Playbook #4
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml
Execution
Date 08 Dec 2025 13:39:52 +0000
Duration 00:35:02.03
Controller aio1.openstack.local
User root
Versions
Ansible 2.18.6
ara 1.7.4 / 1.7.4
Python 3.12.3
Summary
2 Hosts
1377 Tasks
1365 Results
104 Plays
504 Files
0 Records
check:False tags:all

File: /home/zuul/src/opendev.org/openstack/openstack-ansible-os_neutron/tasks/main.yml

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Importing neutron_check tasks
  ansible.builtin.import_tasks: neutron_check.yml

- name: Gather variables for each operating system
  ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
  vars:
    params:
      files:
        - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml"
        - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
        - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
        - "{{ ansible_facts['distribution'] | lower }}.yml"
        - "{{ ansible_facts['os_family'] | lower }}.yml"
      paths:
        - "{{ role_path }}/vars"
  tags:
    - always

- name: Gather variables for installation method
  ansible.builtin.include_vars: "{{ neutron_install_method }}_install.yml"
  tags:
    - always

- name: Including osa.db_setup role
  ansible.builtin.include_role:
    name: openstack.osa.db_setup
    apply:
      tags:
        - common-db
        - neutron-config
  when:
    - "_neutron_is_first_play_host"
  vars:
    _oslodb_setup_host: "{{ neutron_db_setup_host }}"
    _oslodb_ansible_python_interpreter: "{{ neutron_db_setup_python_interpreter }}"
    _oslodb_setup_endpoint: "{{ neutron_galera_address }}"
    _oslodb_setup_port: "{{ neutron_galera_port }}"
    _oslodb_databases:
      - name: "{{ neutron_galera_database }}"
        users:
          - username: "{{ neutron_galera_user }}"
            password: "{{ neutron_container_mysql_password }}"
  tags:
    - always

- name: Including osa.mq_setup role
  ansible.builtin.include_role:
    name: openstack.osa.mq_setup
    apply:
      tags:
        - common-mq
        - neutron-config
  when:
    - "_neutron_is_first_play_host"
  vars:
    _oslomsg_rpc_setup_host: "{{ neutron_oslomsg_rpc_setup_host }}"
    _oslomsg_rpc_userid: "{{ neutron_oslomsg_rpc_userid }}"
    _oslomsg_rpc_password: "{{ neutron_oslomsg_rpc_password }}"
    _oslomsg_rpc_vhost: "{{ neutron_oslomsg_rpc_vhost }}"
    _oslomsg_rpc_transport: "{{ neutron_oslomsg_rpc_transport }}"
    _oslomsg_rpc_policies: "{{ neutron_oslomsg_rpc_policies }}"
    _oslomsg_notify_setup_host: "{{ neutron_oslomsg_notify_setup_host }}"
    _oslomsg_notify_userid: "{{ neutron_oslomsg_notify_userid }}"
    _oslomsg_notify_password: "{{ neutron_oslomsg_notify_password }}"
    _oslomsg_notify_vhost: "{{ neutron_oslomsg_notify_vhost }}"
    _oslomsg_notify_transport: "{{ neutron_oslomsg_notify_transport }}"
    _oslomsg_notify_policies: "{{ neutron_oslomsg_notify_policies }}"
    _oslomsg_notify_configure: "{{ neutron_oslomsg_notify_configure }}"
  tags:
    - always

- name: Get CPU info content and store as var
  ansible.builtin.command: cat /proc/cpuinfo
  register: cpuinfo_contents
  changed_when: false
  failed_when: false
  tags:
    - always

- name: Create the neutron provider networks fact
  openstack.osa.provider_networks:
    provider_networks: "{{ provider_networks }}"
    bind_prefix: "{{ provider_network_bind_prefix | default('') }}"
    is_metal: "{{ is_metal }}"
    group_names: "{{ group_names }}"
  register: pndata
  when: neutron_provider_networks is not defined
  check_mode: false
  changed_when: false
  tags:
    - always

- name: Set provider network fact(s)
  ansible.builtin.set_fact:
    neutron_provider_networks: "{{ neutron_provider_networks | default(pndata) }}"
  tags:
    - always

- name: Importing neutron_pre_install tasks
  ansible.builtin.import_tasks: neutron_pre_install.yml
  tags:
    - neutron-install

- name: Importing neutron_install tasks
  ansible.builtin.import_tasks: neutron_install.yml
  tags:
    - neutron-install

- name: Refresh local facts
  ansible.builtin.setup:
    filter: ansible_local
    gather_subset: "!all"
  tags:
    - neutron-config

# create the ssl certs before the installation of the services.
- name: Create and install SSL certificates for API
  ansible.builtin.include_role:
    name: pki
    tasks_from: main_certs.yml
    apply:
      tags:
        - neutron-config
        - pki
  vars:
    pki_setup_host: "{{ neutron_pki_setup_host }}"
    pki_dir: "{{ neutron_pki_dir }}"
    pki_create_certificates: "{{ neutron_user_ssl_cert is not defined and neutron_user_ssl_key is not defined }}"
    pki_regen_cert: "{{ neutron_pki_regen_cert }}"
    pki_certificates: "{{ neutron_pki_certificates }}"
    pki_install_certificates: "{{ neutron_pki_install_certificates }}"
  when:
    - neutron_backend_ssl
    - neutron_services['neutron-server']['group'] in group_names
  tags:
    - always

