From c98964a4e05c90e680d00b158f6b5dd35221ed3e Mon Sep 17 00:00:00 2001 From: Florent CARLI Date: Sat, 31 Aug 2024 15:12:18 +0200 Subject: [PATCH] HA playbook to roles Signed-off-by: Florent CARLI --- playbooks/cluster_setup_ha.yaml | 161 +----------------- roles/configure_ha/README.md | 20 +++ roles/configure_ha/files/80-wired.network | 10 ++ roles/configure_ha/meta/main.yml | 11 ++ roles/configure_ha/tasks/fetch_conf.yml | 18 ++ roles/configure_ha/tasks/main.yml | 136 +++++++++++++++ .../configure_ha/templates}/cluster.conf.j2 | 0 .../configure_ha/templates}/corosync.conf.j2 | 0 roles/configure_ha/vars/CentOS.yml | 5 + roles/configure_ha/vars/Debian.yml | 5 + 10 files changed, 210 insertions(+), 156 deletions(-) create mode 100644 roles/configure_ha/README.md create mode 100644 roles/configure_ha/files/80-wired.network create mode 100644 roles/configure_ha/meta/main.yml create mode 100644 roles/configure_ha/tasks/fetch_conf.yml create mode 100644 roles/configure_ha/tasks/main.yml rename {templates => roles/configure_ha/templates}/cluster.conf.j2 (100%) rename {src/debian => roles/configure_ha/templates}/corosync.conf.j2 (100%) create mode 100644 roles/configure_ha/vars/CentOS.yml create mode 100644 roles/configure_ha/vars/Debian.yml diff --git a/playbooks/cluster_setup_ha.yaml b/playbooks/cluster_setup_ha.yaml index 6e306f499..d070f9556 100644 --- a/playbooks/cluster_setup_ha.yaml +++ b/playbooks/cluster_setup_ha.yaml @@ -5,163 +5,12 @@ # Pacemaker. --- - -- name: Get distrebution variables - gather_facts: true - hosts: - - cluster_machines - - standalone_machine - tasks: - - include_vars: "../vars/{{ ansible_distribution }}_paths.yml" - -- name: Configure SEAPATH specific files - hosts: cluster_machines - become: true - tasks: - - name: Save cluster machine informations - template: - src: ../templates/cluster.conf.j2 - dest: /etc/cluster.conf - -- name: Check if corosync is already setup +- name: Configure HA basics hosts: cluster_machines become: true - tasks: - - name: check corosync service status - systemd: - name: corosync - state: started - check_mode: true - register: corosync_service_status - - name: Create a group with unconfigured_machines - add_host: - name: "{{ item }}" - groups: unconfigured_machine_group - run_once: true - loop: "{{ groups['cluster_machines'] }}" - changed_when: false - when: hostvars[item].corosync_service_status.changed - - name: Create a group with valid_machines - add_host: - name: "{{ item }}" - groups: valid_machine - run_once: true - loop: "{{ groups['cluster_machines'] }}" - changed_when: false - when: not hostvars[item].corosync_service_status.changed - -- name: Setup Corosync from scratch - hosts: cluster_machines - become: true - vars: - corosync_node_list: "{{ groups['cluster_machines'] | list }}" - tasks: - - name: templating corosync.conf - template: - src: ../src/debian/corosync.conf.j2 - dest: /etc/corosync/corosync.conf - when: groups['valid_machine'] is undefined - - name: Making sure that Corosync service is started - ansible.builtin.systemd: - name: corosync - state: restarted - enabled: yes - -- name: Fetch existing corosync using configuration - hosts: valid_machine - become: true - vars: - tmpdir: "/tmp" - tasks: - - block: - - name: Fetch corosync configuration - fetch: - src: "/etc/corosync/corosync.conf" - dest: "{{ tmpdir }}/corosync.conf" - flat: true - run_once: true - - name: Fetch corosync key - fetch: - src: "/etc/corosync/authkey" - dest: "{{ tmpdir }}/authkey" - flat: true - run_once: true - when: groups['unconfigured_machine_group'] is defined - -- name: Setup Corosync using existing configuration - hosts: unconfigured_machine_group - become: true + gather_facts: true vars: tmpdir: "/tmp" - tasks: - - block: - - name: Install corosync configuration - copy: - src: "{{ tmpdir }}/corosync.conf" - dest: /etc/corosync/corosync.conf - owner: root - group: root - mode: '0644' - - name: Install corosync key - copy: - src: "{{ tmpdir }}/authkey" - dest: /etc/corosync/authkey - owner: root - group: root - mode: '0400' - - name: Start pacemaker - ansible.builtin.systemd: - name: corosync - state: started - enabled: true - when: groups['valid_machine'] is defined - -- name: Setup Pacemaker - hosts: unconfigured_machine_group - become: true - tasks: - - name: Start