config = {'default_route_network': ['foo']} - tags = set(['tripleo_hostname=instance0', - 'tripleo_stack_name=overcloud', - 'tripleo_ironic_uuid=ironic_uuid']) - expected_tags = copy.deepcopy(tags) - port_foo = stubs.FakeNeutronPort( - id='port_foo_id', name='instance0_foo', network_id='foo_id', - fixed_ips=[{'subnet_id': 'NEED_UPDATE'}], tags=[]) - port_bar = stubs.FakeNeutronPort( - id='port_bar_id', name='instance0_bar', network_id='bar_id', - fixed_ips=[{'subnet_id': 'NEED_UPDATE'}], tags=[]) - inst_ports = [port_foo, port_bar] - update_port_defs = [ - dict(name='instance0_foo', network_id='foo_id', - fixed_ips=[{'subnet_id': 'foo_subnet_id'}]), - dict(name='instance0_bar', network_id='bar_id', - fixed_ips=[{'subnet_id': 'bar_subnet_id'}]), - ] - plugin.update_ports(result, mock_conn, update_port_defs, inst_ports, - tags, FAKE_MAPS, network_config) - mock_conn.network.update_port.assert_has_calls( - [mock.call('port_foo_id', - {'fixed_ips': [{'subnet_id': 'foo_subnet_id'}]}), - mock.call('port_bar_id', - {'fixed_ips': [{'subnet_id': 'bar_subnet_id'}]})]) - mock_conn.network.set_tags.assert_has_calls([ - mock.call(port_foo, mock.ANY), - mock.call(port_bar, mock.ANY) - ]) - set_tag_args = mock_conn.network.set_tags.call_args_list - self.assertEqual(set(set_tag_args[1][0][1]), expected_tags) - # Default route tag only on the 'foo' network port - expected_tags.update({'tripleo_default_route=true'}) - self.assertEqual(set(set_tag_args[0][0][1]), expected_tags) - - self.assertTrue(result['changed']) - - @mock.patch.object(plugin, 'update_ports', autospec=True) - @mock.patch.object(plugin, 'create_ports', autospec=True) - @mock.patch.object(plugin, 'pre_provisioned_ports', autospec=True) - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test__provision_ports_create(self, mock_conn, mock_pre_provisioned, - mock_create_ports, mock_update_ports): - create_port_defs = [ - dict(name='instance0_Foo', - dns_name='instance0', - network_id='foo_id', - fixed_ips=[{'subnet_id': 'foo_subnet_id'}]), - dict(name='instance0_Bar', - dns_name='instance0', - network_id='bar_id', - fixed_ips=[{'subnet_id': 'bar_subnet_id'}]), - ] - mock_conn.network.ports.return_value = self.a2g([]) - expected_tags = {'tripleo_ironic_uuid=ironic_uuid', - 'tripleo_role=role', - 'tripleo_stack_name=overcloud'} - network_config = FAKE_INSTANCE['network_config'] - plugin._provision_ports({}, mock_conn, STACK, FAKE_INSTANCE, - FAKE_MAPS, {}, 'ironic_uuid', 'role') - mock_pre_provisioned.assert_called_with(mock.ANY, mock_conn, FAKE_MAPS, - FAKE_INSTANCE, mock.ANY, - expected_tags) - mock_create_ports.assert_called_with(mock.ANY, mock_conn, - create_port_defs, - mock.ANY, expected_tags, - FAKE_MAPS, network_config) - mock_update_ports.assert_not_called() - - @mock.patch.object(plugin, 'update_ports', autospec=True) - @mock.patch.object(plugin, 'create_ports', autospec=True) - @mock.patch.object(plugin, 'pre_provisioned_ports', autospec=True) - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test__provision_ports_update(self, mock_conn, mock_pre_provisioned, - mock_create_ports, mock_update_ports): - port_foo = stubs.FakeNeutronPort( - name='instance0_Foo', - dns_name='instance0', - network_id='foo_id', - fixed_ips=[{'subnet_id': 'foo_subnet_id'}], - tags=[]) - port_bar = stubs.FakeNeutronPort( - name='instance0_Bar', - dns_name='instance0', - network_id='bar_id', - fixed_ips=[{'subnet_id': 'bar_subnet_id'}], - tags=[]) - update_port_defs = [ - dict(name='instance0_Foo', - dns_name='instance0', - network_id='foo_id', - fixed_ips=[{'subnet_id': 'foo_subnet_id'}]), - dict(name='instance0_Bar', - dns_name='instance0', - network_id='bar_id', - fixed_ips=[{'subnet_id': 'bar_subnet_id'}]), - ] - expected_tags = {'tripleo_ironic_uuid=ironic_uuid', - 'tripleo_role=role', - 'tripleo_stack_name=overcloud'} - network_config = FAKE_INSTANCE['network_config'] - mock_conn.network.ports.return_value = self.a2g([port_foo, port_bar]) - plugin._provision_ports({}, mock_conn, STACK, FAKE_INSTANCE, - FAKE_MAPS, {}, 'ironic_uuid', 'role') - mock_pre_provisioned.assert_called_with(mock.ANY, mock_conn, - FAKE_MAPS, FAKE_INSTANCE, - mock.ANY, expected_tags) - mock_create_ports.assert_not_called() - mock_update_ports.assert_called_with(mock.ANY, mock_conn, - update_port_defs, - [port_foo, port_bar], - expected_tags, FAKE_MAPS, - network_config) - - @mock.patch.object(plugin, 'update_ports', autospec=True) - @mock.patch.object(plugin, 'create_ports', autospec=True) - @mock.patch.object(plugin, 'pre_provisioned_ports', autospec=True) - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test__provision_ports_create_and_update(self, mock_conn, - mock_pre_provisioned, - mock_create_ports, - mock_update_ports): - port_foo = stubs.FakeNeutronPort( - name='instance0_Foo', - dns_name='instance0', - network_id='foo_id', - fixed_ips=[{'subnet_id': 'foo_subnet_id'}], - tags=[]) - create_port_defs = [ - dict(name='instance0_Bar', - dns_name='instance0', - network_id='bar_id', - fixed_ips=[{'subnet_id': 'bar_subnet_id'}]), - ] - update_port_defs = [ - dict(name='instance0_Foo', - dns_name='instance0', - network_id='foo_id', - fixed_ips=[{'subnet_id': 'foo_subnet_id'}]), - ] - mock_conn.network.ports.return_value = self.a2g([port_foo]) - expected_tags = {'tripleo_ironic_uuid=ironic_uuid', - 'tripleo_role=role', - 'tripleo_stack_name=overcloud'} - network_config = FAKE_INSTANCE['network_config'] - plugin._provision_ports({}, mock_conn, STACK, FAKE_INSTANCE, - FAKE_MAPS, {}, 'ironic_uuid', 'role') - mock_pre_provisioned.assert_called_with(mock.ANY, mock_conn, - FAKE_MAPS, FAKE_INSTANCE, - mock.ANY, expected_tags) - mock_create_ports.assert_called_with(mock.ANY, mock_conn, - create_port_defs, mock.ANY, - expected_tags, FAKE_MAPS, - network_config) - mock_update_ports.assert_called_with(mock.ANY, mock_conn, - update_port_defs, [port_foo], - expected_tags, FAKE_MAPS, - network_config) - - @mock.patch.object(plugin, 'delete_ports', autospec=True) - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test__unprovision_ports(self, mock_conn, mock_delete_ports): - result = {'changed': False, 'instance_port_map': {}} - port_foo = stubs.FakeNeutronPort( - name='instance_foo', - dns_name='instance0', - network_id='foo_id', - fixed_ips=[{'subnet_id': 'foo_subnet_id'}]) - port_bar = stubs.FakeNeutronPort( - name='instance_bar', - dns_name='instance0', - network_id='bar_id', - fixed_ips=[{'subnet_id': 'bar_subnet_id'}]) - mock_conn.network.ports.return_value = self.a2g([port_foo, port_bar]) - plugin._unprovision_ports(result, mock_conn, STACK, FAKE_INSTANCE, - None) - mock_delete_ports.assert_called_with(mock_conn, [port_foo, port_bar]) - self.assertTrue(result['changed']) - - def test_generate_node_port_map(self): - result = dict(node_port_map=dict()) - ports_by_node = dict( - node01=[ - stubs.FakeNeutronPort( - network_id='foo_id', - fixed_ips=[{'ip_address': '192.168.24.1', - 'subnet_id': 'foo_id'}]), - stubs.FakeNeutronPort( - network_id='bar_id', - fixed_ips=[{'ip_address': '2001:DB8:1::1', - 'subnet_id': 'bar_id'}])], - node02=[ - stubs.FakeNeutronPort( - network_id='foo_id', - fixed_ips=[{'ip_address': '192.168.24.1', - 'subnet_id': 'foo_id'}]), - stubs.FakeNeutronPort( - network_id='bar_id', - fixed_ips=[{'ip_address': '2001:DB8:1::2', - 'subnet_id': 'bar_id'}])] - ) - plugin.generate_node_port_map(result, FAKE_MAPS, ports_by_node) - self.assertEqual( - {'node01': {'bar': {'ip_address': '2001:DB8:1::1', - 'ip_address_uri': '[2001:DB8:1::1]', - 'ip_subnet': '2001:DB8:1::1/64'}, - 'foo': {'ip_address': '192.168.24.1', - 'ip_address_uri': '192.168.24.1', - 'ip_subnet': '192.168.24.1/24'}}, - 'node02': {'bar': {'ip_address': '2001:DB8:1::2', - 'ip_address_uri': '[2001:DB8:1::2]', - 'ip_subnet': '2001:DB8:1::2/64'}, - 'foo': {'ip_address': '192.168.24.1', - 'ip_address_uri': '192.168.24.1', - 'ip_subnet': '192.168.24.1/24'}}}, - result['node_port_map']) - - def test_validate_instance_nets_in_net_map(self): - instances = [copy.deepcopy(FAKE_INSTANCE)] - instances[0]['networks'].append({'network': 'missing_net', - 'subnet': 'missing_subnet'},) - msg = 'Network missing_net for instance {} not found.'.format( - FAKE_INSTANCE['hostname']) - self.assertRaisesRegex(Exception, msg, - plugin.validate_instance_nets_in_net_map, - instances, FAKE_MAPS) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - @mock.patch.object(metalsmith, 'Provisioner', autospec=True) - def test__tag_metalsmith_instance_ports(self, mock_provisioner, mock_conn): - result = {'changed': False} - tags = {'tripleo_stack_name={}'.format(STACK), - 'tripleo_ironic_uuid=ironic_uuid', - 'tripleo_role=role', - 'tripleo_ironic_vif_port=true'} - expected_tags = copy.deepcopy(tags) - expected_tags.update({'tripleo_default_route=true'}) - fake_nic = stubs.FakeNeutronPort(name='hostname-ctlplane', - network_id='ctlplane_id', - id='port_uuid', - tags=[]) - fake_instance = mock.Mock() - fake_instance.nics.return_value = [fake_nic] - mock_provisioner.show_instance.return_value = fake_instance - network_config = FAKE_INSTANCE['network_config'] - default_route_network = network_config['default_route_network'] - plugin._tag_metalsmith_instance_ports(result, mock_conn, - mock_provisioner, 'ironic_uuid', - 'hostname', tags, - default_route_network, FAKE_MAPS) - mock_conn.network.set_tags.assert_called_with(fake_nic, mock.ANY) - set_tags_args = mock_conn.network.set_tags.call_args.args - self.assertEqual(set(expected_tags), set(set_tags_args[1])) - - self.assertTrue(result['changed']) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - @mock.patch.object(metalsmith, 'Provisioner', autospec=True) - def test__tag_metalsmith_instance_ports_tags_already_set( - self, mock_provisioner, mock_conn): - result = {'changed': False} - tags = {'tripleo_stack_name={}'.format(STACK), - 'tripleo_ironic_uuid=ironic_uuid', - 'tripleo_role=role', - 'tripleo_ironic_vif_port=true'} - fake_nic = stubs.FakeNeutronPort( - name='hostname-ctlplane', dns_name='hostname', id='port_uuid', - network_id='ctlplane_id', - tags=['tripleo_stack_name={}'.format(STACK), - 'tripleo_ironic_uuid=ironic_uuid', - 'tripleo_role=role', - 'tripleo_ironic_vif_port=true', - 'tripleo_default_route=true']) - fake_instance = mock.Mock() - fake_instance.nics.return_value = [fake_nic] - mock_provisioner.show_instance.return_value = fake_instance - network_config = FAKE_INSTANCE['network_config'] - default_route_network = network_config['default_route_network'] - plugin._tag_metalsmith_instance_ports( - result, mock_conn, mock_provisioner, 'ironic_uuid', 'hostname', - tags, default_route_network, FAKE_MAPS) - mock_conn.network.set_tags.assert_not_called() - - self.assertFalse(result['changed']) - - @mock.patch.object(plugin, '_tag_metalsmith_instance_ports', autospec=True) - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - @mock.patch.object(metalsmith, 'Provisioner', autospec=True) - def test_tag_metalsmith_managed_ports(self, mock_provisioner, mock_conn, - mock_tag_msmith_ports): - result = {'changed': False, 'instance_port_map': {}} - mock_conn.config = mock.Mock() - concurrency = 1 - uuid_by_hostname = {FAKE_INSTANCE['hostname']: 'fake_uuid'} - hostname_role_map = {FAKE_INSTANCE['hostname']: 'fake_role'} - instances_by_hostname = {FAKE_INSTANCE['hostname']: FAKE_INSTANCE} - plugin.tag_metalsmith_managed_ports(result, mock_conn, concurrency, - STACK, uuid_by_hostname, - hostname_role_map, - instances_by_hostname, FAKE_MAPS) - expected_tags = {'tripleo_role=fake_role', - 'tripleo_ironic_vif_port=true', - 'tripleo_stack_name=overcloud', - 'tripleo_ironic_uuid=fake_uuid'} - mock_tag_msmith_ports.assert_called_with( - result, mock_conn, mock.ANY, 'fake_uuid', - FAKE_INSTANCE['hostname'], expected_tags, - FAKE_INSTANCE['network_config']['default_route_network'], - FAKE_MAPS) diff --git a/tripleo_ansible/tests/modules/test_tripleo_overcloud_network_vip_extract.py b/tripleo_ansible/tests/modules/test_tripleo_overcloud_network_vip_extract.py deleted file mode 100644 index cd188cc33..000000000 --- a/tripleo_ansible/tests/modules/test_tripleo_overcloud_network_vip_extract.py +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -import mock -import openstack - -try: - from ansible.module_utils import network_data_v2 as n_utils -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils import network_data_v2 as n_utils # noqa -from tripleo_ansible.ansible_plugins.modules import ( - tripleo_overcloud_network_vip_extract as plugin) -from tripleo_ansible.tests import base as tests_base -from tripleo_ansible.tests import stubs - - -@mock.patch.object(openstack.connection, 'Connection', autospec=True) -class TestTripleoOvercloudVipExtract(tests_base.TestCase): - - def setUp(self): - super(TestTripleoOvercloudVipExtract, self).setUp() - - # Helper function to convert array to generator - self.a2g = lambda x: (n for n in x) - - def test_find_net_vips(self, mock_conn): - fake_network = stubs.FakeNeutronNetwork( - id='internal_api_id', - name='internal_api') - fake_subnet = stubs.FakeNeutronSubnet( - id='internal_api_subnet_id', - name='internal_api_subnet') - fake_vip_port = stubs.FakeNeutronPort( - id='internal_api_vip_id', - network_id='internal_api_id', - name='internal_api_virtual_ip', - fixed_ips=[{'subnet_id': 'internal_api_subnet_id', - 'ip_address': '1.2.3.4'}], - tags=['tripleo_stack_name=overcloud', 'tripleo_vip_net=internal_api'], - dns_name='internalapi.localdomain' - ) - mock_conn.network.get_network.return_value = fake_network - mock_conn.network.get_subnet.return_value = fake_subnet - mock_conn.network.ports.return_value = self.a2g([fake_vip_port]) - - vip_data = plugin.find_net_vips(mock_conn, 'overcloud') - self.assertEqual([{'name': 'internal_api_virtual_ip', - 'network': 'internal_api', - 'subnet': 'internal_api_subnet', - 'ip_address': '1.2.3.4', - 'dns_name': 'internalapi.localdomain'}], - vip_data) diff --git a/tripleo_ansible/tests/modules/test_tripleo_overcloud_network_vip_populate_env.py b/tripleo_ansible/tests/modules/test_tripleo_overcloud_network_vip_populate_env.py deleted file mode 100644 index c2741a1f8..000000000 --- a/tripleo_ansible/tests/modules/test_tripleo_overcloud_network_vip_populate_env.py +++ /dev/null @@ -1,180 +0,0 @@ -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import mock -import openstack - -from tripleo_ansible.ansible_plugins.modules import ( - tripleo_overcloud_network_vip_populate_environment as plugin) -from tripleo_ansible.tests import base as tests_base -from tripleo_ansible.tests import stubs - -BY_NAME_MAP = { - 'ctlplane': { - 'id': 'ctlplane_id', - 'subnets': { - 'ctlplane-subnet': 'ctlplane_subnet_id' - } - }, - 'internal_api': { - 'id': 'internal_api_id', - 'subnets': { - 'internal_api_subnet': 'internal_api_subnet_id', - } - }, - 'storage_mgmt': { - 'id': 'storage_mgmt_id', - 'subnets': { - 'storage_mgmt_subnet': 'storage_mgmt_subnet_id', - } - }, - 'external': { - 'id': 'external_id', - 'subnets': { - 'external_subnet': 'external_subnet_id', - } - }, -} - -NET_MAPS = {'by_name': BY_NAME_MAP} - -fake_internal_api = stubs.FakeNeutronNetwork( - id='internal_api_id', name='internal_api', - dns_domain='internalapi.localdomain.', - tags=['tripleo_network_name=InternalApi', 'tripleo_stack_name=stack']) -fake_storage_mgmt = stubs.FakeNeutronNetwork( - id='storage_mgmt_id', name='storage_mgmt', - dns_domain='storagemgmt.localdomain.', - tags=['tripleo_network_name=StorageMgmt', 'tripleo_stack_name=stack']) -fake_external = stubs.FakeNeutronNetwork( - id='external_id', name='external', - dns_domain='external.localdomain.', - tags=['tripleo_network_name=External', 'tripleo_stack_name=stack']) -fake_ctlplane = stubs.FakeNeutronNetwork( - id='ctlplane_id', name='ctlplane', dns_domain='ctlplane.localdomain.', - tags=['foo', 'bar']) -fake_ctlplane_subnet = stubs.FakeNeutronSubnet( - id='ctlplane_subnet_id', name='ctlplane-subnet', cidr='192.168.24.0/24', - ip_version=4) -fake_internal_api_subnet = stubs.FakeNeutronSubnet( - id='internal_api_subnet_id', name='internal_api_subnet', - cidr='10.0.1.0/24') -fake_storage_mgmt_subnet = stubs.FakeNeutronSubnet( - id='storage_mgmt_subnet_id', name='storage_mgmt_subnet', - cidr='10.0.3.0/24') -fake_external_subnet = stubs.FakeNeutronSubnet( - id='external_subnet_id', name='external_subnet', cidr='10.0.5.0/24') - -fake_ctlplane_port = stubs.FakeNeutronPort( - name='control_virtual_ip', - id='ctlplane_port_id', - dns_name='overcloud', - fixed_ips=[{'ip_address': '192.168.24.1', - 'subnet_id': 'ctlplane_subnet_id'}], - tags=['tripleo_stack_name=stack', 'tripleo_vip_net=ctlplane'] -) -fake_internal_api_port = stubs.FakeNeutronPort( - id='internal_api_port_id', - dns_name='overcloud', - fixed_ips=[{'ip_address': '10.0.1.1', - 'subnet_id': 'internal_api_subnet_id'}], - tags=['tripleo_stack_name=stack', 'tripleo_vip_net=internal_api'] -) -fake_storage_mgmt_port = stubs.FakeNeutronPort( - id='storage_mgmt_port_id', - dns_name='overcloud', - fixed_ips=[{'ip_address': '10.0.3.1', - 'subnet_id': 'storage_mgmt_subnet_id'}], - tags=['tripleo_stack_name=stack', 'tripleo_vip_net=storage_mgmt'] -) -fake_external_port = stubs.FakeNeutronPort( - id='external_port_id', - dns_name='overcloud', - fixed_ips=[{'ip_address': '10.0.5.1', - 'subnet_id': 'external_subnet_id'}], - tags=['tripleo_stack_name=stack', 'tripleo_vip_net=External'] -) - - -@mock.patch.object(openstack.connection, 'Connection', autospec=True) -class TestTripleoOvercloudVipProvision(tests_base.TestCase): - - def setUp(self): - super(TestTripleoOvercloudVipProvision, self).setUp() - - # Helper function to convert array to generator - self.a2g = lambda x: (n for n in x) - - def test_get_net_name_map(self, mock_conn): - mock_conn.network.networks.return_value = self.a2g( - [fake_ctlplane, fake_internal_api, fake_storage_mgmt, - fake_external]) - self.assertEqual({'ctlplane': 'ControlPlane', - 'external': 'External', - 'internal_api': 'InternalApi', - 'storage_mgmt': 'StorageMgmt'}, - plugin.get_net_name_map(mock_conn)) - - def test_populate_net_vip_env(self, mock_conn): - mock_conn.network.networks.return_value = self.a2g( - [fake_ctlplane, fake_internal_api, fake_storage_mgmt, - fake_external]) - mock_conn.network.ports.side_effect = [ - self.a2g([fake_ctlplane_port]), - self.a2g([fake_internal_api_port]), - self.a2g([fake_storage_mgmt_port]), - self.a2g([fake_external_port]) - ] - mock_conn.network.get_network.return_value = fake_ctlplane - mock_conn.network.get_subnet.side_effect = [fake_ctlplane_subnet, - fake_internal_api_subnet, - fake_storage_mgmt_subnet, - fake_external_subnet] - vip_data = [ - {'name': 'control_virtual_ip', 'network': 'ctlplane'}, - {'name': 'internal_api_virtual_ip', 'network': 'internal_api'}, - {'name': 