Blame - roles/octavia/tasks/main.yml - atmosphere

blob: 7ccbd0a15df317249557ecc0235ab8b73d32de58 [file] [log] [blame]

okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	1	# Copyright (c) 2022 VEXXHOST, Inc.
				2	#
				3	# Licensed under the Apache License, Version 2.0 (the "License"); you may
				4	# not use this file except in compliance with the License. You may obtain
				5	# a copy of the License at
				6	#
				7	# http://www.apache.org/licenses/LICENSE-2.0
				8	#
				9	# Unless required by applicable law or agreed to in writing, software
				10	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				11	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
				12	# License for the specific language governing permissions and limitations
				13	# under the License.
				14
guilhermesteinmuller	9b173d2	2023-01-24 19:15:17 +0000	[diff] [blame]	15	- name: Uninstall the legacy HelmRelease
				16	run_once: true
				17	block:
				18	- name: Suspend the existing HelmRelease
				19	kubernetes.core.k8s:
				20	state: patched
				21	api_version: helm.toolkit.fluxcd.io/v2beta1
				22	kind: HelmRelease
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	23	name: "{{ octavia_helm_release_name }}"
				24	namespace: "{{ octavia_helm_release_namespace }}"
guilhermesteinmuller	9b173d2	2023-01-24 19:15:17 +0000	[diff] [blame]	25	definition:
				26	spec:
				27	suspend: true
				28
				29	- name: Remove the existing HelmRelease
				30	kubernetes.core.k8s:
				31	state: absent
				32	api_version: helm.toolkit.fluxcd.io/v2beta1
				33	kind: HelmRelease
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	34	name: "{{ octavia_helm_release_name }}"
				35	namespace: "{{ octavia_helm_release_namespace }}"
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	36
				37	- name: Create management network
				38	openstack.cloud.network:
				39	cloud: atmosphere
				40	# Network settings
				41	name: lb-mgmt-net
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	42	register: _octavia_management_network
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	43
				44	- name: Create management subnet
				45	openstack.cloud.subnet:
				46	cloud: atmosphere
				47	# Subnet settings
				48	network_name: lb-mgmt-net
				49	name: lb-mgmt-subnet
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	50	cidr: "{{ octavia_management_subnet_cidr }}"
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	51
				52	- name: Create health manager security group
				53	openstack.cloud.security_group:
				54	cloud: atmosphere
				55	name: lb-health-mgr-sec-grp
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	56	register: _octavia_health_manager_sg
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	57
				58	- name: Create health manager security group rules
				59	openstack.cloud.security_group_rule:
				60	cloud: atmosphere
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	61	security_group: "{{ _octavia_health_manager_sg.id }}"
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	62	direction: ingress
				63	ethertype: IPv4
				64	protocol: tcp
				65	port_range_min: "{{ item }}"
				66	port_range_max: "{{ item }}"
				67	loop:
				68	- 5555
				69	- 10514
				70	- 20514
				71
				72	- name: Create health manager networking ports
				73	openstack.cloud.port:
				74	cloud: atmosphere
				75	name: "octavia-health-manager-port-{{ hostvars[item]['inventory_hostname_short'] }}"
				76	device_owner: octavia:health-mgr
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	77	network: "{{ _octavia_management_network.id }}"
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	78	security_groups:
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	79	- "{{ _octavia_health_manager_sg.id }}"
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	80	loop: "{{ groups['controllers'] }}"
				81
				82	- name: Set binding for ports
				83	changed_when: false
				84	ansible.builtin.shell: \|
				85	openstack port set \
				86	--host {{ hostvars[item]['ansible_fqdn'] }} \
				87	octavia-health-manager-port-{{ hostvars[item]['inventory_hostname_short'] }}
				88	environment:
				89	OS_CLOUD: atmosphere
				90	loop: "{{ groups['controllers'] }}"
				91
				92	- name: Get health manager networking ports
				93	openstack.cloud.port_info:
				94	cloud: atmosphere
				95	port: "octavia-health-manager-port-{{ hostvars[item]['ansible_fqdn'] \| split('.') \| first }}"
				96	loop: "{{ groups['controllers'] }}"
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	97	register: _octavia_health_manager_ports
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	98
				99	- name: Set controller_ip_port_list
				100	ansible.builtin.set_fact:
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	101	_octavia_controller_ip_port_list: "{{ (_octavia_controller_ip_port_list \| d([]) + [item.openstack_ports[0].fixed_ips[0].ip_address + ':5555']) \| unique }}"
				102	loop: "{{ _octavia_health_manager_ports.results }}"
Mohammed Naser	c582420	2022-11-12 17:17:02 +0000	[diff] [blame]	103	loop_control:
				104	label: "{{ item.openstack_ports[0].name }}"
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	105
				106	- name: Create amphora security group
				107	openstack.cloud.security_group:
				108	cloud: atmosphere
				109	name: lb-mgmt-sec-grp
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	110	register: _octavia_amphora_sg
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	111
				112	- name: Create amphora security group rules
				113	openstack.cloud.security_group_rule:
				114	cloud: atmosphere
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	115	security_group: "{{ _octavia_amphora_sg.id }}"
