[CORD-1530]
Make config file directory creation using become an optional step
Cleanup various incongruities in defaults
Change-Id: I6fb77ab1ccdf08a18468adbc59474f94d603fc11
diff --git a/copy-profile-playbook.yml b/copy-profile-playbook.yml
index 67c9353..fe29597 100644
--- a/copy-profile-playbook.yml
+++ b/copy-profile-playbook.yml
@@ -17,7 +17,7 @@
- { role: copy-profile, become: yes }
- { role: ssh-install, become: yes }
- { role: glance-images, become: yes, when: use_maas }
- - { role: copy-credentials, become: yes, when: use_maas }
+ - { role: copy-credentials, become: yes, when: not ( frontend_only | default(False) ) }
- name: Install ssh keys when using MaaS
hosts: build
diff --git a/cord-config-playbook.yml b/cord-config-playbook.yml
index 8cab50c..bb9ac73 100644
--- a/cord-config-playbook.yml
+++ b/cord-config-playbook.yml
@@ -14,6 +14,7 @@
- name: Create SSL Root CA, Intermediate CA, Server certs, SSH CA and keypairs
hosts: config
roles:
+ - { role: create-configdirs-become, when: create_configdirs_become | default(True) }
- pki-root-ca
- pki-intermediate-ca
- pki-cert
diff --git a/deploy-onos-playbook.yml b/deploy-onos-playbook.yml
index dce692b..9b94d07 100644
--- a/deploy-onos-playbook.yml
+++ b/deploy-onos-playbook.yml
@@ -15,6 +15,7 @@
hosts: head
roles:
- onos-cord-install
- - { role: onos-fabric-install, when: use_fabric }
+ - { role: onos-fabric-install, when: use_fabric | default(False) }
+
diff --git a/pod-test-playbook.yml b/pod-test-playbook.yml
index 6237463..52d471e 100644
--- a/pod-test-playbook.yml
+++ b/pod-test-playbook.yml
@@ -11,12 +11,6 @@
- "profile_manifests/{{ cord_profile }}.yml"
- profile_manifests/local_vars.yml
-# - name: Run platform checks
-# hosts: head
-# become: no
-# roles:
-# - platform-check
-
- name: Create test client
hosts: head
become: yes
diff --git a/prep-headnode-playbook.yml b/prep-headnode-playbook.yml
index bca4959..ffdb758 100644
--- a/prep-headnode-playbook.yml
+++ b/prep-headnode-playbook.yml
@@ -54,7 +54,7 @@
hosts: head
become: yes
roles:
- - { role: apt-cacher-ng, when: use_apt_cache }
+ - { role: apt-cacher-ng, when: use_apt_cache | default(True) }
- name: Install apache proxy
hosts: head
diff --git a/profile_manifests/opencloud.yml b/profile_manifests/opencloud.yml
index 1ab7cef..302b745 100644
--- a/profile_manifests/opencloud.yml
+++ b/profile_manifests/opencloud.yml
@@ -125,6 +125,7 @@
keystone: "cs:trusty/keystone-33"
mongodb: "cs:trusty/mongodb-33"
neutron-api: "cs:~cordteam/trusty/neutron-api-5"
+ nova-cloud-controller: "cs:trusty/nova-cloud-controller-64"
nova-compute: "cs:~cordteam/trusty/nova-compute-2"
ntp: "cs:trusty/ntp-14"
openstack-dashboard: "cs:trusty/openstack-dashboard-19"
diff --git a/roles/apt-cacher-ng/defaults/main.yml b/roles/apt-cacher-ng/defaults/main.yml
index ec5a1e1..d7f6698 100644
--- a/roles/apt-cacher-ng/defaults/main.yml
+++ b/roles/apt-cacher-ng/defaults/main.yml
@@ -6,6 +6,7 @@
apt_ssl_sites:
- apt.dockerproject.org
