From 3917bfd36424f7b4033c92e859703780d6ac496f Mon Sep 17 00:00:00 2001 From: Neil Hanlon Date: Sat, 12 Feb 2022 16:36:34 -0500 Subject: [PATCH] Completely restructure into single-playbooks for AIO and Distributed * Tested only on distributed at this check-in * Also **temporarily** installing `patch` on the infra hosts, needed for an os_nova patch that will ultimately be removed. It isn't clear from this patch though, because the file init-nodes.yml which installs packages was renamed to tasks/init-nodes.yml. * There are some drawbacks to doing it this way, but the playbooks are serving a single purpose and don't need to be catch-all infra tooling --- ansible/playbooks/adhoc-reboot.yml | 16 -- ansible/playbooks/all.yml | 4 - ansible/playbooks/init-nodes.yml | 189 ----------------------- ansible/playbooks/role-infra-host.yml | 169 -------------------- ansible/playbooks/role-storage-host.yml | 49 ------ ansible/playbooks/setup-aio.yml | 6 + ansible/playbooks/setup-distributed.yml | 57 +++++++ ansible/playbooks/tasks/infra-host.yml | 121 +++++++++++++++ ansible/playbooks/tasks/init-nodes.yml | 156 +++++++++++++++++++ ansible/playbooks/tasks/reboot.yml | 11 ++ ansible/playbooks/tasks/storage-host.yml | 17 ++ 11 files changed, 368 insertions(+), 427 deletions(-) delete mode 100644 ansible/playbooks/adhoc-reboot.yml delete mode 100644 ansible/playbooks/all.yml delete mode 100644 ansible/playbooks/init-nodes.yml delete mode 100644 ansible/playbooks/role-infra-host.yml delete mode 100644 ansible/playbooks/role-storage-host.yml create mode 100644 ansible/playbooks/setup-distributed.yml create mode 100644 ansible/playbooks/tasks/infra-host.yml create mode 100644 ansible/playbooks/tasks/init-nodes.yml create mode 100644 ansible/playbooks/tasks/reboot.yml create mode 100644 ansible/playbooks/tasks/storage-host.yml diff --git a/ansible/playbooks/adhoc-reboot.yml b/ansible/playbooks/adhoc-reboot.yml deleted file mode 100644 index 27c54dd..0000000 --- a/ansible/playbooks/adhoc-reboot.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Reboot hosts - hosts: "{{ host }}" - become: true - - tasks: - - name: Reboot machine - reboot: - register: reboot_register - - - name: Verify reboot - assert: - that: - - "reboot_register.rebooted" - success_msg: "Machine rebooted successfully." - fail_msg: "Machine failed to boot: {{ ansible_hostname }}" diff --git a/ansible/playbooks/all.yml b/ansible/playbooks/all.yml deleted file mode 100644 index 4ba3576..0000000 --- a/ansible/playbooks/all.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- import_playbook: init-nodes.yml -- import_playbook: adhoc-reboot.yml -- import_playbook: role-infra-host.yml diff --git a/ansible/playbooks/init-nodes.yml b/ansible/playbooks/init-nodes.yml deleted file mode 100644 index ec1599a..0000000 --- a/ansible/playbooks/init-nodes.yml +++ /dev/null @@ -1,189 +0,0 @@ ---- - -- name: Configure system for running OpenStack Ansible - hosts: "{{ host }}" - become: true - - handlers: - - import_tasks: handlers/main.yml - - pre_tasks: - - name: Check if ansible cannot be run here - stat: - path: /etc/no-ansible - register: no_ansible - - - name: Verify if we can run ansible - assert: - that: - - "not no_ansible.stat.exists" - success_msg: "We are able to run on this node" - fail_msg: "/etc/no-ansible exists - skipping run on this node" - - tasks: - - name: Loading Variables from OS Common - import_tasks: tasks/common_vars.yml - - - name: Disable Firewalld - ansible.builtin.systemd: - name: firewalld.service - masked: yes - enabled: no - force: yes - state: stopped - tags: services - - - name: Set SELinux to permissive - ansible.posix.selinux: - policy: targeted - state: disabled - tags: services - - - name: Ensure packages are upgraded - ansible.builtin.dnf: - name: "*" - state: latest - tags: packages - - - name: Generate SSH key - block: - - name: Create ssh key for root - ansible.builtin.user: - name: root - generate_ssh_key: yes - ssh_key_bits: 4096 - ssh_key_file: .ssh/id_rsa - register: sshkey_register - tags: sshkey - - - name: fetch_keys - tags: sshkey - fetch: - src: "~/.ssh/id_rsa.pub" - dest: "files/buffer/infra-id_rsa.pub" - flat: yes - when: sshkey_register.ssh_public_key != "" - register: sshkey_fetch - - when: tag.find("infra") != -1 and name == "infra1" - tags: - - infra - - sshkey - - - name: Disable SSH Agent Forwarding - lineinfile: - dest: /etc/ssh/sshd_config - regexp: '^.*AllowAgentForwarding' - line: 'AllowAgentForwarding no' - tags: services - notify: - - restart_sshd - - - name: Copy interface.sh script to host - ansible.builtin.copy: - src: 'files/interfaces.sh' - dest: '/root/interfaces.sh' - mode: 0744 - owner: 'root' - group: 'root' - when: aio_install is undefined or not aio_install - tags: - - interfaces - - - name: Generate ifcfg files - shell: /root/interfaces.sh - args: - chdir: /etc/sysconfig/network-scripts/ - creates: /etc/sysconfig/network-scripts/ifcfg-br-mgmt - when: aio_install is undefined or not aio_install - tags: - - interfaces - - - name: Setup Infra Nodes - block: - - name: Install packages - ansible.builtin.dnf: - name: - - git-core - - wget - #- python36 - - chrony - - openssh-server - #- python3-devel - - sudo - state: latest - tags: packages - - name: Clone repository - ansible.builtin.git: - #repo: https://opendev.org/openstack/openstack-ansible.git - repo: https://review.opendev.org/openstack/openstack-ansible - #single_branch: yes - dest: /opt/openstack-ansible - version: 'master' - tags: repos - - - name: fetch patch - ansible.builtin.shell: 'git fetch https://review.opendev.org/openstack/openstack-ansible refs/changes/73/823573/6 && git checkout FETCH_HEAD' - args: - chdir: /opt/openstack-ansible/ - - - - name: Create ssh key for root - ansible.builtin.user: - name: root - generate_ssh_key: yes - ssh_key_bits: 4096 - ssh_key_file: .ssh/id_rsa - register: sshkey_register - tags: sshkey - - - name: fetch_keys - tags: sshkey - fetch: - src: "~/.ssh/id_rsa.pub" - dest: "files/buffer/infra-id_rsa.pub" - flat: yes - when: sshkey_register.ssh_public_key != "" - register: sshkey_fetch - - when: tag.find("infra") != -1 or aio_install - tags: infra - - - - name: Install packages on non-infra hosts - when: tag.find("infra") != -1 or aio_install - ansible.builtin.dnf: - name: - - iputils - - lsof - - openssh-server - - sudo - - tcpdump - - python3 - state: latest - - post_tasks: - - name: Copy key to others - ansible.posix.authorized_key: - user: root - state: present - key: "{{ lookup('file', 'files/buffer/infra-id_rsa.pub') }}" - when: tag.find("infra") == -1 and sshkey_fetch - tags: sshkey - - - name: Disable cloud init from future runs - file: - path: /etc/cloud/cloud-init.disabled - state: touch - mode: '0644' - owner: root - group: root - - - name: Touching run file that ansible has ran here - file: - path: /var/log/ansible.run - state: touch - mode: '0644' - owner: root - group: root -... diff --git a/ansible/playbooks/role-infra-host.yml b/ansible/playbooks/role-infra-host.yml deleted file mode 100644 index 697b424..0000000 --- a/ansible/playbooks/role-infra-host.yml +++ /dev/null @@ -1,169 +0,0 @@ ---- - -- name: Bootstrap - hosts: "{{ host }}" - become: true - - handlers: - - import_tasks: handlers/main.yml - - pre_tasks: - - name: Check if ansible cannot be run here - stat: - path: /etc/no-ansible - register: no_ansible - - - name: Verify if we can run ansible - assert: - that: - - "not no_ansible.stat.exists" - success_msg: "We are able to run on this node" - fail_msg: "/etc/no-ansible exists - skipping run on this node" - - tasks: - - name: Loading Variables from OS Common - import_tasks: tasks/common_vars.yml - - - name: Bootstrap ansible - become: true - shell: scripts/bootstrap-ansible.sh - args: - chdir: /opt/openstack-ansible/ - creates: /etc/ansible/ - tags: - - bootstrap - - #- name: Fix roles - # become: true - # ansible.builtin.shell: - # cmd: "{{ item }}" - # with_items: - # - grep -ril 'openstack.config_template.' /etc/ansible/roles/ | xargs sed -i.bak 's,openstack.config_template.,,g' - # - grep -ril 'openstack.osa.provider_networks' /etc/ansible/roles/ | xargs sed -i.bak 's,openstack.osa.provider_networks,provider_networks,g' - # - grep -ril 'openstack.osa.db_se' /etc/ansible/roles/ | xargs sed -i.bak 's,openstack.osa.provider_networks,provider_networks,g' - # tags: - # - temporary - # - ansible - # - bootstrap - - - name: Deploy and setup configuration - block: - - name: Copy template to etc - ansible.builtin.copy: - remote_src: yes - src: /opt/openstack-ansible/etc/openstack_deploy/ - dest: /etc/openstack_deploy - directory_mode: yes - force: no - - - name: Copy distributed openstack configs - ansible.builtin.copy: - src: "files/{{ item }}.yml" - dest: /etc/openstack_deploy/ - mode: '0644' - with_items: - - openstack_user_config - - - name: Create secrets - become: true - ansible.builtin.shell: - cmd: /opt/openstack-ansible/scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml - tags: secrets - args: - creates: /etc/openstack_deploy/user_secrets.yml.tar - - #- import_tasks: tasks/python3-lxc.yml - # tags: python3-lxc - - - name: "[AIO] Deploy and setup configuration / bootstrap" - when: aio_install | default('false') - block: - - name: Debug - Running AIO bootstrap - debug: - var: aio_install - - - name: Run bootstrap aio with included args - ansible.builtin.shell: scripts/bootstrap-aio.sh - become: true - args: - chdir: /opt/openstack-ansible/ - creates: /etc/openstack_deploy/ - environment: - SCENARIO: "{{ SCENARIO | default('') }}" - tags: - - bootstrap - - aio - - #- name: Create volume group for cinder - # lvg: - # pv_options: --metadatasize=2048 - # pvs: "{{ cinder_pv_device | default('/dev/vdb') }}" - # vg: cinder-volumes - - - name: Copy common openstack configs - ansible.builtin.copy: - src: "files/{{ item }}.yml" - dest: /etc/openstack_deploy/ - mode: '0644' - with_items: - - user_lxc - - user_galera - - user_debug - tags: config - - - name: manually patch lxc_hosts role to bring in powertools repo - ansible.builtin.copy: - src: "files/{{ item }}.yml" - dest: /etc/ansible/roles/lxc_hosts/tasks/ - mode: '0644' - with_items: - - lxc_install_dnf - tags: config,patch - - - name: manually patch os_nova role to kill powervmtools and futures== requiresments - ansible.builtin.copy: - src: "files/{{ item }}" - dest: /tmp/ - mode: '0644' - with_items: - - os_nova.patch - tags: config,patch - - - name: patch the thing - args: - chdir: /etc/ansible/roles/os_nova/ - ansible.builtin.shell: patch -p1 < /tmp/os_nova.patch - when: do_patch | bool - - - name: Disable SSH Agent Forwarding - lineinfile: - dest: /etc/ssh/sshd_config - regexp: '^.*AllowAgentForwarding' - line: 'AllowAgentForwarding no' - tags: services - notify: - - restart_sshd - - - - name: Check playbooks - tags: syntax - become: true - ansible.builtin.shell: - cmd: "openstack-ansible --syntax-check setup-{{ item }}.yml" - args: - chdir: /opt/openstack-ansible/playbooks/ - loop: - - hosts - - infrastructure - - openstack - register: playbooks_res - - post_tasks: - - name: Touching run file that ansible has ran here - file: - path: /var/log/ansible.run - state: touch - mode: '0644' - owner: root - group: root -... diff --git a/ansible/playbooks/role-storage-host.yml b/ansible/playbooks/role-storage-host.yml deleted file mode 100644 index 2f5d049..0000000 --- a/ansible/playbooks/role-storage-host.