From 4d0f6329df10faa416235bc0f88ee7e010f895eb Mon Sep 17 00:00:00 2001 From: Ronelle Landy Date: Mon, 13 Mar 2017 16:08:25 -0400 Subject: [PATCH] Parameterize OVB stack flavors Running quickstart with OVB needs to work with multiple host clouds where different flavor sets are available. This review: * Adds variables to the flavor specifications so that they can be overwritten by config files per host cloud environment * Adds functionality to clean up stacks and keypairs from the host cloud environment * Includes cloning the Openstack Virtual Baremetal repo within the ovb-manage-stack role * Deletes the clouds.yaml file so it is not available, with the tenant password exposed for longer than necessary to create or delete the stack * Changes the default key location to use the user's default key on the undercloud Change-Id: I5f0f7327a2509ef889b80a35024478b13df2c2a9 --- playbooks/ovb-create-stack.yml | 38 ++++++----- ...fault-cloud-settings-60e48de95aa4c2ac.yaml | 7 ++ roles/ovb-manage-stack/defaults/main.yml | 20 +++++- .../tasks/ovb-cleanup-stacks-keypairs.yml | 12 ++++ .../tasks/ovb-create-stack.yml | 66 +++++-------------- .../tasks/ovb-delete-stack.yml | 18 +++++ .../templates/cleanup-stacks-keypairs.sh.j2 | 48 ++++++++++++++ roles/ovb-manage-stack/templates/env.yaml.j2 | 27 +++++++- .../ovb-undercloud-connectivity.sh.j2 | 16 +++-- 9 files changed, 179 insertions(+), 73 deletions(-) create mode 100644 releasenotes/notes/add-default-cloud-settings-60e48de95aa4c2ac.yaml create mode 100644 roles/ovb-manage-stack/tasks/ovb-cleanup-stacks-keypairs.yml create mode 100644 roles/ovb-manage-stack/templates/cleanup-stacks-keypairs.sh.j2 diff --git a/playbooks/ovb-create-stack.yml b/playbooks/ovb-create-stack.yml index 8bb5166a6..2132ff2fa 100644 --- a/playbooks/ovb-create-stack.yml +++ b/playbooks/ovb-create-stack.yml @@ -1,14 +1,20 @@ --- +# Add the virthost to the in-memory inventory. The inventory is not +# written out to disk unless you call the `tripleo-inventory` role. +- name: Add the virthost to the inventory + hosts: localhost + tasks: + - name: Add virthost + add_host: + name: "virthost" + groups: "virthost" + ansible_host: "{{ virthost }}" + - name: Create the OVB stack hosts: localhost roles: - { role: ovb-manage-stack, ovb_manage_stack_mode: 'create' } -- name: Build test packages using DLRN - hosts: localhost - roles: - - {role: build-test-packages, when: build_test_packages|default(false)|bool } - - name: Setup the undercloud hosts: undercloud gather_facts: no @@ -23,18 +29,20 @@ roles: - tripleo-inventory -- name: Install the built package on the undercloud - hosts: undercloud - gather_facts: no - vars: - ib_repo_host: localhost - roles: - - {role: install-built-repo, when: build_test_packages|default(false)|bool } - - name: Fetch the overcloud images hosts: undercloud gather_facts: no - vars: - ansible_user: root roles: - fetch-images + +- name: Build test packages using DLRN + hosts: undercloud + roles: + - {role: build-test-packages, when: build_test_packages|default(false)|bool } + +- name: Install the built package on the undercloud + hosts: undercloud + gather_facts: no + roles: + - {role: install-built-repo, when: build_test_packages|default(false)|bool } + diff --git a/releasenotes/notes/add-default-cloud-settings-60e48de95aa4c2ac.yaml b/releasenotes/notes/add-default-cloud-settings-60e48de95aa4c2ac.yaml new file mode 100644 index 000000000..6ef4a948f --- /dev/null +++ b/releasenotes/notes/add-default-cloud-settings-60e48de95aa4c2ac.