Merge branch 'master' into net-connectivity
This commit is contained in:
commit
76ece0ee65
3
ansible/group_vars/all/yum
Normal file
3
ansible/group_vars/all/yum
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
yum_use_local_mirror: false
|
@ -78,7 +78,9 @@
|
|||||||
- "{{ find_src_result.results }}"
|
- "{{ find_src_result.results }}"
|
||||||
- files
|
- files
|
||||||
- skip_missing: True
|
- skip_missing: True
|
||||||
when: item.0.item.enabled | bool
|
when:
|
||||||
|
- item.0.item.enabled | bool
|
||||||
|
- item.1.path | basename not in item.0.item.ignore | default([])
|
||||||
|
|
||||||
- name: Ensure unnecessary extra configuration files are absent
|
- name: Ensure unnecessary extra configuration files are absent
|
||||||
file:
|
file:
|
||||||
|
@ -5,8 +5,9 @@
|
|||||||
# dest: Path to directory in which generated files will be created.
|
# dest: Path to directory in which generated files will be created.
|
||||||
# patterns: One or more file name patterns to match.
|
# patterns: One or more file name patterns to match.
|
||||||
# enabled: Whether these files should be templated.
|
# enabled: Whether these files should be templated.
|
||||||
# ignore: Optional list of files to leave in the destination, even if disabled
|
# ignore: Optional list of files to ignore. These files will not be copied to
|
||||||
# or unexpected.
|
# the destination, and will not be removed from the destination, even
|
||||||
|
# if disabled or unexpected.
|
||||||
kolla_openstack_custom_config:
|
kolla_openstack_custom_config:
|
||||||
# Ceph.
|
# Ceph.
|
||||||
- src: "{{ kolla_extra_config_path }}/ceph"
|
- src: "{{ kolla_extra_config_path }}/ceph"
|
||||||
|
@ -10,7 +10,7 @@ nodeexporter_services:
|
|||||||
container_name: nodeexporter
|
container_name: nodeexporter
|
||||||
enabled: "{{ nodeexporter_enabled }}"
|
enabled: "{{ nodeexporter_enabled }}"
|
||||||
image: "{{ nodeexporter_image_full }}"
|
image: "{{ nodeexporter_image_full }}"
|
||||||
command: /bin/node_exporter --collector.procfs=/host/proc --collector.sysfs=/host/sys --collector.filesystem.ignored-mount-points "^/(sys|proc|dev|host|etc)($|/)"
|
command: --collector.procfs=/host/proc --collector.sysfs=/host/sys --collector.filesystem.ignored-mount-points "^/(sys|proc|dev|host|etc)($|/)"
|
||||||
privileged: True
|
privileged: True
|
||||||
read_only: True
|
read_only: True
|
||||||
volumes:
|
volumes:
|
||||||
|
4
ansible/roles/yum-cron/defaults/main.yml
Normal file
4
ansible/roles/yum-cron/defaults/main.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
yum_cron_enabled: false
|
||||||
|
yum_cron_update_cmd: 'security'
|
7
ansible/roles/yum-cron/handlers/main.yml
Normal file
7
ansible/roles/yum-cron/handlers/main.yml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Restart yum-cron
|
||||||
|
service:
|
||||||
|
name: yum-cron
|
||||||
|
state: restarted
|
||||||
|
become: True
|
36
ansible/roles/yum-cron/tasks/main.yml
Normal file
36
ansible/roles/yum-cron/tasks/main.yml
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Yum | Install yum-cron (CentOS)
|
||||||
|
yum:
|
||||||
|
name: yum-cron
|
||||||
|
state: present
|
||||||
|
when: yum_cron_enabled
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: Replace | Enable update applying for yum-cron (CentOS)
|
||||||
|
replace:
|
||||||
|
dest: /etc/yum/yum-cron.conf
|
||||||
|
regexp: "^apply_updates = no"
|
||||||
|
replace: "apply_updates = yes"
|
||||||
|
when: yum_cron_enabled
|
||||||
|
notify:
|
||||||
|
- Restart yum-cron
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: Replace | Enable update applying for yum-cron (CentOS)
|
||||||
|
replace:
|
||||||
|
dest: /etc/yum/yum-cron.conf
|
||||||
|
regexp: "^update_cmd = .*$"
|
||||||
|
replace: "update_cmd = {{ yum_cron_update_cmd }}"
|
||||||
|
when: yum_cron_enabled
|
||||||
|
notify:
|
||||||
|
- Restart yum-cron
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: Service | Enable yum-cron (CentOS)
|
||||||
|
service:
|
||||||
|
name: yum-cron
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
when: yum_cron_enabled
|
||||||
|
become: True
|
12
ansible/roles/yum/defaults/main.yml
Normal file
12
ansible/roles/yum/defaults/main.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
