a4bb8567da
Several config file permissions are incorrect on the host. In general, files should be 0660, and directories and executables 0770. Change-Id: Id276ac1864f280554e98b937f2845bb424d521de Closes-Bug: #1821579
479 lines
15 KiB
YAML
479 lines
15 KiB
YAML
---
|
|
- name: Setting sysctl values
|
|
become: true
|
|
vars:
|
|
neutron_l3_agent: "{{ neutron_services['neutron-l3-agent'] }}"
|
|
sysctl: name={{ item.name }} value={{ item.value }} sysctl_set=yes
|
|
with_items:
|
|
- { name: "net.ipv4.ip_forward", value: 1}
|
|
- { name: "net.ipv4.conf.all.rp_filter", value: "{{ neutron_l3_agent_host_rp_filter_mode }}"}
|
|
- { name: "net.ipv4.conf.default.rp_filter", value: "{{ neutron_l3_agent_host_rp_filter_mode }}"}
|
|
when:
|
|
- set_sysctl | bool
|
|
- (neutron_l3_agent.enabled | bool and neutron_l3_agent.host_in_groups | bool)
|
|
|
|
- name: Ensuring config directories exist
|
|
become: true
|
|
file:
|
|
path: "{{ node_config_directory }}/{{ item.key }}"
|
|
state: "directory"
|
|
owner: "{{ config_owner_user }}"
|
|
group: "{{ config_owner_group }}"
|
|
mode: "0770"
|
|
when:
|
|
- item.value.enabled | bool
|
|
- item.value.host_in_groups | bool
|
|
with_dict: "{{ neutron_services }}"
|
|
|
|
- name: Check if extra ml2 plugins exists
|
|
local_action: find path="{{ node_custom_config }}/neutron/plugins/"
|
|
run_once: True
|
|
changed_when: False
|
|
register: check_extra_ml2_plugins
|
|
|
|
- name: Copying over config.json files for services
|
|
become: true
|
|
template:
|
|
src: "{{ item.key }}.json.j2"
|
|
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
|
|
mode: "0660"
|
|
register: neutron_config_jsons
|
|
when:
|
|
- item.value.enabled | bool
|
|
- item.value.host_in_groups | bool
|
|
with_dict: "{{ neutron_services }}"
|
|
notify:
|
|
- "Restart {{ item.key }} container"
|
|
|
|
- name: Copying over neutron.conf
|
|
become: true
|
|
vars:
|
|
service_name: "{{ item.key }}"
|
|
services_need_neutron_conf:
|
|
- "ironic-neutron-agent"
|
|
- "neutron-dhcp-agent"
|
|
- "neutron-l3-agent"
|
|
- "neutron-linuxbridge-agent"
|
|
- "neutron-metadata-agent"
|
|
- "neutron-metering-agent"
|
|
- "neutron-openvswitch-agent"
|
|
- "neutron-openvswitch-agent-xenapi"
|
|
- "neutron-server"
|
|
- "neutron-lbaas-agent"
|
|
- "neutron-bgp-dragent"
|
|
- "neutron-infoblox-ipam-agent"
|
|
- "neutron-sriov-agent"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/neutron.conf.j2"
|
|
- "{{ node_custom_config }}/global.conf"
|
|
- "{{ node_custom_config }}/neutron.conf"
|
|
- "{{ node_custom_config }}/neutron/{{ item.key }}.conf"
|
|
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/neutron.conf"
|
|
dest: "{{ node_config_directory }}/{{ item.key }}/neutron.conf"
|
|
mode: "0660"
|
|
register: neutron_confs
|
|
when:
|
|
- item.value.enabled | bool
|
|
- item.value.host_in_groups | bool
|
|
- item.key in services_need_neutron_conf
|
|
with_dict: "{{ neutron_services }}"
|
|
notify:
|
|
- "Restart {{ item.key }} container"
|
|
|
|
- name: Copying over neutron_lbaas.conf
|
|
become: true
|
|
vars:
|
|
service_name: "{{ item.key }}"
|
|
services_need_neutron_lbaas_conf:
|
|
- "neutron-server"
|
|
- "neutron-lbaas-agent"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/neutron_lbaas.conf.j2"
