HA playbook to roles

Signed-off-by: Florent CARLI <florent.carli@rte-france.com>
seapath · Aug 31, 2024 · c98964a · c98964a
1 parent f38dd10
commit c98964a
Show file tree

Hide file tree

Showing 10 changed files with 210 additions and 156 deletions.
diff --git a/playbooks/cluster_setup_ha.yaml b/playbooks/cluster_setup_ha.yaml
@@ -5,163 +5,12 @@
 # Pacemaker.
 
 ---
-
-- name: Get distrebution variables
-  gather_facts: true
-  hosts:
-    - cluster_machines
-    - standalone_machine
-  tasks:
-  - include_vars: "../vars/{{ ansible_distribution }}_paths.yml"
-
-- name: Configure SEAPATH specific files
-  hosts: cluster_machines
-  become: true
-  tasks:
-  - name: Save cluster machine informations
-    template:
-        src: ../templates/cluster.conf.j2
-        dest: /etc/cluster.conf
-
-- name: Check if corosync is already setup
+- name: Configure HA basics
   hosts: cluster_machines
   become: true
-  tasks:
-    - name: check corosync service status
-      systemd:
-        name: corosync
-        state: started
-      check_mode: true
-      register: corosync_service_status
-    - name: Create a group with unconfigured_machines
-      add_host:
-        name: "{{ item }}"
-        groups: unconfigured_machine_group
-      run_once: true
-      loop: "{{ groups['cluster_machines'] }}"
-      changed_when: false
-      when: hostvars[item].corosync_service_status.changed
-    - name: Create a group with valid_machines
-      add_host:
-        name: "{{ item }}"
-        groups: valid_machine
-      run_once: true
-      loop: "{{ groups['cluster_machines'] }}"
-      changed_when: false
-      when: not hostvars[item].corosync_service_status.changed
-
-- name: Setup Corosync from scratch
-  hosts: cluster_machines
-  become: true
-  vars:
-    corosync_node_list: "{{ groups['cluster_machines'] | list }}"
-  tasks:
-    - name: templating corosync.conf
-      template:
-        src: ../src/debian/corosync.conf.j2
-        dest: /etc/corosync/corosync.conf
-      when: groups['valid_machine'] is undefined
-    - name: Making sure that Corosync service is started
-      ansible.builtin.systemd:
-        name: corosync
-        state: restarted
-        enabled: yes
-
-- name: Fetch existing corosync using configuration
-  hosts: valid_machine
-  become: true
-  vars:
-    tmpdir: "/tmp"
-  tasks:
-    - block:
-        - name: Fetch corosync configuration 
-          fetch: 
-            src: "/etc/corosync/corosync.conf"
-            dest: "{{ tmpdir }}/corosync.conf"
-            flat: true
-          run_once: true
-        - name: Fetch corosync key 
-          fetch: 
-            src: "/etc/corosync/authkey"
-            dest: "{{ tmpdir }}/authkey"
-            flat: true
-          run_once: true
-      when: groups['unconfigured_machine_group'] is defined
-
-- name: Setup Corosync using existing configuration
-  hosts: unconfigured_machine_group
-  become: true
+  gather_facts: true
   vars:
     tmpdir: "/tmp"
-  tasks:
-    - block:
-        - name: Install corosync configuration 
-          copy:
-            src: "{{ tmpdir }}/corosync.conf"
-            dest: /etc/corosync/corosync.conf
-            owner: root
-            group: root
-            mode: '0644'
-        - name: Install corosync key 
-          copy:
-            src: "{{ tmpdir }}/authkey"
-            dest: /etc/corosync/authkey
-            owner: root
-            group: root
-            mode: '0400'
-        - name: Start pacemaker
-          ansible.builtin.systemd:
-              name: corosync
-              state: started
-              enabled: true
-      when: groups['valid_machine'] is defined
-
-- name: Setup Pacemaker
-  hosts: unconfigured_machine_group
-  become: true
-  tasks:
-      - name: Start Pacemaker
-        ansible.builtin.systemd:
-            name: pacemaker
-            state: started
-            enabled: true
-      - name: wait for pacemaker
-        command: "{{ crm_command_path }} status"
-        register: result
-        until: result.rc == 0
-        retries: 3
-        delay: 1
-      - name: Disable stonith
