Merge "Cleanup/standardize common tasks"
This commit is contained in:
commit
71ba5256c6
36
playbooks/common-tasks/mysql-db-user.yml
Normal file
36
playbooks/common-tasks/mysql-db-user.yml
Normal file
@ -0,0 +1,36 @@
|
||||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Create DB for service
|
||||
mysql_db:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ login_host }}"
|
||||
name: "{{ db_name }}"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
|
||||
- name: Grant access to the DB for the service
|
||||
mysql_user:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ login_host }}"
|
||||
name: "{{ user_name }}"
|
||||
password: "{{ password }}"
|
||||
host: "{{ item }}"
|
||||
state: "present"
|
||||
priv: "{{ db_name }}.*:ALL"
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
with_items: "{{ grant_list | default(['localhost', '%']) }}"
|
42
playbooks/common-tasks/os-log-dir-setup.yml
Normal file
42
playbooks/common-tasks/os-log-dir-setup.yml
Normal file
@ -0,0 +1,42 @@
|
||||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Usage:
|
||||
# This common task is used to create log directories and links
|
||||
# if the "log_dirs" list is passed. "log_dirs" must be used
|
||||
# containing at least one dictionary with the keys "dest" and
|
||||
# "src". Optionally the "owner" and "group" can be provided as well.
|
||||
# * dest = destination
|
||||
# * src = source
|
||||
# * owner = user
|
||||
# * group = group
|
||||
|
||||
- name: Create log dir
|
||||
file:
|
||||
path: "{{ item.src }}"
|
||||
state: directory
|
||||
with_items: "{{ log_dirs }}"
|
||||
when: is_metal | bool
|
||||
|
||||
- name: Create log aggregation links
|
||||
file:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "{{ item.owner|default(omit) }}"
|
||||
group: "{{ item.group|default(omit) }}"
|
||||
state: "link"
|
||||
force: "yes"
|
||||
with_items: "{{ log_dirs }}"
|
||||
when: is_metal | bool
|
89
playbooks/common-tasks/os-lxc-container-setup.yml
Normal file
89
playbooks/common-tasks/os-lxc-container-setup.yml
Normal file
@ -0,0 +1,89 @@
|
||||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Usage:
|
||||
# This common task will update lxc containers to use the lxc-openstack
|
||||
# app-armor profile by default however this profile can be changed as needed.
|
||||
|
||||
# This will also load in a list of bind mounts for a given container. To load
|
||||
# in a list of bind mounts the variable, "list_of_bind_mounts" must be used
|
||||
# containing at least one dictionary with the keys "bind_dir_path",
|
||||
# "relative_bind_dir_path", and "mount_path".
|
||||
# * bind_dir_path = Container path used in a bind mount
|
||||
# * mount_path = Local path on the physical host used for a bind mount
|
||||
|
||||
# If extra container configurations are desirable set the
|
||||
# "extra_container_config" list to strings containing the options needed.
|
||||
|
||||
- name: Set the LXC app-armor profile
|
||||
lxc_container:
|
||||
name: "{{ inventory_hostname }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile={{ aa_profile | default('lxc-openstack') }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when:
|
||||
- not is_metal | bool
|
||||
register: _cp
|
||||
|
||||
- name: Ensure mount directories exists
|
||||
file:
|
||||
path: "{{ item['mount_path'] }}"
|
||||
state: "directory"
|
||||
with_items: "{{ list_of_bind_mounts | default([]) }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when:
|
||||
- list_of_bind_mounts is defined
|
||||
- not is_metal | bool
|
||||
|
||||
- name: LXC Directory bind mount
|
||||
lxc_container:
|
||||
name: "{{ inventory_hostname }}"
|
||||
container_command: |
|
||||
[[ ! -d "{{ item['bind_dir_path'] }}" ]] && mkdir -p "{{ item['bind_dir_path'] }}"
|
||||
container_config:
|
||||
- "lxc.mount.entry={{ item['mount_path'] }} {{ item['bind_dir_path'].lstrip('/') }} none bind 0 0"
|
||||
with_items: "{{ list_of_bind_mounts | default([]) }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
register: _bm
|
||||
when:
|
||||
- list_of_bind_mounts is defined
|
||||
- not is_metal | bool
|
||||
|
||||
- name: Extra lxc config
|
||||
lxc_container:
|
||||
name: "{{ inventory_hostname }}"
|
||||
container_config: "{{ extra_container_config }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when:
|
||||
- extra_container_config is defined
|
||||
- not is_metal | bool
|
||||
register: _ec
|
||||
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when:
|
||||
- >
|
||||
(_cp is defined and _cp | changed) or
|
||||
(_bm is defined and _bm | changed) or
|
||||
(_ec is defined and _ec | changed)
|
||||
- not is_metal | bool
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check | success
|
||||
retries: 3
|
33
playbooks/common-tasks/rabbitmq-servers-sort.yml
Normal file
33
playbooks/common-tasks/rabbitmq-servers-sort.yml
Normal file
@ -0,0 +1,33 @@
|
||||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Usage:
|
||||
# To use this common task the variable "sort_group_name" needs to be set
|
||||
# This common task will set a fact for "rabbitmq_servers" upon completion.
|
||||
|
||||
- name: Sort the rabbitmq servers
|
||||
dist_sort:
|
||||
value_to_lookup: "{{ container_name }}"
|
||||
ref_list: "{{ groups[sort_group_name] }}"
|
||||
src_list: "{{ rabbitmq_servers }}"
|
||||
register: servers
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: Set rabbitmq servers
|
||||
set_fact:
|
||||
rabbitmq_servers: "{{ servers.sorted_list }}"
|
||||
tags:
|
||||
- always
|
36
playbooks/common-tasks/rabbitmq-vhost-user.yml
Normal file
36
playbooks/common-tasks/rabbitmq-vhost-user.yml
Normal file
@ -0,0 +1,36 @@
|
||||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Usage:
|
||||
# To use this common task to create rabbitmq virtual hosts if needed
|
||||
# and to create a user within rabbitmq. To use this common task the
|
||||
# variables "vhost", "user", and "password" must be set.
|
||||
|
||||
- name: Ensure Rabbitmq vhost
|
||||
rabbitmq_vhost:
|
||||
name: "{{ vhost }}"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
|
||||
- name: Ensure rabbitmq user
|
||||
rabbitmq_user:
|
||||
user: "{{ user }}"
|
||||
password: "{{ password }}"
|
||||
vhost: "{{ vhost }}"
|
||||
configure_priv: ".*"
|
||||
read_priv: ".*"
|
||||
write_priv: ".*"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
@ -19,40 +19,11 @@
|
||||
gather_facts: "{{ gather_facts | default(True) }}"
|
||||
user: root
|
||||
tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=lxc-openstack"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
register: container_config
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
- name: Galera extra lxc config
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_command: |
|
||||
[[ ! -d "/var/lib/mysql" ]] && mkdir -p "/var/lib/mysql"
|
||||
container_config:
|
||||
- "lxc.mount.entry=/openstack/{{ container_name }} var/lib/mysql none bind 0 0"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
register: container_extra_config
|
||||
tags:
|
||||
- galera-mysql-dir
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: >
|
||||
(container_config is defined and container_config | changed) or
|
||||
(container_extra_config is defined and container_extra_config | changed)
|
||||
tags:
|
||||
- galera-ssh-wait
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
vars:
|
||||
list_of_bind_mounts:
|
||||
- bind_dir_path: "/var/lib/mysql"
|
||||
mount_path: "/openstack/{{ inventory_hostname }}"
|
||||
vars:
|
||||
is_metal: "{{ properties.is_metal|default(false) }}"
|
||||
tags:
|
||||
|
@ -19,31 +19,12 @@
|
||||
max_fail_percentage: 0
|
||||
user: root
|
||||
tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=lxc-openstack"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
register: container_config
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when:
|
||||
- container_config is defined
|
||||
- container_config | changed
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check | success
|
||||
retries: 3
|
||||
tags:
|
||||
- ssh-wait
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
- include: common-tasks/os-log-dir-setup.yml
|
||||
vars:
|
||||
log_dirs:
|
||||
- src: "/openstack/log/{{ inventory_hostname }}-haproxy"
|
||||
dest: "/var/log/haproxy"
|
||||
vars:
|
||||
is_metal: "{{ properties.is_metal|default(false) }}"
|
||||
tags:
|
||||
@ -73,26 +54,6 @@
|
||||
when: internal_lb_vip_address == external_lb_vip_address
|
||||
tags:
|
||||
- haproxy-service-config
|
||||
- name: Create log dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { path: "/openstack/log/{{ inventory_hostname }}-haproxy" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- haproxy-logs
|
||||
- name: Create log aggregation links
|
||||
file:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
state: "{{ item.state }}"
|
||||
force: "yes"
|
||||
with_items:
|
||||
- { src: "/openstack/log/{{ inventory_hostname }}-haproxy", dest: "/var/log/haproxy", state: "link" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- haproxy-logs
|
||||
- name: Remove legacy haproxy logging file
|
||||
file:
|
||||
dest: "/etc/rsyslog.d/haproxy.conf"
|
||||
|
@ -19,49 +19,12 @@
|
||||
max_fail_percentage: 20
|
||||
user: root
|
||||
pre_tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=lxc-openstack"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
register: container_config
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: container_config is defined and container_config | changed
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check | success
|
||||
retries: 3
|
||||
tags:
|
||||
- ssh-wait
|
||||
|
||||
- name: Create log dir
|
||||
file:
|
||||
path: "/openstack/log/{{ inventory_hostname }}-memcached"
|
||||
state: directory
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- memcached-logs
|
||||
- memcached-log-dirs
|
||||
|
||||
- name: Create log aggregation links
|
||||
file:
|
||||
src: "/openstack/log/{{ inventory_hostname }}-memcached"
|
||||
dest: "/var/log/memcached"
|
||||
state: "link"
|
||||
force: "yes"
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- memcached-logs
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
- include: common-tasks/os-log-dir-setup.yml
|
||||
vars:
|
||||
log_dirs:
|
||||
- src: "/openstack/log/{{ inventory_hostname }}-memcached"
|
||||
dest: "/var/log/memcached"
|
||||
roles:
|
||||
- { role: "memcached_server", tags: [ "memcached-server" ] }
|
||||
- role: "system_crontab_coordination"
|
||||
|
@ -19,107 +19,30 @@
|
||||
max_fail_percentage: 20
|
||||
user: root
|
||||
pre_tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=lxc-openstack"
|
||||
register: container_config
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: container_config is defined and container_config | changed
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check | success
|
||||
retries: 3
|
||||
tags:
|
||||
- ssh-wait
|
||||
- name: Sort the rabbitmq servers
|
||||
dist_sort:
|
||||
value_to_lookup: "{{ container_name }}"
|
||||
ref_list: "{{ groups['aodh_all'] }}"
|
||||
src_list: "{{ rabbitmq_servers }}"
|
||||
register: servers
|
||||
tags:
|
||||
- always
|
||||
- name: Set rabbitmq servers
|
||||
set_fact:
|
||||
rabbitmq_servers: "{{ servers.sorted_list }}"
|
||||
tags:
|
||||
- always
|
||||
- name: Create log dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { path: "/openstack/log/{{ inventory_hostname }}-aodh" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- aodh-logs
|
||||
- aodh-log-dirs
|
||||
- name: Ensure Rabbitmq vhost
|
||||
rabbitmq_vhost:
|
||||
name: "{{ aodh_rabbitmq_vhost }}"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
when:
|
||||
- inventory_hostname == groups['aodh_api'][0]
|
||||
- groups['rabbitmq_all']|length > 0
|
||||
tags:
|
||||
- aodh-rabbitmq
|
||||
- aodh-rabbitmq-vhost
|
||||
- name: Ensure rabbitmq user
|
||||
rabbitmq_user:
|
||||
- include: common-tasks/rabbitmq-servers-sort.yml
|
||||
vars:
|
||||
sort_group_name: "aodh_all"
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
- include: common-tasks/rabbitmq-vhost-user.yml
|
||||
vars:
|
||||
user: "{{ aodh_rabbitmq_userid }}"
|
||||
password: "{{ aodh_rabbitmq_password }}"
|
||||
vhost: "{{ aodh_rabbitmq_vhost }}"
|
||||
configure_priv: ".*"
|
||||
read_priv: ".*"
|
||||
write_priv: ".*"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
when:
|
||||
- inventory_hostname == groups['aodh_api'][0]
|
||||
- groups['rabbitmq_all']|length > 0
|
||||
tags:
|
||||
- aodh-rabbitmq
|
||||
- aodh-rabbitmq-user
|
||||
- name: Create DB for service
|
||||
mysql_db:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ aodh_galera_address }}"
|
||||
name: "{{ aodh_galera_database }}"
|
||||
state: "present"
|
||||
when: inventory_hostname == groups['aodh_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
- name: Grant access to the DB for the service
|
||||
mysql_user:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ aodh_galera_address }}"
|
||||
name: "{{ aodh_galera_user }}"
|
||||
- groups['rabbitmq_all'] | length > 0
|
||||
- include: common-tasks/os-log-dir-setup.yml
|
||||
vars:
|
||||
log_dirs:
|
||||
- src: "/openstack/log/{{ inventory_hostname }}-aodh"
|
||||
dest: "/var/log/aodh"
|
||||
- include: common-tasks/mysql-db-user.yml
|
||||
vars:
|
||||
user_name: "{{ aodh_galera_user }}"
|
||||
password: "{{ aodh_container_db_password }}"
|
||||
host: "{{ item }}"
|
||||
state: "present"
|
||||
priv: "{{ aodh_galera_database }}.*:ALL"
|
||||
login_host: "{{ aodh_galera_address }}"
|
||||
db_name: "{{ aodh_galera_database }}"
|
||||
when: inventory_hostname == groups['aodh_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
with_items:
|
||||
- "localhost"
|
||||
- "%"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
roles:
|
||||
- role: "os_aodh"
|
||||
aodh_venv_tag: "{{ openstack_release }}"
|
||||
|
@ -19,86 +19,23 @@
|
||||
max_fail_percentage: 20
