From 892c7fe46c68bc36e76f21a6b699349167534f46 Mon Sep 17 00:00:00 2001 From: Major Hayden Date: Tue, 1 Dec 2015 15:41:32 +0000 Subject: [PATCH] Convert AIO bootstrap from bash to Ansible This patch converts the AIO bootstrap process to use Ansible instead of bash scripting. The patch also minimises the options available to focus the role concerned to just handle an AIO bootstrap, but gives it just enough flexibility to allow the use of an external MongoDB database for Ceilometer/Aodh and for a deployer to specify a secondary disk for the AIO to consume. A major change is that the AIO bootstrap process no longer assumes that it can destroy a secondary boot device. It requires a device name to be provided. This prevents horrible surprises. TODO (in subsequent patches): - update the developer AIO docs - convert run-playbooks.sh into an Ansible playbook Implements: blueprint convert-aio-bootstrap-to-ansible Co-Authored-By: Jesse Pretorius Change-Id: I6028952e7260388873f57db47cc3e08126ecc530 --- ansible-role-requirements.yml | 2 + .../openstack_user_config.yml.aio | 2 +- scripts/bootstrap-aio.sh | 451 +----------------- scripts/gate-check-commit.sh | 149 +++--- scripts/run-playbooks.sh | 4 +- scripts/scripts-library.sh | 109 ----- tests/ansible.cfg | 5 + tests/bootstrap-aio.yml | 21 + tests/roles/bootstrap-host/defaults/main.yml | 101 ++++ .../tasks/check-requirements.yml | 56 +++ .../bootstrap-host/tasks/install-apt.yml | 97 ++++ tests/roles/bootstrap-host/tasks/main.yml | 110 +++++ .../tasks/prepare_aio_config.yml | 149 ++++++ .../tasks/prepare_data_disk.yml | 73 +++ .../tasks/prepare_loopback_cinder.yml | 72 +++ .../tasks/prepare_loopback_nova.yml | 39 ++ .../tasks/prepare_loopback_swap.yml | 61 +++ .../tasks/prepare_loopback_swift.yml | 54 +++ .../tasks/prepare_mongodb_service.yml | 61 +++ .../tasks/prepare_mongodb_users.yml | 41 ++ .../tasks/prepare_networking.yml | 58 +++ .../bootstrap-host/tasks/prepare_ssh_keys.yml | 67 +++ .../templates/apt-sources.list.j2 | 10 + .../templates/osa_interfaces.cfg.j2 | 68 +++ .../templates/user_variables.aio.yml.j2 | 91 ++++ tests/roles/bootstrap-host/vars/ubuntu.yml | 39 ++ 26 files changed, 1356 insertions(+), 634 deletions(-) create mode 100644 tests/ansible.cfg create mode 100644 tests/bootstrap-aio.yml create mode 100644 tests/roles/bootstrap-host/defaults/main.yml create mode 100644 tests/roles/bootstrap-host/tasks/check-requirements.yml create mode 100644 tests/roles/bootstrap-host/tasks/install-apt.yml create mode 100644 tests/roles/bootstrap-host/tasks/main.yml create mode 100644 tests/roles/bootstrap-host/tasks/prepare_aio_config.yml create mode 100644 tests/roles/bootstrap-host/tasks/prepare_data_disk.yml create mode 100644 tests/roles/bootstrap-host/tasks/prepare_loopback_cinder.yml create mode 100644 tests/roles/bootstrap-host/tasks/prepare_loopback_nova.yml create mode 100644 tests/roles/bootstrap-host/tasks/prepare_loopback_swap.yml create mode 100644 tests/roles/bootstrap-host/tasks/prepare_loopback_swift.yml create mode 100644 tests/roles/bootstrap-host/tasks/prepare_mongodb_service.yml create mode 100644 tests/roles/bootstrap-host/tasks/prepare_mongodb_users.yml create mode 100644 tests/roles/bootstrap-host/tasks/prepare_networking.yml create mode 100644 tests/roles/bootstrap-host/tasks/prepare_ssh_keys.yml create mode 100644 tests/roles/bootstrap-host/templates/apt-sources.list.j2 create mode 100644 tests/roles/bootstrap-host/templates/osa_interfaces.cfg.j2 create mode 100644 tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2 create mode 100644 tests/roles/bootstrap-host/vars/ubuntu.yml diff --git a/ansible-role-requirements.yml b/ansible-role-requirements.yml index f4ac10c7fd..6d6acdd72c 100644 --- a/ansible-role-requirements.yml +++ b/ansible-role-requirements.yml @@ -1,6 +1,8 @@ - src: evrardjp.keepalived name: keepalived version: '1.3' +- src: mattwillsher.sshd + name: sshd - name: apt_package_pinning src: https://github.com/openstack/openstack-ansible-apt_package_pinning version: master diff --git a/etc/openstack_deploy/openstack_user_config.yml.aio b/etc/openstack_deploy/openstack_user_config.yml.aio index c1edacdfdc..b0d5064973 100644 --- a/etc/openstack_deploy/openstack_user_config.yml.aio +++ b/etc/openstack_deploy/openstack_user_config.yml.aio @@ -12,7 +12,7 @@ used_ips: global_overrides: internal_lb_vip_address: 172.29.236.100 - external_lb_vip_address: 192.168.1.1 + external_lb_vip_address: {{ bootstrap_host_public_address | default(ansible_default_ipv4.address) }} tunnel_bridge: "br-vxlan" management_bridge: "br-mgmt" provider_networks: diff --git a/scripts/bootstrap-aio.sh b/scripts/bootstrap-aio.sh index 380f93828a..6d3cc5d788 100755 --- a/scripts/bootstrap-aio.sh +++ b/scripts/bootstrap-aio.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash - +# # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,447 +17,16 @@ ## Shell Opts ---------------------------------------------------------------- set -e -u -x - -## Vars ---------------------------------------------------------------------- -DEFAULT_PASSWORD=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 32) -export BOOTSTRAP_AIO="yes" -export BOOTSTRAP_AIO_DIR=${BOOTSTRAP_AIO_DIR:-"/openstack"} -export HTTP_PROXY=${HTTP_PROXY:-""} -export HTTPS_PROXY=${HTTPS_PROXY:-""} -export ADMIN_PASSWORD=${ADMIN_PASSWORD:-$DEFAULT_PASSWORD} -export SERVICE_REGION=${SERVICE_REGION:-"RegionOne"} -export DEPLOY_OPENSTACK=${DEPLOY_OPENSTACK:-"yes"} -export DEPLOY_SWIFT=${DEPLOY_SWIFT:-"yes"} -export DEPLOY_CEILOMETER=${DEPLOY_CEILOMETER:-"yes"} -export PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-$(ip route show | awk '/default/ { print $NF }')} -export PUBLIC_ADDRESS=${PUBLIC_ADDRESS:-$(ip -o -4 addr show dev ${PUBLIC_INTERFACE} | awk -F '[ /]+' '/global/ {print $4}')} -export NOVA_VIRT_TYPE=${NOVA_VIRT_TYPE:-"qemu"} -export TEMPEST_FLAT_CIDR=${TEMPEST_FLAT_CIDR:-"172.29.248.0/22"} -export FLUSH_IPTABLES=${FLUSH_IPTABLES:-"yes"} -export RABBITMQ_PACKAGE_URL=${RABBITMQ_PACKAGE_URL:-""} -export MONGO_HOST=${MONGO_HOST:-"172.29.236.100"} -export DEBIAN_FRONTEND=${DEBIAN_FRONTEND:-"noninteractive"} - -# Default disabled fatal deprecation warnings -export CINDER_FATAL_DEPRECATIONS=${CINDER_FATAL_DEPRECATIONS:-"no"} -export GLANCE_FATAL_DEPRECATIONS=${GLANCE_FATAL_DEPRECATIONS:-"no"} -export HEAT_FATAL_DEPRECATIONS=${HEAT_FATAL_DEPRECATIONS:-"no"} -export KEYSTONE_FATAL_DEPRECATIONS=${KEYSTONE_FATAL_DEPRECATIONS:-"no"} -export NEUTRON_FATAL_DEPRECATIONS=${NEUTRON_FATAL_DEPRECATIONS:-"no"} -export NOVA_FATAL_DEPRECATIONS=${NOVA_FATAL_DEPRECATIONS:-"no"} -export TEMPEST_FATAL_DEPRECATIONS=${TEMPEST_FATAL_DEPRECATIONS:-"no"} - -# Ubuntu Repository Determination (based on existing host OS configuration) -UBUNTU_RELEASE=$(lsb_release -sc) -UBUNTU_REPO=${UBUNTU_REPO:-$(awk "/^deb .*ubuntu\/? ${UBUNTU_RELEASE} main/ {print \$2; exit}" /etc/apt/sources.list)} -UBUNTU_SEC_REPO=${UBUNTU_SEC_REPO:-$(awk "/^deb .*ubuntu\/? ${UBUNTU_RELEASE}-security main/ {print \$2; exit}" /etc/apt/sources.list)} - - -## Library Check ------------------------------------------------------------- -info_block "Checking for required libraries." 2> /dev/null || - source $(dirname ${0})/scripts-library.sh || - source scripts/scripts-library.sh - +## Variables ----------------------------------------------------------------- +# Extra options to pass to the AIO bootstrap process +export BOOTSTRAP_OPTS=${BOOTSTRAP_OPTS:-''} ## Main ---------------------------------------------------------------------- -# Log some data about the instance and the rest of the system -log_instance_info +# Run AIO bootstrap playbook +pushd tests + ansible-playbook -i "localhost ansible-connection=local," \ + -e "${BOOTSTRAP_OPTS}" \ + bootstrap-aio.yml +popd -# Ensure that the current kernel can support vxlan -if ! modprobe vxlan; then - echo "VXLAN support is required for this to work. And the Kernel module was not found." - echo "This build will not work without it." - exit_fail -fi - -info_block "Running AIO Setup" - -# Set base DNS to google, ensuring consistent DNS in different environments -if [ ! "$(grep -e '^nameserver 8.8.8.8' -e '^nameserver 8.8.4.4' /etc/resolv.conf)" ];then - echo -e '\n# Adding google name servers\nnameserver 8.8.8.8\nnameserver 8.8.4.4' | tee -a /etc/resolv.conf -fi - -# Ensure that the https apt transport is available before doing anything else -apt-get update && apt-get install -y apt-transport-https < /dev/null - -# Set the host repositories to only use the same ones, always, for the sake of