Stop using kolla-ansible bootstrap-servers
The 'kayobe * host configure' commands no longer use the 'kolla-ansible bootstrap-servers' command, and associated 'baremetal' role in Kolla Ansible. The functionality provided by the 'baremetal' role has been extracted into the openstack.kolla Ansible collection, and split into separate roles. This allows Kayobe to use it directly, and only the necessary parts. This change improves failure handling in these Kayobe commands, and aims to reduce confusion over which '--limit' and '--tags' arguments to provide. This ensures that if a host fails during a host configuration command, other hosts are able to continue to completion. Previously, if any host failed during the Kayobe playbooks, the 'kolla-ansible bootstrap-servers' command would not run. This is useful at scale, where host failures occur more frequently. This change has implications for configuration of Kayobe, since some variables that were previously in Kolla Ansible are now in Kayobe. Several parts of the baremetal role have been split out and used here: * apparmor-libvirt: disable AppArmor rules for libvirt on Ubuntu. * docker: Docker installation & configuration. The docker role in openstack.kolla combines functionality from kolla-ansible and kayobe. * etc-hosts: it proved difficult to generalise this, so we have some almost duplicated the code from kolla-ansible here. Requires delegated fact gathering for the case when --limit is used. * firewall: support to disable UFW, for feature parity. * kolla-packages: miscellaneous package installs & removals. The addition of the stack user to the docker group has been moved to the user bootstrapping playbook, and the docker SDK installation has been moved to the virtualenv setup playbook. Depends-On: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/829587 Story: 2009854 Task: 44505 Change-Id: I61a61ca59652b13687c2247d5881012b51f666a7
This commit is contained in:
parent
137e64b57c
commit
c9f8d80ba6
3
.gitignore
vendored
3
.gitignore
vendored
@ -56,8 +56,9 @@ ChangeLog
|
|||||||
ansible/*.retry
|
ansible/*.retry
|
||||||
ansible/roles/*/tests/*.retry
|
ansible/roles/*/tests/*.retry
|
||||||
|
|
||||||
# Ansible Galaxy roles
|
# Ansible Galaxy roles & collections
|
||||||
ansible/roles/*\.*/
|
ansible/roles/*\.*/
|
||||||
|
ansible/collections/
|
||||||
|
|
||||||
# Virtualenvs
|
# Virtualenvs
|
||||||
ansible/kolla-venv/
|
ansible/kolla-venv/
|
||||||
|
21
ansible/apparmor-libvirt.yml
Normal file
21
ansible/apparmor-libvirt.yml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
- name: Ensure AppArmor is disabled for containerised libvirt
|
||||||
|
hosts: compute
|
||||||
|
tags:
|
||||||
|
- apparmor-libvirt
|
||||||
|
vars:
|
||||||
|
# kolla_overcloud_inventory_top_level_group_map looks like:
|
||||||
|
# kolla_overcloud_inventory_top_level_group_map:
|
||||||
|
# control:
|
||||||
|
# groups:
|
||||||
|
# - controllers
|
||||||
|
hosts_in_kolla_inventory: >-
|
||||||
|
{{ kolla_overcloud_inventory_top_level_group_map.values() |
|
||||||
|
map(attribute='groups') | flatten | unique | join(':') }}
|
||||||
|
tasks:
|
||||||
|
- name: Include openstack.kolla.apparmor_libvirt role
|
||||||
|
include_role:
|
||||||
|
name: openstack.kolla.apparmor_libvirt
|
||||||
|
when:
|
||||||
|
- inventory_hostname in query('inventory_hostnames', hosts_in_kolla_inventory)
|
||||||
|
- ansible_facts.distribution == "Ubuntu"
|
@ -3,7 +3,12 @@
|
|||||||
hosts: docker
|
hosts: docker
|
||||||
tags:
|
tags:
|
||||||
- docker
|
- docker
|
||||||
vars:
|
tasks:
|
||||||
- docker_upper_constraints_file: "{{ pip_upper_constraints_file }}"
|
- import_role:
|
||||||
roles:
|
name: docker
|
||||||
- role: docker
|
vars:
|
||||||
|
docker_daemon_mtu: "{{ public_net_name | net_mtu | default }}"
|
||||||
|
docker_configure_for_zun: "{{ kolla_enable_zun | bool }}"
|
||||||
|
docker_http_proxy: "{{ kolla_http_proxy }}"
|
||||||
|
docker_https_proxy: "{{ kolla_https_proxy }}"
|
||||||
|
docker_no_proxy: "{{ kolla_no_proxy | select | join(',') }}"
|
||||||
|
15
ansible/etc-hosts.yml
Normal file
15
ansible/etc-hosts.yml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
- name: Ensure /etc/hosts is configured
|
||||||
|
hosts: overcloud
|
||||||
|
tags:
|
||||||
|
- etc-hosts
|
||||||
|
tasks:
|
||||||
|
# NOTE(mgoddard): Need to ensure that all hosts have facts available.
|
||||||
|
- import_role:
|
||||||
|
name: gather-facts-delegated
|
||||||
|
tags:
|
||||||
|
- gather-facts-delegated
|
||||||
|
when: etc_hosts_gather_facts | default(true)
|
||||||
|
|
||||||
|
- import_role:
|
||||||
|
name: etc-hosts
|
@ -6,6 +6,5 @@
|
|||||||
- firewall
|
- firewall
|
||||||
tasks:
|
tasks:
|
||||||
- name: Configure firewalld
|
- name: Configure firewalld
|
||||||
include_role:
|
import_role:
|
||||||
name: "firewalld"
|
name: "firewalld"
|
||||||
|
|
||||||
|
@ -26,3 +26,9 @@ docker_registry:
|
|||||||
|
|
||||||
# CA of docker registry
|
# CA of docker registry
|
||||||
docker_registry_ca:
|
docker_registry_ca:
|
||||||
|
|
||||||
|
# List of Docker registry mirrors.
|
||||||
|
docker_registry_mirrors: []
|
||||||
|
|
||||||
|
# Enable live-restore on docker daemon
|
||||||
|
docker_daemon_live_restore: false
|
||||||
|
@ -70,9 +70,11 @@
|
|||||||
ansible_python_interpreter: /usr/bin/python3
|
ansible_python_interpreter: /usr/bin/python3
|
||||||
roles:
|
roles:
|
||||||
- role: singleplatform-eng.users
|
- role: singleplatform-eng.users
|
||||||
|
groups_to_create: "{{ [{'name': 'docker'}] if 'docker' in group_names else [] }}"
|
||||||
users:
|
users:
|
||||||
- username: "{{ kayobe_ansible_user }}"
|
- username: "{{ kayobe_ansible_user }}"
|
||||||
name: Kayobe deployment user
|
name: Kayobe deployment user
|
||||||
|
groups: "{{ ['docker'] if 'docker' in group_names else [] }}"
|
||||||
append: True
|
append: True
|
||||||
ssh_key:
|
ssh_key:
|
||||||
- "{{ lookup('file', ssh_public_key_path) }}"
|
- "{{ lookup('file', ssh_public_key_path) }}"
|
||||||
|
@ -100,3 +100,14 @@
|
|||||||
state: present
|
state: present
|
||||||
become: True
|
become: True
|
||||||
when: virtualenv is not defined
|
when: virtualenv is not defined
|
||||||
|
|
||||||
|
- name: Ensure kolla-ansible virtualenv has docker SDK for python installed
|
||||||
|
pip:
|
||||||
|
name: docker
|
||||||
|
state: latest
|
||||||
|
virtualenv: "{{ virtualenv | default(omit) }}"
|
||||||
|
extra_args: "{% if docker_upper_constraints_file %}-c {{ docker_upper_constraints_file }}{% endif %}"
|
||||||
|
become: "{{ virtualenv is not defined }}"
|
||||||
|
vars:
|
||||||
|
docker_upper_constraints_file: "{{ pip_upper_constraints_file }}"
|
||||||
|
when: "'docker' in group_names"
|
||||||
|
@ -107,7 +107,6 @@
|
|||||||
kolla_inspector_extra_kernel_options: "{{ inspector_extra_kernel_options }}"
|
kolla_inspector_extra_kernel_options: "{{ inspector_extra_kernel_options }}"
|
||||||
kolla_libvirt_tls: "{{ compute_libvirt_enable_tls | bool }}"
|
kolla_libvirt_tls: "{{ compute_libvirt_enable_tls | bool }}"
|
||||||
kolla_enable_host_ntp: false
|
kolla_enable_host_ntp: false
|
||||||
docker_daemon_mtu: "{{ public_net_name | net_mtu | default }}"
|
|
||||||
kolla_globals_paths_extra:
|
kolla_globals_paths_extra:
|
||||||
- "{{ kayobe_config_path }}"
|
- "{{ kayobe_config_path }}"
|
||||||
- "{{ kayobe_env_config_path }}"
|
- "{{ kayobe_env_config_path }}"
|
||||||
|
22
ansible/kolla-packages.yml
Normal file
22
ansible/kolla-packages.yml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
---
|
||||||
|
- name: Ensure Kolla Ansible packages are installed
|
||||||
|
hosts: overcloud
|
||||||
|
tags:
|
||||||
|
- kolla-packages
|
||||||
|
vars:
|
||||||
|
# kolla_overcloud_inventory_top_level_group_map looks like:
|
||||||
|
# kolla_overcloud_inventory_top_level_group_map:
|
||||||
|
# control:
|
||||||
|
# groups:
|
||||||
|
# - controllers
|
||||||
|
hosts_in_kolla_inventory: >-
|
||||||
|
{{ kolla_overcloud_inventory_top_level_group_map.values() |
|
||||||
|
map(attribute='groups') | flatten | unique | join(':') }}
|
||||||
|
tasks:
|
||||||
|
- name: Include openstack.kolla.packages role
|
||||||
|
include_role:
|
||||||
|
name: openstack.kolla.packages
|
||||||
|
vars:
|
||||||
|
enable_multipathd: "{{ kolla_enable_multipathd | bool }}"
|
||||||
|
when:
|
||||||
|
- inventory_hostname in query('inventory_hostnames', hosts_in_kolla_inventory)
|
@ -1,31 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Ensure docker SDK for python is installed
|
|
||||||
hosts: overcloud
|
|
||||||
tags:
|
|
||||||
- docker-sdk-upgrade
|
|
||||||
tasks:
|
|
||||||
# Docker renamed their python SDK from docker-py to docker in the 2.0.0
|
|
||||||
# release, and also broke backwards compatibility. Kolla-ansible requires
|
|
||||||
# docker, so ensure it is installed.
|
|
||||||
- name: Set a fact about the virtualenv on the remote system
|
|
||||||
set_fact:
|
|
||||||
virtualenv: "{{ ansible_python_interpreter | dirname | dirname }}"
|
|
||||||
when:
|
|
||||||
- ansible_python_interpreter is defined
|
|
||||||
- not ansible_python_interpreter.startswith('/bin/')
|
|
||||||
- not ansible_python_interpreter.startswith('/usr/bin/')
|
|
||||||
|
|
||||||
- name: Ensure legacy docker-py python package is uninstalled
|
|
||||||
pip:
|
|
||||||
name: docker-py
|
|
||||||
state: absent
|
|
||||||
virtualenv: "{{ virtualenv is defined | ternary(virtualenv, omit) }}"
|
|
||||||
become: "{{ virtualenv is not defined }}"
|
|
||||||
|
|
||||||
- name: Ensure docker SDK for python is installed
|
|
||||||
pip:
|
|
||||||
name: docker
|
|
||||||
state: latest
|
|
||||||
extra_args: "{% if pip_upper_constraints_file %}-c {{ pip_upper_constraints_file }}{% endif %}"
|
|
||||||
virtualenv: "{{ virtualenv is defined | ternary(virtualenv, omit) }}"
|
|
||||||
become: "{{ virtualenv is not defined }}"
|
|
@ -12,6 +12,7 @@
|
|||||||
- import_playbook: "selinux.yml"
|
- import_playbook: "selinux.yml"
|
||||||
- import_playbook: "network.yml"
|
- import_playbook: "network.yml"
|
||||||
- import_playbook: "firewall.yml"
|
- import_playbook: "firewall.yml"
|
||||||
|
- import_playbook: "etc-hosts.yml"
|
||||||
- import_playbook: "tuned.yml"
|
- import_playbook: "tuned.yml"
|
||||||
- import_playbook: "sysctl.yml"
|
- import_playbook: "sysctl.yml"
|
||||||
- import_playbook: "disable-glean.yml"
|
- import_playbook: "disable-glean.yml"
|
||||||
@ -25,3 +26,8 @@
|
|||||||
- import_playbook: "kolla-ansible-user.yml"
|
- import_playbook: "kolla-ansible-user.yml"
|
||||||
- import_playbook: "kolla-pip.yml"
|
- import_playbook: "kolla-pip.yml"
|
||||||
- import_playbook: "kolla-target-venv.yml"
|
- import_playbook: "kolla-target-venv.yml"
|
||||||
|
- import_playbook: "kolla-packages.yml"
|
||||||
|
- import_playbook: "docker.yml"
|
||||||
|
- import_playbook: "apparmor-libvirt.yml"
|
||||||
|
- import_playbook: "swift-block-devices.yml"
|
||||||
|
- import_playbook: "compute-libvirt-host.yml"
|
||||||
|
@ -1,5 +1,4 @@
|
|||||||
---
|
---
|
||||||
- import_playbook: "kayobe-target-venv.yml"
|
- import_playbook: "kayobe-target-venv.yml"
|
||||||
- import_playbook: "kolla-target-venv.yml"
|
- import_playbook: "kolla-target-venv.yml"
|
||||||
- import_playbook: "overcloud-docker-sdk-upgrade.yml"
|
|
||||||
- import_playbook: "overcloud-etc-hosts-fixup.yml"
|
- import_playbook: "overcloud-etc-hosts-fixup.yml"
|
||||||
|
@ -1,10 +1,7 @@
|
|||||||
---
|
---
|
||||||
# URL of docker registry
|
docker_storage_driver: overlay2
|
||||||
docker_registry:
|
docker_storage_volume_group:
|
||||||
|
docker_storage_volume_thinpool:
|
||||||
# CA of docker registry
|
docker_registry_mirrors: []
|
||||||
docker_registry_ca:
|
docker_daemon_mtu: 1500
|
||||||
|
docker_daemon_live_restore: false
|
||||||
# Upper constraints file which is passed to pip when installing packages
|
|
||||||
# into a venv.
|
|
||||||
docker_upper_constraints_file:
|
|
||||||
|
@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
- name: reload docker service
|
|
||||||
service:
|
|
||||||
name: docker
|
|
||||||
state: reloaded
|
|
||||||
become: True
|
|
@ -1,52 +1,5 @@
|
|||||||
---
|
---
|
||||||
- name: Set a fact about the virtualenv on the remote system
|
- import_role:
|
||||||
set_fact:
|
name: openstack.kolla.docker
|
||||||
virtualenv: "{{ ansible_python_interpreter | dirname | dirname }}"
|
vars:
|
||||||
when:
|
docker_custom_config: "{{ lookup('template', 'daemon.json.j2') | to_nice_json | indent(2) }}"
|
||||||
- ansible_python_interpreter is defined
|
|
||||||
- not ansible_python_interpreter.startswith('/bin/')
|
|
||||||
- not ansible_python_interpreter.startswith('/usr/bin/')
|
|
||||||
|
|
||||||
- name: Ensure docker SDK for python is installed
|
|
||||||
pip:
|
|
||||||
name: docker
|
|
||||||
state: latest
|
|
||||||
extra_args: "{% if docker_upper_constraints_file %}-c {{ docker_upper_constraints_file }}{% endif %}"
|
|
||||||
virtualenv: "{{ virtualenv is defined | ternary(virtualenv, omit) }}"
|
|
||||||
become: "{{ virtualenv is not defined }}"
|
|
||||||
|
|
||||||
- name: Ensure user is in the docker group
|
|
||||||
user:
|
|
||||||
name: "{{ ansible_facts.user_id }}"
