Stop using kolla-ansible bootstrap-servers

The 'kayobe * host configure' commands no longer use the 'kolla-ansible
bootstrap-servers' command, and associated 'baremetal' role in Kolla
Ansible. The functionality provided by the 'baremetal' role has been
extracted into the openstack.kolla Ansible collection, and split
into separate roles. This allows Kayobe to use it directly, and only the
necessary parts.

This change improves failure handling in these Kayobe commands, and aims
to reduce confusion over which '--limit' and '--tags' arguments to
provide.  This ensures that if a host fails during a host configuration
command, other hosts are able to continue to completion. Previously, if
any host failed during the Kayobe playbooks, the 'kolla-ansible
bootstrap-servers' command would not run. This is useful at scale, where
host failures occur more frequently.

This change has implications for configuration of Kayobe, since some
variables that were previously in Kolla Ansible are now in Kayobe.

Several parts of the baremetal role have been split out and used here:

* apparmor-libvirt: disable AppArmor rules for libvirt on Ubuntu.
* docker: Docker installation & configuration. The docker role in
  openstack.kolla combines functionality from kolla-ansible and kayobe.
* etc-hosts: it proved difficult to generalise this, so we have some
  almost duplicated the code from kolla-ansible here. Requires delegated
  fact gathering for the case when --limit is used.
* firewall: support to disable UFW, for feature parity.
* kolla-packages: miscellaneous package installs & removals.

The addition of the stack user to the docker group has been moved to the
user bootstrapping playbook, and the docker SDK installation has been
moved to the virtualenv setup playbook.

Depends-On: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/829587

Story: 2009854
Task: 44505

Change-Id: I61a61ca59652b13687c2247d5881012b51f666a7
This commit is contained in:
Mark Goddard 2021-11-09 15:50:45 +00:00 committed by Michal Nasiadka
parent 137e64b57c
commit c9f8d80ba6
37 changed files with 387 additions and 339 deletions

3
.gitignore vendored
View File

@ -56,8 +56,9 @@ ChangeLog
ansible/*.retry ansible/*.retry
ansible/roles/*/tests/*.retry ansible/roles/*/tests/*.retry
# Ansible Galaxy roles # Ansible Galaxy roles & collections
ansible/roles/*\.*/ ansible/roles/*\.*/
ansible/collections/
# Virtualenvs # Virtualenvs
ansible/kolla-venv/ ansible/kolla-venv/

View File

@ -0,0 +1,21 @@
---
- name: Ensure AppArmor is disabled for containerised libvirt
hosts: compute
tags:
- apparmor-libvirt
vars:
# kolla_overcloud_inventory_top_level_group_map looks like:
# kolla_overcloud_inventory_top_level_group_map:
# control:
# groups:
# - controllers
hosts_in_kolla_inventory: >-
{{ kolla_overcloud_inventory_top_level_group_map.values() |
map(attribute='groups') | flatten | unique | join(':') }}
tasks:
- name: Include openstack.kolla.apparmor_libvirt role
include_role:
name: openstack.kolla.apparmor_libvirt
when:
- inventory_hostname in query('inventory_hostnames', hosts_in_kolla_inventory)
- ansible_facts.distribution == "Ubuntu"

View File

@ -3,7 +3,12 @@
hosts: docker hosts: docker
tags: tags:
- docker - docker
vars: tasks:
- docker_upper_constraints_file: "{{ pip_upper_constraints_file }}" - import_role:
roles: name: docker
- role: docker vars:
docker_daemon_mtu: "{{ public_net_name | net_mtu | default }}"
docker_configure_for_zun: "{{ kolla_enable_zun | bool }}"
docker_http_proxy: "{{ kolla_http_proxy }}"
docker_https_proxy: "{{ kolla_https_proxy }}"
docker_no_proxy: "{{ kolla_no_proxy | select | join(',') }}"

15
ansible/etc-hosts.yml Normal file
View File

@ -0,0 +1,15 @@
---
- name: Ensure /etc/hosts is configured
hosts: overcloud
tags:
- etc-hosts
tasks:
# NOTE(mgoddard): Need to ensure that all hosts have facts available.
- import_role:
name: gather-facts-delegated
tags:
- gather-facts-delegated
when: etc_hosts_gather_facts | default(true)
- import_role:
name: etc-hosts

View File

@ -6,6 +6,5 @@
- firewall - firewall
tasks: tasks:
- name: Configure firewalld - name: Configure firewalld
include_role: import_role:
name: "firewalld" name: "firewalld"

View File

@ -26,3 +26,9 @@ docker_registry:
# CA of docker registry # CA of docker registry
docker_registry_ca: docker_registry_ca:
# List of Docker registry mirrors.
docker_registry_mirrors: []
# Enable live-restore on docker daemon
docker_daemon_live_restore: false

View File

@ -70,9 +70,11 @@
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3
roles: roles:
- role: singleplatform-eng.users - role: singleplatform-eng.users
groups_to_create: "{{ [{'name': 'docker'}] if 'docker' in group_names else [] }}"
users: users:
- username: "{{ kayobe_ansible_user }}" - username: "{{ kayobe_ansible_user }}"
name: Kayobe deployment user name: Kayobe deployment user
groups: "{{ ['docker'] if 'docker' in group_names else [] }}"
append: True append: True
ssh_key: ssh_key:
- "{{ lookup('file', ssh_public_key_path) }}" - "{{ lookup('file', ssh_public_key_path) }}"

View File

@ -100,3 +100,14 @@
state: present state: present
become: True become: True
when: virtualenv is not defined when: virtualenv is not defined
- name: Ensure kolla-ansible virtualenv has docker SDK for python installed
pip:
name: docker
state: latest
virtualenv: "{{ virtualenv | default(omit) }}"
extra_args: "{% if docker_upper_constraints_file %}-c {{ docker_upper_constraints_file }}{% endif %}"
become: "{{ virtualenv is not defined }}"
vars:
docker_upper_constraints_file: "{{ pip_upper_constraints_file }}"
when: "'docker' in group_names"

