├── .gitignore ├── .gitreview ├── CONTRIBUTING.rst ├── LICENSE ├── README.rst ├── Vagrantfile ├── bindep.txt ├── defaults └── main.yml ├── doc ├── Makefile ├── requirements.txt └── source │ ├── _static │ └── .gitkeep │ ├── conf.py │ └── index.rst ├── examples └── playbook.yml ├── files └── gpg │ ├── 61E8806C │ ├── 764429E6 │ ├── EC4926EA │ └── FEE4EECB ├── filter_plugins └── osa-filter.py ├── handlers └── main.yml ├── manual-test.rc ├── meta ├── main.yml └── openstack-ansible.yml ├── releasenotes ├── notes │ ├── .placeholder │ ├── RFC1034-5_hostname-1ee18e06e8f57853.yaml │ ├── ability-to-add-extra-package-manager-configuration-815b7959870479e7.yaml │ ├── apt_repo-097cb34c12e60207.yaml │ ├── blockinfile_hosts_file-0959a64a030c8888.yaml │ ├── centos-minimum-8-3-cd80894c463ed00f.yaml │ ├── centos-mirror-url-7698160e63aedce6.yaml │ ├── centos-mirror-url-variable-c072a6ab21054093.yaml │ ├── configurable-conntrack-max-44e3d1af4921bdf0.yaml │ ├── custom_hosts_records-06236cf62a238fc2.yaml │ ├── deploy-hosts-file-657a385568f3df9c.yaml │ ├── deprecate-openstack-host-apt-packages-b4d7af53d55d980d.yaml │ ├── do_not_add_localhost_to_hosts-36e365b95dc9da42.yaml │ ├── ensure-security-groups-always-applied-eb6e3bdc7b77f022.yaml │ ├── fastestmirror-configurable-08e075f8602164e5.yaml │ ├── focal_distro_install-921cc6052ae69b27.yaml │ ├── global-apt-pins-a0d6785a8fd662df.yaml │ ├── journald_config-e3b0e5060dd5f6e7.yaml │ ├── openstack-release-file-changes-ef4b28d46378fd7a.yaml │ ├── openstack_hosts_systemd-4f47056a732820bd.yaml │ ├── package-list-name-changes-fdf9c6573bfa1083.yaml │ ├── package-state-b41a0e911ad95d1c.yaml │ ├── path-customization-e7e0ae0f93e5283b.yaml │ ├── persistend-systemd-journals-c1874b52ad666744.yaml │ ├── remove-lvm-config-from-openstack-hosts-efb7d0b3a22d49df.yaml │ ├── remove-proxy-no-cache-9b514030c87e7d1b.yaml │ ├── requests_ca_bundle-1a678a22b3375976.yaml │ ├── specific_kernel_modules_with_group_vars-8d169f564ffd450c.yaml │ ├── static_uca_filename-849a6f491acae9c5.yaml │ ├── sysstat-centos-opensuse-running-0be396c60a513562.yaml │ ├── tcp_retries-bf32bab6e50fa97a.yaml │ ├── use-pip-distro-packages-2505f6e630a94850.yaml │ └── user-ca-certificates-b1be1257809ba5e8.yaml └── source │ ├── _static │ └── .placeholder │ ├── _templates │ └── .placeholder │ ├── conf.py │ ├── index.rst │ ├── mitaka.rst │ ├── newton.rst │ ├── ocata.rst │ ├── pike.rst │ ├── queens.rst │ ├── rocky.rst │ ├── stein.rst │ ├── train.rst │ ├── unreleased.rst │ ├── ussuri.rst │ └── zed.rst ├── run_tests.sh ├── tasks ├── configure_metal_hosts.yml ├── main.yml ├── openstack_authorized_keys.yml ├── openstack_gitconfig.yml ├── openstack_hosts_configure_apt.yml ├── openstack_hosts_configure_dnf.yml ├── openstack_hosts_configure_yum.yml ├── openstack_hosts_systemd.yml ├── openstack_release.yml ├── openstack_sysstat.yml └── openstack_update_hosts_file.yml ├── templates ├── environment.j2 ├── gitconfig.j2 ├── modprobe.conf.j2 ├── openstack-release.j2 ├── osa.vendors.j2 ├── sudoers.j2 ├── sysstat.cron.debian.j2 ├── sysstat.cron.redhat.j2 ├── sysstat.default.j2 └── systemd-environment.j2 ├── tests ├── ansible-role-requirements.yml ├── group_vars │ └── all.yml ├── inventory ├── openstack_hosts-overrides.yml ├── templates │ └── openssl.conf.j2 ├── test-create-ca.yml └── test.yml ├── tox.ini ├── vars ├── debian.yml ├── redhat-9.yml └── ubuntu.yml └── zuul.d └── project.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | # Add patterns in here to exclude files created by tools integrated with this 2 | # repository, such as test frameworks from the project's recommended workflow, 3 | # rendered documentation and package builds. 4 | # 5 | # Don't add patterns to exclude files created by preferred personal tools 6 | # (editors, IDEs, your operating system itself even). These should instead be 7 | # maintained outside the repository, for example in a ~/.gitignore file added 8 | # with: 9 | # 10 | # git config --global core.excludesfile '~/.gitignore' 11 | 12 | # Compiled source # 13 | ################### 14 | *.com 15 | *.class 16 | *.dll 17 | *.exe 18 | *.o 19 | *.so 20 | *.pyc 21 | build/ 22 | dist/ 23 | doc/build/ 24 | 25 | # Packages # 26 | ############ 27 | # it's better to unpack these files and commit the raw source 28 | # git has its own built in compression methods 29 | *.7z 30 | *.dmg 31 | *.gz 32 | *.iso 33 | *.jar 34 | *.rar 35 | *.tar 36 | *.zip 37 | 38 | # Logs and databases # 39 | ###################### 40 | *.log 41 | *.sql 42 | *.sqlite 43 | logs/* 44 | 45 | # OS generated files # 46 | ###################### 47 | ._* 48 | .tox 49 | *.egg-info 50 | .eggs 51 | .ansible 52 | 53 | # Generated by pbr while building docs 54 | ###################################### 55 | AUTHORS 56 | ChangeLog 57 | 58 | # Files created by releasenotes build 59 | releasenotes/build 60 | 61 | # Test temp files 62 | tests/common 63 | tests/*.retry 64 | 65 | # Vagrant artifacts 66 | .vagrant 67 | 68 | # Git clones 69 | openstack-ansible-ops 70 | previous 71 | -------------------------------------------------------------------------------- /.gitreview: -------------------------------------------------------------------------------- 1 | [gerrit] 2 | host=review.opendev.org 3 | port=29418 4 | project=openstack/openstack-ansible-openstack_hosts.git 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.rst: -------------------------------------------------------------------------------- 1 | The source repository for this project can be found at: 2 | 3 | https://opendev.org/openstack/openstack-ansible-openstack_hosts 4 | 5 | Pull requests submitted through GitHub are not monitored. 6 | 7 | To start contributing to OpenStack, follow the steps in the contribution guide 8 | to set up and use Gerrit: 9 | 10 | https://docs.openstack.org/contributors/code-and-documentation/quick-start.html 11 | 12 | Bugs should be filed on Launchpad: 13 | 14 | https://bugs.launchpad.net/openstack-ansible 15 | 16 | For more specific information about contributing to this repository, see the 17 | openstack-ansible contributor guide: 18 | 19 | https://docs.openstack.org/openstack-ansible/latest/contributor/contributing.html 20 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | ================================= 2 | OpenStack-Ansible openstack_hosts 3 | ================================= 4 | 5 | Role for basic setup and configuration of a host machine for use 6 | within OpenStack. This role tunes a host to receive OpenStack. The 7 | basic operations within the role install, set up, and tune specific 8 | kernel options that all OpenStack hosts need to perform nominally. 9 | 10 | Documentation for the project can be found at: 11 | https://docs.openstack.org/openstack-ansible-openstack_hosts/latest/ 12 | 13 | Release notes for the project can be found at: 14 | https://docs.openstack.org/releasenotes/openstack-ansible-openstack_hosts/ 15 | 16 | The project source code repository is located at: 17 | https://opendev.org/openstack/openstack-ansible-openstack_hosts/ 18 | 19 | The project home is at: 20 | https://launchpad.net/openstack-ansible 21 | 22 | The project bug tracker is located at: 23 | https://bugs.launchpad.net/openstack-ansible 24 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # Note: 2 | # This file is maintained in the openstack-ansible-tests repository. 3 | # https://opendev.org/openstack/openstack-ansible-tests/src/Vagrantfile 4 | # 5 | # If you need to perform any change on it, you should modify the central file, 6 | # then, an OpenStack CI job will propagate your changes to every OSA repository 7 | # since every repo uses the same Vagrantfile 8 | 9 | # Verify whether required plugins are installed. 10 | required_plugins = [ "vagrant-disksize" ] 11 | required_plugins.each do |plugin| 12 | if not Vagrant.has_plugin?(plugin) 13 | raise "The vagrant plugin #{plugin} is required. Please run `vagrant plugin install #{plugin}`" 14 | end 15 | end 16 | 17 | Vagrant.configure(2) do |config| 18 | config.vm.provider "virtualbox" do |v| 19 | v.memory = 6144 20 | v.cpus = 2 21 | # https://github.com/hashicorp/vagrant/issues/9524 22 | v.customize ["modifyvm", :id, "--audio", "none"] 23 | end 24 | 25 | config.vm.synced_folder ".", "/vagrant", type: "rsync" 26 | 27 | config.vm.provision "shell", 28 | privileged: false, 29 | inline: <<-SHELL 30 | cd /vagrant 31 | ./run_tests.sh 32 | SHELL 33 | 34 | config.vm.define "centos8" do |centos8| 35 | centos8.vm.box = "centos/8" 36 | end 37 | 38 | config.vm.define "debian10" do |debian10| 39 | debian10.vm.box = "debian/buster64" 40 | end 41 | 42 | config.vm.define "ubuntu2004" do |focal| 43 | focal.disksize.size = "40GB" 44 | focal.vm.box = "ubuntu/focal64" 45 | end 46 | end 47 | -------------------------------------------------------------------------------- /bindep.txt: -------------------------------------------------------------------------------- 1 | # This file facilitates OpenStack-CI package installation 2 | # before the execution of any tests. 3 | # 4 | # See the following for details: 5 | # - https://docs.openstack.org/infra/bindep/ 6 | # - https://opendev.org/openstack-infra/bindep 7 | # 8 | # Even if the role does not make use of this facility, it 9 | # is better to have this file empty, otherwise OpenStack-CI 10 | # will fall back to installing its default packages which 11 | # will potentially be detrimental to the tests executed. 12 | # 13 | # Note: 14 | # This file is maintained in the openstack-ansible-tests repository. 15 | # https://opendev.org/openstack/openstack-ansible-tests/src/bindep.txt 16 | # If you need to remove or add extra dependencies, you should modify 17 | # the central file instead and once your change is accepted then update 18 | # this file as well. The purpose of this file is to ensure that Python and 19 | # Ansible have all their necessary binary requirements on the test host before 20 | # tox executes. Any binary requirements needed by services/roles should be 21 | # installed by those roles in their applicable package install tasks, not through 22 | # using this file. 23 | # 24 | 25 | # The gcc compiler 26 | gcc 27 | 28 | # Base requirements for Ubuntu 29 | git-core [platform:dpkg] 30 | libssl-dev [platform:dpkg] 31 | libffi-dev [platform:dpkg] 32 | python3 [platform:dpkg] 33 | python3-apt [platform:dpkg] 34 | python3-dev [platform:dpkg] 35 | 36 | # Base requirements for RPM distros 37 | gcc-c++ [platform:rpm] 38 | git [platform:rpm] 39 | libffi-devel [platform:rpm] 40 | openssl-devel [platform:rpm] 41 | python3-dnf [platform:fedora] 42 | python3-devel [platform:rpm] 43 | 44 | # For SELinux 45 | libselinux-python3 [platform:redhat] 46 | libsemanage-python3 [platform:redhat] 47 | iptables [platform:redhat] 48 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # Package cache 17 | cache_timeout: 600 18 | 19 | # /etc/openstack-release settings 20 | openstack_distrib_id: "OSA" 21 | openstack_distrib_release: "{{ openstack_release | default('master') }}" 22 | openstack_distrib_code_name: "Epoxy" 23 | openstack_distrib_description: "OpenStack-Ansible" 24 | openstack_distrib_file: true 25 | openstack_distrib_file_path: "/etc/openstack-release" 26 | 27 | openstack_host_sysstat_enabled: true 28 | openstack_host_sysstat_interval: 1 29 | openstack_host_sysstat_statistics_hour: 23 30 | 31 | # Set the package install state for distribution packages 32 | # Options are 'present' and 'latest' 33 | openstack_hosts_package_state: "{{ package_state | default('present') }}" 34 | 35 | ## Enable/disable /etc/hosts file management on OSA managed hosts 36 | ## You should make other arrangements for name resolution 37 | ## of OSA containers and hosts if disabling these 38 | openstack_host_manage_hosts_file: true 39 | ## Enable/disable /etc/hosts file management on OSA deploy host 40 | openstack_host_manage_deploy_hosts_file: true 41 | ## Provide extra records to /etc/hosts file that would be added 42 | ## to all hosts, if openstack_host_manage_hosts_file is true 43 | ## Example: 44 | ## openstack_host_custom_hosts_records: 45 | ## - '192.168.1.1 my.fqdn' 46 | openstack_host_custom_hosts_records: [] 47 | 48 | ## kernel modules for specific group hosts 49 | openstack_host_specific_kernel_modules: [] 50 | # If you want to include some specific modules per group 51 | # of hosts, override this with a group/host var, like below: 52 | # openstack_host_specific_kernel_modules: 53 | # - name: "ebtables" 54 | # pattern: "CONFIG_BRIDGE_NF_EBTABLES" 55 | ## Where: 56 | ## :param name: name of the kernel module 57 | ## :param pattern: pattern to grep for in /boot/config-$kernel_version to check how module is configured inside kernel 58 | ## Our default overrides will be combined with your overrides. 59 | 60 | # Overridable package list is composed of the old override 61 | # named user_package_list and the standard defaults _openstack_hosts_package_list 62 | openstack_hosts_package_list: "{{ _openstack_hosts_package_list + (user_package_list | default([])) }}" 63 | 64 | # Overridable package repo is composed of the old override 65 | # named user_external_repo_lists and the standard defaults _package_repos 66 | openstack_hosts_package_repos: "{{ _package_repos + (user_external_repos_list | default([])) }}" 67 | 68 | # Overridable package vendors is composed of the old override named 69 | # user_external_vendors_lists and the standard defaults 70 | # _package_vendors 71 | openstack_hosts_package_vendors: "{{ (_package_vendors | default([])) + (user_external_vendors_list | default([])) }}" 72 | 73 | # Overridable package repo gpg is composed of the old override 74 | # named user_external_repo_keys_list and the standard defaults _package_repos_keys 75 | openstack_hosts_package_repos_keys: "{{ _package_repos_keys + (user_external_repo_keys_list | default([])) }}" 76 | 77 | # Mappings from Ansible reported architecture to distro release architecture 78 | openstack_architecture_mapping: 79 | x86_64: amd64 80 | ppc64le: ppc64el 81 | s390x: s390x 82 | armv7l: armhf 83 | aarch64: arm64 84 | 85 | # The following garbage collection values are set to better support lots of neutron networks/routers. 86 | # Used for setting the net.ipv4/6.neigh.default.gc_thresh* values. This assumes that facts were 87 | # gathered to obtain the total amount of memory available on a given host. If no facts are gathered 88 | # the default set will be 1024 unless its defined by the user. 89 | gc_val: "{{ ansible_facts['memtotal_mb'] | default(1024) | bit_length_power_of_2 }}" 90 | # The ste value has a Max allowable value of 8192 unless set by the user. 91 | set_gc_val: "{{ gc_val if (gc_val | int <= 8192) else 8192 }}" 92 | 93 | # Controls the shell search PATH environment variable dropped in 94 | # /etc/environment 95 | openstack_host_environment_path: 96 | - /usr/local/sbin 97 | - /usr/local/bin 98 | - /usr/sbin 99 | - /usr/bin 100 | - /sbin 101 | - /bin 102 | - /usr/games 103 | - /usr/local/games 104 | 105 | # Allows the ability to override or add extra parameters to the systemd global config 106 | # that will be applied by default to all units 107 | openstack_systemd_global_overrides: {} 108 | 109 | # Set the level of reverse path filtering to use 110 | openstack_host_rp_filter_all: 0 111 | openstack_host_rp_filter_default: 0 112 | 113 | # Set the maximum size of the connection tracking table. 114 | openstack_host_nf_conntrack_max: 262144 115 | 116 | # System control kernel tuning 117 | openstack_kernel_options: 118 | - { key: "fs.inotify.max_user_watches", value: 1048576 } 119 | - { key: "net.ipv4.conf.all.rp_filter", value: "{{ openstack_host_rp_filter_all }}" } 120 | - { key: "net.ipv4.conf.default.rp_filter", value: "{{ openstack_host_rp_filter_default }}" } 121 | - { key: "net.ipv4.ip_forward", value: 1 } 122 | - { key: "net.netfilter.nf_conntrack_max", value: "{{ openstack_host_nf_conntrack_max }}" } 123 | - { key: "vm.dirty_background_ratio", value: 5 } 124 | - { key: "vm.dirty_ratio", value: 10 } 125 | - { key: "vm.swappiness", value: 5 } 126 | - { key: "net.bridge.bridge-nf-call-ip6tables", value: 1 } 127 | - { key: "net.bridge.bridge-nf-call-iptables", value: 1 } 128 | - { key: "net.bridge.bridge-nf-call-arptables", value: 1 } 129 | - { key: "net.ipv4.igmp_max_memberships", value: 1024 } 130 | - { key: "net.ipv4.neigh.default.gc_thresh1", value: "{{ set_gc_val | int // 2 }}" } 131 | - { key: "net.ipv4.neigh.default.gc_thresh2", value: "{{ set_gc_val | int }}" } 132 | - { key: "net.ipv4.neigh.default.gc_thresh3", value: "{{ set_gc_val | int * 2 }}" } 133 | - { key: "net.ipv4.route.gc_thresh", value: "{{ set_gc_val | int * 2 }}" } 134 | - { key: "net.ipv4.neigh.default.gc_interval", value: 60 } 135 | - { key: "net.ipv4.neigh.default.gc_stale_time", value: 120 } 136 | - { key: "net.ipv6.neigh.default.gc_thresh1", value: "{{ set_gc_val | int // 2 }}" } 137 | - { key: "net.ipv6.neigh.default.gc_thresh2", value: "{{ set_gc_val | int }}" } 138 | - { key: "net.ipv6.neigh.default.gc_thresh3", value: "{{ set_gc_val | int * 2 }}" } 139 | - { key: "net.ipv6.route.gc_thresh", value: "{{ set_gc_val | int * 2 }}" } 140 | - { key: "net.ipv6.neigh.default.gc_interval", value: 60 } 141 | - { key: "net.ipv6.neigh.default.gc_stale_time", value: 120 } 142 | - { key: "net.ipv6.conf.lo.disable_ipv6", value: 0 } 143 | - { key: "fs.aio-max-nr", value: 131072 } 144 | 145 | # Optional user defined list of sysctl options in the same dict item format as 146 | # above. 147 | openstack_user_kernel_options: [] 148 | 149 | # User defined list of extra packages to install on all hosts and containers 150 | openstack_host_extra_distro_packages: [] 151 | 152 | # Overridable set of packages to install on all hosts and containers. 153 | openstack_host_distro_packages: "{{ _openstack_host_distro_packages }}" 154 | 155 | # User defined list of extra packages to install on the host 156 | openstack_host_extra_metal_distro_packages: [] 157 | 158 | # Overridable set of packages to install on the host. 159 | openstack_host_metal_distro_packages: "{{ _openstack_host_metal_distro_packages }}" 160 | 161 | # Set the openstack domain name 162 | openstack_domain: openstack.local 163 | 164 | # Global environment variables should be empty by default 165 | global_environment_variables: {} 166 | 167 | # Set the default mode for the /etc/cron.d/sysstat file 168 | openstack_host_sysstat_cron_mode: "0755" 169 | 170 | ## Default repositories data 171 | # Set default mirror for CentOS repositories 172 | # NOTE(mhayden): Ensure that the full path to the 'centos' directory is used. 173 | openstack_hosts_centos_mirror_url: "{{ centos_mirror_url | default('http://mirror.centos.org/centos') }}" 174 | # openstack_hosts_rdo_repo_type can be trunk or cloudsig 175 | openstack_hosts_rdo_repo_type: trunk 176 | openstack_hosts_rdo_mirror_url: "https://trunk.rdoproject.org" 177 | openstack_hosts_rdo_repo_url: "{{ _openstack_hosts_rdo_repo_url }}" 178 | openstack_hosts_rdo_deps_url: "{{ _openstack_hosts_rdo_deps_url }}" 179 | openstack_hosts_power_tool_enable: >- 180 | {{ ('repo_all' in groups or 'manila_all' in groups or 'gnocchi_all' in groups or install_method | default('source') == 'distro') }} 181 | 182 | # Keep a history of systemd journals on disk after reboots 183 | openstack_host_keep_journals: true 184 | # Define arbitrary configration for systemd-journald 185 | openstack_hosts_journald_config: {} 186 | # Enable/Disable the yum fastestmirror plugin 187 | openstack_hosts_enable_yum_fastestmirror: true 188 | 189 | # user supplied list of CA certificates to copy to hosts from the deploy host 190 | # example: 191 | # - name: SnakeOilCorp.crt #the filename created on the target host (must be .crt on Ubuntu) 192 | # src: /etc/ssl/certs/snake-oil-cert-latest.pem #the source file on the deploy host 193 | openstack_host_ca_certificates: [] 194 | 195 | # Path to the file with trusted CA that will be used by python requests module 196 | openstack_ca_bundle_path: "{{ _openstack_ca_bundle_path }}" 197 | 198 | # extra configuration for OS package manager 199 | openstack_hosts_package_manager_default_conf: "{{ _openstack_hosts_package_manager_default_conf | default('') }}" 200 | openstack_hosts_package_manager_extra_conf: "" 201 | 202 | # apt pins to apply to all hosts in the deployment 203 | # the default is to make ceph packages from UCA lower priority than those from the ubuntu distro repo 204 | openstack_hosts_apt_pinned_packages: 205 | - package: "src:ceph" 206 | origin: "ubuntu-cloud.archive.canonical.com" 207 | priority: 400 208 | # NOTE(noonedeadpunk): Remove once https://bugs.launchpad.net/cloud-archive/+bug/2064798 sorted out 209 | - package: "python3-pluggy" 210 | release: Canonical,n={{ ansible_facts['lsb']['codename'] }}-updates/{{ openstack_distrib_code_name | lower }} 211 | priority: 400 212 | 213 | # Define extra systemd services/networks/mounts 214 | openstack_hosts_systemd_mounts: [] 215 | # Systemd networks can be configured only on bare metal hosts 216 | # systemd-networkd role won't run inside containers. 