|
|
||||||
groups: docker
|
|
||||||
append: yes
|
|
||||||
register: group_result
|
|
||||||
become: True
|
|
||||||
|
|
||||||
# After adding the user to the docker group, we need to log out and in again to
|
|
||||||
# pick up the group membership. We do this by resetting the SSH connection.
|
|
||||||
|
|
||||||
- name: Reset connection to activate new group membership
|
|
||||||
meta: reset_connection
|
|
||||||
when: group_result is changed
|
|
||||||
|
|
||||||
- name: Ensure Docker daemon is started
|
|
||||||
service:
|
|
||||||
name: docker
|
|
||||||
state: started
|
|
||||||
become: True
|
|
||||||
|
|
||||||
- name: Ensure the path for CA file for private registry exists
|
|
||||||
file:
|
|
||||||
path: "/etc/docker/certs.d/{{ docker_registry }}"
|
|
||||||
state: directory
|
|
||||||
become: True
|
|
||||||
when: docker_registry is not none and docker_registry_ca is not none
|
|
||||||
|
|
||||||
- name: Ensure the CA file for private registry exists
|
|
||||||
copy:
|
|
||||||
src: "{{ docker_registry_ca }}"
|
|
||||||
dest: "/etc/docker/certs.d/{{ docker_registry }}/ca.crt"
|
|
||||||
become: True
|
|
||||||
when: docker_registry is not none and docker_registry_ca is not none
|
|
||||||
notify: reload docker service
|
|
||||||
|
6
ansible/roles/etc-hosts/defaults/main.yml
Normal file
6
ansible/roles/etc-hosts/defaults/main.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
# Whether to add entries to /etc/hosts.
|
||||||
|
customize_etc_hosts: true
|
||||||
|
|
||||||
|
# List of hosts to add to /etc/hosts.
|
||||||
|
etc_hosts_hosts: "{{ ansible_play_hosts_all }}"
|
56
ansible/roles/etc-hosts/tasks/etc-hosts.yml
Normal file
56
ansible/roles/etc-hosts/tasks/etc-hosts.yml
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
---
|
||||||
|
- name: Ensure localhost in /etc/hosts
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/hosts
|
||||||
|
regexp: "^127.0.0.1.*"
|
||||||
|
line: "127.0.0.1 localhost"
|
||||||
|
state: present
|
||||||
|
become: True
|
||||||
|
|
||||||
|
# NOTE(mgoddard): Ubuntu may include a line in /etc/hosts that makes the local
|
||||||
|
# hostname and fqdn point to 127.0.1.1. This can break
|
||||||
|
# RabbitMQ, which expects the hostname to resolve to the API network address.
|
||||||
|
# Remove the troublesome entry.
|
||||||
|
# see https://bugs.launchpad.net/kolla-ansible/+bug/1837699
|
||||||
|
# and https://bugs.launchpad.net/kolla-ansible/+bug/1862739
|
||||||
|
- name: Ensure hostname does not point to 127.0.1.1 in /etc/hosts
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/hosts
|
||||||
|
regexp: "^127.0.1.1\\b.*\\s{{ ansible_facts.hostname }}\\b"
|
||||||
|
state: absent
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: Generate /etc/hosts for all of the nodes
|
||||||
|
blockinfile:
|
||||||
|
dest: /etc/hosts
|
||||||
|
marker: "# {mark} ANSIBLE GENERATED HOSTS"
|
||||||
|
block: |
|
||||||
|
{% for host in etc_hosts_hosts %}
|
||||||
|
{% if hostvars[host].internal_net_name in hostvars[host].network_interfaces %}
|
||||||
|
{% set hostnames = [hostvars[host].ansible_facts.nodename, hostvars[host].ansible_facts.hostname] %}
|
||||||
|
{{ hostvars[host].internal_net_name | net_ip(inventory_hostname=host) }} {{ hostnames | unique | join(' ') }}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
become: True
|
||||||
|
when:
|
||||||
|
# Skip hosts that do not have a valid internal network interface.
|
||||||
|
- internal_net_name in network_interfaces
|
||||||
|
|
||||||
|
# NOTE(osmanlicilegi): The distribution might come with cloud-init installed, and manage_etc_hosts
|
||||||
|
# configuration enabled. If so, it will override the file /etc/hosts from cloud-init templates at
|
||||||
|
# every boot, which will break RabbitMQ. To prevent this happens, first we check whether cloud-init
|
||||||
|
# has been installed, and then set manage_etc_hosts to false.
|
||||||
|
- name: Check whether cloud-init has been installed, and ensure manage_etc_hosts is disabled
|
||||||
|
block:
|
||||||
|
- name: Ensure /etc/cloud/cloud.cfg exists
|
||||||
|
stat:
|
||||||
|
path: /etc/cloud/cloud.cfg
|
||||||
|
register: cloud_init
|
||||||
|
|
||||||
|
- name: Disable cloud-init manage_etc_hosts
|
||||||
|
copy:
|
||||||
|
content: "manage_etc_hosts: false"
|
||||||
|
dest: /etc/cloud/cloud.cfg.d/99-kolla.cfg
|
||||||
|
mode: "0660"
|
||||||
|
when: cloud_init.stat.exists
|
||||||
|
become: True
|
3
ansible/roles/etc-hosts/tasks/main.yml
Normal file
3
ansible/roles/etc-hosts/tasks/main.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
- include_tasks: etc-hosts.yml
|
||||||
|
when: customize_etc_hosts | bool
|
3
ansible/roles/firewall-debian/defaults/main.yml
Normal file
3
ansible/roles/firewall-debian/defaults/main.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
# Whether to install and enable ufw.
|
||||||
|
ufw_enabled: false
|
9
ansible/roles/firewall-debian/tasks/main.yml
Normal file
9
ansible/roles/firewall-debian/tasks/main.yml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
# TODO(inc0): Gates don't seem to have ufw executable, check for it instead of ignore errors
|
||||||
|
- name: Set firewall default policy
|
||||||
|
become: True
|
||||||
|
ufw:
|
||||||
|
state: disabled
|
||||||
|
policy: allow
|
||||||
|
when: not ufw_enabled | bool
|
||||||
|
ignore_errors: yes
|
8
ansible/roles/gather-facts-delegated/defaults/main.yml
Normal file
8
ansible/roles/gather-facts-delegated/defaults/main.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
gather_facts_delegated_limit_hosts: "{{ ansible_play_hosts_all }}"
|
||||||
|
gather_facts_delegated_batch_index: "{{ gather_facts_delegated_limit_hosts.index(inventory_hostname) }}"
|
||||||
|
gather_facts_delegated_batch_size: "{{ gather_facts_delegated_limit_hosts | length }}"
|
||||||
|
# Use a python list slice to divide the group up.
|
||||||
|
# Syntax: [<start index>:<end index>:<step size>]
|
||||||
|
gather_facts_delegated_delegate_hosts: >-
|
||||||
|
{{ gather_facts_delegated_limit_hosts[gather_facts_delegated_batch_index | int::gather_facts_delegated_batch_size | int] }}
|
10
ansible/roles/gather-facts-delegated/tasks/main.yml
Normal file
10
ansible/roles/gather-facts-delegated/tasks/main.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
- name: Gather facts for all hosts (if using --limit)
|
||||||
|
setup:
|
||||||
|
filter: "{{ kayobe_ansible_setup_filter }}"
|
||||||
|
gather_subset: "{{ kayobe_ansible_setup_gather_subset }}"
|
||||||
|
delegate_facts: True
|
||||||
|
delegate_to: "{{ item }}"
|
||||||
|
with_items: "{{ gather_facts_delegated_delegate_hosts }}"
|
||||||
|
when:
|
||||||
|
- not hostvars[item].ansible_facts
|
@ -299,30 +299,9 @@ kolla_enable_host_ntp:
|
|||||||
###############################################################################
|
###############################################################################
|
||||||
# Docker configuration.
|
# Docker configuration.
|
||||||
|
|
||||||
# Name of the docker storage driver.
|
|
||||||
docker_storage_driver: overlay2
|
|
||||||
|
|
||||||
# Name of the docker storage LVM volume group.
|
|
||||||
docker_storage_volume_group:
|
|
||||||
|
|
||||||
# Name of the docker storage data LVM volume.
|
|
||||||
docker_storage_volume_thinpool:
|
|
||||||
|
|
||||||
# URL of docker registry
|
# URL of docker registry
|
||||||
docker_registry:
|
docker_registry:
|
||||||
|
|
||||||
# CA of docker registry
|
|
||||||
docker_registry_ca:
|
|
||||||
|
|
||||||
# List of Docker registry mirrors.
|
|
||||||
docker_registry_mirrors: []
|
|
||||||
|
|
||||||
# MTU to pass through to containers not using net=host
|
|
||||||
docker_daemon_mtu: 1500
|
|
||||||
|
|
||||||
# Enable live-restore on docker daemon
|
|
||||||
docker_daemon_live_restore: false
|
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Proxy configuration
|
# Proxy configuration
|
||||||
|
|
||||||
|
@ -52,8 +52,6 @@
|
|||||||
sources: "{{ kolla_globals_paths | product(['/kolla/globals.yml']) | map('join') | unique | list }}"
|
sources: "{{ kolla_globals_paths | product(['/kolla/globals.yml']) | map('join') | unique | list }}"
|
||||||
dest: "{{ kolla_config_path }}/globals.yml"
|
dest: "{{ kolla_config_path }}/globals.yml"
|
||||||
mode: 0640
|
mode: 0640
|
||||||
vars:
|
|
||||||
kolla_docker_custom_config: "{{ lookup('template', 'daemon.json.j2') }}"
|
|
||||||
|
|
||||||
- name: Ensure the Kolla seed inventory file exists
|
- name: Ensure the Kolla seed inventory file exists
|
||||||
copy:
|
copy:
|
||||||
|
@ -73,21 +73,6 @@ docker_namespace: "{{ kolla_docker_namespace }}"
|
|||||||
{% if kolla_docker_registry_username %}
|
{% if kolla_docker_registry_username %}
|
||||||
docker_registry_username: "{{ kolla_docker_registry_username }}"
|
docker_registry_username: "{{ kolla_docker_registry_username }}"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
docker_storage_driver: "{{ docker_storage_driver }}"
|
|
||||||
docker_custom_config: {{ kolla_docker_custom_config | to_nice_json | indent(2) }}
|
|
||||||
{% if kolla_docker_registry_insecure | bool %}
|
|
||||||
docker_registry_insecure: "yes"
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if kolla_http_proxy is not none and kolla_http_proxy | length > 0 %}
|
|
||||||
docker_http_proxy: "{{ kolla_http_proxy }}"
|
|
||||||
{% endif %}
|
|
||||||
{% if kolla_https_proxy is not none and kolla_https_proxy | length > 0 %}
|
|
||||||
docker_https_proxy: "{{ kolla_https_proxy }}"
|
|
||||||
{% endif %}
|
|
||||||
{% if kolla_no_proxy is not none and kolla_no_proxy | length > 0 %}
|
|
||||||
docker_no_proxy: "{{ kolla_no_proxy | select | join(',') }}"
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
#docker_configure_for_zun: "no"
|
#docker_configure_for_zun: "no"
|
||||||
|
|
||||||
|
@ -25,3 +25,5 @@
|
|||||||
- import_playbook: "kolla-ansible-user.yml"
|
- import_playbook: "kolla-ansible-user.yml"
|
||||||
- import_playbook: "kolla-pip.yml"
|
- import_playbook: "kolla-pip.yml"
|
||||||
- import_playbook: "kolla-target-venv.yml"
|
- import_playbook: "kolla-target-venv.yml"
|
||||||
|
- import_playbook: "docker.yml"
|
||||||
|
- import_playbook: "docker-registry.yml"
|
||||||
|
@ -561,6 +561,22 @@ In the following example, firewalld is enabled on controllers. ``public`` and
|
|||||||
- service: http
|
- service: http
|
||||||
zone: public
|
zone: public
|
||||||
|
|
||||||
|
UFW
|
||||||
|
===
|
||||||
|
*tags:*
|
||||||
|
| ``firewall``
|
||||||
|
|
||||||
|
Configuration of Uncomplicated Firewall (UFW) on Ubuntu hosts is currently not
|
||||||
|
supported. Instead, UFW is disabled. Since Yoga, this may be avoided as
|
||||||
|
follows:
|
||||||
|
|
||||||
|
.. code-block:: yaml
|
||||||
|
|
||||||
|
ufw_enabled: true
|
||||||
|
|
||||||
|
Note that despite the name, this will not actively enable UFW. It may do so in
|
||||||
|
the future.
|
||||||
|
|
||||||
.. _configuration-hosts-tuned:
|
.. _configuration-hosts-tuned:
|
||||||
|
|
||||||
Tuned
|
Tuned
|
||||||
@ -991,22 +1007,6 @@ custom one.
|
|||||||
create: true
|
create: true
|
||||||
mount: false
|
mount: false
|
||||||
|
|
||||||
Kolla-Ansible bootstrap-servers
|
|
||||||
===============================
|
|
||||||
|
|
||||||
Kolla Ansible provides some host configuration functionality via the
|
|
||||||
``bootstrap-servers`` command, which may be leveraged by Kayobe.
|
|
||||||
|
|
||||||
See the :kolla-ansible-doc:`Kolla Ansible documentation
|
|
||||||
<reference/deployment-and-bootstrapping/bootstrap-servers.html>`
|
|
||||||
for more information on the functions performed by this command, and how to
|
|
||||||
configure it.
|
|
||||||
|
|
||||||
Note that from the Ussuri release, Kayobe creates a user account for Kolla
|
|
||||||
Ansible rather than this being done by Kolla Ansible during
|
|
||||||
``bootstrap-servers``. See :ref:`configuration-kolla-ansible-user-creation` for
|
|
||||||
details.
|
|
||||||
|
|
||||||
Kolla-Ansible Remote Virtual Environment
|
Kolla-Ansible Remote Virtual Environment
|
||||||
========================================
|
========================================
|
||||||
*tags:*
|
*tags:*
|
||||||
@ -1023,9 +1023,6 @@ Docker Engine
|
|||||||
*tags:*
|
*tags:*
|
||||||
| ``docker``
|
| ``docker``
|
||||||
|
|
||||||
Docker engine configuration is applied by both Kayobe and Kolla Ansible (during
|
|
||||||
bootstrap-servers).
|
|
||||||
|
|
||||||
The ``docker_storage_driver`` variable sets the Docker storage driver, and by
|
The ``docker_storage_driver`` variable sets the Docker storage driver, and by
|
||||||
default the ``overlay2`` driver is used. If using the ``devicemapper`` driver,
|
default the ``overlay2`` driver is used. If using the ``devicemapper`` driver,
|
||||||
see :ref:`configuration-hosts-lvm` for information about configuring LVM for
|
see :ref:`configuration-hosts-lvm` for information about configuring LVM for
|
||||||
@ -1276,3 +1273,65 @@ The following example defines a 1GiB swap file that will be created at
|
|||||||
compute_swap:
|
compute_swap:
|
||||||
- path: /swapfile
|
- path: /swapfile
|
||||||
size_mb: 1024
|
size_mb: 1024
|
||||||
|
|
||||||
|
AppArmor for the libvirt container
|
||||||
|
==================================
|
||||||
|
*tags:*
|
||||||
|
| ``apparmor-libvirt``
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
Prior to the Yoga release, this was handled by the ``kolla-ansible
|
||||||
|
bootstrap-servers`` command.
|
||||||
|
|
||||||
|
On Ubuntu systems running the ``nova_libvirt`` Kolla container, AppArmor rules
|
||||||
|
for libvirt are disabled.
|
||||||
|
|
||||||
|
Adding entries to /etc/hosts
|
||||||
|
============================
|
||||||
|
*tags:*
|
||||||
|
| ``etc-hosts``
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
Prior to the Yoga release, this was handled by the ``kolla-ansible
|
||||||
|
bootstrap-servers`` command.