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	116	direction: ingress
				117	ethertype: IPv4
				118	protocol: tcp
				119	port_range_min: "{{ item.0 }}"
				120	port_range_max: "{{ item.0 }}"
				121	remote_ip_prefix: "{{ item.1.openstack_ports[0].fixed_ips[0].ip_address }}/32"
				122	with_nested:
				123	- [22, 9443]
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	124	- "{{ _octavia_health_manager_ports.results }}"
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	125
				126	- name: Create amphora flavor
				127	openstack.cloud.compute_flavor:
				128	cloud: atmosphere
				129	name: "m1.amphora"
				130	vcpus: "1"
				131	ram: "1024"
				132	disk: "2"
				133	is_public: false
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	134	register: _octavia_amphora_flavor
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	135
				136	- name: Download amphora image
				137	ansible.builtin.get_url:
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	138	url: "{{ octavia_amphora_image_url }}"
				139	dest: "/tmp/{{ octavia_amphora_image_url \| basename }}"
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	140	mode: 0644
				141
				142	- name: Upload images
				143	openstack.cloud.image:
				144	cloud: atmosphere
				145	name: "amphora-x64-haproxy"
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	146	filename: "/tmp/{{ octavia_amphora_image_url \| basename }}"
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	147	container_format: "bare"
				148	disk_format: "qcow2"
				149	tags:
				150	- "amphora"
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	151	register: _octavia_amphora_image
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	152
Mohammed Naser	c582420	2022-11-12 17:17:02 +0000	[diff] [blame]	153	- name: Create CAs & Issuers
				154	kubernetes.core.k8s:
				155	state: present
				156	definition:
				157	- apiVersion: cert-manager.io/v1
				158	kind: Certificate
				159	metadata:
				160	name: "{{ item }}-ca"
				161	namespace: openstack
				162	spec:
				163	isCA: true
				164	commonName: "{{ item }}"
				165	secretName: "{{ item }}-ca"
				166	duration: 87600h
				167	renewBefore: 720h
				168	privateKey:
				169	algorithm: ECDSA
				170	size: 256
				171	issuerRef:
				172	name: self-signed
Mohammed Naser	bb89a84	2022-11-14 19:49:36 +0000	[diff] [blame]	173	kind: ClusterIssuer
Mohammed Naser	c582420	2022-11-12 17:17:02 +0000	[diff] [blame]	174	group: cert-manager.io
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	175
Mohammed Naser	c582420	2022-11-12 17:17:02 +0000	[diff] [blame]	176	- apiVersion: cert-manager.io/v1
				177	kind: Issuer
				178	metadata:
				179	name: "{{ item }}"
				180	namespace: openstack
				181	spec:
				182	ca:
				183	secretName: "{{ item }}-ca"
				184	loop:
				185	- octavia-client
				186	- octavia-server
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	187
Mohammed Naser	c582420	2022-11-12 17:17:02 +0000	[diff] [blame]	188	- name: Create certificate for Octavia clients
				189	kubernetes.core.k8s:
				190	state: present
				191	definition:
				192	apiVersion: cert-manager.io/v1
				193	kind: Certificate
				194	metadata:
				195	name: octavia-client-certs
				196	namespace: openstack
				197	spec:
				198	commonName: octavia-client
				199	secretName: octavia-client-certs
				200	additionalOutputFormats:
				201	- type: CombinedPEM
				202	duration: 87600h
				203	renewBefore: 720h
				204	issuerRef:
				205	name: octavia-client
				206	kind: Issuer
				207	group: cert-manager.io
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	208
				209	- name: Create admin compute quotaset
				210	openstack.cloud.quota:
				211	cloud: atmosphere
				212	# NOTE(okozachenko): It uses project name instead of id.
				213	name: admin
				214	instances: -1
				215	cores: -1
				216	ram: -1
				217
				218	- name: Deploy Helm chart
guilhermesteinmuller	9b173d2	2023-01-24 19:15:17 +0000	[diff] [blame]	219	run_once: true
				220	kubernetes.core.helm:
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	221	name: "{{ octavia_helm_release_name }}"
				222	chart_ref: "{{ octavia_helm_chart_ref }}"
				223	release_namespace: "{{ octavia_helm_release_namespace }}"
guilhermesteinmuller	9b173d2	2023-01-24 19:15:17 +0000	[diff] [blame]	224	create_namespace: true
				225	kubeconfig: /etc/kubernetes/admin.conf
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	226	values: "{{ _octavia_helm_values \| combine(octavia_helm_values, recursive=True) }}"
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	227
Mohammed Naser	24abccb	2023-01-29 22:50:42 +0000	[diff] [blame]	228	- name: Add implied role of load-balancer_member to member
				229	run_once: true
				230	ansible.builtin.shell: \|
				231	openstack implied role create \
				232	--implied-role load-balancer_member \
				233	member
				234	environment:
				235	OS_CLOUD: atmosphere
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	236	register: _octavia_implied_role_create
				237	changed_when: _octavia_implied_role_create.rc == 0
				238	failed_when: _octavia_implied_role_create.rc != 0 and 'Duplicate entry.' not in _octavia_implied_role_create.stderr
Mohammed Naser	24abccb	2023-01-29 22:50:42 +0000	[diff] [blame]	239
okozachenko1203	d8d2aa1	2022-10-22 00:55:14 +1100	[diff] [blame]	240	- name: Create Ingress
				241	ansible.builtin.include_role:
				242	name: openstack_helm_ingress
				243	vars:
				244	openstack_helm_ingress_endpoint: load_balancer
				245	openstack_helm_ingress_service_name: octavia-api
				246	openstack_helm_ingress_service_port: 9876
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	247	openstack_helm_ingress_annotations: "{{ octavia_ingress_annotations }}"