vexxhost
/
ansible-collection-atmosphere
Code Issues Proposed changes

Add ansible-lint job 

Sem-Ver: feature
Change-Id: I58c32382b8122c8e56e71c601c64dad411dbb687
This commit is contained in:
Mohammed Naser 2022-03-17 17:54:10 -04:00
parent 498593aa86
commit 511c3fa653
50 changed files with 504 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
releasenotes/notes/add-ansible-lint-c1e961c2fb88dbc7.yaml Normal file
View File

@ -0,0 +1,3 @@
---
features:
- Added ``ansible-lint`` to all of the playbooks and roles.

10
roles/ceph_csi_rbd/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for Ceph CSI RBD
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

19
roles/ceph_csi_rbd/tasks/main.yml
View File

@ -12,7 +12,7 @@
# License for the specific language governing permissions and limitations
# under the License.
- name: collect facts for all monitors
- name: Collect facts for all monitors
run_once: true
delegate_to: "{{ item }}"
delegate_facts: true
@ -20,28 +20,33 @@
gather_subset: network
loop: "{{ groups[ceph_csi_rbd_mons_group] }}"
- vexxhost.atmosphere.ceph_pool:
- name: Create Ceph pool
vexxhost.atmosphere.ceph_pool:
name: "{{ ceph_csi_rbd_pool }}"
application: rbd
pg_autoscale_mode: on
pg_autoscale_mode: "on"
- vexxhost.atmosphere.ceph_key:
- name: Create {{ ceph_csi_rbd_user }} user
vexxhost.atmosphere.ceph_key:
name: "{{ ceph_csi_rbd_user }}"
caps:
mon: profile rbd
mgr: profile rbd pool={{ ceph_csi_rbd_pool }}
osd: profile rbd pool={{ ceph_csi_rbd_pool }}
- vexxhost.atmosphere.ceph_key:
- name: Retrieve {{ ceph_csi_rbd_user }} keyring
vexxhost.atmosphere.ceph_key:
name: "{{ ceph_csi_rbd_user }}"
state: info
output_format: json
register: _ceph_key
- ansible.builtin.set_fact:
- name: Store keyring inside fact
ansible.builtin.set_fact:
_ceph_rbd_csi_ceph_keyring: "{{ _ceph_key.stdout | from_json | first }}"
- kubernetes.core.helm:
- name: Deploy Helm chart
kubernetes.core.helm:
name: ceph-csi-rbd
chart_ref: ceph/ceph-csi-rbd
chart_version: 3.5.1

22
roles/ceph_mgr/tasks/main.yml
View File

@ -21,22 +21,30 @@
ansible.builtin.file:
path: "/var/lib/ceph/mgr/ceph-{{ inventory_hostname_short }}"
state: directory
owner: ceph
group: ceph
mode: 0700
- name: create mgr keyring
ansible.builtin.shell: |
ceph auth get-or-create mgr.{{ inventory_hostname_short }} mon 'allow profile mgr' osd 'allow *' mds 'allow *' > /var/lib/ceph/mgr/ceph-{{ inventory_hostname_short }}/keyring
args:
creates: "/var/lib/ceph/mgr/ceph-{{ inventory_hostname_short }}/keyring"
- name: Create Ceph manager keyring
vexxhost.atmosphere.ceph_key:
name: "mgr.{{ inventory_hostname_short }}"
dest: "/var/lib/ceph/mgr/ceph-{{ inventory_hostname_short }}/keyring"
caps:
mon: allow profile mgr
osd: allow *
mds: allow *
owner: ceph
group: ceph
- name: ensure permissions are fixed
ansible.builtin.file:
path: "/var/lib/ceph/mon/ceph-{{ inventory_hostname_short }}"
owner: ceph
group: ceph
recurse: yes
recurse: true
- name: enable and start service
ansible.builtin.service:
name: "ceph-mgr@{{ inventory_hostname_short }}"
state: started
enabled: yes
enabled: true