'storage_mgmt_virtual_ip', 'network': 'storage_mgmt'}, - {'name': 'external_virtual_ip', 'network': 'external'}] - env = {} - templates = '/foo/tht_root' - plugin.populate_net_vip_env(mock_conn, 'stack', NET_MAPS, vip_data, - env, templates) - self.assertEqual({ - 'ControlPlaneVipData': { - 'name': 'control_virtual_ip', - 'fixed_ips': [{'ip_address': '192.168.24.1'}], - 'network': {'tags': ['foo', 'bar']}, - 'subnets': [{'ip_version': 4}]}, - 'VipPortMap': { - 'external': {'ip_address': '10.0.5.1', - 'ip_address_uri': '10.0.5.1', - 'ip_subnet': '10.0.5.1/24'}, - 'internal_api': {'ip_address': '10.0.1.1', - 'ip_address_uri': '10.0.1.1', - 'ip_subnet': '10.0.1.1/24'}, - 'storage_mgmt': {'ip_address': '10.0.3.1', - 'ip_address_uri': '10.0.3.1', - 'ip_subnet': '10.0.3.1/24'}}}, - env['parameter_defaults']) - self.assertEqual({ - 'OS::TripleO::Network::Ports::ControlPlaneVipPort': - '/foo/tht_root/network/ports/deployed_vip_ctlplane.yaml', - 'OS::TripleO::Network::Ports::ExternalVipPort': - '/foo/tht_root/network/ports/deployed_vip_external.yaml', - 'OS::TripleO::Network::Ports::InternalApiVipPort': - '/foo/tht_root/network/ports/deployed_vip_internal_api.yaml', - 'OS::TripleO::Network::Ports::StorageMgmtVipPort': - '/foo/tht_root/network/ports/deployed_vip_storage_mgmt.yaml'}, - env['resource_registry']) diff --git a/tripleo_ansible/tests/modules/test_tripleo_overcloud_network_vip_provision.py b/tripleo_ansible/tests/modules/test_tripleo_overcloud_network_vip_provision.py deleted file mode 100644 index dfe6e4c10..000000000 --- a/tripleo_ansible/tests/modules/test_tripleo_overcloud_network_vip_provision.py +++ /dev/null @@ -1,205 +0,0 @@ -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -import copy -import mock -import openstack - -try: - from ansible.module_utils import network_data_v2 as n_utils -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils import network_data_v2 as n_utils # noqa -from tripleo_ansible.ansible_plugins.modules import ( - tripleo_overcloud_network_vip_provision as plugin) -from tripleo_ansible.tests import base as tests_base -from tripleo_ansible.tests import stubs - - -BY_NAME_MAP = { - 'network1': { - 'id': 'network1_id', - 'subnets': { - 'subnet1': 'subnet1_id', - 'subnet2': 'subnet2_id' - } - }, - 'network2': { - 'id': 'network2_id', - 'subnets': { - 'subnet3': 'subnet3_id', - 'subnet4': 'subnet4_id' - } - } - } -BY_ID_MAP = { - 'network1_id': 'network1', - 'network2_id': 'network2', - } -NET_MAPS = {'by_name': BY_NAME_MAP, 'by_id': BY_ID_MAP} - - -@mock.patch.object(openstack.connection, 'Connection', autospec=True) -class TestTripleoOvercloudVipProvision(tests_base.TestCase): - - def setUp(self): - super(TestTripleoOvercloudVipProvision, self).setUp() - - # Helper function to convert array to generator - self.a2g = lambda x: (n for n in x) - - def test_validate_vip_nets_in_net_map(self, mock_conn): - vip_data = [{'name': 'foo', 'network': 'bar', 'subnet': 'bar_subnet'}] - - msg = 'Network {} for Virtual IP not found.'.format( - vip_data[0]['network']) - self.assertRaisesRegex(Exception, msg, - plugin.validate_vip_nets_in_net_map, - vip_data, NET_MAPS) - vip_data = [{'name': 'foo', 'network': 'network1', 'subnet': 'ERR'}] - msg = 'Subnet {} for Virtual IP not found on network {}.'.format( - vip_data[0]['subnet'], vip_data[0]['network']) - self.assertRaisesRegex(Exception, msg, - plugin.validate_vip_nets_in_net_map, - vip_data, NET_MAPS) - - def test_create_port_def(self, mock_conn): - vip_spec = {'name': 'network1_virtual_ip', - 'network': 'network1', - 'subnet': 'subnet2', - 'dns_name': 'overcloud'} - self.assertEqual({'dns_name': 'overcloud', - 'fixed_ips': [{'subnet_id': 'subnet2_id'}], - 'name': 'network1_virtual_ip', - 'network_id': 'network1_id'}, - plugin.create_port_def(vip_spec, NET_MAPS)) - vip_spec = {'name': 'network1_virtual_ip', - 'network': 'network1', - 'ip_address': '1.2.3.4', - 'dns_name': 'overcloud'} - self.assertEqual({'dns_name': 'overcloud', - 'fixed_ips': [{'ip_address': '1.2.3.4'}], - 'name': 'network1_virtual_ip', - 'network_id': 'network1_id'}, - plugin.create_port_def(vip_spec, NET_MAPS)) - - def test_create_port_def_minimal_input(self, mock_conn): - vip_spec = {'network': 'network1'} - net_maps = copy.deepcopy(NET_MAPS) - del net_maps['by_name']['network1']['subnets']['subnet2'] - self.assertEqual({'dns_name': 'overcloud', - 'name': 'network1_virtual_ip', - 'fixed_ips': [{'subnet_id': 'subnet1_id'}], - 'network_id': 'network1_id'}, - plugin.create_port_def(vip_spec, net_maps)) - - def test_create_port_def_minimal_input_raises(self, mock_conn): - vip_spec = {'network': 'network1'} - msg = ( - 'Network {} has multiple subnets, please add a subnet or an ' - 'ip_address for the vip on this network.'.format( - vip_spec['network'])) - self.assertRaisesRegex(Exception, msg, - plugin.create_port_def, vip_spec, NET_MAPS) - - def test_provision_vip_port(self, mock_conn): - vip_spec = {'name': 'network1_virtual_ip', - 'network': 'network1', - 'ip_address': '1.2.3.4', - 'dns_name': 'overcloud'} - mock_conn.network.ports.return_value = self.a2g([]) - managed_ports = list() - plugin.provision_vip_port(mock_conn, 'stack', NET_MAPS, vip_spec, - managed_ports) - mock_conn.network.create_port.assert_called_with( - dns_name='overcloud', - fixed_ips=[{'ip_address': '1.2.3.4'}], - name='network1_virtual_ip', - network_id='network1_id') - mock_conn.network.set_tags.assert_called_once() - - def test_provision_vip_port_update_no_change(self, mock_conn): - vip_spec = {'name': 'network1_virtual_ip', - 'network': 'network1', - 'ip_address': '1.2.3.4', - 'dns_name': 'overcloud'} - fake_port = stubs.FakeNeutronPort( - id='port_id', - name='network1_virtual_ip', - network_id='network1_id', - fixed_ips=[{'ip_address': '1.2.3.4'}], - dns_name='overcloud', - tags=['tripleo_stack_name=stack', 'tripleo_vip_net=network1'] - ) - mock_conn.network.ports.return_value = self.a2g([fake_port]) - managed_ports = list() - plugin.provision_vip_port(mock_conn, 'stack', NET_MAPS, vip_spec, - managed_ports) - self.assertEqual([fake_port.id], managed_ports) - mock_conn.network.create_port.assert_not_called() - mock_conn.network.update_port.assert_not_called() - mock_conn.network.set_tags.assert_not_called() - - def test_provision_vip_port_update_need_update(self, mock_conn): - vip_spec = {'name': 'network1_virtual_ip', - 'network': 'network1', - 'ip_address': '11.22.33.44', - 'dns_name': 'overcloud'} - fake_port = stubs.FakeNeutronPort( - id='port_id', - name='network1_virtual_ip', - network_id='network1_id', - fixed_ips=[{'ip_address': '1.2.3.4'}], - dns_name='overcloud', - tags=['tripleo_stack_name=stack', 'tripleo_vip_net=network1'] - ) - port_def = {'dns_name': 'overcloud', - 'fixed_ips': [{'ip_address': '11.22.33.44'}], - 'name': 'network1_virtual_ip'} - mock_conn.network.ports.return_value = self.a2g([fake_port]) - managed_ports = list() - plugin.provision_vip_port(mock_conn, 'stack', NET_MAPS, vip_spec, - managed_ports) - self.assertEqual([fake_port.id], managed_ports) - mock_conn.network.create_port.assert_not_called() - mock_conn.network.update_port.assert_called_with(fake_port.id, - **port_def) - mock_conn.network.set_tags.assert_not_called() - - def test_remove_obsolete_ports_deletes_port(self, mock_conn): - fake_port = stubs.FakeNeutronPort( - id='port_id', - name='network1_virtual_ip', - network_id='network1_id', - fixed_ips=[{'ip_address': '1.2.3.4'}], - dns_name='overcloud', - tags=['tripleo_stack_name=stack', 'tripleo_vip_net=network1'] - ) - mock_conn.network.ports.return_value = self.a2g([fake_port]) - plugin.remove_obsolete_ports(mock_conn, 'stack', []) - mock_conn.network.delete_port.assert_called_once_with(fake_port.id) - - def test_remove_obsolete_ports_does_not_delete_managed(self, mock_conn): - fake_port = stubs.FakeNeutronPort( - id='port_id', - name='network1_virtual_ip', - network_id='network1_id', - fixed_ips=[{'ip_address': '1.2.3.4'}], - dns_name='overcloud', - tags=['tripleo_stack_name=stack', 'tripleo_vip_net=network1'] - ) - mock_conn.network.ports.return_value = self.a2g([fake_port]) - plugin.remove_obsolete_ports(mock_conn, 'stack', [fake_port.id]) - mock_conn.network.delete_port.assert_not_called() diff --git a/tripleo_ansible/tests/modules/test_tripleo_ovn_mac_addresses.py b/tripleo_ansible/tests/modules/test_tripleo_ovn_mac_addresses.py deleted file mode 100644 index d6b7cdfb5..000000000 --- a/tripleo_ansible/tests/modules/test_tripleo_ovn_mac_addresses.py +++ /dev/null @@ -1,157 +0,0 @@ -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -import copy -import mock -import openstack - -try: - from ansible.module_utils import network_data_v2 as n_utils -except ImportError: - from tripleo_ansible.ansible_plugins.module_utils import network_data_v2 as n_utils # noqa -from tripleo_ansible.ansible_plugins.modules import ( - tripleo_ovn_mac_addresses as plugin) -from tripleo_ansible.tests import base as tests_base -from tripleo_ansible.tests import stubs - - -FAKE_NETWORK = stubs.FakeNeutronNetwork( - name=plugin.NET_NAME, - id='fake_ovn_mac_addr_net_id', - description=plugin.NET_DESCRIPTION -) - -FAKE_PORT = stubs.FakeNeutronPort( - name='server-01_ovn_physnet_network01', - dns_name='server-01', - tags=['tripleo_ovn_physnet=network01', 'tripleo_stack_name=stack'] -) - - -@mock.patch.object(openstack.connection, 'Connection', autospec=True) -class TestTripleoOVNMacAddresses(tests_base.TestCase): - - def setUp(self): - super(TestTripleoOVNMacAddresses, self).setUp() - - # Helper function to convert array to generator - self.a2g = lambda x: (n for n in x) - - def test_create_ovn_mac_address_network(self, mock_conn): - result = dict(changed=False) - mock_conn.network.find_network.return_value = None - mock_conn.network.create_network.return_value = FAKE_NETWORK - - net_id = plugin.create_ovn_mac_address_network(result, mock_conn) - - mock_conn.network.create_network.assert_called_with( - name=plugin.NET_NAME, - description=plugin.NET_DESCRIPTION) - self.assertTrue(result['changed']) - self.assertEqual(FAKE_NETWORK.id, net_id) - - def test_create_ovn_mac_address_network_already_exists(self, mock_conn): - result = dict(changed=False) - mock_conn.network.find_network.return_value = FAKE_NETWORK - - net_id = plugin.create_ovn_mac_address_network(result, mock_conn) - - mock_conn.network.create_network.assert_not_called() - self.assertFalse(result['changed']) - self.assertEqual(FAKE_NETWORK.id, net_id) - - def test_port_exists_port_not_found(self, mock_conn): - net_id = FAKE_NETWORK.id - tags = ['tripleo_stack_name=stack'] - name = 'server-01_ovn_physnet_network01' - mock_conn.network.ports.return_value = self.a2g([]) - self.assertFalse(plugin.port_exists(mock_conn, net_id, tags, name)) - mock_conn.network.ports.assert_called_with(network_id=net_id, - name=name, tags=tags) - - def test_port_exists_port_found(self, mock_conn): - net_id = FAKE_NETWORK.id - tags = ['tripleo_stack_name=stack'] - name = 'server-01_ovn_physnet_network01' - mock_conn.network.ports.return_value = self.a2g([FAKE_PORT]) - self.assertTrue(plugin.port_exists(mock_conn, net_id, tags, name)) - mock_conn.network.ports.assert_called_with(network_id=net_id, - name=name, tags=tags) - - @mock.patch.object(plugin, 'port_exists', autospec=True) - def test_create_ovn_mac_address_ports(self, mock_port_exists, mock_conn): - result = dict(changed=False) - tags = ['tripleo_stack_name=overcloud'] - physnets = ['net-a', 'net-b'] - server = 'controller-0' - mock_port_exists.return_value = False - plugin.create_ovn_mac_address_ports(result, mock_conn, - FAKE_NETWORK.id, tags, - physnets, server) - mock_conn.network.create_port.assert_has_calls( - [mock.call(network_id=FAKE_NETWORK.id, - name=server + '_ovn_physnet_net-a', - dns_name=server), - mock.call(network_id=FAKE_NETWORK.id, - name=server + '_ovn_physnet_net-b', - dns_name=server)]) - mock_conn.network.set_tags.assert_has_calls( - [mock.call(mock.ANY, tags + ['tripleo_ovn_physnet=net-a']), - mock.call(mock.ANY, tags + ['tripleo_ovn_physnet=net-b'])]) - - @mock.patch.object(plugin, 'port_exists', autospec=True) - def test_create_ovn_mac_address_ports_exists(self, mock_port_exists, - mock_conn): - result = dict(changed=False) - tags = ['tripleo_stack_name=overcloud'] - physnets = ['net-a', 'net-b'] - server = 'controller-0.example.com' - mock_port_exists.return_value = True - plugin.create_ovn_mac_address_ports(result, mock_conn, - FAKE_NETWORK.id, tags, - physnets, server) - mock_conn.network.create_port.assert_not_called() - mock_conn.network.set_tags.assert_not_called() - - def test_delete_ports_for_removed_nodes(self, mock_conn): - result = dict(changed=False) - servers = ['server-01', 'server-a', 'server-b'] - physnets = ['network01', 'net-a', 'net-b'] - mock_conn.network.ports.return_value = self.a2g([FAKE_PORT]) - plugin.remove_obsolete_ports(result, mock_conn, 'net_id', - ['fake_tags'], servers, physnets) - mock_conn.network.delete_port.assert_not_called() - self.assertFalse(result['changed']) - - # Verify port is deleted if server was deleted, (scale down) - mock_conn.reset_mock() - mock_conn.network.ports.return_value = self.a2g([FAKE_PORT]) - servers = ['server-a', 'server-b'] - plugin.remove_obsolete_ports(result, mock_conn, 'net_id', - ['fake_tags'], servers, physnets) - mock_conn.network.delete_port.assert_called_with(FAKE_PORT) - self.assertTrue(result['changed']) - - # Verify port is deleted if physnet no longer in bridge mappings - mock_conn.reset_mock() - result = dict(changed=False) - mock_conn.network.ports.return_value = self.a2g([FAKE_PORT]) - servers = ['server-01', 'server-a', 'server-b'] - physnets = ['net-a', 'net-b'] - plugin.remove_obsolete_ports(result, mock_conn, 'net_id', - ['fake_tags'], servers, physnets) - mock_conn.network.delete_port.assert_called_with(FAKE_PORT) - self.assertTrue(result['changed']) diff --git a/tripleo_ansible/tests/modules/test_tripleo_service_vip.py b/tripleo_ansible/tests/modules/test_tripleo_service_vip.py deleted file mode 100644 index 0de8e12c8..000000000 --- a/tripleo_ansible/tests/modules/test_tripleo_service_vip.py +++ /dev/null @@ -1,204 +0,0 @@ -# Copyright (c) 2021 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import mock -import openstack - -from tripleo_ansible.ansible_plugins.modules import ( - tripleo_service_vip as plugin) -from tripleo_ansible.tests import base as tests_base -from tripleo_ansible.tests import stubs - - -class TestTripleoServiceVip(tests_base.TestCase): - - def setUp(self): - super(TestTripleoServiceVip, self).setUp() - - # Helper function to convert array to generator - self.a2g = lambda x: (n for n in x) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_create_port(self, mock_conn): - fixed_ips = [{'subnet': 'test'}] - fake_net = stubs.FakeNeutronNetwork( - name='test', - id='net_id' - ) - fake_subnet = stubs.FakeNeutronSubnet( - name='test', - id='subnet_id' - ) - fake_port = stubs.FakeNeutronPort( - name='test_virtual_ip', - id='port_id', - fixed_ips=[{'ip_address': '10.0.0.10', 'subnet_id': 'subnet_id'}], - tags=[] - ) - mock_conn.network.find_subnet.return_value = fake_subnet - mock_conn.network.ports.return_value = self.a2g([]) - mock_conn.network.create_port.return_value = fake_port - plugin.create_or_update_port(mock_conn, fake_net, stack='test', - service='test', fixed_ips=fixed_ips) - mock_conn.network.create_port.assert_called_once_with( - name='test_virtual_ip', network_id='net_id', - fixed_ips=[{'subnet_id': 'subnet_id'}]) - mock_conn.network.update_port.assert_not_called() - mock_conn.network.set_tags.assert_called_once_with( - fake_port, [mock.ANY, mock.ANY]) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_update_port(self, mock_conn): - fixed_ips = [{'subnet': 'test'}] - fake_net = stubs.FakeNeutronNetwork( - name='test', - id='net_id' - ) - fake_subnet = stubs.FakeNeutronSubnet( - name='test', - id='subnet_id' - ) - fake_port = stubs.FakeNeutronPort( - name='test_virtual_ip', - id='port_id', - fixed_ips=[{'ip_address': '10.0.0.10', 'subnet_id': 'subnet_id'}], - tags=[] - ) - mock_conn.network.find_subnet.return_value = fake_subnet - mock_conn.network.ports.return_value = self.a2g([fake_port]) - mock_conn.network.update_port.return_value = fake_port - plugin.create_or_update_port(mock_conn, fake_net, stack='test', - service='test', fixed_ips=fixed_ips) - mock_conn.network.create_port.assert_not_called() - mock_conn.network.update_port.assert_called_once_with( - fake_port, name='test_virtual_ip', network_id='net_id', - fixed_ips=[{'subnet_id': 'subnet_id'}]) - mock_conn.network.set_tags.assert_called_once_with( - fake_port, [mock.ANY, mock.ANY]) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_no_change_no_update(self, mock_conn): - # TODO - pass - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_fail_if_no_fixed_ips(self, mock_conn): - fake_net = stubs.FakeNeutronNetwork( - name='test', - id='net_id' - ) - msg = ('ERROR: No IP allocation definition provided. ' - 'Please provide at least one IP allocation ' - 'definition using the fixed_ips argument.') - self.assertRaisesRegex(Exception, msg, - plugin.create_or_update_port, mock_conn, - fake_net) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_find_ctlplane_vip_found(self, mock_conn): - tags = ['tripleo_stack_name=overcloud', 'tripleo_vip_net=ctlplane'] - fake_port = stubs.FakeNeutronPort( - name='test_virtual_ip', - id='port_id', - fixed_ips=[{'ip_address': '10.0.0.10', 'subnet_id': 'subnet_id'}], - tags=['tripleo_stack_name=overcloud', - 'tripleo_vip_net=ctlplane'] - ) - mock_conn.network.ports.return_value = self.a2g([fake_port]) - port = plugin.find_ctlplane_vip(mock_conn, stack='overcloud', - service='test') - mock_conn.network.ports.assert_called_once_with(tags=tags) - self.assertEqual(fake_port, port) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - def test_find_ctlplane_vip_not_found(self, mock_conn): - stack = 'overcloud' - service = 'test' - msg = ('Virtual IP address on the ctlplane network for stack ' - '{} not found. Service {} is mapped to the ctlplane ' - 'network and thus require a virtual IP address to be ' - 'present on the ctlplane network.'