9d63583694
In order to allow us to make use of the Ansible shade modules to interact with the running OpenStack environment in tests, we execute the openstack_openrc role against the test host. The include_vars for the follow-on play is moved to make it easier to find, and the initial play's 'pre_tasks' are renamed to 'tasks' as there is no 'roles' implementation in the play. Change-Id: Iec4f266324d4e5f81d21163f68f8d5c32c34f86d
229 lines
8.7 KiB
YAML
229 lines
8.7 KiB
YAML
---
|
|
# Copyright 2015, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- include: test-repo-setup.yml
|
|
|
|
- name: Playbook for configuring hosts
|
|
hosts: localhost
|
|
become: true
|
|
vars_files:
|
|
- test-vars.yml
|
|
tasks:
|
|
- include: "common-tasks/test-set-nodepool-vars.yml"
|
|
- name: Clear iptables rules
|
|
shell: "{{ playbook_dir }}/iptables-clear.sh"
|
|
tags:
|
|
- skip_ansible_lint
|
|
- name: Set ssh key fact
|
|
set_fact:
|
|
lxc_container_ssh_key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
|
|
- name: Ensure roots new public ssh key is in authorized_keys
|
|
authorized_key:
|
|
user: root
|
|
key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
|
|
manage_dir: no
|
|
# This is a very dirty hack due to images.linuxcontainers.org
|
|
# constantly failing to resolve in openstack-infra.
|
|
- name: Implement hard-coded hosts entries for consistently failing name
|
|
lineinfile:
|
|
path: "/etc/hosts"
|
|
line: "{{ item }}"
|
|
state: present
|
|
with_items:
|
|
- "91.189.91.21 images.linuxcontainers.org us.images.linuxcontainers.org"
|
|
- "91.189.88.37 images.linuxcontainers.org uk.images.linuxcontainers.org"
|
|
# NOTE(mhayden): Using package_state=present on CentOS or openSUSE should allow for
|
|
# more gate jobs to complete properly and expose more problems that can
|
|
# be fixed (instead of timeouts).
|
|
- name: Use present for package_state on CentOS and openSUSE
|
|
set_fact:
|
|
package_state: "{{ (ansible_pkg_mgr in ['dnf', 'yum', 'zypper']) | ternary('present', 'latest') }}"
|
|
- name: Setup clouds.yaml
|
|
include_role:
|
|
name: openstack_openrc
|
|
private: yes
|
|
|
|
- include: test-install-openstack-hosts.yml
|
|
|
|
- name: Playbook for configuring the LXC host
|
|
hosts: localhost
|
|
become: true
|
|
vars_files:
|
|
- test-vars.yml
|
|
roles:
|
|
- role: "lxc_hosts"
|
|
lxc_net_address: 10.100.100.1
|
|
lxc_net_dhcp_range: 10.100.100.8,10.100.100.253
|
|
lxc_net_bridge: lxcbr0
|
|
post_tasks:
|
|
- name: Ensure that /etc/network/interfaces.d/ exists (Debian)
|
|
file:
|
|
path: /etc/network/interfaces.d/
|
|
state: directory
|
|
tags:
|
|
- networking-dir-create
|
|
when:
|
|
- ansible_pkg_mgr == 'apt'
|
|
|
|
- name: Copy network configuration (Debian)
|
|
template:
|
|
src: "network_interfaces/debian_interface_{{ item.type | default('default') }}.cfg.j2"
|
|
dest: "/etc/network/interfaces.d/{{ item.name | default('br-mgmt') }}.cfg"
|
|
with_items: "{{ bridges }}"
|
|
register: network_interfaces_deb
|
|
when:
|
|
- ansible_pkg_mgr == 'apt'
|
|
|
|
- name: Copy network configuration (RedHat)
|
|
template:
|
|
src: "network_interfaces/redhat_interface_{{ item.type | default('default') }}.cfg.j2"
|
|
dest: "/etc/sysconfig/network-scripts/ifcfg-{{ item.name | default('br-mgmt') }}"
|
|
with_items: "{{ bridges }}"
|
|
register: network_interfaces_rhel
|
|
when:
|
|
- ansible_pkg_mgr in ['yum', 'dnf']
|
|
|
|
- name: Copy network configuration (SUSE)
|
|
template:
|
|
src: "network_interfaces/suse_interface_{{ item.type | default('default') }}.cfg.j2"
|
|
dest: "/etc/sysconfig/network/ifcfg-{{ item.name | default('br-mgmt') }}"
|
|
with_items: "{{ bridges }}"
|
|
register: network_interfaces_suse
|
|
when:
|
|
- ansible_pkg_mgr == 'zypper'
|
|
|
|
- name: Create alias file when required
|
|
template:
|
|
src: "network_interfaces/redhat_interface_alias.cfg.j2"
|
|
dest: "/etc/sysconfig/network-scripts/ifcfg-{{ item.name | default('br-mgmt')}}:0"
|
|
with_items: "{{ bridges }}"
|
|
when:
|
|
- ansible_pkg_mgr in ['yum', 'dnf']
|
|
- item.alias is defined
|
|
|
|
- name: Put down post-up script for veth-peer interfaces (RedHat)
|
|
template:
|
|
src: "network_interfaces/rpm_interface_{{ item[0] }}.cfg.j2"
|
|
dest: "/etc/sysconfig/network-scripts/{{ item[0] }}-veth-{{ item[1].name | default('br-mgmt') }}-2-{{ item[1].veth_peer | default('eth1') }}"
|
|
mode: "0755"
|
|
with_nested:
|
|
- [ "ifup-post", "ifdown-post" ]
|
|
- "{{ bridges }}"
|
|
when:
|
|
- item[1].veth_peer is defined
|
|
- ansible_pkg_mgr in ['yum', 'dnf']
