diff options
Diffstat (limited to 'roles/static_inventory/tasks')
-rw-r--r-- | roles/static_inventory/tasks/checkpoint.yml | 17 | ||||
-rw-r--r-- | roles/static_inventory/tasks/filter_out_new_app_nodes.yaml | 15 | ||||
-rw-r--r-- | roles/static_inventory/tasks/main.yml | 25 | ||||
-rw-r--r-- | roles/static_inventory/tasks/openstack.yml | 120 | ||||
-rw-r--r-- | roles/static_inventory/tasks/sshconfig.yml | 13 | ||||
-rw-r--r-- | roles/static_inventory/tasks/sshtun.yml | 15 |
6 files changed, 205 insertions, 0 deletions
diff --git a/roles/static_inventory/tasks/checkpoint.yml b/roles/static_inventory/tasks/checkpoint.yml new file mode 100644 index 000000000..c0365bd3d --- /dev/null +++ b/roles/static_inventory/tasks/checkpoint.yml @@ -0,0 +1,17 @@ +--- +- name: check for static inventory dir + stat: + path: "{{ inventory_path }}" + register: stat_inventory_path + +- name: create static inventory dir + file: + path: "{{ inventory_path }}" + state: directory + mode: 0750 + when: not stat_inventory_path.stat.exists + +- name: create inventory from template + template: + src: inventory.j2 + dest: "{{ inventory_path }}/hosts" diff --git a/roles/static_inventory/tasks/filter_out_new_app_nodes.yaml b/roles/static_inventory/tasks/filter_out_new_app_nodes.yaml new file mode 100644 index 000000000..826efe78d --- /dev/null +++ b/roles/static_inventory/tasks/filter_out_new_app_nodes.yaml @@ -0,0 +1,15 @@ +--- +- name: Add all new app nodes to new_app_nodes + when: + - 'oc_old_app_nodes is defined' + - 'oc_old_app_nodes | list' + - 'node.name not in oc_old_app_nodes' + - 'node["metadata"]["sub-host-type"] == "app"' + register: result + set_fact: + new_app_nodes: '{{ new_app_nodes }} + [ {{ node }} ]' + +- name: If the node was added to new_nodes, remove it from registered nodes + set_fact: + registered_nodes: '{{ registered_nodes | difference([ node ]) }}' + when: 'not result | skipped' diff --git a/roles/static_inventory/tasks/main.yml b/roles/static_inventory/tasks/main.yml new file mode 100644 index 000000000..3dab62df2 --- /dev/null +++ b/roles/static_inventory/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: Remove any existing inventory + file: + path: "{{ inventory_path }}/hosts" + state: absent + +- name: Refresh the inventory + meta: refresh_inventory + +- name: Generate in-memory inventory + include: openstack.yml + +- name: Checkpoint in-memory data into a static inventory + include: checkpoint.yml + +- name: Generate SSH config for accessing hosts via bastion + include: sshconfig.yml + when: use_bastion|bool + +- name: Configure SSH tunneling to access UI + include: sshtun.yml + become: true + when: + - use_bastion|bool + - ui_ssh_tunnel|bool diff --git a/roles/static_inventory/tasks/openstack.yml b/roles/static_inventory/tasks/openstack.yml new file mode 100644 index 000000000..adf78c966 --- /dev/null +++ b/roles/static_inventory/tasks/openstack.yml @@ -0,0 +1,120 @@ +--- +- no_log: true + block: + - name: fetch all nodes from openstack shade dynamic inventory + command: shade-inventory --list + register: registered_nodes_output + when: refresh_inventory|bool + + - name: set fact for openstack inventory cluster nodes + set_fact: + registered_nodes: "{{ (registered_nodes_output.stdout | from_json) | json_query(q) }}" + vars: + q: "[] | [?metadata.clusterid=='{{stack_name}}']" + when: + - refresh_inventory|bool + + - name: set_fact for openstack inventory nodes + set_fact: + registered_bastion_nodes: "{{ (registered_nodes_output.stdout | from_json) | json_query(q) }}" + registered_nodes_floating: "{{ (registered_nodes_output.stdout | from_json) | json_query(q2) }}" + vars: + q: "[] | [?metadata.group=='infra.{{stack_name}}']" + q2: "[] | [?metadata.clusterid=='{{stack_name}}'] | [?public_v4!