openstack/openstack-ansible-os_ironic
Code Issues Proposed changes

Initial commit

Browse Source
This commit is contained in:
Michael Davies 2015-11-26 22:18:44 +10:30
parent 67a52c760f
commit c578f230a0
22 changed files with 730 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
defaults/main.yml Normal file
View File

@ -0,0 +1,98 @@
---
# defaults file for os_ironic
# Verbosity Options
debug: False
verbose: True
# Name of the virtual env to deploy into
ironic_venv_tag: untagged
ironic_venv_bin: "/openstack/venvs/ironic-{{ ironic_venv_tag }}/bin"
# Set this to enable or disable installing in a venv
ironic_venv_enabled: True
# System info
ironic_system_user_name: ironic
ironic_system_group_name: ironic
ironic_system_shell: /bin/bash
ironic_system_comment: ironic system user
ironic_system_home_folder: "/var/lib/{{ ironic_system_user_name }}"
ironic_system_log_folder: "/var/log/{{ ironic_system_user_name }}"
# Ironic API
ironic_api_program_name: ironic-api
# Ironic Conductor
ironic_conductor_program_name: ironic-conductor
# Python Ironic Client
python_ironic_client_program_name: ironic
ironic_service_names:
- "{{ ironic_api_program_name }}"
- "{{ ironic_conductor_program_name }}"
# Database
ironic_database_user: ironic
ironic_database_database: ironic
ironic_database_address: localhost
ironic_database_password: gu1d0
# TBD(mrda): need to handle this a little better :)
database_root_user: root
database_root_password: sp4m3ggs
# If you want to regenerate the ironic users SSH keys, on each run, set this var to True
# Otherwise keys will be generated on the first run and not regenerated each run.
ironic_recreate_keys: False
ironic_bin: "{{ ironic_venv_bin }}"
ironic_service_name: ironic
ironic_common_apt_packages:
- python-dev
- python-pip
- git
ironic_conductor_apt_packages:
- libmysqlclient-dev
- libxml2-dev
- rabbitmq-server
- mysql-server
- isc-dhcp-server
- tftpd-hpa
- syslinux
- syslinux-common
- libxslt1-dev
- qemu-utils
- libpq-dev
- python-yaml
- open-iscsi
- ipmitool
ironic_pip_packages:
- virtualenvwrapper
- six
- tox
- mysql-python
- python_ironicclient
ironicclient_pip_packages:
- python_ironicclient
## Ironic service
ironic_git_repo: https://git.openstack.org/openstack/ironic
ironic_git_install_branch: c6e8e2a33c65b6269a0b1b4f5e63620c68bdc3fb # HEAD sha as of 13 Nov 2015
ironic_git_dest: "/opt/ironic_{{ ironic_git_install_branch | replace('/', '_') }}"
## python-ironicclient
python_ironicclient_git_repo: https://git.openstack.org/openstack/python-ironicclient
python_ironicclient_git_install_branch: b66f5e8dd60c023d6d216c3bbc5ec22d837623c3 # HEAD sha as of 13 Nov 2015
python_ironicclient_git_dest: "/opt/python-ironicclient_{{ python_ironicclient_git_install_branch | replace('/', '_') }}"

4
files/map-file Normal file
View File

@ -0,0 +1,4 @@
re ^(/tftpboot/) /tftpboot/\2
re ^/tftpboot/ /tftpboot/
re ^(^/) /tftpboot/\1
re ^([^/]) /tftpboot/\1

4
files/tftpd-hpa Normal file
View File

@ -0,0 +1,4 @@
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/tftpboot"
TFTP_ADDRESS="[::]:69"
TFTP_OPTIONS="-vvvv --map-file /tftpboot/map-file"

23
handlers/main.yml Normal file
View File

@ -0,0 +1,23 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Restart ironic services
service:
name: "{{ item }}"
state: restarted
pattern: "{{ item }}"
with_items: ironic_service_names
failed_when: false

21
local_install.sh Executable file
View File

@ -0,0 +1,21 @@
#!/bin/bash
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ROLE_NAME=$(basename $(pwd))
pushd tests
ansible-playbook -i inventory local_install.yml -e rolename=${ROLE_NAME}
popd

16
meta/main.yml Normal file
View File

@ -0,0 +1,16 @@
---
galaxy_info:
author: OpenStack
description: Baremetal provisioning for Openstack
company: OpenStack
license: Apache
min_ansible_version: 1.8
platforms:
- name: Ubuntu
versions:
- trusty
categories:
- cloud
- baremetal
- system
dependencies: []

