linuxadminbooks/AdvancedLinuxAdmin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Completely restructure into single-playbooks for AIO and Distributed

Browse Source 
* Tested only on distributed at this check-in
* Also **temporarily** installing `patch` on the infra hosts, needed for
  an os_nova patch that will ultimately be removed. It isn't clear from
  this patch though, because the file init-nodes.yml which installs
  packages was renamed to tasks/init-nodes.yml.
* There are some drawbacks to doing it this way, but the playbooks are
  serving a single purpose and don't need to be catch-all infra tooling
This commit is contained in:
Neil Hanlon 2022-02-12 16:36:34 -05:00
parent 38d13e8b0c
commit 3917bfd364
Signed by: neil
GPG Key ID: 705BC21EC3C70F34
11 changed files with 368 additions and 427 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
ansible/playbooks/adhoc-reboot.yml
View File

@ -1,16 +0,0 @@
---
- name: Reboot hosts
hosts: "{{ host }}"
become: true
tasks:
- name: Reboot machine
reboot:
register: reboot_register
- name: Verify reboot
assert:
that:
- "reboot_register.rebooted"
success_msg: "Machine rebooted successfully."
fail_msg: "Machine failed to boot: {{ ansible_hostname }}"

4
ansible/playbooks/all.yml
View File

@ -1,4 +0,0 @@
---
- import_playbook: init-nodes.yml
- import_playbook: adhoc-reboot.yml
- import_playbook: role-infra-host.yml

189
ansible/playbooks/init-nodes.yml
View File

@ -1,189 +0,0 @@
---
- name: Configure system for running OpenStack Ansible
hosts: "{{ host }}"
become: true
handlers:
- import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
tasks:
- name: Loading Variables from OS Common
import_tasks: tasks/common_vars.yml
- name: Disable Firewalld
ansible.builtin.systemd:
name: firewalld.service
masked: yes
enabled: no
force: yes
state: stopped
tags: services
- name: Set SELinux to permissive
ansible.posix.selinux:
policy: targeted
state: disabled
tags: services
- name: Ensure packages are upgraded
ansible.builtin.dnf:
name: "*"
state: latest
tags: packages
- name: Generate SSH key
block:
- name: Create ssh key for root
ansible.builtin.user:
name: root
generate_ssh_key: yes
ssh_key_bits: 4096
ssh_key_file: .ssh/id_rsa
register: sshkey_register
tags: sshkey
- name: fetch_keys
tags: sshkey
fetch:
src: "~/.ssh/id_rsa.pub"
dest: "files/buffer/infra-id_rsa.pub"
flat: yes
when: sshkey_register.ssh_public_key != ""
register: sshkey_fetch
when: tag.find("infra") != -1 and name == "infra1"
tags:
- infra
- sshkey
- name: Disable SSH Agent Forwarding
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^.*AllowAgentForwarding'
line: 'AllowAgentForwarding no'
tags: services
notify:
- restart_sshd
- name: Copy interface.sh script to host
ansible.builtin.copy:
src: 'files/interfaces.sh'
dest: '/root/interfaces.sh'
mode: 0744
owner: 'root'
group: 'root'
when: aio_install is undefined or not aio_install
tags:
- interfaces
- name: Generate ifcfg files
shell: /root/interfaces.sh
args:
chdir: /etc/sysconfig/network-scripts/
creates: /etc/sysconfig/network-scripts/ifcfg-br-mgmt
when: aio_install is undefined or not aio_install
tags:
- interfaces
- name: Setup Infra Nodes
block:
- name: Install packages
ansible.builtin.dnf:
name:
- git-core
- wget
#- python36
- chrony
- openssh-server
#- python3-devel
- sudo
state: latest
tags: packages
- name: Clone repository
ansible.builtin.git:
#repo: https://opendev.org/openstack/openstack-ansible.git
repo: https://review.opendev.org/openstack/openstack-ansible
#single_branch: yes
dest: /opt/openstack-ansible
version: 'master'
tags: repos
- name: fetch patch
ansible.builtin.shell: 'git fetch https://review.opendev.org/openstack/openstack-ansible refs/changes/73/823573/6 && git checkout FETCH_HEAD'
args:
chdir: /opt/openstack-ansible/
- name: Create ssh key for root
ansible.builtin.user:
name: root
generate_ssh_key: yes
ssh_key_bits: 4096
ssh_key_file: .ssh/id_rsa
register: sshkey_register
tags: sshkey
- name: fetch_keys
tags: sshkey
fetch:
src: "~/.ssh/id_rsa.pub"
dest: "files/buffer/infra-id_rsa.pub"
flat: yes
when: sshkey_register.ssh_public_key != ""
register: sshkey_fetch
when: tag.find("infra") != -1 or aio_install
tags: infra
- name: Install packages on non-infra hosts
when: tag.find("infra") != -1 or aio_install
ansible.builtin.dnf:
name:
- iputils
- lsof
- openssh-server
- sudo
- tcpdump
- python3
state: latest
post_tasks:
- name: Copy key to others
ansible.posix.authorized_key:
user: root
state: present
key: "{{ lookup('file', 'files/buffer/infra-id_rsa.pub') }}"
when: tag.find("infra") == -1 and sshkey_fetch
tags: sshkey
- name: Disable cloud init from future runs
file:
path: /etc/cloud/cloud-init.disabled
state: touch
mode: '0644'
owner: root
group: root
- name: Touching run file that ansible has ran here
file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root
...

