openstack/openstack-ansible-os_nova
Code Issues Proposed changes
openstack-ansible-os_nova/tests/test-install-neutron.yml
Jean-Philippe Evrard 451fb1c45f fixing the network issues of nova testing 
Currently we use the network attached to lxcbr0 for mgmt network
However we define lxcbr0 - eth1 as mgmt later, which makes two
NICs in the containers (eth0 and eth1) having the same network.
This causes network issues if not properly configured.

To make things simple, this commit creates a br-mgmt network
and leaves the lxcbr0 alone.

On top of this, iptables were not properly applied.

Change-Id: I4e83c2cb90455d5bc82b24dd9f2f0c7e89d7f842
2016-05-19 14:26:52 +00:00

114 lines
3.8 KiB
YAML
Raw Blame History

---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Make /lib/modules accessible on neutron_agent containers
hosts: neutron_agent
user: root
gather_facts: true
tasks:
- name: Use the unconfined aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=unconfined"
delegate_to: "{{ physical_host }}"
- name: Neutron extra lxc config
lxc_container:
name: "{{ container_name }}"
container_command: |
[[ ! -d "/lib/modules" ]] && mkdir -p "/lib/modules"
container_config:
- "lxc.cgroup.devices.allow=a *:* rmw"
- "lxc.mount.entry=/lib/modules lib/modules none bind 0 0"
delegate_to: "{{ physical_host }}"
- name: Wait for ssh to be available
local_action:
module: wait_for
port: "{{ ansible_ssh_port | default('22') }}"
host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
search_regex: OpenSSH
delay: 1
- name: Add iptables rule for communication w/ metadata agent
command: /sbin/iptables -t mangle -A POSTROUTING -p tcp --sport 80 -j CHECKSUM --checksum-fill
- name: Deploy neutron
hosts: neutron_all
user: root
gather_facts: true
pre_tasks:
# NOTE: These are typically installed in the repo server where we build the
# neutron wheel
- name: Install packages required to build neutron python package
apt:
name: "{{ item }}"
with_items:
- libffi-dev
when: inventory_hostname in groups['neutron_all']
- name: Ensure rabbitmq vhost
rabbitmq_vhost:
name: "{{ neutron_rabbitmq_vhost }}"
state: "present"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['neutron_all'][0]
tags:
- neutron-rabbitmq
- neutron-rabbitmq-vhost
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ neutron_rabbitmq_userid }}"
password: "{{ neutron_rabbitmq_password }}"
vhost: "{{ neutron_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['neutron_all'][0]
tags:
- neutron-rabbitmq
- neutron-rabbitmq-user
- name: Create DB for service
mysql_db:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ neutron_galera_database }}"
state: "present"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['neutron_all'][0]
tags:
- mysql-db-setup
- name: Grant access to the DB for the service
mysql_user:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ neutron_galera_database }}"
password: "{{ neutron_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ neutron_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['neutron_all'][0]
tags:
- mysql-db-setup
roles:
- role: "os_neutron"
vars_files:
- test-vars.yml
View Git Blame Copy Permalink