consistency. -cat > /etc/apt/sources.list <> /etc/ssh/sshd_config -fi - -# Ensure that sshd permits root login, or ansible won't be able to connect -if grep "^PermitRootLogin" /etc/ssh/sshd_config > /dev/null; then - sed -i 's/^PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config -else - echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config -fi - -# Create the directory BOOTSTRAP_AIO_DIR if it doesn't already exist -if [ ! -d "${BOOTSTRAP_AIO_DIR}" ]; then - mkdir -p ${BOOTSTRAP_AIO_DIR} -fi - -# Remove the pip directory if its found -if [ -d "${HOME}/.pip" ];then - rm -rf "${HOME}/.pip" -fi - -# Install pip -get_pip - -# Ensure we use the HTTPS/HTTP proxy with pip if it is specified -PIP_OPTS="" -if [ -n "$HTTPS_PROXY" ]; then - PIP_OPTS="--proxy $HTTPS_PROXY" -elif [ -n "$HTTP_PROXY" ]; then - PIP_OPTS="--proxy $HTTP_PROXY" -fi - -# Install requirements if there are any -if [ -f "requirements.txt" ];then - pip2 install $PIP_OPTS -r requirements.txt || pip install $PIP_OPTS -r requirements.txt -fi - -# Configure all disk space -configure_diskspace - -# Create /etc/rc.local if it doesn't already exist -if [ ! -f "/etc/rc.local" ];then - touch /etc/rc.local - chmod +x /etc/rc.local -fi - -# Make the system key used for bootstrapping self -if [ ! -d /root/.ssh ];then - mkdir -p /root/.ssh - chmod 700 /root/.ssh -fi - -ssh_key_create - -# Make sure everything is mounted. -mount -a || true - -# Build the loopback drive for swap to use -if [ ! "$(swapon -s | grep -v Filename)" ]; then - memory_kb=$(awk '/MemTotal/ {print $2}' /proc/meminfo) - if [ "${memory_kb}" -lt "8388608" ]; then - swap_size="4294967296" - else - swap_size="8589934592" - fi - loopback_create "${BOOTSTRAP_AIO_DIR}/swap.img" ${swap_size} thick swap - # Ensure swap will be used on the host - if [ ! $(sysctl vm.swappiness | awk '{print $3}') == "10" ];then - sysctl -w vm.swappiness=10 | tee -a /etc/sysctl.conf - fi - swapon -a -fi - -if [ "${DEPLOY_OPENSTACK}" == "yes" ]; then - # Build the loopback drive for cinder to use - CINDER="cinder.img" - if ! vgs cinder-volumes; then - loopback_create "${BOOTSTRAP_AIO_DIR}/${CINDER}" 1073741824000 thin rc - CINDER_DEVICE=$(losetup -a | awk -F: "/${CINDER}/ {print \$1}") - pvcreate ${CINDER_DEVICE} - pvscan - # Check for the volume group - if ! vgs cinder-volumes; then - vgcreate cinder-volumes ${CINDER_DEVICE} - fi - # Ensure that the cinder loopback is enabled after reboot - if ! grep ${CINDER} /etc/rc.local && ! vgs cinder-volumes; then - sed -i "\$i losetup \$(losetup -f) /${BOOTSTRAP_AIO_DIR}/${CINDER}" /etc/rc.local - fi - fi - - # Build the loopback drive for nova instance storage - NOVA="nova.img" - if ! grep -q "${NOVA}" /proc/mounts; then - loopback_create "${BOOTSTRAP_AIO_DIR}/${NOVA}" 1073741824000 thin none - mkfs.ext4 -F "${BOOTSTRAP_AIO_DIR}/${NOVA}" - mkdir -p /var/lib/nova/instances - mount "${BOOTSTRAP_AIO_DIR}/${NOVA}" /var/lib/nova/instances - fi - if ! grep -qw "^${BOOTSTRAP_AIO_DIR}/${NOVA}" /etc/fstab; then - echo "${BOOTSTRAP_AIO_DIR}/${NOVA} /var/lib/nova/instances ext4 defaults 0 0" >> /etc/fstab - fi -fi - -# Enable swift deployment -if [ "${DEPLOY_SWIFT}" == "yes" ]; then - # build the loopback drives for swift to use - for SWIFT in swift1 swift2 swift3; do - if ! grep -q "${SWIFT}" /proc/mounts; then - loopback_create "${BOOTSTRAP_AIO_DIR}/${SWIFT}.img" 1073741824000 thin none - if ! grep -qw "^${BOOTSTRAP_AIO_DIR}/${SWIFT}.img" /etc/fstab; then - echo "${BOOTSTRAP_AIO_DIR}/${SWIFT}.img /srv/${SWIFT}.img xfs loop,noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab - fi - # Format the lo devices - mkfs.xfs -f "${BOOTSTRAP_AIO_DIR}/${SWIFT}.img" - mkdir -p "/srv/${SWIFT}.img" - mount "${BOOTSTRAP_AIO_DIR}/${SWIFT}.img" "/srv/${SWIFT}.img" - fi - done -fi - -# Copy aio network config into place. -if [ ! -d "/etc/network/interfaces.d" ];then - mkdir -p /etc/network/interfaces.d/ -fi - -# Copy the basic aio network interfaces over -cp -R etc/network/interfaces.d/aio_interfaces.cfg /etc/network/interfaces.d/ - -# Ensure the network source is in place -if [ ! "$(grep -Rni '^source\ /etc/network/interfaces.d/\*.cfg' /etc/network/interfaces)" ]; then - echo "source /etc/network/interfaces.d/*.cfg" | tee -a /etc/network/interfaces -fi - -# Bring up the new interfaces -for i in $(awk '/^iface/ {print $2}' /etc/network/interfaces.d/aio_interfaces.cfg); do - if grep "^$i\:" /proc/net/dev > /dev/null;then - /sbin/ifdown $i || true - fi - /sbin/ifup $i || true -done - -# Remove an existing etc directory if already found -if [ -d "/etc/openstack_deploy" ];then - rm -rf "/etc/openstack_deploy" -fi - -# Move the *.aio files into place for use within the AIO build. -cp -R etc/openstack_deploy /etc/ -for i in $(find /etc/openstack_deploy/ -type f -name '*.aio');do - rename 's/\.aio$//g' $i -done - -# Ensure the conf.d directory exists -if [ ! -d "/etc/openstack_deploy/conf.d" ];then - mkdir -p "/etc/openstack_deploy/conf.d" -fi - -# Ensure containers are using the same resolvers as the host -RESOLVERS=$(grep nameserver /etc/resolv.conf | awk 'NF { print "\""$0"\""}' | tr '\n' ',' | sed 's/,$//' ) -if [ ! "$(grep -Rni '^lxc_cache_resolvers' /etc/openstack_deploy/user_variables.yml)" ]; then - echo "lxc_cache_resolvers: [$RESOLVERS]" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -# Add tempest settings for particular use-cases -if [ ${DEPLOY_OPENSTACK} == "no" ]; then - for svc in cinder glance heat horizon neutron nova; do - echo "tempest_service_available_${svc}: False" | tee -a /etc/openstack_deploy/user_variables.yml - done -fi -if [ ${DEPLOY_SWIFT} == "no" ]; then - echo "tempest_service_available_swift: False" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -# Generate the passwords -scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml - -# change the generated passwords for the OpenStack (admin) -sed -i "s/keystone_auth_admin_password:.*/keystone_auth_admin_password: ${ADMIN_PASSWORD}/" /etc/openstack_deploy/user_secrets.yml -sed -i "s/external_lb_vip_address:.*/external_lb_vip_address: ${PUBLIC_ADDRESS}/" /etc/openstack_deploy/openstack_user_config.yml - -# Change affinities (number of containers per host) if the appropriate -# environment variables are set. -for container_type in keystone galera rabbit_mq horizon repo; do - var_name="NUM_${container_type}_CONTAINER" - set +u - num=${!var_name} - set -u - [[ -z $num ]] && continue - sed -i "s/${container_type}_container:.*/${container_type}_container: ${num}/" /etc/openstack_deploy/openstack_user_config.yml -done - -if [ ${DEPLOY_CEILOMETER} == "yes" ]; then - # Install mongodb on the aio1 host - apt-get install mongodb-server mongodb-clients python-pymongo -y < /dev/null - # Change bind_ip to management ip - sed -i "s/^bind_ip.*/bind_ip = $MONGO_HOST/" /etc/mongodb.conf - # Asserting smallfiles key - sed -i "s/^smallfiles.*/smallfiles = true/" /etc/mongodb.conf - service mongodb restart - - # Wait for mongodb to restart - for i in {1..12}; do - mongo --host $MONGO_HOST --eval ' ' && break - sleep 5 - done - # Adding the ceilometer database - mongo --host $MONGO_HOST --eval ' - db = db.getSiblingDB("ceilometer"); - db.addUser({user: "ceilometer", - pwd: "ceilometer", - roles: [ "readWrite", "dbAdmin" ]})' - - # Adding the aodh alarm database - mongo --host $MONGO_HOST --eval ' - db = db.getSiblingDB("aodh"); - db.addUser({user: "aodh", - pwd: "aodh", - roles: [ "readWrite", "dbAdmin" ]})' - - # change the generated passwords for mongodb access - sed -i "s/ceilometer_container_db_password:.*/ceilometer_container_db_password: ceilometer/" /etc/openstack_deploy/user_secrets.yml - sed -i "s/aodh_container_db_password:.*/aodh_container_db_password: aodh/" /etc/openstack_deploy/user_secrets.yml - sed -i "s/aodh_db_ip:.*/aodh_db_ip: ${MONGO_HOST}/" /etc/openstack_deploy/user_variables.yml - # Change the Ceilometer user variables necessary for deployment - sed -i "s/ceilometer_db_ip:.*/ceilometer_db_ip: ${MONGO_HOST}/" /etc/openstack_deploy/user_variables.yml - # Enable Ceilometer for Swift - if [ ${DEPLOY_SWIFT} == "yes" ]; then - sed -i "s/swift_ceilometer_enabled:.*/swift_ceilometer_enabled: True/" /etc/openstack_deploy/user_variables.yml - fi - # Enable Ceilometer for other OpenStack Services - if [ ${DEPLOY_OPENSTACK} == "yes" ]; then - for svc in cinder glance heat nova; do - sed -i "s/${svc}_ceilometer_enabled:.