169
ansible/playbooks/role-infra-host.yml
View File

@ -1,169 +0,0 @@
---
- name: Bootstrap
hosts: "{{ host }}"
become: true
handlers:
- import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
tasks:
- name: Loading Variables from OS Common
import_tasks: tasks/common_vars.yml
- name: Bootstrap ansible
become: true
shell: scripts/bootstrap-ansible.sh
args:
chdir: /opt/openstack-ansible/
creates: /etc/ansible/
tags:
- bootstrap
#- name: Fix roles
# become: true
# ansible.builtin.shell:
# cmd: "{{ item }}"
# with_items:
# - grep -ril 'openstack.config_template.' /etc/ansible/roles/ | xargs sed -i.bak 's,openstack.config_template.,,g'
# - grep -ril 'openstack.osa.provider_networks' /etc/ansible/roles/ | xargs sed -i.bak 's,openstack.osa.provider_networks,provider_networks,g'
# - grep -ril 'openstack.osa.db_se' /etc/ansible/roles/ | xargs sed -i.bak 's,openstack.osa.provider_networks,provider_networks,g'
# tags:
# - temporary
# - ansible
# - bootstrap
- name: Deploy and setup configuration
block:
- name: Copy template to etc
ansible.builtin.copy:
remote_src: yes
src: /opt/openstack-ansible/etc/openstack_deploy/
dest: /etc/openstack_deploy
directory_mode: yes
force: no
- name: Copy distributed openstack configs
ansible.builtin.copy:
src: "files/{{ item }}.yml"
dest: /etc/openstack_deploy/
mode: '0644'
with_items:
- openstack_user_config
- name: Create secrets
become: true
ansible.builtin.shell:
cmd: /opt/openstack-ansible/scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml
tags: secrets
args:
creates: /etc/openstack_deploy/user_secrets.yml.tar
#- import_tasks: tasks/python3-lxc.yml
# tags: python3-lxc
- name: "[AIO] Deploy and setup configuration / bootstrap"
when: aio_install | default('false')
block:
- name: Debug - Running AIO bootstrap
debug:
var: aio_install
- name: Run bootstrap aio with included args
ansible.builtin.shell: scripts/bootstrap-aio.sh
become: true
args:
chdir: /opt/openstack-ansible/
creates: /etc/openstack_deploy/
environment:
SCENARIO: "{{ SCENARIO | default('') }}"
tags:
- bootstrap
- aio
#- name: Create volume group for cinder
# lvg:
# pv_options: --metadatasize=2048
# pvs: "{{ cinder_pv_device | default('/dev/vdb') }}"
# vg: cinder-volumes
- name: Copy common openstack configs
ansible.builtin.copy:
src: "files/{{ item }}.yml"
dest: /etc/openstack_deploy/
mode: '0644'
with_items:
- user_lxc
- user_galera
- user_debug
tags: config
- name: manually patch lxc_hosts role to bring in powertools repo
ansible.builtin.copy:
src: "files/{{ item }}.yml"
dest: /etc/ansible/roles/lxc_hosts/tasks/
mode: '0644'
with_items:
- lxc_install_dnf
tags: config,patch
- name: manually patch os_nova role to kill powervmtools and futures== requiresments
ansible.builtin.copy:
src: "files/{{ item }}"
dest: /tmp/
mode: '0644'
with_items:
- os_nova.patch
tags: config,patch
- name: patch the thing
args:
chdir: /etc/ansible/roles/os_nova/
ansible.builtin.shell: patch -p1 < /tmp/os_nova.patch
when: do_patch | bool
- name: Disable SSH Agent Forwarding
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^.*AllowAgentForwarding'
line: 'AllowAgentForwarding no'
tags: services
notify:
- restart_sshd
- name: Check playbooks
tags: syntax
become: true
ansible.builtin.shell:
cmd: "openstack-ansible --syntax-check setup-{{ item }}.yml"
args:
chdir: /opt/openstack-ansible/playbooks/
loop:
- hosts
- infrastructure
- openstack
register: playbooks_res
post_tasks:
- name: Touching run file that ansible has ran here
file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root
...