.format(stack, service)) - mock_conn.network.ports.return_value = self.a2g([]) - self.assertRaisesRegex(Exception, msg, - plugin.find_ctlplane_vip, mock_conn, - stack=stack, service=service) - tags = ['tripleo_stack_name={}'.format(stack), - 'tripleo_vip_net=ctlplane'] - mock_conn.network.ports.assert_called_once_with(tags=tags) - - @mock.patch.object(plugin, 'write_vars_file', autospec=True) - @mock.patch.object(plugin, 'use_neutron', autospec=True) - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - @mock.patch.object(plugin, '_openstack_cloud_from_module', autospec=True) - def test_create_service_vip(self, mock_ocfm, mock_conn, mock_use_neutron, - mock_write_file): - expected = "{'service': '10.0.0.10'}" - module = mock.Mock() - fixed_ips = [{'ip_address': '10.0.0.10', 'subnet_id': 'subnet_id'}] - mock_ocfm.return_value = None, mock_conn - mock_port = mock.Mock() - mock_use_neutron.return_value = mock_port - payload = plugin.create_service_vip(module, 'overcloud', 'service', 'network', - fixed_ips, '/tmp/dir') - - payload.return_value = "{'service': '10.0.0.10'}" - mock_use_neutron.assert_called_with(mock_conn, 'overcloud', 'service', - 'network', fixed_ips) - mock_write_file.assert_called_with(mock_port, 'service', '/tmp/dir', None) - - self.assertEqual(expected, payload.return_value) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - @mock.patch.object(plugin, '_openstack_cloud_from_module', autospec=True) - def test_delete_service_vip(self, mock_ocfm, mock_conn): - module = mock.Mock() - mock_ocfm.return_value = None, mock_conn - mock_port1 = mock.Mock(id=123, - tags=['tripleo_stack_name=overcloud', - 'tripleo_service_vip=ovn_dbs']) - mock_port2 = mock.Mock(id=456, tags=[]) - mock_conn.network.ports.return_value = [mock_port1, mock_port2] - plugin.delete_service_vip(module, 'overcloud') - mock_conn.network.delete_port.assert_called_with(123) - self.assertEqual(1, mock_conn.network.delete_port.call_count) - - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - @mock.patch.object(plugin, '_openstack_cloud_from_module', autospec=True) - def test_delete_service_vip_with_service(self, mock_ocfm, mock_conn): - module = mock.Mock() - mock_ocfm.return_value = None, mock_conn - mock_port = mock.Mock(id=123, - tags=['tripleo_stack_name=overcloud', - 'tripleo_service_vip=redis']) - mock_conn.network.ports.return_value = [mock_port] - plugin.delete_service_vip(module, 'overcloud', 'redis') - mock_conn.network.delete_port.assert_called_with(123) - - @mock.patch.object(plugin, 'write_vars_file', autospec=True) - @mock.patch.object(plugin, 'use_fake', autospec=True) - @mock.patch.object(openstack.connection, 'Connection', autospec=True) - @mock.patch.object(plugin, '_openstack_cloud_from_module', autospec=True) - def test_create_no_neutron_service_vip(self, mock_ocfm, mock_conn, - mock_use_fake, mock_write_file): - module = mock.Mock() - fixed_ips = [{'ip_address': '10.0.0.10', 'subnet_id': 'subnet_id', - 'use_neutron': False}] - mock_ocfm.return_value = None, mock_conn - mock_port = mock.Mock() - mock_use_fake.return_value = mock_port - plugin.create_service_vip(module, 'overcloud', 'service', 'network', - fixed_ips, '/tmp/dir') - mock_use_fake.assert_called_with('service', fixed_ips) - mock_write_file.assert_called_with(mock_port, 'service', '/tmp/dir', None) diff --git a/tripleo_ansible/tests/modules/test_tripleo_unmanaged_populate_environment.py b/tripleo_ansible/tests/modules/test_tripleo_unmanaged_populate_environment.py deleted file mode 100644 index 6a404706b..000000000 --- a/tripleo_ansible/tests/modules/test_tripleo_unmanaged_populate_environment.py +++ /dev/null @@ -1,73 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import copy - -from tripleo_ansible.ansible_plugins.modules import ( - tripleo_unmanaged_populate_environment as plugin) -from tripleo_ansible.tests import base as tests_base - - -FAKE_INSTANCES = [ - {'hostname': 'instance1', - 'managed': False, - 'networks': [{'network': 'ctlplane', 'fixed_ip': '1.1.1.1'}]}, - {'hostname': 'instance2', - 'managed': False, - 'networks': [{'network': 'ctlplane', 'fixed_ip': '1.1.1.2'}]}, - {'hostname': 'instance3', - 'networks': [{'network': 'ctlplane', 'vif': True}]}, -] - -FAKE_ENVIRONMENT = { - 'parameter_defaults': { - 'FooParam': 'foo', - 'DeployedServerPortMap': { - 'instance3-ctlplane': { - 'fixed_ips': [{'ip_address': '1.1.1.3'}] - } - } - }, - 'resource_registry': { - 'OS::Fake::Resource': '/path/to/fake/resource.yaml' - }, -} - -FAKE_NODE_PORT_MAP = { - 'instance1': { - 'ctlplane': {'ip_address': '1.1.1.1'} - }, - 'instance2': { - 'ctlplane': {'ip_address': '1.1.1.2'} - }, - 'instance3': { - 'ctlplane': {'ip_address': '1.1.1.3'} - }, -} - - -class TestTripleoOvercloudNetworkPorts(tests_base.TestCase): - - def test_update_environment(self): - env = copy.deepcopy(FAKE_ENVIRONMENT) - plugin.update_environment(env, 'ctlplane', FAKE_NODE_PORT_MAP, - FAKE_INSTANCES) - expected = copy.deepcopy(FAKE_ENVIRONMENT) - expected['parameter_defaults']['DeployedServerPortMap'].update( - {'instance1-ctlplane': {'fixed_ips': [{'ip_address': '1.1.1.1'}]}, - 'instance2-ctlplane': {'fixed_ips': [{'ip_address': '1.1.1.2'}]}, - } - ) - self.assertEqual(expected, env) diff --git a/tripleo_ansible/tests/plugins/__init__.py b/tripleo_ansible/tests/plugins/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/tests/plugins/filter/__init__.py b/tripleo_ansible/tests/plugins/filter/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/tests/plugins/filter/test_helpers.py b/tripleo_ansible/tests/plugins/filter/test_helpers.py deleted file mode 100644 index d5917a549..000000000 --- a/tripleo_ansible/tests/plugins/filter/test_helpers.py +++ /dev/null @@ -1,1202 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from ansible import errors - -from tripleo_ansible.ansible_plugins.filter import helpers -from tripleo_ansible.tests import base as tests_base - - -class TestHelperFilters(tests_base.TestCase): - - def setUp(self): - super(TestHelperFilters, self).setUp() - self.filters = helpers.FilterModule() - - def test_subsort(self): - dict = { - 'keystone': { - 'start_order': 1, - 'image': 'quay.io/tripleo/keystone' - }, - 'haproxy': { - 'image': 'quay.io/tripleo/haproxy' - }, - 'mysql': { - 'start_order': 0, - 'image': 'quay.io/tripleo/mysql' - } - } - expected_ordered_dict = { - 0: [ - {'haproxy': { - 'image': 'quay.io/tripleo/haproxy', - 'start_order': 0 - }}, - {'mysql': { - 'image': 'quay.io/tripleo/mysql', - 'start_order': 0 - }} - ], - 1: [ - {'keystone': { - 'image': 'quay.io/tripleo/keystone', - 'start_order': 1 - }} - ] - } - result = self.filters.subsort(dict_to_sort=dict, - attribute='start_order') - self.assertEqual(result, expected_ordered_dict) - - def test_subsort_with_null_value(self): - dict = { - 'keystone': { - 'start_order': 1, - 'image': 'quay.io/tripleo/keystone' - }, - 'haproxy': { - 'image': 'quay.io/tripleo/haproxy' - }, - 'mysql': { - 'start_order': 0, - 'image': 'quay.io/tripleo/mysql' - } - } - expected_ordered_dict = { - 0: [ - {'mysql': { - 'image': 'quay.io/tripleo/mysql', - 'start_order': 0 - }} - ], - 1: [ - {'keystone': { - 'image': 'quay.io/tripleo/keystone', - 'start_order': 1 - }} - ], - 5: [ - {'haproxy': { - 'image': 'quay.io/tripleo/haproxy', - 'start_order': 5 - }} - ] - } - result = self.filters.subsort(dict_to_sort=dict, - attribute='start_order', null_value=5) - self.assertEqual(result, expected_ordered_dict) - - def test_singledict(self): - list = [ - { - 'keystone': { - 'start_order': 1, - 'image': 'quay.io/tripleo/keystone' - }, - }, - { - 'mysql': { - 'start_order': 0, - 'image': 'quay.io/tripleo/mysql' - } - } - ] - expected_dict = { - 'keystone': { - 'start_order': 1, - 'image': 'quay.io/tripleo/keystone' - }, - 'mysql': { - 'start_order': 0, - 'image': 'quay.io/tripleo/mysql' - } - } - result = self.filters.singledict(list) - self.assertEqual(result, expected_dict) - - def test_singledict_with_merge(self): - list = [ - { - 'keystone': { - 'start_order': 1, - 'image': 'quay.io/tripleo/keystone' - }, - }, - { - 'mysql': { - 'start_order': 0, - 'image': 'quay.io/tripleo/mysql' - } - } - ] - expected_dict = { - 'keystone': { - 'start_order': 1, - 'image': 'quay.io/tripleo/keystone' - }, - 'mysql': { - 'start_order': 0, - 'image': 'quay.io/tripleo/mysql:hotfix' - } - } - override = { - 'mysql': { - 'image': 'quay.io/tripleo/mysql:hotfix' - } - } - result = self.filters.singledict(list, merge_with=override) - self.assertEqual(result, expected_dict) - - def test_list_of_keys(self): - keys = [ - { - 'foo1': 'bar1' - }, - { - 'foo2': 'bar2' - }, - ] - expected_list = ['foo1', 'foo2'] - result = self.filters.list_of_keys(keys) - self.assertEqual(result, expected_list) - - def test_haskey(self): - data = [ - { - 'keystone': { - 'start_order': 1, - 'image': 'quay.io/tripleo/keystone', - 'restart': 'always' - }, - }, - { - 'mysql': { - 'start_order': 0, - 'image': 'quay.io/tripleo/mysql' - } - } - ] - expected_list = [ - { - 'keystone': { - 'start_order': 1, - 'image': 'quay.io/tripleo/keystone', - 'restart': 'always' - }, - } - ] - result = self.filters.haskey(data=data, - attribute='restart', value='always') - self.assertEqual(result, expected_list) - - def test_haskey_exclude(self): - data = [ - { - 'keystone': { - 'start_order': 1, - 'image': 'quay.io/tripleo/keystone', - 'command': 'sleep 10', - 'restart': 'always' - }, - }, - { - 'nova': { - 'start_order': 1, - 'image': 'quay.io/tripleo/nova', - 'command': 'sleep 10', - 'action': 'exec' - }, - }, - { - 'mysql': { - 'start_order': 0, - 'command': 'sleep 10', - 'image': 'quay.io/tripleo/mysql' - } - }, - { - 'haproxy': { - 'start_order': 0, - 'image': 'quay.io/tripleo/haproxy' - } - } - ] - expected_list = [ - { - 'mysql': { - 'start_order': 0, - 'command': 'sleep 10', - 'image': 'quay.io/tripleo/mysql' - }, - } - ] - result = self.filters.haskey(data=data, - attribute='command', - excluded_keys=['action', 'restart']) - self.assertEqual(result, expected_list) - - def test_haskey_reverse_exclude(self): - data = [ - { - 'keystone': { - 'start_order': 1, - 'image': 'quay.io/tripleo/keystone', - 'restart': 'always' - }, - }, - { - 'nova': { - 'start_order': 1, - 'image': 'quay.io/tripleo/nova', - 'action': 'exec' - }, - }, - { - 'mysql': { - 'start_order': 0, - 'image': 'quay.io/tripleo/mysql' - } - } - ] - expected_list = [ - { - 'mysql': { - 'start_order': 0, - 'image': 'quay.io/tripleo/mysql' - }, - } - ] - result = self.filters.haskey(data=data, - attribute='restart', - value='always', - reverse=True, - excluded_keys=['action']) - self.assertEqual(result, expected_list) - - def test_haskey_reverse(self): - data = [ - { - 'keystone': { - 'start_order': 1, - 'image': 'quay.io/tripleo/keystone', - 'restart': 'always' - }, - }, - { - 'mysql': { - 'start_order': 0, - 'image': 'quay.io/tripleo/mysql' - } - } - ] - expected_list = [ - { - 'mysql': { - 'start_order': 0, - 'image': 'quay.io/tripleo/mysql' - }, - } - ] - result = self.filters.haskey(data=data, - attribute='restart', - value='always', - reverse=True) - self.assertEqual(result, expected_list) - - def test_haskey_any(self): - data = [ - { - 'keystone': { - 'start_order': 1, - 'image': 'quay.io/tripleo/keystone', - 'restart': 'always' - }, - }, - { - 'mysql': { - 'start_order': 0, - 'image': 'quay.io/tripleo/mysql' - } - } - ] - expected_list = [ - { - 'keystone': { - 'start_order': 1, - 'image': 'quay.io/tripleo/keystone', - 'restart': 'always' - }, - } - ] - result = self.filters.haskey(data=data, - attribute='restart', - any=True) - self.assertEqual(result, expected_list) - - def test_haskey_any_reverse(self): - data = [ - { - 'keystone': { - 'start_order': 1, - 'image': 'quay.io/tripleo/keystone', - 'restart': 'always' - }, - }, - { - 'mysql': { - 'start_order': 0, - 'image': 'quay.io/tripleo/mysql' - } - } - ] - expected_list = [ - { - 'mysql': { - 'start_order': 0, - 'image': 'quay.io/tripleo/mysql' - }, - } - ] - result = self.filters.haskey(data=data, - attribute='restart', - reverse=True, - any=True) - self.assertEqual(result, expected_list) - - def test_abspath(self): - file_path = '/etc/hosts' - result = self.filters.tht_abspath(file_path) - self.assertEqual(result, '/etc/hosts') - - file_path = ['/etc', 'tmp'] - result = self.filters.tht_abspath( - file_path, ignore_error=True) - self.assertEqual(result, file_path) - - def test_abspath_not_found(self): - file_path = 'roles_data.yaml' - ex = self.assertRaises( - errors.AnsibleFilterError, - self.filters.tht_abspath, file_path) - msg = (f"Can't find path {file_path}") - self.assertEqual(msg, str(ex)) - - def test_needs_delete(self): - data = [ - { - 'Name': 'mysql', - 'Config': { - 'Labels': { - 'config_id': 'tripleo_step1' - } - } - }, - { - 'Name': 'rabbitmq', - 'Config': { - 'Labels': { - 'managed_by': 'tripleo_ansible', - 'config_id': 'tripleo_step1', - 'container_name': 'rabbitmq', - 'name': 'rabbitmq' - } - } - }, - { - 'Name': 'swift', - 'Config': { - 'Labels': { - 'managed_by': 'tripleo', - 'config_id': 'tripleo_step1', - 'container_name': 'swift', - 'name': 'swift', - 'config_data': {'foo': 'bar'} - } - } - }, - { - 'Name': 'heat', - 'Config': { - 'Labels': { - 'managed_by': 'tripleo-Undercloud', - 'config_id': 'tripleo_step1', - 'container_name': 'heat', - 'name': 'heat', - 'config_data': "{'start_order': 0}" - } - } - }, - { - 'Name': 'test1', - 'Config': { - 'Labels': { - 'managed_by': 'tripleo-other', - 'config_id': 'tripleo_step1', - 'container_name': 'test1', - 'name': 'test1', - 'config_data': {'start_order': 0} - } - } - }, - { - 'Name': 'haproxy', - 'Config': { - 'Labels': { - 'managed_by': 'paunch', - 'config_id': 'tripleo_step1', - 'config_data': "" - } - } - }, - { - 'Name': 'tripleo', - 'Config': { - 'Labels': { - 'foo': 'bar' - } - } - }, - { - 'Name': 'none_tripleo', - 'Config': { - 'Labels': None - } - }, - { - 'Name': 'old_tripleo', - 'Config': { - 'Labels': { - 'managed_by': 'tripleo_ansible', - 'config_id': 'tripleo_step1', - 'config_data': "" - } - } - }, - ] - config = { - # we don't want that container to be touched: no restart - 'mysql': '', - # container has no Config, therefore no Labels: restart needed - 'rabbitmq': '', - # container has no config_data: restart needed - 'haproxy': '', - # container isn't part of config_id: no restart - 'tripleo': '', - # container isn't in container_infos but not part of config_id: - # no restart. - 'doesnt_exist': '', - # config_data didn't change: no restart - 'swift': {'foo': 'bar'}, - # config_data changed: restart needed - 'heat': {'start_order': 1}, - # config_data changed: restart needed - 'test1': {'start_order': 2}, - } - expected_list = ['rabbitmq', 'haproxy', 'heat', 'test1', 'old_tripleo'] - result = self.filters.needs_delete(container_infos=data, - config=config, - config_id='tripleo_step1', - clean_orphans=True) - self.assertEqual(result, expected_list) - - def test_needs_delete_no_config_check(self): - data = [ - { - 'Name': 'mysql', - 'Config': { - 'Labels': { - 'config_id': 'tripleo_step1' - } - } - }, - { - 'Name': 'rabbitmq', - 'Config': { - 'Labels': { - 'managed_by': 'tripleo_ansible', - 'config_id': 'tripleo_step1', - 'container_name': 'rabbitmq', - 'name': 'rabbitmq' - } - } - }, - { - 'Name': 'swift', - 'Config': { - 'Labels': { - 'managed_by': 'tripleo', - 'config_id': 'tripleo_step1', - 'container_name': 'swift', - 'name': 'swift', - 'config_data': {'foo': 'bar'} - } - } - }, - { - 'Name': 'heat', - 'Config': { - 'Labels': { - 'managed_by': 'tripleo-Undercloud', - 'config_id': 'tripleo_step1', - 'container_name': 'heat', - 'name': 'heat', - 'config_data': "{'start_order': 0}" - } - } - }, - { - 'Name': 'test1', - 'Config': { - 'Labels': { - 'managed_by': 'tripleo-other', - 'config_id': 'tripleo_step1', - 'container_name': 'test1', - 'name': 'test1', - 'config_data': {'start_order': 0} - } - } - }, - { - 'Name': 'haproxy', - 'Config': { - 'Labels': { - 'managed_by': 'paunch', - 'config_id': 'tripleo_step1', - 'config_data': "" - } - } - }, - { - 'Name': 'tripleo', - 'Config': { - 'Labels': { - 'foo': 'bar' - } - } - }, - { - 'Name': 'none_tripleo', - 'Config': { - 'Labels': None - } - }, - { - 'Name': 'old_tripleo', - 'Config': { - 'Labels': { - 'managed_by': 'tripleo_ansible', - 'config_id': 'tripleo_step1', - 'config_data': "" - } - } - }, - ] - config = { - # we don't want that container to be touched: no restart - 'mysql': '', - # container has no Config, therefore no Labels: restart needed - # but will be skipped because check_config is False - 'rabbitmq': '', - # container has no config_data: restart needed - # but will be skipped because check_config is False - 'haproxy': '', - # container isn't part of config_id: no restart - 'tripleo': '', - # container isn't in container_infos but not part of config_id: - # no restart. - 'doesnt_exist': '', - # config_data didn't change: no restart - 'swift': {'foo': 'bar'}, - # config_data changed: restart needed - # but will be skipped because check_config is False - 'heat': {'start_order': 1}, - # config_data changed: restart needed - # but will be skipped because check_config is False - 'test1': {'start_order': 2}, - } - expected_list = ['rabbitmq', 'old_tripleo'] - result = self.filters.needs_delete(container_infos=data, - config=config, - config_id='tripleo_step1', - check_config=False, - clean_orphans=True) - self.assertEqual(result, expected_list) - - def test_needs_delete_single_config(self): - data = [ - { - 'Name': 'rabbitmq', - 'Config': { - 'Labels': { - 'managed_by': 'tripleo_ansible', - 'config_id': 'tripleo_step1', - 'container_name': 'rabbitmq', - 'name': 'rabbitmq' - } - } - }, - { - 'Name': 'swift', - 'Config': { - 'Labels': { - 'managed_by': 'tripleo', - 'config_id': 'tripleo_step1', - 'container_name': 'swift', - 'name': 'swift', - 'config_data': {'foo': 'bar'} - } - } - }, - { - 'Name': 'heat', - 'Config': { - 'Labels': { - 'managed_by': 'tripleo-Undercloud', - 'config_id': 'tripleo_step1', - 'container_name': 'heat', - 'name': 'heat', - 'config_data': "{'start_order': 0}" - } - } - }, - { - 'Name': 'haproxy', - 'Config': { - 'Labels': { - 'managed_by': 'paunch', - 'config_id': 'tripleo_step1', - 'config_data': "" - } - } - }, - { - 'Name': 'none_tripleo', - 'Config': { - 'Labels': None - } - }, - { - 'Name': 'old_tripleo', - 'Config': { - 'Labels': { - 'managed_by': 'tripleo_ansible', - 'config_id': 'tripleo_step1', - 'config_data': "" - } - } - }, - ] - config = { - # config_data changed: restart needed - 'heat': {'start_order': 1}, - } - expected_list = ['heat'] - result = self.filters.needs_delete(container_infos=data, - config=config, - config_id='tripleo_step1') - self.assertEqual(result, expected_list) - - def test_needs_delete_no_config(self): - data = [ - { - 'Name': 'heat', - 'Config': { - 'Labels': { - 'managed_by': 'tripleo-Undercloud', - 'config_id': 'tripleo_step1', - 'container_name': 'heat', - 'name': 'heat', - 'config_data': "{'start_order': 0}" - } - } - }, - ] - config = {} - expected_list = [] - result = self.filters.needs_delete(container_infos=data, - config=config, - config_id='tripleo_step1') - self.assertEqual(result, expected_list) - - def test_get_key_from_dict(self): - data = { - 'nova_api': { - 'project': 'service1' - }, - 'glance_api': { - 'project': 'service1' - }, - 'heat_api': { - 'user': 'heat' - }, - 