CORD-396 CORD-383 CORD-362 CORD-309 significant rework on networking configuration
Change-Id: Icb3cbac66b33265486ac236572874052fc643b8a
diff --git a/roles/compute-node/files/delete-node-prov-state b/roles/compute-node/files/delete-node-prov-state
index ced8baa..75b2ffa 100755
--- a/roles/compute-node/files/delete-node-prov-state
+++ b/roles/compute-node/files/delete-node-prov-state
@@ -1,6 +1,6 @@
#!/bin/bash
-LIST=$(curl -sS http://$(docker-ip provisioner):4243/provision/ | jq . | grep "node-" | awk '{print $2}' | sed -e 's/"//g')
+LIST=$(curl -sS http://$(docker-ip provisioner):4243/provision/ | jq . | grep "node-" | awk '{print $2}' | sed -e 's/[",]//g')
for i in $LIST; do
echo "DELETE PROV RECORD '$i'"
diff --git a/roles/compute-node/files/get-node-prov-state b/roles/compute-node/files/get-node-prov-state
index 5aa8b29..bb1bc7d 100755
--- a/roles/compute-node/files/get-node-prov-state
+++ b/roles/compute-node/files/get-node-prov-state
@@ -1,3 +1,3 @@
#!/bin/bash
-curl -sS http://$(docker-ip provisioner):4243/provision/ | jq '[.[] | { "id": .request.Info.id, "message": .message, "status": .status, "name": .request.Info.name}]'
+curl -sS http://$(docker-ip provisioner):4243/provision/ | jq '[.[] | { "id": .request.Info.id, "message": .message, "status": .status, "name": .request.Info.name}]' $*
diff --git a/roles/compute-node/files/remove-maas-components b/roles/compute-node/files/remove-maas-components
new file mode 100755
index 0000000..4d85694
--- /dev/null
+++ b/roles/compute-node/files/remove-maas-components
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+docker kill $(docker ps -q)
+docker rm -f $(docker ps -aq)
+docker rmi -f $(docker images -aq)
+
+sudo apt-get remove --purge -y bind9 apache2 docker-engine ansible $(dpkg --get-selections | grep maas | cut -f1)
+
+sudo rm -rf \
+ /etc/maas \
+ /etc/bind \
+ /etc/apache2 \
+ /var/www \
+ /var/log/maas \
+ /var/lib/maas \
+ /etc/apt/apt.conf.d/02apt-cacher-ng \
+ /etc/apt/sources.list.d/apt_dockerproject_org_repo.list \
+ /etc/apt/sources.list.d/ppa_juju_stable_trusty.list \
+ /etc/apt/sources.list.d/docker.list \
+ /etc/apt/sources.list.d/ppa_maas_stable_trusty.list \
+ /etc/apt/sources.list.d/ppa_ansible_ansible_trusty.list \
+ /etc/network/if-pre-up.d/nat \
+ /docker-registry \
+ /docker-registry-mirror
+
+sudo apt-get update -y
+
+# remove NAT rules
+sudo iptables --table nat --delete POSTROUTING --out-interface eth3 -j MASQUERADE
+sudo iptables --delete FORWARD --in-interface mgmtbr -j ACCEPT
+
diff --git a/roles/compute-node/files/rename_ifaces.sh b/roles/compute-node/files/rename_ifaces.sh
deleted file mode 100755
index aa8e07c..0000000
--- a/roles/compute-node/files/rename_ifaces.sh
+++ /dev/null
@@ -1,256 +0,0 @@
-#!/bin/bash
-
-function ip2int {
- local a b c d
- { IFS=. read a b c d; } <<< $1
- echo $(((((((a << 8) | b) << 8) | c) << 8) | d))
-}
-
-function int2ip {
- local ui32=$1; shift
- local ip n
- for n in 1 2 3 4; do
- ip=$((ui32 & 0xff))${ip:+.}$ip
- ui32=$((ui32 >> 8))
- done
- echo $ip
-}
-
-function netmask {
- local mask=$((0xffffffff << (32 - $1))); shift
- int2ip $mask
-}
-
-function broadcast {
- local addr=$(ip2int $1); shift
- local mask=$((0xffffffff << (32 -$1))); shift
- int2ip $((addr | ~mask))
-}
-
-function network {
- local addr=$(ip2int $1); shift
- local mask=$((0xffffffff << (32 -$1))); shift
