mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-04-25 19:11:24 +08:00
325 lines
15 KiB
YAML
325 lines
15 KiB
YAML
---
|
|
# Configure another compute node for Fedora Cloud
|
|
|
|
- authorized_key: user=root key="{{ lookup('file', files + '/fedora-cloud/fed09-ssh-key.pub') }}"
|
|
- template: src={{ files }}/fedora-cloud/hosts dest=/etc/hosts owner=root mode=0644
|
|
|
|
- name: Copy customized EPEL7 repo
|
|
copy: src=cloud-epel7.repo dest=/etc/yum.repos.d/cloud-epel7.repo
|
|
owner=root group=root mode=0644
|
|
|
|
- name: Enable nested virtualization
|
|
copy: content="options kvm_intel nested=1" dest=/etc/modprobe.d/nested_virt.conf
|
|
owner=root group=root mode=0644
|
|
|
|
- lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^ONBOOT=" line="ONBOOT=yes"
|
|
notify:
|
|
- restart network
|
|
- lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^NETMASK=" line="NETMASK=255.255.255.0"
|
|
notify:
|
|
- restart network
|
|
- lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^IPADDR=" line="IPADDR={{compute_private_ip}}"
|
|
notify:
|
|
- restart network
|
|
- lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="BOOTPROTO=" line="BOOTPROTO=none"
|
|
notify:
|
|
- restart network
|
|
- meta: flush_handlers
|
|
|
|
- name: copy RHOS repo file
|
|
copy: src=rhos-5.repo dest=/etc/yum.repos.d/rhos-5.repo
|
|
owner=root group=root mode=0644
|
|
- yum: state=present pkg=openstack-nova-common
|
|
- name: create logical volume for ephemeral storage
|
|
lvol: vg=vg_guests lv=nova size=100%FREE shrink=no
|
|
- filesystem: fstype=ext4 dev=/dev/mapper/vg_guests-nova
|
|
- mount: name=/var/lib/nova src=/dev/mapper/vg_guests-nova fstype=ext4 state=mounted
|
|
- name: Create logical volume for Swift
|
|
lvol: vg=vg_server lv=swift_store size=100g
|
|
- name: Create FS on Swift storage
|
|
filesystem: fstype=ext4 dev=/dev/vg_server/swift_store
|
|
|
|
- file: path=/var/lib/nova/{{item}} owner=nova group=nova mode=0755 state=directory
|
|
with_items:
|
|
- buckets
|
|
- images
|
|
- instances
|
|
- keys
|
|
- networks
|
|
- tmp
|
|
|
|
- meta: flush_handlers
|
|
|
|
# http://docs.openstack.org/icehouse/install-guide/install/yum/content/nova-compute.html
|
|
- name: install the Compute packages necessary for the controller node.
|
|
yum: state=present pkg={{ item }}
|
|
with_items:
|
|
- openstack-nova-compute
|
|
- python-novaclient
|
|
- openstack-utils
|
|
- openstack-selinux
|
|
- name: add ssl cert for keystone
|
|
copy: src={{ private }}/files/openstack/fedorainfracloud.org.digicert.pem dest=/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem mode=644 owner=root group=root
|
|
|
|
- name: Set up db connection to controller
|
|
ini_file: dest=/etc/nova/nova.conf section=database option=connection value=mysql://nova:{{NOVA_DBPASS}}@{{controller_private_ip}}/nova
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=auth_strategy value=keystone
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=auth_uri value=https://{{controller_publicname}}:5000
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=auth_host value={{controller_publicname}}
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=auth_protocol value=https
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=auth_port value=35357
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=cafile value=/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=admin_user value=nova
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=admin_tenant_name value=services
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- name: set admin_password
|
|
ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=admin_password value={{NOVA_PASS}}
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=rpc_backend value=nova.openstack.common.rpc.impl_kombu
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=rabbit_host value={{controller_private_ip}}
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=rabbit_hosts value={{controller_private_ip}}:5672
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=rabbit_userid value=amqp_user
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=rabbit_password value={{ CONFIG_AMQP_AUTH_PASSWORD }}
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=rabbit_port value=5672
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=rabbit_use_ssl value=False
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=my_ip value={{compute_private_ip}}
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
# Cirrus VGA is not available on PPC, thus no VNC
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=vnc_enabled value=True
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
when: not inventory_hostname.startswith('fed-cloud-ppc')
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=vnc_enabled value=False
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
when: inventory_hostname.startswith('fed-cloud-ppc')
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=vncserver_listen value=0.0.0.0
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=vncserver_proxyclient_address value={{compute_private_ip}}
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=novncproxy_base_url value=https://{{controller_publicname}}:6080/vnc_auto.html
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=glance_host value={{controller_publicname}}
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=glance_protocol value=https
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=glance_api_servers value=https://{{ controller_publicname }}:9292
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- name: set up storage for ephemeral disks
|
|
ini_file: dest=/etc/nova/nova.conf section=libvirt option=images_type state=absent
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
|
|
|
|
- service: name=libvirtd state=started enabled=yes
|
|
- service: name=messagebus state=started
|
|
- service: name=openstack-nova-compute state=started enabled=yes
|
|
- service: name=neutron-openvswitch-agent state=started enabled=yes
|
|
|
|
# http://docs.openstack.org/icehouse/install-guide/install/yum/content/neutron-ml2-compute-node.html
|
|
- sysctl: name=net.ipv4.conf.all.rp_filter value=0 state=present sysctl_set=yes reload=yes
|
|
