diff --git a/ansible/kolla-host.yml b/ansible/kolla-host.yml index c48cb70cf7..b6a196afca 100644 --- a/ansible/kolla-host.yml +++ b/ansible/kolla-host.yml @@ -6,5 +6,5 @@ serial: '{{ kolla_serial|default("0") }}' gather_facts: false roles: - - { role: baremetal, + - { role: openstack.kolla.baremetal, tags: baremetal } diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml deleted file mode 100644 index 7c8300b310..0000000000 --- a/ansible/roles/baremetal/defaults/main.yml +++ /dev/null @@ -1,99 +0,0 @@ ---- -# Whether to enable a package repository for Docker. -enable_docker_repo: true - -# Docker APT repository configuration. -docker_apt_url: "https://download.docker.com/linux/{{ ansible_facts.distribution | lower }}" -docker_apt_repo: "deb {{ docker_apt_url }} {{ ansible_facts.distribution_release }} stable" -docker_apt_key_file: "gpg" -docker_apt_key_id: "0EBFCD88" -docker_apt_package: "docker-ce" - -# Docker Yum repository configuration. -docker_yum_url: "https://download.docker.com/linux/{{ ansible_facts.distribution | lower }}" -docker_yum_baseurl: "{{ docker_yum_url }}/$releasever/$basearch/stable" -docker_yum_gpgkey: "{{ docker_yum_url }}/gpg" -docker_yum_gpgcheck: true -docker_yum_package: "docker-ce" - -ceph_version: "pacific" -epel_version: "8" -ceph_url: "https://download.ceph.com" - -# Ceph APT repository configuration. -ceph_apt_url: "{{ ceph_url }}/debian-{{ ceph_version }}/" -ceph_apt_repo: "deb {{ ceph_apt_url }} {{ ansible_facts.distribution_release }} main" -ceph_apt_key_file: "{{ ceph_url }}/keys/release.gpg" -ceph_apt_key_id: "460F3994" -ceph_apt_package: "ceph-common" - -# Ceph Yum repository configuration. -ceph_yum_url: "{{ ceph_url }}/rpm-{{ ceph_version }}/" -ceph_yum_baseurl: "{{ ceph_yum_url }}el{{ epel_version }}/$basearch/" -ceph_yum_gpgkey: "{{ ceph_url }}/keys/release.asc" -ceph_yum_gpgcheck: true -ceph_yum_package: "ceph-common" -epel_yum_package: "epel-release" - -customize_etc_hosts: True - -create_kolla_user: True -create_kolla_user_sudoers: "{{ create_kolla_user }}" - -kolla_user: "kolla" -kolla_group: "kolla" - -change_selinux: True - -selinux_state: "permissive" - -# If true, the host firewall service (firewalld or ufw) will be disabled. -disable_firewall: True - -docker_storage_driver: "" -docker_custom_option: "" -docker_custom_config: {} - -docker_http_proxy: "" -docker_https_proxy: "" -docker_no_proxy: "" - -# Version of python used to execute Ansible modules. -host_python_version: "{{ ansible_facts.python.version.major }}.{{ ansible_facts.python.version.minor }}" - -debian_pkg_install: - - "{{ docker_apt_package }}" - - git - - "python3-setuptools" - - "python3-pip" - - "{% if virtualenv is not none %}python3-virtualenv{% endif %}" - - "{% if enable_multipathd|bool %}sg3-utils-udev{% endif %}" - - "{% if not docker_disable_default_iptables_rules | bool %}iptables{% endif %}" - -redhat_pkg_install: - - "{{ docker_yum_package }}" - - git - - "python3-pip" - - "{% if virtualenv is not none %}python3-virtualenv{% endif %}" - - sudo - - "{% if not docker_disable_default_iptables_rules | bool %}iptables{% endif %}" - -ubuntu_pkg_removals: - - lxd - - lxc - - libvirt-bin - - open-iscsi - -redhat_pkg_removals: - - libvirt - - libvirt-daemon - - iscsi-initiator-utils - -# Path to a virtualenv in which to install python packages. If None, a -# virtualenv will not be used. -virtualenv: - -# Whether the virtualenv will inherit packages from the global site-packages -# directory. This is typically required for modules such as yum and apt which -# are not available on PyPI. -virtualenv_site_packages: True diff --git a/ansible/roles/baremetal/tasks/bootstrap-servers.yml b/ansible/roles/baremetal/tasks/bootstrap-servers.yml deleted file mode 100644 index dfe37fe4dc..0000000000 --- a/ansible/roles/baremetal/tasks/bootstrap-servers.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- import_tasks: pre-install.yml - -- import_tasks: install.yml - -- import_tasks: post-install.yml - -- include_tasks: configure-containerd-for-zun.yml - when: - - containerd_configure_for_zun|bool - - "'zun-cni-daemon' in group_names" - -- include_tasks: configure-ceph-for-zun.yml - when: - - zun_configure_for_cinder_ceph | bool - - "'zun-compute' in group_names" diff --git a/ansible/roles/baremetal/tasks/check.yml b/ansible/roles/baremetal/tasks/check.yml deleted file mode 100644 index ed97d539c0..0000000000 --- a/ansible/roles/baremetal/tasks/check.