openstack/bifrost
Code Issues Proposed changes
9d17ba173d
bifrost/playbooks/roles/ironic-install/tasks/main.yml
Julia Kreger 9c59e5985c Change ironic configuration to utilize sample file 
Changed the install-ironic role to utilize the sample ironic.conf
file supplied with ironic for the new installation, which leverages
Ansible lineinfile and sed to modify the file to be in the required
state.

By and large, this change will address the bug the most, since
ironic's configuration file is the file we want to track, however
other configuration template files need to be reviewed.

Change-Id: I45c4543c069805a3e0c9989c63852712bacbefb5
Partial-Bug: 1471985
2015-07-21 10:44:34 -04:00

218 lines
11 KiB
YAML
Raw Blame History

# Copyright (c) 2015 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Include OS-specific packages variables.
include_vars: "{{ item }}"
with_first_found:
- "../defaults/required_defaults_{{ ansible_distribution }}.yml"
- "../defaults/required_defaults_{{ ansible_os_family }}.yml"
- name: "Update Package Cache"
apt: update_cache=yes
when: ansible_os_family == 'Debian'
- name: "Install packages"
action: "{{ ansible_pkg_mgr }} name={{ item }}"
with_items: required_packages
# Step required for Ubuntu 14.10
- name: "Install 14.10 packages"
action: "{{ ansible_pkg_mgr }} name={{ item }}"
with_items:
- pxelinux
when: ansible_distribution_version|version_compare('14.10', '>=') and ansible_distribution == 'Ubuntu'
# NOTE(TheJulia) While we don't necessarilly require /opt/stack any longer
# and it should already be created by the Ansible setup, we will leave this
# here for the time being.
- name: "Ensuring /opt/stack is present"
file: name=/opt/stack state=directory owner=root group=root
- name: "Ironic Client - Install from source if configured to do so."
command: pip install --force-reinstall {{ ironicclient_git_folder }}
when: skip_install is not defined and ((ironicclient_source_install is defined and ironicclient_source_install == true) or ci_testing == true)
- name: "Ironic Client - Install from pip"
pip: name=python-ironicclient state=present
when: skip_install is not defined and (ironicclient_source_install is not defined or ironicclient_source_install == false) and (ci_testing == false)
- name: "proliantutils - Install from pip"
pip: name=proliantutils state=present
when: skip_install is not defined and testing | bool != true
- name: "UcsSdk - Install from pip"
pip: name=UcsSdk version=0.8.1.9
when: skip_install is not defined and testing | bool != true
- name: "Shade - Install from source if configured to do so"
command: pip install --force-reinstall {{ shade_git_folder }}
when: skip_install is not defined and ((shade_source_install is defined and shade_source_install == true) or ci_testing == true)
- name: "Shade - Installing patched shade library."
pip: name=shade state=latest
when: skip_install is not defined and (shade_source_install is not defined or shade_source_install == false) and (ci_testing == false)
- name: "dib-utils - install from pip"
pip: name=dib-utils state=present
when: skip_install is not defined and create_image_via_dib == true
- name: "Include diskimage-builder installation"
include: dib_install.yml
when: create_image_via_dib == true
- name: "Starting database service"
service: name={{ mysql_service_name }} state=started
- name: "Starting rabbitmq-server"
service: name=rabbitmq-server state=started
- name: "RabbitMQ - Testing if hostname is defined firsts in /etc/hosts"
command: grep -i "127.0.0.1.*{{ ansible_hostname }}\ localhost" /etc/hosts
ignore_errors: yes
register: test_grep_fix_hostname
- name: "RabbitMQ - Fixing /etc/hosts"
command: sed -i 's/localhost/{{ ansible_hostname }} localhost/' /etc/hosts
when: test_grep_fix_hostname.rc != 0
- name: "Ensuring guest user is removed from rabbitmq"
rabbitmq_user: user=guest state=absent force=yes
- name: "Creating Ironic user in RabbitMQ"
rabbitmq_user: user=ironic password={{ ironic_db_password }} force=yes state=present configure_priv=.* write_priv=.* read_priv=.*
no_log: true
- name: "MySQL - Creating DB"
mysql_db: login_user={{ mysql_username }} login_password={{ mysql_password }} name=ironic state=present encoding=utf8
register: test_created_db
- name: "MySQL - Creating user for Ironic"