|
||||
user: root
|
||||
pre_tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=lxc-openstack"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
register: container_config
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: container_config is defined and container_config | changed
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check | success
|
||||
retries: 3
|
||||
tags:
|
||||
- ssh-wait
|
||||
- name: Sort the rabbitmq servers
|
||||
dist_sort:
|
||||
value_to_lookup: "{{ container_name }}"
|
||||
ref_list: "{{ groups['ceilometer_all'] }}"
|
||||
src_list: "{{ rabbitmq_servers }}"
|
||||
register: servers
|
||||
- name: Set rabbitmq servers
|
||||
set_fact:
|
||||
rabbitmq_servers: "{{ servers.sorted_list }}"
|
||||
- name: Create log dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { path: "/openstack/log/{{ inventory_hostname }}-ceilometer" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- ceilometer-logs
|
||||
- ceilometer-log-dirs
|
||||
- name: Create log aggregation links
|
||||
file:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
state: "{{ item.state }}"
|
||||
force: "yes"
|
||||
with_items:
|
||||
- { src: "/openstack/log/{{ inventory_hostname }}-ceilometer", dest: "/var/log/ceilometer", state: "link" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- ceilometer-logs
|
||||
- name: Ensure Rabbitmq vhost
|
||||
rabbitmq_vhost:
|
||||
name: "{{ ceilometer_rabbitmq_vhost }}"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
when:
|
||||
- inventory_hostname == groups['ceilometer_api'][0]
|
||||
- groups['rabbitmq_all']|length > 0
|
||||
tags:
|
||||
- ceilometer-rabbitmq
|
||||
- ceilometer-rabbitmq-vhost
|
||||
- name: Ensure rabbitmq user
|
||||
rabbitmq_user:
|
||||
- include: common-tasks/rabbitmq-servers-sort.yml
|
||||
vars:
|
||||
sort_group_name: "ceilometer_all"
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
- include: common-tasks/rabbitmq-vhost-user.yml
|
||||
vars:
|
||||
user: "{{ ceilometer_rabbitmq_userid }}"
|
||||
password: "{{ ceilometer_rabbitmq_password }}"
|
||||
vhost: "{{ ceilometer_rabbitmq_vhost }}"
|
||||
configure_priv: ".*"
|
||||
read_priv: ".*"
|
||||
write_priv: ".*"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
when:
|
||||
- inventory_hostname == groups['ceilometer_api'][0]
|
||||
- groups['rabbitmq_all']|length > 0
|
||||
tags:
|
||||
- ceilometer-rabbitmq
|
||||
- ceilometer-rabbitmq-user
|
||||
- groups['rabbitmq_all'] | length > 0
|
||||
- include: common-tasks/os-log-dir-setup.yml
|
||||
vars:
|
||||
log_dirs:
|
||||
- src: "/openstack/log/{{ inventory_hostname }}-ceilometer"
|
||||
dest: "/var/log/ceilometer"
|
||||
roles:
|
||||
- role: "os_ceilometer"
|
||||
ceilometer_venv_tag: "{{ openstack_release }}"
|
||||
|
@ -19,18 +19,43 @@
|
||||
max_fail_percentage: 20
|
||||
user: root
|
||||
pre_tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=unconfined"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
register: container_config
|
||||
when: >
|
||||
not is_metal | bool and
|
||||
inventory_hostname in groups['cinder_volume']
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
- include: common-tasks/rabbitmq-servers-sort.yml
|
||||
vars:
|
||||
sort_group_name: "cinder_all"
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
vars:
|
||||
aa_profile: "unconfined"
|
||||
extra_container_config:
|
||||
- "lxc.autodev=0"
|
||||
- "lxc.cgroup.devices.allow=a *:* rmw"
|
||||
- "lxc.mount.entry=udev dev devtmpfs defaults 0 0"
|
||||
when:
|
||||
- inventory_hostname in groups['cinder_volume']
|
||||
- cinder_backend_lvm_inuse | bool
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
when:
|
||||
- inventory_hostname not in groups['cinder_volume']
|
||||
- include: common-tasks/rabbitmq-vhost-user.yml
|
||||
vars:
|
||||
user: "{{ cinder_rabbitmq_userid }}"
|
||||
password: "{{ cinder_rabbitmq_password }}"
|
||||
vhost: "{{ cinder_rabbitmq_vhost }}"
|
||||
when:
|
||||
- inventory_hostname == groups['cinder_all'][0]
|
||||
- groups['rabbitmq_all'] | length > 0
|
||||
- include: common-tasks/os-log-dir-setup.yml
|
||||
vars:
|
||||
log_dirs:
|
||||
- src: "/openstack/log/{{ inventory_hostname }}-cinder"
|
||||
dest: "/var/log/cinder"
|
||||
- include: common-tasks/mysql-db-user.yml
|
||||
vars:
|
||||
user_name: "{{ cinder_galera_user }}"
|
||||
password: "{{ cinder_container_mysql_password }}"
|
||||
login_host: "{{ cinder_galera_address }}"
|
||||
db_name: "{{ cinder_galera_database }}"
|
||||
when: inventory_hostname == groups['cinder_all'][0]
|
||||
|
||||
- name: Add volume group block device to cinder
|
||||
shell: |
|
||||
{% if item.value.volume_group is defined %}
|
||||
@ -43,135 +68,18 @@
|
||||
echo "{{ item.key }} volume_group not defined"
|
||||
{% endif %}
|
||||
with_dict: cinder_backends|default({})
|
||||
when: physical_host != container_name
|
||||
when:
|
||||
- physical_host != container_name
|
||||
- cinder_backend_lvm_inuse | bool
|
||||
delegate_to: "{{ physical_host }}"
|
||||
tags:
|
||||
- cinder-lxc-devices
|
||||
- name: Cinder volume extra lxc config
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.autodev=0"
|
||||
- "lxc.cgroup.devices.allow=a *:* rmw"
|
||||
- "lxc.mount.entry=udev dev devtmpfs defaults 0 0"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: >
|
||||
not is_metal | bool and
|
||||
inventory_hostname in groups['cinder_volume'] and
|
||||
cinder_backend_lvm_inuse
|
||||
tags:
|
||||
- cinder-container-setup
|
||||
register: lxc_config
|
||||
- name: udevadm trigger
|
||||
command: udevadm trigger
|
||||
tags:
|
||||
- cinder-container-setup
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: lxc_config is defined and lxc_config | changed
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: >
|
||||
(container_config is defined and container_config | changed) or
|
||||
(lxc_config is defined and lxc_config | changed)
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check|success
|
||||
retries: 3
|
||||
tags:
|
||||
- ssh-wait
|
||||
- name: Sort the rabbitmq servers
|
||||
dist_sort:
|
||||
value_to_lookup: "{{ container_name }}"
|
||||
ref_list: "{{ groups['cinder_all'] }}"
|
||||
src_list: "{{ rabbitmq_servers }}"
|
||||
register: servers
|
||||
tags:
|
||||
- always
|
||||
- name: Set rabbitmq servers
|
||||
set_fact:
|
||||
rabbitmq_servers: "{{ servers.sorted_list }}"
|
||||
tags:
|
||||
- always
|
||||
- name: Create log dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { path: "/openstack/log/{{ inventory_hostname }}-cinder" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- cinder-logs
|
||||
- cinder-log-dirs
|
||||
- name: Create log aggregation links
|
||||
file:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
state: "{{ item.state }}"
|
||||
force: "yes"
|
||||
with_items:
|
||||
- { src: "/openstack/log/{{ inventory_hostname }}-cinder", dest: "/var/log/cinder", state: "link" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- cinder-logs
|
||||
- name: Ensure Rabbitmq vhost
|
||||
rabbitmq_vhost:
|
||||
name: "{{ cinder_rabbitmq_vhost }}"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
when:
|
||||
- inventory_hostname == groups['cinder_all'][0]
|
||||
- groups['rabbitmq_all']|length > 0
|
||||
tags:
|
||||
- cinder-rabbitmq
|
||||
- cinder-rabbitmq-vhost
|
||||
- name: Ensure rabbitmq user
|
||||
rabbitmq_user:
|
||||
user: "{{ cinder_rabbitmq_userid }}"
|
||||
password: "{{ cinder_rabbitmq_password }}"
|
||||
vhost: "{{ cinder_rabbitmq_vhost }}"
|
||||
configure_priv: ".*"
|
||||
read_priv: ".*"
|
||||
write_priv: ".*"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
when:
|
||||
- inventory_hostname == groups['cinder_all'][0]
|
||||
- groups['rabbitmq_all']|length > 0
|
||||
tags:
|
||||
- cinder-rabbitmq
|
||||
- cinder-rabbitmq-user
|
||||
- name: Create DB for service
|
||||
mysql_db:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ cinder_galera_address }}"
|
||||
name: "{{ cinder_galera_database }}"
|
||||
state: "present"
|
||||
when: inventory_hostname == groups['cinder_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
- name: Grant access to the DB for the service
|
||||
mysql_user:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ cinder_galera_address }}"