View File

@ -107,7 +107,6 @@
kolla_inspector_extra_kernel_options: "{{ inspector_extra_kernel_options }}" kolla_inspector_extra_kernel_options: "{{ inspector_extra_kernel_options }}"
kolla_libvirt_tls: "{{ compute_libvirt_enable_tls | bool }}" kolla_libvirt_tls: "{{ compute_libvirt_enable_tls | bool }}"
kolla_enable_host_ntp: false kolla_enable_host_ntp: false
docker_daemon_mtu: "{{ public_net_name | net_mtu | default }}"
kolla_globals_paths_extra: kolla_globals_paths_extra:
- "{{ kayobe_config_path }}" - "{{ kayobe_config_path }}"
- "{{ kayobe_env_config_path }}" - "{{ kayobe_env_config_path }}"

View File

@ -0,0 +1,22 @@
---
- name: Ensure Kolla Ansible packages are installed
hosts: overcloud
tags:
- kolla-packages
vars:
# kolla_overcloud_inventory_top_level_group_map looks like:
# kolla_overcloud_inventory_top_level_group_map:
# control:
# groups:
# - controllers
hosts_in_kolla_inventory: >-
{{ kolla_overcloud_inventory_top_level_group_map.values() |
map(attribute='groups') | flatten | unique | join(':') }}
tasks:
- name: Include openstack.kolla.packages role
include_role:
name: openstack.kolla.packages
vars:
enable_multipathd: "{{ kolla_enable_multipathd | bool }}"
when:
- inventory_hostname in query('inventory_hostnames', hosts_in_kolla_inventory)

View File

@ -1,31 +0,0 @@
---
- name: Ensure docker SDK for python is installed
hosts: overcloud
tags:
- docker-sdk-upgrade
tasks:
# Docker renamed their python SDK from docker-py to docker in the 2.0.0
# release, and also broke backwards compatibility. Kolla-ansible requires
# docker, so ensure it is installed.
- name: Set a fact about the virtualenv on the remote system
set_fact:
virtualenv: "{{ ansible_python_interpreter | dirname | dirname }}"
when:
- ansible_python_interpreter is defined
- not ansible_python_interpreter.startswith('/bin/')
- not ansible_python_interpreter.startswith('/usr/bin/')
- name: Ensure legacy docker-py python package is uninstalled
pip:
name: docker-py
state: absent
virtualenv: "{{ virtualenv is defined | ternary(virtualenv, omit) }}"
become: "{{ virtualenv is not defined }}"
- name: Ensure docker SDK for python is installed
pip:
name: docker
state: latest
extra_args: "{% if pip_upper_constraints_file %}-c {{ pip_upper_constraints_file }}{% endif %}"
virtualenv: "{{ virtualenv is defined | ternary(virtualenv, omit) }}"
become: "{{ virtualenv is not defined }}"

View File

@ -12,6 +12,7 @@
- import_playbook: "selinux.yml" - import_playbook: "selinux.yml"
- import_playbook: "network.yml" - import_playbook: "network.yml"
- import_playbook: "firewall.yml" - import_playbook: "firewall.yml"
- import_playbook: "etc-hosts.yml"
- import_playbook: "tuned.yml" - import_playbook: "tuned.yml"
- import_playbook: "sysctl.yml" - import_playbook: "sysctl.yml"
- import_playbook: "disable-glean.yml" - import_playbook: "disable-glean.yml"
@ -25,3 +26,8 @@
- import_playbook: "kolla-ansible-user.yml" - import_playbook: "kolla-ansible-user.yml"
- import_playbook: "kolla-pip.yml" - import_playbook: "kolla-pip.yml"
- import_playbook: "kolla-target-venv.yml" - import_playbook: "kolla-target-venv.yml"
- import_playbook: "kolla-packages.yml"
- import_playbook: "docker.yml"
- import_playbook: "apparmor-libvirt.yml"
- import_playbook: "swift-block-devices.yml"
- import_playbook: "compute-libvirt-host.yml"

View File

@ -1,5 +1,4 @@
--- ---
- import_playbook: "kayobe-target-venv.yml" - import_playbook: "kayobe-target-venv.yml"
- import_playbook: "kolla-target-venv.yml" - import_playbook: "kolla-target-venv.yml"
- import_playbook: "overcloud-docker-sdk-upgrade.yml"
- import_playbook: "overcloud-etc-hosts-fixup.yml" - import_playbook: "overcloud-etc-hosts-fixup.yml"

View File

@ -1,10 +1,7 @@
--- ---
# URL of docker registry docker_storage_driver: overlay2
docker_registry: docker_storage_volume_group:
docker_storage_volume_thinpool:
# CA of docker registry docker_registry_mirrors: []
docker_registry_ca: docker_daemon_mtu: 1500
docker_daemon_live_restore: false
# Upper constraints file which is passed to pip when installing packages
# into a venv.
docker_upper_constraints_file:

View File

@ -1,6 +0,0 @@
---
- name: reload docker service
service:
name: docker
state: reloaded
become: True

