Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / roles / octavia / tasks / generate_resources.yml
blob: e582be41eb36517404752985b90900a88b3b1424 [file] [log] [blame]
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]1# Copyright (c) 2022 VEXXHOST, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15- name: Create management network
16 openstack.cloud.network:
17 cloud: atmosphere
18 # Network settings
19 name: "{{ octavia_management_network_name }}"
20 register: _octavia_management_network
21
22- name: Create management subnet
Mohammed Naser8ccabb62025-02-05 13:20:09 -0500[diff] [blame]23 vexxhost.atmosphere.subnet:
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]24 cloud: atmosphere
25 # Subnet settings
26 network_name: "{{ octavia_management_network_name }}"
27 name: "{{ octavia_management_subnet_name }}"
28 cidr: "{{ octavia_management_subnet_cidr }}"
Mohammed Naser8ccabb62025-02-05 13:20:09 -0500[diff] [blame]29 disable_gateway_ip: true
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]30
31- name: Create health manager security group
32 openstack.cloud.security_group:
33 cloud: atmosphere
34 name: lb-health-mgr-sec-grp
35 register: _octavia_health_manager_sg
36
37- name: Create health manager security group rules
38 openstack.cloud.security_group_rule:
39 cloud: atmosphere
Mohammed Naser8ccabb62025-02-05 13:20:09 -0500[diff] [blame]40 security_group: "{{ _octavia_health_manager_sg.security_group.id }}"
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]41 direction: ingress
42 ethertype: IPv4
Rico Lin77667202023-11-07 00:55:19 +0800[diff] [blame]43 protocol: "{{ item.protocol }}"
44 port_range_min: "{{ item.port }}"
45 port_range_max: "{{ item.port }}"
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]46 loop:
Rico Lin77667202023-11-07 00:55:19 +0800[diff] [blame]47 - { protocol: 'udp', port: 5555 }
48 - { protocol: 'udp', port: 10514 }
49 - { protocol: 'udp', port: 20514 }
50 - { protocol: 'tcp', port: 10514 }
51 - { protocol: 'tcp', port: 20514 }
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]52
53- name: Create health manager networking ports
Mohammed Nasera8950ec2023-03-05 19:28:27 +0000[diff] [blame]54 # noqa: args[module]
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]55 openstack.cloud.port:
56 cloud: atmosphere
57 name: "octavia-health-manager-port-{{ hostvars[item]['inventory_hostname_short'] }}"
58 device_owner: octavia:health-mgr
59 network: "{{ _octavia_management_network.id }}"
60 fixed_ips: >-
61 {{
62 [
63 {
64 "ip_address": hostvars[item]['octavia_health_manager_ip']
65 }
66 ]
67 if hostvars[item]['octavia_health_manager_ip'] is defined else omit
68 }}
69 security_groups:
Mohammed Naser8ccabb62025-02-05 13:20:09 -0500[diff] [blame]70 - "{{ _octavia_health_manager_sg.security_group.id }}"
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]71 loop: "{{ groups['controllers'] }}"
72 loop_control:
73 index_var: _octavia_health_manager_port_index
74
75# NOTE(mnaser): Since we're running the playbook targeted at the first
76# controller only, we need to manually discover the facts for the
77# other controllers.
78- name: Discover facts for other controllers
79 delegate_to: "{{ item }}"
80 delegate_facts: true
81 ansible.builtin.setup:
82 gather_subset: network
83 loop: "{{ groups['controllers'] }}"
84
85- name: Set binding for ports
86 changed_when: false
87 ansible.builtin.shell: |
Tadas Sutkaitis7a286582024-05-01 02:12:08 +0300[diff] [blame]88 set -o posix
89 source /etc/profile.d/atmosphere.sh
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]90 openstack port set \
91 --host {{ hostvars[item]['ansible_fqdn'] }} \
92 octavia-health-manager-port-{{ hostvars[item]['inventory_hostname_short'] }}
Tadas Sutkaitis7a286582024-05-01 02:12:08 +0300[diff] [blame]93 args:
94 executable: /bin/bash
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]95 environment:
96 OS_CLOUD: atmosphere
97 loop: "{{ groups['controllers'] }}"
Mohammed Naser72708702024-06-20 00:07:56 -0400[diff] [blame]98 register: _set_binding_for_ports
99 retries: 10
100 delay: 1
101 until: _set_binding_for_ports.rc == 0
102 failed_when: _set_binding_for_ports.rc != 0
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]103
104- name: Get health manager networking ports