mysql_user: login_user={{ mysql_username }} login_password={{ mysql_password }} name=ironic password={{ ironic_db_password }} priv=ironic.*:ALL state=present
- name: "Install Ironic using pip"
pip: name={{ ironic_git_folder }} state=latest
when: skip_install is not defined
- name: "Creating an ironic service group"
group: name=ironic
- name: "Creating an ironic service user"
user: name=ironic group=ironic
- name: "Ensure /etc/ironic exists"
file: name=/etc/ironic state=directory owner=ironic group=ironic mode=0755
- name: "Generate Ironic Configuration"
include: ironic_config.yml
- name: "Place Ironic IPA Agent PXE configuration file"
template: src=agent_config.template.j2 dest=/etc/ironic/agent_config.template owner=ironic group=ironic mode=0644
- name: "Copy policy.json to /etc/ironic"
copy: src="{{ ironic_git_folder }}/etc/ironic/policy.json" dest=/etc/ironic/ owner=ironic group=ironic mode=0644
- name: "Creating Ironic DB Schema"
command: ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
when: test_created_db.changed == true
- name: "Upgrading Ironic DB Schema"
command: ironic-dbsync --config-file /etc/ironic/ironic.conf upgrade
when: test_created_db.changed == false
- name: "Create libvirt group on RedHat/Centos"
group: name=libvirt
when: ansible_os_family == 'RedHat'
# NOTE(TheJulia): Modify the supplied libvirtd config as by default,
# access to libvirt is restricted to the root group via polkit.
- name: "Update libvirt configuration file on RedHat/CentOS so the user"
lineinfile: dest=/etc/libvirt/libvirtd.conf regexp=^unix_sock_group line='unix_sock_group = "libvirt"'
when: ansible_os_family == 'RedHat'
- name: "Changing libvirt authentication to none as RedHat/CentOS use polkit by default"
lineinfile: dest=/etc/libvirt/libvirtd.conf regexp=^auth_unix_rw line='auth_unix_rw = "none"'
when: ansible_os_family == 'RedHat'
- name: "Changing libvirt socket permissions to be restricted on on RedHat/CentOS"
lineinfile: dest=/etc/libvirt/libvirtd.conf regexp=^unix_sock_rw_perms line='unix_sock_rw_perms = "0770"'
when: ansible_os_family == 'RedHat'
- name: "Adding ironic user to virtualization group"
user: name=ironic group="{{ virt_group }}" append=yes
when: testing == true
- name: "Creating SSH directory for ironic user"
local_action: file path=/home/ironic/.ssh owner=ironic group=ironic mode=0700 state=directory
when: testing == true
- name: "Checking for ironic user SSH key"
local_action: stat path=/home/ironic/.ssh/id_rsa
register: test_ironic_pvt_key
- name: "Generating SSH key for ironic user"
local_action: command ssh-keygen -f /home/ironic/.ssh/id_rsa -N ""
when: testing == true and test_ironic_pvt_key.stat.exists == false
- name: "Setting ownership on ironic SSH private key"
local_action: file name=/home/ironic/.ssh/id_rsa owner=ironic group=ironic mode=0600 state=file
when: testing == true and test_ironic_pvt_key.stat.exists == false
- name: "Setting ownership on ironic SSH public key"
local_action: file name=/home/ironic/.ssh/id_rsa.pub owner=ironic group=ironic mode=0644 state=file
when: testing == true and test_ironic_pvt_key.stat.exists == false
- name: "Creating authorized_keys file for ironic user"
command: cp -p /home/ironic/.ssh/id_rsa.pub /home/ironic/.ssh/authorized_keys
when: testing == true
- name: "Placing services"
template: src={{ init_template }} dest={{ init_dest_dir }}{{item.service_name}}{{ init_ext }} owner=root group=root
with_items:
- { service_name: 'ironic-api', username: 'ironic', args: '--config-file /etc/ironic/ironic.conf'}
- { service_name: 'ironic-conductor', username: 'ironic', args: '--config-file /etc/ironic/ironic.conf'}
- name: "Reload systemd configuration"
command: systemctl daemon-reload
when: ansible_os_family == 'RedHat'
- name: "Start ironic-conductor"
service: name=ironic-conductor state=started
- name: "Start ironic-api"
service: name=ironic-api state=started
- name: "Start ironic-conductor"
service: name=ironic-conductor state=restarted
- name: "Start ironic-api"
service: name=ironic-api state=restarted
- name: "Create and populate /tftpboot"
include: create_tftpboot.yml
- name: "Deploy dnsmasq configuration file"
template: src=dnsmasq.conf.j2 dest=/etc/dnsmasq.conf
when: "{{include_dhcp_server|bool}}"
