--- # Copyright 2016, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - include: common/setting-nodepool-variables.yml - name: Make /lib/modules accessible on neutron_agent containers hosts: neutron_agent user: root become: true gather_facts: true tasks: - name: Use the unconfined aa profile lxc_container: name: "{{ container_name }}" container_config: - "lxc.aa_profile=unconfined" delegate_to: "{{ physical_host }}" - name: Set mount path for kernel modules (Ubuntu) set_fact: kernel_module_path: "lib/modules" when: ansible_pkg_mgr == 'apt' - name: Set mount path for kernel modules (CentOS) set_fact: kernel_module_path: "usr/lib/modules" when: ansible_pkg_mgr in ['yum', 'dnf'] - name: Neutron extra lxc config lxc_container: name: "{{ container_name }}" container_command: | [[ ! -d "/{{ kernel_module_path }}" ]] && mkdir -p "/{{ kernel_module_path }}" container_config: - "lxc.cgroup.devices.allow=a *:* rmw" - "lxc.mount.entry=/{{ kernel_module_path }} {{ kernel_module_path }} none bind 0 0" delegate_to: "{{ physical_host }}" - name: Wait for ssh to be available local_action: module: wait_for port: "{{ ansible_port | default('22') }}" host: "{{ ansible_host | default(inventory_hostname) }}" search_regex: OpenSSH delay: 1 - name: Ensure presence of iptables inside the agent before running the role package: name: iptables state: present - name: Add iptables rule for communication w/ metadata agent command: /sbin/iptables -t mangle -A POSTROUTING -p tcp --sport 80 -j CHECKSUM --checksum-fill - name: Deploy neutron hosts: neutron_all user: root gather_facts: true pre_tasks: # NOTE: These are typically installed in the repo server where we build the # neutron wheel - name: Install packages required to build neutron python package (Ubuntu) apt: name: "{{ item }}" with_items: - libffi-dev when: - inventory_hostname in groups['neutron_all'] - ansible_pkg_mgr == 'apt' - name: Install packages required to build neutron python package (CentOS) yum: name: "{{ item }}" with_items: - libffi-devel when: - inventory_hostname in groups['neutron_all'] - ansible_pkg_mgr in ['yum', 'dnf'] - include: common/ensure-rabbitmq.yml vhost_name: "{{ neutron_rabbitmq_vhost }}" user_name: "{{ neutron_rabbitmq_userid }}" user_password: "{{ neutron_rabbitmq_password }}" - include: common/create-grant-db.yml db_name: "{{ neutron_galera_database }}" db_password: "{{ neutron_container_mysql_password }}" roles: - role: "os_previous_neutron" vars_files: - common/previous/test-vars.yml