| --- |
| - name: Verify Network Bits on Network Specifications |
| fail: msg="Network specification '{{ item }}' must include network bits" |
| when: "item | match('^([0-9]{1,3}.){3}[0-9]{1,3}$')" |
| with_items: |
| - "{{ networks.management }}" |
| - "{{ networks.bridge }}" |
| - "{{ networks.fabric }}" |
| |
| - name: Ensure Management Bridge Interface |
| become: yes |
| command: ifconfig mgmtbr |
| register: have_mgmtbr |
| failed_when: false |
| changed_when: false |
| |
| - name: Verify Management Bridge |
| fail: msg="The head node must have a network bridge named 'mgmtbr' to continue the deployment. Please see docuemataiton at 'http://github.com/opencord/cord`." |
| when: have_mgmtbr.rc != 0 |
| |
| - name: Install Prerequisites |
| become: yes |
| apt: name={{ item }} state=present force=true |
| with_items: |
| - git=1:1.9.* |
| - bridge-utils=1.5-* |
| - curl=7.35.* |
| - python-pycurl=7.19.* |
| - python-pip=1.5.4* |
| - ethtool=1:3.13* |
| - jq=1.3* |
| |
| - name: Install Python Prerequisites |
| become: yes |
| pip: name={{ item.name }} version={{ item.version }} state=present |
| with_items: |
| - { name: "docker-py", version: "1.9" } |
| |
| - name: Stop Containers |
| become: yes |
| docker: |
| name: "{{ item.name }}" |
| image: "{{ item.image }}" |
| state: absent |
| with_items: |
| - { name: "storage", image: "docker-registry:5000/consul:{{ docker.tag }}" } |
| - { name: "allocator", image: "docker-registry:5000/cord-ip-allocator:{{ docker.tag }}" } |
| - { name: "provisioner", image: "docker-registry:5000/cord-provisioner:{{ docker.tag }}" } |
| - { name: "switchq", image: "docker-registry:5000/cord-maas-switchq:{{ docker.tag }}" } |
| - { name: "automation", image: "docker-registry:5000/cord-maas-automation:{{ docker.tag }}" } |
| - { name: "generator", image: "docker-registry:5000/config-generator:{{ docker.tag }}" } |
| - { name: "harvester", image: "docker-registry:5000/cord-dhcp-harvester:{{ docker.tag }}" } |
| |
| - name: MAAS Repository |
| become: yes |
| apt_repository: |
| repo: "{{ maas_apt_repo | default('ppa:maas/stable') }}" |
| update_cache: yes |
| state: present |
| validate_certs: no |
| |
| - name: MAAS |
| become: yes |
| apt: |
| name: maas=1.9.* |
| state: present |
| force: yes |
| update_cache: yes |
| allow_unauthenticated: yes |
| |
| - name: MAAS Configuration Directory |
| become: yes |
| file: |
| path: /etc/maas |
| owner: maas |
| group: maas |
| mode: 0755 |
| state: directory |
| |
| - name: MAAS Automation Storage |
| become: yes |
| file: |
| path: /etc/maas/automation/storage |
| owner: maas |
| group: maas |
| mode: 0777 |
| state: directory |
| |
| - name: Host Name Mapping File |
| become: yes |
| copy: |
| src: files/mappings.json |
| dest: /etc/maas/mappings.json |
| owner: maas |
| group: maas |
| mode: 0644 |
| |
| - name: Verify MAAS admin User |
| become: yes |
| shell: maas-region-admin apikey --username=admin 2>/dev/null | wc -l |
| register: maas_admin_user_exists |
| changed_when: false |
| |
| - name: MAAS admin User |
| become: yes |
| command: maas-region-admin createadmin --username=admin --password=admin --email={{ maas.admin_email }} |
| when: maas_admin_user_exists.stdout == '0' |
| |
| - name: Verify MAAS User |
| become: yes |
| shell: maas-region-admin apikey --username={{ maas.user }} 2>/dev/null | wc -l |
| register: maas_user_exists |
| changed_when: false |
| |
| - name: MAAS User |
| become: yes |
| command: maas-region-admin createadmin --username={{ maas.user }} --password={{ maas.user_password }} --email={{ maas.user_email }} |
| when: maas_user_exists.stdout == '0' |
| |
| - name: MAAS User API Key |
| become: yes |
| command: maas-region-admin apikey --username={{ maas.user }} |
| register: apikey |
| changed_when: false |
| |
| - name: Verify Default Virsh Network |
| shell: virsh net-list | grep default | wc -l |
