From 91deb13ec21b0402fd3781df46f38fbbcd66a963 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Tue, 12 Jul 2016 22:54:47 -0500 Subject: [PATCH] Cleanup/standardize common tasks All of the common tasks shared across all of the playbooks have been moved into "playbooks/common-tasks" as singular task files which are simply included as needed. * This change will assist developers adding additional playbooks, roles, etc which may need access to common tasks. * This change will guarantee consistency between playbooks when executing common tasks which are generally used to setup services. * This change greatly reduces code duplication across all plays. * The common-task files have comments at the top for developer instructions on how a task file can be used. Change-Id: I399211c139d6388ab56b97b809f93d4936907c7a Signed-off-by: Kevin Carter --- playbooks/common-tasks/mysql-db-user.yml | 36 ++++ playbooks/common-tasks/os-log-dir-setup.yml | 42 +++++ .../common-tasks/os-lxc-container-setup.yml | 89 +++++++++ .../common-tasks/rabbitmq-servers-sort.yml | 33 ++++ .../common-tasks/rabbitmq-vhost-user.yml | 36 ++++ playbooks/galera-install.yml | 39 +--- playbooks/haproxy-install.yml | 51 +---- playbooks/memcached-install.yml | 49 +---- playbooks/os-aodh-install.yml | 111 ++--------- playbooks/os-ceilometer-install.yml | 87 ++------- playbooks/os-cinder-install.yml | 174 +++++------------- playbooks/os-glance-install.yml | 146 +++------------ playbooks/os-gnocchi-install.yml | 100 ++-------- playbooks/os-heat-install.yml | 122 ++---------- playbooks/os-horizon-install.yml | 97 ++-------- playbooks/os-ironic-install.yml | 98 ++-------- playbooks/os-keystone-install.yml | 137 +++----------- playbooks/os-neutron-install.yml | 150 +++------------ playbooks/os-nova-install.yml | 172 ++++------------- playbooks/os-swift-install.yml | 67 +------ playbooks/rabbitmq-install.yml | 24 +-- playbooks/repo-server.yml | 42 +---- playbooks/rsyslog-install.yml | 51 +---- playbooks/utility-install.yml | 53 +----- 24 files changed, 522 insertions(+), 1484 deletions(-) create mode 100644 playbooks/common-tasks/mysql-db-user.yml create mode 100644 playbooks/common-tasks/os-log-dir-setup.yml create mode 100644 playbooks/common-tasks/os-lxc-container-setup.yml create mode 100644 playbooks/common-tasks/rabbitmq-servers-sort.yml create mode 100644 playbooks/common-tasks/rabbitmq-vhost-user.yml diff --git a/playbooks/common-tasks/mysql-db-user.yml b/playbooks/common-tasks/mysql-db-user.yml new file mode 100644 index 0000000000..a9b9a33b2f --- /dev/null +++ b/playbooks/common-tasks/mysql-db-user.yml @@ -0,0 +1,36 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create DB for service + mysql_db: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ login_host }}" + name: "{{ db_name }}" + state: "present" + delegate_to: "{{ groups['galera_all'][0] }}" + +- name: Grant access to the DB for the service + mysql_user: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ login_host }}" + name: "{{ user_name }}" + password: "{{ password }}" + host: "{{ item }}" + state: "present" + priv: "{{ db_name }}.*:ALL" + delegate_to: "{{ groups['galera_all'][0] }}" + with_items: "{{ grant_list | default(['localhost', '%']) }}" diff --git a/playbooks/common-tasks/os-log-dir-setup.yml b/playbooks/common-tasks/os-log-dir-setup.yml new file mode 100644 index 0000000000..f392ce14b7 --- /dev/null +++ b/playbooks/common-tasks/os-log-dir-setup.yml @@ -0,0 +1,42 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Usage: +# This common task is used to create log directories and links +# if the "log_dirs" list is passed. "log_dirs" must be used +# containing at least one dictionary with the keys "dest" and +# "src". Optionally the "owner" and "group" can be provided as well. +# * dest = destination +# * src = source +# * owner = user +# * group = group + +- name: Create log dir + file: + path: "{{ item.src }}" + state: directory + with_items: "{{ log_dirs }}" + when: is_metal | bool + +- name: Create log aggregation links + file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner|default(omit) }}" + group: "{{ item.group|default(omit) }}" + state: "link" + force: "yes" + with_items: "{{ log_dirs }}" + when: is_metal | bool diff --git a/playbooks/common-tasks/os-lxc-container-setup.yml b/playbooks/common-tasks/os-lxc-container-setup.yml new file mode 100644 index 0000000000..c99f909119 --- /dev/null +++ b/playbooks/common-tasks/os-lxc-container-setup.yml @@ -0,0 +1,89 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Usage: +# This common task will update lxc containers to use the lxc-openstack +# app-armor profile by default however this profile can be changed as needed. + +# This will also load in a list of bind mounts for a given container. To load +# in a list of bind mounts the variable, "list_of_bind_mounts" must be used +# containing at least one dictionary with the keys "bind_dir_path", +# "relative_bind_dir_path", and "mount_path". +# * bind_dir_path = Container path used in a bind mount +# * mount_path = Local path on the physical host used for a bind mount + +# If extra container configurations are desirable set the +# "extra_container_config" list to strings containing the options needed. + +- name: Set the LXC app-armor profile + lxc_container: + name: "{{ inventory_hostname }}" + container_config: + - "lxc.aa_profile={{ aa_profile | default('lxc-openstack') }}" + delegate_to: "{{ physical_host }}" + when: + - not is_metal | bool + register: _cp + +- name: Ensure mount directories exists + file: + path: "{{ item['mount_path'] }}" + state: "directory" + with_items: "{{ list_of_bind_mounts | default([]) }}" + delegate_to: "{{ physical_host }}" + when: + - list_of_bind_mounts is defined + - not is_metal | bool + +- name: LXC Directory bind mount + lxc_container: + name: "{{ inventory_hostname }}" + container_command: | + [[ ! -d "{{ item['bind_dir_path'] }}" ]] && mkdir -p "{{ item['bind_dir_path'] }}" + container_config: + - "lxc.mount.entry={{ item['mount_path'] }} {{ item['bind_dir_path'].lstrip('/') }} none bind 0 0" + with_items: "{{ list_of_bind_mounts | default([]) }}" + delegate_to: "{{ physical_host }}" + register: _bm + when: + - list_of_bind_mounts is defined + - not is_metal | bool + +- name: Extra lxc config + lxc_container: + name: "{{ inventory_hostname }}" + container_config: "{{ extra_container_config }}" + delegate_to: "{{ physical_host }}" + when: + - extra_container_config is defined + - not is_metal | bool + register: _ec + +- name: Wait for container ssh + wait_for: + port: "22" + delay: "{{ ssh_delay }}" + search_regex: "OpenSSH" + host: "{{ ansible_ssh_host }}" + delegate_to: "{{ physical_host }}" + when: + - > + (_cp is defined and _cp | changed) or + (_bm is defined and _bm | changed) or + (_ec is defined and _ec | changed) + - not is_metal | bool + register: ssh_wait_check + until: ssh_wait_check | success + retries: 3 diff --git a/playbooks/common-tasks/rabbitmq-servers-sort.yml b/playbooks/common-tasks/rabbitmq-servers-sort.yml new file mode 100644 index 0000000000..fdb9e09c79 --- /dev/null +++ b/playbooks/common-tasks/rabbitmq-servers-sort.