22
run_tests.sh Executable file
View File

@ -0,0 +1,22 @@
#!/bin/bash
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ROLE_NAME=$(basename $(pwd))
pushd tests
ansible-playbook -i inventory --syntax-check --list-tasks test.yml -e rolename=${ROLE_NAME}
popd
ansible-lint */*yml

89
tasks/ironic_conductor_post_install.yml Normal file
View File

@ -0,0 +1,89 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Install apt packages
apt:
pkg: "{{ item }}"
state: latest
register: install_packages
until: install_packages|success
retries: 5
delay: 2
with_items: ironic_conductor_apt_packages
tags:
- ironic-install
- ironic-apt-packages
- name: Create /tftpboot
file:
path: "/tftpboot"
state: directory
owner: "{{ ironic_system_user_name }}"
group: "{{ ironic_system_group_name }}"
mode: "0755"
tags:
- tftpd-hpa
- name: Copy in tftpd-hpa config file
copy:
src: tftpd-hpa
dest: /etc/default/tftpd-hpa
notify:
- Restart tftpd-hpa
tags:
- tftpd-hpa
- name: Copy in tftpd-hpa map file
copy:
src: map-file
dest: /tftpboot/map-file
notify:
- Restart tftpd-hpa
tags:
- tftpd-hpa
- name: Check to see if pxlinux.0 is required
stat: path=/tftpboot/pxelinux.0
register: pxelinux_exists
tags:
- tftpd-hpa
- name: Check to see if chain.c32 is required
stat: path=/tftpboot/chain.c32
register: chain32_exists
tags:
- tftpd-hpa
- name: Check pxlinux.0 exists
stat: path=/usr/lib/syslinux/pxelinux.0
register: pxelinux_stat
when: not pxelinux_exists
tags:
- tftpd-hpa
- name: Copy syslinux pxlinux.0
command: cp /usr/lib/syslinux/pxelinux.0 /tftpboot/pxelinux.0
when: not pxelinux_exists and pxelinux_stat.stat.exists
tags:
- tftpd-hpa
- name: Copy syslinux chain.c32
command: cp /usr/lib/syslinux/chain.c32 /tftpboot/chain.c32
when: not chain32_exists and chain32_stat.stat.exists
tags:
- tftpd-hpa

52
tasks/ironic_db_setup.yml Normal file
View File

@ -0,0 +1,52 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create database for ironic
mysql_db:
#login_user: "{{ database_root_user }}"
#login_password: "{{ database_root_password }}"
#login_host: "{{ ironic_database_address }}"
name: "{{ ironic_database_database }}"
state: "present"
tags:
- ironic-db-setup
- name: Grant access to the DB
mysql_user:
#login_user: "{{ database_root_user }}"
#login_password: "{{ database_root_password }}"
#login_host: "{{ ironic_database_address }}"
name: "{{ ironic_database_user }}"
password: "{{ ironic_database_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ ironic_database_database }}.*:ALL"
with_items:
- "localhost"
- "%"
tags:
- ironic-db-setup
- name: Synchronize database schema
command: "{{ ironic_bin }}/ironic-dbsync upgrade"
sudo: yes
sudo_user: "{{ ironic_system_user_name }}"
notify:
- restart ironic-conductor
when: ironic_checkout.changed
tags:
- ironic-db-setup
- ironic-conductor

33
tasks/ironic_get_source.yml Normal file
View File

@ -0,0 +1,33 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: git clone ironic source code
git: repo=https://github.com/openstack/ironic.git
dest={{ ironic_git_dest }}
version={{ ironic_git_install_branch }}
update=no
register: ironic_checkout
tags:
- ironic-api
- ironic-conductor
- name: git clone python-ironicclient source code
git: repo=https://github.com/openstack/python-ironicclient.git
dest={{ python_ironicclient_git_dest }}
version={{ python_ironicclient_git_install_branch }}
update=no
register: python_ironicclient_checkout
tags:
- ironic-client

29
tasks/ironic_install.yml Normal file
View File

@ -0,0 +1,29 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Install Ironic (python system library)
when: ironic_checkout.changed and not ironic_venv_enabled
pip: name="file://{{ ironic_git_dest }}"
tags:
- ironic-api
- ironic-conductor
- name: Install Ironic (openstack venv)
when: ironic_checkout.changed and ironic_venv_enabled
pip: name="file://{{ ironic_git_dest }}" virtualenv="/openstack/venvs/ironic-{{ ironic_venv_tag }}"
tags:
- ironic-api
- ironic-conductor

