-
Notifications
You must be signed in to change notification settings - Fork 68
/
configure.yml
139 lines (132 loc) · 4.71 KB
/
configure.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
---
- name: Create container config dirs
tags:
- configure
- nova
become: true
ansible.builtin.file:
path: "{{ item.path }}"
state: "directory"
setype: "container_file_t"
owner: "{{ item.owner | default(ansible_user) }}"
group: "{{ item.group | default(ansible_user) }}"
mode: "{{ item.mode | default(omit) }}"
loop:
- {"path": "{{ edpm_nova_config_dest }}", "mode": "0755"}
- {"path": "/var/lib/openstack/config/containers", "mode": "0755"}
- {"path": "{{ edpm_nova_certs_dest }}", "mode": "0755"}
- {"path": "{{ edpm_nova_cacerts_dest }}", "mode": "0755"}
- name: Create persistent directories
tags:
- configure
- nova
become: true
ansible.builtin.file:
path: "{{ item.path }}"
setype: "container_file_t"
state: "directory"
owner: "{{ item.owner | default(omit) }}"
group: "{{ item.group | default(omit) }}"
mode: "{{ item.mode | default(omit) }}"
loop:
- {"path": "/var/lib/nova", "mode": "0755"}
- {"path": "/var/lib/_nova_secontext", "mode": "0755"}
- {"path": "/var/lib/nova/instances", "mode", "0755"}
- {"path": "/var/log/containers/nova", "mode": "0750"}
- {"path": "/var/log/containers/stdouts"}
- {"path": "/etc/ceph", "mode": "0750", "owner": "root", "group": "root"}
- {"path": "/etc/multipath"}
- {"path": "/etc/iscsi"}
- {"path": "/var/lib/iscsi"}
- {"path": "/run/openvswitch"}
- name: Render nova config files
tags:
- configure
- nova
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ edpm_nova_config_dest }}/{{ item.dest }}"
setype: "container_file_t"
mode: "0644"
loop:
- {"src": "config.json.j2", "dest": "config.json"}
- {"src": "nova-blank.conf", "dest": "nova-blank.conf"}
- {"src": "ssh-config", "dest": "ssh-config"}
# NOTE(gibi): This is unfortunate as we would like to avoid config
# generation in ansible. This config is only needed to specify the IP
# address of the node nova-compute should use. Right now this is hardcoded
# to use the ctlplane_ip. In the future we might want to support
# configuring which network nova-compute uses when connecting between
# compute nodes. However that needs careful syncing between IPs in the
# known_hosts file and IPs in the TLS certificates.
# NOTE(gibi): There is an upstream nova blueprint that will allow us to
# remove this host specific configuration in the future (not earlier than
# openstack Caracal)
# https://blueprints.launchpad.net/nova/+spec/libvirt-migrate-with-hostname-instead-of-ip
- {"src": "02-nova-host-specific.conf.j2", "dest": "02-nova-host-specific.conf"}
notify:
- Restart nova
- name: Discover configmaps in {{ edpm_nova_config_src }}
ansible.builtin.find:
paths: "{{ edpm_nova_config_src }}"
file_type: file
recurse: true
register: edpm_nova_configmaps
changed_when: false
check_mode: false
delegate_to: localhost
- name: Flatten configmaps into {{ edpm_nova_config_dest }}
tags:
- configure
- nova
ansible.builtin.copy:
src: "{{ item.path }}"
dest: "{{ edpm_nova_config_dest }}/{{ item.path | basename }}"
setype: "container_file_t"
mode: "0644"
loop: "{{ edpm_nova_configmaps.files }}"
notify:
- Restart nova
- name: Configure nova user and group on the host
ansible.builtin.import_role:
name: edpm_users
vars:
edpm_users_users:
# 42436 is matching with the uid and gid created by kolla in the nova containers
- {"name": "nova", "uid": "42436", "gid": "42436", "shell": "/bin/sh", "comment": "nova user", "groups": "libvirt"}
edpm_users_extra_dirs: []
tags:
- edpm_users
- name: Create .ssh directory for the nova user on the host
become: true
ansible.builtin.file:
path: "/home/nova/.ssh"
state: "directory"
owner: nova
group: nova
mode: '0700'
- name: Copy the migration ssh public key as authorized_keys to the nova user
become: true
ansible.builtin.copy:
src: "{{ edpm_nova_config_dest }}/ssh-publickey"
remote_src: true
dest: "/home/nova/.ssh/authorized_keys"
mode: '0600'
owner: nova
group: nova
- name: Copy TLS files to the compute node
tags:
- configure
- nova
become: true
loop:
- {"src": "{{ edpm_nova_certs_src }}/{{ inventory_hostname }}-tls.crt", "dest": "{{ edpm_nova_certs_dest }}/tls.crt"}
- {"src": "{{ edpm_nova_certs_src }}/{{ inventory_hostname }}-tls.key", "dest": "{{ edpm_nova_certs_dest }}/tls.key"}
- {"src": "{{ edpm_nova_cacerts_src }}/TLSCABundleFile", "dest": "{{ edpm_nova_cacerts_dest }}/TLSCABundleFile"}
ansible.builtin.copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: '0600'
owner: nova
group: nova
when: edpm_nova_tls_certs_enabled