|
||||||
|
|
||||||
|
Since Yoga, Kayobe adds entries to ``/etc/hosts`` for all hosts in the
|
||||||
|
``overcloud`` group. The entries map the hostname and FQDN of a host to its IP
|
||||||
|
address on the internal API network. This may be avoided as follows:
|
||||||
|
|
||||||
|
.. code-block:: yaml
|
||||||
|
|
||||||
|
customize_etc_hosts: false
|
||||||
|
|
||||||
|
By default, each host gets an entry for every other host in the ``overcloud``
|
||||||
|
group by default. The list of hosts that will be added may be customised:
|
||||||
|
|
||||||
|
.. code-block:: yaml
|
||||||
|
|
||||||
|
etc_hosts_hosts: "{{ groups['compute'] }}"
|
||||||
|
|
||||||
|
It should be noted that this functionality requires facts to be populated for
|
||||||
|
all hosts that will be added to any ``/etc/hosts`` file. When using the
|
||||||
|
``--limit`` argument, Kayobe will gather facts for all hosts without facts,
|
||||||
|
including those outside of the limit. Enabling fact caching for Kayobe may
|
||||||
|
reduce the impact of this. This fact gathering process may be avoided as
|
||||||
|
follows:
|
||||||
|
|
||||||
|
.. code-block:: yaml
|
||||||
|
|
||||||
|
etc_hosts_gather_facts: false
|
||||||
|
|
||||||
|
Installing packages required by Kolla Ansible
|
||||||
|
=============================================
|
||||||
|
*tags:*
|
||||||
|
| ``kolla-packages``
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
Prior to the Yoga release, this was handled by the ``kolla-ansible
|
||||||
|
bootstrap-servers`` command.
|
||||||
|
|
||||||
|
A small number of packages are required to be installed on the hosts for Kolla
|
||||||
|
Ansible and the services that it deploys, while some others must be removed.
|
||||||
|
@ -424,8 +424,7 @@ class PhysicalNetworkConfigure(KayobeAnsibleMixin, VaultMixin, Command):
|
|||||||
extra_vars=extra_vars)
|
extra_vars=extra_vars)
|
||||||
|
|
||||||
|
|
||||||
class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
|
class SeedHypervisorHostConfigure(KayobeAnsibleMixin, VaultMixin, Command):
|
||||||
VaultMixin, Command):
|
|
||||||
"""Configure the seed hypervisor node host OS and services.
|
"""Configure the seed hypervisor node host OS and services.
|
||||||
|
|
||||||
* Allocate IP addresses for all configured networks.
|
* Allocate IP addresses for all configured networks.
|
||||||
@ -572,8 +571,7 @@ class SeedVMDeprovision(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
|
|||||||
_get_playbook_path("seed-vm-deprovision"))
|
_get_playbook_path("seed-vm-deprovision"))
|
||||||
|
|
||||||
|
|
||||||
class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
|
class SeedHostConfigure(KayobeAnsibleMixin, VaultMixin, Command):
|
||||||
Command):
|
|
||||||
"""Configure the seed node host OS and services.
|
"""Configure the seed node host OS and services.
|
||||||
|
|
||||||
* Allocate IP addresses for all configured networks.
|
* Allocate IP addresses for all configured networks.
|
||||||
@ -619,27 +617,12 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
|
|||||||
self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed")
|
self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed")
|
||||||
|
|
||||||
# Run kayobe playbooks.
|
# Run kayobe playbooks.
|
||||||
kwargs = {}
|
extra_vars = {"kayobe_action": "deploy"}
|
||||||
if parsed_args.wipe_disks:
|
if parsed_args.wipe_disks:
|
||||||
kwargs["extra_vars"] = {"wipe_disks": True}
|
extra_vars["wipe_disks"] = True
|
||||||
playbooks = _build_playbook_list("seed-host-configure")
|
playbooks = _build_playbook_list("seed-host-configure")
|
||||||
self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed",
|
self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed",
|
||||||
**kwargs)
|
extra_vars=extra_vars)
|
||||||
|
|
||||||
self.generate_kolla_ansible_config(parsed_args, service_config=False)
|
|
||||||
|
|
||||||
# Run kolla-ansible bootstrap-servers.
|
|
||||||
self.run_kolla_ansible_seed(parsed_args, "bootstrap-servers")
|
|
||||||
|
|
||||||
# Run final kayobe playbooks.
|
|
||||||
playbooks = _build_playbook_list("docker")
|
|
||||||
self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed")
|
|
||||||
|
|
||||||
# Optionally, deploy a Docker Registry.
|
|
||||||
playbooks = _build_playbook_list("docker-registry")
|
|
||||||
extra_vars = {"kayobe_action": "deploy"}
|
|
||||||
self.run_kayobe_playbooks(parsed_args, playbooks,
|
|
||||||
extra_vars=extra_vars, limit="seed")
|
|
||||||
|
|
||||||
|
|
||||||
class SeedHostPackageUpdate(KayobeAnsibleMixin, VaultMixin, Command):
|
class SeedHostPackageUpdate(KayobeAnsibleMixin, VaultMixin, Command):
|
||||||
@ -689,8 +672,7 @@ class SeedHostCommandRun(KayobeAnsibleMixin, VaultMixin, Command):
|
|||||||
extra_vars=extra_vars)
|
extra_vars=extra_vars)
|
||||||
|
|
||||||
|
|
||||||
class SeedHostUpgrade(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
|
class SeedHostUpgrade(KayobeAnsibleMixin, VaultMixin, Command):
|
||||||
Command):
|
|
||||||
"""Upgrade the seed host services.
|
"""Upgrade the seed host services.
|
||||||
|
|
||||||
Performs the changes necessary to make the host services suitable for the
|
Performs the changes necessary to make the host services suitable for the
|
||||||
@ -879,8 +861,7 @@ class InfraVMDeprovision(KayobeAnsibleMixin, VaultMixin, Command):
|
|||||||
ignore_limit=True, extra_vars=extra_vars)
|
ignore_limit=True, extra_vars=extra_vars)
|
||||||
|
|
||||||
|
|
||||||
class InfraVMHostConfigure(KayobeAnsibleMixin, VaultMixin,
|
class InfraVMHostConfigure(KayobeAnsibleMixin, VaultMixin, Command):
|
||||||
Command):
|
|
||||||
"""Configure the infra VMs host OS and services.
|
"""Configure the infra VMs host OS and services.
|
||||||
|
|
||||||
* Allocate IP addresses for all configured networks.
|
* Allocate IP addresses for all configured networks.
|
||||||
@ -1126,8 +1107,7 @@ class OvercloudFactsGather(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
|
|||||||
self.run_kolla_ansible_overcloud(parsed_args, "gather-facts")
|
self.run_kolla_ansible_overcloud(parsed_args, "gather-facts")
|
||||||
|
|
||||||
|
|
||||||
class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
|
class OvercloudHostConfigure(KayobeAnsibleMixin, VaultMixin, Command):
|
||||||
Command):
|
|
||||||
"""Configure the overcloud host OS and services.
|
"""Configure the overcloud host OS and services.
|
||||||
|
|
||||||
* Allocate IP addresses for all configured networks.
|
* Allocate IP addresses for all configured networks.
|
||||||
@ -1179,16 +1159,6 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
|
|||||||
self.run_kayobe_playbooks(parsed_args, playbooks, limit="overcloud",
|
self.run_kayobe_playbooks(parsed_args, playbooks, limit="overcloud",
|
||||||
**kwargs)
|
**kwargs)
|
||||||
|
|
||||||
self.generate_kolla_ansible_config(parsed_args, service_config=False)
|
|
||||||
|
|
||||||
# Kolla-ansible bootstrap-servers.
|
|
||||||
self.run_kolla_ansible_overcloud(parsed_args, "bootstrap-servers")
|
|
||||||
|
|
||||||
# Further kayobe playbooks.
|
|
||||||
playbooks = _build_playbook_list(
|
|
||||||
"docker", "swift-block-devices", "compute-libvirt-host")
|
|
||||||
self.run_kayobe_playbooks(parsed_args, playbooks, limit="overcloud")
|
|
||||||
|
|
||||||
|
|
||||||
class OvercloudHostPackageUpdate(KayobeAnsibleMixin, VaultMixin, Command):
|
class OvercloudHostPackageUpdate(KayobeAnsibleMixin, VaultMixin, Command):
|
||||||
"""Update packages on the overcloud hosts."""
