diff --git a/ansible/group_vars/all/yum b/ansible/group_vars/all/yum new file mode 100644 index 000000000..c600eaf28 --- /dev/null +++ b/ansible/group_vars/all/yum @@ -0,0 +1,3 @@ +--- + +yum_use_local_mirror: false diff --git a/ansible/roles/kolla-openstack/tasks/config.yml b/ansible/roles/kolla-openstack/tasks/config.yml index 14a87f637..bdb9934ca 100644 --- a/ansible/roles/kolla-openstack/tasks/config.yml +++ b/ansible/roles/kolla-openstack/tasks/config.yml @@ -78,7 +78,9 @@ - "{{ find_src_result.results }}" - files - skip_missing: True - when: item.0.item.enabled | bool + when: + - item.0.item.enabled | bool + - item.1.path | basename not in item.0.item.ignore | default([]) - name: Ensure unnecessary extra configuration files are absent file: diff --git a/ansible/roles/kolla-openstack/vars/main.yml b/ansible/roles/kolla-openstack/vars/main.yml index 2652f3d74..f00a3d739 100644 --- a/ansible/roles/kolla-openstack/vars/main.yml +++ b/ansible/roles/kolla-openstack/vars/main.yml @@ -5,8 +5,9 @@ # dest: Path to directory in which generated files will be created. # patterns: One or more file name patterns to match. # enabled: Whether these files should be templated. -# ignore: Optional list of files to leave in the destination, even if disabled -# or unexpected. +# ignore: Optional list of files to ignore. These files will not be copied to +# the destination, and will not be removed from the destination, even +# if disabled or unexpected. kolla_openstack_custom_config: # Ceph. - src: "{{ kolla_extra_config_path }}/ceph" diff --git a/ansible/roles/node-exporter/defaults/main.yml b/ansible/roles/node-exporter/defaults/main.yml index f3f8279b2..9db979725 100644 --- a/ansible/roles/node-exporter/defaults/main.yml +++ b/ansible/roles/node-exporter/defaults/main.yml @@ -10,7 +10,7 @@ nodeexporter_services: container_name: nodeexporter enabled: "{{ nodeexporter_enabled }}" image: "{{ nodeexporter_image_full }}" - command: /bin/node_exporter --collector.procfs=/host/proc --collector.sysfs=/host/sys --collector.filesystem.ignored-mount-points "^/(sys|proc|dev|host|etc)($|/)" + command: --collector.procfs=/host/proc --collector.sysfs=/host/sys --collector.filesystem.ignored-mount-points "^/(sys|proc|dev|host|etc)($|/)" privileged: True read_only: True volumes: diff --git a/ansible/roles/yum-cron/defaults/main.yml b/ansible/roles/yum-cron/defaults/main.yml new file mode 100644 index 000000000..cd510fd9c --- /dev/null +++ b/ansible/roles/yum-cron/defaults/main.yml @@ -0,0 +1,4 @@ +--- + +yum_cron_enabled: false +yum_cron_update_cmd: 'security' diff --git a/ansible/roles/yum-cron/handlers/main.yml b/ansible/roles/yum-cron/handlers/main.yml new file mode 100644 index 000000000..fc26c999e --- /dev/null +++ b/ansible/roles/yum-cron/handlers/main.yml @@ -0,0 +1,7 @@ +--- + +- name: Restart yum-cron + service: + name: yum-cron + state: restarted + become: True diff --git a/ansible/roles/yum-cron/tasks/main.yml b/ansible/roles/yum-cron/tasks/main.yml new file mode 100644 index 000000000..3a6e63bfc --- /dev/null +++ b/ansible/roles/yum-cron/tasks/main.yml @@ -0,0 +1,36 @@ +--- + +- name: Yum | Install yum-cron (CentOS) + yum: + name: yum-cron + state: present + when: yum_cron_enabled + become: True + +- name: Replace | Enable update applying for yum-cron (CentOS) + replace: + dest: /etc/yum/yum-cron.conf + regexp: "^apply_updates = no" + replace: "apply_updates = yes" + when: yum_cron_enabled + notify: + - Restart yum-cron + become: True + +- name: Replace | Enable update applying for yum-cron (CentOS) + replace: + dest: /etc/yum/yum-cron.conf + regexp: "^update_cmd = .*$" + replace: "update_cmd = {{ yum_cron_update_cmd }}" + when: yum_cron_enabled + notify: + - Restart yum-cron + become: True + +- name: Service | Enable yum-cron (CentOS) + service: + name: yum-cron + state: started + enabled: yes + when: yum_cron_enabled + become: True diff --git a/ansible/roles/yum/defaults/main.yml b/ansible/roles/yum/defaults/main.yml new file mode 100644 index 000000000..e9e4c8611 --- /dev/null +++ b/ansible/roles/yum/defaults/main.yml @@ -0,0 +1,12 @@ +--- + +# Whether or not to use a local Yum mirror. +yum_use_local_mirror: false +# Mirror FQDN for Yum repos. +yum_centos_mirror_host: 'mirror.centos.org' +# Mirror directory for Yum CentOS repos. +yum_centos_mirror_directory: 'centos' +# Mirror FQDN for Yum EPEL repos. +yum_epel_mirror_host: 'download.fedoraproject.org' +# Mirror directory for Yum EPEL repos. +yum_epel_mirror_directory: 'pub/epel' diff --git a/ansible/roles/yum/tasks/main.yml