starlingx
/
config
Code Issues Proposed changes
config/playbookconfig/playbookconfig/playbooks/bootstrap/roles/prepare-env/tasks/main.yml

443 lines
17 KiB
YAML
Raw Blame History

---
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# ROLE DESCRIPTION:
# This role is to check the target host environment before proceeding to
# the next step.
#
# Check host connectivity, change password if provided
- block:
- name: Update SSH known hosts
lineinfile:
path: ~/.ssh/known_hosts
state: absent
regexp: '^{{ ansible_host }}'
delegate_to: localhost
- name: Check connectivity
local_action: command ping -c 1 {{ ansible_host }}
failed_when: false
register: ping_result
- name: Fail if host is unreachable
fail: msg='Host {{ ansible_host }} is unreachable!'
with_items:
- "{{ ping_result.stdout_lines|list }}"
when: ping_result.rc != 0 and item is search('100% packet loss')
- block:
- debug:
msg: "Changing the initial password.."
- name: Change initial password
expect:
echo: yes
command: "ssh {{ ansible_ssh_user }}@{{ ansible_host }}"
responses: "{{ password_change_responses }}"
failed_when: false
delegate_to: localhost
rescue:
# Initial password has been changed and the user forgot to exclude
# password_change option in the command line for the replay.
- debug:
msg: "Password has already been changed"
when: change_password
when: inventory_hostname != 'localhost'
# Check for one of unmistakenly StarlingX packages
- name: "Look for unmistakenly {{ image_brand }} package"
command: rpm -q controllerconfig
args:
warn: false
failed_when: false
register: controllerconfig_installed
- name: Fail if host is not running the right image
fail: msg='Host {{ ansible_host }} does not have the right image!.'
when: controllerconfig_installed.rc > 0
# Bail if the host has been unlocked
- name: Check initial config flag
stat:
path: /etc/platform/.initial_config_complete
register: initial_config_complete
- block:
- name: Set skip_play flag for host
set_fact:
skip_play: true
- name: Skip remaining tasks if host is already unlocked
debug: msg="Host {{ ansible_host }} has been unlocked. There's nothing to play!"
- name: Stop playing if this is the only target host
meta: end_play
when: play_hosts | length == 1
when: initial_config_complete.stat.exists
# Proceed only if skip_play flag is not turned on
- block:
#- name: Disable SSH timeout
# lineinfile:
# path: /etc/profile.d/custom.sh
# regexp: "export TMOUT*"
# line: "export TMOUT=0"
# The following parameters should exist in default.yml. If any of them is
# not available, the file is invalid.
- name: Fail if any of the mandatory configurations are not defined
fail:
msg: "Mandatory configuration parameter {{ item }} is not defined."
when: item is not defined
with_items:
- system_mode
- timezone
- pxeboot_subnet
- management_subnet
- cluster_host_subnet
- cluster_pod_subnet
- cluster_service_subnet
- external_oam_subnet
- external_oam_gateway_address
- external_oam_floating_address
- management_multicast_subnet
- dynamic_address_allocation
- dns_servers
- docker_registries
- admin_username
- admin_password
- override_files_dir
- name: Set initial address facts if not defined. They will be updated later
set_fact:
pxeboot_start_address: "{{ pxeboot_start_address | default('derived') }}"
pxeboot_end_address: "{{ pxeboot_end_address | default('derived') }}"
management_start_address: "{{ management_start_address | default('derived') }}"
management_end_address: "{{ management_end_address | default('derived') }}"
cluster_host_start_address: "{{ cluster_host_start_address | default('derived') }}"
cluster_host_end_address: "{{ cluster_host_end_address | default('derived') }}"
cluster_pod_start_address: "{{ cluster_pod_start_address | default('derived') }}"
cluster_pod_end_address: "{{ cluster_pod_end_address | default('derived') }}"
cluster_service_start_address: "{{ cluster_service_start_address | default('derived') }}"
cluster_service_end_address: "{{ cluster_service_end_address | default('derived') }}"
external_oam_start_address: "{{ external_oam_start_address | default('derived') }}"
external_oam_end_address: "{{ external_oam_end_address | default('derived') }}"
management_multicast_start_address: "{{ management_multicast_start_address | default('derived') }}"
management_multicast_end_address: "{{ management_multicast_end_address | default('derived') }}"
external_oam_node_0_address: "{{ external_oam_node_0_address | default('derived') }}"
external_oam_node_1_address: "{{ external_oam_node_1_address | default('derived') }}"
- name: Set docker registries to default values if not specified
set_fact:
docker_registries:
- k8s.gcr.io
- gcr.io
- quay.io
- docker.io
when: docker_registries is none
- name: Initialize some flags to be used in subsequent roles/tasks
set_fact:
reconfigured: false
system_config_update: false
network_config_update: false
docker_config_update: false
save_password: true
save_config: true
use_docker_proxy: false
use_unified_registry: false
