openstack
/
kayobe
Code Issues Proposed changes

Tag all (well, some of) the things (plays) 

Having tagged plays allows us to easily run a subset of the plays for a
command, and perform targeted operations with less risk of unintended
consequences.

The tags are typically named after the playbook, although some of the
overcloud playbooks have been tagged without an overcloud- prefix.
This commit is contained in:
Mark Goddard 2017-12-19 14:42:18 +00:00
parent 3736b46b01
commit d8fe45b3d8
49 changed files with 156 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/bootstrap.yml
View File

@ -1,6 +1,8 @@
---
- name: Ensure configuration management host is bootstrapped
hosts: localhost
tags:
- bootstrap
roles:
- role: bootstrap
bootstrap_ssh_key_type: "{{ ssh_key_type }}"

2
ansible/dell-switch-bmp.yml
View File

@ -4,6 +4,8 @@
- name: Ensure that a Bare Metal Provisioning (BMP) environment is configured for Dell switches on the seed
hosts: seed
tags:
- dell-switch-bmp
roles:
- role: dell-switch-bmp
# This is the Nginx web server on the seed node.

2
ansible/dev-tools.yml
View File

@ -1,5 +1,7 @@
---
- name: Ensure development tools are installed
hosts: seed-hypervisor:seed:overcloud
tags:
- dev-tools
roles:
- role: dev-tools

2
ansible/disable-glean.yml
View File

@ -4,5 +4,7 @@
# interfaces. In some cases this can lead to timeouts.
- name: Ensure Glean is disabled and its artifacts are removed
hosts: seed:overcloud
tags:
- disable-glean
roles:
- role: disable-glean

2
ansible/disable-selinux.yml
View File

@ -1,6 +1,8 @@
---
- name: Disable SELinux and reboot if required
hosts: seed:overcloud
tags:
- disable-selinux
roles:
- role: disable-selinux
disable_selinux_reboot_timeout: "{{ 600 if ansible_virtualization_role == 'host' else 300 }}"

2
ansible/docker-registry.yml
View File

@ -8,5 +8,7 @@
- name: Ensure a local Docker registry is deployed
hosts: controllers[0]
tags:
- docker-registry
roles:
- role: docker-registry

2
ansible/docker.yml
View File

@ -1,6 +1,8 @@
---
- name: Ensure docker is configured
hosts: docker
tags:
- docker
roles:
- role: docker
docker_daemon_mtu: "{{ public_net_name | net_mtu | default }}"

2
ansible/dump-config.yml
View File

@ -8,6 +8,8 @@
- name: Dump configuration from one or more hosts
hosts: "{{ dump_hosts }}"
gather_facts: "{{ dump_facts }}"
tags:
- dump-config
vars:
dump_path: /tmp/kayobe-dump-config
dump_facts: no

2
ansible/inspection-store.yml
View File

@ -8,6 +8,8 @@
- name: Ensure inspection store is deployed
hosts: controllers[0]
tags:
- inspection-store
roles:
- role: inspection-store
inspection_store_enabled: "{{ inspector_store_enabled }}"

2
ansible/ip-allocation.yml
View File

@ -1,6 +1,8 @@
---
- name: Ensure IP addresses are allocated
hosts: seed-hypervisor:seed:overcloud
tags:
- ip-allocation
gather_facts: no
# Use serial=1 to avoid races between allocations for different hosts.
serial: 1

2
ansible/ip-routing.yml
View File

@ -3,5 +3,7 @@
- name: Ensure IP routing is enabled
hosts: seed:overcloud
tags:
- ip-routing
roles:
- role: ip-routing

2
ansible/kayobe-ansible-user.yml
View File

@ -1,6 +1,8 @@
---
- name: Ensure the Kayobe Ansible user account exists
hosts: seed:overcloud
tags:
- kayobe-ansible-user
vars:
ansible_user: "{{ bootstrap_user }}"
# We can't assume that a virtualenv exists at this point, so use the system