+ - download.docker.com
- butler.opencloud.cs.arizona.edu
- deb.nodesource.com
- artifacts.elastic.co
diff --git a/roles/compute-node-config/defaults/main.yml b/roles/compute-node-config/defaults/main.yml
index b8fed3c..abeef30 100644
--- a/roles/compute-node-config/defaults/main.yml
+++ b/roles/compute-node-config/defaults/main.yml
@@ -2,8 +2,8 @@
# compute-node-config/defaults/main.yml
# default site/deployment placeholder names
-site_name: sitename
-deployment_type: deploymenttype
+site_name: placeholder-sitename
+deployment_type: placeholder-deploymenttype
# location of cord_profile on head node
head_cord_profile_dir: /opt/cord_profile
diff --git a/roles/compute-node-enable/defaults/main.yml b/roles/compute-node-enable/defaults/main.yml
index 6f52840..29eb36d 100644
--- a/roles/compute-node-enable/defaults/main.yml
+++ b/roles/compute-node-enable/defaults/main.yml
@@ -3,3 +3,5 @@
head_cord_profile_dir: "/opt/cord_profile"
+xos_admin_user: "xosadmin@opencord.org"
+
diff --git a/roles/copy-credentials/defaults/main.yml b/roles/copy-credentials/defaults/main.yml
index cf19dfd..46ce930 100644
--- a/roles/copy-credentials/defaults/main.yml
+++ b/roles/copy-credentials/defaults/main.yml
@@ -2,3 +2,5 @@
# copy-credentials/defaults/main.yml
credentials_dir: "{{ playbook_dir }}/credentials"
+
+head_credentials_dir: "/opt/credentials"
diff --git a/roles/copy-credentials/tasks/main.yml b/roles/copy-credentials/tasks/main.yml
index 3d3af3e..c5df349 100644
--- a/roles/copy-credentials/tasks/main.yml
+++ b/roles/copy-credentials/tasks/main.yml
@@ -5,12 +5,12 @@
become: yes
synchronize:
src: "{{ credentials_dir }}/"
- dest: "/opt/credentials/"
+ dest: "{{ head_credentials_dir }}/"
- name: Set ownership on credentials dir on head node, for MaaS provisioner
become: yes
file:
- dest: "/opt/credentials"
+ dest: "{{ head_credentials_dir }}"
state: directory
recurse: yes
owner: "{{ ansible_user_id }}"
diff --git a/roles/cord-profile/defaults/main.yml b/roles/cord-profile/defaults/main.yml
index 6a30e58..2b9b9f2 100644
--- a/roles/cord-profile/defaults/main.yml
+++ b/roles/cord-profile/defaults/main.yml
@@ -4,10 +4,14 @@
# where the cord_profile directory is on the config node
config_cord_profile_dir: "/opt/cord_profile"
+head_cord_dir: "/opt/cord"
+
pki_dir: "{{ playbook_dir }}/pki"
ssh_pki_dir: "{{ playbook_dir }}/ssh_pki"
credentials_dir: "{{ playbook_dir }}/credentials"
+head_credentials_dir: "/opt/credentials"
+
# where cord files are copied to on head node
head_cord_profile_dir: "/opt/cord_profile"
head_cord_dir: "/opt/cord"
diff --git a/roles/cord-profile/tasks/main.yml b/roles/cord-profile/tasks/main.yml
index 5831a16..f6ed2bc 100644
--- a/roles/cord-profile/tasks/main.yml
+++ b/roles/cord-profile/tasks/main.yml
@@ -2,8 +2,9 @@
# cord-profile/tasks/main.yml
# Constructs a CORD service profile directory and configuration files
+# if this step fails, may need to include `create-configdirs-become` role to
+# create directory using become.
