Migrate README to rst
Releasing is failing cause setup.py expects the README to be rst and not markdown. Change-Id: If0857c399aab24db4152cb9ef366d1a5bfaed39c
This commit is contained in:
parent
66d5ef042a
commit
f60ad6c201
|
@ -53,80 +53,70 @@ Role Variables
|
||||||
Example Playbook
|
Example Playbook
|
||||||
----------------
|
----------------
|
||||||
|
|
||||||
- hosts: servers
|
Sample::
|
||||||
roles:
|
|
||||||
- tripleo-ipsec
|
- hosts: servers
|
||||||
|
roles:
|
||||||
|
- tripleo-ipsec
|
||||||
|
|
||||||
Enabling ipsec tunnels in TripleO
|
Enabling ipsec tunnels in TripleO
|
||||||
=========================================
|
=========================================
|
||||||
|
|
||||||
The main playbook to be ran on the overcloud nodes is:
|
The main playbook to be ran on the overcloud nodes is::
|
||||||
|
|
||||||
```
|
tests/deploy-ipsec-tripleo.yml
|
||||||
tests/deploy-ipsec-tripleo.yml
|
|
||||||
```
|
|
||||||
|
|
||||||
Which will deploy IPSEC on the overcloud nodes for the internal API network.
|
Which will deploy IPSEC on the overcloud nodes for the internal API network.
|
||||||
|
|
||||||
We'll use a PSK and an AES128 cipher.
|
We'll use a PSK and an AES128 cipher.
|
||||||
|
|
||||||
Add the PSK to an ansible var file:
|
Add the PSK to an ansible var file::
|
||||||
|
|
||||||
```
|
cat <<EOF > ipsec-psk.yml
|
||||||
cat <<EOF > ipsec-psk.yml
|
ipsec_psk: $(openssl rand -base64 48)
|
||||||
ipsec_psk: $(openssl rand -base64 48)
|
EOF
|
||||||
EOF
|
|
||||||
```
|
|
||||||
|
|
||||||
Encrypt the file with ansible-vault (note that it'll prompt for a password):
|
Encrypt the file with ansible-vault (note that it'll prompt for a password):
|
||||||
|
|
||||||
```
|
ansible-vault encrypt ipsec-psk.yml
|
||||||
ansible-vault encrypt ipsec-psk.yml
|
|
||||||
```
|
|
||||||
|
|
||||||
Having done this, now you can run the playbook:
|
Having done this, now you can run the playbook::
|
||||||
|
|
||||||
```
|
ansible-playbook -i /usr/bin/tripleo-ansible-inventory --ask-vault-pass \
|
||||||
ansible-playbook -i /usr/bin/tripleo-ansible-inventory --ask-vault-pass \
|
-e @ipsec-psk.yml tests/deploy-ipsec-tripleo.yml
|
||||||
-e @ipsec-psk.yml tests/deploy-ipsec-tripleo.yml
|
|
||||||
```
|
|
||||||
|
|
||||||
Generating an inventory
|
Generating an inventory
|
||||||
-----------------------
|
-----------------------
|
||||||
|
|
||||||
The script _/usr/bin/tripleo-ansible-inventory_ generates a dynamic inventory
|
The script */usr/bin/tripleo-ansible-inventory* generates a dynamic inventory
|
||||||
with the nodes in the overcloud. And However it comes with some inconveniences:
|
with the nodes in the overcloud. And However it comes with some inconveniences:
|
||||||
|
|
||||||
* In deployments older than Pike, it might be a bit slow to run. To address
|
* In deployments older than Pike, it might be a bit slow to run. To address
|
||||||
this, in Ocata and Pike it's possible to generate a static inventory out of
|
this, in Ocata and Pike it's possible to generate a static inventory out of
|
||||||
the output of this command:
|
the output of this command::
|
||||||
|
|
||||||
```
|
/usr/bin/tripleo-ansible-inventory --static-inventory nodes.txt
|
||||||
/usr/bin/tripleo-ansible-inventory --static-inventory nodes.txt
|
|
||||||
```
|
|
||||||
|
|
||||||
This will create a called nodes.txt with the static inventory, which we could
|
This will create a called nodes.txt with the static inventory, which we could
|
||||||
now use and save some time.
|
now use and save some time.