*/${svc}_ceilometer_enabled: True/" /etc/openstack_deploy/user_variables.yml - done - fi - echo 'tempest_service_available_ceilometer: true' | tee -a /etc/openstack_deploy/user_variables.yml -fi - -# Service region set -echo "service_region: ${SERVICE_REGION}" | tee -a /etc/openstack_deploy/user_variables.yml - -# Virt type set -echo "nova_virt_type: ${NOVA_VIRT_TYPE}" | tee -a /etc/openstack_deploy/user_variables.yml - -# Set network for tempest -echo "tempest_public_subnet_cidr: ${TEMPEST_FLAT_CIDR}" | tee -a /etc/openstack_deploy/user_variables.yml - -# Minimize galera cache -echo 'galera_innodb_buffer_pool_size: 512M' | tee -a /etc/openstack_deploy/user_variables.yml -echo 'galera_innodb_log_buffer_size: 32M' | tee -a /etc/openstack_deploy/user_variables.yml -echo 'galera_wsrep_provider_options: - - { option: "gcache.size", value: "32M" }' | tee -a /etc/openstack_deploy/user_variables.yml - -# Set the running kernel as the required kernel -echo "required_kernel: $(uname --kernel-release)" | tee -a /etc/openstack_deploy/user_variables.yml - -# Set the Ubuntu apt repository used for containers to the same as the host -echo "lxc_container_template_main_apt_repo: ${UBUNTU_REPO}" | tee -a /etc/openstack_deploy/user_variables.yml -echo "lxc_container_template_security_apt_repo: ${UBUNTU_SEC_REPO}" | tee -a /etc/openstack_deploy/user_variables.yml - -# Optimise the worker settings for an AIO -tee -a /etc/openstack_deploy/user_variables.yml << EOF -ceilometer_api_workers: 2 -ceilometer_collector_workers: 2 -ceilometer_notification_workers: 2 -cinder_osapi_volume_workers: 2 -glance_api_workers: 2 -glance_registry_workers: 2 -heat_api_workers: 2 -heat_engine_workers: 2 -horizon_wsgi_processes: 2 -horizon_wsgi_threads: 2 -keystone_wsgi_processes: 2 -neutron_api_workers: 2 -neutron_metadata_workers: 1 -neutron_rpc_workers: 1 -nova_conductor_workers: 2 -nova_metadata_workers: 2 -nova_osapi_compute_workers: 2 -swift_account_server_workers: 2 -swift_container_server_workers: 2 -swift_object_server_workers: 2 -swift_proxy_server_workers: 2 -EOF - -# Add in swift vars if needed -if [ "${DEPLOY_SWIFT}" == "yes" ]; then - # ensure that glance is configured to use swift - sed -i "s/glance_default_store:.*/glance_default_store: swift/" /etc/openstack_deploy/user_variables.yml - echo "cinder_service_backup_program_enabled: True" | tee -a /etc/openstack_deploy/user_variables.yml - echo "tempest_volume_backup_enabled: True" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -if [ ! -z "${RABBITMQ_PACKAGE_URL}" ]; then - echo "rabbitmq_package_url: ${RABBITMQ_PACKAGE_URL}" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -# Update fatal_deprecations settings -if [ "${CINDER_FATAL_DEPRECATIONS}" == "yes" ]; then - echo "cinder_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -if [ "${GLANCE_FATAL_DEPRECATIONS}" == "yes" ]; then - echo "glance_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -if [ "${HEAT_FATAL_DEPRECATIONS}" == "yes" ]; then - echo "heat_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -if [ "${KEYSTONE_FATAL_DEPRECATIONS}" == "yes" ]; then - echo "keystone_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -if [ "${NEUTRON_FATAL_DEPRECATIONS}" == "yes" ]; then - echo "neutron_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -if [ "${NOVA_FATAL_DEPRECATIONS}" == "yes" ]; then - echo "nova_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -if [ "${TEMPEST_FATAL_DEPRECATIONS}" == "yes" ]; then - echo "tempest_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml -fi - -# Log some data about the instance and the rest of the system -log_instance_info - -info_block "The system has been prepared for an all-in-one build." diff --git a/scripts/gate-check-commit.sh b/scripts/gate-check-commit.sh index 6c96b41bda..a8cb93a42b 100755 --- a/scripts/gate-check-commit.sh +++ b/scripts/gate-check-commit.sh @@ -17,120 +17,107 @@ set -e -u -x ## Variables ----------------------------------------------------------------- -export BOOTSTRAP_ANSIBLE=${BOOTSTRAP_ANSIBLE:-"yes"} -export BOOTSTRAP_AIO=${BOOTSTRAP_AIO:-"yes"} -export RUN_PLAYBOOKS=${RUN_PLAYBOOKS:-"yes"} -export RUN_TEMPEST=${RUN_TEMPEST:-"yes"} -# Ansible options export ANSIBLE_PARAMETERS=${ANSIBLE_PARAMETERS:-"-v"} -# Deployment options -export DEPLOY_HOST=${DEPLOY_HOST:-"yes"} -export DEPLOY_LB=${DEPLOY_LB:-"yes"} -export DEPLOY_INFRASTRUCTURE=${DEPLOY_INFRASTRUCTURE:-"yes"} -export DEPLOY_LOGGING=${DEPLOY_LOGGING:-"yes"} -export DEPLOY_OPENSTACK=${DEPLOY_OPENSTACK:-"yes"} -export DEPLOY_SWIFT=${DEPLOY_SWIFT:-"yes"} -export DEPLOY_TEMPEST=${DEPLOY_TEMPEST:-"yes"} -# Limit the gate check to only performing one attempt, unless already set export MAX_RETRIES=${MAX_RETRIES:-"2"} # tempest and testr options, default is to run tempest in serial export RUN_TEMPEST_OPTS=${RUN_TEMPEST_OPTS:-'--serial'} export TESTR_OPTS=${TESTR_OPTS:-''} +# Disable the python output buffering so that jenkins gets the output properly +export PYTHONUNBUFFERED=1 +# Extra options to pass to the AIO bootstrap process +export BOOTSTRAP_OPTS=${BOOTSTRAP_OPTS:-''} ## Functions ----------------------------------------------------------------- info_block "Checking for required libraries." 2> /dev/null || source $(dirname ${0})/scripts-library.sh ## Main ---------------------------------------------------------------------- +# Log some data about the instance and the rest of the system +log_instance_info + +# Determine the largest secondary disk device available for repartitioning +DATA_DISK_DEVICE=$(lsblk -brndo NAME,TYPE,RO,SIZE | \ + awk '/d[b-z]+ disk 0/{ if ($4>m){m=$4; d=$1}}; END{print d}') + +# Only set the secondary disk device option if there is one +if [ -n "${DATA_DISK_DEVICE}" ]; then + export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_data_disk_device=${DATA_DISK_DEVICE}" +fi + +# Bootstrap Ansible +source $(dirname ${0})/bootstrap-ansible.sh + +# Log some data about the instance and the rest of the system +log_instance_info + +# Flush all the iptables rules set by openstack-infra +iptables -F +iptables -X +iptables -t nat -F +iptables -t nat -X +iptables -t mangle -F +iptables -t mangle -X +iptables -P INPUT ACCEPT +iptables -P FORWARD ACCEPT +iptables -P OUTPUT ACCEPT + # Adjust settings based on the Cloud Provider info in OpenStack-CI if [ -f /etc/nodepool/provider -a -s /etc/nodepool/provider ]; then source /etc/nodepool/provider if [[ ${NODEPOOL_PROVIDER} == "rax"* ]]; then - # Set the Ubuntu Repository to the RAX Mirror - export UBUNTU_REPO="http://mirror.rackspace.com/ubuntu" - export UBUNTU_SEC_REPO="${UBUNTU_REPO}" + # Set the Ubuntu Repository for the AIO to the RAX Mirror + export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_ubuntu_repo=http://mirror.rackspace.com/ubuntu" + export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_ubuntu_security_repo=http://mirror.rackspace.com/ubuntu" elif [[ ${NODEPOOL_PROVIDER} == "hpcloud"* ]]; then - # Set the Ubuntu Repository to the HP Cloud Mirror - export UBUNTU_REPO="http://${NODEPOOL_AZ}.clouds.archive.ubuntu.com/ubuntu" - export UBUNTU_SEC_REPO="${UBUNTU_REPO}" + # Set the Ubuntu Repository for the AIO to the HP Cloud Mirror + export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_ubuntu_repo=http://${NODEPOOL_AZ}.clouds.archive.ubuntu.com/ubuntu" + export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_ubuntu_security_repo=http://${NODEPOOL_AZ}.clouds.archive.ubuntu.com/ubuntu" fi - - # Reduce container affinities as Liberty appears to consume - # a greater volume of resources, causing greater numbers - # of failures with the default affinities. - for container_type in rabbit_mq repo horizon keystone; do - export "NUM_${container_type}_CONTAINER=1" - done - fi -# Bootstrap an AIO setup if required -if [ "${BOOTSTRAP_AIO}" == "yes" ]; then - source $(dirname ${0})/bootstrap-aio.sh -fi - -# Bootstrap ansible if required -if [ "${BOOTSTRAP_ANSIBLE}" == "yes" ]; then - source $(dirname ${0})/bootstrap-ansible.sh -fi - -# Make the /openstack/log directory for openstack-infra gate check log publishing -mkdir -p /openstack/log +# Bootstrap an AIO +pushd $(dirname ${0})/../tests + sed -i '/\[defaults\]/a nocolor = 1/' ansible.cfg + ansible-playbook -i "localhost ansible-connection=local," \ + -e "${BOOTSTRAP_OPTS}" \ + ${ANSIBLE_PARAMETERS} \ + bootstrap-aio.yml +popd # Implement the log directory link for openstack-infra log publishing +mkdir -p /openstack/log ln -sf /openstack/log $(dirname ${0})/../logs -# Create ansible logging directory and add in a log file entry into ansible.cfg -mkdir -p /openstack/log/ansible-logging -sed -i '/\[defaults\]/a log_path = /openstack/log/ansible-logging/ansible.log' $(dirname ${0})/../playbooks/ansible.cfg +pushd $(dirname ${0})/../playbooks + # Disable Ansible color output + sed -i 's/nocolor.