From 92541b6da63de5dfe8af098a41bbc1ac690b8f39 Mon Sep 17 00:00:00 2001 From: Jan Orel Date: Fri, 16 Aug 2024 11:32:39 +0200 Subject: [PATCH] M #-: Various oneprovison/ansible updates (#3202) - allow newer ansible in provision - remove unsused files, roles - simplify opennebula-node-kvm - remove unsued ceonts files, - rename yaml -> yml - replace `include:` with `include_tasks:` - don't restart frr - bump Ceph version in HCI to Reef, adopt ceph-opennebula-mon --- share/oneprovision/ansible/ansible.cfg.erb | 12 +-- .../ansible/ceph_hci/group_vars.yml.erb | 10 +-- .../roles/ceph-opennebula-mon/tasks/auth.yml | 15 ++-- .../roles/ceph-opennebula-mon/tasks/main.yml | 6 +- .../roles/ceph-opennebula-osd/tasks/main.yml | 2 +- .../roles/ddc/tasks/clean_netconfigs.yml | 39 --------- .../ansible/roles/ddc/tasks/main.yml | 2 - .../ansible/roles/frr/handlers/main.yml | 4 + .../ansible/roles/frr/tasks/main.yml | 8 +- .../ansible/roles/iptables/tasks/main.yml | 6 +- .../ansible/roles/iptables/tasks/redhat.yml | 27 ------- .../defaults/{main.yaml => main.yml} | 8 -- .../opennebula-node-kvm/tasks/centos.yml | 81 ------------------- .../opennebula-node-kvm/tasks/debian.yml | 22 ----- .../roles/opennebula-node-kvm/tasks/kvm.yaml | 28 ------- .../opennebula-node-kvm/tasks/libvirt.yaml | 7 -- .../opennebula-node-kvm/tasks/libvirt.yml | 24 +----- .../roles/opennebula-node-kvm/tasks/main.yaml | 18 ----- .../roles/opennebula-node-kvm/tasks/main.yml | 20 ++--- .../opennebula-node-kvm/tasks/security.yaml | 39 --------- .../opennebula-node-kvm/tasks/security.yml | 23 ++---- .../opennebula-node-lxc/defaults/main.yml | 8 -- .../opennebula-node-lxc/tasks/centos.yml | 29 ------- .../opennebula-node-lxc/tasks/debian.yml | 10 --- .../roles/opennebula-node-lxc/tasks/main.yml | 10 --- .../opennebula-node-lxc/tasks/security.yml | 31 ------- .../opennebula-repository/defaults/main.yml | 6 -- .../opennebula-repository/handlers/main.yml | 13 --- .../opennebula-repository/tasks/centos.yml | 39 --------- .../opennebula-repository/tasks/main.yaml | 9 --- .../tasks/{debian.yml => main.yml} | 1 - .../roles/opennebula-ssh/tasks/main.yml | 6 +- .../ansible/roles/python/README.md | 17 ---- .../roles/update-replica/tasks/main.yml | 16 ---- .../metal/provisions/vultr.yml | 2 +- .../virtual/provisions/aws-hci.yml | 2 +- .../virtual/provisions/aws.yml | 2 +- .../virtual/provisions/digitalocean.yml | 2 +- .../virtual/provisions/google.yml | 2 +- .../virtual/provisions/vultr.yml | 2 +- .../metal/provisions/aws-hci.yml | 2 +- .../edge-clusters/metal/provisions/aws.yml | 2 +- .../metal/provisions/equinix.yml | 2 +- .../metal/provisions/onprem-hci.yml | 2 +- .../edge-clusters/metal/provisions/onprem.yml | 2 +- src/oneprovision/lib/provision/ansible.rb | 4 +- 46 files changed, 69 insertions(+), 553 deletions(-) delete mode 100644 share/oneprovision/ansible/roles/ddc/tasks/clean_netconfigs.yml create mode 100644 share/oneprovision/ansible/roles/frr/handlers/main.yml delete mode 100644 share/oneprovision/ansible/roles/iptables/tasks/redhat.yml rename share/oneprovision/ansible/roles/opennebula-node-kvm/defaults/{main.yaml => main.yml} (63%) delete mode 100644 share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/centos.yml delete mode 100644 share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/debian.yml delete mode 100644 share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/kvm.yaml delete mode 100644 share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/libvirt.yaml delete mode 100644 share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/main.yaml delete mode 100644 share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/security.yaml delete mode 100644 share/oneprovision/ansible/roles/opennebula-node-lxc/defaults/main.yml delete mode 100644 share/oneprovision/ansible/roles/opennebula-node-lxc/tasks/centos.yml delete mode 100644 share/oneprovision/ansible/roles/opennebula-node-lxc/tasks/debian.yml delete mode 100644 share/oneprovision/ansible/roles/opennebula-node-lxc/tasks/security.yml delete mode 100644 share/oneprovision/ansible/roles/opennebula-repository/handlers/main.yml delete mode 100644 share/oneprovision/ansible/roles/opennebula-repository/tasks/centos.yml delete mode 100644 share/oneprovision/ansible/roles/opennebula-repository/tasks/main.yaml rename share/oneprovision/ansible/roles/opennebula-repository/tasks/{debian.yml => main.yml} (99%) delete mode 100644 share/oneprovision/ansible/roles/python/README.md delete mode 100644 share/oneprovision/ansible/roles/update-replica/tasks/main.yml diff --git a/share/oneprovision/ansible/ansible.cfg.erb b/share/oneprovision/ansible/ansible.cfg.erb index 2f950355403..eb75beb1a9a 100644 --- a/share/oneprovision/ansible/ansible.cfg.erb +++ b/share/oneprovision/ansible/ansible.cfg.erb @@ -4,12 +4,12 @@ deprecation_warnings = False display_skipped_hosts = False stdout_callback = yaml host_key_checking = False -roles_path = <%= ans_loc %>/roles:/var/lib/one/.ansible/roles:/var/lib/one/.ansible/ceph-7.0/roles -action_plugins = /var/lib/one/.ansible/ceph-7.0/plugins/actions -callback_plugins = /var/lib/one/.ansible/ceph-7.0/plugins/callback -filter_plugins = /var/lib/one/.ansible/ceph-7.0/plugins/filter -library = /var/lib/one/.ansible/ceph-7.0/library -module_utils = /var/lib/one/.ansible/ceph-7.0/module_utils +roles_path = <%= ans_loc %>/roles:/var/lib/one/.ansible/roles:/var/lib/one/.ansible/ceph-8.0/roles +action_plugins = /var/lib/one/.ansible/ceph-8.0/plugins/actions +callback_plugins = /var/lib/one/.ansible/ceph-8.0/plugins/callback +filter_plugins = /var/lib/one/.ansible/ceph-8.0/plugins/filter +library = /var/lib/one/.ansible/ceph-8.0/library +module_utils = /var/lib/one/.ansible/ceph-8.0/module_utils [privilege_escalation] become = yes diff --git a/share/oneprovision/ansible/ceph_hci/group_vars.yml.erb b/share/oneprovision/ansible/ceph_hci/group_vars.yml.erb index 13319e9e0a2..073fec325f5 100644 --- a/share/oneprovision/ansible/ceph_hci/group_vars.yml.erb +++ b/share/oneprovision/ansible/ceph_hci/group_vars.yml.erb @@ -1,16 +1,12 @@ --- # Ceph basics ceph_origin: repository -ceph_repository: uca +ceph_repository: community ceph_rhcs_version: 7 -ceph_stable_release: quincy -ceph_stable_release_num: 17 +ceph_stable_release: reef +ceph_stable_release_num: 18 dashboard_enabled: false configure_firewall: false -ceph_stable_mapping: - '20': yoga - '22': bobcat -ceph_stable_openstack_release_uca: "{{ ceph_stable_mapping[ansible_distribution_major_version] }}" # ceph overrides (applying in ceph.conf) ceph_conf_overrides: diff --git a/share/oneprovision/ansible/roles/ceph-opennebula-mon/tasks/auth.yml b/share/oneprovision/ansible/roles/ceph-opennebula-mon/tasks/auth.yml index d1dbb472c0a..95b1d43c842 100644 --- a/share/oneprovision/ansible/roles/ceph-opennebula-mon/tasks/auth.yml +++ b/share/oneprovision/ansible/roles/ceph-opennebula-mon/tasks/auth.yml @@ -1,13 +1,12 @@ --- -- name: Set Ceph auth command init - set_fact: ceph_opennebula_mon_pools_auth=[] +- name: Create oneadmin keys + vars: + _profiles_with_pools: >- + {{ ceph_opennebula_mon_pools | map(attribute='name') + | map('regex_replace', '^', 'profile rbd pool=') + | join(',') }} -- name: Set Ceph auth command pools - set_fact: ceph_opennebula_mon_pools_auth="{{ ceph_opennebula_mon_pools_auth }} + [ 'profile rbd pool={{ item.name }}' ]" - with_items: "{{ ceph_opennebula_mon_pools }}" - -- name: Create oneadmin keys for Ceph Luminous+ - command: ceph auth get-or-create client.oneadmin mon 'profile rbd' osd '{{ ceph_opennebula_mon_pools_auth | join(",") }}' + command: ceph auth get-or-create client.oneadmin mon 'profile rbd' osd '{{ _profiles_with_pools }}' changed_when: false - name: get oneadmin key diff --git a/share/oneprovision/ansible/roles/ceph-opennebula-mon/tasks/main.yml b/share/oneprovision/ansible/roles/ceph-opennebula-mon/tasks/main.yml index 4c26f528718..bc05841d086 100644 --- a/share/oneprovision/ansible/roles/ceph-opennebula-mon/tasks/main.yml +++ b/share/oneprovision/ansible/roles/ceph-opennebula-mon/tasks/main.yml @@ -2,8 +2,8 @@ - name: open /etc/ceph file: path=/etc/ceph mode=0755 -- include: pool.yml +- include_tasks: pool.yml -- include: auth.yml +- include_tasks: auth.yml -- include: tunables.yml +- include_tasks: tunables.yml diff --git a/share/oneprovision/ansible/roles/ceph-opennebula-osd/tasks/main.yml b/share/oneprovision/ansible/roles/ceph-opennebula-osd/tasks/main.yml index ef105804ccd..6eeec753271 100644 --- a/share/oneprovision/ansible/roles/ceph-opennebula-osd/tasks/main.yml +++ b/share/oneprovision/ansible/roles/ceph-opennebula-osd/tasks/main.yml @@ -25,7 +25,7 @@ # configure libvirt secretes - name: Include libvirt configuration tasks - include: libvirt.yml + include_tasks: libvirt.yml when: ceph_opennebula_osd_libvirt_enabled # stop and disable docker on hypervisors diff --git a/share/oneprovision/ansible/roles/ddc/tasks/clean_netconfigs.yml b/share/oneprovision/ansible/roles/ddc/tasks/clean_netconfigs.yml deleted file mode 100644 index 08d583ecb0b..00000000000 --- a/share/oneprovision/ansible/roles/ddc/tasks/clean_netconfigs.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- - -#TODO: fix just once -- name: Disable obsolete network configuration - shell: | - ip link >/dev/null || exit 1 - - CHANGED='' - for FILE in ifcfg-*; do - # skip interfaces disabled "on boot" - if grep -q -i '^ONBOOT=["'\'']no' ${FILE}; then - continue - fi - - # get interface name from configuration or filename - IFACE=$(awk -F= 'toupper($1) ~ /(DEVICE|NAME)/ { gsub("['\''\"]", "", $2); print $2; exit }' ${FILE}) - IFACE=${IFACE:-${FILE##ifcfg-}} - - # if interface does not exist, disable configuration - if ! ip link show ${IFACE} >/dev/null 2>&1; then - CHANGED=yes - mv ${FILE} disabled-${FILE} - fi - done - - # As a result of obsolete configuration, the network service - # could end up in the failed state. Restart of the networking - # might fail later, because only service start is triggered - # (without prior stop). We try to manually put the interfaces down, - # and restart the networking to fix the service state. - # https://github.com/OpenNebula/one/issues/3080 - if [ -n "${CHANGED}" ] && systemctl is-failed network.service >/dev/null 