125
tasks/ironic_pre_install.yml Normal file
View File

@ -0,0 +1,125 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: create the system group
group:
name: "{{ ironic_system_group_name }}"
state: "present"
system: "yes"
tags:
- ironic-api
- ironic-conductor
- name: Remove old key file(s) if found
file:
path: "{{ item }}"
state: "absent"
with_items:
- "{{ ironic_system_home_folder }}/.ssh/authorized_keys"
- "{{ ironic_system_home_folder }}/.ssh/id_rsa"
- "{{ ironic_system_home_folder }}/.ssh/id_rsa.pub"
when: ironic_recreate_keys | bool
tags:
- ironic-api
- ironic-conductor
- name: Create the ironic system user
user:
name: "{{ ironic_system_user_name }}"
group: "{{ ironic_system_group_name }}"
comment: "{{ ironic_system_comment }}"
shell: "{{ ironic_system_shell }}"
system: "yes"
createhome: "yes"
home: "{{ ironic_system_home_folder }}"
generate_ssh_key: "yes"
tags:
- ironic-api
- ironic-conductor
- name: Create ironic dir
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner|default(ironic_system_user_name) }}"
group: "{{ item.group|default(ironic_system_group_name) }}"
mode: "{{ item.mode|default('0755') }}"
with_items:
- { path: "/openstack", mode: "0755", owner: "root", group: "root" }
- { path: "/etc/ironic" }
- { path: "/etc/ironic/rootwrap.d" }
- { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" }
- { path: "/var/cache/ironic" }
- { path: "{{ ironic_system_home_folder }}" }
- { path: "{{ ironic_system_home_folder }}/.ssh", mode: "0700" }
- { path: "{{ ironic_system_home_folder }}/images" }
- { path: "{{ ironic_system_home_folder }}/master_images" }
- { path: "/var/lock/ironic" }
- { path: "/var/run/ironic" }
tags:
- ironic-api
- ironic-conductor
- name: Create ironic venv dir
file:
path: "{{ item.path }}"
state: directory
with_items:
- { path: "/openstack/venvs" }
- { path: "{{ ironic_venv_bin }}" }
when: ironic_venv_enabled | bool
tags:
- ironic-api
- ironic-conductor
- name: Test for log directory or link
shell: |
if [ -h "{{ ironic_system_log_folder }}" ]; then
chown -h {{ ironic_system_user_name }}:{{ ironic_system_group_name }} "{{ ironic_system_log_folder }}"
chown -R {{ ironic_system_user_name }}:{{ ironic_system_group_name }} "$(readlink {{ ironic_system_log_folder }} )"
else
exit 1
fi
register: log_dir
failed_when: false
changed_when: log_dir.rc != 0
tags:
- ironic-api
- ironic-conductor
- name: Create ironic log dir
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner|default(ironic_system_user_name) }}"
group: "{{ item.group|default(ironic_system_group_name) }}"
mode: "{{ item.mode|default('0755') }}"
with_items:
- { path: "{{ ironic_system_log_folder }}" }
when: log_dir.rc != 0
tags:
- ironic-api
- ironic-conductor
- name: Include sudoers file
template:
src: "sudoers.j2"
dest: "/etc/sudoers.d/{{ ironic_system_user_name }}_sudoers"
mode: "0440"
owner: "root"
group: "root"
tags:
- ironic-api
- ironic-conductor

46
tasks/ironic_upstart_common_init.yml Normal file
View File

@ -0,0 +1,46 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Place the init script
template:
src: "ironic-upstart-init.j2"
dest: "/etc/init/{{ program_name }}.conf"
mode: "0644"
owner: "root"
group: "root"
notify:
- Restart ironic services
tags:
- upstart-init
- ironic-init
- name: Reload init scripts
shell: |
initctl reload-configuration
notify:
- Restart ironic services
tags:
- upstart-init
- ironic-init
- name: Load service
service:
name: "{{ program_name }}"
enabled: "yes"
notify:
- Restart ironic services
tags:
- upstart-init
- ironic-init

