Merge "Cleanup/standardize common tasks"

This commit is contained in:
Jenkins 2016-07-22 05:12:01 +00:00 committed by Gerrit Code Review
commit 71ba5256c6
24 changed files with 522 additions and 1484 deletions

View File

@ -0,0 +1,36 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ login_host }}"
name: "{{ db_name }}"
state: "present"
delegate_to: "{{ groups['galera_all'][0] }}"
- name: Grant access to the DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ login_host }}"
name: "{{ user_name }}"
password: "{{ password }}"
host: "{{ item }}"
state: "present"
priv: "{{ db_name }}.*:ALL"
delegate_to: "{{ groups['galera_all'][0] }}"
with_items: "{{ grant_list | default(['localhost', '%']) }}"

View File

@ -0,0 +1,42 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Usage:
# This common task is used to create log directories and links
# if the "log_dirs" list is passed. "log_dirs" must be used
# containing at least one dictionary with the keys "dest" and
# "src". Optionally the "owner" and "group" can be provided as well.
# * dest = destination
# * src = source
# * owner = user
# * group = group
- name: Create log dir
file:
path: "{{ item.src }}"
state: directory
with_items: "{{ log_dirs }}"
when: is_metal | bool
- name: Create log aggregation links
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner|default(omit) }}"
group: "{{ item.group|default(omit) }}"
state: "link"
force: "yes"
with_items: "{{ log_dirs }}"
when: is_metal | bool

View File

@ -0,0 +1,89 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Usage:
# This common task will update lxc containers to use the lxc-openstack
# app-armor profile by default however this profile can be changed as needed.
# This will also load in a list of bind mounts for a given container. To load
# in a list of bind mounts the variable, "list_of_bind_mounts" must be used
# containing at least one dictionary with the keys "bind_dir_path",
# "relative_bind_dir_path", and "mount_path".
# * bind_dir_path = Container path used in a bind mount
# * mount_path = Local path on the physical host used for a bind mount
# If extra container configurations are desirable set the
# "extra_container_config" list to strings containing the options needed.
- name: Set the LXC app-armor profile
lxc_container:
name: "{{ inventory_hostname }}"
container_config:
- "lxc.aa_profile={{ aa_profile | default('lxc-openstack') }}"
delegate_to: "{{ physical_host }}"
when:
- not is_metal | bool
register: _cp
- name: Ensure mount directories exists
file:
path: "{{ item['mount_path'] }}"
state: "directory"
with_items: "{{ list_of_bind_mounts | default([]) }}"
delegate_to: "{{ physical_host }}"
when:
- list_of_bind_mounts is defined
- not is_metal | bool
- name: LXC Directory bind mount
lxc_container:
name: "{{ inventory_hostname }}"
container_command: |
[[ ! -d "{{ item['bind_dir_path'] }}" ]] && mkdir -p "{{ item['bind_dir_path'] }}"
container_config:
- "lxc.mount.entry={{ item['mount_path'] }} {{ item['bind_dir_path'].lstrip('/') }} none bind 0 0"
with_items: "{{ list_of_bind_mounts | default([]) }}"
delegate_to: "{{ physical_host }}"
register: _bm
when:
- list_of_bind_mounts is defined
- not is_metal | bool
- name: Extra lxc config
lxc_container:
name: "{{ inventory_hostname }}"
container_config: "{{ extra_container_config }}"
delegate_to: "{{ physical_host }}"
when:
- extra_container_config is defined
- not is_metal | bool
register: _ec
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when:
- >
(_cp is defined and _cp | changed) or
(_bm is defined and _bm | changed) or
(_ec is defined and _ec | changed)
- not is_metal | bool
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3

View File

@ -0,0 +1,33 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Usage:
# To use this common task the variable "sort_group_name" needs to be set
# This common task will set a fact for "rabbitmq_servers" upon completion.
- name: Sort the rabbitmq servers
dist_sort:
value_to_lookup: "{{ container_name }}"
ref_list: "{{ groups[sort_group_name] }}"
src_list: "{{ rabbitmq_servers }}"
register: servers
tags:
- always
- name: Set rabbitmq servers
set_fact:
rabbitmq_servers: "{{ servers.sorted_list }}"
tags:
- always

View File

@ -0,0 +1,36 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Usage:
# To use this common task to create rabbitmq virtual hosts if needed
# and to create a user within rabbitmq. To use this common task the
# variables "vhost", "user", and "password" must be set.
- name: Ensure Rabbitmq vhost
rabbitmq_vhost:
name: "{{ vhost }}"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ user }}"
password: "{{ password }}"
vhost: "{{ vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"

View File

@ -19,40 +19,11 @@
gather_facts: "{{ gather_facts | default(True) }}"
user: root
tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_config
tags:
- lxc-aa-profile
- name: Galera extra lxc config
lxc_container:
name: "{{ container_name }}"
container_command: |
[[ ! -d "/var/lib/mysql" ]] && mkdir -p "/var/lib/mysql"
container_config:
- "lxc.mount.entry=/openstack/{{ container_name }} var/lib/mysql none bind 0 0"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_extra_config
tags:
- galera-mysql-dir
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: >
(container_config is defined and container_config | changed) or
(container_extra_config is defined and container_extra_config | changed)
tags:
- galera-ssh-wait
- include: common-tasks/os-lxc-container-setup.yml
vars:
list_of_bind_mounts:
- bind_dir_path: "/var/lib/mysql"
mount_path: "/openstack/{{ inventory_hostname }}"
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
tags:

View File

@ -19,31 +19,12 @@
max_fail_percentage: 0
user: root
tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_config
tags:
- lxc-aa-profile
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when:
- container_config is defined
- container_config | changed
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- include: common-tasks/os-lxc-container-setup.yml
- include: common-tasks/os-log-dir-setup.yml
vars:
log_dirs:
- src: "/openstack/log/{{ inventory_hostname }}-haproxy"
dest: "/var/log/haproxy"
vars:
is_metal: "{{ properties.is_metal|default(false) }}"
tags:
@ -73,26 +54,6 @@
when: internal_lb_vip_address == external_lb_vip_address
tags:
- haproxy-service-config
- name: Create log dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-haproxy" }
when: is_metal | bool
tags:
- haproxy-logs
- name: Create log aggregation links
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: "{{ item.state }}"
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-haproxy", dest: "/var/log/haproxy", state: "link" }
when: is_metal | bool
tags:
- haproxy-logs
- name: Remove legacy haproxy logging file
file:
dest: "/etc/rsyslog.d/haproxy.conf"

View File

@ -19,49 +19,12 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_config
tags:
- lxc-aa-profile
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: container_config is defined and container_config | changed
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- name: Create log dir
file:
path: "/openstack/log/{{ inventory_hostname }}-memcached"
state: directory
when: is_metal | bool
tags:
- memcached-logs
- memcached-log-dirs
- name: Create log aggregation links
file:
src: "/openstack/log/{{ inventory_hostname }}-memcached"
dest: "/var/log/memcached"
state: "link"
force: "yes"
when: is_metal | bool
tags:
- memcached-logs
- include: common-tasks/os-lxc-container-setup.yml
- include: common-tasks/os-log-dir-setup.yml
vars:
log_dirs:
- src: "/openstack/log/{{ inventory_hostname }}-memcached"
dest: "/var/log/memcached"
roles:
- { role: "memcached_server", tags: [ "memcached-server" ] }
- role: "system_crontab_coordination"

View File

@ -19,107 +19,30 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
register: container_config
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
tags:
- lxc-aa-profile
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: container_config is defined and container_config | changed
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- name: Sort the rabbitmq servers
dist_sort:
value_to_lookup: "{{ container_name }}"
ref_list: "{{ groups['aodh_all'] }}"
src_list: "{{ rabbitmq_servers }}"
register: servers
tags:
- always
- name: Set rabbitmq servers
set_fact:
rabbitmq_servers: "{{ servers.sorted_list }}"
tags:
- always
- name: Create log dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-aodh" }
when: is_metal | bool
tags:
- aodh-logs
- aodh-log-dirs
- name: Ensure Rabbitmq vhost
rabbitmq_vhost:
name: "{{ aodh_rabbitmq_vhost }}"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
when:
- inventory_hostname == groups['aodh_api'][0]
- groups['rabbitmq_all']|length > 0
tags:
- aodh-rabbitmq
- aodh-rabbitmq-vhost
- name: Ensure rabbitmq user
rabbitmq_user:
- include: common-tasks/rabbitmq-servers-sort.yml
vars:
sort_group_name: "aodh_all"
- include: common-tasks/os-lxc-container-setup.yml
- include: common-tasks/rabbitmq-vhost-user.yml
vars:
user: "{{ aodh_rabbitmq_userid }}"
password: "{{ aodh_rabbitmq_password }}"
vhost: "{{ aodh_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
when:
- inventory_hostname == groups['aodh_api'][0]
- groups['rabbitmq_all']|length > 0
tags:
- aodh-rabbitmq
- aodh-rabbitmq-user
- name: Create DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ aodh_galera_address }}"
name: "{{ aodh_galera_database }}"
state: "present"
when: inventory_hostname == groups['aodh_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
tags:
- mysql-db-setup
- name: Grant access to the DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ aodh_galera_address }}"
name: "{{ aodh_galera_user }}"
- groups['rabbitmq_all'] | length > 0
- include: common-tasks/os-log-dir-setup.yml
vars:
log_dirs:
- src: "/openstack/log/{{ inventory_hostname }}-aodh"
dest: "/var/log/aodh"
- include: common-tasks/mysql-db-user.yml
vars:
user_name: "{{ aodh_galera_user }}"
password: "{{ aodh_container_db_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ aodh_galera_database }}.*:ALL"
login_host: "{{ aodh_galera_address }}"
db_name: "{{ aodh_galera_database }}"
when: inventory_hostname == groups['aodh_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
with_items:
- "localhost"
- "%"
tags:
- mysql-db-setup
roles:
- role: "os_aodh"
aodh_venv_tag: "{{ openstack_release }}"

View File

@ -19,86 +19,23 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_config
tags:
- lxc-aa-profile
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: container_config is defined and container_config | changed
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- name: Sort the rabbitmq servers
dist_sort:
value_to_lookup: "{{ container_name }}"
ref_list: "{{ groups['ceilometer_all'] }}"
src_list: "{{ rabbitmq_servers }}"
register: servers
- name: Set rabbitmq servers
set_fact:
rabbitmq_servers: "{{ servers.sorted_list }}"
- name: Create log dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-ceilometer" }
when: is_metal | bool
tags:
- ceilometer-logs
- ceilometer-log-dirs
- name: Create log aggregation links
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: "{{ item.state }}"
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-ceilometer", dest: "/var/log/ceilometer", state: "link" }
when: is_metal | bool
tags:
- ceilometer-logs
- name: Ensure Rabbitmq vhost
rabbitmq_vhost:
name: "{{ ceilometer_rabbitmq_vhost }}"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
when:
- inventory_hostname == groups['ceilometer_api'][0]
- groups['rabbitmq_all']|length > 0
tags:
- ceilometer-rabbitmq
- ceilometer-rabbitmq-vhost
- name: Ensure rabbitmq user
rabbitmq_user:
- include: common-tasks/rabbitmq-servers-sort.yml
vars:
sort_group_name: "ceilometer_all"
- include: common-tasks/os-lxc-container-setup.yml
- include: common-tasks/rabbitmq-vhost-user.yml
vars:
user: "{{ ceilometer_rabbitmq_userid }}"
password: "{{ ceilometer_rabbitmq_password }}"
vhost: "{{ ceilometer_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
when:
- inventory_hostname == groups['ceilometer_api'][0]
- groups['rabbitmq_all']|length > 0
tags:
- ceilometer-rabbitmq
- ceilometer-rabbitmq-user
- groups['rabbitmq_all'] | length > 0
- include: common-tasks/os-log-dir-setup.yml
vars:
log_dirs:
- src: "/openstack/log/{{ inventory_hostname }}-ceilometer"
dest: "/var/log/ceilometer"
roles:
- role: "os_ceilometer"
ceilometer_venv_tag: "{{ openstack_release }}"

