Add configure tasks for iscsid role
This patch adds configure task which replaces the iscsid configuration in [1] with these modifications. - configure /etc/iscsi on the host directly, so it eliminates the use of /var/lib/config-data/ansible-generated - remove "sync from host" and "sync to host" operations which are no longer needed. - optimize the install task. [1] https://github.com/openstack/puppet-tripleo/blob/master/manifests /profile/base/iscsid.pp Co-Authored-By: Manoj Katari <mkatari@redhat.com> Change-Id: Idb57bb5179897ee7b4461f81372e6021b72be4d8
This commit is contained in:
parent
4dea939ba0
commit
322415d3c4
|
@ -70,4 +70,3 @@ tripleo_container_standalone_volumes: "{{
|
||||||
|
|
||||||
tripleo_debug: False
|
tripleo_debug: False
|
||||||
tripleo_deploy_identifier: ''
|
tripleo_deploy_identifier: ''
|
||||||
tripleo_iscsid_config_volume: /var/lib/config-data/ansible-generated/iscsid
|
|
||||||
|
|
|
@ -23,13 +23,15 @@ tripleo_iscsid_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
|
||||||
tripleo_iscsid_hide_sensitive_logs: true
|
tripleo_iscsid_hide_sensitive_logs: true
|
||||||
|
|
||||||
tripleo_iscsid_image: "quay.io/tripleomastercentos9/openstack-iscsid:current-tripleo"
|
tripleo_iscsid_image: "quay.io/tripleomastercentos9/openstack-iscsid:current-tripleo"
|
||||||
tripleo_iscsid_config_dir: /var/lib/config-data/ansible-generated/iscsid
|
tripleo_iscsid_config_image: "{{ tripleo_iscsid_image }}"
|
||||||
tripleo_iscsid_volumes:
|
tripleo_iscsid_volumes:
|
||||||
- /var/lib/kolla/config_files/iscsid.json:/var/lib/kolla/config_files/config.json:ro
|
- /var/lib/kolla/config_files/iscsid.json:/var/lib/kolla/config_files/config.json:ro
|
||||||
- /dev:/dev
|
- /dev:/dev
|
||||||
- /run:/run
|
- /run:/run
|
||||||
- /sys:/sys
|
- /sys:/sys
|
||||||
- /lib/modules:/lib/modules:ro
|
- /lib/modules:/lib/modules:ro
|
||||||
- "{{ tripleo_iscsid_config_dir }}/etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro"
|
- /etc/iscsi:/etc/iscsi:z
|
||||||
- /etc/target:/etc/target:z
|
- /etc/target:/etc/target:z
|
||||||
- /var/lib/iscsi:/var/lib/iscsi:z
|
- /var/lib/iscsi:/var/lib/iscsi:z
|
||||||
|
|
||||||
|
tripleo_iscsid_chap_algs: 'SHA3-256,SHA256,SHA1,MD5'
|
||||||
|
|
|
@ -1,6 +1 @@
|
||||||
command: /usr/sbin/iscsid -f
|
command: /usr/sbin/iscsid -f
|
||||||
config_files:
|
|
||||||
- source: "/var/lib/kolla/config_files/src-iscsid/"
|
|
||||||
dest: "/etc/iscsi/"
|
|
||||||
merge: true
|
|
||||||
preserve_properties: true
|
|
||||||
|
|
|
@ -14,8 +14,45 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
- name: Ensure {{ tripleo_iscsid_config_dir }}/etc/iscsi exists
|
|
||||||
file:
|
- name: Check if the iSCSI initiator name (IQN) has been reset
|
||||||
path: "{{ tripleo_iscsid_config_dir }}/etc/iscsi"
|
ansible.builtin.stat:
|
||||||
state: directory
|
path: /etc/iscsi/.initiator_reset
|
||||||
recurse: true
|
register: initiator_reset_state
|
||||||
|
|
||||||
|
# NOTE: Each overcloud node must have its own, unique iSCSI Qualified Name
|
||||||
|
# (IQN) but it has to be reset once, and only once as all the services on the
|
||||||
|
# node must use the same IQN. It is reset based on the existence of
|
||||||
|
# .initiator_reset sentinel file.
|
||||||
|
|
||||||
|
- name: Ensure the system has a unique IQN
|
||||||
|
when: initiator_reset_state.stat.exists == False
|
||||||
|
block:
|
||||||
|
|
||||||
|
- name: Generate a unique IQN
|
||||||
|
ansible.builtin.command: podman run -ti --rm --name iscsid_config {{ tripleo_iscsid_config_image }} /usr/sbin/iscsi-iname
|
||||||
|
register: iscsi_iname
|
||||||
|
|
||||||
|
- name: Save the new IQN
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: /etc/iscsi/initiatorname.iscsi
|
||||||
|
content: "InitiatorName={{ iscsi_iname.stdout }}"
|
||||||
|
|
||||||
|
- name: Record the IQN has been reset
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/iscsi/.initiator_reset
|
||||||
|
state: touch
|
||||||
|
|
||||||
|
- name: Write CHAP algorithms
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: "/etc/iscsi/iscsid.conf"
|
||||||
|
line: "node.session.auth.chap_algs = {{ tripleo_iscsid_chap_algs }}"
|
||||||
|
regexp: "^node.session.auth.chap_algs"
|
||||||
|
insertafter: "^#node.session.auth.chap.algs"
|
||||||
|
register: modify_stat
|
||||||
|
|
||||||
|
- name: Record the iscsid container restart is required
|
||||||
|
when : modify_stat.changed
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/iscsi/.iscsid_restart_required
|
||||||
|
state: touch
|
||||||
|
|
|
@ -14,40 +14,48 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
- name: Create persistent directories
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
setype: "{{ item.setype }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- { 'path': /etc/iscsi, 'setype': container_file_t }
|
||||||
|
- { 'path': /etc/target, 'setype': container_file_t }
|
||||||
|
- { 'path': /var/lib/iscsi, 'setype': container_file_t }
|
||||||
|
|
||||||
- name: create fcontext entry for iscsi
|
- name: Create fcontext entry for iscsi
|
||||||
community.general.sefcontext:
|
community.general.sefcontext:
|
||||||
target: "{{ item.path }}(/.*)?"
|
target: "{{ item.path }}(/.*)?"
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
loop:
|
||||||
- { 'path': /etc/iscsi, 'setype': container_file_t }
|
- { 'path': /etc/iscsi, 'setype': container_file_t }
|
||||||
- { 'path': /etc/target, 'setype': container_file_t }
|
- { 'path': /etc/target, 'setype': container_file_t }
|
||||||
- { 'path': /var/lib/iscsi, 'setype': container_file_t }
|
- { 'path': /var/lib/iscsi, 'setype': container_file_t }
|
||||||
when:
|
|
||||||
- tripleo_selinux_mode | default('enforcing') == 'enforcing'
|
- name: Stat /lib/systemd/system/iscsid.socket
|
||||||
- name: create persistent directories
|
ansible.builtin.stat:
|
||||||
file:
|
path: /lib/systemd/system/iscsid.socket
|
||||||
path: "{{ item.path }}"
|
|
||||||
state: directory
|
|
||||||
setype: "{{ item.setype }}"
|
|
||||||
with_items:
|
|
||||||
- { 'path': /etc/iscsi, 'setype': container_file_t }
|
|
||||||
- { 'path': /etc/target, 'setype': container_file_t }
|
|
||||||
- { 'path': /var/lib/iscsi, 'setype': container_file_t }
|
|
||||||
- name: stat /lib/systemd/system/iscsid.socket
|
|
||||||
stat: path=/lib/systemd/system/iscsid.socket
|
|
||||||
register: stat_iscsid_socket
|
register: stat_iscsid_socket
|
||||||
|
|
||||||
- name: Stop and disable iscsid.socket service
|
- name: Stop and disable iscsid.socket service
|
||||||
service: name=iscsid.socket state=stopped enabled=no
|
ansible.builtin.service:
|
||||||
|
name: iscsid.socket
|
||||||
|
state: stopped
|
||||||
|
enabled: no
|
||||||
when: stat_iscsid_socket.stat.exists
|
when: stat_iscsid_socket.stat.exists
|
||||||
|
|
||||||
- name: Check if iscsi.service is enabled
|
- name: Check if iscsi.service is enabled
|
||||||
command: systemctl is-enabled --quiet iscsi.service
|
ansible.builtin.command: systemctl is-enabled --quiet iscsi.service
