From f23769bf54f0c958f5826040717cbf5018342089 Mon Sep 17 00:00:00 2001 From: Neil Hanlon Date: Wed, 29 Dec 2021 21:25:12 -0500 Subject: [PATCH] Configure bootstrap and deployment for infra node --- .../playbooks/files/buffer/infra-id_rsa.pub | 1 + .../playbooks/files/openstack_user_config.yml | 192 ++++++++++++++++++ ansible/playbooks/files/user_lxc.yml | 3 + ansible/playbooks/handlers/main.yml | 2 - ansible/playbooks/init-nodes.retry | 2 - ansible/playbooks/init-nodes.yml | 39 ++++ ansible/playbooks/role-infra-host.yml | 93 +++++++++ 7 files changed, 328 insertions(+), 4 deletions(-) create mode 100644 ansible/playbooks/files/buffer/infra-id_rsa.pub create mode 100644 ansible/playbooks/files/openstack_user_config.yml create mode 100644 ansible/playbooks/files/user_lxc.yml create mode 100644 ansible/playbooks/role-infra-host.yml diff --git a/ansible/playbooks/files/buffer/infra-id_rsa.pub b/ansible/playbooks/files/buffer/infra-id_rsa.pub new file mode 100644 index 0000000..77d34b7 --- /dev/null +++ b/ansible/playbooks/files/buffer/infra-id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD1SYGS4jZOSofKLEuQUiaEcqrr4RTiXm43CvlGVWynqKJ+iUgpfutenu8hrhozZZCKhqJS1Z48RielPzIhRfcCBrcr7a2VeIKAaMnYQiAvu7DDbAXuGwQqhvqnn5F/3VQwGTvJXMqxhe+YQYL+sCihlMcx7baxudJGDkATXFCl3m+vekKhdIkIBv5i5+Dd9P8sUK+c9KFY8IbMNbHIY5CpNcPvtuP12YdBmCn2unPKm7H0aPKqe27OXqTen8ts9MgeVvq+soDOAGH/PD2Ud38O1WzhWlmnhPzP8VXgdz9/zVCOVUZcVzFQkMop+bc0qqPhUaOWIxehV4QQ+mo9y0XIiSOEbq41QFapCRQBHsl5ctp6wvCXmSJ3GVml1L86G+TI+IPyNeVdXQE+9dkeoNqBB8jDFw5xT6boCoIXLCbjsgHIA6Iq//uvGhQiQcH/OJABYm+8LujE3k6Ksu/W9Jad1xs9owNosFyh871ukfgQl7yr681BK/hHWKwgdH/K8Wcuwm0fbuYBJJufLB4dA4trJsnDySxm+tGYbU+HOiGnGkwImKUqIRZ++FBsX8cNvZ5mH4GaGtUOl5WzCgyXClZ5xXtx5swNN2Eeuhlit7jdIwwJc2IAklaA4zJ1rkNoD5l/4tIvpCsyuCLafxSJAQc5vcqrYQOgXfXdiAhhLTqQ/w== ansible-generated on ala-infra1 diff --git a/ansible/playbooks/files/openstack_user_config.yml b/ansible/playbooks/files/openstack_user_config.yml new file mode 100644 index 0000000..e87e29d --- /dev/null +++ b/ansible/playbooks/files/openstack_user_config.yml @@ -0,0 +1,192 @@ +--- +cidr_networks: + container: 172.29.220.0/22 + tunnel: 172.29.224.0/22 + storage: 172.29.228.0/22 + +used_ips: + - "172.29.220.1,172.29.220.50" + - "172.29.224.1,172.29.224.50" + - "172.29.228.1,172.29.228.50" + + +global_overrides: + # The internal and external VIP should be different IPs, however they + # do not need to be on separate networks. + external_lb_vip_address: 172.29.220.10 + internal_lb_vip_address: 172.29.220.11 + management_bridge: "br-mgmt" + provider_networks: + - network: + container_bridge: "br-mgmt" + container_type: "veth" + container_interface: "eth1" + ip_from_q: "container" + type: "raw" + group_binds: + - all_containers + - hosts + is_container_address: true + - network: + container_bridge: "br-vxlan" + container_type: "veth" + container_interface: "eth10" + ip_from_q: "tunnel" + type: "vxlan" + range: "1:1000" + net_name: "vxlan" + group_binds: + - neutron_linuxbridge_agent + # - network: + # container_bridge: "br-vlan" + # container_type: "veth" + # container_interface: "eth12" + # host_bind_override: "eth12" + # type: "flat" + # net_name: "flat" + # group_binds: + # - neutron_linuxbridge_agent + - network: + container_bridge: "br-storage" + container_type: "veth" + container_interface: "eth2" + ip_from_q: "storage" + type: "raw" + group_binds: + - glance_api + - cinder_api + - cinder_volume + - nova_compute + + +x-infra-hosts: &x-infra-hosts + infra1: + ip: 172.29.220.5 +x-compute-hosts: &x-compute-hosts + compute1: + ip: 172.29.220.6 +x-storage-hosts: &x-storage-hosts + infra1: + ip: 172.29.220.7 + container_vars: + cinder_backends: + limit_container_types: cinder_volume + lvm: + volume_group: cinder-volumes + volume_driver: cinder.volume.drivers.lvm.LVMVolumeDriver + volume_backend_name: LVM_iSCSI + iscsi_ip_address: "172.29.228.7" + +## +## Infrastructure +## +shared-infra_hosts: + <<: *x-infra-hosts +repo-infra_hosts: + <<: *x-infra-hosts +haproxy_hosts: + <<: *x-infra-hosts +## +## OpenStack +## +identity_hosts: + <<: *x-infra-hosts +storage-infra_hosts: + <<: *x-infra-hosts +image_hosts: + <<: *x-infra-hosts +placement-infra_hosts: + <<: *x-infra-hosts +compute-infra_hosts: + <<: *x-infra-hosts +orchestration_hosts: + <<: *x-infra-hosts +dashboard_hosts: + <<: *x-infra-hosts +network_hosts: + <<: *x-infra-hosts +compute_hosts: + <<: *x-compute-hosts +#storage_hosts: +# <<: *x-storage-hosts + +### +### Infrastructure +### + + ## galera, memcache, rabbitmq, utility + #shared-infra_hosts: + # infra1: + # ip: 172.29.220.5 + # + ## repository (apt cache, python packages, etc) + #repo-infra_hosts: + # infra1: + # ip: 172.29.220.5 + # + ## load balancer + #haproxy_hosts: + # infra1: + # ip: 172.29.220.5 + # + #### + #### OpenStack + #### + # + ## keystone + #identity_hosts: + # infra1: + # ip: 172.29.220.5 + # + ## cinder api services + #storage-infra_hosts: + # infra1: + # ip: 172.29.220.5 + # + ## glance + #image_hosts: + # infra1: + # ip: 172.29.220.5 + # + ## placement + #placement-infra_hosts: + # infra1: + # ip: 172.29.220.5 + # + ## nova api, conductor, etc services + #compute-infra_hosts: + # infra1: + # ip: 172.29.220.5 + # + ## heat + #orchestration_hosts: + # infra1: + # ip: 172.29.220.5 + # + ## horizon + #dashboard_hosts: + # infra1: + # ip: 172.29.220.5 + # + ## neutron server, agents (L3, etc) + #network_hosts: + # infra1: + # ip: 172.29.220.5 + # + ## nova hypervisors + #compute_hosts: + # compute1: + # ip: 172.29.220.6 + # + ## cinder storage host (LVM-backed) + #storage_hosts: + # storage1: + # ip: 172.29.220.7 + # container_vars: + # cinder_backends: + # limit_container_types: cinder_volume + # lvm: + # volume_group: cinder-volumes + # volume_driver: cinder.volume.drivers.lvm.LVMVolumeDriver + # volume_backend_name: LVM_iSCSI + # iscsi_ip_address: "172.29.228.7" diff --git a/ansible/playbooks/files/user_lxc.yml b/ansible/playbooks/files/user_lxc.yml new file mode 100644 index 0000000..1f14557 --- /dev/null +++ b/ansible/playbooks/files/user_lxc.yml @@ -0,0 +1,3 @@ +--- +lxc_container_base_name: "rocky-8-amd64" +lxc_hosts_container_build_command: "dnf --assumeyes --installroot=/var/lib/machines/{{ lxc_container_base_name }} install --setopt=install_weak_deps=False --nodocs rootfiles coreutils dnf rocky-release rocky-repos --releasever=8" diff --git a/ansible/playbooks/handlers/main.yml b/ansible/playbooks/handlers/main.yml index 0806c25..3860a81 100644 --- a/ansible/playbooks/handlers/main.yml +++ b/ansible/playbooks/handlers/main.yml @@ -3,5 +3,3 @@ service: name: sshd state: restarted - -... diff --git a/ansible/playbooks/init-nodes.retry b/ansible/playbooks/init-nodes.retry index 845485d..752fb32 100644 --- a/ansible/playbooks/init-nodes.retry +++ b/ansible/playbooks/init-nodes.retry @@ -1,3 +1 @@ -compute1 infra1 -storage1 diff --git a/ansible/playbooks/init-nodes.yml b/ansible/playbooks/init-nodes.yml index 1cdd32b..8427759 100644 --- a/ansible/playbooks/init-nodes.yml +++ b/ansible/playbooks/init-nodes.yml @@ -94,10 +94,49 @@ version: 'feature/rocky8' tags: repos + - name: Create ssh key for root + ansible.builtin.user: + name: root + generate_ssh_key: yes + ssh_key_bits: 4096 + ssh_key_file: .ssh/id_rsa + register: sshkey_register + tags: sshkey + + - name: fetch_keys + tags: sshkey + fetch: + src: "~/.ssh/id_rsa.pub" + dest: "files/buffer/infra-id_rsa.pub" + flat: yes + when: sshkey_register.ssh_public_key != "" + register: sshkey_fetch + when: tag.find("infra") != -1 tags: infra + + - name: Install packages on non-infra hosts + when: tag.find("infra") == -1 + ansible.builtin.dnf: + name: + - iputils + - lsof + - openssh-server + - sudo + - tcpdump + - python3 + state: latest + post_tasks: + - name: Copy key to others + ansible.posix.authorized_key: + user: root + state: present + key: "{{ lookup('file', 'files/buffer/infra-id_rsa.pub') }}" + when: tag.find("infra") == -1 and sshkey_fetch + tags: sshkey + - name: Disable cloud init from future runs file: path: /etc/cloud/cloud-init.disabled diff --git a/ansible/playbooks/role-infra-host.yml b/ansible/playbooks/role-infra-host.yml new file mode 100644 index 0000000..01004e3 --- /dev/null +++ b/ansible/playbooks/role-infra-host.yml @@ -0,0 +1,93 @@ +--- + +- name: Bootstrap + hosts: infra1 + become: true + + handlers: + - import_tasks: handlers/main.yml + + pre_tasks: + - name: Check if ansible cannot be run here + stat: + path: /etc/no-ansible + register: no_ansible + + - name: Verify if we can run ansible + assert: + that: + - "not no_ansible.stat.exists" + success_msg: "We are able to run on this node" + fail_msg: "/etc/no-ansible exists - skipping run on this node" + + tasks: + - name: Loading Variables from OS Common + import_tasks: tasks/common_vars.yml + + - name: Bootstrap ansible + become: true + shell: scripts/bootstrap-ansible.sh + args: + chdir: /opt/openstack-ansible/ + creates: /etc/ansible/ + tags: + - bootstrap + + - name: Fix roles + become: true + ansible.builtin.shell: + cmd: grep -ril 'openstack.config_template.' /etc/ansible/roles/ | xargs sed -i.bak 's,openstack.config_template.,,g' + tags: + - temporary + - ansible + - bootstrap + + - name: Deploy and setup configuration + block: + - name: Copy template to etc + ansible.builtin.copy: + remote_src: yes + src: /opt/openstack-ansible/etc/openstack_deploy + dest: /etc/ + directory_mode: yes + + - name: Copy our openstack configs + ansible.builtin.copy: + src: "files/{{ item }}.yml" + dest: /etc/openstack_deploy/ + mode: '0644' + with_items: + - openstack_user_config + - user_lxc + + - name: Create secrets + become: true + ansible.builtin.shell: + cmd: /opt/openstack-ansible/scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml + tags: secrets + args: + creates: /etc/openstack_deploy/user_secrets.yml.tar + + + - name: Check playbooks + tags: syntax + become: true + ansible.builtin.shell: + cmd: openstack-ansible --syntax-check ${item}.yml + args: + chdir: /opt/openstack-ansible/playbooks/ + with_items: + - hosts + - infrastructure + - openstack + register: playbooks_res + + post_tasks: + - name: Touching run file that ansible has ran here + file: + path: /var/log/ansible.run + state: touch + mode: '0644' + owner: root + group: root +...