openstack/tripleo-quickstart-extras
Code Issues Proposed changes

Parameterize OVB stack flavors

Browse Source 
Running quickstart with OVB  needs to work with multiple host
clouds where different flavor sets are available.

This review:
* Adds variables to the flavor specifications so that they can be
  overwritten by config files per host cloud environment
* Adds functionality to clean up stacks and keypairs
  from the host cloud environment
* Includes cloning the Openstack Virtual Baremetal repo
  within the ovb-manage-stack role
* Deletes the clouds.yaml file so it is not available,
  with the tenant password exposed for longer than
  necessary to create or delete the stack
* Changes the default key location to use
  the user's default key on the undercloud

Change-Id: I5f0f7327a2509ef889b80a35024478b13df2c2a9
This commit is contained in:
Ronelle Landy 2017-03-13 16:08:25 -04:00
parent 517fb31201
commit 4d0f6329df
9 changed files with 179 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
playbooks/ovb-create-stack.yml
View File

@ -1,14 +1,20 @@
--- ---
# Add the virthost to the in-memory inventory. The inventory is not
# written out to disk unless you call the `tripleo-inventory` role.
- name: Add the virthost to the inventory
hosts: localhost
tasks:
- name: Add virthost
add_host:
name: "virthost"
groups: "virthost"
ansible_host: "{{ virthost }}"
- name: Create the OVB stack - name: Create the OVB stack
hosts: localhost hosts: localhost
roles: roles:
- { role: ovb-manage-stack, ovb_manage_stack_mode: 'create' } - { role: ovb-manage-stack, ovb_manage_stack_mode: 'create' }
- name: Build test packages using DLRN
hosts: localhost
roles:
- {role: build-test-packages, when: build_test_packages|default(false)|bool }
- name: Setup the undercloud - name: Setup the undercloud
hosts: undercloud hosts: undercloud
gather_facts: no gather_facts: no
@ -23,18 +29,20 @@
roles: roles:
- tripleo-inventory - tripleo-inventory
- name: Install the built package on the undercloud
hosts: undercloud
gather_facts: no
vars:
ib_repo_host: localhost
roles:
- {role: install-built-repo, when: build_test_packages|default(false)|bool }
- name: Fetch the overcloud images - name: Fetch the overcloud images
hosts: undercloud hosts: undercloud
gather_facts: no gather_facts: no
vars:
ansible_user: root
roles: roles:
- fetch-images - fetch-images
- name: Build test packages using DLRN
hosts: undercloud
roles:
- {role: build-test-packages, when: build_test_packages|default(false)|bool }
- name: Install the built package on the undercloud
hosts: undercloud
gather_facts: no
roles:
- {role: install-built-repo, when: build_test_packages|default(false)|bool }

7
releasenotes/notes/add-default-cloud-settings-60e48de95aa4c2ac.yaml Normal file
View File

@ -0,0 +1,7 @@
---
features:
- |
Added public cloud settings.
All public cloud settings can be overridden to deploy on custom cloud
environments.
Added functionality to remove stacks and key pairs from the host cloud.