'cinder_api': { - 'project': 'service2' - } - } - expected_list = ['service1', 'service3', 'service2'] - result = self.filters.get_key_from_dict(data, key='project', - default='service3') - self.assertEqual(result, expected_list) - - def test_get_key_from_dict_with_list_input(self): - data = { - 'nova_api': { - 'roles': ['service', 'admin'] - }, - 'glance_api': { - 'roles': 'service1' - }, - 'heat_api': { - 'user': 'heat' - }, - 'cinder_api': { - 'project': 'service2', - 'roles': ['service', 'service4'] - } - } - expected_list = ['service', 'admin', 'service1', 'service4'] - result = self.filters.get_key_from_dict(data, key='roles', - default='service') - self.assertEqual(result, expected_list) - - def test_get_key_from_dict_with_dict_input(self): - data = { - 'nova_api': { - 'users': {'nova': {'password': 'secret', - 'roles': ['foo', 'bar']}}, - }, - 'glance_api': { - 'roles': 'service1' - }, - 'heat_api': { - 'user': 'heat' - }, - 'cinder_api': { - 'project': 'service2' - } - } - expected_list = [{'nova': {'password': 'secret', 'roles': - ['foo', 'bar']}}] - result = self.filters.get_key_from_dict(data, key='users') - self.assertEqual(result, expected_list) - - def test_recursive_get_key_from_dict(self): - data = { - 'step': {'container': {'name': 'foo', 'image': 'bar'}, - 'other_container': {'name': 'meh', 'image': 'baz'} - } - } - expected_list = ['bar', 'baz'] - result = self.filters.recursive_get_key_from_dict(data, 'image') - self.assertEqual(result, expected_list) - - def test_recursive_get_key_from_dict_multiple_levels(self): - data = { - 'a': {'b': {'val': 1}, - 'c': {'val': 2, 'd': {'val': 3}} - } - } - expected_list = [1, 2, 3] - result = self.filters.recursive_get_key_from_dict(data, 'val') - self.assertEqual(result, expected_list) - - def test_container_exec_cmd(self): - data = { - "action": "exec", - "environment": { - "OS_BOOTSTRAP_PASSWORD": "IH7PdaZc5DozbmunSTjMa7", - "KOLLA_BOOTSTRAP": True - }, - "start_order": 3, - "command": [ - "keystone", - "/usr/bin/bootstrap_host_exec", - "keystone", - "keystone-manage", - "bootstrap" - ], - "user": "root" - } - expected_cmd = ['podman', 'exec', '--user=root', - '--env=KOLLA_BOOTSTRAP=True', - '--env=OS_BOOTSTRAP_PASSWORD=IH7PdaZc5DozbmunSTjMa7', - 'keystone', '/usr/bin/bootstrap_host_exec', - 'keystone', 'keystone-manage', 'bootstrap'] - result = self.filters.container_exec_cmd(data=data) - self.assertEqual(result, expected_cmd) - - def test_containers_not_running(self): - results = [ - { - "Name": "keystone", - "State": {"Running": False} - }, - { - "Name": "neutron", - "State": {"Running": True} - } - ] - commands = [{ - "keystone_bootstrap": { - "action": "exec", - "command": [ - "keystone", - "/usr/bin/bootstrap_host_exec", - "keystone", - "keystone-manage", - "bootstrap" - ] - }, - "neutron_bootstrap": { - "action": "exec", - "command": [ - "neutron", - "/usr/bin/bootstrap_host_exec", - "neutron", - "neutron-manage", - "bootstrap" - ] - } - }] - - expected = ['keystone'] - actual = self.filters.containers_not_running(results, commands) - self.assertEqual(actual, expected) - - def test_containers_not_running_missing_command(self): - results = [ - { - "Name": "keystone", - "State": {"Running": True} - }, - { - "Name": "neutron", - "State": {"Running": True} - } - ] - commands = [{ - "keystone_bootstrap": { - "action": "exec", - "command": [ - "keystone", - "/usr/bin/bootstrap_host_exec", - "keystone", - "keystone-manage", - "bootstrap" - ] - }, - "neutron_bootstrap": { - "action": "exec", - } - }] - expected = [] - actual = self.filters.containers_not_running(results, commands) - self.assertEqual(actual, expected) - - def test_get_role_assignments(self): - data = [{ - 'nova': { - 'roles': ['service', 'admin'], - }, - 'glance': { - 'roles': 'service1', - 'user': 'glance' - }, - 'cinder': { - 'project': 'service2' - }, - 'heat': { - 'domain': 'heat_domain' - } - }] - expected_hash = { - 'admin': [{'nova': {'project': 'service'}}, - {'cinder': {'project': 'service2'}}, - {'heat': {'domain': 'heat_domain'}} - ], - 'service': [{'nova': {'project': 'service'}}], - 'service1': [{'glance': {'project': 'service'}}] - } - result = self.filters.get_role_assignments(data) - self.assertEqual(result, expected_hash) - - def test_get_domain_id(self): - openstack_domains = [ - { - "description": "The default domain", - "enabled": "true", - "id": "default", - "name": "Default" - }, - { - "description": "The heat stack domain", - "enabled": "true", - "id": "fd85b560d4554fd8bf363728e4a3863e", - "name": "heat_stack" - } - ] - result = self.filters.get_domain_id('heat_stack', openstack_domains) - self.assertEqual(result, 'fd85b560d4554fd8bf363728e4a3863e') - - def test_get_domain_id_empty(self): - openstack_domains = [] - result = self.filters.get_domain_id('', openstack_domains) - self.assertEqual(result, None) - - def test_get_domain_id_not_found(self): - openstack_domains = [ - { - "description": "The default domain", - "enabled": "true", - "id": "default", - "name": "Default" - }, - { - "description": "The heat stack domain", - "enabled": "true", - "id": "fd85b560d4554fd8bf363728e4a3863e", - "name": "heat_stack" - } - ] - self.assertRaises( - KeyError, - lambda: self.filters.get_domain_id('ghost', openstack_domains) - ) - - def test_get_changed_containers(self): - data = [ - { - "podman_actions": [], - "container": { - "Name": "haproxy", - } - }, - { - "podman_actions": ['podman rm mysql'], - "container": { - "Name": "mysql", - } - } - ] - expected_list = ['mysql'] - result = self.filters.get_changed_containers(data) - self.assertEqual(result, expected_list) - - def test_get_failed_containers(self): - data = [ - { - "ansible_job_id": "948704694230.17597", - "ansible_loop_var": "container_data", - "changed": True, - "create_async_result_item": { - "container_data": { - "haproxy": { - "image": "haproxy:latest", - } - } - }, - "failed": False, - "finished": 1, - "results_file": "/root/.ansible_async/948704694230.17597", - "started": 1 - }, - { - "ansible_job_id": "9487088344230.17597", - "ansible_loop_var": "container_data", - "changed": True, - "create_async_result_item": { - "stderr": "not happy", - "container_data": { - "haproxy_failed": { - "image": "haproxy:latest", - } - } - }, - "failed": False, - "finished": 1, - "results_file": "/root/.ansible_async/948704694230.17597", - "started": 1 - }, - { - "ansible_job_id": "948704694230.17597", - "ansible_loop_var": "container_data", - "changed": True, - "create_async_result_item": { - "container_data": { - "memcached": { - "image": "memcached:latest", - } - } - }, - "failed": True, - "finished": 1, - "results_file": "/root/.ansible_async/948704694230.17597", - "started": 1 - }, - { - "ansible_job_id": "316140143697.17616", - "ansible_loop_var": "container_data", - "changed": True, - "create_async_result_item": { - "container_data": { - "mysql": { - "image": "mysql:latest", - } - } - }, - "failed": False, - "finished": 0, - "results_file": "/root/.ansible_async/316140143697.17616", - "started": 1 - }, - { - "ansible_job_id": "3161822143697.17616", - "ansible_loop_var": "container_data", - "changed": True, - "create_async_result_item": {}, - "finished": 0, - "results_file": "/root/.ansible_async/316143697.17616", - "started": 1 - } - ] - expected_list = ['haproxy_failed', 'memcached', 'mysql'] - result = self.filters.get_failed_containers(data) - self.assertEqual(result, expected_list) - - def test_get_changed_async_task_names(self): - results = [ - { - "ansible_loop_var": "systemd_loop", - "changed": False, - "failed": False, - "systemd_loop": { - 'keystone': { - "config": "foo" - } - }, - }, - { - "ansible_loop_var": "systemd_loop", - "changed": False, - "failed": False, - "systemd_loop": { - 'mysql': { - "config": "foo" - } - }, - }, - { - "ansible_loop_var": "systemd_loop", - "changed": True, - "failed": False, - "systemd_loop": { - 'haproxy': { - "config": "foo" - } - }, - }, - { - "changed": True, - "failed": False, - "item": { - 'memcached': { - "config": "foo" - } - }, - }, - ] - data = {} - data['results'] = results - expected_list = ['mysql', 'haproxy', 'memcached'] - result = self.filters.get_changed_async_task_names(data=data, extra=['mysql']) - self.assertEqual(result, expected_list) - - def test_dict_to_list(self): - dict = { - 'keystone': { - 'image': 'quay.io/tripleo/keystone' - }, - 'haproxy': { - 'image': 'quay.io/tripleo/haproxy' - } - } - expected_list = [ - {'keystone': { - 'image': 'quay.io/tripleo/keystone', - }}, - {'haproxy': { - 'image': 'quay.io/tripleo/haproxy', - }} - ] - result = self.filters.dict_to_list(data=dict) - self.assertEqual(result, expected_list) - - def test_snake_case(self): - expected_string = "ceph_storage" - result = self.filters.snake_case("CephStorage") - self.assertEqual(result, expected_string) - - expected_string = "http_worker" - result = self.filters.snake_case("HTTPWorker") - self.assertEqual(result, expected_string) - - expected_string = "metrics_qdr" - result = self.filters.snake_case("MetricsQdr") - self.assertEqual(result, expected_string) - - def test_get_changed_async_task_names_empty(self): - result = self.filters.get_changed_async_task_names(data=[]) - self.assertEqual(result, []) - - def test_get_filtered_service_chain(self): - expected_dict = {'id': 1, 'data': 'things'} - role_chain_resources = [1, 3, 4] - resource_chains = [{'id': 1, 'data': 'things'}, {'id': 2}] - result = self.filters.get_filtered_service_chain(resource_chains, role_chain_resources) - self.assertEqual(result, expected_dict) - - def test_get_filtered_role_resources(self): - expected_dict = {'test1': {'data': 'things'}} - service_chain_resources = ['test1', 'test3'] - tripleo_resources = {'test1': {'data': 'things'}, 'test2': {}} - result = self.filters.get_filtered_role_resources(service_chain_resources, tripleo_resources) - self.assertEqual(result, expected_dict) - - def test_get_filtered_resource_chains(self): - expected_dict = {'name': 'testServiceChain', 'data': 'things'} - resources = {'test1': {'name': 'testServiceChain', 'data': 'things'}, 'test2': {'name': 'broken'}} - role_name = 'test' - result = self.filters.get_filtered_resource_chains(resources, role_name) - self.assertEqual(result, expected_dict) - - def test_get_filtered_resources(self): - expected_list = [{'type': 'test::Type', 'data': 'things'}] - resources = {'test1': {'type': 'test::Type', 'data': 'things'}, 'test2': {'type': 'broken'}} - filter_value = 'test::Type' - result = self.filters.get_filtered_resources(resources, filter_value) - self.assertEqual(result, expected_list) - - def test_get_node_capabilities(self): - expected_list = [{'uuid': 1, 'hint': 'x'}] - nodes = [{'id': 1, 'properties': {'capabilities': 'profile:value, cap1:testing, node:x'}}] - result = self.filters.get_node_capabilities(nodes) - self.assertEqual(result, expected_list) - - def test_get_node_profile(self): - expected_list = [{'uuid': 1, 'profile': 'value'}] - nodes = [{'id': 1, 'properties': {'capabilities': 'profile:value, cap1:testing'}}] - result = self.filters.get_node_profile(nodes) - self.assertEqual(result, expected_list) diff --git a/tripleo_ansible/tests/plugins/module_utils/__init__.py b/tripleo_ansible/tests/plugins/module_utils/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/tripleo_ansible/tests/plugins/module_utils/test_baremetal_deploy.py b/tripleo_ansible/tests/plugins/module_utils/test_baremetal_deploy.py deleted file mode 100644 index 52012ffd1..000000000 --- a/tripleo_ansible/tests/plugins/module_utils/test_baremetal_deploy.py +++ /dev/null @@ -1,1359 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import jsonschema -import metalsmith -from unittest import mock -from openstack import exceptions as sdk_exc - -from tripleo_ansible.tests import base - -from tripleo_ansible.ansible_plugins.module_utils import baremetal_deploy as bd # noqa - - -class TestBaremetalDeployUtils(base.TestCase): - - def test_build_hostname_format(self): - self.assertEqual( - '%stackname%-controller-%index%', - bd.build_hostname_format(None, 'Controller') - ) - self.assertEqual( - '%stackname%-novacompute-%index%', - bd.build_hostname_format(None, 'Compute') - ) - self.assertEqual( - 'server-%index%', - bd.build_hostname_format('server-%index%', 'Compute') - ) - - def test_build_hostname(self): - self.assertEqual( - 'overcloud-controller-2', - bd.build_hostname( - '%stackname%-controller-%index%', 2, 'overcloud' - ) - ) - self.assertEqual( - 'server-2', - bd.build_hostname( - 'server-%index%', 2, 'overcloud' - ) - ) - - def test_merge_networks_defaults(self): - # Network defined only in role defaults is appended - defaults = {'networks': [{'network': 'role_net'}]} - instance = {'networks': [{'network': 'instance_net'}]} - bd.merge_networks_defaults(defaults, instance) - self.assertEqual({'networks': [{'network': 'instance_net'}, - {'network': 'role_net'}]}, instance) - - # Network defined in both role defaults and instance is not appended - instance = {'networks': [{'network': 'instance_net'}, - {'network': 'role_net'}]} - bd.merge_networks_defaults(defaults, instance) - self.assertEqual({'networks': [{'network': 'instance_net'}, - {'network': 'role_net'}]}, instance) - - # Network defined in role defaults and in instance with richer data - # is not appended. - instance = {'networks': [{'network': 'instance_net'}, - {'network': 'role_net', 'port': 'port_uuid'}]} - bd.merge_networks_defaults(defaults, instance) - self.assertEqual({'networks': [{'network': 'instance_net'}, - {'network': 'role_net', - 'port': 'port_uuid'}]}, instance) - - # Network defined in role defaults with richer data compared to the - # instance is not appended. - defaults = {'networks': [{'network': 'role_net', - 'subnet': 'subnet_name'}]} - instance = {'networks': [{'network': 'instance_net'}, - {'network': 'role_net'}]} - bd.merge_networks_defaults(defaults, instance) - self.assertEqual({'networks': [{'network': 'instance_net'}, - {'network': 'role_net'}]}, instance) - - def test_merge_network_config_defaults(self): - # Config defined only in role defaults is appended - defaults = {'network_config': {'foo': 'bar'}} - instance = {'network_config': {'bar': 'foo'}} - bd.merge_network_config_defaults(defaults, instance) - self.assertEqual({'network_config': {'foo': 'bar', 'bar': 'foo'}}, - instance) - - # Config defined in both role defaults and instance, - # instance value preferred - instance = {'network_config': {'foo': 'bar', 'bar': 'override'}} - bd.merge_networks_defaults(defaults, instance) - self.assertEqual({'network_config': {'foo': 'bar', 'bar': 'override'}}, - instance) - - -class TestExpandRoles(base.TestCase): - - default_image = {'href': 'overcloud-full'} - default_network = [{'network': 'ctlplane', 'vif': True}] - - def test_simple(self): - roles = [ - {'name': 'Compute'}, - {'name': 'Controller'}, - ] - instances, environment, role_net_map, hostname_role_map = bd.expand( - roles, 'overcloud', True, self.default_image - ) - - self.assertEqual( - [ - {'hostname': 'overcloud-novacompute-0', - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': { - 'instance-type': 'Compute'}}}, - {'hostname': 'overcloud-controller-0', - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': { - 'instance-type': 'Controller'}}}, - ], - instances) - self.assertEqual( - { - 'ComputeHostnameFormat': - '%stackname%-novacompute-%index%', - 'ComputeCount': 1, - 'ControllerHostnameFormat': - '%stackname%-controller-%index%', - 'ControllerCount': 1, - 'HostnameMap': { - 'overcloud-novacompute-0': 'overcloud-novacompute-0', - 'overcloud-controller-0': 'overcloud-controller-0' - } - }, - environment['parameter_defaults']) - self.assertEqual({'overcloud-controller-0': 'Controller', - 'overcloud-novacompute-0': 'Compute'}, - hostname_role_map) - - def test_default_network(self): - roles = [ - {'name': 'Compute'}, - {'name': 'Controller'}, - ] - instances, environment, role_net_map, hostname_role_map = bd.expand( - roles, 'overcloud', True, self.default_image, self.default_network - ) - self.assertEqual( - [ - {'hostname': 'overcloud-novacompute-0', - 'image': {'href': 'overcloud-full'}, - 'networks': [{'network': 'ctlplane', 'vif': True}], - 'nics': [{'network': 'ctlplane'}], - 'config_drive': {'meta_data': {'instance-type': 'Compute'}}}, - {'hostname': 'overcloud-controller-0', - 'image': {'href': 'overcloud-full'}, - 'networks': [{'network': 'ctlplane', 'vif': True}], - 'nics': [{'network': 'ctlplane'}], - 'config_drive': {'meta_data': {'instance-type': 'Controller'}}}, - ], - instances) - self.assertEqual({'overcloud-controller-0': 'Controller', - 'overcloud-novacompute-0': 'Compute'}, - hostname_role_map) - - def test_networks_set_no_default_network(self): - roles = [ - {'name': 'Compute', - 'defaults': { - 'networks': [ - {'network': 'some_net', 'vif': True}, - ]} - }, - {'name': 'Controller', - 'defaults': { - 'networks': [ - {'network': 'some_net', 'vif': True}, - ]} - }, - ] - instances, environment, role_net_map, hostname_role_map = bd.expand( - roles, 'overcloud', True, self.default_image, None - ) - self.assertEqual( - [ - {'hostname': 'overcloud-novacompute-0', - 'image': {'href': 'overcloud-full'}, - 'networks': [{'network': 'some_net', 'vif': True}], - 'nics': [{'network': 'some_net'}], - 'config_drive': {'meta_data': {'instance-type': 'Compute'}}}, - {'hostname': 'overcloud-controller-0', - 'image': {'href': 'overcloud-full'}, - 'networks': [{'network': 'some_net', 'vif': True}], - 'nics': [{'network': 'some_net'}], - 'config_drive': {'meta_data': {'instance-type': 'Controller'}}}, - ], - instances) - self.assertEqual({'overcloud-controller-0': 'Controller', - 'overcloud-novacompute-0': 'Compute'}, - hostname_role_map) - - def test_networks_set_default_appended(self): - roles = [ - {'name': 'Compute', - 'defaults': { - 'networks': [ - {'network': 'foo', 'subnet': 'foo_subnet'}, - ]} - }, - {'name': 'Controller', - 'defaults': { - 'networks': [ - {'network': 'foo', 'subnet': 'foo_subnet'}, - ]} - }, - ] - instances, environment, role_net_map, hostname_role_map = bd.expand( - roles, 'overcloud', True, self.default_image, self.default_network - ) - self.assertEqual( - [ - {'hostname': 'overcloud-novacompute-0', - 'image': {'href': 'overcloud-full'}, - 'networks': [{'network': 'foo', 'subnet': 'foo_subnet'}, - {'network': 'ctlplane', 'vif': True}], - 'nics': [{'network': 'ctlplane'}], - 'config_drive': {'meta_data': {'instance-type': 'Compute'}}}, - {'hostname': 'overcloud-controller-0', - 'image': {'href': 'overcloud-full'}, - 'networks': [{'network': 'foo', 'subnet': 'foo_subnet'}, - {'network': 'ctlplane', 'vif': True}], - 'nics': [{'network': 'ctlplane'}], - 'config_drive': {'meta_data': {'instance-type': 