View File

@ -19,18 +19,43 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=unconfined"
delegate_to: "{{ physical_host }}"
register: container_config
when: >
not is_metal | bool and
inventory_hostname in groups['cinder_volume']
tags:
- lxc-aa-profile
- include: common-tasks/rabbitmq-servers-sort.yml
vars:
sort_group_name: "cinder_all"
- include: common-tasks/os-lxc-container-setup.yml
vars:
aa_profile: "unconfined"
extra_container_config:
- "lxc.autodev=0"
- "lxc.cgroup.devices.allow=a *:* rmw"
- "lxc.mount.entry=udev dev devtmpfs defaults 0 0"
when:
- inventory_hostname in groups['cinder_volume']
- cinder_backend_lvm_inuse | bool
- include: common-tasks/os-lxc-container-setup.yml
when:
- inventory_hostname not in groups['cinder_volume']
- include: common-tasks/rabbitmq-vhost-user.yml
vars:
user: "{{ cinder_rabbitmq_userid }}"
password: "{{ cinder_rabbitmq_password }}"
vhost: "{{ cinder_rabbitmq_vhost }}"
when:
- inventory_hostname == groups['cinder_all'][0]
- groups['rabbitmq_all'] | length > 0
- include: common-tasks/os-log-dir-setup.yml
vars:
log_dirs:
- src: "/openstack/log/{{ inventory_hostname }}-cinder"
dest: "/var/log/cinder"
- include: common-tasks/mysql-db-user.yml
vars:
user_name: "{{ cinder_galera_user }}"
password: "{{ cinder_container_mysql_password }}"
login_host: "{{ cinder_galera_address }}"
db_name: "{{ cinder_galera_database }}"
when: inventory_hostname == groups['cinder_all'][0]
- name: Add volume group block device to cinder
shell: |
{% if item.value.volume_group is defined %}
@ -43,135 +68,18 @@
echo "{{ item.key }} volume_group not defined"
{% endif %}
with_dict: cinder_backends|default({})
when: physical_host != container_name
when:
- physical_host != container_name
- cinder_backend_lvm_inuse | bool
delegate_to: "{{ physical_host }}"
tags:
- cinder-lxc-devices
- name: Cinder volume extra lxc config
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.autodev=0"
- "lxc.cgroup.devices.allow=a *:* rmw"
- "lxc.mount.entry=udev dev devtmpfs defaults 0 0"
delegate_to: "{{ physical_host }}"
when: >
not is_metal | bool and
inventory_hostname in groups['cinder_volume'] and
cinder_backend_lvm_inuse
tags:
- cinder-container-setup
register: lxc_config
- name: udevadm trigger
command: udevadm trigger
tags:
- cinder-container-setup
delegate_to: "{{ physical_host }}"
when: lxc_config is defined and lxc_config | changed
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: >
(container_config is defined and container_config | changed) or
(lxc_config is defined and lxc_config | changed)
register: ssh_wait_check
until: ssh_wait_check|success
retries: 3
tags:
- ssh-wait
- name: Sort the rabbitmq servers
dist_sort:
value_to_lookup: "{{ container_name }}"
ref_list: "{{ groups['cinder_all'] }}"
src_list: "{{ rabbitmq_servers }}"
register: servers
tags:
- always
- name: Set rabbitmq servers
set_fact:
rabbitmq_servers: "{{ servers.sorted_list }}"
tags:
- always
- name: Create log dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-cinder" }
when: is_metal | bool
tags:
- cinder-logs
- cinder-log-dirs
- name: Create log aggregation links
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: "{{ item.state }}"
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-cinder", dest: "/var/log/cinder", state: "link" }
when: is_metal | bool
tags:
- cinder-logs
- name: Ensure Rabbitmq vhost
rabbitmq_vhost:
name: "{{ cinder_rabbitmq_vhost }}"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
when:
- inventory_hostname == groups['cinder_all'][0]
- groups['rabbitmq_all']|length > 0
tags:
- cinder-rabbitmq
- cinder-rabbitmq-vhost
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ cinder_rabbitmq_userid }}"
password: "{{ cinder_rabbitmq_password }}"
vhost: "{{ cinder_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
when:
- inventory_hostname == groups['cinder_all'][0]
- groups['rabbitmq_all']|length > 0
tags:
- cinder-rabbitmq
- cinder-rabbitmq-user
- name: Create DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ cinder_galera_address }}"
name: "{{ cinder_galera_database }}"
state: "present"
when: inventory_hostname == groups['cinder_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
tags:
- mysql-db-setup
- name: Grant access to the DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ cinder_galera_address }}"
name: "{{ cinder_galera_user }}"
password: "{{ cinder_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ cinder_galera_database }}.*:ALL"
when: inventory_hostname == groups['cinder_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
with_items:
- "localhost"
- "%"
tags:
- mysql-db-setup
when: cinder_backend_lvm_inuse | bool
- name: Set cinder storage bridge (is_metal)
set_fact:
storage_bridge: "{{ 'ansible_' + hostvars[inventory_hostname]['container_networks']['storage_address']['bridge'] | replace('-', '_') }}"

