blob: 7961f6174560f944737ec95533c9d1474d565b09 [file] [log] [blame]
---
- name: Verify Network Bits on Network Specifications
fail: msg="Network specification '{{ item }}' must include network bits"
when: "item | match('^([0-9]{1,3}.){3}[0-9]{1,3}$')"
with_items:
- "{{ networks.management }}"
- "{{ networks.bridge }}"
- "{{ networks.fabric }}"
- name: Ensure Management Bridge Interface
become: yes
command: ifconfig mgmtbr
register: have_mgmtbr
failed_when: false
changed_when: false
- name: Verify Management Bridge
fail: msg="The head node must have a network bridge named 'mgmtbr' to continue the deployment. Please see docuemataiton at 'http://github.com/opencord/cord`."
when: have_mgmtbr.rc != 0
- name: Install Prerequisites
become: yes
apt: name={{ item }} state=present force=true
with_items:
- git=1:1.9.*
- bridge-utils=1.5-*
- curl=7.35.*
- python-pycurl=7.19.*
- python-pip=1.5.4*
- ethtool=1:3.13*
- jq=1.3*
- name: Install Python Prerequisites
become: yes
pip: name={{ item.name }} version={{ item.version }} state=present
with_items:
- { name: "docker-py", version: "1.9" }
- name: Stop Containers
become: yes
docker:
name: "{{ item.name }}"
image: "{{ item.image }}"
state: absent
with_items:
- { name: "storage", image: "docker-registry:5000/consul:{{ docker.tag }}" }
- { name: "allocator", image: "docker-registry:5000/cord-ip-allocator:{{ docker.tag }}" }
- { name: "provisioner", image: "docker-registry:5000/cord-provisioner:{{ docker.tag }}" }
- { name: "switchq", image: "docker-registry:5000/cord-maas-switchq:{{ docker.tag }}" }
- { name: "automation", image: "docker-registry:5000/cord-maas-automation:{{ docker.tag }}" }
- { name: "generator", image: "docker-registry:5000/config-generator:{{ docker.tag }}" }
- { name: "harvester", image: "docker-registry:5000/cord-dhcp-harvester:{{ docker.tag }}" }
- name: MAAS Repository
become: yes
apt_repository:
repo: "{{ maas_apt_repo | default('ppa:maas/stable') }}"
update_cache: yes
state: present
validate_certs: no
- name: MAAS
become: yes
apt:
name: maas=1.9.*
state: present
force: yes
update_cache: yes
allow_unauthenticated: yes
- name: MAAS Configuration Directory
become: yes
file:
path: /etc/maas
owner: maas
group: maas
mode: 0755
state: directory
- name: MAAS Automation Storage
become: yes
file:
path: /etc/maas/automation/storage
owner: maas
group: maas
mode: 0777
state: directory
- name: Host Name Mapping File
become: yes
copy:
src: files/mappings.json
dest: /etc/maas/mappings.json
owner: maas
group: maas
mode: 0644
- name: Verify MAAS admin User
become: yes
shell: maas-region-admin apikey --username=admin 2>/dev/null | wc -l
register: maas_admin_user_exists
changed_when: false
- name: MAAS admin User
become: yes
command: maas-region-admin createadmin --username=admin --password=admin --email={{ maas.admin_email }}
when: maas_admin_user_exists.stdout == '0'
- name: Verify MAAS User
become: yes
shell: maas-region-admin apikey --username={{ maas.user }} 2>/dev/null | wc -l
register: maas_user_exists
changed_when: false
- name: MAAS User
become: yes
command: maas-region-admin createadmin --username={{ maas.user }} --password={{ maas.user_password }} --email={{ maas.user_email }}
when: maas_user_exists.stdout == '0'
- name: MAAS User API Key
become: yes
command: maas-region-admin apikey --username={{ maas.user }}
register: apikey
changed_when: false