- sysctl: name=net.ipv4.conf.default.rp_filter value=0 state=present sysctl_set=yes reload=yes
|
|
|
|
- name: install the Networking components
|
|
yum: state=present pkg={{ item }}
|
|
with_items:
|
|
- openstack-neutron-ml2
|
|
- openstack-neutron-openvswitch
|
|
|
|
- ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=auth_strategy value=keystone
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=auth_uri value=https://{{controller_publicname}}:5000
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=auth_host value={{controller_publicname}}
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=auth_protocol value=https
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=auth_port value=35357
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=cafile value=/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=admin_user value=neutron
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=admin_tenant_name value=services
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- name: set admin_password
|
|
ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=admin_password value={{NEUTRON_PASS}}
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
|
|
- ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=rpc_backend value=neutron.openstack.common.rpc.impl_kombu
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=rabbit_host value={{controller_private_ip}}
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=rabbit_hosts value={{controller_private_ip}}:5672
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=rabbit_userid value=amqp_user
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=rabbit_password value={{ CONFIG_AMQP_AUTH_PASSWORD }}
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=rabbit_port value=5672
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
|
|
# uncomment if you want to debug compute instance
|
|
#- ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=verbose value=True
|
|
# notify:
|
|
# - restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=core_plugin value=neutron.plugins.ml2.plugin.Ml2Plugin
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=service_plugins value=neutron.services.l3_router.l3_router_plugin.L3RouterPlugin
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
|
|
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ml2 option=type_drivers value=local,flat,gre
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ml2 option=tenant_network_types value=gre
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ml2 option=mechanism_drivers value=openvswitch
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ml2_type_gre option=tunnel_id_ranges value=1:1000
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ovs option=local_ip value={{compute_private_ip}}
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ovs option=tunnel_type value=gre
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ovs option=tunnel_types value=gre
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=agent option=tunnel_types value=gre
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ovs option=enable_tunneling value=True
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=securitygroup option=firewall_driver value=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=securitygroup option=enable_security_group value=True
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
|
|
# WORKAROUND https://ask.openstack.org/en/question/28734/instance-failed-to-spawn-you-must-call-aug-init-first-to-initialize-augeas/
|
|
- ini_file: dest=/usr/lib/systemd/system/neutron-openvswitch-agent.service section=Service option=ExecStart value="/usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini --log-file /var/log/neutron/openvswitch-agent.log"
|
|
notify:
|
|
- restart neutron-openvswitch-agent
|
|
|
|
- service: name=openvswitch state=started enabled=yes
|
|
- command: ovs-vsctl --may-exist add-br br-int
|
|
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=network_api_class value=nova.network.neutronv2.api.API
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=neutron_url value=https://{{controller_publicname}}:9696
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=neutron_auth_strategy value=keystone
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=neutron_admin_tenant_name value=services
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=neutron_admin_username value=neutron
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- name: set neutron_admin_password
|
|
ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=neutron_admin_password value={{NEUTRON_PASS}}
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=neutron_admin_auth_url value=https://{{controller_publicname}}:35357/v2.0
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=linuxnet_interface_driver value=nova.network.linux_net.LinuxOVSInterfaceDriver
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=firewall_driver value=nova.virt.firewall.NoopFirewallDriver
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=security_group_api value=neutron
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
|
|
- file: src=/etc/neutron/plugins/ml2/ml2_conf.ini dest=/etc/neutron/plugin.ini state=link
|
|
notify:
|
|
- restart openstack-nova-compute
|
|
|
|
- name: Set shell to nova user to allow cold migrations
|
|
user: name=nova shell=/bin/bash
|
|
- name: SSH authorized key for nova user
|
|
authorized_key: user=nova key="{{fed_cloud09_nova_public_key}}"
|
|
- name: SSH public key for nova user
|
|
template: src={{ files }}/fedora-cloud/fed_cloud09_nova_public_key dest=/var/lib/nova/.ssh/id_rsa.pub owner=nova group=nova
|
|
- name: Deploy private SSH key
|
|
copy: src={{ private }}/files/openstack/fed-cloud09-nova.key dest=/var/lib/nova/.ssh/id_rsa mode=600 owner=nova group=nova
|
|
- copy: src={{files}}/fedora-cloud/nova-ssh-config dest=/var/lib/nova/.ssh/config owner=nova group=nova mode=640
|
|
|
|
# This needs to be run after controller reprovision
|
|
#FIXME
|
|
#- name: "restart neutron-openvswitch-agent"
|
|
# service: name=neutron-openvswitch-agent state=restarted
|
|
#- name: "restart openstack-nova-compute"
|
|
# service: name=openstack-nova-compute state=restarted
|
|
|