-        command: "{{ crm_command_path }} configure property stonith-enabled=false"
-        run_once: true
-        when: groups['valid_machine'] is undefined
-
-- name: run extra CRM commands
-  hosts: cluster_machines
-  become: true
-  tasks:
-      - name: run extra CRM configuration commands for vm-mgr http api
-        command:
-          cmd: crm -d config load update -
-          stdin: "{{ vmmgrapi_cmd_list }}"
-        when:
-          - enable_vmmgr_http_api is defined
-          - enable_vmmgr_http_api is true
-          - admin_cluster_ip is defined
-        run_once: true
-        register: vmmgrapi_cmd_list_task
-        changed_when: "'CIB commit successful' in vmmgrapi_cmd_list_task.stdout"
-        vars:
-          vmmgrapi_cmd_list: |
-            primitive ClusterIP IPaddr2 params ip={{ admin_cluster_ip }} cidr_netmask=32 op monitor interval=30s meta target-role=Started
-            primitive vmmgrapi systemd:nginx.service  op monitor interval=30s
-            colocation vmmgrapi_colocation inf: ClusterIP vmmgrapi
-            order order_ClusterIP_vmmgrapi ClusterIP vmmgrapi
-      - name: run extra CRM configuration commands
-        command:
-          cmd: crm -d config load update -
-          stdin: "{{ extra_crm_cmd_to_run }}"
-        when: extra_crm_cmd_to_run is defined
-        run_once: true
-        register: extra_crm_cmd_to_run_task
-        changed_when: "'CIB commit successful' in extra_crm_cmd_to_run_task.stdout"
+    corosync_node_list: "{{ groups['cluster_machines'] | list }}"
+  roles:
+    - configure_ha
diff --git a/roles/configure_ha/README.md b/roles/configure_ha/README.md
@@ -0,0 +1,20 @@
+# Configure HA Role
+
+This role configures the High Availability part of a seapath cluster (Corosync and Pacemaker)
+
+## Requirements
+
+no requirement.
+
+## Role Variables
+
+no variables.
+
+## Example Playbook
+
+```yaml
+- name: Configure HA
+  hosts: cluster_machines
+  roles:
+    - { role: seapath_ansible.configure_ha }
+```
diff --git a/roles/configure_ha/files/80-wired.network b/roles/configure_ha/files/80-wired.network
@@ -0,0 +1,10 @@
+[Match]
+Name=en* eth*
+KernelCommandLine=!nfsroot
+KernelCommandLine=!ip
+
+[Network]
+DHCP=no
+
+[Link]
+MTUBytes=1500
diff --git a/roles/configure_ha/meta/main.yml b/roles/configure_ha/meta/main.yml
@@ -0,0 +1,11 @@
+---
+galaxy_info:
+  author: "RTE"
+  description: configures the High Availability part of a seapath cluster (Corosync and Pacemaker)
+  license: Apache-2.0
+  min_ansible_version: 2.9.10
+  platforms:
+  - name: Debian
+    versions:
+    - all
+dependencies: []
diff --git a/roles/configure_ha/tasks/fetch_conf.yml b/roles/configure_ha/tasks/fetch_conf.yml
@@ -0,0 +1,18 @@
+# Copyright (C) 2024 RTE
+# SPDX-License-Identifier: Apache-2.0
+
+---
+- block:
+    - name: Fetch corosync configuration
+      fetch:
+        src: "/etc/corosync/corosync.conf"
+        dest: "{{ tmpdir }}/corosync.conf"
+        flat: true
+      run_once: true
+    - name: Fetch corosync key
+      fetch:
+        src: "/etc/corosync/authkey"
+        dest: "{{ tmpdir }}/authkey"
+        flat: true
+      run_once: true
+  when: groups['unconfigured_machine_group'] is defined
diff --git a/roles/configure_ha/tasks/main.yml b/roles/configure_ha/tasks/main.yml
@@ -0,0 +1,136 @@
+# Copyright (C) 2024 RTE
+# SPDX-License-Identifier: Apache-2.0
+
+---
+- include_vars: "{{ ansible_distribution }}.yml"
+
+- name: Save cluster machine informations
+  template:
+    src: cluster.conf.j2
+    dest: /etc/cluster.conf
+
+# Check if corosync is already setup
+- name: check corosync service status
+  systemd:
+    name: corosync
+    state: started
+  check_mode: true
+  register: corosync_service_status
+- name: Create a group with unconfigured_machines
+  add_host:
+    name: "{{ item }}"
+    groups: unconfigured_machine_group
+  run_once: true
+  loop: "{{ groups['cluster_machines'] }}"
+  changed_when: false
+  when: hostvars[item].corosync_service_status.changed
+- name: Create a group with valid_machines
+  add_host:
+    name: "{{ item }}"
+    groups: valid_machine
+  run_once: true