# NOTE(Shrews) When testing, we want to use our custom dnsmasq.conf file,
# not the one supplied by libvirt. And the libvirt started dnsmasq processes
# are not controlled by upstart, so we need to manually kill those.
- name: "Looking for libvirt dnsmasq config"
stat: path=/etc/dnsmasq.d/libvirt-bin
register: test_libvirt_dnsmasq
when: "{{include_dhcp_server|bool}}"
- name: "Disabling libvirt dnsmasq config"
command: mv /etc/dnsmasq.d/libvirt-bin /etc/dnsmasq.d/libvirt-bin~
when: "{{include_dhcp_server|bool and test_libvirt_dnsmasq.stat.exists|bool and testing|bool}}"
- name: "Stopping existing libvirt dnsmasq processes"
command: killall -w dnsmasq
when: "{{testing|bool and include_dhcp_server|bool}}"
# NOTE(Shrews) We need to enable ip forwarding for the libvirt bridge to
# operate properly with dnsmasq. This should be done before starting dnsmasq.
- name: "Enabling IP forwarding in sysctl"
sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes state=present reload=yes
when: testing == true
# NOTE(Shrews) Ubuntu packaging+apparmor issue prevents libvirt from loading
# the ROM from /usr/share/misc.
- name: "Looking for sgabios in {{ sgabios_dir }}"
stat: path={{ sgabios_dir }}/sgabios.bin
register: test_sgabios_qemu
- name: "Looking for sgabios in /usr/share/misc"
stat: path=/usr/share/misc/sgabios.bin
register: test_sgabios_misc
- name: "Place sgabios.bin"
command: cp /usr/share/misc/sgabios.bin /usr/share/qemu/sgabios.bin
when: test_sgabios_qemu == false and test_sgabios_misc == true and testing == true
- name: "Deploying nginx configuration file for serving HTTP requests"
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
- name: "Ensuring services are running with current config"
service: name={{ item }} state=restarted
with_items:
- xinetd
- nginx
- name: "Ensuring dnsmasq is running with current config"
service: name={{ item }} state=restarted
with_items:
- dnsmasq
when: "{{include_dhcp_server|bool}}"
- name: "Sending services a reload signal"
service: name={{ item }} state=reloaded
with_items:
- xinetd
- nginx
- name: "Sending services a force-reload signal"
service: name=dnsmasq state=restarted
when: "{{include_dhcp_server|bool}}"
- name: "Download Ironic Python Agent CoreOS kernel & image"
include: download_ipa_coreos.yml
- name: "Download cirros to use for deployment if requested"
get_url: url={{ cirros_deploy_image_upstream_url }} dest="{{ deploy_image }}"
when: "{{use_cirros|bool}}"
- name: "Explicitly permit nginx port (TCP) for file downloads from nodes to be provisioned"
command: iptables -I INPUT -p tcp --dport {{nginx_port}} -i {{network_interface}} -j ACCEPT
- name: "Explicitly permit TCP/6385 for IPA callback"
command: iptables -I INPUT -p tcp --dport 6385 -i {{network_interface}} -j ACCEPT
View Git Blame Copy Permalink