53
roles/ceph_mon/tasks/bootstrap-ceph.yml
View File

@ -12,45 +12,68 @@
# License for the specific language governing permissions and limitations
# under the License.
# TODO(mnaser): Move to using vexxhost.atmosphere.ceph_key
- name: create monitor keyring
ansible.builtin.shell: |
ceph-authtool --create-keyring /tmp/ceph.mon.keyring --gen-key -n mon. --cap mon 'allow *'
ansible.builtin.command:
ceph-authtool --gen-key --create-keyring
--name mon.
--cap mon 'allow *'
/tmp/ceph.mon.keyring
args:
creates: /tmp/ceph.mon.keyring
when:
- inventory_hostname == groups[ceph_mon_group][0]
# TODO(mnaser): Move to using vexxhost.atmosphere.ceph_key
- name: create admin keyring
ansible.builtin.shell: |
ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring --gen-key -n client.admin --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *' --cap mgr 'allow *'
ansible.builtin.command:
ceph-authtool --gen-key --create-keyring
--name client.admin
--cap mon 'allow *'
--cap osd 'allow *'
--cap mds 'allow *'
--cap mgr 'allow *'
/etc/ceph/ceph.client.admin.keyring
args:
creates: /etc/ceph/ceph.client.admin.keyring
when:
- inventory_hostname == groups[ceph_mon_group][0]
# TODO(mnaser): Move to using vexxhost.atmosphere.ceph_key
- name: create bootstrap-osd keyring
ansible.builtin.shell: |
ceph-authtool --create-keyring /var/lib/ceph/bootstrap-osd/ceph.keyring --gen-key -n client.bootstrap-osd --cap mon 'profile bootstrap-osd' --cap mgr 'allow r'
ansible.builtin.command:
ceph-authtool --gen-key --create-keyring
--name client.bootstrap-osd
--cap mon 'profile bootstrap-osd'
--cap mgr 'allow r'
/var/lib/ceph/bootstrap-osd/ceph.keyring
args:
creates: /var/lib/ceph/bootstrap-osd/ceph.keyring
when:
- inventory_hostname == groups[ceph_mon_group][0]
# TODO(mnaser): Move to using vexxhost.atmosphere.ceph_key
- name: add admin keyring to monitor
ansible.builtin.shell: |
ceph-authtool /tmp/ceph.mon.keyring --import-keyring /etc/ceph/ceph.client.admin.keyring
ansible.builtin.command:
ceph-authtool --import-keyring /etc/ceph/ceph.client.admin.keyring
/tmp/ceph.mon.keyring
when:
- inventory_hostname == groups[ceph_mon_group][0]
# TODO(mnaser): Move to using vexxhost.atmosphere.ceph_key
- name: add bootstrap-osd keyring to monitor
ansible.builtin.shell: |
ceph-authtool /tmp/ceph.mon.keyring --import-keyring /var/lib/ceph/bootstrap-osd/ceph.keyring
ansible.builtin.command:
ceph-authtool --import-keyring /var/lib/ceph/bootstrap-osd/ceph.keyring
/tmp/ceph.mon.keyring
when:
- inventory_hostname == groups[ceph_mon_group][0]
- name: create monmap
ansible.builtin.shell: |
monmaptool --create --add {{ inventory_hostname_short }} {{ ceph_mon_ip_address }} --fsid {{ ceph_mon_fsid }} /tmp/monmap
ansible.builtin.command:
monmaptool --create
--fsid {{ ceph_mon_fsid }}
--add {{ inventory_hostname_short }} {{ ceph_mon_ip_address }}
/tmp/monmap
args:
creates: /tmp/monmap
when:
@ -60,6 +83,9 @@
ansible.builtin.file:
path: "/var/lib/ceph/mon/ceph-{{ inventory_hostname_short }}"
state: directory
owner: ceph
group: ceph
mode: 0700
when:
- inventory_hostname == groups[ceph_mon_group][0]
@ -69,6 +95,9 @@
section: global
option: mon initial members
value: "{{ inventory_hostname_short }}"
owner: ceph
group: ceph
mode: 0640
- name: start monitor
ansible.builtin.include_tasks: start-monitor.yml