| register: virsh_default_network_exists |
| changed_when: false |
| |
| - name: Default Virsh Network Absent |
| become: yes |
| command: virsh net-destroy default |
| when: virsh_default_network_exists.stdout != '0' |
| |
| - name: Network Masquerading (NAT) |
| become: yes |
| template: |
| src: templates/nat.j2 |
| dest: /etc/network/if-pre-up.d/nat |
| owner: root |
| group: root |
| mode: 0755 |
| |
| - name: Ensure Masquerading (NAT) |
| become: yes |
| command: /etc/network/if-pre-up.d/nat report-changed |
| register: masq_changed |
| changed_when: masq_changed.stdout == 'true' |
| |
| - name: Management Interface IP Address |
| shell: ifconfig {{ interfaces.management }} 2>&1 | grep "inet addr:" | sed -e 's/.*:\([.0-9]*\)[ ]*Bcast.*/\1/g' |
| register: mgmt_ip_address |
| changed_when: false |
| failed_when: mgmt_ip_address.rc != 0 or mgmt_ip_address.stdout == "" |
| |
| - name: Switch Resource |
| include: download.yml |
| with_items: |
| - { url : "{{ accton_as6712_32x }}", dest : "onie-installer-x86_64-accton_as6712_32x-r0" } |
| - { url : "{{ accton_as5712_54x }}", dest : "onie-installer-x86_64-accton_as5712_54x-r0" } |
| tags: |
| - switch_support |
| |
| - name: Disable Proxy Access To All |
| become: yes |
| replace: |
| dest: /usr/share/maas/maas-proxy.conf |
| regexp: '^(acl localnet src all.*)$' |
| replace: '# \1' |
| |
| - name: Only Allow Proxy Access To POD Management Network |
| become: yes |
| lineinfile: |
| insertafter: '^# acl localnet src all' |
| line: "acl localnet src {{ networks.management }} # Only allow the POD management network to use proxy" |
| dest: /usr/share/maas/maas-proxy.conf |
| state: present |
| |
| - name: Restart MAAS Services |
| include: restart-maas.yml |
| tags: |
| - maas_restart |
| |
| - name: Configure MAAS |
| become: yes |
| command: docker run docker-registry:5000/cord-maas-bootstrap:{{ docker.tag }} --apikey='{{apikey.stdout}}' --sshkey='{{maas.user_sshkey}}' --url='http://{{mgmt_ip_address.stdout}}/MAAS/api/1.0' --network='{{networks.management}}' --interface='{{interfaces.management}}' --zone='administrative' --cluster='Cluster master' --domain='{{maas.domain}}' |
| register: maas_config_result |
| changed_when: maas_config_result.stdout.find("CHANGED") != -1 |
| failed_when: "maas_config_result.rc != 0 or 'ERROR' in maas_config_result.stdout" |
| |
| - name: Custom MAAS Configuration Template |
| become: yes |
| copy: |
| src: files/{{ item.src }} |
| dest: "{{ item.dest }}" |
| owner: maas |
| group: maas |
| mode: 0644 |
| with_items: |
| - { src: 'dhcpd.blacklist', dest: '/etc/dhcp' } |
| - { src: 'dhcpd.reservations', dest: '/etc/dhcp' } |
| - { src: 'dhcp_harvest.inc', dest: '/etc/bind/maas' } |
| - { src: 'cnames.inc', dest: '/etc/bind/maas' } |
| - { src: 'named.conf.options.inside.maas', dest: '/etc/bind/maas' } |
| - { src: 'dhcpd.conf.template', dest: '/etc/maas/templates/dhcp' } |
| - { src: 'dhcp_harvest.inc', dest: '/etc/maas/templates/dns' } |
| - { src: 'zone.template', dest: '/tmp' } |
| |
| - name: Ensure RNDC Listens |
| become: yes |
| lineinfile: |
| dest: /etc/bind/maas/named.conf.rndc.maas |
| regexp: 'inet .* port 954' |
| line: ' inet 0.0.0.0 port 954' |
| state: present |
| |
| - name: Ensure RNDC Allows Trusted |
| become: yes |
| lineinfile: |
| dest: /etc/bind/maas/named.conf.rndc.maas |
| regexp: 'allow { .* } keys { "rndc-maas-key"; };' |
| line: ' allow { trusted; } keys { "rndc-maas-key"; };' |
| state: present |
| |
| - name: Custom DNS Zone Template |
| become: yes |
| script: files/update_dns_template.sh {{ networks.management }} {{ maas.domain }} |
| register: dns_template_changed |
| changed_when: dns_template_changed.stdout == 'true' |
| |
| - name: Ensure Nameserver |
| become: yes |
| lineinfile: |
| dest: /etc/resolvconf/resolv.conf.d/head |
| state: present |