|
|
- "{{ node_custom_config }}/neutron/neutron_lbaas.conf"
|
|
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/neutron_lbaas.conf"
|
|
dest: "{{ node_config_directory }}/{{ item.key }}/neutron_lbaas.conf"
|
|
mode: "0660"
|
|
register: neutron_lbaas_confs
|
|
when:
|
|
- item.value.enabled | bool
|
|
- item.value.host_in_groups | bool
|
|
- item.key in services_need_neutron_lbaas_conf
|
|
with_dict: "{{ neutron_services }}"
|
|
notify:
|
|
- "Restart {{ item.key }} container"
|
|
|
|
- name: Copying over neutron_vpnaas.conf
|
|
become: true
|
|
vars:
|
|
service_name: "{{ item.key }}"
|
|
services_need_neutron_vpnaas_conf:
|
|
- "neutron-server"
|
|
- "neutron-l3-agent"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/neutron_vpnaas.conf.j2"
|
|
- "{{ node_custom_config }}/neutron/neutron_vpnaas.conf"
|
|
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/neutron_vpnaas.conf"
|
|
dest: "{{ node_config_directory }}/{{ item.key }}/neutron_vpnaas.conf"
|
|
mode: "0660"
|
|
register: neutron_vpnaas_confs
|
|
when:
|
|
- item.value.enabled | bool
|
|
- item.value.host_in_groups | bool
|
|
- item.key in services_need_neutron_vpnaas_conf
|
|
with_dict: "{{ neutron_services }}"
|
|
notify:
|
|
- "Restart {{ item.key }} container"
|
|
|
|
- name: Copying over ml2_conf.ini
|
|
become: true
|
|
vars:
|
|
service_name: "{{ item.key }}"
|
|
services_need_ml2_conf_ini:
|
|
- "neutron-linuxbridge-agent"
|
|
- "neutron-openvswitch-agent"
|
|
- "neutron-infoblox-ipam-agent"
|
|
- "neutron-server"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/ml2_conf.ini.j2"
|
|
- "{{ node_custom_config }}/neutron/ml2_conf.ini"
|
|
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/ml2_conf.ini"
|
|
dest: "{{ node_config_directory }}/{{ service_name }}/ml2_conf.ini"
|
|
mode: "0660"
|
|
register: neutron_ml2_confs
|
|
when:
|
|
- item.key in services_need_ml2_conf_ini
|
|
- item.value.enabled | bool
|
|
- item.value.host_in_groups | bool
|
|
with_dict: "{{ neutron_services }}"
|
|
notify:
|
|
- "Restart {{ item.key }} container"
|
|
|
|
- name: Copying over ml2_conf.ini for XenAPI
|
|
become: true
|
|
vars:
|
|
service_name: "{{ item.key }}"
|
|
services_need_ml2_conf_ini:
|
|
- "neutron-openvswitch-agent-xenapi"
|
|
os_xenapi_variables: "{{ lookup('file', xenapi_facts_root + '/' + inventory_hostname + '/' + xenapi_facts_file) | from_json }}"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/ml2_conf.ini.j2"
|
|
- "{{ role_path }}/templates/ml2_conf_xenapi.ini.j2"
|
|
- "{{ node_custom_config }}/neutron/ml2_conf.ini"
|
|
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/ml2_conf.ini"
|
|
- "{{ node_custom_config }}/neutron/{{ service_name }}/ml2_conf.ini"
|
|
dest: "{{ node_config_directory }}/{{ service_name }}/ml2_conf.ini"
|
|
mode: "0660"
|
|
register: neutron_ml2_xenapi_confs
|
|
when:
|
|
- item.key in services_need_ml2_conf_ini
|
|
- item.value.enabled | bool
|
|
- item.value.host_in_groups | bool
|
|
with_dict: "{{ neutron_services }}"
|
|
notify:
|
|
- "Restart {{ item.key }} container"
|
|
|
|
- name: Copying over sriov_agent.ini
|
|
vars:
|
|
service_name: "neutron-sriov-agent"
|
|