View File

@ -1,52 +1,5 @@
--- ---
- name: Set a fact about the virtualenv on the remote system - import_role:
set_fact: name: openstack.kolla.docker
virtualenv: "{{ ansible_python_interpreter | dirname | dirname }}" vars:
when: docker_custom_config: "{{ lookup('template', 'daemon.json.j2') | to_nice_json | indent(2) }}"
- ansible_python_interpreter is defined
- not ansible_python_interpreter.startswith('/bin/')
- not ansible_python_interpreter.startswith('/usr/bin/')
- name: Ensure docker SDK for python is installed
pip:
name: docker
state: latest
extra_args: "{% if docker_upper_constraints_file %}-c {{ docker_upper_constraints_file }}{% endif %}"
virtualenv: "{{ virtualenv is defined | ternary(virtualenv, omit) }}"
become: "{{ virtualenv is not defined }}"
- name: Ensure user is in the docker group
user:
name: "{{ ansible_facts.user_id }}"
groups: docker
append: yes
register: group_result
become: True
# After adding the user to the docker group, we need to log out and in again to
# pick up the group membership. We do this by resetting the SSH connection.
- name: Reset connection to activate new group membership
meta: reset_connection
when: group_result is changed
- name: Ensure Docker daemon is started
service:
name: docker
state: started
become: True
- name: Ensure the path for CA file for private registry exists
file:
path: "/etc/docker/certs.d/{{ docker_registry }}"
state: directory
become: True
when: docker_registry is not none and docker_registry_ca is not none
- name: Ensure the CA file for private registry exists
copy:
src: "{{ docker_registry_ca }}"
dest: "/etc/docker/certs.d/{{ docker_registry }}/ca.crt"
become: True
when: docker_registry is not none and docker_registry_ca is not none
notify: reload docker service

View File

@ -0,0 +1,6 @@
---
# Whether to add entries to /etc/hosts.
customize_etc_hosts: true
# List of hosts to add to /etc/hosts.
etc_hosts_hosts: "{{ ansible_play_hosts_all }}"

View File

@ -0,0 +1,56 @@
---
- name: Ensure localhost in /etc/hosts
lineinfile:
dest: /etc/hosts
regexp: "^127.0.0.1.*"
line: "127.0.0.1 localhost"
state: present
become: True
# NOTE(mgoddard): Ubuntu may include a line in /etc/hosts that makes the local
# hostname and fqdn point to 127.0.1.1. This can break
# RabbitMQ, which expects the hostname to resolve to the API network address.
# Remove the troublesome entry.
# see https://bugs.launchpad.net/kolla-ansible/+bug/1837699
# and https://bugs.launchpad.net/kolla-ansible/+bug/1862739
- name: Ensure hostname does not point to 127.0.1.1 in /etc/hosts
lineinfile:
dest: /etc/hosts
regexp: "^127.0.1.1\\b.*\\s{{ ansible_facts.hostname }}\\b"
state: absent
become: True
- name: Generate /etc/hosts for all of the nodes
blockinfile:
dest: /etc/hosts
marker: "# {mark} ANSIBLE GENERATED HOSTS"
block: |
{% for host in etc_hosts_hosts %}
{% if hostvars[host].internal_net_name in hostvars[host].network_interfaces %}
{% set hostnames = [hostvars[host].ansible_facts.nodename, hostvars[host].ansible_facts.hostname] %}
{{ hostvars[host].internal_net_name | net_ip(inventory_hostname=host) }} {{ hostnames | unique | join(' ') }}
{% endif %}
{% endfor %}
become: True
when:
# Skip hosts that do not have a valid internal network interface.
- internal_net_name in network_interfaces
# NOTE(osmanlicilegi): The distribution might come with cloud-init installed, and manage_etc_hosts
# configuration enabled. If so, it will override the file /etc/hosts from cloud-init templates at
# every boot, which will break RabbitMQ. To prevent this happens, first we check whether cloud-init
# has been installed, and then set manage_etc_hosts to false.
- name: Check whether cloud-init has been installed, and ensure manage_etc_hosts is disabled
block:
- name: Ensure /etc/cloud/cloud.cfg exists
stat:
path: /etc/cloud/cloud.cfg
register: cloud_init
- name: Disable cloud-init manage_etc_hosts
copy:
content: "manage_etc_hosts: false"
dest: /etc/cloud/cloud.cfg.d/99-kolla.cfg
mode: "0660"
when: cloud_init.stat.exists
become: True

View File

@ -0,0 +1,3 @@
---
- include_tasks: etc-hosts.yml
when: customize_etc_hosts | bool

View File

@ -0,0 +1,3 @@
---
# Whether to install and enable ufw.
ufw_enabled: false

View File

@ -0,0 +1,9 @@
---
# TODO(inc0): Gates don't seem to have ufw executable, check for it instead of ignore errors
- name: Set firewall default policy
become: True
ufw:
state: disabled
policy: allow
when: not ufw_enabled | bool
ignore_errors: yes

View File

@ -0,0 +1,8 @@
---
gather_facts_delegated_limit_hosts: "{{ ansible_play_hosts_all }}"
gather_facts_delegated_batch_index: "{{ gather_facts_delegated_limit_hosts.index(inventory_hostname) }}"
gather_facts_delegated_batch_size: "{{ gather_facts_delegated_limit_hosts | length }}"
# Use a python list slice to divide the group up.
# Syntax: [<start index>:<end index>:<step size>]
gather_facts_delegated_delegate_hosts: >-
{{ gather_facts_delegated_limit_hosts[gather_facts_delegated_batch_index | int::gather_facts_delegated_batch_size | int] }}

View File

@ -0,0 +1,10 @@
---
- name: Gather facts for all hosts (if using --limit)
setup:
filter: "{{ kayobe_ansible_setup_filter }}"
gather_subset: "{{ kayobe_ansible_setup_gather_subset }}"
delegate_facts: True
delegate_to: "{{ item }}"
with_items: "{{ gather_facts_delegated_delegate_hosts }}"
when:
- not hostvars[item].ansible_facts

