From 4c922854466ea9777433e4a2cf5130d9aeacf3cd Mon Sep 17 00:00:00 2001 From: Tyler Smith Date: Thu, 11 Jul 2019 10:51:49 -0400 Subject: [PATCH] Zero Touch Provisioning changes for subcloud configuration - Adding support for subcloud configuration to bootstrap playbook Depends-On: https://review.opendev.org/#/c/669980/ Change-Id: Id438609951b3a9e11017cfdc2432fc8617ed0f70 Story: 2004766 Task: 35756 Signed-off-by: Tyler Smith --- .../playbooks/bootstrap/host_vars/default.yml | 4 +- .../files/populate_initial_config.py | 51 +++++++++++++++++++ .../roles/persist-config/tasks/main.yml | 2 +- .../tasks/update_sysinv_database.yml | 20 +++++++- .../roles/persist-config/vars/main.yml | 1 + .../roles/store-passwd/tasks/main.yml | 16 ++++++ .../roles/store-passwd/vars/main.yml | 4 ++ .../roles/validate-config/tasks/main.yml | 11 ++-- .../roles/validate-config/vars/main.yml | 6 +++ 9 files changed, 108 insertions(+), 7 deletions(-) diff --git a/playbookconfig/src/playbooks/bootstrap/host_vars/default.yml b/playbookconfig/src/playbooks/bootstrap/host_vars/default.yml index 498e714d7..c31ee0f2f 100644 --- a/playbookconfig/src/playbooks/bootstrap/host_vars/default.yml +++ b/playbookconfig/src/playbooks/bootstrap/host_vars/default.yml @@ -2,7 +2,9 @@ # SYSTEM PROPERTIES # ================= system_mode: simplex -# configure distributed cloud role, valid values are 'none' and 'systemcontroller' +# configure distributed cloud role, valid values are 'none', 'systemcontroller', +# and 'subcloud'. However subclouds are automatically provisioned during their +# creation in dcmanager and are not meant to be configured manually by the user. distributed_cloud_role: none timezone: UTC diff --git a/playbookconfig/src/playbooks/bootstrap/roles/persist-config/files/populate_initial_config.py b/playbookconfig/src/playbooks/bootstrap/roles/persist-config/files/populate_initial_config.py index c0f53649a..81235ee35 100644 --- a/playbookconfig/src/playbooks/bootstrap/roles/persist-config/files/populate_initial_config.py +++ b/playbookconfig/src/playbooks/bootstrap/roles/persist-config/files/populate_initial_config.py @@ -34,6 +34,7 @@ except ImportError: COMBINED_LOAD = 'All-in-one' +SUBCLOUD_ROLE = 'subcloud' RECONFIGURE_SYSTEM = False RECONFIGURE_NETWORK = False RECONFIGURE_SERVICE = False @@ -47,6 +48,11 @@ def touch(fname): os.utime(fname, None) +def is_subcloud(): + cloud_role = CONF.get('BOOTSTRAP_CONFIG', 'DISTRIBUTED_CLOUD_ROLE', None) + return cloud_role == SUBCLOUD_ROLE + + def wait_system_config(client): for _ in range(constants.SYSTEM_CONFIG_TIMEOUT): try: @@ -83,6 +89,11 @@ def populate_system_config(client): dc_role = CONF.get('BOOTSTRAP_CONFIG', 'DISTRIBUTED_CLOUD_ROLE') if dc_role == 'none': dc_role = None + + if is_subcloud(): + capabilities.update({'shared_services': "['identity', ]", + 'region_config': True}) + values = { 'system_mode': CONF.get('BOOTSTRAP_CONFIG', 'SYSTEM_MODE'), 'capabilities': capabilities, @@ -92,6 +103,12 @@ def populate_system_config(client): 'distributed_cloud_role': dc_role } + if is_subcloud(): + values.update( + {'region_name': CONF.get('BOOTSTRAP_CONFIG', 'REGION_NAME'), + 'name': CONF.get('BOOTSTRAP_CONFIG', 'REGION_NAME')} + ) + if INITIAL_POPULATION: values.update( {'system_type': CONF.get('BOOTSTRAP_CONFIG', 'SYSTEM_TYPE')} @@ -376,6 +393,38 @@ def populate_cluster_host_network(client): create_network(client, values, network_name) +def populate_system_controller_network(client): + system_controller_subnet = IPNetwork(CONF.get( + 'BOOTSTRAP_CONFIG', 'SYSTEM_CONTROLLER_SUBNET')) + system_controller_floating_ip = CONF.get( + 'BOOTSTRAP_CONFIG', 'SYSTEM_CONTROLLER_FLOATING_ADDRESS') + network_name = 'system-controller' + + if RECONFIGURE_NETWORK: + delete_network_and_addrpool(client, 'system-controller') + print("Updating system controller network...") + else: + print("Populating system controller network...") + + # create the address pool + values = { + 'name': 'system-controller-subnet', + 'network': str(system_controller_subnet.network), + 