|
||||||
failed_when: false
|
failed_when: false
|
||||||
register: iscsi_service_enabled_result
|
register: iscsi_service_enabled_result
|
||||||
|
|
||||||
- name: Stop iscsi.service
|
- name: Stop iscsi.service
|
||||||
service: name=iscsi.service state=stopped enabled=no
|
ansible.builtin.service:
|
||||||
|
name: iscsi.service
|
||||||
|
state: stopped
|
||||||
|
enabled: no
|
||||||
when:
|
when:
|
||||||
- not ansible_check_mode
|
|
||||||
- iscsi_service_enabled_result is changed
|
- iscsi_service_enabled_result is changed
|
||||||
- iscsi_service_enabled_result.rc == 0
|
- iscsi_service_enabled_result.rc == 0
|
||||||
|
|
|
@ -24,3 +24,29 @@
|
||||||
iscsid: "{{ lookup('template', 'iscsid.yaml.j2') | from_yaml }}"
|
iscsid: "{{ lookup('template', 'iscsid.yaml.j2') | from_yaml }}"
|
||||||
tripleo_container_standalone_kolla_config_files:
|
tripleo_container_standalone_kolla_config_files:
|
||||||
iscsid: "{{ lookup('file', 'files/iscsid.yaml') | from_yaml }}"
|
iscsid: "{{ lookup('file', 'files/iscsid.yaml') | from_yaml }}"
|
||||||
|
register: manage_iscsid_stat
|
||||||
|
|
||||||
|
- name: Check if the iscsid container restart is required
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: /etc/iscsi/.iscsid_restart_required
|
||||||
|
register: iscsi_restart_stat
|
||||||
|
|
||||||
|
# Existence of sentinel file (.iscsid_restart_required) on the host
|
||||||
|
# indicates that restart of the iscisd container is needed to refresh
|
||||||
|
# /etc/iscsid.conf
|
||||||
|
# sentinel file will exist on an initial deployment, but the restart is
|
||||||
|
# actually needed only if the service is already running, so we check if
|
||||||
|
# the manage_iscsid_stat changed.
|
||||||
|
|
||||||
|
- name: Restart iscsid container to refresh /etcd/iscsid.conf
|
||||||
|
when:
|
||||||
|
- not manage_iscsid_stat.changed|bool
|
||||||
|
- iscsi_restart_stat.stat.exists|bool
|
||||||
|
systemd:
|
||||||
|
name: tripleo_iscsid
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: Remove iscsid container restart sentinel file
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/iscsi/.iscsid_restart_required
|
||||||
|
state: absent
|
||||||
|
|
|
@ -132,11 +132,11 @@ tripleo_nova_compute_volumes:
|
||||||
- /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
|
- /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
|
||||||
- /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro
|
- /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro
|
||||||
- "{{ tripleo_nova_compute_config_dir }}:/var/lib/kolla/config_files/src:ro"
|
- "{{ tripleo_nova_compute_config_dir }}:/var/lib/kolla/config_files/src:ro"
|
||||||
- "{{ tripleo_iscsid_config_volume }}:/var/lib/kolla/config_files/src-iscsid:ro"
|
|
||||||
- "{{ tripleo_nova_compute_ceph_config_path }}:/var/lib/kolla/config_files/src-ceph:ro"
|
- "{{ tripleo_nova_compute_ceph_config_path }}:/var/lib/kolla/config_files/src-ceph:ro"
|
||||||
- /dev:/dev
|
- /dev:/dev
|
||||||
- /lib/modules:/lib/modules:ro
|
- /lib/modules:/lib/modules:ro
|
||||||
- /run:/run
|
- /run:/run
|
||||||
|
- /etc/iscsi:/etc/iscsi:z
|
||||||
- /var/lib/iscsi:/var/lib/iscsi:z
|
- /var/lib/iscsi:/var/lib/iscsi:z
|
||||||
- /var/lib/libvirt:/var/lib/libvirt:shared
|
- /var/lib/libvirt:/var/lib/libvirt:shared
|
||||||
- /sys/class/net:/sys/class/net
|
- /sys/class/net:/sys/class/net
|
||||||
|
|
|
@ -11,13 +11,6 @@ config_files:
|
||||||
dest: "/"
|
dest: "/"
|
||||||
merge: true
|
merge: true
|
||||||
preserve_properties: true
|
preserve_properties: true
|
||||||
# (TODO: slagle) This must be commented out until files exist at this path
|
|
||||||
# otherwise kolla-start fails. This can be enabled once the tripleo_iscsid
|
|
||||||
# role is actually generating configuration.
|
|
||||||
# - source: "/var/lib/kolla/config_files/src-iscsid/*"
|
|
||||||
# dest: "/etc/iscsi/"
|
|
||||||
# merge: true
|
|
||||||
# preserve_properties: true
|
|
||||||
- source: "/var/lib/kolla/config_files/src-ceph/"
|
- source: "/var/lib/kolla/config_files/src-ceph/"
|
||||||
dest: "/etc/ceph/"
|
dest: "/etc/ceph/"
|
||||||
merge: true
|
merge: true
|
||||||
|
|
Loading…
Reference in New Issue