- name: Verify Default Virsh Network
shell: virsh net-list | grep default | wc -l
register: virsh_default_network_exists
changed_when: false
- name: Default Virsh Network Absent
become: yes
command: virsh net-destroy default
when: virsh_default_network_exists.stdout != '0'
- name: Network Masquerading (NAT)
become: yes
template:
src: templates/nat.j2
dest: /etc/network/if-pre-up.d/nat
owner: root
group: root
mode: 0755
- name: Ensure Masquerading (NAT)
become: yes
command: /etc/network/if-pre-up.d/nat report-changed
register: masq_changed
changed_when: masq_changed.stdout == 'true'
- name: Management Interface IP Address
shell: ifconfig {{ interfaces.management }} 2>&1 | grep "inet addr:" | sed -e 's/.*:\([.0-9]*\)[ ]*Bcast.*/\1/g'
register: mgmt_ip_address
changed_when: false
failed_when: mgmt_ip_address.rc != 0 or mgmt_ip_address.stdout == ""
- name: Switch Resource
include: download.yml
with_items:
- { url : "{{ accton_as6712_32x }}", dest : "onie-installer-x86_64-accton_as6712_32x-r0" }
- { url : "{{ accton_as5712_54x }}", dest : "onie-installer-x86_64-accton_as5712_54x-r0" }
tags:
- switch_support
- name: Disable Proxy Access To All
become: yes
replace:
dest: /usr/share/maas/maas-proxy.conf
regexp: '^(acl localnet src all.*)$'
replace: '# \1'
- name: Only Allow Proxy Access To POD Management Network
become: yes
lineinfile:
insertafter: '^# acl localnet src all'
line: "acl localnet src {{ networks.management }} # Only allow the POD management network to use proxy"
dest: /usr/share/maas/maas-proxy.conf
state: present
- name: Restart MAAS Services
include: restart-maas.yml
tags:
- maas_restart
- name: Configure MAAS
become: yes
command: docker run docker-registry:5000/cord-maas-bootstrap:{{ docker.tag }} --apikey='{{apikey.stdout}}' --sshkey='{{maas.user_sshkey}}' --url='http://{{mgmt_ip_address.stdout}}/MAAS/api/1.0' --network='{{networks.management}}' --interface='{{interfaces.management}}' --zone='administrative' --cluster='Cluster master' --domain='{{maas.domain}}'
register: maas_config_result
changed_when: maas_config_result.stdout.find("CHANGED") != -1
failed_when: "maas_config_result.rc != 0 or 'ERROR' in maas_config_result.stdout"
- name: Custom MAAS Configuration Template
become: yes
copy:
src: files/{{ item.src }}
dest: "{{ item.dest }}"
owner: maas
group: maas
mode: 0644
with_items:
- { src: 'dhcpd.blacklist', dest: '/etc/dhcp' }
- { src: 'dhcpd.reservations', dest: '/etc/dhcp' }
- { src: 'dhcp_harvest.inc', dest: '/etc/bind/maas' }
- { src: 'cnames.inc', dest: '/etc/bind/maas' }
- { src: 'named.conf.options.inside.maas', dest: '/etc/bind/maas' }
- { src: 'dhcpd.conf.template', dest: '/etc/maas/templates/dhcp' }
- { src: 'dhcp_harvest.inc', dest: '/etc/maas/templates/dns' }
- { src: 'zone.template', dest: '/tmp' }
- name: Ensure RNDC Listens
become: yes
lineinfile:
dest: /etc/bind/maas/named.conf.rndc.maas
regexp: 'inet .* port 954'
line: ' inet 0.0.0.0 port 954'
state: present
- name: Ensure RNDC Allows Trusted
become: yes
lineinfile:
dest: /etc/bind/maas/named.conf.rndc.maas
regexp: 'allow { .* } keys { "rndc-maas-key"; };'
line: ' allow { trusted; } keys { "rndc-maas-key"; };'
state: present
- name: Custom DNS Zone Template
become: yes
script: files/update_dns_template.sh {{ networks.management }} {{ maas.domain }}
register: dns_template_changed
changed_when: dns_template_changed.stdout == 'true'
