--- # Copyright 2017, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Fail if service was deployed using a different installation method fail: msg: "Switching installation methods for OpenStack services is not supported" when: - ansible_local is defined - ansible_local.openstack_ansible is defined - ansible_local.openstack_ansible.octavia is defined - ansible_local.openstack_ansible.octavia.install_method is defined - ansible_local.openstack_ansible.octavia.install_method != octavia_install_method - name: Gather variables for each operating system include_vars: "{{ lookup('first_found', params) }}" vars: params: files: - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - "{{ ansible_facts['distribution'] | lower }}.yml" - "{{ ansible_facts['os_family'] | lower }}.yml" paths: - "{{ role_path }}/vars" tags: - always - name: Gather variables for installation method include_vars: "{{ octavia_install_method }}_install.yml" tags: - always - name: Fail if our required secrets are not present fail: msg: "Please set the {{ item }} variable prior to applying this role." when: (item is undefined) or (item is none) with_items: "{{ octavia_required_secrets }}" tags: - always - name: Including osa.db_setup role include_role: name: openstack.osa.db_setup apply: tags: - common-db - octavia-config when: - _octavia_is_first_play_host vars: _oslodb_setup_host: "{{ octavia_db_setup_host }}" _oslodb_ansible_python_interpreter: "{{ octavia_db_setup_python_interpreter }}" _oslodb_setup_endpoint: "{{ octavia_galera_address }}" _oslodb_setup_port: "{{ octavia_galera_port }}" _oslodb_databases: - name: "{{ octavia_galera_database }}" users: - username: "{{ octavia_galera_user }}" password: "{{ octavia_container_mysql_password }}" - name: "{{ octavia_galera_persistence_database }}" condition: "{{ octavia_coordination_enable | bool }}" users: - username: "{{ octavia_galera_user }}" password: "{{ octavia_container_mysql_password }}" tags: - always - name: Including osa.mq_setup role include_role: name: openstack.osa.mq_setup apply: tags: - common-mq - octavia-config when: - _octavia_is_first_play_host vars: _oslomsg_rpc_setup_host: "{{ octavia_oslomsg_rpc_setup_host }}" _oslomsg_rpc_userid: "{{ octavia_oslomsg_rpc_userid }}" _oslomsg_rpc_password: "{{ octavia_oslomsg_rpc_password }}" _oslomsg_rpc_vhost: "{{ octavia_oslomsg_rpc_vhost }}" _oslomsg_rpc_transport: "{{ octavia_oslomsg_rpc_transport }}" _oslomsg_rpc_policies: "{{ octavia_oslomsg_rpc_policies }}" _oslomsg_notify_setup_host: "{{ octavia_oslomsg_notify_setup_host }}" _oslomsg_notify_userid: "{{ octavia_oslomsg_notify_userid }}" _oslomsg_notify_password: "{{ octavia_oslomsg_notify_password }}" _oslomsg_notify_vhost: "{{ octavia_oslomsg_notify_vhost }}" _oslomsg_notify_transport: "{{ octavia_oslomsg_notify_transport }}" _oslomsg_notify_policies: "{{ octavia_oslomsg_notify_policies }}" _oslomsg_notify_configure: "{{ octavia_oslomsg_notify_configure }}" tags: - always - name: Gather variables for installation method include_vars: "{{ octavia_install_method }}_install.yml" tags: - always - name: Importing octavia_pre_install tasks import_tasks: octavia_pre_install.yml tags: - octavia-install - name: Create and install SSL certificates include_role: name: pki apply: tags: - octavia-config - pki vars: pki_setup_host: "{{ octavia_cert_setup_host }}" pki_dir: "{{ octavia_cert_dir }}" pki_create_ca: "{{ octavia_generate_ca }}" pki_regen_ca: "{{ octavia_regenerate_ca }}" pki_authorities: "{{ octavia_cert_authorities }}" pki_create_certificates: "{{ octavia_generate_client_cert }}" pki_regen_cert: "{{ octavia_regenerate_client_cert }}" pki_certificates: "{{ octavia_cert_certificates }}" pki_install_certificates: "{{ octavia_cert_install_certificates }}" when: - (octavia_generate_certs | bool) or (octavia_backend_ssl | bool) or (octavia_ovn_ssl | bool) tags: - always - name: Assemble SSL certificates assemble: src: /etc/octavia/certs/ dest: /etc/octavia/certs/client.pem regexp: '(client\.pem\.crt|client\.pem\.key)$' owner: "{{ octavia_system_user_name }}" group: "{{ octavia_system_group_name }}" mode: "0640" notify: - Restart octavia services - Restart uwsgi services when: - octavia_generate_certs | bool tags: - octavia-config - octavia-install - name: Importing octavia_install tasks import_tasks: octavia_install.yml tags: - octavia-install - name: Import uwsgi role import_role: name: uwsgi vars: uwsgi_services: "{{ uwsgi_octavia_services }}" uwsgi_install_method: "{{ octavia_install_method }}" tags: - octavia-config - uwsgi - name: Run the systemd service role import_role: name: systemd_service vars: systemd_after_targets: "{{ service_var.after_targets | default(['syslog.target', 'network.target']) }}" systemd_user_name: "{{ octavia_system_user_name }}" systemd_group_name: "{{ octavia_system_group_name }}" systemd_tempd_prefix: openstack systemd_slice_name: "{{ octavia_system_slice_name }}" systemd_lock_dir: "{{ octavia_lock_dir }}" systemd_service_cpu_accounting: true systemd_service_block_io_accounting: true systemd_service_memory_accounting: true systemd_service_tasks_accounting: true systemd_services: "{{ filtered_octavia_services }}" tags: - octavia-config - systemd-service - name: Including osa.service_setup role include_role: name: openstack.osa.service_setup apply: tags: - common-service - octavia-config vars: _service_adminuri_insecure: "{{ keystone_service_adminuri_insecure }}" _service_in_ldap: "{{ octavia_service_in_ldap }}" _service_setup_host: "{{ octavia_service_setup_host }}" _service_setup_host_python_interpreter: "{{ octavia_service_setup_host_python_interpreter }}" _service_project_name: "{{ octavia_service_project_name }}" _service_region: "{{ octavia_service_region }}" _service_users: - name: "{{ octavia_service_user_name }}" password: "{{ octavia_service_password }}" role: "{{ octavia_service_role_names }}" - role: load-balancer_observer - role: load-balancer_global_observer - role: load-balancer_member - role: load-balancer_admin - role: load-balancer_quota_admin _service_endpoints: - service: "{{ octavia_service_name }}" interface: "public" url: "{{ octavia_service_publicuri }}" - service: "{{ octavia_service_name }}" interface: "internal" url: "{{ octavia_service_internaluri }}" - service: "{{ octavia_service_name }}" interface: "admin" url: "{{ octavia_service_adminuri }}" _service_catalog: - name: "{{ octavia_service_name }}" type: "{{ octavia_service_type }}" description: "{{ octavia_service_description }}" when: _octavia_is_first_play_host tags: - always - name: Including octavia_resources tasks include_tasks: octavia_resources.yml args: apply: tags: - octavia-config - octavia-resources when: - _octavia_is_first_play_host tags: - octavia-config - octavia-resources - name: Importing octavia_post_install tasks import_tasks: octavia_post_install.yml tags: - octavia-install - octavia-config - post-install - name: Importing octavia_db_sync tasks import_tasks: octavia_db_sync.yml when: - _octavia_is_first_play_host tags: - octavia-install - name: Importing octavia_policy tasks import_tasks: octavia_policy.yml tags: - octavia-install - octavia-config - octavia-policy-override - name: Flush handlers meta: flush_handlers