- name: Create cord_profile directory
- become: yes
file:
path: "{{ config_cord_profile_dir }}"
state: directory
diff --git a/roles/cord-profile/templates/docker-compose.yml.j2 b/roles/cord-profile/templates/docker-compose.yml.j2
index fe16161..c10e2d3 100644
--- a/roles/cord-profile/templates/docker-compose.yml.j2
+++ b/roles/cord-profile/templates/docker-compose.yml.j2
@@ -297,7 +297,7 @@
{% endif %}
volumes:
- {{ head_cord_profile_dir }}/node_key:/opt/cord_profile/node_key:ro
- - /opt/credentials:/opt/xos/services/{{ svc.name }}/credentials:ro
+ - {{ head_credentials_dir }}:/opt/xos/services/{{ svc.name }}/credentials:ro
- {{ head_cord_profile_dir }}/im_cert_chain.pem:/usr/local/share/ca-certificates/local_certs.crt:ro
{% if svc.keypair is defined %}
- {{ head_cord_profile_dir }}/key_import/{{ svc.keypair }}:/opt/xos/services/{{ svc.name }}/keys/{{ svc.keypair }}:ro
diff --git a/roles/create-configdirs-become/defaults/main.yml b/roles/create-configdirs-become/defaults/main.yml
new file mode 100644
index 0000000..e2667d5
--- /dev/null
+++ b/roles/create-configdirs-become/defaults/main.yml
@@ -0,0 +1,12 @@
+---
+# create-configdirs-privileged/defaults/main.yml
+
+# where the cord_profile directory is on the config node
+config_cord_profile_dir: "/opt/cord_profile"
+
+pki_dir: "{{ playbook_dir }}/pki"
+ssh_pki_dir: "{{ playbook_dir }}/ssh_pki"
+credentials_dir: "{{ playbook_dir }}/credentials"
+
+site_name: placeholder-sitename
+
diff --git a/roles/create-configdirs-become/tasks/main.yml b/roles/create-configdirs-become/tasks/main.yml
new file mode 100644
index 0000000..8f53f5d
--- /dev/null
+++ b/roles/create-configdirs-become/tasks/main.yml
@@ -0,0 +1,61 @@
+---
+# create-configdirs-privileged/tasks/main.yml
+
+# This role exists to work around issues with the local scenario, which may not
+# necessarily be run by a user with become (sudo) rights, which causes these
+# director creation tasks to fail when `become: yes` is used.
+
+# become version of directory creation from `cord-profile` role
+- name: Create cord_profile directory, privileged
+ become: yes
+ file:
+ path: "{{ config_cord_profile_dir }}"
+ state: directory
+ mode: 0755
+ owner: "{{ ansible_user_id }}"
+ group: "{{ ansible_user_gid }}"
+
+# become version of directory creation from `pki-root-ca` role
+- name: Create PKI and credentials directories, privileged
+ become: yes
+ file:
+ dest: "{{ item }}"
+ state: directory
+ owner: "{{ ansible_user_id }}"
+ mode: 0700
+ with_items:
+ - "{{ credentials_dir }}"
+ - "{{ pki_dir }}"
+
+- name: Create root CA directory, privileged
+ become: yes
+ file:
+ dest: "{{ pki_dir }}/root_ca"
+ state: directory
+ owner: "{{ ansible_user_id }}"
+ mode: 0755
+
+# become version of directory creation from `pki-intermediate-ca` role
+- name: Create intermediate CA directory, privileged
+ become: yes
+ file:
+ dest: "{{ pki_dir }}/{{ site_name }}_im_ca"
+ state: directory
+ owner: "{{ ansible_user_id }}"
+ mode: 0755
+
+# become version of directory creation from `ssh-pki` role
+- name: Create SSH CA Directory
+ become: yes
+ file:
+ dest: "{{ item }}"
+ state: directory
+ owner: "{{ ansible_user_id }}"
+ mode: 0700
+ with_items:
+ - "{{ ssh_pki_dir }}"
+ - "{{ ssh_pki_dir }}/ca"
+ - "{{ ssh_pki_dir }}/client_certs"
+ - "{{ ssh_pki_dir }}/host_certs"
+
+
diff --git a/roles/juju-setup/defaults/main.yml b/roles/juju-setup/defaults/main.yml
index a9c7e81..e01d658 100644