11
roles/ceph_mon/tasks/main.yml
View File

@ -18,7 +18,7 @@
install_recommends: false
- name: set ceph monitor ip address
set_fact:
ansible.builtin.set_fact:
ceph_mon_ip_address: "{{ ansible_default_ipv4.address }}"
- name: generate basic configuration file
@ -27,6 +27,9 @@
section: global
option: "{{ item.option }}"
value: "{{ item.value }}"
owner: ceph
group: ceph
mode: 0640
loop:
- option: fsid
value: "{{ ceph_mon_fsid }}"
@ -70,12 +73,12 @@
when: inventory_hostname != _ceph_mon_bootstrap_node
- name: get monitor keyring
ansible.builtin.shell: ceph auth get mon. -o /tmp/ceph.mon.keyring
ansible.builtin.command: ceph auth get mon. -o /tmp/ceph.mon.keyring
changed_when: false
when: inventory_hostname != _ceph_mon_bootstrap_node
- name: get monmap keyring
ansible.builtin.shell: ceph mon getmap -o /tmp/monmap
ansible.builtin.command: ceph mon getmap -o /tmp/monmap
changed_when: false
when: inventory_hostname != _ceph_mon_bootstrap_node
@ -84,6 +87,6 @@
when: inventory_hostname != _ceph_mon_bootstrap_node
- name: enable msgr2
ansible.builtin.shell: ceph mon enable-msgr2
ansible.builtin.command: ceph mon enable-msgr2
changed_when: false
when: inventory_hostname == _ceph_mon_bootstrap_node

7
roles/ceph_mon/tasks/start-monitor.yml
View File

@ -23,7 +23,7 @@
path: "/var/lib/ceph/mon/ceph-{{ inventory_hostname_short }}"
owner: ceph
group: ceph
recurse: yes
recurse: true
# NOTE(mnaser): https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1917414/comments/30
- name: workaround for aarch64 systems
@ -32,6 +32,9 @@
section: Service
option: MemoryDenyWriteExecute
value: false
owner: ceph
group: ceph
mode: 0644
register: _ceph_aarch64_fix
when: ansible_architecture == 'aarch64'
@ -39,5 +42,5 @@
ansible.builtin.service:
name: "ceph-mon@{{ inventory_hostname_short }}"
state: started
enabled: yes
enabled: true
daemon_reload: "{{ _ceph_aarch64_fix.changed }}"

17
roles/ceph_osd/tasks/main.yml
View File

@ -21,7 +21,7 @@
delegate_to: "{{ groups[ceph_osd_mons_group][0] }}"
register: _ceph_fsid
changed_when: false
ansible.builtin.shell: ceph fsid
ansible.builtin.command: ceph fsid
- name: collect facts for all monitors
delegate_to: "{{ item }}"
@ -37,6 +37,9 @@
section: global
option: "{{ item.option }}"
value: "{{ item.value }}"
owner: ceph
group: ceph
mode: 0640
loop:
- option: fsid
value: "{{ _ceph_fsid.stdout | trim }}"
@ -47,18 +50,24 @@
delegate_to: "{{ groups[ceph_osd_mons_group][0] }}"
register: _ceph_bootstrap_osd_keyring
changed_when: false
ansible.builtin.shell: ceph auth get client.bootstrap-osd
ansible.builtin.command: ceph auth get client.bootstrap-osd
- name: install bootstrap-osd keyring
ansible.builtin.copy:
content: "{{ _ceph_bootstrap_osd_keyring.stdout }}\n"
dest: /var/lib/ceph/bootstrap-osd/ceph.keyring
owner: ceph
group: ceph
mode: 0640
- name: workaround to allow usage of loop devices
ansible.builtin.replace:
path: /usr/lib/python3/dist-packages/ceph_volume/util/disk.py
regexp: "'mpath']"
replace: "'mpath', 'loop']"
owner: ceph
group: ceph
mode: 0640
when: molecule | default(false)
# NOTE(mnaser): https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1917414/comments/30
@ -68,6 +77,9 @@
section: Service
option: MemoryDenyWriteExecute
value: false
owner: ceph
group: ceph
mode: 0644
register: _ceph_aarch64_fix
when: ansible_architecture == 'aarch64'
@ -83,5 +95,6 @@
loop: "{{ ceph_osd_devices }}"
- name: create osds for volumes which are not setup
changed_when: true
ansible.builtin.command: /usr/sbin/ceph-volume lvm create --data {{ item }}
loop: "{{ _ceph_osd_check.results | selectattr('rc', 'equalto', 1) | map(attribute='item') }}"

10
roles/cert_manager/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for cert-manager
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

10
roles/cilium/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for Cilium
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

8
roles/containerd/tasks/main.yml
View File

@ -28,6 +28,9 @@
ansible.builtin.file:
path: /etc/containerd
state: directory
owner: root
group: root
mode: 0755
notify:
- Restart containerd
@ -35,11 +38,14 @@
ansible.builtin.template:
src: config.toml.j2
dest: /etc/containerd/config.toml
owner: root
group: root
mode: 0644
notify:
- Restart containerd
- name: Force any restarts if necessary
meta: flush_handlers
ansible.builtin.meta: flush_handlers
- name: Enable and start service
ansible.builtin.service:

10
roles/helm_repository/meta/main.yml
View File

@ -12,5 +12,15 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for managing Helm repositories
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- helm

10
roles/ingress_nginx/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for ingress-nginx
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

10
roles/kube_prometheus_stack/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for kube-prometheus-stack
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

35
roles/kube_prometheus_stack/tasks/main.yml
View File

@ -12,19 +12,23 @@
# License for the specific language governing permissions and limitations
# under the License.
- ansible.builtin.slurp:
- name: Retrieve "etcd" CA certificate
ansible.builtin.slurp:
src: /etc/kubernetes/pki/etcd/ca.crt
register: _etcd_ca_crt
- ansible.builtin.slurp:
- name: Retrieve "etcd" client certificate
ansible.builtin.slurp:
src: /etc/kubernetes/pki/etcd/healthcheck-client.crt
register: _etcd_healthcheck_client_crt
- ansible.builtin.slurp:
- name: Retrieve "etcd" client key
ansible.builtin.slurp:
src: /etc/kubernetes/pki/etcd/healthcheck-client.key
register: _etcd_healthcheck_client_key
- kubernetes.core.helm:
- name: Deploy Helm chart
kubernetes.core.helm:
name: kube-prometheus-stack
chart_ref: prometheus-community/kube-prometheus-stack
chart_version: 30.2.0
@ -183,12 +187,18 @@
labels:
severity: critical
- alert: CoreDNSErrorsHigh
expr: sum(rate(coredns_dns_responses_total{job="coredns",rcode="SERVFAIL"}[5m])) / sum(rate(coredns_dns_responses_total{job="coredns"}[5m])) > 0.01
expr:
sum(rate(coredns_dns_responses_total{job="coredns",rcode="SERVFAIL"}[5m]))
/
sum(rate(coredns_dns_responses_total{job="coredns"}[5m])) > 0.01
for: 10m
labels:
severity: warning
- alert: CoreDNSErrorsHigh
expr: sum(rate(coredns_dns_responses_total{job="coredns",rcode="SERVFAIL"}[5m])) / sum(rate(coredns_dns_responses_total{job="coredns"}[5m])) > 0.03
expr:
sum(rate(coredns_dns_responses_total{job="coredns",rcode="SERVFAIL"}[5m]))
/
sum(rate(coredns_dns_responses_total{job="coredns"}[5m])) > 0.03
for: 10m
labels:
severity: critical
@ -200,12 +210,18 @@
labels:
severity: critical
- alert: CoreDNSForwardErrorsHigh
expr: sum(rate(coredns_forward_responses_total{job="coredns",rcode="SERVFAIL"}[5m])) / sum(rate(coredns_forward_responses_total{job="coredns"}[5m])) > 0.01
expr:
sum(rate(coredns_forward_responses_total{job="coredns",rcode="SERVFAIL"}[5m]))
/
sum(rate(coredns_forward_responses_total{job="coredns"}[5m])) > 0.01
for: 10m
labels:
severity: warning
- alert: CoreDNSForwardErrorsHigh
expr: sum(rate(coredns_forward_responses_total{job="coredns",rcode="SERVFAIL"}[5m])) / sum(rate(coredns_forward_responses_total{job="coredns"}[5m])) > 0.03
expr:
sum(rate(coredns_forward_responses_total{job="coredns",rcode="SERVFAIL"}[5m]))
/
sum(rate(coredns_forward_responses_total{job="coredns"}[5m])) > 0.03
for: 10m
labels:
severity: critical
@ -256,7 +272,8 @@
labels:
severity: critical
- kubernetes.core.k8s:
- name: Create Secret with "etcd" TLS certificates
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1