neutron_sriov_agent: "{{ neutron_services[service_name] }}"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/sriov_agent.ini.j2"
|
|
- "{{ node_custom_config }}/neutron/sriov_agent.ini"
|
|
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/sriov_agent.ini"
|
|
dest: "{{ node_config_directory }}/{{ service_name }}/sriov_agent.ini"
|
|
mode: "0660"
|
|
register: neutron_sriov_agent_ini
|
|
when:
|
|
- neutron_sriov_agent.enabled | bool
|
|
- neutron_sriov_agent.host_in_groups | bool
|
|
notify:
|
|
- "Restart {{ service_name }} container"
|
|
|
|
- name: Copying over dhcp_agent.ini
|
|
become: true
|
|
vars:
|
|
service_name: "neutron-dhcp-agent"
|
|
neutron_dhcp_agent: "{{ neutron_services[service_name] }}"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/dhcp_agent.ini.j2"
|
|
- "{{ node_custom_config }}/neutron/dhcp_agent.ini"
|
|
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/dhcp_agent.ini"
|
|
dest: "{{ node_config_directory }}/{{ service_name }}/dhcp_agent.ini"
|
|
mode: "0660"
|
|
register: dhcp_agent_ini
|
|
when:
|
|
- neutron_dhcp_agent.enabled | bool
|
|
- neutron_dhcp_agent.host_in_groups | bool
|
|
notify:
|
|
- "Restart {{ service_name }} container"
|
|
|
|
- name: Copying over dnsmasq.conf
|
|
become: true
|
|
vars:
|
|
service_name: "neutron-dhcp-agent"
|
|
neutron_dhcp_agent: "{{ neutron_services[service_name] }}"
|
|
template:
|
|
src: "dnsmasq.conf.j2"
|
|
dest: "{{ node_config_directory }}/{{ service_name }}/dnsmasq.conf"
|
|
mode: "0660"
|
|
register: dnsmasq_conf
|
|
when:
|
|
- neutron_dhcp_agent.enabled | bool
|
|
- neutron_dhcp_agent.host_in_groups | bool
|
|
notify:
|
|
- "Restart {{ service_name }} container"
|
|
|
|
- name: Copying over l3_agent.ini
|
|
become: true
|
|
vars:
|
|
service_name: "{{ item.key }}"
|
|
services_need_l3_agent_ini:
|
|
- "neutron-l3-agent"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/l3_agent.ini.j2"
|
|
- "{{ node_custom_config }}/neutron/l3_agent.ini"
|
|
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/l3_agent.ini"
|
|
dest: "{{ node_config_directory }}/{{ service_name }}/l3_agent.ini"
|
|
mode: "0660"
|
|
register: neutron_l3_agent_inis
|
|
when:
|
|
- item.key in services_need_l3_agent_ini
|
|
- item.value.enabled | bool
|
|
- item.value.host_in_groups | bool
|
|
with_dict: "{{ neutron_services }}"
|
|
notify:
|
|
- "Restart {{ item.key }} container"
|
|
|
|
- name: Copying over fwaas_driver.ini
|
|
become: true
|
|
vars:
|
|
service_name: "{{ item.key }}"
|
|
services_need_fwaas_driver_ini:
|
|
- "neutron-server"
|
|
- "neutron-l3-agent"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/fwaas_driver.ini.j2"
|
|
- "{{ node_custom_config }}/neutron/fwaas_driver.ini"
|
|
dest: "{{ node_config_directory }}/{{ service_name }}/fwaas_driver.ini"
|
|
mode: "0660"
|
|
register: neutron_fwaas_driver_inis
|
|
when:
|
|
- item.key in services_need_fwaas_driver_ini
|
|
- item.value.enabled | bool
|
|
- item.value.host_in_groups | bool
|
|
with_dict: "{{ neutron_services }}"
|
|
notify:
|
|
- "Restart {{ item.key }} container"
|
|
|
|
- name: Copying over metadata_agent.ini
|
|
become: true
|
|
vars:
|
|
service_name: "neutron-metadata-agent"
|
|