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -# Setup the storage host. Install targetcli and make sure any volumes are mounted. - -- name: Storage Host Configuration - hosts: storage1 - become: true - - handlers: - - import_tasks: handlers/main.yml - - pre_tasks: - - name: Check if ansible cannot be run here - stat: - path: /etc/no-ansible - register: no_ansible - - - name: Verify if we can run ansible - assert: - that: - - "not no_ansible.stat.exists" - success_msg: "We are able to run on this node" - fail_msg: "/etc/no-ansible exists - skipping run on this node" - - tasks: - - name: Loading Variables from OS Common - import_tasks: tasks/common_vars.yml - - - name: Install required packages - become: true - dnf: - name: targetcli - notify: enable_targetd - - - name: Create volume group for cinder - lvg: - pv_options: --metadatasize=2048 - pvs: "{{ cinder_pv_device | default('/dev/vdb') }}" - vg: cinder-volumes - - - post_tasks: - - name: Touching run file that ansible has ran here - file: - path: /var/log/ansible.run - state: touch - mode: '0644' - owner: root - group: root -... diff --git a/ansible/playbooks/setup-aio.yml b/ansible/playbooks/setup-aio.yml index ed97d53..8b3a1b9 100644 --- a/ansible/playbooks/setup-aio.yml +++ b/ansible/playbooks/setup-aio.yml @@ -1 +1,7 @@ --- +- name: Bootstrap an AIO install + hosts: "{{ host | default('aio1') }}" + become: true + + tasks: + - import_playbook: setup-distributed.yml aio_install=1 diff --git a/ansible/playbooks/setup-distributed.yml b/ansible/playbooks/setup-distributed.yml new file mode 100644 index 0000000..200a7cc --- /dev/null +++ b/ansible/playbooks/setup-distributed.yml @@ -0,0 +1,57 @@ +--- +# Installs everything on hosts +# +- name: Bootstrap nodes for distributed OSA installation + hosts: "{{ host | default('infra1,compute1,storage1') }}" + become: true + + handlers: + - import_tasks: handlers/main.yml + + pre_tasks: + - name: Check if ansible cannot be run here + stat: + path: /etc/no-ansible + register: no_ansible + + - name: Verify if we can run ansible + assert: + that: + - "not no_ansible.stat.exists" + success_msg: "We are able to run on this node" + fail_msg: "/etc/no-ansible exists - skipping run on this node" + + - name: Loading Variables from OS Common + import_tasks: tasks/common_vars.yml + + tasks: + - name: Initialize nodes + include_tasks: tasks/init-nodes.yml + + - name: Reboot + include_tasks: tasks/reboot.yml + + - name: Setup infra hosts + include_tasks: tasks/infra-host.yml + when: tag.find("infra") != -1 # when on an infra tagged host + + - name: Setup storage hosts + include_tasks: tasks/storage-host.yml + when: tag.find("storage") != -1 # when on an infra tagged host + + post_tasks: + - name: Copy key to others + ansible.posix.authorized_key: + user: root + state: present + key: "{{ lookup('file', 'files/buffer/infra-id_rsa.pub') }}" + when: tag.find("infra") == -1 and sshkey_fetch + tags: sshkey + + - name: Touching run file that ansible has ran here + file: + path: /var/log/ansible.run + state: touch + mode: '0644' + owner: root + group: root diff --git a/ansible/playbooks/tasks/infra-host.yml b/ansible/playbooks/tasks/infra-host.yml new file mode 100644 index 0000000..49f1ee2 --- /dev/null +++ b/ansible/playbooks/tasks/infra-host.yml @@ -0,0 +1,121 @@ +--- +- name: Bootstrap ansible + become: true + shell: scripts/bootstrap-ansible.sh + args: + chdir: /opt/openstack-ansible/ + creates: /etc/ansible/ + tags: + - bootstrap + +- name: Deploy and setup configuration + block: + - name: Copy template to etc + ansible.builtin.copy: + remote_src: yes + src: /opt/openstack-ansible/etc/openstack_deploy/ + dest: /etc/openstack_deploy + directory_mode: yes + force: no + + - name: Copy distributed openstack configs + ansible.builtin.copy: + src: "files/{{ item }}.yml" + dest: /etc/openstack_deploy/ + mode: '0644' + with_items: + - openstack_user_config + + - name: Create secrets + become: true + ansible.builtin.shell: + cmd: /opt/openstack-ansible/scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml + tags: secrets + args: + creates: /etc/openstack_deploy/user_secrets.yml.tar + + #- import_tasks: tasks/python3-lxc.yml + # tags: python3-lxc + +- name: "[AIO] Deploy and setup configuration / bootstrap" + when: aio_install | default('false') + block: + - name: Debug - Running AIO bootstrap + debug: + var: aio_install + + - name: Run bootstrap aio with included args + ansible.builtin.shell: scripts/bootstrap-aio.sh + become: true + args: + chdir: /opt/openstack-ansible/ + creates: /etc/openstack_deploy/ + environment: + SCENARIO: "{{ SCENARIO | default('') }}" + tags: + - bootstrap + - aio + + #- name: Create volume group for cinder + # lvg: + # pv_options: --metadatasize=2048 + # pvs: "{{ cinder_pv_device | default('/dev/vdb') }}" + # vg: cinder-volumes + +- name: Copy common openstack configs + ansible.builtin.copy: + src: "files/{{ item }}.yml" + dest: /etc/openstack_deploy/ + mode: '0644' + with_items: + - user_lxc + - user_galera + - user_debug + tags: config + +- name: manually patch lxc_hosts role to bring in powertools repo + ansible.builtin.copy: + src: "files/{{ item }}.yml" + dest: /etc/ansible/roles/lxc_hosts/tasks/ + mode: '0644' + with_items: + - lxc_install_dnf + tags: config,patch + +- name: manually patch os_nova role to kill powervmtools and futures== requiresments + ansible.builtin.copy: + src: "files/{{ item }}" + dest: /tmp/ + mode: '0644' + with_items: + - os_nova.patch + tags: config,patch + +- name: patch the thing + args: + chdir: /etc/ansible/roles/os_nova/ + ansible.builtin.shell: patch -p1 < /tmp/os_nova.patch + when: do_patch | default(true) | bool + +- name: Disable SSH Agent Forwarding + lineinfile: + dest: /etc/ssh/sshd_config + regexp: '^.*AllowAgentForwarding' + line: 'AllowAgentForwarding no' + tags: services + notify: + - restart_sshd + +- name: Check playbooks + tags: syntax + become: true + ansible.builtin.shell: + cmd: "openstack-ansible --syntax-check setup-{{ item }}.yml" + args: + chdir: /opt/openstack-ansible/playbooks/ + loop: + - hosts + - infrastructure + - openstack + register: playbooks_res +... diff --git a/ansible/playbooks/tasks/init-nodes.yml b/ansible/playbooks/tasks/init-nodes.yml new file mode 100644 index 0000000..7816260 --- /dev/null +++ b/ansible/playbooks/tasks/init-nodes.yml @@ -0,0 +1,156 @@ +--- +- name: Disable Firewalld + ansible.builtin.systemd: + name: firewalld.service + masked: yes + enabled: no + force: yes + state: stopped + tags: services + +- name: Set SELinux to permissive + ansible.posix.selinux: + policy: targeted + state: disabled + tags: services + +- name: Ensure packages are upgraded + ansible.builtin.dnf: + name: "*" + state: latest + tags: packages + +- name: Generate SSH key + block: + - name: Create ssh key for root + ansible.builtin.user: + name: root + generate_ssh_key: yes + ssh_key_bits: 4096 + ssh_key_file: .ssh/id_rsa + register: sshkey_register + tags: sshkey + + - name: fetch_keys + tags: sshkey + fetch: + src: "~/.ssh/id_rsa.pub" + dest: "files/buffer/infra-id_rsa.pub" + flat: yes + when: sshkey_register.ssh_public_key != "" + register: sshkey_fetch + + when: tag.find("infra") != -1 and name == "infra1" + tags: + - infra + - sshkey + +- name: Disable SSH Agent Forwarding + lineinfile: + dest: /etc/ssh/sshd_config + regexp: '^.