Migrate README to rst
Releasing is failing cause setup.py expects the README to be rst and not markdown. Change-Id: If0857c399aab24db4152cb9ef366d1a5bfaed39c
This commit is contained in:
parent
66d5ef042a
commit
f60ad6c201
|
@ -53,6 +53,8 @@ Role Variables
|
|||
Example Playbook
|
||||
----------------
|
||||
|
||||
Sample::
|
||||
|
||||
- hosts: servers
|
||||
roles:
|
||||
- tripleo-ipsec
|
||||
|
@ -60,59 +62,48 @@ Example Playbook
|
|||
Enabling ipsec tunnels in TripleO
|
||||
=========================================
|
||||
|
||||
The main playbook to be ran on the overcloud nodes is:
|
||||
The main playbook to be ran on the overcloud nodes is::
|
||||
|
||||
```
|
||||
tests/deploy-ipsec-tripleo.yml
|
||||
```
|
||||
tests/deploy-ipsec-tripleo.yml
|
||||
|
||||
Which will deploy IPSEC on the overcloud nodes for the internal API network.
|
||||
|
||||
We'll use a PSK and an AES128 cipher.
|
||||
|
||||
Add the PSK to an ansible var file:
|
||||
Add the PSK to an ansible var file::
|
||||
|
||||
```
|
||||
cat <<EOF > ipsec-psk.yml
|
||||
ipsec_psk: $(openssl rand -base64 48)
|
||||
EOF
|
||||
```
|
||||
cat <<EOF > ipsec-psk.yml
|
||||
ipsec_psk: $(openssl rand -base64 48)
|
||||
EOF
|
||||
|
||||
Encrypt the file with ansible-vault (note that it'll prompt for a password):
|
||||
|
||||
```
|
||||
ansible-vault encrypt ipsec-psk.yml
|
||||
```
|
||||
ansible-vault encrypt ipsec-psk.yml
|
||||
|
||||
Having done this, now you can run the playbook:
|
||||
Having done this, now you can run the playbook::
|
||||
|
||||
```
|
||||
ansible-playbook -i /usr/bin/tripleo-ansible-inventory --ask-vault-pass \
|
||||
ansible-playbook -i /usr/bin/tripleo-ansible-inventory --ask-vault-pass \
|
||||
-e @ipsec-psk.yml tests/deploy-ipsec-tripleo.yml
|
||||
```
|
||||
|
||||
Generating an inventory
|
||||
-----------------------
|
||||
|
||||
The script _/usr/bin/tripleo-ansible-inventory_ generates a dynamic inventory
|
||||
The script */usr/bin/tripleo-ansible-inventory* generates a dynamic inventory
|
||||
with the nodes in the overcloud. And However it comes with some inconveniences:
|
||||
|
||||
* In deployments older than Pike, it might be a bit slow to run. To address
|
||||
this, in Ocata and Pike it's possible to generate a static inventory out of
|
||||
the output of this command:
|
||||
the output of this command::
|
||||
|
||||
```
|
||||
/usr/bin/tripleo-ansible-inventory --static-inventory nodes.txt
|
||||
```
|
||||
|
||||
This will create a called nodes.txt with the static inventory, which we could
|
||||
now use and save some time.
|
||||
|
||||
* Newton unfortunately only takes into account computes and controllers with
|
||||
this command. So for this deployment we need to generate an inventory of our
|
||||
own. we can do so with the following command:
|
||||
own. we can do so with the following command::
|
||||
|
||||
```
|
||||
cat <<EOF > nodes.txt
|
||||
[undercloud]
|
||||
localhost
|
||||
|
@ -126,7 +117,6 @@ with the nodes in the overcloud. And However it comes with some inconveniences:
|
|||
[overcloud]
|
||||
$( openstack server list -c Networks -f value | sed 's/ctlplane=//')
|
||||
EOF
|
||||
```
|
||||
|
||||
This assumes that you're deploying this playbook from the undercloud itself.
|
||||
Hence the undercloud group containing localhost.
|
||||
|
@ -151,9 +141,8 @@ The network names to use in the `ipsec_skip_networks` variable will be under
|
|||
the `name_lower` section of each network definition.
|
||||
|
||||
For instance, if you want to skip the storage management network, you'll see
|
||||
that the entry looks as follows:
|
||||
that the entry looks as follows::
|
||||
|
||||
```
|
||||
- name: StorageMgmt
|
||||
name_lower: storage_mgmt
|
||||
vip: true
|
||||
|
@ -162,15 +151,12 @@ that the entry looks as follows:
|
|||
allocation_pools: [{'start': '172.16.3.4', 'end': '172.16.3.250'}]
|
||||
ipv6_subnet: 'fd00:fd00:fd00:4000::/64'
|
||||
ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:4000::10', 'end': 'fd00:fd00:fd00:4000:ffff:ffff:ffff:fffe'}]
|
||||
```
|
||||
|
||||
So, in this case, the variable you'll put in your ansible variables file will
|
||||
have the following entry:
|
||||
have the following entry::
|
||||
|
||||
```
|
||||
ipsec_skip_networks:
|
||||
- storage_mgmt
|
||||
```
|
||||
|
||||
You can add more networks by adding more items to that list.
|
||||
|
||||
|
@ -191,10 +177,8 @@ to the list.
|
|||
|
||||
If you would want to skip the Storage and Storage Management networks, the
|
||||
variable you'll put in your ansible variables file will have the
|
||||
following entry:
|
||||
following entry::
|
||||
|
||||
```
|
||||
ipsec_skip_networks:
|
||||
- storage
|
||||
- storagemgmt
|
||||
```
|
Loading…
Reference in New Issue