b/ansible/roles/yum/tasks/main.yml new file mode 100644 index 000000000..6f96f909c --- /dev/null +++ b/ansible/roles/yum/tasks/main.yml @@ -0,0 +1,6 @@ +--- + +- include: redhat.yml + when: + - ansible_os_family == "RedHat" + - yum_use_local_mirror diff --git a/ansible/roles/yum/tasks/redhat.yml b/ansible/roles/yum/tasks/redhat.yml new file mode 100644 index 000000000..0b8f16967 --- /dev/null +++ b/ansible/roles/yum/tasks/redhat.yml @@ -0,0 +1,44 @@ +--- + +- name: Replace | Disable YUM fastestmirror plugin (CentOS) + replace: + dest: /etc/yum/pluginconf.d/fastestmirror.conf + regexp: "enabled=1" + replace: "enabled=0" + become: True + +- name: Template | Copy CentOS repo templates (CentOS) + template: + src: CentOS-Base.repo.j2 + dest: /etc/yum.repos.d/CentOS-Base.repo + owner: root + group: root + mode: 0664 + become: True + +- name: Yum | Update cache (CentOS) + yum: + name: '*' + update_cache: yes + become: True + +- name: Yum | Install epel-release (CentOS) + yum: + name: epel-release + state: installed + become: True + +- name: Template | Copy EPEL repo templates (CentOS) + template: + src: epel.repo.j2 + dest: /etc/yum.repos.d/epel.repo + owner: root + group: root + mode: 0664 + become: True + +- name: Yum | Update cache (CentOS) + yum: + name: '*' + update_cache: yes + become: True diff --git a/ansible/roles/yum/templates/CentOS-Base.repo.j2 b/ansible/roles/yum/templates/CentOS-Base.repo.j2 new file mode 100644 index 000000000..361e19ff0 --- /dev/null +++ b/ansible/roles/yum/templates/CentOS-Base.repo.j2 @@ -0,0 +1,43 @@ +# CentOS-Base.repo +# +# The mirror system uses the connecting IP address of the client and the +# update status of each mirror to pick mirrors that are updated to and +# geographically close to the client. You should use this for CentOS updates +# unless you are manually picking other mirrors. +# +# If the mirrorlist= does not work for you, as a fall back you can try the +# remarked out baseurl= line instead. +# +# + +[base] +name=CentOS-$releasever - Base +#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra +baseurl=http://{{ yum_centos_mirror_host }}/{{ yum_centos_mirror_directory }}/$releasever/os/$basearch/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 + +#released updates +[updates] +name=CentOS-$releasever - Updates +#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra +baseurl=http://{{ yum_centos_mirror_host }}/{{ yum_centos_mirror_directory }}/$releasever/updates/$basearch/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 + +#additional packages that may be useful +[extras] +name=CentOS-$releasever - Extras +#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra +baseurl=http://{{ yum_centos_mirror_host }}/{{ yum_centos_mirror_directory }}/$releasever/extras/$basearch/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 + +#additional packages that extend functionality of existing packages +[centosplus] +name=CentOS-$releasever - Plus +#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra +baseurl=http://{{ yum_centos_mirror_host }}/{{ yum_centos_mirror_directory }}/$releasever/centosplus/$basearch/ +gpgcheck=1 +enabled=0 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 diff --git a/ansible/roles/yum/templates/epel.repo.j2 b/ansible/roles/yum/templates/epel.repo.j2 new file mode 100644 index 000000000..0dbf48aaf --- /dev/null +++ b/ansible/roles/yum/templates/epel.repo.j2 @@ -0,0 +1,26 @@ +[epel] +name=Extra Packages for Enterprise Linux 7 - $basearch +baseurl=http://{{ yum_epel_mirror_host }}/{{ yum_epel_mirror_directory }}/7/$basearch +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch +failovermethod=priority +enabled=1 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 + +[epel-debuginfo] +name=Extra Packages for Enterprise Linux 7 - $basearch - Debug +baseurl=http://{{ yum_epel_mirror_host }}/{{ yum_epel_mirror_directory }}/7/$basearch/debug +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch +failovermethod=priority +enabled=0 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 +gpgcheck=1 + +[epel-source] +name=Extra Packages for Enterprise Linux 7 - $basearch - Source +baseurl=http://{{ yum_epel_mirror_host }}/{{ yum_epel_mirror_directory }}/7/SRPMS +#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch +failovermethod=priority +enabled=0 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 +gpgcheck=1 diff --git a/ansible/yum.yml b/ansible/yum.yml new file mode 100644 index 000000000..d2acc726d --- /dev/null +++ b/ansible/yum.yml @@ -0,0 +1,7 @@ +--- + +- name: Ensure Yum repos