34
roles/kubernetes/files/haproxy.yaml
View File

@ -5,23 +5,23 @@ metadata:
namespace: kube-system
spec:
containers:
- image: haproxy:2.5
name: haproxy
livenessProbe:
failureThreshold: 8
httpGet:
host: localhost
path: /healthz
port: 6443
scheme: HTTPS
volumeMounts:
- mountPath: /usr/local/etc/haproxy/haproxy.cfg
name: haproxyconf
readOnly: true
- image: haproxy:2.5
name: haproxy
livenessProbe:
failureThreshold: 8
httpGet:
host: localhost
path: /healthz
port: 6443
scheme: HTTPS
volumeMounts:
- mountPath: /usr/local/etc/haproxy/haproxy.cfg
name: haproxyconf
readOnly: true
hostNetwork: true
volumes:
- hostPath:
path: /etc/haproxy/haproxy.cfg
type: FileOrCreate
name: haproxyconf
- hostPath:
path: /etc/haproxy/haproxy.cfg
type: FileOrCreate
name: haproxyconf
status: {}

42
roles/kubernetes/files/keepalived.yaml
View File

@ -6,27 +6,27 @@ metadata:
namespace: kube-system
spec:
containers:
- name: keepalived
image: us-docker.pkg.dev/vexxhost-infra/openstack/keepalived:2.0.19
command: ["keepalived", "-f", "/etc/keepalived/keepalived.conf", "--dont-fork", "--log-console", "--log-detail", "--dump-conf"]
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_BROADCAST
- NET_RAW
volumeMounts:
- mountPath: /etc/keepalived/keepalived.conf
name: config
- mountPath: /etc/keepalived/check_apiserver.sh
name: check
- name: keepalived
image: us-docker.pkg.dev/vexxhost-infra/openstack/keepalived:2.0.19
command: ["keepalived", "-f", "/etc/keepalived/keepalived.conf", "--dont-fork", "--log-console", "--log-detail", "--dump-conf"]
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_BROADCAST
- NET_RAW
volumeMounts:
- mountPath: /etc/keepalived/keepalived.conf
name: config
- mountPath: /etc/keepalived/check_apiserver.sh
name: check
hostNetwork: true
volumes:
- hostPath:
path: /etc/keepalived/keepalived.conf
name: config
- hostPath:
path: /etc/keepalived/check_apiserver.sh
name: check
- hostPath:
path: /etc/keepalived/keepalived.conf
name: config
- hostPath:
path: /etc/keepalived/check_apiserver.sh
name: check
status: {}

10
roles/kubernetes/meta/main.yml
View File

@ -12,5 +12,15 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for Kubernetes
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: containerd

5
roles/kubernetes/tasks/bootstrap-cluster.yml
View File

@ -20,7 +20,7 @@
register: _kubernetes_stat
loop: "{{ groups[kubernetes_control_plane_group] }}"
delegate_to: "{{ item }}"
delegate_facts: True
delegate_facts: true
- name: Pick node from pre-existing cluster
ansible.builtin.set_fact:
@ -40,6 +40,9 @@
ansible.builtin.template:
src: kubeadm.yaml.j2
dest: /etc/kubernetes/kubeadm.yaml
owner: root
group: root
mode: 0640
when: inventory_hostname == _kubernetes_bootstrap_node
- name: Initialize cluster

23
roles/kubernetes/tasks/control-plane.yml
View File

@ -18,10 +18,16 @@
ansible.builtin.file:
dest: /etc/keepalived
state: directory
owner: root
group: root
mode: 0755
- name: Upload configuration
ansible.builtin.template:
src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
owner: root
group: root
mode: 0644
- name: Upload health check
ansible.builtin.template:
src: check_apiserver.sh.j2
@ -31,6 +37,9 @@
ansible.builtin.copy:
src: keepalived.yaml
dest: /etc/kubernetes/manifests/keepalived.yaml
owner: root
group: root
mode: 0644
- name: Upload configuration for HAproxy
block:
@ -38,14 +47,23 @@
ansible.builtin.file:
dest: /etc/haproxy
state: directory
owner: root
group: root
mode: 0755
- name: Upload configuration
ansible.builtin.template:
src: haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
owner: root
group: root
mode: 0644
- name: Upload Kubernetes manifest
ansible.builtin.copy:
src: haproxy.yaml
dest: /etc/kubernetes/manifests/haproxy.yaml
owner: root
group: root
mode: 0644
- name: Bootstrap cluster
include_tasks: bootstrap-cluster.yml
@ -54,6 +72,9 @@
ansible.builtin.file:
path: /root/.kube
state: directory
owner: root
group: root
mode: 0750
- name: copy admin configuration file
ansible.builtin.copy:
@ -75,7 +96,7 @@
run_once: true
ansible.builtin.shell: |
kubectl taint nodes --all node-role.kubernetes.io/master-
ignore_errors: true
failed_when: false
changed_when: false
- name: Add labels to control plane nodes

