From f89d87c4b5f2aaf08dd783d0402766a2663a026d Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Wed, 5 May 2021 19:55:48 +0300 Subject: [PATCH] Gather additional required facts to min With minimal facts gathering we will experience failures while trying to evaluate amount of threads for apis or mounts for hardening. So to avoid gathering full hardware subset, we add common-task which will gather only specific subset that can be additionally filtered. Gathering processor or mounts subsent simply does not work with ansible and result in full hardware subset as well. Change-Id: Ia5802b4ec0b18271b8c5fbcc5574b484c5233a01 --- inventory/group_vars/all/all.yml | 3 ++ playbooks/ceph-install.yml | 42 +++++++++++++++++++ .../common-tasks/gather-hardware-facts.yml | 19 +++++++++ playbooks/os-adjutant-install.yml | 5 +++ playbooks/os-aodh-install.yml | 5 +++ playbooks/os-barbican-install.yml | 5 +++ playbooks/os-blazar-install.yml | 5 +++ playbooks/os-ceilometer-install.yml | 5 +++ playbooks/os-cloudkitty-install.yml | 5 +++ playbooks/os-designate-install.yml | 5 +++ playbooks/os-glance-install.yml | 5 +++ playbooks/os-gnocchi-install.yml | 5 +++ playbooks/os-heat-install.yml | 5 +++ playbooks/os-horizon-install.yml | 5 +++ playbooks/os-ironic-install.yml | 5 +++ playbooks/os-keystone-install.yml | 4 ++ playbooks/os-magnum-install.yml | 5 +++ playbooks/os-manila-install.yml | 5 +++ playbooks/os-masakari-install.yml | 13 ++++++ playbooks/os-mistral-install.yml | 5 +++ playbooks/os-murano-install.yml | 5 +++ playbooks/os-octavia-install.yml | 5 +++ playbooks/os-panko-install.yml | 5 +++ playbooks/os-placement-install.yml | 5 +++ playbooks/os-sahara-install.yml | 5 +++ playbooks/os-senlin-install.yml | 5 +++ playbooks/os-swift-install.yml | 5 +++ playbooks/os-tacker-install.yml | 5 +++ playbooks/os-tempest-install.yml | 5 +++ playbooks/os-trove-install.yml | 5 +++ playbooks/os-zun-install.yml | 5 +++ playbooks/security-hardening.yml | 8 ++++ 32 files changed, 219 insertions(+) create mode 100644 playbooks/common-tasks/gather-hardware-facts.yml diff --git a/inventory/group_vars/all/all.yml b/inventory/group_vars/all/all.yml index b2c1d8132a..2be35cc1ea 100644 --- a/inventory/group_vars/all/all.yml +++ b/inventory/group_vars/all/all.yml @@ -145,3 +145,6 @@ _global_pins_file_path: "{{ openstack_clone_root }}/global-requirement-pins.txt" venv_build_global_constraints: >- {{ lookup('file', _global_pins_file_path).splitlines() | reject('match','^#.*$') | reject('equalto', '') | list }} + +deployment_extra_facts_subset: hardware +deployment_extra_facts_filter: ansible_processor_* diff --git a/playbooks/ceph-install.yml b/playbooks/ceph-install.yml index b3f3196227..cf2a126c7d 100644 --- a/playbooks/ceph-install.yml +++ b/playbooks/ceph-install.yml @@ -27,6 +27,32 @@ - "defaults/{{ install_method }}_install.yml" pre_tasks: + - name: Gather additional facts for monitor_address_block + include_tasks: "common-tasks/gather-hardware-facts.yml" + vars: + deployment_extra_facts_filter: "ansible_all_ipv[4,6]_addresses" + deployment_extra_facts_subset: "!all,network" + when: monitor_address_block is defined + tags: + - always + + - name: Gather additional facts for monitor_interface + include_tasks: "common-tasks/gather-hardware-facts.yml" + vars: + deployment_extra_facts_filter: "{{ 'ansible_' ~ monitor_interface | replace('-','_') }}" + deployment_extra_facts_subset: "!all,network" + when: monitor_interface is defined + tags: + - always + + - name: Gather memory facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + vars: + deployment_extra_facts_filter: "ansible_memtotal*" + deployment_extra_facts_subset: "!all,hardware" + tags: + - always + - import_tasks: common-tasks/ceph-server.yml - name: Create systemd service directory @@ -102,6 +128,14 @@ - "defaults/{{ install_method }}_install.yml" pre_tasks: + - name: Gather memory facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + vars: + deployment_extra_facts_filter: "ansible_memtotal*" + deployment_extra_facts_subset: "!all,hardware" + tags: + - always + - import_tasks: common-tasks/ceph-server.yml roles: @@ -151,6 +185,14 @@ user: root vars_files: - "defaults/{{ install_method }}_install.yml" + pre_tasks: + - name: Gather memory facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + vars: + deployment_extra_facts_filter: "ansible_memtotal*" + deployment_extra_facts_subset: "!all,hardware" + tags: + - always roles: - role: ceph-defaults tags: diff --git a/playbooks/common-tasks/gather-hardware-facts.yml b/playbooks/common-tasks/gather-hardware-facts.yml new file mode 100644 index 0000000000..dd0b38d5aa --- /dev/null +++ b/playbooks/common-tasks/gather-hardware-facts.yml @@ -0,0 +1,19 @@ +--- +# Copyright 2021, City Network International AB +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Gather additional facts + setup: + gather_subset: "{{ deployment_extra_facts_subset }}" + filter: "{{ deployment_extra_facts_filter }}" diff --git a/playbooks/os-adjutant-install.yml b/playbooks/os-adjutant-install.yml index 11044b0016..4aca721fb0 100644 --- a/playbooks/os-adjutant-install.yml +++ b/playbooks/os-adjutant-install.yml @@ -31,6 +31,11 @@ tags: - adjutant pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + # In order to ensure that any container, software or # config file changes which causes a container/service # restart do not cause an unexpected outage, we drain diff --git a/playbooks/os-aodh-install.yml b/playbooks/os-aodh-install.yml index 4730c0d516..bbb70afed5 100644 --- a/playbooks/os-aodh-install.yml +++ b/playbooks/os-aodh-install.yml @@ -30,6 +30,11 @@ tags: - aodh pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal diff --git a/playbooks/os-barbican-install.yml b/playbooks/os-barbican-install.yml index 6f8bda1d7e..14156c2ed3 100644 --- a/playbooks/os-barbican-install.yml +++ b/playbooks/os-barbican-install.yml @@ -30,6 +30,11 @@ tags: - barbican pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal diff --git a/playbooks/os-blazar-install.yml b/playbooks/os-blazar-install.yml index 31cbb504e9..e9da391925 100644 --- a/playbooks/os-blazar-install.yml +++ b/playbooks/os-blazar-install.yml @@ -30,6 +30,11 @@ tags: - blazar pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal diff --git a/playbooks/os-ceilometer-install.yml b/playbooks/os-ceilometer-install.yml index f821da480d..9743793d2d 100644 --- a/playbooks/os-ceilometer-install.yml +++ b/playbooks/os-ceilometer-install.yml @@ -27,6 +27,11 @@ - "defaults/repo_packages/openstack_services.yml" - "defaults/{{ install_method }}_install.yml" pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal diff --git a/playbooks/os-cloudkitty-install.yml b/playbooks/os-cloudkitty-install.yml index 8b4878fcb2..21e6951901 100644 --- a/playbooks/os-cloudkitty-install.yml +++ b/playbooks/os-cloudkitty-install.yml @@ -32,6 +32,11 @@ tags: - cloudkitty pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + # In order to ensure that any container, software or # config file changes which causes a container/service # restart do not cause an unexpected outage, we drain diff --git a/playbooks/os-designate-install.yml b/playbooks/os-designate-install.yml index 19f7ecb124..727182ffc4 100644 --- a/playbooks/os-designate-install.yml +++ b/playbooks/os-designate-install.yml @@ -33,6 +33,11 @@ tags: - designate pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal diff --git a/playbooks/os-glance-install.yml b/playbooks/os-glance-install.yml index 47b7b6af0b..1ec0bc221f 100644 --- a/playbooks/os-glance-install.yml +++ b/playbooks/os-glance-install.yml @@ -31,6 +31,11 @@ tags: - glance pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + # In order to ensure that any container, software or # config file changes which causes a container/service # restart do not cause an unexpected outage, we drain diff --git a/playbooks/os-gnocchi-install.yml b/playbooks/os-gnocchi-install.yml index 2e8c9fe937..fde0f9e674 100644 --- a/playbooks/os-gnocchi-install.yml +++ b/playbooks/os-gnocchi-install.yml @@ -31,6 +31,11 @@ tags: - gnocchi pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" vars: list_of_bind_mounts: "{{ gnocchi_container_bind_mounts }}" diff --git a/playbooks/os-heat-install.yml b/playbooks/os-heat-install.yml index 5f3de6db5a..ecf40ab399 100644 --- a/playbooks/os-heat-install.yml +++ b/playbooks/os-heat-install.yml @@ -30,6 +30,11 @@ - defaults/repo_packages/openstack_services.yml - "defaults/{{ install_method }}_install.yml" pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal diff --git a/playbooks/os-horizon-install.yml b/playbooks/os-horizon-install.yml index a1bdd7e2b2..3396819752 100644 --- a/playbooks/os-horizon-install.yml +++ b/playbooks/os-horizon-install.yml @@ -30,6 +30,11 @@ tags: - horizon pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal - include_tasks: common-tasks/unbound-clients.yml diff --git a/playbooks/os-ironic-install.yml b/playbooks/os-ironic-install.yml index 4caf34ebce..fb481e7283 100644 --- a/playbooks/os-ironic-install.yml +++ b/playbooks/os-ironic-install.yml @@ -30,6 +30,11 @@ tags: - ironic pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal diff --git a/playbooks/os-keystone-install.yml b/playbooks/os-keystone-install.yml index 66510ba56f..125c5854d0 100644 --- a/playbooks/os-keystone-install.yml +++ b/playbooks/os-keystone-install.yml @@ -46,6 +46,10 @@ tags: - keystone pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always # In order to ensure that any container, software or # config file changes which causes a container/service diff --git a/playbooks/os-magnum-install.yml b/playbooks/os-magnum-install.yml index a734f884a8..6fff53fb54 100644 --- a/playbooks/os-magnum-install.yml +++ b/playbooks/os-magnum-install.yml @@ -33,6 +33,11 @@ tags: - magnum pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal diff --git a/playbooks/os-manila-install.yml b/playbooks/os-manila-install.yml index 1d26fa2582..8426d21b47 100644 --- a/playbooks/os-manila-install.yml +++ b/playbooks/os-manila-install.yml @@ -33,6 +33,11 @@ tags: - manila pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + # In order to ensure that any container, software or # config file changes which causes a container/service # restart do not cause an unexpected outage, we drain diff --git a/playbooks/os-masakari-install.yml b/playbooks/os-masakari-install.yml index 39ca829f47..9e86740c0d 100644 --- a/playbooks/os-masakari-install.yml +++ b/playbooks/os-masakari-install.yml @@ -27,6 +27,14 @@ pacemaker_corosync_group: masakari_monitor pacemaker_corosync_ring_interface: "{{ masakari_monitor_corosync_multicast_interface }}" haveged_enabled: false + pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + vars: + deployment_extra_facts_filter: "{{ 'ansible_' ~ pacemaker_corosync_ring_interface | replace('-','_') }}" + deployment_extra_facts_subset: "!all,network" + tags: + - always roles: - role: "pacemaker_corosync" tags: pacemaker-corosync @@ -39,6 +47,11 @@ - "defaults/repo_packages/openstack_services.yml" - "defaults/{{ install_method }}_install.yml" pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + # In order to ensure that any container, software or # config file changes which causes a container/service # restart do not cause an unexpected outage, we drain diff --git a/playbooks/os-mistral-install.yml b/playbooks/os-mistral-install.yml index 50317461be..405110f061 100644 --- a/playbooks/os-mistral-install.yml +++ b/playbooks/os-mistral-install.yml @@ -30,6 +30,11 @@ tags: - mistral pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal diff --git a/playbooks/os-murano-install.yml b/playbooks/os-murano-install.yml index 3645fe1412..e6a6714141 100644 --- a/playbooks/os-murano-install.yml +++ b/playbooks/os-murano-install.yml @@ -29,6 +29,11 @@ tags: - murano pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal diff --git a/playbooks/os-octavia-install.yml b/playbooks/os-octavia-install.yml index b90374d738..747aa98109 