Skip to content

Commit 91bb02a

Browse files
bbezakbbezak
authored
Merge pull request #175 from stackhpc/stable/victoria
sync stackhpc/victoria
2 parents e75b7ae + c011a60 commit 91bb02a

30 files changed

+362
-125
lines changed

ansible/roles/baremetal/defaults/main.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,9 @@ change_selinux: True
3030

3131
selinux_state: "permissive"
3232

33+
# If true, the host firewall service (firewalld or ufw) will be disabled.
34+
disable_firewall: True
35+
3336
docker_storage_driver: ""
3437
docker_custom_option: ""
3538
docker_custom_config: {}

ansible/roles/baremetal/tasks/install.yml

Lines changed: 29 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -6,34 +6,36 @@
66
when: ansible_facts.os_family == 'Debian'
77

88
# TODO(inc0): Gates don't seem to have ufw executable, check for it instead of ignore errors
9-
- name: Set firewall default policy
10-
become: True
11-
ufw:
12-
state: disabled
13-
policy: allow
14-
when: ansible_facts.os_family == 'Debian'
15-
ignore_errors: yes
16-
17-
- name: Check if firewalld is installed
18-
command: rpm -q firewalld
19-
register: firewalld_check
20-
changed_when: false
21-
failed_when: firewalld_check.rc > 1
22-
args:
23-
warn: false
24-
when: ansible_facts.os_family == 'RedHat'
9+
- block:
10+
- name: Set firewall default policy
11+
become: True
12+
ufw:
13+
state: disabled
14+
policy: allow
15+
when: ansible_facts.os_family == 'Debian'
16+
ignore_errors: yes
17+
18+
- name: Check if firewalld is installed
19+
command: rpm -q firewalld
20+
register: firewalld_check
21+
changed_when: false
22+
failed_when: firewalld_check.rc > 1
23+
args:
24+
warn: false
25+
when: ansible_facts.os_family == 'RedHat'
2526

26-
- name: Disable firewalld
27-
become: True
28-
service:
29-
name: "{{ item }}"
30-
enabled: false
31-
state: stopped
32-
with_items:
33-
- firewalld
34-
when:
35-
- ansible_facts.os_family == 'RedHat'
36-
- firewalld_check.rc == 0
27+
- name: Disable firewalld
28+
become: True
29+
service:
30+
name: "{{ item }}"
31+
enabled: false
32+
state: stopped
33+
with_items:
34+
- firewalld
35+
when:
36+
- ansible_facts.os_family == 'RedHat'
37+
- firewalld_check.rc == 0
38+
when: disable_firewall | bool
3739

3840
# Upgrading docker engine may cause containers to stop. Take a snapshot of the
3941
# running containers prior to a potential upgrade of Docker.

ansible/roles/common/tasks/config.yml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,6 @@
1414
- - service_name: "cron"
1515
paths:
1616
- "cron"
17-
- "cron/logrotate"
1817
- service_name: "fluentd"
1918
paths:
2019
- "fluentd"

ansible/roles/common/templates/conf/output/00-local.conf.j2

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
{% if enable_swift | bool and (inventory_hostname in groups['swift-proxy-server'] or inventory_hostname in groups['swift-account-server'] or inventory_hostname in groups['swift-container-server'] or inventory_hostname in groups['swift-object-server']) %}
12
<match syslog.{{ syslog_swift_facility }}.**>
23
@type copy
34
<store>
@@ -58,7 +59,9 @@
5859
</store>
5960
{% endif %}
6061
</match>
62+
{% endif %}
6163

64+
{% if enable_haproxy | bool and inventory_hostname in groups['haproxy'] %}
6265
<match syslog.{{ syslog_haproxy_facility }}.**>
6366
@type copy
6467
<store>
@@ -121,6 +124,7 @@
121124
</store>
122125
{% endif %}
123126
</match>
127+
{% endif %}
124128