are configured + hosts: seed-hypervisor:seed:overcloud + roles: + - role: yum + - role: yum-cron diff --git a/doc/source/release-notes.rst b/doc/source/release-notes.rst index 3f3aec1a8..8d70d491a 100644 --- a/doc/source/release-notes.rst +++ b/doc/source/release-notes.rst @@ -17,6 +17,7 @@ Features * Adds support for configuration of custom fluentd filters, and additional config file templates for heat, ironic, keystone, magnum, murano, sahara, and swift in ``$KAYOBE_CONFIG_PATH/kolla/config//``. +* Adds support for specifying a local Yum mirror for package installation. * Adds the command ``kayobe network connectivity check`` which can be used to verify network connectivity in the cloud hosts. diff --git a/etc/kayobe/yum-cron.yml b/etc/kayobe/yum-cron.yml new file mode 100644 index 000000000..d237eb52d --- /dev/null +++ b/etc/kayobe/yum-cron.yml @@ -0,0 +1,6 @@ +--- + +# Whether to enable Yum automatic updates. +#yum_cron_enabled: false +# Command to use for Yum automatic updates. +#yum_cron_update_cmd: 'security' diff --git a/etc/kayobe/yum.yml b/etc/kayobe/yum.yml new file mode 100644 index 000000000..40224969c --- /dev/null +++ b/etc/kayobe/yum.yml @@ -0,0 +1,12 @@ +--- + +# Whether or not to use a local Yum mirror. +#yum_use_local_mirror: false +# Mirror FQDN for Yum repos. +#yum_centos_mirror_host: 'mirror.centos.org' +# Mirror directory for Yum CentOS repos. +#yum_centos_mirror_directory: 'centos' +# Mirror FQDN for Yum EPEL repos. +#yum_epel_mirror_host: 'download.fedoraproject.org' +# Mirror directory for Yum EPEL repos. +#yum_epel_mirror_directory: 'pub/epel' diff --git a/kayobe/cli/commands.py b/kayobe/cli/commands.py index e6a6534f5..9a8da9928 100644 --- a/kayobe/cli/commands.py +++ b/kayobe/cli/commands.py @@ -264,6 +264,7 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, * Allocate IP addresses for all configured networks. * Add the host to SSH known hosts. * Configure user accounts, group associations, and authorised SSH keys. + * Configure Yum repos. * Configure the host's network interfaces. * Set sysctl parameters. * Configure NTP. @@ -273,8 +274,8 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, def take_action(self, parsed_args): self.app.LOG.debug("Configuring seed hypervisor host OS") playbooks = _build_playbook_list( - "ip-allocation", "ssh-known-host", "users", "dev-tools", "network", - "sysctl", "ntp", "seed-hypervisor-libvirt-host") + "ip-allocation", "ssh-known-host", "users", "yum", "dev-tools", + "network", "sysctl", "ntp", "seed-hypervisor-libvirt-host") self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed-hypervisor") @@ -320,6 +321,7 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin, * Configure a user account for use by kayobe for SSH access. * Optionally, wipe unmounted disk partitions (--wipe-disks). * Configure user accounts, group associations, and authorised SSH keys. + * Configure Yum repos. * Disable SELinux. * Configure the host's network interfaces. * Set sysctl parameters. @@ -353,8 +355,8 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin, if parsed_args.wipe_disks: playbooks += _build_playbook_list("wipe-disks") playbooks += _build_playbook_list( - "users", "dev-tools", "disable-selinux", "network", "sysctl", - "ip-routing", "snat", "disable-glean", "ntp", "lvm") + "users", "yum", "dev-tools", "disable-selinux", "network", + "sysctl", "ip-routing", "snat", "disable-glean", "ntp", "lvm") self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed") playbooks = _build_playbook_list("kolla-ansible") self.run_kayobe_playbooks(parsed_args, playbooks, tags="config") @@ -555,6 +557,7 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin, * Configure a user account for use by kayobe for SSH access. * Optionally, wipe unmounted disk partitions (--wipe-disks). * Configure user accounts, group associations, and authorised SSH keys. + * Configure Yum repos. * Disable SELinux. * Configure the host's network interfaces. * Set sysctl parameters. @@ -588,8 +591,8 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin, if parsed_args.wipe_disks: playbooks += _build_playbook_list("wipe-disks") playbooks += _build_playbook_list( - "users", "dev-tools", "disable-selinux", "network", "sysctl", - "disable-glean", "ntp", "lvm") + "users", "yum", "dev-tools", "disable-selinux", "network", + "sysctl", "disable-glean", "ntp", "lvm") self.run_kayobe_playbooks(parsed_args, playbooks, limit="overcloud") playbooks = _build_playbook_list("kolla-ansible") self.run_kayobe_playbooks(parsed_args, playbooks, tags="config")