From c663657e0766c1abee847530a37dac9eb17e9cb4 Mon Sep 17 00:00:00 2001 From: Andrew Bays Date: Fri, 15 Nov 2024 14:48:57 +0000 Subject: [PATCH] Support new OpenStack initialization resource for RHOSO install --- bootstrap-hypervisor.yml | 118 ++++++++++++++++++ roles/kustomize_deploy/defaults/main.yml | 18 +++ .../tasks/install_operators.yml | 67 +++++++++- 3 files changed, 200 insertions(+), 3 deletions(-) create mode 100644 bootstrap-hypervisor.yml diff --git a/bootstrap-hypervisor.yml b/bootstrap-hypervisor.yml new file mode 100644 index 0000000000..9be4233d40 --- /dev/null +++ b/bootstrap-hypervisor.yml @@ -0,0 +1,118 @@ +--- +- hosts: "{{ cifmw_target_host | default('all') }}" + vars: + _user: "{{ remote_user | default('zuul') }}" + _rhos_release: "{{ use_rhose_release | default(true) }}" + tasks: + - name: Create user on remote host + become: true + ansible.builtin.user: + name: "{{ _user }}" + state: present + + - name: Look for local ssh pub key + delegate_to: localhost + block: + - name: Look for id_rsa.pub file + ansible.builtin.stat: + path: "{{ lookup('env', 'HOME') }}//.ssh/id_rsa.pub" + register: rsa_pub_key + + - name: Look for id_ed25519.pub file + delegate_to: localhost + ansible.builtin.stat: + path: "{{ lookup('env', 'HOME') }}//.ssh/id_ed25519.pub" + register: ed_pub_key + + - name: Assert at least one public key exists + ansible.builtin.assert: + that: + - rsa_pub_key.stat.exists or ed_pub_key.stat.exists + quiet: true + msg: | + FATAL: you need to have at least one public key in your ~/.ssh directory. + Please generate one using either ssh-keygen -t ed25519 -b 512 or + ssh-keygen -t rsa -b 4096. + + - name: Add RSA pub key to authorized keys + when: rsa_pub_key.stat.exists + ansible.posix.authorized_key: + user: "{{ _user }}" + state: present + key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}" + + - name: Add ed25519 pub key to authorized keys + when: ed_pub_key.stat.exists + ansible.posix.authorized_key: + user: "{{ _user }}" + state: present + key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_ed25519.pub') }}" + + - name: Grant sudo privileges to remote user + ansible.builtin.copy: + content: | + "{{ _user }}" ALL=(ALL) NOPASSWD:ALL + dest: /etc/sudoers.d/zuul + owner: root + group: root + mode: 0640 + + - name: Remove existing repos + when: + - _rhos_release | bool + ansible.builtin.command: "rm -fr /etc/yum.repos.d/*.repo" + + - name: Cleanup the existing cache + when: + - _rhos_release | bool + ansible.builtin.command: "dnf clean all" + + - name: Install RHOS Release tool + when: + - _rhos_release | bool + ansible.builtin.package: + name: "http://download.devel.redhat.com/rcm-guest/puddles/OpenStack/rhos-release/rhos-release-latest.noarch.rpm" + state: present + disable_gpg_check: true + + - name: Enable RHEL repos + when: + - _rhos_release | bool + ansible.builtin.command: "rhos-release rhel" + + - name: Install certs + ansible.builtin.package: + name: "http://hdn.corp.redhat.com/rhel8-csb/RPMS/noarch/redhat-internal-cert-install-0.1-31.el7.noarch.rpm" + state: present + disable_gpg_check: true + + - name: Install basic packages + ansible.builtin.package: + name: + - git + - make + - libvirt + - libvirt-client + - libvirt-daemon + - libvirt-daemon-kvm + - virt-install + - qemu-kvm + - libguestfs + - guestfs-tools + + - name: Allow qemu user on user home directory for VM storage accesses + ansible.posix.acl: + path: "/home/{{ _user }}" + entity: qemu + etype: user + permissions: rx + state: present + + - name: Add zuul user to libvirt group + ansible.builtin.user: + name: "{{ _user }}" + groups: libvirt + append: true + + - name: Clear facts from the hypervisor + ansible.builtin.meta: clear_facts diff --git