View File

@ -299,30 +299,9 @@ kolla_enable_host_ntp:
############################################################################### ###############################################################################
# Docker configuration. # Docker configuration.
# Name of the docker storage driver.
docker_storage_driver: overlay2
# Name of the docker storage LVM volume group.
docker_storage_volume_group:
# Name of the docker storage data LVM volume.
docker_storage_volume_thinpool:
# URL of docker registry # URL of docker registry
docker_registry: docker_registry:
# CA of docker registry
docker_registry_ca:
# List of Docker registry mirrors.
docker_registry_mirrors: []
# MTU to pass through to containers not using net=host
docker_daemon_mtu: 1500
# Enable live-restore on docker daemon
docker_daemon_live_restore: false
############################################################################### ###############################################################################
# Proxy configuration # Proxy configuration

View File

@ -52,8 +52,6 @@
sources: "{{ kolla_globals_paths | product(['/kolla/globals.yml']) | map('join') | unique | list }}" sources: "{{ kolla_globals_paths | product(['/kolla/globals.yml']) | map('join') | unique | list }}"
dest: "{{ kolla_config_path }}/globals.yml" dest: "{{ kolla_config_path }}/globals.yml"
mode: 0640 mode: 0640
vars:
kolla_docker_custom_config: "{{ lookup('template', 'daemon.json.j2') }}"
- name: Ensure the Kolla seed inventory file exists - name: Ensure the Kolla seed inventory file exists
copy: copy:

View File

@ -73,21 +73,6 @@ docker_namespace: "{{ kolla_docker_namespace }}"
{% if kolla_docker_registry_username %} {% if kolla_docker_registry_username %}
docker_registry_username: "{{ kolla_docker_registry_username }}" docker_registry_username: "{{ kolla_docker_registry_username }}"
{% endif %} {% endif %}
docker_storage_driver: "{{ docker_storage_driver }}"
docker_custom_config: {{ kolla_docker_custom_config | to_nice_json | indent(2) }}
{% if kolla_docker_registry_insecure | bool %}
docker_registry_insecure: "yes"
{% endif %}
{% if kolla_http_proxy is not none and kolla_http_proxy | length > 0 %}
docker_http_proxy: "{{ kolla_http_proxy }}"
{% endif %}
{% if kolla_https_proxy is not none and kolla_https_proxy | length > 0 %}
docker_https_proxy: "{{ kolla_https_proxy }}"
{% endif %}
{% if kolla_no_proxy is not none and kolla_no_proxy | length > 0 %}
docker_no_proxy: "{{ kolla_no_proxy | select | join(',') }}"
{% endif %}
#docker_configure_for_zun: "no" #docker_configure_for_zun: "no"

View File

@ -25,3 +25,5 @@
- import_playbook: "kolla-ansible-user.yml" - import_playbook: "kolla-ansible-user.yml"
- import_playbook: "kolla-pip.yml" - import_playbook: "kolla-pip.yml"
- import_playbook: "kolla-target-venv.yml" - import_playbook: "kolla-target-venv.yml"
- import_playbook: "docker.yml"
- import_playbook: "docker-registry.yml"

View File

@ -561,6 +561,22 @@ In the following example, firewalld is enabled on controllers. ``public`` and
- service: http - service: http
zone: public zone: public
UFW
===
*tags:*
| ``firewall``
Configuration of Uncomplicated Firewall (UFW) on Ubuntu hosts is currently not
supported. Instead, UFW is disabled. Since Yoga, this may be avoided as
follows:
.. code-block:: yaml
ufw_enabled: true
Note that despite the name, this will not actively enable UFW. It may do so in
the future.
.. _configuration-hosts-tuned: .. _configuration-hosts-tuned:
Tuned Tuned
@ -991,22 +1007,6 @@ custom one.
create: true create: true
mount: false mount: false
Kolla-Ansible bootstrap-servers
===============================
Kolla Ansible provides some host configuration functionality via the
``bootstrap-servers`` command, which may be leveraged by Kayobe.
See the :kolla-ansible-doc:`Kolla Ansible documentation
<reference/deployment-and-bootstrapping/bootstrap-servers.html>`
for more information on the functions performed by this command, and how to
configure it.
Note that from the Ussuri release, Kayobe creates a user account for Kolla
Ansible rather than this being done by Kolla Ansible during
``bootstrap-servers``. See :ref:`configuration-kolla-ansible-user-creation` for
details.
Kolla-Ansible Remote Virtual Environment Kolla-Ansible Remote Virtual Environment
======================================== ========================================
*tags:* *tags:*
@ -1023,9 +1023,6 @@ Docker Engine
*tags:* *tags:*
| ``docker`` | ``docker``
Docker engine configuration is applied by both Kayobe and Kolla Ansible (during
bootstrap-servers).
The ``docker_storage_driver`` variable sets the Docker storage driver, and by The ``docker_storage_driver`` variable sets the Docker storage driver, and by
default the ``overlay2`` driver is used. If using the ``devicemapper`` driver, default the ``overlay2`` driver is used. If using the ``devicemapper`` driver,
see :ref:`configuration-hosts-lvm` for information about configuring LVM for see :ref:`configuration-hosts-lvm` for information about configuring LVM for
@ -1276,3 +1273,65 @@ The following example defines a 1GiB swap file that will be created at
compute_swap: compute_swap:
- path: /swapfile - path: /swapfile
size_mb: 1024 size_mb: 1024
AppArmor for the libvirt container
==================================
*tags:*
| ``apparmor-libvirt``
.. note::
Prior to the Yoga release, this was handled by the ``kolla-ansible
bootstrap-servers`` command.
On Ubuntu systems running the ``nova_libvirt`` Kolla container, AppArmor rules
for libvirt are disabled.
Adding entries to /etc/hosts
============================
*tags:*
| ``etc-hosts``
.. note::
Prior to the Yoga release, this was handled by the ``kolla-ansible
bootstrap-servers`` command.
Since Yoga, Kayobe adds entries to ``/etc/hosts`` for all hosts in the
``overcloud`` group. The entries map the hostname and FQDN of a host to its IP
address on the internal API network. This may be avoided as follows:
.. code-block:: yaml
customize_etc_hosts: false
By default, each host gets an entry for every other host in the ``overcloud``
group by default. The list of hosts that will be added may be customised:
.. code-block:: yaml
etc_hosts_hosts: "{{ groups['compute'] }}"
It should be noted that this functionality requires facts to be populated for
all hosts that will be added to any ``/etc/hosts`` file. When using the
``--limit`` argument, Kayobe will gather facts for all hosts without facts,
including those outside of the limit. Enabling fact caching for Kayobe may
reduce the impact of this. This fact gathering process may be avoided as
follows:
.. code-block:: yaml
etc_hosts_gather_facts: false
Installing packages required by Kolla Ansible
=============================================
*tags:*
| ``kolla-packages``
.. note::
Prior to the Yoga release, this was handled by the ``kolla-ansible
bootstrap-servers`` command.
A small number of packages are required to be installed on the hosts for Kolla
Ansible and the services that it deploys, while some others must be removed.