20
roles/ovb-manage-stack/defaults/main.yml
View File

@ -39,7 +39,19 @@ latest_guest_image:
rhos-9: rhel-7.3-server-x86_64-latest rhos-9: rhel-7.3-server-x86_64-latest
rhos-10: rhel-7.3-server-x86_64-latest rhos-10: rhel-7.3-server-x86_64-latest
existing_key_location: '{{ local_working_dir }}' port_security: true
baremetal_ports_template:
multiple-nics: baremetal-ports-all.yaml
multi-nic: baremetal-ports-all.yaml
public-bond: baremetal-ports-public-bond.yaml
baremetal_port_security_template:
multiple-nics: baremetal-ports-all-port-security.yaml
multi-nic: baremetal-ports-all-port-security.yaml
public-bond: baremetal-ports-public-bond-port-security.yaml
existing_key_location: '~/.ssh/id_rsa'
remove_image_from_host_cloud: false remove_image_from_host_cloud: false
bmc_flavor: m1.medium bmc_flavor: m1.medium
@ -55,6 +67,7 @@ private_net: '{{ prefix }}private'
node_count: 2 node_count: 2
public_net: '{{ prefix }}public' public_net: '{{ prefix }}public'
provision_net: '{{ prefix }}provision' provision_net: '{{ prefix }}provision'
provision_net_cidr: 192.0.2.0/24
# QuintupleO-specific params ignored by virtual-baremetal.yaml # QuintupleO-specific params ignored by virtual-baremetal.yaml
undercloud_name: '{{ prefix }}undercloud' undercloud_name: '{{ prefix }}undercloud'
@ -73,3 +86,8 @@ registered_releases:
- rhos-9 - rhos-9
- rhos-10 - rhos-10
# OVB environment clean up
cleanup_stacks_keypairs: false
cleanup_stacks_keypairs_script: cleanup-stacks-keypairs.sh.j2
cleanup_stacks_keypairs_log: "{{ local_working_dir }}/cleanup_stacks_keypairs.log"

12
roles/ovb-manage-stack/tasks/ovb-cleanup-stacks-keypairs.yml Normal file
View File

@ -0,0 +1,12 @@
---
- name: Create OVB environment clean up script
template:
src: "{{ cleanup_stacks_keypairs_script }}"
dest: "{{ local_working_dir }}/cleanup-stacks-keypairs.sh"
mode: 0755
- name: Remove existing stacks and key pairs
shell: >
set -o pipefail &&
{{ local_working_dir }}/cleanup-stacks-keypairs.sh 2>&1 {{ timestamper_cmd }} >
{{ cleanup_stacks_keypairs_log }}