- int2ip $((addr & mask))
-}
-
-function first {
- local addr=$(ip2int $1)
- addr=`expr $addr + 1`
- int2ip $addr
-}
-
-function guess_type {
- local CNT=$(echo "$1" | sed -e 's/[:.]/ /g' | wc -w)
- if [ $CNT -ne 1 ]; then
- # drop all sub and vlan interfaces
- echo "DNC"
- return
- fi
- local DRIVER=$(ethtool -i $1 2>/dev/null | grep driver | awk '{print $2}')
- local RESULT="DNC"
- MATCH=$(echo "|$FABRIC_IFACE_SPEC|" | grep "|$DRIVER|" | wc -l)
- if [ $MATCH -ne 0 ]; then
- RESULT="FABRIC"
- else
- IS_PHY=$(ls -l /sys/class/net/$1 | grep -v virtual | wc -l)
- if [ $IS_PHY -eq 1 ]; then
- RESULT="ETH"
- fi
- fi
- echo $RESULT
-}
-
-function get_mac {
- echo $(ifconfig $1 | grep HWaddr | awk '{print $5}')
-}
-
-function generate_persistent_names {
- local OUT=$NAMES_FILE
-#"70-persistent-net.rules"
- rm -rf $OUT
-
- IDX=0
- # this will not support more than 10 fabric nics... should be ok. (Famous last words)
- for i in $(cat $1 | sort); do
- echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"$i\", ATTR{dev_id}==\"0x$IDX\", ATTR{type}==\"1\", KERNEL==\"*\", NAME=\"eth$IDX\"" >> $OUT
- IDX=$(expr $IDX + 1)
- done
-
- for i in $(cat $2 | sort); do
- echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"$i\", NAME=\"eth$IDX\"" >> $OUT
- IDX=$(expr $IDX + 1)
- done
-}
-
-# FABRIC_LIST ETH_LIST FAB_IFACE EXT_IFACE MGT_IFACE
-function generate_interfaces {
- OUT=$IFACES_FILE
- rm -rf $OUT
- echo "# This file describes the network interfaces available on your system" >> $OUT
- echo "# and how to activate them. For more information, see interfaces(5)." >> $OUT
- echo "" >> $OUT
- echo "# The loopback network interface" >> $OUT
- echo "auto lo" >> $OUT
- echo "iface lo inet loopback" >> $OUT
- echo "" >> $OUT
-
- IDX=0
- local CNT40=$(cat $1 | wc -w)
- for i in $(cat $1); do
- echo "auto eth$IDX" >> $OUT
- echo "iface eth$IDX inet manual" >> $OUT
- echo " bond-master $3" >> $OUT
- [ -z $FIRST ] && echo " bond-primary eth$IDX" >> $OUT
- FIRST="done"
- echo "" >> $OUT
- IDX=$(expr $IDX + 1)
- done
-
- if [ $CNT40 -ne 0 ]; then
- echo "auto $3" >> $OUT
- echo "iface $3 inet static" >> $OUT
- echo " address $FAB_IP" >> $OUT
- echo " network $FAB_NETWORK" >> $OUT
- echo " netmask $FAB_NETMASK" >> $OUT
- # Make bond-mode configurable
- echo " bond-mode active-backup" >> $OUT
- echo " bond-miimon 100" >> $OUT
- echo " bond-slaves none" >> $OUT
- echo "" >> $OUT
- fi
-
- BRIDGE_PORTS=
- for i in $(cat $2); do
- if [ "eth$IDX" == "$4" ]; then
- echo "auto eth$IDX" >> $OUT
- if [ "$EXT_ADDR" == "dhcp" ]; then
- echo "iface eth$IDX inet dhcp" >> $OUT
- elif [ "$EXT_ADDR" == "manual" ]; then
- echo "iface eth$IDX inet manual" >> $OUT
- else
- echo "iface eth$IDX inet static" >> $OUT
- echo " address $EXT_IP" >> $OUT
- echo " network $EXT_NETWORK" >> $OUT
- echo " netmask $EXT_NETMASK" >> $OUT
- echo " broadcast $EXT_BROADCAST" >> $OUT
- echo " gateway $EXT_GW" >> $OUT
- echo " dns-nameservers 8.8.8.8 8.8.4.4" >> $OUT
- echo " dns-search cord.lab" >> $OUT
- fi
- else
- echo "auto eth$IDX" >> $OUT
- echo "iface eth$IDX inet manual" >> $OUT
- BRIDGE_PORTS="$BRIDGE_PORTS eth$IDX"
- fi
- echo "" >> $OUT
- IDX=$(expr $IDX + 1)
- done
-
- local BRNAME=$5
- local F=$(echo $5 | grep "^eth[0-9]*$" | wc -l)
- if [ $F -ne 0 ]; then
- BRNAME="mgmtbr"
- fi
- local BPCNT=$(echo $BRIDGE_PORTS | wc -w)