Pacemaker - ansible.builtin.systemd: - name: pacemaker - state: started - enabled: true - - name: wait for pacemaker - command: "{{ crm_command_path }} status" - register: result - until: result.rc == 0 - retries: 3 - delay: 1 - - name: Disable stonith - command: "{{ crm_command_path }} configure property stonith-enabled=false" - run_once: true - when: groups['valid_machine'] is undefined - -- name: run extra CRM commands - hosts: cluster_machines - become: true - tasks: - - name: run extra CRM configuration commands for vm-mgr http api - command: - cmd: crm -d config load update - - stdin: "{{ vmmgrapi_cmd_list }}" - when: - - enable_vmmgr_http_api is defined - - enable_vmmgr_http_api is true - - admin_cluster_ip is defined - run_once: true - register: vmmgrapi_cmd_list_task - changed_when: "'CIB commit successful' in vmmgrapi_cmd_list_task.stdout" - vars: - vmmgrapi_cmd_list: | - primitive ClusterIP IPaddr2 params ip={{ admin_cluster_ip }} cidr_netmask=32 op monitor interval=30s meta target-role=Started - primitive vmmgrapi systemd:nginx.service op monitor interval=30s - colocation vmmgrapi_colocation inf: ClusterIP vmmgrapi - order order_ClusterIP_vmmgrapi ClusterIP vmmgrapi - - name: run extra CRM configuration commands - command: - cmd: crm -d config load update - - stdin: "{{ extra_crm_cmd_to_run }}" - when: extra_crm_cmd_to_run is defined - run_once: true - register: extra_crm_cmd_to_run_task - changed_when: "'CIB commit successful' in extra_crm_cmd_to_run_task.stdout" + corosync_node_list: "{{ groups['cluster_machines'] | list }}" + roles: + - configure_ha diff --git a/roles/configure_ha/README.md b/roles/configure_ha/README.md new file mode 100644 index 000000000..ff8e91584 --- /dev/null +++ b/roles/configure_ha/README.md @@ -0,0 +1,20 @@ +# Configure HA Role + +This role configures the High Availability part of a seapath cluster (Corosync and Pacemaker) + +## Requirements + +no requirement. + +## Role Variables + +no variables. + +## Example Playbook + +```yaml +- name: Configure HA + hosts: cluster_machines + roles: + - { role: seapath_ansible.configure_ha } +``` diff --git a/roles/configure_ha/files/80-wired.network b/roles/configure_ha/files/80-wired.network new file mode 100644 index 000000000..29ba29faf --- /dev/null +++ b/roles/configure_ha/files/80-wired.network @@ -0,0 +1,10 @@ +[Match] +Name=en* eth* +KernelCommandLine=!nfsroot +KernelCommandLine=!ip + +[Network] +DHCP=no + +[Link] +MTUBytes=1500 diff --git a/roles/configure_ha/meta/main.yml b/roles/configure_ha/meta/main.yml new file mode 100644 index 000000000..054a610ce --- /dev/null +++ b/roles/configure_ha/meta/main.yml @@ -0,0 +1,11 @@ +--- +galaxy_info: + author: "RTE" + description: configures the High Availability part of a seapath cluster (Corosync and Pacemaker) + license: Apache-2.0 + min_ansible_version: 2.9.10 + platforms: + - name: Debian + versions: + - all +dependencies: [] diff --git a/roles/configure_ha/tasks/fetch_conf.yml b/roles/configure_ha/tasks/fetch_conf.yml new file mode 100644 index 000000000..95cd47e36 --- /dev/null +++ b/roles/configure_ha/tasks/fetch_conf.yml @@ -0,0 +1,18 @@ +# Copyright (C) 2024 RTE +# SPDX-License-Identifier: Apache-2.0 + +--- +- block: + - name: Fetch corosync configuration + fetch: + src: "/etc/corosync/corosync.conf" + dest: "{{ tmpdir }}/corosync.conf" + flat: true + run_once: true + - name: Fetch corosync key + fetch: + src: "/etc/corosync/authkey" + dest: "{{ tmpdir }}/authkey" + flat: true + run_once: true + when: groups['unconfigured_machine_group'] is defined diff --git a/roles/configure_ha/tasks/main.yml b/roles/configure_ha/tasks/main.yml new file mode 100644 index 000000000..2d0b7d2a5 --- /dev/null +++ b/roles/configure_ha/tasks/main.yml @@ -0,0 +1,136 @@ +# Copyright (C) 2024 RTE +# SPDX-License-Identifier: Apache-2.0 + +--- +- include_vars: "{{ ansible_distribution }}.yml" + +- name: Save cluster machine informations + template: + src: cluster.conf.j2 + dest: /etc/cluster.conf + +# Check if corosync is already setup +- name: check corosync service status + systemd: + name: corosync + state: started + check_mode: true + register: corosync_service_status +- name: Create a group with unconfigured_machines + add_host: + name: "{{ item }}" + groups: unconfigured_machine_group + run_once: true + loop: "{{ groups['cluster_machines'] }}" + changed_when: false + when: hostvars[item].corosync_service_status.changed +- name: Create a group with valid_machines + add_host: + name: "{{ item }}" + groups: valid_machine + run_once: true + loop: "{{ groups['cluster_machines'] }}" + changed_when: false + when: not hostvars[item].corosync_service_status.changed + +# Setup Corosync from scratch +- name: templating corosync.conf + template: + src: corosync.conf.j2 + dest: /etc/corosync/corosync.conf + when: groups['valid_machine'] is undefined +- name: Making sure that Corosync service is started + ansible.builtin.systemd: + name: corosync + state: restarted + enabled: yes + +- block: + - name: Fetch corosync configuration + fetch: + src: "/etc/corosync/corosync.conf" + dest: "{{ tmpdir }}/corosync.conf" + flat: true + run_once: true + - name: Fetch corosync key + fetch: + src: "/etc/corosync/authkey" + dest: "{{ tmpdir }}/authkey" + flat: true + run_once: true + when: + - groups['unconfigured_machine_group'] is defined + - "'valid_machine' in group_names" + +- name: Setup Corosync using existing configuration + block: + - name: Install corosync configuration + copy: + src: "{{ tmpdir }}/corosync.conf" + dest: /etc/corosync/corosync.conf + owner: root + group: root + mode: '0644' + - name: Install corosync key + copy: + src: "{{ tmpdir }}/authkey" + dest: /etc/corosync/authkey + owner: root + group: root + mode: '0400' + - name: Start pacemaker + ansible.builtin.systemd: + name: corosync + state: started + enabled: true + when: + - groups['valid_machine'] is defined + - "'unconfigured_machine_group' in group_names" + +- name: Setup Pacemaker on unconfigured_machine_group + block: + - name: Start Pacemaker + ansible.builtin.systemd: + name: pacemaker + state: started + enabled: true + - name: wait for pacemaker + command: "{{ crm_command_path }} status" + register: result + until: result.rc == 0 + retries: 3 + delay: 1 + - name: Disable stonith + command: "{{ crm_command_path }} configure property stonith-enabled=false" + run_once: true + when: groups['valid_machine'] is undefined + when: + - groups['valid_machine'] is defined + - "'unconfigured_machine_group' in group_names" + +# run extra CRM commands +- name: run extra CRM configuration commands for vm-mgr http api + command: + cmd: crm -d config load update - + stdin: "{{ vmmgrapi_cmd_list }}" + when: + - enable_vmmgr_http_api is defined + - enable_vmmgr_http_api is true + - admin_cluster_ip is defined + run_once: true + register: vmmgrapi_cmd_list_task + changed_when: "'CIB commit successful' in vmmgrapi_cmd_list_task.stdout" + vars: + vmmgrapi_cmd_list: | + primitive ClusterIP IPaddr2 params ip={{ admin_cluster_ip }} cidr_netmask=32 op monitor interval=30s meta target-role=Started + primitive vmmgrapi systemd:nginx.service op monitor interval=30s + colocation vmmgrapi_colocation inf: ClusterIP vmmgrapi + order order_ClusterIP_vmmgrapi ClusterIP vmmgrapi +- name: run extra CRM configuration commands + command: + cmd: crm -d config load update - + stdin: "{{ extra_crm_cmd_to_run }}" + when: extra_crm_cmd_to_run is defined + run_once: true + register: extra_crm_cmd_to_run_task + changed_when: "'CIB commit successful' in extra_crm_cmd_to_run_task.stdout" diff --git a/templates/cluster.conf.j2 b/roles/configure_ha/templates/cluster.conf.j2 similarity index 100% rename from templates/cluster.conf.j2 rename to roles/configure_ha/templates/cluster.conf.j2 diff --git a/src/debian/corosync.conf.j2 b/roles/configure_ha/templates/corosync.conf.j2 similarity index 100% rename from src/debian/corosync.conf.j2 rename to roles/configure_ha/templates/corosync.conf.j2 diff --git a/roles/configure_ha/vars/CentOS.yml b/roles/configure_ha/vars/CentOS.yml new file mode 100644 index 000000000..51329e0f3 --- /dev/null +++ b/roles/configure_ha/vars/CentOS.yml @@ -0,0 +1,5 @@ +# Copyright (C) 2024, Red Hat +# SPDX-License-Identifier: Apache-2.0 + +--- +crm_command_path: "/usr/local/bin/crm" diff --git a/roles/configure_ha/vars/Debian.yml b/roles/configure_ha/vars/Debian.yml new file mode 100644 index 000000000..243377860 --- /dev/null +++ b/roles/configure_ha/vars/Debian.yml @@ -0,0 +1,5 @@ +# Copyright (C) 2024, Red Hat +# SPDX-License-Identifier: Apache-2.0 + +--- +crm_command_path: "crm"