6
roles/kubernetes/tasks/join-cluster.yml
View File

@ -20,8 +20,7 @@
- name: Generate control-plane certificates for joining cluster
run_once: true
delegate_to: "{{ _kubernetes_bootstrap_node | default(groups[kubernetes_control_plane_group][0]) }}"
ansible.builtin.shell: |
kubeadm init phase upload-certs --upload-certs 2>/dev/null | grep -v upload-certs
ansible.builtin.command: kubeadm init phase upload-certs --upload-certs
changed_when: false
register: _kubeadm_init_upload_certs
when:
@ -50,6 +49,9 @@
ansible.builtin.template:
src: kubeadm.yaml.j2
dest: /etc/kubernetes/kubeadm.yaml
owner: root
group: root
mode: 0640
when:
- not _stat_etc_kubernetes_kubelet_conf.stat.exists

13
roles/kubernetes/tasks/main.yml
View File

@ -16,12 +16,20 @@
ansible.builtin.copy:
src: apt-key.gpg
dest: /usr/share/keyrings/kubernetes-archive-keyring.gpg
owner: root
group: root
mode: 0644
when:
- kubernetes_repo_url == _kubernetes_upstream_apt_repository
- name: Add repository
ansible.builtin.apt_repository:
repo: "deb {% if kubernetes_repo_url == _kubernetes_upstream_apt_repository %}[signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg]{% endif %} {{ kubernetes_repo_url }} kubernetes-xenial main"
repo:
deb
{% if kubernetes_repo_url == _kubernetes_upstream_apt_repository %}[signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg]{% endif %}
{{ kubernetes_repo_url }}
kubernetes-xenial
main
state: present
- name: Setup version pins
@ -43,6 +51,9 @@
ansible.builtin.template:
src: modules-load.conf.j2
dest: /etc/modules-load.d/k8s.conf
owner: root
group: root
mode: 0644
- name: Enable kernel modules in runtime
community.general.modprobe:

2
roles/kubernetes/tasks/nodes.yml
View File

@ -13,7 +13,7 @@
# under the License.
- name: Check if Kubernetes is already deployed
stat:
ansible.builtin.stat:
path: /etc/kubernetes/kubelet.conf
register: _kubernetes_kubelet

2
roles/kubernetes/templates/kubeadm.yaml.j2
View File

@ -26,7 +26,7 @@ discovery:
controlPlane:
localAPIEndpoint:
bindPort: 16443
certificateKey: {{ _kubeadm_init_upload_certs.stdout | trim }}
certificateKey: {{ _kubeadm_init_upload_certs.stdout_lines[-1] | trim }}
{% endif %}
{% endif %}
---

10
roles/node_feature_discovery/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for node-feature-discovery
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

3
roles/node_feature_discovery/tasks/main.yml
View File

@ -12,7 +12,8 @@
# License for the specific language governing permissions and limitations
# under the License.
- kubernetes.core.helm:
- name: Deploy Helm chart
kubernetes.core.helm:
name: node-feature-discovery
chart_ref: node-feature-discovery/node-feature-discovery
chart_version: 0.10.0

10
roles/openstack_helm_cinder/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for OpenStack Cinder
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

5
roles/openstack_helm_endpoints/tasks/main.yml
View File

@ -15,13 +15,14 @@
- name: Get Helm values if chart is provided
block:
- name: Get the default values for the Helm chart
ansible.builtin.shell: helm show values {{ openstack_helm_endpoints_repo_name }}/{{ openstack_helm_endpoints_chart }}
ansible.builtin.command: helm show values {{ openstack_helm_endpoints_repo_name }}/{{ openstack_helm_endpoints_chart }}
changed_when: false
register: _helm_show_values
- name: Retrieve list of all the needed endpoints
ansible.builtin.set_fact:
openstack_helm_endpoints_list: "{{ _helm_show_values.stdout | from_yaml | community.general.json_query('keys(endpoints)') | difference(_openstack_helm_endpoints_ignore) }}"
openstack_helm_endpoints_list: |-
{{ _helm_show_values.stdout | from_yaml | community.general.json_query('keys(endpoints)') | difference(_openstack_helm_endpoints_ignore) }}
when:
- openstack_helm_endpoints_list is not defined or openstack_helm_endpoints_list == None

