From c32c5195d068f98825061befa317828386e3d804 Mon Sep 17 00:00:00 2001 From: Blake Covarrubias Date: Fri, 19 May 2017 01:38:47 -0400 Subject: [PATCH 1/7] Remove root_user config from ansible.cfg --- ansible.cfg | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible.cfg b/ansible.cfg index a18a84a7..e72232e7 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,7 +1,6 @@ [defaults] host_key_checking = False inventory = inventory/ -remote_user = root role_path = roles display_skipped_hosts = False nocows=1 From e592ebd73b50271419c27e1b115a702e16fc47f5 Mon Sep 17 00:00:00 2001 From: Blake Covarrubias Date: Fri, 19 May 2017 01:43:21 -0400 Subject: [PATCH 2/7] Cache Keystone token on Ansible control machine --- roles/pf9-auth/tasks/main.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/roles/pf9-auth/tasks/main.yml b/roles/pf9-auth/tasks/main.yml index 85a9376d..f4f1621e 100644 --- a/roles/pf9-auth/tasks/main.yml +++ b/roles/pf9-auth/tasks/main.yml @@ -10,14 +10,21 @@ - os_region - os_tenant +- name: Create local files/ directory + connection: local + become: no + file: + state: directory + path: files/ + - name: Check if cached Keystone token exists stat: - path: /root/keystone-token.txt + path: files/keystone-token.txt register: cached_token - block: - name: Load OS_AUTH_TOKEN into fact - set_fact: "os_auth_token={{ lookup('file', '/root/keystone-token.txt') | trim }}" + set_fact: "os_auth_token={{ lookup('file', 'files/keystone-token.txt') | trim }}" - name: Validate Keystone token uri: @@ -43,9 +50,11 @@ register: auth_reply - name: Save OS Auth Token + connection: local + become: no copy: content: "{{ auth_reply.ansible_facts.auth_token }}" - dest: /root/keystone-token.txt + dest: files/keystone-token.txt - name: Store OS_AUTH_TOKEN in fact set_fact: "os_auth_token={{ auth_reply.ansible_facts.auth_token }}" From 0fe16cf2c05841a7e858ea5837c23a85cc48ff62 Mon Sep 17 00:00:00 2001 From: Blake Covarrubias Date: Fri, 19 May 2017 01:55:54 -0400 Subject: [PATCH 3/7] Fix os_auth when running Ansible from a virtualenv MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit By default, Ansible will execute local modules using the default python_interpreter, /usr/bin/python. If Ansible is installed in a Python virtual environment, this causes Ansible to incorrectly reference the system-wide library path, and thus not find the modules / dependencies necessary for correct operation. The fix is to utilize local_action which correctly utilizes the Python interpreter from within the active virtual environment, and thus correctly resolves os_auth’s required dependencies (e.g., Shade). --- roles/pf9-auth/tasks/main.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/pf9-auth/tasks/main.yml b/roles/pf9-auth/tasks/main.yml index f4f1621e..35ecd300 100644 --- a/roles/pf9-auth/tasks/main.yml +++ b/roles/pf9-auth/tasks/main.yml @@ -37,15 +37,17 @@ when: cached_token.stat.exists == True - block: - - name: Obtain authentication token from Keystone - os_auth: - auth: + - name: Set OS_AUTH fact + set_fact: + os_auth: auth_url: "{{ du_url }}/keystone/v2.0" username: "{{ os_username }}" password: "{{ os_password }}" project_name: "{{ os_tenant }}" - region_name: "{{ os_region }}" - validate_certs: False + + - name: Obtain authentication token from Keystone + become: no + local_action: "os_auth auth={{ os_auth }} region_name={{ os_tenant }}" check_mode: no register: auth_reply From 3c5b37253513fad25482c73eaae39e338fa3ae83 Mon Sep 17 00:00:00 2001 From: Blake Covarrubias Date: Fri, 19 May 2017 02:01:59 -0400 Subject: [PATCH 4/7] =?UTF-8?q?Don=E2=80=99t=20download=20installers=20loc?= =?UTF-8?q?ally=20as=20root?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/pf9-hostagent/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/pf9-hostagent/tasks/main.yml b/roles/pf9-hostagent/tasks/main.yml index 34d90aba..2fc6b088 100644 --- a/roles/pf9-hostagent/tasks/main.yml +++ b/roles/pf9-hostagent/tasks/main.yml @@ -1,6 +1,7 @@ --- - name: Download Platform9 installers connection: local + become: no get_url: url: "{{ du_url }}/private/platform9-install-{{ item }}.sh" dest: "/tmp/platform9-install-{{ item }}.sh" From 53746785c8d4c0d3c4c36f5f0d4f3b9544cae590 Mon Sep 17 00:00:00 2001 From: Blake Covarrubias Date: Fri, 19 May 2017 02:03:23 -0400 Subject: [PATCH 5/7] Fix logic in hostagent conditional install checks --- roles/pf9-hostagent/tasks/packages.yml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/roles/pf9-hostagent/tasks/packages.yml b/roles/pf9-hostagent/tasks/packages.yml index 12eb2001..4973db36 100644 --- a/roles/pf9-hostagent/tasks/packages.yml +++ b/roles/pf9-hostagent/tasks/packages.yml @@ -1,18 +1,22 @@ --- - name: Check pf9-hostagent on Debian command: dpkg-query -s pf9-hostagent - when: ansible_pkg_mgr == "apt" ignore_errors: True - register: pkg_state - changed_when: pkg_state.rc != 0 + register: pkg_state_debian + changed_when: pkg_state_debian.rc != 0 + when: + - ansible_os_family == "Debian" + - ansible_pkg_mgr == "apt" - name: Check pf9-hostagent on Red Hat command: rpm -q pf9-hostagent - when: ansible_pkg_mgr == "yum" ignore_errors: True - register: pkg_state - changed_when: pkg_state.rc != 0 + register: pkg_state_redhat + changed_when: pkg_state_redhat.rc != 0 + when: + - ansible_os_family == "RedHat" + - ansible_pkg_mgr == "yum" - name: Install pf9-hostagent on hypervisor script: "/tmp/platform9-install-{{ ansible_os_family|lower }}.sh --no-proxy --no-ntpd" - when: pkg_state|failed + when: pkg_state_debian|failed or pkg_state_redhat|failed From 9e941d3ef09e43e5b0a61e6296d8118a89ea3b1d Mon Sep 17 00:00:00 2001 From: Graham Rounds Date: Thu, 7 Sep 2017 10:57:02 -0700 Subject: [PATCH 6/7] Specify python interpreter for localhost This causes local actions to use the current python environment rather than the global path. If this is not specified, then the global python path is used (i.e. /usr/bin/python) where some of the required python modules are not installed --- inventory/openstack_hosts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/openstack_hosts b/inventory/openstack_hosts index 16c7fed5..d9d94720 100644 --- a/inventory/openstack_hosts +++ b/inventory/openstack_hosts @@ -1,2 +1,2 @@ [localhost] -localhost ansible_become=no ansible_connection=local +localhost ansible_become=no ansible_connection=local ansible_python_interpreter="/usr/bin/env python" \ No newline at end of file From b955cd7f09ce6de0c23a57172df206bea0556077 Mon Sep 17 00:00:00 2001 From: Graham Rounds Date: Thu, 7 Sep 2017 10:57:45 -0700 Subject: [PATCH 7/7] Remove br_netfilter & add tun kernel modules This is to keep autodeploy in line with our best practices as defined in our neutron prerequisites support article. --- roles/neutron-prerequisites/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/neutron-prerequisites/defaults/main.yml b/roles/neutron-prerequisites/defaults/main.yml index 4cf3dab2..77ec167c 100644 --- a/roles/neutron-prerequisites/defaults/main.yml +++ b/roles/neutron-prerequisites/defaults/main.yml @@ -9,4 +9,4 @@ neutron_kernel_modules: - 8021q - bonding - bridge - - br_netfilter + - tun \ No newline at end of file