restart_services: false
reconfigure_endpoints: false
- name: Set initial facts
set_fact:
system_params:
'system_mode': "{{ system_mode }}"
'timezone': "{{ timezone }}"
root_disk_size: "{{ standard_root_disk_size }}"
root_disk_idx: 0
localhost_name_ip_mapping: "127.0.0.1\tlocalhost\tlocalhost.localdomain localhost4 localhost4.localdomain4"
network_params:
'pxeboot_subnet': "{{ pxeboot_subnet }}"
'management_subnet': "{{ management_subnet }}"
'cluster_host_subnet': "{{ cluster_host_subnet }}"
'cluster_pod_subnet': "{{ cluster_pod_subnet }}"
'cluster_service_subnet': "{{ cluster_service_subnet }}"
'external_oam_subnet': "{{ external_oam_subnet }}"
'external_oam_gateway_address': "{{ external_oam_gateway_address }}"
'external_oam_floating_address': "{{ external_oam_floating_address }}"
'management_multicast_subnet': "{{ management_multicast_subnet }}"
# Set this placeholder here to workaround an Ansible quirk
derived_network_params:
place_holder: place_holder
last_bootstrap_config_file: "{{ last_bootstrap_config_file }}"
- name: Turn on use_docker_proxy flag
set_fact:
use_docker_proxy: true
when: (docker_http_proxy is defined and docker_http_proxy is not none) or
(docker_https_proxy is defined and docker_https_proxy is not none)
- name: Set default values for docker proxies if not defined
set_fact:
docker_http_proxy: "{{ docker_http_proxy | default('undef') }}"
docker_https_proxy: "{{ docker_https_proxy | default('undef') }}"
docker_no_proxy: "{{ docker_no_proxy | default([]) }}"
- name: Retrieve software version number
# lookup module does not work with /etc/build.info as it does not have ini
# format. Resort to shell source.
shell: source /etc/build.info; echo $SW_VERSION
register: sw_version_result
- name: Fail if software version is not defined
fail:
msg: "SW_VERSION is missing in /etc/build.info"
when: sw_version_result.stdout_lines|length == 0
- name: Retrieve system type
shell: source /etc/platform/platform.conf; echo $system_type
register: system_type_result
- name: Fail if system type is not defined
fail:
msg: "system_type is missing in /etc/platform/platform.conf"
when: system_type_result.stdout_lines|length == 0
- name: Set software version, system type config path facts
set_fact:
software_version: "{{ sw_version_result.stdout_lines[0] }}"
system_type: "{{ system_type_result.stdout_lines[0] }}"
- name: Set config path facts
set_fact:
keyring_permdir: "{{ platform_path + '/.keyring/' + software_version }}"
config_permdir: "{{ platform_path + '/config/' + software_version }}"
puppet_permdir: "{{ platform_path + '/puppet/' + software_version }}"
- name: Check Docker status
command: systemctl status docker
failed_when: false
register: docker
- name: Look for openrc file
stat:
path: /etc/platform/openrc
register: openrc_file
- name: Turn on replayed flag
set_fact:
replayed: true
when: openrc_file.stat.exists and docker.rc == 0
- block:
- name: Check if the controller-0 host has been successfully provisioned
shell: source /etc/platform/openrc; system host-list|grep controller-0
failed_when: false
register: host_check
- block: # system has been configured
- name: Set flag to indicate that this host has been previously configured
set_fact:
reconfigured: true
- name: Find previous config file for this host
stat:
path: "{{ last_bootstrap_config_file }}"
register: last_config_file
- block:
# Currently Ansible include_vars only works with local file
- name: Fetch previous config file from this host
fetch:
src: "{{ last_bootstrap_config_file }}"
dest: /tmp/
flat: yes
when: inventory_hostname != 'localhost'
- name: Read in last config values
include_vars:
file: "{{ last_bootstrap_config_file }}"
- name: Turn on system attributes reconfiguration flag
set_fact:
system_config_update: true
when: (prev_system_mode != system_mode) or
(prev_timezone != timezone) or
(prev_dns_servers.split(',') | sort != dns_servers | sort)
- name: Turn on docker reconfiguration flag if docker config is changed
set_fact:
docker_config_update: true
when: (prev_docker_registries.split(',') | sort != docker_registries | sort) or
((use_docker_proxy) and
(prev_docker_http_proxy != docker_http_proxy or
prev_docker_https_proxy != docker_https_proxy or
prev_docker_no_proxy != docker_no_proxy))
- name: Turn on service endpoints reconfiguration flag if management and/or oam network config is changed
set_fact:
reconfigure_endpoints: true
when: (prev_management_subnet != management_subnet) or
(prev_management_start_address != management_start_address) or
(prev_external_oam_subnet != external_oam_subnet) or
(prev_external_oam_gateway_address != external_oam_gateway_address) or
(prev_external_oam_floating_address != external_oam_floating_address) or
(prev_external_oam_start_address != external_oam_start_address) or
(prev_external_oam_end_address != external_oam_end_address) or
(prev_external_oam_node_0_address != external_oam_node_0_address) or
(prev_external_oam_node_1_address != external_oam_node_1_address)