|
"""Update packages on the overcloud hosts."""
|
||||||
@ -1237,8 +1207,7 @@ class OvercloudHostCommandRun(KayobeAnsibleMixin, VaultMixin, Command):
|
|||||||
extra_vars=extra_vars)
|
extra_vars=extra_vars)
|
||||||
|
|
||||||
|
|
||||||
class OvercloudHostUpgrade(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
|
class OvercloudHostUpgrade(KayobeAnsibleMixin, VaultMixin, Command):
|
||||||
Command):
|
|
||||||
"""Upgrade the overcloud host services.
|
"""Upgrade the overcloud host services.
|
||||||
|
|
||||||
Performs the changes necessary to make the host services suitable for the
|
Performs the changes necessary to make the host services suitable for the
|
||||||
|
@ -482,9 +482,7 @@ class TestCase(unittest.TestCase):
|
|||||||
|
|
||||||
@mock.patch.object(commands.KayobeAnsibleMixin,
|
@mock.patch.object(commands.KayobeAnsibleMixin,
|
||||||
"run_kayobe_playbooks")
|
"run_kayobe_playbooks")
|
||||||
@mock.patch.object(commands.KollaAnsibleMixin,
|
def test_seed_host_configure(self, mock_run):
|
||||||
"run_kolla_ansible_seed")
|
|
||||||
def test_seed_host_configure(self, mock_kolla_run, mock_run):
|
|
||||||
command = commands.SeedHostConfigure(TestApp(), [])
|
command = commands.SeedHostConfigure(TestApp(), [])
|
||||||
parser = command.get_parser("test")
|
parser = command.get_parser("test")
|
||||||
parsed_args = parser.parse_args([])
|
parsed_args = parser.parse_args([])
|
||||||
@ -505,45 +503,14 @@ class TestCase(unittest.TestCase):
|
|||||||
"ansible", "seed-host-configure.yml"),
|
"ansible", "seed-host-configure.yml"),
|
||||||
],
|
],
|
||||||
limit="seed",
|
limit="seed",
|
||||||
),
|
extra_vars={"kayobe_action": "deploy"},
|
||||||
mock.call(
|
|
||||||
mock.ANY,
|
|
||||||
[utils.get_data_files_path("ansible", "kolla-ansible.yml")],
|
|
||||||
tags="config",
|
|
||||||
ignore_limit=True,
|
|
||||||
),
|
|
||||||
mock.call(
|
|
||||||
mock.ANY,
|
|
||||||
[
|
|
||||||
utils.get_data_files_path("ansible", "docker.yml"),
|
|
||||||
],
|
|
||||||
limit="seed",
|
|
||||||
),
|
|
||||||
mock.call(
|
|
||||||
mock.ANY,
|
|
||||||
[
|
|
||||||
utils.get_data_files_path("ansible",
|
|
||||||
"docker-registry.yml"),
|
|
||||||
],
|
|
||||||
limit="seed",
|
|
||||||
extra_vars={'kayobe_action': 'deploy'},
|
|
||||||
),
|
),
|
||||||
]
|
]
|
||||||
self.assertListEqual(expected_calls, mock_run.call_args_list)
|
self.assertListEqual(expected_calls, mock_run.call_args_list)
|
||||||
|
|
||||||
expected_calls = [
|
|
||||||
mock.call(
|
|
||||||
mock.ANY,
|
|
||||||
"bootstrap-servers",
|
|
||||||
),
|
|
||||||
]
|
|
||||||
self.assertListEqual(expected_calls, mock_kolla_run.call_args_list)
|
|
||||||
|
|
||||||
@mock.patch.object(commands.KayobeAnsibleMixin,
|
@mock.patch.object(commands.KayobeAnsibleMixin,
|
||||||
"run_kayobe_playbooks")
|
"run_kayobe_playbooks")
|
||||||
@mock.patch.object(commands.KollaAnsibleMixin,
|
def test_seed_host_configure_wipe_disks(self, mock_run):
|
||||||
"run_kolla_ansible_seed")
|
|
||||||
def test_seed_host_configure_wipe_disks(self, mock_kolla_run, mock_run):
|
|
||||||
command = commands.SeedHostConfigure(TestApp(), [])
|
command = commands.SeedHostConfigure(TestApp(), [])
|
||||||
parser = command.get_parser("test")
|
parser = command.get_parser("test")
|
||||||
parsed_args = parser.parse_args(["--wipe-disks"])
|
parsed_args = parser.parse_args(["--wipe-disks"])
|
||||||
@ -564,43 +531,13 @@ class TestCase(unittest.TestCase):
|
|||||||
"ansible", "seed-host-configure.yml"),
|
"ansible", "seed-host-configure.yml"),
|
||||||
],
|
],
|
||||||
limit="seed",
|
limit="seed",
|
||||||
extra_vars={"wipe_disks": True},
|
extra_vars={"kayobe_action": "deploy", "wipe_disks": True},
|
||||||
),
|
|
||||||
mock.call(
|
|
||||||
mock.ANY,
|
|
||||||
[utils.get_data_files_path("ansible", "kolla-ansible.yml")],
|
|
||||||
tags="config",
|
|
||||||
ignore_limit=True,
|
|
||||||
),
|
|
||||||
mock.call(
|
|
||||||
mock.ANY,
|
|
||||||
[
|
|
||||||
utils.get_data_files_path("ansible", "docker.yml"),
|
|
||||||
],
|
|
||||||
limit="seed",
|
|
||||||
),
|
|
||||||
mock.call(
|
|
||||||
mock.ANY,
|
|
||||||
[
|
|
||||||
utils.get_data_files_path("ansible",
|
|
||||||
"docker-registry.yml"),
|
|
||||||
],
|
|
||||||
limit="seed",
|
|
||||||
extra_vars={'kayobe_action': 'deploy'},
|
|
||||||
),
|
),
|
||||||
]
|
]
|
||||||
print(expected_calls)
|
print(expected_calls)
|
||||||
print(mock_run.call_args_list)
|
print(mock_run.call_args_list)
|
||||||
self.assertListEqual(expected_calls, mock_run.call_args_list)
|
self.assertListEqual(expected_calls, mock_run.call_args_list)
|
||||||
|
|
||||||
expected_calls = [
|
|
||||||
mock.call(
|
|
||||||
mock.ANY,
|
|
||||||
"bootstrap-servers",
|
|
||||||
),
|
|
||||||
]
|
|
||||||
self.assertListEqual(expected_calls, mock_kolla_run.call_args_list)
|
|
||||||
|
|
||||||
@mock.patch.object(commands.KayobeAnsibleMixin,
|
@mock.patch.object(commands.KayobeAnsibleMixin,
|
||||||
"run_kayobe_playbooks")
|
"run_kayobe_playbooks")
|
||||||
def test_seed_host_command_run(self, mock_run):
|
def test_seed_host_command_run(self, mock_run):
|
||||||
@ -1293,9 +1230,7 @@ class TestCase(unittest.TestCase):
|
|||||||
|
|
||||||
@mock.patch.object(commands.KayobeAnsibleMixin,
|
@mock.patch.object(commands.KayobeAnsibleMixin,
|
||||||
"run_kayobe_playbooks")
|
"run_kayobe_playbooks")
|
||||||
@mock.patch.object(commands.KollaAnsibleMixin,
|
def test_overcloud_host_configure(self, mock_run):
|
||||||
"run_kolla_ansible_overcloud")
|
|
||||||
def test_overcloud_host_configure(self, mock_kolla_run, mock_run):
|
|
||||||
command = commands.OvercloudHostConfigure(TestApp(), [])
|
command = commands.OvercloudHostConfigure(TestApp(), [])
|
||||||
parser = command.get_parser("test")
|
parser = command.get_parser("test")
|
||||||
parsed_args = parser.parse_args([])
|
parsed_args = parser.parse_args([])
|
||||||
@ -1317,40 +1252,12 @@ class TestCase(unittest.TestCase):
|
|||||||
],
|
],
|
||||||
limit="overcloud",
|
limit="overcloud",