'Controller'}}}, - ], - instances) - self.assertEqual({'overcloud-controller-0': 'Controller', - 'overcloud-novacompute-0': 'Compute'}, - hostname_role_map) - - def test_networks_vif_set_default_appended(self): - roles = [ - {'name': 'Compute', - 'defaults': { - 'networks': [ - {'network': 'foo', 'subnet': 'foo_subnet', 'vif': True}, - ]} - }, - {'name': 'Controller', - 'defaults': { - 'networks': [ - {'network': 'foo', 'subnet': 'foo_subnet', 'vif': True}, - ]} - }, - ] - instances, environment, role_net_map, hostname_role_map = bd.expand( - roles, 'overcloud', True, self.default_image, self.default_network - ) - self.assertEqual( - [ - {'hostname': 'overcloud-novacompute-0', - 'image': {'href': 'overcloud-full'}, - 'networks': [ - {'network': 'foo', 'subnet': 'foo_subnet', 'vif': True}, - {'network': 'ctlplane', 'vif': True} - ], - 'nics': [{'network': 'foo', 'subnet': 'foo_subnet'}, - {'network': 'ctlplane'}], - 'config_drive': {'meta_data': {'instance-type': 'Compute'}} - }, - {'hostname': 'overcloud-controller-0', - 'image': {'href': 'overcloud-full'}, - 'networks': [ - {'network': 'foo', 'subnet': 'foo_subnet', 'vif': True}, - {'network': 'ctlplane', 'vif': True} - ], - 'nics': [ - {'network': 'foo', 'subnet': 'foo_subnet'}, - {'network': 'ctlplane'} - ], - 'config_drive': {'meta_data': {'instance-type': 'Controller'}}, - }, - ], - instances) - self.assertEqual({'overcloud-controller-0': 'Controller', - 'overcloud-novacompute-0': 'Compute'}, - hostname_role_map) - - def test_networks_nics_are_mutually_exclusive(self): - # Neither 'nics' nor 'networks' - OK - roles = [{'name': 'Compute', 'defaults': {}}] - bd.expand(roles, 'overcloud', True, self.default_image) - # 'networks' but not 'nics' - OK - roles = [{'name': 'Compute', 'defaults': {'networks': []}}] - bd.expand(roles, 'overcloud', True, self.default_image) - # 'nics' but not 'networks' - OK - roles = [{'name': 'Compute', 'defaults': {'nics': []}}] - bd.expand(roles, 'overcloud', True, self.default_image) - # 'networks' and 'nics' - mutually exclusive, Raises ValidationError - roles = [{'name': 'Compute', 'defaults': {'networks': [], 'nics': []}}] - self.assertRaises( - jsonschema.exceptions.ValidationError, - bd.expand, roles, 'overcloud', True, self.default_image) - - def test_image_in_defaults(self): - roles = [{ - 'name': 'Controller', - 'defaults': { - 'image': { - 'href': 'file:///tmp/foo.qcow2', - 'checksum': '12345678' - } - }, - 'count': 3, - 'instances': [{ - 'hostname': 'overcloud-controller-0', - 'image': {'href': 'overcloud-full'} - }, { - 'hostname': 'overcloud-controller-1', - }] - }] - instances, environment, role_net_map, hostname_role_map = bd.expand( - roles, 'overcloud', True, self.default_image - ) - self.assertEqual( - [ - {'hostname': 'overcloud-controller-0', - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': { - 'instance-type': 'Controller'}}}, - {'hostname': 'overcloud-controller-1', - 'image': {'href': 'file:///tmp/foo.qcow2', - 'checksum': '12345678'}, - 'config_drive': {'meta_data': { - 'instance-type': 'Controller'}}}, - {'hostname': 'overcloud-controller-2', - 'image': {'href': 'file:///tmp/foo.qcow2', - 'checksum': '12345678'}, - 'config_drive': {'meta_data': { - 'instance-type': 'Controller'}}}, - ], - instances) - - def test_with_parameters(self): - roles = [{ - 'name': 'Compute', - 'count': 2, - 'defaults': { - 'profile': 'compute' - }, - 'hostname_format': 'compute-%index%.example.com' - }, { - 'name': 'Controller', - 'count': 3, - 'defaults': { - 'profile': 'control' - }, - 'hostname_format': 'controller-%index%.example.com' - }] - instances, environment, role_net_map, hostname_role_map = bd.expand( - roles, 'overcloud', True, self.default_image, - user_name='heat-admin', ssh_public_keys='aaaa' - ) - self.assertEqual( - [ - {'hostname': 'compute-0.example.com', - 'capabilities': {'profile': 'compute'}, - 'image': {'href': 'overcloud-full'}, - 'ssh_public_keys': 'aaaa', - 'user_name': 'heat-admin', - 'config_drive': {'meta_data': { - 'instance-type': 'Compute'}}}, - {'hostname': 'compute-1.example.com', - 'capabilities': {'profile': 'compute'}, - 'image': {'href': 'overcloud-full'}, - 'ssh_public_keys': 'aaaa', - 'user_name': 'heat-admin', - 'config_drive': {'meta_data': { - 'instance-type': 'Compute'}}}, - {'hostname': 'controller-0.example.com', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'ssh_public_keys': 'aaaa', - 'user_name': 'heat-admin', - 'config_drive': {'meta_data': { - 'instance-type': 'Controller'}}}, - {'hostname': 'controller-1.example.com', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'ssh_public_keys': 'aaaa', - 'user_name': 'heat-admin', - 'config_drive': {'meta_data': { - 'instance-type': 'Controller'}}}, - {'hostname': 'controller-2.example.com', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'ssh_public_keys': 'aaaa', - 'user_name': 'heat-admin', - 'config_drive': {'meta_data': { - 'instance-type': 'Controller'}}}, - ], - instances) - self.assertEqual( - { - 'ComputeHostnameFormat': - 'compute-%index%.example.com', - 'ComputeCount': 2, - 'ControllerHostnameFormat': - 'controller-%index%.example.com', - 'ControllerCount': 3, - 'HostnameMap': { - 'compute-0.example.com': 'compute-0.example.com', - 'compute-1.example.com': 'compute-1.example.com', - 'controller-0.example.com': 'controller-0.example.com', - 'controller-1.example.com': 'controller-1.example.com', - 'controller-2.example.com': 'controller-2.example.com', - } - }, - environment['parameter_defaults']) - self.assertEqual({'compute-0.example.com': 'Compute', - 'compute-1.example.com': 'Compute', - 'controller-0.example.com': 'Controller', - 'controller-1.example.com': 'Controller', - 'controller-2.example.com': 'Controller'}, - hostname_role_map) - - def test_explicit_instances(self): - roles = [{ - 'name': 'Compute', - 'count': 2, - 'defaults': { - 'profile': 'compute' - }, - 'hostname_format': 'compute-%index%.example.com' - }, { - 'name': 'Controller', - 'count': 2, - 'defaults': { - 'profile': 'control', - 'networks': [ - {'network': 'foo', 'subnet': 'foo_subnet'}, - ] - }, - 'instances': [{ - 'hostname': 'controller-X.example.com', - 'profile': 'control-X', - 'networks': [ - {'network': 'inst_net', 'fixed_ip': '10.1.1.1'} - ], - 'config_drive': { - 'meta_data': {'foo': 'bar'} - } - }, { - 'name': 'node-0', - 'traits': ['CUSTOM_FOO'], - 'networks': [{'network': 'some_net', 'subnet': 'leaf-2', - 'vif': True}], - 'config_drive': { - 'cloud_config': {'bootcmd': ['echo hi']} - } - }]}, - ] - instances, environment, role_net_map, hostname_role_map = bd.expand( - roles, 'overcloud', True, self.default_image - ) - self.assertEqual( - [ - {'hostname': 'compute-0.example.com', - 'capabilities': {'profile': 'compute'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': { - 'instance-type': 'Compute'}}}, - {'hostname': 'compute-1.example.com', - 'capabilities': {'profile': 'compute'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': { - 'instance-type': 'Compute'}}}, - {'hostname': 'controller-X.example.com', - 'image': {'href': 'overcloud-full'}, - 'capabilities': {'profile': 'control-X'}, - 'networks': [{'fixed_ip': '10.1.1.1', 'network': 'inst_net'}, - {'network': 'foo', 'subnet': 'foo_subnet'}], - 'config_drive': {'meta_data': { - 'foo': 'bar', - 'instance-type': 'Controller'}}, - }, - # Name provides the default for hostname later on. - {'name': 'node-0', - 'capabilities': {'profile': 'control'}, - 'hostname': 'node-0', - 'networks': [ - {'network': 'some_net', 'subnet': 'leaf-2', 'vif': True}, - {'network': 'foo', 'subnet': 'foo_subnet'}, - ], - 'image': {'href': 'overcloud-full'}, - 'traits': ['CUSTOM_FOO'], - 'nics': [{'network': 'some_net', 'subnet': 'leaf-2'}], - 'config_drive': { - 'cloud_config': {'bootcmd': ['echo hi']}, - 'meta_data': {'instance-type': 'Controller'} - }}, - ], - instances) - self.assertEqual( - { - 'ComputeHostnameFormat': - 'compute-%index%.example.com', - 'ComputeCount': 2, - 'ControllerHostnameFormat': - '%stackname%-controller-%index%', - 'ControllerCount': 2, - 'HostnameMap': { - 'compute-0.example.com': 'compute-0.example.com', - 'compute-1.example.com': 'compute-1.example.com', - 'overcloud-controller-0': 'controller-X.example.com', - 'overcloud-controller-1': 'node-0', - } - }, - environment['parameter_defaults']) - self.assertEqual({'compute-0.example.com': 'Compute', - 'compute-1.example.com': 'Compute', - 'controller-X.example.com': 'Controller', - 'node-0': 'Controller'}, - hostname_role_map) - - def test_count_with_instances(self): - roles = [{ - 'name': 'Compute', - 'count': 2, - 'defaults': { - 'profile': 'compute', - }, - 'hostname_format': 'compute-%index%.example.com' - }, { - 'name': 'Controller', - 'defaults': { - 'profile': 'control', - }, - 'count': 3, - 'instances': [{ - 'hostname': 'controller-X.example.com', - 'profile': 'control-X' - }, { - 'name': 'node-0', - 'traits': ['CUSTOM_FOO'], - 'nics': [{'subnet': 'leaf-2'}]}, - ]}, - ] - instances, environment, role_net_map, hostname_role_map = bd.expand( - roles, 'overcloud', True, self.default_image - ) - self.assertEqual([ - { - 'hostname': 'compute-0.example.com', - 'capabilities': {'profile': 'compute'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Compute'}} - }, { - 'hostname': 'compute-1.example.com', - 'capabilities': {'profile': 'compute'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Compute'}} - }, { - 'hostname': 'controller-X.example.com', - 'capabilities': {'profile': 'control-X'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }, { - 'hostname': 'node-0', - 'name': 'node-0', - 'nics': [{'subnet': 'leaf-2'}], - 'capabilities': {'profile': 'control'}, - 'traits': ['CUSTOM_FOO'], - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }, { - 'hostname': 'overcloud-controller-2', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }], - instances) - self.assertEqual({ - 'ComputeCount': 2, - 'ComputeHostnameFormat': - 'compute-%index%.example.com', - 'ControllerCount': 3, - 'ControllerHostnameFormat': - '%stackname%-controller-%index%', - 'HostnameMap': { - 'compute-0.example.com': 'compute-0.example.com', - 'compute-1.example.com': 'compute-1.example.com', - 'overcloud-controller-0': 'controller-X.example.com', - 'overcloud-controller-1': 'node-0', - 'overcloud-controller-2': 'overcloud-controller-2'} - }, - environment['parameter_defaults']) - self.assertEqual({'compute-0.example.com': 'Compute', - 'compute-1.example.com': 'Compute', - 'controller-X.example.com': 'Controller', - 'node-0': 'Controller', - 'overcloud-controller-2': 'Controller'}, - hostname_role_map) - - def test_unprovisioned(self): - roles = [{ - 'name': 'Controller', - 'defaults': { - 'profile': 'control', - }, - 'count': 2, - 'instances': [{ - 'hostname': 'overcloud-controller-1', - 'provisioned': False - }, { - 'hostname': 'overcloud-controller-2', - 'provisioned': False - }] - }] - instances, environment, role_net_map, hostname_role_map = bd.expand( - roles, 'overcloud', True, self.default_image - ) - self.assertEqual([ - { - 'hostname': 'overcloud-controller-0', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }, { - 'hostname': 'overcloud-controller-3', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }], - instances) - self.assertEqual({ - 'ControllerCount': 2, - 'ControllerRemovalPolicies': [ - {'resource_list': [1, 2]} - ], - 'ControllerHostnameFormat': - '%stackname%-controller-%index%', - 'HostnameMap': { - 'overcloud-controller-0': 'overcloud-controller-0', - 'overcloud-controller-1': 'overcloud-controller-1', - 'overcloud-controller-2': 'overcloud-controller-2', - 'overcloud-controller-3': 'overcloud-controller-3'} - }, - environment['parameter_defaults']) - self.assertEqual({'overcloud-controller-0': 'Controller', - 'overcloud-controller-3': 'Controller'}, - hostname_role_map) - - instances, environment, role_net_map, hostname_role_map = bd.expand( - roles, 'overcloud', False, self.default_image - ) - self.assertEqual([ - { - 'hostname': 'overcloud-controller-1', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }, { - 'hostname': 'overcloud-controller-2', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }], - instances) - self.assertEqual({}, environment) - self.assertEqual({'overcloud-controller-1': 'Controller', - 'overcloud-controller-2': 'Controller'}, - hostname_role_map) - - def test_reprovisioned(self): - roles = [{ - 'name': 'Controller', - 'defaults': { - 'profile': 'control', - }, - 'count': 4, - 'instances': [{ - 'hostname': 'overcloud-controller-1', - 'provisioned': False - }, { - 'hostname': 'overcloud-controller-2', - 'provisioned': False - }] - }] - instances, environment, role_net_map, hostname_role_map = bd.expand( - roles, 'overcloud', True, self.default_image - ) - self.assertEqual([ - { - 'hostname': 'overcloud-controller-0', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }, { - 'hostname': 'overcloud-controller-3', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }, { - 'hostname': 'overcloud-controller-4', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }, { - 'hostname': 'overcloud-controller-5', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }], - instances) - self.assertEqual({ - 'ControllerCount': 4, - 'ControllerRemovalPolicies': [ - {'resource_list': [1, 2]} - ], - 'ControllerHostnameFormat': - '%stackname%-controller-%index%', - 'HostnameMap': { - 'overcloud-controller-0': 'overcloud-controller-0', - 'overcloud-controller-1': 'overcloud-controller-1', - 'overcloud-controller-2': 'overcloud-controller-2', - 'overcloud-controller-3': 'overcloud-controller-3', - 'overcloud-controller-4': 'overcloud-controller-4', - 'overcloud-controller-5': 'overcloud-controller-5'} - }, - environment['parameter_defaults']) - self.assertEqual({'overcloud-controller-0': 'Controller', - 'overcloud-controller-3': 'Controller', - 'overcloud-controller-4': 'Controller', - 'overcloud-controller-5': 'Controller'}, - hostname_role_map) - - instances, environment, role_net_map, hostname_role_map = bd.expand( - roles, 'overcloud', False, self.default_image - ) - self.assertEqual([ - { - 'hostname': 'overcloud-controller-1', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }, { - 'hostname': 'overcloud-controller-2', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }], - instances) - self.assertEqual({}, environment) - - def test_unprovisioned_instances(self): - roles = [{ - 'name': 'Controller', - 'defaults': { - 'profile': 'control', - }, - 'count': 2, - 'instances': [{ - 'name': 'node-0', - 'hostname': 'controller-0' - }, { - 'name': 'node-1', - 'hostname': 'controller-1', - 'provisioned': False - }, { - 'name': 'node-2', - 'hostname': 'controller-2', - 'provisioned': False - }, { - 'name': 'node-3', - 'hostname': 'controller-3', - 'provisioned': True - }] - }] - instances, environment, role_net_map, hostname_role_map = bd.expand( - roles, 'overcloud', True, self.default_image - ) - self.assertEqual([ - { - 'hostname': 'controller-0', - 'name': 'node-0', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }, { - 'hostname': 'controller-3', - 'name': 'node-3', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }], - instances) - self.assertEqual({ - 'ControllerCount': 2, - 'ControllerRemovalPolicies': [ - {'resource_list': [1, 2]} - ], - 'ControllerHostnameFormat': - '%stackname%-controller-%index%', - 'HostnameMap': { - 'overcloud-controller-0': 'controller-0', - 'overcloud-controller-1': 'controller-1', - 'overcloud-controller-2': 'controller-2', - 'overcloud-controller-3': 'controller-3'} - }, - environment['parameter_defaults']) - - instances, environment, role_net_map, hostname_role_map = bd.expand( - roles, 'overcloud', False, self.default_image - ) - self.assertEqual([ - { - 'hostname': 'controller-1', - 'name': 'node-1', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }, { - 'hostname': 'controller-2', - 'name': 'node-2', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }], - instances) - self.assertEqual({}, environment) - self.assertEqual({'controller-1': 'Controller', - 'controller-2': 'Controller'}, hostname_role_map) - - def test_unprovisioned_no_hostname(self): - roles = [{ - 'name': 'Controller', - 'defaults': { - 'profile': 'control', - }, - 'count': 2, - 'instances': [{ - 'name': 'node-0', - }, { - 'name': 'node-1', - 'provisioned': False - }, { - 'name': 'node-2', - 'provisioned': False - }, { - 'name': 'node-3', - 'provisioned': True - }] - }] - instances, environment, role_net_map, hostname_role_map = bd.expand( - roles, 'overcloud', True, self.default_image - ) - self.assertEqual([ - { - 'hostname': 'node-0', - 'name': 'node-0', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }, { - 'hostname': 'node-3', - 'name': 'node-3', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }], - instances) - self.assertEqual({ - 'ControllerCount': 2, - 'ControllerRemovalPolicies': [ - {'resource_list': [1, 2]} - ], - 'ControllerHostnameFormat': - '%stackname%-controller-%index%', - 'HostnameMap': { - 'overcloud-controller-0': 'node-0', - 'overcloud-controller-1': 'node-1', - 'overcloud-controller-2': 'node-2', - 'overcloud-controller-3': 'node-3'} - }, - environment['parameter_defaults']) - self.assertEqual({'node-0': 'Controller', 'node-3': 'Controller'}, - hostname_role_map) - - instances, environment, role_net_map, hostname_role_map = bd.expand( - roles, 'overcloud', False, self.default_image - ) - self.assertEqual([ - { - 'hostname': 'node-1', - 'name': 'node-1', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }, { - 'hostname': 'node-2', - 'name': 'node-2', - 'capabilities': {'profile': 'control'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': {'instance-type': 'Controller'}} - }], - instances) - self.assertEqual({}, environment) - self.assertEqual({'node-1': 'Controller', 'node-2': 'Controller'}, - hostname_role_map) - - def test_name_in_defaults(self): - roles = [{ - 'name': 'Compute', - 'count': 2, - 'defaults': { - 'profile': 'compute', - 'name': 'compute-0' - } - }] - exc = self.assertRaises( - ValueError, bd.expand, - roles, 'overcloud', True, self.default_image - ) - self.assertIn('Compute: cannot specify name in defaults', - str(exc)) - - def test_hostname_in_defaults(self): - roles = [{ - 'name': 'Compute', - 'count': 2, - 'defaults': { - 'profile': 'compute', - 'hostname': 'compute-0' - } - }] - exc = self.assertRaises( - ValueError, bd.expand, - roles, 'overcloud', True, self.default_image - ) - self.assertIn('Compute: cannot specify hostname in defaults', - str(exc)) - - def test_instances_without_hostname(self): - roles = [{ - 'name': 'Compute', - 'count': 2, - 'defaults': { - 'profile': 'compute' - }, - 'hostname_format': 'compute-%index%.example.com' - }, { - 'name': 'Controller', - 'count': 2, - 