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Usage: +# To use this common task the variable "sort_group_name" needs to be set +# This common task will set a fact for "rabbitmq_servers" upon completion. + +- name: Sort the rabbitmq servers + dist_sort: + value_to_lookup: "{{ container_name }}" + ref_list: "{{ groups[sort_group_name] }}" + src_list: "{{ rabbitmq_servers }}" + register: servers + tags: + - always + +- name: Set rabbitmq servers + set_fact: + rabbitmq_servers: "{{ servers.sorted_list }}" + tags: + - always diff --git a/playbooks/common-tasks/rabbitmq-vhost-user.yml b/playbooks/common-tasks/rabbitmq-vhost-user.yml new file mode 100644 index 0000000000..d9202e58ce --- /dev/null +++ b/playbooks/common-tasks/rabbitmq-vhost-user.yml @@ -0,0 +1,36 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Usage: +# To use this common task to create rabbitmq virtual hosts if needed +# and to create a user within rabbitmq. To use this common task the +# variables "vhost", "user", and "password" must be set. + +- name: Ensure Rabbitmq vhost + rabbitmq_vhost: + name: "{{ vhost }}" + state: "present" + delegate_to: "{{ groups['rabbitmq_all'][0] }}" + +- name: Ensure rabbitmq user + rabbitmq_user: + user: "{{ user }}" + password: "{{ password }}" + vhost: "{{ vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + delegate_to: "{{ groups['rabbitmq_all'][0] }}" diff --git a/playbooks/galera-install.yml b/playbooks/galera-install.yml index 581e152529..283a04a7be 100644 --- a/playbooks/galera-install.yml +++ b/playbooks/galera-install.yml @@ -19,40 +19,11 @@ gather_facts: "{{ gather_facts | default(True) }}" user: root tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=lxc-openstack" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - register: container_config - tags: - - lxc-aa-profile - - name: Galera extra lxc config - lxc_container: - name: "{{ container_name }}" - container_command: | - [[ ! -d "/var/lib/mysql" ]] && mkdir -p "/var/lib/mysql" - container_config: - - "lxc.mount.entry=/openstack/{{ container_name }} var/lib/mysql none bind 0 0" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - register: container_extra_config - tags: - - galera-mysql-dir - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: > - (container_config is defined and container_config | changed) or - (container_extra_config is defined and container_extra_config | changed) - tags: - - galera-ssh-wait + - include: common-tasks/os-lxc-container-setup.yml + vars: + list_of_bind_mounts: + - bind_dir_path: "/var/lib/mysql" + mount_path: "/openstack/{{ inventory_hostname }}" vars: is_metal: "{{ properties.is_metal|default(false) }}" tags: diff --git a/playbooks/haproxy-install.yml b/playbooks/haproxy-install.yml index 0cf9fcf685..fdb057fec9 100644 --- a/playbooks/haproxy-install.yml +++ b/playbooks/haproxy-install.yml @@ -19,31 +19,12 @@ max_fail_percentage: 0 user: root tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=lxc-openstack" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - register: container_config - tags: - - lxc-aa-profile - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: - - container_config is defined - - container_config | changed - register: ssh_wait_check - until: ssh_wait_check | success - retries: 3 - tags: - - ssh-wait + - include: common-tasks/os-lxc-container-setup.yml + - include: common-tasks/os-log-dir-setup.yml + vars: + log_dirs: + - src: "/openstack/log/{{ inventory_hostname }}-haproxy" + dest: "/var/log/haproxy" vars: is_metal: "{{ properties.is_metal|default(false) }}" tags: @@ -73,26 +54,6 @@ when: internal_lb_vip_address == external_lb_vip_address tags: - haproxy-service-config - - name: Create log dir - file: - path: "{{ item.path }}" - state: directory - with_items: - - { path: "/openstack/log/{{ inventory_hostname }}-haproxy" } - when: is_metal | bool - tags: - - haproxy-logs - - name: Create log aggregation links - file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - state: "{{ item.state }}" - force: "yes" - with_items: - - { src: "/openstack/log/{{ inventory_hostname }}-haproxy", dest: "/var/log/haproxy", state: "link" } - when: is_metal | bool - tags: - - haproxy-logs - name: Remove legacy haproxy logging file file: dest: "/etc/rsyslog.d/haproxy.conf" diff --git a/playbooks/memcached-install.yml b/playbooks/memcached-install.yml index ecbfc60561..ad5ca261c6 100644 --- a/playbooks/memcached-install.yml +++ b/playbooks/memcached-install.yml @@ -19,49 +19,12 @@ max_fail_percentage: 20 user: root pre_tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=lxc-openstack" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - register: container_config - tags: - - lxc-aa-profile - - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: container_config is defined and container_config | changed - register: ssh_wait_check - until: ssh_wait_check | success - retries: 3 - tags: - - ssh-wait - - - name: Create log dir - file: - path: "/openstack/log/{{ inventory_hostname }}-memcached" - state: directory - when: is_metal | bool - tags: - - memcached-logs - - memcached-log-dirs - - - name: Create log aggregation links - file: - src: "/openstack/log/{{ inventory_hostname }}-memcached" - dest: "/var/log/memcached" - state: "link" - force: "yes" - when: is_metal | bool - tags: - - memcached-logs + - include: common-tasks/os-lxc-container-setup.yml + - include: common-tasks/os-log-dir-setup.yml + vars: + log_dirs: + - src: "/openstack/log/{{ inventory_hostname }}-memcached" + dest: "/var/log/memcached" roles: - { role: "memcached_server", tags: [ "memcached-server" ] } - role: "system_crontab_coordination" diff --git a/playbooks/os-aodh-install.yml b/playbooks/os-aodh-install.yml index eb7fc4371d..b9c39d594e 100644 --- a/playbooks/os-aodh-install.yml +++ b/playbooks/os-aodh-install.yml @@ -19,107 +19,30 @@ max_fail_percentage: 20 user: root pre_tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=lxc-openstack" - register: container_config - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - tags: - - lxc-aa-profile - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: container_config is defined and container_config | changed - register: ssh_wait_check - until: ssh_wait_check | success - retries: 3 - tags: - - ssh-wait - - name: Sort the rabbitmq servers - dist_sort: - value_to_lookup: "{{ container_name }}" - ref_list: "{{ groups['aodh_all'] }}" - src_list: "{{ rabbitmq_servers }}" - register: servers - tags: - - always - - name: Set rabbitmq servers - set_fact: - rabbitmq_servers: "{{ servers.sorted_list }}" - tags: - - always - - name: Create log dir - file: - path: "{{ item.path }}" - state: directory - with_items: - - { path: "/openstack/log/{{ inventory_hostname }}-aodh" } - when: is_metal | bool - tags: - - aodh-logs - - aodh-log-dirs - - name: Ensure Rabbitmq vhost - rabbitmq_vhost: - name: "{{ aodh_rabbitmq_vhost }}" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" - when: - - inventory_hostname == groups['aodh_api'][0] - - groups['rabbitmq_all']|length > 0 - tags: - - aodh-rabbitmq - - aodh-rabbitmq-vhost - - name: Ensure rabbitmq user - rabbitmq_user: + - include: common-tasks/rabbitmq-servers-sort.yml + vars: + sort_group_name: "aodh_all" + - include: common-tasks/os-lxc-container-setup.yml + - include: common-tasks/rabbitmq-vhost-user.yml + vars: user: "{{ aodh_rabbitmq_userid }}" password: "{{ aodh_rabbitmq_password }}" vhost: "{{ aodh_rabbitmq_vhost }}" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" when: - inventory_hostname == groups['aodh_api'][0] - - groups['rabbitmq_all']|length > 0 - tags: - - aodh-rabbitmq - - aodh-rabbitmq-user - - name: Create DB for service - mysql_db: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ aodh_galera_address }}" - name: "{{ aodh_galera_database }}" - state: "present" - when: inventory_hostname == groups['aodh_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - tags: - - mysql-db-setup - - name: Grant access to the DB for the service - mysql_user: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ aodh_galera_address }}" - name: "{{ aodh_galera_user }}" + - groups['rabbitmq_all'] | length > 0 + - include: common-tasks/os-log-dir-setup.yml + vars: + log_dirs: + - src: "/openstack/log/{{ inventory_hostname }}-aodh" + dest: "/var/log/aodh" + - include: common-tasks/mysql-db-user.yml + vars: + user_name: "{{ aodh_galera_user }}" password: "{{ aodh_container_db_password }}" - host: "{{ item }}" - state: "present" - priv: "{{ aodh_galera_database }}.