kayobe/ansible/kolla-ansible.yml
Mark Goddard c9f8d80ba6 Stop using kolla-ansible bootstrap-servers
The 'kayobe * host configure' commands no longer use the 'kolla-ansible
bootstrap-servers' command, and associated 'baremetal' role in Kolla
Ansible. The functionality provided by the 'baremetal' role has been
extracted into the openstack.kolla Ansible collection, and split
into separate roles. This allows Kayobe to use it directly, and only the
necessary parts.

This change improves failure handling in these Kayobe commands, and aims
to reduce confusion over which '--limit' and '--tags' arguments to
provide.  This ensures that if a host fails during a host configuration
command, other hosts are able to continue to completion. Previously, if
any host failed during the Kayobe playbooks, the 'kolla-ansible
bootstrap-servers' command would not run. This is useful at scale, where
host failures occur more frequently.

This change has implications for configuration of Kayobe, since some
variables that were previously in Kolla Ansible are now in Kayobe.

Several parts of the baremetal role have been split out and used here:

* apparmor-libvirt: disable AppArmor rules for libvirt on Ubuntu.
* docker: Docker installation & configuration. The docker role in
  openstack.kolla combines functionality from kolla-ansible and kayobe.
* etc-hosts: it proved difficult to generalise this, so we have some
  almost duplicated the code from kolla-ansible here. Requires delegated
  fact gathering for the case when --limit is used.
* firewall: support to disable UFW, for feature parity.
* kolla-packages: miscellaneous package installs & removals.

The addition of the stack user to the docker group has been moved to the
user bootstrapping playbook, and the docker SDK installation has been
moved to the virtualenv setup playbook.