# Whether or not to use a local Yum mirror.
|
||||||
|
yum_use_local_mirror: false
|
||||||
|
# Mirror FQDN for Yum repos.
|
||||||
|
yum_centos_mirror_host: 'mirror.centos.org'
|
||||||
|
# Mirror directory for Yum CentOS repos.
|
||||||
|
yum_centos_mirror_directory: 'centos'
|
||||||
|
# Mirror FQDN for Yum EPEL repos.
|
||||||
|
yum_epel_mirror_host: 'download.fedoraproject.org'
|
||||||
|
# Mirror directory for Yum EPEL repos.
|
||||||
|
yum_epel_mirror_directory: 'pub/epel'
|
6
ansible/roles/yum/tasks/main.yml
Normal file
6
ansible/roles/yum/tasks/main.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- include: redhat.yml
|
||||||
|
when:
|
||||||
|
- ansible_os_family == "RedHat"
|
||||||
|
- yum_use_local_mirror
|
44
ansible/roles/yum/tasks/redhat.yml
Normal file
44
ansible/roles/yum/tasks/redhat.yml
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Replace | Disable YUM fastestmirror plugin (CentOS)
|
||||||
|
replace:
|
||||||
|
dest: /etc/yum/pluginconf.d/fastestmirror.conf
|
||||||
|
regexp: "enabled=1"
|
||||||
|
replace: "enabled=0"
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: Template | Copy CentOS repo templates (CentOS)
|
||||||
|
template:
|
||||||
|
src: CentOS-Base.repo.j2
|
||||||
|
dest: /etc/yum.repos.d/CentOS-Base.repo
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0664
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: Yum | Update cache (CentOS)
|
||||||
|
yum:
|
||||||
|
name: '*'
|
||||||
|
update_cache: yes
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: Yum | Install epel-release (CentOS)
|
||||||
|
yum:
|
||||||
|
name: epel-release
|
||||||
|
state: installed
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: Template | Copy EPEL repo templates (CentOS)
|
||||||
|
template:
|
||||||
|
src: epel.repo.j2
|
||||||
|
dest: /etc/yum.repos.d/epel.repo
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0664
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: Yum | Update cache (CentOS)
|
||||||
|
yum:
|
||||||
|
name: '*'
|
||||||
|
update_cache: yes
|
||||||
|
become: True
|
43
ansible/roles/yum/templates/CentOS-Base.repo.j2
Normal file
43
ansible/roles/yum/templates/CentOS-Base.repo.j2
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
# CentOS-Base.repo
|
||||||
|
#
|
||||||
|
# The mirror system uses the connecting IP address of the client and the
|
||||||
|
# update status of each mirror to pick mirrors that are updated to and
|
||||||
|
# geographically close to the client. You should use this for CentOS updates
|
||||||
|
# unless you are manually picking other mirrors.
|
||||||
|
#
|
||||||
|
# If the mirrorlist= does not work for you, as a fall back you can try the
|
||||||
|
# remarked out baseurl= line instead.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
[base]
|
||||||
|
name=CentOS-$releasever - Base
|
||||||
|
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
|
||||||
|
baseurl=http://{{ yum_centos_mirror_host }}/{{ yum_centos_mirror_directory }}/$releasever/os/$basearch/
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
|
||||||
|
|
||||||
|
#released updates
|
||||||
|
[updates]
|
||||||
|
name=CentOS-$releasever - Updates
|
||||||
|
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
|
||||||
|
baseurl=http://{{ yum_centos_mirror_host }}/{{ yum_centos_mirror_directory }}/$releasever/updates/$basearch/
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
|
||||||
|
|
||||||
|
#additional packages that may be useful
|
||||||
|
[extras]
|
||||||
|
name=CentOS-$releasever - Extras
|
||||||
|
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
|
||||||
|
baseurl=http://{{ yum_centos_mirror_host }}/{{ yum_centos_mirror_directory }}/$releasever/extras/$basearch/
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
|
||||||
|
|
||||||
|
#additional packages that extend functionality of existing packages
|
||||||
|
[centosplus]
|
||||||
|
name=CentOS-$releasever - Plus
|
||||||
|
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
|
||||||
|
baseurl=http://{{ yum_centos_mirror_host }}/{{ yum_centos_mirror_directory }}/$releasever/centosplus/$basearch/