|
||||
name: "{{ cinder_galera_user }}"
|
||||
password: "{{ cinder_container_mysql_password }}"
|
||||
host: "{{ item }}"
|
||||
state: "present"
|
||||
priv: "{{ cinder_galera_database }}.*:ALL"
|
||||
when: inventory_hostname == groups['cinder_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
with_items:
|
||||
- "localhost"
|
||||
- "%"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
when: cinder_backend_lvm_inuse | bool
|
||||
- name: Set cinder storage bridge (is_metal)
|
||||
set_fact:
|
||||
storage_bridge: "{{ 'ansible_' + hostvars[inventory_hostname]['container_networks']['storage_address']['bridge'] | replace('-', '_') }}"
|
||||
|
@ -19,135 +19,37 @@
|
||||
max_fail_percentage: 20
|
||||
user: root
|
||||
pre_tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=lxc-openstack"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
register: container_config
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
- name: Glance extra lxc config
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_command: |
|
||||
[[ ! -d "/var/lib/glance/images" ]] && mkdir -p "/var/lib/glance/images"
|
||||
container_config:
|
||||
- "lxc.mount.entry=/openstack/{{ container_name }} var/lib/glance/images none bind 0 0"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: >
|
||||
(not is_metal | bool) and
|
||||
(glance_default_store == "file") and
|
||||
(glance_nfs_client is not defined)
|
||||
register: container_extra_config
|
||||
tags:
|
||||
- glance-cache-dir
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: >
|
||||
(container_config is defined and container_config | changed) or
|
||||
(container_extra_config is defined and container_config | changed)
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check | success
|
||||
retries: 3
|
||||
tags:
|
||||
- ssh-wait
|
||||
- name: Sort the rabbitmq servers
|
||||
dist_sort:
|
||||
value_to_lookup: "{{ container_name }}"
|
||||
ref_list: "{{ groups['glance_all'] }}"
|
||||
src_list: "{{ rabbitmq_servers }}"
|
||||
register: servers
|
||||
tags:
|
||||
- always
|
||||
- name: Set rabbitmq servers
|
||||
set_fact:
|
||||
rabbitmq_servers: "{{ servers.sorted_list }}"
|
||||
tags:
|
||||
- always
|
||||
- name: Create log dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { path: "/openstack/log/{{ inventory_hostname }}-glance" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- glance-logs
|
||||
- glance-log-dirs
|
||||
- name: Create log aggregation links
|
||||
file:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
state: "{{ item.state }}"
|
||||
force: "yes"
|
||||
with_items:
|
||||
- { src: "/openstack/log/{{ inventory_hostname }}-glance", dest: "/var/log/glance", state: "link" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- glance-logs
|
||||
- name: Ensure Rabbitmq vhost
|
||||
rabbitmq_vhost:
|
||||
name: "{{ glance_rabbitmq_vhost }}"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
when:
|
||||
- inventory_hostname == groups['glance_all'][0]
|
||||
- groups['rabbitmq_all']|length > 0
|
||||
tags:
|
||||
- glance-rabbitmq
|
||||
- glance-rabbitmq-vhost
|
||||
- name: Ensure rabbitmq user
|
||||
rabbitmq_user:
|
||||
- include: common-tasks/rabbitmq-servers-sort.yml
|
||||
vars:
|
||||
sort_group_name: "glance_all"
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
vars:
|
||||
list_of_bind_mounts:
|
||||
- bind_dir_path: "/var/lib/glance/images"
|
||||
mount_path: "/openstack/{{ inventory_hostname }}"
|
||||
when: (glance_default_store == "file") and (glance_nfs_client is not defined)
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
when: (glance_default_store != "file") or (glance_nfs_client is defined)
|
||||
- include: common-tasks/rabbitmq-vhost-user.yml
|
||||
vars:
|
||||
user: "{{ glance_rabbitmq_userid }}"
|
||||
password: "{{ glance_rabbitmq_password }}"
|
||||
vhost: "{{ glance_rabbitmq_vhost }}"
|
||||
configure_priv: ".*"
|
||||
read_priv: ".*"
|
||||
write_priv: ".*"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
when:
|
||||
- inventory_hostname == groups['glance_all'][0]
|
||||
- groups['rabbitmq_all']|length > 0
|
||||
tags:
|
||||
- glance-rabbitmq
|
||||
- glance-rabbitmq-user
|
||||
- name: Create DB for service
|
||||
mysql_db:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ glance_galera_address }}"
|
||||
name: "{{ glance_galera_database }}"
|
||||
state: "present"
|
||||
when: inventory_hostname == groups['glance_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
- name: Grant access to the DB for the service
|
||||
mysql_user:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ glance_galera_address }}"
|
||||
name: "{{ glance_galera_user }}"
|
||||
- groups['rabbitmq_all'] | length > 0
|
||||
- include: common-tasks/os-log-dir-setup.yml
|
||||
vars:
|
||||
log_dirs:
|
||||
- src: "/openstack/log/{{ inventory_hostname }}-glance"
|
||||
dest: "/var/log/glance"
|
||||
- include: common-tasks/mysql-db-user.yml
|
||||
vars:
|
||||
user_name: "{{ glance_galera_user }}"
|
||||
password: "{{ glance_container_mysql_password }}"
|
||||
host: "{{ item }}"
|
||||
state: "present"
|
||||
priv: "{{ glance_galera_database }}.*:ALL"
|
||||
login_host: "{{ glance_galera_address }}"
|
||||
db_name: "{{ glance_galera_database }}"
|
||||
when: inventory_hostname == groups['glance_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
with_items:
|
||||
- "localhost"
|
||||
- "%"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
roles:
|
||||
- role: "os_glance"
|
||||
glance_venv_tag: "{{ openstack_release }}"
|
||||
|
@ -18,90 +18,26 @@
|
||||
max_fail_percentage: 20
|
||||
user: root
|
||||
pre_tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=lxc-openstack"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
register: container_config
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: container_config is defined and container_config | changed
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check | success
|
||||
retries: 3
|
||||
tags:
|
||||
- ssh-wait
|
||||
- name: Gnocchi extra lxc config
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_command: |
|
||||
[[ ! -d "/var/lib/gnocchi" ]] && mkdir -p "/var/lib/gnocchi"
|
||||
container_config:
|
||||
- "lxc.mount.entry=/openstack/{{ container_name }} var/lib/gnocchi none bind 0 0"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: >
|
||||
(not is_metal | bool) and gnocchi_storage_driver is not defined or
|
||||
(gnocchi_storage_driver == "file")
|
||||
register: container_extra_config
|
||||
tags:
|
||||
-gnocchi-storage-dir
|
||||
- name: Create log dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { path: "/openstack/log/{{ inventory_hostname }}-gnocchi" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- gnocchi-logs
|
||||
- gnocchi-log-dirs
|
||||
- name: Create log aggregation links
|
||||
file:
|
||||
src: "/openstack/log/{{ inventory_hostname }}-gnocchi"
|
||||
dest: "/var/log/gnocchi"
|
||||
state: "link"
|
||||
force: "yes"
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- gnocchi-logs
|
||||
- name: Create DB for service
|
||||
mysql_db:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
vars:
|
||||
list_of_bind_mounts:
|
||||
- bind_dir_path: "/var/lib/gnocchi"
|
||||
mount_path: "/openstack/{{ inventory_hostname }}"
|
||||
when: (gnocchi_storage_driver == "file") and (gnocchi_storage_driver is not defined)
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
when: (gnocchi_storage_driver != "file") or (gnocchi_storage_driver is defined)
|
||||
- include: common-tasks/os-log-dir-setup.yml
|
||||
vars:
|
||||
log_dirs:
|
||||
- src: "/openstack/log/{{ inventory_hostname }}-gnocchi"
|
||||
dest: "/var/log/gnocchi"
|
||||
- include: common-tasks/mysql-db-user.yml
|
||||
vars:
|
||||
user_name: "{{ gnocchi_galera_user }}"
|
||||
password: "{{ gnocchi_container_mysql_password }}"
|
||||
login_host: "{{ gnocchi_galera_address }}"
|
||||
name: "{{ gnocchi_galera_database }}"
|
||||
state: "present"
|
||||
db_name: "{{ gnocchi_galera_database }}"
|
||||
when: inventory_hostname == groups['gnocchi_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
- name: Grant access to the DB for the service
|
||||
