diff --git a/roles/ovb-manage-stack/tasks/ovb-setup-undercloud.yml b/roles/ovb-manage-stack/tasks/ovb-setup-undercloud.yml deleted file mode 100644 index 15540eab2..000000000 --- a/roles/ovb-manage-stack/tasks/ovb-setup-undercloud.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: copy both public and private ssh keys to root directory - become: yes - copy: - src: "{{ lookup('env','HOME') }}/.ssh/{{ item }}" - dest: "/root/.ssh/{{ item }}" - mode: 0600 - with_items: - - id_rsa - - id_rsa.pub - -- name: Copy instackenv.json to undercloud - copy: - src="{{ local_working_dir }}/nodes.json" - dest="{{ working_dir }}/instackenv.json" - -- name: Copy over setup undercloud connectivity script template - template: - src: setup-undercloud-connectivity.sh.j2 - dest: "{{ working_dir }}/setup-undercloud-connectivity.sh" - mode: 0755 - -- name: Setup interfaces, connectivity on the undercloud - become: yes - shell: > - "{{ working_dir }}"/setup-undercloud-connectivity.sh > \ - {{ setup_undercloud_connectivity_log }} 2>&1 - diff --git a/roles/undercloud-setup/README.md b/roles/undercloud-setup/README.md new file mode 100644 index 000000000..e34e4c3eb --- /dev/null +++ b/roles/undercloud-setup/README.md @@ -0,0 +1,69 @@ +undercloud-setup +================ + +This role encompasses the setup required when using a standard CentOS/RHEL +undercloud host in substitution for a 'ready-made' undercloud image. If an +undercloud machine or node is launched a 'vanilla' CentOS and RHEL image, +there are a number of steps that need to be run to get the undercloud to the +point where TripleO Quickstart can be run. + +Some steps are generic to all undercloud nodes or machines and some +steps are specific to the environment in which the undercloud is +launched. + +Steps to download or build overcloud images are included in the +overcloud-images role. Steps to prepare the undercloud repos are +included in the repo-setup role. + +Requirements +------------ + +This role should not be included in a generic virtual TripleO Quickstart +playbook. Therefore including environment-specific code (which is switch +cased to run only on the desired environment) is acceptable. It will +not add complexity to the default TripleO Quickstart workflow. + +Role Variables +-------------- + +- local_working_dir: <"{{ lookup('env', 'HOME') }}/.quickstart"> -- Directory for quickstart.sh script +- non_root_user: -- Default user to execute TripleO Quickstart +- undercloud_key: <"{{ local_working_dir }}/id_rsa_undercloud"> -- Key to access the undercloud node/machine +- non_root_user_setup: -- Switch to setup a non-root user +- toci_vxlan_networking: -- Switch to setup the VXLAN networking from devstack-gate +- toci_vxlan_networking_multinode: -- Switch to setup the VXLAN networking from devstack-gate on a multinode setup provided from nodepool. +- undercloud_hostname: -- Optionally, the hostname to set on the host. +- hostname_correction: -- Switch to set the transient hostname to the static hostname (TripleO requirement) +- step_set_undercloud_hostname: -- Switch to set the undercloud hostname explicitly +- package_installs: -- Switch to install required OpenStack packages for an undercloud (requires repos to already be setup) +- custom_nameserver: <8.8.8.8> -- Added to /etc/resolv.conf for access in custom environments +- ovb_setup_connectivity: -- Setup external network, custom nameserver and set MTUS valuse for OVB environments + +Dependencies +------------ + +This playbook has no dependencies. If a provisioning step is not included +in this role, it is assumed that the node/machine to set up already +exists and is accessible. + +Example Playbook +---------------- + + 1. Sample playbook to call the role + + - name: Set up CentOS undercloud node to run TripleO Quickstart + hosts: undercloud + gather_facts: no + roles: + - undercloud-setup + +License +------- + +Apache-2.0 + +Author Information +------------------ + +RDO-CI Team + diff --git a/roles/undercloud-setup/defaults/main.yml b/roles/undercloud-setup/defaults/main.yml