View File

@ -19,135 +19,37 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_config
tags:
- lxc-aa-profile
- name: Glance extra lxc config
lxc_container:
name: "{{ container_name }}"
container_command: |
[[ ! -d "/var/lib/glance/images" ]] && mkdir -p "/var/lib/glance/images"
container_config:
- "lxc.mount.entry=/openstack/{{ container_name }} var/lib/glance/images none bind 0 0"
delegate_to: "{{ physical_host }}"
when: >
(not is_metal | bool) and
(glance_default_store == "file") and
(glance_nfs_client is not defined)
register: container_extra_config
tags:
- glance-cache-dir
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: >
(container_config is defined and container_config | changed) or
(container_extra_config is defined and container_config | changed)
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- name: Sort the rabbitmq servers
dist_sort:
value_to_lookup: "{{ container_name }}"
ref_list: "{{ groups['glance_all'] }}"
src_list: "{{ rabbitmq_servers }}"
register: servers
tags:
- always
- name: Set rabbitmq servers
set_fact:
rabbitmq_servers: "{{ servers.sorted_list }}"
tags:
- always
- name: Create log dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-glance" }
when: is_metal | bool
tags:
- glance-logs
- glance-log-dirs
- name: Create log aggregation links
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: "{{ item.state }}"
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-glance", dest: "/var/log/glance", state: "link" }
when: is_metal | bool
tags:
- glance-logs
- name: Ensure Rabbitmq vhost
rabbitmq_vhost:
name: "{{ glance_rabbitmq_vhost }}"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
when:
- inventory_hostname == groups['glance_all'][0]
- groups['rabbitmq_all']|length > 0
tags:
- glance-rabbitmq
- glance-rabbitmq-vhost
- name: Ensure rabbitmq user
rabbitmq_user:
- include: common-tasks/rabbitmq-servers-sort.yml
vars:
sort_group_name: "glance_all"
- include: common-tasks/os-lxc-container-setup.yml
vars:
list_of_bind_mounts:
- bind_dir_path: "/var/lib/glance/images"
mount_path: "/openstack/{{ inventory_hostname }}"
when: (glance_default_store == "file") and (glance_nfs_client is not defined)
- include: common-tasks/os-lxc-container-setup.yml
when: (glance_default_store != "file") or (glance_nfs_client is defined)
- include: common-tasks/rabbitmq-vhost-user.yml
vars:
user: "{{ glance_rabbitmq_userid }}"
password: "{{ glance_rabbitmq_password }}"
vhost: "{{ glance_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
when:
- inventory_hostname == groups['glance_all'][0]
- groups['rabbitmq_all']|length > 0
tags:
- glance-rabbitmq
- glance-rabbitmq-user
- name: Create DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ glance_galera_address }}"
name: "{{ glance_galera_database }}"
state: "present"
when: inventory_hostname == groups['glance_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
tags:
- mysql-db-setup
- name: Grant access to the DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ glance_galera_address }}"
name: "{{ glance_galera_user }}"
- groups['rabbitmq_all'] | length > 0
- include: common-tasks/os-log-dir-setup.yml
vars:
log_dirs:
- src: "/openstack/log/{{ inventory_hostname }}-glance"
dest: "/var/log/glance"
- include: common-tasks/mysql-db-user.yml
vars:
user_name: "{{ glance_galera_user }}"
password: "{{ glance_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ glance_galera_database }}.*:ALL"
login_host: "{{ glance_galera_address }}"
db_name: "{{ glance_galera_database }}"
when: inventory_hostname == groups['glance_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
with_items:
- "localhost"
- "%"
tags:
- mysql-db-setup
roles:
- role: "os_glance"
glance_venv_tag: "{{ openstack_release }}"

View File

@ -18,90 +18,26 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_config
tags:
- lxc-aa-profile
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: container_config is defined and container_config | changed
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- name: Gnocchi extra lxc config
lxc_container:
name: "{{ container_name }}"
container_command: |
[[ ! -d "/var/lib/gnocchi" ]] && mkdir -p "/var/lib/gnocchi"
container_config:
- "lxc.mount.entry=/openstack/{{ container_name }} var/lib/gnocchi none bind 0 0"
delegate_to: "{{ physical_host }}"
when: >
(not is_metal | bool) and gnocchi_storage_driver is not defined or
(gnocchi_storage_driver == "file")
register: container_extra_config
tags:
-gnocchi-storage-dir
- name: Create log dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-gnocchi" }
when: is_metal | bool
tags:
- gnocchi-logs
- gnocchi-log-dirs
- name: Create log aggregation links
file:
src: "/openstack/log/{{ inventory_hostname }}-gnocchi"
dest: "/var/log/gnocchi"
state: "link"
force: "yes"
when: is_metal | bool
tags:
- gnocchi-logs
- name: Create DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
- include: common-tasks/os-lxc-container-setup.yml
vars:
list_of_bind_mounts:
- bind_dir_path: "/var/lib/gnocchi"
mount_path: "/openstack/{{ inventory_hostname }}"
when: (gnocchi_storage_driver == "file") and (gnocchi_storage_driver is not defined)
- include: common-tasks/os-lxc-container-setup.yml
when: (gnocchi_storage_driver != "file") or (gnocchi_storage_driver is defined)
- include: common-tasks/os-log-dir-setup.yml
vars:
log_dirs:
- src: "/openstack/log/{{ inventory_hostname }}-gnocchi"
dest: "/var/log/gnocchi"
- include: common-tasks/mysql-db-user.yml
vars:
user_name: "{{ gnocchi_galera_user }}"
password: "{{ gnocchi_container_mysql_password }}"
login_host: "{{ gnocchi_galera_address }}"
name: "{{ gnocchi_galera_database }}"
state: "present"
db_name: "{{ gnocchi_galera_database }}"
when: inventory_hostname == groups['gnocchi_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
tags:
- mysql-db-setup
- name: Grant access to the DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ gnocchi_galera_address }}"
name: "{{ gnocchi_galera_user }}"
password: "{{ gnocchi_galera_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ gnocchi_galera_database }}.*:ALL"
when: inventory_hostname == groups['gnocchi_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
with_items:
- "localhost"
- "%"
tags:
- mysql-db-setup
roles:
- role: "os_gnocchi"
gnocchi_venv_tag: "{{ openstack_release }}"