2
ansible/kolla-ansible.yml
View File

@ -1,6 +1,8 @@
---
- name: Ensure Kolla Ansible is configured
hosts: localhost
tags:
- kolla-ansible
vars:
# We need to reference configuration for the controller and seed nodes.
# We pick the first host from each group for this. It is possible that at

4
ansible/kolla-bifrost-hostvars.yml
View File

@ -4,6 +4,8 @@
- name: Ensure the Bifrost overcloud inventory is initialised
hosts: seed
gather_facts: no
tags:
- kolla-bifrost-hostvars
tasks:
- name: Ensure the Bifrost host variables directory exists
file:
@ -23,6 +25,8 @@
- name: Ensure the Bifrost overcloud inventory is populated
hosts: overcloud
gather_facts: no
tags:
- kolla-bifrost-hostvars
vars:
seed_host: "{{ groups['seed'][0] }}"
bifrost_hostvars:

2
ansible/kolla-bifrost.yml
View File

@ -1,6 +1,8 @@
---
- name: Ensure Kolla Bifrost is configured
hosts: localhost
tags:
- kolla-bifrost
vars:
kolla_bifrost_extra_globals_path: "{{ kayobe_config_path ~ '/kolla/config/bifrost/bifrost.yml' }}"
kolla_bifrost_driver_map:

2
ansible/kolla-build.yml
View File

@ -1,6 +1,8 @@
---
- name: Ensure Kolla is installed and configured
hosts: container-image-builders
tags:
- kolla-build
roles:
- role: kolla
- role: kolla-build

3
ansible/kolla-host.yml
View File

@ -1,6 +1,9 @@
---
- name: Ensure Kolla host services are configured
hosts: controllers
tags:
- kolla-ansible
- kolla-host
tasks:
- name: Ensure host iSCSI services are stopped and disabled
service:

10
ansible/kolla-openstack.yml
View File

@ -1,7 +1,9 @@
---
- name: Check whether Ironic is enabled
hosts: controllers
tags:
- kolla-ansible
- kolla-openstack
tasks:
- name: Create controllers group with ironic enabled
group_by:
@ -9,6 +11,9 @@
- name: Ensure locally built Ironic Python Agent images are copied
hosts: controllers_with_ironic_enabled_True[0]
tags:
- kolla-ansible
- kolla-openstack
vars:
# These are the filenames generated by overcloud-ipa-build.yml.
ipa_image_name: "ipa"
@ -73,6 +78,9 @@
- name: Ensure Kolla OpenStack components are configured
hosts: localhost
tags:
- kolla-ansible
- kolla-openstack
vars:
switch_type_to_device_type:
dellos9: netmiko_dell_force10

2
ansible/lvm.yml
View File

@ -1,6 +1,8 @@
---
- name: Ensure LVM configuration is applied
hosts: seed:overcloud
tags:
- lvm
pre_tasks:
- name: Fail if the LVM physical disks have not been configured
fail:

2
ansible/network.yml
View File

@ -3,6 +3,7 @@
hosts: seed-hypervisor:seed:overcloud
tags:
- config
- network
vars:
ether_interfaces: "{{ network_interfaces | net_select_ethers | list }}"
bridge_interfaces: "{{ network_interfaces | net_select_bridges | list }}"
@ -73,6 +74,7 @@
hosts: network
tags:
- config
- network
vars:
veth_bridge_mtu_map: {}
veth_interfaces: []

2
ansible/node-exporter.yml
View File

@ -8,5 +8,7 @@
- name: Ensure Node Exporter is deployed
hosts: overcloud:&docker
tags:
- node-exporter
roles:
- role: node-exporter

2
ansible/ntp.yml
View File

@ -1,6 +1,8 @@
---
- name: Ensure NTP is installed and configured
hosts: seed-hypervisor:seed:overcloud
tags:
- ntp
roles:
- role: yatesr.timezone
become: True