100644 --- a/playbooks/os-octavia-install.yml +++ b/playbooks/os-octavia-install.yml @@ -30,6 +30,11 @@ tags: - octavia pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal diff --git a/playbooks/os-panko-install.yml b/playbooks/os-panko-install.yml index b227df99e5..6a7df4a005 100644 --- a/playbooks/os-panko-install.yml +++ b/playbooks/os-panko-install.yml @@ -29,6 +29,11 @@ tags: - panko pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal roles: diff --git a/playbooks/os-placement-install.yml b/playbooks/os-placement-install.yml index caba88e25d..a887427658 100644 --- a/playbooks/os-placement-install.yml +++ b/playbooks/os-placement-install.yml @@ -30,6 +30,11 @@ tags: - placement pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal diff --git a/playbooks/os-sahara-install.yml b/playbooks/os-sahara-install.yml index 71a15c593d..7a7e490996 100644 --- a/playbooks/os-sahara-install.yml +++ b/playbooks/os-sahara-install.yml @@ -28,6 +28,11 @@ tags: - sahara pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal diff --git a/playbooks/os-senlin-install.yml b/playbooks/os-senlin-install.yml index e260079428..f6e229023f 100644 --- a/playbooks/os-senlin-install.yml +++ b/playbooks/os-senlin-install.yml @@ -30,6 +30,11 @@ tags: - senlin pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + # In order to ensure that any container, software or # config file changes which causes a container/service # restart do not cause an unexpected outage, we drain diff --git a/playbooks/os-swift-install.yml b/playbooks/os-swift-install.yml index 5fb2c42646..ab0cea631b 100644 --- a/playbooks/os-swift-install.yml +++ b/playbooks/os-swift-install.yml @@ -27,6 +27,11 @@ - "defaults/repo_packages/openstack_services.yml" - "defaults/{{ install_method }}_install.yml" pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" vars: extra_container_config_no_restart: diff --git a/playbooks/os-tacker-install.yml b/playbooks/os-tacker-install.yml index 523edeab8c..52e3266519 100644 --- a/playbooks/os-tacker-install.yml +++ b/playbooks/os-tacker-install.yml @@ -30,6 +30,11 @@ tags: - tacker pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal roles: diff --git a/playbooks/os-tempest-install.yml b/playbooks/os-tempest-install.yml index aacf7785f8..c227a9b532 100644 --- a/playbooks/os-tempest-install.yml +++ b/playbooks/os-tempest-install.yml @@ -33,6 +33,11 @@ when: - (not (tempest_install | default(false)) | bool) + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + roles: - role: "os_tempest" - role: "system_crontab_coordination" diff --git a/playbooks/os-trove-install.yml b/playbooks/os-trove-install.yml index 2141966638..4841b702de 100644 --- a/playbooks/os-trove-install.yml +++ b/playbooks/os-trove-install.yml @@ -33,6 +33,11 @@ tags: - trove pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" when: not is_metal diff --git a/playbooks/os-zun-install.yml b/playbooks/os-zun-install.yml index 6db8c1875e..f4c84824e8 100644 --- a/playbooks/os-zun-install.yml +++ b/playbooks/os-zun-install.yml @@ -27,6 +27,11 @@ - "defaults/repo_packages/openstack_services.yml" - "defaults/{{ install_method }}_install.yml" pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + tags: + - always + # In order to ensure that any container, software or # config file changes which causes a container/service # restart do not cause an unexpected outage, we drain diff --git a/playbooks/security-hardening.yml b/playbooks/security-hardening.yml index c64de29356..66835f5321 100644 --- a/playbooks/security-hardening.yml +++ b/playbooks/security-hardening.yml @@ -27,6 +27,14 @@ hosts: "{{ security_host_group|default('hosts') }}" gather_facts: false user: root + pre_tasks: + - name: Gather additional facts + include_tasks: "common-tasks/gather-hardware-facts.yml" + vars: + deployment_extra_facts_filter: ansible_mounts + deployment_extra_facts_subset: "!all,hardware" + tags: + - always roles: - role: "ansible-hardening" when: apply_security_hardening | bool