View File

@ -424,8 +424,7 @@ class PhysicalNetworkConfigure(KayobeAnsibleMixin, VaultMixin, Command):
extra_vars=extra_vars) extra_vars=extra_vars)
class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, class SeedHypervisorHostConfigure(KayobeAnsibleMixin, VaultMixin, Command):
VaultMixin, Command):
"""Configure the seed hypervisor node host OS and services. """Configure the seed hypervisor node host OS and services.
* Allocate IP addresses for all configured networks. * Allocate IP addresses for all configured networks.
@ -572,8 +571,7 @@ class SeedVMDeprovision(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
_get_playbook_path("seed-vm-deprovision")) _get_playbook_path("seed-vm-deprovision"))
class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin, class SeedHostConfigure(KayobeAnsibleMixin, VaultMixin, Command):
Command):
"""Configure the seed node host OS and services. """Configure the seed node host OS and services.
* Allocate IP addresses for all configured networks. * Allocate IP addresses for all configured networks.
@ -619,27 +617,12 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed") self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed")
# Run kayobe playbooks. # Run kayobe playbooks.
kwargs = {} extra_vars = {"kayobe_action": "deploy"}
if parsed_args.wipe_disks: if parsed_args.wipe_disks:
kwargs["extra_vars"] = {"wipe_disks": True} extra_vars["wipe_disks"] = True
playbooks = _build_playbook_list("seed-host-configure") playbooks = _build_playbook_list("seed-host-configure")
self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed", self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed",
**kwargs) extra_vars=extra_vars)
self.generate_kolla_ansible_config(parsed_args, service_config=False)
# Run kolla-ansible bootstrap-servers.
self.run_kolla_ansible_seed(parsed_args, "bootstrap-servers")
# Run final kayobe playbooks.
playbooks = _build_playbook_list("docker")
self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed")
# Optionally, deploy a Docker Registry.
playbooks = _build_playbook_list("docker-registry")
extra_vars = {"kayobe_action": "deploy"}
self.run_kayobe_playbooks(parsed_args, playbooks,
extra_vars=extra_vars, limit="seed")
class SeedHostPackageUpdate(KayobeAnsibleMixin, VaultMixin, Command): class SeedHostPackageUpdate(KayobeAnsibleMixin, VaultMixin, Command):
@ -689,8 +672,7 @@ class SeedHostCommandRun(KayobeAnsibleMixin, VaultMixin, Command):
extra_vars=extra_vars) extra_vars=extra_vars)
class SeedHostUpgrade(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin, class SeedHostUpgrade(KayobeAnsibleMixin, VaultMixin, Command):
Command):
"""Upgrade the seed host services. """Upgrade the seed host services.
Performs the changes necessary to make the host services suitable for the Performs the changes necessary to make the host services suitable for the
@ -879,8 +861,7 @@ class InfraVMDeprovision(KayobeAnsibleMixin, VaultMixin, Command):
ignore_limit=True, extra_vars=extra_vars) ignore_limit=True, extra_vars=extra_vars)
class InfraVMHostConfigure(KayobeAnsibleMixin, VaultMixin, class InfraVMHostConfigure(KayobeAnsibleMixin, VaultMixin, Command):
Command):
"""Configure the infra VMs host OS and services. """Configure the infra VMs host OS and services.
* Allocate IP addresses for all configured networks. * Allocate IP addresses for all configured networks.
@ -1126,8 +1107,7 @@ class OvercloudFactsGather(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
self.run_kolla_ansible_overcloud(parsed_args, "gather-facts") self.run_kolla_ansible_overcloud(parsed_args, "gather-facts")
class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin, class OvercloudHostConfigure(KayobeAnsibleMixin, VaultMixin, Command):
Command):
"""Configure the overcloud host OS and services. """Configure the overcloud host OS and services.
* Allocate IP addresses for all configured networks. * Allocate IP addresses for all configured networks.
@ -1179,16 +1159,6 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
self.run_kayobe_playbooks(parsed_args, playbooks, limit="overcloud", self.run_kayobe_playbooks(parsed_args, playbooks, limit="overcloud",
**kwargs) **kwargs)
self.generate_kolla_ansible_config(parsed_args, service_config=False)
# Kolla-ansible bootstrap-servers.
self.run_kolla_ansible_overcloud(parsed_args, "bootstrap-servers")
# Further kayobe playbooks.
playbooks = _build_playbook_list(
"docker", "swift-block-devices", "compute-libvirt-host")
self.run_kayobe_playbooks(parsed_args, playbooks, limit="overcloud")
class OvercloudHostPackageUpdate(KayobeAnsibleMixin, VaultMixin, Command): class OvercloudHostPackageUpdate(KayobeAnsibleMixin, VaultMixin, Command):
"""Update packages on the overcloud hosts.""" """Update packages on the overcloud hosts."""
@ -1237,8 +1207,7 @@ class OvercloudHostCommandRun(KayobeAnsibleMixin, VaultMixin, Command):
extra_vars=extra_vars) extra_vars=extra_vars)
class OvercloudHostUpgrade(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin, class OvercloudHostUpgrade(KayobeAnsibleMixin, VaultMixin, Command):
Command):
"""Upgrade the overcloud host services. """Upgrade the overcloud host services.
Performs the changes necessary to make the host services suitable for the Performs the changes necessary to make the host services suitable for the