- if [ $BPCNT -ne 0 ]; then
- echo "auto $BRNAME" >> $OUT
- if [ "$MGT_ADDR" == "dhcp" ]; then
- echo "iface $BRNAME inet dhcp" >> $OUT
- elif [ "$MGT_ADDR" == "manual" ]; then
- echo "iface $BRNAME inet manual" >> $OUT
- else
- echo "iface $BRNAME inet static" >> $OUT
- echo " address $MGT_IP" >> $OUT
- echo " network $MGT_NETWORK" >> $OUT
- echo " netmask $MGT_NETMASK" >> $OUT
- echo " broadcast $MGT_BROADCAST" >> $OUT
- echo " gateway $MGT_GW" >> $OUT
- fi
- echo " bridge_ports $BRIDGE_PORTS" >> $OUT
- fi
-}
-
-FAB_IFACE=$1
-FAB_ADDR=$2
-FAB_IP=$(echo $FAB_ADDR | cut -d/ -f1)
-FAB_MASKBITS=$(echo $FAB_ADDR | cut -d/ -f2)
-FAB_NETWORK=$(network $FAB_IP $FAB_MASKBITS)
-FAB_NETMASK=$(netmask $FAB_MASKBITS)
-
-EXT_IFACE=$3
-EXT_ADDR=$4
-EXT_GW=$5
-if [ "$EXT_ADDR" != "dhcp" ]; then
- EXT_IP=$(echo $EXT_ADDR | cut -d/ -f1)
- EXT_MASKBITS=$(echo $EXT_ADDR | cut -d/ -f2)
- EXT_NETWORK=$(network $EXT_IP $EXT_MASKBITS)
- EXT_NETMASK=$(netmask $EXT_MASKBITS)
- EXT_BROADCAST=$(broadcast $EXT_IP $EXT_MASKBITS)
- test -z $EXT_GW && EXT_GW=$(first $EXT_ADDR)
-fi
-MGT_IFACE=$6
-MGT_ADDR=$7
-MGT_GW=$8
-if [ "$MGT_ADDR" != "dhcp" ]; then
- MGT_IP=$(echo $MGT_ADDR | cut -d/ -f1)
- MGT_MASKBITS=$(echo $MGT_ADDR | cut -d/ -f2)
- MGT_NETWORK=$(network $MGT_IP $MGT_MASKBITS)
- MGT_NETMASK=$(netmask $MGT_MASKBITS)
- MGT_BROADCAST=$(broadcast $MGT_IP $MGT_MASKBITS)
- test -z $MGT_GW && MGT_GW=$(first $MGT_ADDR)
-fi
-
-FABRIC_IFACE_SPEC=$9
-test -z $FABRIC_IFACE_SPEC && FABRIC_IFACE_SPEC="i40e|mlx4_en"
-
-LIST_ETH=$(mktemp -u)
-LIST_FABRIC=$(mktemp -u)
-IFACES_FILE=$(mktemp -u)
-NAMES_FILE=$(mktemp -u)
-
-IFACES=$(ifconfig -a | grep "^[a-z]" | awk '{print $1}')
-
-for i in $IFACES; do
- TYPE=$(guess_type $i)
- case $TYPE in
- ETH)
- echo "$(get_mac $i)" >> $LIST_ETH
- ;;
- FABRIC)
- echo "$(get_mac $i)" >> $LIST_FABRIC
- ;;
- *) ;;
- esac
-done
-
-CHANGED="false"
-
-generate_interfaces $LIST_FABRIC $LIST_ETH "$FAB_IFACE" "$EXT_IFACE" "$MGT_IFACE"
-
-diff /etc/network/interfaces $IFACES_FILE 2>&1 > /dev/null
-if [ $? -ne 0 ]; then
- CHANGED="true"
- cp /etc/network/interfaces /etc/network/interfaces.1
- cp $IFACES_FILE /etc/network/interfaces
-fi
-
-generate_persistent_names $LIST_FABRIC $LIST_ETH "$FAB_IFACE" "$EXT_IFACE"
-
-if [ -r /etc/udev/rules.d/70-persistent-net.rules ]; then
- diff /etc/udev/rules.d/70-persistent-net.rules $NAMES_FILE 2>&1 > /dev/null
- if [ $? -ne 0 ]; then
- CHANGED="true"
- cp /etc/udev/rules.d/70-persistent-net.rules /etc/udev/rules.d/70-persistent-net.rules.1
- cp $NAMES_FILE /etc/udev/rules.d/70-persistent-net.rules
- fi
-else
- CHANGED="true"
- cp $NAMES_FILE /etc/udev/rules.d/70-persistent-net.rules
-fi
-
-rm -rf $IFACES_FILE
-rm -rf $NAMES_FILE
-rm -rf $LIST_ETH
-rm -rf $LIST_FABRIC
-
-echo -n $CHANGED
diff --git a/roles/compute-node/files/rename_ifaces.sh.back b/roles/compute-node/files/rename_ifaces.sh.back
deleted file mode 100755
index 76056ff..0000000
--- a/roles/compute-node/files/rename_ifaces.sh.back
+++ /dev/null
@@ -1,110 +0,0 @@
-#!/bin/bash
-
-BASE="10.4"
-LEAF="1"
-SERVER="1"
-
-function guess_type {
- local CNT=$(echo "$1" | sed -e 's/[:.]/ /g' | wc -w)
- if [ $CNT -ne 1 ]; then
- # drop all sub and vlan interfaces
- echo "DNC"
- return
- fi
- local DRIVER=$(ethtool -i $1 2>/dev/null | grep driver | awk '{print $2}')
- local RESULT="DNC"
- case $DRIVER in