|
||||||
|
gpgcheck=1
|
||||||
|
enabled=0
|
||||||
|
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
|
26
ansible/roles/yum/templates/epel.repo.j2
Normal file
26
ansible/roles/yum/templates/epel.repo.j2
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
[epel]
|
||||||
|
name=Extra Packages for Enterprise Linux 7 - $basearch
|
||||||
|
baseurl=http://{{ yum_epel_mirror_host }}/{{ yum_epel_mirror_directory }}/7/$basearch
|
||||||
|
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
|
||||||
|
failovermethod=priority
|
||||||
|
enabled=1
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
|
||||||
|
|
||||||
|
[epel-debuginfo]
|
||||||
|
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
|
||||||
|
baseurl=http://{{ yum_epel_mirror_host }}/{{ yum_epel_mirror_directory }}/7/$basearch/debug
|
||||||
|
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
|
||||||
|
failovermethod=priority
|
||||||
|
enabled=0
|
||||||
|
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
|
||||||
|
gpgcheck=1
|
||||||
|
|
||||||
|
[epel-source]
|
||||||
|
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
|
||||||
|
baseurl=http://{{ yum_epel_mirror_host }}/{{ yum_epel_mirror_directory }}/7/SRPMS
|
||||||
|
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
|
||||||
|
failovermethod=priority
|
||||||
|
enabled=0
|
||||||
|
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
|
||||||
|
gpgcheck=1
|
7
ansible/yum.yml
Normal file
7
ansible/yum.yml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Ensure Yum repos are configured
|
||||||
|
hosts: seed-hypervisor:seed:overcloud
|
||||||
|
roles:
|
||||||
|
- role: yum
|
||||||
|
- role: yum-cron
|
@ -17,6 +17,7 @@ Features
|
|||||||
* Adds support for configuration of custom fluentd filters, and additional
|
* Adds support for configuration of custom fluentd filters, and additional
|
||||||
config file templates for heat, ironic, keystone, magnum, murano, sahara, and
|
config file templates for heat, ironic, keystone, magnum, murano, sahara, and
|
||||||
swift in ``$KAYOBE_CONFIG_PATH/kolla/config/<component>/``.
|
swift in ``$KAYOBE_CONFIG_PATH/kolla/config/<component>/``.
|
||||||
|
* Adds support for specifying a local Yum mirror for package installation.
|
||||||
* Adds the command ``kayobe network connectivity check`` which can be used to
|
* Adds the command ``kayobe network connectivity check`` which can be used to
|
||||||
verify network connectivity in the cloud hosts.
|
verify network connectivity in the cloud hosts.
|
||||||
|
|
||||||
|
6
etc/kayobe/yum-cron.yml
Normal file
6
etc/kayobe/yum-cron.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
# Whether to enable Yum automatic updates.
|
||||||
|
#yum_cron_enabled: false
|
||||||
|
# Command to use for Yum automatic updates.
|
||||||
|
#yum_cron_update_cmd: 'security'
|
12
etc/kayobe/yum.yml
Normal file
12
etc/kayobe/yum.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
# Whether or not to use a local Yum mirror.
|
||||||
|
#yum_use_local_mirror: false
|
||||||
|
# Mirror FQDN for Yum repos.
|
||||||
|
#yum_centos_mirror_host: 'mirror.centos.org'
|
||||||
|
# Mirror directory for Yum CentOS repos.
|
||||||
|
#yum_centos_mirror_directory: 'centos'
|
||||||
|
# Mirror FQDN for Yum EPEL repos.
|
||||||
|
#yum_epel_mirror_host: 'download.fedoraproject.org'
|
||||||
|
# Mirror directory for Yum EPEL repos.
|
||||||
|
#yum_epel_mirror_directory: 'pub/epel'
|
@ -264,6 +264,7 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
|
|||||||
* Allocate IP addresses for all configured networks.
|
* Allocate IP addresses for all configured networks.
|
||||||
* Add the host to SSH known hosts.
|
* Add the host to SSH known hosts.
|
||||||
* Configure user accounts, group associations, and authorised SSH keys.
|
* Configure user accounts, group associations, and authorised SSH keys.
|
||||||
|
* Configure Yum repos.
|
||||||
* Configure the host's network interfaces.
|
* Configure the host's network interfaces.
|
||||||
* Set sysctl parameters.
|
* Set sysctl parameters.
|
||||||
* Configure NTP.
|
* Configure NTP.