View File

@ -19,118 +19,30 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_config
tags:
- lxc-aa-profile
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: container_config is defined and container_config | changed
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- name: Sort the rabbitmq servers
dist_sort:
value_to_lookup: "{{ container_name }}"
ref_list: "{{ groups['heat_all'] }}"
src_list: "{{ rabbitmq_servers }}"
register: servers
tags:
- always
- name: Set rabbitmq servers
set_fact:
rabbitmq_servers: "{{ servers.sorted_list }}"
tags:
- always
- name: Create log dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-heat" }
when: is_metal | bool
tags:
- heat-logs
- heat-log-dirs
- name: Create log aggregation links
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: "{{ item.state }}"
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-heat", dest: "/var/log/heat", state: "link" }
when: is_metal | bool
tags:
- heat-logs
- name: Ensure Rabbitmq vhost
rabbitmq_vhost:
name: "{{ heat_rabbitmq_vhost }}"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
when:
- inventory_hostname == groups['heat_all'][0]
- groups['rabbitmq_all']|length > 0
tags:
- heat-rabbitmq
- heat-rabbitmq-vhost
- name: Ensure rabbitmq user
rabbitmq_user:
- include: common-tasks/rabbitmq-servers-sort.yml
vars:
sort_group_name: "heat_all"
- include: common-tasks/os-lxc-container-setup.yml
- include: common-tasks/rabbitmq-vhost-user.yml
vars:
user: "{{ heat_rabbitmq_userid }}"
password: "{{ heat_rabbitmq_password }}"
vhost: "{{ heat_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
when:
- inventory_hostname == groups['heat_all'][0]
- groups['rabbitmq_all']|length > 0
tags:
- heat-rabbitmq
- heat-rabbitmq-user
- name: Create DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ heat_galera_address }}"
name: "{{ heat_galera_database }}"
state: "present"
when: inventory_hostname == groups['heat_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
tags:
- mysql-db-setup
- name: Grant access to the DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ heat_galera_address }}"
name: "{{ heat_galera_user }}"
- groups['rabbitmq_all'] | length > 0
- include: common-tasks/os-log-dir-setup.yml
vars:
log_dirs:
- src: "/openstack/log/{{ inventory_hostname }}-heat"
dest: "/var/log/heat"
- include: common-tasks/mysql-db-user.yml
vars:
user_name: "{{ heat_galera_user }}"
password: "{{ heat_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ heat_galera_database }}.*:ALL"
login_host: "{{ heat_galera_address }}"
db_name: "{{ heat_galera_database }}"
when: inventory_hostname == groups['heat_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
with_items:
- "localhost"
- "%"
tags:
- mysql-db-setup
roles:
- role: "os_heat"
heat_venv_tag: "{{ openstack_release }}"

View File

@ -19,91 +19,22 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_config
tags:
- lxc-aa-profile
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: container_config is defined and container_config | changed
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- name: Sort the rabbitmq servers
dist_sort:
value_to_lookup: "{{ container_name }}"
ref_list: "{{ groups['horizon_all'] }}"
src_list: "{{ rabbitmq_servers }}"
register: servers
tags:
- always
- name: Set rabbitmq servers
set_fact:
rabbitmq_servers: "{{ servers.sorted_list }}"
tags:
- always
- name: Create log dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-horizon" }
when: is_metal | bool
tags:
- horizon-logs
- horizon-log-dirs
- name: Create log aggregation links
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: "{{ item.state }}"
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-horizon", dest: "/var/log/horizon", state: "link" }
when: is_metal | bool
tags:
- horizon-logs
- name: Create DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ horizon_galera_address }}"
name: "{{ horizon_galera_database }}"
state: "present"
when: inventory_hostname == groups['horizon_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
tags:
- mysql-db-setup
- name: Grant access to the DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ horizon_galera_address }}"
name: "{{ horizon_galera_user }}"
- include: common-tasks/rabbitmq-servers-sort.yml
vars:
sort_group_name: "horizon_all"
- include: common-tasks/os-lxc-container-setup.yml
- include: common-tasks/os-log-dir-setup.yml
vars:
log_dirs:
- src: "/openstack/log/{{ inventory_hostname }}-horizon"
dest: "/var/log/horizon"
- include: common-tasks/mysql-db-user.yml
vars:
user_name: "{{ horizon_galera_user }}"
password: "{{ horizon_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ horizon_galera_database }}.*:ALL"
login_host: "{{ horizon_galera_address }}"
db_name: "{{ horizon_galera_database }}"
when: inventory_hostname == groups['horizon_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
with_items:
- "localhost"
- "%"
tags:
- mysql-db-setup
roles:
- role: "os_horizon"
horizon_server_name: "{{ container_name }}"