neutron_metadata_agent: "{{ neutron_services[service_name] }}"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/metadata_agent.ini.j2"
|
|
- "{{ node_custom_config }}/neutron/metadata_agent.ini"
|
|
dest: "{{ node_config_directory }}/{{ service_name }}/metadata_agent.ini"
|
|
mode: "0660"
|
|
register: neutron_metadata_agent_ini
|
|
when:
|
|
- neutron_metadata_agent.enabled | bool
|
|
- neutron_metadata_agent.host_in_groups | bool
|
|
notify:
|
|
- "Restart {{ service_name }} container"
|
|
|
|
- name: Copying over lbaas_agent.ini
|
|
become: true
|
|
vars:
|
|
service_name: "neutron-lbaas-agent"
|
|
neutron_lbaas_agent: "{{ neutron_services[service_name] }}"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/lbaas_agent.ini.j2"
|
|
- "{{ node_custom_config }}/neutron/lbaas_agent.ini"
|
|
dest: "{{ node_config_directory }}/{{ service_name }}/lbaas_agent.ini"
|
|
mode: "0660"
|
|
register: neutron_lbaas_agent_ini
|
|
when:
|
|
- neutron_lbaas_agent.enabled | bool
|
|
- neutron_lbaas_agent.host_in_groups | bool
|
|
notify:
|
|
- "Restart {{ service_name }} container"
|
|
|
|
- name: Copying over metering_agent.ini
|
|
become: true
|
|
vars:
|
|
service_name: "neutron-metering-agent"
|
|
neutron_metering_agent: "{{ neutron_services[service_name] }}"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/metering_agent.ini.j2"
|
|
- "{{ node_custom_config }}/neutron/metering_agent.ini"
|
|
dest: "{{ node_config_directory }}/{{ service_name }}/metering_agent.ini"
|
|
mode: "0660"
|
|
register: neutron_metering_agent_ini
|
|
when:
|
|
- neutron_metering_agent.enabled | bool
|
|
- neutron_metering_agent.host_in_groups | bool
|
|
notify:
|
|
- "Restart {{ service_name }} container"
|
|
|
|
- name: Copying over ironic_neutron_agent.ini
|
|
become: true
|
|
vars:
|
|
service_name: "ironic-neutron-agent"
|
|
ironic_neutron_agent: "{{ neutron_services[service_name] }}"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/ironic_neutron_agent.ini.j2"
|
|
- "{{ node_custom_config }}/neutron/ironic_neutron_agent.ini"
|
|
dest: "{{ node_config_directory }}/{{ service_name }}/ironic_neutron_agent.ini"
|
|
mode: "0660"
|
|
register: ironic_neutron_agent_ini
|
|
when:
|
|
- ironic_neutron_agent.enabled | bool
|
|
- ironic_neutron_agent.host_in_groups | bool
|
|
notify:
|
|
- "Restart {{ service_name }} container"
|
|
|
|
- name: Copying over bgp_dragent.ini
|
|
become: true
|
|
vars:
|
|
service_name: "neutron-bgp-dragent"
|
|
neutron_bgp_dragent: "{{ neutron_services[service_name] }}"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/bgp_dragent.ini.j2"
|
|
- "{{ node_custom_config }}/neutron/bgp_dragent.ini"
|
|
dest: "{{ node_config_directory }}/{{ service_name }}/bgp_dragent.ini"
|
|
mode: "0660"
|
|
register: neutron_bgp_dragent_ini
|
|
when:
|
|
- neutron_bgp_dragent.enabled | bool
|
|
- neutron_bgp_dragent.host_in_groups | bool
|
|
notify:
|
|
- "Restart {{ service_name }} container"
|
|
|
|
- name: Check if policies shall be overwritten
|
|
local_action: stat path="{{ node_custom_config }}/neutron/policy.json"
|
|
run_once: True
|
|
register: neutron_policy
|
|
|
|
- name: Copying over nsx.ini
|
|
vars:
|
|
service_name: "neutron-server"
|
|
neutron_server: "{{ neutron_services[service_name] }}"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/nsx.ini.j2"