|
||||||
@ -273,8 +274,8 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
|
|||||||
def take_action(self, parsed_args):
|
def take_action(self, parsed_args):
|
||||||
self.app.LOG.debug("Configuring seed hypervisor host OS")
|
self.app.LOG.debug("Configuring seed hypervisor host OS")
|
||||||
playbooks = _build_playbook_list(
|
playbooks = _build_playbook_list(
|
||||||
"ip-allocation", "ssh-known-host", "users", "dev-tools", "network",
|
"ip-allocation", "ssh-known-host", "users", "yum", "dev-tools",
|
||||||
"sysctl", "ntp", "seed-hypervisor-libvirt-host")
|
"network", "sysctl", "ntp", "seed-hypervisor-libvirt-host")
|
||||||
self.run_kayobe_playbooks(parsed_args, playbooks,
|
self.run_kayobe_playbooks(parsed_args, playbooks,
|
||||||
limit="seed-hypervisor")
|
limit="seed-hypervisor")
|
||||||
|
|
||||||
@ -320,6 +321,7 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
|
|||||||
* Configure a user account for use by kayobe for SSH access.
|
* Configure a user account for use by kayobe for SSH access.
|
||||||
* Optionally, wipe unmounted disk partitions (--wipe-disks).
|
* Optionally, wipe unmounted disk partitions (--wipe-disks).
|
||||||
* Configure user accounts, group associations, and authorised SSH keys.
|
* Configure user accounts, group associations, and authorised SSH keys.
|
||||||
|
* Configure Yum repos.
|
||||||
* Disable SELinux.
|
* Disable SELinux.
|
||||||
* Configure the host's network interfaces.
|
* Configure the host's network interfaces.
|
||||||
* Set sysctl parameters.
|
* Set sysctl parameters.
|
||||||
@ -353,8 +355,8 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
|
|||||||
if parsed_args.wipe_disks:
|
if parsed_args.wipe_disks:
|
||||||
playbooks += _build_playbook_list("wipe-disks")
|
playbooks += _build_playbook_list("wipe-disks")
|
||||||
playbooks += _build_playbook_list(
|
playbooks += _build_playbook_list(
|
||||||
"users", "dev-tools", "disable-selinux", "network", "sysctl",
|
"users", "yum", "dev-tools", "disable-selinux", "network",
|
||||||
"ip-routing", "snat", "disable-glean", "ntp", "lvm")
|
"sysctl", "ip-routing", "snat", "disable-glean", "ntp", "lvm")
|
||||||
self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed")
|
self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed")
|
||||||
playbooks = _build_playbook_list("kolla-ansible")
|
playbooks = _build_playbook_list("kolla-ansible")
|
||||||
self.run_kayobe_playbooks(parsed_args, playbooks, tags="config")
|
self.run_kayobe_playbooks(parsed_args, playbooks, tags="config")
|
||||||
@ -555,6 +557,7 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
|
|||||||
* Configure a user account for use by kayobe for SSH access.
|
* Configure a user account for use by kayobe for SSH access.
|
||||||
* Optionally, wipe unmounted disk partitions (--wipe-disks).
|
* Optionally, wipe unmounted disk partitions (--wipe-disks).
|
||||||
* Configure user accounts, group associations, and authorised SSH keys.
|
* Configure user accounts, group associations, and authorised SSH keys.
|
||||||
|
* Configure Yum repos.
|
||||||
* Disable SELinux.
|
* Disable SELinux.
|
||||||
* Configure the host's network interfaces.
|
* Configure the host's network interfaces.
|
||||||
* Set sysctl parameters.
|
* Set sysctl parameters.
|
||||||
@ -588,8 +591,8 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
|
|||||||
if parsed_args.wipe_disks:
|
if parsed_args.wipe_disks:
|
||||||
playbooks += _build_playbook_list("wipe-disks")
|
playbooks += _build_playbook_list("wipe-disks")
|
||||||
playbooks += _build_playbook_list(
|
playbooks += _build_playbook_list(
|
||||||
"users", "dev-tools", "disable-selinux", "network", "sysctl",
|
"users", "yum", "dev-tools", "disable-selinux", "network",
|
||||||
"disable-glean", "ntp", "lvm")
|
"sysctl", "disable-glean", "ntp", "lvm")
|
||||||
self.run_kayobe_playbooks(parsed_args, playbooks, limit="overcloud")
|
self.run_kayobe_playbooks(parsed_args, playbooks, limit="overcloud")
|
||||||
playbooks = _build_playbook_list("kolla-ansible")
|
playbooks = _build_playbook_list("kolla-ansible")
|
||||||
self.run_kayobe_playbooks(parsed_args, playbooks, tags="config")
|
self.run_kayobe_playbooks(parsed_args, playbooks, tags="config")
|
||||||
|
Loading…
Reference in New Issue
Block a user