+  loop: "{{ groups['cluster_machines'] }}"
+  changed_when: false
+  when: not hostvars[item].corosync_service_status.changed
+
+# Setup Corosync from scratch
+- name: templating corosync.conf
+  template:
+    src: corosync.conf.j2
+    dest: /etc/corosync/corosync.conf
+  when: groups['valid_machine'] is undefined
+- name: Making sure that Corosync service is started
+  ansible.builtin.systemd:
+    name: corosync
+    state: restarted
+    enabled: yes
+
+- block:
+    - name: Fetch corosync configuration
+      fetch:
+        src: "/etc/corosync/corosync.conf"
+        dest: "{{ tmpdir }}/corosync.conf"
+        flat: true
+      run_once: true
+    - name: Fetch corosync key
+      fetch:
+        src: "/etc/corosync/authkey"
+        dest: "{{ tmpdir }}/authkey"
+        flat: true
+      run_once: true
+  when: 
+    - groups['unconfigured_machine_group'] is defined
+    - "'valid_machine' in group_names"
+
+- name: Setup Corosync using existing configuration
+  block:
+    - name: Install corosync configuration
+      copy:
+        src: "{{ tmpdir }}/corosync.conf"
+        dest: /etc/corosync/corosync.conf
+        owner: root
+        group: root
+        mode: '0644'
+    - name: Install corosync key
+      copy:
+        src: "{{ tmpdir }}/authkey"
+        dest: /etc/corosync/authkey
+        owner: root
+        group: root
+        mode: '0400'
+    - name: Start pacemaker
+      ansible.builtin.systemd:
+          name: corosync
+          state: started
+          enabled: true
+  when:
+    - groups['valid_machine'] is defined
+    - "'unconfigured_machine_group' in group_names"
+
+- name: Setup Pacemaker on unconfigured_machine_group
+  block:
+    - name: Start Pacemaker
+      ansible.builtin.systemd:
+          name: pacemaker
+          state: started
+          enabled: true
+    - name: wait for pacemaker
+      command: "{{ crm_command_path }} status"
+      register: result
+      until: result.rc == 0
+      retries: 3
+      delay: 1
+    - name: Disable stonith
+      command: "{{ crm_command_path }} configure property stonith-enabled=false"
+      run_once: true
+      when: groups['valid_machine'] is undefined
+  when:
+    - groups['valid_machine'] is defined
+    - "'unconfigured_machine_group' in group_names"
+
+# run extra CRM commands
+- name: run extra CRM configuration commands for vm-mgr http api
+  command:
+    cmd: crm -d config load update -
+    stdin: "{{ vmmgrapi_cmd_list }}"
+  when:
+    - enable_vmmgr_http_api is defined
+    - enable_vmmgr_http_api is true
+    - admin_cluster_ip is defined
+  run_once: true
+  register: vmmgrapi_cmd_list_task
+  changed_when: "'CIB commit successful' in vmmgrapi_cmd_list_task.stdout"
+  vars:
+    vmmgrapi_cmd_list: |
+      primitive ClusterIP IPaddr2 params ip={{ admin_cluster_ip }} cidr_netmask=32 op monitor interval=30s meta target-role=Started
+      primitive vmmgrapi systemd:nginx.service  op monitor interval=30s
+      colocation vmmgrapi_colocation inf: ClusterIP vmmgrapi
+      order order_ClusterIP_vmmgrapi ClusterIP vmmgrapi
+- name: run extra CRM configuration commands
+  command:
+    cmd: crm -d config load update -
+    stdin: "{{ extra_crm_cmd_to_run }}"
+  when: extra_crm_cmd_to_run is defined
+  run_once: true
+  register: extra_crm_cmd_to_run_task
+  changed_when: "'CIB commit successful' in extra_crm_cmd_to_run_task.stdout"
diff --git a/templates/cluster.conf.j2 → roles/configure_ha/templates/cluster.conf.j2 b/templates/cluster.conf.j2 → roles/configure_ha/templates/cluster.conf.j2
diff --git a/src/debian/corosync.conf.j2 → ...s/configure_ha/templates/corosync.conf.j2 b/src/debian/corosync.conf.j2 → ...s/configure_ha/templates/corosync.conf.j2
diff --git a/roles/configure_ha/vars/CentOS.yml b/roles/configure_ha/vars/CentOS.yml
@@ -0,0 +1,5 @@
+# Copyright (C) 2024, Red Hat
+# SPDX-License-Identifier: Apache-2.0
+
+---
+crm_command_path: "/usr/local/bin/crm"
diff --git a/roles/configure_ha/vars/Debian.yml b/roles/configure_ha/vars/Debian.yml
@@ -0,0 +1,5 @@
+# Copyright (C) 2024, Red Hat
+# SPDX-License-Identifier: Apache-2.0
+
+---
+crm_command_path: "crm"