217 | openstack_hosts_systemd_networkd_devices: [] 218 | openstack_hosts_systemd_networkd_networks: [] 219 | openstack_hosts_systemd_networkd_prefix: openstack-net 220 | openstack_hosts_systemd_services: [] 221 | openstack_hosts_systemd_slice: "openstack-hosts" 222 | 223 | # define this variable to specify directories that are 'safe' for git clone 224 | # during pip install, typically only required for CI jobs or when the 225 | # openstack service repos are pre-staged/bind-mounted into LXC containers 226 | # and referenced using the file:// method. 227 | # openstack_hosts_git_safe_directories: 228 | # - "*" 229 | 230 | openstack_hosts_sysctl_file: "{{ openstack_sysctl_file | default('/etc/sysctl.conf') }}" 231 | -------------------------------------------------------------------------------- /doc/Makefile: -------------------------------------------------------------------------------- 1 | # Makefile for Sphinx documentation 2 | # 3 | 4 | # You can set these variables from the command line. 5 | SPHINXOPTS = 6 | SPHINXBUILD = sphinx-build 7 | PAPER = 8 | BUILDDIR = build 9 | 10 | # User-friendly check for sphinx-build 11 | ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) 12 | $(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/) 13 | endif 14 | 15 | # Internal variables. 16 | PAPEROPT_a4 = -D latex_paper_size=a4 17 | PAPEROPT_letter = -D latex_paper_size=letter 18 | ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source 19 | # the i18n builder cannot share the environment and doctrees with the others 20 | I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source 21 | 22 | .PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest coverage gettext 23 | 24 | help: 25 | @echo "Please use \`make ' where is one of" 26 | @echo " html to make standalone HTML files" 27 | @echo " dirhtml to make HTML files named index.html in directories" 28 | @echo " singlehtml to make a single large HTML file" 29 | @echo " pickle to make pickle files" 30 | @echo " json to make JSON files" 31 | @echo " htmlhelp to make HTML files and a HTML help project" 32 | @echo " qthelp to make HTML files and a qthelp project" 33 | @echo " applehelp to make an Apple Help Book" 34 | @echo " devhelp to make HTML files and a Devhelp project" 35 | @echo " epub to make an epub" 36 | @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" 37 | @echo " latexpdf to make LaTeX files and run them through pdflatex" 38 | @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" 39 | @echo " text to make text files" 40 | @echo " man to make manual pages" 41 | @echo " texinfo to make Texinfo files" 42 | @echo " info to make Texinfo files and run them through makeinfo" 43 | @echo " gettext to make PO message catalogs" 44 | @echo " changes to make an overview of all changed/added/deprecated items" 45 | @echo " xml to make Docutils-native XML files" 46 | @echo " pseudoxml to make pseudoxml-XML files for display purposes" 47 | @echo " linkcheck to check all external links for integrity" 48 | @echo " doctest to run all doctests embedded in the documentation (if enabled)" 49 | @echo " coverage to run coverage check of the documentation (if enabled)" 50 | 51 | clean: 52 | rm -rf $(BUILDDIR)/* 53 | 54 | html: 55 | $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html 56 | @echo 57 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." 58 | 59 | dirhtml: 60 | $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml 61 | @echo 62 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." 63 | 64 | singlehtml: 65 | $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml 66 | @echo 67 | @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." 68 | 69 | pickle: 70 | $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle 71 | @echo 72 | @echo "Build finished; now you can process the pickle files." 73 | 74 | json: 75 | $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json 76 | @echo 77 | @echo "Build finished; now you can process the JSON files." 78 | 79 | htmlhelp: 80 | $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp 81 | @echo 82 | @echo "Build finished; now you can run HTML Help Workshop with the" \ 83 | ".hhp project file in $(BUILDDIR)/htmlhelp." 84 | 85 | qthelp: 86 | $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp 87 | @echo 88 | @echo "Build finished; now you can run "qcollectiongenerator" with the" \ 89 | ".qhcp project file in $(BUILDDIR)/qthelp, like this:" 90 | @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/openstack-ansible-openstack_hosts.qhcp" 91 | @echo "To view the help file:" 92 | @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/openstack-ansible-openstack_hosts.qhc" 93 | 94 | applehelp: 95 | $(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp 96 | @echo 97 | @echo "Build finished. The help book is in $(BUILDDIR)/applehelp." 98 | @echo "N.B. You won't be able to view it unless you put it in" \ 99 | "~/Library/Documentation/Help or install it in your application" \ 100 | "bundle." 101 | 102 | devhelp: 103 | $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp 104 | @echo 105 | @echo "Build finished." 106 | @echo "To view the help file:" 107 | @echo "# mkdir -p $$HOME/.local/share/devhelp/openstack-ansible-openstack_hosts" 108 | @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/openstack-ansible-openstack_hosts" 109 | @echo "# devhelp" 110 | 111 | epub: 112 | $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub 113 | @echo 114 | @echo "Build finished. The epub file is in $(BUILDDIR)/epub." 115 | 116 | latex: 117 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 118 | @echo 119 | @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." 120 | @echo "Run \`make' in that directory to run these through (pdf)latex" \ 121 | "(use \`make latexpdf' here to do that automatically)." 122 | 123 | latexpdf: 124 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 125 | @echo "Running LaTeX files through pdflatex..." 126 | $(MAKE) -C $(BUILDDIR)/latex all-pdf 127 | @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." 128 | 129 | latexpdfja: 130 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 131 | @echo "Running LaTeX files through platex and dvipdfmx..." 132 | $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja 133 | @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." 134 | 135 | text: 136 | $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text 137 | @echo 138 | @echo "Build finished. The text files are in $(BUILDDIR)/text." 139 | 140 | man: 141 | $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man 142 | @echo 143 | @echo "Build finished. The manual pages are in $(BUILDDIR)/man." 144 | 145 | texinfo: 146 | $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo 147 | @echo 148 | @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." 149 | @echo "Run \`make' in that directory to run these through makeinfo" \ 150 | "(use \`make info' here to do that automatically)." 151 | 152 | info: 153 | $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo 154 | @echo "Running Texinfo files through makeinfo..." 155 | make -C $(BUILDDIR)/texinfo info 156 | @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." 157 | 158 | gettext: 159 | $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale 160 | @echo 161 | @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." 162 | 163 | changes: 164 | $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes 165 | @echo 166 | @echo "The overview file is in $(BUILDDIR)/changes." 167 | 168 | linkcheck: 169 | $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck 170 | @echo 171 | @echo "Link check complete; look for any errors in the above output " \ 172 | "or in $(BUILDDIR)/linkcheck/output.txt." 173 | 174 | doctest: 175 | $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest 176 | @echo "Testing of doctests in the sources finished, look at the " \ 177 | "results in $(BUILDDIR)/doctest/output.txt." 178 | 179 | coverage: 180 | $(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage 181 | @echo "Testing of coverage in the sources finished, look at the " \ 182 | "results in $(BUILDDIR)/coverage/python.txt." 183 | 184 | xml: 185 | $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml 186 | @echo 187 | @echo "Build finished. The XML files are in $(BUILDDIR)/xml." 188 | 189 | pseudoxml: 190 | $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml 191 | @echo 192 | @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." 193 | 194 | livehtml: html 195 | sphinx-autobuild -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html 196 | -------------------------------------------------------------------------------- /doc/requirements.txt: -------------------------------------------------------------------------------- 1 | # The order of packages is significant, because pip processes them in the order 2 | # of appearance. Changing the order has an impact on the overall integration 3 | # process, which may cause wedges in the gate later. 4 | 5 | # WARNING: 6 | # This file is maintained in the openstack-ansible-tests repository. 7 | # https://opendev.org/openstack/openstack-ansible-tests/src/branch/master/sync/doc/requirements.txt 8 | # If you need to modify this file, update the one in the 9 | # openstack-ansible-tests repository. Once it merges there, the changes will 10 | # automatically be proposed to all the repositories which use it. 11 | 12 | sphinx>=2.0.0,!=2.1.0 # BSD 13 | sphinxcontrib-svg2pdfconverter>=0.1.0 # BSD 14 | openstackdocstheme>=2.2.1 # Apache-2.0 15 | reno>=3.1.0 # Apache-2.0 16 | doc8>=0.6.0 # Apache-2.0 17 | -------------------------------------------------------------------------------- /doc/source/_static/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-ansible-openstack_hosts/6dec5c274590c574c2699f28b06089f050bc5769/doc/source/_static/.gitkeep -------------------------------------------------------------------------------- /doc/source/conf.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | # implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # This file is execfile()d with the current directory set to its 17 | # containing dir. 18 | # 19 | # Note that not all possible configuration values are present in this 20 | # autogenerated file. 21 | # 22 | # All configuration values have a default; values that are commented out 23 | # serve to show the default. 24 | 25 | # If extensions (or modules to document with autodoc) are in another directory, 26 | # add these directories to sys.path here. If the directory is relative to the 27 | # documentation root, use os.path.abspath to make it absolute, like shown here. 28 | # sys.path.insert(0, os.path.abspath('.')) 29 | 30 | # -- General configuration ------------------------------------------------ 31 | 32 | # If your documentation needs a minimal Sphinx version, state it here. 33 | # needs_sphinx = '1.0' 34 | 35 | # Add any Sphinx extension module names here, as strings. They can be 36 | # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom 37 | # ones. 38 | extensions = [ 39 | 'openstackdocstheme', 40 | 'sphinx.ext.autodoc', 41 | 'sphinxcontrib.rsvgconverter', 42 | ] 43 | 44 | # Add any paths that contain templates here, relative to this directory. 45 | templates_path = ['_templates'] 46 | 47 | # The suffix(es) of source filenames. 48 | # You can specify multiple suffix as a list of string: 49 | # source_suffix = ['.rst', '.md'] 50 | source_suffix = '.rst' 51 | 52 | # The encoding of source files. 53 | # source_encoding = 'utf-8-sig' 54 | 55 | # The master toctree document. 56 | master_doc = 'index' 57 | 58 | # General information about the project. 59 | author = 'OpenStack-Ansible Contributors' 60 | category = 'Miscellaneous' 61 | copyright = '2014-2016, OpenStack-Ansible Contributors' 62 | description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.' 63 | project = 'OpenStack-Ansible' 64 | role_name = 'openstack_hosts' 65 | target_name = 'openstack-ansible-' + role_name 66 | title = 'OpenStack-Ansible Documentation: ' + role_name + ' role' 67 | 68 | # openstackdocstheme options 69 | openstackdocs_repo_name = 'openstack/' + target_name 70 | openstackdocs_pdf_link = True 71 | openstackdocs_bug_project = project.lower() 72 | openstackdocs_bug_tag = '' 73 | 74 | # The language for content autogenerated by Sphinx. Refer to documentation 75 | # for a list of supported languages. 76 | # 77 | # This is also used if you do content translation via gettext catalogs. 78 | # Usually you set "language" from the command line for these cases. 79 | language = 'en' 80 | 81 | # There are two options for replacing |today|: either, you set today to some 82 | # non-false value, then it is used: 83 | # today = '' 84 | # Else, today_fmt is used as the format for a strftime call. 85 | # today_fmt = '%B %d, %Y' 86 | 87 | # List of patterns, relative to source directory, that match files and 88 | # directories to ignore when looking for source files. 89 | exclude_patterns = [] 90 | 91 | # The reST default role (used for this markup: `text`) to use for all 92 | # documents. 93 | # default_role = None 94 | 95 | # If true, '()' will be appended to :func: etc. cross-reference text. 96 | # add_function_parentheses = True 97 | 98 | # If true, the current module name will be prepended to all description 99 | # unit titles (such as .. function::). 100 | # add_module_names = True 101 | 102 | # If true, sectionauthor and moduleauthor directives will be shown in the 103 | # output. They are ignored by default. 104 | # show_authors = False 105 | 106 | # The name of the Pygments (syntax highlighting) style to use. 107 | pygments_style = 'native' 108 | 109 | # A list of ignored prefixes for module index sorting. 110 | # modindex_common_prefix = [] 111 | 112 | # If true, keep warnings as "system message" paragraphs in the built documents. 113 | # keep_warnings = False 114 | 115 | # If true, `todo` and `todoList` produce output, else they produce nothing. 116 | todo_include_todos = False 117 | 118 | 119 | # -- Options for HTML output ---------------------------------------------- 120 | 121 | # The theme to use for HTML and HTML Help pages. See the documentation for 122 | # a list of builtin themes. 123 | html_theme = 'openstackdocs' 124 | 125 | # Theme options are theme-specific and customize the look and feel of a theme 126 | # further. For a list of options available for each theme, see the 127 | # documentation. 128 | # html_theme_options = {} 129 | 130 | # Add any paths that contain custom themes here, relative to this directory. 131 | # html_theme_path = [] 132 | 133 | # The name for this set of Sphinx documents. If None, it defaults to 134 | # " v documentation". 135 | # html_title = None 136 | 137 | # A shorter title for the navigation bar. Default is the same as html_title. 138 | # html_short_title = None 139 | 140 | # The name of an image file (relative to this directory) to place at the top 141 | # of the sidebar. 142 | # html_logo = None 143 | 144 | # The name of an image file (within the static path) to use as favicon of the 145 | # docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 146 | # pixels large. 147 | # html_favicon = None 148 | 149 | # Add any paths that contain custom static files (such as style sheets) here, 150 | # relative to this directory. They are copied after the builtin static files, 151 | # so a file named "default.css" will overwrite the builtin "default.css". 152 | html_static_path = ['_static'] 153 | 154 | # Add any extra paths that contain custom files (such as robots.txt or 155 | # .htaccess) here, relative to this directory. These files are copied 156 | # directly to the root of the documentation. 157 | # html_extra_path = [] 158 | 159 | # If true, SmartyPants will be used to convert quotes and dashes to 160 | # typographically correct entities. 161 | # html_use_smartypants = True 162 | 163 | # Custom sidebar templates, maps document names to template names. 164 | # html_sidebars = {} 165 | 166 | # Additional templates that should be rendered to pages, maps page names to 167 | # template names. 168 | # html_additional_pages = {} 169 | 170 | # If false, no module index is generated. 171 | # html_domain_indices = True 172 | 173 | # If false, no index is generated. 174 | # html_use_index = True 175 | 176 | # If true, the index is split into individual pages for each letter. 177 | # html_split_index = False 178 | 179 | # If true, links to the reST sources are added to the pages. 180 | # html_show_sourcelink = True 181 | 182 | # If true, "Created using Sphinx" is shown in the HTML footer. Default is True. 183 | # html_show_sphinx = True 184 | 185 | # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. 186 | # html_show_copyright = True 187 | 188 | # If true, an OpenSearch description file will be output, and all pages will 189 | # contain a tag referring to it. The value of this option must be the 190 | # base URL from which the finished HTML is served. 191 | # html_use_opensearch = '' 192 | 193 | # This is the file name suffix for HTML files (e.g. ".xhtml"). 194 | # html_file_suffix = None 195 | 196 | # Language to be used for generating the HTML full-text search index. 197 | # Sphinx supports the following languages: 198 | # 'da', 'de', 'en', 'es', 'fi', 'fr', 'h', 'it', 'ja' 199 | # 'nl', 'no', 'pt', 'ro', 'r', 'sv', 'tr' 200 | # html_search_language = 'en' 201 | 202 | # A dictionary with options for the search language support, empty by default. 203 | # Now only 'ja' uses this config value 204 | # html_search_options = {'type': 'default'} 205 | 206 | # The name of a javascript file (relative to the configuration directory) that 207 | # implements a search results scorer. If empty, the default will be used. 208 | # html_search_scorer = 'scorer.js' 209 | 210 | # Output file base name for HTML help builder. 211 | htmlhelp_basename = target_name + '-docs' 212 | 213 | # -- Options for LaTeX output --------------------------------------------- 214 | 215 | latex_elements = { 216 | # The paper size ('letterpaper' or 'a4paper'). 