8fa29d9834
The one in PyPI can easily get out of sync, causing breakages. Since Red Hat systems move pretty quickly, just use the system package (Bifrost creates the venv with system site packages). Change-Id: I08da25aa73cdf3dc43886bc746431f6082e804a1
318 lines
8.6 KiB
YAML
318 lines
8.6 KiB
YAML
# Copyright (c) 2017 Mirantis Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Setup libvirt - ensure network and storage pool are defined and active,
|
|
# prepare dir for vm logs
|
|
---
|
|
- name: fail if secure boot is requested without UEFI
|
|
fail:
|
|
msg: Secure boot support requires default_boot_mode set to "uefi"
|
|
when:
|
|
- default_boot_mode != 'uefi'
|
|
- test_vm_secure_boot | bool
|
|
|
|
- name: install gunicorn and lxml
|
|
include_role:
|
|
name: bifrost-pip-install
|
|
vars:
|
|
package: "{{ item }}"
|
|
loop:
|
|
- gunicorn
|
|
- lxml
|
|
|
|
- name: install libvirt-python if needed
|
|
include_role:
|
|
name: bifrost-pip-install
|
|
vars:
|
|
package: libvirt-python
|
|
when: ansible_os_family != 'RedHat'
|
|
|
|
- name: configure libvirt log filters for qemu
|
|
blockinfile:
|
|
path: /etc/libvirt/libvirtd.conf
|
|
block: |
|
|
log_filters="1:qemu 1:libvirt 4:object 4:json 4:event 1:util"
|
|
log_outputs="1:file:/var/log/libvirt/libvirtd.log"
|
|
|
|
- name: "Restart libvirt service"
|
|
service: name="{{ libvirt_service_name }}" state=restarted
|
|
|
|
# NOTE(Shrews) We need to enable ip forwarding for the libvirt bridge to
|
|
# operate properly with dnsmasq. This should be done before starting dnsmasq.
|
|
- name: "Enable IP forwarding in sysctl"
|
|
sysctl:
|
|
name: "net.ipv4.ip_forward"
|
|
value: 1
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
|
|
# NOTE(Shrews) Ubuntu packaging+apparmor issue prevents libvirt from loading
|
|
# the ROM from /usr/share/misc.
|
|
- name: "Look for sgabios in {{ sgabios_dir }}"
|
|
stat: path={{ sgabios_dir }}/sgabios.bin
|
|
register: test_sgabios_qemu
|
|
|
|
- name: "Look for sgabios in /usr/share/misc"
|
|
stat: path=/usr/share/misc/sgabios.bin
|
|
register: test_sgabios_misc
|
|
|
|
- name: "Place sgabios.bin"
|
|
command: cp /usr/share/misc/sgabios.bin /usr/share/qemu/sgabios.bin
|
|
when:
|
|
- not test_sgabios_qemu.stat.exists
|
|
- test_sgabios_misc.stat.exists
|
|
|
|
# NOTE(TheJulia): In order to prevent conflicts, stop
|
|
# dnsmasq to prevent conflicts with libvirt restarting.
|
|
# TODO(TheJulia): We shouldn't need to do this, but the
|
|
# libvirt dhcp instance conflicts withour specific config
|
|
# and taking this path allows us to not refactor dhcp at
|
|
# this moment. Our DHCP serving should be refactored
|
|
# so we don't need to do this.
|
|
- name: "Stop default dnsmasq service"
|
|
service:
|
|
name: dnsmasq
|
|
state: stopped
|
|
ignore_errors: true
|
|
|
|
# NOTE(TheJulia): Seems if you test in a VM, this might
|
|
# be helpful if your installed your host originally
|
|
# with the default 192.168.122/0/24 network
|
|
- name: destroy libvirt network
|
|
virt_net:
|
|
name: "{{ test_vm_network }}"
|
|
state: absent
|
|
uri: "{{ test_vm_libvirt_uri }}"
|
|
|
|
- name: ensure libvirt network is present
|
|
virt_net:
|
|
name: "{{ test_vm_network }}"
|
|
state: present
|
|
xml: "{{ lookup('template', 'net.xml.j2') }}"
|
|
uri: "{{ test_vm_libvirt_uri }}"
|
|
|
|
- name: find facts on libvirt networks
|
|
virt_net:
|
|
name: "{{ test_vm_network }}"
|
|
command: facts
|
|
uri: "{{ test_vm_libvirt_uri }}"
|
|
|
|
# NOTE(pas-ha) yet another place where non-local libvirt will not work
|
|
- name: "Delete network interface if virtual network is not active"
|
|
command: ip link del {{ ansible_libvirt_networks[test_vm_network].bridge }}
|
|
when:
|
|
- ansible_libvirt_networks[test_vm_network].state != 'active'
|
|
- test_vm_libvirt_uri == 'qemu:///system'
|
|
ignore_errors: yes
|
|
|
|
- name: set libvirt network to autostart
|
|
virt_net:
|
|
name: "{{ test_vm_network }}"
|
|
autostart: yes
|
|
uri: "{{ test_vm_libvirt_uri }}"
|
|
|
|
- name: ensure libvirt network is running
|
|
virt_net:
|
|
name: "{{ test_vm_network }}"
|
|
state: active
|
|
uri: "{{ test_vm_libvirt_uri }}"
|
|
|
|
- name: get libvirt network status
|
|
virt_net:
|
|
name: "{{ test_vm_network }}"
|
|
command: status
|
|
uri: "{{ test_vm_libvirt_uri }}"
|
|
register: test_vm_net_status
|
|
|
|
- name: fail if libvirt network is not active
|
|
assert:
|
|
that: test_vm_net_status.status == 'active'
|
|
|
|
- name: define a libvirt pool if not set
|
|
virt_pool:
|
|
name: "{{ test_vm_storage_pool }}"
|
|
state: present
|
|
uri: "{{ test_vm_libvirt_uri }}"
|
|
xml: "{{ lookup('template', 'pool_dir.xml.j2') }}"
|
|
|
|
- name: ensure libvirt pool is running
|
|
virt_pool:
|
|
name: "{{ test_vm_storage_pool }}"
|
|
state: active
|
|
autostart: yes
|
|
uri: "{{ test_vm_libvirt_uri }}"
|
|
|
|
- name: create dir for bm logs
|
|
file:
|
|
state: directory
|
|
path: "{{ test_vm_logdir }}"
|
|
recurse: yes
|
|
mode: "0755"
|
|
|
|
- name: ensure parent dir for bm logs has proper rights
|
|
file:
|
|
state: directory
|
|
path: "{{ test_vm_logdir | dirname }}"
|
|
mode: "0755"