49
ansible/playbooks/role-storage-host.yml
View File

@ -1,49 +0,0 @@
---
# Setup the storage host. Install targetcli and make sure any volumes are mounted.
- name: Storage Host Configuration
hosts: storage1
become: true
handlers:
- import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
tasks:
- name: Loading Variables from OS Common
import_tasks: tasks/common_vars.yml
- name: Install required packages
become: true
dnf:
name: targetcli
notify: enable_targetd
- name: Create volume group for cinder
lvg:
pv_options: --metadatasize=2048
pvs: "{{ cinder_pv_device | default('/dev/vdb') }}"
vg: cinder-volumes
post_tasks:
- name: Touching run file that ansible has ran here
file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root
...

6
ansible/playbooks/setup-aio.yml
View File

@ -1 +1,7 @@
---
- name: Bootstrap an AIO install
hosts: "{{ host | default('aio1') }}"
become: true
tasks:
- import_playbook: setup-distributed.yml aio_install=1

57
ansible/playbooks/setup-distributed.yml Normal file
View File

@ -0,0 +1,57 @@
---
# Installs everything on hosts
#
- name: Bootstrap nodes for distributed OSA installation
hosts: "{{ host | default('infra1,compute1,storage1') }}"
become: true
handlers:
- import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
- name: Loading Variables from OS Common
import_tasks: tasks/common_vars.yml
tasks:
- name: Initialize nodes
include_tasks: tasks/init-nodes.yml
- name: Reboot
include_tasks: tasks/reboot.yml
- name: Setup infra hosts
include_tasks: tasks/infra-host.yml
when: tag.find("infra") != -1 # when on an infra tagged host
- name: Setup storage hosts
include_tasks: tasks/storage-host.yml
when: tag.find("storage") != -1 # when on an infra tagged host
post_tasks:
- name: Copy key to others
ansible.posix.authorized_key:
user: root
state: present
key: "{{ lookup('file', 'files/buffer/infra-id_rsa.pub') }}"
when: tag.find("infra") == -1 and sshkey_fetch
tags: sshkey
- name: Touching run file that ansible has ran here
file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root

