diff --git a/ansible-role-requirements.yml b/ansible-role-requirements.yml index f4ac10c7fd..6d6acdd72c 100644 --- a/ansible-role-requirements.yml +++ b/ansible-role-requirements.yml @@ -1,6 +1,8 @@ - src: evrardjp.keepalived name: keepalived version: '1.3' +- src: mattwillsher.sshd + name: sshd - name: apt_package_pinning src: https://github.com/openstack/openstack-ansible-apt_package_pinning version: master diff --git a/etc/openstack_deploy/openstack_user_config.yml.aio b/etc/openstack_deploy/openstack_user_config.yml.aio index c1edacdfdc..b0d5064973 100644 --- a/etc/openstack_deploy/openstack_user_config.yml.aio +++ b/etc/openstack_deploy/openstack_user_config.yml.aio @@ -12,7 +12,7 @@ used_ips: global_overrides: internal_lb_vip_address: 172.29.236.100 - external_lb_vip_address: 192.168.1.1 + external_lb_vip_address: {{ bootstrap_host_public_address | default(ansible_default_ipv4.address) }} tunnel_bridge: "br-vxlan" management_bridge: "br-mgmt" provider_networks: diff --git a/scripts/bootstrap-aio.sh b/scripts/bootstrap-aio.sh index 380f93828a..6d3cc5d788 100755 --- a/scripts/bootstrap-aio.sh +++ b/scripts/bootstrap-aio.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash - +# # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,447 +17,16 @@ ## Shell Opts ---------------------------------------------------------------- set -e -u -x - -## Vars ---------------------------------------------------------------------- -DEFAULT_PASSWORD=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 32) -export BOOTSTRAP_AIO="yes" -export BOOTSTRAP_AIO_DIR=${BOOTSTRAP_AIO_DIR:-"/openstack"} -export HTTP_PROXY=${HTTP_PROXY:-""} -export HTTPS_PROXY=${HTTPS_PROXY:-""} -export ADMIN_PASSWORD=${ADMIN_PASSWORD:-$DEFAULT_PASSWORD} -export SERVICE_REGION=${SERVICE_REGION:-"RegionOne"} -export DEPLOY_OPENSTACK=${DEPLOY_OPENSTACK:-"yes"} -export DEPLOY_SWIFT=${DEPLOY_SWIFT:-"yes"} -export DEPLOY_CEILOMETER=${DEPLOY_CEILOMETER:-"yes"} -export PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-$(ip route show | awk '/default/ { print $NF }')} -export PUBLIC_ADDRESS=${PUBLIC_ADDRESS:-$(ip -o -4 addr show dev ${PUBLIC_INTERFACE} | awk -F '[ /]+' '/global/ {print $4}')} -export NOVA_VIRT_TYPE=${NOVA_VIRT_TYPE:-"qemu"} -export TEMPEST_FLAT_CIDR=${TEMPEST_FLAT_CIDR:-"172.29.248.0/22"} -export FLUSH_IPTABLES=${FLUSH_IPTABLES:-"yes"} -export RABBITMQ_PACKAGE_URL=${RABBITMQ_PACKAGE_URL:-""} -export MONGO_HOST=${MONGO_HOST:-"172.29.236.100"} -export DEBIAN_FRONTEND=${DEBIAN_FRONTEND:-"noninteractive"} - -# Default disabled fatal deprecation warnings -export CINDER_FATAL_DEPRECATIONS=${CINDER_FATAL_DEPRECATIONS:-"no"} -export GLANCE_FATAL_DEPRECATIONS=${GLANCE_FATAL_DEPRECATIONS:-"no"} -export HEAT_FATAL_DEPRECATIONS=${HEAT_FATAL_DEPRECATIONS:-"no"} -export KEYSTONE_FATAL_DEPRECATIONS=${KEYSTONE_FATAL_DEPRECATIONS:-"no"} -export NEUTRON_FATAL_DEPRECATIONS=${NEUTRON_FATAL_DEPRECATIONS:-"no"} -export NOVA_FATAL_DEPRECATIONS=${NOVA_FATAL_DEPRECATIONS:-"no"} -export TEMPEST_FATAL_DEPRECATIONS=${TEMPEST_FATAL_DEPRECATIONS:-"no"} - -# Ubuntu Repository Determination (based on existing host OS configuration) -UBUNTU_RELEASE=$(lsb_release -sc) -UBUNTU_REPO=${UBUNTU_REPO:-$(awk "/^deb .*ubuntu\/? ${UBUNTU_RELEASE} main/ {print \$2; exit}" /etc/apt/sources.list)} -UBUNTU_SEC_REPO=${UBUNTU_SEC_REPO:-$(awk "/^deb .*ubuntu\/? ${UBUNTU_RELEASE}-security main/ {print \$2; exit}" /etc/apt/sources.list)} - - -## Library Check ------------------------------------------------------------- -info_block "Checking for required libraries." 2> /dev/null || - source $(dirname ${0})/scripts-library.sh || - source scripts/scripts-library.sh - +## Variables ----------------------------------------------------------------- +# Extra options to pass to the AIO bootstrap process +export BOOTSTRAP_OPTS=${BOOTSTRAP_OPTS:-''} ## Main ---------------------------------------------------------------------- -# Log some data about the instance and the rest of the system -log_instance_info +# Run AIO bootstrap playbook +pushd tests + ansible-playbook -i "localhost ansible-connection=local," \ + -e "${BOOTSTRAP_OPTS}" \ + bootstrap-aio.yml +popd -# Ensure that the current kernel can support vxlan -if ! modprobe vxlan; then - echo "VXLAN support is required for this to work. And the Kernel module was not found." - echo "This build will not work without it." - exit_fail -fi - -info_block "Running AIO Setup" - -# Set base DNS to google, ensuring consistent DNS in different environments -if [ ! "$(grep -e '^nameserver 8.8.8.8' -e '^nameserver 8.8.4.4' /etc/resolv.conf)" ];then - echo -e '\n# Adding google name servers\nnameserver 8.8.8.8\nnameserver 8.8.4.4' | tee -a /etc/resolv.conf -fi - -# Ensure that the https apt transport is available before doing anything else -apt-get update && apt-get install -y apt-transport-https < /dev/null - -# Set the host repositories to only use the same ones, always, for the sake of consistency. -cat > /etc/apt/sources.list <> /etc/ssh/sshd_config -fi - -# Ensure that sshd permits root login, or ansible won't be able to connect -if grep "^PermitRootLogin" /etc/ssh/sshd_config > /dev/null; then - sed -i 's/^PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config -else - echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config -fi - -# Create the directory BOOTSTRAP_AIO_DIR if it doesn't already exist -if [ ! -d "${BOOTSTRAP_AIO_DIR}" ]; then - mkdir -p ${BOOTSTRAP_AIO_DIR} -fi - -# Remove the pip directory if its found -if [ -d "${HOME}/.pip" ];then - rm -rf "${HOME}/.pip" -fi - -# Install pip -get_pip - -# Ensure we use the HTTPS/HTTP proxy with pip if it is specified -PIP_OPTS="" -if [ -n "$HTTPS_PROXY" ]; then - PIP_OPTS="--proxy $HTTPS_PROXY" -elif [ -n "$HTTP_PROXY" ]; then - PIP_OPTS="--proxy $HTTP_PROXY" -fi - -# Install requirements if there are any -if [ -f "requirements.txt" ];then - pip2 install $PIP_OPTS -r requirements.txt || pip install $PIP_OPTS -r requirements.txt -fi - -# Configure all disk space -configure_diskspace - -# Create /etc/rc.local if it doesn't already exist -if [ ! -f "/etc/rc.local" ];then - touch /etc/rc.local - chmod +x /etc/rc.local -fi - -# Make the system key used for bootstrapping self -if [ ! -d /root/.ssh ];then - mkdir -p /root/.ssh - chmod 700 /root/.ssh -fi - -ssh_key_create - -# Make sure everything is mounted. -mount -a || true - -# Build the loopback drive for swap to use -if [ ! "$(swapon -s | grep -v Filename)" ]; then - memory_kb=$(awk '/MemTotal/ {print $2}' /proc/meminfo) - if [ "${memory_kb}" -lt "8388608" ]; then - swap_size="4294967296" - else - swap_size="8589934592" - fi - loopback_create "${BOOTSTRAP_AIO_DIR}/swap.img" ${swap_size} thick swap - # Ensure swap will be used on the host - if [ ! $(sysctl vm.swappiness | awk '{print $3}') == "10" ];then - sysctl -w vm.swappiness=10 | tee -a /etc/sysctl.conf - fi - swapon -a -fi - -if [ "${DEPLOY_OPENSTACK}" == "yes" ]; then - # Build the loopback drive for cinder to use - CINDER="cinder.img" - if ! vgs cinder-volumes; then - loopback_create "${BOOTSTRAP_AIO_DIR}/${CINDER}" 1073741824000 thin rc - CINDER_DEVICE=$(losetup -a | awk -F: "/${CINDER}/ {print \$1}") - pvcreate ${CINDER_DEVICE} - pvscan - # Check for the volume group - if ! vgs cinder-volumes; then - vgcreate cinder-volumes ${CINDER_DEVICE} - fi - # Ensure that the cinder loopback is enabled after reboot - if ! grep ${CINDER} /etc/rc.local && ! vgs cinder-volumes; then - sed -i "\$i losetup \$(losetup -f) /${BOOTSTRAP_AIO_DIR}/${CINDER}" /etc/rc.local - fi - fi - - # Build the loopback drive for nova instance storage - NOVA="nova.img" - if ! grep -q "${NOVA}" /proc/mounts; then - loopback_create "${BOOTSTRAP_AIO_DIR}/${NOVA}" 1073741824000 thin none - mkfs.ext4 -F "${BOOTSTRAP_AIO_DIR}/${NOVA}" - mkdir -p /var/lib/nova/instances - mount "${BOOTSTRAP_AIO_DIR}/${NOVA}" /var/lib/nova/instances - fi - if ! grep -qw "^${BOOTSTRAP_AIO_DIR}/${NOVA}" /etc/fstab; then - echo "${BOOTSTRAP_AIO_DIR}/${NOVA} /var/lib/nova/instances ext4 defaults 0 0" >> /etc/fstab - fi -fi - -# Enable swift deployment -if [ "${DEPLOY_SWIFT}" == "yes" ]; then - # build the loopback drives for swift to use - for SWIFT in swift1 swift2 swift3; do - if ! grep -q "${SWIFT}" /proc/mounts; then - loopback_create "${BOOTSTRAP_AIO_DIR}/${SWIFT}.img" 1073741824000 thin none - if ! grep -qw "^${BOOTSTRAP_AIO_DIR}/${SWIFT}.img" /etc/fstab; then - echo "${BOOTSTRAP_AIO_DIR}/${SWIFT}.img /srv/${SWIFT}.img xfs loop,noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab - fi - # Format the lo devices - mkfs.xfs -f "${BOOTSTRAP_AIO_DIR}/${SWIFT}.img" - mkdir -p "/srv/${SWIFT}.img" - mount "${BOOTSTRAP_AIO_DIR}/${SWIFT}.img" "/srv/${SWIFT}.img" - fi - done -fi - -# Copy aio network config into place. -if [ ! -d "/etc/network/interfaces.d" ];then - mkdir -p /etc/network/interfaces.d/ -fi - -# Copy the basic aio network interfaces over -cp -R etc/network/interfaces.d/aio_interfaces.cfg /etc/network/interfaces.d/ - -# Ensure the network source is in place -if [ ! "$(grep -Rni '^source\ /etc/network/interfaces.d/\*.cfg' /etc/network/interfaces)" ]; then - echo "source /etc/network/interfaces.d/*.cfg" | tee -a /etc/network/interfaces -fi - -# Bring up the new interfaces -for i in $(awk '/^iface/ {print $2}' /etc/network/interfaces.d/aio_interfaces.cfg); do - if grep "^$i\:" /proc/net/dev > /dev/null;then - /sbin/ifdown $i || true - fi - /sbin/ifup $i || true -done - -# Remove an existing etc directory if already found -if [ -d "/etc/openstack_deploy" ];then - rm -rf "/etc/openstack_deploy" -fi - -# Move the *.aio files into place for use within the AIO build. -cp -R etc/openstack_deploy /etc/ -for i in $(find /etc/openstack_deploy/ -type f -name '*.aio');do - rename 's/\.aio$//g' $i -done - -# Ensure the conf.d directory exists -if [ ! -d "/etc/openstack_deploy/conf.d" ];then - mkdir -p "/etc/openstack_deploy/conf.d" -fi - -# Ensure containers are using the same resolvers as the host -RESOLVERS=$(grep nameserver /etc/resolv.conf | awk 'NF { print "\""$0"\""}' | tr '\n' ',' | sed 's/,$//' ) -if [ ! "$(grep -Rni '^lxc_cache_resolvers' /etc/openstack_deploy/user_variables.yml)" ]; then - echo "lxc_cache_resolvers: [$RESOLVERS]" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -# Add tempest settings for particular use-cases -if [ ${DEPLOY_OPENSTACK} == "no" ]; then - for svc in cinder glance heat horizon neutron nova; do - echo "tempest_service_available_${svc}: False" | tee -a /etc/openstack_deploy/user_variables.yml - done -fi -if [ ${DEPLOY_SWIFT} == "no" ]; then - echo "tempest_service_available_swift: False" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -# Generate the passwords -scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml - -# change the generated passwords for the OpenStack (admin) -sed -i "s/keystone_auth_admin_password:.*/keystone_auth_admin_password: ${ADMIN_PASSWORD}/" /etc/openstack_deploy/user_secrets.yml -sed -i "s/external_lb_vip_address:.*/external_lb_vip_address: ${PUBLIC_ADDRESS}/" /etc/openstack_deploy/openstack_user_config.yml - -# Change affinities (number of containers per host) if the appropriate -# environment variables are set. -for container_type in keystone galera rabbit_mq horizon repo; do - var_name="NUM_${container_type}_CONTAINER" - set +u - num=${!var_name} - set -u - [[ -z $num ]] && continue - sed -i "s/${container_type}_container:.*/${container_type}_container: ${num}/" /etc/openstack_deploy/openstack_user_config.yml -done - -if [ ${DEPLOY_CEILOMETER} == "yes" ]; then - # Install mongodb on the aio1 host - apt-get install mongodb-server mongodb-clients python-pymongo -y < /dev/null - # Change bind_ip to management ip - sed -i "s/^bind_ip.*/bind_ip = $MONGO_HOST/" /etc/mongodb.conf - # Asserting smallfiles key - sed -i "s/^smallfiles.*/smallfiles = true/" /etc/mongodb.conf - service mongodb restart - - # Wait for mongodb to restart - for i in {1..12}; do - mongo --host $MONGO_HOST --eval ' ' && break - sleep 5 - done - # Adding the ceilometer database - mongo --host $MONGO_HOST --eval ' - db = db.getSiblingDB("ceilometer"); - db.addUser({user: "ceilometer", - pwd: "ceilometer", - roles: [ "readWrite", "dbAdmin" ]})' - - # Adding the aodh alarm database - mongo --host $MONGO_HOST --eval ' - db = db.getSiblingDB("aodh"); - db.addUser({user: "aodh", - pwd: "aodh", - roles: [ "readWrite", "dbAdmin" ]})' - - # change the generated passwords for mongodb access - sed -i "s/ceilometer_container_db_password:.*/ceilometer_container_db_password: ceilometer/" /etc/openstack_deploy/user_secrets.yml - sed -i "s/aodh_container_db_password:.*/aodh_container_db_password: aodh/" /etc/openstack_deploy/user_secrets.yml - sed -i "s/aodh_db_ip:.*/aodh_db_ip: ${MONGO_HOST}/" /etc/openstack_deploy/user_variables.yml - # Change the Ceilometer user variables necessary for deployment - sed -i "s/ceilometer_db_ip:.*/ceilometer_db_ip: ${MONGO_HOST}/" /etc/openstack_deploy/user_variables.yml - # Enable Ceilometer for Swift - if [ ${DEPLOY_SWIFT} == "yes" ]; then - sed -i "s/swift_ceilometer_enabled:.*/swift_ceilometer_enabled: True/" /etc/openstack_deploy/user_variables.yml - fi - # Enable Ceilometer for other OpenStack Services - if [ ${DEPLOY_OPENSTACK} == "yes" ]; then - for svc in cinder glance heat nova; do - sed -i "s/${svc}_ceilometer_enabled:.*/${svc}_ceilometer_enabled: True/" /etc/openstack_deploy/user_variables.yml - done - fi - echo 'tempest_service_available_ceilometer: true' | tee -a /etc/openstack_deploy/user_variables.yml -fi - -# Service region set -echo "service_region: ${SERVICE_REGION}" | tee -a /etc/openstack_deploy/user_variables.yml - -# Virt type set -echo "nova_virt_type: ${NOVA_VIRT_TYPE}" | tee -a /etc/openstack_deploy/user_variables.yml - -# Set network for tempest -echo "tempest_public_subnet_cidr: ${TEMPEST_FLAT_CIDR}" | tee -a /etc/openstack_deploy/user_variables.yml - -# Minimize galera cache -echo 'galera_innodb_buffer_pool_size: 512M' | tee -a /etc/openstack_deploy/user_variables.yml -echo 'galera_innodb_log_buffer_size: 32M' | tee -a /etc/openstack_deploy/user_variables.yml -echo 'galera_wsrep_provider_options: - - { option: "gcache.size", value: "32M" }' | tee -a /etc/openstack_deploy/user_variables.yml - -# Set the running kernel as the required kernel -echo "required_kernel: $(uname --kernel-release)" | tee -a /etc/openstack_deploy/user_variables.yml - -# Set the Ubuntu apt repository used for containers to the same as the host -echo "lxc_container_template_main_apt_repo: ${UBUNTU_REPO}" | tee -a /etc/openstack_deploy/user_variables.yml -echo "lxc_container_template_security_apt_repo: ${UBUNTU_SEC_REPO}" | tee -a /etc/openstack_deploy/user_variables.yml - -# Optimise the worker settings for an AIO -tee -a /etc/openstack_deploy/user_variables.yml << EOF -ceilometer_api_workers: 2 -ceilometer_collector_workers: 2 -ceilometer_notification_workers: 2 -cinder_osapi_volume_workers: 2 -glance_api_workers: 2 -glance_registry_workers: 2 -heat_api_workers: 2 -heat_engine_workers: 2 -horizon_wsgi_processes: 2 -horizon_wsgi_threads: 2 -keystone_wsgi_processes: 2 -neutron_api_workers: 2 -neutron_metadata_workers: 1 -neutron_rpc_workers: 1 -nova_conductor_workers: 2 -nova_metadata_workers: 2 -nova_osapi_compute_workers: 2 -swift_account_server_workers: 2 -swift_container_server_workers: 2 -swift_object_server_workers: 2 -swift_proxy_server_workers: 2 -EOF - -# Add in swift vars if needed -if [ "${DEPLOY_SWIFT}" == "yes" ]; then - # ensure that glance is configured to use swift - sed -i "s/glance_default_store:.