2
ansible/opensm.yml
View File

@ -8,5 +8,7 @@
- name: Ensure OpenSM is deployed
hosts: controllers[0]
tags:
- opensm
roles:
- role: opensm

9
ansible/overcloud-bios-raid.yml
View File

@ -9,6 +9,9 @@
- name: Group overcloud nodes by their BMC type
hosts: overcloud
gather_facts: no
tags:
- bios
- raid
vars:
# List of BMC types supporting BIOS and RAID configuration.
supported_bmc_types:
@ -31,6 +34,9 @@
- name: Check whether any changes to nodes' BIOS and RAID configuration are required
hosts: overcloud_with_bmcs_of_type_idrac
gather_facts: no
tags:
- bios
- raid
vars:
# Set this to False to avoid rebooting the nodes after configuration.
drac_reboot: True
@ -50,6 +56,9 @@
- name: Ensure that overcloud BIOS and RAID volumes are configured
hosts: overcloud_with_bmcs_of_type_idrac
gather_facts: no
tags:
- bios
- raid
vars:
# Set this to False to avoid rebooting the nodes after configuration.
drac_reboot: True

2
ansible/overcloud-deprovision.yml
View File

@ -3,6 +3,8 @@
- name: Ensure the overcloud nodes are deprovisioned
hosts: overcloud
tags:
- deprovision
vars:
# Set to False to avoid waiting for the nodes to become active.
wait_available: True

2
ansible/overcloud-docker-sdk-upgrade.yml
View File

@ -1,6 +1,8 @@
---
- name: Ensure docker SDK for python is installed
hosts: overcloud
tags:
- docker-sdk-upgrade
tasks:
# Docker renamed their python SDK from docker-py to docker in the 2.0.0
# release, and also broke backwards compatibility. Kolla-ansible requires

4
ansible/overcloud-etc-hosts-fixup.yml
View File

@ -9,6 +9,8 @@
- name: Ensure overcloud hosts' /etc/hosts does not contain provisioning network IP
hosts: overcloud
tags:
- etc-hosts-fixup
tasks:
- name: Ensure overcloud hosts' /etc/hosts does not contain provisioning network or loopback IPs
lineinfile:
@ -23,6 +25,8 @@
- name: Ensure rabbitmq containers' /etc/hosts does not contain provisioning network or loopback IPs
hosts: overcloud
tags:
- etc-hosts-fixup
vars:
rabbitmq_containers:
- rabbitmq

2
ansible/overcloud-hardware-inspect.yml
View File

@ -3,6 +3,8 @@
- name: Ensure the overcloud nodes' hardware is inspected
hosts: overcloud
tags:
- hardware-inspect
vars:
# Set to False to avoid waiting for the nodes to become active.
wait_inspected: True

9
ansible/overcloud-introspection-rules-dell-lldp-workaround.yml
View File

@ -10,6 +10,9 @@
- name: Check whether Ironic is enabled
hosts: controllers
tags:
- introspection-rules
- introspection-rules-dell-lldp-workaround
tasks:
- name: Create controllers group with ironic enabled
group_by:
@ -18,6 +21,9 @@
- name: Group controller hosts in systems requiring the workaround
hosts: controllers_with_ironic_enabled_True
gather_facts: False
tags:
- introspection-rules
- introspection-rules-dell-lldp-workaround
tasks:
- name: Group controller hosts in systems requiring the Dell switch LLDP workaround
group_by:
@ -27,6 +33,9 @@
# Only required to run on a single host.
hosts: controllers_require_workaround_True[0]
gather_facts: False
tags:
- introspection-rules
- introspection-rules-dell-lldp-workaround
vars:
all_switch_interfaces: []
ironic_inspector_rules: []