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Added public cloud settings. + All public cloud settings can be overridden to deploy on custom cloud + environments. + Added functionality to remove stacks and key pairs from the host cloud. diff --git a/roles/ovb-manage-stack/defaults/main.yml b/roles/ovb-manage-stack/defaults/main.yml index 8c7578a2e..827014109 100644 --- a/roles/ovb-manage-stack/defaults/main.yml +++ b/roles/ovb-manage-stack/defaults/main.yml @@ -39,7 +39,19 @@ latest_guest_image: rhos-9: rhel-7.3-server-x86_64-latest rhos-10: rhel-7.3-server-x86_64-latest -existing_key_location: '{{ local_working_dir }}' +port_security: true + +baremetal_ports_template: + multiple-nics: baremetal-ports-all.yaml + multi-nic: baremetal-ports-all.yaml + public-bond: baremetal-ports-public-bond.yaml + +baremetal_port_security_template: + multiple-nics: baremetal-ports-all-port-security.yaml + multi-nic: baremetal-ports-all-port-security.yaml + public-bond: baremetal-ports-public-bond-port-security.yaml + +existing_key_location: '~/.ssh/id_rsa' remove_image_from_host_cloud: false bmc_flavor: m1.medium @@ -55,6 +67,7 @@ private_net: '{{ prefix }}private' node_count: 2 public_net: '{{ prefix }}public' provision_net: '{{ prefix }}provision' +provision_net_cidr: 192.0.2.0/24 # QuintupleO-specific params ignored by virtual-baremetal.yaml undercloud_name: '{{ prefix }}undercloud' @@ -73,3 +86,8 @@ registered_releases: - rhos-9 - rhos-10 +# OVB environment clean up +cleanup_stacks_keypairs: false +cleanup_stacks_keypairs_script: cleanup-stacks-keypairs.sh.j2 +cleanup_stacks_keypairs_log: "{{ local_working_dir }}/cleanup_stacks_keypairs.log" + diff --git a/roles/ovb-manage-stack/tasks/ovb-cleanup-stacks-keypairs.yml b/roles/ovb-manage-stack/tasks/ovb-cleanup-stacks-keypairs.yml new file mode 100644 index 000000000..1c8255790 --- /dev/null +++ b/roles/ovb-manage-stack/tasks/ovb-cleanup-stacks-keypairs.yml @@ -0,0 +1,12 @@ +--- +- name: Create OVB environment clean up script + template: + src: "{{ cleanup_stacks_keypairs_script }}" + dest: "{{ local_working_dir }}/cleanup-stacks-keypairs.sh" + mode: 0755 + +- name: Remove existing stacks and key pairs + shell: > + set -o pipefail && + {{ local_working_dir }}/cleanup-stacks-keypairs.sh 2>&1 {{ timestamper_cmd }} > + {{ cleanup_stacks_keypairs_log }} diff --git a/roles/ovb-manage-stack/tasks/ovb-create-stack.yml b/roles/ovb-manage-stack/tasks/ovb-create-stack.yml index 476094403..b4aed2422 100644 --- a/roles/ovb-manage-stack/tasks/ovb-create-stack.yml +++ b/roles/ovb-manage-stack/tasks/ovb-create-stack.yml @@ -10,6 +10,15 @@ file: path: "{{ local_working_dir }}" +- name: Clone Openstack Virtual Baremetal repo if it does not exist + git: + repo: https://github.com/cybertron/openstack-virtual-baremetal.git + dest: "{{ local_working_dir }}/openstack-virtual-baremetal" + version: master + +- include: ovb-cleanup-stacks-keypairs.yml + when: cleanup_stacks_keypairs|bool + - name: generate prefix for all run-related entities set_fact: prefix="{{ tmp.node_prefix }}" @@ -19,12 +28,12 @@ - name: copy key inserted in image to undercloud_key location copy: - src: "{{ existing_key_location }}/{{ item }}" - dest: "{{ local_working_dir }}/{{ item }}" + src: "{{ existing_key_location }}{{ item }}" + dest: "{{ local_working_dir }}/id_rsa_undercloud{{ item }}" mode: 0600 with_items: - - id_rsa_undercloud - - id_rsa_undercloud.pub + - "" + - .pub - name: Copy deploy stack parameters template template: @@ -32,34 +41,13 @@ dest: "{{ local_working_dir }}/{{ prefix }}env.yaml" mode: 0755 -# NOTE: 'multi-nic' is deprecated -- name: Add templates for multiple-nics - blockinfile: - dest: "{{ local_working_dir }}/{{ prefix }}env.yaml" - insertafter: "## in baremetal-networks-all.yaml" - content: | - ## multiple-nics - OS::OVB::BaremetalNetworks: {{ templates_dir }}/baremetal-networks-all.yaml - OS::OVB::BaremetalPorts: {{ templates_dir }}/baremetal-ports-all.yaml - when: network_isolation_type in ['multi-nic', 'multiple-nics'] - -- name: Add templates for public-bond - blockinfile: - dest: "{{ local_working_dir }}/{{ prefix }}env.yaml" - insertafter: "## in baremetal-networks-all.yaml" - content: | - ## public-bond - OS::OVB::BaremetalNetworks: {{ templates_dir }}/baremetal-networks-all.yaml - OS::OVB::BaremetalPorts: {{ templates_dir }}/baremetal-ports-public-bond.yaml - when: network_isolation_type == 'public-bond' - - name: Add keypair shell: > export OS_USERNAME="{{ os_username }}"; export OS_PASSWORD="{{ os_password }}"; export OS_TENANT_NAME="{{ os_tenant_name }}"; export OS_AUTH_URL="{{ os_auth_url }}"; - nova keypair-add --pub-key ~/.ssh/id_rsa.pub {{ prefix }}key + nova keypair-add --pub-key {{ existing_key_location }}.pub {{ prefix }}key ignore_errors: true no_log: true @@ -79,17 +67,6 @@ register: stack_deployment environment: OS_CLIENT_CONFIG_FILE: "{{ local_working_dir }}/clouds.yaml" - ignore_errors: true - -- name: Show stack deployment information - shell: > - export OS_USERNAME="{{ os_username }}"; - export OS_PASSWORD="{{ os_password }}"; - export OS_TENANT_NAME="{{ os_tenant_name }}"; - export OS_AUTH_URL="{{ os_auth_url }}"; - heat stack-show {{ stack_name }} - when: stack_deployment.result is not defined - no_log: true - name: set fact for undercloud floating IP address set_fact: @@ -122,17 +99,8 @@ export OS_CLOUD="{{ cloud_name}}"; {{ ovb_dir }}/bin/build-nodes-json --env {{ local_working_dir }}/{{ prefix }}env.yaml register: nodes_json - no_log: true -- name: Ensure directories exist for network-environment copy +- name: remove clouds.yaml file file: - path: "{{ network_env_file_dest }}" - state: directory - mode: 0755 - -- name: Copy the network-environment.yaml - copy: - src: "{{ network_environment_file }}" - dest: "{{ network_env_file_dest }}" - mode: 0755 - + path: "{{ local_working_dir }}/clouds.yaml" + state: absent diff --git a/roles/ovb-manage-stack/tasks/ovb-delete-stack.yml b/roles/ovb-manage-stack/tasks/ovb-delete-stack.yml index 323946d80..636a5b04f 100644 --- a/roles/ovb-manage-stack/tasks/ovb-delete-stack.yml +++ b/roles/ovb-manage-stack/tasks/ovb-delete-stack.yml @@ -1,3 +1,16 @@ +--- +- name: Clone Openstack Virtual Baremetal repo if it does not exist + git: + repo: https://github.com/cybertron/openstack-virtual-baremetal.git + dest: "{{ local_working_dir }}/openstack-virtual-baremetal" + version: master + +- name: copy clouds.yaml file + template: + src: clouds.yaml.j2 + dest: "{{ local_working_dir }}/clouds.yaml" + mode: 0755 + - name: Remove stack os_stack: name: "{{ stack_name }}" @@ -17,3 +30,8 @@ ignore_errors: true no_log: true +- name: remove clouds.yaml file + file: + path: "{{ local_working_dir }}/clouds.yaml" + state: absent + diff --git a/roles/ovb-manage-stack/templates/cleanup-stacks-keypairs.sh.j2 b/roles/ovb-manage-stack/templates/cleanup-stacks-keypairs.sh.j2 new file mode 100644 index 000000000..40db1e6fc --- /dev/null +++ b/roles/ovb-manage-stack/templates/cleanup-stacks-keypairs.sh.j2 @@ -0,0 +1,48 @@ +#!/bin/bash + +set -eux + +### --start_docs + +## -------------------------------------------------------------- +## Clean up the OVB environment by removing stacks and key pairs +## -------------------------------------------------------------- + +## ################################################## +## Find the existing stacks and keys pairs to delete +## ################################################## + +## * Return all stacks in COMPLETE or CREATE_FAILED state +## :: + +ALL_STACKS=$({{ local_working_dir }}/bin/openstack stack list | grep "COMPLETE\|CREATE_FAILED" | cut -d '|' -f 3) + +## * Delete stacks in COMPLETE or CREATE_FAILED state - one stack at a time +## :: + +for STACK in $ALL_STACKS; do + echo "Deleting Heat stack $STACK" + {{ local_working_dir }}/bin/openstack stack delete --yes $STACK + COUNTER=0 + while [[ $({{ local_working_dir }}/bin/openstack stack list) == *"$STACK"* ]]; do + if [[ $COUNTER -gt 6 ]]; then + echo "$STACK could not be deleted in time or is in FAILED state." + exit 1 + else + echo "Polling for stack $STACK to be deleted" + sleep 30 + COUNTER=$((COUNTER+1)) + fi + done + +## * Delete the key pair associated with the stack +## :: + + KEYPAIR=$(echo ${STACK/stack/key} | sed 's/oooq-//') + if [[ $({{ local_working_dir }}/bin/nova keypair-list) == *"$KEYPAIR"* ]]; then + echo "Deleting key pair $KEYPAIR" + {{ local_working_dir }}/bin/nova keypair-delete $KEYPAIR + fi +done + +### --stop_docs diff --git