*:ALL" + login_host: "{{ aodh_galera_address }}" + db_name: "{{ aodh_galera_database }}" when: inventory_hostname == groups['aodh_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - with_items: - - "localhost" - - "%" - tags: - - mysql-db-setup roles: - role: "os_aodh" aodh_venv_tag: "{{ openstack_release }}" diff --git a/playbooks/os-ceilometer-install.yml b/playbooks/os-ceilometer-install.yml index e0d5027913..556ddc9496 100644 --- a/playbooks/os-ceilometer-install.yml +++ b/playbooks/os-ceilometer-install.yml @@ -19,86 +19,23 @@ max_fail_percentage: 20 user: root pre_tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=lxc-openstack" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - register: container_config - tags: - - lxc-aa-profile - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: container_config is defined and container_config | changed - register: ssh_wait_check - until: ssh_wait_check | success - retries: 3 - tags: - - ssh-wait - - name: Sort the rabbitmq servers - dist_sort: - value_to_lookup: "{{ container_name }}" - ref_list: "{{ groups['ceilometer_all'] }}" - src_list: "{{ rabbitmq_servers }}" - register: servers - - name: Set rabbitmq servers - set_fact: - rabbitmq_servers: "{{ servers.sorted_list }}" - - name: Create log dir - file: - path: "{{ item.path }}" - state: directory - with_items: - - { path: "/openstack/log/{{ inventory_hostname }}-ceilometer" } - when: is_metal | bool - tags: - - ceilometer-logs - - ceilometer-log-dirs - - name: Create log aggregation links - file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - state: "{{ item.state }}" - force: "yes" - with_items: - - { src: "/openstack/log/{{ inventory_hostname }}-ceilometer", dest: "/var/log/ceilometer", state: "link" } - when: is_metal | bool - tags: - - ceilometer-logs - - name: Ensure Rabbitmq vhost - rabbitmq_vhost: - name: "{{ ceilometer_rabbitmq_vhost }}" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" - when: - - inventory_hostname == groups['ceilometer_api'][0] - - groups['rabbitmq_all']|length > 0 - tags: - - ceilometer-rabbitmq - - ceilometer-rabbitmq-vhost - - name: Ensure rabbitmq user - rabbitmq_user: + - include: common-tasks/rabbitmq-servers-sort.yml + vars: + sort_group_name: "ceilometer_all" + - include: common-tasks/os-lxc-container-setup.yml + - include: common-tasks/rabbitmq-vhost-user.yml + vars: user: "{{ ceilometer_rabbitmq_userid }}" password: "{{ ceilometer_rabbitmq_password }}" vhost: "{{ ceilometer_rabbitmq_vhost }}" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" when: - inventory_hostname == groups['ceilometer_api'][0] - - groups['rabbitmq_all']|length > 0 - tags: - - ceilometer-rabbitmq - - ceilometer-rabbitmq-user + - groups['rabbitmq_all'] | length > 0 + - include: common-tasks/os-log-dir-setup.yml + vars: + log_dirs: + - src: "/openstack/log/{{ inventory_hostname }}-ceilometer" + dest: "/var/log/ceilometer" roles: - role: "os_ceilometer" ceilometer_venv_tag: "{{ openstack_release }}" diff --git a/playbooks/os-cinder-install.yml b/playbooks/os-cinder-install.yml index 762c692f51..799b7dfe47 100644 --- a/playbooks/os-cinder-install.yml +++ b/playbooks/os-cinder-install.yml @@ -19,18 +19,43 @@ max_fail_percentage: 20 user: root pre_tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=unconfined" - delegate_to: "{{ physical_host }}" - register: container_config - when: > - not is_metal | bool and - inventory_hostname in groups['cinder_volume'] - tags: - - lxc-aa-profile + - include: common-tasks/rabbitmq-servers-sort.yml + vars: + sort_group_name: "cinder_all" + - include: common-tasks/os-lxc-container-setup.yml + vars: + aa_profile: "unconfined" + extra_container_config: + - "lxc.autodev=0" + - "lxc.cgroup.devices.allow=a *:* rmw" + - "lxc.mount.entry=udev dev devtmpfs defaults 0 0" + when: + - inventory_hostname in groups['cinder_volume'] + - cinder_backend_lvm_inuse | bool + - include: common-tasks/os-lxc-container-setup.yml + when: + - inventory_hostname not in groups['cinder_volume'] + - include: common-tasks/rabbitmq-vhost-user.yml + vars: + user: "{{ cinder_rabbitmq_userid }}" + password: "{{ cinder_rabbitmq_password }}" + vhost: "{{ cinder_rabbitmq_vhost }}" + when: + - inventory_hostname == groups['cinder_all'][0] + - groups['rabbitmq_all'] | length > 0 + - include: common-tasks/os-log-dir-setup.yml + vars: + log_dirs: + - src: "/openstack/log/{{ inventory_hostname }}-cinder" + dest: "/var/log/cinder" + - include: common-tasks/mysql-db-user.yml + vars: + user_name: "{{ cinder_galera_user }}" + password: "{{ cinder_container_mysql_password }}" + login_host: "{{ cinder_galera_address }}" + db_name: "{{ cinder_galera_database }}" + when: inventory_hostname == groups['cinder_all'][0] + - name: Add volume group block device to cinder shell: | {% if item.value.volume_group is defined %} @@ -43,135 +68,18 @@ echo "{{ item.key }} volume_group not defined" {% endif %} with_dict: cinder_backends|default({}) - when: physical_host != container_name + when: + - physical_host != container_name + - cinder_backend_lvm_inuse | bool delegate_to: "{{ physical_host }}" tags: - cinder-lxc-devices - - name: Cinder volume extra lxc config - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.autodev=0" - - "lxc.cgroup.devices.allow=a *:* rmw" - - "lxc.mount.entry=udev dev devtmpfs defaults 0 0" - delegate_to: "{{ physical_host }}" - when: > - not is_metal | bool and - inventory_hostname in groups['cinder_volume'] and - cinder_backend_lvm_inuse - tags: - - cinder-container-setup - register: lxc_config - name: udevadm trigger command: udevadm trigger tags: - cinder-container-setup delegate_to: "{{ physical_host }}" - when: lxc_config is defined and lxc_config | changed - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: > - (container_config is defined and container_config | changed) or - (lxc_config is defined and lxc_config | changed) - register: ssh_wait_check - until: ssh_wait_check|success - retries: 3 - tags: - - ssh-wait - - name: Sort the rabbitmq servers - dist_sort: - value_to_lookup: "{{ container_name }}" - ref_list: "{{ groups['cinder_all'] }}" - src_list: "{{ rabbitmq_servers }}" - register: servers - tags: - - always - - name: Set rabbitmq servers - set_fact: - rabbitmq_servers: "{{ servers.sorted_list }}" - tags: - - always - - name: Create log dir - file: - path: "{{ item.path }}" - state: directory - with_items: - - { path: "/openstack/log/{{ inventory_hostname }}-cinder" } - when: is_metal | bool - tags: - - cinder-logs - - cinder-log-dirs - - name: Create log aggregation links - file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - state: "{{ item.state }}" - force: "yes" - with_items: - - { src: "/openstack/log/{{ inventory_hostname }}-cinder", dest: "/var/log/cinder", state: "link" } - when: is_metal | bool - tags: - - cinder-logs - - name: Ensure Rabbitmq vhost - rabbitmq_vhost: - name: "{{ cinder_rabbitmq_vhost }}" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" - when: - - inventory_hostname == groups['cinder_all'][0] - - groups['rabbitmq_all']|length > 0 - tags: - - cinder-rabbitmq - - cinder-rabbitmq-vhost - - name: Ensure rabbitmq user - rabbitmq_user: - user: "{{ cinder_rabbitmq_userid }}" - password: "{{ cinder_rabbitmq_password }}" - vhost: "{{ cinder_rabbitmq_vhost }}" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" - when: - - inventory_hostname == groups['cinder_all'][0] - - groups['rabbitmq_all']|length > 0 - tags: - - cinder-rabbitmq - - cinder-rabbitmq-user - - name: Create DB for service - mysql_db: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ cinder_galera_address }}" - name: "{{ cinder_galera_database }}" - state: "present" - when: inventory_hostname == groups['cinder_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - tags: - - mysql-db-setup - - name: Grant access to the DB for the service - mysql_user: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ cinder_galera_address }}" - name: "{{ cinder_galera_user }}" - password: "{{ cinder_container_mysql_password }}" - host: "{{ item }}" - state: "present" - priv: "{{ cinder_galera_database }}.