View File

@ -18,95 +18,25 @@
gather_facts: "{{ gather_facts | default(True) }}"
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_config
tags:
- lxc-aa-profile
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: container_config is defined and container_config | changed
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- name: Ensure Rabbitmq vhost for Ironic
rabbitmq_vhost:
name: "{{ ironic_rabbitmq_vhost }}"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
run_once: true
tags:
- ironic-rabbitmq
- ironic-rabbitmq-vhost
- name: Ensure rabbitmq user for Ironic
rabbitmq_user:
- include: common-tasks/rabbitmq-servers-sort.yml
vars:
sort_group_name: "ironic_all"
- include: common-tasks/os-lxc-container-setup.yml
- include: common-tasks/rabbitmq-vhost-user.yml
vars:
user: "{{ ironic_rabbitmq_userid }}"
password: "{{ ironic_rabbitmq_password }}"
vhost: "{{ ironic_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
run_once: true
tags:
- ironic-rabbitmq
- ironic-rabbitmq-user
- name: Create DB for Ironic
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
when:
- inventory_hostname == groups['ironic_all'][0]
- groups['rabbitmq_all'] | length > 0
- include: common-tasks/mysql-db-user.yml
vars:
user_name: "{{ ironic_galera_user }}"
password: "{{ ironic_container_mysql_password }}"
login_host: "{{ ironic_galera_address }}"
name: "{{ ironic_galera_database }}"
state: "present"
db_name: "{{ ironic_galera_database }}"
when: inventory_hostname == groups['ironic_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
run_once: true
tags:
- mysql-db-setup
- name: Grant access to the DB for Ironic
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ ironic_galera_address }}"
name: "{{ ironic_galera_user }}"
password: "{{ ironic_galera_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ ironic_galera_database }}.*:ALL"
when: inventory_hostname == groups['ironic_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
with_items:
- "localhost"
- "%"
run_once: true
tags:
- mysql-db-setup
- name: Sort the rabbitmq servers
dist_sort:
value_to_lookup: "{{ container_name }}"
ref_list: "{{ groups['ironic_all'] }}"
src_list: "{{ rabbitmq_servers }}"
register: servers
tags:
- always
- name: Set rabbitmq servers
set_fact:
rabbitmq_servers: "{{ servers.sorted_list }}"
tags:
- always
roles:
- role: "os_ironic"
ironic_venv_tag: "{{ openstack_release }}"

View File

@ -19,63 +19,31 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_config
tags:
- lxc-aa-profile
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: container_config is defined and container_config | changed
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- name: Sort the rabbitmq servers
dist_sort:
value_to_lookup: "{{ container_name }}"
ref_list: "{{ groups['keystone_all'] }}"
src_list: "{{ rabbitmq_servers }}"
register: servers
tags:
- always
- name: Set rabbitmq servers
set_fact:
rabbitmq_servers: "{{ servers.sorted_list }}"
tags:
- always
- name: Create log dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-keystone" }
when: is_metal | bool
tags:
- keystone-logs
- keystone-log-dirs
- name: Create log aggregation links
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: "{{ item.state }}"
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-keystone", dest: "/var/log/keystone", state: "link" }
when: is_metal | bool
tags:
- keystone-logs
- include: common-tasks/rabbitmq-servers-sort.yml
vars:
sort_group_name: "keystone_all"
- include: common-tasks/os-lxc-container-setup.yml
- include: common-tasks/rabbitmq-vhost-user.yml
vars:
user: "{{ keystone_rabbitmq_userid }}"
password: "{{ keystone_rabbitmq_password }}"
vhost: "{{ keystone_rabbitmq_vhost }}"
when:
- inventory_hostname == groups['keystone_all'][0]
- groups['rabbitmq_all'] | length > 0
- include: common-tasks/os-log-dir-setup.yml
vars:
log_dirs:
- src: "/openstack/log/{{ inventory_hostname }}-keystone"
dest: "/var/log/keystone"
- include: common-tasks/mysql-db-user.yml
vars:
user_name: "{{ keystone_galera_user }}"
password: "{{ keystone_container_mysql_password }}"
login_host: "{{ keystone_galera_address }}"
db_name: "{{ keystone_galera_database }}"
when: inventory_hostname == groups['keystone_all'][0]
# todo(cloudnull): this task is being run only if/when keystone is installed on a physical host.
# This is not being run within a container because it is an unsupported action due to this
# issue: (https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1279041)
@ -93,61 +61,6 @@
when: is_metal | bool
tags:
- keystone-reserved-port
- name: Ensure Rabbitmq vhost
rabbitmq_vhost:
name: "{{ keystone_rabbitmq_vhost }}"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
when:
- inventory_hostname == groups['keystone_all'][0]
- groups['rabbitmq_all']|length > 0
tags:
- keystone-rabbitmq
- keystone-rabbitmq-vhost
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ keystone_rabbitmq_userid }}"
password: "{{ keystone_rabbitmq_password }}"
vhost: "{{ keystone_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
when:
- inventory_hostname == groups['keystone_all'][0]
- groups['rabbitmq_all']|length > 0
tags:
- keystone-rabbitmq
- keystone-rabbitmq-user
- name: Keystone create DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ keystone_galera_address }}"
name: "{{ keystone_galera_database }}"
state: "present"
when: inventory_hostname == groups['keystone_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
tags:
- mysql-db-setup
- name: Keystone grant access to the DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ keystone_galera_address }}"
name: "{{ keystone_galera_user }}"
password: "{{ keystone_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ keystone_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
when: inventory_hostname == groups['keystone_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
tags:
- mysql-db-setup
roles:
- role: "os_keystone"
keystone_venv_tag: "{{ openstack_release }}"