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/ansible/roles/baremetal/tasks/configure-ceph-for-zun.yml b/ansible/roles/baremetal/tasks/configure-ceph-for-zun.yml deleted file mode 100644 index 606c14b554..0000000000 --- a/ansible/roles/baremetal/tasks/configure-ceph-for-zun.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -- name: Install ceph-common - block: - - block: - - name: Install ceph apt gpg key - apt_key: - url: "{{ ceph_apt_key_file }}" - id: "{{ ceph_apt_key_id }}" - state: present - become: True - - - name: Enable ceph apt repository - apt_repository: - repo: "{{ ceph_apt_repo }}" - filename: ceph - become: True - - - name: Install apt packages - package: - name: "{{ ceph_apt_package }}" - state: present - become: True - when: ansible_facts.os_family == 'Debian' - - - block: - - name: Enable ceph yum repository - yum_repository: - name: ceph - description: Ceph main Repository - baseurl: "{{ ceph_yum_baseurl }}" - gpgcheck: "{{ ceph_yum_gpgcheck | bool }}" - gpgkey: "{{ ceph_yum_gpgkey }}" - become: True - - - name: Enable epel yum repository - package: - name: "{{ epel_yum_package }}" - state: present - become: True - - - name: Install ceph rpm gpg key - rpm_key: - state: present - key: "{{ ceph_yum_gpgkey }}" - become: True - when: - - ceph_yum_gpgcheck | bool - - - name: Install RPM packages - package: - name: "{{ ceph_yum_package }}" - state: present - enablerepo: epel - become: True - when: ansible_facts.os_family == 'RedHat' diff --git a/ansible/roles/baremetal/tasks/configure-containerd-for-zun.yml b/ansible/roles/baremetal/tasks/configure-containerd-for-zun.yml deleted file mode 100644 index b8a29d671f..0000000000 --- a/ansible/roles/baremetal/tasks/configure-containerd-for-zun.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- name: Ensuring CNI config directory exist - file: - path: "{{ cni_config_dir }}" - state: "directory" - mode: "0770" - owner: "{{ config_owner_user }}" - group: "{{ config_owner_group }}" - become: True - -- name: Copying CNI config file - template: - src: "10-zun-cni.conf.j2" - dest: "{{ cni_config_dir }}/10-zun-cni.conf" - mode: "0660" - owner: "{{ config_owner_user }}" - group: "{{ config_owner_group }}" - become: True - register: cni_configured - -- name: Ensuring CNI bin directory exist - file: - path: "{{ cni_bin_dir }}" - state: "directory" - mode: "0770" - owner: "{{ config_owner_user }}" - group: "{{ config_owner_group }}" - become: True - -- name: Copy zun-cni script - template: - src: "zun-cni.j2" - dest: "{{ cni_bin_dir }}/zun-cni" - mode: "0775" - become: True - -- name: Copying over containerd config - template: - src: "containerd_config.toml.j2" - dest: "/etc/containerd/config.toml" - mode: "0660" - become: true - register: containerd_configured - -- name: Restart containerd - service: - name: containerd - state: restarted - become: True - when: cni_configured.changed or containerd_configured.changed diff --git a/ansible/roles/baremetal/tasks/install.yml b/ansible/roles/baremetal/tasks/install.yml deleted file mode 100644 index c16231eadd..0000000000 --- a/ansible/roles/baremetal/tasks/install.yml +++ /dev/null @@ -1,162 +0,0 @@ ---- -- name: Update apt cache - apt: - update_cache: yes - become: True - when: ansible_facts.os_family == 'Debian' - -# TODO(inc0): Gates don't seem to have ufw executable, check for it instead of ignore errors -- block: - - name: Set firewall default policy # noqa ignore-errors - become: True - ufw: - state: disabled - policy: allow - when: ansible_facts.os_family == 'Debian' - ignore_errors: yes - - - name: Check if firewalld is installed - command: rpm -q firewalld - register: firewalld_check - changed_when: false - failed_when: firewalld_check.rc > 1 - args: - warn: false - when: ansible_facts.os_family == 'RedHat' - - - name: Disable firewalld - become: True - service: - name: "{{ item }}" - enabled: false - state: stopped - with_items: - - firewalld - when: - - ansible_facts.os_family == 'RedHat' - - firewalld_check.rc == 0 - when: disable_firewall | bool - -# Upgrading docker engine may cause containers to stop. Take a snapshot of the -# running