='']" + when: + - refresh_inventory|bool + + - name: set_fact for openstack inventory nodes with provider network + set_fact: + registered_nodes_floating: "{{ (registered_nodes_output.stdout | from_json) | json_query(q) }}" + vars: + q: "[] | [?metadata.clusterid=='{{stack_name}}'] | [?public_v4=='']" + when: + - refresh_inventory|bool + - openstack_provider_network_name|default(None) + + - name: Add cluster nodes w/o floating IPs to inventory + with_items: "{{ registered_nodes|difference(registered_nodes_floating) }}" + add_host: + name: '{{ item.name }}' + ansible_host: >- + {% if use_bastion|bool -%} + {{ item.name }} + {%- else -%} + {%- set node = registered_nodes | json_query("[?name=='" + item.name + "']") -%} + {{ node[0].addresses[openstack_private_network|quote][0].addr }} + {%- endif %} + ansible_fqdn: '{{ item.name }}' + ansible_user: '{{ ssh_user }}' + ansible_private_key_file: '{{ private_ssh_key }}' + ansible_ssh_extra_args: '-F {{ ssh_config_path }}' + private_v4: >- + {% set node = registered_nodes | json_query("[?name=='" + item.name + "']") -%} + {{ node[0].addresses[openstack_private_network|quote][0].addr }} + + - name: Add cluster nodes with floating IPs to inventory + with_items: "{{ registered_nodes_floating }}" + add_host: + name: '{{ item.name }}' + ansible_host: >- + {% if use_bastion|bool -%} + {{ item.name }} + {%- elif openstack_provider_network_name|default(None) -%} + {{ item.private_v4 }} + {%- else -%} + {{ item.public_v4 }} + {%- endif %} + ansible_fqdn: '{{ item.name }}' + ansible_user: '{{ ssh_user }}' + ansible_private_key_file: '{{ private_ssh_key }}' + ansible_ssh_extra_args: '-F {{ ssh_config_path }}' + private_v4: >- + {% set node = registered_nodes | json_query("[?name=='" + item.name + "']") -%} + {{ node[0].addresses[openstack_private_network|quote][0].addr }} + public_v4: >- + {% if openstack_provider_network_name|default(None) -%} + {{ item.private_v4 }} + {%- else -%} + {{ item.public_v4 }} + {%- endif %} + + # Split registered_nodes into old nodes and new app nodes + # Add new app nodes to new_nodes host group for upscaling + - name: Create new_app_nodes variable + set_fact: + new_app_nodes: [] + + - name: Filter new app nodes out of registered_nodes + include: filter_out_new_app_nodes.yaml + with_items: "{{ registered_nodes }}" + loop_control: + loop_var: node + + - name: Add new app nodes to the new_nodes section (if a deployment already exists) + with_items: "{{ new_app_nodes }}" + add_host: + name: "{{ item.name }}" + groups: new_nodes, app + + - name: Add the rest of cluster nodes to their corresponding groups + with_items: "{{ registered_nodes }}" + add_host: + name: '{{ item.name }}' + groups: '{{ item.metadata.group }}' + + - name: Add bastion node to inventory + add_host: + name: bastion + groups: bastions + ansible_host: '{{ registered_bastion_nodes[0].public_v4 }}' + ansible_fqdn: '{{ registered_bastion_nodes[0].name }}' + ansible_user: '{{ ssh_user }}' + ansible_private_key_file: '{{ private_ssh_key }}' + ansible_ssh_extra_args: '-F {{ ssh_config_path }}' + private_v4: >- + {% set node = registered_nodes | json_query("[?name=='" + registered_bastion_nodes[0].name + "']") -%} + {{ node[0].addresses[openstack_private_network|quote][0].addr }} + public_v4: '{{ registered_bastion_nodes[0].public_v4 }}' + when: + - registered_bastion_nodes is defined + - use_bastion|bool diff --git a/roles/static_inventory/tasks/sshconfig.yml b/roles/static_inventory/tasks/sshconfig.yml new file mode 100644 index 000000000..7119fe6ff --- /dev/null +++ b/roles/static_inventory/tasks/sshconfig.yml @@ -0,0 +1,13 @@ +--- +- name: set ssh proxy command prefix for accessing nodes via bastion + set_fact: + ssh_proxy_command: >- + ssh {{ ssh_options }} + -i {{ private_ssh_key }} + {{ ssh_user }}@{{ hostvars['bastion'].ansible_host }} + +- name: regenerate ssh config + template: + src: openstack_ssh_config.j2 + dest: "{{ ssh_config_path }}" + mode: 0644 diff --git a/roles/static_inventory/tasks/sshtun.yml b/roles/static_inventory/tasks/sshtun.yml new file mode 100644 index 000000000..b0e4c832c --- /dev/null +++ b/roles/static_inventory/tasks/sshtun.yml @@ -0,0 +1,15 @@ +--- +- name: Create ssh tunnel systemd service + template: + src: ssh-tunnel.service.j2 + dest: /etc/systemd/system/ssh-tunnel.service + mode: 0644 + +- name: reload the systemctl daemon after file update + command: systemctl daemon-reload + +- name: Enable ssh tunnel service + service: + name: ssh-tunnel + enabled: true + state: restarted |