217 | # 'papersize': 'letterpaper', 218 | 219 | # The font size ('10pt', '11pt' or '12pt'). 220 | # 'pointsize': '10pt', 221 | 222 | # Additional stuff for the LaTeX preamble. 223 | # 'preamble': '', 224 | 225 | # Latex figure (float) alignment 226 | # 'figure_align': 'htbp', 227 | } 228 | 229 | # Grouping the document tree into LaTeX files. List of tuples 230 | # (source start file, target name, title, 231 | # author, documentclass [howto, manual, or own class]). 232 | latex_documents = [ 233 | (master_doc, 'doc-' + target_name + '.tex', 234 | title.replace("_", r"\_"), author, 'manual'), 235 | ] 236 | 237 | latex_use_xindy = False 238 | 239 | # The name of an image file (relative to this directory) to place at the top of 240 | # the title page. 241 | # latex_logo = None 242 | 243 | # For "manual" documents, if this is true, then toplevel headings are parts, 244 | # not chapters. 245 | # latex_use_parts = False 246 | 247 | # If true, show page references after internal links. 248 | # latex_show_pagerefs = False 249 | 250 | # If true, show URL addresses after external links. 251 | # latex_show_urls = False 252 | 253 | # Documents to append as an appendix to all manuals. 254 | # latex_appendices = [] 255 | 256 | # If false, no module index is generated. 257 | # latex_domain_indices = True 258 | 259 | 260 | # -- Options for manual page output --------------------------------------- 261 | 262 | # One entry per manual page. List of tuples 263 | # (source start file, name, description, authors, manual section). 264 | man_pages = [ 265 | (master_doc, target_name, 266 | title, [author], 1) 267 | ] 268 | 269 | # If true, show URL addresses after external links. 270 | # man_show_urls = False 271 | 272 | 273 | # -- Options for Texinfo output ------------------------------------------- 274 | 275 | # Grouping the document tree into Texinfo files. List of tuples 276 | # (source start file, target name, title, author, 277 | # dir menu entry, description, category) 278 | texinfo_documents = [ 279 | (master_doc, target_name, 280 | title, author, project, 281 | description, category), 282 | ] 283 | 284 | # Documents to append as an appendix to all manuals. 285 | # texinfo_appendices = [] 286 | 287 | # If false, no module index is generated. 288 | # texinfo_domain_indices = True 289 | 290 | # How to display URL addresses: 'footnote', 'no', or 'inline'. 291 | # texinfo_show_urls = 'footnote' 292 | 293 | # If true, do not generate a @detailmenu in the "Top" node's menu. 294 | # texinfo_no_detailmenu = False 295 | # -- Options for PDF output -------------------------------------------------- 296 | 297 | pdf_documents = [ 298 | (master_doc, target_name, 299 | title, author) 300 | ] 301 | 302 | locale_dirs = ['locale/'] 303 | -------------------------------------------------------------------------------- /doc/source/index.rst: -------------------------------------------------------------------------------- 1 | ================================= 2 | OpenStack-Ansible openstack_hosts 3 | ================================= 4 | 5 | To clone or view the source code for this repository, visit the role repository 6 | for `openstack_hosts `_. 7 | 8 | Default variables 9 | ~~~~~~~~~~~~~~~~~ 10 | 11 | .. literalinclude:: ../../defaults/main.yml 12 | :language: yaml 13 | :start-after: under the License. 14 | 15 | Required variables 16 | ~~~~~~~~~~~~~~~~~~ 17 | 18 | None 19 | 20 | Example playbook 21 | ~~~~~~~~~~~~~~~~ 22 | 23 | .. literalinclude:: ../../examples/playbook.yml 24 | :language: yaml 25 | -------------------------------------------------------------------------------- /examples/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Basic host setup 3 | hosts: "hosts" 4 | user: root 5 | roles: 6 | - { role: "openstack_hosts" } 7 | -------------------------------------------------------------------------------- /files/gpg/61E8806C: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v2 3 | 4 | mQENBFWB31YBCAC4dFmTzBDOcq4R1RbvQXLkyYfF+yXcsMA5kwZy7kjxnFqBoNPv 5 | aAjFm3e5huTw2BMZW0viLGJrHZGnsXsE5iNmzom2UgCtrvcG2f65OFGlC1HZ3ajA 6 | 8ZIfdgNQkPpor61xqBCLzIsp55A7YuPNDvatk/+MqGdNv8Ug7iVmhQvI0p1bbaZR 7 | 0GuavmC5EZ/+mDlZ2kHIQOUoInHqLJaX7iw46iLRUnvJ1vATOzTnKidoFapjhzIt 8 | i4ZSIRaalyJ4sT+oX4CoRzerNnUtIe2k9Hw6cEu4YKGCO7nnuXjMKz7Nz5GgP2Ou 9 | zIA/fcOmQkSGcn7FoXybWJ8DqBExvkJuDljPABEBAAG0bENlbnRPUyBWaXJ0dWFs 10 | aXphdGlvbiBTSUcgKGh0dHA6Ly93aWtpLmNlbnRvcy5vcmcvU3BlY2lhbEludGVy 11 | ZXN0R3JvdXAvVmlydHVhbGl6YXRpb24pIDxzZWN1cml0eUBjZW50b3Mub3JnPokB 12 | OQQTAQIAIwUCVYHfVgIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEHrr 13 | voJh6IBsRd0H/A62i5CqfftuySOCE95xMxZRw8+voWO84QS9zYvDEnzcEQpNnHyo 14 | FNZTpKOghIDtETWxzpY2ThLixcZOTubT+6hUL1n+cuLDVMu4OVXBPoUkRy56defc 15 | qkWR+UVwQitmlq1ngzwmqVZaB8Hf/mFZiB3B3Jr4dvVgWXRv58jcXFOPb8DdUoAc 16 | S3u/FLvri92lCaXu08p8YSpFOfT5T55kFICeneqETNYS2E3iKLipHFOLh7EWGM5b 17 | Wsr7o0r+KltI4Ehy/TjvNX16fa/t9p5pUs8rKyG8SZndxJCsk0MW55G9HFvQ0FmP 18 | A6vX9WQmbP+ml7jsUxtEJ6MOGJ39jmaUvPc= 19 | =ZzP+ 20 | -----END PGP PUBLIC KEY BLOCK----- 21 | -------------------------------------------------------------------------------- /files/gpg/764429E6: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v2.0.22 (GNU/Linux) 3 | 4 | mQENBFVWcCcBCACfm3eQ0526/I0/p7HpR0NjK7K307XHhnbcbZv1sDUjQABDaqh0 5 | N4gnZcovf+3fj6pcdOmeOpGI0cKE7Fh68RbEIqyjB7l7+j1grjewR0oCFFZ38KGm 6 | j+DWQrj1IJW7JU5fH/G0Cu66ix+dJPcuTB3PJTqXN3ce+4TuG09D+epgwfbHlqaT 7 | pH2qHCu2uiGj/AaRSM/ZZzcInMaeleHSB+NChvaQ0W/m+kK5d/20d7sfkaTfI/pY 8 | SrodCfVTYxfKAd0TLW03kimHs5/Rdz+iZWecVKv6aFxzaywbrOjmOsy2q0kEWIwX 9 | MTZrq6cBRRuWyiXsI2zT2YHQ4UK44IxINiaJABEBAAG0WkNlbnRPUyBDbG91ZCBT 10 | SUcgKGh0dHA6Ly93aWtpLmNlbnRvcy5vcmcvU3BlY2lhbEludGVyZXN0R3JvdXAv 11 | Q2xvdWQpIDxzZWN1cml0eUBjZW50b3Mub3JnPokBOQQTAQIAIwUCVVZwJwIbAwcL 12 | CQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEPm5/ud2RCnmATUH/3HDtWxpFkmy 13 | FiA3VGkMt5dp3bgCRSd84X6Orfx1LARowpI4LomCGglGBGXVJePBacwcclorbLaz 14 | uWrW/wU0efz0aDB5c4NPg/yXfNvujvlda8ADJwZXVBQphzvaIKwl4PqBsEnxC10I 15 | 93T/0iyphAhfMRJ5R8AbEHMj7uF+TWTX/JoyQagllMqWTwoP4DFRutPdOmmjwvSV 16 | kWItH7hq6z9+M4dhlqeoOvPbL5oCxX7TVmLck02Q5gI4syULOa7sqntzUQKFkhWp 17 | 9U0+5KrBQBKezrurrrkq/WZR3WNE1KQfNQ77f7S2JcXJdOaKgJ7xe7Y2flPq98Aq 18 | wKXK7l1c3dc= 19 | =W6yF 20 | -----END PGP PUBLIC KEY BLOCK----- 21 | -------------------------------------------------------------------------------- /files/gpg/EC4926EA: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBFAqSlgBEADPKwXUwqbgoDYgR20zFypxSZlSbrttOKVPEMb0HSUx9Wj8VvNC 4 | r+mT4E9wAyq7NTIs5ad2cUhXoyenrjcfGqK6k9R6yRHDbvAxCSWTnJjw7mzsajDN 5 | ocXC6THKVW8BSjrh0aOBLpht6d5QCO2vyWxw65FKM65GOsbX03ZngUPMuOuiOEHQ 6 | Zo97VSH2pSB+L+B3d9B0nw3QnU8qZMne+nVWYLYRXhCIxSv1/h39SXzHRgJoRUFH 7 | vL2aiiVrn88NjqfDW15HFhVJcGOFuACZnRA0/EqTq0qNo3GziQO4mxuZi3bTVL5s 8 | GABiYW9uIlokPqcS7Fa0FRVIU9R+bBdHZompcYnKAeGag+uRvuTqC3MMRcLUS9Oi 9 | /P9I8fPARXUPwzYN3fagCGB8ffYVqMunnFs0L6td08BgvWwer+Buu4fPGsQ5OzMc 10 | lgZ0TJmXyOlIW49lc1UXnORp4sm7HS6okA7P6URbqyGbaplSsNUVTgVbi+vc8/jY 11 | dfExt/3HxVqgrPlq9htqYgwhYvGIbBAxmeFQD8Ak/ShSiWb1FdQ+f7Lty+4mZLfN 12 | 8x4zPZ//7fD5d/PETPh9P0msF+lLFlP564+1j75wx+skFO4v1gGlBcDaeipkFzeo 13 | zndAgpegydKSNTF4QK9iTYobTIwsYfGuS8rV21zE2saLM0CE3T90aHYB/wARAQAB 14 | tD1DYW5vbmljYWwgQ2xvdWQgQXJjaGl2ZSBTaWduaW5nIEtleSA8ZnRwbWFzdGVy 15 | QGNhbm9uaWNhbC5jb20+iQI3BBMBCAAhBQJQKkpYAhsDBQsJCAcDBRUKCQgLBRYC 16 | AwEAAh4BAheAAAoJEF7bG2LsSSbqKxkQAIKtgImrk02YCDldg6tLt3b69ZK0kIVI 17 | 3Xso/zCBZbrYFmgGQEFHAa58mIgpv5GcgHHxWjpX3n4tu2RM9EneKvFjFBstTTgo 18 | yuCgFr7iblvs/aMW4jFJAiIbmjjXWVc0CVB/JlLqzBJ/MlHdR9OWmojN9ZzoIA+i 19 | +tWlypgUot8iIxkR6JENxit5v9dN8i6anmnWybQ6PXFMuNi6GzQ0JgZIVs37n0ks 20 | 2wh0N8hBjAKuUgqu4MPMwvNtz8FxEzyKwLNSMnjLAhzml/oje/Nj1GBB8roj5dmw 21 | 7PSul5pAqQ5KTaXzl6gJN5vMEZzO4tEoGtRpA0/GTSXIlcx/SGkUK5+lqdQIMdyS 22 | n8bImU6V6rDSoOaI9YWHZtpv5WeUsNTdf68jZsFCRD+2+NEmIqBVm11yhmUoasC6 23 | dYw5l9P/PBdwmFm6NBUSEwxb+ROfpL1ICaZk9Jy++6akxhY//+cYEPLin02r43Z3 24 | o5Piqujrs1R2Hs7kX84gL5SlBzTM4Ed+ob7KVtQHTefpbO35bQllkPNqfBsC8AIC 25 | 8xvTP2S8FicYOPATEuiRWs7Kn31TWC2iwswRKEKVRmN0fdpu/UPdMikyoNu9szBZ 26 | RxvkRAezh3WheJ6MW6Fmg9d+uTFJohZt5qHdpxYa4beuN4me8LF0TYzgfEbFT6b9 27 | D6IyTFoT0Leq 28 | =h9Vs 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /files/gpg/FEE4EECB: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBF3QL7wBEAC0HwatykCC6Yldv2Pn+GRIed/qtzYJNIUjapD+U96nO1SW/RCs 4 | 5/SoJ87BWj/HjjwH9VW+WzCxBQDbXtzDpAIuZMovALZ7Q/XvgrQGk+3oIlVzjDK1 5 | x8CH+Ers/aTFCZPBQyCcWOl4btombnpmOgyY5fMBz4X2mtxnxNqyF2zjVxZ8pgFP 6 | tGpDaF5RhQasdOHgfx5VEVYCAk0IHxuAgkFd93GDvg5TY6/BgHnEnQR0iORCBTaM 7 | AQHY3cr5M7r4DYIKl+Sk4B8C++jVIY9L3pyeJmIhSzToweNNNPJTExLNIBBDZWEq 8 | Qv/WCZRtudxI8G95bdCiaUSm+ieJIMGhMFM5NKXincNzS7Pm7xD/rgANPYtuxrhR 9 | Qd8S8NXD/fGWQwJB9o8jjE6TPwrX3zymyHAECxiY33Vwmgghyg27KwQ1dFCxBlH6 10 | tRqjIly1lZVPd4EDJkuKbowN59b2230aLhAwi7r+DXUn9DSHRm/8s/gagy1XewW3 11 | ZHA2aWZITrkGnXGOJRtbUhwcrwaLUnRx7zm4T12Mtky7jHphNXGTBaMW4/EnAtEj 12 | MlKoECuNUjJml7km2pzOHRoNF+UpLK2bytflRl++qeDG2BEEC3SIZzIy2qPB68wl 13 | cjdAPE1rRHJKZ4WsBoHfemXgy86YbWMRCvdL7W/uTlNJnzABAQO1Gbv36wARAQAB 14 | tClBdXRvZ2VuZXJhdGVkIGtleSA8cm9vdEBvc2Jwby5kZWJpYW4ubmV0PokCTgQT 15 | AQgAOBYhBA+46N0ZSY/skLJeXlYFarL+5O7LBQJd0C+8AhsvBQsJCAcDBRUKCQgL 16 | BRYCAwEAAh4BAheAAAoJEFYFarL+5O7LcP0P/1oEbCtuMjO3nraOpUoYaS81hHwa 17 | FSpAOoOMaR0a1ZRl3T83nDlYsPEU9oWpd8HiRbJelc3ZjXODU9XzmgXdhuGK3vZd 18 | jJmYKmSJ/Dr7d+PCTO1ZmvOgVXyYJcJlIw+6WHg+/dtFC6uhiJKSYS71BudjFqLB 19 | mcJ4vwe2ttRF5HG3XiUlfi5bVDYt/9vANA+h966leiXE0zFx89eWuGl8kxhJ8YI1 20 | yv2WybskbTQAnOzWij3qeoF9OhKeXjWANalu0PTgal5zFL1Ar9n+JQlZVRXnYOx8 21 | u4FVyt4NvUy4T7RhQeL8UsXBlVwH694+L9Y7T8p0jV4vZ7UvCR5zY+uGFSo6b7V1 22 | DDn6uIaHaFt0DdndjQxhgP2kHyNB3f9tQrbVYxNR6XpsA5qHZVysSOqDGFE2V47H 23 | 4EiH0cyMJkAHQzGgPJa9DiMgNKI1luRkBgVsr79BbgoeOlKqpJ3bI2ViiTO/xDEr 24 | mNVraGOCBYMTXYzR5xIQU9ob3ksD0ZX7jaeRdJpucbnWfHs0iZF/uC1H9Xl/LXbi 25 | EMPRlhLlBsafsAb3xfiv8Uo7ULJ3Mc7bPiRtUO5nx1kS30m3yJlGv8dAYISn84h3 26 | ts8N/5toE4NMsxqp47LX059LLaI2Fo2J7B+mhaYSVrgr2YNPRUu/62amB0AAZ44O 27 | QxSClHlCzZqFu0KT 28 | =kjjV 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /filter_plugins/osa-filter.py: -------------------------------------------------------------------------------- 1 | def bit_length_power_of_2(value): 2 | """Return the smallest power of 2 greater than a numeric value. 3 | :param value: Number to find the smallest power of 2 4 | :type value: ``int`` 5 | :returns: ``int`` 6 | """ 7 | return 2**(int(value) - 1).bit_length() 8 | 9 | 10 | class FilterModule(object): 11 | """Ansible jinja2 filters.""" 12 | 13 | @staticmethod 14 | def filters(): 15 | return { 16 | 'bit_length_power_of_2': bit_length_power_of_2 17 | } 18 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Restart sysstat 17 | ansible.builtin.service: 18 | name: "sysstat" 19 | state: "restarted" 20 | enabled: "yes" 21 | 22 | - name: Restart systemd-journald 23 | ansible.builtin.service: 24 | name: systemd-journald 25 | state: restarted 26 | enabled: true 27 | register: _restart 28 | until: _restart is success 29 | retries: 5 30 | delay: 2 31 | 32 | - name: Systemd daemon reload 33 | ansible.builtin.systemd: 34 | daemon_reload: true 35 | -------------------------------------------------------------------------------- /manual-test.rc: -------------------------------------------------------------------------------- 1 | export VIRTUAL_ENV=$(pwd) 2 | export ANSIBLE_HOST_KEY_CHECKING=False 3 | export ANSIBLE_SSH_CONTROL_PATH=/tmp/%%h-%%r 4 | 5 | # TODO (odyssey4me) These are only here as they are non-standard folder 6 | # names for Ansible 1.9.x. We are using the standard folder names for 7 | # Ansible v2.x. We can remove this when we move to Ansible 2.x. 8 | export ANSIBLE_ACTION_PLUGINS=${HOME}/.ansible/plugins/action 9 | export ANSIBLE_CALLBACK_PLUGINS=${HOME}/.ansible/plugins/callback 10 | export ANSIBLE_FILTER_PLUGINS=${HOME}/.ansible/plugins/filter 11 | export ANSIBLE_LOOKUP_PLUGINS=${HOME}/.ansible/plugins/lookup 12 | 13 | # This is required as the default is the current path or a path specified 14 | # in ansible.cfg 15 | export ANSIBLE_LIBRARY=${HOME}/.ansible/plugins/library 16 | 17 | # This is required as the default is '/etc/ansible/roles' or a path 18 | # specified in ansible.cfg 19 | export ANSIBLE_ROLES_PATH=${HOME}/.ansible/roles:$(pwd)/.. 20 | 21 | export ANSIBLE_SSH_ARGS="-o ControlMaster=no \ 22 | -o UserKnownHostsFile=/dev/null \ 23 | -o StrictHostKeyChecking=no \ 24 | -o ServerAliveInterval=64 \ 25 | -o ServerAliveCountMax=1024 \ 26 | -o Compression=no \ 27 | -o TCPKeepAlive=yes \ 28 | -o VerifyHostKeyDNS=no \ 29 | -o ForwardX11=no \ 30 | -o ForwardAgent=yes" 31 | 32 | echo "Run manual functional tests by executing the following:" 33 | echo "# ./.tox/functional/bin/ansible-playbook -i tests/inventory tests/test.yml" 34 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | galaxy_info: 17 | author: rcbops 18 | description: Base host setup for a OpenStack Private Cloud host 19 | company: Rackspace 20 | license: Apache2 21 | role_name: openstack_hosts 22 | namespace: openstack 23 | min_ansible_version: "2.10" 24 | platforms: 25 | - name: Debian 26 | versions: 27 | - bullseye 28 | - name: Ubuntu 29 | versions: 30 | - jammy 31 | - name: EL 32 | versions: 33 | - "9" 34 | galaxy_tags: 35 | - cloud 36 | - host 37 | - development 38 | - openstack 39 | dependencies: 40 | - role: apt_package_pinning 41 | apt_pinned_packages: "{{ openstack_hosts_apt_pinned_packages }}" 42 | apt_package_pinning_file_name: "openstack_hosts_pin.pref" 43 | when: 44 | - ansible_facts['pkg_mgr'] == 'apt' 45 | -------------------------------------------------------------------------------- /meta/openstack-ansible.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # (c) 2017, Jean-Philippe Evrard 17 | 18 | maturity_info: 19 | status: complete 20 | created_during: mitaka 21 | -------------------------------------------------------------------------------- /releasenotes/notes/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-ansible-openstack_hosts/6dec5c274590c574c2699f28b06089f050bc5769/releasenotes/notes/.placeholder -------------------------------------------------------------------------------- /releasenotes/notes/RFC1034-5_hostname-1ee18e06e8f57853.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The option ``openstack_domain`` has been added to the 4 | **openstack_hosts** role. This option is used to setup 5 | proper hostname entries for all hosts within a given 6 | OpenStack deployment. 7 | - The **openstack_hosts** role will setup an RFC1034/5 8 | hostname and create an alias for all hosts in inventory. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/ability-to-add-extra-package-manager-configuration-815b7959870479e7.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Implemented ``openstack_hosts_package_manager_extra_conf`` variable. 5 | It allows to add extra content into package manager's configuration 6 | (works with apt,yum and dnf). 7 | -------------------------------------------------------------------------------- /releasenotes/notes/apt_repo-097cb34c12e60207.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Variable `uca_repo` has been removed. Deployers are appreciated to use 5 | `user_external_repos_list` instead if they want to define extra repository 6 | Variable `uca_apt_repo_url` was renamed to `apt_repo_url` in order 7 | to correspond it's usage as it also affect Debian deployments now. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/blockinfile_hosts_file-0959a64a030c8888.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Generation of records for `/etc/hosts` is now made with blockinfile 5 | ansible module. During upgrade you will have records doubled in yours 6 | `/etc/hosts` as we don't drop previously created records for safety 7 | reasons if `openstack_host_manage_hosts_file` is set to true. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/centos-minimum-8-3-cd80894c463ed00f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | In order to accomodate Centos-8 Stream support, it is necessary require 5 | the minimum version of Centos-8 Classic to be 8.3. There are breaking 6 | changes between Stream and Classic versions prior to 8.3 which break 7 | ansible code that detects major/minor versions of Centos. Before 8 | upgrading to Wallaby, deployers should ensure that their Centos hosts 9 | are updated to 8.3. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/centos-mirror-url-7698160e63aedce6.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | A new variable ``centos_mirror_url`` is introduced to the openstack_hosts 5 | role to allow a single deployment wide variable to control the location 6 | of the centos package mirror. 7 | upgrade: 8 | - | 9 | Existing use of the variable ``openstack_hosts_centos_mirror_url`` will 10 | continue to work as in previous releases, but the new variable 11 | ``centos_mirror_url`` can be used to define the mirror location for the 12 | whole deployment. 13 | -------------------------------------------------------------------------------- /releasenotes/notes/centos-mirror-url-variable-c072a6ab21054093.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Deployers can set ``openstack_hosts_centos_mirror_url`` to use their 5 | preferred mirror for the RDO repositories. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/configurable-conntrack-max-44e3d1af4921bdf0.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Deployers can set ``openstack_host_nf_conntrack_max`` to control the 5 | maximum size of the netfilter connection tracking table. The default of 6 | ``262144`` should be increased if virtual machines will be handling large 7 | amounts of concurrent connections. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/custom_hosts_records-06236cf62a238fc2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Added variable ``openstack_host_custom_hosts_records`` that allows 5 | deployer to add custom records to /etc/hosts file. It's structure 6 | a simple list where each element is a string wich should be placed 7 | to /etc/hosts. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/deploy-hosts-file-657a385568f3df9c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | In deployments where a separate host is used to manage the OpenStack 5 | Ansible configuration, the '/etc/hosts' file on that host will now include 6 | a section adding hostname to IP resolution for all hosts in the inventory. 7 | This can be enabled/disabled via 'openstack_host_manage_deploy_hosts_file'. 8 | issues: 9 | - | 10 | Where a single OSA deploy host is used to manage multiple deployments, some 11 | delegated Ansible tasks are performed using hostnames rather than IP 12 | addresses due to Ansible issue 72776. Hostnames such as 'infra1' will be 13 | ambiguous, so use of separate hosts for each deployment is recommended. 14 | -------------------------------------------------------------------------------- /releasenotes/notes/deprecate-openstack-host-apt-packages-b4d7af53d55d980d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - The ``openstack_host_apt_packages`` variable has been deprecated. 4 | ``openstack_host_packages`` should be used instead to override 5 | packages required to install on all OpenStack hosts. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/do_not_add_localhost_to_hosts-36e365b95dc9da42.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | After adding ``localhost`` to inventory explicitly this resulted in potential 5 | FQDN change due to adding a record for localhost into managed block inside 6 | ``/etc/hosts`` file. 7 | This is now fixed and record for ``127.0.0.1`` will be removed from managed 8 | by Ansible blocks inside /etc/hosts file. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/ensure-security-groups-always-applied-eb6e3bdc7b77f022.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | security: 3 | - | 4 | The ``net.bridge.bridge-nf-call-*`` kernel parameters were set to ``0`` 5 | in previous releases to improve performance and it was left up to neutron 6 | to adjust these parameters when security groups are applied. This could 7 | cause situations where bridge traffic was not sent through iptables and 8 | this rendered security groups ineffective. This could allow unexpected 9 | ingress and egress traffic within the cloud. 10 | 11 | These kernel parameters are now set to ``1`` on all hosts by the 12 | ``openstack_hosts`` role, which ensures that bridge traffic is always 13 | sent through iptables. 14 | -------------------------------------------------------------------------------- /releasenotes/notes/fastestmirror-configurable-08e075f8602164e5.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Deployers of CentOS 7 environments can use the 5 | ``openstack_hosts_enable_yum_fastestmirror`` variable to enable or disable 6 | yum's fastestmirror plugin. The default setting of ``yes`` ensures that 7 | fastestmirror is enabled. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/focal_distro_install-921cc6052ae69b27.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | issues: 3 | - | 4 | Ubuntu Cloud Archive (UCA) does not contain Ubuntu Bionic distro packages 5 | for Victoria, so only source install/upgrade path (default) will work 6 | correctly for Ubuntu 18.04. 7 | upgrade: 8 | - | 9 | Deployments which follows distro path (services are installed from distro 10 | packages rather then in virtualenvs) should upgrade Ubuntu 18.04 -> 20.04 11 | before performing OpenStack Ussuri -> Victoria upgrade, since Ubuntu Cloud 12 | Archive does not provide Victoria system packages for 18.04. 13 | -------------------------------------------------------------------------------- /releasenotes/notes/global-apt-pins-a0d6785a8fd662df.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | A new variable `openstack_hosts_apt_pinned_packages` is added which allows 5 | deployment wide apt pins to be defined in user_variables. The variable defaults 6 | to pinning the UCA repository to a priority lower than the Ubuntu repositories for 7 | any binary packages generated from the ceph source package. The intention is to 8 | ensure that Ceph packages are always installed from the Ubuntu repositories, or 9 | alternatively the official ceph repositories if the ceph_client role is run later 10 | against a host. The ceph packages for a particular openstack release may not be the 11 | same version as those expected by the rest of openstack-ansible so this change ensures 12 | consistency in the deployed ceph version. 13 | upgrade: 14 | - | 15 | The new variable `openstack_hosts_apt_pinned_packages` is added to the openstack_hosts 16 | ansible role and sets the value of `apt_pinned_packages` for the apt_package_pinning 17 | role run as a dependancy of the openstack_hosts role. Existing use of the 18 | `apt_pinned_packages` variable by deployers in user_variables should be reviewed 19 | to ensure that those pins are applied by the intended ansible roles, and swapped 20 | to this new variable if necessary. 21 | -------------------------------------------------------------------------------- /releasenotes/notes/journald_config-e3b0e5060dd5f6e7.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Added variable ``openstack_host_journald_config`` that allows to supply 5 | arbitrary configuration for systemd-journald as a mapping. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/openstack-release-file-changes-ef4b28d46378fd7a.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The copy of the ``/etc/openstack-release`` file is now optional. 4 | To disable the copy of the file, set ``openstack_distrib_file`` 5 | to ``no``. 6 | - The location of the ``/etc/openstack-release`` file placement 7 | can now be changed. Set the variable ``openstack_distrib_file_path`` 8 | to place it in a different path. 9 | upgrade: 10 | - | 11 | The variables used to produce the ``/etc/openstack-release`` file 12 | have been changed in order to improve consistency in the name 13 | spacing according to their purpose. 14 | 15 | ``openstack_code_name`` --> ``openstack_distrib_code_name`` 16 | ``openstack_release`` --> ``openstack_distrib_release`` 17 | 18 | Note that the value for ``openstack_distrib_release`` will 19 | be taken from the variable ``openstack_release`` if it is set. 20 | -------------------------------------------------------------------------------- /releasenotes/notes/openstack_hosts_systemd-4f47056a732820bd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prelude: > 3 | It is now possible to create and manage third-party services, 4 | mount points and networks on hosts managed by OpenStack-Ansible. 5 | This also inlcudes networks, that are required for OpenStack-Ansible 6 | installation, like br-mgmt or br-storage. 7 | In order to configure specific resources on selected set of hosts, 8 | usage of group_vars or host_vars is appreciated. 9 | features: 10 | - | 11 | Added new varaibles that allow users to configure extra systemd 12 | services, networks or mounts on openstack hosts. While services and 13 | mounts can be configured on any targeted hosts, networks will be created 14 | only on bare metal nodes. In order to configure extra networks in 15 | containers please reffer to ``openstack_user_config.yml`` documentation. 16 | A list of new variables that were added: 17 | 18 | * openstack_hosts_systemd_mounts 19 | * openstack_hosts_systemd_networkd_devices 20 | * openstack_hosts_systemd_networkd_networks 21 | * openstack_hosts_systemd_networkd_prefix 22 | * openstack_hosts_systemd_services 23 | * openstack_hosts_systemd_slice 24 | -------------------------------------------------------------------------------- /releasenotes/notes/package-list-name-changes-fdf9c6573bfa1083.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - The variable ``openstack_host_apt_packages`` has been renamed to 4 | ``openstack_host_distro_packages``. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/package-state-b41a0e911ad95d1c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The openstack_hosts role now supports the ability to configure whether 4 | apt/yum tasks install the latest available package, or just ensure 5 | that the package is present. The default action is to ensure that 6 | the latest package is present. The action taken may be changed to 7 | only ensure that the package is present by setting 8 | ``openstack_hosts_package_state`` to ``present``. 9 | upgrade: 10 | - The openstack_hosts role always checks whether the latest package is 11 | installed when executed. If a deployer wishes to change the check to 12 | only validate the presence of the package, the option 13 | ``openstack_hosts_package_state`` should be set to ``present``. 14 | -------------------------------------------------------------------------------- /releasenotes/notes/path-customization-e7e0ae0f93e5283b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The PATH environment variable that is configured on the remote system can 4 | now be set using the ``openstack_host_environment_path`` list variable. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/persistend-systemd-journals-c1874b52ad666744.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Persistent systemd journals are now enabled. This allows deployers to keep 5 | older systemd journals on disk for review. The disk space requirements are 6 | extremely low since the journals are stored in binary format. The default 7 | location for persistent journals is in ``/var/log/journal``. 8 | 9 | Deployers can opt out of this change by setting 10 | ``openstack_host_keep_journals`` to ``no``. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-lvm-config-from-openstack-hosts-efb7d0b3a22d49df.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | The LVM configuration tasks and ``lvm.conf`` template have been removed 5 | from the ``openstack_hosts`` role since they are no longer needed. All of 6 | the LVM configuration is properly handled in the ``os_cinder`` role. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-proxy-no-cache-9b514030c87e7d1b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - | 4 | Code which added 'Acquire::http:No-Cache true' to the host and container 5 | apt preferences when http proxy environment variables were set has been 6 | removed. This setting is only required when working around issues 7 | introduced by badly configured http proxies. In some cases proxies can 8 | improperly cache the apt Releases and Packages files leading to package 9 | installation errors. If a deployment is behind a badly configured proxy, 10 | the deployer can add the necessary apt config fragment as part of host 11 | provisioning. OSA will replicate that config into any containers that 12 | are created. This setting can be removed from existing deployments if 13 | required by manually deleting the file 14 | ``/etc/apt/apt.conf.d/00apt-no-cache`` from all host and containers. 15 | -------------------------------------------------------------------------------- /releasenotes/notes/requests_ca_bundle-1a678a22b3375976.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | New variable ``openstack_ca_bundle_path`` has been added which defines 5 | the path to the ca-bundle certificate which contains all system-trusted CA 6 | and will be used by the Python Requests module. 7 | - | 8 | Added variable ``openstack_systemd_global_overrides`` that defines 9 | some defaults for all systemd services. It will be deployed to all hosts 10 | and containers, but can be controlled with group_vars or host_vars as well 11 | if needed. 12 | deprecations: 13 | - | 14 | Since certificates and CA distribution are now handled with PKI role, 15 | variable ``openstack_host_ca_location`` has been deprecated and removed. 16 | -------------------------------------------------------------------------------- /releasenotes/notes/specific_kernel_modules_with_group_vars-8d169f564ffd450c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | If you have overridden your 5 | ``openstack_host_specific_kernel_modules``, please 6 | remove its group matching, and move that override 7 | directly to the appropriate group. 8 | 9 | Example, for an override like: 10 | 11 | .. code-block:: yaml 12 | 13 | - name: "ebtables" 14 | pattern: "CONFIG_BRIDGE_NF_EBTABLES" 15 | group: "network_hosts" 16 | 17 | You can create a file for the network_host group, 18 | inside its group vars folder 19 | ``/etc/openstack_deploy/group_vars/network_hosts``, 20 | with the content: 21 | 22 | .. code-block:: yaml 23 | 24 | - name: "ebtables" 25 | pattern: "CONFIG_BRIDGE_NF_EBTABLES" 26 | -------------------------------------------------------------------------------- /releasenotes/notes/static_uca_filename-849a6f491acae9c5.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Any user that is coming from Pike or below on Ubuntu should modify 5 | its ``user_external_repos_list``, switching its ubuntu cloud archive 6 | repository from ``state: present`` to ``state: absent``. 7 | From now on, UCA will be defined with the filename ``uca``. If the deployer 8 | wants to use its mirror, he can still override the variable ``uca_repo`` 9 | to point to its mirror. Alternatively, the deployer can completely define 10 | which repos to add and remove, ignoring our defaults, by overriding 11 | ``openstack_hosts_package_repos``. 12 | -------------------------------------------------------------------------------- /releasenotes/notes/sysstat-centos-opensuse-running-0be396c60a513562.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | The ``sysstat`` package was installed on all distributions, but it was 5 | only configured to run on Ubuntu and OpenSUSE. It would not run on CentOS 6 | due to bad SELinux contexts and file permissions on 7 | ``/etc/cron.d/sysstat``. This has been fixed and ``sysstat`` now runs 8 | properly on CentOS. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/tcp_retries-bf32bab6e50fa97a.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Added variable ``keepalived_sysctl_tcp_retries`` that allows to control 5 | number of retries kernel will make to give up on connection. It controls 6 | net.ipv4.tcp_retries2 sysctl setting which default value of which is 15. 7 | Default value of ``keepalived_sysctl_tcp_retries`` is 8, so VIP failover 8 | time will be ~1min. Setting ``keepalived_sysctl_tcp_retries`` to 0 will 9 | remove mentioned sysctl setting. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/use-pip-distro-packages-2505f6e630a94850.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Supported openSUSE and Ubuntu hosts ship with new enough pip, 5 | setuptools, virtualenv and wheel packages which are now being 6 | used in favor of the PIP ones. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/user-ca-certificates-b1be1257809ba5e8.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Deployers may require custom CA certificates installing on their openstack 5 | hosts or service containers. A new variable openstack_host_ca_certificates 6 | is added which is a list of certificates that should be copied from the 7 | deploy host to the target hosts. Certificates may be selectively deployed 8 | by defining the variable either in user_variables.yml or via host/group vars. 9 | -------------------------------------------------------------------------------- /releasenotes/source/_static/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-ansible-openstack_hosts/6dec5c274590c574c2699f28b06089f050bc5769/releasenotes/source/_static/.placeholder -------------------------------------------------------------------------------- /releasenotes/source/_templates/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-ansible-openstack_hosts/6dec5c274590c574c2699f28b06089f050bc5769/releasenotes/source/_templates/.placeholder -------------------------------------------------------------------------------- /releasenotes/source/conf.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | # implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # This file is execfile()d with the current directory set to its 17 | # containing dir. 18 | # 19 | # Note that not all possible configuration values are present in this 20 | # autogenerated file. 21 | # 22 | # All configuration values have a default; values that are commented out 23 | # serve to show the default. 24 | 25 | # If extensions (or modules to document with autodoc) are in another directory, 26 | # add these directories to sys.path here. If the directory is relative to the 27 | # documentation root, use os.path.abspath to make it absolute, like shown here. 28 | # sys.path.insert(0, os.path.abspath('.')) 29 | 30 | # -- General configuration ------------------------------------------------ 31 | 32 | # If your documentation needs a minimal Sphinx version, state it here. 33 | # needs_sphinx = '1.0' 34 | 35 | # Add any Sphinx extension module names here, as strings. They can be 36 | # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom 37 | # ones. 38 | extensions = [ 39 | 'openstackdocstheme', 40 | 'reno.sphinxext', 41 | ] 42 | 43 | # Add any paths that contain templates here, relative to this directory. 44 | templates_path = ['_templates'] 45 | 46 | # The suffix of source filenames. 47 | source_suffix = '.rst' 48 | 49 | # The encoding of source files. 50 | # source_encoding = 'utf-8-sig' 51 | 52 | # The master toctree document. 53 | master_doc = 'index' 54 | 55 | # General information about the project. 56 | author = 'OpenStack-Ansible Contributors' 57 | category = 'Miscellaneous' 58 | copyright = '2014-2016, OpenStack-Ansible Contributors' 59 | description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.' 60 | project = 'OpenStack-Ansible' 61 | role_name = 'openstack_hosts' 62 | target_name = 'openstack-ansible-' + role_name 63 | title = 'OpenStack-Ansible Release Notes: ' + role_name + 'role' 64 | 65 | # Release notes do not need a version number in the title, they 66 | # cover multiple releases. 67 | # The full version, including alpha/beta/rc tags. 68 | release = '' 69 | # The short X.Y version. 70 | version = '' 71 | 72 | # openstackdocstheme options 73 | openstackdocs_repo_name = 'openstack/' + target_name 74 | openstackdocs_bug_project = project.lower() 75 | openstackdocs_bug_tag = '' 76 | 77 | # The language for content autogenerated by Sphinx. Refer to documentation 78 | # for a list of supported languages. 79 | # language = None 80 | 81 | # There are two options for replacing |today|: either, you set today to some 82 | # non-false value, then it is used: 83 | # today = '' 84 | # Else, today_fmt is used as the format for a strftime call. 85 | # today_fmt = '%B %d, %Y' 86 | 87 | # List of patterns, relative to source directory, that match files and 88 | # directories to ignore when looking for source files. 89 | exclude_patterns = [] 90 | 91 | # The reST default role (used for this markup: `text`) to use for all 92 | # documents. 93 | # default_role = None 94 | 95 | # If true, '()' will be appended to :func: etc. cross-reference text. 96 | # add_function_parentheses = True 97 | 98 | # If true, the current module name will be prepended to all description 99 | # unit titles (such as .. function::). 100 | # add_module_names = True 101 | 102 | # If true, sectionauthor and moduleauthor directives will be shown in the 103 | # output. They are ignored by default. 104 | # show_authors = False 105 | 106 | # The name of the Pygments (syntax highlighting) style to use. 107 | pygments_style = 'native' 108 | 109 | # A list of ignored prefixes for module index sorting. 110 | # modindex_common_prefix = [] 111 | 112 | # If true, keep warnings as "system message" paragraphs in the built documents. 113 | # keep_warnings = False 114 | 115 | 116 | # -- Options for HTML output ---------------------------------------------- 117 | 118 | # The theme to use for HTML and HTML Help pages. See the documentation for 119 | # a list of builtin themes. 120 | html_theme = 'openstackdocs' 121 | 122 | # Theme options are theme-specific and customize the look and feel of a theme 123 | # further. For a list of options available for each theme, see the 124 | # documentation. 125 | # html_theme_options = {} 126 | 127 | # Add any paths that contain custom themes here, relative to this directory. 128 | # html_theme_path = [] 129 | 130 | # The name for this set of Sphinx documents. If None, it defaults to 131 | # " v documentation". 132 | # html_title = None 133 | 134 | # A shorter title for the navigation bar. Default is the same as html_title. 135 | # html_short_title = None 136 | 137 | # The name of an image file (relative to this directory) to place at the top 138 | # of the sidebar. 139 | # html_logo = None 140 | 141 | # The name of an image file (within the static path) to use as favicon of the 142 | # docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 143 | # pixels large. 144 | # html_favicon = None 145 | 146 | # Add any paths that contain custom static files (such as style sheets) here, 147 | # relative to this directory. They are copied after the builtin static files, 148 | # so a file named "default.css" will overwrite the builtin "default.css". 