containers prior to a potential upgrade of Docker. - -- name: Check which containers are running - command: docker ps -f 'status=running' -q - become: true - # If Docker is not installed this command may exit non-zero. - failed_when: false - changed_when: false - register: running_containers - -# APT starts Docker engine right after installation, which creates -# iptables rules before we disable iptables in Docker config - -- name: Check if docker systemd unit exists - stat: - path: /etc/systemd/system/docker.service - register: docker_unit_file - -- name: Mask the docker systemd unit on Debian/Ubuntu - file: - src: /dev/null - dest: /etc/systemd/system/docker.service - owner: root - group: root - state: link - become: true - when: - - ansible_facts.os_family == 'Debian' - - not docker_unit_file.stat.exists - -- name: Install apt packages - package: - name: "{{ (debian_pkg_install | join(' ')).split() }}" - state: present - become: True - when: ansible_facts.os_family == 'Debian' - register: apt_install_result - -- name: Install deltarpm packages - package: - name: drpm - state: present - update_cache: yes - become: True - when: ansible_facts.os_family == 'RedHat' - -- name: Install RPM packages - package: - name: "{{ (redhat_pkg_install | join(' ')).split() }}" - state: present - update_cache: yes - become: True - when: ansible_facts.os_family == 'RedHat' - register: rpm_install_result - -# If any packages were updated, and any containers were running, wait for the -# daemon to come up and start all previously running containers. - -- block: - # At some point (at least on CentOS 7) Docker CE stopped starting - # automatically after an upgrade from legacy docker . Start it manually. - - name: Start docker - systemd: - name: docker - state: started - enabled: yes - masked: no - become: True - - - name: Wait for Docker to start - command: docker info - become: true - changed_when: false - register: result - until: result is success - retries: 6 - delay: 10 - - - name: Ensure containers are running after Docker upgrade - command: "docker start {{ running_containers.stdout }}" - become: true - when: - - install_result is changed - - running_containers.rc == 0 - - running_containers.stdout != '' - vars: - install_result: "{{ rpm_install_result if ansible_facts.os_family == 'RedHat' else apt_install_result }}" - -- name: Install latest pip in the virtualenv - pip: - # NOTE(hrw) pip 19.3 is first version complaining about being run with Python 2 - name: pip>19.3 - virtualenv: "{{ virtualenv }}" - virtualenv_site_packages: "{{ virtualenv_site_packages }}" - virtualenv_python: "python{{ host_python_version }}" - become: True - when: virtualenv is not none - -- name: Install docker SDK for python - pip: - # NOTE(hrw) docker 2.4.2 is in kolla-ansible requirements - # NOTE(mnasiadka): docker 5.0.0 lacks six in deps but requires it - name: docker>=2.4.2,<5.0.0 - executable: "{{ virtualenv is none | ternary('pip3', omit) }}" - virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}" - virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}" - virtualenv_python: "{{ virtualenv is none | ternary(omit, 'python' ~ host_python_version) }}" - become: True - -- name: Remove packages - package: - name: "{{ (ubuntu_pkg_removals | join(' ')).split() }}" - state: absent - become: True - when: ansible_facts.os_family == 'Debian' - -- name: Remove packages - package: - name: "{{ (redhat_pkg_removals | join(' ')).split() }}" - state: absent - become: True - when: ansible_facts.os_family == 'RedHat' diff --git a/ansible/roles/baremetal/tasks/main.yml b/ansible/roles/baremetal/tasks/main.yml deleted file mode 100644 index bc5d1e6257..0000000000 --- a/ansible/roles/baremetal/tasks/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- include_tasks: "{{ kolla_action }}.yml" diff --git a/ansible/roles/baremetal/tasks/post-install.yml b/ansible/roles/baremetal/tasks/post-install.yml deleted file mode 100644 index 1c23a49b70..0000000000 --- a/ansible/roles/baremetal/tasks/post-install.yml +++ /dev/null @@ -1,257 +0,0 @@ ---- -- name: Create kolla user - user: - name: "{{ kolla_user }}" - state: present - group: "{{ kolla_group }}" - groups: "sudo" - append: true - become: True - when: create_kolla_user | bool - -- name: Add public key to kolla