4
ansible/overcloud-introspection-rules.yml
View File

@ -1,6 +1,8 @@
---
- name: Check whether Ironic is enabled
hosts: controllers
tags:
- introspection-rules
tasks:
- name: Create controllers group with ironic enabled
group_by:
@ -10,6 +12,8 @@
# Only required to run on a single host.
hosts: controllers_with_ironic_enabled_True[0]
gather_facts: False
tags:
- introspection-rules
vars:
venv: "{{ virtualenv_path }}/shade"
pre_tasks:

2
ansible/overcloud-inventory-discover.yml
View File

@ -4,6 +4,8 @@
- name: Ensure the overcloud Ansible inventory is populated
hosts: seed
tags:
- inventory-discover
tasks:
- name: Gather the Ironic node inventory using Bifrost
command: >

4
ansible/overcloud-ipa-build.yml
View File

@ -6,6 +6,8 @@
- name: Check whether Ironic is enabled
hosts: controllers
tags:
- ipa-build
tasks:
- name: Create controllers group with ironic enabled
group_by:
@ -14,6 +16,8 @@
- name: Ensure Ironic Python Agent images are built and installed
hosts: controllers_with_ironic_enabled_True[0]
gather_facts: False
tags:
- ipa-build
vars:
ipa_image_name: "ipa"
tasks:

4
ansible/overcloud-ipa-images.yml
View File

@ -1,6 +1,8 @@
---
- name: Check whether Ironic is enabled
hosts: controllers
tags:
- ipa-images
tasks:
- name: Create controllers group with ironic enabled
group_by:
@ -9,6 +11,8 @@
- name: Ensure Ironic Python Agent (IPA) images are downloaded and registered
hosts: controllers_with_ironic_enabled_True[0]
gather_facts: False
tags:
- ipa-images
vars:
# These are the filenames generated by overcloud-ipa-build.yml.
ipa_image_name: "ipa"

2
ansible/overcloud-provision.yml
View File

@ -3,6 +3,8 @@
- name: Ensure the overcloud nodes are provisioned
hosts: overcloud
tags:
- provision
vars:
# Set to False to avoid waiting for the nodes to become active.
wait_active: True

2
ansible/overcloud-service-config-save.yml
View File

@ -1,6 +1,8 @@
---
- name: Save overcloud service configuration
hosts: overcloud
tags:
- service-config-save
vars:
# Override this to change the directory in which the configuration will be
# saved.

4
ansible/provision-net.yml
View File

@ -1,6 +1,8 @@
---
- name: Check whether Ironic is enabled
hosts: controllers
tags:
- provision-net
tasks:
- name: Create controllers group with ironic enabled
group_by:
@ -10,6 +12,8 @@
# Only required to run on a single host.
hosts: controllers_with_ironic_enabled_True[0]
gather_facts: False
tags:
- provision-net
pre_tasks:
- name: Validate OpenStack password authentication parameters
fail:

2
ansible/public-openrc.yml
View File

@ -4,6 +4,8 @@
- name: Ensure a public OpenStack API environment file exists
hosts: localhost
tags:
- public-openrc
vars:
public_api_proto: "{% if kolla_enable_tls_external | bool %}https{% else %}http{% endif %}"
public_api_vip_address: "{{ public_net_name | net_vip_address }}"

2
ansible/seed-hypervisor-libvirt-host.yml
View File

@ -1,6 +1,8 @@
---
- name: Ensure the libvirt daemon is configured
hosts: seed-hypervisor
tags:
- libvirt-host
roles:
- role: libvirt-host
libvirt_host_pools: "{{ seed_hypervisor_libvirt_pools }}"

2
ansible/seed-introspection-rules.yml
View File

@ -1,6 +1,8 @@
---
- name: Ensure introspection rules are registered in Bifrost
hosts: seed
tags:
- introspection-rules
roles:
- role: ironic-inspector-rules
ironic_inspector_venv: "{{ virtualenv_path }}/shade"