|
||||||
),
|
),
|
||||||
mock.call(
|
|
||||||
mock.ANY,
|
|
||||||
[utils.get_data_files_path("ansible", "kolla-ansible.yml")],
|
|
||||||
tags="config",
|
|
||||||
ignore_limit=True,
|
|
||||||
),
|
|
||||||
mock.call(
|
|
||||||
mock.ANY,
|
|
||||||
[
|
|
||||||
utils.get_data_files_path("ansible", "docker.yml"),
|
|
||||||
utils.get_data_files_path(
|
|
||||||
"ansible", "swift-block-devices.yml"),
|
|
||||||
utils.get_data_files_path(
|
|
||||||
"ansible", "compute-libvirt-host.yml"),
|
|
||||||
],
|
|
||||||
limit="overcloud",
|
|
||||||
),
|
|
||||||
]
|
]
|
||||||
self.assertListEqual(expected_calls, mock_run.call_args_list)
|
self.assertListEqual(expected_calls, mock_run.call_args_list)
|
||||||
|
|
||||||
expected_calls = [
|
|
||||||
mock.call(
|
|
||||||
mock.ANY,
|
|
||||||
"bootstrap-servers",
|
|
||||||
),
|
|
||||||
]
|
|
||||||
self.assertListEqual(expected_calls, mock_kolla_run.call_args_list)
|
|
||||||
|
|
||||||
@mock.patch.object(commands.KayobeAnsibleMixin,
|
@mock.patch.object(commands.KayobeAnsibleMixin,
|
||||||
"run_kayobe_playbooks")
|
"run_kayobe_playbooks")
|
||||||
@mock.patch.object(commands.KollaAnsibleMixin,
|
def test_overcloud_host_configure_wipe_disks(self, mock_run):
|
||||||
"run_kolla_ansible_overcloud")
|
|
||||||
def test_overcloud_host_configure_wipe_disks(self, mock_kolla_run,
|
|
||||||
mock_run):
|
|
||||||
command = commands.OvercloudHostConfigure(TestApp(), [])
|
command = commands.OvercloudHostConfigure(TestApp(), [])
|
||||||
parser = command.get_parser("test")
|
parser = command.get_parser("test")
|
||||||
parsed_args = parser.parse_args(["--wipe-disks"])
|
parsed_args = parser.parse_args(["--wipe-disks"])
|
||||||
@ -1373,34 +1280,9 @@ class TestCase(unittest.TestCase):
|
|||||||
limit="overcloud",
|
limit="overcloud",
|
||||||
extra_vars={"wipe_disks": True},
|
extra_vars={"wipe_disks": True},
|
||||||
),
|
),
|
||||||
mock.call(
|
|
||||||
mock.ANY,
|
|
||||||
[utils.get_data_files_path("ansible", "kolla-ansible.yml")],
|
|
||||||
tags="config",
|
|
||||||
ignore_limit=True,
|
|
||||||
),
|
|
||||||
mock.call(
|
|
||||||
mock.ANY,
|
|
||||||
[
|
|
||||||
utils.get_data_files_path("ansible", "docker.yml"),
|
|
||||||
utils.get_data_files_path(
|
|
||||||
"ansible", "swift-block-devices.yml"),
|
|
||||||
utils.get_data_files_path(
|
|
||||||
"ansible", "compute-libvirt-host.yml"),
|
|
||||||
],
|
|
||||||
limit="overcloud",
|
|
||||||
),
|
|
||||||
]
|
]
|
||||||
self.assertListEqual(expected_calls, mock_run.call_args_list)
|
self.assertListEqual(expected_calls, mock_run.call_args_list)
|
||||||
|
|
||||||
expected_calls = [
|
|
||||||
mock.call(
|
|
||||||
mock.ANY,
|
|
||||||
"bootstrap-servers",
|
|
||||||
),
|
|
||||||
]
|
|
||||||
self.assertListEqual(expected_calls, mock_kolla_run.call_args_list)
|
|
||||||
|
|
||||||
@mock.patch.object(commands.KayobeAnsibleMixin,
|
@mock.patch.object(commands.KayobeAnsibleMixin,
|
||||||
"run_kayobe_playbooks")
|
"run_kayobe_playbooks")
|
||||||
def test_overcloud_host_command_run(self, mock_run):
|
def test_overcloud_host_command_run(self, mock_run):
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
environment:
|
environment:
|
||||||
KAYOBE_CONFIG_SOURCE_PATH: "{{ kayobe_config_src_dir }}"
|
KAYOBE_CONFIG_SOURCE_PATH: "{{ kayobe_config_src_dir }}"
|
||||||
KAYOBE_OVERCLOUD_GENERATE_CERTIFICATES: "{{ tls_enabled | ternary(1, 0) }}"
|
KAYOBE_OVERCLOUD_GENERATE_CERTIFICATES: "{{ tls_enabled | ternary(1, 0) }}"
|
||||||
|
KAYOBE_VAULT_PASSWORD: 'test-password'
|
||||||
# TODO(mgoddard): Remove this when libvirt on host is used by default.
|
# TODO(mgoddard): Remove this when libvirt on host is used by default.
|
||||||
TENKS_CONFIG_PATH: "dev/tenks-deploy-config-compute{% if tls_enabled %}-libvirt-on-host{% endif %}.yml"
|
TENKS_CONFIG_PATH: "dev/tenks-deploy-config-compute{% if tls_enabled %}-libvirt-on-host{% endif %}.yml"
|
||||||
tasks:
|
tasks:
|
||||||
@ -11,6 +12,16 @@
|
|||||||
cmd: "{{ kayobe_src_dir }}/dev/overcloud-deploy.sh &> {{ logs_dir }}/ansible/overcloud-deploy"
|
cmd: "{{ kayobe_src_dir }}/dev/overcloud-deploy.sh &> {{ logs_dir }}/ansible/overcloud-deploy"
|
||||||
executable: /bin/bash
|
executable: /bin/bash
|
||||||
|
|
||||||
|
# Check that passwords are Vault encrypted.
|
||||||
|
- name: View passwords.yml using Ansible Vault
|
||||||
|
vars:
|
||||||
|
kayobe_venv: "{{ ansible_env.HOME }}/kayobe-venv"
|
||||||
|
command: >-
|
||||||
|
{{ kayobe_venv }}/bin/ansible-vault
|
||||||
|
view
|
||||||
|
--vault-password-file {{ kayobe_venv }}/bin/kayobe-vault-password-helper
|
||||||
|
{{ kayobe_config_src_dir }}/etc/kayobe/kolla/passwords.yml
|
||||||
|
|
||||||
- name: Ensure test Tenks cluster is deployed
|
- name: Ensure test Tenks cluster is deployed
|
||||||
shell:
|
shell:
|
||||||
# Pass absolute source directory, since otherwise the `chdir` will
|
# Pass absolute source directory, since otherwise the `chdir` will
|
||||||
|
@ -6,7 +6,6 @@
|
|||||||
KAYOBE_OVERCLOUD_CONTAINER_IMAGE_PULL: 0
|
KAYOBE_OVERCLOUD_CONTAINER_IMAGE_PULL: 0
|
||||||
KAYOBE_OVERCLOUD_SERVICE_DEPLOY: 0
|
KAYOBE_OVERCLOUD_SERVICE_DEPLOY: 0
|
||||||
KAYOBE_OVERCLOUD_POST_CONFIGURE: 0
|
KAYOBE_OVERCLOUD_POST_CONFIGURE: 0
|
||||||
KAYOBE_VAULT_PASSWORD: 'test-password'
|
|
||||||
vars:
|
vars:
|
||||||
testinfra_venv: ~/testinfra-venv
|
testinfra_venv: ~/testinfra-venv
|
||||||
test_path: "{{ kayobe_src_dir }}/playbooks/kayobe-overcloud-host-configure-base/tests/"
|
test_path: "{{ kayobe_src_dir }}/playbooks/kayobe-overcloud-host-configure-base/tests/"
|
||||||
@ -30,13 +29,3 @@
|
|||||||
command: "{{ testinfra_venv }}/bin/py.test {{ test_path }} --html={{ logs_dir }}/test-results.html --self-contained-html"
|
command: "{{ testinfra_venv }}/bin/py.test {{ test_path }} --html={{ logs_dir }}/test-results.html --self-contained-html"
|
||||||
environment:
|
environment:
|
||||||
SITE_MIRROR_FQDN: "{{ zuul_site_mirror_fqdn }}"
|
SITE_MIRROR_FQDN: "{{ zuul_site_mirror_fqdn }}"