- i40e)
- RESULT="I40G"
- ;;
- igb)
- RESULT="ETH"
- ;;
- *) ;;
- esac
- echo $RESULT
-}
-
-function get_mac {
- echo $(ifconfig $1 | grep HWaddr | awk '{print $5}')
-}
-
-function generate_persistent_names {
- local OUT="70-persistent-net.rules"
- rm -rf $OUT
-
- IDX=0
- for i in $(cat $1 | sort); do
- echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"$i\", ATTR{dev_id}==\"0x0\", ATTR{type}==\"1\", KERNEL==\"eth*\", NAME=\"eth$IDX\"" >> $OUT
- IDX=$(expr $IDX + 1)
- done
-
- for i in $(cat $2 | sort); do
- echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"$i\", NAME=\"eth$IDX\"" >> $OUT
- IDX=$(expr $IDX + 1)
- done
-}
-
-function generate_interfaces {
- OUT="interfaces"
- rm -rf $OUT
- echo "# This file describes the network interfaces available on your system" >> $OUT
- echo "# and how to activate them. For more information, see interfaces(5)." >> $OUT
- echo "" >> $OUT
- echo "# The loopback network interface" >> $OUT
- echo "auto lo" >> $OUT
- echo "iface lo inet loopback" >> $OUT
- echo "" >> $OUT
-
- IDX=0
- FIRST=1
- for i in $(cat $1); do
- if [ $FIRST -eq 1 ]; then
- echo "auto eth$IDX" >> $OUT
- echo "iface eth$IDX inet static" >> $OUT
- echo " address $BASE.$LEAF.$SERVER" >> $OUT
- echo " network $BASE.$LEAF.0" >> $OUT
- echo " netmask 255.255.255.0" >> $OUT
- FIRST=0
- else
- echo "iface eth$IDX inet manual" >> $OUT
- fi
- echo "" >> $OUT
- IDX=$(expr $IDX + 1)
- done
-
- FIRST=1
- for i in $(cat $2); do
- if [ $FIRST -eq 1 ]; then
- echo "auto eth$IDX" >> $OUT
- echo "iface eth$IDX inet dhcp" >> $OUT
- FIRST=0
- else
- echo "iface eth$IDX inet manual" >> $OUT
- fi
- echo "" >> $OUT
- IDX=$(expr $IDX + 1)
- done
-}
-
-LIST_ETH=$(mktemp -u)
-LIST_40G=$(mktemp -u)
-IFACES=$(ifconfig -a | grep "^[a-z]" | awk '{print $1}')
-
-for i in $IFACES; do
- TYPE=$(guess_type $i)
- case $TYPE in
- ETH)
- echo "$(get_mac $i)" >> $LIST_ETH
- ;;
- I40G)
- echo "$(get_mac $i)" >> $LIST_40G
- ;;
- *) ;;
- esac
-done
-
-generate_persistent_names $LIST_40G $LIST_ETH
-generate_interfaces $LIST_40G $LIST_ETH
-rm -rf $LIST_ETH
-rm -rf $LIST_40G
diff --git a/roles/compute-node/tasks/main.yml b/roles/compute-node/tasks/main.yml
index a61877f..4036daf 100644
--- a/roles/compute-node/tasks/main.yml
+++ b/roles/compute-node/tasks/main.yml
@@ -107,6 +107,7 @@
- get-fabric-config
- get-node-prov-state
- remove-xos-components
+ - remove-maas-components
- post-fabric-config
- pull-latest-docker-images
@@ -150,14 +151,6 @@
tags:
- interface_config
-- name: Consistent Interface Naming
- become: yes
- script: files/rename_ifaces.sh "{{ compute_node.interfaces.fabric }}" "{{ compute_node.addresses.fabric }}" "{{ compute_node.interfaces.external }}" "{{ compute_node.addresses.external }}" "{{ compute_node.gateway.external }}" "{{ compute_node.interfaces.management }}" "{{ compute_node.addresses.management }}" "{{ compute_node.gateway.management }}" "{{ compute_node.fabric_iface_match }}"
- register: ifaces_changed
- changed_when: ifaces_changed.stdout.find("true") != -1
- tags:
- - interface_config
-
- name: Load modules at boot
become: yes
lineinfile:
@@ -169,25 +162,8 @@
- rtc
- bonding
-- name: Reboot Required
+- name: Ensure Network Configuration
become: yes
- command: /sbin/reboot
- async: 0
- poll: 0
- ignore_errors: true
- when: ifaces_changed.stdout.find("true") != -1