10
roles/openstack_helm_glance/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for OpenStack Glance
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

10
roles/openstack_helm_heat/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for OpenStack Heat
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

10
roles/openstack_helm_horizon/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for OpenStack Horizon
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

2
roles/openstack_helm_horizon/vars/main.yml
View File

@ -37,7 +37,7 @@ _openstack_helm_horizon_values:
horizon_images_upload_mode: direct
openstack_enable_password_retrieve: "True"
raw:
WEBSSO_KEYSTONE_URL: "https://{{ openstack_helm_endpoints['identity']['scheme']['public'] }}://{{ openstack_helm_endpoints['identity']['host_fqdn_override']['public']['host'] }}/v3"
WEBSSO_KEYSTONE_URL: https://{{ openstack_helm_endpoints['identity']['host_fqdn_override']['public']['host'] }}/v3
local_settings_d:
_50_monasca_ui_settings: "{{ lookup('file', '50-monasca-ui-settings.py') }}"
extra_panels:

10
roles/openstack_helm_infra_ceph_provisioners/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for Ceph provisioners
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

2
roles/openstack_helm_infra_ceph_provisioners/tasks/main.yml
View File

@ -45,7 +45,7 @@
- name: Generate Ceph endpoint list
ansible.builtin.set_fact:
_openstack_helm_infra_ceph_provisioners_ceph_monitors: |
{{
{{
_openstack_helm_infra_ceph_provisioners_ceph_monitors | default([]) +
[{'ip': item}]
}}

10
roles/openstack_helm_infra_libvirt/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for Libvirt
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

10
roles/openstack_helm_infra_memcached/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for Memcached
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

10
roles/openstack_helm_infra_openvswitch/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for Open vSwitch
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

10
roles/openstack_helm_infra_rabbitmq/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for RabbitMQ
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

10
roles/openstack_helm_keystone/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for OpenStack Keystone
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

22
roles/openstack_helm_migrate_to_percona_xtradb_cluster/tasks/main.yml
View File

@ -35,14 +35,20 @@
name: "{{ openstack_helm_migrate_to_percona_xtradb_cluster_release_name }}"
release_namespace: "{{ openstack_helm_migrate_to_percona_xtradb_cluster_release_namespace }}"
register: _openstack_helm_migrate_to_percona_xtradb_cluster_helm_info
failed_when: _openstack_helm_migrate_to_percona_xtradb_cluster_helm_info.status['values']['endpoints']['oslo_db'].get('hosts', {}).get('default', '') == 'percona-xtradb-haproxy'
failed_when: _oslo_db_endpoints.get('hosts', {}).get('default', '') == 'percona-xtradb-haproxy'
vars:
_oslo_db_endpoints: "{{ _openstack_helm_migrate_to_percona_xtradb_cluster_helm_info.status['values']['endpoints']['oslo_db'] }}"
- name: Set facts for database endpoints
ansible.builtin.set_fact:
_openstack_helm_migrate_to_percona_xtradb_cluster_legacy_ip: "{{ _openstack_helm_migrate_to_percona_xtradb_cluster_legacy_service.resources[0]['spec']['clusterIP'] }}"
_openstack_helm_migrate_to_percona_xtradb_cluster_legacy_password: "{{ _openstack_helm_migrate_to_percona_xtradb_cluster_helm_info.status['values']['endpoints']['oslo_db']['auth']['admin']['password'] }}"
_openstack_helm_migrate_to_percona_xtradb_cluster_ip: "{{ _openstack_helm_migrate_to_percona_xtradb_cluster_service.resources[0]['spec']['clusterIP'] }}"
_openstack_helm_migrate_to_percona_xtradb_cluster_password: "{{ openstack_helm_endpoints['oslo_db']['auth']['admin']['password'] }}"
_openstack_helm_migrate_to_percona_xtradb_cluster_legacy_ip: |-
{{ _openstack_helm_migrate_to_percona_xtradb_cluster_legacy_service.resources[0]['spec']['clusterIP'] }}
_openstack_helm_migrate_to_percona_xtradb_cluster_legacy_password: |-
{{ _openstack_helm_migrate_to_percona_xtradb_cluster_helm_info.status['values']['endpoints']['oslo_db']['auth']['admin']['password'] }}
_openstack_helm_migrate_to_percona_xtradb_cluster_ip: |-
{{ _openstack_helm_migrate_to_percona_xtradb_cluster_service.resources[0]['spec']['clusterIP'] }}
_openstack_helm_migrate_to_percona_xtradb_cluster_password: |-
{{ openstack_helm_endpoints['oslo_db']['auth']['admin']['password'] }}
- name: Ensure PyMySQL packages are installed
ansible.builtin.pip:
@ -94,7 +100,11 @@
login_host: "{{ _openstack_helm_migrate_to_percona_xtradb_cluster_ip }}"
login_user: root
login_password: "{{ _openstack_helm_migrate_to_percona_xtradb_cluster_password }}"
name: "{{ (openstack_helm_migrate_to_percona_xtradb_cluster_databases | length > 1) | ternary('all', openstack_helm_migrate_to_percona_xtradb_cluster_databases) }}"
name: |-
{{
(openstack_helm_migrate_to_percona_xtradb_cluster_databases | length > 1) |
ternary('all', openstack_helm_migrate_to_percona_xtradb_cluster_databases)
}}
state: import
target: "{{ _openstack_helm_migrate_to_percona_xtradb_cluster_file.path }}"
async: 7200