149 | html_static_path = ['_static'] 150 | 151 | # Add any extra paths that contain custom files (such as robots.txt or 152 | # .htaccess) here, relative to this directory. These files are copied 153 | # directly to the root of the documentation. 154 | # html_extra_path = [] 155 | 156 | # If true, SmartyPants will be used to convert quotes and dashes to 157 | # typographically correct entities. 158 | # html_use_smartypants = True 159 | 160 | # Custom sidebar templates, maps document names to template names. 161 | # html_sidebars = {} 162 | 163 | # Additional templates that should be rendered to pages, maps page names to 164 | # template names. 165 | # html_additional_pages = {} 166 | 167 | # If false, no module index is generated. 168 | # html_domain_indices = True 169 | 170 | # If false, no index is generated. 171 | # html_use_index = True 172 | 173 | # If true, the index is split into individual pages for each letter. 174 | # html_split_index = False 175 | 176 | # If true, links to the reST sources are added to the pages. 177 | # html_show_sourcelink = True 178 | 179 | # If true, "Created using Sphinx" is shown in the HTML footer. Default is True. 180 | # html_show_sphinx = True 181 | 182 | # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. 183 | # html_show_copyright = True 184 | 185 | # If true, an OpenSearch description file will be output, and all pages will 186 | # contain a tag referring to it. The value of this option must be the 187 | # base URL from which the finished HTML is served. 188 | # html_use_opensearch = '' 189 | 190 | # This is the file name suffix for HTML files (e.g. ".xhtml"). 191 | # html_file_suffix = None 192 | 193 | # Output file base name for HTML help builder. 194 | htmlhelp_basename = target_name + '-docs' 195 | 196 | 197 | # -- Options for LaTeX output --------------------------------------------- 198 | 199 | latex_elements = { 200 | # The paper size ('letterpaper' or 'a4paper'). 201 | # 'papersize': 'letterpaper', 202 | 203 | # The font size ('10pt', '11pt' or '12pt'). 204 | # 'pointsize': '10pt', 205 | 206 | # Additional stuff for the LaTeX preamble. 207 | # 'preamble': '', 208 | } 209 | 210 | # Grouping the document tree into LaTeX files. List of tuples 211 | # (source start file, target name, title, 212 | # author, documentclass [howto, manual, or own class]). 213 | latex_documents = [ 214 | (master_doc, target_name + '.tex', 215 | title, author, 'manual'), 216 | ] 217 | 218 | # The name of an image file (relative to this directory) to place at the top of 219 | # the title page. 220 | # latex_logo = None 221 | 222 | # For "manual" documents, if this is true, then toplevel headings are parts, 223 | # not chapters. 224 | # latex_use_parts = False 225 | 226 | # If true, show page references after internal links. 227 | # latex_show_pagerefs = False 228 | 229 | # If true, show URL addresses after external links. 230 | # latex_show_urls = False 231 | 232 | # Documents to append as an appendix to all manuals. 233 | # latex_appendices = [] 234 | 235 | # If false, no module index is generated. 236 | # latex_domain_indices = True 237 | 238 | 239 | # -- Options for manual page output --------------------------------------- 240 | 241 | # One entry per manual page. List of tuples 242 | # (source start file, name, description, authors, manual section). 243 | man_pages = [ 244 | (master_doc, target_name, 245 | title, [author], 1) 246 | ] 247 | 248 | # If true, show URL addresses after external links. 249 | # man_show_urls = False 250 | 251 | 252 | # -- Options for Texinfo output ------------------------------------------- 253 | 254 | # Grouping the document tree into Texinfo files. List of tuples 255 | # (source start file, target name, title, author, 256 | # dir menu entry, description, category) 257 | texinfo_documents = [ 258 | (master_doc, target_name, 259 | title, author, project, 260 | description, category), 261 | ] 262 | 263 | # Documents to append as an appendix to all manuals. 264 | # texinfo_appendices = [] 265 | 266 | # If false, no module index is generated. 267 | # texinfo_domain_indices = True 268 | 269 | # How to display URL addresses: 'footnote', 'no', or 'inline'. 270 | # texinfo_show_urls = 'footnote' 271 | 272 | # If true, do not generate a @detailmenu in the "Top" node's menu. 273 | # texinfo_no_detailmenu = False 274 | 275 | # -- Options for Internationalization output ------------------------------ 276 | locale_dirs = ['locale/'] 277 | -------------------------------------------------------------------------------- /releasenotes/source/index.rst: -------------------------------------------------------------------------------- 1 | ================================ 2 | OpenStack-Ansible Release Notes 3 | ================================ 4 | 5 | .. toctree:: 6 | :maxdepth: 1 7 | 8 | unreleased 9 | zed 10 | ussuri 11 | train 12 | stein 13 | rocky 14 | queens 15 | pike 16 | ocata 17 | newton 18 | mitaka 19 | -------------------------------------------------------------------------------- /releasenotes/source/mitaka.rst: -------------------------------------------------------------------------------- 1 | ============================= 2 | Mitaka Series Release Notes 3 | ============================= 4 | 5 | .. release-notes:: 6 | :branch: origin/stable/mitaka 7 | -------------------------------------------------------------------------------- /releasenotes/source/newton.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Newton Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: origin/stable/newton 7 | -------------------------------------------------------------------------------- /releasenotes/source/ocata.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Ocata Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: origin/stable/ocata 7 | -------------------------------------------------------------------------------- /releasenotes/source/pike.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Pike Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/pike 7 | -------------------------------------------------------------------------------- /releasenotes/source/queens.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Queens Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/queens 7 | -------------------------------------------------------------------------------- /releasenotes/source/rocky.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Rocky Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/rocky 7 | -------------------------------------------------------------------------------- /releasenotes/source/stein.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Stein Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/stein 7 | -------------------------------------------------------------------------------- /releasenotes/source/train.rst: -------------------------------------------------------------------------------- 1 | ========================== 2 | Train Series Release Notes 3 | ========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/train 7 | -------------------------------------------------------------------------------- /releasenotes/source/unreleased.rst: -------------------------------------------------------------------------------- 1 | ============================== 2 | Current Series Release Notes 3 | ============================== 4 | 5 | .. release-notes:: 6 | -------------------------------------------------------------------------------- /releasenotes/source/ussuri.rst: -------------------------------------------------------------------------------- 1 | =========================== 2 | Ussuri Series Release Notes 3 | =========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/ussuri 7 | -------------------------------------------------------------------------------- /releasenotes/source/zed.rst: -------------------------------------------------------------------------------- 1 | ======================== 2 | Zed Series Release Notes 3 | ======================== 4 | 5 | .. release-notes:: 6 | :branch: unmaintained/zed 7 | -------------------------------------------------------------------------------- /run_tests.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Copyright 2015, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # PURPOSE: 17 | # This script clones the openstack-ansible-tests repository to the 18 | # tests/common folder in order to be able to re-use test components 19 | # for role testing. This is intended to be the thinnest possible 20 | # shim for test execution outside of OpenStack CI. 21 | 22 | # WARNING: 23 | # This file is maintained in the openstack-ansible-tests repository. 24 | # https://opendev.org/openstack/openstack-ansible-tests/src/run_tests.sh 25 | # If you need to modify this file, update the one in the openstack-ansible-tests 26 | # repository and then update this file as well. The purpose of this file is to 27 | # prepare the host and then execute all the tox tests. 28 | # 29 | 30 | ## Shell Opts ---------------------------------------------------------------- 31 | set -xeu 32 | 33 | ## Vars ---------------------------------------------------------------------- 34 | 35 | WORKING_DIR="$(readlink -f $(dirname $0))" 36 | OSA_PROJECT_NAME="$(sed -n 's|^project=openstack/\(.*\).git$|\1|p' $(pwd)/.gitreview)" 37 | 38 | COMMON_TESTS_PATH="${WORKING_DIR}/tests/common" 39 | TESTING_HOME=${TESTING_HOME:-$HOME} 40 | ZUUL_TESTS_CLONE_LOCATION="/home/zuul/src/opendev.org/openstack/openstack-ansible-tests" 41 | 42 | # Use .gitreview as the key to determine the appropriate 43 | # branch to clone for tests. 44 | TESTING_BRANCH=$(awk -F'=' '/defaultbranch/ {print $2}' "${WORKING_DIR}/.gitreview") 45 | if [[ "${TESTING_BRANCH}" == "" ]]; then 46 | TESTING_BRANCH="master" 47 | fi 48 | 49 | ## Main ---------------------------------------------------------------------- 50 | 51 | # Source distribution information 52 | source /etc/os-release || source /usr/lib/os-release 53 | 54 | # Figure out the appropriate package install command 55 | case ${ID,,} in 56 | centos|rhel|fedora|rocky) pkg_mgr_cmd="dnf install -y" ;; 57 | ubuntu|debian) pkg_mgr_cmd="apt-get install -y" ;; 58 | *) echo "unsupported distribution: ${ID,,}"; exit 1 ;; 59 | esac 60 | 61 | # Install git so that we can clone the tests repo if git is not available 62 | which git &>/dev/null || eval sudo "${pkg_mgr_cmd}" git 63 | 64 | # Clone the tests repo for access to the common test script 65 | if [[ ! -d "${COMMON_TESTS_PATH}" ]]; then 66 | # The tests repo doesn't need a clone, we can just 67 | # symlink it. 68 | if [[ "${OSA_PROJECT_NAME}" == "openstack-ansible-tests" ]]; then 69 | ln -s "${WORKING_DIR}" "${COMMON_TESTS_PATH}" 70 | 71 | # In zuul v3 any dependent repository is placed into 72 | # /home/zuul/src/opendev.org, so we check to see 73 | # if there is a tests checkout there already. If so, we 74 | # symlink that and use it. 75 | elif [[ -d "${ZUUL_TESTS_CLONE_LOCATION}" ]]; then 76 | ln -s "${ZUUL_TESTS_CLONE_LOCATION}" "${COMMON_TESTS_PATH}" 77 | 78 | # Otherwise we're clearly not in zuul or using a previously setup 79 | # repo in some way, so just clone it from upstream. 80 | else 81 | git clone -b "${TESTING_BRANCH}" \ 82 | https://opendev.org/openstack/openstack-ansible-tests \ 83 | "${COMMON_TESTS_PATH}" 84 | fi 85 | fi 86 | 87 | # Execute the common test script 88 | source tests/common/run_tests_common.sh 89 | -------------------------------------------------------------------------------- /tasks/configure_metal_hosts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Check Kernel Version 17 | ansible.builtin.fail: 18 | msg: > 19 | Wrong kernel Version found 20 | [ {{ ansible_facts['kernel'] }} < {{ openstack_host_required_kernel }} ] 21 | Resolve this issue before continuing. 22 | when: 23 | - ansible_facts['kernel'] is version(openstack_host_required_kernel, '<') 24 | 25 | - name: Install distro packages for bare metal nodes 26 | ansible.builtin.package: 27 | name: "{{ openstack_host_metal_distro_packages }}" 28 | state: "{{ openstack_hosts_package_state }}" 29 | register: install_packages 30 | until: install_packages is success 31 | retries: 5 32 | delay: 2 33 | 34 | - name: Install user defined extra distro packages for bare metal nodes 35 | ansible.builtin.package: 36 | name: "{{ openstack_host_extra_metal_distro_packages }}" 37 | state: "{{ openstack_hosts_package_state }}" 38 | when: 39 | - openstack_host_extra_metal_distro_packages | length > 0 40 | register: install_packages 41 | until: install_packages is success 42 | retries: 5 43 | delay: 2 44 | 45 | - name: Check how kernel modules are implemented (statically builtin, dynamic, not set) 46 | ansible.builtin.slurp: 47 | src: "/boot/config-{{ ansible_facts['kernel'] }}" 48 | register: modules 49 | when: 50 | - openstack_host_specific_kernel_modules | length > 0 51 | 52 | - name: Fail fast if we can't load a module 53 | ansible.builtin.fail: 54 | msg: "{{ item.pattern }} is not set" 55 | with_items: "{{ openstack_host_specific_kernel_modules }}" 56 | when: 57 | - item.pattern is defined 58 | - (modules.content | b64decode).find(item.pattern + ' is not set') != -1 59 | 60 | - name: "Load kernel module(s)" 61 | community.general.modprobe: 62 | name: "{{ item.name }}" 63 | with_items: "{{ openstack_host_kernel_modules + openstack_host_specific_kernel_modules }}" 64 | when: 65 | - item.name | length > 0 66 | - item.pattern is undefined or (item.pattern is defined and (modules.content | b64decode).find(item.pattern + '=m') != -1) 67 | 68 | - name: Write list of modules to load at boot 69 | ansible.builtin.template: 70 | src: modprobe.conf.j2 71 | dest: "{{ openstack_host_module_file }}" 72 | mode: "0644" 73 | 74 | - name: Adding new system tuning 75 | ansible.posix.sysctl: 76 | name: "{{ item.key }}" 77 | value: "{{ item.value }}" 78 | sysctl_set: "{{ item.set | default('yes') }}" 79 | sysctl_file: "{{ openstack_hosts_sysctl_file }}" 80 | state: "{{ item.state | default('present') }}" 81 | reload: false 82 | with_items: "{{ openstack_kernel_options + openstack_user_kernel_options }}" 83 | failed_when: false 84 | 85 | - name: Configure sysstat 86 | ansible.builtin.include_tasks: openstack_sysstat.yml 87 | when: 88 | - openstack_host_sysstat_enabled | bool 89 | 90 | - name: Create a directory to hold systemd journals on disk 91 | ansible.builtin.file: 92 | path: /var/log/journal 93 | state: directory 94 | owner: root 95 | group: systemd-journal 96 | mode: "2755" 97 | register: journald_directory 98 | when: 99 | - openstack_host_keep_journals | bool 100 | 101 | # NOTE(mhayden): The linter is skipped here since the command does not create 102 | # any files. The command ensures that proper permissions and SELinux contests 103 | # are set. 104 | - name: Create tmpfiles structure in journald directory 105 | command: systemd-tmpfiles --create --prefix /var/log/journal 106 | when: 107 | - journald_directory is changed 108 | - openstack_host_keep_journals | bool 109 | notify: 110 | - Restart systemd-journald 111 | tags: 112 | - skip_ansible_lint 113 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Gather variables for each operating system 17 | ansible.builtin.include_vars: "{{ lookup('first_found', params) }}" 18 | vars: 19 | params: 20 | files: 21 | - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" 22 | - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" 23 | - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" 24 | - "{{ ansible_facts['distribution'] | lower }}.yml" 25 | - "{{ ansible_facts['os_family'] | lower }}.yml" 26 | paths: 27 | - "{{ role_path }}/vars" 28 | tags: 29 | - always 30 | 31 | - name: Allow the usage of local facts 32 | ansible.builtin.file: 33 | path: /etc/ansible/facts.d/ 34 | state: directory 35 | mode: "0755" 36 | tags: 37 | - openstack_hosts-install 38 | 39 | # Deploy the release file everywhere 40 | - name: Importing openstack_release tasks 41 | ansible.builtin.import_tasks: openstack_release.yml 42 | tags: 43 | - openstack_hosts-install 44 | 45 | # Proxy configuration applies to all nodes 46 | - name: Add global_environment_variables to environment file 47 | ansible.builtin.blockinfile: 48 | dest: "/etc/environment" 49 | state: present 50 | marker: "# {mark} Managed by OpenStack-Ansible" 51 | insertbefore: EOF 52 | block: "{{ lookup('template', 'environment.j2') }}" 53 | tags: 54 | - openstack_hosts-config 55 | 56 | - name: Ensure environement is applied during sudo 57 | ansible.builtin.lineinfile: 58 | path: /etc/pam.d/sudo 59 | line: "session required pam_env.so readenv=1 user_readenv=0" 60 | regexp: "session\\s+required\\s+pam_env\\.so" 61 | insertbefore: "^@include" 62 | when: ansible_facts['distribution'] | lower == 'debian' 63 | 64 | - name: Create systemd global directory 65 | ansible.builtin.file: 66 | path: /etc/systemd/system.conf.d/ 67 | state: directory 68 | owner: "root" 69 | group: "root" 70 | mode: "0755" 71 | 72 | - name: Add DefaultEnvironment to systemd 73 | openstack.config_template.config_template: 74 | src: systemd-environment.j2 75 | dest: /etc/systemd/system.conf.d/osa-default-environment.conf 76 | owner: "root" 77 | group: "root" 78 | mode: "0644" 79 | config_overrides: "{{ openstack_systemd_global_overrides }}" 80 | config_type: ini 81 | notify: Systemd daemon reload 82 | 83 | # Configure host files should apply to all nodes 84 | - name: Configure etc hosts files 85 | ansible.builtin.include_tasks: openstack_update_hosts_file.yml 86 | args: 87 | apply: 88 | tags: 89 | - openstack_hosts-config 90 | - openstack_hosts-file 91 | when: 92 | - (openstack_host_manage_hosts_file | bool) or (openstack_host_manage_deploy_hosts_file | bool) 93 | tags: 94 | - always 95 | 96 | - name: Remove the blacklisted packages 97 | ansible.builtin.package: 98 | name: "{{ openstack_hosts_package_list | selectattr('state', 'equalto', 'absent') | map(attribute='name') | list }}" 99 | state: absent 100 | 101 | # This allows to include this role to get all the distro 102 | # specific configuration for all the nodes. 