+ include: networking.yml
tags:
- interface_config
- - reboot
-
-- name: Ensure Port Defined
- set_fact:
- ansible_ssh_port: 22
- when: ansible_ssh_port is not defined
-
-- name: Wait For Restart
- local_action: wait_for port={{ ansible_ssh_port }} host={{ inventory_hostname }} search_regex=OpenSSH delay=30 timeout=600 connect_timeout=15
- when: ifaces_changed.stdout.find("true") != -1
- tags:
- - interface_config
- - reboot
diff --git a/roles/compute-node/tasks/networking.yml b/roles/compute-node/tasks/networking.yml
new file mode 100644
index 0000000..7586728
--- /dev/null
+++ b/roles/compute-node/tasks/networking.yml
@@ -0,0 +1,213 @@
+---
+- name: Ensure Prerequisites
+ apt:
+ name: "{{ item }}"
+ state: present
+ with_items:
+ - python-ethtool=0.7*
+
+- name: Gather Interface Information
+ netinfo:
+
+- name: Establish Interface Lists
+ set_fact:
+ reboot_required: false
+ fabric_iface_list: []
+ nonfabric_iface_list: []
+ search_list: "|{{ compute_node.fabric_iface_match }}|"
+ changed_when: false
+
+- name: Gather Fabric Interfaces
+ set_fact:
+ fabric_iface_list: "{{ fabric_iface_list + [item] }}"
+ with_items:
+ - "{{ netinfo.keys() | sort }}"
+ when: netinfo[item]['module'] is defined and search_list.find('|' + netinfo[item]['module'] + '|') != -1 and ( not compute_node.interfaces.external or item != compute_node.interfaces.external )
+ changed_when: false
+
+- name: Gather Non-Fabric Interfaces
+ set_fact:
+ nonfabric_iface_list: "{{ nonfabric_iface_list + [item] }}"
+ with_items:
+ - "{{ netinfo.keys() | sort }}"
+ when: netinfo[item]['module'] is defined and search_list.find('|' + netinfo[item]['module'] + '|') == -1 and ( not compute_node.interfaces.external or item != compute_node.interfaces.external )
+ changed_when: false
+
+- name: Ensure Loopback
+ netfile:
+ src: "{{ compute_node.interfaces.file }}"
+ state: present
+ name: lo
+ config: loopback
+ auto: true
+ description: "Loopback interface"
+ register: net_changed
+
+- name: Verify Loopback Change
+ set_fact:
+ reboot_required: "{{ net_changed.changed }}"
+
+- name: Ensure Fabric
+ netfile:
+ src: "{{ compute_node.interfaces.file }}"
+ state: present
+ name: fabric
+ config: static
+ auto: true
+ address: "{{ compute_node.addresses.fabric }}"
+ bond-mode: active-backup
+ bond-miimon: 100
+ bond-slaves: none
+ description: "Leaf - Spine bonded fabric interface"
+ register: net_changed
+
+- name: Verify Network Change
+ set_fact:
+ reboot_required: "{{ reboot_required }} or {{ net_changed.changed }}"
+
+- name: Gather Primary Fabric Interface
+ set_fact:
+ fabric_primary_iface: "{{ fabric_iface_list | sort | first }}"
+ changed_when: false
+ when: fabric_iface_list|length > 0
+
+- name: Ensure Primary Fabric Interface
+ netfile:
+ src: "{{ compute_node.interfaces.file }}"
+ state: present
+ auto: true
+ name: "{{ fabric_primary_iface }}"
+ config: manual
+ bond-master: fabric
+ bond-primary: "{{ fabric_primary_iface }}"
+ description: "Primary fabric interface"
+ register: net_changed
+ when: fabric_iface_list|length > 0
+
+- name: Verify Primary Fabric Interface Changed
+ set_fact:
+ reboot_required: "{{ reboot_required }} or {{ net_changed.changed }}"
+
+- name: Ensure Fabric Interfaces
+ netfile:
+ src: "{{ compute_node.interfaces.file }}"
+ state: present
+ auto: true
+ name: "{{ item }}"
+ config: manual
+ bond-master: fabric
