stackhpc · markgoddard · Jul 13, 2022 · Nov 26, 2021 · Nov 30, 2021 · Jan 13, 2022
@@ -0,0 +1,59 @@
+---
+- name: Ensure the libvirt daemon is configured
+  hosts: compute
+  tags:
+    - libvirt-host
+  tasks:
+    - name: Ensure Ceph package repository is available
+      package:
+        name: "centos-release-ceph-{{ compute_libvirt_ceph_repo_release }}"
+        state: present
+      when:
+        - compute_libvirt_enabled | bool
+        - ansible_facts.distribution in ['CentOS', 'Rocky']
+        - compute_libvirt_ceph_repo_install | bool
+      become: true
+
+    - name: Include stackhpc.libvirt-host role
+      include_role:
+        name: stackhpc.libvirt-host
+      vars:
+        libvirt_host_libvirtd_conf: "{{ compute_libvirt_conf }}"
+        libvirt_host_qemu_conf: "{{ compute_qemu_conf }}"
+        libvirt_host_enable_sasl_support: "{{ compute_libvirt_enable_sasl | bool }}"
+        libvirt_host_sasl_authname: nova
+        libvirt_host_sasl_password: "{{ compute_libvirt_sasl_password }}"
+        libvirt_host_tcp_listen: "{{ not compute_libvirt_enable_tls | bool }}"
+        libvirt_host_tcp_listen_address: "{{ internal_net_name | net_ip }}:16509"
+        libvirt_host_tls_listen: "{{ compute_libvirt_enable_tls | bool }}"
+        libvirt_host_tls_listen_address: "{{ internal_net_name | net_ip }}:16514"
+        # TLS server and client certificates.
+        libvirt_host_tls_server_cert: >-
+          {{ lookup('file', lookup('first_found', lookup_params | combine({'files': ['servercert.pem']})))
+             if libvirt_host_tls_listen | default(False) | bool else '' }}
+        libvirt_host_tls_server_key: >-
+          {{ lookup('file', lookup('first_found', lookup_params | combine({'files': ['serverkey.pem']})))
+             if libvirt_host_tls_listen | default(False) | bool else '' }}
+        libvirt_host_tls_client_cert: >-
+          {{ lookup('file', lookup('first_found', lookup_params | combine({'files': ['clientcert.pem']})))
+             if libvirt_host_tls_listen | default(False) | bool else '' }}
+        libvirt_host_tls_client_key: >-
+          {{ lookup('file', lookup('first_found', lookup_params | combine({'files': ['clientkey.pem']})))
+             if libvirt_host_tls_listen | default(False) | bool else '' }}
+        libvirt_host_tls_cacert: >-
+          {{ lookup('file', lookup('first_found', lookup_params | combine({'files': ['cacert.pem']})))
+             if libvirt_host_tls_listen | default(False) | bool else '' }}
+        lookup_params:
+          paths: "{{ libvirt_tls_cert_paths }}"
+          skip: true
+        # Support loading libvirt TLS certificates & keys from per-host and
+        # global locations.
+        libvirt_tls_cert_paths: >-
+          {{ (libvirt_tls_cert_dirs | unique | product([inventory_hostname]) | map('path_join') | list +
+              libvirt_tls_cert_dirs | unique | list) | list }}
+        libvirt_tls_cert_dirs:
+          - "{{ kayobe_env_config_path }}/certificates/libvirt"
+          - "{{ kayobe_config_path }}/certificates/libvirt"
+        libvirt_host_enable_efi_support: true
+      when:
+        - compute_libvirt_enabled | bool
@@ -65,6 +65,12 @@ kolla_bifrost_dib_packages: []
 # Name of disk image file to deploy. Default is "deployment_image.qcow2".
 kolla_bifrost_deploy_image_filename: "deployment_image.qcow2"
 
+# UUID of the root filesystem contained within the deployment image.
+# See below URL for instructions on how to extract it:
+# https://docs.openstack.org/ironic/latest/admin/raid.html#image-requirements
+# Default is none.
+kolla_bifrost_deploy_image_rootfs:
+
 ###############################################################################
 # Ironic configuration.
 