66
roles/ovb-manage-stack/tasks/ovb-create-stack.yml
View File

@ -10,6 +10,15 @@
file: file:
path: "{{ local_working_dir }}" path: "{{ local_working_dir }}"
- name: Clone Openstack Virtual Baremetal repo if it does not exist
git:
repo: https://github.com/cybertron/openstack-virtual-baremetal.git
dest: "{{ local_working_dir }}/openstack-virtual-baremetal"
version: master
- include: ovb-cleanup-stacks-keypairs.yml
when: cleanup_stacks_keypairs|bool
- name: generate prefix for all run-related entities - name: generate prefix for all run-related entities
set_fact: set_fact:
prefix="{{ tmp.node_prefix }}" prefix="{{ tmp.node_prefix }}"
@ -19,12 +28,12 @@
- name: copy key inserted in image to undercloud_key location - name: copy key inserted in image to undercloud_key location
copy: copy:
src: "{{ existing_key_location }}/{{ item }}" src: "{{ existing_key_location }}{{ item }}"
dest: "{{ local_working_dir }}/{{ item }}" dest: "{{ local_working_dir }}/id_rsa_undercloud{{ item }}"
mode: 0600 mode: 0600
with_items: with_items:
- id_rsa_undercloud - ""
- id_rsa_undercloud.pub - .pub
- name: Copy deploy stack parameters template - name: Copy deploy stack parameters template
template: template:
@ -32,34 +41,13 @@
dest: "{{ local_working_dir }}/{{ prefix }}env.yaml" dest: "{{ local_working_dir }}/{{ prefix }}env.yaml"
mode: 0755 mode: 0755
# NOTE: 'multi-nic' is deprecated
- name: Add templates for multiple-nics
blockinfile:
dest: "{{ local_working_dir }}/{{ prefix }}env.yaml"
insertafter: "## in baremetal-networks-all.yaml"
content: |
## multiple-nics
OS::OVB::BaremetalNetworks: {{ templates_dir }}/baremetal-networks-all.yaml
OS::OVB::BaremetalPorts: {{ templates_dir }}/baremetal-ports-all.yaml
when: network_isolation_type in ['multi-nic', 'multiple-nics']
- name: Add templates for public-bond
blockinfile:
dest: "{{ local_working_dir }}/{{ prefix }}env.yaml"
insertafter: "## in baremetal-networks-all.yaml"
content: |
## public-bond
OS::OVB::BaremetalNetworks: {{ templates_dir }}/baremetal-networks-all.yaml
OS::OVB::BaremetalPorts: {{ templates_dir }}/baremetal-ports-public-bond.yaml
when: network_isolation_type == 'public-bond'
- name: Add keypair - name: Add keypair
shell: > shell: >
export OS_USERNAME="{{ os_username }}"; export OS_USERNAME="{{ os_username }}";
export OS_PASSWORD="{{ os_password }}"; export OS_PASSWORD="{{ os_password }}";
export OS_TENANT_NAME="{{ os_tenant_name }}"; export OS_TENANT_NAME="{{ os_tenant_name }}";
export OS_AUTH_URL="{{ os_auth_url }}"; export OS_AUTH_URL="{{ os_auth_url }}";
nova keypair-add --pub-key ~/.ssh/id_rsa.pub {{ prefix }}key nova keypair-add --pub-key {{ existing_key_location }}.pub {{ prefix }}key
ignore_errors: true ignore_errors: true
no_log: true no_log: true
@ -79,17 +67,6 @@
register: stack_deployment register: stack_deployment
environment: environment:
OS_CLIENT_CONFIG_FILE: "{{ local_working_dir }}/clouds.yaml" OS_CLIENT_CONFIG_FILE: "{{ local_working_dir }}/clouds.yaml"
ignore_errors: true
- name: Show stack deployment information
shell: >
export OS_USERNAME="{{ os_username }}";
export OS_PASSWORD="{{ os_password }}";
export OS_TENANT_NAME="{{ os_tenant_name }}";
export OS_AUTH_URL="{{ os_auth_url }}";
heat stack-show {{ stack_name }}
when: stack_deployment.result is not defined
no_log: true
- name: set fact for undercloud floating IP address - name: set fact for undercloud floating IP address
set_fact: set_fact:
@ -122,17 +99,8 @@
export OS_CLOUD="{{ cloud_name}}"; export OS_CLOUD="{{ cloud_name}}";
{{ ovb_dir }}/bin/build-nodes-json --env {{ local_working_dir }}/{{ prefix }}env.yaml {{ ovb_dir }}/bin/build-nodes-json --env {{ local_working_dir }}/{{ prefix }}env.yaml
register: nodes_json register: nodes_json
no_log: true
- name: Ensure directories exist for network-environment copy - name: remove clouds.yaml file
file: file:
path: "{{ network_env_file_dest }}" path: "{{ local_working_dir }}/clouds.yaml"
state: directory state: absent
mode: 0755
- name: Copy the network-environment.yaml
copy:
src: "{{ network_environment_file }}"
dest: "{{ network_env_file_dest }}"
mode: 0755

18
roles/ovb-manage-stack/tasks/ovb-delete-stack.yml
View File

@ -1,3 +1,16 @@
---
- name: Clone Openstack Virtual Baremetal repo if it does not exist
git:
repo: https://github.com/cybertron/openstack-virtual-baremetal.git
dest: "{{ local_working_dir }}/openstack-virtual-baremetal"
version: master
- name: copy clouds.yaml file
template:
src: clouds.yaml.j2
dest: "{{ local_working_dir }}/clouds.yaml"
mode: 0755
- name: Remove stack - name: Remove stack
os_stack: os_stack:
name: "{{ stack_name }}" name: "{{ stack_name }}"
@ -17,3 +30,8 @@
ignore_errors: true ignore_errors: true
no_log: true no_log: true
- name: remove clouds.yaml file
file:
path: "{{ local_working_dir }}/clouds.yaml"
state: absent

48
roles/ovb-manage-stack/templates/cleanup-stacks-keypairs.sh.j2 Normal file
View File