103 | # It is also used for installing common packages to 104 | # all nodes 105 | - name: Apply package management distro specific configuration 106 | ansible.builtin.include_tasks: "openstack_hosts_configure_{{ ansible_facts['pkg_mgr'] | lower }}.yml" 107 | 108 | # Configure bare metal nodes: Kernel, sysctl, sysstat, hosts files, metal packages 109 | - name: Including configure_metal_hosts tasks 110 | ansible.builtin.include_tasks: configure_metal_hosts.yml 111 | args: 112 | apply: 113 | tags: 114 | - openstack_hosts-install 115 | when: 116 | - is_metal 117 | tags: 118 | - always 119 | 120 | - name: Decreasing tcp_retries2 sysctl 121 | ansible.posix.sysctl: 122 | name: "net.ipv4.tcp_retries2" 123 | value: "{{ keepalived_sysctl_tcp_retries | default(8) }}" 124 | sysctl_set: true 125 | sysctl_file: "{{ openstack_hosts_sysctl_file }}" 126 | state: "{{ (keepalived_sysctl_tcp_retries | default(8) > 0) | ternary('present', 'absent') }}" 127 | reload: true 128 | failed_when: false 129 | 130 | - name: Install distro packages 131 | ansible.builtin.package: 132 | name: "{{ openstack_host_distro_packages }}" 133 | state: "{{ openstack_hosts_package_state }}" 134 | when: 135 | - openstack_host_distro_packages | length > 0 136 | register: install_packages 137 | until: install_packages is success 138 | retries: 5 139 | delay: 2 140 | 141 | - name: Install user defined extra distro packages 142 | ansible.builtin.package: 143 | name: "{{ openstack_host_extra_distro_packages }}" 144 | state: "{{ openstack_hosts_package_state }}" 145 | when: 146 | - openstack_host_extra_distro_packages | length > 0 147 | register: install_packages 148 | until: install_packages is success 149 | retries: 5 150 | delay: 2 151 | 152 | - name: Importing openstack_authorized_keys tasks 153 | ansible.builtin.import_tasks: openstack_authorized_keys.yml 154 | tags: 155 | - openstack_hosts-config 156 | 157 | - name: Including PKI role 158 | ansible.builtin.include_role: 159 | name: pki 160 | tasks_from: main_ca_install.yml 161 | apply: 162 | tags: 163 | - pki 164 | vars: 165 | pki_dir: "{{ openstack_pki_dir }}" 166 | pki_install_ca: "{{ openstack_pki_install_ca | default([]) + openstack_host_ca_certificates }}" 167 | tags: 168 | - always 169 | 170 | - name: Including openstack_gitconfig tasks 171 | ansible.builtin.include_tasks: openstack_gitconfig.yml 172 | args: 173 | apply: 174 | tags: 175 | - openstack_hosts-config 176 | 177 | - name: Including openstack_hosts_systemd tasks 178 | ansible.builtin.include_tasks: openstack_hosts_systemd.yml 179 | args: 180 | apply: 181 | tags: 182 | - openstack_hosts-config 183 | - openstack_hosts-systemd 184 | when: 185 | - openstack_hosts_systemd_networkd_devices or 186 | openstack_hosts_systemd_networkd_networks or 187 | openstack_hosts_systemd_services or 188 | openstack_hosts_systemd_mounts or 189 | openstack_hosts_journald_config 190 | tags: 191 | - always 192 | -------------------------------------------------------------------------------- /tasks/openstack_authorized_keys.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Ensure ssh directory 17 | ansible.builtin.file: 18 | path: "{{ ansible_facts['env']['HOME'] }}/.ssh" 19 | state: "directory" 20 | group: "{{ ansible_facts['user_id'] }}" 21 | owner: "{{ ansible_facts['user_id'] }}" 22 | mode: "0700" 23 | 24 | - name: Update SSH keys 25 | ansible.posix.authorized_key: 26 | user: "{{ ansible_facts['user'] }}" 27 | state: present 28 | key: "{{ item }}" 29 | with_url: "{{ ssh_key_url }}" 30 | when: 31 | - ssh_key_url is defined 32 | -------------------------------------------------------------------------------- /tasks/openstack_gitconfig.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2021, BBC R&D 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Get git version 17 | command: 18 | cmd: "git --version" 19 | register: _git_version 20 | changed_when: false 21 | failed_when: false 22 | tags: 23 | - skip_ansible_lint 24 | 25 | - name: Write git config when git is installed 26 | community.general.git_config: 27 | scope: system 28 | name: http.https://opendev.org/.userAgent 29 | value: "{{ 'git/' ~ _git_version.stdout.split(' ')[2] ~ ' (osa/' ~ lookup('env', 'OSA_VERSION') ~ '/' ~ component | default('undefined') ~ ')' }}" 30 | when: _git_version.rc == 0 31 | 32 | - name: Configure git safe directories 33 | community.general.git_config: 34 | scope: system 35 | name: safe.directory 36 | value: "{{ item }}" 37 | with_items: "{{ openstack_hosts_git_safe_directories }}" 38 | when: 39 | - _git_version.rc == 0 40 | - openstack_hosts_git_safe_directories is defined 41 | 42 | - name: Write git config when git is not installed 43 | ansible.builtin.template: 44 | src: gitconfig.j2 45 | dest: /etc/gitconfig 46 | mode: "0644" 47 | when: _git_version.rc != 0 48 | -------------------------------------------------------------------------------- /tasks/openstack_hosts_configure_apt.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # APT configuration tasks that apply on all nodes. 17 | 18 | - name: Ensure /etc/apt/sources.list.d exists 19 | ansible.builtin.file: 20 | path: /etc/apt/sources.list.d 21 | state: directory 22 | owner: root 23 | group: root 24 | mode: "0755" 25 | 26 | - name: Validate repo config is deb822 format 27 | vars: 28 | _repo_check: "{{ openstack_hosts_package_repos | selectattr('repo', 'defined') | map(attribute='repo') }}" 29 | ansible.builtin.assert: 30 | that: _repo_check | length == 0 31 | fail_msg: "The following repository definitions must be updated to deb822 format {{ _repo_check }}" 32 | 33 | # NOTE(jrosser) remove this task for the 2025.2 release 34 | - name: Clean up legacy repository config not in deb822 format 35 | vars: 36 | openstack_hosts_apt_repo_cleanup: 37 | - uca.list 38 | - osbpo.list 39 | ansible.builtin.file: 40 | path: "/etc/apt/sources.list.d/{{ item }}" 41 | state: absent 42 | register: _cleanup_apt_repositories 43 | with_items: "{{ openstack_hosts_apt_repo_cleanup }}" 44 | 45 | - name: Add requirement packages (repositories gpg keys, toolkits...) 46 | ansible.builtin.apt: 47 | name: "{{ openstack_hosts_package_list | rejectattr('state', 'equalto', 'absent') | map(attribute='name') | list }}" 48 | state: "{{ openstack_hosts_package_state }}" 49 | update_cache: true 50 | cache_valid_time: "{{ cache_timeout }}" 51 | register: _install_packages 52 | until: _install_packages is success 53 | retries: 5 54 | delay: 2 55 | 56 | - name: Manage apt repositories 57 | ansible.builtin.deb822_repository: 58 | allow_downgrade_to_insecure: "{{ item.allow_downgrade_to_insecure | default(omit) }}" 59 | allow_insecure: "{{ item.allow_insecure | default(omit) }}" 60 | allow_weak: "{{ item.allow_weak | default(omit) }}" 61 | architectures: "{{ item.architectures | default(omit) }}" 62 | by_hash: "{{ item.by_hash | default(omit) }}" 63 | check_date: "{{ item.check_date | default(omit) }}" 64 | check_valid_until: "{{ item.check_valid_until | default(omit) }}" 65 | components: "{{ item.components | default(omit) }}" 66 | date_max_future: "{{ item.date_max_future | default(omit) }}" 67 | enabled: "{{ item.enabled | default(omit) }}" 68 | inrelease_path: "{{ item.inrelease_path | default(omit) }}" 69 | languages: "{{ item.languages | default(omit) }}" 70 | mode: "{{ item.mode | default(omit) }}" 71 | name: "{{ item.name }}" 72 | pdiffs: "{{ item.pdiffs | default(omit) }}" 73 | signed_by: "{{ item.signed_by | default(omit) }}" 74 | state: "{{ item.state | default(omit) }}" 75 | suites: "{{ item.suites | default(omit) }}" 76 | targets: "{{ item.targets | default(omit) }}" 77 | trusted: "{{ item.trusted | default(omit) }}" 78 | types: "{{ item.types | default(omit) }}" 79 | uris: "{{ item.uris | default(omit) }}" 80 | with_items: "{{ openstack_hosts_package_repos }}" 81 | register: _manage_apt_repositories 82 | 83 | - name: Add apt extra conf 84 | ansible.builtin.copy: 85 | content: "{{ openstack_hosts_package_manager_default_conf + openstack_hosts_package_manager_extra_conf }}" 86 | dest: /etc/apt/apt.conf.d/99openstack-ansible 87 | mode: "0644" 88 | when: 89 | - openstack_hosts_package_manager_extra_conf | length > 0 or openstack_hosts_package_manager_default_conf | length > 0 90 | 91 | - name: Update Apt cache 92 | ansible.builtin.apt: 93 | update_cache: true 94 | when: 95 | - (_manage_apt_repositories is changed) or (_cleanup_apt_repositories is changed) 96 | register: _update_apt_cache 97 | until: _update_apt_cache is success 98 | changed_when: false 99 | retries: 5 100 | delay: 2 101 | -------------------------------------------------------------------------------- /tasks/openstack_hosts_configure_dnf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Check to see if yum's fastestmirror plugin is present 17 | ansible.builtin.stat: 18 | path: /etc/yum/pluginconf.d/fastestmirror.conf 19 | register: fastestmirror_plugin_check 20 | 21 | - name: Configure yum's fastestmirror plugin 22 | community.general.ini_file: 23 | path: /etc/yum/pluginconf.d/fastestmirror.conf 24 | section: main 25 | option: enabled 26 | value: "{{ (openstack_hosts_enable_yum_fastestmirror | bool) | ternary('1', '0') }}" 27 | no_extra_spaces: true 28 | mode: "0644" 29 | when: 30 | - fastestmirror_plugin_check.stat.exists 31 | 32 | - name: Disable requiretty for root sudo on centos 33 | ansible.builtin.template: 34 | dest: /etc/sudoers.d/openstack-ansible 35 | owner: root 36 | group: root 37 | mode: "0440" 38 | src: sudoers.j2 39 | 40 | # Copy all factored-in GPG keys. 41 | # KeyID 764429E6 from https://raw.githubusercontent.com/rdo-infra/centos-release-openstack/ocata-rdo/RPM-GPG-KEY-CentOS-SIG-Cloud 42 | # KeyID 61E8806C from keyserver for rdo-qemu-ev 43 | - name: If a keyfile is provided, copy the gpg keyfile to the key location 44 | ansible.builtin.copy: 45 | src: "{{ item.keyfile }}" 46 | dest: "{{ item.key }}" 47 | mode: "0644" 48 | with_items: "{{ openstack_hosts_package_repos_keys | selectattr('keyfile', 'defined') | list }}" 49 | 50 | - name: Ensure GPG keys have the correct SELinux contexts applied 51 | ansible.builtin.command: restorecon -Rv /etc/pki/rpm-gpg/ 52 | changed_when: false 53 | 54 | # Handle gpg keys manually 55 | - name: Install gpg keys 56 | ansible.builtin.rpm_key: 57 | key: "{{ key.key }}" 58 | validate_certs: "{{ key.validate_certs | default(omit) }}" 59 | state: "{{ key.state | default('present') }}" 60 | with_items: "{{ openstack_hosts_package_repos_keys }}" 61 | loop_control: 62 | loop_var: key 63 | register: _add_yum_keys 64 | until: _add_yum_keys is success 65 | retries: 5 66 | delay: 2 67 | 68 | - name: Add requirement packages (repositories gpg keys packages, toolkits...) 69 | ansible.builtin.package: 70 | name: "{{ openstack_hosts_package_list | rejectattr('state', 'equalto', 'absent') | map(attribute='name') | list }}" 71 | state: "{{ openstack_hosts_package_state }}" 72 | 73 | - name: Add yum repositories if they do not exist 74 | ansible.builtin.yum_repository: 75 | name: "{{ repo.name }}" 76 | file: "{{ repo.file | default(omit) }}" 77 | description: "{{ repo.description | default(omit) }}" 78 | baseurl: "{{ repo.baseurl | default(omit) }}" 79 | mirrorlist: "{{ repo.mirrorlist | default(omit) }}" 80 | gpgkey: "{{ repo.gpgkey | default(omit) }}" 81 | gpgcheck: "{{ repo.gpgcheck | default(omit) }}" 82 | enabled: "{{ repo.enabled | default('yes') }}" 83 | exclude: "{{ repo.exclude | default(omit) }}" 84 | priority: "{{ repo.priority | default(99) }}" 85 | state: "{{ repo.state | default(omit) }}" 86 | module_hotfixes: "{{ repo.module_hotfixes | default(omit) }}" 87 | with_items: "{{ openstack_hosts_package_repos }}" 88 | loop_control: 89 | loop_var: repo 90 | register: _adding_repo 91 | until: _adding_repo is success 92 | retries: 5 93 | delay: 2 94 | 95 | - name: Add dnf extra conf 96 | ansible.builtin.blockinfile: 97 | block: "{{ openstack_hosts_package_manager_default_conf + openstack_hosts_package_manager_extra_conf }}" 98 | path: /etc/dnf/dnf.conf 99 | marker: "# {mark} OPENSTACK-ANSIBLE-OPENSTACK_HOSTS MANAGED BLOCK" 100 | create: true 101 | mode: "0644" 102 | when: 103 | - openstack_hosts_package_manager_extra_conf | length > 0 or openstack_hosts_package_manager_default_conf | length > 0 104 | 105 | - name: Add rdo repositories via url for trunk based installation 106 | ansible.builtin.get_url: 107 | url: "{{ openstack_hosts_rdo_repo_url }}/delorean.repo" 108 | dest: /etc/yum.repos.d/rdo.repo 109 | mode: "0640" 110 | register: _get_repo 111 | until: _get_repo is success 112 | retries: 5 113 | delay: 2 114 | when: 115 | - (install_method | default('source')) == 'distro' 116 | - openstack_hosts_rdo_repo_type == 'trunk' 117 | 118 | - name: Install centos-release-openstack package for cloudsig based installation 119 | ansible.builtin.package: 120 | name: 121 | - centos-release-openstack-{{ openstack_distrib_code_name | lower }} 122 | when: 123 | - (install_method | default('source')) == 'distro' 124 | - openstack_hosts_rdo_repo_type == 'cloudsig' 125 | 126 | - name: Enable CodeReadyBuilder repository 127 | ansible.builtin.command: dnf config-manager --set-enabled "crb" 128 | changed_when: false 129 | when: 130 | - openstack_hosts_power_tool_enable | bool 131 | - ansible_facts['distribution_major_version'] == "9" 132 | 133 | - name: Create SSL certificate and key directories 134 | ansible.builtin.file: 135 | path: "{{ item.path }}" 136 | state: directory 137 | owner: "{{ item.owner | default(root) }}" 138 | group: "{{ item.group | default(root) }}" 139 | mode: "{{ item.mode | default('0755') }}" 140 | with_items: 141 | - { path: "/etc/pki/tls/certs", owner: "root", group: "root" } 142 | - { path: "/etc/pki/tls/private", owner: "root", group: "root" } 143 | 144 | - name: Create SSL certificate and key directory symlinks 145 | ansible.builtin.file: 146 | src: "{{ item.src }}" 147 | dest: "{{ item.dest }}" 148 | state: "link" 149 | with_items: 150 | - { src: "/etc/pki/tls/certs", dest: "/etc/ssl/certs" } 151 | - { src: "/etc/pki/tls/private", dest: "/etc/ssl/private" } 152 | -------------------------------------------------------------------------------- /tasks/openstack_hosts_configure_yum.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Check to see if yum's fastestmirror plugin is present 17 | ansible.builtin.stat: 18 | path: /etc/yum/pluginconf.d/fastestmirror.conf 19 | register: fastestmirror_plugin_check 20 | 21 | - name: Configure yum's fastestmirror plugin 22 | community.general.ini_file: 23 | path: /etc/yum/pluginconf.d/fastestmirror.conf 24 | section: main 25 | option: enabled 26 | value: "{{ (openstack_hosts_enable_yum_fastestmirror | bool) | ternary('1', '0') }}" 27 | no_extra_spaces: true 28 | mode: "0644" 29 | when: 30 | - fastestmirror_plugin_check.stat.exists 31 | 32 | - name: Disable requiretty for root sudo on centos 33 | ansible.builtin.template: 34 | dest: /etc/sudoers.d/openstack-ansible 35 | owner: root 36 | group: root 37 | mode: "0440" 38 | src: sudoers.j2 39 | 40 | # Copy all factored-in GPG keys. 41 | # KeyID 764429E6 from https://raw.githubusercontent.com/rdo-infra/centos-release-openstack/ocata-rdo/RPM-GPG-KEY-CentOS-SIG-Cloud 42 | # KeyID 61E8806C from keyserver for rdo-qemu-ev 43 | - name: If a keyfile is provided, copy the gpg keyfile to the key location 44 | ansible.builtin.copy: 45 | src: "{{ item.keyfile }}" 46 | dest: "{{ item.key }}" 47 | mode: "0644" 48 | with_items: "{{ openstack_hosts_package_repos_keys | selectattr('keyfile', 'defined') | list }}" 49 | 50 | - name: Ensure GPG keys have the correct SELinux contexts applied 51 | ansible.builtin.command: restorecon -Rv /etc/pki/rpm-gpg/ 52 | changed_when: false 53 | 54 | # Handle gpg keys manually 55 | - name: Install gpg keys 56 | ansible.builtin.rpm_key: 57 | key: "{{ key.key }}" 58 | validate_certs: "{{ key.validate_certs | default(omit) }}" 59 | state: "{{ key.state | default('present') }}" 60 | with_items: "{{ openstack_hosts_package_repos_keys }}" 61 | loop_control: 62 | loop_var: key 63 | register: _add_yum_keys 64 | until: _add_yum_keys is success 65 | retries: 5 66 | delay: 2 67 | 68 | - name: Add requirement packages (repositories gpg keys packages, toolkits...) 69 | ansible.builtin.package: 70 | name: "{{ openstack_hosts_package_list | rejectattr('state', 'equalto', 'absent') | map(attribute='name') | list }}" 71 | state: "{{ openstack_hosts_package_state }}" 72 | 73 | - name: Add yum repositories if they do not exist 74 | ansible.builtin.yum_repository: 75 | name: "{{ repo.name }}" 76 | file: "{{ repo.file | default(omit) }}" 77 | description: "{{ repo.description | default(omit) }}" 78 | baseurl: "{{ repo.baseurl | default(omit) }}" 79 | mirrorlist: "{{ repo.mirrorlist | default(omit) }}" 80 | gpgkey: "{{ repo.gpgkey | default(omit) }}" 81 | gpgcheck: "{{ repo.gpgcheck | default(omit) }}" 82 | enabled: "{{ repo.enabled | default('yes') }}" 83 | exclude: "{{ repo.exclude | default(omit) }}" 84 | priority: "{{ repo.priority | default(99) }}" 85 | with_items: "{{ openstack_hosts_package_repos }}" 86 | loop_control: 87 | loop_var: repo 88 | register: _adding_repo 89 | until: _adding_repo is success 90 | retries: 5 91 | delay: 2 92 | 93 | - name: Add yum extra conf 94 | ansible.builtin.blockinfile: 95 | block: "{{ openstack_hosts_package_manager_default_conf + openstack_hosts_package_manager_extra_conf }}" 96 | path: /etc/yum.conf 97 | marker: "# {mark} OPENSTACK-ANSIBLE-OPENSTACK_HOSTS MANAGED BLOCK" 98 | create: true 99 | mode: "0644" 100 | when: 101 | - openstack_hosts_package_manager_extra_conf | length > 0 or openstack_hosts_package_manager_default_conf | length > 0 102 | -------------------------------------------------------------------------------- /tasks/openstack_hosts_systemd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2022, Cleura AB. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Run the systemd-networkd role 17 | ansible.builtin.include_role: 18 | name: systemd_networkd 19 | vars: 20 | systemd_networkd_prefix: "{{ openstack_hosts_systemd_networkd_prefix }}" 21 | systemd_run_networkd: true 22 | systemd_netdevs: "{{ openstack_hosts_systemd_networkd_devices }}" 23 | systemd_networks: "{{ openstack_hosts_systemd_networkd_networks }}" 24 | when: 25 | - openstack_hosts_systemd_networkd_devices 26 | - openstack_hosts_systemd_networkd_networks 27 | - is_metal 28 | 29 | - name: Run the systemd-service role 30 | ansible.builtin.include_role: 31 | name: systemd_service 32 | vars: 33 | systemd_slice_name: "{{ openstack_hosts_systemd_slice }}" 34 | systemd_services: "{{ openstack_hosts_systemd_services }}" 35 | when: 36 | - openstack_hosts_systemd_services 37 | 38 | - name: Run the systemd mount role 39 | ansible.builtin.include_role: 40 | name: systemd_mount 41 | vars: 42 | systemd_mounts: "{{ openstack_hosts_systemd_mounts }}" 43 | when: 44 | - openstack_hosts_systemd_mounts 45 | 46 | - name: Configure systemd-journald 47 | when: openstack_hosts_journald_config 48 | block: 49 | - name: Create /etc/systemd/journald.conf.d directory 50 | ansible.builtin.file: 51 | path: /etc/systemd/journald.conf.d 52 | state: directory 53 | owner: root 54 | group: systemd-journal 55 | mode: "0755" 56 | 57 | - name: Define journald configuration 58 | ansible.builtin.copy: 59 | content: |- 60 | [Journal] 61 | {% for key, value in openstack_hosts_journald_config.items() %} 62 | {{ key }}={{ value }} 63 | {% endfor %} 64 | dest: /etc/systemd/journald.conf.d/99-osa-journal.conf 65 | mode: "0644" 66 | notify: 67 | - Restart systemd-journald 68 | -------------------------------------------------------------------------------- /tasks/openstack_release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Drop openstack release file 17 | ansible.builtin.template: 18 | src: "openstack-release.j2" 19 | dest: "{{ openstack_distrib_file_path }}" 20 | owner: "root" 21 | group: "root" 22 | mode: "0644" 23 | when: 24 | - openstack_distrib_file | bool 25 | 26 | - name: Remove legacy openstack release file 27 | ansible.builtin.file: 28 | path: "{{ openstack_distrib_file_path }}" 29 | state: absent 30 | when: 31 | - not openstack_distrib_file | bool 32 | -------------------------------------------------------------------------------- /tasks/openstack_sysstat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Enable sysstat config 17 | ansible.builtin.template: 18 | src: "sysstat.default.j2" 19 | dest: "{{ openstack_host_sysstat_file }}" 20 | mode: "0644" 21 | when: 22 | - ansible_facts['pkg_mgr'] == 'apt' 23 | notify: Restart sysstat 24 | 25 | - name: Enable sysstat cron 26 | ansible.builtin.template: 27 | src: "{{ openstack_host_cron_template }}" 28 | dest: "{{ openstack_host_sysstat_cron_file }}" 29 | mode: "{{ openstack_host_sysstat_cron_mode }}" 30 | setype: "{{ (ansible_facts['selinux']['status'] == 'enabled') | ternary('system_cron_spool_t', omit) }}" 31 | 32 | - name: Start and enable the sysstat service 33 | ansible.builtin.service: 34 | name: sysstat 35 | state: started 36 | enabled: true 37 | when: 38 | - ansible_facts['pkg_mgr'] == 'dnf' 39 | -------------------------------------------------------------------------------- /tasks/openstack_update_hosts_file.