*:ALL" - when: inventory_hostname == groups['cinder_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - with_items: - - "localhost" - - "%" - tags: - - mysql-db-setup + when: cinder_backend_lvm_inuse | bool - name: Set cinder storage bridge (is_metal) set_fact: storage_bridge: "{{ 'ansible_' + hostvars[inventory_hostname]['container_networks']['storage_address']['bridge'] | replace('-', '_') }}" diff --git a/playbooks/os-glance-install.yml b/playbooks/os-glance-install.yml index 23ccec5c0c..a1b08e70d3 100644 --- a/playbooks/os-glance-install.yml +++ b/playbooks/os-glance-install.yml @@ -19,135 +19,37 @@ max_fail_percentage: 20 user: root pre_tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=lxc-openstack" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - register: container_config - tags: - - lxc-aa-profile - - name: Glance extra lxc config - lxc_container: - name: "{{ container_name }}" - container_command: | - [[ ! -d "/var/lib/glance/images" ]] && mkdir -p "/var/lib/glance/images" - container_config: - - "lxc.mount.entry=/openstack/{{ container_name }} var/lib/glance/images none bind 0 0" - delegate_to: "{{ physical_host }}" - when: > - (not is_metal | bool) and - (glance_default_store == "file") and - (glance_nfs_client is not defined) - register: container_extra_config - tags: - - glance-cache-dir - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: > - (container_config is defined and container_config | changed) or - (container_extra_config is defined and container_config | changed) - register: ssh_wait_check - until: ssh_wait_check | success - retries: 3 - tags: - - ssh-wait - - name: Sort the rabbitmq servers - dist_sort: - value_to_lookup: "{{ container_name }}" - ref_list: "{{ groups['glance_all'] }}" - src_list: "{{ rabbitmq_servers }}" - register: servers - tags: - - always - - name: Set rabbitmq servers - set_fact: - rabbitmq_servers: "{{ servers.sorted_list }}" - tags: - - always - - name: Create log dir - file: - path: "{{ item.path }}" - state: directory - with_items: - - { path: "/openstack/log/{{ inventory_hostname }}-glance" } - when: is_metal | bool - tags: - - glance-logs - - glance-log-dirs - - name: Create log aggregation links - file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - state: "{{ item.state }}" - force: "yes" - with_items: - - { src: "/openstack/log/{{ inventory_hostname }}-glance", dest: "/var/log/glance", state: "link" } - when: is_metal | bool - tags: - - glance-logs - - name: Ensure Rabbitmq vhost - rabbitmq_vhost: - name: "{{ glance_rabbitmq_vhost }}" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" - when: - - inventory_hostname == groups['glance_all'][0] - - groups['rabbitmq_all']|length > 0 - tags: - - glance-rabbitmq - - glance-rabbitmq-vhost - - name: Ensure rabbitmq user - rabbitmq_user: + - include: common-tasks/rabbitmq-servers-sort.yml + vars: + sort_group_name: "glance_all" + - include: common-tasks/os-lxc-container-setup.yml + vars: + list_of_bind_mounts: + - bind_dir_path: "/var/lib/glance/images" + mount_path: "/openstack/{{ inventory_hostname }}" + when: (glance_default_store == "file") and (glance_nfs_client is not defined) + - include: common-tasks/os-lxc-container-setup.yml + when: (glance_default_store != "file") or (glance_nfs_client is defined) + - include: common-tasks/rabbitmq-vhost-user.yml + vars: user: "{{ glance_rabbitmq_userid }}" password: "{{ glance_rabbitmq_password }}" vhost: "{{ glance_rabbitmq_vhost }}" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" when: - inventory_hostname == groups['glance_all'][0] - - groups['rabbitmq_all']|length > 0 - tags: - - glance-rabbitmq - - glance-rabbitmq-user - - name: Create DB for service - mysql_db: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ glance_galera_address }}" - name: "{{ glance_galera_database }}" - state: "present" - when: inventory_hostname == groups['glance_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - tags: - - mysql-db-setup - - name: Grant access to the DB for the service - mysql_user: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ glance_galera_address }}" - name: "{{ glance_galera_user }}" + - groups['rabbitmq_all'] | length > 0 + - include: common-tasks/os-log-dir-setup.yml + vars: + log_dirs: + - src: "/openstack/log/{{ inventory_hostname }}-glance" + dest: "/var/log/glance" + - include: common-tasks/mysql-db-user.yml + vars: + user_name: "{{ glance_galera_user }}" password: "{{ glance_container_mysql_password }}" - host: "{{ item }}" - state: "present" - priv: "{{ glance_galera_database }}.*:ALL" + login_host: "{{ glance_galera_address }}" + db_name: "{{ glance_galera_database }}" when: inventory_hostname == groups['glance_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - with_items: - - "localhost" - - "%" - tags: - - mysql-db-setup roles: - role: "os_glance" glance_venv_tag: "{{ openstack_release }}" diff --git a/playbooks/os-gnocchi-install.yml b/playbooks/os-gnocchi-install.yml index ca4e602775..519c608857 100644 --- a/playbooks/os-gnocchi-install.yml +++ b/playbooks/os-gnocchi-install.yml @@ -18,90 +18,26 @@ max_fail_percentage: 20 user: root pre_tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=lxc-openstack" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - register: container_config - tags: - - lxc-aa-profile - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: container_config is defined and container_config | changed - register: ssh_wait_check - until: ssh_wait_check | success - retries: 3 - tags: - - ssh-wait - - name: Gnocchi extra lxc config - lxc_container: - name: "{{ container_name }}" - container_command: | - [[ ! -d "/var/lib/gnocchi" ]] && mkdir -p "/var/lib/gnocchi" - container_config: - - "lxc.mount.entry=/openstack/{{ container_name }} var/lib/gnocchi none bind 0 0" - delegate_to: "{{ physical_host }}" - when: > - (not is_metal | bool) and gnocchi_storage_driver is not defined or - (gnocchi_storage_driver == "file") - register: container_extra_config - tags: - -gnocchi-storage-dir - - name: Create log dir - file: - path: "{{ item.path }}" - state: directory - with_items: - - { path: "/openstack/log/{{ inventory_hostname }}-gnocchi" } - when: is_metal | bool - tags: - - gnocchi-logs - - gnocchi-log-dirs - - name: Create log aggregation links - file: - src: "/openstack/log/{{ inventory_hostname }}-gnocchi" - dest: "/var/log/gnocchi" - state: "link" - force: "yes" - when: is_metal | bool - tags: - - gnocchi-logs - - name: Create DB for service - mysql_db: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" + - include: common-tasks/os-lxc-container-setup.yml + vars: + list_of_bind_mounts: + - bind_dir_path: "/var/lib/gnocchi" + mount_path: "/openstack/{{ inventory_hostname }}" + when: (gnocchi_storage_driver == "file") and (gnocchi_storage_driver is not defined) + - include: common-tasks/os-lxc-container-setup.yml + when: (gnocchi_storage_driver != "file") or (gnocchi_storage_driver is defined) + - include: common-tasks/os-log-dir-setup.yml + vars: + log_dirs: + - src: "/openstack/log/{{ inventory_hostname }}-gnocchi" + dest: "/var/log/gnocchi" + - include: common-tasks/mysql-db-user.yml + vars: + user_name: "{{ gnocchi_galera_user }}" + password: "{{ gnocchi_container_mysql_password }}" login_host: "{{ gnocchi_galera_address }}" - name: "{{ gnocchi_galera_database }}" - state: "present" + db_name: "{{ gnocchi_galera_database }}" when: inventory_hostname == groups['gnocchi_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - tags: - - mysql-db-setup - - name: Grant access to the DB for the service - mysql_user: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ gnocchi_galera_address }}" - name: "{{ gnocchi_galera_user }}" - password: "{{ gnocchi_galera_password }}" - host: "{{ item }}" - state: "present" - priv: "{{ gnocchi_galera_database }}.