View File

@ -482,9 +482,7 @@ class TestCase(unittest.TestCase):
@mock.patch.object(commands.KayobeAnsibleMixin, @mock.patch.object(commands.KayobeAnsibleMixin,
"run_kayobe_playbooks") "run_kayobe_playbooks")
@mock.patch.object(commands.KollaAnsibleMixin, def test_seed_host_configure(self, mock_run):
"run_kolla_ansible_seed")
def test_seed_host_configure(self, mock_kolla_run, mock_run):
command = commands.SeedHostConfigure(TestApp(), []) command = commands.SeedHostConfigure(TestApp(), [])
parser = command.get_parser("test") parser = command.get_parser("test")
parsed_args = parser.parse_args([]) parsed_args = parser.parse_args([])
@ -505,45 +503,14 @@ class TestCase(unittest.TestCase):
"ansible", "seed-host-configure.yml"), "ansible", "seed-host-configure.yml"),
], ],
limit="seed", limit="seed",
), extra_vars={"kayobe_action": "deploy"},
mock.call(
mock.ANY,
[utils.get_data_files_path("ansible", "kolla-ansible.yml")],
tags="config",
ignore_limit=True,
),
mock.call(
mock.ANY,
[
utils.get_data_files_path("ansible", "docker.yml"),
],
limit="seed",
),
mock.call(
mock.ANY,
[
utils.get_data_files_path("ansible",
"docker-registry.yml"),
],
limit="seed",
extra_vars={'kayobe_action': 'deploy'},
), ),
] ]
self.assertListEqual(expected_calls, mock_run.call_args_list) self.assertListEqual(expected_calls, mock_run.call_args_list)
expected_calls = [
mock.call(
mock.ANY,
"bootstrap-servers",
),
]
self.assertListEqual(expected_calls, mock_kolla_run.call_args_list)
@mock.patch.object(commands.KayobeAnsibleMixin, @mock.patch.object(commands.KayobeAnsibleMixin,
"run_kayobe_playbooks") "run_kayobe_playbooks")
@mock.patch.object(commands.KollaAnsibleMixin, def test_seed_host_configure_wipe_disks(self, mock_run):
"run_kolla_ansible_seed")
def test_seed_host_configure_wipe_disks(self, mock_kolla_run, mock_run):
command = commands.SeedHostConfigure(TestApp(), []) command = commands.SeedHostConfigure(TestApp(), [])
parser = command.get_parser("test") parser = command.get_parser("test")
parsed_args = parser.parse_args(["--wipe-disks"]) parsed_args = parser.parse_args(["--wipe-disks"])
@ -564,43 +531,13 @@ class TestCase(unittest.TestCase):
"ansible", "seed-host-configure.yml"), "ansible", "seed-host-configure.yml"),
], ],
limit="seed", limit="seed",
extra_vars={"wipe_disks": True}, extra_vars={"kayobe_action": "deploy", "wipe_disks": True},
),
mock.call(
mock.ANY,
[utils.get_data_files_path("ansible", "kolla-ansible.yml")],
tags="config",
ignore_limit=True,
),
mock.call(
mock.ANY,
[
utils.get_data_files_path("ansible", "docker.yml"),
],
limit="seed",
),
mock.call(
mock.ANY,
[
utils.get_data_files_path("ansible",
"docker-registry.yml"),
],
limit="seed",
extra_vars={'kayobe_action': 'deploy'},
), ),
] ]
print(expected_calls) print(expected_calls)
print(mock_run.call_args_list) print(mock_run.call_args_list)
self.assertListEqual(expected_calls, mock_run.call_args_list) self.assertListEqual(expected_calls, mock_run.call_args_list)
expected_calls = [
mock.call(
mock.ANY,
"bootstrap-servers",
),
]
self.assertListEqual(expected_calls, mock_kolla_run.call_args_list)
@mock.patch.object(commands.KayobeAnsibleMixin, @mock.patch.object(commands.KayobeAnsibleMixin,
"run_kayobe_playbooks") "run_kayobe_playbooks")
def test_seed_host_command_run(self, mock_run): def test_seed_host_command_run(self, mock_run):
@ -1293,9 +1230,7 @@ class TestCase(unittest.TestCase):
@mock.patch.object(commands.KayobeAnsibleMixin, @mock.patch.object(commands.KayobeAnsibleMixin,
"run_kayobe_playbooks") "run_kayobe_playbooks")
@mock.patch.object(commands.KollaAnsibleMixin, def test_overcloud_host_configure(self, mock_run):
"run_kolla_ansible_overcloud")
def test_overcloud_host_configure(self, mock_kolla_run, mock_run):
command = commands.OvercloudHostConfigure(TestApp(), []) command = commands.OvercloudHostConfigure(TestApp(), [])
parser = command.get_parser("test") parser = command.get_parser("test")
parsed_args = parser.parse_args([]) parsed_args = parser.parse_args([])
@ -1317,40 +1252,12 @@ class TestCase(unittest.TestCase):
], ],
limit="overcloud", limit="overcloud",
), ),
mock.call(
mock.ANY,
[utils.get_data_files_path("ansible", "kolla-ansible.yml")],
tags="config",
ignore_limit=True,
),
mock.call(
mock.ANY,
[
utils.get_data_files_path("ansible", "docker.yml"),
utils.get_data_files_path(
"ansible", "swift-block-devices.yml"),
utils.get_data_files_path(
"ansible", "compute-libvirt-host.yml"),
],
limit="overcloud",
),
] ]
self.assertListEqual(expected_calls, mock_run.call_args_list) self.assertListEqual(expected_calls, mock_run.call_args_list)
expected_calls = [
mock.call(
mock.ANY,
"bootstrap-servers",
),
]
self.assertListEqual(expected_calls, mock_kolla_run.call_args_list)
@mock.patch.object(commands.KayobeAnsibleMixin, @mock.patch.object(commands.KayobeAnsibleMixin,
"run_kayobe_playbooks") "run_kayobe_playbooks")
@mock.patch.object(commands.KollaAnsibleMixin, def test_overcloud_host_configure_wipe_disks(self, mock_run):
"run_kolla_ansible_overcloud")
def test_overcloud_host_configure_wipe_disks(self, mock_kolla_run,
mock_run):
command = commands.OvercloudHostConfigure(TestApp(), []) command = commands.OvercloudHostConfigure(TestApp(), [])
parser = command.get_parser("test") parser = command.get_parser("test")
parsed_args = parser.parse_args(["--wipe-disks"]) parsed_args = parser.parse_args(["--wipe-disks"])
@ -1373,34 +1280,9 @@ class TestCase(unittest.TestCase):
limit="overcloud", limit="overcloud",
extra_vars={"wipe_disks": True}, extra_vars={"wipe_disks": True},
), ),
mock.call(
mock.ANY,
[utils.get_data_files_path("ansible", "kolla-ansible.yml")],
tags="config",
ignore_limit=True,
),
mock.call(
mock.ANY,
[
utils.get_data_files_path("ansible", "docker.yml"),
utils.get_data_files_path(
"ansible", "swift-block-devices.yml"),
utils.get_data_files_path(
"ansible", "compute-libvirt-host.yml"),
],
limit="overcloud",
),
] ]
self.assertListEqual(expected_calls, mock_run.call_args_list) self.assertListEqual(expected_calls, mock_run.call_args_list)
expected_calls = [
mock.call(
mock.ANY,
"bootstrap-servers",
),
]
self.assertListEqual(expected_calls, mock_kolla_run.call_args_list)
@mock.patch.object(commands.KayobeAnsibleMixin, @mock.patch.object(commands.KayobeAnsibleMixin,
"run_kayobe_playbooks") "run_kayobe_playbooks")
def test_overcloud_host_command_run(self, mock_run): def test_overcloud_host_command_run(self, mock_run):

