From 41681ebcbd7861456564fe4fcb82591d9c7a5eaf Mon Sep 17 00:00:00 2001 From: akrzos Date: Tue, 13 Jun 2017 10:59:56 -0400 Subject: [PATCH] Fix for proxy environment vars * Ignore errors on install of sysstat * Fixes for ELK playbook (if SELinux is disabled) * Doc updates Change-Id: I4ac94e3a3cb5b2558a727e8761e2506ba0b62df2 --- ansible/install/browbeat.yml | 1 + ansible/install/collectd-generic.yml | 3 +++ ansible/install/collectd-openstack.yml | 6 ++++++ ansible/install/elk-client.yml | 1 + ansible/install/elk-openstack-client.yml | 2 ++ ansible/install/elk.yml | 4 +++- ansible/install/grafana-dashboards.yml | 1 + ansible/install/grafana.yml | 1 + ansible/install/graphite.yml | 1 + ansible/install/group_vars/all.yml | 15 ++++++++++--- ansible/install/kibana-visuals.yml | 1 + .../roles/browbeat-results/tasks/main.yml | 4 +++- .../roles/collectd-openstack/tasks/main.yml | 3 +++ ansible/install/roles/firewall/tasks/main.yml | 1 + ansible/install/roles/nginx/tasks/main.yml | 1 + ansible/install/statsd.yml | 1 + doc/source/installation.rst | 21 +++++++++++++++---- 17 files changed, 58 insertions(+), 9 deletions(-) diff --git a/ansible/install/browbeat.yml b/ansible/install/browbeat.yml index e9febd3dc..a431a7f49 100644 --- a/ansible/install/browbeat.yml +++ b/ansible/install/browbeat.yml @@ -21,6 +21,7 @@ - shaker - flavors - images + environment: "{{proxy_env}}" - hosts: compute remote_user: "{{ host_remote_user }}" diff --git a/ansible/install/collectd-generic.yml b/ansible/install/collectd-generic.yml index da75502d2..b0ede1154 100644 --- a/ansible/install/collectd-generic.yml +++ b/ansible/install/collectd-generic.yml @@ -18,6 +18,7 @@ - epel - collectd-generic tags: baremetal + environment: "{{proxy_env}}" - hosts: guest remote_user: root @@ -27,6 +28,7 @@ - epel - collectd-generic tags: guest + environment: "{{proxy_env}}" - hosts: graphite remote_user: root @@ -36,3 +38,4 @@ - epel - collectd-generic tags: graphite + environment: "{{proxy_env}}" diff --git a/ansible/install/collectd-openstack.yml b/ansible/install/collectd-openstack.yml index 543d28b62..890197c28 100644 --- a/ansible/install/collectd-openstack.yml +++ b/ansible/install/collectd-openstack.yml @@ -31,6 +31,7 @@ when: not collectd_undercloud ignore_errors: true tags: undercloud + environment: "{{proxy_env}}" - hosts: controller remote_user: "{{ host_remote_user }}" @@ -48,6 +49,7 @@ when: not collectd_controller ignore_errors: true tags: controller + environment: "{{proxy_env}}" - hosts: blockstorage remote_user: "{{ host_remote_user }}" @@ -65,6 +67,7 @@ when: not collectd_blockstorage ignore_errors: true tags: blockstorage + environment: "{{proxy_env}}" - hosts: objectstorage remote_user: "{{ host_remote_user }}" @@ -82,6 +85,7 @@ when: not collectd_objectstorage ignore_errors: true tags: objectstorage + environment: "{{proxy_env}}" - hosts: cephstorage remote_user: "{{ host_remote_user }}" @@ -99,6 +103,7 @@ when: not collectd_cephstorage ignore_errors: true tags: cephstorage + environment: "{{proxy_env}}" - hosts: compute remote_user: "{{ host_remote_user }}" @@ -116,3 +121,4 @@ when: not collectd_compute ignore_errors: true tags: compute + environment: "{{proxy_env}}" diff --git a/ansible/install/elk-client.yml b/ansible/install/elk-client.yml index 082eccff3..677ba3d46 100644 --- a/ansible/install/elk-client.yml +++ b/ansible/install/elk-client.yml @@ -7,3 +7,4 @@ remote_user: root roles: - { role: filebeat } + environment: "{{proxy_env}}" diff --git a/ansible/install/elk-openstack-client.yml b/ansible/install/elk-openstack-client.yml index 7e140fb50..e13c78936 100644 --- a/ansible/install/elk-openstack-client.yml +++ b/ansible/install/elk-openstack-client.yml @@ -6,8 +6,10 @@ remote_user: "{{ local_remote_user }}" roles: - { role: filebeat } + environment: "{{proxy_env}}" - hosts: controller,compute,cephstorage remote_user: "{{ host_remote_user }}" roles: - { role: filebeat } + environment: "{{proxy_env}}" diff --git a/ansible/install/elk.yml b/ansible/install/elk.yml index 23480ff2a..6f7ace0ff 100644 --- a/ansible/install/elk.yml +++ b/ansible/install/elk.yml @@ -13,8 +13,10 @@ - { role: nginx } - { role: curator, when: install_curator_tool } - { role: kibana } + environment: "{{proxy_env}}" - hosts: localhost - remote_user: "{{ local_remote_user }}" + connection: local roles: - { role: es-template } + environment: "{{proxy_env}}" diff --git a/ansible/install/grafana-dashboards.yml b/ansible/install/grafana-dashboards.yml index c9f13c1d2..ec3856ace 100644 --- a/ansible/install/grafana-dashboards.yml +++ b/ansible/install/grafana-dashboards.yml @@ -63,3 +63,4 @@ process_list_name: Graphite roles: - grafana-dashboards + environment: "{{proxy_env}}" diff --git a/ansible/install/grafana.yml b/ansible/install/grafana.yml index 84febe0bd..9af215e3b 100644 --- a/ansible/install/grafana.yml +++ b/ansible/install/grafana.yml @@ -8,3 +8,4 @@ roles: - epel - grafana + environment: "{{proxy_env}}" diff --git a/ansible/install/graphite.yml b/ansible/install/graphite.yml index 2f08507b9..ec38f1caa 100644 --- a/ansible/install/graphite.yml +++ b/ansible/install/graphite.yml @@ -8,3 +8,4 @@ roles: - epel - graphite + environment: "{{proxy_env}}" diff --git a/ansible/install/group_vars/all.yml b/ansible/install/group_vars/all.yml index 1c135bd5a..11e7b2430 100644 --- a/ansible/install/group_vars/all.yml +++ b/ansible/install/group_vars/all.yml @@ -74,6 +74,14 @@ images: # DNS Server to add dns_server: 8.8.8.8 +# Proxy Settings +proxy_env: {} +# Example use: +# proxy_env: +# http_proxy: http://proxy.example.com:80 +# https_proxy: http://proxy.example.com:80 +# no_proxy: localhost, example.sat6.com, graphite-server.com, elk-server.com + # Disables dns lookup by overcloud sshd process disable_ssh_dns: false @@ -82,9 +90,10 @@ epel7_rpm: https://download.fedoraproject.org/pub/epel/epel-release-latest-7.noa epel7_rpmkey: https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 # Extra Repos to add during collectd install -repos: - rhel-7-server-beta: - baseurl: http://walkabout.foobar.com/released/RHEL-7/7.3-Beta/Server/x86_64/os/ +repos: {} +# repos: +# rhel-7-server-beta: +# baseurl: http://walkabout.foobar.com/released/RHEL-7/7.3-Beta/Server/x86_64/os/ # Host where connmond will be running connmon_host: 192.0.2.1 diff --git a/ansible/install/kibana-visuals.yml b/ansible/install/kibana-visuals.yml index ab5d62b44..11a52afbc 100644 --- a/ansible/install/kibana-visuals.yml +++ b/ansible/install/kibana-visuals.yml @@ -24,3 +24,4 @@ roles: - kibana-visualization + environment: "{{proxy_env}}" diff --git a/ansible/install/roles/browbeat-results/tasks/main.yml b/ansible/install/roles/browbeat-results/tasks/main.yml index 92704d6e6..b681230af 100644 --- a/ansible/install/roles/browbeat-results/tasks/main.yml +++ b/ansible/install/roles/browbeat-results/tasks/main.yml @@ -36,6 +36,7 @@ state: yes persistent: yes become: true + when: "ansible_selinux['status'] == 'enabled'" - name: Allow httpd to serve content in "{{ home_dir }}" file: @@ -53,10 +54,11 @@ shell: "/usr/sbin/semanage port -m -t http_port_t -p tcp {{browbeat_results_port}}" become: true register: seport_modified + when: "ansible_selinux['status'] == 'enabled'" ignore_errors: true # If port can not be modified, it likely has to be added (Ex. Port 9002) - name: Allow httpd to listen to port ({{browbeat_results_port}}) via add shell: "/usr/sbin/semanage port -a -t http_port_t -p tcp {{browbeat_results_port}}" become: true - when: seport_modified.rc != 0 + when: "(ansible_selinux['status'] == 'enabled') and (seport_modified.rc != 0)" diff --git a/ansible/install/roles/collectd-openstack/tasks/main.yml b/ansible/install/roles/collectd-openstack/tasks/main.yml index 94c0caa42..36ecbe348 100644 --- a/ansible/install/roles/collectd-openstack/tasks/main.yml +++ b/ansible/install/roles/collectd-openstack/tasks/main.yml @@ -31,11 +31,14 @@ # Iostat plugin requires sysstat since shelling iostat for stats, Also it is # handy to have sysstat. +# (akrzos) Ignore errors on install since we attempt to install without +# checking any vars if we really want/require sysstat - name: (Iostat python plugin) Install sysstat yum: name: sysstat state: present become: true + ignore_errors: true - name: (Keystone Token Count) Install libdbi mysql driver yum: diff --git a/ansible/install/roles/firewall/tasks/main.yml b/ansible/install/roles/firewall/tasks/main.yml index bb1b04e18..eaa2023b7 100644 --- a/ansible/install/roles/firewall/tasks/main.yml +++ b/ansible/install/roles/firewall/tasks/main.yml @@ -95,6 +95,7 @@ line: '-A INPUT -p tcp -m tcp --dport {{shaker_port}} -j ACCEPT' insertbefore: '^-A INPUT -i lo' backup: yes + create: yes become: true when: firewalld_in_use.rc != 0 and firewalld_is_active.rc != 0 and iptables_shaker_port_exists.stdout|int == 0 register: iptables_needs_restart diff --git a/ansible/install/roles/nginx/tasks/main.yml b/ansible/install/roles/nginx/tasks/main.yml index fe576fb35..a758d0b67 100644 --- a/ansible/install/roles/nginx/tasks/main.yml +++ b/ansible/install/roles/nginx/tasks/main.yml @@ -15,6 +15,7 @@ # SELinux boolean for nginx - name: Apply SELinux boolean httpd_can_network_connect seboolean: name=httpd_can_network_connect state=yes persistent=yes + when: "ansible_selinux['status'] == 'enabled'" # create /etc/nginx/conf.d/ directory - name: Create nginx directory structure diff --git a/ansible/install/statsd.yml b/ansible/install/statsd.yml index f4ee344fe..45934b272 100644 --- a/ansible/install/statsd.yml +++ b/ansible/install/statsd.yml @@ -7,3 +7,4 @@ roles: - epel - statsd-install + environment: "{{proxy_env}}" diff --git a/doc/source/installation.rst b/doc/source/installation.rst index 124a72c6c..970e73aed 100644 --- a/doc/source/installation.rst +++ b/doc/source/installation.rst @@ -270,6 +270,10 @@ Check network connectivity [browbeat1@browbeatvm ~]$ scp stack@undercloud-1:/home/stack/overcloudrc . overcloudrc 100% 553 0.5KB/s 00:00 +.. note:: In SSL environments, you must copy the certificate over and + check that the "OS_CA_CERT" variable is set correctly to the copied + certificate location + 5. Install RPM requirements :: @@ -289,8 +293,7 @@ Check network connectivity Receiving objects: 100% (7425/7425), 5.23 MiB | 0 bytes/s, done. Resolving deltas: 100% (4280/4280), done. -7. Generate hosts, ssh-config, and retrieve heat-admin-id_rsa. Then uncomment - "localhost" under Browbeat Hosts Group +7. Generate hosts, ssh-config, and retrieve heat-admin-id_rsa. :: @@ -312,6 +315,10 @@ localhost rather than the undercloud. In this case, adjust browbeat_user, iptables_file and dns_server. Each environment is different and thus your configuration options will vary. +.. note:: If you require a proxy to get outside your network, you must + configure http_proxy, https_proxy, no_proxy variables in the proxy_env + dictionary in install/group_vars/all.yml + 9. Run Browbeat install playbook :: @@ -446,7 +453,7 @@ Installation :: - [root@dhcp23-93 ~]# yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm + [root@dhcp23-93 ~]# yum install -y https://download.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm ... [root@dhcp23-93 ~]# yum install -y ansible git @@ -499,6 +506,9 @@ Content of hosts file should be following Depending on the environment you may need to edit more than just the following variables - graphite_host and grafana_host +.. note:: If you require a proxy to get outside your network, you must + configure http_proxy, https_proxy, no_proxy variables in the proxy_env + dictionary in install/group_vars/all.yml 7. Install Carbon and Graphite via Ansible playbook @@ -578,7 +588,7 @@ Installation :: - [root@dhcp23-93 ~]# yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm + [root@dhcp23-93 ~]# yum install -y https://download.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm ... [root@dhcp23-93 ~]# yum install -y ansible git @@ -632,6 +642,9 @@ variables - es_ip If you are deploying using a machine that is not an OSP undercloud, be sure to edit the home_dir/browbeat_path to match its actual path. +.. note:: If you require a proxy to get outside your network, you must + configure http_proxy, https_proxy, no_proxy variables in the proxy_env + dictionary in install/group_vars/all.yml 7. Install ELK via Ansible playbook