Fix for proxy environment vars

* Ignore errors on install of sysstat * Fixes for ELK playbook (if SELinux is disabled) * Doc updates Change-Id: I4ac94e3a3cb5b2558a727e8761e2506ba0b62df2
2017-06-13 10:59:56 -04:00 · 2017-06-13 10:59:56 -04:00 · 41681ebcbd
commit 41681ebcbd
parent d901fd4734
17 changed files with 58 additions and 9 deletions
--- a/ansible/install/browbeat.yml
+++ b/ansible/install/browbeat.yml
@ -21,6 +21,7 @@
    - shaker
    - flavors
    - images
+  environment: "{{proxy_env}}"

 - hosts: compute
  remote_user: "{{ host_remote_user }}"
--- a/ansible/install/collectd-generic.yml
+++ b/ansible/install/collectd-generic.yml
@ -18,6 +18,7 @@
    - epel
    - collectd-generic
  tags: baremetal
+  environment: "{{proxy_env}}"

 - hosts: guest
  remote_user: root
@ -27,6 +28,7 @@
    - epel
    - collectd-generic
  tags: guest
+  environment: "{{proxy_env}}"

 - hosts: graphite
  remote_user: root
@ -36,3 +38,4 @@
    - epel
    - collectd-generic
  tags: graphite
+  environment: "{{proxy_env}}"
--- a/ansible/install/collectd-openstack.yml
+++ b/ansible/install/collectd-openstack.yml
@ -31,6 +31,7 @@
      when: not collectd_undercloud
      ignore_errors: true
  tags: undercloud
+  environment: "{{proxy_env}}"

 - hosts: controller
  remote_user: "{{ host_remote_user }}"
@ -48,6 +49,7 @@
      when: not collectd_controller
      ignore_errors: true
  tags: controller
+  environment: "{{proxy_env}}"

 - hosts: blockstorage
  remote_user: "{{ host_remote_user }}"
@ -65,6 +67,7 @@
      when: not collectd_blockstorage
      ignore_errors: true
  tags: blockstorage
+  environment: "{{proxy_env}}"

 - hosts: objectstorage
  remote_user: "{{ host_remote_user }}"
@ -82,6 +85,7 @@
      when: not collectd_objectstorage
      ignore_errors: true
  tags: objectstorage
+  environment: "{{proxy_env}}"

 - hosts: cephstorage
  remote_user: "{{ host_remote_user }}"
@ -99,6 +103,7 @@
      when: not collectd_cephstorage
      ignore_errors: true
  tags: cephstorage
+  environment: "{{proxy_env}}"

 - hosts: compute
  remote_user: "{{ host_remote_user }}"
@ -116,3 +121,4 @@
      when: not collectd_compute
      ignore_errors: true
  tags: compute
+  environment: "{{proxy_env}}"
--- a/ansible/install/elk-client.yml
+++ b/ansible/install/elk-client.yml
@ -7,3 +7,4 @@
  remote_user: root
  roles:
    - { role: filebeat }
+  environment: "{{proxy_env}}"
--- a/ansible/install/elk-openstack-client.yml
+++ b/ansible/install/elk-openstack-client.yml
@ -6,8 +6,10 @@
  remote_user: "{{ local_remote_user }}"
  roles:
     - { role: filebeat }
+  environment: "{{proxy_env}}"

 - hosts: controller,compute,cephstorage
  remote_user: "{{ host_remote_user }}"
  roles:
    - { role: filebeat }
+  environment: "{{proxy_env}}"
--- a/ansible/install/elk.yml
+++ b/ansible/install/elk.yml
@ -13,8 +13,10 @@
    - { role: nginx }
    - { role: curator, when: install_curator_tool }
    - { role: kibana }
+  environment: "{{proxy_env}}"

 - hosts: localhost
-  remote_user: "{{ local_remote_user }}"
+  connection: local
  roles:
    - { role: es-template }
+  environment: "{{proxy_env}}"
--- a/ansible/install/grafana-dashboards.yml
+++ b/ansible/install/grafana-dashboards.yml
@ -63,3 +63,4 @@
        process_list_name: Graphite
  roles:
    - grafana-dashboards
+  environment: "{{proxy_env}}"
--- a/ansible/install/grafana.yml
+++ b/ansible/install/grafana.yml
@ -8,3 +8,4 @@
  roles:
    - epel
    - grafana
+  environment: "{{proxy_env}}"
--- a/ansible/install/graphite.yml
+++ b/ansible/install/graphite.yml
@ -8,3 +8,4 @@
  roles:
    - epel
    - graphite
+  environment: "{{proxy_env}}"
--- a/ansible/install/group_vars/all.yml
+++ b/ansible/install/group_vars/all.yml
@ -74,6 +74,14 @@ images:
 # DNS Server to add
 dns_server: 8.8.8.8

+# Proxy Settings
+proxy_env: {}
+# Example use:
+# proxy_env:
+#   http_proxy: http://proxy.example.com:80
+#   https_proxy: http://proxy.example.com:80
+#   no_proxy: localhost, example.sat6.com, graphite-server.com, elk-server.com
+
 # Disables dns lookup by overcloud sshd process
 disable_ssh_dns: false

@ -82,9 +90,10 @@ epel7_rpm: https://download.fedoraproject.org/pub/epel/epel-release-latest-7.noa
 epel7_rpmkey: https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7

 # Extra Repos to add during collectd install
-repos:
-  rhel-7-server-beta:
-    baseurl: http://walkabout.foobar.com/released/RHEL-7/7.3-Beta/Server/x86_64/os/
+repos: {}
+# repos:
+#   rhel-7-server-beta:
+#     baseurl: http://walkabout.foobar.com/released/RHEL-7/7.3-Beta/Server/x86_64/os/

 # Host where connmond will be running
 connmon_host: 192.0.2.1
--- a/ansible/install/kibana-visuals.yml
+++ b/ansible/install/kibana-visuals.yml
@ -24,3 +24,4 @@

  roles:
    - kibana-visualization
+  environment: "{{proxy_env}}"
--- a/ansible/install/roles/browbeat-results/tasks/main.yml
+++ b/ansible/install/roles/browbeat-results/tasks/main.yml
@ -36,6 +36,7 @@
    state: yes
    persistent: yes
  become: true
+  when: "ansible_selinux['status'] == 'enabled'"

 - name: Allow httpd to serve content in "{{ home_dir }}"
  file:
@ -53,10 +54,11 @@
  shell: "/usr/sbin/semanage port -m -t http_port_t -p tcp {{browbeat_results_port}}"
  become: true
  register: seport_modified
+  when: "ansible_selinux['status'] == 'enabled'"
  ignore_errors: true

 # If port can not be modified, it likely has to be added (Ex. Port 9002)
 - name: Allow httpd to listen to port ({{browbeat_results_port}}) via add
  shell: "/usr/sbin/semanage port -a -t http_port_t -p tcp {{browbeat_results_port}}"
  become: true
-  when: seport_modified.rc != 0
+  when: "(ansible_selinux['status'] == 'enabled') and (seport_modified.rc != 0)"
--- a/ansible/install/roles/collectd-openstack/tasks/main.yml
+++ b/ansible/install/roles/collectd-openstack/tasks/main.yml
@ -31,11 +31,14 @@

 # Iostat plugin requires sysstat since shelling iostat for stats, Also it is
 # handy to have sysstat.
+# (akrzos) Ignore errors on install since we attempt to install without
+# checking any vars if we really want/require sysstat
 - name: (Iostat python plugin) Install sysstat
  yum:
    name: sysstat
    state: present
  become: true
+  ignore_errors: true

 - name: (Keystone Token Count) Install libdbi mysql driver
  yum:
--- a/ansible/install/roles/firewall/tasks/main.yml
+++ b/ansible/install/roles/firewall/tasks/main.yml
@ -95,6 +95,7 @@
    line: '-A INPUT -p tcp -m tcp --dport {{shaker_port}} -j ACCEPT'
    insertbefore: '^-A INPUT -i lo'
    backup: yes
+    create: yes
  become: true
  when: firewalld_in_use.rc != 0 and firewalld_is_active.rc != 0 and iptables_shaker_port_exists.stdout|int == 0
  register: iptables_needs_restart
--- a/ansible/install/roles/nginx/tasks/main.yml
+++ b/ansible/install/roles/nginx/tasks/main.yml
@ -15,6 +15,7 @@
 # SELinux boolean for nginx
 - name: Apply SELinux boolean httpd_can_network_connect
  seboolean: name=httpd_can_network_connect state=yes persistent=yes
+  when: "ansible_selinux['status'] == 'enabled'"

 # create /etc/nginx/conf.d/ directory
 - name: Create nginx directory structure
--- a/ansible/install/statsd.yml
+++ b/ansible/install/statsd.yml
@ -7,3 +7,4 @@
  roles:
    - epel
    - statsd-install
+  environment: "{{proxy_env}}"
--- a/doc/source/installation.rst
+++ b/doc/source/installation.rst
@ -270,6 +270,10 @@ Check network connectivity
  [browbeat1@browbeatvm ~]$ scp stack@undercloud-1:/home/stack/overcloudrc .
  overcloudrc                               100%  553     0.5KB/s   00:00

+.. note::  In SSL environments, you must copy the certificate over and
+  check that the "OS_CA_CERT" variable is set correctly to the copied
+  certificate location
+
 5. Install RPM requirements

 ::
@ -289,8 +293,7 @@ Check network connectivity
  Receiving objects: 100% (7425/7425), 5.23 MiB | 0 bytes/s, done.
  Resolving deltas: 100% (4280/4280), done.

-7. Generate hosts, ssh-config, and retrieve heat-admin-id_rsa. Then uncomment
-   "localhost" under Browbeat Hosts Group
+7. Generate hosts, ssh-config, and retrieve heat-admin-id_rsa.

 ::

@ -312,6 +315,10 @@ localhost rather than the undercloud.
 In this case, adjust browbeat_user, iptables_file and dns_server.  Each
 environment is different and thus your configuration options will vary.

+.. note::  If you require a proxy to get outside your network, you must
+  configure http_proxy, https_proxy, no_proxy variables in the proxy_env
+  dictionary in install/group_vars/all.yml
+
 9. Run Browbeat install playbook

 ::
@ -446,7 +453,7 @@ Installation

 ::

-  [root@dhcp23-93 ~]# yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+  [root@dhcp23-93 ~]# yum install -y https://download.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
  ...
  [root@dhcp23-93 ~]# yum install -y ansible git

@ -499,6 +506,9 @@ Content of hosts file should be following
 Depending on the environment you may need to edit more than just the following
 variables - graphite_host and grafana_host

+.. note::  If you require a proxy to get outside your network, you must
+  configure http_proxy, https_proxy, no_proxy variables in the proxy_env
+  dictionary in install/group_vars/all.yml

 7. Install Carbon and Graphite via Ansible playbook

@ -578,7 +588,7 @@ Installation

 ::

-  [root@dhcp23-93 ~]# yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+  [root@dhcp23-93 ~]# yum install -y https://download.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
  ...
  [root@dhcp23-93 ~]# yum install -y ansible git

@ -632,6 +642,9 @@ variables - es_ip
 If you are deploying using a machine that is not an OSP undercloud, be sure to edit
 the home_dir/browbeat_path to match its actual path.

+.. note::  If you require a proxy to get outside your network, you must
+  configure http_proxy, https_proxy, no_proxy variables in the proxy_env
+  dictionary in install/group_vars/all.yml

 7. Install ELK via Ansible playbook