*/glance_default_store: swift/" /etc/openstack_deploy/user_variables.yml - echo "cinder_service_backup_program_enabled: True" | tee -a /etc/openstack_deploy/user_variables.yml - echo "tempest_volume_backup_enabled: True" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -if [ ! -z "${RABBITMQ_PACKAGE_URL}" ]; then - echo "rabbitmq_package_url: ${RABBITMQ_PACKAGE_URL}" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -# Update fatal_deprecations settings -if [ "${CINDER_FATAL_DEPRECATIONS}" == "yes" ]; then - echo "cinder_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -if [ "${GLANCE_FATAL_DEPRECATIONS}" == "yes" ]; then - echo "glance_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -if [ "${HEAT_FATAL_DEPRECATIONS}" == "yes" ]; then - echo "heat_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -if [ "${KEYSTONE_FATAL_DEPRECATIONS}" == "yes" ]; then - echo "keystone_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -if [ "${NEUTRON_FATAL_DEPRECATIONS}" == "yes" ]; then - echo "neutron_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -if [ "${NOVA_FATAL_DEPRECATIONS}" == "yes" ]; then - echo "nova_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -if [ "${TEMPEST_FATAL_DEPRECATIONS}" == "yes" ]; then - echo "tempest_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -# Log some data about the instance and the rest of the system -log_instance_info - -info_block "The system has been prepared for an all-in-one build." diff --git a/scripts/gate-check-commit.sh b/scripts/gate-check-commit.sh index 6c96b41bda..a8cb93a42b 100755 --- a/scripts/gate-check-commit.sh +++ b/scripts/gate-check-commit.sh @@ -17,120 +17,107 @@ set -e -u -x ## Variables ----------------------------------------------------------------- -export BOOTSTRAP_ANSIBLE=${BOOTSTRAP_ANSIBLE:-"yes"} -export BOOTSTRAP_AIO=${BOOTSTRAP_AIO:-"yes"} -export RUN_PLAYBOOKS=${RUN_PLAYBOOKS:-"yes"} -export RUN_TEMPEST=${RUN_TEMPEST:-"yes"} -# Ansible options export ANSIBLE_PARAMETERS=${ANSIBLE_PARAMETERS:-"-v"} -# Deployment options -export DEPLOY_HOST=${DEPLOY_HOST:-"yes"} -export DEPLOY_LB=${DEPLOY_LB:-"yes"} -export DEPLOY_INFRASTRUCTURE=${DEPLOY_INFRASTRUCTURE:-"yes"} -export DEPLOY_LOGGING=${DEPLOY_LOGGING:-"yes"} -export DEPLOY_OPENSTACK=${DEPLOY_OPENSTACK:-"yes"} -export DEPLOY_SWIFT=${DEPLOY_SWIFT:-"yes"} -export DEPLOY_TEMPEST=${DEPLOY_TEMPEST:-"yes"} -# Limit the gate check to only performing one attempt, unless already set export MAX_RETRIES=${MAX_RETRIES:-"2"} # tempest and testr options, default is to run tempest in serial export RUN_TEMPEST_OPTS=${RUN_TEMPEST_OPTS:-'--serial'} export TESTR_OPTS=${TESTR_OPTS:-''} +# Disable the python output buffering so that jenkins gets the output properly +export PYTHONUNBUFFERED=1 +# Extra options to pass to the AIO bootstrap process +export BOOTSTRAP_OPTS=${BOOTSTRAP_OPTS:-''} ## Functions ----------------------------------------------------------------- info_block "Checking for required libraries." 2> /dev/null || source $(dirname ${0})/scripts-library.sh ## Main ---------------------------------------------------------------------- +# Log some data about the instance and the rest of the system +log_instance_info + +# Determine the largest secondary disk device available for repartitioning +DATA_DISK_DEVICE=$(lsblk -brndo NAME,TYPE,RO,SIZE | \ + awk '/d[b-z]+ disk 0/{ if ($4>m){m=$4; d=$1}}; END{print d}') + +# Only set the secondary disk device option if there is one +if [ -n "${DATA_DISK_DEVICE}" ]; then + export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_data_disk_device=${DATA_DISK_DEVICE}" +fi + +# Bootstrap Ansible +source $(dirname ${0})/bootstrap-ansible.sh + +# Log some data about the instance and the rest of the system +log_instance_info + +# Flush all the iptables rules set by openstack-infra +iptables -F +iptables -X +iptables -t nat -F +iptables -t nat -X +iptables -t mangle -F +iptables -t mangle -X +iptables -P INPUT ACCEPT +iptables -P FORWARD ACCEPT +iptables -P OUTPUT ACCEPT + # Adjust settings based on the Cloud Provider info in OpenStack-CI if [ -f /etc/nodepool/provider -a -s /etc/nodepool/provider ]; then source /etc/nodepool/provider if [[ ${NODEPOOL_PROVIDER} == "rax"* ]]; then - # Set the Ubuntu Repository to the RAX Mirror - export UBUNTU_REPO="http://mirror.rackspace.com/ubuntu" - export UBUNTU_SEC_REPO="${UBUNTU_REPO}" + # Set the Ubuntu Repository for the AIO to the RAX Mirror + export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_ubuntu_repo=http://mirror.rackspace.com/ubuntu" + export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_ubuntu_security_repo=http://mirror.rackspace.com/ubuntu" elif [[ ${NODEPOOL_PROVIDER} == "hpcloud"* ]]; then - # Set the Ubuntu Repository to the HP Cloud Mirror - export UBUNTU_REPO="http://${NODEPOOL_AZ}.clouds.archive.ubuntu.com/ubuntu" - export UBUNTU_SEC_REPO="${UBUNTU_REPO}" + # Set the Ubuntu Repository for the AIO to the HP Cloud Mirror + export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_ubuntu_repo=http://${NODEPOOL_AZ}.clouds.archive.ubuntu.com/ubuntu" + export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_ubuntu_security_repo=http://${NODEPOOL_AZ}.clouds.archive.ubuntu.com/ubuntu" fi - - # Reduce container affinities as Liberty appears to consume - # a greater volume of resources, causing greater numbers - # of failures with the default affinities. - for container_type in rabbit_mq repo horizon keystone; do - export "NUM_${container_type}_CONTAINER=1" - done - fi -# Bootstrap an AIO setup if required -if [ "${BOOTSTRAP_AIO}" == "yes" ]; then - source $(dirname ${0})/bootstrap-aio.sh -fi - -# Bootstrap ansible if required -if [ "${BOOTSTRAP_ANSIBLE}" == "yes" ]; then - source $(dirname ${0})/bootstrap-ansible.sh -fi - -# Make the /openstack/log directory for openstack-infra gate check log publishing -mkdir -p /openstack/log +# Bootstrap an AIO +pushd $(dirname ${0})/../tests + sed -i '/\[defaults\]/a nocolor = 1/' ansible.cfg + ansible-playbook -i "localhost ansible-connection=local," \ + -e "${BOOTSTRAP_OPTS}" \ + ${ANSIBLE_PARAMETERS} \ + bootstrap-aio.yml +popd # Implement the log directory link for openstack-infra log publishing +mkdir -p /openstack/log ln -sf /openstack/log $(dirname ${0})/../logs -# Create ansible logging directory and add in a log file entry into ansible.cfg -mkdir -p /openstack/log/ansible-logging -sed -i '/\[defaults\]/a log_path = /openstack/log/ansible-logging/ansible.log' $(dirname ${0})/../playbooks/ansible.cfg +pushd $(dirname ${0})/../playbooks + # Disable Ansible color output + sed -i 's/nocolor.*/nocolor = 1/' ansible.cfg -# Enable detailed task profiling -sed -i '/\[defaults\]/a callback_plugins = plugins/callbacks' $(dirname ${0})/../playbooks/ansible.cfg + # Create ansible logging directory and add in a log file entry into ansible.cfg + mkdir -p /openstack/log/ansible-logging + sed -i '/\[defaults\]/a log_path = /openstack/log/ansible-logging/ansible.log' ansible.cfg -# Disable Ansible color output -sed -i 's/nocolor.*/nocolor = 1/' $(dirname ${0})/../playbooks/ansible.cfg - -# Enable debug logging for all services to make failure debugging easier -echo "debug: True" | tee -a /etc/openstack_deploy/user_variables.yml - -# NOTE: hpcloud-b4's eth0 uses 10.0.3.0/24, which overlaps with the -# lxc_net_address default -# TODO: We'll need to implement a mechanism to determine valid lxc_net_address -# value which will not overlap with an IP already assigned to the host. -echo "lxc_net_address: 10.255.255.1" | tee -a /etc/openstack_deploy/user_variables.yml -echo "lxc_net_netmask: 255.255.255.0" | tee -a /etc/openstack_deploy/user_variables.yml -echo "lxc_net_dhcp_range: 10.255.255.2,10.255.255.253" | tee -a /etc/openstack_deploy/user_variables.yml - -# Disable the python output buffering so that jenkins gets the output properly -export PYTHONUNBUFFERED=1 - -# Run the ansible playbooks if required -if [ "${RUN_PLAYBOOKS}" == "yes" ]; then - # Set-up our tiny awk script. - strip_debug=" - !/(^[ 0-9|:.-]+<[0-9.]|localhost+>)|Extracting/ { - gsub(/{.*/, \"\"); - gsub(/\\n.*/, \"\"); - gsub(/\=\>.