1f2ab67987
Similar to the CentOS case, we should use 'present' instead of 'latest' for the package state so we don't spend time resolving dependencies, querying repos etc. The 'present' state can be further improved either in the zypper itself or in the Ansible module. Change-Id: I44fae44030af1c9ee88dcc26c6b55c91a2531926 Link: https://github.com/ansible/ansible/pull/37191 Link: https://bugzilla.opensuse.org/show_bug.cgi?id=1084525
224 lines
8.5 KiB
YAML
224 lines
8.5 KiB
YAML
---
|
|
# Copyright 2015, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- include: test-repo-setup.yml
|
|
|
|
- name: Playbook for configuring hosts
|
|
hosts: localhost
|
|
become: true
|
|
pre_tasks:
|
|
- include: "common-tasks/test-set-nodepool-vars.yml"
|
|
- name: Clear iptables rules
|
|
shell: "{{ playbook_dir }}/iptables-clear.sh"
|
|
tags:
|
|
- skip_ansible_lint
|
|
- name: Set ssh key fact
|
|
set_fact:
|
|
lxc_container_ssh_key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
|
|
- name: Ensure roots new public ssh key is in authorized_keys
|
|
authorized_key:
|
|
user: root
|
|
key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
|
|
manage_dir: no
|
|
# This is a very dirty hack due to images.linuxcontainers.org
|
|
# constantly failing to resolve in openstack-infra.
|
|
- name: Implement hard-coded hosts entries for consistently failing name
|
|
lineinfile:
|
|
path: "/etc/hosts"
|
|
line: "{{ item }}"
|
|
state: present
|
|
with_items:
|
|
- "91.189.91.21 images.linuxcontainers.org us.images.linuxcontainers.org"
|
|
- "91.189.88.37 images.linuxcontainers.org uk.images.linuxcontainers.org"
|
|
# NOTE(mhayden): Using package_state=present on CentOS or openSUSE should allow for
|
|
# more gate jobs to complete properly and expose more problems that can
|
|
# be fixed (instead of timeouts).
|
|
- name: Use present for package_state on CentOS and openSUSE
|
|
set_fact:
|
|
package_state: "{{ (ansible_pkg_mgr in ['dnf', 'yum', 'zypper']) | ternary('present', 'latest') }}"
|
|
|
|
- include: test-install-openstack-hosts.yml
|
|
|
|
- name: Playbook for configuring the LXC host
|
|
hosts: localhost
|
|
become: true
|
|
roles:
|
|
- role: "lxc_hosts"
|
|
lxc_net_address: 10.100.100.1
|
|
lxc_net_dhcp_range: 10.100.100.8,10.100.100.253
|
|
lxc_net_bridge: lxcbr0
|
|
post_tasks:
|
|
- name: Ensure that /etc/network/interfaces.d/ exists (Debian)
|
|
file:
|
|
path: /etc/network/interfaces.d/
|
|
state: directory
|
|
tags:
|
|
- networking-dir-create
|
|
when:
|
|
- ansible_pkg_mgr == 'apt'
|
|
|
|
- name: Copy network configuration (Debian)
|
|
template:
|
|
src: "network_interfaces/debian_interface_{{ item.type | default('default') }}.cfg.j2"
|
|
dest: "/etc/network/interfaces.d/{{ item.name | default('br-mgmt') }}.cfg"
|
|
with_items: "{{ bridges }}"
|
|
register: network_interfaces_deb
|
|
when:
|
|
- ansible_pkg_mgr == 'apt'
|
|
|
|
- name: Copy network configuration (RedHat)
|
|
template:
|
|
src: "network_interfaces/redhat_interface_{{ item.type | default('default') }}.cfg.j2"
|
|
dest: "/etc/sysconfig/network-scripts/ifcfg-{{ item.name | default('br-mgmt') }}"
|
|
with_items: "{{ bridges }}"
|
|
register: network_interfaces_rhel
|
|
when:
|
|
- ansible_pkg_mgr in ['yum', 'dnf']
|
|
|
|
- name: Copy network configuration (SUSE)
|
|
template:
|
|
src: "network_interfaces/suse_interface_{{ item.type | default('default') }}.cfg.j2"
|
|
dest: "/etc/sysconfig/network/ifcfg-{{ item.name | default('br-mgmt') }}"
|
|
with_items: "{{ bridges }}"
|
|
register: network_interfaces_suse
|
|
when:
|
|
- ansible_pkg_mgr == 'zypper'
|
|
|
|
- name: Create alias file when required
|
|
template:
|
|
src: "network_interfaces/redhat_interface_alias.cfg.j2"
|
|
dest: "/etc/sysconfig/network-scripts/ifcfg-{{ item.name | default('br-mgmt')}}:0"
|
|
with_items: "{{ bridges }}"
|
|
when:
|
|
- ansible_pkg_mgr in ['yum', 'dnf']
|
|
- item.alias is defined
|
|
|
|
- name: Put down post-up script for veth-peer interfaces (RedHat)
|
|
template:
|
|
src: "network_interfaces/rpm_interface_{{ item[0] }}.cfg.j2"
|
|
dest: "/etc/sysconfig/network-scripts/{{ item[0] }}-veth-{{ item[1].name | default('br-mgmt') }}-2-{{ item[1].veth_peer | default('eth1') }}"
|
|
mode: "0755"
|
|
with_nested:
|
|
- [ "ifup-post", "ifdown-post" ]
|
|
- "{{ bridges }}"
|
|
when:
|
|
- item[1].veth_peer is defined
|
|
- ansible_pkg_mgr in ['yum', 'dnf']