|
|
|
|
# NOTE(dtantsur): pypi version can easily get out of sync, we need to use
|
|
# the version from the distribution.
|
|
- name: edit libvirt-python out of upper constraints
|
|
lineinfile:
|
|
path: "{{ upper_constraints_file }}"
|
|
regexp: "^libvirt\\-python"
|
|
state: absent
|
|
when: ansible_os_family == 'RedHat'
|
|
|
|
- name: install virtualbmc
|
|
include_role:
|
|
name: bifrost-pip-install
|
|
vars:
|
|
package: virtualbmc
|
|
|
|
- name: ensure Virtual BMC systemd service is configured
|
|
template:
|
|
src: vbmcd.service.j2
|
|
dest: /etc/systemd/system/vbmcd.service
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
become: true
|
|
register: vbmcd_service_file
|
|
|
|
- name: create Virtual BMC configuration directory
|
|
file:
|
|
path: /etc/virtualbmc
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
become: true
|
|
|
|
- name: write Virtual BMC configuration file
|
|
template:
|
|
src: virtualbmc.conf
|
|
dest: /etc/virtualbmc/virtualbmc.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
become: true
|
|
|
|
- name: ensure Virtual BMC systemd service is started and enabled
|
|
systemd:
|
|
name: vbmcd
|
|
enabled: yes
|
|
state: started
|
|
daemon_reload: "{{ vbmcd_service_file.changed }}"
|
|
become: true
|
|
|
|
- name: install sushy-tools
|
|
include_role:
|
|
name: bifrost-pip-install
|
|
vars:
|
|
package: sushy-tools>=0.18.2
|
|
|
|
- name: create Redfish Emulator state directory
|
|
file:
|
|
name: "{{ redfish_emulator_state_dir }}"
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
become: true
|
|
|
|
- name: ensure Redfish Emulator systemd service is configured
|
|
template:
|
|
src: redfish-emulator.service.j2
|
|
dest: /etc/systemd/system/redfish-emulator.service
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
become: true
|
|
register: redfish_emulator_service_file
|
|
|
|
- name: reload systemd units if needed
|
|
systemd:
|
|
daemon_reload: "{{ redfish_emulator_service_file.changed }}"
|
|
|
|
- name: find OVMF firmware
|
|
set_fact:
|
|
efi_loader_path: "{{ item }}"
|
|
with_first_found: "{{ efi_loader_locations }}"
|
|
ignore_errors: true
|
|
when: efi_loader_path is undefined
|
|
|
|
- name: fail if UEFI is requested and no OVMF firmware is found
|
|
fail:
|
|
msg: >
|
|
UEFI is requested but no OVMF firmware can be found. Please set
|
|
efi_loader_path explicitly. Note that firmware with secure boot enabled
|
|
may not work yet.
|
|
when:
|
|
- efi_loader_path is undefined
|
|
- default_boot_mode == 'uefi'
|
|
|
|
- name: find OVMF NVRAM
|
|
set_fact:
|
|
efi_nvram_path: "{{ item }}"
|
|
with_first_found: "{{ efi_nvram_locations }}"
|
|
when: default_boot_mode == 'uefi'
|
|
|
|
- name: write Redfish Emulator password file
|
|
htpasswd:
|
|
path: /etc/redfish-emulator.htpasswd
|
|
crypt_scheme: bcrypt
|
|
name: "admin"
|
|
password: "password"
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
|
|
- name: write Redfish Emulator configuration file
|
|
template:
|
|
src: redfish-emulator.conf.j2
|
|
dest: /etc/redfish-emulator.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
become: true
|
|
register: redfish_emulator_config_file
|
|
|
|
# NOTE(dtantsur): the migration can be removed after Xena
|
|
|
|
- name: check for the old state directory
|
|
stat:
|
|
path: /tmp/sushy-emulator
|
|
register: redfish_emulator_old_state_dir
|
|
|
|
- block:
|
|
- name: stop Redfish Emulator before migrating its state directory
|
|
systemd:
|
|
name: redfish-emulator
|
|
state: stopped
|
|
- name: migrate existing Redfish Emulator state directory
|
|
shell: mv /tmp/sushy-emulator/*.sqlite "{{ redfish_emulator_state_dir }}"
|
|
become: true
|
|
ignore_errors: true
|
|
when: redfish_emulator_old_state_dir.stat.exists
|
|
and redfish_emulator_state_dir != '/tmp/sushy-emulator'
|
|
|
|
- name: ensure Redfish Emulator systemd service is started and enabled
|
|
systemd:
|
|
name: redfish-emulator
|
|
enabled: yes
|
|
state: restarted
|
|
become: true
|