a/roles/kustomize_deploy/defaults/main.yml b/roles/kustomize_deploy/defaults/main.yml index 1d14a72461..eefd888a7f 100644 --- a/roles/kustomize_deploy/defaults/main.yml +++ b/roles/kustomize_deploy/defaults/main.yml @@ -108,6 +108,24 @@ cifmw_kustomize_deploy_nmstate_dest_file: >- ] | path_join }} +# openstack init resource +cifmw_kustomize_deploy_openstack_source_files: >- + {{ + [ + cifmw_kustomize_deploy_architecture_repo_dest_dir, + cifmw_kustomize_deploy_architecture_examples_common_path, + 'openstack' + ] | path_join + }} + +cifmw_kustomize_deploy_openstack_dest_file: >- + {{ + [ + cifmw_kustomize_deploy_kustomizations_dest_dir, + 'openstack.yaml' + ] | path_join + }} + # controlsplane resources cifmw_kustomize_deploy_nncp_source_files: >- diff --git a/roles/kustomize_deploy/tasks/install_operators.yml b/roles/kustomize_deploy/tasks/install_operators.yml index 8be1a7500f..eca39c58a2 100644 --- a/roles/kustomize_deploy/tasks/install_operators.yml +++ b/roles/kustomize_deploy/tasks/install_operators.yml @@ -107,7 +107,7 @@ - _cifmw_kustomize_deploy_olm_osp_operator_sub_out.resources | length == 1 - (_cifmw_kustomize_deploy_olm_osp_operator_sub_out.resources | first)['status']['installPlanRef'] is defined - - name: Wait for the openstack operators InstallPlan to be finish + - name: Wait for the openstack operators InstallPlan to be finished vars: _install_plan: >- {{ @@ -319,8 +319,69 @@ status: "True" wait_timeout: 300 -- name: Wait until OpenStack operators are deployed and ready - when: not cifmw_kustomize_deploy_generate_crs_only +- name: Check if the OpenStack initialization CRD exists + kubernetes.core.k8s_info: + kubeconfig: "{{ cifmw_openshift_kubeconfig }}" + api_key: "{{ cifmw_openshift_token | default(omit) }}" + context: "{{ cifmw_openshift_context | default(omit) }}" + kind: CustomResourceDefinition + name: openstacks.operator.openstack.org + register: _cifmw_kustomize_deploy_olm_osp_operator_openstack_crd_out + +- name: Handle OpenStack initialization, if necessary + when: (_cifmw_kustomize_deploy_olm_osp_operator_openstack_crd_out.resources | length) > 0 + block: + - name: Generate OpenStack initialization kustomization file + ansible.builtin.copy: + content: >- + {{ + lookup( + 'kubernetes.core.kustomize', + dir=cifmw_kustomize_deploy_openstack_source_files + ) + }} + dest: "{{ cifmw_kustomize_deploy_openstack_dest_file }}" + mode: "0644" + + - name: Openstack initialization resources + when: not cifmw_kustomize_deploy_generate_crs_only + block: + - name: Apply the kustomized OpenStack initialization CRs + kubernetes.core.k8s: + kubeconfig: "{{ cifmw_openshift_kubeconfig }}" + api_key: "{{ cifmw_openshift_token | default(omit) }}" + context: "{{ cifmw_openshift_context | default(omit) }}" + state: present + wait: true + src: "{{ cifmw_kustomize_deploy_openstack_dest_file }}" + check_mode: >- + {{ + cifmw_kustomize_deploy_check_mode | + default(false, true) + }} + + - name: Wait until OpenStack operators are deployed and ready (new install paradigm) + when: not cifmw_kustomize_deploy_generate_crs_only + kubernetes.core.k8s_info: + kubeconfig: "{{ cifmw_openshift_kubeconfig }}" + kind: Openstack + namespace: openstack-operators + name: openstack + wait: true + wait_condition: + type: Ready + status: "True" + wait_timeout: 600 + check_mode: >- + {{ + cifmw_kustomize_deploy_check_mode | + default(false, true) + }} + +- name: Wait until OpenStack operators are deployed and ready (old install paradigm) + when: + - not cifmw_kustomize_deploy_generate_crs_only + - (_cifmw_kustomize_deploy_olm_osp_operator_openstack_crd_out.resources | length) == 0 kubernetes.core.k8s_info: kubeconfig: "{{ cifmw_openshift_kubeconfig }}" kind: Deployment