*:ALL" - when: inventory_hostname == groups['gnocchi_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - with_items: - - "localhost" - - "%" - tags: - - mysql-db-setup roles: - role: "os_gnocchi" gnocchi_venv_tag: "{{ openstack_release }}" diff --git a/playbooks/os-heat-install.yml b/playbooks/os-heat-install.yml index a95c7eab4b..8d872c2d31 100644 --- a/playbooks/os-heat-install.yml +++ b/playbooks/os-heat-install.yml @@ -19,118 +19,30 @@ max_fail_percentage: 20 user: root pre_tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=lxc-openstack" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - register: container_config - tags: - - lxc-aa-profile - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: container_config is defined and container_config | changed - register: ssh_wait_check - until: ssh_wait_check | success - retries: 3 - tags: - - ssh-wait - - name: Sort the rabbitmq servers - dist_sort: - value_to_lookup: "{{ container_name }}" - ref_list: "{{ groups['heat_all'] }}" - src_list: "{{ rabbitmq_servers }}" - register: servers - tags: - - always - - name: Set rabbitmq servers - set_fact: - rabbitmq_servers: "{{ servers.sorted_list }}" - tags: - - always - - name: Create log dir - file: - path: "{{ item.path }}" - state: directory - with_items: - - { path: "/openstack/log/{{ inventory_hostname }}-heat" } - when: is_metal | bool - tags: - - heat-logs - - heat-log-dirs - - name: Create log aggregation links - file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - state: "{{ item.state }}" - force: "yes" - with_items: - - { src: "/openstack/log/{{ inventory_hostname }}-heat", dest: "/var/log/heat", state: "link" } - when: is_metal | bool - tags: - - heat-logs - - name: Ensure Rabbitmq vhost - rabbitmq_vhost: - name: "{{ heat_rabbitmq_vhost }}" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" - when: - - inventory_hostname == groups['heat_all'][0] - - groups['rabbitmq_all']|length > 0 - tags: - - heat-rabbitmq - - heat-rabbitmq-vhost - - name: Ensure rabbitmq user - rabbitmq_user: + - include: common-tasks/rabbitmq-servers-sort.yml + vars: + sort_group_name: "heat_all" + - include: common-tasks/os-lxc-container-setup.yml + - include: common-tasks/rabbitmq-vhost-user.yml + vars: user: "{{ heat_rabbitmq_userid }}" password: "{{ heat_rabbitmq_password }}" vhost: "{{ heat_rabbitmq_vhost }}" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" when: - inventory_hostname == groups['heat_all'][0] - - groups['rabbitmq_all']|length > 0 - tags: - - heat-rabbitmq - - heat-rabbitmq-user - - name: Create DB for service - mysql_db: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ heat_galera_address }}" - name: "{{ heat_galera_database }}" - state: "present" - when: inventory_hostname == groups['heat_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - tags: - - mysql-db-setup - - name: Grant access to the DB for the service - mysql_user: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ heat_galera_address }}" - name: "{{ heat_galera_user }}" + - groups['rabbitmq_all'] | length > 0 + - include: common-tasks/os-log-dir-setup.yml + vars: + log_dirs: + - src: "/openstack/log/{{ inventory_hostname }}-heat" + dest: "/var/log/heat" + - include: common-tasks/mysql-db-user.yml + vars: + user_name: "{{ heat_galera_user }}" password: "{{ heat_container_mysql_password }}" - host: "{{ item }}" - state: "present" - priv: "{{ heat_galera_database }}.*:ALL" + login_host: "{{ heat_galera_address }}" + db_name: "{{ heat_galera_database }}" when: inventory_hostname == groups['heat_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - with_items: - - "localhost" - - "%" - tags: - - mysql-db-setup roles: - role: "os_heat" heat_venv_tag: "{{ openstack_release }}" diff --git a/playbooks/os-horizon-install.yml b/playbooks/os-horizon-install.yml index ad3ed345af..cc4fddf246 100644 --- a/playbooks/os-horizon-install.yml +++ b/playbooks/os-horizon-install.yml @@ -19,91 +19,22 @@ max_fail_percentage: 20 user: root pre_tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=lxc-openstack" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - register: container_config - tags: - - lxc-aa-profile - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: container_config is defined and container_config | changed - register: ssh_wait_check - until: ssh_wait_check | success - retries: 3 - tags: - - ssh-wait - - name: Sort the rabbitmq servers - dist_sort: - value_to_lookup: "{{ container_name }}" - ref_list: "{{ groups['horizon_all'] }}" - src_list: "{{ rabbitmq_servers }}" - register: servers - tags: - - always - - name: Set rabbitmq servers - set_fact: - rabbitmq_servers: "{{ servers.sorted_list }}" - tags: - - always - - name: Create log dir - file: - path: "{{ item.path }}" - state: directory - with_items: - - { path: "/openstack/log/{{ inventory_hostname }}-horizon" } - when: is_metal | bool - tags: - - horizon-logs - - horizon-log-dirs - - name: Create log aggregation links - file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - state: "{{ item.state }}" - force: "yes" - with_items: - - { src: "/openstack/log/{{ inventory_hostname }}-horizon", dest: "/var/log/horizon", state: "link" } - when: is_metal | bool - tags: - - horizon-logs - - name: Create DB for service - mysql_db: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ horizon_galera_address }}" - name: "{{ horizon_galera_database }}" - state: "present" - when: inventory_hostname == groups['horizon_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - tags: - - mysql-db-setup - - name: Grant access to the DB for the service - mysql_user: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ horizon_galera_address }}" - name: "{{ horizon_galera_user }}" + - include: common-tasks/rabbitmq-servers-sort.yml + vars: + sort_group_name: "horizon_all" + - include: common-tasks/os-lxc-container-setup.yml + - include: common-tasks/os-log-dir-setup.yml + vars: + log_dirs: + - src: "/openstack/log/{{ inventory_hostname }}-horizon" + dest: "/var/log/horizon" + - include: common-tasks/mysql-db-user.yml + vars: + user_name: "{{ horizon_galera_user }}" password: "{{ horizon_container_mysql_password }}" - host: "{{ item }}" - state: "present" - priv: "{{ horizon_galera_database }}.*:ALL" + login_host: "{{ horizon_galera_address }}" + db_name: "{{ horizon_galera_database }}" when: inventory_hostname == groups['horizon_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - with_items: - - "localhost" - - "%" - tags: - - mysql-db-setup roles: - role: "os_horizon" horizon_server_name: "{{ container_name }}" diff --git a/playbooks/os-ironic-install.yml b/playbooks/os-ironic-install.yml index 0447a7412a..38c130648f 100644 --- a/playbooks/os-ironic-install.yml +++ b/playbooks/os-ironic-install.yml @@ -18,95 +18,25 @@ gather_facts: "{{ gather_facts | default(True) }}" user: root pre_tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=lxc-openstack" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - register: container_config - tags: - - lxc-aa-profile - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: container_config is defined and container_config | changed - register: ssh_wait_check - until: ssh_wait_check | success - retries: 3 - tags: - - ssh-wait - - name: Ensure Rabbitmq vhost for Ironic - rabbitmq_vhost: - name: "{{ ironic_rabbitmq_vhost }}" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" - run_once: true - tags: - - ironic-rabbitmq - - ironic-rabbitmq-vhost - - name: Ensure rabbitmq user for Ironic - rabbitmq_user: + - include: common-tasks/rabbitmq-servers-sort.yml + vars: + sort_group_name: "ironic_all" + - include: common-tasks/os-lxc-container-setup.yml + - include: common-tasks/rabbitmq-vhost-user.yml + vars: user: "{{ ironic_rabbitmq_userid }}" password: "{{ ironic_rabbitmq_password }}" vhost: "{{ ironic_rabbitmq_vhost }}" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" - run_once: true - tags: - - ironic-rabbitmq - - ironic-rabbitmq-user - - name: Create DB for Ironic - mysql_db: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ ironic_galera_address }}" - name: "{{ ironic_galera_database }}" - state: "present" - when: inventory_hostname == groups['ironic_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - run_once: true - tags: - - mysql-db-setup - - name: Grant access to the DB for Ironic - mysql_user: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" + when: + - inventory_hostname == groups['ironic_all'][0] + - groups['rabbitmq_all'] | length > 0 + - include: common-tasks/mysql-db-user.yml + vars: + user_name: "{{ ironic_galera_user }}" + password: "{{ ironic_container_mysql_password }}" login_host: "{{ ironic_galera_address }}" - name: "{{ ironic_galera_user }}" - password: "{{ ironic_galera_password }}" - host: "{{ item }}" - state: "present" - priv: "{{ ironic_galera_database }}.*:ALL" + db_name: "{{ ironic_galera_database }}" when: inventory_hostname == groups['ironic_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - with_items: - - "localhost" - - "%" - run_once: true - tags: - - mysql-db-setup - - name: Sort the rabbitmq servers - dist_sort: - value_to_lookup: "{{ container_name }}" - ref_list: "{{ groups['ironic_all'] }}" - src_list: "{{ rabbitmq_servers }}" - register: servers - tags: - - always - - name: Set rabbitmq servers - set_fact: - rabbitmq_servers: "{{ servers.sorted_list }}" - tags: - - always roles: - role: "os_ironic" ironic_venv_tag: "{{ openstack_release }}" diff --git a/playbooks/os-keystone-install.yml b/playbooks/os-keystone-install.yml index 48f8ba1188..378a208e8d 100644 --- a/playbooks/os-keystone-install.yml +++ b/playbooks/os-keystone-install.yml @@ -19,63 +19,31 @@ max_fail_percentage: 20 user: root pre_tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=lxc-openstack" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - register: container_config - tags: - - lxc-aa-profile - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: container_config is defined and container_config | changed - register: ssh_wait_check - until: ssh_wait_check | success - retries: 3 - tags: - - ssh-wait - - name: Sort the rabbitmq servers - dist_sort: - value_to_lookup: "{{ container_name }}" - ref_list: "{{ groups['keystone_all'] }}" - src_list: "{{ rabbitmq_servers }}" - register: servers - tags: - - always - - name: Set rabbitmq servers - set_fact: - rabbitmq_servers: "{{ servers.sorted_list }}" - tags: - - always - - name: Create log dir - file: - path: "{{ item.path }}" - state: directory - with_items: - - { path: "/openstack/log/{{ inventory_hostname }}-keystone" } - when: is_metal | bool - tags: - - keystone-logs - - keystone-log-dirs - - name: Create log aggregation links - file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - state: "{{ item.state }}" - force: "yes" - with_items: - - { src: "/openstack/log/{{ inventory_hostname }}-keystone", dest: "/var/log/keystone", state: "link" } - when: is_metal | bool - tags: - - keystone-logs + - include: common-tasks/rabbitmq-servers-sort.yml + vars: + sort_group_name: "keystone_all" + - include: common-tasks/os-lxc-container-setup.yml + - include: common-tasks/rabbitmq-vhost-user.yml + vars: + user: "{{ keystone_rabbitmq_userid }}" + password: "{{ keystone_rabbitmq_password }}" + vhost: "{{ keystone_rabbitmq_vhost }}" + when: + - inventory_hostname == groups['keystone_all'][0] + - groups['rabbitmq_all'] | length > 0 + - include: common-tasks/os-log-dir-setup.yml + vars: + log_dirs: + - src: "/openstack/log/{{ inventory_hostname }}-keystone" + dest: "/var/log/keystone" + - include: common-tasks/mysql-db-user.yml + vars: + user_name: "{{ keystone_galera_user }}" + password: "{{ keystone_container_mysql_password }}" + login_host: "{{ keystone_galera_address }}" + db_name: "{{ keystone_galera_database }}" + when: inventory_hostname == groups['keystone_all'][0] + # todo(cloudnull): this task is being run only if/when keystone is installed on a physical host. # This is not being run within a container because it is an unsupported action due to this # issue: (https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1279041) @@ -93,61 +61,6 @@ when: is_metal | bool tags: - keystone-reserved-port - - name: Ensure Rabbitmq vhost - rabbitmq_vhost: - name: "{{ keystone_rabbitmq_vhost }}" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" - when: - - inventory_hostname == groups['keystone_all'][0] - - groups['rabbitmq_all']|length > 0 - tags: - - keystone-rabbitmq - - keystone-rabbitmq-vhost - - name: Ensure rabbitmq user - rabbitmq_user: - user: "{{ keystone_rabbitmq_userid }}" - password: "{{ keystone_rabbitmq_password }}" - vhost: "{{ keystone_rabbitmq_vhost }}" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" - when: - - inventory_hostname == groups['keystone_all'][0] - - groups['rabbitmq_all']|length > 0 - tags: - - keystone-rabbitmq - - keystone-rabbitmq-user - - name: Keystone create DB for service - mysql_db: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ keystone_galera_address }}" - name: "{{ keystone_galera_database }}" - state: "present" - when: inventory_hostname == groups['keystone_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - tags: - - mysql-db-setup - - name: Keystone grant access to the DB for the service - mysql_user: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ keystone_galera_address }}" - name: "{{ keystone_galera_user }}" - password: "{{ keystone_container_mysql_password }}" - host: "{{ item }}" - state: "present" - priv: "{{ keystone_galera_database }}.*:ALL" - with_items: - - "localhost" - - "%" - when: inventory_hostname == groups['keystone_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - tags: - - mysql-db-setup roles: - role: "os_keystone" keystone_venv_tag: "{{ openstack_release }}" diff --git a/playbooks/os-neutron-install.yml b/playbooks/os-neutron-install.yml index acb6cff675..5a862b8c33 100644 --- a/playbooks/os-neutron-install.yml +++ b/playbooks/os-neutron-install.yml @@ -19,137 +19,41 @@ max_fail_percentage: 20 user: root pre_tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=unconfined" - delegate_to: "{{ physical_host }}" - when: > - not is_metal | bool and - inventory_hostname in groups['neutron_agent'] - register: container_config - tags: - - lxc-aa-profile - - name: Neutron extra lxc config - lxc_container: - name: "{{ container_name }}" - container_command: | - [[ ! -d "/lib/modules" ]] && mkdir -p "/lib/modules" - container_config: + - include: common-tasks/rabbitmq-servers-sort.yml + vars: + sort_group_name: "neutron_all" + - include: common-tasks/os-lxc-container-setup.yml + vars: + aa_profile: "unconfined" + list_of_bind_mounts: + - bind_dir_path: "/lib/modules" + mount_path: "/lib/modules" + extra_container_config: - "lxc.cgroup.devices.allow=a *:* rmw" - - "lxc.mount.entry=/lib/modules lib/modules none bind 0 0" - delegate_to: "{{ physical_host }}" - when: > - not is_metal | bool and - inventory_hostname in groups['neutron_agent'] - register: container_extra_config - tags: - - neutron-container-setup - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: > - (container_config is defined and container_config | changed) or - (container_extra_config is defined and container_extra_config | changed) - register: ssh_wait_check - until: ssh_wait_check | success - retries: 3 - tags: - - ssh-wait - - name: Sort the rabbitmq servers - dist_sort: - value_to_lookup: "{{ container_name }}" - ref_list: "{{ groups['neutron_all'] }}" - src_list: "{{ neutron_rabbitmq_servers }}" - register: servers - tags: - - always - - name: Set rabbitmq servers - set_fact: - rabbitmq_servers: "{{ servers.sorted_list }}" - tags: - - always - - name: Create log dir - file: - path: "{{ item.path }}" - state: directory - with_items: - - { path: "/openstack/log/{{ inventory_hostname }}-neutron" } - when: is_metal | bool - tags: - - neutron-logs - - neutron-log-dirs - - name: Create log aggregation links - file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - state: "{{ item.state }}" - force: "yes" - with_items: - - { src: "/openstack/log/{{ inventory_hostname }}-neutron", dest: "/var/log/neutron", state: "link" } - when: is_metal | bool - tags: - - neutron-logs - - name: Ensure Rabbitmq vhost - rabbitmq_vhost: - name: "{{ neutron_rabbitmq_vhost }}" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" - when: - - inventory_hostname == groups['neutron_all'][0] - - groups['rabbitmq_all']|length > 0 - tags: - - neutron-rabbitmq - - neutron-rabbitmq-vhost - - name: Ensure rabbitmq user - rabbitmq_user: + when: inventory_hostname in groups['neutron_agent'] + - include: common-tasks/os-lxc-container-setup.yml + when: inventory_hostname not in groups['neutron_agent'] + - include: common-tasks/rabbitmq-vhost-user.yml + vars: user: "{{ neutron_rabbitmq_userid }}" password: "{{ neutron_rabbitmq_password }}" vhost: "{{ neutron_rabbitmq_vhost }}" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" when: - inventory_hostname == groups['neutron_all'][0] - - groups['rabbitmq_all']|length > 0 - tags: - - neutron-rabbitmq - - neutron-rabbitmq-user - - name: Create DB for service - mysql_db: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ neutron_galera_address }}" - name: "{{ neutron_galera_database }}" - state: "present" - when: inventory_hostname == groups['neutron_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - tags: - - mysql-db-setup - - name: Grant access to the DB for the service - mysql_user: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ neutron_galera_address }}" - name: "{{ neutron_galera_user }}" + - groups['rabbitmq_all'] | length > 0 + - include: common-tasks/os-log-dir-setup.yml + vars: + log_dirs: + - src: "/openstack/log/{{ inventory_hostname }}-neutron" + dest: "/var/log/neutron" + - include: common-tasks/mysql-db-user.yml + vars: + user_name: "{{ neutron_galera_user }}" password: "{{ neutron_container_mysql_password }}" - host: "{{ item }}" - state: "present" - priv: "{{ neutron_galera_database }}.*:ALL" + login_host: "{{ neutron_galera_address }}" + db_name: "{{ neutron_galera_database }}" when: inventory_hostname == groups['neutron_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - with_items: - - "localhost" - - "%" - tags: - - mysql-db-setup + - name: Create the neutron provider networks facts provider_networks: provider_networks: "{{ provider_networks }}" diff --git a/playbooks/os-nova-install.yml b/playbooks/os-nova-install.yml index 1328aecd4c..ae76644298 100644 --- a/playbooks/os-nova-install.yml +++ b/playbooks/os-nova-install.yml @@ -19,42 +19,38 @@ max_fail_percentage: 20 user: root pre_tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=lxc-openstack" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - register: container_config - tags: - - lxc-aa-profile - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: container_config is defined and container_config | changed - register: ssh_wait_check - until: ssh_wait_check | success - retries: 3 - tags: - - ssh-wait - - name: Sort the rabbitmq servers - dist_sort: - value_to_lookup: "{{ container_name }}" - ref_list: "{{ groups['nova_all'] }}" - src_list: "{{ rabbitmq_servers }}" - register: servers - tags: - - always - - name: Set rabbitmq servers - set_fact: - rabbitmq_servers: "{{ servers.sorted_list }}" - tags: - - always + - include: common-tasks/rabbitmq-servers-sort.yml + vars: + sort_group_name: "nova_all" + - include: common-tasks/os-lxc-container-setup.yml + - include: common-tasks/rabbitmq-vhost-user.yml + vars: + user: "{{ nova_rabbitmq_userid }}" + password: "{{ nova_rabbitmq_password }}" + vhost: "{{ nova_rabbitmq_vhost }}" + when: + - inventory_hostname == groups['nova_all'][0] + - groups['rabbitmq_all'] | length > 0 + - include: common-tasks/os-log-dir-setup.yml + vars: + log_dirs: + - src: "/openstack/log/{{ inventory_hostname }}-nova" + dest: "/var/log/nova" + - include: common-tasks/mysql-db-user.yml + vars: + user_name: "{{ nova_galera_user }}" + password: "{{ nova_container_mysql_password }}" + login_host: "{{ nova_galera_address }}" + db_name: "{{ nova_galera_database }}" + when: inventory_hostname == groups['nova_all'][0] + - include: common-tasks/mysql-db-user.yml + vars: + user_name: "{{ nova_api_galera_user }}" + password: "{{ nova_api_container_mysql_password }}" + login_host: "{{ nova_api_galera_address }}" + db_name: "{{ nova_api_galera_database }}" + when: inventory_hostname == groups['nova_all'][0] + - name: Add nbd devices to the compute shell: | for i in /dev/nbd*;do @@ -107,110 +103,6 @@ tags: - nova-kvm - nova-kvm-container-devices - - name: Create log dir - file: - path: "{{ item.path }}" - state: directory - with_items: - - { path: "/openstack/log/{{ inventory_hostname }}-nova" } - when: is_metal | bool - tags: - - nova-logs - - nova-log-dirs - - name: Create log aggregation links - file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - state: "{{ item.state }}" - force: "yes" - with_items: - - { src: "/openstack/log/{{ inventory_hostname }}-nova", dest: "/var/log/nova", state: "link" } - when: is_metal | bool - tags: - - nova-logs - - name: Ensure Rabbitmq vhost - rabbitmq_vhost: - name: "{{ nova_rabbitmq_vhost }}" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" - when: - - inventory_hostname == groups['nova_all'][0] - - groups['rabbitmq_all']|length > 0 - tags: - - nova-rabbitmq - - nova-rabbitmq-vhost - - name: Ensure rabbitmq user - rabbitmq_user: - user: "{{ nova_rabbitmq_userid }}" - password: "{{ nova_rabbitmq_password }}" - vhost: "{{ nova_rabbitmq_vhost }}" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" - when: - - inventory_hostname == groups['nova_all'][0] - - groups['rabbitmq_all']|length > 0 - tags: - - nova-rabbitmq - - nova-rabbitmq-user - - name: Create DB for service - mysql_db: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ nova_galera_address }}" - name: "{{ nova_galera_database }}" - state: "present" - when: inventory_hostname == groups['nova_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - tags: - - mysql-db-setup - - name: Grant access to the DB for the service - mysql_user: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ nova_galera_address }}" - name: "{{ nova_galera_user }}" - password: "{{ nova_container_mysql_password }}" - host: "{{ item }}" - state: "present" - priv: "{{ nova_galera_database }}.*:ALL" - when: inventory_hostname == groups['nova_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - with_items: - - "localhost" - - "%" - tags: - - mysql-db-setup - - name: Create API DB for service - mysql_db: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ nova_api_galera_address }}" - name: "{{ nova_api_galera_database }}" - state: "present" - when: inventory_hostname == groups['nova_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - tags: - - mysql-db-setup - - name: Grant access to the API DB for the service - mysql_user: - login_user: "{{ galera_root_user }}" - login_password: "{{ galera_root_password }}" - login_host: "{{ nova_api_galera_address }}" - name: "{{ nova_api_galera_user }}" - password: "{{ nova_api_container_mysql_password }}" - host: "{{ item }}" - state: "present" - priv: "{{ nova_api_galera_database }}.