+ description: "Fabric interface"
+ register: net_changed
+ when: fabric_iface_list|length > 1 and item != fabric_primary_iface
+ with_items:
+ - "{{ fabric_iface_list | sort }}"
+
+- name: Verify Fabric Interfaces Changed
+ set_fact:
+ reboot_required: "{{ reboot_required }} or {{ net_changed.changed }}"
+
+- name: Ensure Management Bridge DHCP
+ netfile:
+ src: "{{ compute_node.interfaces.file }}"
+ state: present
+ name: mgmtbr
+ config: "dhcp"
+ auto: true
+ bridge_ports: "{{ nonfabric_iface_list | join(' ') }}"
+ description: "Internal POD management interface"
+ register: net_changed
+ when: compute_node.addresses.management == "dhcp"
+
+- name: Verify Management Bridge DHCP Changed
+ set_fact:
+ reboot_required: "{{ reboot_required }} or {{ net_changed.changed }}"
+
+- name: Ensure Management Bridge STATIC
+ netfile:
+ src: "{{ compute_node.interfaces.file }}"
+ state: present
+ name: mgmtbr
+ config: static
+ auto: true
+ address: "{{ compute_node.addresses.management }}"
+ gateway: "{{ compute_node.gateway.management | default(omit) }}"
+ broadcast: "{{ compute_node.broadcast.management | default(omit) }}"
+ bridge_ports: "{{ nonfabric_iface_list | join(' ') }}"
+ description: "Internal POD management interface"
+ register: net_changed
+ when: compute_node.addresses.management != "dhcp"
+
+- name: Verify Management Bridge STATIC Changed
+ set_fact:
+ reboot_required: "{{ reboot_required }} or {{ net_changed.changed }}"
+
+- name: Ensure Management Bridge Interfaces
+ netfile:
+ src: "{{ compute_node.interfaces.file }}"
+ state: present
+ auto: true
+ name: "{{ item }}"
+ config: manual
+ description: "Management interface"
+ register: net_changed
+ with_items:
+ - "{{ nonfabric_iface_list | sort }}"
+
+- name: Verify Management Bridge Interfaces Changed
+ set_fact:
+ reboot_required: "{{ reboot_required }} or {{ net_changed.changed }}"
+
+- name: Ensure External Interface DHCP
+ netfile:
+ src: "{{ compute_node.interfaces.file }}"
+ state: present
+ auto: true
+ name: "{{ compute_node.interfaces.external }}"
+ config: dhcp
+ description: "External interface from POD to Internet (uplink)"
+ register: net_changed
+ when: compute_node.interfaces.external and compute_node.addresses.external == "dhcp"
+
+- name: Verify External Interface DHCP Changed
+ set_fact:
+ reboot_required: "{{ reboot_required }} or {{ net_changed.changed }}"
+
+- name: Ensure External Interface STATIC
+ netfile:
+ src: "{{ compute_node.interfaces.file }}"
+ state: present
+ auto: true
+ name: "{{ compute_node.interfaces.external }}"
+ config: static
+ address: "{{ compute_node.addresses.external }}"
+ gateway: "{{ compute_node.gateway.external | default(omit) }}"
+ broadcast: "{{ compute_node.broadcast.external | default(omit) }}"
+ description: "External interface from POD to Internet (uplink)"
+ register: net_changed
+ when: compute_node.interfaces.external and compute_node.addresses.external != "dhcp"
+
+- name: Verify External Interface STATIC Changed
+ set_fact:
+ reboot_required: "{{ reboot_required }} or {{ net_changed.changed }}"
+
+- name: Reboot Required
+ command: /sbin/reboot
+ async: 0
+ poll: 0
+ ignore_errors: true
+ when: reboot_required
+ tags:
+ - interface_config
+ - reboot
+
+- name: Ensure Port Defined
+ set_fact:
+ ansible_ssh_port: 22
+ when: ansible_ssh_port is not defined