*/nocolor = 1/' ansible.cfg -# Enable detailed task profiling -sed -i '/\[defaults\]/a callback_plugins = plugins/callbacks' $(dirname ${0})/../playbooks/ansible.cfg + # Create ansible logging directory and add in a log file entry into ansible.cfg + mkdir -p /openstack/log/ansible-logging + sed -i '/\[defaults\]/a log_path = /openstack/log/ansible-logging/ansible.log' ansible.cfg -# Disable Ansible color output -sed -i 's/nocolor.*/nocolor = 1/' $(dirname ${0})/../playbooks/ansible.cfg - -# Enable debug logging for all services to make failure debugging easier -echo "debug: True" | tee -a /etc/openstack_deploy/user_variables.yml - -# NOTE: hpcloud-b4's eth0 uses 10.0.3.0/24, which overlaps with the -# lxc_net_address default -# TODO: We'll need to implement a mechanism to determine valid lxc_net_address -# value which will not overlap with an IP already assigned to the host. -echo "lxc_net_address: 10.255.255.1" | tee -a /etc/openstack_deploy/user_variables.yml -echo "lxc_net_netmask: 255.255.255.0" | tee -a /etc/openstack_deploy/user_variables.yml -echo "lxc_net_dhcp_range: 10.255.255.2,10.255.255.253" | tee -a /etc/openstack_deploy/user_variables.yml - -# Disable the python output buffering so that jenkins gets the output properly -export PYTHONUNBUFFERED=1 - -# Run the ansible playbooks if required -if [ "${RUN_PLAYBOOKS}" == "yes" ]; then - # Set-up our tiny awk script. - strip_debug=" - !/(^[ 0-9|:.-]+<[0-9.]|localhost+>)|Extracting/ { - gsub(/{.*/, \"\"); - gsub(/\\n.*/, \"\"); - gsub(/\=\>.*/, \"\"); - print - } - " - set -o pipefail - bash $(dirname ${0})/run-playbooks.sh | awk "${strip_debug}" - set +o pipefail -fi + # Enable detailed task profiling + sed -i '/\[defaults\]/a callback_plugins = plugins/callbacks' ansible.cfg +popd # Log some data about the instance and the rest of the system log_instance_info -# Run the tempest tests if required -if [ "${RUN_TEMPEST}" == "yes" ]; then - source $(dirname ${0})/run-tempest.sh -fi +# Execute the Playbooks +bash $(dirname ${0})/run-playbooks.sh + +# Log some data about the instance and the rest of the system +log_instance_info + +# Run the tempest tests +source $(dirname ${0})/run-tempest.sh + +# Log some data about the instance and the rest of the system +log_instance_info exit_success diff --git a/scripts/run-playbooks.sh b/scripts/run-playbooks.sh index e5c9dd0dc5..127800acb2 100755 --- a/scripts/run-playbooks.sh +++ b/scripts/run-playbooks.sh @@ -25,9 +25,9 @@ DEPLOY_LOGGING=${DEPLOY_LOGGING:-"yes"} DEPLOY_OPENSTACK=${DEPLOY_OPENSTACK:-"yes"} DEPLOY_SWIFT=${DEPLOY_SWIFT:-"yes"} DEPLOY_CEILOMETER=${DEPLOY_CEILOMETER:-"yes"} -DEPLOY_TEMPEST=${DEPLOY_TEMPEST:-"no"} +DEPLOY_TEMPEST=${DEPLOY_TEMPEST:-"yes"} COMMAND_LOGS=${COMMAND_LOGS:-"/openstack/log/ansible_cmd_logs/"} -ADD_NEUTRON_AGENT_CHECKSUM_RULE=${BOOTSTRAP_AIO:-"no"} +ADD_NEUTRON_AGENT_CHECKSUM_RULE=${ADD_NEUTRON_AGENT_CHECKSUM_RULE:-"yes"} ## Functions ----------------------------------------------------------------- diff --git a/scripts/scripts-library.sh b/scripts/scripts-library.sh index 76be68784a..7d90c8e6cc 100755 --- a/scripts/scripts-library.sh +++ b/scripts/scripts-library.sh @@ -18,9 +18,6 @@ ## Vars ---------------------------------------------------------------------- LINE='----------------------------------------------------------------------' MAX_RETRIES=${MAX_RETRIES:-5} -BOOTSTRAP_AIO_DIR=${BOOTSTRAP_AIO_DIR:-"/openstack"} -DATA_DISK_DEVICE=${DATA_DISK_DEVICE:-} -MIN_DISK_SIZE_GB=${MIN_DISK_SIZE_GB:-80} REPORT_DATA=${REPORT_DATA:-""} ANSIBLE_PARAMETERS=${ANSIBLE_PARAMETERS:-""} STARTTIME="${STARTTIME:-$(date +%s)}" @@ -76,74 +73,6 @@ function install_bits { successerator openstack-ansible ${ANSIBLE_PARAMETERS} --forks ${FORKS} $@ } -function configure_diskspace { - # If there are any block devices available other than the one - # used for the root disk, repurpose it for our needs. - - # If DATA_DISK_DEVICE is not set or empty, then try to figure out which - # device to use - if [ -z "${DATA_DISK_DEVICE}" ]; then - # Identify the list of disk devices available, sort from largest to - # smallest, and pick the largest. - # Excludes: - # - the first device, as that is where the OS is expected - # - read only devices, as we can't write to them - DATA_DISK_DEVICE=$(lsblk -brndo NAME,TYPE,RO,SIZE | \ - awk '/d[b-z]+ disk 0/{ if ($4>m){m=$4; d=$1}}; END{print d}') - fi - - # We only want to continue if a device was found to use. If not, - # then we simply leave the disks alone. - if [ ! -z "${DATA_DISK_DEVICE}" ]; then - # Calculate the minimum disk size in bytes - MIN_DISK_SIZE_B=$((MIN_DISK_SIZE_GB * 1024 * 1024 * 1024)) - - # Determine the size in bytes of the selected device - blk_dev_size_b=$(lsblk -nrdbo NAME,TYPE,SIZE | \ - awk "/^${DATA_DISK_DEVICE} disk/ {print \$3}") - - # Determine if the device is large enough - if [ "${blk_dev_size_b}" -ge "${MIN_DISK_SIZE_B}" ]; then - # Only execute the disk partitioning process if a partition labeled - # 'openstack-data{1,2}' is not present and that partition is not - # formatted as ext4. This is an attempt to achieve idempotency just - # in case this script is run multiple times. - if ! parted --script -l -m | egrep -q ':ext4:openstack-data[12]:;$'; then - - # Dismount any mount points on the device - mount_points=$(awk "/^\/dev\/${DATA_DISK_DEVICE}[0-9]* / {print \$2}" /proc/mounts) - for mount_point in ${mount_points}; do - umount ${mount_point} - sed -i ":${mount_point}:d" /etc/fstab - done - - # Partition the whole disk for our usage - parted --script /dev/${DATA_DISK_DEVICE} mklabel gpt - parted --align optimal --script /dev/${DATA_DISK_DEVICE} mkpart openstack-data1 ext4 0% 40% - parted --align optimal --script /dev/${DATA_DISK_DEVICE} mkpart openstack-data2 ext4 40% 100% - - # Format the bootstrap partition, create the mount point, and mount it. - mkfs.ext4 /dev/${DATA_DISK_DEVICE}1 - mkdir -p ${BOOTSTRAP_AIO_DIR} - mount /dev/${DATA_DISK_DEVICE}1 ${BOOTSTRAP_AIO_DIR} - - # Format the lxc partition, create the mount point, and mount it. - mkfs.ext4 /dev/${DATA_DISK_DEVICE}2 - mkdir -p /var/lib/lxc - mount /dev/${DATA_DISK_DEVICE}2 /var/lib/lxc - - fi - # Add the fstab entries if they aren't there already - if ! grep -qw "^/dev/${DATA_DISK_DEVICE}1" /etc/fstab; then - echo "/dev/${DATA_DISK_DEVICE}1 ${BOOTSTRAP_AIO_DIR} ext4 defaults 0 0" >> /etc/fstab - fi - if ! grep -qw "^/dev/${DATA_DISK_DEVICE}2" /etc/fstab; then - echo "/dev/${DATA_DISK_DEVICE}2 /var/lib/lxc ext4 defaults 0 0" >> /etc/fstab - fi - fi - fi -} - function ssh_key_create { # Ensure that the ssh key exists and is an authorized_key key_path="${HOME}/.ssh" @@ -167,44 +96,6 @@ function ssh_key_create { fi } -function loopback_create { - LOOP_FILENAME=${1} - LOOP_FILESIZE=${2} - LOOP_FILE_TYPE=${3} # thin, thick - LOOP_MOUNT_METHOD=${4} # swap, rc, none - - if [ ! -f "${LOOP_FILENAME}" ]; then - if [ "${LOOP_FILE_TYPE}" = "thin" ]; then - truncate -s ${LOOP_FILESIZE} ${LOOP_FILENAME} - elif [ "${LOOP_FILE_TYPE}" = "thick" ]; then - fallocate -l ${LOOP_FILESIZE} ${LOOP_FILENAME} &> /dev/null || \ - dd if=/dev/zero of=${LOOP_FILENAME} bs=1M count=$(( LOOP_FILESIZE / 1024 / 1024 )) - else - exit_fail "No valid option ${LOOP_FILE_TYPE} found." - fi - fi - - if [ "${LOOP_MOUNT_METHOD}" = "rc" ]; then - if ! losetup -a | grep -q "(${LOOP_FILENAME})$"; then - LOOP_DEVICE=$(losetup -f) - losetup ${LOOP_DEVICE} ${LOOP_FILENAME} - fi - if ! grep -q ${LOOP_FILENAME} /etc/rc.local; then - sed -i "\$i losetup \$(losetup -f) ${LOOP_FILENAME}" /etc/rc.local - fi - fi - - if [ "${LOOP_MOUNT_METHOD}" = "swap" ]; then - if ! swapon -s | grep -q ${LOOP_FILENAME}; then - mkswap ${LOOP_FILENAME} - swapon -a - fi - if ! grep -q "^${LOOP_FILENAME} " /etc/fstab; then - echo "${LOOP_FILENAME} none swap loop 0 0" >> /etc/fstab - fi - fi -} - function exit_state { set +x TOTALSECONDS="$(( $(date +%s) - STARTTIME ))" diff --git a/tests/ansible.cfg b/tests/ansible.cfg new file mode 100644 index 0000000000..3465bd5863 --- /dev/null +++ b/tests/ansible.cfg @@ -0,0 +1,5 @@ +[defaults] +action_plugins = ../playbooks/plugins/actions +callback_plugins = ../playbooks/plugins/callbacks +library = ../playbooks/library +host_key_checking = False diff --git a/tests/bootstrap-aio.yml b/tests/bootstrap-aio.yml new file mode 100644 index 0000000000..1f65ba036f --- /dev/null +++ b/tests/bootstrap-aio.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- hosts: localhost + user: root + roles: + - sshd + - pip_install + - bootstrap-host diff --git a/tests/roles/bootstrap-host/defaults/main.yml b/tests/roles/bootstrap-host/defaults/main.yml new file mode 100644 index 0000000000..8a38a80353 --- /dev/null +++ b/tests/roles/bootstrap-host/defaults/main.yml @@ -0,0 +1,101 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Boolean option to implement OpenStack-Ansible configuration for an AIO +bootstrap_host_aio_config: yes + +## Swap memory +# If there is no swap memory present, the bootstrap will create a loopback disk +# for the purpose of having swap memory available. Swap is required for some of +# the services deployed and is useful for AIO's built with less than 16GB memory. +# By default the swap size is set to 8GB unless the host memory is less than 8GB, +# in which case it is set to 4GB. +bootstrap_host_swap_size: "{% if ansible_memory_mb['real']['total'] < 8*1024 %}4{% else %}8{% endif %}" + +## Loopback volumes +# Sparse loopback disks are used for Cinder, Swift and Nova (instance storage). +# The size of the loopback volumes can be customized here (in gigabytes). +# +# Boolean option to deploy the loopback disk for Cinder +bootstrap_host_loopback_cinder: yes +# Size of the Cinder loopback disk in gigabytes (GB). +bootstrap_host_loopback_cinder_size: 1024 +# +# Boolean option to deploy the loopback disk for Swift +bootstrap_host_loopback_swift: yes +# Size of the Swift loopback disk in gigabytes (GB). +bootstrap_host_loopback_swift_size: 1024 +# +# Boolean option to deploy the loopback disk for Nova +bootstrap_host_loopback_nova: yes +# Size of the Nova loopback disk in gigabytes (GB). +bootstrap_host_loopback_nova_size: 1024 + +## Bridge configuration +# The AIO bootstrap configures bridges for use with the AIO deployment. +# By default, these bridges are configured to be independent of any physical +# interfaces, and they have their 'bridge_ports' set to 'none'. However, +# deployers can add a physical interface to 'bridge_ports' to connect the +# bridge to a real physical interface. +# +# A setting of 'none' keeps the bridges as independent from physical +# interfaces (the default). +# +# Setting the value to 'eth1' would mean that the bridge is directly connected +# to the eth1 device. +# +# See https://wiki.debian.org/BridgeNetworkConnections for more details. +bootstrap_host_bridge_mgmt_ports: none +bootstrap_host_bridge_vxlan_ports: none +bootstrap_host_bridge_storage_ports: none + +## Extra storage +# An AIO may optionally be built using a second storage device. If a +# secondary disk device to use is not specified, then the AIO will be +# built on any existing disk partitions. +# +# WARNING: The data on a secondary storage device specified here will +# be destroyed and repartitioned. +# +# Specify the secondary disk device to use. +#bootstrap_host_data_disk_device: vdb +# +# Boolean value to force the repartitioning of the secondary device. +bootstrap_host_data_disk_device_force: no +# +# If the storage capacity on this device is greater than or equal to this +# size (in GB), the bootstrap process will use it. +bootstrap_host_data_disk_min_size: 80 + +### MongoDB Settings +# MongoDB is installed on the host in the AIO for Ceilometer and Aodh to use. +# +# Boolean value to deploy and configure the MongoDB service on the host. +bootstrap_host_mongodb_service: yes +# +# Specify the IP address of a MongoDB Host. +bootstrap_host_mongodb_address: 172.29.236.100 + +### Optional Settings ### + +# Set the apt repository URL's configured for the host and containers. +# By default the configuration will be derived from the host. +#bootstrap_host_ubuntu_repo: http://archive.ubuntu.com/ubuntu/ +#bootstrap_host_ubuntu_security_repo: http://archive.ubuntu.com/ubuntu/ + +# Specify the public IP address for the host. +# By default the address will be set to the ipv4 address of the +# host's network interface that has the default route on it. +#bootstrap_host_public_address: 0.0.0.0 diff --git a/tests/roles/bootstrap-host/tasks/check-requirements.yml b/tests/roles/bootstrap-host/tasks/check-requirements.yml new file mode 100644 index 0000000000..eb1dea560d --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/check-requirements.yml @@ -0,0 +1,56 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Check for a supported Operating System + assert: + that: ansible_distribution | lower == 'ubuntu' + tags: + - check-operating-system + +- name: Identify the space available in / + shell: | + df -BG / | awk '/^[^Filesystem]/ {print $4}' | sed 's/G//' + when: + - bootstrap_host_data_disk_device is not defined + changed_when: false + register: root_space_available + tags: + - check-disk-size + +- name: Fail if there is not enough space available in / + assert: + that: | + root_space_available.stdout | int >= (bootstrap_host_data_disk_min_size * 0.75) | int + when: + - bootstrap_host_data_disk_device is not defined + tags: + - check-disk-size + +- name: Fail if there is not enough disk space available (disk specified) + assert: + that: | + (ansible_devices[bootstrap_host_data_disk_device]['size'] | replace(' GB','')) | int + >= bootstrap_host_data_disk_min_size | int + when: + - bootstrap_host_data_disk_device is defined + tags: + - check-disk-size + +- name: Ensure that the kernel has VXLAN support + modprobe: + name: vxlan + state: present + tags: + - check-vxlan diff --git a/tests/roles/bootstrap-host/tasks/install-apt.yml b/tests/roles/bootstrap-host/tasks/install-apt.yml new file mode 100644 index 0000000000..ddb5b47267 --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/install-apt.yml @@ -0,0 +1,97 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure that apt supports HTTPS package sources + apt: + name: apt-transport-https + state: present + tags: + - apt-install-prerequisites + +- name: Determine the existing Ubuntu repo configuration + shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list' + register: ubuntu_repo + when: + - bootstrap_host_ubuntu_repo is not defined + changed_when: false + tags: + - find-apt-repo + +- name: Determine the existing Ubuntu Security repo configuration + shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }}-security main/ {print \$2; exit}" /etc/apt/sources.list' + register: ubuntu_security_repo + when: + - bootstrap_host_ubuntu_security_repo is not defined + changed_when: false + tags: + - find-apt-security-repo + +- name: Set apt repo facts based on discovered information + set_fact: + bootstrap_host_ubuntu_repo: "{{ ubuntu_repo.stdout }}" + bootstrap_host_ubuntu_security_repo: "{{ ubuntu_security_repo.stdout }}" + when: + - bootstrap_host_ubuntu_repo is not defined + - bootstrap_host_ubuntu_security_repo is not defined + - ubuntu_repo is defined + - ubuntu_security_repo is defined + +- name: Configure apt's sources.list (Ubuntu only) + template: + src: apt-sources.list.j2 + dest: /etc/apt/sources.list + backup: yes + when: + - ansible_distribution == 'Ubuntu' + - bootstrap_host_ubuntu_repo is defined + - bootstrap_host_ubuntu_security_repo is defined + register: apt_sources_configure + +- name: Update apt-cache + apt: + update_cache: yes + when: + - apt_sources_configure is defined + - apt_sources_configure | changed + tags: + - apt-cache-update + +- name: Remove known problem packages + apt: + name: "{{ item }}" + state: absent + with_items: + - "{{ packages_remove }}" + tags: + - remove-packages + +- name: Install required packages + apt: + name: "{{ item }}" + state: present + with_items: + - "{{ packages_install }}" + tags: + - install-packages + +- name: Install MongoDB packages + apt: + name: "{{ item }}" + state: present + with_items: + - "{{ packages_mongodb }}" + when: bootstrap_host_mongodb_service | bool + tags: + - install-mongodb diff --git a/tests/roles/bootstrap-host/tasks/main.yml b/tests/roles/bootstrap-host/tasks/main.yml new file mode 100644 index 0000000000..9074c17fae --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/main.yml @@ -0,0 +1,110 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Before we do anything, check the minimum requirements +- include: check-requirements.yml + tags: + - check-requirements + +# We will look for the most specific variable files first and eventually +# end up with the least-specific files. +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}.yml" + tags: + - always + +- name: Create the required directories + file: + path: "{{ item }}" + state: directory + with_items: + - "/openstack" + tags: + - create-directories + +# Configure apt in a known way to reduce the chance of