|
|
|
|
# NOTE(hworang): Nested loops do not work on blocks. See
|
|
# https://github.com/ansible/ansible/issues/13262
|
|
# As such we need to do that on a per-task basis.
|
|
- block:
|
|
- name: Put down post-up script for veth-peer interfaces (SUSE)
|
|
template:
|
|
src: "network_interfaces/rpm_interface_{{ item[0] }}.cfg.j2"
|
|
dest: "/etc/sysconfig/network/scripts/{{ item[0] }}-veth-{{ item[1].name | default('br-mgmt') }}-2-{{ item[1].veth_peer | default('eth1') }}"
|
|
mode: "0755"
|
|
with_nested:
|
|
- [ "ifup-post", "ifdown-post" ]
|
|
- "{{ bridges }}"
|
|
- name: Configure ifcfg files to use the post-up script (SUSE)
|
|
lineinfile:
|
|
dest: "/etc/sysconfig/network/ifcfg-{{ item[1].name | default('br-mgmt') }}"
|
|
line: "POST_UP_SCRIPT=\"compat:suse:{{ item[0] }}-veth-{{ item[1].name | default('br-mgmt') }}-2-{{ item[1].veth_peer | default('eth1') }}\""
|
|
with_nested:
|
|
- ['ifup-post']
|
|
- "{{ bridges }}"
|
|
- name: Configure ifcfg files to use the post-down script (SUSE)
|
|
lineinfile:
|
|
dest: "/etc/sysconfig/network/ifcfg-{{ item[1].name | default('br-mgmt') }}"
|
|
line: "POST_DOWN_SCRIPT=\"compat:suse:{{ item[0] }}-veth-{{ item[1].name | default('br-mgmt') }}-2-{{ item[1].veth_peer | default('eth1') }}\""
|
|
with_nested:
|
|
- ['ifdown-post']
|
|
- "{{ bridges }}"
|
|
when:
|
|
- item[1].veth_peer is defined
|
|
- ansible_pkg_mgr == 'zypper'
|
|
|
|
- name: Ensure our interfaces.d configuration files are loaded automatically
|
|
lineinfile:
|
|
dest: /etc/network/interfaces
|
|
line: "source /etc/network/interfaces.d/*.cfg"
|
|
when:
|
|
- ansible_pkg_mgr == 'apt'
|
|
tags:
|
|
- networking-interfaces-load
|
|
|
|
- name: Ensure the postup/postdown scripts are loaded (RedHat)
|
|
lineinfile:
|
|
dest: "/etc/sysconfig/network-scripts/{{ item[0] }}"
|
|
line: ". /etc/sysconfig/network-scripts/{{ item[0] }}-veth-{{ item[1].name | default('br-mgmt') }}-2-{{ item[1].veth_peer | default('eth1') }}"
|
|
insertbefore: "^exit 0"
|
|
with_nested:
|
|
- [ "ifup-post", "ifdown-post" ]
|
|
- "{{ bridges }}"
|
|
when:
|
|
- item[1].veth_peer is defined
|
|
- ansible_pkg_mgr in ['yum', 'dnf']
|
|
|
|
- name: Shut down the network interfaces
|
|
command: "ifdown {{ item.name | default('br-mgmt') }}"
|
|
when:
|
|
- (network_interfaces_rhel | changed) or (network_interfaces_deb | changed) or
|
|
(network_interfaces_suse | changed)
|
|
with_items: "{{ bridges }}"
|
|
|
|
- name: Shut down the alias interface (RedHat)
|
|
command: "ifdown {{ item.name | default('br-mgmt') }}:0"
|
|
when:
|
|
- ansible_pkg_mgr in ['yum', 'dnf']
|
|
- network_interfaces_rhel | changed
|
|
- item.alias is defined
|
|
with_items: "{{ bridges }}"
|
|
|
|
- name: Start the network interfaces
|
|
command: "ifup {{ item.name | default('br-mgmt') }}"
|
|
when:
|
|
- (network_interfaces_rhel | changed) or (network_interfaces_deb | changed) or
|
|
(network_interfaces_suse | changed)
|
|
with_items: "{{ bridges }}"
|
|
|
|
- name: Start the alias interface (RedHat)
|
|
command: "ifup {{ item.name | default('br-mgmt') }}:0"
|
|
when:
|
|
- ansible_pkg_mgr in ['yum', 'dnf']
|
|
- network_interfaces_rhel | changed
|
|
- item.alias is defined
|
|
with_items: "{{ bridges }}"
|
|
|
|
- name: Determine iptables path
|
|
shell: which iptables
|
|
register: _iptables_path
|
|
tags:
|
|
- skip_ansible_lint
|
|
|
|
- name: Add iptables rule to ensure traffic checksum is correct
|
|
command: "{{ _iptables_path.stdout }} -A POSTROUTING -t mangle -p tcp -j CHECKSUM --checksum-fill"
|
|
tags:
|
|
- skip_ansible_lint
|
|
|
|
- name: Add iptables rule to provide internet connectivity to instances
|
|
command: "{{ _iptables_path.stdout }} -t nat -A POSTROUTING -o eth0 -j MASQUERADE"
|
|
tags:
|
|
- skip_ansible_lint
|
|
|
|
- name: Add iptables rules for lxc natting
|
|
command: /usr/local/bin/lxc-system-manage iptables-create
|
|
tags:
|
|
- skip_ansible_lint
|