+
+- name: Wait For Restart
+ local_action: wait_for port={{ ansible_ssh_port }} host={{ inventory_hostname }} search_regex=OpenSSH delay=120 timeout=600 connect_timeout=15
+ when: reboot_required
+ tags:
+ - interface_config
+ - reboot
diff --git a/roles/compute-node/tasks/vars.yml b/roles/compute-node/tasks/vars.yml
new file mode 100644
index 0000000..e0bba8b
--- /dev/null
+++ b/roles/compute-node/tasks/vars.yml
@@ -0,0 +1,19 @@
+pub_ssh_key: "{{ lookup('file', 'files/id_rsa.pub') }}"
+
+compute_node:
+ fabric_iface_match: "{{ fabric_iface_spec | default('i40e|mlx4_en') }}"
+ interfaces:
+ fabric: "{{ fabric_iface | default('fabric') }}"
+ management: "{{ management_iface | default('mgmtbr') }}"
+ external: "{{ external_iface | default(None) }}"
+ file: "{{ iface_file | default('/etc/network/interfaces') }}"
+ addresses:
+ fabric: "{{ fabric_ip | mandatory }}"
+ management: "{{ management_ip | default('dhcp') }}"
+ external: "{{ external_ip | default('manual') }}"
+ gateway:
+ external: "{{ external_gw | default(omit) }}"
+ management: "{{ management_gw | default(omit) }}"
+ broadcast:
+ external: "{{ external_bc | default(omit) }}"
+ management: "{{ management_bc | default(omit) }}"
diff --git a/roles/compute-node/vars/main.yml b/roles/compute-node/vars/main.yml
index 62c9f19..01323a2 100644
--- a/roles/compute-node/vars/main.yml
+++ b/roles/compute-node/vars/main.yml
@@ -5,11 +5,15 @@
interfaces:
fabric: "{{ fabric_iface | default('fabric') }}"
management: "{{ management_iface | default('mgmtbr') }}"
- external: "{{ external_iface | default('') }}"
+ external: "{{ external_iface | default(None) }}"
+ file: "{{ iface_file | default('/etc/network/interfaces') }}"
addresses:
fabric: "{{ fabric_ip | mandatory }}"
management: "{{ management_ip | default('dhcp') }}"
external: "{{ external_ip | default('manual') }}"
gateway:
- external: "{{ external_gw | default('') }}"
- management: "{{ management_gw | default('') }}"
+ external: "{{ external_gw | default(omit) }}"
+ management: "{{ management_gw | default('omit') }}"
+ broadcast:
+ external: "{{ external_bc | default(omit) }}"
+ management: "{{ management_bc | default('omit') }}"
diff --git a/roles/head-node/files/compute-node.yml b/roles/head-node/files/compute-node.yml
index b8eb496..13d71e7 100644
--- a/roles/head-node/files/compute-node.yml
+++ b/roles/head-node/files/compute-node.yml
@@ -4,7 +4,7 @@
remote_user: ubuntu
tasks:
- name: Include variables
- include_vars: vars/compute-node.yml
+ include_vars: vars/compute-node-vars.yml
- name: Configure compute hosts to use DNS server
hosts: all
diff --git a/roles/head-node/files/do-ansible b/roles/head-node/files/do-ansible
index ae2efb9..0d91c31 100755
--- a/roles/head-node/files/do-ansible
+++ b/roles/head-node/files/do-ansible
@@ -22,4 +22,4 @@
fi
echo "ANSIBLE_ROLES_PATH=/etc/maas/ansible/roles ansible-playbook --private-key=/etc/maas/ansible/id_rsa -i $IP, /etc/maas/ansible/compute-node.yml $SKIP_TAGS $EXTRA_VARS" >> $LOG
-ANSIBLE_ROLES_PATH=/etc/maas/ansible/roles ansible-playbook --private-key=/etc/maas/ansible/id_rsa -i $IP, /etc/maas/ansible/compute-node.yml $SKIP_TAGS $EXTRA_VARS >> $LOG
+ANSIBLE_ROLES_PATH=/etc/maas/ansible/roles ansible-playbook --private-key=/etc/maas/ansible/id_rsa -i $IP, /etc/maas/ansible/compute-node.yml $SKIP_TAGS $EXTRA_VARS >> $LOG || exit $?