--- a/roles/juju-setup/defaults/main.yml
+++ b/roles/juju-setup/defaults/main.yml
@@ -8,6 +8,7 @@
charm_versions: {}
pki_dir: "{{ playbook_dir }}/pki"
+credentials_dir: "{{ playbook_dir }}/credentials"
site_name: placeholder-sitename
site_suffix: "{{ site_name }}.test"
diff --git a/roles/juju-setup/templates/juju_config.yml.j2 b/roles/juju-setup/templates/juju_config.yml.j2
index bf157ea..e91e5c2 100644
--- a/roles/juju-setup/templates/juju_config.yml.j2
+++ b/roles/juju-setup/templates/juju_config.yml.j2
@@ -54,7 +54,8 @@
openstack-origin: "cloud:trusty-kilo"
percona-cluster:
- max-connections: 20000
+ max-connections: 5000
+ innodb-buffer-pool-size: "20%"
rabbitmq-server:
ssl: "on"
diff --git a/roles/monitoringservice-config/defaults/main.yml b/roles/monitoringservice-config/defaults/main.yml
index 337a459..a249f4a 100644
--- a/roles/monitoringservice-config/defaults/main.yml
+++ b/roles/monitoringservice-config/defaults/main.yml
@@ -1,6 +1,9 @@
---
# monitoringservice-config/defaults/main.yml
+xos_admin_user: "xosadmin@opencord.org"
+xos_admin_pass: "{{ lookup('password', credentials_dir ~ '/xosadmin@opencord.org chars=ascii_letters,digits') }}"
+
#paths
config_cord_dir: "/opt/cord"
head_cord_dir: "/opt/cord"
diff --git a/roles/monitoringservice-onboard/defaults/main.yml b/roles/monitoringservice-onboard/defaults/main.yml
index 42c8d6e..ab5bf37 100644
--- a/roles/monitoringservice-onboard/defaults/main.yml
+++ b/roles/monitoringservice-onboard/defaults/main.yml
@@ -1,6 +1,8 @@
---
# monitoringservice-onboard/defaults/main.yml
+xos_admin_user: "xosadmin@opencord.org"
+
# paths
head_cord_profile_dir: "/opt/cord_profile"
diff --git a/roles/onos-cord-install/tasks/main.yml b/roles/onos-cord-install/tasks/main.yml
index 86ec128..000a73a 100644
--- a/roles/onos-cord-install/tasks/main.yml
+++ b/roles/onos-cord-install/tasks/main.yml
@@ -5,7 +5,7 @@
docker_image:
name: "{{ onos_docker_image }}"
-- name: Create dest directory
+- name: Create onos_cord directory
become: yes
file:
path: "{{ head_onos_cord_dir }}"
@@ -14,7 +14,7 @@
group: "{{ ansible_user_gid }}"
mode: 0755
-- name: Copy over SSH key
+- name: Create node_key file with SSH private key for compute nodes
copy:
src: "{{ ssh_pki_dir }}/client_certs/{{ pod_sshkey_name }}_sshkey"
dest: "{{ head_onos_cord_dir }}/node_key"
@@ -30,11 +30,7 @@
- Dockerfile
- onos-service
- org.ops4j.pax.logging.cfg
-
-- name: Copy over ONOS playbook and other files
- copy:
- src: "onos-cord-docker-compose.yml"
- dest: "{{ head_onos_cord_dir }}/docker-compose.yml"
+ - docker-compose.yml
- name: Copy SSL Certs to ONOS so docker-compose can find them
copy:
@@ -49,11 +45,13 @@
- name: Build xos/onos docker image
docker_image:
- name: "xos/onos"
+ name: "xos/onos:{{ deploy_docker_tag }}"
path: "{{ head_onos_cord_dir }}"
- dockerfile: "Dockerfile"
+ pull: False
+ force: True
- name: Start ONOS for CORD
docker_service:
+ project_name: "onoscord"
project_src: "{{ head_onos_cord_dir }}"
diff --git a/roles/onos-cord-install/files/onos-cord-docker-compose.yml b/roles/onos-cord-install/templates/docker-compose.yml.j2
similarity index 75%
rename from roles/onos-cord-install/files/onos-cord-docker-compose.yml
rename to roles/onos-cord-install/templates/docker-compose.yml.j2
index 6a7a1d3..704f83f 100644
--- a/roles/onos-cord-install/files/onos-cord-docker-compose.yml
+++ b/roles/onos-cord-install/templates/docker-compose.yml.j2
@@ -4,10 +4,7 @@
services:
xos-onos:
- build:
- context: .