10
roles/openstack_helm_neutron/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for OpenStack Neutron
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

10
roles/openstack_helm_nova/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for OpenStack Nova
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

9
roles/openstack_helm_nova/vars/main.yml
View File

@ -84,7 +84,14 @@ __openstack_helm_nova_values:
allowed_origin: "*"
allow_headers: "X-Auth-Token,X-OpenStack-Nova-API-Version"
filter_scheduler:
enabled_filters: ComputeFilter, AggregateTypeAffinityFilter, ComputeCapabilitiesFilter, PciPassthroughFilter, ImagePropertiesFilter, ServerGroupAntiAffinityFilter, ServerGroupAffinityFilter
enabled_filters:
ComputeFilter,
AggregateTypeAffinityFilter,
ComputeCapabilitiesFilter,
PciPassthroughFilter,
ImagePropertiesFilter,
ServerGroupAntiAffinityFilter,
ServerGroupAffinityFilter
image_properties_default_architecture: x86_64
max_instances_per_host: 200
glance:

10
roles/openstack_helm_placement/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for OpenStack Placement
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

10
roles/openstack_helm_senlin/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for OpenStack Senlin
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

10
roles/percona_xtradb_cluster/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for Percona XtraDB Cluster
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

10
roles/prometheus_pushgateway/meta/main.yml
View File

@ -12,6 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Ansible role for Prometheus Pushgateway
license: Apache-2.0
min_ansible_version: 5.5.0
platforms:
- name: Ubuntu
versions:
- focal
dependencies:
- role: helm_repository
vars:

7
tox.ini
View File

@ -26,6 +26,13 @@ commands_pre =
python3 {toxinidir}/tools/generate-galaxy-yml.py
ansible-galaxy collection install -f {toxinidir}
[testenv:linters]
deps =
{[testenv:build]deps}
ansible-lint
commands =
ansible-lint {toxinidir}/roles {posargs}
[testenv:build]
deps =
ansible-core

12
zuul.d/jobs.yaml
View File

@ -20,8 +20,18 @@
- zuul.d/playbooks/ansible-collection-atmosphere-check-commit/run.yml
- job:
name: ansible-collection-atmosphere-tox-build
name: ansible-collection-atmosphere-tox
parent: tox
- job:
name: ansible-collection-atmosphere-tox-linters
parent: ansible-collection-atmosphere-tox
vars:
tox_envlist: linters
- job:
name: ansible-collection-atmosphere-tox-build
parent: ansible-collection-atmosphere-tox
post-run:
- zuul.d/playbooks/ansible-collection-atmosphere-tox-build/post-run.yml
vars:

2
zuul.d/project.yaml
View File

@ -18,12 +18,14 @@
- ansible-collection-atmosphere-check-commit
- ansible-collection-atmosphere-tox-build
- ansible-collection-atmosphere-tox-molecule-default
- ansible-collection-atmosphere-tox-linters
- opendev-tox-docs
gate:
jobs:
- ansible-collection-atmosphere-check-commit
- ansible-collection-atmosphere-tox-build
- ansible-collection-atmosphere-tox-molecule-default
- ansible-collection-atmosphere-tox-linters
- opendev-tox-docs
promote:
jobs: