update for el9

.ansible-lint

@@ -1,5 +1,4 @@
 warn_list:
   - internal-error
-  - syntax-check
 skip_list:
   - '204'

.pre-commit-config.yaml

@@ -1,7 +1,7 @@
 ---
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.4.0
+    rev: v4.4.0
     hooks:
       - id: trailing-whitespace
       - id: end-of-file-fixer
@@ -12,24 +12,22 @@ repos:
       - id: pretty-format-json
       - id: detect-private-key
 
-  - repo: local
-    hooks:
-      - id: ansible-lint
-        name: Ansible-lint
-        description: This hook runs ansible-lint.
-        entry: ansible-lint --force-color
-        language: python
-        # do not pass files to ansible-lint, see:
-        # https://github.com/ansible/ansible-lint/issues/611
-        pass_filenames: false
-        always_run: true
+  # - repo: local
+  #   hooks:
+  #     # - id: ansible-lint
+      #   name: Ansible-lint
+      #   description: This hook runs ansible-lint.
+      #   entry: ansible-lint --force-color
+      #   language: python
+      #   # do not pass files to ansible-lint, see:
+      #   # https://github.com/ansible/ansible-lint/issues/611
+      #   pass_filenames: false
+      #   always_run: true
 
   - repo: https://github.com/adrienverge/yamllint.git
-    rev: v1.26.0
+    rev: v1.31.0
     hooks:
       - id: yamllint
         files: \.(yaml|yml)$
         types: [file, yaml]
         entry: yamllint
-
-exclude: '^ansible/playbooks/files/lxc_install_dnf.yml$'

ansible/ansible.cfg

@@ -66,7 +66,7 @@ no_log = False
 log_path		= tmp/ansible.log
 known_hosts     = tmp/known_hosts
 roles_path		= roles/local:roles/public
-collections_paths = collections
+collections_paths = collections/local:collections/public
 remote_user=root
 
 [inventory]

ansible/playbooks/bootstrap-cloud.yml

@@ -54,8 +54,9 @@
           tags: images
       # yamllint disable rule:braces
       loop:
-        - { name: 'cirros', filename: 'http://download.cirros-cloud.net/0.5.1/cirros-0.5.1-x86_64-disk.img', properties: {cpu_arch: x86_64, distro: cirros}}
-        - { name: 'rockylinux85', filename: 'https://dl.rockylinux.org/pub/rocky/8/images/Rocky-8-GenericCloud-8.5-20211114.2.x86_64.qcow2', properties: {cpu_arch: x86_64, distro: rocky}}
+        # - { name: 'cirros', filename: 'http://download.cirros-cloud.net/0.5.1/cirros-0.5.1-x86_64-disk.img', properties: {cpu_arch: x86_64, distro: cirros, protected: true}}
+        - { name: 'rockylinux86', filename: 'https://dl.rockylinux.org/pub/rocky/8/images/Rocky-8-GenericCloud.latest.x86_64.qcow2', properties: {cpu_arch: x86_64, distro: rocky}}
+        - { name: 'rockylinux90', filename: 'https://dl.rockylinux.org/pub/rocky/9/images/Rocky-9-GenericCloud.latest.x86_64.qcow2', properties: {cpu_arch: x86_64, distro: rocky}}
       # yamllint enable rule:braces
 
   post_tasks:

ansible/playbooks/files/interfaces.sh

@@ -1,135 +0,0 @@
-#!/bin/bash
-
-MGMT_SUBNET='172.29.220'
-VXLAN_SUBNET='172.29.224'
-STORAGE_SUBNET='172.29.228'
-
-
-iface_mgmt=$(ip addr | grep $MGMT_SUBNET | awk '{print $NF}')
-iface_vxlan=$(ip addr | grep $VXLAN_SUBNET | awk '{print $NF}')
-iface_storage=$(ip addr | grep $STORAGE_SUBNET | awk '{print $NF}')
-
-if [[ -z "${iface_mgmt}" ]]; then
-        echo "can't find mgmt interface"
-else
-        echo "mgmt interface is: ${iface_mgmt}"
-fi
-
-if [[ -z "${iface_vxlan}" ]]; then
-        echo "can't find vxlan interface"
-else
-        echo "vxlan interface is: ${iface_vxlan}"
-fi
-
-if [[ -z "${iface_storage}" ]]; then
-        echo "can't find storage interface"
-else
-        echo "storage interface is: ${iface_storage}"
-fi
-
-
-if [[ -z "${iface_mgmt}" && ( -z "${iface_vxlan}" || -z "${iface_storage}" ) ]]; then
-        echo "Stopping. Only a mgmt interface found. Need at least one of vxlan or storage"
-        exit 1
-fi
-
-
-HOSTNAME="$(hostname)"
-hostpart=''
-if [[ "$HOSTNAME" =~ "infra" ]]; then
-
-  let hostpart='5'
-
-  cat << EOF > ifcfg-br-mgmt\:10
-DEVICE=br-mgmt:10
-ONPARENT=on
-IPADDR=${MGMT_SUBNET}.10
-PREFIX=22
-EOF
-
-  cat << EOF > ifcfg-br-mgmt\:11
-DEVICE=br-mgmt:11
-ONPARENT=on
-IPADDR=${MGMT_SUBNET}.11
-PREFIX=22
-EOF
-
-fi
-
-if [[ "${HOSTNAME}" =~ "compute" ]]; then
-  let hostpart='6'
-fi
-if [[ "${HOSTNAME}" =~ "storage1" ]]; then
-  let hostpart='7'
-fi
-if [[ "${HOSTNAME}" =~ "storage2" ]]; then
-  let hostpart='8'
-fi
-if [[ "${HOSTNAME}" =~ "storage3" ]]; then
-  let hostpart='9'
-fi
-
-if [[ ! -z "${iface_mgmt}" ]]; then
-cat << EOF > ifcfg-br-mgmt
-BOOTPROTO=none
-DEVICE=br-mgmt
-NM_CONTROLLED=no
-IPADDR=${MGMT_SUBNET}.${hostpart}
-NETMASK=255.255.252.0
-ONBOOT=yes
-TYPE=Bridge
-USERCTL=no
-EOF
-
-cat << EOF > ifcfg-${iface_mgmt}
-TYPE=Ethernet
-DEVICE=${iface_mgmt}
-ONBOOT=yes
-BRIDGE=br-mgmt
-HWADDR=$(ip link show ${iface_mgmt} | awk '/link\/ether/{print $2}')
-EOF
-fi
-
-if [[ "${HOSTNAME}" =~ "storage" || ! -z "${iface_storage}" ]]; then
-
-  cat << EOF > ifcfg-br-storage
-BOOTPROTO=none
-DEVICE=br-storage
-IPADDR=${STORAGE_SUBNET}.${hostpart}
-NETMASK=255.255.252.0
-NM_CONTROLLED=no
-ONBOOT=yes
-TYPE=Bridge
-USERCTL=no
-EOF
-
-cat << EOF > ifcfg-${iface_storage}
-TYPE=Ethernet
-DEVICE=${iface_storage}
-ONBOOT=yes
-BRIDGE=br-storage
-HWADDR=$(ip link show ${iface_storage} | awk '/link\/ether/{print $2}')
-EOF
-
-fi
-
-if [[ ! -z "${iface_vxlan}" ]]; then
-cat << EOF > ifcfg-br-vxlan
-BOOTPROTO=none
-DEVICE=br-vxlan
-IPADDR=${VXLAN_SUBNET}.${hostpart}
-NETMASK=255.255.252.0
-NM_CONTROLLED=no
-ONBOOT=yes
-TYPE=Bridge
-USERCTL=no
-EOF
-
-cat << EOF > ifcfg-${iface_vxlan}
-TYPE=Ethernet
-DEVICE=${iface_vxlan}
-ONBOOT=yes
-BRIDGE=br-vxlan
-HWADDR=$(ip link show ${iface_vxlan} | awk '/link\/ether/{print $2}')
-EOF
-fi

ansible/playbooks/files/openstack_user_config.yml

@@ -5,16 +5,17 @@ cidr_networks:
   storage: 172.29.228.0/22
 
 used_ips:
-  - "172.29.220.1,172.29.220.50"
-  - "172.29.224.1,172.29.224.50"
-  - "172.29.228.1,172.29.228.50"
+  - "172.29.220.1"
+  - "172.29.224.1"
+  - "172.29.228.1"
+  - "172.29.232.1"
 
 
 global_overrides:
   # The internal and external VIP should be different IPs, however they
   # do not need to be on separate networks.
-  external_lb_vip_address: 172.29.220.10
-  internal_lb_vip_address: 172.29.220.11
+  external_lb_vip_address: 172.29.220.100
+  internal_lb_vip_address: "{{ bootstrap_host_public_address | default(ansible_facts['default_ipv4']['address']) }}"
   management_bridge: "br-mgmt"
   provider_networks:
     - network:
@@ -27,6 +28,14 @@ global_overrides:
           - all_containers
           - hosts
         is_container_address: true
+    - network:
+        container_bridge: "br-external"
+        container_type: "veth"
+        container_interface: "eth12"
+        type: "flat"
+        net_name: "external"
+        group_binds:
+          - neutron_linuxbridge_agent
     - network:
         container_bridge: "br-vxlan"
         container_type: "veth"
@@ -52,13 +61,15 @@ global_overrides:
 
 x-infra-hosts: &x-infra-hosts
   infra1:
-    ip: 172.29.220.5
+    ip: 172.29.220.10
 x-compute-hosts: &x-compute-hosts
   compute1:
-    ip: 172.29.220.6
+    ip: 172.29.220.20
+  compute2:
+    ip: 172.29.220.21
 x-storage-hosts: &x-storage-hosts
   storage1:
-    ip: 172.29.220.7
+    ip: 172.29.220.30
     container_vars:
       cinder_backends:
         limit_container_types: cinder_volume
@@ -66,7 +77,7 @@ x-storage-hosts: &x-storage-hosts
           volume_group: cinder-volumes
           volume_driver: cinder.volume.drivers.lvm.LVMVolumeDriver
           volume_backend_name: LVM_iSCSI
-          iscsi_ip_address: "172.29.228.7"
+          iscsi_ip_address: "172.29.228.10"
 
 ##
 ## Infrastructure

ansible/playbooks/files/patch.patch

@@ -1,57 +0,0 @@
-diff --git a/run_tests.sh b/run_tests.sh
-index 48ce6583b..5fffe12b6 100755
---- a/run_tests.sh
-+++ b/run_tests.sh
-@@ -54,7 +54,7 @@ source /etc/os-release || source /usr/lib/os-release
- # Figure out the appropriate package install command
- case ${ID,,} in
-     *suse*) pkg_mgr_cmd="zypper -n in" ;;
--    centos|rhel|fedora) pkg_mgr_cmd="dnf install -y" ;;
-+    rocky|rhel|fedora) pkg_mgr_cmd="dnf install -y" ;;
-     ubuntu|debian) pkg_mgr_cmd="apt-get install -y" ;;
-     # Gentoo needs to have version set since it's rolling
-     gentoo) pkg_mgr_cmd="emerge --jobs=4"; VERSION="rolling" ;;
-diff --git a/scripts/bootstrap-ansible.sh b/scripts/bootstrap-ansible.sh
-index 49a122a00..c464ffe72 100755
---- a/scripts/bootstrap-ansible.sh
-+++ b/scripts/bootstrap-ansible.sh
-@@ -71,7 +71,7 @@ determine_distro
-
- # Install the base packages
- case ${DISTRO_ID} in
--    centos|rhel)
-+    rocky|rhel)
-         dnf -y install \
-           git curl autoconf gcc gcc-c++ nc \
-           python3 python3-devel libselinux-python3 \
-diff --git a/scripts/scripts-library.sh b/scripts/scripts-library.sh
-index 742366cde..8d5ec1db2 100755
---- a/scripts/scripts-library.sh
-+++ b/scripts/scripts-library.sh
-@@ -212,7 +212,7 @@ function setup_ara {
- function run_dstat {
-   if [ "$GATE_EXIT_RUN_DSTAT" == true ]; then
-     case ${DISTRO_ID} in
--      centos|rhel)
-+      rocky|rhel)
-           dnf -y install dstat
-           ;;
-       ubuntu)
-@@ -261,7 +261,7 @@ function log_instance_info {
-           apt-get update
-           DEBIAN_FRONTEND=noninteractive apt-get -y install iproute2 net-tools
-           ;;
--      centos|rhel)
-+      rocky|rhel)
-           dnf -y install iproute
-           ;;
-   esac
-@@ -336,7 +336,7 @@ function get_instance_info {
-
-   determine_distro
-   case ${DISTRO_ID} in
--      centos|rhel|fedora|opensuse)
-+      rocky|rhel|fedora|opensuse)
-           rpm -qa | sort > \
-             "/openstack/log/instance-info/host_packages_info_${TS}.log" || true
-           ;;

ansible/playbooks/files/user_lxc.yml

@@ -4,4 +4,4 @@ lxc_hosts_container_build_command: "dnf --assumeyes --installroot=/var/lib/machi
 lxc_container_map:
   distro: "{{ hostvars[physical_host]['ansible_facts']['distribution'] | lower }}"
   arch: "{{ lxc_architecture_mapping.get( hostvars[physical_host]['ansible_facts']['architecture'] | lower ) }}"
-  release: "{{ hostvars[pyhsical_host]['ansible_facts']['distribution_major_version'] }}"
+  release: "{{ hostvars[physical_host]['ansible_facts']['distribution_major_version'] }}"

ansible/playbooks/setup-distributed.yml

@@ -2,9 +2,11 @@
 # Installs everything on hosts
 #
 - name: Bootstrap nodes for distributed OSA installation
-  hosts: "{{ host | default('infra1,compute1,storage1') }}"
+  hosts: "{{ host | default('infra1,compute1,compute2,storage1') }}"
   become: true
 
+  vars:
+
   handlers:
     - import_tasks: handlers/main.yml
 
@@ -26,19 +28,37 @@
 
   tasks:
     - name: Initialize nodes
-      import_tasks: tasks/init-nodes.yml
+      tags:
+        - init
+      args:
+        apply:
+          tags:
+            - init
+      include_tasks: tasks/init-nodes.yml
 
     - name: Reboot
       import_tasks: tasks/reboot.yml
       when: reboot | default(true) | bool
 
     - name: Setup infra hosts
-      import_tasks: tasks/infra-host.yml
-      when: tag.find("infra") != -1 or aio_install  | default(false) | bool # when on an infra tagged host
+      include_tasks: tasks/infra-host.yml
+      tags:
+        - infrastructure
+      args:
+        apply:
+          tags:
+            - infrastructure
+      when: tag.find("infra") != -1 or aio_install  | default(false) | bool
 
     - name: Setup storage hosts
-      import_tasks: tasks/storage-host.yml
-      when: tag.find("storage") != -1 # when on an storage tagged host
+      include_tasks: tasks/storage-host.yml
+      tags:
+        - storage
+      args:
+        apply:
+          tags:
+            - storage
+      when: tag.find("storage") != -1
 
   post_tasks:
     - name: Touching run file that ansible has ran here

ansible/playbooks/tasks/infra-host.yml

@@ -12,11 +12,11 @@
   block:
     - name: Copy template to etc
       ansible.builtin.copy:
-        remote_src: yes
+        remote_src: true
         src: /opt/openstack-ansible/etc/openstack_deploy/
         dest: /etc/openstack_deploy
-        directory_mode: yes
-        force: no
+        directory_mode: true
+        force: false
 
     - name: Copy distributed openstack configs
       ansible.builtin.copy:
@@ -35,17 +35,6 @@
         creates: /etc/openstack_deploy/user_secrets.yml.tar
   when: aio_install is undefined | default(false)
 
-    #- import_tasks: tasks/python3-lxc.yml
-
-    #- name:
-    #  copy:
-    #    content: ""
-    #    dest: /usr/share/lxc/config/rockylinux.common.conf
-    #    mode: '0644'
-    #    owner: root
-    #    group: root
-    #  tags: python3-lxc
-
 - name: "[AIO] Deploy and setup configuration / bootstrap"
   when: aio_install | default('false') | bool
   block:
@@ -60,7 +49,7 @@
         chdir: /opt/openstack-ansible/
         creates: /etc/openstack_deploy/
       environment:
-        SCENARIO: "{{ SCENARIO | default('aio_metal') }}"
+        SCENARIO: "{{ SCENARIO | default('aio_lxc') }}"
       tags:
         - bootstrap
         - aio
@@ -77,36 +66,9 @@
     dest: /etc/openstack_deploy/
     mode: '0644'
   with_items:
-    - user_lxc
     - user_galera
-    - user_debug
   tags: config
 
-- name: manually patch lxc_hosts role to bring in powertools repo
-  ansible.builtin.copy:
-    src: "files/{{ item }}.yml"
-    dest: /etc/ansible/roles/lxc_hosts/tasks/
-    mode: '0644'
-  with_items:
-    - lxc_install_dnf
-  tags: config,patch
-
-- name: manually patch os_nova role to kill powervmtools and futures== requiresments
-  ansible.builtin.copy:
-    src: "files/{{ item }}"
-    dest: /tmp/
-    mode: '0644'
-  with_items:
-    - os_nova.patch
-  tags: config,patch
-
-- name: patch the thing
-  args:
-    chdir: /etc/ansible/roles/os_nova/
-    creates: /etc/ansible/roles/os_nova/.patched
-  ansible.builtin.shell: 'patch -p1 < /tmp/os_nova.patch && touch .patched'
-
-
 - name: Disable SSH Agent Forwarding
   lineinfile:
     dest: /etc/ssh/sshd_config

ansible/playbooks/tasks/init-nodes.yml

@@ -2,9 +2,9 @@
 - name: Disable Firewalld
   ansible.builtin.systemd:
     name: firewalld.service
-    masked: yes
-    enabled: no
-    force: yes
+    masked: true
+    enabled: false
+    force: true
     state: stopped
   tags: services
 
@@ -20,12 +20,24 @@
     state: latest
   tags: packages
 
+- name: remove curl
+  ansible.builtin.dnf:
+    name: "curl"
+    state: absent
+  tags: packages
+
+- name: add curl-minimal
+  ansible.builtin.dnf:
+    name: "curl-minimal"
+    state: latest
+  tags: packages
+
 - name: Generate SSH key
   block:
     - name: Create ssh key for root
       ansible.builtin.user:
         name: root
-        generate_ssh_key: yes
+        generate_ssh_key: true
         ssh_key_bits: 4096
         ssh_key_file: .ssh/id_rsa
       register: sshkey_register
@@ -36,7 +48,7 @@
       fetch:
         src: "~/.ssh/id_rsa.pub"
         dest: "files/buffer/infra-id_rsa.pub"
-        flat: yes
+        flat: true
       when: sshkey_register.ssh_public_key != ""
       register: sshkey_fetch
 
@@ -54,23 +66,12 @@
   notify:
     - restart_sshd
 
-- name: Copy interface.sh script to host
-  ansible.builtin.copy:
-    src: 'files/interfaces.sh'
-    dest: '/root/interfaces.sh'
-    mode: 0744
-    owner: 'root'
-    group: 'root'
-  when: aio_install is undefined or not aio_install
-  tags:
-    - interfaces
-
-- name: Generate ifcfg files
-  shell: /root/interfaces.sh
+- name: Setup network
+  include_tasks: tasks/setup-network.yml
+  when: aio_install is undefined or not aio_install  # don't run when AIO
   args:
-    chdir: /etc/sysconfig/network-scripts/
-    creates: /etc/sysconfig/network-scripts/ifcfg-br-mgmt
-  when: aio_install is undefined or not aio_install
+    apply:
+      tags: interfaces
   tags:
     - interfaces
 
@@ -83,24 +84,23 @@
           - wget
           - chrony
           - openssh-server
-            #- python3-devel
           - sudo
-          - patch # temporary
         state: latest
       tags: packages
     - name: Clone repository
       ansible.builtin.git:
-        #repo: https://opendev.org/openstack/openstack-ansible.git
         repo: https://review.opendev.org/openstack/openstack-ansible
-          #single_branch: yes
         dest: /opt/openstack-ansible
-        version: 'master'
+        version: stable/zed
+        # version: 'b958c02eeed355484be12db736ed81a047f7d7c0'
+        # refspec: 'refs/changes/81/852181/2'
+
       tags: repos
 
     - name: Create ssh key for root
       ansible.builtin.user:
         name: root
-        generate_ssh_key: yes
+        generate_ssh_key: true
         ssh_key_bits: 4096
         ssh_key_file: .ssh/id_rsa
       register: sshkey_register
@@ -111,7 +111,7 @@
       fetch:
         src: "~/.ssh/id_rsa.pub"
         dest: "files/buffer/infra-id_rsa.pub"
-        flat: yes
+        flat: true
       when: sshkey_register.ssh_public_key != ""
       register: sshkey_fetch
   when: tag.find("infra") != -1 or aio_install | default(false)
@@ -137,16 +137,6 @@
   when: tag.find("infra") == -1 and sshkey_fetch | default(false)
   tags: sshkey
 
-    #- name: Setup a hosts file for the static deployment
-    #  ansible.builtin.lineinfile:
-    #    dest: /etc/hosts
-    #    line: "{{ hostvars[ansible_fqdn]['ansible_br_mgmt']['ipv4']['address'] }} {{ ansible_hostname }}"
-    #  when:
-    #    - hostvars[ansible_fqdn]['ansible_br_mgmt'] is defined
-    #    - hostvars[ansible_fqdn]['ansible_br_mgmt']['ipv4']['address'] is defined
-    #  tags: debug123
-
-
 - name: Disable cloud init from future runs
   file:
     path: /etc/cloud/cloud-init.disabled

ansible/playbooks/tasks/setup-network.yml

@@ -0,0 +1,39 @@
+---
+- include_vars: common-network.yml
+
+- name: Remove cloud-init cruft
+  ignore_errors: true
+  community.general.nmcli:
+    state: absent
+    conn_name: "{{ item }}"
+  loop:
+    - cloud-init enp6s0
+    - cloud-init enp7s0
+    - cloud-init enp8s0
+    - cloud-init enp9s0
+
+- name: Create network bridges
+  community.general.nmcli:
+    stp: true
+    type: bridge
+    conn_name: "{{ 'Bridge-' + item.key }}"
+    state: present
+    ifname: "{{ network_bridges[item.key] }}"
+    method4: manual
+    ip4: "{{ network_cidrs[item.key] | ansible.utils.ipmath(host_cidr_octets[inventory_hostname]) }}/{{ network_cidrs[item.key] | split('/') | last }}"
+    method6: ignore
+    autoconnect: true
+  loop: "{{ network_interfaces[inventory_hostname] | dict2items }}"
+
+- name: Enslave network interfaces to bridges
+  community.general.nmcli:
+    type: bridge-slave
+    conn_name: "{{ 'Slave-' + item.value }}"
+    state: present
+    ifname: "{{ item.value }}"
+    master: "{{ network_bridges[item.key] }}"
+    autoconnect: true
+    mtu: 1450
+    method4: manual
+    hairpin: false
+  loop: "{{ network_interfaces[inventory_hostname] | dict2items }}"

ansible/playbooks/vars/common-network.yml

@@ -0,0 +1,37 @@
+---
+network_interfaces:
+  infra1:
+    management: enp7s0
+    tunnel: enp6s0
+    storage: enp8s0
+    external: enp9s0
+  compute1:
+    management: enp6s0
+    tunnel: enp7s0
+    storage: enp8s0
+    external: enp9s0
+  compute2:
+    management: enp7s0
+    tunnel: enp6s0
+    storage: enp8s0
+    external: enp9s0
+  storage1:
+    management: enp7s0
+    storage: enp6s0
+network_bridges:
+  management: br-mgmt
+  tunnel: br-tunnel
+  storage: br-storage
+  external: br-ext
+network_cidrs:
+  management: 172.29.220.0/22
+  tunnel: 172.29.224.0/22
+  storage: 172.29.228.0/22
+  external: 172.29.232.0/22
+host_cidr_octets:
+  infra1: 10
+  infra2: 11
+  compute1: 20
+  compute2: 21
+  storage1: 30
+  storage2: 31