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Generate hosts file records 17 | run_once: true 18 | ansible.builtin.set_fact: 19 | _etc_hosts_content: |- 20 | {% set records = [] %} 21 | {% set _groups = groups['all'] %} 22 | {% set _ = _groups.remove('localhost') %} 23 | {% for item in _groups %} 24 | {% set record = [] %} 25 | {% set _target_rfc_name = item|replace('_', '-') %} 26 | {% set _ans_hostname = hostvars[item]['ansible_facts']['hostname'] | default(_target_rfc_name) %} 27 | {% set _ = record.append(hostvars[item]['ansible_host'] | default('127.0.0.1')) %} 28 | {% set _ = record.append(_ans_hostname ~ '.' ~ openstack_domain) %} 29 | {% set _ = record.append(_target_rfc_name) %} 30 | {% if (_ans_hostname != _target_rfc_name) and (_target_rfc_name != item) %} 31 | {% set _ = record.append(item) %} 32 | {% set _ = record.append(_ans_hostname) %} 33 | {% elif (_ans_hostname != _target_rfc_name) and (_target_rfc_name == item) %} 34 | {% set _ = record.append(_ans_hostname) %} 35 | {% elif (_ans_hostname == _target_rfc_name) and (_target_rfc_name != item) %} 36 | {% set _ = record.append(item) %} 37 | {% endif %} 38 | {% set _ = records.append(record | join(' ')) %} 39 | {% endfor %} 40 | {{ records }} 41 | 42 | - name: Update hosts file 43 | ansible.builtin.blockinfile: 44 | dest: /etc/hosts 45 | block: "{{ (_etc_hosts_content + openstack_host_custom_hosts_records) | join('\n') }}" 46 | marker: "### {mark} OPENSTACK-ANSIBLE MANAGED BLOCK ###" 47 | when: 48 | - openstack_host_manage_hosts_file | bool 49 | 50 | - name: Update hosts file on deploy host 51 | ansible.builtin.blockinfile: 52 | dest: /etc/hosts 53 | block: "{{ (_etc_hosts_content + openstack_host_custom_hosts_records) | join('\n') }}" 54 | marker: "### {mark} OPENSTACK-ANSIBLE {{ lookup('env', 'OSA_CONFIG_DIR') }} MANAGED BLOCK ###" 55 | run_once: true 56 | delegate_to: localhost 57 | become: true 58 | when: 59 | - openstack_host_manage_deploy_hosts_file | bool 60 | -------------------------------------------------------------------------------- /templates/environment.j2: -------------------------------------------------------------------------------- 1 | PATH="{{ openstack_host_environment_path | join(':') }}" 2 | REQUESTS_CA_BUNDLE="{{ openstack_ca_bundle_path }}" 3 | {% for key, value in global_environment_variables.items() %} 4 | {% if value %} 5 | {{ key }}={{ value }} 6 | {% endif %} 7 | {% endfor %} 8 | -------------------------------------------------------------------------------- /templates/gitconfig.j2: -------------------------------------------------------------------------------- 1 | [http "https://opendev.org/"] 2 | userAgent = git/unknown (osa/{{ lookup('env', 'OSA_VERSION') }}/{{ component | default('undefined') }}) 3 | 4 | {% if openstack_hosts_git_safe_directories is defined %} 5 | [safe] 6 | {% for dir in openstack_hosts_git_safe_directories %} 7 | directory = {{ dir }} 8 | {% endfor %} 9 | {% endif %} 10 | -------------------------------------------------------------------------------- /templates/modprobe.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | # Modules from the openstack-ansible-openstack_hosts role 3 | {% for module in openstack_host_kernel_modules + openstack_host_specific_kernel_modules %} 4 | {{ module.name }} 5 | {% endfor %} 6 | -------------------------------------------------------------------------------- /templates/openstack-release.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | DISTRIB_ID="{{ openstack_distrib_id }}" 4 | DISTRIB_RELEASE="{{ openstack_distrib_release }}" 5 | DISTRIB_CODENAME="{{ openstack_distrib_code_name }}" 6 | DISTRIB_DESCRIPTION="{{ openstack_distrib_description }}" 7 | -------------------------------------------------------------------------------- /templates/osa.vendors.j2: -------------------------------------------------------------------------------- 1 | [main] 2 | vendors = {{ openstack_hosts_package_vendors | join(',') }} 3 | -------------------------------------------------------------------------------- /templates/sudoers.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | Defaults:root !requiretty 3 | -------------------------------------------------------------------------------- /templates/sysstat.cron.debian.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | # The first element of the path is a directory where the debian-sa1 script is located 4 | PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin 5 | 6 | # Activity reports every 10 minutes everyday 7 | */{{ openstack_host_sysstat_interval }} * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1 8 | 9 | # Additional run at 23:59 to rotate the statistics file 10 | 59 {{ openstack_host_sysstat_statistics_hour }} * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2 11 | -------------------------------------------------------------------------------- /templates/sysstat.cron.redhat.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | # Run system activity accounting tool every 10 minutes 4 | */{{ openstack_host_sysstat_interval }} * * * * root /usr/lib64/sa/sa1 1 1 5 | # 0 * * * * root /usr/lib64/sa/sa1 600 6 & 6 | 7 | # Generate a daily summary of process accounting at {{ openstack_host_sysstat_statistics_hour }}:59 8 | 59 {{ openstack_host_sysstat_statistics_hour }} * * * root /usr/lib64/sa/sa2 -A 9 | -------------------------------------------------------------------------------- /templates/sysstat.default.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | # 4 | # Default settings for /etc/init.d/sysstat, /etc/cron.d/sysstat 5 | # and /etc/cron.daily/sysstat files 6 | # 7 | 8 | # Should sadc collect system activity informations? Valid values 9 | # are "true" and "false". Please do not put other values, they 10 | # will be overwritten by debconf! 11 | ENABLED="{{ openstack_host_sysstat_enabled | bool | lower }}" 12 | -------------------------------------------------------------------------------- /templates/systemd-environment.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | [Manager] 4 | DefaultEnvironment=REQUESTS_CA_BUNDLE={{ openstack_ca_bundle_path }} 5 | -------------------------------------------------------------------------------- /tests/ansible-role-requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: apt_package_pinning 3 | src: https://opendev.org/openstack/openstack-ansible-apt_package_pinning 4 | scm: git 5 | version: master 6 | -------------------------------------------------------------------------------- /tests/group_vars/all.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | global_environment_variables: 17 | PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 18 | 19 | install_method: source 20 | -------------------------------------------------------------------------------- /tests/inventory: -------------------------------------------------------------------------------- 1 | [all] 2 | localhost 3 | test1 ansible_host=127.111.111.101 ansible_become=True 4 | test2 ansible_host=127.111.111.102 ansible_become=True 5 | test3 ansible_host=127.111.111.103 ansible_become=True 6 | 7 | [all_containers] 8 | test1 9 | test2 10 | test3 11 | 12 | [hosts] 13 | localhost 14 | -------------------------------------------------------------------------------- /tests/openstack_hosts-overrides.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | extra_host_package: iotop 4 | extra_metal_package: lshw 5 | 6 | openstack_host_extra_distro_packages: 7 | - "{{ extra_host_package }}" 8 | 9 | openstack_host_extra_metal_distro_packages: 10 | - "{{ extra_metal_package }}" 11 | 12 | test_cert_dir: "/tmp/test-ca" 13 | 14 | openstack_host_ca_certificates: 15 | - name: "TestCA.crt" 16 | src: "{{ test_cert_dir }}/ca.pem" 17 | 18 | openstack_host_specific_kernel_modules: 19 | - name: "ebtables" 20 | pattern: "CONFIG_BRIDGE_NF_EBTABLES" 21 | -------------------------------------------------------------------------------- /tests/templates/openssl.conf.j2: -------------------------------------------------------------------------------- 1 | # 2 | # OpenSSL example configuration file. 3 | # This is mostly being used for generation of certificate requests. 4 | # 5 | # This definition stops the following lines choking if HOME isn't 6 | # defined. 7 | HOME = . 8 | RANDFILE = $ENV::HOME/.rnd 9 | # Extra OBJECT IDENTIFIER info: 10 | #oid_file = $ENV::HOME/.oid 11 | oid_section = new_oids 12 | # To use this configuration file with the "-extfile" option of the 13 | # "openssl x509" utility, name here the section containing the 14 | # X.509v3 extensions to use: 15 | # extensions = 16 | # (Alternatively, use a configuration file that has only 17 | # X.509v3 extensions in its main [= default] section.) 18 | [ new_oids ] 19 | # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. 20 | # Add a simple OID like this: 21 | # testoid1=1.2.3.4 22 | # Or use config file substitution like this: 23 | # testoid2=${testoid1}.5.6 24 | # Policies used by the TSA examples. 25 | tsa_policy1 = 1.2.3.4.1 26 | tsa_policy2 = 1.2.3.4.5.6 27 | tsa_policy3 = 1.2.3.4.5.7 28 | #################################################################### 29 | [ ca ] 30 | default_ca = CA_default # The default ca section 31 | #################################################################### 32 | [ CA_default ] 33 | dir = "{{ test_cert_dir }}" # Where everything is kept 34 | certs = $dir/certs # Where the issued certs are kept 35 | crl_dir = $dir/crl # Where the issued crl are kept 36 | database = $dir/index.txt # database index file. 37 | #unique_subject = no # Set to 'no' to allow creation of 38 | # several ctificates with same subject. 39 | new_certs_dir = $dir/newcerts # default place for new certs. 40 | certificate = "{{ test_cert_dir }}/ca.pem" # The CA certificate 41 | serial = $dir/serial # The current serial number 42 | crlnumber = $dir/crlnumber # the current crl number 43 | # must be commented out to leave a V1 CRL 44 | crl = $dir/crl.pem # The current CRL 45 | private_key = "{{ test_cert_dir }}/cakey.pem" # The private key 46 | RANDFILE = $dir/private/.rand # private random number file 47 | x509_extensions = usr_cert # The extensions to add to the cert 48 | # Comment out the following two lines for the "traditional" 49 | # (and highly broken) format. 50 | name_opt = ca_default # Subject Name options 51 | cert_opt = ca_default # Certificate field options 52 | # Extension copying option: use with caution. 53 | # copy_extensions = copy 54 | # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs 55 | # so this is commented out by default to leave a V1 CRL. 56 | # crlnumber must also be commented out to leave a V1 CRL. 57 | # crl_extensions = crl_ext 58 | default_days = 365 # how long to certify for 59 | default_crl_days= 30 # how long before next CRL 60 | default_md = default # use public key default MD 61 | preserve = no # keep passed DN ordering 62 | # A few difference way of specifying how similar the request should look 63 | # For type CA, the listed attributes must be the same, and the optional 64 | # and supplied fields are just that :-) 65 | policy = policy_match 66 | # For the CA policy 67 | [ policy_match ] 68 | countryName = match 69 | stateOrProvinceName = match 70 | organizationName = match 71 | organizationalUnitName = optional 72 | commonName = supplied 73 | emailAddress = optional 74 | # For the 'anything' policy 75 | # At this point in time, you must list all acceptable 'object' 76 | # types. 77 | [ policy_anything ] 78 | countryName = optional 79 | stateOrProvinceName = optional 80 | localityName = optional 81 | organizationName = optional 82 | organizationalUnitName = optional 83 | commonName = supplied 84 | emailAddress = optional 85 | #################################################################### 86 | [ req ] 87 | default_bits = 2048 88 | default_keyfile = privkey.pem 89 | distinguished_name = req_distinguished_name 90 | attributes = req_attributes 91 | x509_extensions = v3_ca # The extensions to add to the self signed cert 92 | # Passwords for private keys if not present they will be prompted for 93 | # input_password = secret 94 | # output_password = secret 95 | # This sets a mask for permitted string types. There are several options. 96 | # default: PrintableString, T61String, BMPString. 97 | # pkix : PrintableString, BMPString (PKIX recommendation before 2004) 98 | # utf8only: only UTF8Strings (PKIX recommendation after 2004). 99 | # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). 100 | # MASK:XXXX a literal mask value. 101 | # WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. 102 | string_mask = utf8only 103 | # req_extensions = v3_req # The extensions to add to a certificate request 104 | [ req_distinguished_name ] 105 | countryName = Country Name (2 letter code) 106 | countryName_default = AU 107 | countryName_min = 2 108 | countryName_max = 2 109 | stateOrProvinceName = State or Province Name (full name) 110 | stateOrProvinceName_default = Some-State 111 | localityName = Locality Name (eg, city) 112 | 0.organizationName = Organization Name (eg, company) 113 | 0.organizationName_default = Internet Widgits Pty Ltd 114 | # we can do this but it is not needed normally :-) 115 | #1.organizationName = Second Organization Name (eg, company) 116 | #1.organizationName_default = World Wide Web Pty Ltd 117 | organizationalUnitName = Organizational Unit Name (eg, section) 118 | #organizationalUnitName_default = 119 | commonName = Common Name (e.g. server FQDN or YOUR name) 120 | commonName_max = 64 121 | emailAddress = Email Address 122 | emailAddress_max = 64 123 | # SET-ex3 = SET extension number 3 124 | [ req_attributes ] 125 | challengePassword = A challenge password 126 | challengePassword_min = 4 127 | challengePassword_max = 20 128 | unstructuredName = An optional company name 129 | [ usr_cert ] 130 | # These extensions are added when 'ca' signs a request. 131 | # This goes against PKIX guidelines but some CAs do it and some software 132 | # requires this to avoid interpreting an end user certificate as a CA. 133 | basicConstraints=CA:FALSE 134 | # Here are some examples of the usage of nsCertType. If it is omitted 135 | # the certificate can be used for anything *except* object signing. 136 | # This is OK for an SSL server. 137 | # nsCertType = server 138 | # For an object signing certificate this would be used. 139 | # nsCertType = objsign 140 | # For normal client use this is typical 141 | # nsCertType = client, email 142 | # and for everything including object signing: 143 | # nsCertType = client, email, objsign 144 | # This is typical in keyUsage for a client certificate. 145 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment 146 | # This will be displayed in Netscape's comment listbox. 147 | nsComment = "OpenSSL Generated Certificate" 148 | # PKIX recommendations harmless if included in all certificates. 149 | subjectKeyIdentifier=hash 150 | authorityKeyIdentifier=keyid,issuer 151 | # This stuff is for subjectAltName and issuerAltname. 152 | # Import the email address. 153 | # subjectAltName=email:copy 154 | # An alternative to produce certificates that aren't 155 | # deprecated according to PKIX. 156 | # subjectAltName=email:move 157 | # Copy subject details 158 | # issuerAltName=issuer:copy 159 | #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem 160 | #nsBaseUrl 161 | #nsRevocationUrl 162 | #nsRenewalUrl 163 | #nsCaPolicyUrl 164 | #nsSslServerName 165 | # This is required for TSA certificates. 166 | # extendedKeyUsage = critical,timeStamping 167 | [ v3_req ] 168 | # Extensions to add to a certificate request 169 | basicConstraints = CA:FALSE 170 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 171 | [ v3_ca ] 172 | # Extensions for a typical CA 173 | # PKIX recommendation. 174 | subjectKeyIdentifier=hash 175 | authorityKeyIdentifier=keyid:always,issuer 176 | # This is what PKIX recommends but some broken software chokes on critical 177 | # extensions. 178 | #basicConstraints = critical,CA:true 179 | # So we do this instead. 180 | basicConstraints = CA:true 181 | # Key usage: this is typical for a CA certificate. However since it will 182 | # prevent it being used as an test self-signed certificate it is best 183 | # left out by default. 184 | # keyUsage = cRLSign, keyCertSign 185 | # Some might want this also 186 | # nsCertType = sslCA, emailCA 187 | # Include email address in subject alt name: another PKIX recommendation 188 | # subjectAltName=email:copy 189 | # Copy issuer details 190 | # issuerAltName=issuer:copy 191 | # DER hex encoding of an extension: beware experts only! 192 | # obj=DER:02:03 193 | # Where 'obj' is a standard or added object 194 | # You can even override a supported extension: 195 | # basicConstraints= critical, DER:30:03:01:01:FF 196 | [ crl_ext ] 197 | # CRL extensions. 198 | # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. 199 | # issuerAltName=issuer:copy 200 | authorityKeyIdentifier=keyid:always 201 | [ proxy_cert_ext ] 202 | # These extensions should be added when creating a proxy certificate 203 | # This goes against PKIX guidelines but some CAs do it and some software 204 | # requires this to avoid interpreting an end user certificate as a CA. 205 | basicConstraints=CA:FALSE 206 | # Here are some examples of the usage of nsCertType. If it is omitted 207 | # the certificate can be used for anything *except* object signing. 208 | # This is OK for an SSL server. 209 | # nsCertType = server 210 | # For an object signing certificate this would be used. 211 | # nsCertType = objsign 212 | # For normal client use this is typical 213 | # nsCertType = client, email 214 | # and for everything including object signing: 215 | # nsCertType = client, email, objsign 216 | # This is typical in keyUsage for a client certificate. 217 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment 218 | # This will be displayed in Netscape's comment listbox. 219 | nsComment = "OpenSSL Generated Certificate" 220 | # PKIX recommendations harmless if included in all certificates. 221 | subjectKeyIdentifier=hash 222 | authorityKeyIdentifier=keyid,issuer 223 | # This stuff is for subjectAltName and issuerAltname. 224 | # Import the email address. 225 | # subjectAltName=email:copy 226 | # An alternative to produce certificates that aren't 227 | # deprecated according to PKIX. 228 | # subjectAltName=email:move 229 | # Copy subject details 230 | # issuerAltName=issuer:copy 231 | #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem 232 | #nsBaseUrl 233 | #nsRevocationUrl 234 | #nsRenewalUrl 235 | #nsCaPolicyUrl 236 | #nsSslServerName 237 | # This really needs to be in place for it to be a proxy certificate. 238 | proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo 239 | #################################################################### 240 | [ tsa ] 241 | default_tsa = tsa_config1 # the default TSA section 242 | [ tsa_config1 ] 243 | # These are used by the TSA reply generation only. 244 | dir = ./demoCA # TSA root directory 245 | serial = $dir/tsaserial # The current serial number (mandatory) 246 | crypto_device = builtin # OpenSSL engine to use for signing 247 | signer_cert = $dir/tsacert.pem # The TSA signing certificate 248 | # (optional) 249 | certs = $dir/cacert.pem # Certificate chain to include in reply 250 | # (optional) 251 | signer_key = $dir/private/tsakey.pem # The TSA private key (optional) 252 | default_policy = tsa_policy1 # Policy if request did not specify it 253 | # (optional) 254 | other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) 255 | digests = md5, sha1 # Acceptable message digests (mandatory) 256 | accuracy = secs:1, millisecs:500, microsecs:100 # (optional) 257 | clock_precision_digits = 0 # number of digits after dot. (optional) 258 | ordering = yes # Is ordering defined for timestamps? 