View File

@ -19,137 +19,41 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=unconfined"
delegate_to: "{{ physical_host }}"
when: >
not is_metal | bool and
inventory_hostname in groups['neutron_agent']
register: container_config
tags:
- lxc-aa-profile
- name: Neutron extra lxc config
lxc_container:
name: "{{ container_name }}"
container_command: |
[[ ! -d "/lib/modules" ]] && mkdir -p "/lib/modules"
container_config:
- include: common-tasks/rabbitmq-servers-sort.yml
vars:
sort_group_name: "neutron_all"
- include: common-tasks/os-lxc-container-setup.yml
vars:
aa_profile: "unconfined"
list_of_bind_mounts:
- bind_dir_path: "/lib/modules"
mount_path: "/lib/modules"
extra_container_config:
- "lxc.cgroup.devices.allow=a *:* rmw"
- "lxc.mount.entry=/lib/modules lib/modules none bind 0 0"
delegate_to: "{{ physical_host }}"
when: >
not is_metal | bool and
inventory_hostname in groups['neutron_agent']
register: container_extra_config
tags:
- neutron-container-setup
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: >
(container_config is defined and container_config | changed) or
(container_extra_config is defined and container_extra_config | changed)
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- name: Sort the rabbitmq servers
dist_sort:
value_to_lookup: "{{ container_name }}"
ref_list: "{{ groups['neutron_all'] }}"
src_list: "{{ neutron_rabbitmq_servers }}"
register: servers
tags:
- always
- name: Set rabbitmq servers
set_fact:
rabbitmq_servers: "{{ servers.sorted_list }}"
tags:
- always
- name: Create log dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-neutron" }
when: is_metal | bool
tags:
- neutron-logs
- neutron-log-dirs
- name: Create log aggregation links
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: "{{ item.state }}"
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-neutron", dest: "/var/log/neutron", state: "link" }
when: is_metal | bool
tags:
- neutron-logs
- name: Ensure Rabbitmq vhost
rabbitmq_vhost:
name: "{{ neutron_rabbitmq_vhost }}"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
when:
- inventory_hostname == groups['neutron_all'][0]
- groups['rabbitmq_all']|length > 0
tags:
- neutron-rabbitmq
- neutron-rabbitmq-vhost
- name: Ensure rabbitmq user
rabbitmq_user:
when: inventory_hostname in groups['neutron_agent']
- include: common-tasks/os-lxc-container-setup.yml
when: inventory_hostname not in groups['neutron_agent']
- include: common-tasks/rabbitmq-vhost-user.yml
vars:
user: "{{ neutron_rabbitmq_userid }}"
password: "{{ neutron_rabbitmq_password }}"
vhost: "{{ neutron_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
when:
- inventory_hostname == groups['neutron_all'][0]
- groups['rabbitmq_all']|length > 0
tags:
- neutron-rabbitmq
- neutron-rabbitmq-user
- name: Create DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ neutron_galera_address }}"
name: "{{ neutron_galera_database }}"
state: "present"
when: inventory_hostname == groups['neutron_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
tags:
- mysql-db-setup
- name: Grant access to the DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ neutron_galera_address }}"
name: "{{ neutron_galera_user }}"
- groups['rabbitmq_all'] | length > 0
- include: common-tasks/os-log-dir-setup.yml
vars:
log_dirs:
- src: "/openstack/log/{{ inventory_hostname }}-neutron"
dest: "/var/log/neutron"
- include: common-tasks/mysql-db-user.yml
vars:
user_name: "{{ neutron_galera_user }}"
password: "{{ neutron_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ neutron_galera_database }}.*:ALL"
login_host: "{{ neutron_galera_address }}"
db_name: "{{ neutron_galera_database }}"
when: inventory_hostname == groups['neutron_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
with_items:
- "localhost"
- "%"
tags:
- mysql-db-setup
- name: Create the neutron provider networks facts
provider_networks:
provider_networks: "{{ provider_networks }}"

View File

@ -19,42 +19,38 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_config
tags:
- lxc-aa-profile
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: container_config is defined and container_config | changed
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- name: Sort the rabbitmq servers
dist_sort:
value_to_lookup: "{{ container_name }}"
ref_list: "{{ groups['nova_all'] }}"
src_list: "{{ rabbitmq_servers }}"
register: servers
tags:
- always
- name: Set rabbitmq servers
set_fact:
rabbitmq_servers: "{{ servers.sorted_list }}"
tags:
- always
- include: common-tasks/rabbitmq-servers-sort.yml
vars:
sort_group_name: "nova_all"
- include: common-tasks/os-lxc-container-setup.yml
- include: common-tasks/rabbitmq-vhost-user.yml
vars:
user: "{{ nova_rabbitmq_userid }}"
password: "{{ nova_rabbitmq_password }}"
vhost: "{{ nova_rabbitmq_vhost }}"
when:
- inventory_hostname == groups['nova_all'][0]
- groups['rabbitmq_all'] | length > 0
- include: common-tasks/os-log-dir-setup.yml
vars:
log_dirs:
- src: "/openstack/log/{{ inventory_hostname }}-nova"
dest: "/var/log/nova"
- include: common-tasks/mysql-db-user.yml
vars:
user_name: "{{ nova_galera_user }}"
password: "{{ nova_container_mysql_password }}"
login_host: "{{ nova_galera_address }}"
db_name: "{{ nova_galera_database }}"
when: inventory_hostname == groups['nova_all'][0]
- include: common-tasks/mysql-db-user.yml
vars:
user_name: "{{ nova_api_galera_user }}"
password: "{{ nova_api_container_mysql_password }}"
login_host: "{{ nova_api_galera_address }}"
db_name: "{{ nova_api_galera_database }}"
when: inventory_hostname == groups['nova_all'][0]
- name: Add nbd devices to the compute
shell: |
for i in /dev/nbd*;do
@ -107,110 +103,6 @@
tags:
- nova-kvm
- nova-kvm-container-devices
- name: Create log dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-nova" }
when: is_metal | bool
tags:
- nova-logs
- nova-log-dirs
- name: Create log aggregation links
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: "{{ item.state }}"
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-nova", dest: "/var/log/nova", state: "link" }
when: is_metal | bool
tags:
- nova-logs
- name: Ensure Rabbitmq vhost
rabbitmq_vhost:
name: "{{ nova_rabbitmq_vhost }}"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
when:
- inventory_hostname == groups['nova_all'][0]
- groups['rabbitmq_all']|length > 0
tags:
- nova-rabbitmq
- nova-rabbitmq-vhost
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ nova_rabbitmq_userid }}"
password: "{{ nova_rabbitmq_password }}"
vhost: "{{ nova_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
when:
- inventory_hostname == groups['nova_all'][0]
- groups['rabbitmq_all']|length > 0
tags:
- nova-rabbitmq
- nova-rabbitmq-user
- name: Create DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ nova_galera_address }}"
name: "{{ nova_galera_database }}"
state: "present"
when: inventory_hostname == groups['nova_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
tags:
- mysql-db-setup
- name: Grant access to the DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ nova_galera_address }}"
name: "{{ nova_galera_user }}"
password: "{{ nova_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ nova_galera_database }}.*:ALL"
when: inventory_hostname == groups['nova_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
with_items:
- "localhost"
- "%"
tags:
- mysql-db-setup
- name: Create API DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ nova_api_galera_address }}"
name: "{{ nova_api_galera_database }}"
state: "present"
when: inventory_hostname == groups['nova_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
tags:
- mysql-db-setup
- name: Grant access to the API DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ nova_api_galera_address }}"
name: "{{ nova_api_galera_user }}"
password: "{{ nova_api_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ nova_api_galera_database }}.*:ALL"
when: inventory_hostname == groups['nova_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
with_items:
- "localhost"
- "%"
tags:
- mysql-db-setup
- name: Set nova management bridge (is_metal)
set_fact:
management_bridge: "{{ 'ansible_' + hostvars[inventory_hostname]['management_bridge'] | replace('-', '_') }}"

