refactor ovn playbook to ansible role files

Signed-off-by: Markus Katharina Brechtel <[email protected]>
lxc · May 18, 2024 · 405903c · 405903c
1 parent 2358973
commit 405903c
Show file tree

Hide file tree

Showing 4 changed files with 95 additions and 131 deletions.
diff --git a/roles/ovn/defaults/main.yaml b/roles/ovn/defaults/main.yaml
@@ -0,0 +1,5 @@
+ovn_name: ''
+ovn_roles: []
+ovn_release: distro
+ovn_ip_address: "{{ ansible_default_ipv6['address'] | default(ansible_default_ipv4['address']) }}"
+ovn_az_name: "{{ ovn_az_name | default('') }}"
diff --git a/roles/ovn/handlers/main.yaml b/roles/ovn/handlers/main.yaml
@@ -0,0 +1,80 @@
+- name: Configure OVS
+  shell: ovs-vsctl set open_vswitch . external_ids:ovn-remote={{ ovn_central_southbound }} external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip={{ ovn_ip_address }}
+
+- name: Enable OVN IC gateway
+  shell:
+    cmd: "ovs-vsctl set open_vswitch . external_ids:ovn-is-interconn=true"
+  when: '"ic-gateway" in ovn_roles'
+
+- name: Configure OVN central northbound DB for SSL (certs)
+  shell:
+    cmd: "ovn-nbctl set-ssl /etc/ovn/{{ ovn_name }}.server.key /etc/ovn/{{ ovn_name }}.server.crt /etc/ovn/{{ ovn_name }}.ca.crt"
+  when: '"central" in ovn_roles'
+
+- name: Configure OVN central northbound DB for SSL (ports)
+  shell:
+    cmd: "ovn-nbctl set-connection pssl:6641:[::]"
+  when: '"central" in ovn_roles'
+
+- name: Configure OVN central southbound DB for SSL (certs)
+  shell:
+    cmd: "ovn-sbctl set-ssl /etc/ovn/{{ ovn_name }}.server.key /etc/ovn/{{ ovn_name }}.server.crt /etc/ovn/{{ ovn_name }}.ca.crt"
+  when: '"central" in ovn_roles'
+
+- name: Configure OVN central southbound DB for SSL (ports)
+  shell:
+    cmd: "ovn-sbctl set-connection pssl:6642:[::]"
+  when: '"central" in ovn_roles'
+
+- name: Configure OVN IC northbound DB for SSL (certs)
+  shell:
+    cmd: "ovn-ic-nbctl set-ssl /etc/ovn/{{ ovn_name }}.server.key /etc/ovn/{{ ovn_name }}.server.crt /etc/ovn/{{ ovn_name }}.ca.crt"
+  when: '"ic-db" in ovn_roles'
+
+- name: Configure OVN IC northbound DB for SSL (ports)
+  shell:
+    cmd: "ovn-ic-nbctl set-connection pssl:6645:[::]"
+  when: '"ic-db" in ovn_roles'
+
+- name: Configure OVN IC southbound DB for SSL (certs)
+  shell:
+    cmd: "ovn-ic-sbctl set-ssl /etc/ovn/{{ ovn_name }}.server.key /etc/ovn/{{ ovn_name }}.server.crt /etc/ovn/{{ ovn_name }}.ca.crt"
+  when: '"ic-db" in ovn_roles'
+
+- name: Configure OVN IC southbound DB for SSL (ports)
+  shell:
+    cmd: "ovn-ic-sbctl set-connection pssl:6646:[::]"
+  when: '"ic-db" in ovn_roles'
+
+- name: Restart OVN central
+  systemd:
+    name: ovn-central.service
+    state: restarted
+
+- name: Restart OVN host
+  systemd:
+    name: ovn-host.service
+    state: restarted
+
+- name: Restart OVN IC
+  systemd:
+    daemon_reload: true
+    name: ovn-ic.service
+    state: restarted
+  when: '"ic" in ovn_roles'
+
+- name: Restart OVN IC databases
+  systemd:
+    name: ovn-ic-db.service
+    state: restarted
+  when: '"ic-db" in ovn_roles'
+
+- name: Configure OVN AZ name
+  shell:
+    cmd: "ovn-nbctl --db={{ ovn_central_northbound }} -c /etc/ovn/{{ ovn_name }}.server.crt -p /etc/ovn/{{ ovn_name }}.server.key -C /etc/ovn/{{ ovn_name }}.ca.crt set NB_Global . name={{ ovn_az_name }}"
+  when: '"central" in ovn_roles and ovn_az_name'
+
+- name: Enable OVN IC route sharing
+  shell:
+    cmd: "ovn-nbctl --db={{ ovn_central_northbound }} -c /etc/ovn/{{ ovn_name }}.server.crt -p /etc/ovn/{{ ovn_name }}.server.key -C /etc/ovn/{{ ovn_name }}.ca.crt set NB_Global . options:ic-route-adv=true options:ic-route-learn=true"
+  when: '"central" in ovn_roles and ovn_az_name'
diff --git a/roles/ovn/tasks/main.yaml b/roles/ovn/tasks/main.yaml
@@ -1,13 +1,5 @@
 ---
-- name: OVN - Generate PKI certificates (central)
-  hosts: all
-  order: shuffle
-  gather_facts: no
-  vars:
-    ovn_name: "{{ ovn_name | default('') }}"
-    ovn_pki_path: "../data/ovn/{{ ovn_name }}/"
-    ovn_roles: "{{ ovn_roles | default([]) }}"
-  tasks:
+# - name: OVN - Generate PKI certificates (central)
     - name: Create cluster directory
       delegate_to: 127.0.0.1
       file:
@@ -80,14 +72,7 @@
       when: "cert_csr.changed"
       throttle: 1
 