*/, \"\"); - print - } - " - set -o pipefail - bash $(dirname ${0})/run-playbooks.sh | awk "${strip_debug}" - set +o pipefail -fi + # Enable detailed task profiling + sed -i '/\[defaults\]/a callback_plugins = plugins/callbacks' ansible.cfg +popd # Log some data about the instance and the rest of the system log_instance_info -# Run the tempest tests if required -if [ "${RUN_TEMPEST}" == "yes" ]; then - source $(dirname ${0})/run-tempest.sh -fi +# Execute the Playbooks +bash $(dirname ${0})/run-playbooks.sh + +# Log some data about the instance and the rest of the system +log_instance_info + +# Run the tempest tests +source $(dirname ${0})/run-tempest.sh + +# Log some data about the instance and the rest of the system +log_instance_info exit_success diff --git a/scripts/run-playbooks.sh b/scripts/run-playbooks.sh index e5c9dd0dc5..127800acb2 100755 --- a/scripts/run-playbooks.sh +++ b/scripts/run-playbooks.sh @@ -25,9 +25,9 @@ DEPLOY_LOGGING=${DEPLOY_LOGGING:-"yes"} DEPLOY_OPENSTACK=${DEPLOY_OPENSTACK:-"yes"} DEPLOY_SWIFT=${DEPLOY_SWIFT:-"yes"} DEPLOY_CEILOMETER=${DEPLOY_CEILOMETER:-"yes"} -DEPLOY_TEMPEST=${DEPLOY_TEMPEST:-"no"} +DEPLOY_TEMPEST=${DEPLOY_TEMPEST:-"yes"} COMMAND_LOGS=${COMMAND_LOGS:-"/openstack/log/ansible_cmd_logs/"} -ADD_NEUTRON_AGENT_CHECKSUM_RULE=${BOOTSTRAP_AIO:-"no"} +ADD_NEUTRON_AGENT_CHECKSUM_RULE=${ADD_NEUTRON_AGENT_CHECKSUM_RULE:-"yes"} ## Functions ----------------------------------------------------------------- diff --git a/scripts/scripts-library.sh b/scripts/scripts-library.sh index 76be68784a..7d90c8e6cc 100755 --- a/scripts/scripts-library.sh +++ b/scripts/scripts-library.sh @@ -18,9 +18,6 @@ ## Vars ---------------------------------------------------------------------- LINE='----------------------------------------------------------------------' MAX_RETRIES=${MAX_RETRIES:-5} -BOOTSTRAP_AIO_DIR=${BOOTSTRAP_AIO_DIR:-"/openstack"} -DATA_DISK_DEVICE=${DATA_DISK_DEVICE:-} -MIN_DISK_SIZE_GB=${MIN_DISK_SIZE_GB:-80} REPORT_DATA=${REPORT_DATA:-""} ANSIBLE_PARAMETERS=${ANSIBLE_PARAMETERS:-""} STARTTIME="${STARTTIME:-$(date +%s)}" @@ -76,74 +73,6 @@ function install_bits { successerator openstack-ansible ${ANSIBLE_PARAMETERS} --forks ${FORKS} $@ } -function configure_diskspace { - # If there are any block devices available other than the one - # used for the root disk, repurpose it for our needs. - - # If DATA_DISK_DEVICE is not set or empty, then try to figure out which - # device to use - if [ -z "${DATA_DISK_DEVICE}" ]; then - # Identify the list of disk devices available, sort from largest to - # smallest, and pick the largest. - # Excludes: - # - the first device, as that is where the OS is expected - # - read only devices, as we can't write to them - DATA_DISK_DEVICE=$(lsblk -brndo NAME,TYPE,RO,SIZE | \ - awk '/d[b-z]+ disk 0/{ if ($4>m){m=$4; d=$1}}; END{print d}') - fi - - # We only want to continue if a device was found to use. If not, - # then we simply leave the disks alone. - if [ ! -z "${DATA_DISK_DEVICE}" ]; then - # Calculate the minimum disk size in bytes - MIN_DISK_SIZE_B=$((MIN_DISK_SIZE_GB * 1024 * 1024 * 1024)) - - # Determine the size in bytes of the selected device - blk_dev_size_b=$(lsblk -nrdbo NAME,TYPE,SIZE | \ - awk "/^${DATA_DISK_DEVICE} disk/ {print \$3}") - - # Determine if the device is large enough - if [ "${blk_dev_size_b}" -ge "${MIN_DISK_SIZE_B}" ]; then - # Only execute the disk partitioning process if a partition labeled - # 'openstack-data{1,2}' is not present and that partition is not - # formatted as ext4. This is an attempt to achieve idempotency just - # in case this script is run multiple times. - if ! parted --script -l -m | egrep -q ':ext4:openstack-data[12]:;$'; then - - # Dismount any mount points on the device - mount_points=$(awk "/^\/dev\/${DATA_DISK_DEVICE}[0-9]* / {print \$2}" /proc/mounts) - for mount_point in ${mount_points}; do - umount ${mount_point} - sed -i ":${mount_point}:d" /etc/fstab - done - - # Partition the whole disk for our usage - parted --script /dev/${DATA_DISK_DEVICE} mklabel gpt - parted --align optimal --script /dev/${DATA_DISK_DEVICE} mkpart openstack-data1 ext4 0% 40% - parted --align optimal --script /dev/${DATA_DISK_DEVICE} mkpart openstack-data2 ext4 40% 100% - - # Format the bootstrap partition, create the mount point, and mount it. - mkfs.ext4 /dev/${DATA_DISK_DEVICE}1 - mkdir -p ${BOOTSTRAP_AIO_DIR} - mount /dev/${DATA_DISK_DEVICE}1 ${BOOTSTRAP_AIO_DIR} - - # Format the lxc partition, create the mount point, and mount it. - mkfs.ext4 /dev/${DATA_DISK_DEVICE}2 - mkdir -p /var/lib/lxc - mount /dev/${DATA_DISK_DEVICE}2 /var/lib/lxc - - fi - # Add the fstab entries if they aren't there already - if ! grep -qw "^/dev/${DATA_DISK_DEVICE}1" /etc/fstab; then - echo "/dev/${DATA_DISK_DEVICE}1 ${BOOTSTRAP_AIO_DIR} ext4 defaults 0 0" >> /etc/fstab - fi - if ! grep -qw "^/dev/${DATA_DISK_DEVICE}2" /etc/fstab; then - echo "/dev/${DATA_DISK_DEVICE}2 /var/lib/lxc ext4 defaults 0 0" >> /etc/fstab - fi - fi - fi -} - function ssh_key_create { # Ensure that the ssh key exists and is an authorized_key key_path="${HOME}/.ssh" @@ -167,44 +96,6 @@ function ssh_key_create { fi } -function loopback_create { - LOOP_FILENAME=${1} - LOOP_FILESIZE=${2} - LOOP_FILE_TYPE=${3} # thin, thick - LOOP_MOUNT_METHOD=${4} # swap, rc, none - - if [ ! -f "${LOOP_FILENAME}" ]; then - if [ "${LOOP_FILE_TYPE}" = "thin" ]; then - truncate -s ${LOOP_FILESIZE} ${LOOP_FILENAME} - elif [ "${LOOP_FILE_TYPE}" = "thick" ]; then - fallocate -l ${LOOP_FILESIZE} ${LOOP_FILENAME} &> /dev/null || \ - dd if=/dev/zero of=${LOOP_FILENAME} bs=1M count=$(( LOOP_FILESIZE / 1024 / 1024 )) - else - exit_fail "No valid option ${LOOP_FILE_TYPE} found." - fi - fi - - if [ "${LOOP_MOUNT_METHOD}" = "rc" ]; then - if ! losetup -a | grep -q "(${LOOP_FILENAME})$"; then - LOOP_DEVICE=$(losetup -f) - losetup ${LOOP_DEVICE} ${LOOP_FILENAME} - fi - if ! grep -q ${LOOP_FILENAME} /etc/rc.local; then - sed -i "\$i losetup \$(losetup -f) ${LOOP_FILENAME}" /etc/rc.local - fi - fi - - if [ "${LOOP_MOUNT_METHOD}" = "swap" ]; then - if ! swapon -s | grep -q ${LOOP_FILENAME}; then - mkswap ${LOOP_FILENAME} - swapon -a - fi - if ! grep -q "^${LOOP_FILENAME} " /etc/fstab; then - echo "${LOOP_FILENAME} none swap loop 0 0" >> /etc/fstab - fi - fi -} - function exit_state { set +x TOTALSECONDS="$(( $(date +%s) - STARTTIME ))" diff --git a/tests/ansible.cfg b/tests/ansible.cfg new file mode 100644 index 0000000000..3465bd5863 --- /dev/null +++ b/tests/ansible.cfg @@ -0,0 +1,5 @@ +[defaults] +action_plugins = ../playbooks/plugins/actions +callback_plugins = ../playbooks/plugins/callbacks +library = ../playbooks/library +host_key_checking = False diff --git a/tests/bootstrap-aio.yml b/tests/bootstrap-aio.yml new file mode 100644 index 0000000000..1f65ba036f --- /dev/null +++ b/tests/bootstrap-aio.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- hosts: localhost + user: root + roles: + - sshd + - pip_install + - bootstrap-host diff --git a/tests/roles/bootstrap-host/defaults/main.yml b/tests/roles/bootstrap-host/defaults/main.yml new file mode 100644 index 0000000000..8a38a80353 --- /dev/null +++ b/tests/roles/bootstrap-host/defaults/main.yml @@ -0,0 +1,101 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Boolean option to implement OpenStack-Ansible configuration for an AIO +bootstrap_host_aio_config: yes + +## Swap memory +# If there is no swap memory present, the bootstrap will create a loopback disk +# for the purpose of having swap memory available. Swap is required for some of +# the services deployed and is useful for AIO's built with less than 16GB memory. +# By default the swap size is set to 8GB unless the host memory is less than 8GB, +# in which case it is set to 4GB. +bootstrap_host_swap_size: "{% if ansible_memory_mb['real']['total'] < 8*1024 %}4{% else %}8{% endif %}" + +## Loopback volumes +# Sparse loopback disks are used for Cinder, Swift and Nova (instance storage). +# The size of the loopback volumes can be customized here (in gigabytes). +# +# Boolean option to deploy the loopback disk for Cinder +bootstrap_host_loopback_cinder: yes +# Size of the Cinder loopback disk in gigabytes (GB). +bootstrap_host_loopback_cinder_size: 1024 +# +# Boolean option to deploy the loopback disk for Swift +bootstrap_host_loopback_swift: yes +# Size of the Swift loopback disk in gigabytes (GB). +bootstrap_host_loopback_swift_size: 1024 +# +# Boolean option to deploy the loopback disk for Nova +bootstrap_host_loopback_nova: yes +# Size of the Nova loopback disk in gigabytes (GB). +bootstrap_host_loopback_nova_size: 1024 + +## Bridge configuration +# The AIO bootstrap configures bridges for use with the AIO deployment. +# By default, these bridges are configured