121
ansible/playbooks/tasks/infra-host.yml Normal file
View File

@ -0,0 +1,121 @@
---
- name: Bootstrap ansible
become: true
shell: scripts/bootstrap-ansible.sh
args:
chdir: /opt/openstack-ansible/
creates: /etc/ansible/
tags:
- bootstrap
- name: Deploy and setup configuration
block:
- name: Copy template to etc
ansible.builtin.copy:
remote_src: yes
src: /opt/openstack-ansible/etc/openstack_deploy/
dest: /etc/openstack_deploy
directory_mode: yes
force: no
- name: Copy distributed openstack configs
ansible.builtin.copy:
src: "files/{{ item }}.yml"
dest: /etc/openstack_deploy/
mode: '0644'
with_items:
- openstack_user_config
- name: Create secrets
become: true
ansible.builtin.shell:
cmd: /opt/openstack-ansible/scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml
tags: secrets
args:
creates: /etc/openstack_deploy/user_secrets.yml.tar
#- import_tasks: tasks/python3-lxc.yml
# tags: python3-lxc
- name: "[AIO] Deploy and setup configuration / bootstrap"
when: aio_install | default('false')
block:
- name: Debug - Running AIO bootstrap
debug:
var: aio_install
- name: Run bootstrap aio with included args
ansible.builtin.shell: scripts/bootstrap-aio.sh
become: true
args:
chdir: /opt/openstack-ansible/
creates: /etc/openstack_deploy/
environment:
SCENARIO: "{{ SCENARIO | default('') }}"
tags:
- bootstrap
- aio
#- name: Create volume group for cinder
# lvg:
# pv_options: --metadatasize=2048
# pvs: "{{ cinder_pv_device | default('/dev/vdb') }}"
# vg: cinder-volumes
- name: Copy common openstack configs
ansible.builtin.copy:
src: "files/{{ item }}.yml"
dest: /etc/openstack_deploy/
mode: '0644'
with_items:
- user_lxc
- user_galera
- user_debug
tags: config
- name: manually patch lxc_hosts role to bring in powertools repo
ansible.builtin.copy:
src: "files/{{ item }}.yml"
dest: /etc/ansible/roles/lxc_hosts/tasks/
mode: '0644'
with_items:
- lxc_install_dnf
tags: config,patch
- name: manually patch os_nova role to kill powervmtools and futures== requiresments
ansible.builtin.copy:
src: "files/{{ item }}"
dest: /tmp/
mode: '0644'
with_items:
- os_nova.patch
tags: config,patch
- name: patch the thing
args:
chdir: /etc/ansible/roles/os_nova/
ansible.builtin.shell: patch -p1 < /tmp/os_nova.patch
when: do_patch | default(true) | bool
- name: Disable SSH Agent Forwarding
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^.*AllowAgentForwarding'
line: 'AllowAgentForwarding no'
tags: services
notify:
- restart_sshd
- name: Check playbooks
tags: syntax
become: true
ansible.builtin.shell:
cmd: "openstack-ansible --syntax-check setup-{{ item }}.yml"
args:
chdir: /opt/openstack-ansible/playbooks/
loop:
- hosts
- infrastructure
- openstack
register: playbooks_res
...