user authorized keys - authorized_key: - user: "{{ kolla_user }}" - key: "{{ kolla_ssh_key.public_key }}" - become: True - when: create_kolla_user | bool - -- name: Grant kolla user passwordless sudo - lineinfile: - dest: /etc/sudoers.d/kolla-ansible-users - state: present - create: yes - mode: '0640' - regexp: '^{{ kolla_user }}' - line: '{{ kolla_user }} ALL=(ALL) NOPASSWD: ALL' - become: True - when: create_kolla_user_sudoers | bool - -- name: Ensure virtualenv has correct ownership - file: - path: "{{ virtualenv }}" - recurse: True - state: directory - owner: "{{ kolla_user }}" - group: "{{ kolla_group }}" - become: True - when: virtualenv is not none - -- name: Ensure node_config_directory directory exists for user kolla - file: - path: "{{ node_config_directory }}" - state: directory - owner: "{{ kolla_user }}" - group: "{{ kolla_group }}" - mode: 0755 - become: True - when: create_kolla_user | bool - -- name: Ensure node_config_directory directory exists - file: - path: "{{ node_config_directory }}" - state: directory - mode: 0755 - become: True - when: not create_kolla_user | bool - -- name: Ensure docker config directory exists - file: - path: /etc/docker - state: directory - become: True - -- name: Merge Zun docker config - set_fact: - docker_config: "{{ docker_config | combine(docker_zun_config) }}" - when: - - docker_configure_for_zun | bool - - "'zun-compute' in group_names" - -- name: Warn about deprecations - debug: - msg: > - docker_custom_option is deprecated in favor of docker_custom_config - when: docker_custom_option | length > 0 - -- name: Setup docker insecure registries - vars: - registries: ["{{ docker_registry }}"] - set_fact: - docker_config: "{{ docker_config | combine({'insecure-registries': registries}) }}" - when: docker_registry_insecure | bool - -- name: Setup docker storage driver - set_fact: - docker_config: "{{ docker_config | combine({'storage-driver': docker_storage_driver}) }}" - when: docker_storage_driver | length > 0 - -- name: Setup docker runtime directory - set_fact: - docker_config: "{{ docker_config | combine({'data-root': docker_runtime_directory}) }}" - when: docker_runtime_directory | length > 0 - -- name: Warn about docker default iptables - debug: - msg: >- - Docker default iptables rules will be disabled by default from the Wallaby 12.0.0 - release. If you have any non-Kolla containers that need this functionality, you should - plan a migration for this change, or set docker_disable_default_iptables_rules to false. - when: not docker_disable_default_iptables_rules | bool - -- name: Disable docker default iptables rules - set_fact: - docker_config: "{{ docker_config | combine({'iptables': false}) }}" - when: docker_disable_default_iptables_rules | bool - -- name: Warn about docker default networking - debug: - msg: >- - Docker default network on docker0 will be disabled by default from the - Wallaby 12.0.0 release. If you have any non-Kolla containers that need - this functionality, you should plan a migration for this change, or set - docker_disable_default_network to false. - when: not docker_disable_default_network | bool - -- name: Disable docker default network on docker0 - set_fact: - docker_config: "{{ docker_config | combine({'bridge': 'none'}) }}" - when: docker_disable_default_network | bool - -- name: Warn about docker ip_forward - debug: - msg: >- - Docker ip_forward will be disabled by default from the - Wallaby 12.0.0 release. If you have any non-Kolla containers that need - this functionality, you should plan a migration for this change, or set - docker_disable_ip_forward to false. - when: not docker_disable_ip_forward | bool - -- name: Disable docker ip_forward - set_fact: - docker_config: "{{ docker_config | combine({'ip-forward': false}) }}" - when: docker_disable_ip_forward | bool - -- name: Merge custom docker config - set_fact: - docker_config: "{{ docker_config | combine(docker_custom_config) }}" - -- name: Write docker config - become: True - copy: - content: "{{ docker_config | to_nice_json }}" - dest: /etc/docker/daemon.json - mode: 0644 - register: docker_configured - -- name: Remove old docker options file - become: True - file: - path: /etc/systemd/system/docker.service.d/kolla.conf - state: absent - when: - - not docker_custom_option - - not docker_configure_for_zun | bool or 'zun-compute' not in group_names - - not docker_http_proxy - - not docker_https_proxy - - not docker_no_proxy - -- name: Ensure docker service directory exists - become: True - file: - path: /etc/systemd/system/docker.service.d - state: directory - recurse: yes - when: > - docker_custom_option | length > 0 or - (docker_configure_for_zun | bool and 'zun-compute' in group_names) or - docker_http_proxy | length > 0 or - docker_https_proxy | length > 0 or - docker_no_proxy | length > 0 - -- name: Configure docker service - become: True - template: - src: docker_systemd_service.j2 - dest: /etc/systemd/system/docker.service.d/kolla.conf - when: > - docker_custom_option | length > 0 or - (docker_configure_for_zun | bool and 'zun-compute' in group_names) or - docker_http_proxy | length > 0 or - docker_https_proxy | length > 0 or - docker_no_proxy | length > 0 - -- name: Reload docker service file - become: True - systemd: - name: docker - daemon_reload: yes - register: docker_reloaded - -- name: Get stat of libvirtd apparmor profile - stat: - path: /etc/apparmor.d/usr.sbin.libvirtd - register: apparmor_libvirtd_profile - when: ansible_facts.distribution == "Ubuntu" - -- name: Get stat of libvirtd apparmor disable profile - stat: - path: /etc/apparmor.d/disable/usr.sbin.libvirtd - register: apparmor_libvirtd_disable_profile - when: ansible_facts.distribution == "Ubuntu" - -- name: Remove apparmor profile for libvirt - shell: | - apparmor_parser -v -R /etc/apparmor.d/usr.sbin.libvirtd && \ - ln -vsf /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable - args: - executable: /bin/bash - become: True - when: - - ansible_facts.distribution == "Ubuntu" - - apparmor_libvirtd_profile.stat.exists - - not apparmor_libvirtd_disable_profile.stat.exists - -- name: Create docker group - group: - name: docker - become: True - -- name: Add kolla user to docker group - user: - name: "{{ kolla_user }}" - append: yes - groups: docker - become: True - when: create_kolla_user | bool - -- name: Start docker - systemd: - name: docker - state: started - masked: no - become: True - -- name: Restart docker - systemd: - name: docker - state: restarted - masked: no - become: True - when: docker_configured.changed or docker_reloaded.changed - -- name: Enable docker - systemd: - name: docker - enabled: yes - masked: no - become: True - -- name: Change state of selinux - selinux: - policy: targeted - state: "{{ selinux_state }}" - become: true - when: - - change_selinux | bool - - ansible_facts.os_family == "RedHat" diff --git a/ansible/roles/baremetal/tasks/pre-install.yml b/ansible/roles/baremetal/tasks/pre-install.yml deleted file mode 100644 index 97308cf608..0000000000 --- a/ansible/roles/baremetal/tasks/pre-install.yml +++ /dev/null @@ -1,159 +0,0 @@ ---- -- name: Ensure localhost in /etc/hosts - lineinfile: - dest: /etc/hosts - regexp: "^127.0.0.1.*" - line: "127.0.0.1 localhost" - state: present - become: True - when: customize_etc_hosts | bool - -# NOTE(mgoddard): Ubuntu may include a line in /etc/hosts that makes the local -# hostname and fqdn point to 127.0.1.1. This can break -# RabbitMQ, which expects the hostname to resolve to the API network address. -# Remove the troublesome entry. -# see https://bugs.launchpad.net/kolla-ansible/+bug/1837699 -# and https://bugs.launchpad.net/kolla-ansible/+bug/1862739 -- name: Ensure hostname does not point to 127.0.1.1 in /etc/hosts - lineinfile: - dest: /etc/hosts - regexp: "^127.0.1.1\\b.*\\s{{ ansible_facts.hostname }}\\b" - state: absent - become: True - when: customize_etc_hosts | bool - -- name: Generate /etc/hosts for all of the nodes - blockinfile: - dest: /etc/hosts - marker: "# {mark} ANSIBLE GENERATED HOSTS" - block: | - {% for host in groups['baremetal'] %} - {% set api_interface = hostvars[host]['api_interface'] %} - {% if host not in groups['bifrost'] or api_interface in hostvars[host].ansible_facts %} - {% set hostnames = [hostvars[host].ansible_facts.nodename, hostvars[host].ansible_facts.hostname] %} - {{ 'api' | kolla_address(host) }} {{ hostnames | unique | join(' ') }} - {% endif %} - {% endfor %} - become: True - when: - - customize_etc_hosts | bool - # Skip hosts in the bifrost group that do not have a valid