- name: Create and install SSL certificates for OVN
  ansible.builtin.include_role:
    name: pki
    tasks_from: main_certs.yml
    apply:
      tags:
        - neutron_ovn-config
        - pki
  vars:
    pki_setup_host: "{{ neutron_ovn_pki_setup_host }}"
    pki_dir: "{{ neutron_ovn_pki_dir }}"
    pki_create_certificates: "{{ neutron_ovn_user_ssl_cert is not defined and neutron_ovn_user_ssl_key is not defined }}"
    pki_regen_cert: "{{ neutron_ovn_pki_regen_cert }}"
    pki_certificates: "{{ neutron_ovn_pki_certificates }}"
    pki_install_certificates: "{{ neutron_ovn_pki_install_certificates }}"
    pki_handler_cert_installed: "ovn cert installed"
  when:
    - neutron_plugin_type == 'ml2.ovn'
    - neutron_ovn_ssl
    - (neutron_services['neutron-ovn-controller']['group'] in group_names) or
      (neutron_services['neutron-ovn-northd']['group'] in group_names) or
      (neutron_services['neutron-server']['group'] in group_names)
  tags:
    - always

# Include provider specific config(s)
- name: Including plugin-specific tasks
  ansible.builtin.include_tasks: "{{ item }}"
  with_first_found:
    - files:
        - "{{ neutron_plugin_type.split('.')[-1] }}_config.yml"
      skip: true
      paths:
        - "providers/"
  tags:
    - neutron-install

- name: Importing neutron_post_install tasks
  ansible.builtin.import_tasks: neutron_post_install.yml
  tags:
    - neutron-config
    - post-install

# TODO(noonedeadpunk): Remove block for Bobcat release
- name: Disable dhcp and metadata agents for OVN scenario
  when:
    - neutron_plugin_type == 'ml2.ovn'
    - (neutron_services['neutron-metadata-agent']['group'] in group_names) or (neutron_services['neutron-dhcp-agent']['group'] in group_names)
  block:
    - name: Gather service facts
      ansible.builtin.service_facts:

    - name: Disable services if they present
      ansible.builtin.systemd:
        name: "{{ item['service_name'] }}"
        state: stopped
        enabled: false
        masked: true
      when:
        - item['group'] in group_names
        - item['service_name'] ~ '.service' in ansible_facts.services
      notify:
        - "Restart neutron services"
      with_items:
        - "{{ neutron_services['neutron-metadata-agent'] }}"
        - "{{ neutron_services['neutron-dhcp-agent'] }}"

- name: Run the systemd service role
  ansible.builtin.import_role:
    name: systemd_service
  vars:
    systemd_user_name: "{{ neutron_system_user_name }}"
    systemd_group_name: "{{ neutron_system_group_name }}"
    systemd_tempd_prefix: openstack
    systemd_slice_name: "{{ neutron_system_slice_name }}"
    systemd_lock_dir: "{{ neutron_lock_dir }}"
    systemd_service_cpu_accounting: true
    systemd_service_block_io_accounting: true
    systemd_service_memory_accounting: true
    systemd_service_tasks_accounting: true
    systemd_services: |-
      {%- set services = [] -%}
      {%- for service in filtered_neutron_services -%}
      {%-   set _ = service.update(
              {
                'enabled': 'yes',
                'state': 'started',
                'config_overrides': service.init_config_overrides
              }
            )
      -%}
      {%-   set _ = service.pop('init_config_overrides') -%}
      {%-   set _ = services.append(service) -%}
      {%- endfor %}
      {{- services -}}
  tags:
    - neutron-config
    - systemd-service

- name: Including neutron_db_setup role
  ansible.builtin.include_tasks: neutron_db_setup.yml
  args:
    apply:
      tags:
        - neutron-config
  when:
    - "_neutron_is_first_play_host"
  tags:
    - always

- name: Import uwsgi role
  ansible.builtin.import_role:
    name: uwsgi
  vars:
    uwsgi_services: "{{ uwsgi_neutron_services }}"
    uwsgi_install_method: "{{ neutron_install_method }}"
  tags:
    - neutron-config
    - uwsgi

- name: Including osa.service_setup role
  ansible.builtin.include_role:
    name: openstack.osa.service_setup
    apply:
      tags:
        - common-service
        - neutron-config
  vars:
    _service_adminuri_insecure: "{{ keystone_service_adminuri_insecure }}"
    _service_in_ldap: "{{ neutron_service_in_ldap }}"
    _service_setup_host: "{{ neutron_service_setup_host }}"
    _service_setup_host_python_interpreter: "{{ neutron_service_setup_host_python_interpreter }}"
    _service_project_name: "{{ neutron_service_project_name }}"
    _service_region: "{{ neutron_service_region }}"
    _service_users:
      - name: "{{ neutron_service_user_name }}"
        password: "{{ neutron_service_password }}"
        role: "{{ neutron_service_role_names }}"
    _service_endpoints:
      - service: "{{ neutron_service_name }}"
        interface: "public"
        url: "{{ neutron_service_publicurl }}"
      - service: "{{ neutron_service_name }}"
        interface: "internal"
        url: "{{ neutron_service_internalurl }}"
      - service: "{{ neutron_service_name }}"
        interface: "admin"
        url: "{{ neutron_service_adminurl }}"
    _service_catalog:
      - name: "{{ neutron_service_name }}"
        type: "{{ neutron_service_type }}"
        description: "{{ neutron_service_description }}"
  when:
    - "_neutron_is_first_play_host"
  tags:
    - always

- name: Flush handlers
  ansible.builtin.meta: flush_handlers