mysql_user:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ gnocchi_galera_address }}"
|
||||
name: "{{ gnocchi_galera_user }}"
|
||||
password: "{{ gnocchi_galera_password }}"
|
||||
host: "{{ item }}"
|
||||
state: "present"
|
||||
priv: "{{ gnocchi_galera_database }}.*:ALL"
|
||||
when: inventory_hostname == groups['gnocchi_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
with_items:
|
||||
- "localhost"
|
||||
- "%"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
roles:
|
||||
- role: "os_gnocchi"
|
||||
gnocchi_venv_tag: "{{ openstack_release }}"
|
||||
|
@ -19,118 +19,30 @@
|
||||
max_fail_percentage: 20
|
||||
user: root
|
||||
pre_tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=lxc-openstack"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
register: container_config
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: container_config is defined and container_config | changed
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check | success
|
||||
retries: 3
|
||||
tags:
|
||||
- ssh-wait
|
||||
- name: Sort the rabbitmq servers
|
||||
dist_sort:
|
||||
value_to_lookup: "{{ container_name }}"
|
||||
ref_list: "{{ groups['heat_all'] }}"
|
||||
src_list: "{{ rabbitmq_servers }}"
|
||||
register: servers
|
||||
tags:
|
||||
- always
|
||||
- name: Set rabbitmq servers
|
||||
set_fact:
|
||||
rabbitmq_servers: "{{ servers.sorted_list }}"
|
||||
tags:
|
||||
- always
|
||||
- name: Create log dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { path: "/openstack/log/{{ inventory_hostname }}-heat" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- heat-logs
|
||||
- heat-log-dirs
|
||||
- name: Create log aggregation links
|
||||
file:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
state: "{{ item.state }}"
|
||||
force: "yes"
|
||||
with_items:
|
||||
- { src: "/openstack/log/{{ inventory_hostname }}-heat", dest: "/var/log/heat", state: "link" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- heat-logs
|
||||
- name: Ensure Rabbitmq vhost
|
||||
rabbitmq_vhost:
|
||||
name: "{{ heat_rabbitmq_vhost }}"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
when:
|
||||
- inventory_hostname == groups['heat_all'][0]
|
||||
- groups['rabbitmq_all']|length > 0
|
||||
tags:
|
||||
- heat-rabbitmq
|
||||
- heat-rabbitmq-vhost
|
||||
- name: Ensure rabbitmq user
|
||||
rabbitmq_user:
|
||||
- include: common-tasks/rabbitmq-servers-sort.yml
|
||||
vars:
|
||||
sort_group_name: "heat_all"
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
- include: common-tasks/rabbitmq-vhost-user.yml
|
||||
vars:
|
||||
user: "{{ heat_rabbitmq_userid }}"
|
||||
password: "{{ heat_rabbitmq_password }}"
|
||||
vhost: "{{ heat_rabbitmq_vhost }}"
|
||||
configure_priv: ".*"
|
||||
read_priv: ".*"
|
||||
write_priv: ".*"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
when:
|
||||
- inventory_hostname == groups['heat_all'][0]
|
||||
- groups['rabbitmq_all']|length > 0
|
||||
tags:
|
||||
- heat-rabbitmq
|
||||
- heat-rabbitmq-user
|
||||
- name: Create DB for service
|
||||
mysql_db:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ heat_galera_address }}"
|
||||
name: "{{ heat_galera_database }}"
|
||||
state: "present"
|
||||
when: inventory_hostname == groups['heat_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
- name: Grant access to the DB for the service
|
||||
mysql_user:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ heat_galera_address }}"
|
||||
name: "{{ heat_galera_user }}"
|
||||
- groups['rabbitmq_all'] | length > 0
|
||||
- include: common-tasks/os-log-dir-setup.yml
|
||||
vars:
|
||||
log_dirs:
|
||||
- src: "/openstack/log/{{ inventory_hostname }}-heat"
|
||||
dest: "/var/log/heat"
|
||||
- include: common-tasks/mysql-db-user.yml
|
||||
vars:
|
||||
user_name: "{{ heat_galera_user }}"
|
||||
password: "{{ heat_container_mysql_password }}"
|
||||
host: "{{ item }}"
|
||||
state: "present"
|
||||
priv: "{{ heat_galera_database }}.*:ALL"
|
||||
login_host: "{{ heat_galera_address }}"
|
||||
db_name: "{{ heat_galera_database }}"
|
||||
when: inventory_hostname == groups['heat_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
with_items:
|
||||
- "localhost"
|
||||
- "%"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
roles:
|
||||
- role: "os_heat"
|
||||
heat_venv_tag: "{{ openstack_release }}"
|
||||
|
@ -19,91 +19,22 @@
|
||||
max_fail_percentage: 20
|
||||
user: root
|
||||
pre_tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=lxc-openstack"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
register: container_config
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: container_config is defined and container_config | changed
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check | success
|
||||
retries: 3
|
||||
tags:
|
||||
- ssh-wait
|
||||
- name: Sort the rabbitmq servers
|
||||
dist_sort:
|
||||
value_to_lookup: "{{ container_name }}"
|
||||
ref_list: "{{ groups['horizon_all'] }}"
|
||||
src_list: "{{ rabbitmq_servers }}"
|
||||
register: servers
|
||||
tags:
|
||||
- always
|
||||
- name: Set rabbitmq servers
|
||||
set_fact:
|
||||
rabbitmq_servers: "{{ servers.sorted_list }}"
|
||||
tags:
|
||||
- always
|
||||
- name: Create log dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { path: "/openstack/log/{{ inventory_hostname }}-horizon" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- horizon-logs
|
||||
- horizon-log-dirs
|
||||
- name: Create log aggregation links
|
||||
file:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
state: "{{ item.state }}"
|
||||
force: "yes"
|
||||
with_items:
|
||||
- { src: "/openstack/log/{{ inventory_hostname }}-horizon", dest: "/var/log/horizon", state: "link" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- horizon-logs
|
||||
- name: Create DB for service
|
||||
mysql_db:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ horizon_galera_address }}"
|
||||
name: "{{ horizon_galera_database }}"
|
||||
state: "present"
|
||||
when: inventory_hostname == groups['horizon_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
- name: Grant access to the DB for the service
|
||||
mysql_user:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ horizon_galera_address }}"
|
||||
name: "{{ horizon_galera_user }}"
|
||||
- include: common-tasks/rabbitmq-servers-sort.yml
|
||||
vars:
|
||||
sort_group_name: "horizon_all"
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
- include: common-tasks/os-log-dir-setup.yml
|
||||
vars:
|
||||
log_dirs:
|
||||
- src: "/openstack/log/{{ inventory_hostname }}-horizon"
|
||||
dest: "/var/log/horizon"
|
||||
- include: common-tasks/mysql-db-user.yml
|
||||
vars:
|
||||
user_name: "{{ horizon_galera_user }}"
|
||||
password: "{{ horizon_container_mysql_password }}"
|
||||
host: "{{ item }}"
|
||||
state: "present"
|
||||
priv: "{{ horizon_galera_database }}.*:ALL"
|
||||
login_host: "{{ horizon_galera_address }}"
|
||||
db_name: "{{ horizon_galera_database }}"
|
||||
when: inventory_hostname == groups['horizon_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
with_items:
|
||||
- "localhost"
|
||||
- "%"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
roles:
|
||||
- role: "os_horizon"
|
||||
horizon_server_name: "{{ container_name }}"
|
||||
|
@ -18,95 +18,25 @@
|
||||
gather_facts: "{{ gather_facts | default(True) }}"
|
||||
user: root
|
||||
pre_tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=lxc-openstack"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
register: container_config
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: container_config is defined and container_config | changed
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check | success
|
||||
retries: 3
|
||||
tags:
|
||||
- ssh-wait
|
||||
- name: Ensure Rabbitmq vhost for Ironic
|
||||
rabbitmq_vhost:
|
||||
name: "{{ ironic_rabbitmq_vhost }}"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
run_once: true
|
||||
tags:
|
||||
- ironic-rabbitmq
|
||||
- ironic-rabbitmq-vhost
|
||||
- name: Ensure rabbitmq user for Ironic
|
||||
rabbitmq_user:
|
||||
- include: common-tasks/rabbitmq-servers-sort.yml
|
||||
vars:
|
||||
sort_group_name: "ironic_all"
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
