Merge pull request #1 from hostdime/deployment_updates

Deployment updates

.gitignore

@@ -1,5 +1,6 @@
 # Ansible
 external_roles/*
+*.retry
 
 # Byte-compiled / optimized / DLL files
 __pycache__/

README.md

@@ -1,30 +1,100 @@
 # autodeploy
-Deployment automation efforts for PF9 pre-reqs, host agent, and authorization.
+
+Deployment automation efforts for Platform9's prerequisites, host agent(s), and authorization via the use of Ansible.
+
+
+## Requirements
+
+* Ansible 2
+* Python 2
+    * shade
+
 
 ## Instructions
 
-After cloning the repo you'll need to create the following files.
+Clone the repository.
+```
+$ git clone https://github.com/platform9/autodeploy.git
+$ cd autodeploy/
+```
+
+After cloning the repository, it is required to configure the variables for deployment.
+```
+# cp -a group_vars/all_example.yml group_vars/all.yml
+# vim group_vars/all.yml
+```
+
+The SSH connection details for the hypervisor (Nova) and/or image (Glance) nodes should be defined in a new inventory file.
+```
+# vim production
+```
+
+Finally, the Playbook can be run.
+```
+# ansible-playbook -i production site.yml
+```
+
+
+### Variables
+
+Hypervisor required variables:
 
-### group_vars/all.yml
+* group_vars/all.yml
+    * os_region = OpenStack region.
+    * os_username = OpenStack admin username.
+    * os_password: OpenStack password.
+    * os_tenant: OpenStack admin project.
+    * du_url = The unique URL provided by Platform9 to access the controller resources.
 
-    ssh_user: root
-    os_region: <OS region>
-    os_username: <username>
-    os_password: <password>
-    os_tenant: <tenant name>
-    du_url: <DU_UR>
+Image node required variable:
 
-### inventory/hypervisors
+* group_vars/all.yml
+    * pf9_id
 
-    [hypervisors]
-    <fqdn> ansible_host=<ip>
+Optional variables:
 
-## Example Playbook
+* group_vars/all.yml
+    * manage_hostname = Boolean value. Set the hostname equal to the Ansible inventory_hostname for the host.
+    * manage_resolvers = Boolean value. Append servers listed in the "dns_resolvers" variable to the resolvers file.
+    * dns_resolvers = The DNS resolvers to use for the remote node.
+
+
+### Inventory
+
+All of the hypervisor nodes should be listed in the inventory file. They should be under the "hypervisors" group. Each node should be named after their fully qualified domain name (FQDN) that will be used as the hostname. Here are a few examples for creating Ansible inventory connection details based on common scenarios.
+
+* SSH directly in as root.
+```
+<FQDN> ansible_host=<IP> ansible_port=<SSH_PORT> ansible_user=root
+```
+
+* SSH in as a privileged user and run Ansible tasks using "sudo."
+```
+<FQDN> ansible_host=<IP> ansible_port=<SSH_PORT> ansible_become=True ansible_user=<SSH_USER> ansible_become_method=sudo
+```
+
+* SSH in as a privileged user and then switch to the root user with "su" to run Ansible tasks.
+```
+<FQDN> ansible_host=<IP> ansible_port=<SSH_PORT> ansible_become=True ansible_user=<SSH_USER> ansible_become_method=su ansible_user=<SSH_USER>
+```
+
+* Hypervisor and image storage group inventory example:
+```
+# vim production
+compute01.domain.tld ansible_host=10.0.0.11 ansible_port=2222 ansibler_user=root
+compute02.domain.tld ansible_host=10.0.0.12 ansible_become=True ansible_user=bob ansible_become_method=sudo
+compute03.domain.tld ansible_host=10.0.0.13 ansible_port=2222 ansible_become=True ansible_user=joe ansible_become_method=su
+image01.domain.tld ansible_host=10.0.0.71
+image02.domain.tld ansible_host=10.0.0.72
+
+[hypervisors]
+compute[01:03].domain.tld
+
+[image_storage]
+image[01:02].domain.tld
+```
 
-    - hosts: hypervisors
-      roles:
-        - neutron-prerequisites
-        - pf9-hostagent
 
 ## License
+
 Commerical

group_vars/.gitignore

@@ -0,0 +1,2 @@
+all.yml
+all.yaml

group_vars/all_example.yml

@@ -0,0 +1,14 @@
+---
+# Set hostname equal to inventory_hostname
+manage_hostname: False
+# Append DNS resolvers to /etc/resolv.conf
+manage_resolvers: False
+dns_resolvers:
+  - 8.8.8.8
+  - 8.8.4.4
+# these variables are required to be filled in for the end-user's environment
+os_username:
+os_password:
+os_region:
+os_tenant:
+du_url:

inventory/pf9.py

@@ -41,7 +41,7 @@ def get_du_inventory(self):
         @os_token: str
         @rtype: dict
         """
-        # Check if OS Token exits
+        # Check if OS Token exists
         if self.pf9_keystone_file and os.path.isfile(self.pf9_keystone_file):
             try:
                 os_token_file = open(self.pf9_keystone_file)

roles/common/tasks/main.yml

@@ -0,0 +1,40 @@
+---
+- name: Check for hardware virtualization support
+  # svm - AMD SVM
+  # vmx - Intel VT-x
+  command: "grep -Eiq '(svm|vmx)' /proc/cpuinfo"
+  ignore_errors: True
+  changed_when: hw_virt.rc != 0
+  register: hw_virt
+  when: inventory_hostname in groups.hypervisors
+
+- name: Quitting if hardware virtualization is not enabled
+  fail:
+    msg: "Hardware virtualization is not present, or not enabled."
+  when: hw_virt|failed and
+        inventory_hostname in groups.hypervisors
+
+- name: Set system hostname
+  hostname:
+    name: "{{ inventory_hostname }}"
+  register: hostname_result
+
+- name: Update /etc/hosts to reflect hostname change
+  lineinfile:
+    state: present
+    dest: /etc/hosts
+    regexp: "^(127.0.0.1).*$"
+    line: "127.0.0.1\t{{ inventory_hostname_short }}\t{{ inventory_hostname }}\tlocalhost"
+  register: etc_hosts_result
+
+- name: Set DNS resolvers
+  lineinfile:
+    state: present
+    dest: /etc/resolv.conf
+    create: yes
+    line: "nameserver {{ item }}"
+  with_items: "{{ dns_resolvers }}"
+  when: manage_resolvers == True
+
+- include: redhat.yml
+  when: ansible_os_family == "RedHat"

roles/common/tasks/redhat.yml

@@ -0,0 +1,20 @@
+---
+- name: Install libselinux-python
+  yum:
+    state: present
+    name: libselinux-python
+
+- name: Modify devpts mount point
+  mount:
+    state: present
+    name: /dev/pts
+    src: devpts
+    fstype: devpts
+    opts: gid=5,mode=620
+    dump: 0
+    passno: 0
+  register: devpts_result
+
+- name: Remount devpts mount point
+  command: mount -o remount devpts
+  when: devpts_result|changed

roles/glance-host/tasks/main.yml

@@ -3,7 +3,7 @@
   uri:
     url: "{{ du_url }}/resmgr/v1/hosts/{{ pf9_id }}/roles/pf9-glance-role"
     headers:
-      X-Auth-Token: "{{ hostvars['localhost']['os_auth_token'] }}"
+      X-Auth-Token: "{{ hostvars[inventory_hostname]['os_auth_token'] }}"
   register: glance_role_custom
 
 - name: Set glance_datadir path

roles/neutron-prerequisites/defaults/main.yml

@@ -5,3 +5,8 @@ neutron_sysctl:
   net.ipv4.conf.default.rp_filter: 0
   net.ipv4.ip_forward: 1
   net.ipv4.tcp_mtu_probing: 1
+neutron_kernel_modules:
+  - 8021q
+  - bonding
+  - bridge
+  - br_netfilter

roles/neutron-prerequisites/tasks/main.yml

@@ -1,19 +1,4 @@
 ---
-- name: Set DNS resolvers if unset
-  lineinfile:
-    state: present
-    dest: /etc/resolv.conf
-    create: yes
-    line: "nameserver {{ item }}"
-  with_items: "{{ default_resolvers }}"
-  when: ansible_dns.nameservers is undefined
-
-- name: Install libselinux-python
-  yum:
-    state: present
-    name: libselinux-python
-  when: ansible_distribution == "CentOS"
-
 - name: Load kernel modules required for Neutron
   include: modules.yml
 
@@ -25,10 +10,23 @@
     sysctl_set: yes
   with_dict: "{{ neutron_sysctl }}"
 
-- include: centos.yml
-  when: ansible_distribution == 'CentOS'
+- include: redhat.yml
+  when: ansible_os_family == "RedHat"
 
 - include: ubuntu.yml
   when: ansible_distribution == 'Ubuntu'
 
-- include: networking.yml
+- name: Create required OVS bridges
+  openvswitch_bridge:
+    bridge: "{{ item }}"
+    state: present
+  with_items:
+    - br-ext
+    - br-vlan
+
+- name: Set br-ext external bridge ID
+  openvswitch_bridge:
+    bridge: br-ext
+    state: present
+    external_ids:
+      bridge-id: br-ext

roles/neutron-prerequisites/tasks/modules.yml

@@ -1,20 +1,15 @@
 ---
-- include_vars: "{{ item }}"
-  with_first_found:
-    - "vars/{{ ansible_distribution }}.yml"
-    - vars/default.yml
-
 - modprobe:
     state: present
     name: "{{ item }}"
-  with_items: "{{ neutron_modules }}"
+  with_items: "{{ neutron_kernel_modules }}"
 
 - name: Persist modules on boot
   lineinfile:
     state: present
     line: "{{ item }}"
     dest: /etc/modules
-  with_items: "{{ neutron_modules }}"
+  with_items: "{{ neutron_kernel_modules }}"
   when: ansible_os_family == "Debian"
 
 - name: Persist modules on boot
@@ -23,5 +18,5 @@
     dest: /etc/modules-load.d/neutron.conf
     create: yes
     line: "{{ item }}"
-  with_items: "{{ neutron_modules }}"
+  with_items: "{{ neutron_kernel_modules }}"
   when: ansible_os_family == "RedHat"

roles/neutron-prerequisites/tasks/centos.yml → roles/neutron-prerequisites/tasks/redhat.yml

@@ -4,13 +4,18 @@
     policy: targeted
     state: permissive
 
-- name: Disable firewall
+- name: Disable firewalld
   service:
     state: stopped
     name: firewalld
     enabled: no
   ignore_errors: True
 
+- name: Installing iptables-services
+  yum:
+    name: iptables-services
+    state: present
+
 - name: Assemble list of ifcfg scripts
   find:
     path: /etc/sysconfig/network-scripts
@@ -35,7 +40,7 @@
     enabled: no
   ignore_errors: True
 
-- name: Add PF9 yum repo
+- name: Add Platform9 Yum repository
   yum:
     name: https://s3-us-west-1.amazonaws.com/platform9-neutron/noarch/platform9-neutron-repo-1-0.noarch.rpm
     state: present
@@ -48,7 +53,7 @@
     disablerepo: '*'
     enablerepo: 'platform9-neutron-el7-repo'
 
-- name: Enable & Start Open vSwitch
+- name: Enable and start Open vSwitch
   service:
     name: openvswitch
     state: started

roles/neutron-prerequisites/tasks/ubuntu.yml

@@ -6,7 +6,7 @@
     - ifenslave
     - vlan
 
-- name: Add PF9 repo
+- name: Add Platform9 APT repository
   apt_repository:
     repo: 'deb http://platform9-neutron.s3-website-us-west-1.amazonaws.com ubuntu/'
     state: present
@@ -18,7 +18,7 @@
     state: present
     force: yes
 
-- name: Enable & Start Open vSwitch
+- name: Enable and start Open vSwitch
   service:
     name: openvswitch-switch
     state: started