@ -0,0 +1,48 @@
#!/bin/bash
set -eux
### --start_docs
## --------------------------------------------------------------
## Clean up the OVB environment by removing stacks and key pairs
## --------------------------------------------------------------
## ##################################################
## Find the existing stacks and keys pairs to delete
## ##################################################
## * Return all stacks in COMPLETE or CREATE_FAILED state
## ::
ALL_STACKS=$({{ local_working_dir }}/bin/openstack stack list | grep "COMPLETE\|CREATE_FAILED" | cut -d '|' -f 3)
## * Delete stacks in COMPLETE or CREATE_FAILED state - one stack at a time
## ::
for STACK in $ALL_STACKS; do
echo "Deleting Heat stack $STACK"
{{ local_working_dir }}/bin/openstack stack delete --yes $STACK
COUNTER=0
while [[ $({{ local_working_dir }}/bin/openstack stack list) == *"$STACK"* ]]; do
if [[ $COUNTER -gt 6 ]]; then
echo "$STACK could not be deleted in time or is in FAILED state."
exit 1
else
echo "Polling for stack $STACK to be deleted"
sleep 30
COUNTER=$((COUNTER+1))
fi
done
## * Delete the key pair associated with the stack
## ::
KEYPAIR=$(echo ${STACK/stack/key} | sed 's/oooq-//')
if [[ $({{ local_working_dir }}/bin/nova keypair-list) == *"$KEYPAIR"* ]]; then
echo "Deleting key pair $KEYPAIR"
{{ local_working_dir }}/bin/nova keypair-delete $KEYPAIR
fi
done
### --stop_docs

27
roles/ovb-manage-stack/templates/env.yaml.j2
View File

@ -4,11 +4,11 @@ parameters:
os_tenant: {{ os_tenant_name }} os_tenant: {{ os_tenant_name }}
os_auth_url: {{ os_auth_url }} os_auth_url: {{ os_auth_url }}
bmc_flavor: m1.micro bmc_flavor: {{ bmc_flavor }}
bmc_image: 'bmc-base' bmc_image: 'bmc-base'
bmc_prefix: '{{ prefix }}bmc' bmc_prefix: '{{ prefix }}bmc'
baremetal_flavor: m1.large baremetal_flavor: {{ baremetal_flavor }}
baremetal_image: 'ipxe-boot' baremetal_image: 'ipxe-boot'
baremetal_prefix: '{{ prefix }}baremetal' baremetal_prefix: '{{ prefix }}baremetal'
@ -17,11 +17,12 @@ parameters:
node_count: {{ node_count }} node_count: {{ node_count }}
public_net: '{{ prefix }}public' public_net: '{{ prefix }}public'
provision_net: '{{ prefix }}provision' provision_net: '{{ prefix }}provision'
provision_net_cidr: {{ provision_net_cidr }}
# QuintupleO-specific params ignored by virtual-baremetal.yaml # QuintupleO-specific params ignored by virtual-baremetal.yaml
undercloud_name: '{{ prefix }}undercloud' undercloud_name: '{{ prefix }}undercloud'
undercloud_image: '{{ latest_undercloud_image }}' undercloud_image: '{{ latest_undercloud_image }}'
undercloud_flavor: m1.xlarge undercloud_flavor: {{ undercloud_flavor }}
external_net: '{{ external_net }}' external_net: '{{ external_net }}'
undercloud_user_data: | undercloud_user_data: |
#!/bin/sh #!/bin/sh
@ -52,6 +53,26 @@ resource_registry:
## in baremetal-networks-all.yaml ## in baremetal-networks-all.yaml
# OS::OVB::BaremetalNetworks: {{ templates_dir }}/baremetal-networks-all.yaml # OS::OVB::BaremetalNetworks: {{ templates_dir }}/baremetal-networks-all.yaml
# OS::OVB::BaremetalPorts: {{ templates_dir }}/baremetal-ports-all.yaml # OS::OVB::BaremetalPorts: {{ templates_dir }}/baremetal-ports-all.yaml
{% if network_isolation_type in ['multi-nic', 'multiple-nics', 'public-bond'] and not port_security|bool %}
OS::OVB::BaremetalNetworks: {{ templates_dir }}/baremetal-networks-all.yaml
OS::OVB::BaremetalPorts: {{ templates_dir }}/{{ baremetal_ports_template[network_isolation_type] }}
{% endif %}
{% if network_isolation_type in ['multi-nic', 'multiple-nics', 'public-bond'] and port_security|bool %}
OS::OVB::BaremetalNetworks: {{ templates_dir }}/baremetal-networks-all.yaml
{% endif %}
## Uncomment to use the neutron port-security extension to allow DHCP from
## the undercloud to overcloud nodes. There are *-port-security.yaml versions
## of all the standard port resource templates. The examples below are to use
## port-security with a minimal deployment (i.e. no network isolation).
# OS::OVB::BaremetalPorts: templates/baremetal-ports-default-port-security.yaml
# OS::OVB::BMCPort: templates/bmc-port-port-security.yaml
# OS::OVB::UndercloudPorts: templates/undercloud-ports-port-security.yaml
{% if network_isolation_type in ['multi-nic', 'multiple-nics', 'public-bond'] and port_security|bool %}
OS::OVB::BaremetalPorts: {{ templates_dir }}/{{ baremetal_port_security_template[network_isolation_type] }}
OS::OVB::BMCPort: {{ templates_dir }}/bmc-port-port-security.yaml
OS::OVB::UndercloudPorts: {{ templates_dir }}/undercloud-ports-port-security.yaml
{% endif %}
## Uncomment to deploy a quintupleo environment without an undercloud. ## Uncomment to deploy a quintupleo environment without an undercloud.
# OS::OVB::UndercloudEnvironment: OS::Heat::None # OS::OVB::UndercloudEnvironment: OS::Heat::None