|
|
- "{{ node_custom_config }}/neutron/nsx.ini"
|
|
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/nsx.ini"
|
|
dest: "{{ node_config_directory }}/{{ service_name }}/nsx.ini"
|
|
mode: "0660"
|
|
register: nsx_ini
|
|
when:
|
|
- neutron_server.enabled | bool
|
|
- neutron_server.host_in_groups | bool
|
|
- neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs']
|
|
notify:
|
|
- "Restart {{ service_name }} container"
|
|
|
|
- name: Copying over existing policy.json
|
|
become: true
|
|
vars:
|
|
service_name: "{{ item.key }}"
|
|
services_need_policy_json:
|
|
- "neutron-dhcp-agent"
|
|
- "neutron-l3-agent"
|
|
- "neutron-linuxbridge-agent"
|
|
- "neutron-metadata-agent"
|
|
- "neutron-metering-agent"
|
|
- "neutron-openvswitch-agent"
|
|
- "neutron-openvswitch-agent-xenapi"
|
|
- "neutron-server"
|
|
- "neutron-lbaas-agent"
|
|
- "neutron-bgp-dragent"
|
|
- "neutron-sriov-agent"
|
|
template:
|
|
src: "{{ node_custom_config }}/neutron/policy.json"
|
|
dest: "{{ node_config_directory }}/{{ service_name }}/policy.json"
|
|
mode: "0660"
|
|
register: policy_jsons
|
|
when:
|
|
- neutron_policy.stat.exists
|
|
- item.value.enabled | bool
|
|
- item.value.host_in_groups | bool
|
|
with_dict: "{{ neutron_services }}"
|
|
notify:
|
|
- "Restart {{ item.key }} container"
|
|
|
|
- name: Copy neutron-l3-agent-wrapper script
|
|
become: true
|
|
vars:
|
|
service_name: "neutron-l3-agent"
|
|
service: "{{ neutron_services[service_name] }}"
|
|
template:
|
|
src: neutron-l3-agent-wrapper.sh.j2
|
|
dest: "{{ node_config_directory }}/{{ service_name }}/neutron-l3-agent-wrapper.sh"
|
|
mode: "0770"
|
|
register: neutron_l3_agent_wrapper
|
|
when:
|
|
- service.enabled | bool
|
|
- service.host_in_groups | bool
|
|
notify:
|
|
- "Restart {{ service_name }} container"
|
|
|
|
- name: Copying over extra ml2 plugins
|
|
become: true
|
|
vars:
|
|
service_name: "{{ item.0 }}"
|
|
services_need_ml2_conf_ini:
|
|
- "neutron-linuxbridge-agent"
|
|
- "neutron-openvswitch-agent"
|
|
- "neutron-server"
|
|
template:
|
|
src: "{{ item.2.path }}"
|
|
dest: "{{ node_config_directory }}/{{ service_name }}/{{ item.2.path | basename }}"
|
|
mode: "0660"
|
|
register: extra_ml2_plugins
|
|
when:
|
|
- item.2 is defined
|
|
- item.1.enabled | bool
|
|
- item.1.host_in_groups | bool
|
|
- service_name in services_need_ml2_conf_ini
|
|
with_nested:
|
|
- "{{ neutron_services | dictsort }}"
|
|
- "{{ check_extra_ml2_plugins.files }}"
|
|
notify:
|
|
- "Restart {{ item.0 }} container"
|
|
|
|
# TODO check the environment change
|
|
- name: Check neutron containers
|
|
become: true
|
|
kolla_docker:
|
|
action: "compare_container"
|
|
common_options: "{{ docker_common_options }}"
|
|
name: "{{ item.value.container_name }}"
|
|
image: "{{ item.value.image }}"
|
|
privileged: "{{ item.value.privileged | default(False) }}"
|
|
volumes: "{{ item.value.volumes }}"
|
|
dimensions: "{{ item.value.dimensions }}"
|
|
register: check_neutron_containers
|
|
when:
|
|
- kolla_action != "config"
|
|
- item.value.enabled | bool
|
|
- item.value.host_in_groups | bool
|
|
with_dict: "{{ neutron_services }}"
|
|
notify:
|
|
- "Restart {{ item.key }} container"
|