unexpected failures +- include: install-apt.yml + when: + - ansible_pkg_mgr == 'apt' + tags: + - install-apt + +# Prepare the data disk, if one is provided +- include: prepare_data_disk.yml + when: + - bootstrap_host_data_disk_device is defined + tags: + - prepare-data-disk + +# Prepare the swap space loopback disk +# This is only necessary if there isn't swap already +- include: prepare_loopback_swap.yml + when: + - ansible_swaptotal_mb < 1 + tags: + - prepare-loopback-swap + +# Prepare the Cinder LVM VG loopback disk +# This is only necessary if bootstrap_host_loopback_cinder is set to yes +- include: prepare_loopback_cinder.yml + when: + - bootstrap_host_loopback_cinder | bool + tags: + - prepare-loopback-cinder + +# Prepare the Nova instance storage loopback disk +- include: prepare_loopback_nova.yml + when: + - bootstrap_host_loopback_nova | bool + tags: + - prepare-loopback-nova + +# Prepare the Swift data storage loopback disks +- include: prepare_loopback_swift.yml + when: + - bootstrap_host_loopback_swift | bool + tags: + - prepare-loopback-swift + +# Prepare the network interfaces +- include: prepare_networking.yml + tags: + - prepare-networking + +# Ensure that there are both private and public ssh keys for root +- include: prepare_ssh_keys.yml + tags: + - prepare-ssh-keys + +# Put the OpenStack-Ansible configuration for an All-In-One on the host +- include: prepare_aio_config.yml + when: bootstrap_host_aio_config | bool + tags: + - prepare-aio-config + +# Prepare the MongoDB Service for Ceilometer/Aodh +- include: prepare_mongodb_service.yml + when: bootstrap_host_mongodb_service | bool + tags: + - prepare-mongodb-service + +# Prepare the MongoDB Users for Ceilometer/Aodh +- include: prepare_mongodb_users.yml + tags: + - prepare-mongodb-users diff --git a/tests/roles/bootstrap-host/tasks/prepare_aio_config.yml b/tests/roles/bootstrap-host/tasks/prepare_aio_config.yml new file mode 100644 index 0000000000..02157c90dc --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_aio_config.yml @@ -0,0 +1,149 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +- name: Create the required deployment directories + file: + path: "{{ item }}" + state: directory + with_items: + - "/etc/openstack_deploy/" + - "/etc/openstack_deploy/conf.d" + - "/etc/openstack_deploy/env.d" + tags: + - create-directories + +- name: Deploy environment (env.d) configuration + config_template: + src: "../etc/openstack_deploy/env.d/{{ item.name }}" + dest: "/etc/openstack_deploy/env.d/{{ item.name }}" + config_overrides: "{{ item.override }}" + config_type: "yaml" + with_items: + - name: aodh.yml + override: "{{ aodh_env_overrides | default({}) }}" + - name: ceilometer.yml + override: "{{ ceilometer_env_overrides | default({}) }}" + - name: cinder.yml + override: "{{ cinder_env_overrides | default({}) }}" + - name: galera.yml + override: "{{ galera_env_overrides | default({}) }}" + - name: glance.yml + override: "{{ glance_env_overrides | default({}) }}" + - name: haproxy.yml + override: "{{ haproxy_env_overrides | default({}) }}" + - name: heat.yml + override: "{{ heat_env_overrides | default({}) }}" + - name: horizon.yml + override: "{{ horizon_env_overrides | default({}) }}" + - name: infra.yml + override: "{{ infra_env_overrides | default({}) }}" + - name: keystone.yml + override: "{{ keystone_env_overrides | default({}) }}" + - name: memcache.yml + override: "{{ memcache_env_overrides | default({}) }}" + - name: neutron.yml + override: "{{ neutron_env_overrides | default({}) }}" + - name: nova.yml + override: "{{ nova_env_overrides | default({}) }}" + - name: os-infra.yml + override: "{{ os_infra_env_overrides | default({}) }}" + - name: pkg_repo.yml + override: "{{ pkg_repo_env_overrides | default({}) }}" + - name: rabbitmq.yml + override: "{{ rabbitmq_env_overrides | default({}) }}" + - name: rsyslog.yml + override: "{{ rsyslog_env_overrides | default({}) }}" + - name: shared-infra.yml + override: "{{ shared_infra_env_overrides | default({}) }}" + - name: swift-remote.yml + override: "{{ swift_remote_env_overrides | default({}) }}" + - name: swift.yml + override: "{{ swift_env_overrides | default({}) }}" + - name: utility.yml + override: "{{ utility_env_overrides | default({}) }}" + tags: + - deploy-envd + +- name: Deploy user conf.d configuration + config_template: + src: "../etc/openstack_deploy/conf.d/{{ item.name }}" + dest: "/etc/openstack_deploy/conf.d/{{ item.name | regex_replace('.aio$', '') }}" + config_overrides: "{{ item.override }}" + config_type: "yaml" + with_items: + - name: aodh.yml.aio + override: "{{ aodh_conf_overrides | default({}) }}" + - name: ceilometer.yml.aio + override: "{{ ceilometer_conf_overrides | default({}) }}" + - name: swift.yml.aio + override: "{{ swift_conf_overrides | default({}) }}" + tags: + - deploy-confd + +- name: Deploy openstack_user_config + config_template: + src: "../etc/openstack_deploy/openstack_user_config.yml.aio" + dest: "/etc/openstack_deploy/openstack_user_config.yml" + config_overrides: "{{ openstack_user_config_overrides | default({}) }}" + config_type: "yaml" + tags: + - deploy-openstack-user-config + +- name: Deploy openstack_environment + config_template: + src: "../etc/openstack_deploy/openstack_environment.yml" + dest: "/etc/openstack_deploy/openstack_environment.yml" + config_overrides: "{{ openstack_environment_overrides | default({}) }}" + config_type: "yaml" + tags: + - deploy-openstack-environment + +- name: Deploy user_secrets file + config_template: + src: "../etc/openstack_deploy/user_secrets.yml" + dest: "/etc/openstack_deploy/user_secrets.yml" + config_overrides: "{{ user_secrets_overrides | default({}) }}" + config_type: "yaml" + tags: + - deploy-user-secrets + +- name: Generate any missing values in user_secrets + shell: ../scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml + tags: + - generate_secrets + +- name: Get the DNS servers in use on the host + shell: grep nameserver /etc/resolv.conf + register: nameservers + when: + - lxc_cache_resolvers is not defined + tags: + - get-nameservers + +- name: Set lxc_cache_resolvers fact + set_fact: + lxc_cache_resolvers: "[\"{{ nameservers.stdout_lines | join('\",\"') }}\"]" + when: + - nameservers is defined + tags: + - set-fact-lxc_cache_resolvers + +- name: Set the user_variables + config_template: + src: user_variables.aio.yml.j2 + dest: /etc/openstack_deploy/user_variables.yml + config_overrides: "{{ user_variables_overrides | default({}) }}" + config_type: yaml diff --git a/tests/roles/bootstrap-host/tasks/prepare_data_disk.yml b/tests/roles/bootstrap-host/tasks/prepare_data_disk.yml new file mode 100644 index 0000000000..81b00c4de1 --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_data_disk.yml @@ -0,0 +1,73 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# Only execute the disk partitioning process if a partition labeled +# 'openstack-data{1,2}' is not present and that partition is not +# formatted as ext4. This is an attempt to achieve idempotency just +# in case these tasks are executed multiple times. +- name: Determine whether partitions labeled openstack-data{1,2} are present + shell: | + parted --script -l -m | egrep -q ':ext4:openstack-data[12]:;$' + register: data_disk_partitions + changed_when: false + ignore_errors: yes + tags: + - check-data-disk-partitions + +- name: Dismount and remove fstab entries for anything on the data disk device + mount: + name: "{{ item.mount }}" + src: "{{ item.device }}" + fstype: ext4 + state: absent + when: + - data_disk_partitions.rc == 1 or bootstrap_host_data_disk_device_force | bool + - item.device | search(bootstrap_host_data_disk_device) + with_items: + - "{{ ansible_mounts }}" + +- name: Partition the whole data disk for our usage + shell: "{{ item }}" + when: data_disk_partitions.rc == 1 or bootstrap_host_data_disk_device_force | bool + with_items: + - "parted --script /dev/{{ bootstrap_host_data_disk_device }} mklabel gpt" + - "parted --align optimal --script /dev/{{ bootstrap_host_data_disk_device }} mkpart openstack-data1 ext4 0% 40%" + - "parted --align optimal --script /dev/{{ bootstrap_host_data_disk_device }} mkpart openstack-data2 ext4 40% 100%" + tags: + - create-data-disk-partitions + +- name: Format the partitions + filesystem: + fstype: ext4 + dev: "{{ item }}" + when: data_disk_partitions.rc == 1 or bootstrap_host_data_disk_device_force | bool + with_items: + - "/dev/{{ bootstrap_host_data_disk_device }}1" + - "/dev/{{ bootstrap_host_data_disk_device }}2" + tags: + - format-data-partitions + +- name: Create