2>&1; then - ifdown ifcfg-* || : - systemctl restart network.service - fi - args: - executable: /bin/bash - chdir: /etc/sysconfig/network-scripts - when: ansible_os_family == "RedHat" diff --git a/share/oneprovision/ansible/roles/ddc/tasks/main.yml b/share/oneprovision/ansible/roles/ddc/tasks/main.yml index 9dc792c5a35..bafe9b681a1 100644 --- a/share/oneprovision/ansible/roles/ddc/tasks/main.yml +++ b/share/oneprovision/ansible/roles/ddc/tasks/main.yml @@ -13,5 +13,3 @@ masked: yes state: stopped ignore_errors: yes - -- include: clean_netconfigs.yml diff --git a/share/oneprovision/ansible/roles/frr/handlers/main.yml b/share/oneprovision/ansible/roles/frr/handlers/main.yml new file mode 100644 index 00000000000..b2a148fb3e6 --- /dev/null +++ b/share/oneprovision/ansible/roles/frr/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart frr + service: + name: frr + state: restarted diff --git a/share/oneprovision/ansible/roles/frr/tasks/main.yml b/share/oneprovision/ansible/roles/frr/tasks/main.yml index b4b47e12353..b6de0ba2001 100644 --- a/share/oneprovision/ansible/roles/frr/tasks/main.yml +++ b/share/oneprovision/ansible/roles/frr/tasks/main.yml @@ -56,6 +56,7 @@ template: src: bgpd_rr.conf.j2 dest: /etc/frr/bgpd.conf + notify: restart frr when: - vars['ansible_' + frr_iface].ipv4.address is defined - vars['ansible_' + frr_iface].ipv4.address in rr_servers @@ -64,6 +65,7 @@ template: src: bgpd.conf.j2 dest: /etc/frr/bgpd.conf + notify: restart frr when: - vars['ansible_' + frr_iface].ipv4.address is defined - not vars['ansible_' + frr_iface].ipv4.address in rr_servers @@ -72,27 +74,31 @@ template: src: zebra.conf.j2 dest: /etc/frr/zebra.conf + notify: restart frr when: frr_zebra == true - name: Configure Staticd template: src: staticd.conf.j2 dest: /etc/frr/staticd.conf + notify: restart frr when: frr_zebra == true - name: Remove frr.conf file: path: /etc/frr/frr.conf state: absent + notify: restart frr - name: Enable BGP daemon replace: path: /etc/frr/daemons regexp: '^bgpd=no' replace: 'bgpd=yes' + notify: restart frr - name: Start FRR service service: name: frr - state: restarted + state: started enabled: yes diff --git a/share/oneprovision/ansible/roles/iptables/tasks/main.yml b/share/oneprovision/ansible/roles/iptables/tasks/main.yml index f4f3d05df67..cc288754ac2 100644 --- a/share/oneprovision/ansible/roles/iptables/tasks/main.yml +++ b/share/oneprovision/ansible/roles/iptables/tasks/main.yml @@ -9,10 +9,8 @@ reload: yes - block: - - include: redhat.yml - when: ansible_os_family == "RedHat" - - include: debian.yml + - include_tasks: debian.yml when: ansible_os_family == "Debian" when: iptables_manage_persistent -- include: rules.yml +- include_tasks: rules.yml diff --git a/share/oneprovision/ansible/roles/iptables/tasks/redhat.yml b/share/oneprovision/ansible/roles/iptables/tasks/redhat.yml deleted file mode 100644 index f8a6fe907a6..00000000000 --- a/share/oneprovision/ansible/roles/iptables/tasks/redhat.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- - -- name: Uninstall firewalld - package: - name: firewalld - state: absent - -- name: Install iptables-services - package: - name: iptables-services - state: present - -- name: Create persistent rules configurations - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: 'rules.v4.j2', dest: '/etc/sysconfig/iptables' } - - { src: 'rules.v6.j2', dest: '/etc/sysconfig/ip6tables' } - -- name: Enable iptables services - service: - name: iptables - enabled: true - with_items: - - iptables - - ip6tables diff --git a/share/oneprovision/ansible/roles/opennebula-node-kvm/defaults/main.yaml b/share/oneprovision/ansible/roles/opennebula-node-kvm/defaults/main.yml similarity index 63% rename from share/oneprovision/ansible/roles/opennebula-node-kvm/defaults/main.yaml rename to share/oneprovision/ansible/roles/opennebula-node-kvm/defaults/main.yml index fdd552e4fad..8ae39769914 100644 --- a/share/oneprovision/ansible/roles/opennebula-node-kvm/defaults/main.yaml +++ b/share/oneprovision/ansible/roles/opennebula-node-kvm/defaults/main.yml @@ -2,16 +2,8 @@ ############################################################################### # Valid defaults ############################################################################### - -# Whether to use the ev package for kvm -opennebula_node_kvm_use_ev: False - # Enable nested KVM virtualization opennebula_node_kvm_param_nested: False # Enable KVM configuration opennebula_node_kvm_manage_kvm: True - -# SELinux booleans to configure -opennebula_node_selinux_booleans: - - { name: 'virt_use_nfs', state: 'yes' } diff --git a/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/centos.yml b/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/centos.yml deleted file mode 100644 index 1ac855eb546..00000000000 --- a/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/centos.yml +++ /dev/null @@ -1,81 +0,0 @@ ---- - -- block: - - name: Update centos-release package - yum: name=centos-release state=latest - register: yum_result - until: yum_result is succeeded - retries: 3 - delay: 10 - - name: Install qemu-ev repository - yum: name=centos-release-qemu-ev state=latest - register: yum_result - until: yum_result is succeeded - retries: 3 - delay: 10 - - name: Install qemu-kvm-ev - yum: name=qemu-kvm-ev state=present - register: yum_result - until: yum_result is succeeded - retries: 3 - delay: 10 - when: - - ansible_distribution == "CentOS" - - ansible_distribution_major_version == "7" - - opennebula_node_kvm_use_ev - -- block: - - name: Enable RHEV repo - command: subscription-manager repos --enable {{ opennebula_node_kvm_rhev_repo }} - register: sm_result - until: sm_result is succeeded - retries: 3 - delay: 10 - - name: Instal RHEV - yum: name=qemu-kvm-rhev state=latest - until: yum_result is succeeded - retries: 3 - delay: 10 - when: - - ansible_distribution == "RedHat" - - ansible_distribution_major_version == "7" - - opennebula_node_kvm_use_ev - -- name: Install qemu-kvm (base) - yum: name=qemu-kvm state=present - register: yum_result - until: yum_result is succeeded - retries: 3 - delay: 10 - when: not opennebula_node_kvm_use_ev or ansible_distribution_major_version != "7" - -# Update to a fixed mkswap -# * Wed Jan 31 2018 Karel Zak 2.23.2-51 -# - fix #1538545 - SELinux error creating swap file -- name: Update util-linux - package: - name: util-linux - state: latest - register: pkg_result - until: pkg_result is succeeded - retries: 3 - delay: 10 - -- name: Install libgcrypt - package: - name: libgcrypt - state: latest - register: pkg_result - until: pkg_result is succeeded - retries: 3 - delay: 10 - when: - - ansible_os_family == "RedHat" - - ansible_distribution_major_version == "8" - -- name: Install OpenNebula node KVM package - yum: name=opennebula-node-kvm state=latest - register: yum_result - until: yum_result is succeeded - retries: 3 - delay: 10 diff --git a/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/debian.yml b/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/debian.yml deleted file mode 100644 index 06e3ecd29be..00000000000 --- a/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/debian.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- - -- name: Install OpenNebula node package - apt: - name: opennebula-node - state: latest - register: apt_result - until: apt_result is success - retries: 3 - delay: 10 - -# RHEL / CentOS compatibility -- name: Create /usr/libexec - file: - path: '/usr/libexec' - state: directory - -- name: Create symlink /usr/libexec/qemu-kvm - file: - src: /usr/bin/qemu-system-x86_64 - dest: /usr/libexec/qemu-kvm - state: link diff --git a/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/kvm.yaml b/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/kvm.yaml deleted file mode 100644 index d8ab3982bde..00000000000 --- a/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/kvm.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- - -- name: Configure KVM module - template: - src: kvm.conf.j2 - dest: "{{ '/etc/modprobe.d/kvm.conf' if ansible_os_family == 'RedHat' else '/etc/modprobe.d/qemu-system-x86.conf' }}" - register: template - -- name: Unload KVM modules for reconfiguration - modprobe: - name: "{{ item }}" - state: absent - with_items: - - kvm_intel - - kvm_amd - register: modprobe_result - until: modprobe_result is success - retries: 3 - delay: 10 - when: template.changed - -- name: Load KVM on Intel - modprobe: name=kvm_intel state=present - when: ansible_processor | intersect(["GenuineIntel"]) - -- name: Load KVM on AMD - modprobe: name=kvm_amd state=present - when: ansible_processor | intersect(["AuthenticAMD"]) diff --git a/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/libvirt.yaml b/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/libvirt.yaml deleted file mode 100644 index 28113bcba95..00000000000 --- a/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/libvirt.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- name: Restart Libvirtd (Ubuntu from 18.10) - service: - name: libvirtd - state: restarted - enabled: yes diff --git a/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/libvirt.yml b/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/libvirt.yml index d9fc60a9f05..4567c74dc23 100644 --- a/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/libvirt.yml +++ b/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/libvirt.yml @@ -1,28 +1,6 @@ --- -- name: Restart Libvirtd (RedHat) +- name: Restart Libvirtd service: name: libvirtd state: restarted enabled: yes - when: ansible_os_family == "RedHat" - -- name: Restart Libvirtd (Debian) - service: - name: libvirtd - state: restarted - enabled: yes - when: ansible_distribution == "Debian" - -- name: Restart Libvirt-bin (Ubuntu up to 18.04) - service: - name: libvirt-bin - state: restarted - enabled: yes - when: ansible_distribution == "Ubuntu" and ansible_distribution_version|float < 18.10 - -- name: Restart Libvirtd (Ubuntu from 18.10) - service: - name: libvirtd - state: restarted - enabled: yes - when: ansible_distribution == "Ubuntu" and ansible_distribution_version|float >= 18.10 diff --git a/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/main.yaml b/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/main.yaml deleted file mode 100644 index 52b6d2b0e91..00000000000 --- a/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/main.