to be independent of any physical +# interfaces, and they have their 'bridge_ports' set to 'none'. However, +# deployers can add a physical interface to 'bridge_ports' to connect the +# bridge to a real physical interface. +# +# A setting of 'none' keeps the bridges as independent from physical +# interfaces (the default). +# +# Setting the value to 'eth1' would mean that the bridge is directly connected +# to the eth1 device. +# +# See https://wiki.debian.org/BridgeNetworkConnections for more details. +bootstrap_host_bridge_mgmt_ports: none +bootstrap_host_bridge_vxlan_ports: none +bootstrap_host_bridge_storage_ports: none + +## Extra storage +# An AIO may optionally be built using a second storage device. If a +# secondary disk device to use is not specified, then the AIO will be +# built on any existing disk partitions. +# +# WARNING: The data on a secondary storage device specified here will +# be destroyed and repartitioned. +# +# Specify the secondary disk device to use. +#bootstrap_host_data_disk_device: vdb +# +# Boolean value to force the repartitioning of the secondary device. +bootstrap_host_data_disk_device_force: no +# +# If the storage capacity on this device is greater than or equal to this +# size (in GB), the bootstrap process will use it. +bootstrap_host_data_disk_min_size: 80 + +### MongoDB Settings +# MongoDB is installed on the host in the AIO for Ceilometer and Aodh to use. +# +# Boolean value to deploy and configure the MongoDB service on the host. +bootstrap_host_mongodb_service: yes +# +# Specify the IP address of a MongoDB Host. +bootstrap_host_mongodb_address: 172.29.236.100 + +### Optional Settings ### + +# Set the apt repository URL's configured for the host and containers. +# By default the configuration will be derived from the host. +#bootstrap_host_ubuntu_repo: http://archive.ubuntu.com/ubuntu/ +#bootstrap_host_ubuntu_security_repo: http://archive.ubuntu.com/ubuntu/ + +# Specify the public IP address for the host. +# By default the address will be set to the ipv4 address of the +# host's network interface that has the default route on it. +#bootstrap_host_public_address: 0.0.0.0 diff --git a/tests/roles/bootstrap-host/tasks/check-requirements.yml b/tests/roles/bootstrap-host/tasks/check-requirements.yml new file mode 100644 index 0000000000..eb1dea560d --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/check-requirements.yml @@ -0,0 +1,56 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Check for a supported Operating System + assert: + that: ansible_distribution | lower == 'ubuntu' + tags: + - check-operating-system + +- name: Identify the space available in / + shell: | + df -BG / | awk '/^[^Filesystem]/ {print $4}' | sed 's/G//' + when: + - bootstrap_host_data_disk_device is not defined + changed_when: false + register: root_space_available + tags: + - check-disk-size + +- name: Fail if there is not enough space available in / + assert: + that: | + root_space_available.stdout | int >= (bootstrap_host_data_disk_min_size * 0.75) | int + when: + - bootstrap_host_data_disk_device is not defined + tags: + - check-disk-size + +- name: Fail if there is not enough disk space available (disk specified) + assert: + that: | + (ansible_devices[bootstrap_host_data_disk_device]['size'] | replace(' GB','')) | int + >= bootstrap_host_data_disk_min_size | int + when: + - bootstrap_host_data_disk_device is defined + tags: + - check-disk-size + +- name: Ensure that the kernel has VXLAN support + modprobe: + name: vxlan + state: present + tags: + - check-vxlan diff --git a/tests/roles/bootstrap-host/tasks/install-apt.yml b/tests/roles/bootstrap-host/tasks/install-apt.yml new file mode 100644 index 0000000000..ddb5b47267 --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/install-apt.yml @@ -0,0 +1,97 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure that apt supports HTTPS package sources + apt: + name: apt-transport-https + state: present + tags: + - apt-install-prerequisites + +- name: Determine the existing Ubuntu repo configuration + shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list' + register: ubuntu_repo + when: + - bootstrap_host_ubuntu_repo is not defined + changed_when: false + tags: + - find-apt-repo + +- name: Determine the existing Ubuntu Security repo configuration + shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }}-security main/ {print \$2; exit}" /etc/apt/sources.list' + register: ubuntu_security_repo + when: + - bootstrap_host_ubuntu_security_repo is not defined + changed_when: false + tags: + - find-apt-security-repo + +- name: Set apt repo facts based on discovered information + set_fact: + bootstrap_host_ubuntu_repo: "{{ ubuntu_repo.stdout }}" + bootstrap_host_ubuntu_security_repo: "{{ ubuntu_security_repo.stdout }}" + when: + - bootstrap_host_ubuntu_repo is not defined + - bootstrap_host_ubuntu_security_repo is not defined + - ubuntu_repo is defined + - ubuntu_security_repo is defined + +- name: Configure apt's sources.list (Ubuntu only) + template: + src: apt-sources.list.j2 + dest: /etc/apt/sources.list + backup: yes + when: + - ansible_distribution == 'Ubuntu' + - bootstrap_host_ubuntu_repo is defined + - bootstrap_host_ubuntu_security_repo is defined + register: apt_sources_configure + +- name: Update apt-cache + apt: + update_cache: yes + when: + - apt_sources_configure is defined + - apt_sources_configure | changed + tags: + - apt-cache-update + +- name: Remove known problem packages + apt: + name: "{{ item }}" + state: absent + with_items: + - "{{ packages_remove }}" + tags: + - remove-packages + +- name: Install required packages + apt: + name: "{{ item }}" + state: present + with_items: + - "{{ packages_install }}" + tags: + - install-packages + +- name: Install MongoDB packages + apt: + name: "{{ item }}" + state: present + with_items: + - "{{ packages_mongodb }}" + when: bootstrap_host_mongodb_service | bool + tags: + - install-mongodb diff --git a/tests/roles/bootstrap-host/tasks/main.yml b/tests/roles/bootstrap-host/tasks/main.yml new file mode 100644 index 0000000000..9074c17fae --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/main.yml @@ -0,0 +1,110 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Before we do anything, check the minimum requirements +- include: check-requirements.yml + tags: + - check-requirements + +# We will look for the most specific variable files first and eventually +# end up with the least-specific files. +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}.yml" + tags: + - always + +- name: Create the required directories + file: + path: "{{ item }}" + state: directory + with_items: + - "/openstack" + tags: + - create-directories + +# Configure apt in a known way to reduce the chance of unexpected failures +- include: install-apt.yml + when: + - ansible_pkg_mgr == 'apt' + tags: + - install-apt + +# Prepare the data disk, if one is provided +- include: prepare_data_disk.yml + when: + - bootstrap_host_data_disk_device is defined + tags: + - prepare-data-disk + +# Prepare the swap space loopback disk +# This is only necessary if there isn't swap already +- include: prepare_loopback_swap.yml + when: + - ansible_swaptotal_mb < 1 + tags: + - prepare-loopback-swap + +# Prepare the Cinder LVM VG loopback disk +# This is only necessary if bootstrap_host_loopback_cinder is set to yes +- include: prepare_loopback_cinder.yml + when: + - bootstrap_host_loopback_cinder | bool + tags: + - prepare-loopback-cinder + +# Prepare the Nova instance storage loopback disk +- include: prepare_loopback_nova.yml + when: + - bootstrap_host_loopback_nova | bool + tags: + - prepare-loopback-nova + +# Prepare the Swift data storage loopback disks +- include: prepare_loopback_swift.yml + when: + - bootstrap_host_loopback_swift | bool + tags: + - prepare-loopback-swift + +# Prepare the network interfaces +- include: prepare_networking.yml + tags: + - prepare-networking + +# Ensure that there are both private and public ssh keys for root +- include: prepare_ssh_keys.yml + tags: + - prepare-ssh-keys + +# Put the OpenStack-Ansible configuration for