a/roles/ovb-manage-stack/templates/env.yaml.j2 b/roles/ovb-manage-stack/templates/env.yaml.j2 index 8beedb385..70d4b9bbe 100644 --- a/roles/ovb-manage-stack/templates/env.yaml.j2 +++ b/roles/ovb-manage-stack/templates/env.yaml.j2 @@ -4,11 +4,11 @@ parameters: os_tenant: {{ os_tenant_name }} os_auth_url: {{ os_auth_url }} - bmc_flavor: m1.micro + bmc_flavor: {{ bmc_flavor }} bmc_image: 'bmc-base' bmc_prefix: '{{ prefix }}bmc' - baremetal_flavor: m1.large + baremetal_flavor: {{ baremetal_flavor }} baremetal_image: 'ipxe-boot' baremetal_prefix: '{{ prefix }}baremetal' @@ -17,11 +17,12 @@ parameters: node_count: {{ node_count }} public_net: '{{ prefix }}public' provision_net: '{{ prefix }}provision' + provision_net_cidr: {{ provision_net_cidr }} # QuintupleO-specific params ignored by virtual-baremetal.yaml undercloud_name: '{{ prefix }}undercloud' undercloud_image: '{{ latest_undercloud_image }}' - undercloud_flavor: m1.xlarge + undercloud_flavor: {{ undercloud_flavor }} external_net: '{{ external_net }}' undercloud_user_data: | #!/bin/sh @@ -52,6 +53,26 @@ resource_registry: ## in baremetal-networks-all.yaml # OS::OVB::BaremetalNetworks: {{ templates_dir }}/baremetal-networks-all.yaml # OS::OVB::BaremetalPorts: {{ templates_dir }}/baremetal-ports-all.yaml +{% if network_isolation_type in ['multi-nic', 'multiple-nics', 'public-bond'] and not port_security|bool %} + OS::OVB::BaremetalNetworks: {{ templates_dir }}/baremetal-networks-all.yaml + OS::OVB::BaremetalPorts: {{ templates_dir }}/{{ baremetal_ports_template[network_isolation_type] }} +{% endif %} +{% if network_isolation_type in ['multi-nic', 'multiple-nics', 'public-bond'] and port_security|bool %} + OS::OVB::BaremetalNetworks: {{ templates_dir }}/baremetal-networks-all.yaml +{% endif %} + +## Uncomment to use the neutron port-security extension to allow DHCP from +## the undercloud to overcloud nodes. There are *-port-security.yaml versions +## of all the standard port resource templates. The examples below are to use +## port-security with a minimal deployment (i.e. no network isolation). +# OS::OVB::BaremetalPorts: templates/baremetal-ports-default-port-security.yaml +# OS::OVB::BMCPort: templates/bmc-port-port-security.yaml +# OS::OVB::UndercloudPorts: templates/undercloud-ports-port-security.yaml +{% if network_isolation_type in ['multi-nic', 'multiple-nics', 'public-bond'] and port_security|bool %} + OS::OVB::BaremetalPorts: {{ templates_dir }}/{{ baremetal_port_security_template[network_isolation_type] }} + OS::OVB::BMCPort: {{ templates_dir }}/bmc-port-port-security.yaml + OS::OVB::UndercloudPorts: {{ templates_dir }}/undercloud-ports-port-security.yaml +{% endif %} ## Uncomment to deploy a quintupleo environment without an undercloud. # OS::OVB::UndercloudEnvironment: OS::Heat::None diff --git a/roles/undercloud-setup/templates/ovb-undercloud-connectivity.sh.j2 b/roles/undercloud-setup/templates/ovb-undercloud-connectivity.sh.j2 index 7d3273714..675dfe7aa 100644 --- a/roles/undercloud-setup/templates/ovb-undercloud-connectivity.sh.j2 +++ b/roles/undercloud-setup/templates/ovb-undercloud-connectivity.sh.j2 @@ -10,6 +10,7 @@ set -eux ## * Configure external interface ## :: +# TODO: move this to overcloud-prep-network role sudo ip addr add {{ external_interface_ip }} dev {{ external_interface }} ## * Get mac address of external interface @@ -39,6 +40,7 @@ IPV6_PEERDNS=yes IPV6_PEERROUTES=yes EOF' +sudo ifdown {{ external_interface }} sudo ifup {{ external_interface }} ## * Set MTU values @@ -46,15 +48,19 @@ sudo ifup {{ external_interface }} {% for interface in (mtu_interface) %} sudo ip link set {{ interface }} mtu {{ mtu }} - echo "MTU={{ mtu }}" | sudo tee /etc/sysconfig/network-scripts/ifcfg-{{ interface }} + echo "MTU={{ mtu }}" | sudo tee -a /etc/sysconfig/network-scripts/ifcfg-{{ interface }} {% endfor %} -## * Add nameserver to resolv.conf +## * Add custom nameserver to resolv.conf if required ## :: -sudo sed -i 's/^nameserver/#nameserver/g' /etc/resolv.conf -cat <