35
tasks/ironic_upstart_init.yml Normal file
View File

@ -0,0 +1,35 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: ironic_upstart_common_init.yml
vars:
program_name: "{{ ironic_api_program_name }}"
service_name: "{{ ironic_service_name }}"
system_user: "{{ ironic_system_user_name }}"
system_group: "{{ ironic_system_group_name }}"
service_home: "{{ ironic_system_home_folder }}"
# TODO(mrda): define groups
# when: inventory_hostname in groups['ironic_api_metadata']
- include: ironic_upstart_common_init.yml
vars:
program_name: "{{ ironic_conductor_program_name }}"
service_name: "{{ ironic_service_name }}"
system_user: "{{ ironic_system_user_name }}"
system_group: "{{ ironic_system_group_name }}"
service_home: "{{ ironic_system_home_folder }}"
# TODO(mrda): define groups
# when: inventory_hostname in groups['ironic_cert']

23
tasks/main.yml Normal file
View File

@ -0,0 +1,23 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: ironic_pre_install.yml
- include: ironic_get_source.yml
- include: ironic_install.yml
- include: python_ironicclient_install.yml
- include: ironic_conductor_post_install.yml
- include: ironic_db_setup.yml
- include: ironic_upstart_init.yml

26
tasks/python_ironicclient_install.yml Normal file
View File

@ -0,0 +1,26 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Install Python-Ironicclient (python system library)
when: python_ironicclient_checkout.changed and not ironic_venv_enabled
pip: name="file://{{ python_ironicclient_git_dest }}"
tags:
- ironic-client
- name: Install Python-Ironicclient (openstack venv)
when: python_ironicclient_checkout.changed and ironic_venv_enabled
pip: name="file://{{ python_ironicclient_git_dest }}" virtualenv="/openstack/venvs/ironic-{{ ironic_venv_tag }}"
tags:
- ironic-client

46
templates/ironic-upstart-init.j2 Normal file
View File

@ -0,0 +1,46 @@
# {{ ansible_managed }}
# vim:set ft=upstart ts=2 et:
description "{{ program_name }}"
author "Michael Davies <michael@the-davies.net>"
start on runlevel [2345]
stop on runlevel [016]
respawn
respawn limit 10 5
# Set the RUNBIN environment variable
env RUNBIN="{{ ironic_bin }}/{{ program_name }}"
# Change directory to service users home
chdir "{{ service_home }}"
# Pre start actions
pre-start script
mkdir -p "/var/run/{{ program_name }}"
chown {{ system_user }}:{{ system_group }} "/var/run/{{ program_name }}"
mkdir -p "/var/lock/{{ program_name }}"
chown {{ system_user }}:{{ system_group }} "/var/lock/{{ program_name }}"
{% if ironic_venv_enabled | bool -%}
. {{ ironic_venv_bin }}/activate
{%- endif %}
end script
# Post stop actions
post-stop script
rm "/var/run/{{ program_name }}/{{ program_name }}.pid"
end script
# Run the start up job
exec start-stop-daemon --start \
--chuid {{ system_user }} \
--make-pidfile \
--pidfile /var/run/{{ program_name }}/{{ program_name }}.pid \
--exec "{{ program_override|default('$RUNBIN') }}" \
-- {{ program_config_options|default('') }} \
--log-file={{ ironic_system_log_folder }}/{{ program_name }}.log

6
templates/sudoers.j2 Normal file
View File

@ -0,0 +1,6 @@
# {{ ansible_managed }}
Defaults:{{ ironic_system_user_name }} !requiretty
Defaults:{{ ironic_system_user_name }} secure_path="{{ ironic_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
{{ ironic_system_user_name }} ALL = (root) NOPASSWD: {{ ironic_bin }}/{{ ironic_service_name }}-rootwrap

2
tests/ansible.cfg Normal file
View File

@ -0,0 +1,2 @@
[defaults]
roles_path = ../..

5
tests/inventory Normal file
View File

@ -0,0 +1,5 @@
[all]
localhost ansible_connection=local ansible_user=root
[installhost]
installhost ansible_user=root ansible_ssh_port=22 ansible_ssh_host=192.168.1.21

5
tests/local_install.yml Normal file
View File

@ -0,0 +1,5 @@
- name: Do things with the openstack-ironic-role role
remote_user: root
hosts: installhost
roles:
- role: openstack-ansible-ironic

20
tests/test.yml Normal file
View File

@ -0,0 +1,20 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for role testing
hosts: localhost
remote_user: root
roles:
- role: "{{ rolename }}"