- name: Ensure Nameserver
become: yes
lineinfile:
dest: /etc/resolvconf/resolv.conf.d/head
state: present
insertafter: EOF
line: "nameserver {{ mgmt_ip_address.stdout }}"
register: ns_nameserver
- name: Ensure Domain Search
become: yes
lineinfile:
dest: /etc/resolvconf/resolv.conf.d/base
state: present
insertafter: EOF
line: 'search cord.lab'
register: ns_search
- name: Ensure DNS Config
become: yes
command: resolvconf -u
when: ns_nameserver.changed or ns_search.changed
- name: Restart MAAS Services
include: restart-maas.yml
tags:
- maas_restart
- name: Ensure Boot Resource Import Started
become: yes
shell: maas login cord http://localhost/MAAS/api/1.0/ "{{apikey.stdout}}" && maas cord boot-resources import && maas logout cord
changed_when: true
- name: Ensure VirtualBox Power Management
include: virtualbox.yml
when: virtualbox_support is defined
- name: Ensure MAAS Ansible Config Directory
become: yes
file:
path=/etc/maas/ansible
owner=maas
group=maas
state=directory
- name: Ensure SSH keys for Ansible
become: yes
command: cp {{ ansible_env['PWD'] }}/.ssh/id_rsa /etc/maas/ansible/id_rsa
changed_when: true
- name: Ensure SSH Key Permissions
become: yes
file:
path: /etc/maas/ansible/id_rsa
owner: root
group: root
mode: 0400
- name: Initialize Interface Configuration Fact
set_fact:
interface_config: 0
- name: Set Interface Configuration Fact
set_fact:
interface_config: 1
tags:
- interface_config
- name: Default VirtualBox Host
become: no
set_fact:
virtualbox_host: "{{ virtualbox.power_helper_host }}"
when: virtualbox_support is defined
changed_when: false
- name: Override VirtualBox Host
become: no
set_fact:
virtualbox_host: "{{ discovered_vbox_host.stdout }}"
when: virtualbox_support is defined and virtualbox_host == ''
changed_when: false
- name: Ensure Secrets Directory
become: yes
file:
path: /etc/maas/secrets
state: directory
owner: root
group: docker
mode: 0755
- name: Ensure Automation Container Secrets
become: yes
template:
src: templates/{{ item }}.j2
dest: /etc/maas/secrets/{{ item }}
owner: root
group: docker
mode: 0440
with_items:
- automation.env
- switchq.env
- name: Custom Automation Compose Configurations
become: yes
template:
src: templates/{{ item }}.j2
dest: /etc/maas/{{ item }}
owner: maas
group: maas
mode: 0644
with_items:
- automation-compose.yml
- name: Kill Automation Containers
become: yes
command: docker-compose -f /etc/maas/{{ item }} kill
with_items:
- automation-compose.yml
changed_when: true
- name: Remove Automation Containers
become: yes
command: docker-compose -f /etc/maas/{{ item }} rm -f
with_items:
- automation-compose.yml
changed_when: true
- name: Pull Latest Automation Images
become: yes
command: docker-compose -f /etc/maas/{{ item }} pull
with_items:
- automation-compose.yml
changed_when: true
- name: Start Automation
become: yes
command: docker-compose -f /etc/maas/{{ item }} up -d
with_items:
- automation-compose.yml
changed_when: true
- name: Wait For Image Download
shell: maas login cord http://localhost/MAAS/api/1.0/ "{{apikey.stdout}}" > /dev/null 2>&1 && maas cord boot-resources read | jq 'map(select(.type != "Synced"))' && maas logout cord > /dev/null 2>&1
register: images_synced
until: images_synced.stdout == "[]"
retries: 5
delay: 60
failed_when: images_synced.stdout != "[]"
changed_when: false
- name: Ensure DNS
become: yes
service:
name=bind9
state=restarted