diff --git a/roles/head-node/tasks/main.yml b/roles/head-node/tasks/main.yml
index 166a328..c3aeb51 100644
--- a/roles/head-node/tasks/main.yml
+++ b/roles/head-node/tasks/main.yml
@@ -10,12 +10,15 @@
- name: Ensure Ansible Roles
become: yes
copy:
- src: roles
+ src: "{{ item }}"
dest: /etc/maas/ansible
owner: maas
group: maas
mode: u=rwX,g=rX,o=rX
force: true
+ with_items:
+ - roles
+ - library
- name: Ensure Role Permissions and Modes
become: yes
@@ -79,7 +82,7 @@
become: yes
template:
src=files/compute-node-vars.yml
- dest=/etc/maas/ansible/vars/compute-node.yml
+ dest=/etc/maas/ansible/vars/compute-node-vars.yml
owner=maas
group=maas
mode=0644
diff --git a/roles/maas/tasks/main.yml b/roles/maas/tasks/main.yml
index 6d6c793..c37c9b6 100644
--- a/roles/maas/tasks/main.yml
+++ b/roles/maas/tasks/main.yml
@@ -49,6 +49,7 @@
repo: ppa:maas/stable
update_cache: yes
state: present
+ validate_certs: no
- name: MAAS
become: yes
@@ -199,7 +200,7 @@
- name: Configure MAAS
become: yes
- command: docker run docker-registry:5000/cord-maas-bootstrap:{{ docker.image_version }} --apikey='{{apikey.stdout}}' --sshkey='{{maas.user_sshkey}}' --url='http://{{mgmt_ip_address.stdout}}/MAAS/api/1.0' --network='{{networks.management}}' --interface='{{interfaces.management}}' --zone='administrative' --cluster='Cluster master' --domain='{{maas.domain}}' --bridge='{{networks.bridge_name}}' --bridge-subnet='{{networks.bridge}}'
+ command: docker run docker-registry:5000/cord-maas-bootstrap:{{ docker.image_version }} --apikey='{{apikey.stdout}}' --sshkey='{{maas.user_sshkey}}' --url='http://{{mgmt_ip_address.stdout}}/MAAS/api/1.0' --network='{{networks.management}}' --interface='{{interfaces.management}}' --zone='administrative' --cluster='Cluster master' --domain='{{maas.domain}}'
register: maas_config_result
changed_when: maas_config_result.stdout.find("CHANGED") != -1
failed_when: "maas_config_result.rc != 0 or 'ERROR' in maas_config_result.stdout"
@@ -230,7 +231,7 @@
line: ' inet 0.0.0.0 port 954'
state: present
-- name: Ensure ENDC Allows Trusted
+- name: Ensure RNDC Allows Trusted
become: yes
lineinfile:
dest: /etc/bind/maas/named.conf.rndc.maas
@@ -292,7 +293,6 @@
service:
name=bind9
state=restarted
- when: ns_nameserver.changed or ns_search.changed
- name: MAAS Accepting API Requests
action: get_url url=http://{{ mgmt_ip_address.stdout }}/MAAS/api/1.0/maas/ dest=/tmp
diff --git a/roles/maas/templates/create_bridge.j2 b/roles/maas/templates/create_bridge.j2
deleted file mode 100755
index 5f12261..0000000
--- a/roles/maas/templates/create_bridge.j2
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-
-REPORT_CHANGED=0
-if [ $# -gt 0 ]; then
- REPORT_CHANGED=1
-fi
-CHANGED='false'
-
-FOUND=$(brctl show | grep "^{{ networks.bridge_name }}" | wc -l)
-if [ $FOUND -eq 0 ]; then
- CHANGED='true'
- brctl addbr {{ networks.bridge_name }}
-fi
-
-if [ $REPORT_CHANGED -ne 0 ]; then
- echo -n $CHANGED
-fi