16
roles/undercloud-setup/templates/ovb-undercloud-connectivity.sh.j2
View File

@ -10,6 +10,7 @@ set -eux
## * Configure external interface ## * Configure external interface
## :: ## ::
# TODO: move this to overcloud-prep-network role
sudo ip addr add {{ external_interface_ip }} dev {{ external_interface }} sudo ip addr add {{ external_interface_ip }} dev {{ external_interface }}
## * Get mac address of external interface ## * Get mac address of external interface
@ -39,6 +40,7 @@ IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes IPV6_PEERROUTES=yes
EOF' EOF'
sudo ifdown {{ external_interface }}
sudo ifup {{ external_interface }} sudo ifup {{ external_interface }}
## * Set MTU values ## * Set MTU values
@ -46,15 +48,19 @@ sudo ifup {{ external_interface }}
{% for interface in (mtu_interface) %} {% for interface in (mtu_interface) %}
sudo ip link set {{ interface }} mtu {{ mtu }} sudo ip link set {{ interface }} mtu {{ mtu }}
echo "MTU={{ mtu }}" | sudo tee /etc/sysconfig/network-scripts/ifcfg-{{ interface }} echo "MTU={{ mtu }}" | sudo tee -a /etc/sysconfig/network-scripts/ifcfg-{{ interface }}
{% endfor %} {% endfor %}
## * Add nameserver to resolv.conf ## * Add custom nameserver to resolv.conf if required
## :: ## ::
sudo sed -i 's/^nameserver/#nameserver/g' /etc/resolv.conf {% if custom_nameserver is defined %}
cat <<EOF | sudo tee /etc/resolv.conf sudo sed -i '/^nameserver/d' /etc/resolv.conf
nameserver {{ custom_nameserver }} {% for name_server in custom_nameserver %}
cat <<EOF | sudo tee -a /etc/resolv.conf
nameserver {{ name_server }}
EOF EOF
{% endfor %}
{% endif %}
### --stop_docs ### --stop_docs