|
||||||
|
|
||||||
# Check that passwords are Vault encrypted.
|
|
||||||
- name: Decrypt passwords.yml using Ansible Vault
|
|
||||||
vars:
|
|
||||||
kayobe_venv: "{{ ansible_env.HOME }}/kayobe-venv"
|
|
||||||
command: >-
|
|
||||||
{{ kayobe_venv }}/bin/ansible-vault
|
|
||||||
decrypt
|
|
||||||
--vault-password-file {{ kayobe_venv }}/bin/kayobe-vault-password-helper
|
|
||||||
{{ kayobe_config_src_dir }}/etc/kayobe/kolla/passwords.yml
|
|
||||||
|
8
playbooks/kayobe-tox-ansible-syntax/pre.yml
Normal file
8
playbooks/kayobe-tox-ansible-syntax/pre.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
tasks:
|
||||||
|
- name: Update kayobe requirements.yml
|
||||||
|
include_role:
|
||||||
|
name: kayobe-galaxy-requirements
|
||||||
|
vars:
|
||||||
|
kayobe_galaxy_requirements_src_dir: "{{ kayobe_src_dir }}"
|
@ -0,0 +1,63 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Improves failure handling in the ``kayobe * host configure`` commands by
|
||||||
|
avoiding use of the ``kolla-ansible bootstrap-servers`` command, and moving
|
||||||
|
all relevant functionality to Kayobe playbooks. This ensures that
|
||||||
|
if a host fails during a host configuration command, other hosts are able
|
||||||
|
to continue to completion. This is useful at scale, where host failures
|
||||||
|
occur more frequently. See `story 2009854
|
||||||
|
<https://storyboard.openstack.org/#!/story/2009854>`__ for details. Refer
|
||||||
|
to the upgrade notes for information about the implications of this change.
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
The ``kayobe * host configure`` commands no longer use the ``kolla-ansible
|
||||||
|
bootstrap-servers`` command, and associated ``baremetal`` role in Kolla
|
||||||
|
Ansible. The functionality provided by the ``baremetal`` role has been
|
||||||
|
extracted into a new ``openstack.kolla`` Ansible collection, and split into
|
||||||
|
separate roles. This allows Kayobe to use it directly, and only the
|
||||||
|
necessary parts.
|
||||||
|
|
||||||
|
This change improves failure handling in these Kayobe commands, and aims to
|
||||||
|
reduce confusion over which ``--limit`` and ``--tags`` arguments to
|
||||||
|
provide.
|
||||||
|
|
||||||
|
This change has implications for configuration of Kayobe, since some
|
||||||
|
variables that were previously in Kolla Ansible are now in Kayobe. The
|
||||||
|
following is an incomplete list of variables that have changed scoped from
|
||||||
|
Kolla Ansible to Kayobe::
|
||||||
|
|
||||||
|
* ``enable_docker_repo``
|
||||||
|
* ``docker_apt_url``
|
||||||
|
* ``docker_apt_repo``
|
||||||
|
* ``docker_apt_key_file``
|
||||||
|
* ``docker_apt_key_id``
|
||||||
|
* ``docker_apt_package``
|
||||||
|
* ``docker_yum_url``
|
||||||
|
* ``docker_yum_baseurl``
|
||||||
|
* ``docker_yum_gpgkey``
|
||||||
|
* ``docker_yum_gpgcheck``
|
||||||
|
* ``docker_yum_package``
|
||||||
|
* ``customize_etc_hosts``
|
||||||
|
* ``docker_storage_driver``
|
||||||
|
* ``docker_custom_option``
|
||||||
|
* ``docker_custom_config``
|
||||||
|
* ``docker_http_proxy``
|
||||||
|
* ``docker_https_proxy``
|
||||||
|
* ``docker_no_proxy``
|
||||||
|
* ``debian_pkg_install``
|
||||||
|
* ``redhat_pkg_install``
|
||||||
|
* ``ubuntu_pkg_removals``
|
||||||
|
* ``redhat_pkg_removals``
|
||||||
|
|
||||||
|
The following Kolla Ansible variables are no longer relevant::
|
||||||
|
|
||||||
|
* ``create_kolla_user``
|
||||||
|
* ``create_kolla_user_sudoers``
|
||||||
|
* ``kolla_user``
|
||||||
|
* ``kolla_group``
|
||||||
|
* ``change_selinux``
|
||||||
|
* ``selinux_state``
|
||||||
|
* ``host_python_version``
|
||||||
|
* ``virtualenv``
|
||||||
|
* ``virtualenv_site_packages``
|
6
tox.ini
6
tox.ini
@ -77,9 +77,13 @@ commands = /bin/bash -c "ansible-lint {toxinidir}/ansible/*.yml"
|
|||||||
[testenv:ansible-syntax]
|
[testenv:ansible-syntax]
|
||||||
commands =
|
commands =
|
||||||
# Install ansible role dependencies from Galaxy.
|
# Install ansible role dependencies from Galaxy.
|
||||||
bash {toxinidir}/tools/ansible-galaxy-retried.sh install \
|
bash {toxinidir}/tools/ansible-galaxy-retried.sh role install \
|
||||||
-r {toxinidir}/requirements.yml \
|
-r {toxinidir}/requirements.yml \
|
||||||
-p {toxinidir}/ansible/roles
|
-p {toxinidir}/ansible/roles
|
||||||
|
# Install ansible collection dependencies from Galaxy.
|
||||||
|
bash {toxinidir}/tools/ansible-galaxy-retried.sh collection install \
|
||||||
|
-r {toxinidir}/requirements.yml \
|
||||||
|
-p {toxinidir}/ansible/collections
|
||||||
# Perform an Ansible syntax check. Skip some playbooks which require extra
|
# Perform an Ansible syntax check. Skip some playbooks which require extra
|
||||||
# variables to be defined.
|
# variables to be defined.
|
||||||
bash -c \
|
bash -c \
|
||||||
|
@ -4,8 +4,13 @@
|
|||||||
description: |
|
description: |
|
||||||
Tox job that checks Ansible playbook syntax.
|
Tox job that checks Ansible playbook syntax.
|
||||||
parent: openstack-tox
|
parent: openstack-tox
|
||||||
|
pre-run: playbooks/kayobe-tox-ansible-syntax/pre.yml
|
||||||
|
required-projects:
|
||||||
|
- name: openstack/ansible-collection-kolla
|
||||||
vars:
|
vars:
|
||||||
tox_envlist: ansible-syntax
|
tox_envlist: ansible-syntax
|
||||||
|
ansible_collection_kolla_src_dir: "{{ ansible_env.PWD ~ '/' ~ zuul.projects['opendev.org/openstack/ansible-collection-kolla'].src_dir }}"
|
||||||
|
kayobe_src_dir: "{{ ansible_env.PWD ~ '/' ~ zuul.projects['opendev.org/openstack/kayobe'].src_dir }}"
|
||||||
irrelevant-files:
|
irrelevant-files:
|
||||||
- ^.*\.rst$
|
- ^.*\.rst$
|
||||||
- ^doc/.*
|
- ^doc/.*
|
||||||
|
Loading…
Reference in New Issue
Block a user