'defaults': { - 'profile': 'control' - }, - 'instances': [{ - 'profile': 'control-X' - # missing hostname here - }, { - 'name': 'node-0', - 'traits': ['CUSTOM_FOO'], - 'nics': [{'subnet': 'leaf-2'}]}, - ]}, - ] - instances, environment, role_net_map, hostname_role_map = bd.expand( - roles, 'overcloud', True, self.default_image - ) - self.assertEqual( - [ - {'hostname': 'compute-0.example.com', - 'capabilities': {'profile': 'compute'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': { - 'instance-type': 'Compute'}}}, - {'hostname': 'compute-1.example.com', - 'capabilities': {'profile': 'compute'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': { - 'instance-type': 'Compute'}}}, - {'hostname': 'overcloud-controller-0', - 'capabilities': {'profile': 'control-X'}, - 'image': {'href': 'overcloud-full'}, - 'config_drive': {'meta_data': { - 'instance-type': 'Controller'}}}, - # Name provides the default for hostname - {'name': 'node-0', 'capabilities': {'profile': 'control'}, - 'hostname': 'node-0', - 'image': {'href': 'overcloud-full'}, - 'traits': ['CUSTOM_FOO'], 'nics': [{'subnet': 'leaf-2'}], - 'config_drive': {'meta_data': { - 'instance-type': 'Controller'}}}, - ], - instances) - self.assertEqual({'compute-0.example.com': 'Compute', - 'compute-1.example.com': 'Compute', - 'node-0': 'Controller', - 'overcloud-controller-0': 'Controller'}, - hostname_role_map) - - def test_more_instances_than_count(self): - roles = [{ - 'name': 'Compute', - 'count': 3, - 'defaults': { - 'profile': 'compute', - 'name': 'compute-0' - }, - 'instances': [{ - 'name': 'node-0' - }, { - 'name': 'node-1' - }, { - 'name': 'node-2' - }, { - 'name': 'node-3' - }] - }] - exc = self.assertRaises( - ValueError, bd.expand, - roles, 'overcloud', True, self.default_image - ) - self.assertIn('Compute: number of instance entries 4 ' - 'cannot be greater than count 3', - str(exc)) - - -class TestCheckExistingInstances(base.TestCase): - - def test_success(self): - pr = mock.Mock() - baremetal = mock.Mock() - baremetal.nodes.return_value = [mock.MagicMock( - id='aaaa', instance_info={'display_name': 'host2'})] - - instances = [ - {'hostname': 'host1', - 'image': {'href': 'overcloud-full'}}, - {'hostname': 'host3', - 'image': {'href': 'overcloud-full'}}, - {'hostname': 'host2', 'resource_class': 'compute', - 'capabilities': {'answer': '42'}, - 'image': {'href': 'overcloud-full'}} - ] - existing = mock.MagicMock(id='aaaa', hostname='host2', allocation=None) - pr.show_instance.side_effect = [ - sdk_exc.ResourceNotFound(""), - metalsmith.exceptions.Error(""), - existing, - ] - found, not_found, unmanaged = bd.check_existing(instances, pr, - baremetal) - - self.assertEqual([existing], found) - self.assertEqual([{ - 'hostname': 'host1', - 'image': {'href': 'overcloud-full'}, - }, { - 'hostname': 'host3', - 'image': {'href': 'overcloud-full'}, - }], not_found) - pr.show_instance.assert_has_calls([ - mock.call(host) for host in ['host1', 'host3', 'aaaa'] - ]) - - def test_match_name_only(self): - pr = mock.Mock() - baremetal = mock.Mock() - baremetal.nodes.return_value = [mock.MagicMock( - id='aaaa', instance_info={})] - - instances = [ - {'hostname': 'host1', - 'image': {'href': 'overcloud-full'}}, - {'hostname': 'host3', - 'image': {'href': 'overcloud-full'}}, - {'hostname': 'host2', 'resource_class': 'compute', - 'capabilities': {'answer': '42'}, - 'image': {'href': 'overcloud-full'}} - ] - existing = mock.MagicMock(id='aaaa', hostname='host2', allocation=None) - pr.show_instance.side_effect = [ - sdk_exc.ResourceNotFound(""), - metalsmith.exceptions.Error(""), - existing, - ] - found, not_found, unmanaged = bd.check_existing(instances, pr, - baremetal) - - self.assertEqual([existing], found) - self.assertEqual([{ - 'hostname': 'host1', - 'image': {'href': 'overcloud-full'}, - }, { - 'hostname': 'host3', - 'image': {'href': 'overcloud-full'}, - }], not_found) - pr.show_instance.assert_has_calls([ - mock.call(host) for host in ['host1', 'host3', 'host2'] - ]) - - def test_duplicate_display_names(self): - pr = mock.Mock() - baremetal = mock.Mock() - baremetal.nodes.return_value = [ - mock.MagicMock(id='aaaa', instance_info={'display_name': 'host1'}), - mock.MagicMock(id='bbbb', instance_info={'display_name': 'host1'}), - mock.MagicMock(id='cccc', instance_info={'display_name': 'host1'}) - ] - instances = [ - {'hostname': 'host1', - 'image': {'href': 'overcloud-full'}}, - ] - exc = self.assertRaises( - bd.BaremetalDeployException, bd.check_existing, - instances, pr, baremetal) - - self.assertIn("more than one existing instance", str(exc)) - pr.show_instance.assert_not_called() - - def test_duplicate_names(self): - pr = mock.Mock() - baremetal = mock.Mock() - nodes = [ - mock.MagicMock(id='aaaa', instance_info={'display_name': 'host1'}), - mock.MagicMock(id='bbbb', instance_info={'display_name': 'host2'}), - mock.MagicMock(id='cccc', instance_info={'display_name': 'host3'}) - ] - nodes[0].name = 'node1' - nodes[1].name = 'node1' - nodes[2].name = 'node1' - baremetal.nodes.return_value = nodes - instances = [ - {'hostname': 'host4', - 'name': 'node1', - 'image': {'href': 'overcloud-full'}}, - ] - exc = self.assertRaises( - bd.BaremetalDeployException, bd.check_existing, - instances, pr, baremetal) - - self.assertIn("more than one existing node", str(exc)) - pr.show_instance.assert_not_called() - - def test_name_hostname_swapped(self): - pr = mock.Mock() - baremetal = mock.Mock() - baremetal.nodes.return_value = [ - mock.MagicMock(id='aaaa', instance_info={'display_name': 'host3'}), - mock.MagicMock(id='bbbb', instance_info={'display_name': 'host2'}), - mock.MagicMock(id='cccc', instance_info={'display_name': 'host1'}) - ] - - instances = [ - {'hostname': 'host3', 'name': 'host1', - 'image': {'href': 'overcloud-full'}}, - {'hostname': 'host2', 'name': 'host2', - 'image': {'href': 'overcloud-full'}}, - {'hostname': 'host1', 'name': 'host3', - 'image': {'href': 'overcloud-full'}}, - ] - existing = [ - mock.MagicMock(id='aaaa', hostname='host3', allocation=None), - mock.MagicMock(id='aaaa', hostname='host2', allocation=None), - mock.MagicMock(id='aaaa', hostname='host1', allocation=None), - ] - pr.show_instance.side_effect = existing - found, not_found, unmanaged = bd.check_existing(instances, pr, - baremetal) - - self.assertEqual(existing, found) - self.assertEqual([], not_found) - pr.show_instance.assert_has_calls([ - mock.call(host) for host in ['aaaa', 'bbbb', 'cccc'] - ]) - - def test_existing_no_allocation(self): - pr = mock.Mock() - baremetal = mock.Mock() - baremetal.nodes.return_value = [mock.MagicMock( - id='aaaa', name="server2", instance_info={'display_name': 'host2'})] - instances = [ - {'name': 'server2', 'resource_class': 'compute', - 'hostname': 'host2', - 'capabilities': {'answer': '42'}, - 'image': {'href': 'overcloud-full'}} - ] - existing = mock.MagicMock( - uuid='aaaa', hostname='host2', allocation=None, - state=metalsmith.InstanceState.ACTIVE) - pr.show_instance.return_value = existing - baremetal.get_allocation.side_effect = sdk_exc.ResourceNotFound - - found, not_found, unmanaged = bd.check_existing(instances, pr, - baremetal) - baremetal.create_allocation.assert_called_once_with( - name='host2', node='server2', resource_class='compute') - - self.assertEqual([], not_found) - self.assertEqual([existing], found) - pr.show_instance.assert_has_calls([mock.call('aaaa'), - mock.call('aaaa')]) - - def test_hostname_mismatch(self): - pr = mock.Mock() - baremetal = mock.Mock() - baremetal.nodes.return_value = [] - instances = [ - {'hostname': 'host1', - 'image': {'href': 'overcloud-full'}}, - ] - pr.show_instance.return_value.hostname = 'host2' - exc = self.assertRaises( - bd.BaremetalDeployException, bd.check_existing, - instances, pr, baremetal) - - self.assertIn("hostname host1 was not found", str(exc)) - pr.show_instance.assert_called_once_with('host1') - - def test_hostname_mismatch_but_instance_info_display_name_correct(self): - pr = mock.Mock() - baremetal = mock.Mock() - baremetal.nodes.return_value = [mock.MagicMock( - id='aaaa', instance_info={'display_name': 'correct_hostname'})] - instances = [ - {'name': 'bm_node1', 'resource_class': 'baremetal', - 'hostname': 'correct_hostname', - 'image': {'href': 'overcloud-full'}}, - ] - existing = mock.MagicMock( - uuid='aaaa', name='bm_node1', hostname='wrong_hostname', - allocation=None, - state=metalsmith.InstanceState.ACTIVE) - pr.show_instance.return_value = existing - baremetal.get_node.return_value.instance_info = { - 'display_name': 'correct_hostname'} - baremetal.get_allocation.side_effect = [sdk_exc.ResourceNotFound, - mock.MagicMock()] - found, not_found, unmanaged = bd.check_existing(instances, pr, - baremetal) - - baremetal.create_allocation.assert_called_once_with( - name='correct_hostname', node='bm_node1', - resource_class='baremetal') - - self.assertEqual([], not_found) - self.assertEqual([existing], found) - self.assertEqual(2, pr.show_instance.call_count) - pr.show_instance.assert_has_calls([mock.call('aaaa'), - mock.call('aaaa')]) - - def test_hostname_mismatch_and_instance_info_display_name_mismatch(self): - pr = mock.Mock() - baremetal = mock.Mock() - nodes = [mock.MagicMock( - id='aaaa', instance_info={'display_name': 'mismatching_hostname'})] - baremetal.nodes.return_value = nodes - nodes[0].name = 'bm_node1' - instances = [ - {'name': 'bm_node1', 'resource_class': 'baremetal', - 'hostname': 'correct_hostname', - 'image': {'href': 'overcloud-full'}}, - ] - existing = mock.MagicMock( - id='aaaa', name='bm_node1', hostname='wrong_hostname', - allocation=mock.MagicMock(), - state=metalsmith.InstanceState.ACTIVE) - pr.show_instance.return_value = existing - baremetal.get_allocation.return_value = mock.MagicMock() - baremetal.get_node.return_value.instance_info = { - 'display_name': 'mismatching_hostname'} - exc = self.assertRaises( - bd.BaremetalDeployException, bd.check_existing, - instances, pr, baremetal) - - self.assertIn("hostname correct_hostname was not found", str(exc)) - pr.show_instance.assert_called_once_with('bm_node1') - - def test_check_existing_no_ironic(self): - pr = mock.Mock() - instances = [ - {'hostname': 'host1', - 'image': {'href': 'overcloud-full'}}, - ] - exc = self.assertRaises( - bd.BaremetalDeployException, bd.check_existing, - instances, pr, None) - - self.assertIn( - "Instance host1 is not specified as pre-provisioned", str(exc)) - - def test_unexpected_error(self): - pr = mock.Mock() - baremetal = mock.Mock() - baremetal.nodes.return_value = [] - instances = [ - {'image': {'href': 'overcloud-full'}, - 'hostname': 'host%d' % i} for i in range(3) - ] - pr.show_instance.side_effect = RuntimeError('boom') - exc = self.assertRaises( - bd.BaremetalDeployException, bd.check_existing, - instances, pr, baremetal) - - self.assertIn("for host0", str(exc)) - self.assertIn("RuntimeError: boom", str(exc)) - pr.show_instance.assert_called_once_with('host0') - - def test_merge_config_drive_defaults(self): - - def assertConfigDriveMerge(cd, cd_defaults, cd_instance): - defaults = {} - instance = {} - if cd_defaults is not None: - defaults['config_drive'] = cd_defaults - if cd_instance is not None: - instance['config_drive'] = cd_instance - - bd.merge_config_drive_defaults(defaults, instance) - - if cd is None: - self.assertNotIn(instance, 'config_drive') - self.assertEqual(cd, instance.get('config_drive')) - - # assert no config_drive key when nothing to merge - assertConfigDriveMerge(None, None, None) - assertConfigDriveMerge(None, {}, None) - assertConfigDriveMerge({}, None, {}) - assertConfigDriveMerge({}, {}, {}) - - # assert what expand does internally when no config_drive is specified - assertConfigDriveMerge( - {'meta_data': {'instance-type': 'Compute'}}, - {'meta_data': {'instance-type': 'Compute'}}, - None - ) - - # assert various combinations of defaults and instance to show that - # merge works and instance has precedence over defaults - assertConfigDriveMerge( - {'meta_data': {'one': 1, 'two': 22, 'three': 3, 'four': 44}}, - {'meta_data': {'one': 1, 'two': 2, 'three': 3}}, - {'meta_data': {'two': 22, 'four': 44}}, - ) - assertConfigDriveMerge( - {'cloud_config': {'one': 1, 'two': 22, 'three': 3, 'four': 44}}, - {'cloud_config': {'one': 1, 'two': 2, 'three': 3}}, - {'cloud_config': {'two': 22, 'four': 44}}, - ) diff --git a/tripleo_ansible/tests/stubs.py b/tripleo_ansible/tests/stubs.py deleted file mode 100644 index 0e06ab7b4..000000000 --- a/tripleo_ansible/tests/stubs.py +++ /dev/null @@ -1,169 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -class FakeNeutronNetwork(dict): - def __init__(self, **attrs): - NETWORK_ATTRS = ['id', - 'name', - 'status', - 'tenant_id', - 'is_admin_state_up', - 'mtu', - 'segments', - 'is_shared', - 'subnets', - 'provider:network_type', - 'provider:physical_network', - 'provider:segmentation_id', - 'router:external', - 'availability_zones', - 'availability_zone_hints', - 'is_default', - 'tags'] - - raw = dict.fromkeys(NETWORK_ATTRS) - raw.update(attrs) - raw.update({ - 'provider_physical_network': attrs.get( - 'provider:physical_network', None), - 'provider_network_type': attrs.get( - 'provider:network_type', None), - 'provider_segmentation_id': attrs.get( - 'provider:segmentation_id', None) - }) - super(FakeNeutronNetwork, self).__init__(raw) - - def __getattr__(self, key): - try: - return self[key] - except KeyError: - raise AttributeError(key) - - def __setattr__(self, key, value): - if key in self: - self[key] = value - else: - raise AttributeError(key) - - -class FakeNeutronSegment(dict): - def __init__(self, **attrs): - NETWORK_ATTRS = ['id', - 'name', - 'network_id', - 'description', - 'network_type', - 'physical_network', - 'segmentation_id', - 'tags'] - - raw = dict.fromkeys(NETWORK_ATTRS) - raw.update(attrs) - super(FakeNeutronSegment, self).__init__(raw) - - def __getattr__(self, key): - try: - return self[key] - except KeyError: - raise AttributeError(key) - - def __setattr__(self, key, value): - if key in self: - self[key] = value - else: - raise AttributeError(key) - - -class FakeNeutronPort(dict): - def __init__(self, **attrs): - PORT_ATTRS = ['admin_state_up', - 'allowed_address_pairs', - 'binding:host_id', - 'binding:profile', - 'binding:vif_details', - 'binding:vif_type', - 'binding:vnic_type', - 'data_plane_status', - 'description', - 'device_id', - 'device_owner', - 'dns_assignment', - 'dns_domain', - 'dns_name', - 'extra_dhcp_opts', - 'fixed_ips', - 'id', - 'mac_address', - 'name', 'network_id', - 'port_security_enabled', - 'security_group_ids', - 'status', - 'tenant_id', - 'qos_network_policy_id', - 'qos_policy_id', - 'tags', - 'uplink_status_propagation'] - - raw = dict.fromkeys(PORT_ATTRS) - raw.update(attrs) - super(FakeNeutronPort, self).__init__(raw) - - def __getattr__(self, key): - try: - return self[key] - except KeyError: - raise AttributeError(key) - - def __setattr__(self, key, value): - if key in self: - self[key] = value - else: - raise AttributeError(key) - - -class FakeNeutronSubnet(dict): - def __init__(self, **attrs): - SUBNET_ATTRS = ['id', - 'name', - 'network_id', - 'cidr', - 'tenant_id', - 'is_dhcp_enabled', - 'dns_nameservers', - 'allocation_pools', - 'host_routes', - 'ip_version', - 'gateway_ip', - 'ipv6_address_mode', - 'ipv6_ra_mode', - 'subnetpool_id', - 'segment_id', - 'tags'] - - raw = dict.fromkeys(SUBNET_ATTRS) - raw.update(attrs) - super(FakeNeutronSubnet, self).__init__(raw) - - def __getattr__(self, key): - try: - return self[key] - except KeyError: - raise AttributeError(key) - - def __setattr__(self, key, value): - if key in self: - self[key] = value - else: - raise AttributeError(key) diff --git a/zuul.d/base.yaml b/zuul.d/base.yaml deleted file mode 100644 index 1decef32d..000000000 --- a/zuul.d/base.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- job: - description: Base tripleo-ansible job - name: tripleo-ansible-centos-stream-base - nodeset: centos-9-stream - parent: base - success-url: "reports.html" - failure-url: "reports.html" - pre-run: - - tripleo_ansible/playbooks/prepare-test-host.yml - - zuul.d/playbooks/pre.yml - run: - - zuul.d/playbooks/run.yml - timeout: 3600 - voting: true diff --git a/zuul.d/layout.yaml b/zuul.d/layout.yaml deleted file mode 100644 index 28794ebcc..000000000 --- a/zuul.d/layout.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- project: - templates: - - tripleo-ansible-molecule-jobs - - release-notes-jobs-python3 - - openstack-python3-jobs - - tripleo-external-compute-deployment-pipeline - - tripleo-multinode-container-minimal-pipeline - - tripleo-standalone-scenarios-pipeline - - tripleo-undercloud-jobs-pipeline - - tripleo-upgrades-master-pipeline - check: - jobs: - - tripleo-ci-centos-9-content-provider: - dependencies: - - openstack-tox-linters - - openstack-tox-linters - - openstack-tox-docs: &tripleo-docs - files: - - ^doc/.* - - ^molecule-requirements.txt - - ^README.rst - - ^requirements.txt - - ^tripleo_ansible/ansible_plugins/.