-- name: OVN - Add package repository
-  hosts: all
-  order: shuffle
-  gather_facts: yes
-  vars:
-    ovn_release: "{{ ovn_release | default('distro') }}"
-    ovn_roles: "{{ ovn_roles | default([]) }}"
-  tasks:
+# - name: OVN - Add package repository
     - name: Create apt keyring path
       file:
         path: /etc/apt/keyrings/
@@ -116,28 +101,13 @@
       notify: Update apt
       when: 'ovn_roles|length > 0 and ovn_release == "ppa"'
 
-  handlers:
     - name: Update apt
       apt:
         force_apt_get: yes
         update_cache: yes
         cache_valid_time: 0
 
-- name: OVN - Install packages
-  hosts: all
-  order: shuffle
-  gather_facts: yes
-  vars:
-    ovn_ip_address: "{{ ovn_ip_address | default(ansible_default_ipv6['address'] | default(ansible_default_ipv4['address'])) }}"
-    ovn_name: "{{ ovn_name | default('') }}"
-    ovn_release: "{{ ovn_release | default('distro') }}"
-    ovn_roles: "{{ ovn_roles | default([]) }}"
-
-    ovn_central_northbound: "{{ lookup('template', '../files/ovn/ovn-central.servers.tpl') | from_yaml | map('regex_replace', '^(.*)$', 'ssl:[\\1]:6641') | join(',') }}"
-    ovn_central_southbound: "{{ lookup('template', '../files/ovn/ovn-central.servers.tpl') | from_yaml | map('regex_replace', '^(.*)$', 'ssl:[\\1]:6642') | join(',') }}"
-    ovn_ic_northbound: "{{ lookup('template', '../files/ovn/ovn-ic.servers.tpl') | from_yaml | map('regex_replace', '^(.*)$', 'ssl:[\\1]:6645') | join(',') }}"
-    ovn_ic_southbound: "{{ lookup('template', '../files/ovn/ovn-ic.servers.tpl') | from_yaml | map('regex_replace', '^(.*)$', 'ssl:[\\1]:6646') | join(',') }}"
-  tasks:
+# - name: OVN - Install packages
     - name: Install the OVN central package
       apt:
         name:
@@ -173,31 +143,7 @@
         - Enable OVN IC gateway
       when: '"host" in ovn_roles'
 