|
||||||
|
|
||||||
* Newton unfortunately only takes into account computes and controllers with
|
* Newton unfortunately only takes into account computes and controllers with
|
||||||
this command. So for this deployment we need to generate an inventory of our
|
this command. So for this deployment we need to generate an inventory of our
|
||||||
own. we can do so with the following command:
|
own. we can do so with the following command::
|
||||||
|
|
||||||
```
|
cat <<EOF > nodes.txt
|
||||||
cat <<EOF > nodes.txt
|
[undercloud]
|
||||||
[undercloud]
|
localhost
|
||||||
localhost
|
|
||||||
|
|
||||||
[undercloud:vars]
|
[undercloud:vars]
|
||||||
ansible_connection = local
|
ansible_connection = local
|
||||||
|
|
||||||
[overcloud:vars]
|
[overcloud:vars]
|
||||||
ansible_ssh_user = heat-admin
|
ansible_ssh_user = heat-admin
|
||||||
|
|
||||||
[overcloud]
|
[overcloud]
|
||||||
$( openstack server list -c Networks -f value | sed 's/ctlplane=//')
|
$( openstack server list -c Networks -f value | sed 's/ctlplane=//')
|
||||||
EOF
|
EOF
|
||||||
```
|
|
||||||
|
|
||||||
This assumes that you're deploying this playbook from the undercloud itself.
|
This assumes that you're deploying this playbook from the undercloud itself.
|
||||||
Hence the undercloud group containing localhost.
|
Hence the undercloud group containing localhost.
|
||||||
|
@ -151,9 +141,8 @@ The network names to use in the `ipsec_skip_networks` variable will be under
|
||||||
the `name_lower` section of each network definition.
|
the `name_lower` section of each network definition.
|
||||||
|
|
||||||
For instance, if you want to skip the storage management network, you'll see
|
For instance, if you want to skip the storage management network, you'll see
|
||||||
that the entry looks as follows:
|
that the entry looks as follows::
|
||||||
|
|
||||||
```
|
|
||||||
- name: StorageMgmt
|
- name: StorageMgmt
|
||||||
name_lower: storage_mgmt
|
name_lower: storage_mgmt
|
||||||
vip: true
|
vip: true
|
||||||
|
@ -162,15 +151,12 @@ that the entry looks as follows:
|
||||||
allocation_pools: [{'start': '172.16.3.4', 'end': '172.16.3.250'}]
|
allocation_pools: [{'start': '172.16.3.4', 'end': '172.16.3.250'}]
|
||||||
ipv6_subnet: 'fd00:fd00:fd00:4000::/64'
|
ipv6_subnet: 'fd00:fd00:fd00:4000::/64'
|
||||||
ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:4000::10', 'end': 'fd00:fd00:fd00:4000:ffff:ffff:ffff:fffe'}]
|
ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:4000::10', 'end': 'fd00:fd00:fd00:4000:ffff:ffff:ffff:fffe'}]
|
||||||
```
|
|
||||||
|
|
||||||
So, in this case, the variable you'll put in your ansible variables file will
|
So, in this case, the variable you'll put in your ansible variables file will
|
||||||
have the following entry:
|
have the following entry::
|
||||||
|
|
||||||
```
|
|
||||||
ipsec_skip_networks:
|
ipsec_skip_networks:
|
||||||
- storage_mgmt
|
- storage_mgmt
|
||||||
```
|
|
||||||
|
|
||||||
You can add more networks by adding more items to that list.
|
You can add more networks by adding more items to that list.
|
||||||
|
|
||||||
|
@ -191,10 +177,8 @@ to the list.
|
||||||
|
|
||||||
If you would want to skip the Storage and Storage Management networks, the
|
If you would want to skip the Storage and Storage Management networks, the
|
||||||
variable you'll put in your ansible variables file will have the
|
variable you'll put in your ansible variables file will have the
|
||||||
following entry:
|
following entry::
|
||||||
|
|
||||||
```
|
|
||||||
ipsec_skip_networks:
|
ipsec_skip_networks:
|
||||||
- storage
|
- storage
|
||||||
- storagemgmt
|
- storagemgmt
|
||||||
```
|
|
|
@ -2,7 +2,7 @@
|
||||||
name = tripleo-ipsec
|
name = tripleo-ipsec
|
||||||
summary = Ansible role for managing TripleO's IPSEC tunnels
|
summary = Ansible role for managing TripleO's IPSEC tunnels
|
||||||
description-file =
|
description-file =
|
||||||
README.md
|
README.rst
|
||||||
author = Juan Antonio Osorio Robles
|
author = Juan Antonio Osorio Robles
|
||||||
author-email = jaosorior@redhat.com
|
author-email = jaosorior@redhat.com
|
||||||
home-page = https://git.openstack.org/cgit/openstack/tripleo-ipsec
|
home-page = https://git.openstack.org/cgit/openstack/tripleo-ipsec
|
||||||
|
|
Loading…
Reference in New Issue