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- name: Install OpenNebula node-kvm package - apt: - name: opennebula-node-kvm - state: fixed - retries: 3 - delay: 10 - -- include: kvm.yaml - when: opennebula_node_kvm_manage_kvm == True - -- include: libvirt.yaml -- include: security.yaml - -- name: "create datastore for ONE_LOCATION" - file: path={{ one_location }}/var/datastores owner=oneadmin group=oneadmin state=directory - when: one_location is defined diff --git a/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/main.yml b/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/main.yml index bcf12e2fe47..9c56c257e98 100644 --- a/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/main.yml +++ b/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/main.yml @@ -1,16 +1,18 @@ --- +- name: Install OpenNebula node package + apt: + name: opennebula-node + state: latest + register: apt_result + until: apt_result is success + retries: 3 + delay: 10 -- include: centos.yml - when: ansible_os_family == "RedHat" - -- include: debian.yml - when: ansible_os_family == "Debian" - -- include: kvm.yml +- include_tasks: kvm.yml when: opennebula_node_kvm_manage_kvm == True -- include: libvirt.yml -- include: security.yml +- include_tasks: libvirt.yml +- include_tasks: security.yml - name: "create datastore for ONE_LOCATION" file: path={{ one_location }}/var/datastores owner=oneadmin group=oneadmin state=directory diff --git a/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/security.yaml b/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/security.yaml deleted file mode 100644 index b8eb1d3329e..00000000000 --- a/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/security.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- - -# SELinux -- block: - - name: Set SELinux booleans - seboolean: - name: '{{ item.name }}' - state: '{{ item.state }}' - persistent: yes - with_items: '{{ opennebula_node_selinux_booleans }}' - when: - - ansible_selinux.status == 'enabled' - - ansible_os_family == "RedHat" - -# AppArmor -- name: Check if AppArmor configuration exists - stat: path=/etc/apparmor.d/abstractions/libvirt-qemu - register: apparmor_libvirt_qemu - -- block: - - name: Add permissions to apparmor - lineinfile: - dest: /etc/apparmor.d/abstractions/libvirt-qemu - line: "{{ item }}" - with_items: - - " /srv/** rwk," - - " /var/lib/one/datastores/** rwk," - - - name: Reload apparmor - service: - name: apparmor - state: reloaded - register: service_result - failed_when: - - service_result is failed - - "'find' not in service_result.msg and 'found' not in service_result.msg" - when: - - ansible_os_family == 'Debian' - - apparmor_libvirt_qemu.stat.exists == True diff --git a/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/security.yml b/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/security.yml index f85ee4c4ced..335449df861 100644 --- a/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/security.yml +++ b/share/oneprovision/ansible/roles/opennebula-node-kvm/tasks/security.yml @@ -1,18 +1,8 @@ --- +- name: Check if AppArmor configuration exists + stat: path=/etc/apparmor.d/abstractions/libvirt-qemu + register: apparmor_libvirt_qemu -# SELinux -- block: - - name: Set SELinux booleans - seboolean: - name: '{{ item.name }}' - state: '{{ item.state }}' - persistent: yes - with_items: '{{ opennebula_node_selinux_booleans }}' - when: - - ansible_selinux.status == 'enabled' - - ansible_os_family == "RedHat" - -# AppArmor - block: - name: Add permissions to apparmor lineinfile: @@ -27,5 +17,8 @@ name: apparmor state: reloaded register: service_result - failed_when: "service_result is failed and ('find' not in service_result.msg and 'found' not in service_result.msg)" - when: ansible_distribution == "Ubuntu" + failed_when: + - service_result is failed + - "'find' not in service_result.msg and 'found' not in service_result.msg" + when: + - apparmor_libvirt_qemu.stat.exists == True diff --git a/share/oneprovision/ansible/roles/opennebula-node-lxc/defaults/main.yml b/share/oneprovision/ansible/roles/opennebula-node-lxc/defaults/main.yml deleted file mode 100644 index 83f2e2e436a..00000000000 --- a/share/oneprovision/ansible/roles/opennebula-node-lxc/defaults/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -############################################################################### -# Valid defaults -############################################################################### - -# SELinux booleans to configure -opennebula_node_selinux_booleans: - - { name: 'virt_use_nfs', state: 'yes' } diff --git a/share/oneprovision/ansible/roles/opennebula-node-lxc/tasks/centos.yml b/share/oneprovision/ansible/roles/opennebula-node-lxc/tasks/centos.yml deleted file mode 100644 index 50de6456841..00000000000 --- a/share/oneprovision/ansible/roles/opennebula-node-lxc/tasks/centos.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- - -- name: Update util-linux - package: - name: util-linux - state: latest - register: pkg_result - until: pkg_result is succeeded - retries: 3 - delay: 10 - -- name: Install libgcrypt - package: - name: libgcrypt - state: latest - register: pkg_result - until: pkg_result is succeeded - retries: 3 - delay: 10 - when: - - ansible_os_family == "RedHat" - - ansible_distribution_major_version == "8" - -- name: Install OpenNebula node LXC package - yum: name=opennebula-node-lxc state=latest - register: yum_result - until: yum_result is succeeded - retries: 3 - delay: 10 diff --git a/share/oneprovision/ansible/roles/opennebula-node-lxc/tasks/debian.yml b/share/oneprovision/ansible/roles/opennebula-node-lxc/tasks/debian.yml deleted file mode 100644 index bd2f34ae347..00000000000 --- a/share/oneprovision/ansible/roles/opennebula-node-lxc/tasks/debian.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: Install OpenNebula node LXC package - apt: - name: opennebula-node-lxc - state: latest - register: apt_result - until: apt_result is success - retries: 3 - delay: 10 diff --git a/share/oneprovision/ansible/roles/opennebula-node-lxc/tasks/main.yml b/share/oneprovision/ansible/roles/opennebula-node-lxc/tasks/main.yml index c808795da64..4aa39cdb551 100644 --- a/share/oneprovision/ansible/roles/opennebula-node-lxc/tasks/main.yml +++ b/share/oneprovision/ansible/roles/opennebula-node-lxc/tasks/main.yml @@ -1,14 +1,4 @@ --- - -# Workaround for non-unified cgroups v2 not supported by Firecracker yet -# https://github.com/firecracker-microvm/firecracker/issues/841 ? -- name: Reconfigure cgroups - include_role: - name: cgroups1 - when: | - (ansible_distribution == 'Fedora') or - (ansible_distribution == 'Debian' and ansible_distribution_version is version_compare('11', '>=')) - - name: Install OpenNebula node LXC package package: name: opennebula-node-lxc diff --git a/share/oneprovision/ansible/roles/opennebula-node-lxc/tasks/security.yml b/share/oneprovision/ansible/roles/opennebula-node-lxc/tasks/security.yml deleted file mode 100644 index f85ee4c4ced..00000000000 --- a/share/oneprovision/ansible/roles/opennebula-node-lxc/tasks/security.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- - -# SELinux -- block: - - name: Set SELinux booleans - seboolean: - name: '{{ item.name }}' - state: '{{ item.state }}' - persistent: yes - with_items: '{{ opennebula_node_selinux_booleans }}' - when: - - ansible_selinux.status == 'enabled' - - ansible_os_family == "RedHat" - -# AppArmor -- block: - - name: Add permissions to apparmor - lineinfile: - dest: /etc/apparmor.d/abstractions/libvirt-qemu - line: "{{ item }}" - with_items: - - " /srv/** rwk," - - " /var/lib/one/datastores/** rwk," - - - name: Reload apparmor - service: - name: apparmor - state: reloaded - register: service_result - failed_when: "service_result is failed and ('find' not in service_result.msg and 'found' not in service_result.msg)" - when: ansible_distribution == "Ubuntu" diff --git a/share/oneprovision/ansible/roles/opennebula-repository/defaults/main.yml b/share/oneprovision/ansible/roles/opennebula-repository/defaults/main.yml index 4958f065856..91cb237f717 100644 --- a/share/oneprovision/ansible/roles/opennebula-repository/defaults/main.yml +++ b/share/oneprovision/ansible/roles/opennebula-repository/defaults/main.yml @@ -9,9 +9,3 @@ opennebula_repository_version: '6.9' # Repository of the OpenNebula packages opennebula_repository_base: 'https://downloads.opennebula.io/repo/{{ opennebula_repository_version }}' - -# Enable GPG check for the packages -opennebula_repository_gpgcheck: yes - -# Enable GPG check for the repos (RHEL/CentOS only) -opennebula_repository_repo_gpgcheck: yes diff --git a/share/oneprovision/ansible/roles/opennebula-repository/handlers/main.yml b/share/oneprovision/ansible/roles/opennebula-repository/handlers/main.yml deleted file mode 100644 index a0789731f38..00000000000 --- a/share/oneprovision/ansible/roles/opennebula-repository/handlers/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- - -- name: Clean APT metadata - command: apt-get clean - when: ansible_os_family == "Debian" - listen: "clean repository metadata" - -- name: Clean YUM metadata - command: yum clean metadata - args: - warn: no - when: ansible_os_family == "RedHat" - listen: "clean repository metadata" diff --git a/share/oneprovision/ansible/roles/opennebula-repository/tasks/centos.yml b/share/oneprovision/ansible/roles/opennebula-repository/tasks/centos.yml deleted file mode 100644 index ffbf48cb779..00000000000 --- a/share/oneprovision/ansible/roles/opennebula-repository/tasks/centos.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- name: Install EPEL in CentOS - yum: name=epel-release state=installed - when: ansible_distribution == "CentOS" - -- name: Add repository GPG key for EPEL - rpm_key: - key: https://download-ib01.