* - - gate: - jobs: - - tripleo-ci-centos-9-content-provider - - openstack-tox-linters - - openstack-tox-docs: *tripleo-docs - post: - jobs: - - publish-openstack-python-branch-tarball - promote: - jobs: - - promote-openstack-tox-docs: *tripleo-docs diff --git a/zuul.d/molecule.yaml b/zuul.d/molecule.yaml deleted file mode 100644 index 4c0e7ba67..000000000 --- a/zuul.d/molecule.yaml +++ /dev/null @@ -1,901 +0,0 @@ -# Managed via ./role-addition.yml, do not edit manually without testing that -# new role addition does not reformat it. ---- -- project-template: - check: - jobs: - - tripleo-ansible-centos-stream-molecule-aide - - tripleo-ansible-centos-stream-molecule-backup_and_restore - - tripleo-ansible-centos-stream-molecule-designate_bind_config - - tripleo-ansible-centos-stream-molecule-env_data - - tripleo-ansible-centos-stream-molecule-login_defs - - tripleo-ansible-centos-stream-molecule-snapshot_and_revert - - tripleo-ansible-centos-stream-molecule-test_deps - - tripleo-ansible-centos-stream-molecule-test_package_action - - tripleo-ansible-centos-stream-molecule-tripleo-modules - - tripleo-ansible-centos-stream-molecule-tripleo_auditd - - tripleo-ansible-centos-stream-molecule-tripleo_bootstrap - - tripleo-ansible-centos-stream-molecule-tripleo_cellv2 - - tripleo-ansible-centos-stream-molecule-tripleo_ceph_client - - tripleo-ansible-centos-stream-molecule-tripleo_ceph_client_files - - tripleo-ansible-centos-stream-molecule-tripleo_ceph_distribute_keys - - tripleo-ansible-centos-stream-molecule-tripleo_cephadm - - tripleo-ansible-centos-stream-molecule-tripleo_clients_install - - tripleo-ansible-centos-stream-molecule-tripleo_collectd - - tripleo-ansible-centos-stream-molecule-tripleo_compute_node - - tripleo-ansible-centos-stream-molecule-tripleo_config - - tripleo-ansible-centos-stream-molecule-tripleo_container_image_build - - tripleo-ansible-centos-stream-molecule-tripleo_container_image_prepare - - tripleo-ansible-centos-stream-molecule-tripleo_container_manage - - tripleo-ansible-centos-stream-molecule-tripleo_container_rm - - tripleo-ansible-centos-stream-molecule-tripleo_container_standalone - - tripleo-ansible-centos-stream-molecule-tripleo_container_stop - - tripleo-ansible-centos-stream-molecule-tripleo_container_tag - - tripleo-ansible-centos-stream-molecule-tripleo_create_admin - - tripleo-ansible-centos-stream-molecule-tripleo_etcd - - tripleo-ansible-centos-stream-molecule-tripleo_firewall - - tripleo-ansible-centos-stream-molecule-tripleo_ha_wrapper - - tripleo-ansible-centos-stream-molecule-tripleo_hieradata - - tripleo-ansible-centos-stream-molecule-tripleo_hosts_entries - - tripleo-ansible-centos-stream-molecule-tripleo_httpd_config - - tripleo-ansible-centos-stream-molecule-tripleo_httpd_vhost - - tripleo-ansible-centos-stream-molecule-tripleo_image_serve - - tripleo-ansible-centos-stream-molecule-tripleo_ironic - - tripleo-ansible-centos-stream-molecule-tripleo_iscsid - - tripleo-ansible-centos-stream-molecule-tripleo_kernel - - tripleo-ansible-centos-stream-molecule-tripleo_keystone - - tripleo-ansible-centos-stream-molecule-tripleo_keystone_resources - - tripleo-ansible-centos-stream-molecule-tripleo_logrotate_crond - - tripleo-ansible-centos-stream-molecule-tripleo_lvmfilter - - tripleo-ansible-centos-stream-molecule-tripleo_metrics_qdr - - tripleo-ansible-centos-stream-molecule-tripleo_module_load - - tripleo-ansible-centos-stream-molecule-tripleo_multipathd - - tripleo-ansible-centos-stream-molecule-tripleo_mysql_client - - tripleo-ansible-centos-stream-molecule-tripleo_network_config - - tripleo-ansible-centos-stream-molecule-tripleo_nftables - - tripleo-ansible-centos-stream-molecule-tripleo_nodes_validation - - tripleo-ansible-centos-stream-molecule-tripleo_nova_image_cache - - tripleo-ansible-centos-stream-molecule-tripleo_nova_libvirt - - tripleo-ansible-centos-stream-molecule-tripleo_nova_compute - - tripleo-ansible-centos-stream-molecule-tripleo_nvdimm - - tripleo-ansible-centos-stream-molecule-tripleo_ovn - - tripleo-ansible-centos-stream-molecule-tripleo_ovn_cluster - - tripleo-ansible-centos-stream-molecule-tripleo_ovs_dpdk - - tripleo-ansible-centos-stream-molecule-tripleo_packages - - tripleo-ansible-centos-stream-molecule-tripleo_persist - - tripleo-ansible-centos-stream-molecule-tripleo_podman - - tripleo-ansible-centos-stream-molecule-tripleo_provision_mcelog - - tripleo-ansible-centos-stream-molecule-tripleo_ptp - - tripleo-ansible-centos-stream-molecule-tripleo_puppet_cache - - tripleo-ansible-centos-stream-molecule-tripleo_redhat_enforce - - tripleo-ansible-centos-stream-molecule-tripleo_run_cephadm - - tripleo-ansible-centos-stream-molecule-tripleo_securetty - - tripleo-ansible-centos-stream-molecule-tripleo_ssh_known_hosts - - tripleo-ansible-centos-stream-molecule-tripleo_sshd - - tripleo-ansible-centos-stream-molecule-tripleo_systemd_wrapper - - tripleo-ansible-centos-stream-molecule-tripleo_timezone - - tripleo-ansible-centos-stream-molecule-tripleo_transfer - - tripleo-ansible-centos-stream-molecule-tripleo_unbound - - tripleo-ansible-centos-stream-molecule-tripleo_update_trusted_cas - - tripleo-ansible-centos-stream-molecule-tripleo_upgrade_hiera - - tripleo-ansible-centos-stream-molecule-tripleo_validations_package - - tripleo-ansible-centos-stream-molecule-tuned - - tripleo-ansible-centos-stream-role-addition - gate: - jobs: - - tripleo-ansible-centos-stream-molecule-aide - - tripleo-ansible-centos-stream-molecule-backup_and_restore - - tripleo-ansible-centos-stream-molecule-designate_bind_config - - tripleo-ansible-centos-stream-molecule-env_data - - tripleo-ansible-centos-stream-molecule-login_defs - - tripleo-ansible-centos-stream-molecule-snapshot_and_revert - - tripleo-ansible-centos-stream-molecule-test_deps - - tripleo-ansible-centos-stream-molecule-test_package_action - - tripleo-ansible-centos-stream-molecule-tripleo-modules - - tripleo-ansible-centos-stream-molecule-tripleo_auditd - - tripleo-ansible-centos-stream-molecule-tripleo_bootstrap - - tripleo-ansible-centos-stream-molecule-tripleo_cellv2 - - tripleo-ansible-centos-stream-molecule-tripleo_ceph_client - - tripleo-ansible-centos-stream-molecule-tripleo_ceph_client_files - - tripleo-ansible-centos-stream-molecule-tripleo_ceph_distribute_keys - - tripleo-ansible-centos-stream-molecule-tripleo_cephadm - - tripleo-ansible-centos-stream-molecule-tripleo_clients_install - - tripleo-ansible-centos-stream-molecule-tripleo_collectd - - tripleo-ansible-centos-stream-molecule-tripleo_compute_node - - tripleo-ansible-centos-stream-molecule-tripleo_config - - tripleo-ansible-centos-stream-molecule-tripleo_container_image_build - - tripleo-ansible-centos-stream-molecule-tripleo_container_image_prepare - - tripleo-ansible-centos-stream-molecule-tripleo_container_manage - - tripleo-ansible-centos-stream-molecule-tripleo_container_rm - - tripleo-ansible-centos-stream-molecule-tripleo_container_standalone - - tripleo-ansible-centos-stream-molecule-tripleo_container_stop - - tripleo-ansible-centos-stream-molecule-tripleo_container_tag - - tripleo-ansible-centos-stream-molecule-tripleo_create_admin - - tripleo-ansible-centos-stream-molecule-tripleo_etcd - - tripleo-ansible-centos-stream-molecule-tripleo_firewall - - tripleo-ansible-centos-stream-molecule-tripleo_ha_wrapper - - tripleo-ansible-centos-stream-molecule-tripleo_hieradata - - tripleo-ansible-centos-stream-molecule-tripleo_hosts_entries - - tripleo-ansible-centos-stream-molecule-tripleo_httpd_config - - tripleo-ansible-centos-stream-molecule-tripleo_httpd_vhost - - tripleo-ansible-centos-stream-molecule-tripleo_image_serve - - tripleo-ansible-centos-stream-molecule-tripleo_ironic - - tripleo-ansible-centos-stream-molecule-tripleo_iscsid - - tripleo-ansible-centos-stream-molecule-tripleo_kernel - - tripleo-ansible-centos-stream-molecule-tripleo_keystone - - tripleo-ansible-centos-stream-molecule-tripleo_keystone_resources - - tripleo-ansible-centos-stream-molecule-tripleo_logrotate_crond - - tripleo-ansible-centos-stream-molecule-tripleo_lvmfilter - - tripleo-ansible-centos-stream-molecule-tripleo_metrics_qdr - - tripleo-ansible-centos-stream-molecule-tripleo_module_load - - tripleo-ansible-centos-stream-molecule-tripleo_multipathd - - tripleo-ansible-centos-stream-molecule-tripleo_mysql_client - - tripleo-ansible-centos-stream-molecule-tripleo_network_config - - tripleo-ansible-centos-stream-molecule-tripleo_nftables - - tripleo-ansible-centos-stream-molecule-tripleo_nodes_validation - - tripleo-ansible-centos-stream-molecule-tripleo_nova_image_cache - - tripleo-ansible-centos-stream-molecule-tripleo_nova_libvirt - - tripleo-ansible-centos-stream-molecule-tripleo_nova_compute - - tripleo-ansible-centos-stream-molecule-tripleo_nvdimm - - tripleo-ansible-centos-stream-molecule-tripleo_ovn - - tripleo-ansible-centos-stream-molecule-tripleo_ovn_cluster - - tripleo-ansible-centos-stream-molecule-tripleo_ovs_dpdk - - tripleo-ansible-centos-stream-molecule-tripleo_packages - - tripleo-ansible-centos-stream-molecule-tripleo_persist - - tripleo-ansible-centos-stream-molecule-tripleo_podman - - tripleo-ansible-centos-stream-molecule-tripleo_provision_mcelog - - tripleo-ansible-centos-stream-molecule-tripleo_ptp - - tripleo-ansible-centos-stream-molecule-tripleo_puppet_cache - - tripleo-ansible-centos-stream-molecule-tripleo_redhat_enforce - - tripleo-ansible-centos-stream-molecule-tripleo_run_cephadm - - tripleo-ansible-centos-stream-molecule-tripleo_securetty - - tripleo-ansible-centos-stream-molecule-tripleo_ssh_known_hosts - - tripleo-ansible-centos-stream-molecule-tripleo_sshd - - tripleo-ansible-centos-stream-molecule-tripleo_systemd_wrapper - - tripleo-ansible-centos-stream-molecule-tripleo_timezone - - tripleo-ansible-centos-stream-molecule-tripleo_transfer - - tripleo-ansible-centos-stream-molecule-tripleo_unbound - - tripleo-ansible-centos-stream-molecule-tripleo_update_trusted_cas - - tripleo-ansible-centos-stream-molecule-tripleo_upgrade_hiera - - tripleo-ansible-centos-stream-molecule-tripleo_validations_package - - tripleo-ansible-centos-stream-molecule-tuned - - tripleo-ansible-centos-stream-role-addition - name: tripleo-ansible-molecule-jobs - periodic-weekly: - jobs: - - tripleo-ansible-centos-stream-molecule-aide - - tripleo-ansible-centos-stream-molecule-backup_and_restore - - tripleo-ansible-centos-stream-molecule-designate_bind_config - - tripleo-ansible-centos-stream-molecule-env_data - - tripleo-ansible-centos-stream-molecule-login_defs - - tripleo-ansible-centos-stream-molecule-snapshot_and_revert - - tripleo-ansible-centos-stream-molecule-test_deps - - tripleo-ansible-centos-stream-molecule-test_package_action - - tripleo-ansible-centos-stream-molecule-tripleo_auditd - - tripleo-ansible-centos-stream-molecule-tripleo_bootstrap - - tripleo-ansible-centos-stream-molecule-tripleo_cellv2 - - tripleo-ansible-centos-stream-molecule-tripleo_ceph_client - - tripleo-ansible-centos-stream-molecule-tripleo_ceph_client_files - - tripleo-ansible-centos-stream-molecule-tripleo_ceph_distribute_keys - - tripleo-ansible-centos-stream-molecule-tripleo_cephadm - - tripleo-ansible-centos-stream-molecule-tripleo_clients_install - - tripleo-ansible-centos-stream-molecule-tripleo_collectd - - tripleo-ansible-centos-stream-molecule-tripleo_compute_node - - tripleo-ansible-centos-stream-molecule-tripleo_config - - tripleo-ansible-centos-stream-molecule-tripleo_container_image_build - - tripleo-ansible-centos-stream-molecule-tripleo_container_image_prepare - - tripleo-ansible-centos-stream-molecule-tripleo_container_manage - - tripleo-ansible-centos-stream-molecule-tripleo_container_rm - - tripleo-ansible-centos-stream-molecule-tripleo_container_standalone - - tripleo-ansible-centos-stream-molecule-tripleo_container_stop - - tripleo-ansible-centos-stream-molecule-tripleo_container_tag - - tripleo-ansible-centos-stream-molecule-tripleo_create_admin - - tripleo-ansible-centos-stream-molecule-tripleo_etcd - - tripleo-ansible-centos-stream-molecule-tripleo_firewall - - tripleo-ansible-centos-stream-molecule-tripleo_ha_wrapper - - tripleo-ansible-centos-stream-molecule-tripleo_hieradata - - tripleo-ansible-centos-stream-molecule-tripleo_hosts_entries - - tripleo-ansible-centos-stream-molecule-tripleo_httpd_config - - tripleo-ansible-centos-stream-molecule-tripleo_httpd_vhost - - tripleo-ansible-centos-stream-molecule-tripleo_image_serve - - tripleo-ansible-centos-stream-molecule-tripleo_ironic - - tripleo-ansible-centos-stream-molecule-tripleo_iscsid - - tripleo-ansible-centos-stream-molecule-tripleo_kernel - - tripleo-ansible-centos-stream-molecule-tripleo_keystone - - tripleo-ansible-centos-stream-molecule-tripleo_keystone_resources - - tripleo-ansible-centos-stream-molecule-tripleo_logrotate_crond - - tripleo-ansible-centos-stream-molecule-tripleo_lvmfilter - - tripleo-ansible-centos-stream-molecule-tripleo_module_load - - tripleo-ansible-centos-stream-molecule-tripleo_multipathd - - tripleo-ansible-centos-stream-molecule-tripleo_mysql_client - - tripleo-ansible-centos-stream-molecule-tripleo_network_config - - tripleo-ansible-centos-stream-molecule-tripleo_nftables - - tripleo-ansible-centos-stream-molecule-tripleo_nodes_validation - - tripleo-ansible-centos-stream-molecule-tripleo_nova_image_cache - - tripleo-ansible-centos-stream-molecule-tripleo_nova_libvirt - - tripleo-ansible-centos-stream-molecule-tripleo_nova_compute - - tripleo-ansible-centos-stream-molecule-tripleo_nvdimm - - tripleo-ansible-centos-stream-molecule-tripleo_ovn - - tripleo-ansible-centos-stream-molecule-tripleo_ovn_cluster - - tripleo-ansible-centos-stream-molecule-tripleo_ovs_dpdk - - tripleo-ansible-centos-stream-molecule-tripleo_packages - - tripleo-ansible-centos-stream-molecule-tripleo_persist - - tripleo-ansible-centos-stream-molecule-tripleo_podman - - tripleo-ansible-centos-stream-molecule-tripleo_ptp - - tripleo-ansible-centos-stream-molecule-tripleo_puppet_cache - - tripleo-ansible-centos-stream-molecule-tripleo_redhat_enforce - - tripleo-ansible-centos-stream-molecule-tripleo_run_cephadm - - tripleo-ansible-centos-stream-molecule-tripleo_securetty - - tripleo-ansible-centos-stream-molecule-tripleo_ssh_known_hosts - - tripleo-ansible-centos-stream-molecule-tripleo_sshd - - tripleo-ansible-centos-stream-molecule-tripleo_systemd_wrapper - - tripleo-ansible-centos-stream-molecule-tripleo_timezone - - tripleo-ansible-centos-stream-molecule-tripleo_transfer - - tripleo-ansible-centos-stream-molecule-tripleo_unbound - - tripleo-ansible-centos-stream-molecule-tripleo_upgrade_hiera - - tripleo-ansible-centos-stream-molecule-tripleo_validations_package - - tripleo-ansible-centos-stream-molecule-tuned - - tripleo-ansible-centos-stream-role-addition -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/aide/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-aide - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: aide -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/backup_and_restore/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-backup_and_restore - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: backup_and_restore -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/designate_bind_config/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-designate_bind_config - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: designate_bind_config -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/env_data/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-env_data - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: env_data -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/login_defs/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-login_defs - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: login_defs -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/snapshot_and_revert/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-snapshot_and_revert - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: snapshot_and_revert -- job: - files: - - ^molecule-requirements.txt - - ^.config/molecule/config.yml - - ^tripleo_ansible/roles/test_deps/(?!meta).* - - ^zuul.d/playbooks/pre.yml - name: tripleo-ansible-centos-stream-molecule-test_deps - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: test_deps -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/ansible_plugins/action/package.py - - ^tripleo_ansible/roles/test_package_action/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-test_package_action - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: test_package_action -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/ansible_plugins/modules/container_startup_config.py - - ^tripleo_ansible/ansible_plugins/modules/tripleo_container_configs.py - - ^tripleo_ansible/ansible_plugins/modules/tripleo_container_config_scripts.py - - ^tripleo_ansible/ansible_plugins/modules/tripleo_os_net_config.py - - ^tripleo_ansible/ansible_plugins/modules/tripleo_dnf_stream.py - - ^tripleo_ansible/ansible_plugins/strategy/.* - - ^tox.ini - name: tripleo-ansible-centos-stream-molecule-tripleo-modules - parent: tripleo-ansible-centos-stream-base - voting: false -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_auditd/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_auditd - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_auditd -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_bootstrap/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_bootstrap - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_bootstrap -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_cellv2/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_cellv2 - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_cellv2 -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_ceph_client/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_ceph_client - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_job_ansible_args: --skip-tags=ceph_client_rsync,clean_fetch_dir - tripleo_role_name: tripleo_ceph_client -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_ceph_client_files/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_ceph_client_files - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_ceph_client_files -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_ceph_distribute_keys/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_ceph_distribute_keys - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_job_ansible_args: --skip-tags=ceph_fetch_admin_keyring,ceph_admin_key_rsync - tripleo_role_name: tripleo_ceph_distribute_keys -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_cephadm/(?!meta).* - - ^tripleo_ansible/ansible_plugins/modules/ceph_(?!meta).* - - ^tripleo_ansible/ansible_plugins/module_utils/ceph_spec.py - name: tripleo-ansible-centos-stream-molecule-tripleo_cephadm - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_job_ansible_args: --skip-tags=cephadm_bootstrap,cephadm_mon_dump,cephadm_extract_keys - tripleo_role_name: tripleo_cephadm -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_clients_install/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_clients_install - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_clients_install -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_collectd/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_collectd - parent: tripleo-ansible-centos-stream-base - pre-run: zuul.d/playbooks/enable-fips.yml - timeout: 7200 - vars: - enable_fips: true - nslookup_target: opendev.org - tripleo_role_name: tripleo_collectd - voting: true -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_compute_node/(?!meta).* - - ^tripleo_ansible/playbooks/.* - name: tripleo-ansible-centos-stream-molecule-tripleo_compute_node - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_compute_node -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_config/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_config - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_config -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_container_image_build/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_container_image_build - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_container_image_build -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_container_image_prepare/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_container_image_prepare - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_docker_enable_vfs: true - tripleo_docker_temp_file: '{{ zuul.executor.work_root }}/.tmp/docker-daemon-{{ inventory_hostname }}.json' - tripleo_role_name: tripleo_container_image_prepare -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_container_manage/(?!meta).