259 | # (optional, default: no) 260 | tsa_name = yes # Must the TSA name be included in the reply? 261 | # (optional, default: no) 262 | ess_cert_id_chain = no # Must the ESS cert id chain be included? 263 | # (optional, default: no) 264 | -------------------------------------------------------------------------------- /tests/test-create-ca.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2018, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # We set the python interpreter to the ansible runtime venv if 17 | # the delegation is to localhost so that we get access to the 18 | # appropriate python libraries in that venv. If the delegation 19 | # is to another host, we assume that it is accessible by the 20 | # system python instead. 21 | 22 | - name: Install ssl packages (centos) 23 | package: 24 | name: 25 | - gnutls-utils 26 | state: present 27 | when: 28 | - ansible_facts['distribution'] == "CentOS" 29 | 30 | - name: Install ssl packages (ubuntu) 31 | package: 32 | name: 33 | - gnutls-bin 34 | state: present 35 | when: 36 | - ansible_facts['pkg_mgr'] == 'apt' 37 | 38 | - name: Create certificate directories 39 | file: 40 | path: "{{ item.path }}" 41 | state: directory 42 | mode: "{{ item.mode }}" 43 | owner: root 44 | with_items: 45 | - { path: "{{ test_cert_dir }}", mode: '0755' } 46 | - { path: "{{ test_cert_dir }}/newcerts", mode: '0750'} 47 | - { path: "{{ test_cert_dir }}/private", mode: '0750'} 48 | 49 | # set up openssl for use 50 | - name: Touch index.txt 51 | file: 52 | path: "{{ test_cert_dir }}/index.txt" 53 | state: touch 54 | mode: 0755 55 | 56 | - name: Init serial 57 | copy: 58 | content: "01" 59 | dest: "{{ test_cert_dir }}/serial" 60 | force: no 61 | 62 | - name: Generate openssl.conf 63 | template: 64 | src: "openssl.conf.j2" 65 | dest: "{{ test_cert_dir }}/openssl.cnf" 66 | mode: 0440 67 | 68 | # Create certificate authority key and cert 69 | - name: Create the CA private key 70 | command: openssl genrsa -aes256 -passout pass:'secrete' -out {{ test_cert_dir }}/cakey.pem 4096 71 | args: 72 | chdir: "{{ test_cert_dir }}" 73 | creates: "{{ test_cert_dir }}/cakey.pem" 74 | 75 | # ansible's openssl_certificate can't create X509 extensions 76 | # but you need CA: true in Basic Constraints to have a CA cert 77 | - name: Create CA certificate 78 | command: > 79 | openssl req -x509 -passin pass:'secrete' -new -nodes -key {{ test_cert_dir }}/cakey.pem \ 80 | -config {{ test_cert_dir }}/openssl.cnf \ 81 | -subj "/C=US/ST=Denial/L=Nowhere/O=Dis/CN=www.example.com" \ 82 | -days 1825 \ 83 | -out {{ test_cert_dir }}/ca.pem 84 | args: 85 | chdir: "{{ test_cert_dir }}" 86 | creates: "{{ test_cert_dir }}/ca.pem" 87 | 88 | # Create server key and certificate 89 | - name: Create server cert RSA and CSR 90 | command: > 91 | openssl req -new -newkey rsa:4096 -nodes \ 92 | -keyout {{ test_cert_dir }}/server.key \ 93 | -out {{ test_cert_dir }}/server.csr \ 94 | -subj "/C=US/ST=Denial/L=Nowhere/O=Dis/CN=www.example.com" 95 | args: 96 | chdir: "{{ test_cert_dir }}" 97 | creates: "{{ test_cert_dir }}/server.csr" 98 | 99 | - name: Create server certificate 100 | command: > 101 | openssl ca -passin pass:'secrete' -config {{ test_cert_dir }}/openssl.cnf \ 102 | -in server.csr -days 1825 -out server.pem -batch 103 | args: 104 | chdir: "{{ test_cert_dir }}" 105 | creates: "{{ test_cert_dir }}/server.pem" 106 | -------------------------------------------------------------------------------- /tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2015, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # Add some data to use for verification later 17 | - name: Playbook for test setup 18 | hosts: localhost 19 | connection: local 20 | become: true 21 | gather_facts: true 22 | pre_tasks: 23 | # NOTE(mhayden): We skip this task when we're running the final 24 | # idempotence check because this task will always mess with the hosts 25 | # file and cause related tasks to show as `changed`. 26 | - name: Add entries to hosts file 27 | blockinfile: 28 | dest: /etc/hosts 29 | block: | 30 | 127.111.111.102 test2 31 | 127.111.111.103 test3.openstack.local 32 | 127.111.111.103 test3.additional 33 | marker: "### {mark} OPENSTACK-ANSIBLE MANAGED BLOCK ###" 34 | changed_when: false 35 | when: 36 | - "'idempotence' not in lookup('env', 'ANSIBLE_LOG_PATH')" 37 | 38 | - name: Ensure extra host packages are not present 39 | package: 40 | name: "{{ item }}" 41 | state: absent 42 | with_items: 43 | - "{{ extra_host_package }}" 44 | - "{{ extra_metal_package }}" 45 | when: 46 | - "'idempotence' not in lookup('env', 'ANSIBLE_LOG_PATH')" 47 | 48 | # Create certificate authority and test server cert 49 | - name: Playbook for test setup 50 | hosts: localhost 51 | become: true 52 | gather_facts: true 53 | tasks: 54 | - name: Create test CA 55 | include_tasks: test-create-ca.yml 56 | when: 57 | - "'idempotence' not in lookup('env', 'ANSIBLE_LOG_PATH')" 58 | 59 | # Prepare the user ssh keys 60 | - import_playbook: common/test-prepare-keys.yml 61 | 62 | # Set nodepool variables when running in the OpenStack CI environment 63 | - import_playbook: common/setting-nodepool-variables.yml 64 | 65 | # Execute the role 66 | - import_playbook: common/test-install-openstack-hosts.yml 67 | 68 | - name: Playbook for role testing 69 | hosts: localhost 70 | become: true 71 | gather_facts: true 72 | tasks: 73 | - name: Open modules file 74 | slurp: 75 | src: "{{ openstack_host_module_file }}" 76 | register: modules_file 77 | 78 | - name: Open sysctl file 79 | slurp: 80 | src: /etc/sysctl.conf 81 | register: sysctl_file 82 | 83 | - name: Open hosts file 84 | slurp: 85 | src: /etc/hosts 86 | register: hosts_file 87 | 88 | - name: Open /etc/environment file 89 | slurp: 90 | src: /etc/environment 91 | register: environment_file 92 | 93 | - name: Read files 94 | set_fact: 95 | modules_content: "{{ modules_file.content | b64decode }}" 96 | sysctl_content: "{{ sysctl_file.content | b64decode }}" 97 | hosts_content: "{{ hosts_file.content | b64decode }}" 98 | environment_content: "{{ environment_file.content | b64decode }}" 99 | 100 | - name: Check for release file 101 | stat: 102 | path: /etc/openstack-release 103 | register: release_file 104 | 105 | - name: Check for systat file 106 | stat: 107 | path: "{{ openstack_host_sysstat_file }}" 108 | register: systat_file 109 | 110 | - name: Check for ssh dir 111 | stat: 112 | path: "{{ ansible_facts['env']['HOME'] }}/.ssh" 113 | register: ssh_dir 114 | 115 | - name: Check for extra host package present on host 116 | package: 117 | name: "{{ extra_host_package }}" 118 | state: present 119 | register: extra_distro_package_host 120 | 121 | - name: Check for extra metal package present on host 122 | package: 123 | name: "{{ extra_metal_package }}" 124 | state: present 125 | register: extra_metal_distro_package_host 126 | 127 | - name: Validate server certificate against system trust store 128 | command: certtool --verify --infile "{{ test_cert_dir }}/server.pem" 129 | changed_when: false 130 | 131 | - name: Check role functions 132 | vars: 133 | ans_hostname: "{{ ansible_facts['hostname'] }}" 134 | assert: 135 | that: 136 | - "'dm_multipath' in modules_content" 137 | - "'ebtables' in modules_content" 138 | - "'vm.swappiness' in sysctl_content" 139 | - "'127.0.0.1 {{ ans_hostname }}.openstack.local localhost {{ ans_hostname }}' in hosts_content" 140 | - "'127.111.111.101 {{ ans_hostname }}.openstack.local test1 {{ ans_hostname }}' in hosts_content" 141 | - "'127.111.111.102 {{ ans_hostname }}.openstack.local test2 {{ ans_hostname }}' in hosts_content" 142 | - "'127.111.111.103 {{ ans_hostname }}.openstack.local test3 {{ ans_hostname }}' in hosts_content" 143 | - "'127.111.111.103 test3.additional' not in hosts_content" 144 | - "release_file.stat.exists" 145 | - "systat_file.stat.exists" 146 | - "'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' in environment_content" 147 | - "ssh_dir.stat.isdir" 148 | - extra_distro_package_host is not changed 149 | - extra_metal_distro_package_host is not changed 150 | 151 | -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- 1 | [tox] 2 | minversion = 3.1 3 | skipsdist = True 4 | envlist = docs,linters,functional 5 | ignore_basepython_conflict = True 6 | 7 | [testenv] 8 | basepython = python3 9 | usedevelop = False 10 | install_command = 11 | pip install -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} {opts} {packages} 12 | commands = 13 | /usr/bin/find . -type f -name "*.pyc" -delete 14 | passenv = 15 | COMMON_TESTS_PATH 16 | HOME 17 | http_proxy 18 | HTTP_PROXY 19 | https_proxy 20 | HTTPS_PROXY 21 | no_proxy 22 | NO_PROXY 23 | TESTING_BRANCH 24 | TESTING_HOME 25 | USER 26 | allowlist_externals = 27 | bash 28 | setenv = 29 | PYTHONUNBUFFERED=1 30 | ROLE_NAME=openstack_hosts 31 | TEST_IDEMPOTENCE=true 32 | VIRTUAL_ENV={envdir} 33 | WORKING_DIR={toxinidir} 34 | 35 | [testenv:docs] 36 | deps = -r{toxinidir}/doc/requirements.txt 37 | commands = 38 | bash -c "rm -rf doc/build" 39 | doc8 doc 40 | sphinx-build -W --keep-going -b html doc/source doc/build/html 41 | 42 | [testenv:pdf-docs] 43 | deps = {[testenv:docs]deps} 44 | allowlist_externals = 45 | make 46 | commands = 47 | sphinx-build -W --keep-going -b latex doc/source doc/build/pdf 48 | make -C doc/build/pdf 49 | 50 | [doc8] 51 | # Settings for doc8: 52 | extensions = .rst 53 | 54 | [testenv:releasenotes] 55 | deps = -r{toxinidir}/doc/requirements.txt 56 | commands = 57 | sphinx-build -a -E -W -d releasenotes/build/doctrees --keep-going -b html releasenotes/source releasenotes/build/html 58 | 59 | # environment used by the -infra templated docs job 60 | [testenv:venv] 61 | commands = 62 | {posargs} 63 | 64 | [testenv:pep8] 65 | commands = 66 | bash -c "{toxinidir}/tests/common/test-pep8.sh" 67 | 68 | [flake8] 69 | # Ignores the following rules due to how ansible modules work in general 70 | # F403 'from ansible.module_utils.basic import *' used; 71 | # unable to detect undefined names 72 | ignore=F403 73 | 74 | [testenv:bashate] 75 | commands = 76 | bash -c "{toxinidir}/tests/common/test-bashate.sh" 77 | 78 | [testenv:ansible-syntax] 79 | commands = 80 | bash -c "{toxinidir}/tests/common/test-ansible-syntax.sh" 81 | 82 | [testenv:ansible-lint] 83 | commands = 84 | bash -c "{toxinidir}/tests/common/test-ansible-lint.sh" 85 | 86 | [testenv:functional] 87 | commands = 88 | bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" 89 | 90 | [testenv:linters] 91 | commands = 92 | bash -c "{toxinidir}/tests/common/test-ansible-env-prep.sh" 93 | {[testenv:pep8]commands} 94 | {[testenv:bashate]commands} 95 | {[testenv:ansible-lint]commands} 96 | {[testenv:ansible-syntax]commands} 97 | -------------------------------------------------------------------------------- /vars/debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2019, VEXXHOST, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | ## Defined required kernel 17 | openstack_host_required_kernel: 4.9.0-0-amd64 18 | openstack_host_sysstat_file: /etc/default/sysstat 19 | openstack_host_sysstat_cron_file: /etc/cron.d/sysstat 20 | openstack_host_cron_template: sysstat.cron.debian.j2 21 | openstack_host_module_file: /etc/modules 22 | 23 | ## Kernel modules loaded on hosts 24 | openstack_host_kernel_modules: 25 | - name: 8021q 26 | - name: br_netfilter 27 | - name: dm_multipath 28 | - name: dm_snapshot 29 | - name: ebtables 30 | - name: ip6table_filter 31 | - name: ip6_tables 32 | - name: ip_tables 33 | - name: ipt_MASQUERADE 34 | - name: ipt_REJECT 35 | - name: iptable_filter 36 | - name: iptable_mangle 37 | - name: iptable_nat 38 | - name: ip_vs 39 | - name: iscsi_tcp 40 | - name: nbd 41 | - name: nf_conntrack 42 | - name: nf_defrag_ipv4 43 | - name: nf_nat 44 | - name: vhost_net 45 | - name: x_tables 46 | 47 | ## Base packages 48 | _openstack_host_distro_packages: 49 | - acl 50 | - python3-packaging 51 | 52 | ## Bare metal base packages 53 | _openstack_host_metal_distro_packages: 54 | - apparmor-utils 55 | - apt-transport-https 56 | - bridge-utils 57 | - curl 58 | - dmeventd 59 | - dstat 60 | - ebtables 61 | - htop 62 | - iptables 63 | - irqbalance 64 | - libkmod2 65 | - lvm2 66 | - rsync 67 | - software-properties-common 68 | - sysstat 69 | - sudo 70 | - time 71 | - vlan 72 | - wget 73 | 74 | _openstack_hosts_package_list: 75 | - name: python3-debian 76 | state: present 77 | - name: ca-certificates 78 | state: latest 79 | 80 | _osbpo_release: "{{ (ansible_facts['distribution_version'] is version('12', '<')) | ternary('zed', openstack_distrib_code_name | lower) }}" 81 | 82 | _package_repos: 83 | - name: "osbpo" 84 | suites: 85 | - "{{ ansible_facts['distribution_release'] ~ '-' ~ _osbpo_release ~ '-backports-nochange' }}" 86 | - "{{ ansible_facts['distribution_release'] ~ '-' ~ _osbpo_release ~ '-backports' }}" 87 | uris: "{{ apt_repo_url | default('http://osbpo.debian.net/osbpo') }}" 88 | signed_by: "{{ lookup('file', 'gpg/FEE4EECB') }}" 89 | components: main 90 | architectures: "{{ openstack_architecture_mapping.get(ansible_facts['architecture']) }}" 91 | state: present 92 | 93 | _openstack_ca_bundle_path: /etc/ssl/certs/ca-certificates.crt 94 | 95 | _openstack_hosts_package_manager_default_conf: | 96 | APT::Install-Recommends "false"; 97 | -------------------------------------------------------------------------------- /vars/redhat-9.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | ## Defined required kernel 17 | openstack_host_required_kernel: 4.18.0 18 | openstack_host_sysstat_file: /etc/sysconfig/sysstat 19 | openstack_host_sysstat_cron_file: /etc/cron.d/sysstat 20 | openstack_host_cron_template: sysstat.cron.redhat.j2 21 | openstack_host_module_file: /etc/modules-load.d/openstack-ansible.conf 22 | 23 | openstack_host_sysstat_cron_mode: "0600" 24 | 25 | ## Kernel modules loaded on hosts 26 | openstack_host_kernel_modules: 27 | - name: 8021q 28 | - name: br_netfilter 29 | - name: dm_multipath 30 | - name: dm_snapshot 31 | - name: ebtables 32 | - name: ip6table_filter 33 | - name: ip6_tables 34 | - name: ip_tables 35 | - name: ipt_MASQUERADE 36 | - name: ipt_REJECT 37 | - name: iptable_filter 38 | - name: iptable_mangle 39 | - name: iptable_nat 40 | - name: ip_vs 41 | - name: iscsi_tcp 42 | - name: nf_conntrack 43 | - name: nf_defrag_ipv4 44 | - name: nf_nat 45 | - name: vhost_net 46 | 47 | ## Base packages 48 | _openstack_host_distro_packages: 49 | - python3-devel 50 | - python3-libselinux 51 | - python3-packaging 52 | - acl 53 | 54 | ## Bare metal base packages 55 | _openstack_host_metal_distro_packages: 56 | - cronie 57 | - device-mapper-event 58 | - dstat 59 | - ebtables 60 | - git 61 | - iptables 62 | - irqbalance 63 | - kmod-libs 64 | - kmod 65 | - lvm2 66 | - python3-libselinux 67 | - rsync 68 | - sysstat 69 | - sudo 70 | - time 71 | - wget 72 | 73 | _package_repos_keys: 74 | - name: openstack-queens 75 | key: /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud 76 | keyfile: "gpg/764429E6" 77 | - name: rdo-qemu-ev 78 | key: /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization-RDO 79 | keyfile: "gpg/61E8806C" 80 | 81 | _openstack_hosts_package_list: 82 | - name: dnf-plugins-core 83 | state: present 84 | - name: epel-release 85 | state: absent 86 | - name: centos-release-storage-common 87 | state: absent 88 | - name: ca-certificates 89 | state: latest 90 | 91 | _openstack_hosts_rdo_repo_url: >- 92 | {{ openstack_hosts_rdo_mirror_url }}/centos{{ ansible_facts['distribution_major_version'] }}-{{ openstack_distrib_code_name | lower }}/current/ 93 | _openstack_hosts_rdo_deps_url: >- 94 | {{ openstack_hosts_rdo_mirror_url }}/centos{{ ansible_facts['distribution_major_version'] }}-{{ openstack_distrib_code_name | lower }}/deps/latest/ 95 | 96 | _package_repos_trunk: 97 | - name: rdo-deps 98 | file: rdo-deps 99 | description: rdo-deps 100 | baseurl: "{{ openstack_hosts_rdo_deps_url }}" 101 | gpgcheck: false 102 | module_hotfixes: true 103 | 104 | _package_repos: |- 105 | {% if openstack_hosts_rdo_repo_type == 'trunk' %} 106 | {{ _package_repos_trunk }} 107 | {% else %} 108 | [] 109 | {% endif %} 110 | 111 | _openstack_ca_bundle_path: /etc/pki/tls/certs/ca-bundle.crt 112 | -------------------------------------------------------------------------------- /vars/ubuntu.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | ## Defined required kernel 17 | openstack_host_required_kernel: 5.4.0-0-generic 18 | openstack_host_sysstat_file: /etc/default/sysstat 19 | openstack_host_sysstat_cron_file: /etc/cron.d/sysstat 20 | openstack_host_cron_template: sysstat.cron.debian.j2 21 | openstack_host_module_file: /etc/modules 22 | 23 | ## Kernel modules loaded on hosts 24 | openstack_host_kernel_modules: 25 | - name: 8021q 26 | - name: br_netfilter 27 | - name: dm_multipath 28 | - name: dm_snapshot 29 | - name: ebtables 30 | - name: ip6table_filter 31 | - name: ip6_tables 32 | - name: ip_tables 33 | - name: xt_MASQUERADE 34 | - name: ipt_REJECT 35 | - name: iptable_filter 36 | - name: iptable_mangle 37 | - name: iptable_nat 38 | - name: ip_vs 39 | - name: iscsi_tcp 40 | - name: nbd 41 | - name: nf_conntrack 42 | - name: nf_defrag_ipv4 43 | - name: nf_nat 44 | - name: vhost_net 45 | - name: x_tables 46 | 47 | ## Base packages 48 | _openstack_host_distro_packages: 49 | - acl 50 | - apt-utils 51 | - python3-packaging 52 | 53 | ## Bare metal base packages 54 | _openstack_host_metal_distro_packages: 55 | - apparmor-utils 56 | - apt-transport-https 57 | - bridge-utils 58 | - cgroup-lite 59 | - curl 60 | - dmeventd 61 | - dstat 62 | - ebtables 63 | - htop 64 | - iptables 65 | - irqbalance 66 | - libkmod2 67 | - lvm2 68 | - rsync 69 | - software-properties-common 70 | - sysstat 71 | - time 72 | - vlan 73 | - wget 74 | 75 | _openstack_hosts_package_list: 76 | - name: python3-debian 77 | state: present 78 | - name: ca-certificates 79 | state: latest 80 | 81 | _package_repos: 82 | - name: "uca" 83 | suites: >- 84 | {{ 85 | ansible_facts['distribution_release'] ~ '-updates/' ~ 86 | (ansible_facts['distribution_version'] is version('22.04', '>')) | ternary(openstack_distrib_code_name | lower, 'caracal') 87 | }} 88 | uris: "{{ apt_repo_url | default('http://ubuntu-cloud.archive.canonical.com/ubuntu') }}" 89 | signed_by: "{{ lookup('file', 'gpg/EC4926EA') }}" 90 | components: main 91 | architectures: "{{ openstack_architecture_mapping.get(ansible_facts['architecture']) }}" 92 | state: present 93 | 94 | _openstack_ca_bundle_path: /etc/ssl/certs/ca-certificates.crt 95 | 96 | _openstack_hosts_package_manager_default_conf: | 97 | APT::Install-Recommends "false"; 98 | -------------------------------------------------------------------------------- /zuul.d/project.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - project: 17 | templates: 18 | - openstack-ansible-deploy-hosts_metal-jobs 19 | - openstack-ansible-deploy-hosts_distro_lxc-jobs 20 | - openstack-ansible-upgrade-infra_lxc-jobs 21 | - check-requirements 22 | - publish-openstack-docs-pti 23 | - build-release-notes-jobs-python3 24 | - openstack-ansible-linters-jobs 25 | --------------------------------------------------------------------------------