View File

@ -3,6 +3,7 @@
environment: environment:
KAYOBE_CONFIG_SOURCE_PATH: "{{ kayobe_config_src_dir }}" KAYOBE_CONFIG_SOURCE_PATH: "{{ kayobe_config_src_dir }}"
KAYOBE_OVERCLOUD_GENERATE_CERTIFICATES: "{{ tls_enabled | ternary(1, 0) }}" KAYOBE_OVERCLOUD_GENERATE_CERTIFICATES: "{{ tls_enabled | ternary(1, 0) }}"
KAYOBE_VAULT_PASSWORD: 'test-password'
# TODO(mgoddard): Remove this when libvirt on host is used by default. # TODO(mgoddard): Remove this when libvirt on host is used by default.
TENKS_CONFIG_PATH: "dev/tenks-deploy-config-compute{% if tls_enabled %}-libvirt-on-host{% endif %}.yml" TENKS_CONFIG_PATH: "dev/tenks-deploy-config-compute{% if tls_enabled %}-libvirt-on-host{% endif %}.yml"
tasks: tasks:
@ -11,6 +12,16 @@
cmd: "{{ kayobe_src_dir }}/dev/overcloud-deploy.sh &> {{ logs_dir }}/ansible/overcloud-deploy" cmd: "{{ kayobe_src_dir }}/dev/overcloud-deploy.sh &> {{ logs_dir }}/ansible/overcloud-deploy"
executable: /bin/bash executable: /bin/bash
# Check that passwords are Vault encrypted.
- name: View passwords.yml using Ansible Vault
vars:
kayobe_venv: "{{ ansible_env.HOME }}/kayobe-venv"
command: >-
{{ kayobe_venv }}/bin/ansible-vault
view
--vault-password-file {{ kayobe_venv }}/bin/kayobe-vault-password-helper
{{ kayobe_config_src_dir }}/etc/kayobe/kolla/passwords.yml
- name: Ensure test Tenks cluster is deployed - name: Ensure test Tenks cluster is deployed
shell: shell:
# Pass absolute source directory, since otherwise the `chdir` will # Pass absolute source directory, since otherwise the `chdir` will