api_interface. - - inventory_hostname not in groups['bifrost'] or - hostvars[inventory_hostname]['api_interface'] | replace('-', '_') in hostvars[inventory_hostname].ansible_facts - -- name: Ensure unprivileged users can use ping - become: true - sysctl: - name: net.ipv4.ping_group_range - value: '0 2147483647' - state: present - sysctl_file: "{{ kolla_sysctl_conf_path }}" - when: ansible_facts.os_family == 'RedHat' - -# NOTE(osmanlicilegi): The distribution might come with cloud-init installed, and manage_etc_hosts -# configuration enabled. If so, it will override the file /etc/hosts from cloud-init templates at -# every boot, which will break RabbitMQ. To prevent this happens, first we check whether cloud-init -# has been installed, and then set manage_etc_hosts to false. -- name: Check whether cloud-init has been installed, and ensure manage_etc_hosts is disabled - block: - - name: Ensure /etc/cloud/cloud.cfg exists - stat: - path: /etc/cloud/cloud.cfg - register: cloud_init - - - name: Disable cloud-init manage_etc_hosts - copy: - content: "manage_etc_hosts: false" - dest: /etc/cloud/cloud.cfg.d/99-kolla.cfg - mode: "0660" - when: cloud_init.stat.exists - become: True - when: customize_etc_hosts | bool - -- name: Ensure sudo group is present - group: - name: sudo - state: present - become: True - -- name: Ensure kolla group is present - group: - name: "{{ kolla_group }}" - state: present - become: True - when: create_kolla_user | bool - -- block: - - block: - - name: Install apt packages - apt: - update_cache: yes - become: True - - - name: Install CA certificates and gnupg packages - package: - name: "{{ item }}" - state: latest - become: True - with_items: - - ca-certificates - - gnupg - - - name: Ensure apt sources list directory exists - file: - path: /etc/apt/sources.list.d - state: directory - recurse: yes - become: True - - - name: Install docker apt gpg key - apt_key: - url: "{{ docker_apt_url }}/{{ docker_apt_key_file }}" - id: "{{ docker_apt_key_id }}" - state: present - become: True - - - name: Enable docker apt repository - apt_repository: - repo: "{{ docker_apt_repo }}" - filename: docker - become: True - when: ansible_facts.os_family == 'Debian' - - - block: - - name: Ensure yum repos directory exists - file: - path: /etc/yum.repos.d/ - state: directory - recurse: yes - become: True - - - name: Enable docker yum repository - yum_repository: - name: docker - description: Docker main Repository - baseurl: "{{ docker_yum_baseurl }}" - gpgcheck: "{{ docker_yum_gpgcheck | bool }}" - gpgkey: "{{ docker_yum_gpgkey }}" - become: True - - # NOTE(yoctozepto): above cannot set this but we require it - # to install containerd.io due to runc being a modular package - # in CentOS 8 - # see: https://bugzilla.redhat.com/show_bug.cgi?id=1734081 - - name: Ensure module_hotfixes enabled for docker - lineinfile: - dest: /etc/yum.repos.d/docker.repo - regexp: "^module_hotfixes" - line: "module_hotfixes = True" - state: present - become: True - - - name: Install docker rpm gpg key - rpm_key: - state: present - key: "{{ docker_yum_gpgkey }}" - become: True - when: docker_yum_gpgcheck | bool - when: ansible_facts.os_family == 'RedHat' - when: enable_docker_repo | bool diff --git a/ansible/roles/baremetal/templates/10-zun-cni.conf.j2 b/ansible/roles/baremetal/templates/10-zun-cni.conf.j2 deleted file mode 100644 index 99a83987d3..0000000000 --- a/ansible/roles/baremetal/templates/10-zun-cni.conf.j2 +++ /dev/null @@ -1,5 +0,0 @@ -{ - "cniVersion": "0.3.1", - "name": "zun", - "type": "zun-cni" -} diff --git a/ansible/roles/baremetal/templates/containerd_config.toml.j2 b/ansible/roles/baremetal/templates/containerd_config.toml.j2 deleted file mode 100644 index 1fa5dd80fd..0000000000 --- a/ansible/roles/baremetal/templates/containerd_config.toml.j2 +++ /dev/null @@ -1,2 +0,0 @@ -[grpc] - gid = {{ containerd_grpc_gid }} diff --git a/ansible/roles/baremetal/templates/docker_systemd_service.j2 b/ansible/roles/baremetal/templates/docker_systemd_service.j2 deleted file mode 100644 index f10beaf82d..0000000000 --- a/ansible/roles/baremetal/templates/docker_systemd_service.j2 +++ /dev/null @@ -1,13 +0,0 @@ -[Service] -{% if docker_http_proxy | length > 0 %} -Environment="HTTP_PROXY={{ docker_http_proxy }}" -{% endif %} -{% if docker_https_proxy | length > 0 %} -Environment="HTTPS_PROXY={{ docker_https_proxy }}" -{% endif %} -{% if docker_no_proxy | length > 0 %} -Environment="NO_PROXY={{ docker_no_proxy }}" -{% endif %} -ExecStart= -# ExecStart commandline copied from 'docker-ce' package. Same on CentOS/Debian/Ubuntu systems. -ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock{% if docker_custom_option %} {{ docker_custom_option }}{% endif %}{% if docker_configure_for_zun|bool and 'zun-compute' in group_names %} {{ docker_zun_options }}{% endif %} diff --git a/ansible/roles/baremetal/templates/zun-cni.j2 b/ansible/roles/baremetal/templates/zun-cni.j2 deleted file mode 100644 index cd86cb2178..0000000000 --- a/ansible/roles/baremetal/templates/zun-cni.j2 +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -env_list="" -for line in $(env | grep "CNI_") -do - key=$(echo "$line" | cut -d "=" -f 1) - value=$(echo "$line" | cut -d "=" -f 2-) - env_list="$env_list --env ${key}=\"${value}\"" -done - -cmd="docker exec -i $env_list zun_cni_daemon zun-cni <&0" -eval "$cmd" diff --git a/ansible/roles/baremetal/vars/main.yml b/ansible/roles/baremetal/vars/main.yml deleted file mode 100644 index cafc448bf5..0000000000 --- a/ansible/roles/baremetal/vars/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -docker_config: - log-opts: - max-file: "{{ docker_log_max_file }}" - max-size: "{{ docker_log_max_size }}" - -cni_config_dir: /etc/cni/net.d -cni_bin_dir: /opt/cni/bin diff --git a/doc/source/user/operating-kolla.rst b/doc/source/user/operating-kolla.rst index 810430b20e..42cc68864b 100644 --- a/doc/source/user/operating-kolla.rst +++ b/doc/source/user/operating-kolla.rst @@ -112,6 +112,13 @@ First, upgrade the ``kolla-ansible`` package: If you are running from Git repository, then just checkout the desired branch and run ``pip3 install --upgrade`` with the repository directory. +If upgrading to a Yoga release or later, install or upgrade Ansible Galaxy +dependencies: + +.. code-block:: console + + kolla-ansible install-deps + The inventory file for the deployment should be updated, as the newer sample inventory files may have updated layout or other relevant changes. The ``diff`` tool (or similar) is your friend in this task. diff --git a/doc/source/user/quickstart.rst b/doc/source/user/quickstart.rst index 9b125041b4..4b7564f1d1 100644 --- a/doc/source/user/quickstart.rst +++ b/doc/source/user/quickstart.rst @@ -245,6 +245,15 @@ Install Kolla for development cp kolla-ansible/ansible/inventory/* . +Install Ansible Galaxy requirements +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Install Ansible Galaxy dependencies (Yoga release onwards): + +.. code-block:: console + + kolla-ansible install-deps + Configure Ansible ~~~~~~~~~~~~~~~~~ diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000000..82f922e6ba --- /dev/null +++ b/requirements.yml @@ -0,0 +1,5 @@ +--- +collections: + - name: https://opendev.org/openstack/ansible-collection-kolla + type: git + version: master diff --git a/setup.cfg b/setup.cfg index 28249f24cd..103d8d16e1 100644 --- a/setup.cfg +++ b/setup.cfg @@ -37,6 +37,7 @@ data_files = share/kolla-ansible = tools/init-runonce share/kolla-ansible = tools/init-vpn share/kolla-ansible = setup.cfg + share/kolla-ansible = requirements.yml scripts = tools/kolla-ansible diff --git a/tests/run.yml b/tests/run.yml index d372d7e597..5d47ffda2a 100644 --- a/tests/run.yml +++ b/tests/run.yml @@ -14,6 +14,7 @@ set_fact: kolla_inventory_path: "/etc/kolla/inventory" logs_dir: "/tmp/logs" + ansible_collection_kolla_src_dir: "{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/ansible-collection-kolla" kolla_ansible_src_dir: "{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible" kolla_ansible_local_src_dir: "{{ zuul.executor.work_root }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible" infra_dockerhub_mirror: "http://{{ zuul_site_mirror_fqdn }}:8082/" @@ -71,9 +72,9 @@ set_fact: need_build_image: true when: - # NOTE(yoctozepto): if there is any tested change that does not belong to kolla-ansible, - # then kolla images should be built - - item.project.short_name != "kolla-ansible" + # NOTE(yoctozepto): build container images if there is any tested + # change that impacts them. + - item.project.short_name not in ["ansible-collection-kolla", "kayobe", "kolla-ansible"] with_items: "{{ zuul['items'] }}" # NOTE(yoctozepto): required to template template_overrides.j2 for Zuul @@ -85,6 +86,17 @@ - block: # NOTE(mgoddard): This only affects the remote copy of the repo, not the # one on the executor. + - name: checkout the previous ansible-collection-kolla branch + shell: + cmd: | + git checkout stable/{{ previous_release | lower }} + echo "ansible-collection-kolla checked out to:" + git log --pretty=oneline -1 + chdir: "{{ ansible_collection_kolla_src_dir }}" + # TODO(mgoddard): Do this unconditionally when previous_release is + # yoga. + when: previous_release != 'xena' + - name: checkout the previous kolla-ansible branch shell: cmd: | @@ -187,6 +199,26 @@ dest: ironic-agent.kernel when: scenario == "ironic" + # TODO(mgoddard): Do this unconditionally when previous_release is yoga. + - block: + - name: slurp requirements.yml + slurp: + src: "{{ kolla_ansible_src_dir }}/requirements.yml" + register: requirements_yml + + - name: write requirements.yml + copy: + content: "{{ new_requirements | to_nice_yaml }}" + dest: "{{ kolla_ansible_src_dir }}/requirements.yml" + vars: + old_requirements: "{{ requirements_yml.content | b64decode | from_yaml }}" + new_requirement: + name: "{{ ansible_collection_kolla_src_dir }}" + type: dir + new_requirements: + collections: "{{ (old_requirements.collections | rejectattr('name', 'search', 'ansible-collection-kolla') | list) + [new_requirement] }}" + when: not is_upgrade or previous_release != 'xena' + - name: ensure /etc/ansible exists file: path: /etc/ansible @@ -214,6 +246,12 @@ ansible{{ ansible_version_constraint }} ara<1.0.0 + # TODO(mgoddard): do this unconditionally when previous release is Yoga. + - name: install Ansible collections + command: >- + kolla-ansible install-deps + when: not is_upgrade or previous_release != 'xena' + - name: get ARA callback plugin path command: "python3 -m ara.setup.callback_plugins" changed_when: false @@ -506,6 +544,14 @@ - block: # NOTE(mgoddard): This only affects the remote copy of the repo, not the # one on the executor. + - name: checkout the current ansible-collection-kolla branch + shell: + cmd: | + git checkout {{ zuul.branch }} + echo "ansible-collection-kolla checked out to:" + git log --pretty=oneline -1 + chdir: "{{ ansible_collection_kolla_src_dir }}" + - name: checkout the current kolla-ansible branch shell: cmd: | @@ -540,12 +586,33 @@ dest: /etc/kolla/config/nova/nova-compute.conf when: item.when | default(true) + - name: slurp requirements.yml + slurp: + src: "{{ kolla_ansible_src_dir }}/requirements.yml" + register: requirements_yml + + - name: write requirements.yml + copy: + content: "{{ new_requirements | to_nice_yaml }}" + dest: "{{ kolla_ansible_src_dir }}/requirements.yml" + vars: + old_requirements: "{{ requirements_yml.content | b64decode | from_yaml }}" + new_requirement: + name: "{{ ansible_collection_kolla_src_dir }}" + type: dir + new_requirements: + collections: "{{ (old_requirements.collections | rejectattr('name', 'search', 'ansible-collection-kolla') | list) + [new_requirement] }}" + - name: upgrade kolla-ansible command: >- python3 -m pip install --user -c {{ upper_constraints_file }} {{ kolla_ansible_src_dir }} + - name: install Ansible collections + command: >- + kolla-ansible install-deps + # Update passwords.yml to include any new passwords added in this # release. - name: move passwords.yml to passwords.yml.old diff --git a/tools/kolla-ansible b/tools/kolla-ansible index 96c64e728b..23c08f23be 100755 --- a/tools/kolla-ansible +++ b/tools/kolla-ansible @@ -124,6 +124,15 @@ function find_base_dir { fi } +function install_deps { + echo "Installing Ansible Galaxy dependencies" + ansible-galaxy collection install -r ${BASEDIR}/requirements.yml --force + if [[ $? -ne 0 ]]; then + echo "ERROR: Failed to install Ansible Galaxy dependencies" >&2 + exit 1 + fi +} + function process_cmd { echo "$ACTION : $CMD" $CMD @@ -162,6 +171,7 @@ Environment variables: EXTRA_OPTS Additional arguments to pass to ansible-playbook Commands: + install-deps Install Ansible Galaxy dependencies prechecks Do pre-deployment checks for hosts check Do post-deployment smoke tests mariadb_recovery Recover a completely stopped mariadb cluster @@ -211,6 +221,7 @@ cat <