@@ -161,3 +161,61 @@ compute_firewalld_default_zone:
 # - permanent: true
 # - state: enabled
 compute_firewalld_rules: []
+
+###############################################################################
+# Compute node host libvirt configuration.
+
+# Whether to enable a host libvirt daemon. Default is true if kolla_enable_nova
+# is true and kolla_enable_nova_libvirt_container is false.
+compute_libvirt_enabled: "{{ kolla_enable_nova | bool and not kolla_enable_nova_libvirt_container | bool }}"
+
+# A dict of default configuration options to write to
+# /etc/libvirt/libvirtd.conf.
+compute_libvirt_conf_default:
+  auth_tcp: "{{ 'sasl' if compute_libvirt_enable_sasl | bool else 'none' }}"
+  auth_tls: "{{ 'sasl' if compute_libvirt_enable_sasl | bool else 'none' }}"
+  log_level: "{{ compute_libvirtd_log_level }}"
+
+# A dict of additional configuration options to write to
+# /etc/libvirt/libvirtd.conf.
+compute_libvirt_conf_extra: {}
+
+# A dict of configuration options to write to /etc/libvirt/libvirtd.conf.
+# Default is a combination of compute_libvirt_conf_default and
+# compute_libvirt_conf_extra.
+compute_libvirt_conf: "{{ compute_libvirt_conf_default | combine(compute_libvirt_conf_extra) }}"
+
+# Numerical log level for libvirtd. Default is 3.
+compute_libvirtd_log_level: 3
+
+# A dict of default configuration options to write to
+# /etc/libvirt/qemu.conf.
+compute_qemu_conf_default:
+  max_files: 32768
+  max_processes: 131072
+
+# A dict of additional configuration options to write to
+# /etc/libvirt/qemu.conf.
+compute_qemu_conf_extra: {}
+
+# A dict of configuration options to write to /etc/libvirt/qemu.conf.
+# Default is a combination of compute_qemu_conf_default and
+# compute_qemu_conf_extra.
+compute_qemu_conf: "{{ compute_qemu_conf_default | combine(compute_qemu_conf_extra) }}"
+
+# Whether to enable libvirt SASL authentication. Default is true.
+compute_libvirt_enable_sasl: true
+
+# libvirt SASL password. Default is unset.
+compute_libvirt_sasl_password:
+
+# Whether to enable a libvirt TLS listener. Default is false.
+compute_libvirt_enable_tls: false
+
+# Whether to install a Ceph package repository on CentOS and Rocky hosts.
+# Default is true.
+compute_libvirt_ceph_repo_install: true
+
+# Ceph package repository release to install on CentOS and Rocky hosts when
+# compute_libvirt_ceph_repo_install is true. Default is 'pacific'.
+compute_libvirt_ceph_repo_release: pacific
@@ -558,6 +558,7 @@ kolla_enable_murano: "no"
 kolla_enable_neutron_mlnx: "no"
 kolla_enable_neutron_provider_networks: "no"
 kolla_enable_neutron_sriov: "no"
+kolla_enable_nova_libvirt_container: "yes"
 kolla_enable_octavia: "no"
 kolla_enable_openvswitch: "{{ kolla_enable_neutron | bool }}"
 kolla_enable_ovn: "no"
@@ -585,9 +586,9 @@ kolla_enable_zun: "no"
 ###############################################################################
 # Passwords and credentials.
 
-# Dictionary containing default custom passwords to add or override in the
+# Dictionary containing base custom passwords to add or override in the
 # Kolla passwords file.
-kolla_ansible_default_custom_passwords:
+kolla_ansible_base_custom_passwords:
   # SSH key authorized in hosts deployed by Bifrost.
   bifrost_ssh_key:
     private_key: "{{ lookup('file', ssh_private_key_path) }}"
@@ -598,6 +599,19 @@ kolla_ansible_default_custom_passwords:
     public_key: "{{ lookup('file', ssh_public_key_path) }}"
   docker_registry_password: "{{ kolla_docker_registry_password }}"
 