- include: common-tasks/rabbitmq-vhost-user.yml
|
||||
vars:
|
||||
user: "{{ ironic_rabbitmq_userid }}"
|
||||
password: "{{ ironic_rabbitmq_password }}"
|
||||
vhost: "{{ ironic_rabbitmq_vhost }}"
|
||||
configure_priv: ".*"
|
||||
read_priv: ".*"
|
||||
write_priv: ".*"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
run_once: true
|
||||
tags:
|
||||
- ironic-rabbitmq
|
||||
- ironic-rabbitmq-user
|
||||
- name: Create DB for Ironic
|
||||
mysql_db:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
when:
|
||||
- inventory_hostname == groups['ironic_all'][0]
|
||||
- groups['rabbitmq_all'] | length > 0
|
||||
- include: common-tasks/mysql-db-user.yml
|
||||
vars:
|
||||
user_name: "{{ ironic_galera_user }}"
|
||||
password: "{{ ironic_container_mysql_password }}"
|
||||
login_host: "{{ ironic_galera_address }}"
|
||||
name: "{{ ironic_galera_database }}"
|
||||
state: "present"
|
||||
db_name: "{{ ironic_galera_database }}"
|
||||
when: inventory_hostname == groups['ironic_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
run_once: true
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
- name: Grant access to the DB for Ironic
|
||||
mysql_user:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ ironic_galera_address }}"
|
||||
name: "{{ ironic_galera_user }}"
|
||||
password: "{{ ironic_galera_password }}"
|
||||
host: "{{ item }}"
|
||||
state: "present"
|
||||
priv: "{{ ironic_galera_database }}.*:ALL"
|
||||
when: inventory_hostname == groups['ironic_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
with_items:
|
||||
- "localhost"
|
||||
- "%"
|
||||
run_once: true
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
- name: Sort the rabbitmq servers
|
||||
dist_sort:
|
||||
value_to_lookup: "{{ container_name }}"
|
||||
ref_list: "{{ groups['ironic_all'] }}"
|
||||
src_list: "{{ rabbitmq_servers }}"
|
||||
register: servers
|
||||
tags:
|
||||
- always
|
||||
- name: Set rabbitmq servers
|
||||
set_fact:
|
||||
rabbitmq_servers: "{{ servers.sorted_list }}"
|
||||
tags:
|
||||
- always
|
||||
roles:
|
||||
- role: "os_ironic"
|
||||
ironic_venv_tag: "{{ openstack_release }}"
|
||||
|
@ -19,63 +19,31 @@
|
||||
max_fail_percentage: 20
|
||||
user: root
|
||||
pre_tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=lxc-openstack"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
register: container_config
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: container_config is defined and container_config | changed
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check | success
|
||||
retries: 3
|
||||
tags:
|
||||
- ssh-wait
|
||||
- name: Sort the rabbitmq servers
|
||||
dist_sort:
|
||||
value_to_lookup: "{{ container_name }}"
|
||||
ref_list: "{{ groups['keystone_all'] }}"
|
||||
src_list: "{{ rabbitmq_servers }}"
|
||||
register: servers
|
||||
tags:
|
||||
- always
|
||||
- name: Set rabbitmq servers
|
||||
set_fact:
|
||||
rabbitmq_servers: "{{ servers.sorted_list }}"
|
||||
tags:
|
||||
- always
|
||||
- name: Create log dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { path: "/openstack/log/{{ inventory_hostname }}-keystone" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- keystone-logs
|
||||
- keystone-log-dirs
|
||||
- name: Create log aggregation links
|
||||
file:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
state: "{{ item.state }}"
|
||||
force: "yes"
|
||||
with_items:
|
||||
- { src: "/openstack/log/{{ inventory_hostname }}-keystone", dest: "/var/log/keystone", state: "link" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- keystone-logs
|
||||
- include: common-tasks/rabbitmq-servers-sort.yml
|
||||
vars:
|
||||
sort_group_name: "keystone_all"
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
- include: common-tasks/rabbitmq-vhost-user.yml
|
||||
vars:
|
||||
user: "{{ keystone_rabbitmq_userid }}"
|
||||
password: "{{ keystone_rabbitmq_password }}"
|
||||
vhost: "{{ keystone_rabbitmq_vhost }}"
|
||||
when:
|
||||
- inventory_hostname == groups['keystone_all'][0]
|
||||
- groups['rabbitmq_all'] | length > 0
|
||||
- include: common-tasks/os-log-dir-setup.yml
|
||||
vars:
|
||||
log_dirs:
|
||||
- src: "/openstack/log/{{ inventory_hostname }}-keystone"
|
||||
dest: "/var/log/keystone"
|
||||
- include: common-tasks/mysql-db-user.yml
|
||||
vars:
|
||||
user_name: "{{ keystone_galera_user }}"
|
||||
password: "{{ keystone_container_mysql_password }}"
|
||||
login_host: "{{ keystone_galera_address }}"
|
||||
db_name: "{{ keystone_galera_database }}"
|
||||
when: inventory_hostname == groups['keystone_all'][0]
|
||||
|
||||
# todo(cloudnull): this task is being run only if/when keystone is installed on a physical host.
|
||||
# This is not being run within a container because it is an unsupported action due to this
|
||||
# issue: (https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1279041)
|
||||
@ -93,61 +61,6 @@
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- keystone-reserved-port
|
||||
- name: Ensure Rabbitmq vhost
|
||||
rabbitmq_vhost:
|
||||
name: "{{ keystone_rabbitmq_vhost }}"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
when:
|
||||
- inventory_hostname == groups['keystone_all'][0]
|
||||
- groups['rabbitmq_all']|length > 0
|
||||
tags:
|
||||
- keystone-rabbitmq
|
||||
- keystone-rabbitmq-vhost
|
||||
- name: Ensure rabbitmq user
|
||||
rabbitmq_user:
|
||||
user: "{{ keystone_rabbitmq_userid }}"
|
||||
password: "{{ keystone_rabbitmq_password }}"
|
||||
vhost: "{{ keystone_rabbitmq_vhost }}"
|
||||
configure_priv: ".*"
|
||||
read_priv: ".*"
|
||||
write_priv: ".*"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
when:
|
||||
- inventory_hostname == groups['keystone_all'][0]
|
||||
- groups['rabbitmq_all']|length > 0
|
||||
tags:
|
||||
- keystone-rabbitmq
|
||||
- keystone-rabbitmq-user
|
||||
- name: Keystone create DB for service
|
||||
mysql_db:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ keystone_galera_address }}"
|
||||
name: "{{ keystone_galera_database }}"
|
||||
state: "present"
|
||||
when: inventory_hostname == groups['keystone_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
- name: Keystone grant access to the DB for the service
|
||||
mysql_user:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ keystone_galera_address }}"
|
||||
name: "{{ keystone_galera_user }}"
|
||||
password: "{{ keystone_container_mysql_password }}"
|
||||
host: "{{ item }}"
|
||||
state: "present"
|
||||
priv: "{{ keystone_galera_database }}.*:ALL"
|
||||
with_items:
|
||||
- "localhost"
|
||||
- "%"
|
||||
when: inventory_hostname == groups['keystone_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
roles:
|
||||
- role: "os_keystone"
|
||||
keystone_venv_tag: "{{ openstack_release }}"
|
||||
|
@ -19,137 +19,41 @@
|
||||
max_fail_percentage: 20
|
||||
user: root
|
||||
pre_tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=unconfined"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: >
|
||||
not is_metal | bool and
|
||||
inventory_hostname in groups['neutron_agent']
|
||||
register: container_config
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
- name: Neutron extra lxc config
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_command: |
|
||||
[[ ! -d "/lib/modules" ]] && mkdir -p "/lib/modules"
|
||||
container_config:
|
||||
- include: common-tasks/rabbitmq-servers-sort.yml
|
||||
vars:
|
||||
sort_group_name: "neutron_all"
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
vars:
|
||||
aa_profile: "unconfined"
|
||||
list_of_bind_mounts:
|
||||
- bind_dir_path: "/lib/modules"
|
||||
mount_path: "/lib/modules"
|
||||
extra_container_config:
|
||||
- "lxc.cgroup.devices.allow=a *:* rmw"
|
||||
- "lxc.mount.entry=/lib/modules lib/modules none bind 0 0"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: >
|
||||
not is_metal | bool and
|
||||
inventory_hostname in groups['neutron_agent']
|
||||
register: container_extra_config
|
||||
tags:
|
||||
- neutron-container-setup
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: >
|
||||
(container_config is defined and container_config | changed) or
|
||||
(container_extra_config is defined and container_extra_config | changed)
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check | success
|
||||
retries: 3
|
||||
tags:
|
||||
- ssh-wait
|
||||
- name: Sort the rabbitmq servers
|
||||
dist_sort:
|
||||
value_to_lookup: "{{ container_name }}"
|
||||
ref_list: "{{ groups['neutron_all'] }}"
|
||||
src_list: "{{ neutron_rabbitmq_servers }}"
|
||||
register: servers
|
||||
tags:
|
||||
- always
|
||||
- name: Set rabbitmq servers
|
||||
set_fact:
|
||||
rabbitmq_servers: "{{ servers.sorted_list }}"
|
||||
tags:
|
||||
- always
|
||||
- name: Create log dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { path: "/openstack/log/{{ inventory_hostname }}-neutron" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- neutron-logs
|
||||
- neutron-log-dirs
|
||||
- name: Create log aggregation links
|
||||
file:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
state: "{{ item.state }}"
|
||||
force: "yes"
|
||||
with_items:
|
||||
- { src: "/openstack/log/{{ inventory_hostname }}-neutron", dest: "/var/log/neutron", state: "link" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- neutron-logs
|
||||
- name: Ensure Rabbitmq vhost
|
||||
rabbitmq_vhost:
|
||||
name: "{{ neutron_rabbitmq_vhost }}"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
when:
|
||||
- inventory_hostname == groups['neutron_all'][0]
|
||||
- groups['rabbitmq_all']|length > 0
|
||||
tags:
|
||||
- neutron-rabbitmq
|
||||
- neutron-rabbitmq-vhost
|
||||
- name: Ensure rabbitmq user
|
||||
rabbitmq_user:
|
||||
when: inventory_hostname in groups['neutron_agent']
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
when: inventory_hostname not in groups['neutron_agent']
|
||||
- include: common-tasks/rabbitmq-vhost-user.yml
|
||||
vars:
|
||||
user: "{{ neutron_rabbitmq_userid }}"
|
||||
password: "{{ neutron_rabbitmq_password }}"
|
||||
vhost: "{{ neutron_rabbitmq_vhost }}"
|
||||
configure_priv: ".*"
|
||||
read_priv: ".*"
|
||||
write_priv: ".*"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
when:
|
||||
- inventory_hostname == groups['neutron_all'][0]
|
||||
- groups['rabbitmq_all']|length > 0
|
||||
tags:
|
||||
- neutron-rabbitmq
|
||||
- neutron-rabbitmq-user
|
||||
- name: Create DB for service
|
||||
mysql_db:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ neutron_galera_address }}"
|
||||
name: "{{ neutron_galera_database }}"
|
||||
state: "present"
|
||||
when: inventory_hostname == groups['neutron_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
- name: Grant access to the DB for the service
|
||||
mysql_user:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ neutron_galera_address }}"
|
||||
name: "{{ neutron_galera_user }}"
|
||||
- groups['rabbitmq_all'] | length > 0
|
||||
- include: common-tasks/os-log-dir-setup.yml
|
||||
vars:
|
||||
log_dirs:
|
||||
- src: "/openstack/log/{{ inventory_hostname }}-neutron"
|
||||
dest: "/var/log/neutron"
|
||||
- include: common-tasks/mysql-db-user.yml
|
||||
vars:
|
||||
user_name: "{{ neutron_galera_user }}"
|
||||
password: "{{ neutron_container_mysql_password }}"
|
||||
host: "{{ item }}"
|
||||
state: "present"
|
||||
priv: "{{ neutron_galera_database }}.*:ALL"
|
||||
login_host: "{{ neutron_galera_address }}"
|
||||
db_name: "{{ neutron_galera_database }}"
|
||||
when: inventory_hostname == groups['neutron_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
with_items:
|
||||
- "localhost"
|
||||
- "%"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
|
||||
- name: Create the neutron provider networks facts
|
||||
provider_networks:
|
||||
provider_networks: "{{ provider_networks }}"
|
||||
|
@ -19,42 +19,38 @@
|
||||
max_fail_percentage: 20
|
||||
user: root
|
||||
pre_tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=lxc-openstack"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
register: container_config
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: container_config is defined and container_config | changed
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check | success
|
||||
retries: 3
|
||||
tags:
|
||||
- ssh-wait
|
||||
- name: Sort the rabbitmq servers
|
||||
dist_sort:
|
||||
value_to_lookup: "{{ container_name }}"
|
||||
ref_list: "{{ groups['nova_all'] }}"
|
||||
src_list: "{{ rabbitmq_servers }}"
|
||||
register: servers
|
||||
tags:
|
||||
- always
|
||||
- name: Set rabbitmq servers
|
||||
set_fact:
|
||||
rabbitmq_servers: "{{ servers.sorted_list }}"
|
||||
tags:
|
||||
- always
|
||||
- include: common-tasks/rabbitmq-servers-sort.yml
|
||||
vars:
|
||||
sort_group_name: "nova_all"
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
- include: common-tasks/rabbitmq-vhost-user.yml
|
||||
vars:
|
||||
user: "{{ nova_rabbitmq_userid }}"
|
||||
password: "{{ nova_rabbitmq_password }}"
|
||||
vhost: "{{ nova_rabbitmq_vhost }}"
|
||||
when:
|
||||
- inventory_hostname == groups['nova_all'][0]
|
||||
- groups['rabbitmq_all'] | length > 0
|
||||
- include: common-tasks/os-log-dir-setup.yml
|
||||
vars:
|
||||
log_dirs:
|
||||
- src: "/openstack/log/{{ inventory_hostname }}-nova"
|
||||
dest: "/var/log/nova"
|
||||
- include: common-tasks/mysql-db-user.yml
|
||||
vars:
|
||||
user_name: "{{ nova_galera_user }}"
|
||||
password: "{{ nova_container_mysql_password }}"
|
||||
login_host: "{{ nova_galera_address }}"
|
||||
db_name: "{{ nova_galera_database }}"
|
||||
when: inventory_hostname == groups['nova_all'][0]
|
||||
- include: common-tasks/mysql-db-user.yml
|
||||
vars:
|
||||
user_name: "{{ nova_api_galera_user }}"
|
||||
password: "{{ nova_api_container_mysql_password }}"
|
||||
login_host: "{{ nova_api_galera_address }}"
|
||||
db_name: "{{ nova_api_galera_database }}"
|
||||
when: inventory_hostname == groups['nova_all'][0]
|
||||
|
||||
- name: Add nbd devices to the compute
|
||||
shell: |
|
||||
for i in /dev/nbd*;do
|
||||
@ -107,110 +103,6 @@
|
||||
tags:
|
||||
- nova-kvm
|
||||
- nova-kvm-container-devices
|
||||
- name: Create log dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { path: "/openstack/log/{{ inventory_hostname }}-nova" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- nova-logs
|
||||
- nova-log-dirs
|
||||
- name: Create log aggregation links
|
||||
file:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
state: "{{ item.state }}"
|
||||
force: "yes"
|
||||
with_items:
|
||||
- { src: "/openstack/log/{{ inventory_hostname }}-nova", dest: "/var/log/nova", state: "link" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- nova-logs
|
||||
- name: Ensure Rabbitmq vhost
|
||||
rabbitmq_vhost:
|
||||
name: "{{ nova_rabbitmq_vhost }}"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
when:
|
||||
- inventory_hostname == groups['nova_all'][0]
|
||||
- groups['rabbitmq_all']|length > 0
|
||||
tags:
|
||||
- nova-rabbitmq
|
||||
- nova-rabbitmq-vhost
|
||||
- name: Ensure rabbitmq user
|
||||
rabbitmq_user:
|
||||
user: "{{ nova_rabbitmq_userid }}"
|
||||
password: "{{ nova_rabbitmq_password }}"
|
||||
vhost: "{{ nova_rabbitmq_vhost }}"
|
||||
configure_priv: ".*"
|
||||
read_priv: ".*"
|
||||
write_priv: ".*"
|
||||
state: "present"
|
||||
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
|
||||
when:
|
||||
- inventory_hostname == groups['nova_all'][0]
|
||||
- groups['rabbitmq_all']|length > 0
|
||||
tags:
|
||||
- nova-rabbitmq
|
||||
- nova-rabbitmq-user
|
||||
- name: Create DB for service
|
||||
mysql_db:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ nova_galera_address }}"
|
||||
name: "{{ nova_galera_database }}"
|
||||
state: "present"
|
||||
when: inventory_hostname == groups['nova_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
- name: Grant access to the DB for the service
|
||||
mysql_user:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ nova_galera_address }}"
|
||||
name: "{{ nova_galera_user }}"
|
||||
password: "{{ nova_container_mysql_password }}"
|
||||
host: "{{ item }}"
|
||||
state: "present"
|
||||
priv: "{{ nova_galera_database }}.*:ALL"
|
||||
when: inventory_hostname == groups['nova_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
with_items:
|
||||
- "localhost"
|
||||
- "%"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
- name: Create API DB for service
|
||||
mysql_db:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ nova_api_galera_address }}"
|
||||
name: "{{ nova_api_galera_database }}"
|
||||
state: "present"
|
||||
when: inventory_hostname == groups['nova_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
- name: Grant access to the API DB for the service
|
||||
mysql_user:
|
||||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "{{ nova_api_galera_address }}"
|
||||
name: "{{ nova_api_galera_user }}"
|
||||
password: "{{ nova_api_container_mysql_password }}"
|
||||
host: "{{ item }}"
|
||||
state: "present"
|
||||
priv: "{{ nova_api_galera_database }}.*:ALL"
|
||||
when: inventory_hostname == groups['nova_all'][0]
|
||||
delegate_to: "{{ groups['galera_all'][0] }}"
|
||||
with_items:
|
||||
- "localhost"
|
||||
- "%"
|
||||
tags:
|
||||
- mysql-db-setup
|
||||
- name: Set nova management bridge (is_metal)
|
||||
set_fact:
|
||||
management_bridge: "{{ 'ansible_' + hostvars[inventory_hostname]['management_bridge'] | replace('-', '_') }}"
|
||||
|
@ -19,64 +19,15 @@
|
||||
max_fail_percentage: 20
|
||||
user: root
|
||||
pre_tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=lxc-openstack"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when:
|
||||
- inventory_hostname in groups['swift_all']
|
||||
- not is_metal | bool
|
||||
register: container_config
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when:
|
||||
- inventory_hostname in groups['swift_all']
|
||||
- container_config is defined and container_config | changed
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check | success
|
||||
retries: 3
|
||||
tags:
|
||||
- ssh-wait
|
||||
- name: Create log dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { path: "/openstack/log/{{ inventory_hostname }}-swift" }
|
||||
when:
|
||||
- inventory_hostname in groups['swift_all']
|
||||
- is_metal | bool
|
||||
tags:
|
||||
- swift-logs
|
||||
- swift-log-dirs
|
||||
- name: Create log aggregation links
|
||||
file:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
state: "{{ item.state }}"
|
||||
owner: "{{ item.owner }}"
|
||||
group: "{{ item.group }}"
|
||||
force: "yes"
|
||||
with_items:
|
||||
- src: "/openstack/log/{{ inventory_hostname }}-swift"
|
||||
dest: "/var/log/swift"
|
||||
owner: "syslog"
|
||||
group: "syslog"
|
||||
state: "link"
|
||||
when:
|
||||
- inventory_hostname in groups['swift_all']
|
||||
- is_metal | bool
|
||||
tags:
|
||||
- swift-logs
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
- include: common-tasks/os-log-dir-setup.yml
|
||||
vars:
|
||||
log_dirs:
|
||||
- src: "/openstack/log/{{ inventory_hostname }}-swift"
|
||||
dest: "/var/log/swift"
|
||||
owner: "syslog"
|
||||
group: "syslog"
|
||||
|
||||
- name: Set swift storage bridge (is_metal)
|
||||
set_fact:
|
||||
storage_bridge: "{{ 'ansible_' + swift.storage_network | replace('-', '_') }}"
|
||||
|
@ -19,29 +19,7 @@
|
||||
max_fail_percentage: 0
|
||||
user: root
|
||||
pre_tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=lxc-openstack"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
register: container_config
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: container_config is defined and container_config | changed
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check | success
|
||||
retries: 3
|
||||
tags:
|
||||
- ssh-wait
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
roles:
|
||||
- role: "pip_install"
|
||||
pip_lock_to_internal_repo: "{{ (pip_links | length) >= 1 }}"
|
||||
|
@ -19,43 +19,11 @@
|
||||
max_fail_percentage: 20
|
||||
user: root
|
||||
pre_tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=lxc-openstack"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
register: container_config
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
- name: Package repo extra lxc config
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_command: |
|
||||
[[ ! -d "/var/www" ]] && mkdir -p "/var/www"
|
||||
container_config:
|
||||
- "lxc.mount.entry=/openstack/{{ container_name }} var/www none bind 0 0"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
register: container_extra_config
|
||||
tags:
|
||||
- repo-dirs
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: >
|
||||
(container_config is defined and container_config | changed) or
|
||||
(container_extra_config is defined and container_extra_config | changed)
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check | success
|
||||
retries: 3
|
||||
tags:
|
||||
- ssh-wait
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
vars:
|
||||
list_of_bind_mounts:
|
||||
- bind_dir_path: "/var/www"
|
||||
mount_path: "/openstack/{{ inventory_hostname }}"
|
||||
roles:
|
||||
- { role: "repo_server", tags: [ "repo-server" ] }
|
||||
- role: "rsyslog_client"
|
||||
|
@ -19,52 +19,11 @@
|
||||
max_fail_percentage: 20
|
||||
user: root
|
||||
pre_tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=lxc-openstack"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
register: container_config
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
- name: Ensure log storage directory exists
|
||||
file:
|
||||
path: "/openstack/{{ container_name }}/log-storage"
|
||||
state: "directory"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
tags:
|
||||
- rsyslog-storage-dirs
|
||||
- name: Rsyslog server extra lxc config
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_command: |
|
||||
[[ ! -d "{{ storage_directory }}" ]] && mkdir -p "{{ storage_directory }}"
|
||||
container_config:
|
||||
- "lxc.mount.entry=/openstack/{{ container_name }}/log-storage {{ storage_directory.lstrip('/') }} none bind 0 0"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
register: container_extra_config
|
||||
tags:
|
||||
- rsyslog-storage-dirs
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: >
|
||||
(container_config is defined and container_config | changed) or
|
||||
(container_extra_config is defined and container_extra_config | changed)
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check | success
|
||||
retries: 3
|
||||
tags:
|
||||
- ssh-wait
|
||||
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
vars:
|
||||
list_of_bind_mounts:
|
||||
- bind_dir_path: "{{ storage_directory }}"
|
||||
mount_path: "/openstack/{{ inventory_hostname }}/log-storage"
|
||||
roles:
|
||||
- { role: "rsyslog_server", tags: [ "rsyslog-server" ] }
|
||||
- role: "system_crontab_coordination"
|
||||
|
@ -18,51 +18,14 @@
|
||||
max_fail_percentage: 20
|
||||
user: root
|
||||
pre_tasks:
|
||||
- name: Use the lxc-openstack aa profile
|
||||
lxc_container:
|
||||
name: "{{ container_name }}"
|
||||
container_config:
|
||||
- "lxc.aa_profile=lxc-openstack"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: not is_metal | bool
|
||||
register: container_config
|
||||
tags:
|
||||
- lxc-aa-profile
|
||||
- name: Wait for container ssh
|
||||
wait_for:
|
||||
port: "22"
|
||||
delay: "{{ ssh_delay }}"
|
||||
search_regex: "OpenSSH"
|
||||
host: "{{ ansible_ssh_host }}"
|
||||
delegate_to: "{{ physical_host }}"
|
||||
when: container_config is defined and container_config | changed
|
||||
register: ssh_wait_check
|
||||
until: ssh_wait_check | success
|
||||
retries: 3
|
||||
tags:
|
||||
- ssh-wait
|
||||
- name: Create log dir
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { path: "/openstack/log/{{ inventory_hostname }}-utility" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- utility-logs
|
||||
- utility-log-dirs
|
||||
- name: Create log aggregation links
|
||||
file:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
state: "{{ item.state }}"
|
||||
force: "yes"
|
||||
with_items:
|
||||
- { src: "/openstack/log/{{ inventory_hostname }}-utility", dest: "/var/log/utility", state: "link" }
|
||||
when: is_metal | bool
|
||||
tags:
|
||||
- utility-logs
|
||||
- name: Create log directory
|
||||
- include: common-tasks/os-lxc-container-setup.yml
|
||||
- include: common-tasks/os-log-dir-setup.yml
|
||||
vars:
|
||||
log_dirs:
|
||||
- src: "/openstack/log/{{ inventory_hostname }}-utility"
|
||||
dest: "/var/log/utility"
|
||||
|
||||
- name: Create log directory (not is_metal)
|
||||
file:
|
||||
dest: "/var/log/utility"
|
||||
state: "directory"
|
||||
|
Loading…
x
Reference in New Issue
Block a user