105 openstack.cloud.port_info:
106 cloud: atmosphere
107 port: "octavia-health-manager-port-{{ hostvars[item]['ansible_fqdn'] | split('.') | first }}"
108 loop: "{{ groups['controllers'] }}"
109 register: _octavia_health_manager_ports
110
111- name: Set controller_ip_port_list
112 ansible.builtin.set_fact:
Mohammed Naser8ccabb62025-02-05 13:20:09 -0500[diff] [blame]113 _octavia_controller_ip_port_list: "{{ (_octavia_controller_ip_port_list | d([]) + [item.ports[0].fixed_ips[0].ip_address + ':5555']) | unique }}"
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]114 loop: "{{ _octavia_health_manager_ports.results }}"
115 loop_control:
Mohammed Naser8ccabb62025-02-05 13:20:09 -0500[diff] [blame]116 label: "{{ item.ports[0].name }}"
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]117
118- name: Create amphora security group
119 openstack.cloud.security_group:
120 cloud: atmosphere
121 name: "{{ octavia_amphora_security_group_name }}"
122 register: _octavia_amphora_sg
123
124- name: Create amphora security group rules
125 openstack.cloud.security_group_rule:
126 cloud: atmosphere
Mohammed Naser8ccabb62025-02-05 13:20:09 -0500[diff] [blame]127 security_group: "{{ _octavia_amphora_sg.security_group.id }}"
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]128 direction: ingress
129 ethertype: IPv4
130 protocol: tcp
131 port_range_min: "{{ item.0 }}"
132 port_range_max: "{{ item.0 }}"
Mohammed Naser8ccabb62025-02-05 13:20:09 -0500[diff] [blame]133 remote_ip_prefix: "{{ item.1.ports[0].fixed_ips[0].ip_address }}/32"
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]134 with_nested:
135 - [22, 9443]
136 - "{{ _octavia_health_manager_ports.results }}"
137
138- name: Create amphora flavor
139 openstack.cloud.compute_flavor:
140 cloud: atmosphere
141 name: "{{ octavia_amphora_flavor_name }}"
142 vcpus: "{{ octavia_amphora_flavor_vcpus }}"
143 ram: "{{ octavia_amphora_flavor_ram }}"
144 disk: "{{ octavia_amphora_flavor_disk }}"
145 is_public: false
thywynbee9ae02023-12-22 16:51:25 +0000[diff] [blame]146 extra_specs: "{{ octavia_amphora_flavor_extra_specs }}"
Mohammed Naser0a13cee2023-03-02 11:28:29 +0100[diff] [blame]147 register: _octavia_amphora_flavor
148
149- name: Upload Amphora image
150 ansible.builtin.include_role:
151 name: glance_image
152 vars:
153 glance_image_name: "{{ octavia_amphora_image_name }}"
154 glance_image_url: "{{ octavia_amphora_image_url }}"
155 glance_image_container_format: "{{ octavia_amphora_image_container_format }}"
156 glance_image_disk_format: "{{ octavia_amphora_image_disk_format }}"
157 glance_image_tags: "{{ octavia_amphora_image_tags }}"
158
159- name: Get Amphora image information
160 openstack.cloud.image_info:
161 cloud: atmosphere
162 image: "{{ octavia_amphora_image_name }}"
163 register: _octavia_amphora_image
Oleksandr Kb9a55a32024-01-17 19:14:21 +0100[diff] [blame]164
165- name: Create Amphora SSH key
166 run_once: true
167 kubernetes.core.k8s:
168 state: present
169 definition:
170 apiVersion: secretgen.k14s.io/v1alpha1
171 kind: SSHKey
172 metadata:
173 name: "{{ octavia_helm_release_name }}-amphora-ssh-key"
174 namespace: "{{ octavia_helm_release_namespace }}"
175 spec:
176 secretTemplate:
177 type: Opaque
178 stringData:
179 id_rsa: $(privateKey)
180 id_rsa.pub: $(authorizedKey)
Mohammed Naserfcc1a6d2024-01-17 17:12:31 -0500[diff] [blame]181 config: |
182 Host *
183 User ubuntu
184 StrictHostKeyChecking no
185 UserKnownHostsFile /dev/null
Oleksandr Kb9a55a32024-01-17 19:14:21 +0100[diff] [blame]186 wait: true
187 wait_timeout: 60
188 wait_condition:
189 type: ReconcileSucceeded
190 status: true
191
192- name: Grab generated Amphora public key
193 run_once: true
194 kubernetes.core.k8s_info:
195 api_version: v1
196 kind: Secret
197 name: "{{ octavia_helm_release_name }}-amphora-ssh-key"
198 namespace: "{{ octavia_helm_release_namespace }}"
199 register: octavia_ssh_key_secret
200
201- name: Import Amphora SSH key-pair in OpenStack
202 run_once: true
203 openstack.cloud.keypair:
204 cloud: atmosphere
205 state: present
206 name: "{{ octavia_helm_release_name }}-amphora-ssh-key"
207 public_key: "{{ octavia_ssh_key_secret.resources[0]['data']['id_rsa.pub'] | b64decode }}"
208 register: octavia_amphora_ssh_keypair