+# Dictionary containing libvirt custom passwords to add or override in the
+# Kolla passwords file.
+kolla_ansible_libvirt_custom_passwords:
+  libvirt_sasl_password: "{{ compute_libvirt_sasl_password }}"
+
+# Dictionary containing default custom passwords to add or override in the
+# Kolla passwords file.
+kolla_ansible_default_custom_passwords: >-
+  {{ kolla_ansible_base_custom_passwords |
+     combine(kolla_ansible_libvirt_custom_passwords
+             if compute_libvirt_enabled | bool and compute_libvirt_enable_sasl | bool
+             else {}) }}
+
 # Dictionary containing custom passwords to add or override in the Kolla
 # passwords file.
 kolla_ansible_custom_passwords: "{{ kolla_ansible_default_custom_passwords }}"
@@ -653,3 +667,18 @@ kolla_internal_tls_cert:
 # in admin-openrc.sh file when TLS is enabled, instead of Kolla-Ansible's
 # default.
 kolla_internal_fqdn_cacert:
+
+###############################################################################
+# Proxy configuration
+
+# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port) used by
+# Kolla. Default value is "{{ http_proxy }}".
+kolla_http_proxy: "{{ http_proxy }}"
+
+# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port) used by
+# Kolla. Default value is "{{ https_proxy }}".
+kolla_https_proxy: "{{ https_proxy }}"
+
+# List of domains, hostnames, IP addresses and networks for which no proxy is
+# used. Default value is "{{ no_proxy }}".
+kolla_no_proxy: "{{ no_proxy }}"
@@ -0,0 +1,59 @@
+---
+# Overcloud host disk image configuration.
+
+###############################################################################
+# Diskimage-builder configuration for overcloud host disk images.
+
+# Whether to build host disk images with DIB directly instead of through
+# Bifrost. Setting it to true disables Bifrost image build and allows images to
+# be built with the `kayobe overcloud host image build` command. Default value
+# is False. This will change in a future release.
+overcloud_dib_build_host_images: False
+
+# DIB base OS element. Default is {{ os_distribution }}.
+overcloud_dib_os_element: "{{ os_distribution }}"
+
+# DIB image OS release. Default is {{ os_release }}.
+overcloud_dib_os_release: "{{ os_release }}"
+
+# List of default DIB elements. Default is ["centos", "cloud-init-datasources",
+# "disable-selinux", "enable-serial-console", "vm"] when
+# overcloud_dib_os_element is "centos", or ["ubuntu", "cloud-init-datasources",
+# "enable-serial-console", "vm"] when overcloud_dib_os_element is "ubuntu".
+overcloud_dib_elements_default:
+  - "{{ overcloud_dib_os_element }}"
+  - "cloud-init-datasources"
+  - "{% if overcloud_dib_os_element == 'centos' %}disable-selinux{% endif %}"
+  - "enable-serial-console"
+  - "vm"
+
+# List of additional DIB elements. Default is none.
+overcloud_dib_elements_extra: []
+
+# List of DIB elements. Default is a combination of
+# overcloud_dib_elements_default and overcloud_dib_elements_extra.
+overcloud_dib_elements: "{{ overcloud_dib_elements_default | select | list + overcloud_dib_elements_extra }}"
+
+# DIB default environment variables. Default is
+# {"DIB_BOOTLOADER_DEFAULT_CMDLINE": "nofb nomodeset gfxpayload=text
+# net.ifnames=1", "DIB_CLOUD_INIT_DATASOURCES": "ConfigDrive", "DIB_RELEASE":
+# "{{ overcloud_dib_os_release }}"}.
+overcloud_dib_env_vars_default:
+  DIB_BOOTLOADER_DEFAULT_CMDLINE: "nofb nomodeset gfxpayload=text net.ifnames=1"
+  DIB_CLOUD_INIT_DATASOURCES: "ConfigDrive"
+  DIB_RELEASE: "{{ overcloud_dib_os_release }}"
+
+# DIB additional environment variables. Default is none.
+overcloud_dib_env_vars_extra: {}
+
+# DIB environment variables. Default is combination of
+# overcloud_dib_env_vars_default and overcloud_dib_env_vars_extra.
+overcloud_dib_env_vars: "{{ overcloud_dib_env_vars_default | combine(overcloud_dib_env_vars_extra) }}"
+
+# List of DIB packages to install. Default is to install no extra packages.
+overcloud_dib_packages: []
+
+# Upper constraints file for installing packages in the virtual environment
+# used for building overcloud host disk images. Default is {{
+# pip_upper_constraints_file }}.
+overcloud_dib_upper_constraints_file: "{{ pip_upper_constraints_file }}"
@@ -0,0 +1,21 @@
+---
+###############################################################################
+# Configuration of HTTP(S) proxies.
+
+# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port). By
+# default no proxy is used.
+http_proxy: ""
+
+# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port). By
+# default no proxy is used.
+https_proxy: ""
+
+# List of domains, hostnames, IP addresses and networks for which no proxy is
+# used. Defaults to ["127.0.0.1", "localhost", "{{ ('http://' ~
+# docker_registry) | urlsplit('hostname') }}"] if docker_registry is set, or
+# ["127.0.0.1", "localhost"] otherwise. This is configured only if either
+# http_proxy or https_proxy is set.
+no_proxy:
+  - "127.0.0.1"
+  - "localhost"
+  - "{{ ('http://' ~ docker_registry) | urlsplit('hostname') if docker_registry else '' }}"
@@ -103,6 +103,7 @@
         kolla_inspector_netmask: "{{ inspection_net_name | net_mask }}"
         kolla_inspector_default_gateway: "{{ inspection_net_name | net_inspection_gateway or inspection_net_name | net_gateway }}"
         kolla_inspector_extra_kernel_options: "{{ inspector_extra_kernel_options }}"
+        kolla_libvirt_tls: "{{ compute_libvirt_enable_tls | bool }}"
         kolla_enable_host_ntp: false
         docker_daemon_mtu: "{{ public_net_name | net_mtu | default }}"
         kolla_globals_paths_extra:

@@ -15,6 +15,7 @@
     bifrost_hostvars:
       addressing_mode: static
       deploy_image_filename: "{{ kolla_bifrost_deploy_image_filename }}"
+      deploy_image_rootfs: "{{ kolla_bifrost_deploy_image_rootfs | default(omit, true) }}"
       ipv4_interface_mac: "{% raw %}{{ extra.pxe_interface_mac | default }}{% endraw %}"
       ipv4_address: "{{ admin_oc_net_name | net_ip }}"
       ipv4_subnet_mask: "{{ admin_oc_net_name | net_mask }}"

@@ -249,3 +249,5 @@
       kolla_extra_sahara: "{{ kolla_extra_config.sahara | default }}"
       kolla_extra_zookeeper: "{{ kolla_extra_config.zookeeper | default }}"
       kolla_extra_config_path: "{{ kayobe_env_config_path }}/kolla/config"
+      kolla_libvirt_tls: "{{ compute_libvirt_enable_tls | bool }}"
+      kolla_nova_libvirt_certificates_src: "{{ kayobe_env_config_path }}/certificates/libvirt"
@@ -0,0 +1,51 @@
+---
+# Build and install a overcloud host disk image for the seed host's ironic
+# service.
+
+- name: Ensure overcloud host disk image is built and installed
+  hosts: seed
+  tags:
+    - overcloud-host-image-build
+  vars:
+    overcloud_host_image_name: "deployment_image"
+    overcloud_host_disk_images:
+      - "{{ overcloud_host_image_name }}.qcow2"
+    overcloud_host_image_force_rebuild: False
+  tasks:
+    - block:
+        - name: Ensure overcloud host disk image is built
+          include_role:
+            name: stackhpc.os-images
+          vars:
+            os_images_venv: "{{ virtualenv_path }}/overcloud-host-image-dib"
+            os_images_package_state: latest
+            os_images_upper_constraints_file: "{{ overcloud_dib_upper_constraints_file }}"
+            os_images_cache: "{{ image_cache_path }}"
+            os_images_common: ""
+            os_images_list:
+              - name: "{{ overcloud_host_image_name }}"
+                elements: "{{ overcloud_dib_elements }}"
+                env: "{{ overcloud_dib_env_vars }}"
+                packages: "{{ overcloud_dib_packages }}"
+                type: qcow2
+            os_images_upload: False
+            os_images_force_rebuild: "{{ overcloud_host_image_force_rebuild }}"
+
+        - name: Ensure overcloud host disk image is copied onto seed
+          copy:
+            src: "{{ image_cache_path }}/{{ overcloud_host_image_name }}/{{ item }}"
+            dest: "/etc/kolla/bifrost/{{ item }}"
+            remote_src: True
+          with_items: "{{ overcloud_host_disk_images }}"
+          become: True
+
+        - name: Copy overcloud host disk image into /httpboot
+          command: >
+            docker exec bifrost_deploy
+            bash -c 'ansible -vvvv target
+            -i /bifrost/playbooks/inventory/target
+            -m copy
+            -a "src=/etc/bifrost/{{ item }} dest=/httpboot/{{ item }}"
+            -e "ansible_python_interpreter=/var/lib/kolla/venv/bin/python"'
+          with_items: "{{ overcloud_host_disk_images }}"
+      when: overcloud_dib_build_host_images | bool
@@ -27,6 +27,7 @@
       - arista
       - dellos6
       - dellos9
+      - dellos10
       - dell-powerconnect
       - junos
       - mellanox
@@ -111,7 +112,7 @@
       arista_switch_interface_config: "{{ switch_interface_config }}"
 
 - name: Ensure DellOS physical switches are configured
-  hosts: switches_of_type_dellos6:switches_of_type_dellos9:&switches_in_display_mode_False
+  hosts: switches_of_type_dellos6:switches_of_type_dellos9:switches_of_type_dellos10:&switches_in_display_mode_False
   gather_facts: no
   roles:
     - role: ssh-known-host