*AllowAgentForwarding' + line: 'AllowAgentForwarding no' + tags: services + notify: + - restart_sshd + +- name: Copy interface.sh script to host + ansible.builtin.copy: + src: 'files/interfaces.sh' + dest: '/root/interfaces.sh' + mode: 0744 + owner: 'root' + group: 'root' + when: aio_install is undefined or not aio_install + tags: + - interfaces + +- name: Generate ifcfg files + shell: /root/interfaces.sh + args: + chdir: /etc/sysconfig/network-scripts/ + creates: /etc/sysconfig/network-scripts/ifcfg-br-mgmt + when: aio_install is undefined or not aio_install + tags: + - interfaces + +- name: Setup Infra Nodes + block: + - name: Install packages + ansible.builtin.dnf: + name: + - git-core + - wget + #- python36 + - chrony + - openssh-server + #- python3-devel + - sudo + - patch # temporary + state: latest + tags: packages + - name: Clone repository + ansible.builtin.git: + #repo: https://opendev.org/openstack/openstack-ansible.git + repo: https://review.opendev.org/openstack/openstack-ansible + #single_branch: yes + dest: /opt/openstack-ansible + version: 'master' + tags: repos + + - name: fetch patch + ansible.builtin.shell: 'git fetch https://review.opendev.org/openstack/openstack-ansible refs/changes/73/823573/6 && git checkout FETCH_HEAD' + args: + chdir: /opt/openstack-ansible/ + + + - name: Create ssh key for root + ansible.builtin.user: + name: root + generate_ssh_key: yes + ssh_key_bits: 4096 + ssh_key_file: .ssh/id_rsa + register: sshkey_register + tags: sshkey + + - name: fetch_keys + tags: sshkey + fetch: + src: "~/.ssh/id_rsa.pub" + dest: "files/buffer/infra-id_rsa.pub" + flat: yes + when: sshkey_register.ssh_public_key != "" + register: sshkey_fetch + + when: tag.find("infra") != -1 or aio_install | default(false) + tags: infra + + +- name: Install packages on non-infra hosts + when: tag.find("infra") != -1 or aio_install | default(false) + ansible.builtin.dnf: + name: + - iputils + - lsof + - openssh-server + - sudo + - tcpdump + - python3 + state: latest + +- name: Copy key to others + ansible.posix.authorized_key: + user: root + state: present + key: "{{ lookup('file', 'files/buffer/infra-id_rsa.pub') }}" + when: tag.find("infra") == -1 and sshkey_fetch + tags: sshkey + +- name: Disable cloud init from future runs + file: + path: /etc/cloud/cloud-init.disabled + state: touch + mode: '0644' + owner: root + group: root +... diff --git a/ansible/playbooks/tasks/reboot.yml b/ansible/playbooks/tasks/reboot.yml new file mode 100644 index 0000000..a58d565 --- /dev/null +++ b/ansible/playbooks/tasks/reboot.yml @@ -0,0 +1,11 @@ +--- +- name: Reboot machine + reboot: + register: reboot_register + +- name: Verify reboot + assert: + that: + - "reboot_register.rebooted" + success_msg: "Machine rebooted successfully." + fail_msg: "Machine failed to boot: {{ ansible_hostname }}" diff --git a/ansible/playbooks/tasks/storage-host.yml b/ansible/playbooks/tasks/storage-host.yml new file mode 100644 index 0000000..ea77f59 --- /dev/null +++ b/ansible/playbooks/tasks/storage-host.yml @@ -0,0 +1,17 @@ +--- +# Setup the storage host. Install targetcli and make sure any volumes are mounted. +- name: Loading Variables from OS Common + import_tasks: tasks/common_vars.yml + +- name: Install required packages + become: true + dnf: + name: targetcli + notify: enable_targetd + +- name: Create volume group for cinder + lvg: + pv_options: --metadatasize=2048 + pvs: "{{ cinder_pv_device | default('/dev/vdb') }}" + vg: cinder-volumes +...