|
|
|
|
# NOTE(hworang): Nested loops do not work on blocks. See
|
|
# https://github.com/ansible/ansible/issues/13262
|
|
# As such we need to do that on a per-task basis.
|
|
- block:
|
|
- name: Put down post-up script for veth-peer interfaces (SUSE)
|
|
template:
|
|
src: "network_interfaces/rpm_interface_{{ item[0] }}.cfg.j2"
|
|
dest: "/etc/sysconfig/network/scripts/{{ item[0] }}-veth-{{ item[1].name | default('br-mgmt') }}-2-{{ item[1].veth_peer | default('eth1') }}"
|
|
mode: "0755"
|
|
with_nested:
|
|
- [ "ifup-post", "ifdown-post" ]
|
|
- "{{ bridges }}"
|
|
- name: Configure ifcfg files to use the post-up script (SUSE)
|
|
lineinfile:
|
|
dest: "/etc/sysconfig/network/ifcfg-{{ item[1].name | default('br-mgmt') }}"
|
|
line: "POST_UP_SCRIPT=\"compat:suse:{{ item[0] }}-veth-{{ item[1].name | default('br-mgmt') }}-2-{{ item[1].veth_peer | default('eth1') }}\""
|
|
with_nested:
|
|
- ['ifup-post']
|
|
- "{{ bridges }}"
|
|
- name: Configure ifcfg files to use the post-down script (SUSE)
|
|
lineinfile:
|
|
dest: "/etc/sysconfig/network/ifcfg-{{ item[1].name | default('br-mgmt') }}"
|
|
line: "POST_DOWN_SCRIPT=\"compat:suse:{{ item[0] }}-veth-{{ item[1].name | default('br-mgmt') }}-2-{{ item[1].veth_peer | default('eth1') }}\""
|
|
with_nested:
|
|
- ['ifdown-post']
|
|
- "{{ bridges }}"
|
|
when:
|
|
- item[1].veth_peer is defined
|
|
- ansible_pkg_mgr == 'zypper'
|
|
|
|
- name: Ensure our interfaces.d configuration files are loaded automatically
|
|
lineinfile:
|
|
dest: /etc/network/interfaces
|
|
line: "source /etc/network/interfaces.d/*.cfg"
|
|
when:
|
|
- ansible_pkg_mgr == 'apt'
|
|
tags:
|
|
- networking-interfaces-load
|
|
|
|
- name: Ensure the postup/postdown scripts are loaded (RedHat)
|
|
lineinfile:
|
|
dest: "/etc/sysconfig/network-scripts/{{ item[0] }}"
|
|
line: ". /etc/sysconfig/network-scripts/{{ item[0] }}-veth-{{ item[1].name | default('br-mgmt') }}-2-{{ item[1].veth_peer | default('eth1') }}"
|
|
insertbefore: "^exit 0"
|
|
with_nested:
|
|
- [ "ifup-post", "ifdown-post" ]
|
|
- "{{ bridges }}"
|
|
when:
|
|
- item[1].veth_peer is defined
|
|
- ansible_pkg_mgr in ['yum', 'dnf']
|
|
|
|
- name: Shut down the network interfaces
|
|
command: "ifdown {{ item.name | default('br-mgmt') }}"
|
|
when:
|
|
- (network_interfaces_rhel | changed) or (network_interfaces_deb | changed) or
|
|
(network_interfaces_suse | changed)
|
|
with_items: "{{ bridges }}"
|
|
|
|
- name: Shut down the alias interface (RedHat)
|
|
command: "ifdown {{ item.name | default('br-mgmt') }}:0"
|
|
when:
|
|
- ansible_pkg_mgr in ['yum', 'dnf']
|
|
- network_interfaces_rhel | changed
|
|
- item.alias is defined
|
|
with_items: "{{ bridges }}"
|
|
|
|
- name: Start the network interfaces
|
|
command: "ifup {{ item.name | default('br-mgmt') }}"
|
|
when:
|
|
- (network_interfaces_rhel | changed) or (network_interfaces_deb | changed) or
|
|
(network_interfaces_suse | changed)
|
|
with_items: "{{ bridges }}"
|
|
|
|
- name: Start the alias interface (RedHat)
|
|
command: "ifup {{ item.name | default('br-mgmt') }}:0"
|
|
when:
|
|
- ansible_pkg_mgr in ['yum', 'dnf']
|
|
- network_interfaces_rhel | changed
|
|
- item.alias is defined
|
|
with_items: "{{ bridges }}"
|
|
|
|
- name: Determine iptables path
|
|
shell: which iptables
|
|
register: _iptables_path
|
|
tags:
|
|
- skip_ansible_lint
|
|
|
|
- name: Add iptables rule to ensure traffic checksum is correct
|
|
command: "{{ _iptables_path.stdout }} -A POSTROUTING -t mangle -p tcp -j CHECKSUM --checksum-fill"
|
|
tags:
|
|
- skip_ansible_lint
|
|
|
|
- name: Add iptables rule to provide internet connectivity to instances
|
|
command: "{{ _iptables_path.stdout }} -t nat -A POSTROUTING -o eth0 -j MASQUERADE"
|
|
tags:
|
|
- skip_ansible_lint
|
|
|
|
- name: Add iptables rules for lxc natting
|
|
command: /usr/local/bin/lxc-system-manage iptables-create
|
|
tags:
|
|
- skip_ansible_lint
|
|
|
|
vars_files:
|
|
- test-vars.yml
|