the mount points, fstab entries and mount the file systems + mount: + name: "{{ item.mount_point }}" + src: "{{ item.device }}" + fstype: ext4 + state: mounted + with_items: + - { mount_point: /openstack, device: "/dev/{{ bootstrap_host_data_disk_device }}1"} + - { mount_point: /var/lib/lxc, device: "/dev/{{ bootstrap_host_data_disk_device }}2"} + tags: + - mount-data-partitions diff --git a/tests/roles/bootstrap-host/tasks/prepare_loopback_cinder.yml b/tests/roles/bootstrap-host/tasks/prepare_loopback_cinder.yml new file mode 100644 index 0000000000..4480b8c4c0 --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_loopback_cinder.yml @@ -0,0 +1,72 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create sparse Cinder file + shell: "truncate -s {{ bootstrap_host_loopback_cinder_size }}G /openstack/cinder.img" + args: + creates: /openstack/cinder.img + register: cinder_create + tags: + - cinder-file-create + +- name: Get a loopback device for cinder file + shell: losetup -f + when: cinder_create | changed + register: cinder_losetup + tags: + - cinder-device-get + +- name: Create the loopback device + shell: "losetup {{ cinder_losetup.stdout }} /openstack/cinder.img" + when: cinder_create | changed + tags: + - cinder-device-create + +- name: Ensure that rc.local exists + file: + path: /etc/rc.local + state: touch + mode: "u+x" + tags: + - cinder-rc-file + +# As the cinder loopback is an LVM VG, it needs to be mounted differently +# to the other loopback files. It requires the use of rc.local to attach +# the loopback device on boot so that the VG becomes available immediately +# after the boot process completes. +- name: Create loopback devices at boot time + lineinfile: + dest: /etc/rc.local + line: "losetup $(losetup -f) /openstack/cinder.img" + tags: + - cinder-rc-config + +- name: Make LVM physical volume on the cinder device + shell: "{{ item }}" + when: cinder_create | changed + with_items: + - "pvcreate {{ cinder_losetup.stdout }}" + - "pvscan" + tags: + - cinder-lvm-pv + +- name: Add cinder-volumes volume group + lvg: + vg: cinder-volumes + pvs: "{{ cinder_losetup.stdout }}" + when: cinder_create | changed + tags: + - cinder-lvm-vg + diff --git a/tests/roles/bootstrap-host/tasks/prepare_loopback_nova.yml b/tests/roles/bootstrap-host/tasks/prepare_loopback_nova.yml new file mode 100644 index 0000000000..609e3a46b8 --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_loopback_nova.yml @@ -0,0 +1,39 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create sparse Nova file + shell: "truncate -s {{ bootstrap_host_loopback_nova_size }}G /openstack/nova.img" + args: + creates: /openstack/nova.img + register: nova_create + tags: + - nova-file-create + +- name: Format the Nova file + filesystem: + fstype: ext4 + dev: /openstack/nova.img + when: nova_create | changed + tags: + - nova-format-file + +- name: Create the mount points, fstab entries and mount the file systems + mount: + name: /var/lib/nova/instances + src: /openstack/nova.img + fstype: ext4 + state: mounted + tags: + - nova-file-mount diff --git a/tests/roles/bootstrap-host/tasks/prepare_loopback_swap.yml b/tests/roles/bootstrap-host/tasks/prepare_loopback_swap.yml new file mode 100644 index 0000000000..14f83e8155 --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_loopback_swap.yml @@ -0,0 +1,61 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create swap file + shell: "fallocate -l {{ bootstrap_host_swap_size }}G /openstack/swap.img" + args: + creates: /openstack/swap.img + register: swap_create + tags: + - swap-file-create + +- name: Set swap file permissions to 0600 + file: + path: /openstack/swap.img + mode: 0600 + tags: + - swap-permissions + +- name: Format the swap file + shell: mkswap /openstack/swap.img + when: swap_create | changed + tags: + - swap-format + +- name: Ensure that the swap file entry is in /etc/fstab + mount: + name: none + src: /openstack/swap.img + fstype: swap + opts: sw + passno: 0 + dump: 0 + state: present + tags: + - swap-fstab + +- name: Bring swap file online + shell: swapon /openstack/swap.img + tags: + - swap-online + +- name: Set system swappiness + sysctl: + name: vm.swappiness + value: 10 + state: present + tags: + - swap-sysctl + diff --git a/tests/roles/bootstrap-host/tasks/prepare_loopback_swift.yml b/tests/roles/bootstrap-host/tasks/prepare_loopback_swift.yml new file mode 100644 index 0000000000..adb8eb2488 --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_loopback_swift.yml @@ -0,0 +1,54 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create sparse Swift files + shell: "truncate -s {{ bootstrap_host_loopback_cinder_size }}G /openstack/{{ item }}.img" + args: + creates: "/openstack/{{ item }}.img" + with_items: + - 'swift1' + - 'swift2' + - 'swift3' + register: swift_create + tags: + - swift-file-create + +- name: Format the Swift files + filesystem: + fstype: xfs + dev: "/openstack/{{ item }}.img" + when: swift_create | changed + with_items: + - 'swift1' + - 'swift2' + - 'swift3' + tags: + - swift-format-file + +- name: Create the Swift mount points, fstab entries and mount the file systems + mount: + name: "/srv/{{ item }}.img" + src: "/openstack/{{ item }}.img" + fstype: xfs + opts: 'loop,noatime,nodiratime,nobarrier,logbufs=8' + passno: 0 + dump: 0 + state: mounted + with_items: + - 'swift1' + - 'swift2' + - 'swift3' + tags: + - swift-file-mount diff --git a/tests/roles/bootstrap-host/tasks/prepare_mongodb_service.yml b/tests/roles/bootstrap-host/tasks/prepare_mongodb_service.yml new file mode 100644 index 0000000000..86f356d9d6 --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_mongodb_service.yml @@ -0,0 +1,61 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Configure the MongoDB bind address + lineinfile: + dest: /etc/mongodb.conf + regexp: "^(#)?bind_ip" + line: "bind_ip = {{ bootstrap_host_mongodb_address }}" + register: mongodb_bind + tags: + - mongodb-conf-bind_ip + +- name: Enable the MongoDB smallfiles option + lineinfile: + dest: /etc/mongodb.conf + regexp: "^(#)?smallfiles" + line: "smallfiles = true" + register: mongodb_smallfiles + tags: + - mongodb-conf-smallfiles + +- name: Restart mongodb + service: + name: mongodb + state: restarted + when: + - mongodb_bind | changed or mongodb_smallfiles | changed + register: mongodb_restart + tags: + - mongodb-restart + +- name: Wait for mongodb to come back online after the restart + wait_for: + host: "{{ bootstrap_host_mongodb_address }}" + port: 27017 + delay: 5 + timeout: 30 + when: + - mongodb_restart is defined + - mongodb_restart | changed + tags: + - mongodb-wait + +- name: Test mongodb connectivity + command: "mongo --host {{ bootstrap_host_mongodb_address }} --eval ' '" + changed_when: False + tags: + - mongodb-test + diff --git a/tests/roles/bootstrap-host/tasks/prepare_mongodb_users.yml b/tests/roles/bootstrap-host/tasks/prepare_mongodb_users.yml new file mode 100644 index 0000000000..e600f973ad --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_mongodb_users.yml @@ -0,0 +1,41 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Read user_secrets vars + include_vars: /etc/openstack_deploy/user_secrets.yml + tags: + - mongodb-secrets + +- name: Add ceilometer database user + mongodb_user: + login_host: "{{ bootstrap_host_mongodb_address }}" + database: ceilometer + name: ceilometer + password: "{{ ceilometer_container_db_password }}" + roles: 'readWrite,dbAdmin' + state: present + tags: + - mongodb-create-user-ceilometer + +- name: Add aodh database user + mongodb_user: + login_host: "{{ bootstrap_host_mongodb_address }}" + database: aodh + name: aodh + password: "{{ aodh_container_db_password }}" + roles: 'readWrite,dbAdmin' + state: present + tags: + - mongodb-create-user-aodh diff --git a/tests/roles/bootstrap-host/tasks/prepare_networking.yml b/tests/roles/bootstrap-host/tasks/prepare_networking.yml new file mode 100644 index 0000000000..7641c0d40f --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_networking.yml @@ -0,0 +1,58 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure that /etc/network/interfaces.d/ exists + file: + path: /etc/network/interfaces.d/ + state: directory + tags: + - networking-dir-create + +- name: Copy network configuration + template: + src: osa_interfaces.cfg.j2 + dest: /etc/network/interfaces.d/osa_interfaces.cfg + register: osa_interfaces + tags: + - networking-interfaces-file + +- name: Ensure our interfaces.d configuration files are loaded automatically + lineinfile: + dest: /etc/network/interfaces + line: "source /etc/network/interfaces.d/*.cfg" + tags: + - networking-interfaces-load + +- name: Shut down the network interfaces + command: "ifdown {{ item }}" + when: osa_interfaces | changed + with_items: + - br-mgmt + - br-storage + - br-vlan + - br-vxlan + tags: + - networking-interfaces-stop + +- name: Start the network interfaces + command: "ifup {{ item }}" + when: osa_interfaces | changed + with_items: + - br-mgmt + - br-storage + - br-vlan + - br-vxlan + tags: + - networking-interfaces-start diff --git a/tests/roles/bootstrap-host/tasks/prepare_ssh_keys.yml b/tests/roles/bootstrap-host/tasks/prepare_ssh_keys.yml new file mode 100644 index 0000000000..4961ea03b7 --- /dev/null +++ b/tests/roles/bootstrap-host/tasks/prepare_ssh_keys.yml @@ -0,0 +1,67 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure root has a .ssh directory + file: + path: /root/.ssh + state: directory + owner: root + group: root + mode: 0700 + tags: + - ssh-key-dir + +- name: Check for existing ssh private key file + stat: + path: /root/.ssh/id_rsa + register: ssh_key_private + tags: + - ssh-key-check + +- name: Check for existing ssh public key file + stat: + path: /root/.ssh/id_rsa.pub + register: ssh_key_public + tags: + - ssh-key-check + +- name: Remove an existing private/public ssh keys if one is missing + file: + path: "/root/.ssh/{{ item }}" + state: absent + when: not ssh_key_public.stat.exists or not ssh_key_private.stat.exists + with_items: + - 'id_rsa' + - 'id_rsa.pub' + tags: + - ssh-key-clean + +- name: Create ssh key pair for root + user: + name: root + generate_ssh_key: yes + ssh_key_bits: 2048 + ssh_key_file: /root/.ssh/id_rsa + tags: + - ssh-key-generate + +- name: Ensure root's new public ssh key is in authorized_keys + authorized_key: + user: root + key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}" + manage_dir: no + tags: + - ssh-key-authorized + diff --git a/tests/roles/bootstrap-host/templates/apt-sources.list.j2 b/tests/roles/bootstrap-host/templates/apt-sources.list.j2 new file mode 100644 index 0000000000..20f4e0b33d --- /dev/null +++ b/tests/roles/bootstrap-host/templates/apt-sources.list.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} + +# Base repositories +deb {{ bootstrap_host_ubuntu_repo }} {{ ansible_distribution_release }} main restricted universe multiverse +# Updates repositories +deb {{ bootstrap_host_ubuntu_repo }} {{ ansible_distribution_release }}-updates main restricted universe multiverse +# Backports repositories +deb {{ bootstrap_host_ubuntu_repo }} {{ ansible_distribution_release }}-backports main restricted universe multiverse +# Security repositories +deb {{ bootstrap_host_ubuntu_security_repo }} {{ ansible_distribution_release }}-security main restricted universe multiverse diff --git a/tests/roles/bootstrap-host/templates/osa_interfaces.cfg.j2 b/tests/roles/bootstrap-host/templates/osa_interfaces.cfg.j2 new file mode 100644 index 0000000000..14f7b58723 --- /dev/null +++ b/tests/roles/bootstrap-host/templates/osa_interfaces.cfg.j2 @@ -0,0 +1,68 @@ +## The default networking requires several bridges. These bridges were named to be informative +## however they can be named what ever you like and is adaptable to any network infrastructure +## environment. This file serves as an example of how to setup basic networking and was ONLY +## built for the purpose of being an example and used expressly in the building of an ALL IN +## ONE development environment. + +auto br-mgmt +iface br-mgmt inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + # Notice the bridge port is the vlan tagged interface + bridge_ports {{ bootstrap_host_bridge_mgmt_ports }} + address 172.29.236.100 + netmask 255.255.252.0 + offload-sg off + +auto br-vxlan +iface br-vxlan inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{ bootstrap_host_bridge_vxlan_ports }} + address 172.29.240.100 + netmask 255.255.252.0 + offload-sg off + # To ensure ssh checksum is correct + up /sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill + down /sbin/iptables -D POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill + # To provide internet connectivity to instances + up /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE + down /sbin/iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE + +auto br-storage +iface br-storage inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{ bootstrap_host_bridge_storage_ports }} + address 172.29.244.100 + netmask 255.255.252.0 + offload-sg off + +auto br-vlan +iface br-vlan inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + address 172.29.248.100 + netmask 255.255.252.0 + offload-sg off + # Create veth pair, don't bomb if already exists + pre-up ip link add br-vlan-veth type veth peer name eth12 || true + # Set both ends UP + pre-up ip link set br-vlan-veth up + pre-up ip link set eth12 up + # Delete veth pair on DOWN + post-down ip link del br-vlan-veth || true + bridge_ports br-vlan-veth + +# Add an additional address to br-vlan +iface br-vlan inet static + # Flat network default gateway + # -- This needs to exist somewhere for network reachability + # -- from the router namespace for floating IP paths. + # -- Putting this here is primarily for tempest to work. + address 172.29.248.1 + netmask 255.255.252.0 diff --git a/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2 b/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2 new file mode 100644 index 0000000000..6e7aae2dc8 --- /dev/null +++ b/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2 @@ -0,0 +1,91 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## General options +debug: True + +## Ceilometer Options +ceilometer_db_type: mongodb +ceilometer_db_ip: {{ bootstrap_host_mongodb_address }} +ceilometer_db_port: 27017 +cinder_ceilometer_enabled: True +glance_ceilometer_enabled: True +heat_ceilometer_enabled: True +neutron_ceilometer_enabled: True +nova_ceilometer_enabled: True +swift_ceilometer_enabled: True + +## Aodh Options +aodh_db_type: mongodb +aodh_db_ip: {{ bootstrap_host_mongodb_address }} +aodh_db_port: 27017 + +## Glance Options +glance_default_store: swift + +## SSL Settings +ssl_protocol: "ALL -SSLv2 -SSLv3" +# Cipher suite string from https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ +ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" + +## Cinder settings +cinder_service_backup_program_enabled: True + +## Tempest settings +tempest_service_available_ceilometer: True +tempest_public_subnet_cidr: 172.29.248.0/22 +tempest_volume_backup_enabled: True + +## Galera settings +galera_innodb_buffer_pool_size: 512M +galera_innodb_log_buffer_size: 32M +galera_wsrep_provider_options: + - { option: "gcache.size", value: "32M" } + +## Set workers for all services to optimise memory usage +ceilometer_api_workers: 2 +ceilometer_collector_workers: 2 +ceilometer_notification_workers: 2 +cinder_osapi_volume_workers: 2 +glance_api_workers: 2 +glance_registry_workers: 2 +heat_api_workers: 2 +heat_engine_workers: 2 +horizon_wsgi_processes: 2 +horizon_wsgi_threads: 2 +keystone_wsgi_processes: 2 +neutron_api_workers: 2 +neutron_metadata_workers: 1 +neutron_rpc_workers: 1 +nova_conductor_workers: 2 +nova_metadata_workers: 2 +nova_osapi_compute_workers: 2 +swift_account_server_workers: 2 +swift_container_server_workers: 2 +swift_object_server_workers: 2 +swift_proxy_server_workers: 2 + +# NOTE: hpcloud-b4's eth0 uses 10.0.3.0/24, which overlaps with the +# lxc_net_address default +# TODO: We'll need to implement a mechanism to determine valid lxc_net_address +# value which will not overlap with an IP already assigned to the host. +lxc_net_address: 10.255.255.1 +lxc_net_netmask: 255.255.255.0 +lxc_net_dhcp_range: 10.255.255.2,10.255.255.253 + +## LXC Container Settings +lxc_cache_resolvers: {{ lxc_cache_resolvers }} +lxc_container_template_main_apt_repo: {{ bootstrap_host_ubuntu_repo }} +lxc_container_template_security_apt_repo: {{ bootstrap_host_ubuntu_security_repo }} diff --git a/tests/roles/bootstrap-host/vars/ubuntu.yml b/tests/roles/bootstrap-host/vars/ubuntu.yml new file mode 100644 index 0000000000..40ccbefabd --- /dev/null +++ b/tests/roles/bootstrap-host/vars/ubuntu.yml @@ -0,0 +1,39 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +packages_install: + - bridge-utils + - build-essential + - curl + - ethtool + - git-core + - ipython + - linux-image-extra-{{ ansible_kernel }} + - lvm2 + - python2.7 + - python-dev + - tmux + - vim + - vlan + - xfsprogs + +packages_remove: + - libmysqlclient18 + - mysql-common + +packages_mongodb: + - mongodb-clients + - mongodb-server + - python-pymongo