125129
{% if glance_enable_tls_backend | bool %}
126130
<match syslog.{{ syslog_glance_tls_proxy_facility }}.**>

ansible/roles/common/templates/fluentd.json.j2

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,11 +29,13 @@
2929
"owner": "{{ fluentd_user }}:{{ fluentd_user }}",
3030
"recurse": true
3131
},
32+
{% if enable_haproxy | bool and inventory_hostname in groups['haproxy'] %}
3233
{
3334
"path": "/var/log/kolla/haproxy",
3435
"owner": "{{ fluentd_user }}:{{ fluentd_user }}",
3536
"recurse": true
3637
},
38+
{% endif %}
3739
{% if glance_enable_tls_backend | bool %}
3840
{
3941
"path": "/var/log/kolla/glance-tls-proxy",
@@ -48,11 +50,13 @@
4850
"recurse": true
4951
},
5052
{% endif %}
53+
{% if enable_swift | bool and (inventory_hostname in groups['swift-proxy-server'] or inventory_hostname in groups['swift-account-server'] or inventory_hostname in groups['swift-container-server'] or inventory_hostname in groups['swift-object-server']) %}
5154
{
5255
"path": "/var/log/kolla/swift",
5356
"owner": "{{ fluentd_user }}:{{ fluentd_user }}",
5457
"recurse": true
5558
},
59+
{% endif %}
5660
{
5761
"path": "/var/lib/fluentd/data",
5862
"owner": "{{ fluentd_user }}:{{ fluentd_user }}",

ansible/roles/mariadb/defaults/main.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -117,4 +117,4 @@ mariadb_backup_type: "full"
117117
####################
118118
# Clustercheck
119119
####################
120-
enable_mariadb_clustercheck: "yes"
120+
enable_mariadb_clustercheck: "{{ enable_haproxy }}"

ansible/roles/neutron/tasks/config-host.yml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,6 @@
2525
sysctl_set: "{{ should_set }}"
2626
sysctl_file: "{{ kolla_sysctl_conf_path }}"
2727
with_items:
28-
- { name: "net.ipv4.ip_forward", value: 1}
2928
- { name: "net.ipv4.conf.all.rp_filter", value: "{{ neutron_l3_agent_host_rp_filter_mode }}"}
3029
- { name: "net.ipv4.conf.default.rp_filter", value: "{{ neutron_l3_agent_host_rp_filter_mode }}"}
3130
- { name: "net.ipv4.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh1 }}"}

ansible/roles/neutron/templates/dhcp_agent.ini.j2

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,5 +17,7 @@ dhcp_override_mac = {{ vmware_dvs_dhcp_override_mac }}
1717
{% endif %}
1818
{% endif %}
1919

20+
{% if neutron_plugin_agent in ['openvswitch', 'ovn'] %}
2021
[ovs]
2122
ovsdb_connection = tcp:127.0.0.1:{{ ovsdb_port }}
23+
{% endif %}

ansible/roles/neutron/templates/l3_agent.ini.j2

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,5 +26,7 @@ enable_detailed_logging = {{ neutron_logging_debug }}
2626
vpn_device_driver = {{ vpn_device_driver }}
2727
{% endif %}
2828

29+
{% if neutron_plugin_agent in ['openvswitch', 'ovn'] %}
2930
[ovs]
3031
ovsdb_connection = tcp:127.0.0.1:{{ ovsdb_port }}
32+
{% endif %}

ansible/roles/octavia/tasks/prepare.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -126,7 +126,7 @@
126126
allocation_pool_end: "{{ octavia_amp_network['subnet']['allocation_pool_end'] | default(omit, true) }}"
127127
enable_dhcp: "{{ octavia_amp_network['subnet']['enable_dhcp'] | default(omit) }}"
128128
no_gateway_ip: "{{ octavia_amp_network['subnet']['no_gateway_ip'] | default(omit) }}"
129-
gateway_ip: "{{ octavia_amp_network['gateway_ip'] | default(omit, true) }}"
129+
gateway_ip: "{{ octavia_amp_network['subnet']['gateway_ip'] | default(omit, true) }}"
130130
ip_version: "{{ octavia_amp_network['subnet']['ip_version'] | default(omit) }}"
131131
ipv6_address_mode: "{{ octavia_amp_network['subnet']['ipv6_address_mode'] | default(omit) }}"
132132
ipv6_ra_mode: "{{ octavia_amp_network['subnet']['ipv6_ra_mode'] | default(omit) }}"

0 commit comments

Comments
 (0)