* - - ^tripleo_ansible/roles/tripleo_container_rm/.* - - ^tripleo_ansible/ansible_plugins/action/container_systemd.py$ - - ^tripleo_ansible/ansible_plugins/filter/helpers.py$ - - ^tripleo_ansible/ansible_plugins/modules/container_config_data.py$ - - ^tripleo_ansible/ansible_plugins/modules/container_puppet_config.py$ - - ^tripleo_ansible/ansible_plugins/modules/container_startup_config.py$ - name: tripleo-ansible-centos-stream-molecule-tripleo_container_manage - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_container_manage - voting: false -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_container_rm/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_container_rm - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_container_rm -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_container_standalone/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_container_standalone - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_container_standalone -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_container_stop/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_container_stop - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_container_stop -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_container_tag/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_container_tag - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_container_tag -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_create_admin/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_create_admin - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_create_admin -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_etcd/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_etcd - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_etcd -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_firewall/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_firewall - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_firewall -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_ha_wrapper/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_ha_wrapper - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_ha_wrapper -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_hieradata/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_hieradata - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_hieradata -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_hosts_entries/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_hosts_entries - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_hosts_entries -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_httpd_config/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_httpd_config - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_httpd_config -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_httpd_vhost/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_httpd_vhost - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_httpd_vhost -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_image_serve/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_image_serve - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_image_serve -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_ironic/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_ironic - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_ironic -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_iscsid/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_iscsid - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_iscsid -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_kernel/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_kernel - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_kernel -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_keystone/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_keystone - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_keystone -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_keystone_resources/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_keystone_resources - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_keystone_resources -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_logrotate_crond/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_logrotate_crond - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_logrotate_crond -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_lvmfilter/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_lvmfilter - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_lvmfilter -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_metrics_qdr/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_metrics_qdr - parent: tripleo-ansible-centos-stream-base - pre-run: zuul.d/playbooks/enable-fips.yml - vars: - tripleo_role_name: tripleo_metrics_qdr - voting: false -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_module_load/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_module_load - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_module_load -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_multipathd/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_multipathd - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_multipathd -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_mysql_client/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_mysql_client - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_mysql_client -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_network_config/(?!meta).* - - ^tripleo_ansible/ansible_plugins/modules/tripleo_os_net_config.py - name: tripleo-ansible-centos-stream-molecule-tripleo_network_config - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_network_config -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_nftables/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_nftables - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_nftables -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_nodes_validation/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_nodes_validation - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_nodes_validation -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_nova_image_cache/(?!meta).* - - ^tripleo_ansible/ansible_plugins/action/tripleo_nova_image_cache.py - - ^tripleo_ansible/ansible_plugins/modules/tripleo_nova_image_cache.py - name: tripleo-ansible-centos-stream-molecule-tripleo_nova_image_cache - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_nova_image_cache -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_nova_libvirt/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_nova_libvirt - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_nova_libvirt -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_nova_compute/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_nova_compute - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_nova_compute -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_nvdimm/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_nvdimm - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_nvdimm -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_ovn/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_ovn - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_ovn -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_ovn_cluster/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_ovn_cluster - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_ovn_cluster -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_ovs_dpdk/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_ovs_dpdk - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_ovs_dpdk -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_packages/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_packages - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_packages -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_persist/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_persist - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_persist -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_podman/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_podman - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_podman -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_provision_mcelog/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_provision_mcelog - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_provision_mcelog -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_ptp/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_ptp - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_ptp -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_puppet_cache/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_puppet_cache - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_puppet_cache -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_redhat_enforce/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_redhat_enforce - parent: tripleo-ansible-centos-stream-base - vars: - tox_envlist: mol-tripleo_redhat_enforce - voting: false -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_run_cephadm/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_run_cephadm - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_job_ansible_args: --skip-tags=run_cephadm - tripleo_role_name: tripleo_run_cephadm -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_securetty/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_securetty - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_securetty -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_ssh_known_hosts/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_ssh_known_hosts - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_ssh_known_hosts -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_sshd/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_sshd - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_sshd -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_systemd_wrapper/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_systemd_wrapper - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_systemd_wrapper -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_timezone/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_timezone - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_timezone -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_transfer/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_transfer - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_transfer -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_unbound/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_unbound - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_unbound -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_update_trusted_cas/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_update_trusted_cas - parent: tripleo-ansible-centos-stream-base - vars: - tox_envlist: mol-tripleo_update_trusted_cas - voting: false -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_upgrade_hiera/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_upgrade_hiera - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_upgrade_hiera -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tripleo_validations_package/(?!meta).* - name: tripleo-ansible-centos-stream-molecule-tripleo_validations_package - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tripleo_validations_package -- job: - files: - - ^molecule-requirements.txt - - ^tripleo_ansible/roles/tuned/(?!meta).* - - ^zuul.d/playbooks/pre.yml - name: tripleo-ansible-centos-stream-molecule-tuned - parent: tripleo-ansible-centos-stream-base - vars: - tripleo_role_name: tuned -- job: - files: - - ^.config/molecule/config.yml - - ^_skeleton_role_/.* - - ^role-addition.yml - - ^tox.ini - - ^molecule-requirements.txt - - ^zuul.d/playbooks/.* - - ^zuul.d/molecule.yaml - name: tripleo-ansible-centos-stream-role-addition - nodeset: centos-9-stream - parent: tox - run: - - zuul.d/playbooks/run-tox.yml - timeout: 1800 - vars: - tox_envlist: role-addition - voting: true diff --git a/zuul.d/playbooks/directories.yml b/zuul.d/playbooks/directories.yml deleted file mode 100644 index 2873cae40..000000000 --- a/zuul.d/playbooks/directories.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: Ensure output dirs - file: - path: "{{ ansible_user_dir }}/zuul-output/logs" - state: directory - -- name: Directories needing root - become: true - block: - - name: Ensure ci directories - file: - path: "/etc/ci" - state: "directory" - - - name: Ensure ci mirror file - file: - path: "/etc/ci/mirror_info.sh" - state: "touch" - - - name: Copy repos directory to opt workspace - copy: - src: /etc/yum.repos.d - dest: /opt/ - remote_src: true - mode: "0777" diff --git a/zuul.d/playbooks/enable-fips.yml b/zuul.d/playbooks/enable-fips.yml deleted file mode 100644 index cd89a0626..000000000 --- a/zuul.d/playbooks/enable-fips.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- - -- hosts: all - tasks: - - include_role: - name: enable-fips diff --git a/zuul.d/playbooks/pre.yml b/zuul.d/playbooks/pre.yml deleted file mode 100644 index 0c562b96a..000000000 --- a/zuul.d/playbooks/pre.yml +++ /dev/null @@ -1,93 +0,0 @@ ---- - -- hosts: all - pre_tasks: - - name: Create directories - import_tasks: directories.yml - - name: Set project path fact - set_fact: - tripleo_ansible_project_path: "{{ ansible_user_dir }}/{{ zuul.projects['opendev.org/openstack/tripleo-ansible'].src_dir }}" - - - name: Ensure pip is available - include_role: - name: ensure-pip - - - name: Setup bindep - pip: - name: "bindep" - virtualenv: "{{ ansible_user_dir }}/test-python" - virtualenv_command: "{{ ensure_pip_virtualenv_command }}" - virtualenv_site_packages: true - - - name: Run bindep - shell: |- - . {{ ansible_user_dir }}/test-python/bin/activate - {{ tripleo_ansible_project_path }}/scripts/bindep-install - become: true - - - name: Ensure a recent version of pip is installed in virtualenv - pip: - name: "pip<20.3.0" - virtualenv: "{{ ansible_user_dir }}/test-python" - virtualenv_command: "{{ ensure_pip_virtualenv_command }}" - state: latest - - - name: Setup test-python - pip: - requirements: "{{ tripleo_ansible_project_path }}/molecule-requirements.txt" - virtualenv: "{{ ansible_user_dir }}/test-python" - virtualenv_command: "{{ ensure_pip_virtualenv_command }}" - virtualenv_site_packages: true - extra_args: >- - --constraint "{{ tripleo_ansible_project_path }}/ansible-requirements.txt" - - - name: Display test-python virtualenv package versions - shell: |- - . {{ ansible_user_dir }}/test-python/bin/activate - pip freeze - - - name: Basic ci setup - become: true - block: - - name: Set an appropriate fs.file-max - sysctl: - name: fs.file-max - value: 2048000 - sysctl_set: true - state: present - reload: true - - - name: Set container_manage_cgroup boolean - seboolean: - name: container_manage_cgroup - state: true - persistent: true - failed_when: false - - - name: Create limits file for containers - copy: - content: | - * soft nofile 102400 - * hard nofile 204800 - * soft nproc 2048 - * hard nproc 4096 - dest: /etc/security/limits.d/containers.conf - - - name: Reset ssh connection - meta: reset_connection - tasks: - - name: Get Ansible Galaxy roles - command: >- - {{ ansible_user_dir }}/test-python/bin/ansible-galaxy install --timeout 300 - -fr - {{ tripleo_ansible_project_path }}/tripleo_ansible/requirements.yml - environment: - ANSIBLE_ROLES_PATH: "{{ tripleo_ansible_project_path }}/tripleo_ansible/roles.galaxy" - - - name: Get Ansible Galaxy collections - command: >- - {{ ansible_user_dir }}/test-python/bin/ansible-galaxy collection install --timeout 300 - -fr - {{ tripleo_ansible_project_path }}/tripleo_ansible/requirements.yml - environment: - ANSIBLE_ROLES_PATH: "{{ tripleo_ansible_project_path }}/tripleo_ansible/roles.galaxy" diff --git a/zuul.d/playbooks/run-local.yml b/zuul.d/playbooks/run-local.yml deleted file mode 100644 index e9d36de1d..000000000 --- a/zuul.d/playbooks/run-local.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- - -- hosts: all - tasks: - - name: set basic zuul fact - set_fact: - zuul: - projects: - "opendev.org/openstack/tripleo-ansible": - src_dir: "{{ tripleo_src }}" - ansible_connection: local - -- import_playbook: pre.yml - -- import_playbook: run.yml diff --git a/zuul.d/playbooks/run-role-addition.yml b/zuul.d/playbooks/run-role-addition.yml deleted file mode 100644 index 423535b7c..000000000 --- a/zuul.d/playbooks/run-role-addition.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- hosts: localhost - connection: local - tasks: - - name: set basic zuul fact - set_fact: - zuul: - projects: - "opendev.org/openstack/tripleo-ansible": - src_dir: "{{ tripleo_src }}" - - - name: Create directories - import_tasks: directories.yml - -- import_playbook: ../../role-addition.yml - vars: - role_name: "skeleton_test" diff --git a/zuul.d/playbooks/run-tox.yml b/zuul.d/playbooks/run-tox.yml deleted file mode 100644 index 45daf4808..000000000 --- a/zuul.d/playbooks/run-tox.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- hosts: all - roles: - - tox diff --git a/zuul.d/playbooks/run.yml b/zuul.d/playbooks/run.yml deleted file mode 100644 index 8f0a24ac6..000000000 --- a/zuul.d/playbooks/run.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- - -- hosts: all - environment: - ANSIBLE_LOG_PATH: "{{ ansible_user_dir }}/zuul-output/logs/ansible-execution.log" - pre_tasks: - - - name: Set project path fact - set_fact: - tripleo_ansible_project_path: "{{ ansible_user_dir }}/{{ zuul.projects['opendev.org/openstack/tripleo-ansible'].src_dir }}" - - - name: Set role or plugin path fact - set_fact: - tripleo_ansible_testdir: "{{ tripleo_ansible_project_path }}/tripleo_ansible/roles/{{ tripleo_role_name }}" - when: tripleo_role_name is defined and tripleo_role_name - - - name: Set role or plugin path fact - set_fact: - tripleo_ansible_testdir: "{{ tripleo_ansible_project_path }}/tripleo_ansible/ansible_plugins/tests" - when: tripleo_role_name is not defined - - tasks: - - name: Run role test job - shell: |- - . {{ ansible_user_dir }}/test-python/bin/activate - . {{ tripleo_ansible_project_path }}/ansible-test-env.rc - pytest --color=no \ - --html={{ ansible_user_dir }}/zuul-output/logs/reports.html \ - --self-contained-html \ - --ansible-args='{{ tripleo_job_ansible_args | default('') }}' \ - {{ tripleo_ansible_project_path }}/tests/test_molecule.py - args: - chdir: "{{ tripleo_ansible_testdir }}" - executable: /bin/bash