67607c679e
Added c9s jobs are non voting, as agreed on PTG to focus on Rocky Linux 9.
Since both CS9 and RL9 have higher default fd limit (1073741816 vs
1048576 in CS8) - lowering that for:
* RMQ - because Erlang allocates memory based on this (see [1], [2], [3]).
* MariaDB - because Galera cluster bootstrap failed
Changed openvswitch_db healthcheck, because for unknown reason
the usual check (using lsof on /run/openvswitch/db.sock) is hanging
on "Bad file descriptor" (even with privileged: true).
[1]: https://github.com/docker-library/rabbitmq/issues/545
[2]: https://github.com/rabbitmq/cluster-operator/issues/959#issuecomment-1043280324
[3]: a8b627aaed
Depends-On: https://review.opendev.org/c/openstack/tenks/+/856296
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/856328
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/856443
Needed-By: https://review.opendev.org/c/openstack/kolla/+/836664
Co-Authored-By: Michał Nasiadka <mnasiadka@gmail.com>
Change-Id: I3f7b480519aea38c3927bee7fb2c23eea178554d
152 lines
4.8 KiB
YAML
152 lines
4.8 KiB
YAML
---
|
|
- hosts: all
|
|
any_errors_fatal: true
|
|
vars:
|
|
logs_dir: "/tmp/logs"
|
|
roles:
|
|
- multi-node-firewall
|
|
- role: multi-node-vxlan-overlay
|
|
vars:
|
|
vxlan_interface_name: "{{ api_interface_name }}"
|
|
vxlan_vni: 10000
|
|
- role: multi-node-managed-addressing
|
|
vars:
|
|
managed_interface_name: "{{ api_interface_name }}"
|
|
managed_network_prefix: "{{ api_network_prefix }}"
|
|
managed_network_prefix_length: "{{ api_network_prefix_length }}"
|
|
managed_network_address_family: "{{ address_family }}"
|
|
# NOTE(yoctozepto): no addressing for neutron_external_interface in here
|
|
# because it is enslaved by a bridge
|
|
- role: multi-node-vxlan-overlay
|
|
vars:
|
|
vxlan_interface_name: "{{ neutron_external_vxlan_interface_name }}"
|
|
vxlan_vni: 10001
|
|
- role: bridge
|
|
vars:
|
|
bridge_name: "{{ neutron_external_bridge_name }}"
|
|
bridge_member_name: "{{ neutron_external_vxlan_interface_name }}"
|
|
# TODO(mnasiadka): Update ipv6 jobs to test ipv6 in Neutron
|
|
- role: multi-node-managed-addressing
|
|
vars:
|
|
managed_interface_name: "{{ neutron_external_bridge_name }}"
|
|
managed_network_prefix: "{{ neutron_external_network_prefix }}"
|
|
managed_network_prefix_length: "{{ neutron_external_network_prefix_length }}"
|
|
managed_network_address_family: "ipv4"
|
|
- role: veth
|
|
vars:
|
|
veth_pair:
|
|
- "veth-{{ neutron_external_bridge_name }}"
|
|
- "veth-{{ neutron_external_bridge_name }}-ext"
|
|
bridge_name: "{{ neutron_external_bridge_name }}"
|
|
tasks:
|
|
# NOTE(yoctozepto): we use gawk to add time to each logged line
|
|
# outside of Ansible (e.g. for init-runonce)
|
|
- name: Install gawk and Python modules (Debian/Ubuntu)
|
|
apt:
|
|
name:
|
|
- gawk
|
|
- python3-pip
|
|
- python3-setuptools
|
|
- python3-wheel
|
|
become: true
|
|
when: ansible_facts.os_family == 'Debian'
|
|
|
|
# NOTE(mnasiadka): python3-wheel is in crb repo for EL9
|
|
- name: Install gawk and Python modules (RedHat)
|
|
dnf:
|
|
enablerepo: "crb"
|
|
name:
|
|
- gawk
|
|
- python3-pip
|
|
- python3-setuptools
|
|
- python3-wheel
|
|
become: true
|
|
when: ansible_facts.os_family == 'RedHat'
|
|
|
|
- name: Ensure /tmp/logs/ dir
|
|
file:
|
|
path: "{{ logs_dir }}"
|
|
state: "directory"
|
|
|
|
- name: Ensure /tmp/logs/pre dir
|
|
file:
|
|
path: "{{ logs_dir }}/pre"
|
|
state: "directory"
|
|
|
|
- name: Run diagnostics script
|
|
environment:
|
|
LOG_DIR: "{{ logs_dir }}/pre"
|
|
KOLLA_INTERNAL_VIP_ADDRESS: "{{ kolla_internal_vip_address }}"
|
|
script: get_logs.sh
|
|
register: get_logs_result
|
|
become: true
|
|
failed_when: false
|
|
|
|
- name: Print get_logs output
|
|
debug:
|
|
msg: "{{ get_logs_result.stdout }}"
|
|
|
|
- name: Ensure node directories
|
|
file:
|
|
path: "{{ logs_dir }}/{{ item }}"
|
|
state: "directory"
|
|
mode: 0777
|
|
with_items:
|
|
- "docker_logs"
|
|
- "kolla_configs"
|
|
- "system_logs"
|
|
- "kolla"
|
|
- "ansible"
|
|
|
|
# NOTE(yoctozepto): let's observe forwarding behavior
|
|
- name: iptables - LOG FORWARD
|
|
become: true
|
|
iptables:
|
|
state: present
|
|
action: append
|
|
chain: FORWARD
|
|
jump: LOG
|
|
log_prefix: 'iptables FORWARD: '
|
|
|
|
- name: set new hostname based on ansible inventory file
|
|
hostname:
|
|
name: "{{ inventory_hostname }}"
|
|
use: systemd
|
|
become: true
|
|
|
|
# NOTE(wxy): There are some issues on openEuler, fix them by hand.
|
|
# 1. iptables-legacy is used by default.
|
|
# 2. NTP sync doesn't work by default.
|
|
- block:
|
|
# The Ubuntu 22.04 in container uses iptables-nft while the host
|
|
# openEuler 22.03 uses iptables-legacy by default. We should update
|
|
# openEuler to keep iptables the same.
|
|
- name: Set iptables from legacy to nft for container
|
|
shell:
|
|
cmd: |
|
|
dnf install -y iptables-nft
|
|
iptables-save > iptables.txt
|
|
iptables-nft-restore < iptables.txt
|
|
update-alternatives --set iptables /usr/sbin/iptables-nft
|
|
become: true
|
|
|
|
# The command `timedatectl status` always times out if the command
|
|
# `timedatectl show-timesync` is not run first.
|
|
- name: Install systemd-timesyncd
|
|
package:
|
|
name: systemd-timesyncd
|
|
state: present
|
|
become: True
|
|
- name: Let ntp service work
|
|
shell: timedatectl show-timesync
|
|
become: true
|
|
when: ansible_facts.distribution == 'openEuler'
|
|
|
|
- name: Wait for ntp time sync
|
|
command: timedatectl status
|
|
register: timedatectl_status
|
|
changed_when: false
|
|
until: "'synchronized: yes' in timedatectl_status.stdout"
|
|
retries: 90
|
|
delay: 10
|