--- # Copyright 2018, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # This playbook is meant to run after setup-hosts. # To succeed, it expects the setup-hosts playbook to have run successfuly. # Test if the openstack-hosts-setup play was a success. # TO BE IMPLEMENTED # Test if security-hardening was a success. # TO BE IMPLEMENTED # Test if containers-deploy was a success. # Ensure the lxc containers are properly setup - name: Ensuring hosts good behavior hosts: lxc_hosts gather_facts: yes tasks: - name: Looking for dnsmasq process command: pgrep dnsmasq changed_when: false - name: Ensuring containers creation, connection and good behavior hosts: all_containers gather_facts: yes tasks: - name: Gather additional facts setup: gather_subset: "!all,network" filter: ansible_interfaces delegate_to: "{{ physical_host }}" delegate_facts: true - name: Ensure the physical host has all the proper interfaces defined assert: that: - item.value.bridge in hostvars[physical_host]['ansible_facts']['interfaces'] with_dict: "{{ container_networks }}" - name: Check if dns resolution and external connectivity is fine get_url: url: https://opendev.org/openstack/openstack-ansible/raw/ansible-role-requirements.yml dest: /tmp/osa-master-requirements mode: "0600" environment: "{{ deployment_environment_variables | default({}) }}" # Test extra settings before setup-infrastructure - name: Ensure the internal_interfaces are well in the right range hosts: localhost gather_facts: no tasks: - name: Check your internal network is using private ips assert: that: - internal_lb_vip_address | ansible.utils.ipaddr('private') # Test openstack_hosts role - name: Playbook for role testing hosts: localhost become: true gather_facts: true tasks: - name: Open modules file slurp: src: "{{ (ansible_facts['os_family'] | lower == 'debian') | ternary('/etc/modules', '/etc/modules-load.d/openstack-ansible.conf') }}" register: modules_file - name: Open sysctl file slurp: src: /etc/sysctl.conf register: sysctl_file - name: Open hosts file slurp: src: /etc/hosts register: hosts_file - name: Open /etc/environment file slurp: src: /etc/environment register: environment_file - name: Read files set_fact: modules_content: "{{ modules_file.content | b64decode }}" sysctl_content: "{{ sysctl_file.content | b64decode }}" hosts_content: "{{ hosts_file.content | b64decode }}" environment_content: "{{ environment_file.content | b64decode }}" - name: Check for release file stat: path: /etc/openstack-release register: release_file - name: Check for systat file stat: path: "{{ (ansible_facts['os_family'] | lower == 'debian') | ternary('/etc/default/sysstat', '/etc/sysconfig/sysstat') }}" register: systat_file - name: Check for ssh dir stat: path: "{{ ansible_facts['env']['HOME'] }}/.ssh" register: ssh_dir - name: Check role functions assert: that: - "'dm_multipath' in modules_content" - "'ebtables' in modules_content" - "'vm.swappiness' in sysctl_content" - "('172.29.236.100 ' ~ ansible_facts['fqdn'] ~ ' ' ~ ansible_facts['hostname']) in hosts_content" - "(hostvars[groups['galera_all'][0]]['management_address'] ~ ' ' ~ hostvars[groups['galera_all'][0]]['ansible_facts']['hostname'] ~ '.openstack.local ' ~ hostvars[groups['galera_all'][0]]['ansible_facts']['hostname'] ~ ((hostvars[groups['galera_all'][0]]['ansible_facts']['hostname'] != groups['galera_all'][0]) | ternary(' ' ~ groups['galera_all'][0], ''))) in hosts_content" # noqa: yaml[line-length] - "release_file.stat.exists" - "systat_file.stat.exists" - "'PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' in environment_content" - "ssh_dir.stat.isdir"