2
ansible/seed-ipa-build.yml
View File

@ -4,6 +4,8 @@
- name: Ensure Ironic Python Agent images are built and installed
hosts: seed
tags:
- ipa-build
vars:
ipa_image_name: "ipa"
ipa_images:

2
ansible/snat.yml
View File

@ -3,6 +3,8 @@
- name: Ensure SNAT is configured
hosts: seed:overcloud
tags:
- snat
vars:
snat_rules:
- interface: "{{ ansible_default_ipv4.interface }}"

2
ansible/ssh-known-host.yml
View File

@ -2,6 +2,8 @@
- name: Ensure known hosts are configured
hosts: all
gather_facts: no
tags:
- ssh-known-host
roles:
- role: ssh-known-host

2
ansible/swift-setup.yml
View File

@ -1,5 +1,7 @@
---
- hosts: controllers
tags:
- swift
roles:
- role: swift-setup
swift_image: "kolla/{{ kolla_base_distro }}-{{ kolla_install_type }}-swift-base:{{ kolla_openstack_release }}"

2
ansible/sysctl.yml
View File

@ -1,6 +1,8 @@
---
- name: Ensure sysctl parameters are configured
hosts: seed:seed-hypervisor:overcloud
tags:
- sysctl
roles:
- role: sysctl
sysctl_file: "/etc/sysctl.d/kayobe"

2
ansible/users.yml
View File

@ -1,6 +1,8 @@
---
- name: Ensure users exist
hosts: seed:seed-hypervisor:overcloud
tags:
- users
roles:
- role: singleplatform-eng.users
become: True

2
ansible/wipe-disks.yml
View File

@ -8,5 +8,7 @@
- name: Ensure that all unmounted block devices are wiped
hosts: seed:overcloud
tags:
- wipe-disks
roles:
- role: wipe-disks

6
ansible/yum.yml
View File

@ -1,7 +1,11 @@
---
- name: Ensure Yum repos are configured
hosts: seed-hypervisor:seed:overcloud
tags:
- yum
roles:
- role: yum
- role: yum-cron
tags:
- yum-cron

2
doc/source/release-notes.rst
View File

@ -41,6 +41,8 @@ Features
system's python packages. This is enabled by setting the variable
``kolla_ansible_target_venv`` to a path to the virtualenv. The default for
this variable is ``{{ virtualenv_path }}/kolla-ansible``.
* Adds tags to plays to support more fine grained configuration using the
``--tags`` argument.
Upgrade Notes
-------------

23
doc/source/usage.rst
View File

@ -44,3 +44,26 @@ Environment variable
Export the environment variable ``KAYOBE_VAULT_PASSWORD`` to read the
password from the environment.
Limiting Hosts
--------------
Sometimes it may be necessary to limit execution of kayobe or kolla-ansible
plays to a subset of the hosts. The ``--limit <SUBSET>`` argument allows the
kayobe ansible hosts to be limited. The ``--kolla-limit <SUBSET>`` argument
allows the kolla-ansible hosts to be limited. These two options may be
combined in a single command. In both cases, the argument provided should be
an `Ansible host pattern
<http://docs.ansible.com/ansible/latest/intro_patterns.html>`_, and will
ultimately be passed to ``ansible-playbook`` as a ``--limit`` argument.
Tags
----
`Ansible tags <http://docs.ansible.com/ansible/latest/playbooks_tags.html>`_
provide a useful mechanism for executing a subset of the plays or tasks in a
playbook. The ``--tags <TAGS>`` argument allows execution of kayobe ansible
playbooks to be limited to matching plays and tasks. The ``--kolla-tags
<TAGS>`` argument allows execution of kolla-ansible ansible playbooks to be
limited to matching plays and tasks. The ``--skip-tags <TAGS>`` and
``--kolla-skip-tags <TAGS>`` arguments allow for avoiding execution of matching
plays and tasks.