View File

@ -19,64 +19,15 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when:
- inventory_hostname in groups['swift_all']
- not is_metal | bool
register: container_config
tags:
- lxc-aa-profile
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when:
- inventory_hostname in groups['swift_all']
- container_config is defined and container_config | changed
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- name: Create log dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-swift" }
when:
- inventory_hostname in groups['swift_all']
- is_metal | bool
tags:
- swift-logs
- swift-log-dirs
- name: Create log aggregation links
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: "{{ item.state }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
force: "yes"
with_items:
- src: "/openstack/log/{{ inventory_hostname }}-swift"
dest: "/var/log/swift"
owner: "syslog"
group: "syslog"
state: "link"
when:
- inventory_hostname in groups['swift_all']
- is_metal | bool
tags:
- swift-logs
- include: common-tasks/os-lxc-container-setup.yml
- include: common-tasks/os-log-dir-setup.yml
vars:
log_dirs:
- src: "/openstack/log/{{ inventory_hostname }}-swift"
dest: "/var/log/swift"
owner: "syslog"
group: "syslog"
- name: Set swift storage bridge (is_metal)
set_fact:
storage_bridge: "{{ 'ansible_' + swift.storage_network | replace('-', '_') }}"

View File

@ -19,29 +19,7 @@
max_fail_percentage: 0
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_config
tags:
- lxc-aa-profile
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: container_config is defined and container_config | changed
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- include: common-tasks/os-lxc-container-setup.yml
roles:
- role: "pip_install"
pip_lock_to_internal_repo: "{{ (pip_links | length) >= 1 }}"

View File

@ -19,43 +19,11 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_config
tags:
- lxc-aa-profile
- name: Package repo extra lxc config
lxc_container:
name: "{{ container_name }}"
container_command: |
[[ ! -d "/var/www" ]] && mkdir -p "/var/www"
container_config:
- "lxc.mount.entry=/openstack/{{ container_name }} var/www none bind 0 0"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_extra_config
tags:
- repo-dirs
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: >
(container_config is defined and container_config | changed) or
(container_extra_config is defined and container_extra_config | changed)
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- include: common-tasks/os-lxc-container-setup.yml
vars:
list_of_bind_mounts:
- bind_dir_path: "/var/www"
mount_path: "/openstack/{{ inventory_hostname }}"
roles:
- { role: "repo_server", tags: [ "repo-server" ] }
- role: "rsyslog_client"

View File

@ -19,52 +19,11 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_config
tags:
- lxc-aa-profile
- name: Ensure log storage directory exists
file:
path: "/openstack/{{ container_name }}/log-storage"
state: "directory"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
tags:
- rsyslog-storage-dirs
- name: Rsyslog server extra lxc config
lxc_container:
name: "{{ container_name }}"
container_command: |
[[ ! -d "{{ storage_directory }}" ]] && mkdir -p "{{ storage_directory }}"
container_config:
- "lxc.mount.entry=/openstack/{{ container_name }}/log-storage {{ storage_directory.lstrip('/') }} none bind 0 0"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_extra_config
tags:
- rsyslog-storage-dirs
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: >
(container_config is defined and container_config | changed) or
(container_extra_config is defined and container_extra_config | changed)
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- include: common-tasks/os-lxc-container-setup.yml
vars:
list_of_bind_mounts:
- bind_dir_path: "{{ storage_directory }}"
mount_path: "/openstack/{{ inventory_hostname }}/log-storage"
roles:
- { role: "rsyslog_server", tags: [ "rsyslog-server" ] }
- role: "system_crontab_coordination"

View File

@ -18,51 +18,14 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
register: container_config
tags:
- lxc-aa-profile
- name: Wait for container ssh
wait_for:
port: "22"
delay: "{{ ssh_delay }}"
search_regex: "OpenSSH"
host: "{{ ansible_ssh_host }}"
delegate_to: "{{ physical_host }}"
when: container_config is defined and container_config | changed
register: ssh_wait_check
until: ssh_wait_check | success
retries: 3
tags:
- ssh-wait
- name: Create log dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-utility" }
when: is_metal | bool
tags:
- utility-logs
- utility-log-dirs
- name: Create log aggregation links
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: "{{ item.state }}"
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-utility", dest: "/var/log/utility", state: "link" }
when: is_metal | bool
tags:
- utility-logs
- name: Create log directory
- include: common-tasks/os-lxc-container-setup.yml
- include: common-tasks/os-log-dir-setup.yml
vars:
log_dirs:
- src: "/openstack/log/{{ inventory_hostname }}-utility"
dest: "/var/log/utility"
- name: Create log directory (not is_metal)
file:
dest: "/var/log/utility"
state: "directory"