156
ansible/playbooks/tasks/init-nodes.yml Normal file
View File

@ -0,0 +1,156 @@
---
- name: Disable Firewalld
ansible.builtin.systemd:
name: firewalld.service
masked: yes
enabled: no
force: yes
state: stopped
tags: services
- name: Set SELinux to permissive
ansible.posix.selinux:
policy: targeted
state: disabled
tags: services
- name: Ensure packages are upgraded
ansible.builtin.dnf:
name: "*"
state: latest
tags: packages
- name: Generate SSH key
block:
- name: Create ssh key for root
ansible.builtin.user:
name: root
generate_ssh_key: yes
ssh_key_bits: 4096
ssh_key_file: .ssh/id_rsa
register: sshkey_register
tags: sshkey
- name: fetch_keys
tags: sshkey
fetch:
src: "~/.ssh/id_rsa.pub"
dest: "files/buffer/infra-id_rsa.pub"
flat: yes
when: sshkey_register.ssh_public_key != ""
register: sshkey_fetch
when: tag.find("infra") != -1 and name == "infra1"
tags:
- infra
- sshkey
- name: Disable SSH Agent Forwarding
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^.*AllowAgentForwarding'
line: 'AllowAgentForwarding no'
tags: services
notify:
- restart_sshd
- name: Copy interface.sh script to host
ansible.builtin.copy:
src: 'files/interfaces.sh'
dest: '/root/interfaces.sh'
mode: 0744
owner: 'root'
group: 'root'
when: aio_install is undefined or not aio_install
tags:
- interfaces
- name: Generate ifcfg files
shell: /root/interfaces.sh
args:
chdir: /etc/sysconfig/network-scripts/
creates: /etc/sysconfig/network-scripts/ifcfg-br-mgmt
when: aio_install is undefined or not aio_install
tags:
- interfaces
- name: Setup Infra Nodes
block:
- name: Install packages
ansible.builtin.dnf:
name:
- git-core
- wget
#- python36
- chrony
- openssh-server
#- python3-devel
- sudo
- patch # temporary
state: latest
tags: packages
- name: Clone repository
ansible.builtin.git:
#repo: https://opendev.org/openstack/openstack-ansible.git
repo: https://review.opendev.org/openstack/openstack-ansible
#single_branch: yes
dest: /opt/openstack-ansible
version: 'master'
tags: repos
- name: fetch patch
ansible.builtin.shell: 'git fetch https://review.opendev.org/openstack/openstack-ansible refs/changes/73/823573/6 && git checkout FETCH_HEAD'
args:
chdir: /opt/openstack-ansible/
- name: Create ssh key for root
ansible.builtin.user:
name: root
generate_ssh_key: yes
ssh_key_bits: 4096
ssh_key_file: .ssh/id_rsa
register: sshkey_register
tags: sshkey
- name: fetch_keys
tags: sshkey
fetch:
src: "~/.ssh/id_rsa.pub"
dest: "files/buffer/infra-id_rsa.pub"
flat: yes
when: sshkey_register.ssh_public_key != ""
register: sshkey_fetch
when: tag.find("infra") != -1 or aio_install | default(false)
tags: infra
- name: Install packages on non-infra hosts
when: tag.find("infra") != -1 or aio_install | default(false)
ansible.builtin.dnf:
name:
- iputils
- lsof
- openssh-server
- sudo
- tcpdump
- python3
state: latest
- name: Copy key to others
ansible.posix.authorized_key:
user: root
state: present
key: "{{ lookup('file', 'files/buffer/infra-id_rsa.pub') }}"
when: tag.find("infra") == -1 and sshkey_fetch
tags: sshkey
- name: Disable cloud init from future runs
file:
path: /etc/cloud/cloud-init.disabled
state: touch
mode: '0644'
owner: root
group: root
...

11
ansible/playbooks/tasks/reboot.yml Normal file
View File

@ -0,0 +1,11 @@
---
- name: Reboot machine
reboot:
register: reboot_register
- name: Verify reboot
assert:
that:
- "reboot_register.rebooted"
success_msg: "Machine rebooted successfully."
fail_msg: "Machine failed to boot: {{ ansible_hostname }}"

17
ansible/playbooks/tasks/storage-host.yml Normal file
View File

@ -0,0 +1,17 @@
---
# Setup the storage host. Install targetcli and make sure any volumes are mounted.
- name: Loading Variables from OS Common
import_tasks: tasks/common_vars.yml
- name: Install required packages
become: true
dnf:
name: targetcli
notify: enable_targetd
- name: Create volume group for cinder
lvg:
pv_options: --metadatasize=2048
pvs: "{{ cinder_pv_device | default('/dev/vdb') }}"
vg: cinder-volumes
...