View File

@ -6,7 +6,6 @@
KAYOBE_OVERCLOUD_CONTAINER_IMAGE_PULL: 0 KAYOBE_OVERCLOUD_CONTAINER_IMAGE_PULL: 0
KAYOBE_OVERCLOUD_SERVICE_DEPLOY: 0 KAYOBE_OVERCLOUD_SERVICE_DEPLOY: 0
KAYOBE_OVERCLOUD_POST_CONFIGURE: 0 KAYOBE_OVERCLOUD_POST_CONFIGURE: 0
KAYOBE_VAULT_PASSWORD: 'test-password'
vars: vars:
testinfra_venv: ~/testinfra-venv testinfra_venv: ~/testinfra-venv
test_path: "{{ kayobe_src_dir }}/playbooks/kayobe-overcloud-host-configure-base/tests/" test_path: "{{ kayobe_src_dir }}/playbooks/kayobe-overcloud-host-configure-base/tests/"
@ -30,13 +29,3 @@
command: "{{ testinfra_venv }}/bin/py.test {{ test_path }} --html={{ logs_dir }}/test-results.html --self-contained-html" command: "{{ testinfra_venv }}/bin/py.test {{ test_path }} --html={{ logs_dir }}/test-results.html --self-contained-html"
environment: environment:
SITE_MIRROR_FQDN: "{{ zuul_site_mirror_fqdn }}" SITE_MIRROR_FQDN: "{{ zuul_site_mirror_fqdn }}"
# Check that passwords are Vault encrypted.
- name: Decrypt passwords.yml using Ansible Vault
vars:
kayobe_venv: "{{ ansible_env.HOME }}/kayobe-venv"
command: >-
{{ kayobe_venv }}/bin/ansible-vault
decrypt
--vault-password-file {{ kayobe_venv }}/bin/kayobe-vault-password-helper
{{ kayobe_config_src_dir }}/etc/kayobe/kolla/passwords.yml

View File

@ -0,0 +1,8 @@
---
- hosts: all
tasks:
- name: Update kayobe requirements.yml
include_role:
name: kayobe-galaxy-requirements
vars:
kayobe_galaxy_requirements_src_dir: "{{ kayobe_src_dir }}"

View File

@ -0,0 +1,63 @@
---
features:
- |
Improves failure handling in the ``kayobe * host configure`` commands by
avoiding use of the ``kolla-ansible bootstrap-servers`` command, and moving
all relevant functionality to Kayobe playbooks. This ensures that
if a host fails during a host configuration command, other hosts are able
to continue to completion. This is useful at scale, where host failures
occur more frequently. See `story 2009854
<https://storyboard.openstack.org/#!/story/2009854>`__ for details. Refer
to the upgrade notes for information about the implications of this change.
upgrade:
- |
The ``kayobe * host configure`` commands no longer use the ``kolla-ansible
bootstrap-servers`` command, and associated ``baremetal`` role in Kolla
Ansible. The functionality provided by the ``baremetal`` role has been
extracted into a new ``openstack.kolla`` Ansible collection, and split into
separate roles. This allows Kayobe to use it directly, and only the
necessary parts.
This change improves failure handling in these Kayobe commands, and aims to
reduce confusion over which ``--limit`` and ``--tags`` arguments to
provide.
This change has implications for configuration of Kayobe, since some
variables that were previously in Kolla Ansible are now in Kayobe. The
following is an incomplete list of variables that have changed scoped from
Kolla Ansible to Kayobe::
* ``enable_docker_repo``
* ``docker_apt_url``
* ``docker_apt_repo``
* ``docker_apt_key_file``
* ``docker_apt_key_id``
* ``docker_apt_package``
* ``docker_yum_url``
* ``docker_yum_baseurl``
* ``docker_yum_gpgkey``
* ``docker_yum_gpgcheck``
* ``docker_yum_package``
* ``customize_etc_hosts``
* ``docker_storage_driver``
* ``docker_custom_option``
* ``docker_custom_config``
* ``docker_http_proxy``
* ``docker_https_proxy``
* ``docker_no_proxy``
* ``debian_pkg_install``
* ``redhat_pkg_install``
* ``ubuntu_pkg_removals``
* ``redhat_pkg_removals``
The following Kolla Ansible variables are no longer relevant::
* ``create_kolla_user``
* ``create_kolla_user_sudoers``
* ``kolla_user``
* ``kolla_group``
* ``change_selinux``
* ``selinux_state``
* ``host_python_version``
* ``virtualenv``
* ``virtualenv_site_packages``

View File

@ -77,9 +77,13 @@ commands = /bin/bash -c "ansible-lint {toxinidir}/ansible/*.yml"
[testenv:ansible-syntax] [testenv:ansible-syntax]
commands = commands =
# Install ansible role dependencies from Galaxy. # Install ansible role dependencies from Galaxy.
bash {toxinidir}/tools/ansible-galaxy-retried.sh install \ bash {toxinidir}/tools/ansible-galaxy-retried.sh role install \
-r {toxinidir}/requirements.yml \ -r {toxinidir}/requirements.yml \
-p {toxinidir}/ansible/roles -p {toxinidir}/ansible/roles
# Install ansible collection dependencies from Galaxy.
bash {toxinidir}/tools/ansible-galaxy-retried.sh collection install \
-r {toxinidir}/requirements.yml \
-p {toxinidir}/ansible/collections
# Perform an Ansible syntax check. Skip some playbooks which require extra # Perform an Ansible syntax check. Skip some playbooks which require extra
# variables to be defined. # variables to be defined.
bash -c \ bash -c \

View File

@ -4,8 +4,13 @@
description: | description: |
Tox job that checks Ansible playbook syntax. Tox job that checks Ansible playbook syntax.
parent: openstack-tox parent: openstack-tox
pre-run: playbooks/kayobe-tox-ansible-syntax/pre.yml
required-projects:
- name: openstack/ansible-collection-kolla
vars: vars:
tox_envlist: ansible-syntax tox_envlist: ansible-syntax
ansible_collection_kolla_src_dir: "{{ ansible_env.PWD ~ '/' ~ zuul.projects['opendev.org/openstack/ansible-collection-kolla'].src_dir }}"
kayobe_src_dir: "{{ ansible_env.PWD ~ '/' ~ zuul.projects['opendev.org/openstack/kayobe'].src_dir }}"
irrelevant-files: irrelevant-files:
- ^.*\.rst$ - ^.*\.rst$
- ^doc/.* - ^doc/.*