Depends-On: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/829587

Story: 2009854
Task: 44505

Change-Id: I61a61ca59652b13687c2247d5881012b51f666a7
2023-03-30 13:52:54 +00:00

227 lines
9.7 KiB
YAML

---
- name: Gather facts for localhost
hosts: localhost
gather_facts: true
tags: always
- name: Validate configuration options for kolla-ansible
hosts: localhost
tags:
- kolla-ansible
- config-validation
tasks:
- name: Validate serial console configuration
block:
- name: Check ipmitool-socat is in kolla_ironic_enabled_console_interfaces
assert:
that:
- kolla_ironic_enabled_console_interfaces is defined
- "'ipmitool-socat' in kolla_ironic_enabled_console_interfaces"
fail_msg: >
kolla_ironic_enabled_console_interfaces must contain ipmitool-socat if you set
ironic_serial_console_autoenable to true
when: ironic_serial_console_autoenable | bool
- name: Ensure Kolla Ansible is configured
hosts: localhost
tags:
- kolla-ansible
gather_facts: false
pre_tasks:
- block:
- name: Look for environment file in Kolla configuration path
stat:
path: "{{ kolla_config_path ~ '/.environment' }}"
get_checksum: False
get_md5: False
mime: False
register: kolla_environment_file
- name: Flag that the Kolla configuration path has been used by another environment
vars:
kolla_environment: "{{ lookup('file', kolla_config_path ~ '/.environment') }}"
fail:
msg: >
The Kolla configuration path at {{ kolla_config_path }} was
already used by environment {{ kolla_environment }}. You should
clean up this directory, including the environment file located
at {{ kolla_config_path ~ '/.environment' }}, before running
Kayobe again.
when:
- kolla_environment_file.stat.exists
- kolla_environment != kayobe_environment
tags:
- config
# Configuration and validation of network host networking.
- name: Validate Kolla Ansible API address configuration
assert:
that:
- hostvars[inventory_hostname][item.var_name] is defined
- hostvars[inventory_hostname][item.var_name] | length > 0
fail_msg: >
The Kolla Ansible variable {{ item.var_name }}
({{ item.description }}) is invalid. Value:
"{{ hostvars[inventory_hostname][item.var_name] | default('<undefined>') }}".
when:
- groups['network'] | length > 0
- item.required | bool
with_items:
- var_name: "kolla_internal_vip_address"
description: "Internal API VIP address"
required: True
- var_name: "kolla_internal_fqdn"
description: "Internal API Fully Qualified Domain Name (FQDN)"
required: True
- var_name: "kolla_external_vip_address"
description: "external API VIP address"
required: "{{ public_net_name != internal_net_name }}"
- var_name: "kolla_external_fqdn"
description: "External API Fully Qualified Domain Name (FQDN)"
required: "{{ public_net_name != internal_net_name }}"
tags:
- config
- config-validation
- import_role:
name: kolla-ansible
vars:
kolla_ansible_install_epel: "{{ dnf_install_epel }}"
kolla_external_fqdn_cert: "{{ kolla_config_path }}/certificates/haproxy.pem"
kolla_internal_fqdn_cert: "{{ kolla_config_path }}/certificates/haproxy-internal.pem"
kolla_ansible_passwords_path: "{{ kayobe_env_config_path }}/kolla/passwords.yml"
kolla_overcloud_group_vars_path: "{{ kayobe_env_config_path }}/kolla/inventory/group_vars"
kolla_ansible_certificates_path: "{{ kayobe_env_config_path }}/kolla/certificates"
# NOTE: This differs from the default SELinux mode in kolla ansible,
# which is permissive. The justification for using this mode is twofold:
# 1. it avoids filling up the audit log
# 2. it avoids an issue seen when using diskimage-builder in the bifrost
# container.
# We could look at making the SELinux mode configurable in future.
kolla_selinux_state: disabled
kolla_inspector_dhcp_pool_start: "{{ inspection_net_name | net_inspection_allocation_pool_start }}"
kolla_inspector_dhcp_pool_end: "{{ inspection_net_name | net_inspection_allocation_pool_end }}"
kolla_inspector_netmask: "{{ inspection_net_name | net_mask }}"
kolla_inspector_default_gateway: "{{ inspection_net_name | net_inspection_gateway or inspection_net_name | net_gateway }}"
kolla_inspector_extra_kernel_options: "{{ inspector_extra_kernel_options }}"
kolla_libvirt_tls: "{{ compute_libvirt_enable_tls | bool }}"
kolla_enable_host_ntp: false
kolla_globals_paths_extra:
- "{{ kayobe_config_path }}"
- "{{ kayobe_env_config_path }}"
- name: Generate Kolla Ansible host vars for the seed host
hosts: seed
tags:
- config
- config-validation
- kolla-ansible
gather_facts: False
tasks:
- name: Set Kolla Ansible host variables
kolla_ansible_host_vars:
interfaces:
- var_name: "kolla_bifrost_network_interface"
description: "Bifrost provisioning network"
network: "{{ provision_oc_net_name }}"
required: True
# Strictly api_interface is not required but kolla-ansible currently
# references it in prechecks.
- var_name: "kolla_api_interface"
description: "Bifrost provisioning network"
network: "{{ provision_oc_net_name }}"
required: True
- import_role:
name: kolla-ansible-host-vars
vars:
kolla_ansible_pass_through_host_vars: "{{ kolla_seed_inventory_pass_through_host_vars }}"
kolla_ansible_pass_through_host_vars_map: "{{ kolla_seed_inventory_pass_through_host_vars_map }}"
kolla_ansible_inventory_path: "{{ kolla_config_path }}/inventory/seed"
- name: Generate Kolla Ansible host vars for overcloud hosts
hosts: overcloud
tags:
- config
- config-validation
- kolla-ansible
gather_facts: False
tasks:
- name: Set Kolla Ansible host variables
vars:
require_ironic_networks: >-
{{ kolla_enable_ironic | bool and
inventory_hostname in groups['controllers'] }}
ironic_networks:
- network: "{{ provision_wl_net_name }}"
required: "{{ require_ironic_networks }}"
- network: "{{ cleaning_net_name }}"
required: "{{ require_ironic_networks }}"
require_provider_networks: >-
{{ kolla_enable_neutron | bool and
(inventory_hostname in groups['network'] or
(kolla_enable_neutron_provider_networks | bool and inventory_hostname in groups['compute'])) }}
# This expression generates a list containing an item for each network
# in external_net_names, in the format required by the
# external_networks argument of the kolla_ansible_host_vars action
# plugin.
provider_networks: >-
{{ dict(external_net_names |
zip_longest([], fillvalue=require_provider_networks)) |
dict2items(key_name='network', value_name='required') }}
kolla_ansible_host_vars:
interfaces:
- var_name: "kolla_network_interface"
description: "Default network"
network: "{{ internal_net_name }}"
required: True
- var_name: "kolla_api_interface"
description: "API network"
network: "{{ internal_net_name }}"
required: True
- var_name: "kolla_storage_interface"
description: "Storage network"
network: "{{ storage_net_name }}"
required: False
- var_name: "kolla_cluster_interface"
description: "Cluster network"
network: "{{ storage_mgmt_net_name }}"
required: False
- var_name: "kolla_swift_storage_interface"
description: "Swift storage network"
network: "{{ swift_storage_net_name }}"
required: False
- var_name: "kolla_swift_replication_interface"
description: "Swift storage replication network"
network: "{{ swift_storage_replication_net_name }}"
required: False
- var_name: "kolla_provision_interface"
description: "Bare metal provisioning network"
network: "{{ provision_wl_net_name }}"
required: "{{ kolla_enable_ironic | bool and inventory_hostname in groups['controllers'] }}"
- var_name: "kolla_inspector_dnsmasq_interface"
description: "Bare metal introspection network"
network: "{{ inspection_net_name }}"
required: "{{ kolla_enable_ironic | bool and inventory_hostname in groups['controllers'] }}"
- var_name: "kolla_dns_interface"
description: "DNS network"
network: "{{ public_net_name }}"
required: False
- var_name: "kolla_tunnel_interface"
description: "Tunnel network"
network: "{{ tunnel_net_name }}"
required: False
- var_name: "kolla_external_vip_interface"
description: "External network"
network: "{{ public_net_name }}"
required: "{{ inventory_hostname in groups['network'] }}"
external_networks: "{{ ironic_networks + provider_networks }}"
- import_role:
name: kolla-ansible-host-vars
vars:
kolla_ansible_pass_through_host_vars: "{{ kolla_overcloud_inventory_pass_through_host_vars }}"
kolla_ansible_pass_through_host_vars_map: "{{ kolla_overcloud_inventory_pass_through_host_vars_map }}"
kolla_ansible_inventory_path: "{{ kolla_config_path }}/inventory/overcloud"