-  handlers:
-    - name: Configure OVS
-      shell: ovs-vsctl set open_vswitch . external_ids:ovn-remote={{ ovn_central_southbound }} external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip={{ ovn_ip_address }}
-
-    - name: Enable OVN IC gateway
-      shell:
-        cmd: "ovs-vsctl set open_vswitch . external_ids:ovn-is-interconn=true"
-      when: '"ic-gateway" in ovn_roles'
-
-- name: OVN - Set up daemon configuration
-  hosts: all
-  order: shuffle
-  gather_facts: yes
-  vars:
-    ovn_ip_address: "{{ ovn_ip_address | default(ansible_default_ipv6['address'] | default(ansible_default_ipv4['address'])) }}"
-    ovn_az_name: "{{ ovn_az_name | default('') }}"
-    ovn_name: "{{ ovn_name | default('') }}"
-    ovn_roles: "{{ ovn_roles | default([]) }}"
-
-    ovn_central_northbound: "{{ lookup('template', '../files/ovn/ovn-central.servers.tpl') | from_yaml | map('regex_replace', '^(.*)$', 'ssl:[\\1]:6641') | join(',') }}"
-    ovn_central_southbound: "{{ lookup('template', '../files/ovn/ovn-central.servers.tpl') | from_yaml | map('regex_replace', '^(.*)$', 'ssl:[\\1]:6642') | join(',') }}"
-    ovn_ic_northbound: "{{ lookup('template', '../files/ovn/ovn-ic.servers.tpl') | from_yaml | map('regex_replace', '^(.*)$', 'ssl:[\\1]:6645') | join(',') }}"
-    ovn_ic_southbound: "{{ lookup('template', '../files/ovn/ovn-ic.servers.tpl') | from_yaml | map('regex_replace', '^(.*)$', 'ssl:[\\1]:6646') | join(',') }}"
-    ovn_pki_path: "../data/ovn/{{ ovn_name }}/"
-  tasks:
+# - name: OVN - Set up daemon configuration
     - name: Create OVN config directory
       file:
         path: /etc/ovn
@@ -285,76 +231,3 @@
         src: ../files/ovn/alias.sh.tpl
         dest: /etc/ovn/alias.sh
       when: 'ovn_roles | length > 0'
-  handlers:
-    - name: Configure OVN central northbound DB for SSL (certs)
-      shell:
-        cmd: "ovn-nbctl set-ssl /etc/ovn/{{ ovn_name }}.server.key /etc/ovn/{{ ovn_name }}.server.crt /etc/ovn/{{ ovn_name }}.ca.crt"
-      when: '"central" in ovn_roles'
-
-    - name: Configure OVN central northbound DB for SSL (ports)
-      shell:
-        cmd: "ovn-nbctl set-connection pssl:6641:[::]"
-      when: '"central" in ovn_roles'
-
-    - name: Configure OVN central southbound DB for SSL (certs)
-      shell:
-        cmd: "ovn-sbctl set-ssl /etc/ovn/{{ ovn_name }}.server.key /etc/ovn/{{ ovn_name }}.server.crt /etc/ovn/{{ ovn_name }}.ca.crt"
-      when: '"central" in ovn_roles'
-
-    - name: Configure OVN central southbound DB for SSL (ports)
-      shell:
-        cmd: "ovn-sbctl set-connection pssl:6642:[::]"
-      when: '"central" in ovn_roles'
-
-    - name: Configure OVN IC northbound DB for SSL (certs)
-      shell:
-        cmd: "ovn-ic-nbctl set-ssl /etc/ovn/{{ ovn_name }}.server.key /etc/ovn/{{ ovn_name }}.server.crt /etc/ovn/{{ ovn_name }}.ca.crt"
-      when: '"ic-db" in ovn_roles'
-
-    - name: Configure OVN IC northbound DB for SSL (ports)
-      shell:
-        cmd: "ovn-ic-nbctl set-connection pssl:6645:[::]"
-      when: '"ic-db" in ovn_roles'
-
-    - name: Configure OVN IC southbound DB for SSL (certs)
-      shell:
-        cmd: "ovn-ic-sbctl set-ssl /etc/ovn/{{ ovn_name }}.server.key /etc/ovn/{{ ovn_name }}.server.crt /etc/ovn/{{ ovn_name }}.ca.crt"
-      when: '"ic-db" in ovn_roles'
-
-    - name: Configure OVN IC southbound DB for SSL (ports)
-      shell:
-        cmd: "ovn-ic-sbctl set-connection pssl:6646:[::]"
-      when: '"ic-db" in ovn_roles'
-
-    - name: Restart OVN central
-      systemd:
-        name: ovn-central.service
-        state: restarted
-
-    - name: Restart OVN host
-      systemd:
-        name: ovn-host.service
-        state: restarted
-
-    - name: Restart OVN IC
-      systemd:
-        daemon_reload: true
-        name: ovn-ic.service
-        state: restarted
-      when: '"ic" in ovn_roles'
-
-    - name: Restart OVN IC databases
-      systemd:
-        name: ovn-ic-db.service
-        state: restarted
-      when: '"ic-db" in ovn_roles'
-
-    - name: Configure OVN AZ name
-      shell:
-        cmd: "ovn-nbctl --db={{ ovn_central_northbound }} -c /etc/ovn/{{ ovn_name }}.server.crt -p /etc/ovn/{{ ovn_name }}.server.key -C /etc/ovn/{{ ovn_name }}.ca.crt set NB_Global . name={{ ovn_az_name }}"
-      when: '"central" in ovn_roles and ovn_az_name'
-
-    - name: Enable OVN IC route sharing
-      shell:
-        cmd: "ovn-nbctl --db={{ ovn_central_northbound }} -c /etc/ovn/{{ ovn_name }}.server.crt -p /etc/ovn/{{ ovn_name }}.server.key -C /etc/ovn/{{ ovn_name }}.ca.crt set NB_Global . options:ic-route-adv=true options:ic-route-learn=true"
-      when: '"central" in ovn_roles and ovn_az_name'
diff --git a/roles/ovn/vars/main.yaml b/roles/ovn/vars/main.yaml
@@ -0,0 +1,6 @@
+ovn_pki_path: "../data/ovn/{{ ovn_name }}/"
+
+ovn_central_northbound: "{{ lookup('template', '../files/ovn/ovn-central.servers.tpl') | from_yaml | map('regex_replace', '^(.*)$', 'ssl:[\\1]:6641') | join(',') }}"
+ovn_central_southbound: "{{ lookup('template', '../files/ovn/ovn-central.servers.tpl') | from_yaml | map('regex_replace', '^(.*)$', 'ssl:[\\1]:6642') | join(',') }}"
+ovn_ic_northbound: "{{ lookup('template', '../files/ovn/ovn-ic.servers.tpl') | from_yaml | map('regex_replace', '^(.*)$', 'ssl:[\\1]:6645') | join(',') }}"
+ovn_ic_southbound: "{{ lookup('template', '../files/ovn/ovn-ic.servers.tpl') | from_yaml | map('regex_replace', '^(.*)$', 'ssl:[\\1]:6646') | join(',') }}"