- dockerfile: Dockerfile
- image: xos/onos
+ image: xos/onos:{{ deploy_docker_tag }}
ports:
- "6654:6653"
- "8102:8101"
@@ -16,3 +13,4 @@
volumes:
- ./node_key:/root/node_key:ro
restart: unless-stopped
+
diff --git a/roles/pki-intermediate-ca/tasks/main.yml b/roles/pki-intermediate-ca/tasks/main.yml
index 56a8219..b1cc388 100644
--- a/roles/pki-intermediate-ca/tasks/main.yml
+++ b/roles/pki-intermediate-ca/tasks/main.yml
@@ -1,8 +1,9 @@
---
# pki-intermediate-ca/tasks/main.yml
+# if the next two steps fail, may need to include `create-configdirs-become`
+# role to create these directories using become.
- name: Create PKI directory
- become: yes
file:
dest: "{{ pki_dir }}"
state: directory
@@ -10,7 +11,6 @@
mode: 0755
- name: Create intermediate CA directory
- become: yes
file:
dest: "{{ pki_dir }}/{{ site_name }}_im_ca"
state: directory
diff --git a/roles/pki-root-ca/tasks/main.yml b/roles/pki-root-ca/tasks/main.yml
index fd526e4..c54e8dd 100644
--- a/roles/pki-root-ca/tasks/main.yml
+++ b/roles/pki-root-ca/tasks/main.yml
@@ -1,8 +1,9 @@
---
# pki-root-ca/tasks/main.yml
+# if the next two steps fail, may need to include `create-configdirs-become`
+# role to create these directories using become.
- name: Create PKI and credentials directories
- become: yes
file:
dest: "{{ item }}"
state: directory
@@ -13,7 +14,6 @@
- "{{ pki_dir }}"
- name: Create root CA directory
- become: yes
file:
dest: "{{ pki_dir }}/root_ca"
state: directory
diff --git a/roles/platform-check/defaults/main.yml b/roles/platform-check/defaults/main.yml
deleted file mode 100644
index 8e48e41..0000000
--- a/roles/platform-check/defaults/main.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-# platform-check/defaults/main.yml
-
-config_cord_profile_dir: "/opt/cord_profile"
-head_onos_cord_dir: "/opt/onos-cord/"
-
-xos_ui_port: 9000
-
diff --git a/roles/platform-check/tasks/main.yml b/roles/platform-check/tasks/main.yml
deleted file mode 100644
index bd9347e..0000000
--- a/roles/platform-check/tasks/main.yml
+++ /dev/null
@@ -1,58 +0,0 @@
----
-# platform-check/tasks/main.yml
-
-- name: Ensure br-int exists on all compute nodes (check VTN)
- shell: ansible -i /etc/maas/ansible/pod-inventory compute -u ubuntu -m shell -s -a "ovs-vsctl br-exists br-int"
- register: result
- until: result | success
- retries: 6
- delay: 10
- ignore_errors: yes
- tags:
- - skip_ansible_lint # running a sub job
-
-# Work around issues with ONOS intialization
-- name: Restart ONOS when VTN initialization failed
- when: result | failed
- shell: docker-compose stop; docker-compose rm -f; docker-compose up -d
- args:
- chdir: "{{ head_onos_cord_dir }}"
- tags:
- - skip_ansible_lint
-
-- name: Tell XOS to refresh VTN Service and compute nodes
- when: result | failed
- xostosca:
- url: "http://xos.{{ site_suffix }}:{{ xos_ui_port }}/api/utility/tosca/run/"
- user: "{{ xos_admin_user }}"
- password: "{{ xos_admin_pass }}"
- recipe: "{{ lookup('file', head_cord_profile_dir + '/' + item ) }}"
- with_items:
- - openstack.yaml
- - openstack-compute.yaml
- - vtn-service.yaml
-
-- name: Pause to work around race in VTN or ONOS synchronizers
- pause:
- seconds: 20
-
-- name: Enable VTN for OpenStack Compute nodes
- when: result | failed
- xostosca:
- url: "http://xos.{{ site_suffix }}:{{ xos_ui_port }}/api/utility/tosca/run/"
- user: "{{ xos_admin_user }}"
- password: "{{ xos_admin_pass }}"
- recipe: "{{ lookup('file', head_cord_profile_dir + '/' + item ) }}"
- with_items:
- - openstack-compute-vtn.yaml
-
-- name: Ensure br-int exists on all compute nodes (check VTN #2)
- when: result | failed
- shell: ansible -i /etc/maas/ansible/pod-inventory compute -u ubuntu -m shell -s -a "ovs-vsctl br-exists br-int"
- register: result2
- until: result2 | success
- retries: 12
- delay: 10
- tags:
- - skip_ansible_lint # running a sub job
-
diff --git a/roles/prereqs-common/defaults/main.yml b/roles/prereqs-common/defaults/main.yml
index 6c66757..54b8bd2 100644
--- a/roles/prereqs-common/defaults/main.yml
+++ b/roles/prereqs-common/defaults/main.yml
@@ -9,16 +9,3 @@
dns_check_domain: wiki.opencord.org
dns_check_ipv4: 52.9.82.207
-# obtained from: https://www.iana.org/domains/root/servers
-dns_roots:
- - 192.5.5.241
- - 193.0.14.129
- - 198.41.0.4
- - 199.7.91.13
-
-http_dl_url: "http://cord.staging.wpengine.com/wp-content/uploads/2016/07/cord-tm-logo.png"
-http_dl_cksum: "sha256:099c777e4c8ad76a066299159622b4fa6bd2515cefafc2851df67f7f4cce6ee8"
-
-https_dl_url: "https://jenkins.opencord.org/static/8d0f081d/images/headshot.png"
-https_dl_cksum: "sha256:690e82fb98ffb2b4b232d9b9cf9cc52eb7972e56a84902f6d1150b75456058c6"
-
diff --git a/roles/prereqs-common/tasks/main.yml b/roles/prereqs-common/tasks/main.yml
index f9ac2cd..c4478e2 100644
--- a/roles/prereqs-common/tasks/main.yml
+++ b/roles/prereqs-common/tasks/main.yml
@@ -30,7 +30,10 @@
- name: DNS Global Root Connectivity Check
shell: "dig @{{ item }} +trace +short {{ dns_check_domain }} | grep {{ dns_check_ipv4 }}"
- with_items: "{{ dns_roots }}"
+ with_items:
+ - 192.5.5.241
+ - 198.41.0.4
+ - 199.7.91.13
register: dns_global_check_result
until: dns_global_check_result.rc == 0
retries: 3
@@ -40,16 +43,16 @@
- name: HTTP Download Check
get_url:
- url: "{{ http_dl_url }}"
- checksum: "{{ http_dl_cksum }}"
+ url: "http://cord.staging.wpengine.com/wp-content/uploads/2016/07/cord-tm-logo.png"
+ checksum: "sha256:099c777e4c8ad76a066299159622b4fa6bd2515cefafc2851df67f7f4cce6ee8"
dest: /tmp/http_dl_check
retries: 3
delay: 1
- name: HTTPS Download Check
get_url:
- url: "{{ https_dl_url }}"
- checksum: "{{ https_dl_cksum }}"
+ url: "https://jenkins.opencord.org/static/8d0f081d/images/headshot.png"
+ checksum: "sha256:690e82fb98ffb2b4b232d9b9cf9cc52eb7972e56a84902f6d1150b75456058c6"
dest: /tmp/https_dl_check
retries: 3
delay: 1
diff --git a/roles/ssh-pki/tasks/main.yml b/roles/ssh-pki/tasks/main.yml
index 2cc7c64..df6ced0 100644
--- a/roles/ssh-pki/tasks/main.yml
+++ b/roles/ssh-pki/tasks/main.yml
@@ -1,8 +1,9 @@
---
# ssh-pki/tasks/main.yml
+# if this step fails, may need to include `create-configdir-become` role to
+# create directories using become.
- name: Create SSH CA Directory
- become: yes
file:
dest: "{{ item }}"
state: directory
diff --git a/roles/xos-test-restore-db/defaults/main.yml b/roles/xos-test-restore-db/defaults/main.yml
new file mode 100644
index 0000000..e16ee75
--- /dev/null
+++ b/roles/xos-test-restore-db/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+# xos-test-restore-db/defaults/main.yml
+
+xos_admin_user: "xosadmin@opencord.org"
+