'prefix': system_controller_subnet.prefixlen, + 'floating_address': str(system_controller_floating_ip), + } + pool = create_addrpool(client, values, network_name) + + # create the network for the pool + values = { + 'type': sysinv_constants.NETWORK_TYPE_SYSTEM_CONTROLLER, + 'name': sysinv_constants.NETWORK_TYPE_SYSTEM_CONTROLLER, + 'dynamic': False, + 'pool_uuid': pool.uuid, + } + create_network(client, values, network_name) + + def populate_cluster_pod_network(client): cluster_pod_subnet = IPNetwork(CONF.get( 'BOOTSTRAP_CONFIG', 'CLUSTER_POD_SUBNET')) @@ -454,6 +503,8 @@ def populate_network_config(client): populate_cluster_host_network(client) populate_cluster_pod_network(client) populate_cluster_service_network(client) + if is_subcloud(): + populate_system_controller_network(client) print("Network config completed.") diff --git a/playbookconfig/src/playbooks/bootstrap/roles/persist-config/tasks/main.yml b/playbookconfig/src/playbooks/bootstrap/roles/persist-config/tasks/main.yml index 0e408ebb7..2e26fe2cf 100644 --- a/playbookconfig/src/playbooks/bootstrap/roles/persist-config/tasks/main.yml +++ b/playbookconfig/src/playbooks/bootstrap/roles/persist-config/tasks/main.yml @@ -210,7 +210,7 @@ path: /etc/platform/platform.conf line: "{{ item }}" with_items: - - region_config=no + - region_config={{ region_config }} - sw_version={{ software_version }} - vswitch_type=none diff --git a/playbookconfig/src/playbooks/bootstrap/roles/persist-config/tasks/update_sysinv_database.yml b/playbookconfig/src/playbooks/bootstrap/roles/persist-config/tasks/update_sysinv_database.yml index 448b804e1..e321710c9 100644 --- a/playbookconfig/src/playbooks/bootstrap/roles/persist-config/tasks/update_sysinv_database.yml +++ b/playbookconfig/src/playbooks/bootstrap/roles/persist-config/tasks/update_sysinv_database.yml @@ -77,12 +77,12 @@ # If this is initial play or replay with management and/or oam network # config change, must wait for the keystone endpoint runtime manifest -# to complete and restart sysinv agent and api. +# to complete - name: Wait for service endpoints reconfiguration to complete wait_for: path: /etc/platform/.service_endpoint_reconfigured state: present - timeout: 360 + timeout: 450 msg: Timeout waiting for service endpoints reconfiguration to complete - name: Wait for system controller database configuration to complete @@ -93,6 +93,22 @@ msg: Timeout waiting for system controller database configuration to complete when: distributed_cloud_role == 'systemcontroller' +- block: + - name: Update sysinv with new region name + replace: + path: /etc/sysinv/sysinv.conf + regexp: "region_name=.*$" + replace: "region_name={{ region_name }}" + + - name: Restart sysinv-agent and sysinv-api to pick up sysinv.conf update + command: "{{ item }}" + with_items: + - /etc/init.d/sysinv-agent restart + - /usr/lib/ocf/resource.d/platform/sysinv-api reload + environment: + OCF_ROOT: "/usr/lib/ocf" + when: distributed_cloud_role == 'subcloud' + - name: Set flag to mark the initial db population completed milestone file: path: "{{ initial_db_populated_flag }}" diff --git a/playbookconfig/src/playbooks/bootstrap/roles/persist-config/vars/main.yml b/playbookconfig/src/playbooks/bootstrap/roles/persist-config/vars/main.yml index b50f50841..7f7dbf717 100644 --- a/playbookconfig/src/playbooks/bootstrap/roles/persist-config/vars/main.yml +++ b/playbookconfig/src/playbooks/bootstrap/roles/persist-config/vars/main.yml @@ -5,3 +5,4 @@ minimum_root_disk_size: 240 default_security_feature: "nopti nospectre_v2" temp_ssl_ca: /tmp/ca_cert.pem ssl_ca_complete_flag: /etc/platform/.ssl_ca_complete +region_config: no diff --git a/playbookconfig/src/playbooks/bootstrap/roles/store-passwd/tasks/main.yml b/playbookconfig/src/playbooks/bootstrap/roles/store-passwd/tasks/main.yml index 2f179b89b..2b45927d7 100644 --- a/playbookconfig/src/playbooks/bootstrap/roles/store-passwd/tasks/main.yml +++ b/playbookconfig/src/playbooks/bootstrap/roles/store-passwd/tasks/main.yml @@ -134,3 +134,19 @@ state: absent when: mode == 'restore' + +- block: + - name: Store service passwords + vars: + script_content: | + import keyring + import os + os.environ['XDG_DATA_HOME'] = '/tmp' + keyring.set_password("{{ item.key }}", "services", "{{ item.value }}") + del os.environ['XDG_DATA_HOME'] + shell: "{{ script_content }}" + args: + executable: /usr/bin/python + no_log: true + loop: "{{ users|dict2items }}" + when: distributed_cloud_role == "subcloud" diff --git a/playbookconfig/src/playbooks/bootstrap/roles/store-passwd/vars/main.yml b/playbookconfig/src/playbooks/bootstrap/roles/store-passwd/vars/main.yml index 315bd3cd8..ad3701573 100644 --- a/playbookconfig/src/playbooks/bootstrap/roles/store-passwd/vars/main.yml +++ b/playbookconfig/src/playbooks/bootstrap/roles/store-passwd/vars/main.yml @@ -1,3 +1,7 @@ --- use_vault_credentials: false password_rules_file: /etc/keystone/password-rules.conf + +# This is a dictionary of service users to be configured in the subcloud. It +# is set automatically by dcmanager during the subcloud add operation +users: { } diff --git a/playbookconfig/src/playbooks/bootstrap/roles/validate-config/tasks/main.yml b/playbookconfig/src/playbooks/bootstrap/roles/validate-config/tasks/main.yml index 48541eb1d..bda0b53ee 100644 --- a/playbookconfig/src/playbooks/bootstrap/roles/validate-config/tasks/main.yml +++ b/playbookconfig/src/playbooks/bootstrap/roles/validate-config/tasks/main.yml @@ -5,7 +5,7 @@ # SPDX-License-Identifier: Apache-2.0 # # ROLE DESCRIPTION: -# This role is to validate amd save host (non secure) config. +# This role is to validate and save host (non secure) config. # - debug: @@ -13,6 +13,7 @@ - System mode is {{ system_mode }} - Timezone is {{ timezone }} - Distributed Cloud Role is {{ distributed_cloud_role }} + - Region name is {{ region_name }} - DNS servers is {{ dns_servers }} - PXE boot subnet is {{ pxeboot_subnet }} - Management subnet is {{ management_subnet }} @@ -53,10 +54,11 @@ - name: Validate distributed cloud role fail: - msg: "Invalid distributed cloud role. Valid values are: none or systemcontroller." + msg: "Invalid distributed cloud role. Valid values are: none, systemcontroller, or subcloud." when: > (distributed_cloud_role != 'none' and - distributed_cloud_role != 'systemcontroller') + distributed_cloud_role != 'systemcontroller' and + distributed_cloud_role != 'subcloud') - name: Validate system type if distributed cloud role is system controller fail: @@ -505,6 +507,7 @@ - "SYSTEM_MODE={{ system_mode }}" - "TIMEZONE={{ timezone }}" - "DISTRIBUTED_CLOUD_ROLE={{ distributed_cloud_role }}" + - "REGION_NAME={{ region_name }}" - "SW_VERSION={{ software_version }}" - "NAMESERVERS={{ dns_servers| join(',') }}" - "PXEBOOT_SUBNET={{ pxeboot_subnet }}" @@ -535,6 +538,8 @@ - "MANAGEMENT_MULTICAST_SUBNET={{ management_multicast_subnet }}" - "MANAGEMENT_MULTICAST_START_ADDRESS={{ address_pairs['multicast']['start'] }}" - "MANAGEMENT_MULTICAST_END_ADDRESS={{ address_pairs['multicast']['end'] }}" + - "SYSTEM_CONTROLLER_SUBNET={{ system_controller_subnet }}" + - "SYSTEM_CONTROLLER_FLOATING_ADDRESS={{ system_controller_floating_address }}" - "DOCKER_HTTP_PROXY={{ docker_http_proxy }}" - "DOCKER_HTTPS_PROXY={{ docker_https_proxy }}" - "DOCKER_NO_PROXY={{ docker_no_proxy_combined | join(',') }}" diff --git a/playbookconfig/src/playbooks/bootstrap/roles/validate-config/vars/main.yml b/playbookconfig/src/playbooks/bootstrap/roles/validate-config/vars/main.yml index d4c0c47f1..ae2233e10 100644 --- a/playbookconfig/src/playbooks/bootstrap/roles/validate-config/vars/main.yml +++ b/playbookconfig/src/playbooks/bootstrap/roles/validate-config/vars/main.yml @@ -10,3 +10,9 @@ minimum_ipv6_prefix_length: 64 private_pxeboot_subnet: 169.254.202.0/24 pxecontroller_floating_hostname: pxecontroller use_entire_pxeboot_subnet: true + +# These variables are only used for subcloud configuration and are set +# automatically by dcmanager +region_name: 'RegionOne' +system_controller_floating_address: none +system_controller_subnet: none