openstack/openstack-ansible
Code Issues Proposed changes

Merge "Removed default lxc profile on container create"

Browse Source
This commit is contained in:
Jenkins 2015-08-26 04:52:13 +00:00 committed by Gerrit Code Review
commit abe8411164
16 changed files with 171 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
playbooks/galera-install.yml
View File

@ -67,6 +67,15 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
tags:
- lxc-aa-profile
- name: Galera extra lxc config
lxc_container:
name: "{{ container_name }}"
@ -75,7 +84,7 @@
container_config:
- "lxc.mount.entry=/openstack/{{ container_name }} var/lib/mysql none bind 0 0"
delegate_to: "{{ physical_host }}"
when: is_metal == false or is_metal == "False"
when: not is_metal | bool
tags:
- galera-mysql-dir
- name: Flush net cache

10
playbooks/memcached-install.yml
View File

@ -17,6 +17,16 @@
hosts: memcached
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
tags:
- lxc-aa-profile
roles:
- { role: "memcached_server", tags: [ "memcached-server" ] }
- role: "system_crontab_coordination"

13
playbooks/os-ceilometer-install.yml
View File

@ -18,6 +18,15 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
tags:
- lxc-aa-profile
- name: Flush net cache
command: /usr/local/bin/lxc-system-manage flush-net-cache
delegate_to: "{{ physical_host }}"
@ -47,7 +56,7 @@
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-ceilometer" }
when: is_metal == true or is_metal == "True"
when: is_metal | bool
tags:
- ceilometer-logs
- ceilometer-log-dirs
@ -59,7 +68,7 @@
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-ceilometer", dest: "/var/log/ceilometer", state: "link" }
when: is_metal == true or is_metal == "True"
when: is_metal | bool
tags:
- ceilometer-logs
roles:

28
playbooks/os-cinder-install.yml
View File

@ -18,6 +18,17 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=unconfined"
delegate_to: "{{ physical_host }}"
when: >
not is_metal | bool and
inventory_hostname in groups['cinder_volume']
tags:
- lxc-aa-profile
- name: Add volume group block device to cinder
shell: |
{% if item.1.volume_group is defined %}
@ -36,27 +47,16 @@
delegate_to: "{{ physical_host }}"
tags:
- cinder-lxc-devices
- name: Cinder extra lxc config
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=unconfined"
- "lxc.cgroup.devices.allow=a *:* rmw"
delegate_to: "{{ physical_host }}"
when: (is_metal == false or is_metal == "False") and inventory_hostname not in groups['cinder_volume']
tags:
- cinder-container-setup
- name: Cinder volume extra lxc config
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.autodev=0"
- "lxc.aa_profile=unconfined"
- "lxc.cgroup.devices.allow=a *:* rmw"
- "lxc.mount.entry=udev dev devtmpfs defaults 0 0"
delegate_to: "{{ physical_host }}"
when: >
(is_metal == false or is_metal == "False") and
not is_metal | bool and
inventory_hostname in groups['cinder_volume'] and
cinder_backend_lvm_inuse
tags:
@ -97,7 +97,7 @@
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-cinder" }
when: is_metal == true or is_metal == "True"
when: is_metal | bool
tags:
- cinder-logs
- cinder-log-dirs
@ -109,7 +109,7 @@
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-cinder", dest: "/var/log/cinder", state: "link" }
when: is_metal == true or is_metal == "True"
when: is_metal | bool
tags:
- cinder-logs
roles:

15
playbooks/os-glance-install.yml
View File

@ -18,6 +18,15 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
tags:
- lxc-aa-profile
- name: Glance extra lxc config
lxc_container:
name: "{{ container_name }}"
@ -26,7 +35,7 @@
container_config:
- "lxc.mount.entry=/openstack/{{ container_name }} var/lib/glance/images none bind 0 0"
delegate_to: "{{ physical_host }}"
when: is_metal == false or is_metal == "False"
when: not is_metal | bool
tags:
- glance-cache-dir
- name: Flush net cache
@ -58,7 +67,7 @@
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-glance" }
when: is_metal == true or is_metal == "True"
when: is_metal | bool
tags:
- glance-logs
- glance-log-dirs
@ -70,7 +79,7 @@
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-glance", dest: "/var/log/glance", state: "link" }
when: is_metal == true or is_metal == "True"
when: is_metal | bool
tags:
- glance-logs
roles:

13
playbooks/os-heat-install.yml
View File

@ -18,6 +18,15 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
tags:
- lxc-aa-profile
- name: Sort the rabbitmq servers
dist_sort:
value_to_lookup: "{{ container_name }}"
@ -33,7 +42,7 @@
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-heat" }
when: is_metal == true or is_metal == "True"
when: is_metal | bool
tags:
- heat-logs
- heat-log-dirs
@ -45,7 +54,7 @@
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-heat", dest: "/var/log/heat", state: "link" }
when: is_metal == true or is_metal == "True"
when: is_metal | bool
tags:
- heat-logs
roles:

13
playbooks/os-horizon-install.yml
View File

@ -18,6 +18,15 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
tags:
- lxc-aa-profile
- name: Sort the rabbitmq servers
dist_sort:
value_to_lookup: "{{ container_name }}"
@ -33,7 +42,7 @@
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-horizon" }
when: is_metal == true or is_metal == "True"
when: is_metal | bool
tags:
- horizon-logs
- horizon-log-dirs
@ -45,7 +54,7 @@
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-horizon", dest: "/var/log/horizon", state: "link" }
when: is_metal == true or is_metal == "True"
when: is_metal | bool
tags:
- horizon-logs
roles:

13
playbooks/os-keystone-install.yml
View File

@ -18,6 +18,15 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
tags:
- lxc-aa-profile
- name: Sort the rabbitmq servers
dist_sort:
value_to_lookup: "{{ container_name }}"
@ -33,7 +42,7 @@
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-keystone" }
when: is_metal == true or is_metal == "True"
when: is_metal | bool
tags:
- keystone-logs
- keystone-log-dirs
@ -45,7 +54,7 @@
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-keystone", dest: "/var/log/keystone", state: "link" }
when: is_metal == true or is_metal == "True"
when: is_metal | bool
tags:
- keystone-logs
roles:

20
playbooks/os-neutron-install.yml
View File

@ -18,17 +18,29 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=unconfined"
delegate_to: "{{ physical_host }}"
when: >
not is_metal | bool and
inventory_hostname in groups['neutron_agent']
tags:
- lxc-aa-profile
- name: Neutron extra lxc config
lxc_container:
name: "{{ container_name }}"
container_command: |
[[ ! -d "/lib/modules" ]] && mkdir -p "/lib/modules"
container_config:
- "lxc.aa_profile=unconfined"
- "lxc.cgroup.devices.allow=a *:* rmw"
- "lxc.mount.entry=/lib/modules lib/modules none bind 0 0"
delegate_to: "{{ physical_host }}"
when: is_metal == false or is_metal == "False"
when: >
not is_metal | bool and
inventory_hostname in groups['neutron_agent']
tags:
- neutron-container-setup
- name: Flush net cache
@ -60,7 +72,7 @@
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-neutron" }
when: is_metal == true or is_metal == "True"
when: is_metal | bool
tags:
- neutron-logs
- neutron-log-dirs
@ -72,7 +84,7 @@
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-neutron", dest: "/var/log/neutron", state: "link" }
when: is_metal == true or is_metal == "True"
when: is_metal | bool
tags:
- neutron-logs
- name: Create the neutron provider networks facts

17
playbooks/os-nova-install.yml
View File

@ -18,6 +18,15 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
tags:
- lxc-aa-profile
- name: Sort the rabbitmq servers
dist_sort:
value_to_lookup: "{{ container_name }}"
@ -49,7 +58,7 @@
delegate_to: "{{ physical_host }}"
when: >
inventory_hostname in groups['nova_compute'] and
(is_metal == false or is_metal == "False")
not is_metal | bool
tags:
- nova-kvm
- nova-kvm-container-devices
@ -63,7 +72,7 @@
'added' in device_add.stdout.lower()
when: >
inventory_hostname in groups['nova_compute'] and
(is_metal == false or is_metal == "False") and
not is_metal | bool and
nova_virt_type == 'kvm'
tags:
- nova-kvm
@ -74,7 +83,7 @@
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-nova" }
when: is_metal == true or is_metal == "True"
when: is_metal | bool
tags:
- nova-logs
- nova-log-dirs
@ -86,7 +95,7 @@
force: "yes"
with_items:
- { src: "/openstack/log/{{ inventory_hostname }}-nova", dest: "/var/log/nova", state: "link" }
when: is_metal == true or is_metal == "True"
when: is_metal | bool
tags:
- nova-logs
roles:

13
playbooks/os-swift-setup.yml
View File

@ -20,13 +20,22 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
tags:
- lxc-aa-profile
- name: Create log dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/log/{{ inventory_hostname }}-swift" }
when: is_metal == true or is_metal == "True"
when: is_metal | bool
tags:
- swift-logs
- swift-log-dirs
@ -44,7 +53,7 @@
owner: "syslog"
group: "syslog"
state: "link"
when: is_metal == true or is_metal == "True"
when: is_metal | bool
tags:
- swift-logs
roles:

10
playbooks/rabbitmq-install.yml
View File

@ -17,6 +17,16 @@
hosts: rabbitmq_all
max_fail_percentage: 0
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
tags:
- lxc-aa-profile
roles:
- role: "rabbitmq_server"
tags:

11
playbooks/repo-server.yml
View File

@ -18,6 +18,15 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
tags:
- lxc-aa-profile
- name: Package repo extra lxc config
lxc_container:
name: "{{ container_name }}"
@ -26,7 +35,7 @@
container_config:
- "lxc.mount.entry=/openstack/{{ container_name }} var/www none bind 0 0"
delegate_to: "{{ physical_host }}"
when: is_metal == false or is_metal == "False"
when: not is_metal | bool
tags:
- repo-dirs
- name: Flush net cache

1
playbooks/roles/lxc_container_create/tasks/container_create.yml
View File

@ -101,7 +101,6 @@
container_config:
- "lxc.mount.entry=/openstack/backup/{{ inventory_hostname }} var/backup none defaults,bind,rw 0 0"
- "lxc.mount.entry=/openstack/log/{{ inventory_hostname }} var/log/{{ properties.log_directory | default(properties.service_name) }} none defaults,bind,rw 0 0"
- "lxc.aa_profile=lxc-openstack"
when: properties.service_name is defined
delegate_to: "{{ physical_host }}"
tags:

13
playbooks/rsyslog-install.yml
View File

@ -18,12 +18,21 @@
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
tags:
- lxc-aa-profile
- name: Ensure log stroage directory exists
file:
path: "/openstack/{{ container_name }}/log-storage"
state: "directory"
delegate_to: "{{ physical_host }}"
when: is_metal == false or is_metal == "False"
when: not is_metal | bool
tags:
- rsyslog-storage-dirs
- name: Rsyslog server extra lxc config
@ -34,7 +43,7 @@
container_config:
- "lxc.mount.entry=/openstack/{{ container_name }}/log-storage {{ storage_directory.lstrip('/') }} none bind 0 0"
delegate_to: "{{ physical_host }}"
when: is_metal == false or is_metal == "False"
when: not is_metal | bool
tags:
- rsyslog-storage-dirs
- name: Flush net cache

10
playbooks/utility-install.yml
View File

@ -17,6 +17,16 @@
hosts: utility_all
max_fail_percentage: 20
user: root
pre_tasks:
- name: Use the lxc-openstack aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=lxc-openstack"
delegate_to: "{{ physical_host }}"
when: not is_metal | bool
tags:
- lxc-aa-profile
roles:
- { role: "galera_client", tags: [ "utility-galera-client" ] }
- { role: "pip_lock_down", tags: [ "utility-pip-lock-down" ] }