an All-In-One on the host +- include: prepare_aio_config.yml + when: bootstrap_host_aio_config | bool + tags: + - prepare-aio-config + +# Prepare the MongoDB Service for Ceilometer/Aodh +- include: prepare_mongodb_service.yml + when: bootstrap_host_mongodb_service | bool + tags: + - prepare-mongodb-service + +# Prepare the MongoDB Users for Ceilometer/Aodh +- include: prepare_mongodb_users.yml + tags: + - prepare-mongodb-users diff --git a/tests/roles/bootstrap-host/tasks/prepare_aio_config.yml b/tests/roles/bootstrap-host/tasks/prepare_aio_config.yml new file mode 100644 index 0000000000..02157c90dc --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_aio_config.yml @@ -0,0 +1,149 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +- name: Create the required deployment directories + file: + path: "{{ item }}" + state: directory + with_items: + - "/etc/openstack_deploy/" + - "/etc/openstack_deploy/conf.d" + - "/etc/openstack_deploy/env.d" + tags: + - create-directories + +- name: Deploy environment (env.d) configuration + config_template: + src: "../etc/openstack_deploy/env.d/{{ item.name }}" + dest: "/etc/openstack_deploy/env.d/{{ item.name }}" + config_overrides: "{{ item.override }}" + config_type: "yaml" + with_items: + - name: aodh.yml + override: "{{ aodh_env_overrides | default({}) }}" + - name: ceilometer.yml + override: "{{ ceilometer_env_overrides | default({}) }}" + - name: cinder.yml + override: "{{ cinder_env_overrides | default({}) }}" + - name: galera.yml + override: "{{ galera_env_overrides | default({}) }}" + - name: glance.yml + override: "{{ glance_env_overrides | default({}) }}" + - name: haproxy.yml + override: "{{ haproxy_env_overrides | default({}) }}" + - name: heat.yml + override: "{{ heat_env_overrides | default({}) }}" + - name: horizon.yml + override: "{{ horizon_env_overrides | default({}) }}" + - name: infra.yml + override: "{{ infra_env_overrides | default({}) }}" + - name: keystone.yml + override: "{{ keystone_env_overrides | default({}) }}" + - name: memcache.yml + override: "{{ memcache_env_overrides | default({}) }}" + - name: neutron.yml + override: "{{ neutron_env_overrides | default({}) }}" + - name: nova.yml + override: "{{ nova_env_overrides | default({}) }}" + - name: os-infra.yml + override: "{{ os_infra_env_overrides | default({}) }}" + - name: pkg_repo.yml + override: "{{ pkg_repo_env_overrides | default({}) }}" + - name: rabbitmq.yml + override: "{{ rabbitmq_env_overrides | default({}) }}" + - name: rsyslog.yml + override: "{{ rsyslog_env_overrides | default({}) }}" + - name: shared-infra.yml + override: "{{ shared_infra_env_overrides | default({}) }}" + - name: swift-remote.yml + override: "{{ swift_remote_env_overrides | default({}) }}" + - name: swift.yml + override: "{{ swift_env_overrides | default({}) }}" + - name: utility.yml + override: "{{ utility_env_overrides | default({}) }}" + tags: + - deploy-envd + +- name: Deploy user conf.d configuration + config_template: + src: "../etc/openstack_deploy/conf.d/{{ item.name }}" + dest: "/etc/openstack_deploy/conf.d/{{ item.name | regex_replace('.aio$', '') }}" + config_overrides: "{{ item.override }}" + config_type: "yaml" + with_items: + - name: aodh.yml.aio + override: "{{ aodh_conf_overrides | default({}) }}" + - name: ceilometer.yml.aio + override: "{{ ceilometer_conf_overrides | default({}) }}" + - name: swift.yml.aio + override: "{{ swift_conf_overrides | default({}) }}" + tags: + - deploy-confd + +- name: Deploy openstack_user_config + config_template: + src: "../etc/openstack_deploy/openstack_user_config.yml.aio" + dest: "/etc/openstack_deploy/openstack_user_config.yml" + config_overrides: "{{ openstack_user_config_overrides | default({}) }}" + config_type: "yaml" + tags: + - deploy-openstack-user-config + +- name: Deploy openstack_environment + config_template: + src: "../etc/openstack_deploy/openstack_environment.yml" + dest: "/etc/openstack_deploy/openstack_environment.yml" + config_overrides: "{{ openstack_environment_overrides | default({}) }}" + config_type: "yaml" + tags: + - deploy-openstack-environment + +- name: Deploy user_secrets file + config_template: + src: "../etc/openstack_deploy/user_secrets.yml" + dest: "/etc/openstack_deploy/user_secrets.yml" + config_overrides: "{{ user_secrets_overrides | default({}) }}" + config_type: "yaml" + tags: + - deploy-user-secrets + +- name: Generate any missing values in user_secrets + shell: ../scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml + tags: + - generate_secrets + +- name: Get the DNS servers in use on the host + shell: grep nameserver /etc/resolv.conf + register: nameservers + when: + - lxc_cache_resolvers is not defined + tags: + - get-nameservers + +- name: Set lxc_cache_resolvers fact + set_fact: + lxc_cache_resolvers: "[\"{{ nameservers.stdout_lines | join('\",\"') }}\"]" + when: + - nameservers is defined + tags: + - set-fact-lxc_cache_resolvers + +- name: Set the user_variables + config_template: + src: user_variables.aio.yml.j2 + dest: /etc/openstack_deploy/user_variables.yml + config_overrides: "{{ user_variables_overrides | default({}) }}" + config_type: yaml diff --git a/tests/roles/bootstrap-host/tasks/prepare_data_disk.yml b/tests/roles/bootstrap-host/tasks/prepare_data_disk.yml new file mode 100644 index 0000000000..81b00c4de1 --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_data_disk.yml @@ -0,0 +1,73 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# Only execute the disk partitioning process if a partition labeled +# 'openstack-data{1,2}' is not present and that partition is not +# formatted as ext4. This is an attempt to achieve idempotency just +# in case these tasks are executed multiple times. +- name: Determine whether partitions labeled openstack-data{1,2} are present + shell: | + parted --script -l -m | egrep -q ':ext4:openstack-data[12]:;$' + register: data_disk_partitions + changed_when: false + ignore_errors: yes + tags: + - check-data-disk-partitions + +- name: Dismount and remove fstab entries for anything on the data disk device + mount: + name: "{{ item.mount }}" + src: "{{ item.device }}" + fstype: ext4 + state: absent + when: + - data_disk_partitions.rc == 1 or bootstrap_host_data_disk_device_force | bool + - item.device | search(bootstrap_host_data_disk_device) + with_items: + - "{{ ansible_mounts }}" + +- name: Partition the whole data disk for our usage + shell: "{{ item }}" + when: data_disk_partitions.rc == 1 or bootstrap_host_data_disk_device_force | bool + with_items: + - "parted --script /dev/{{ bootstrap_host_data_disk_device }} mklabel gpt" + - "parted --align optimal --script /dev/{{ bootstrap_host_data_disk_device }} mkpart openstack-data1 ext4 0% 40%" + - "parted --align optimal --script /dev/{{ bootstrap_host_data_disk_device }} mkpart openstack-data2 ext4 40% 100%" + tags: + - create-data-disk-partitions + +- name: Format the partitions + filesystem: + fstype: ext4 + dev: "{{ item }}" + when: data_disk_partitions.rc == 1 or bootstrap_host_data_disk_device_force | bool + with_items: + - "/dev/{{ bootstrap_host_data_disk_device }}1" + - "/dev/{{ bootstrap_host_data_disk_device }}2" + tags: + - format-data-partitions + +- name: Create the mount points, fstab entries and mount the file systems + mount: + name: "{{ item.mount_point }}" + src: "{{ item.device }}" + fstype: ext4 + state: mounted + with_items: + - { mount_point: /openstack, device: "/dev/{{ bootstrap_host_data_disk_device }}1"} + - { mount_point: /var/lib/lxc, device: "/dev/{{ bootstrap_host_data_disk_device }}2"} + tags: + - mount-data-partitions diff --git a/tests/roles/bootstrap-host/tasks/prepare_loopback_cinder.yml b/tests/roles/bootstrap-host/tasks/prepare_loopback_cinder.yml new file mode 100644 index 0000000000..4480b8c4c0 --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_loopback_cinder.yml @@ -0,0 +1,72 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create sparse Cinder file + shell: "truncate -s {{ bootstrap_host_loopback_cinder_size }}G /openstack/cinder.img" + args: + creates: /openstack/cinder.img + register: cinder_create + tags: + - cinder-file-create + +- name: Get a loopback device for cinder file + shell: losetup -f + when: cinder_create | changed + register: cinder_losetup + tags: + - cinder-device-get + +- name: Create the loopback device + shell: "losetup {{ cinder_losetup.stdout }} /openstack/cinder.img" + when: cinder_create | changed + tags: + - cinder-device-create + +- name: Ensure that rc.local exists + file: + path: /etc/rc.local + state: touch + mode: "u+x" + tags: + - cinder-rc-file + +# As the cinder loopback is an LVM VG, it needs to be mounted differently +# to the other loopback files. It requires the use of rc.local to attach +# the loopback device on boot so that the VG becomes available immediately +# after the boot process completes. +- name: Create loopback devices at boot time + lineinfile: + dest: /etc/rc.local + line: "losetup $(losetup -f) /openstack/cinder.img" + tags: + - cinder-rc-config + +- name: Make LVM physical volume on the cinder device + shell: "{{ item }}" + when: cinder_create | changed + with_items: + - "pvcreate {{ cinder_losetup.stdout }}" + - "pvscan" + tags: + - cinder-lvm-pv + +- name: Add cinder-volumes volume group + lvg: + vg: cinder-volumes + pvs: "{{ cinder_losetup.stdout }}" + when: cinder_create | changed + tags: + - cinder-lvm-vg + diff --git a/tests/roles/bootstrap-host/tasks/prepare_loopback_nova.yml b/tests/roles/bootstrap-host/tasks/prepare_loopback_nova.yml new file mode 100644 index 0000000000..609e3a46b8 --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_loopback_nova.yml @@ -0,0 +1,39 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create sparse Nova file + shell: "truncate -s {{ bootstrap_host_loopback_nova_size }}G /openstack/nova.img" + args: + creates: /openstack/nova.img + register: nova_create + tags: + - nova-file-create + +- name: Format the Nova file + filesystem: + fstype: ext4 + dev: /openstack/nova.img + when: nova_create | changed + tags: + - nova-format-file + +- name: Create the mount points, fstab entries and mount the file systems + mount: + name: /var/lib/nova/instances + src: /openstack/nova.img + fstype: ext4 + state: mounted + tags: + - nova-file-mount diff --git a/tests/roles/bootstrap-host/tasks/prepare_loopback_swap.yml b/tests/roles/bootstrap-host/tasks/prepare_loopback_swap.yml new file mode 100644 index 0000000000..14f83e8155 --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_loopback_swap.yml @@ -0,0 +1,61 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create swap file + shell: "fallocate -l {{ bootstrap_host_swap_size }}G /openstack/swap.img" + args: + creates: /openstack/swap.img + register: swap_create + tags: + - swap-file-create + +- name: Set swap file permissions to 0600 + file: + path: /openstack/swap.img + mode: 0600 + tags: + - swap-permissions + +- name: Format the swap file + shell: mkswap /openstack/swap.img + when: swap_create | changed + tags: + - swap-format + +- name: Ensure that the swap file entry is in /etc/fstab + mount: + name: none + src: /openstack/swap.img + fstype: swap + opts: sw + passno: 0 + dump: 0 + state: present + tags: + - swap-fstab + +- name: Bring swap file online + shell: swapon /openstack/swap.img + tags: + - swap-online + +- name: Set system swappiness + sysctl: + name: vm.swappiness + value: 10 + state: present + tags: + - swap-sysctl + diff --git a/tests/roles/bootstrap-host/tasks/prepare_loopback_swift.yml b/tests/roles/bootstrap-host/tasks/prepare_loopback_swift.yml new file mode 100644 index 0000000000..adb8eb2488 --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_loopback_swift.yml @@ -0,0 +1,54 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create sparse Swift files + shell: "truncate -s {{ bootstrap_host_loopback_cinder_size }}G /openstack/{{ item }}.img" + args: + creates: "/openstack/{{ item }}.img" + with_items: + - 'swift1' + - 'swift2' + - 'swift3' + register: swift_create + tags: + - swift-file-create + +- name: Format the Swift files + filesystem: + fstype: xfs + dev: "/openstack/{{ item }}.img" + when: swift_create | changed + with_items: + - 'swift1' + - 'swift2' + - 'swift3' + tags: + - swift-format-file + +- name: Create the Swift mount points, fstab entries and mount the file systems + mount: + name: "/srv/{{ item }}.img" + src: "/openstack/{{ item }}.img" + fstype: xfs + opts: 'loop,noatime,nodiratime,nobarrier,logbufs=8' + passno: 0 + dump: 0 + state: mounted + with_items: + - 'swift1' + - 'swift2' + - 'swift3' + tags: + - swift-file-mount diff --git a/tests/roles/bootstrap-host/tasks/prepare_mongodb_service.yml b/tests/roles/bootstrap-host/tasks/prepare_mongodb_service.yml new file mode 100644 index 0000000000..86f356d9d6 --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_mongodb_service.yml @@ -0,0 +1,61 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Configure the MongoDB bind address + lineinfile: + dest: /etc/mongodb.conf + regexp: "^(#)?bind_ip" + line: "bind_ip = {{ bootstrap_host_mongodb_address }}" + register: mongodb_bind + tags: + - mongodb-conf-bind_ip + +- name: Enable the MongoDB smallfiles option + lineinfile: + dest: /etc/mongodb.conf + regexp: "^(#)?smallfiles" + line: "smallfiles = true" + register: mongodb_smallfiles + tags: + - mongodb-conf-smallfiles + +- name: Restart mongodb + service: + name: mongodb + state: restarted + when: + - mongodb_bind | changed or mongodb_smallfiles | changed + register: mongodb_restart + tags: + - mongodb-restart + +- name: Wait for mongodb to come back online after the restart + wait_for: + host: "{{ bootstrap_host_mongodb_address }}" + port: 27017 + delay: 5 + timeout: 30 + when: + - mongodb_restart is defined + - mongodb_restart | changed + tags: + - mongodb-wait + +- name: Test mongodb connectivity + command: "mongo --host {{ bootstrap_host_mongodb_address }} --eval ' '" + changed_when: False + tags: + - mongodb-test + diff --git a/tests/roles/bootstrap-host/tasks/prepare_mongodb_users.yml b/tests/roles/bootstrap-host/tasks/prepare_mongodb_users.yml new file mode 100644 index 0000000000..e600f973ad --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_mongodb_users.yml @@ -0,0 +1,41 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Read user_secrets vars + include_vars: /etc/openstack_deploy/user_secrets.yml + tags: + - mongodb-secrets + +- name: Add ceilometer database user + mongodb_user: + login_host: "{{ bootstrap_host_mongodb_address }}" + database: ceilometer + name: ceilometer + password: "{{ ceilometer_container_db_password }}" + roles: 'readWrite,dbAdmin' + state: present + tags: + - mongodb-create-user-ceilometer + +- name: Add aodh database user + mongodb_user: + login_host: "{{ bootstrap_host_mongodb_address }}" + database: aodh + name: aodh + password: "{{ aodh_container_db_password }}" + roles: 'readWrite,dbAdmin' + state: present + tags: + - mongodb-create-user-aodh diff --git a/tests/roles/bootstrap-host/tasks/prepare_networking.yml b/tests/roles/bootstrap-host/tasks/prepare_networking.yml new file mode 100644 index 0000000000..7641c0d40f --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_networking.yml @@ -0,0 +1,58 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure that /etc/network/interfaces.d/ exists + file: + path: /etc/network/interfaces.d/ + state: directory + tags: + - networking-dir-create + +- name: Copy network configuration + template: + src: osa_interfaces.cfg.j2 + dest: /etc/network/interfaces.d/osa_interfaces.cfg + register: osa_interfaces + tags: + - networking-interfaces-file + +- name: Ensure our interfaces.d configuration files are loaded automatically + lineinfile: + dest: /etc/network/interfaces + line: "source /etc/network/interfaces.d/*.cfg" + tags: + - networking-interfaces-load + +- name: Shut down the network interfaces + command: "ifdown {{ item }}" + when: osa_interfaces | changed + with_items: + - br-mgmt + - br-storage + - br-vlan + - br-vxlan + tags: + - networking-interfaces-stop + +- name: Start the network interfaces + command: "ifup {{ item }}" + when: osa_interfaces | changed + with_items: + - br-mgmt + - br-storage + - br-vlan + - br-vxlan + tags: + - networking-interfaces-start diff --git a/tests/roles/bootstrap-host/tasks/prepare_ssh_keys.yml b/tests/roles/bootstrap-host/tasks/prepare_ssh_keys.yml new file mode 100644 index 0000000000..4961ea03b7 --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_ssh_keys.yml @@ -0,0 +1,67 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure root has a .ssh directory + file: + path: /root/.ssh + state: directory + owner: root + group: root + mode: 0700 + tags: + - ssh-key-dir + +- name: Check for existing ssh private key file + stat: + path: /root/.ssh/id_rsa + register: ssh_key_private + tags: + - ssh-key-check + +- name: Check for existing ssh public key file + stat: + path: /root/.ssh/id_rsa.pub + register: ssh_key_public + tags: + - ssh-key-check + +- name: Remove an existing private/public ssh keys if one is missing + file: + path: "/root/.ssh/{{ item }}" + state: absent + when: not ssh_key_public.stat.exists or not ssh_key_private.stat.exists + with_items: + - 'id_rsa' + - 'id_rsa.pub' + tags: + - ssh-key-clean + +- name: Create ssh key pair for root + user: + name: root + generate_ssh_key: yes + ssh_key_bits: 2048 + ssh_key_file: /root/.ssh/id_rsa + tags: + - ssh-key-generate + +- name: Ensure root's new public ssh key is in authorized_keys + authorized_key: + user: root + key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}" + manage_dir: no + tags: + - ssh-key-authorized + diff --git a/tests/roles/bootstrap-host/templates/apt-sources.list.j2 b/tests/roles/bootstrap-host/templates/apt-sources.list.j2 new file mode 100644 index 0000000000..20f4e0b33d --- /dev/null +++ b/tests/roles/bootstrap-host/templates/apt-sources.list.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +# Base repositories +deb {{ bootstrap_host_ubuntu_repo }} {{ ansible_distribution_release }} main restricted universe multiverse +# Updates repositories +deb {{ bootstrap_host_ubuntu_repo }} {{ ansible_distribution_release }}-updates main restricted universe multiverse +# Backports repositories +deb {{ bootstrap_host_ubuntu_repo }} {{ ansible_distribution_release }}-backports main restricted universe multiverse +# Security repositories +deb {{ bootstrap_host_ubuntu_security_repo }} {{ ansible_distribution_release }}-security main restricted universe multiverse diff --git a/tests/roles/bootstrap-host/templates/osa_interfaces.cfg.j2 b/tests/roles/bootstrap-host/templates/osa_interfaces.cfg.j2 new file mode 100644 index 0000000000..14f7b58723 --- /dev/null +++ b/tests/roles/bootstrap-host/templates/osa_interfaces.cfg.j2 @@ -0,0 +1,68 @@ +## The default networking requires several bridges. These bridges were named to be informative +## however they can be named what ever you like and is adaptable to any network infrastructure +## environment. This file serves as an example of how to setup basic networking and was ONLY +## built for the purpose of being an example and used expressly in the building of an ALL IN +## ONE development environment. + +auto br-mgmt +iface br-mgmt inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + # Notice the bridge port is the vlan tagged interface + bridge_ports {{ bootstrap_host_bridge_mgmt_ports }} + address 172.29.236.100 + netmask 255.255.252.0 + offload-sg off + +auto br-vxlan +iface br-vxlan inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{ bootstrap_host_bridge_vxlan_ports }} + address 172.29.240.100 + netmask 255.255.252.0 + offload-sg off + # To ensure ssh checksum is correct + up /sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill + down /sbin/iptables -D POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill + # To provide internet connectivity to instances + up /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE + down /sbin/iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE + +auto br-storage +iface br-storage inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{ bootstrap_host_bridge_storage_ports }} + address 172.29.244.100 + netmask 255.255.252.0 + offload-sg off + +auto br-vlan +iface br-vlan inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + address 172.29.248.100 + netmask 255.255.252.0 + offload-sg off + # Create veth pair, don't bomb if already exists + pre-up ip link add br-vlan-veth type veth peer name eth12 || true + # Set both ends UP + pre-up ip link set br-vlan-veth up + pre-up ip link set eth12 up + # Delete veth pair on DOWN + post-down ip link del br-vlan-veth || true + bridge_ports br-vlan-veth + +# Add an additional address to br-vlan +iface br-vlan inet static + # Flat network default gateway + # -- This needs to exist somewhere for network reachability + # -- from the router namespace for floating IP paths. + # -- Putting this here is primarily for tempest to work. + address 172.29.248.1 + netmask 255.255.252.0 diff --git a/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2 b/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2 new file mode 100644 index 0000000000..6e7aae2dc8 --- /dev/null +++ b/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2 @@ -0,0 +1,91 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## General options +debug: True + +## Ceilometer Options +ceilometer_db_type: mongodb +ceilometer_db_ip: {{ bootstrap_host_mongodb_address }} +ceilometer_db_port: 27017 +cinder_ceilometer_enabled: True +glance_ceilometer_enabled: True +heat_ceilometer_enabled: True +neutron_ceilometer_enabled: True +nova_ceilometer_enabled: True +swift_ceilometer_enabled: True + +## Aodh Options +aodh_db_type: mongodb +aodh_db_ip: {{ bootstrap_host_mongodb_address }} +aodh_db_port: 27017 + +## Glance Options +glance_default_store: swift + +## SSL Settings +ssl_protocol: "ALL -SSLv2 -SSLv3" +# Cipher suite string from https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ +ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" + +## Cinder settings +cinder_service_backup_program_enabled: True + +## Tempest settings +tempest_service_available_ceilometer: True +tempest_public_subnet_cidr: 172.29.248.0/22 +tempest_volume_backup_enabled: True + +## Galera settings +galera_innodb_buffer_pool_size: 512M +galera_innodb_log_buffer_size: 32M +galera_wsrep_provider_options: + - { option: "gcache.size", value: "32M" } + +## Set workers for all services to optimise memory usage +ceilometer_api_workers: 2 +ceilometer_collector_workers: 2 +ceilometer_notification_workers: 2 +cinder_osapi_volume_workers: 2 +glance_api_workers: 2 +glance_registry_workers: 2 +heat_api_workers: 2 +heat_engine_workers: 2 +horizon_wsgi_processes: 2 +horizon_wsgi_threads: 2 +keystone_wsgi_processes: 2 +neutron_api_workers: 2 +neutron_metadata_workers: 1 +neutron_rpc_workers: 1 +nova_conductor_workers: 2 +nova_metadata_workers: 2 +nova_osapi_compute_workers: 2 +swift_account_server_workers: 2 +swift_container_server_workers: 2 +swift_object_server_workers: 2 +swift_proxy_server_workers: 2 + +# NOTE: hpcloud-b4's eth0 uses 10.0.3.0/24, which overlaps with the +# lxc_net_address default +# TODO: We'll need to implement a mechanism to determine valid lxc_net_address +# value which will not overlap with an IP already assigned to the host. +lxc_net_address: 10.255.255.1 +lxc_net_netmask: 255.255.255.0 +lxc_net_dhcp_range: 10.255.255.2,10.255.255.253 + +## LXC Container Settings +lxc_cache_resolvers: {{ lxc_cache_resolvers }} +lxc_container_template_main_apt_repo: {{ bootstrap_host_ubuntu_repo }} +lxc_container_template_security_apt_repo: {{ bootstrap_host_ubuntu_security_repo }} diff --git a/tests/roles/bootstrap-host/vars/ubuntu.yml b/tests/roles/bootstrap-host/vars/ubuntu.yml new file mode 100644 index 0000000000..40ccbefabd --- /dev/null +++ b/tests/roles/bootstrap-host/vars/ubuntu.yml @@ -0,0 +1,39 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +packages_install: + - bridge-utils + - build-essential + - curl + - ethtool + - git-core + - ipython + - linux-image-extra-{{ ansible_kernel }} + - lvm2 + - python2.7 + - python-dev + - tmux + - vim + - vlan + - xfsprogs + +packages_remove: + - libmysqlclient18 + - mysql-common + +packages_mongodb: + - mongodb-clients + - mongodb-server + - python-pymongo