kolla-ansible/ansible/roles/neutron/tasks/config.yml
Michal Nasiadka 7fcf3ca30b neutron: add ssh key
This key can be used by users in networking-generic-switch
scenario instead of adding cleartext password in ml2_conf.ini.

Change-Id: I10003e6526a55a97f22678ab81c411e4645c5157
2022-03-30 07:28:37 +00:00

484 lines
15 KiB
YAML

---
- name: Ensuring config directories exist
become: true
file:
path: "{{ node_config_directory }}/{{ item.key }}"
state: "directory"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
when:
- item.value.enabled | bool
- item.value.host_in_groups | bool
with_dict: "{{ neutron_services }}"
- name: Check if extra ml2 plugins exists
find:
path: "{{ node_custom_config }}/neutron/plugins/"
delegate_to: localhost
run_once: True
changed_when: False
register: check_extra_ml2_plugins
- include_tasks: copy-certs.yml
when:
- kolla_copy_ca_into_containers | bool or neutron_enable_tls_backend | bool
- name: Creating TLS backend PEM File
vars:
neutron_tls_proxy: "{{ neutron_services['neutron-tls-proxy'] }}"
assemble:
src: "{{ node_config_directory }}/neutron-tls-proxy/"
dest: "{{ node_config_directory }}/neutron-tls-proxy/neutron-cert-and-key.pem"
mode: "0660"
regexp: "^neutron-(cert|key)\\.pem$"
remote_src: true
become: true
when:
- neutron_tls_proxy.enabled | bool
- neutron_tls_proxy.host_in_groups | bool
- name: Check if policies shall be overwritten
stat:
path: "{{ item }}"
delegate_to: localhost
run_once: True
register: neutron_policy
with_first_found:
- files: "{{ supported_policy_format_list }}"
paths:
- "{{ node_custom_config }}/neutron/"
skip: true
- name: Set neutron policy file
set_fact:
neutron_policy_file: "{{ neutron_policy.results.0.stat.path | basename }}"
neutron_policy_file_path: "{{ neutron_policy.results.0.stat.path }}"
when:
- neutron_policy.results
- name: Copying over existing policy file
template:
src: "{{ neutron_policy_file_path }}"
dest: "{{ node_config_directory }}/{{ item.key }}/{{ neutron_policy_file }}"
mode: "0660"
become: true
when:
- neutron_policy_file is defined
- item.value.enabled | bool
- item.value.host_in_groups | bool
with_dict: "{{ neutron_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services
become: true
template:
src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
mode: "0660"
when:
- item.value.enabled | bool
- item.value.host_in_groups | bool
with_dict: "{{ neutron_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over neutron.conf
become: true
vars:
service_name: "{{ item.key }}"
services_need_neutron_conf:
- "ironic-neutron-agent"
- "neutron-dhcp-agent"
- "neutron-l3-agent"
- "neutron-linuxbridge-agent"
- "neutron-metadata-agent"
- "neutron-ovn-metadata-agent"
- "neutron-metering-agent"
- "neutron-openvswitch-agent"
- "neutron-server"
- "neutron-bgp-dragent"
- "neutron-infoblox-ipam-agent"
- "neutron-sriov-agent"
- "neutron-mlnx-agent"
- "neutron-eswitchd"
merge_configs:
sources:
- "{{ role_path }}/templates/neutron.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/neutron.conf"
- "{{ node_custom_config }}/neutron/{{ item.key }}.conf"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/neutron.conf"
dest: "{{ node_config_directory }}/{{ item.key }}/neutron.conf"
mode: "0660"
when:
- item.value.enabled | bool
- item.value.host_in_groups | bool
- item.key in services_need_neutron_conf
with_dict: "{{ neutron_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over neutron_vpnaas.conf
become: true
vars:
service_name: "{{ item.key }}"
services_need_neutron_vpnaas_conf:
- "neutron-server"
- "neutron-l3-agent"
merge_configs:
sources:
- "{{ role_path }}/templates/neutron_vpnaas.conf.j2"
- "{{ node_custom_config }}/neutron/neutron_vpnaas.conf"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/neutron_vpnaas.conf"
dest: "{{ node_config_directory }}/{{ item.key }}/neutron_vpnaas.conf"
mode: "0660"
when:
- item.value.enabled | bool
- item.value.host_in_groups | bool
- item.key in services_need_neutron_vpnaas_conf
with_dict: "{{ neutron_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over ssh key
become: true
vars:
neutron_server: "{{ neutron_services['neutron-server'] }}"
template:
src: "id_rsa"
dest: "{{ node_config_directory }}/neutron-server/id_rsa"
mode: 0600
when:
- neutron_server.enabled | bool
- neutron_server.host_in_groups | bool
- name: Copying over ml2_conf.ini
become: true
vars:
service_name: "{{ item.key }}"
services_need_ml2_conf_ini:
- "neutron-infoblox-ipam-agent"
- "neutron-server"
merge_configs:
sources:
- "{{ role_path }}/templates/ml2_conf.ini.j2"
- "{{ node_custom_config }}/neutron/ml2_conf.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/ml2_conf.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/ml2_conf.ini"