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 - when: ansible_distribution == "RedHat" - -- name: Install EPEL in RHEL - yum_repository: - name: epel - description: Extra Packages for Enterprise Linux 7 - mirrorlist: https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=x86_64 - failovermethod: priority - gpgcheck: yes - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 - when: ansible_distribution == "RedHat" - -- name: Add repository GPG key for RPM - rpm_key: key=https://downloads.opennebula.io/repo/repo2.key - when: opennebula_repository_gpgcheck | bool - -- name: Add OpenNebula repository - yum_repository: - name: opennebula - description: OpenNebula packages - baseurl: "{{ opennebula_repository_base }}/CentOS/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}" - gpgkey: https://downloads.opennebula.io/repo/repo2.key - gpgcheck: "{{ opennebula_repository_gpgcheck }}" - repo_gpgcheck: "{{ opennebula_repository_repo_gpgcheck }}" - notify: "clean repository metadata" - -- name: Add repository GPG key for YUM - command: yum -q makecache -y --disablerepo=* --enablerepo=opennebula - args: - creates: "/var/lib/yum/repos/{{ ansible_architecture }}/{{ ansible_distribution_major_version}}/opennebula/gpgdir/pubring.gpg" - when: opennebula_repository_repo_gpgcheck | bool diff --git a/share/oneprovision/ansible/roles/opennebula-repository/tasks/main.yaml b/share/oneprovision/ansible/roles/opennebula-repository/tasks/main.yaml deleted file mode 100644 index e38dfc99ef7..00000000000 --- a/share/oneprovision/ansible/roles/opennebula-repository/tasks/main.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- include: centos.yml - when: ansible_os_family == "RedHat" - -- include: debian.yml - when: ansible_os_family == "Debian" - -- name: Force all notified handler to run now - meta: flush_handlers diff --git a/share/oneprovision/ansible/roles/opennebula-repository/tasks/debian.yml b/share/oneprovision/ansible/roles/opennebula-repository/tasks/main.yml similarity index 99% rename from share/oneprovision/ansible/roles/opennebula-repository/tasks/debian.yml rename to share/oneprovision/ansible/roles/opennebula-repository/tasks/main.yml index 355786cfb72..714ed58c10e 100644 --- a/share/oneprovision/ansible/roles/opennebula-repository/tasks/debian.yml +++ b/share/oneprovision/ansible/roles/opennebula-repository/tasks/main.yml @@ -1,5 +1,4 @@ --- - - name: Install apt-transport-https apt: name: apt-transport-https diff --git a/share/oneprovision/ansible/roles/opennebula-ssh/tasks/main.yml b/share/oneprovision/ansible/roles/opennebula-ssh/tasks/main.yml index 6b65c412f13..3aca26acc7f 100644 --- a/share/oneprovision/ansible/roles/opennebula-ssh/tasks/main.yml +++ b/share/oneprovision/ansible/roles/opennebula-ssh/tasks/main.yml @@ -8,11 +8,11 @@ mode: 0700 state: directory -- include: sshd.yml +- include_tasks: sshd.yml when: opennebula_ssh_manage_sshd == True -- include: deploy_local.yml +- include_tasks: deploy_local.yml when: opennebula_ssh_deploy_local == True -- include: root_authkeys.yml +- include_tasks: root_authkeys.yml when: opennebula_ssh_keys_import_root_keys == True diff --git a/share/oneprovision/ansible/roles/python/README.md b/share/oneprovision/ansible/roles/python/README.md deleted file mode 100644 index 82fdf490f7e..00000000000 --- a/share/oneprovision/ansible/roles/python/README.md +++ /dev/null @@ -1,17 +0,0 @@ -# python - -## Description - -Installs default Python for Debians and Red Hats. - -## Requirements - -No special requirements. - -## Variables - -None - -## Todo list - -None diff --git a/share/oneprovision/ansible/roles/update-replica/tasks/main.yml b/share/oneprovision/ansible/roles/update-replica/tasks/main.yml deleted file mode 100644 index f72e0e880a1..00000000000 --- a/share/oneprovision/ansible/roles/update-replica/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Validate group_vars parameters - assert: - that: - - "{{ sys_ds_ids }} is defined" - - "{{ first_host }} is not none" - -- name: Update replica host - local_action: - module: shell - cmd: onedatastore update {{ item }} - environment: - EDITOR: "sed -i -e 's/REPLICA_HOST=.*/REPLICA_HOST={{ first_host }}/'" - become: false - with_items: "{{ sys_ds_ids }}" - diff --git a/share/oneprovision/edge-clusters-extra/metal/provisions/vultr.yml b/share/oneprovision/edge-clusters-extra/metal/provisions/vultr.yml index 7baa8e31761..85b966947d4 100644 --- a/share/oneprovision/edge-clusters-extra/metal/provisions/vultr.yml +++ b/share/oneprovision/edge-clusters-extra/metal/provisions/vultr.yml @@ -39,7 +39,7 @@ extends: #------------------------------------------------------------------------------- ansible: ver_min: 2.8 - ver_max: 2.13 + ver_max: 2.17 playbook: - vultr_metal diff --git a/share/oneprovision/edge-clusters-extra/virtual/provisions/aws-hci.yml b/share/oneprovision/edge-clusters-extra/virtual/provisions/aws-hci.yml index b0e822db387..a1477bfaad8 100644 --- a/share/oneprovision/edge-clusters-extra/virtual/provisions/aws-hci.yml +++ b/share/oneprovision/edge-clusters-extra/virtual/provisions/aws-hci.yml @@ -41,7 +41,7 @@ extends: #------------------------------------------------------------------------------- ansible: ver_min: 2.12 - ver_max: 2.13 + ver_max: 2.17 playbook: - aws - ceph_hci/site diff --git a/share/oneprovision/edge-clusters-extra/virtual/provisions/aws.yml