- name: Turn on network reconfiguration flag if any of the network related config is changed
set_fact:
network_config_update: true
when: reconfigure_endpoints or
(prev_dynamic_address_allocation != dynamic_address_allocation) or
(prev_management_end_address != management_end_address) or
(prev_pxeboot_subnet != pxeboot_subnet) or
(prev_pxeboot_start_address != pxeboot_start_address) or
(prev_pxeboot_end_address != pxeboot_end_address) or
(prev_management_multicast_subnet != management_multicast_subnet) or
(prev_management_multicast_start_address != management_multicast_start_address) or
(prev_management_multicast_end_address != management_multicast_end_address) or
(prev_cluster_host_subnet != cluster_host_subnet) or
(prev_cluster_host_start_address != cluster_host_start_address) or
(prev_cluster_host_end_address != cluster_host_end_address) or
(prev_cluster_pod_subnet != cluster_pod_subnet) or
(prev_cluster_pod_start_address != cluster_pod_start_address) or
(prev_cluster_pod_end_address != cluster_pod_end_address) or
(prev_cluster_service_subnet != cluster_service_subnet) or
(prev_cluster_service_start_address != cluster_service_start_address) or
(prev_cluster_service_end_address != cluster_service_end_address)
- name: Turn on restart services flag if management/oam/cluster network or docker config is changed
set_fact:
restart_services: true
when: reconfigure_endpoints or
docker_config_update or
(prev_cluster_host_subnet != cluster_host_subnet) or
(prev_cluster_pod_subnet != cluster_pod_subnet) or
(prev_cluster_service_subnet != cluster_service_subnet)
# Re-evaluate the condition to generate the python keyring
- name: Turn off save_password flag if admin password has not changed
set_fact:
save_password: false
username: "{{ prev_admin_username }}"
password: "{{ prev_admin_password }}"
# TODO(tngo): there seems to be a puppet/sysinv limitation that prevents password
# reconfiguration to work without an extra boot. Temporarily disable
# it for replay for now.
when: prev_admin_password == admin_password|hash('sha1')
or replayed
# Re-evaluate condition to persist config data to sysinv database
- name: Turn off save_config flag if system, network, and docker configurations have not changed
set_fact:
save_config: false
when: not system_config_update and
not network_config_update and
not docker_config_update
- block:
- debug:
msg: "Configurations are unchanged. There's nothing to play!"
- name: Stop playing if this is the only target host
meta: end_play
when: play_hosts|length == 1
- name: Turn on skip_play flag
set_fact:
skip_play: true
when: not save_password and not save_config
when: last_config_file.stat.exists
when: host_check.rc == 0
when: replayed # bootstrap manifest has been applied
- name: Check volume groups
command: vgdisplay cgts-vg
register: vg_result
failed_when: false
- name: Fail if volume groups are not configured
fail: msg='Volume groups not configured.'
when: vg_result.rc != 0
- name: Check size of root disk
script: check_root_disk_size.py {{ standard_root_disk_size }}
register: disk_size_check_result
failed_when: false
# Workaround an Ansible quirk
- name: Update root disk index for remote play
set_fact:
root_disk_idx: "{{ root_disk_idx + 1 }}"
when: ansible_connection != "local"
- name: Set root disk and root disk size facts
set_fact:
root_disk: "{{ disk_size_check_result.stdout_lines[root_disk_idx|int] }}"
root_disk_size: "{{ disk_size_check_result.stdout_lines[root_disk_idx|int + 1] }}"
- debug:
msg: >-
[WARNING]: Root disk {{ root_disk }} size is {{ root_disk_size }}GB which is
less than the standard size of {{ standard_root_disk_size }}GB. Please consult
the Software Installation Guide for details.
when: disk_size_check_result.rc != 0
- name: Look for branding tar file
find:
paths: /opt/branding
patterns: '*.tgz'
register: find_tar_result
- name: Fail if there are more than one branding tar files
fail:
msg: >-
Only one branding tarball is permitted in /opt/branding. Refer to
the branding readme in the SDK.
when: find_tar_result.matched > 1
- name: Look for other branding files
find:
paths: /opt/branding
excludes: '*.tgz,applied,horizon-region-exclusions.csv'
register: find_result
- name: Fail if the branding filename is not valid
fail:
msg: >
{{ find_result.files[0].path }} is not a valid branding
filename. Refer to the branding readme in the SDK.
when: find_result.matched > 0
- name: Mark environment as Ansible bootstrap
file:
path: /var/run/.ansible_bootstrap
state: touch
- debug:
msg: >-
system_config_update flag: {{ system_config_update }},
network_config_update flag: {{ network_config_update }},
docker_config_update flag: {{ docker_config_update }},
restart_services flag: {{ restart_services }},
endpoints_reconfiguration_flag: {{ reconfigure_endpoints }},
save_password flag: {{ save_password }},
save_config flag: {{ save_config }},
skip_play flag: {{ skip_play }}
when: not skip_play
View Git Blame Copy Permalink