| insertafter: EOF |
| line: "nameserver {{ mgmt_ip_address.stdout }}" |
| register: ns_nameserver |
| |
| - name: Ensure Domain Search |
| become: yes |
| lineinfile: |
| dest: /etc/resolvconf/resolv.conf.d/base |
| state: present |
| insertafter: EOF |
| line: 'search cord.lab' |
| register: ns_search |
| |
| - name: Ensure DNS Config |
| become: yes |
| command: resolvconf -u |
| when: ns_nameserver.changed or ns_search.changed |
| |
| - name: Restart MAAS Services |
| include: restart-maas.yml |
| tags: |
| - maas_restart |
| |
| - name: Ensure Boot Resource Import Started |
| become: yes |
| shell: maas login cord http://localhost/MAAS/api/1.0/ "{{apikey.stdout}}" && maas cord boot-resources import && maas logout cord |
| changed_when: true |
| |
| - name: Ensure VirtualBox Power Management |
| include: virtualbox.yml |
| when: virtualbox_support is defined |
| |
| - name: Ensure MAAS Ansible Config Directory |
| become: yes |
| file: |
| path=/etc/maas/ansible |
| owner=maas |
| group=maas |
| state=directory |
| |
| - name: Ensure SSH keys for Ansible |
| become: yes |
| command: cp {{ ansible_env['PWD'] }}/.ssh/id_rsa /etc/maas/ansible/id_rsa |
| changed_when: true |
| |
| - name: Ensure SSH Key Permissions |
| become: yes |
| file: |
| path: /etc/maas/ansible/id_rsa |
| owner: root |
| group: root |
| mode: 0400 |
| |
| - name: Initialize Interface Configuration Fact |
| set_fact: |
| interface_config: 0 |
| |
| - name: Set Interface Configuration Fact |
| set_fact: |
| interface_config: 1 |
| tags: |
| - interface_config |
| |
| - name: Default VirtualBox Host |
| become: no |
| set_fact: |
| virtualbox_host: "{{ virtualbox.power_helper_host }}" |
| when: virtualbox_support is defined |
| changed_when: false |
| |
| - name: Override VirtualBox Host |
| become: no |
| set_fact: |
| virtualbox_host: "{{ discovered_vbox_host.stdout }}" |
| when: virtualbox_support is defined and virtualbox_host == '' |
| changed_when: false |
| |
| - name: Ensure Secrets Directory |
| become: yes |
| file: |
| path: /etc/maas/secrets |
| state: directory |
| owner: root |
| group: docker |
| mode: 0755 |
| |
| - name: Ensure Automation Container Secrets |
| become: yes |
| template: |
| src: templates/{{ item }}.j2 |
| dest: /etc/maas/secrets/{{ item }} |
| owner: root |
| group: docker |
| mode: 0440 |
| with_items: |
| - automation.env |
| - switchq.env |
| |
| - name: Custom Automation Compose Configurations |
| become: yes |
| template: |
| src: templates/{{ item }}.j2 |
| dest: /etc/maas/{{ item }} |
| owner: maas |
| group: maas |
| mode: 0644 |
| with_items: |
| - automation-compose.yml |
| |
| - name: Kill Automation Containers |
| become: yes |
| command: docker-compose -f /etc/maas/{{ item }} kill |
| with_items: |
| - automation-compose.yml |
| changed_when: true |
| |
| - name: Remove Automation Containers |
| become: yes |
| command: docker-compose -f /etc/maas/{{ item }} rm -f |
| with_items: |
| - automation-compose.yml |
| changed_when: true |
| |
| - name: Pull Latest Automation Images |
| become: yes |
| command: docker-compose -f /etc/maas/{{ item }} pull |
| with_items: |
| - automation-compose.yml |
| changed_when: true |
| |
| - name: Start Automation |
| become: yes |
| command: docker-compose -f /etc/maas/{{ item }} up -d |
| with_items: |
| - automation-compose.yml |
| changed_when: true |
| |
| - name: Wait For Image Download |
| shell: maas login cord http://localhost/MAAS/api/1.0/ "{{apikey.stdout}}" > /dev/null 2>&1 && maas cord boot-resources read | jq 'map(select(.type != "Synced"))' && maas logout cord > /dev/null 2>&1 |
| register: images_synced |
| until: images_synced.stdout == "[]" |
| retries: 5 |
| delay: 60 |
| failed_when: images_synced.stdout != "[]" |
| changed_when: false |
| |
| - name: Ensure DNS |
| become: yes |
| service: |
| name=bind9 |
| state=restarted |