diff options
Diffstat (limited to 'roles/contiv')
-rw-r--r-- | roles/contiv/defaults/main.yml | 2 | ||||
-rw-r--r-- | roles/contiv/meta/main.yml | 3 | ||||
-rw-r--r-- | roles/contiv/tasks/default_network.yml | 13 | ||||
-rw-r--r-- | roles/contiv/tasks/download_bins.yml | 2 | ||||
-rw-r--r-- | roles/contiv/tasks/main.yml | 6 | ||||
-rw-r--r-- | roles/contiv/tasks/netmaster.yml | 8 | ||||
-rw-r--r-- | roles/contiv/tasks/netmaster_iptables.yml | 8 | ||||
-rw-r--r-- | roles/contiv/tasks/netplugin.yml | 14 | ||||
-rw-r--r-- | roles/contiv/tasks/ovs.yml | 2 | ||||
-rw-r--r-- | roles/contiv/tasks/packageManagerInstall.yml | 2 | ||||
-rw-r--r-- | roles/contiv/tasks/pkgMgrInstallers/centos-install.yml | 8 | ||||
-rw-r--r-- | roles/contiv/templates/aci-gw.service | 7 | ||||
-rw-r--r-- | roles/contiv/templates/netmaster.service | 5 | ||||
-rw-r--r-- | roles/contiv/templates/netplugin.service | 5 |
14 files changed, 63 insertions, 22 deletions
diff --git a/roles/contiv/defaults/main.yml b/roles/contiv/defaults/main.yml index b5d2f7c6e..aa976d921 100644 --- a/roles/contiv/defaults/main.yml +++ b/roles/contiv/defaults/main.yml @@ -119,3 +119,5 @@ contiv_h1_gw_default: "10.129.0.1" # contiv default private subnet for ext access contiv_private_ext_subnet: "10.130.0.0/16" + +openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" diff --git a/roles/contiv/meta/main.yml b/roles/contiv/meta/main.yml index a2c2f98a7..67fb23db8 100644 --- a/roles/contiv/meta/main.yml +++ b/roles/contiv/meta/main.yml @@ -13,6 +13,7 @@ galaxy_info: - cloud - system dependencies: +- role: lib_utils - role: contiv_facts - role: etcd etcd_service: contiv-etcd @@ -21,7 +22,7 @@ dependencies: etcd_client_port: 22379 etcd_conf_dir: /etc/contiv-etcd/ etcd_data_dir: /var/lib/contiv-etcd/ - etcd_ca_host: "{{ inventory_hostname }}" + etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" etcd_cert_config_dir: /etc/contiv-etcd/ etcd_url_scheme: http etcd_peer_url_scheme: http diff --git a/roles/contiv/tasks/default_network.yml b/roles/contiv/tasks/default_network.yml index f679443e0..8a928ea54 100644 --- a/roles/contiv/tasks/default_network.yml +++ b/roles/contiv/tasks/default_network.yml @@ -8,51 +8,64 @@ - name: Contiv | Set globals command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" global set --fabric-mode {{ contiv_fabric_mode }} --vlan-range {{ contiv_vlan_range }} --fwd-mode {{ netplugin_fwd_mode }} --private-subnet {{ contiv_private_ext_subnet }}' + run_once: true - name: Contiv | Set arp mode to flood if ACI command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" global set --arp-mode flood' when: contiv_fabric_mode == "aci" + run_once: true - name: Contiv | Check if default-net exists command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" net ls' register: net_result + run_once: true - name: Contiv | Create default-net command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" net create --subnet={{ contiv_default_subnet }} -e {{ contiv_encap_mode }} -p {{ contiv_default_network_tag }} --gateway {{ contiv_default_gw }} default-net' when: net_result.stdout.find("default-net") == -1 + run_once: true - name: Contiv | Create host access infra network for VxLan routing case command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" net create --subnet={{ contiv_h1_subnet_default }} --gateway={{ contiv_h1_gw_default }} --nw-type="infra" contivh1' when: (contiv_encap_mode == "vxlan") and (netplugin_fwd_mode == "routing") + run_once: true #- name: Contiv | Create an allow-all policy for the default-group # command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" policy create ose-allow-all-policy' # when: contiv_fabric_mode == "aci" +# run_once: true - name: Contiv | Set up aci external contract to consume default external contract command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" external-contracts create -c -a {{ apic_default_external_contract }} oseExtToConsume' when: (contiv_fabric_mode == "aci") and (apic_configure_default_policy == true) + run_once: true - name: Contiv | Set up aci external contract to provide default external contract command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" external-contracts create -p -a {{ apic_default_external_contract }} oseExtToProvide' when: (contiv_fabric_mode == "aci") and (apic_configure_default_policy == true) + run_once: true - name: Contiv | Create aci default-group command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" group create default-net default-group' when: contiv_fabric_mode == "aci" + run_once: true - name: Contiv | Add external contracts to the default-group command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" group create -e oseExtToConsume -e oseExtToProvide default-net default-group' when: (contiv_fabric_mode == "aci") and (apic_configure_default_policy == true) + run_once: true #- name: Contiv | Add policy rule 1 for allow-all policy # command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" policy rule-add -d in --action allow ose-allow-all-policy 1' # when: contiv_fabric_mode == "aci" +# run_once: true #- name: Contiv | Add policy rule 2 for allow-all policy # command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" policy rule-add -d out --action allow ose-allow-all-policy 2' # when: contiv_fabric_mode == "aci" +# run_once: true - name: Contiv | Create default aci app profile command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" app-profile create -g default-group {{ apic_default_app_profile }}' when: contiv_fabric_mode == "aci" + run_once: true diff --git a/roles/contiv/tasks/download_bins.yml b/roles/contiv/tasks/download_bins.yml index 319fce46c..831fd360a 100644 --- a/roles/contiv/tasks/download_bins.yml +++ b/roles/contiv/tasks/download_bins.yml @@ -8,6 +8,8 @@ yum: name: bzip2 state: installed + register: result + until: result is succeeded - name: Download Bins | Download Contiv tar file get_url: diff --git a/roles/contiv/tasks/main.yml b/roles/contiv/tasks/main.yml index 40a0f9e61..cb9196a71 100644 --- a/roles/contiv/tasks/main.yml +++ b/roles/contiv/tasks/main.yml @@ -5,10 +5,10 @@ recurse: yes state: directory -- include: download_bins.yml +- include_tasks: download_bins.yml -- include: netmaster.yml +- include_tasks: netmaster.yml when: contiv_role == "netmaster" -- include: netplugin.yml +- include_tasks: netplugin.yml when: contiv_role == "netplugin" diff --git a/roles/contiv/tasks/netmaster.yml b/roles/contiv/tasks/netmaster.yml index cc52d3a43..6f15af8c2 100644 --- a/roles/contiv/tasks/netmaster.yml +++ b/roles/contiv/tasks/netmaster.yml @@ -1,8 +1,8 @@ --- -- include: netmaster_firewalld.yml +- include_tasks: netmaster_firewalld.yml when: has_firewalld -- include: netmaster_iptables.yml +- include_tasks: netmaster_iptables.yml when: not has_firewalld and has_iptables - name: Netmaster | Check is /etc/hosts file exists @@ -70,8 +70,8 @@ state: started register: netmaster_started -- include: aci.yml +- include_tasks: aci.yml when: contiv_fabric_mode == "aci" -- include: default_network.yml +- include_tasks: default_network.yml when: contiv_default_network == true diff --git a/roles/contiv/tasks/netmaster_iptables.yml b/roles/contiv/tasks/netmaster_iptables.yml index 07bb16ea7..c98e7b6a5 100644 --- a/roles/contiv/tasks/netmaster_iptables.yml +++ b/roles/contiv/tasks/netmaster_iptables.yml @@ -13,9 +13,15 @@ - name: Netmaster IPtables | Open Netmaster with iptables command: /sbin/iptables -I INPUT 1 -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "contiv" with_items: - - "{{ netmaster_port }}" - "{{ contiv_rpc_port1 }}" - "{{ contiv_rpc_port2 }}" - "{{ contiv_rpc_port3 }}" when: iptablesrules.stdout.find("contiv") == -1 notify: Save iptables rules + +- name: Netmaster IPtables | Open netmaster main port + command: /sbin/iptables -I INPUT 1 -p tcp -s {{ item }} --dport {{ netmaster_port }} -j ACCEPT -m comment --comment "contiv" + with_items: + - "{{ groups.oo_nodes_to_config|difference(hostvars[inventory_hostname]['ansible_' + netmaster_interface].ipv4.address)|list }}" + when: iptablesrules.stdout.find("contiv") == -1 + notify: Save iptables rules diff --git a/roles/contiv/tasks/netplugin.yml b/roles/contiv/tasks/netplugin.yml index e861a2591..540f6e4bc 100644 --- a/roles/contiv/tasks/netplugin.yml +++ b/roles/contiv/tasks/netplugin.yml @@ -1,8 +1,8 @@ --- -- include: netplugin_firewalld.yml +- include_tasks: netplugin_firewalld.yml when: has_firewalld -- include: netplugin_iptables.yml +- include_tasks: netplugin_iptables.yml when: has_iptables - name: Netplugin | Ensure localhost entry correct in /etc/hosts @@ -19,7 +19,7 @@ line: '::1 ' state: absent -- include: ovs.yml +- include_tasks: ovs.yml when: netplugin_driver == "ovs" - name: Netplugin | Create Netplugin bin symlink @@ -101,15 +101,15 @@ - name: systemd reload command: systemctl daemon-reload - when: docker_updated|changed + when: docker_updated is changed - name: Docker | Restart docker service: - name: "{{ openshift.docker.service_name }}" + name: "{{ openshift_docker_service_name }}" state: restarted - when: docker_updated|changed + when: docker_updated is changed register: l_docker_restart_docker_in_contiv_result - until: not l_docker_restart_docker_in_contiv_result | failed + until: not (l_docker_restart_docker_in_contiv_result is failed) retries: 3 delay: 30 diff --git a/roles/contiv/tasks/ovs.yml b/roles/contiv/tasks/ovs.yml index 0c1b994c7..5c92e90e9 100644 --- a/roles/contiv/tasks/ovs.yml +++ b/roles/contiv/tasks/ovs.yml @@ -1,5 +1,5 @@ --- -- include: packageManagerInstall.yml +- include_tasks: packageManagerInstall.yml when: source_type == "packageManager" tags: - binary-update diff --git a/roles/contiv/tasks/packageManagerInstall.yml b/roles/contiv/tasks/packageManagerInstall.yml index e0d48e643..d5726476c 100644 --- a/roles/contiv/tasks/packageManagerInstall.yml +++ b/roles/contiv/tasks/packageManagerInstall.yml @@ -3,7 +3,7 @@ set_fact: did_install: false -- include: pkgMgrInstallers/centos-install.yml +- include_tasks: pkgMgrInstallers/centos-install.yml when: (ansible_os_family == "RedHat") and not is_atomic diff --git a/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml b/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml index 91e6aadf3..53c5b4099 100644 --- a/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml +++ b/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml @@ -3,6 +3,8 @@ yum: pkg=net-tools state=latest + register: result + until: result is succeeded - name: PkgMgr RHEL/CentOS | Get openstack ocata rpm get_url: @@ -20,10 +22,12 @@ yum: name=/tmp/rdo-release-ocata-2.noarch.rpm state=present tags: - ovs_install + register: result + until: result is succeeded - name: PkgMgr RHEL/CentOS | Install ovs yum: - pkg=openvswitch-2.5.0-2.el7.x86_64 + pkg=openvswitch state=present environment: http_proxy: "{{ http_proxy|default('') }}" @@ -31,3 +35,5 @@ no_proxy: "{{ no_proxy|default('') }}" tags: - ovs_install + register: result + until: result is succeeded diff --git a/roles/contiv/templates/aci-gw.service b/roles/contiv/templates/aci-gw.service index 4506d2231..9b3f12567 100644 --- a/roles/contiv/templates/aci-gw.service +++ b/roles/contiv/templates/aci-gw.service @@ -1,10 +1,13 @@ [Unit] Description=Contiv ACI gw -After=auditd.service systemd-user-sessions.service time-sync.target {{ openshift.docker.service_name }}.service +After=auditd.service systemd-user-sessions.service time-sync.target {{ openshift_docker_service_name }}.service [Service] ExecStart={{ bin_dir }}/aci_gw.sh start ExecStop={{ bin_dir }}/aci_gw.sh stop KillMode=control-group -Restart=on-failure +Restart=always RestartSec=10 + +[Install] +WantedBy=multi-user.target diff --git a/roles/contiv/templates/netmaster.service b/roles/contiv/templates/netmaster.service index a602c955e..ce7d0c75e 100644 --- a/roles/contiv/templates/netmaster.service +++ b/roles/contiv/templates/netmaster.service @@ -6,5 +6,8 @@ After=auditd.service systemd-user-sessions.service contiv-etcd.service EnvironmentFile=/etc/default/netmaster ExecStart={{ bin_dir }}/netmaster $NETMASTER_ARGS KillMode=control-group -Restart=on-failure +Restart=always RestartSec=10 + +[Install] +WantedBy=multi-user.target diff --git a/roles/contiv/templates/netplugin.service b/roles/contiv/templates/netplugin.service index dc7b95bb5..6358d89ec 100644 --- a/roles/contiv/templates/netplugin.service +++ b/roles/contiv/templates/netplugin.service @@ -6,3 +6,8 @@ After=auditd.service systemd-user-sessions.service contiv-etcd.service EnvironmentFile=/etc/default/netplugin ExecStart={{ bin_dir }}/netplugin $NETPLUGIN_ARGS KillMode=control-group +Restart=always +RestartSec=10 + +[Install] +WantedBy=multi-user.target |