mode: "0660"
when:
- item.key in services_need_ml2_conf_ini
- item.value.enabled | bool
- item.value.host_in_groups | bool
with_dict: "{{ neutron_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over linuxbridge_agent.ini
become: true
vars:
service_name: "neutron-linuxbridge-agent"
merge_configs:
sources:
- "{{ role_path }}/templates/linuxbridge_agent.ini.j2"
- "{{ node_custom_config }}/neutron/linuxbridge_agent.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/linuxbridge_agent.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/linuxbridge_agent.ini"
mode: "0660"
when:
- neutron_services[service_name].enabled | bool
- neutron_services[service_name].host_in_groups | bool
notify:
- "Restart {{ service_name }} container"
- name: Copying over openvswitch_agent.ini
become: true
vars:
service_name: "neutron-openvswitch-agent"
merge_configs:
sources:
- "{{ role_path }}/templates/openvswitch_agent.ini.j2"
- "{{ node_custom_config }}/neutron/openvswitch_agent.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/openvswitch_agent.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/openvswitch_agent.ini"
mode: "0660"
when:
- neutron_services[service_name].enabled | bool
- neutron_services[service_name].host_in_groups | bool
notify:
- "Restart {{ service_name }} container"
- name: Copying over sriov_agent.ini
become: true
vars:
service_name: "neutron-sriov-agent"
neutron_sriov_agent: "{{ neutron_services[service_name] }}"
merge_configs:
sources:
- "{{ role_path }}/templates/sriov_agent.ini.j2"
- "{{ node_custom_config }}/neutron/sriov_agent.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/sriov_agent.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/sriov_agent.ini"
mode: "0660"
when:
- neutron_sriov_agent.enabled | bool
- neutron_sriov_agent.host_in_groups | bool
notify:
- "Restart {{ service_name }} container"
- name: Copying over mlnx_agent.ini
become: true
vars:
service_name: "neutron-mlnx-agent"
neutron_mlnx_agent: "{{ neutron_services[service_name] }}"
merge_configs:
sources:
- "{{ role_path }}/templates/mlnx_agent.ini.j2"
- "{{ node_custom_config }}/neutron/mlnx_agent.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/mlnx_agent.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/mlnx_agent.ini"
mode: "0660"
when:
- neutron_mlnx_agent.enabled | bool
- neutron_mlnx_agent.host_in_groups | bool
notify:
- "Restart {{ service_name }} container"
- name: Copying over eswitchd.conf
become: true
vars:
service_name: "neutron-eswitchd"
neutron_eswitchd: "{{ neutron_services[service_name] }}"
merge_configs:
sources:
- "{{ role_path }}/templates/eswitchd.conf.j2"
- "{{ node_custom_config }}/neutron/eswitchd.conf"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/eswitchd.conf"
dest: "{{ node_config_directory }}/{{ service_name }}/eswitchd.conf"
mode: "0660"
when:
- neutron_eswitchd.enabled | bool
- neutron_eswitchd.host_in_groups | bool
notify:
- "Restart {{ service_name }} container"
- name: Copying over dhcp_agent.ini
become: true
vars:
service_name: "neutron-dhcp-agent"
neutron_dhcp_agent: "{{ neutron_services[service_name] }}"
merge_configs:
sources:
- "{{ role_path }}/templates/dhcp_agent.ini.j2"
- "{{ node_custom_config }}/neutron/dhcp_agent.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/dhcp_agent.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/dhcp_agent.ini"
mode: "0660"
when:
- neutron_dhcp_agent.enabled | bool
- neutron_dhcp_agent.host_in_groups | bool
notify:
- "Restart {{ service_name }} container"
- name: Copying over dnsmasq.conf
become: true
vars:
service_name: "neutron-dhcp-agent"
neutron_dhcp_agent: "{{ neutron_services[service_name] }}"
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/{{ service_name }}/dnsmasq.conf"
mode: "0660"
with_first_found:
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/dnsmasq.conf"
- "{{ node_custom_config }}/neutron/dnsmasq.conf"
- "dnsmasq.conf.j2"
when:
- neutron_dhcp_agent.enabled | bool
- neutron_dhcp_agent.host_in_groups | bool
notify:
- "Restart {{ service_name }} container"
- name: Copying over l3_agent.ini
become: true
vars:
service_name: "{{ item.key }}"
services_need_l3_agent_ini:
- "neutron-l3-agent"
merge_configs:
sources:
- "{{ role_path }}/templates/l3_agent.ini.j2"
- "{{ node_custom_config }}/neutron/l3_agent.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/l3_agent.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/l3_agent.ini"
mode: "0660"
when:
- item.key in services_need_l3_agent_ini
- item.value.enabled | bool
- item.value.host_in_groups | bool
with_dict: "{{ neutron_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over metadata_agent.ini
become: true
vars:
service_name: "neutron-metadata-agent"
neutron_metadata_agent: "{{ neutron_services[service_name] }}"
merge_configs:
sources:
- "{{ role_path }}/templates/metadata_agent.ini.j2"
- "{{ node_custom_config }}/neutron/metadata_agent.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/metadata_agent.ini"
mode: "0660"
when:
- neutron_metadata_agent.enabled | bool
- neutron_metadata_agent.host_in_groups | bool
notify:
- "Restart {{ service_name }} container"
- name: Copying over neutron_ovn_metadata_agent.ini
become: true
vars:
service_name: "neutron-ovn-metadata-agent"
neutron_ovn_metadata_agent: "{{ neutron_services[service_name] }}"
merge_configs:
sources:
- "{{ role_path }}/templates/neutron_ovn_metadata_agent.ini.j2"
- "{{ node_custom_config }}/neutron/neutron_ovn_metadata_agent.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/neutron_ovn_metadata_agent.ini"
mode: "0660"
when:
- neutron_ovn_metadata_agent.enabled | bool
- neutron_ovn_metadata_agent.host_in_groups | bool
notify:
- "Restart {{ service_name }} container"
- name: Copying over metering_agent.ini
become: true
vars:
service_name: "neutron-metering-agent"
neutron_metering_agent: "{{ neutron_services[service_name] }}"
merge_configs:
sources:
- "{{ role_path }}/templates/metering_agent.ini.j2"
- "{{ node_custom_config }}/neutron/metering_agent.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/metering_agent.ini"
mode: "0660"
when:
- neutron_metering_agent.enabled | bool
- neutron_metering_agent.host_in_groups | bool
notify:
- "Restart {{ service_name }} container"
- name: Copying over ironic_neutron_agent.ini
become: true
vars:
service_name: "ironic-neutron-agent"
ironic_neutron_agent: "{{ neutron_services[service_name] }}"
merge_configs:
sources:
- "{{ role_path }}/templates/ironic_neutron_agent.ini.j2"
- "{{ node_custom_config }}/neutron/ironic_neutron_agent.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/ironic_neutron_agent.ini"
mode: "0660"
when:
- ironic_neutron_agent.enabled | bool
- ironic_neutron_agent.host_in_groups | bool
notify:
- "Restart {{ service_name }} container"
- name: Copying over bgp_dragent.ini
become: true
vars:
service_name: "neutron-bgp-dragent"
neutron_bgp_dragent: "{{ neutron_services[service_name] }}"
merge_configs:
sources:
- "{{ role_path }}/templates/bgp_dragent.ini.j2"
- "{{ node_custom_config }}/neutron/bgp_dragent.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/bgp_dragent.ini"
mode: "0660"
when:
- neutron_bgp_dragent.enabled | bool
- neutron_bgp_dragent.host_in_groups | bool
notify:
- "Restart {{ service_name }} container"
- name: Copying over nsx.ini
become: true
vars:
service_name: "neutron-server"
neutron_server: "{{ neutron_services[service_name] }}"
merge_configs:
sources:
- "{{ role_path }}/templates/nsx.ini.j2"
- "{{ node_custom_config }}/neutron/nsx.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/nsx.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/nsx.ini"
mode: "0660"
when:
- neutron_server.enabled | bool
- neutron_server.host_in_groups | bool
- neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_nsxp', 'vmware_dvs']
notify:
- "Restart {{ service_name }} container"
- name: Copy neutron-l3-agent-wrapper script
become: true
vars:
service_name: "neutron-l3-agent"
service: "{{ neutron_services[service_name] }}"
template:
src: neutron-l3-agent-wrapper.sh.j2
dest: "{{ node_config_directory }}/{{ service_name }}/neutron-l3-agent-wrapper.sh"
mode: "0770"
when:
- service.enabled | bool
- service.host_in_groups | bool
notify:
- "Restart {{ service_name }} container"
- name: Copying over extra ml2 plugins
become: true
vars:
service_name: "{{ item.0 }}"
services_need_ml2_conf_ini:
- "neutron-linuxbridge-agent"
- "neutron-openvswitch-agent"
- "neutron-server"
template:
src: "{{ item.2.path }}"
dest: "{{ node_config_directory }}/{{ service_name }}/{{ item.2.path | basename }}"
mode: "0660"
when:
- item.2 is defined
- item.1.enabled | bool
- item.1.host_in_groups | bool
- service_name in services_need_ml2_conf_ini
with_nested:
- "{{ neutron_services | dictsort }}"
- "{{ check_extra_ml2_plugins.files }}"
notify:
- "Restart {{ item.0 }} container"
- name: Copying over neutron-tls-proxy.cfg
vars:
neutron_tls_proxy: "{{ neutron_services['neutron-tls-proxy'] }}"
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/neutron-tls-proxy/neutron-tls-proxy.cfg"
mode: "0660"
become: true
with_first_found:
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/neutron-tls-proxy.cfg"
- "{{ node_custom_config }}/neutron/neutron-tls-proxy.cfg"
- "neutron-tls-proxy.cfg.j2"
when:
- neutron_tls_proxy.enabled | bool
- neutron_tls_proxy.host_in_groups | bool
notify:
- Restart neutron-tls-proxy container