b/share/oneprovision/edge-clusters-extra/virtual/provisions/aws.yml index f96e02c14de..0f64d0e9c68 100644 --- a/share/oneprovision/edge-clusters-extra/virtual/provisions/aws.yml +++ b/share/oneprovision/edge-clusters-extra/virtual/provisions/aws.yml @@ -41,7 +41,7 @@ extends: #------------------------------------------------------------------------------- ansible: ver_min: 2.8 - ver_max: 2.13 + ver_max: 2.17 playbook: - aws diff --git a/share/oneprovision/edge-clusters-extra/virtual/provisions/digitalocean.yml b/share/oneprovision/edge-clusters-extra/virtual/provisions/digitalocean.yml index ccd5535609b..5c96754aaac 100644 --- a/share/oneprovision/edge-clusters-extra/virtual/provisions/digitalocean.yml +++ b/share/oneprovision/edge-clusters-extra/virtual/provisions/digitalocean.yml @@ -39,7 +39,7 @@ extends: #------------------------------------------------------------------------------- ansible: ver_min: 2.8 - ver_max: 2.13 + ver_max: 2.17 playbook: - digitalocean diff --git a/share/oneprovision/edge-clusters-extra/virtual/provisions/google.yml b/share/oneprovision/edge-clusters-extra/virtual/provisions/google.yml index ba70a5363cf..540cd31f270 100644 --- a/share/oneprovision/edge-clusters-extra/virtual/provisions/google.yml +++ b/share/oneprovision/edge-clusters-extra/virtual/provisions/google.yml @@ -39,7 +39,7 @@ extends: #------------------------------------------------------------------------------- ansible: ver_min: 2.8 - ver_max: 2.13 + ver_max: 2.17 playbook: - google diff --git a/share/oneprovision/edge-clusters-extra/virtual/provisions/vultr.yml b/share/oneprovision/edge-clusters-extra/virtual/provisions/vultr.yml index 7325391257c..c0e323be637 100644 --- a/share/oneprovision/edge-clusters-extra/virtual/provisions/vultr.yml +++ b/share/oneprovision/edge-clusters-extra/virtual/provisions/vultr.yml @@ -39,7 +39,7 @@ extends: #------------------------------------------------------------------------------- ansible: ver_min: 2.8 - ver_max: 2.13 + ver_max: 2.17 playbook: - vultr diff --git a/share/oneprovision/edge-clusters/metal/provisions/aws-hci.yml b/share/oneprovision/edge-clusters/metal/provisions/aws-hci.yml index d9a7d222d80..b85aeb020a6 100644 --- a/share/oneprovision/edge-clusters/metal/provisions/aws-hci.yml +++ b/share/oneprovision/edge-clusters/metal/provisions/aws-hci.yml @@ -41,7 +41,7 @@ extends: #------------------------------------------------------------------------------- ansible: ver_min: 2.12 - ver_max: 2.13 + ver_max: 2.17 playbook: - aws - ceph_hci/site diff --git a/share/oneprovision/edge-clusters/metal/provisions/aws.yml b/share/oneprovision/edge-clusters/metal/provisions/aws.yml index f9d0f16c9fb..e81bcf020cc 100644 --- a/share/oneprovision/edge-clusters/metal/provisions/aws.yml +++ b/share/oneprovision/edge-clusters/metal/provisions/aws.yml @@ -41,7 +41,7 @@ extends: #------------------------------------------------------------------------------- ansible: ver_min: 2.8 - ver_max: 2.13 + ver_max: 2.17 playbook: - aws diff --git a/share/oneprovision/edge-clusters/metal/provisions/equinix.yml b/share/oneprovision/edge-clusters/metal/provisions/equinix.yml index 6f988a87a28..9cd645a7e39 100644 --- a/share/oneprovision/edge-clusters/metal/provisions/equinix.yml +++ b/share/oneprovision/edge-clusters/metal/provisions/equinix.yml @@ -40,7 +40,7 @@ extends: #------------------------------------------------------------------------------- ansible: ver_min: 2.8 - ver_max: 2.13 + ver_max: 2.17 playbook: - equinix diff --git a/share/oneprovision/edge-clusters/metal/provisions/onprem-hci.yml b/share/oneprovision/edge-clusters/metal/provisions/onprem-hci.yml index bfe76f67f92..bee6f07154c 100644 --- a/share/oneprovision/edge-clusters/metal/provisions/onprem-hci.yml +++ b/share/oneprovision/edge-clusters/metal/provisions/onprem-hci.yml @@ -39,7 +39,7 @@ extends: #------------------------------------------------------------------------------- ansible: ver_min: 2.12 - ver_max: 2.13 + ver_max: 2.17 playbook: - aws - ceph_hci/site diff --git a/share/oneprovision/edge-clusters/metal/provisions/onprem.yml b/share/oneprovision/edge-clusters/metal/provisions/onprem.yml index 9bda000ec09..a0277e77afb 100644 --- a/share/oneprovision/edge-clusters/metal/provisions/onprem.yml +++ b/share/oneprovision/edge-clusters/metal/provisions/onprem.yml @@ -39,7 +39,7 @@ extends: #------------------------------------------------------------------------------- ansible: ver_min: 2.8 - ver_max: 2.13 + ver_max: 2.17 playbook: - onprem diff --git a/src/oneprovision/lib/provision/ansible.rb b/src/oneprovision/lib/provision/ansible.rb index adfff23836d..b4c9f3e4655 100644 --- a/src/oneprovision/lib/provision/ansible.rb +++ b/src/oneprovision/lib/provision/ansible.rb @@ -44,8 +44,8 @@ ANSIBLE_ARGS = "--ssh-common-args='-o UserKnownHostsFile=/dev/null'" ANSIBLE_INVENTORY_DEFAULT = 'default' CEPH_ANSIBLE_URL = 'https://github.com/ceph/ceph-ansible.git' -CEPH_ANSIBLE_BRANCH = 'stable-7.0' -CEPH_ANSIBLE_DIR = '/var/lib/one/.ansible/ceph-7.0' +CEPH_ANSIBLE_BRANCH = 'stable-8.0' +CEPH_ANSIBLE_DIR = '/var/lib/one/.ansible/ceph-8.0' module OneProvision