new file mode 100644 index 000000000..493991444 --- /dev/null +++ b/roles/undercloud-setup/defaults/main.yml @@ -0,0 +1,25 @@ +local_working_dir: "{{ lookup('env', 'HOME') }}/.quickstart" + +non_root_user: stack +undercloud_key: "{{ local_working_dir }}/id_rsa_undercloud" +non_root_user_setup: true + +toci_vxlan_networking: false +toci_vxlan_networking_multinode: false + +step_set_undercloud_hostname: false +undercloud_hostname: localhost +hostname_correction: false + +package_installs: true + +ovb_setup_connectivity: false +ovb_undercloud_connectivity_log: "{{ working_dir }}/ovb_undercloud_connectivity.log" +mtu: 1350 +mtu_interface: + - eth1 +external_interface: eth2 +external_interface_ip: 10.0.0.1 +external_interface_netmask: 255.255.255.0 +custom_nameserver: 8.8.8.8 + diff --git a/roles/undercloud-setup/files/install_packages.sh b/roles/undercloud-setup/files/install_packages.sh new file mode 100644 index 000000000..a3da2d95f --- /dev/null +++ b/roles/undercloud-setup/files/install_packages.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +### --start_docs + +## Install the required packages on the undercloud +## =============================================== + +## * Install python-tripleoclient +## :: + +sudo yum install -y python-tripleoclient + +### --stop_docs diff --git a/roles/undercloud-setup/files/toci_vxlan_networking.sh b/roles/undercloud-setup/files/toci_vxlan_networking.sh new file mode 100644 index 000000000..c3dec7ac7 --- /dev/null +++ b/roles/undercloud-setup/files/toci_vxlan_networking.sh @@ -0,0 +1,49 @@ +#!/usr/bin/env bash +set -eux + +### --start_docs + +## Setup the environment and networking for devstack-gate +## ====================================================== + +## .. note:: +## The following steps are needed: +## * Create the environment that tripleo-ci/devstack-gate expects +## * Clone tripleo-ci and run its multinode-setup script. +## * Set up VXLAN tunnel networking based on the scripts located in devstack-gate. + +## Prepare Your Environment +## ------------------------ + +## * Set the environment variables for tripleo-ci to function +## :: + +export TRIPLEO_ROOT=${WORKSPACE}/tripleo +export BASE=${WORKSPACE}/tripleo + +## * Create and enter the tripleo directory +## :: + +mkdir -p ${WORKSPACE}/tripleo + +cd ${WORKSPACE}/tripleo + +## * Create a symlink to 'new'. + +## .. note:: +## This is required to satisfy devstack-gate/functions.sh:ovs_vxlan_bridge()'s +## requirement for the directory $BASE/new to exist as it sources +## $BASE/new/devstack/functions-common for the install_package and +## restart_service functions. +## :: + +ln -sf ${WORKSPACE}/tripleo ${WORKSPACE}/tripleo/new + +## * Clone tripleo-ci and run the multinode-setup script for VXLAN networking +## :: + +git clone https://git.openstack.org/openstack-infra/tripleo-ci +cd tripleo-ci +./scripts/tripleo.sh --multinode-setup + +### --stop_docs diff --git a/roles/undercloud-setup/files/toci_vxlan_networking_multinode.sh b/roles/undercloud-setup/files/toci_vxlan_networking_multinode.sh new file mode 100644 index 000000000..fbb725be4 --- /dev/null +++ b/roles/undercloud-setup/files/toci_vxlan_networking_multinode.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash +set -eux + +### --start_docs + +## Set up vxlan networking on subnodes listed in /etc/nodepool/sub_nodes_private +## ============================================================================= + +## * Create the WORKSPACE variable if it didn't exist already +export WORKSPACE=${WORKSPACE:-$HOME} + +while read sub; do + +## * Create the expected directories and symlinks +## :: + + ssh $sub mkdir -p $WORKSPACE/tripleo + ssh $sub ln -sf $WORKSPACE/tripleo $WORKSPACE/tripleo/new + +## * Clone the appropriate repositories in the expected locations +## :: + + ssh $sub git clone https://git.openstack.org/openstack-infra/tripleo-ci $WORKSPACE/tripleo/tripleo-ci + ssh $sub git clone https://git.openstack.org/openstack-dev/devstack $WORKSPACE/tripleo/devstack + ssh $sub git clone https://git.openstack.org/openstack-infra/devstack-gate $WORKSPACE/tripleo/devstack-gate + +done < /etc/nodepool/sub_nodes_private + +### --stop_docs diff --git a/roles/undercloud-setup/tasks/hostname.yml b/roles/undercloud-setup/tasks/hostname.yml new file mode 100644 index 000000000..55bd9822c --- /dev/null +++ b/roles/undercloud-setup/tasks/hostname.yml @@ -0,0 +1,11 @@ +--- + +- name: Install hostname correcting script + template: + src: hostname.sh.j2 + dest: "{{ working_dir }}/hostname.sh" + mode: 0755 + +- name: Run the hostname correcting script + shell: "{{ working_dir }}/hostname.sh > {{ working_dir }}/hostname.sh.log 2>&1" + diff --git a/roles/undercloud-setup/tasks/main.yml b/roles/undercloud-setup/tasks/main.yml new file mode 100644 index 000000000..76369f846 --- /dev/null +++ b/roles/undercloud-setup/tasks/main.yml @@ -0,0 +1,22 @@ +--- +# tasks file for undercloud-setup + +# Add a non-root user +- include: non_root_user_setup.yml + when: non_root_user_setup|bool + +- include: ovb_setup_connectivity.yml + when: ovb_setup_connectivity|bool + +- include_role: + name: repo-setup + +- include: package_installs.yml + when: package_installs|bool + +- include: toci_vxlan_networking.yml + when: toci_vxlan_networking|bool + +- include: hostname.yml + when: hostname_correction|bool or step_set_undercloud_hostname|bool + diff --git a/roles/undercloud-setup/tasks/non_root_user_setup.yml b/roles/undercloud-setup/tasks/non_root_user_setup.yml new file mode 100644 index 000000000..ce2fc5394 --- /dev/null +++ b/roles/undercloud-setup/tasks/non_root_user_setup.yml @@ -0,0 +1,27 @@ +--- +- name: Copy create non-root user script + template: + src: non_root_user_setup.sh.j2 + dest: "/tmp/non_root_user_setup.sh" + mode: 0755 + +- name: Run the non_root_user script + command: "/tmp/non_root_user_setup.sh" + +- name: Create undercloud access key + delegate_to: localhost + command: > + ssh-keygen -f {{ undercloud_key }} -N '' + -C 'ansible_generated_virt_host' + -t rsa -b 4096 + args: + creates: "{{ undercloud_key }}" + +- name: Configure non-root user authorized_keys on undercloud + authorized_key: + user: "{{ non_root_user }}" + key: "{{ item }}" + with_file: + - "{{ undercloud_key }}.pub" + become: true + diff --git a/roles/undercloud-setup/tasks/ovb_setup_connectivity.yml b/roles/undercloud-setup/tasks/ovb_setup_connectivity.yml new file mode 100644 index 000000000..f1717a314 --- /dev/null +++ b/roles/undercloud-setup/tasks/ovb_setup_connectivity.yml @@ -0,0 +1,18 @@ +--- +- name: Copy instackenv.json to undercloud + copy: + src: "{{ local_working_dir }}/nodes.json" + dest: "{{ working_dir }}/instackenv.json" + +- name: Copy over setup undercloud connectivity script template + template: + src: ovb-undercloud-connectivity.sh.j2 + dest: "{{ working_dir }}/ovb-undercloud-connectivity.sh" + mode: 0755 + +- name: Setup interfaces, connectivity on the undercloud + become: yes + shell: > + {{ working_dir }}/ovb-undercloud-connectivity.sh > + {{ ovb_undercloud_connectivity_log }} 2>&1 + diff --git a/roles/undercloud-setup/tasks/package_installs.yml b/roles/undercloud-setup/tasks/package_installs.yml new file mode 100644 index 000000000..eb277849f --- /dev/null +++ b/roles/undercloud-setup/tasks/package_installs.yml @@ -0,0 +1,11 @@ +--- + +- name: Install package installation script + copy: + src: install_packages.sh + dest: "{{ working_dir }}/install_packages.sh" + mode: 0755 + +- name: Run the package installation script + shell: "{{ working_dir }}/install_packages.sh > {{ working_dir }}/install_packages.sh.log 2>&1" + diff --git a/roles/undercloud-setup/tasks/toci_vxlan_networking.yml b/roles/undercloud-setup/tasks/toci_vxlan_networking.yml new file mode 100644 index 000000000..4d7c87096 --- /dev/null +++ b/roles/undercloud-setup/tasks/toci_vxlan_networking.yml @@ -0,0 +1,22 @@ +--- + +- name: Install the TripleO-CI VXLAN networking script on subnodes + copy: + src: toci_vxlan_networking_multinode.sh + dest: "{{ working_dir }}/toci_vxlan_networking_multinode.sh" + mode: 0755 + when: toci_vxlan_networking_multinode|bool + +- name: Run the TripleO-CI VXLAN networking script on subnodes + shell: "{{ working_dir }}/toci_vxlan_networking_multinode.sh > {{ working_dir }}/toci_vxlan_networking_multinode.sh.log 2>&1" + when: toci_vxlan_networking_multinode|bool + +- name: Install the TripleO-CI VXLAN networking script + copy: + src: toci_vxlan_networking.sh + dest: "{{ working_dir }}/toci_vxlan_networking.sh" + mode: 0755 + +- name: Run the TripleO-CI VXLAN networking script + shell: "{{ working_dir }}/toci_vxlan_networking.sh > {{ working_dir }}/toci_vxlan_networking.sh.log 2>&1" + diff --git a/roles/undercloud-setup/templates/hostname.sh.j2 b/roles/undercloud-setup/templates/hostname.sh.j2 new file mode 100644 index 000000000..9cb8c366b --- /dev/null +++ b/roles/undercloud-setup/templates/hostname.sh.j2 @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -eux + +### --start_docs +## Adjust the hostname as necessary (usually on the undercloud) +## ============================================================ + + +{% if hostname_correction|bool %} +## * Correct the host's transient hostname to a static one +## :: + +hostnamectl set-hostname --transient $(hostnamectl --static) + +{% elif step_set_undercloud_hostname|bool %} +## * Set the host's transient and static hostnames +## :: + +hostnamectl set-hostname --transient {{ undercloud_hostname }} +hostnamectl set-hostname --static {{ undercloud_hostname }} + +{% endif %} + +### --stop_docs diff --git a/roles/undercloud-setup/templates/non_root_user_setup.sh.j2 b/roles/undercloud-setup/templates/non_root_user_setup.sh.j2 new file mode 100644 index 000000000..7f9834856 --- /dev/null +++ b/roles/undercloud-setup/templates/non_root_user_setup.sh.j2 @@ -0,0 +1,23 @@ +#!/usr/bin/env bash +set -eux + +### --start_docs + +## Set up the non-root user for installation and deployment tasks +## ============================================================== + + +## * Create non-root user on undercloud +## :: + +id -u "{{ non_root_user }}" || \ +useradd -s /bin/bash -d /home/"{{ non_root_user }}" "{{ non_root_user }}" + +## * Grant sudo privileges to non-root user on undercloud +## :: + +echo "{{ non_root_user }} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/{{ non_root_user }} +chown root:root /etc/sudoers.d/{{ non_root_user }} +chmod 440 /etc/sudoers.d/{{ non_root_user }} + +### --stop_docs diff --git a/roles/ovb-manage-stack/templates/setup-undercloud-connectivity.sh.j2 b/roles/undercloud-setup/templates/ovb-undercloud-connectivity.sh.j2 similarity index 69% rename from roles/ovb-manage-stack/templates/setup-undercloud-connectivity.sh.j2 rename to roles/undercloud-setup/templates/ovb-undercloud-connectivity.sh.j2 index ed00f36d1..1e0374a57 100644 --- a/roles/ovb-manage-stack/templates/setup-undercloud-connectivity.sh.j2 +++ b/roles/undercloud-setup/templates/ovb-undercloud-connectivity.sh.j2 @@ -10,17 +10,17 @@ set -eux ## * Configure external interface ## :: -sudo ifconfig {{ external_interface }} {{ external_interface_ip }} netmask {{ external_interface_netmask }} +sudo ip addr add {{ external_interface_ip }} dev {{ external_interface }} ## * Get mac address of external interface ## :: -MAC_ADDR_EXT_INTERFACE=$( ifconfig | grep -n3 {{ external_interface }} | grep -A1 ether | cut -d " " -f 10 ) +export MAC_ADDR_EXT_INTERFACE=$( ip link show {{ external_interface }} | awk '/ether/ {print $2}' ) ## * Set up external interface ## :: -sudo bash -c 'cat < /etc/sysconfig/network-scripts/ifcfg-{{ external_interface }} +sudo -E bash -c 'cat < /etc/sysconfig/network-scripts/ifcfg-{{ external_interface }} NAME={{ external_interface }} IPADDR={{ external_interface_ip }} NETMASK={{ external_interface_netmask }} @@ -39,6 +39,8 @@ IPV6_PEERDNS=yes IPV6_PEERROUTES=yes EOF' +sudo ifup {{ external_interface }} + ## * Set MTU values ## :: @@ -50,8 +52,9 @@ EOF' ## * Add nameserver to resolv.conf ## :: +sudo sed -i 's/^nameserver/#nameserver/g' /etc/resolv.conf cat <> /etc/resolv.conf -nameserver {{ pvt_nameserver }} +nameserver {{ custom_nameserver }} EOF ### --stop_docs