*:ALL" - when: inventory_hostname == groups['nova_all'][0] - delegate_to: "{{ groups['galera_all'][0] }}" - with_items: - - "localhost" - - "%" - tags: - - mysql-db-setup - name: Set nova management bridge (is_metal) set_fact: management_bridge: "{{ 'ansible_' + hostvars[inventory_hostname]['management_bridge'] | replace('-', '_') }}" diff --git a/playbooks/os-swift-install.yml b/playbooks/os-swift-install.yml index 9b49033788..09c1584159 100644 --- a/playbooks/os-swift-install.yml +++ b/playbooks/os-swift-install.yml @@ -19,64 +19,15 @@ max_fail_percentage: 20 user: root pre_tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=lxc-openstack" - delegate_to: "{{ physical_host }}" - when: - - inventory_hostname in groups['swift_all'] - - not is_metal | bool - register: container_config - tags: - - lxc-aa-profile - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: - - inventory_hostname in groups['swift_all'] - - container_config is defined and container_config | changed - register: ssh_wait_check - until: ssh_wait_check | success - retries: 3 - tags: - - ssh-wait - - name: Create log dir - file: - path: "{{ item.path }}" - state: directory - with_items: - - { path: "/openstack/log/{{ inventory_hostname }}-swift" } - when: - - inventory_hostname in groups['swift_all'] - - is_metal | bool - tags: - - swift-logs - - swift-log-dirs - - name: Create log aggregation links - file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - state: "{{ item.state }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" - force: "yes" - with_items: - - src: "/openstack/log/{{ inventory_hostname }}-swift" - dest: "/var/log/swift" - owner: "syslog" - group: "syslog" - state: "link" - when: - - inventory_hostname in groups['swift_all'] - - is_metal | bool - tags: - - swift-logs + - include: common-tasks/os-lxc-container-setup.yml + - include: common-tasks/os-log-dir-setup.yml + vars: + log_dirs: + - src: "/openstack/log/{{ inventory_hostname }}-swift" + dest: "/var/log/swift" + owner: "syslog" + group: "syslog" + - name: Set swift storage bridge (is_metal) set_fact: storage_bridge: "{{ 'ansible_' + swift.storage_network | replace('-', '_') }}" diff --git a/playbooks/rabbitmq-install.yml b/playbooks/rabbitmq-install.yml index 6b9dd52a35..90e4c2e8d6 100644 --- a/playbooks/rabbitmq-install.yml +++ b/playbooks/rabbitmq-install.yml @@ -19,29 +19,7 @@ max_fail_percentage: 0 user: root pre_tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=lxc-openstack" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - register: container_config - tags: - - lxc-aa-profile - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: container_config is defined and container_config | changed - register: ssh_wait_check - until: ssh_wait_check | success - retries: 3 - tags: - - ssh-wait + - include: common-tasks/os-lxc-container-setup.yml roles: - role: "pip_install" pip_lock_to_internal_repo: "{{ (pip_links | length) >= 1 }}" diff --git a/playbooks/repo-server.yml b/playbooks/repo-server.yml index a7d8ba67c3..6d45587c0c 100644 --- a/playbooks/repo-server.yml +++ b/playbooks/repo-server.yml @@ -19,43 +19,11 @@ max_fail_percentage: 20 user: root pre_tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=lxc-openstack" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - register: container_config - tags: - - lxc-aa-profile - - name: Package repo extra lxc config - lxc_container: - name: "{{ container_name }}" - container_command: | - [[ ! -d "/var/www" ]] && mkdir -p "/var/www" - container_config: - - "lxc.mount.entry=/openstack/{{ container_name }} var/www none bind 0 0" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - register: container_extra_config - tags: - - repo-dirs - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: > - (container_config is defined and container_config | changed) or - (container_extra_config is defined and container_extra_config | changed) - register: ssh_wait_check - until: ssh_wait_check | success - retries: 3 - tags: - - ssh-wait + - include: common-tasks/os-lxc-container-setup.yml + vars: + list_of_bind_mounts: + - bind_dir_path: "/var/www" + mount_path: "/openstack/{{ inventory_hostname }}" roles: - { role: "repo_server", tags: [ "repo-server" ] } - role: "rsyslog_client" diff --git a/playbooks/rsyslog-install.yml b/playbooks/rsyslog-install.yml index 1d85c2fa55..f095782c2f 100644 --- a/playbooks/rsyslog-install.yml +++ b/playbooks/rsyslog-install.yml @@ -19,52 +19,11 @@ max_fail_percentage: 20 user: root pre_tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=lxc-openstack" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - register: container_config - tags: - - lxc-aa-profile - - name: Ensure log storage directory exists - file: - path: "/openstack/{{ container_name }}/log-storage" - state: "directory" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - tags: - - rsyslog-storage-dirs - - name: Rsyslog server extra lxc config - lxc_container: - name: "{{ container_name }}" - container_command: | - [[ ! -d "{{ storage_directory }}" ]] && mkdir -p "{{ storage_directory }}" - container_config: - - "lxc.mount.entry=/openstack/{{ container_name }}/log-storage {{ storage_directory.lstrip('/') }} none bind 0 0" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - register: container_extra_config - tags: - - rsyslog-storage-dirs - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: > - (container_config is defined and container_config | changed) or - (container_extra_config is defined and container_extra_config | changed) - register: ssh_wait_check - until: ssh_wait_check | success - retries: 3 - tags: - - ssh-wait - + - include: common-tasks/os-lxc-container-setup.yml + vars: + list_of_bind_mounts: + - bind_dir_path: "{{ storage_directory }}" + mount_path: "/openstack/{{ inventory_hostname }}/log-storage" roles: - { role: "rsyslog_server", tags: [ "rsyslog-server" ] } - role: "system_crontab_coordination" diff --git a/playbooks/utility-install.yml b/playbooks/utility-install.yml index e46d279a0f..d9f4df6ac3 100644 --- a/playbooks/utility-install.yml +++ b/playbooks/utility-install.yml @@ -18,51 +18,14 @@ max_fail_percentage: 20 user: root pre_tasks: - - name: Use the lxc-openstack aa profile - lxc_container: - name: "{{ container_name }}" - container_config: - - "lxc.aa_profile=lxc-openstack" - delegate_to: "{{ physical_host }}" - when: not is_metal | bool - register: container_config - tags: - - lxc-aa-profile - - name: Wait for container ssh - wait_for: - port: "22" - delay: "{{ ssh_delay }}" - search_regex: "OpenSSH" - host: "{{ ansible_ssh_host }}" - delegate_to: "{{ physical_host }}" - when: container_config is defined and container_config | changed - register: ssh_wait_check - until: ssh_wait_check | success - retries: 3 - tags: - - ssh-wait - - name: Create log dir - file: - path: "{{ item.path }}" - state: directory - with_items: - - { path: "/openstack/log/{{ inventory_hostname }}-utility" } - when: is_metal | bool - tags: - - utility-logs - - utility-log-dirs - - name: Create log aggregation links - file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - state: "{{ item.state }}" - force: "yes" - with_items: - - { src: "/openstack/log/{{ inventory_hostname }}-utility", dest: "/var/log/utility", state: "link" } - when: is_metal | bool - tags: - - utility-logs - - name: Create log directory + - include: common-tasks/os-lxc-container-setup.yml + - include: common-tasks/os-log-dir-setup.yml + vars: + log_dirs: + - src: "/openstack/log/{{ inventory_hostname }}-utility" + dest: "/var/log/utility" + + - name: Create log directory (not is_metal) file: dest: "/var/log/utility" state: "directory"