diff --git a/roles/ceph/tasks/main.yaml b/roles/ceph/tasks/main.yaml index a48e69c..5b130c0 100644 --- a/roles/ceph/tasks/main.yaml +++ b/roles/ceph/tasks/main.yaml @@ -1,357 +1,357 @@ --- # - name: Ceph - Generate cluster keys and maps - - name: Generate mon keyring - delegate_to: 127.0.0.1 - shell: - cmd: ceph-authtool --create-keyring {{ ceph_mon_keyring }} --gen-key -n mon. --cap mon 'allow *' - creates: '{{ ceph_mon_keyring }}' - throttle: 1 - when: 'ceph_fsid' - - - name: Generate client.admin keyring - delegate_to: 127.0.0.1 - shell: - cmd: ceph-authtool --create-keyring {{ ceph_client_admin_keyring }} --gen-key -n client.admin --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *' --cap mgr 'allow *' - creates: '{{ ceph_client_admin_keyring }}' - throttle: 1 - notify: Add key to client.admin keyring - when: 'ceph_fsid' - - - name: Generate bootstrap-osd keyring - delegate_to: 127.0.0.1 - shell: - cmd: ceph-authtool --create-keyring {{ ceph_bootstrap_osd_keyring }} --gen-key -n client.bootstrap-osd --cap mon 'profile bootstrap-osd' --cap mgr 'allow r' - creates: '{{ ceph_bootstrap_osd_keyring }}' - throttle: 1 - notify: Add key to bootstrap-osd keyring - when: 'ceph_fsid' - - - name: Generate mon map - delegate_to: 127.0.0.1 - shell: - cmd: monmaptool --create{% if ceph_release_majors[ceph_release] | default(None) %} --set-min-mon-release={{ ceph_release_majors[ceph_release] }}{% endif %} --fsid {{ ceph_fsid }} {{ ceph_mon_map }} - creates: '{{ ceph_mon_map }}' - throttle: 1 - notify: Add nodes to mon map - when: 'ceph_fsid' +- name: Generate mon keyring + delegate_to: 127.0.0.1 + shell: + cmd: ceph-authtool --create-keyring {{ ceph_mon_keyring }} --gen-key -n mon. --cap mon 'allow *' + creates: '{{ ceph_mon_keyring }}' + throttle: 1 + when: 'ceph_fsid' + +- name: Generate client.admin keyring + delegate_to: 127.0.0.1 + shell: + cmd: ceph-authtool --create-keyring {{ ceph_client_admin_keyring }} --gen-key -n client.admin --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *' --cap mgr 'allow *' + creates: '{{ ceph_client_admin_keyring }}' + throttle: 1 + notify: Add key to client.admin keyring + when: 'ceph_fsid' + +- name: Generate bootstrap-osd keyring + delegate_to: 127.0.0.1 + shell: + cmd: ceph-authtool --create-keyring {{ ceph_bootstrap_osd_keyring }} --gen-key -n client.bootstrap-osd --cap mon 'profile bootstrap-osd' --cap mgr 'allow r' + creates: '{{ ceph_bootstrap_osd_keyring }}' + throttle: 1 + notify: Add key to bootstrap-osd keyring + when: 'ceph_fsid' + +- name: Generate mon map + delegate_to: 127.0.0.1 + shell: + cmd: monmaptool --create{% if ceph_release_majors[ceph_release] | default(None) %} --set-min-mon-release={{ ceph_release_majors[ceph_release] }}{% endif %} --fsid {{ ceph_fsid }} {{ ceph_mon_map }} + creates: '{{ ceph_mon_map }}' + throttle: 1 + notify: Add nodes to mon map + when: 'ceph_fsid' # - name: Ceph - Add package repository - - name: Create apt keyring path - file: - path: /etc/apt/keyrings/ - mode: 0755 - state: directory - when: 'ceph_roles|length > 0 and ceph_release != "distro"' - - - name: Add ceph GPG key - copy: - src: ../files/ceph/ceph.asc - dest: /etc/apt/keyrings/ansible-ceph.asc - notify: Update apt - when: 'ceph_roles|length > 0 and ceph_release != "distro"' - - - name: Get DPKG architecture - shell: dpkg --print-architecture - register: dpkg_architecture - changed_when: false - check_mode: no - when: 'ceph_roles|length > 0 and ceph_release != "distro"' - - - name: Add ceph package sources - template: - src: ../files/ceph/ceph.sources.tpl - dest: /etc/apt/sources.list.d/ansible-ceph.sources - notify: Update apt - when: 'ceph_roles|length > 0 and ceph_release != "distro"' - - - name: Update apt - apt: - force_apt_get: yes - update_cache: yes - cache_valid_time: 0 +- name: Create apt keyring path + file: + path: /etc/apt/keyrings/ + mode: 0755 + state: directory + when: 'ceph_roles|length > 0 and ceph_release != "distro"' + +- name: Add ceph GPG key + copy: + src: ../files/ceph/ceph.asc + dest: /etc/apt/keyrings/ansible-ceph.asc + notify: Update apt + when: 'ceph_roles|length > 0 and ceph_release != "distro"' + +- name: Get DPKG architecture + shell: dpkg --print-architecture + register: dpkg_architecture + changed_when: false + check_mode: no + when: 'ceph_roles|length > 0 and ceph_release != "distro"' + +- name: Add ceph package sources + template: + src: ../files/ceph/ceph.sources.tpl + dest: /etc/apt/sources.list.d/ansible-ceph.sources + notify: Update apt + when: 'ceph_roles|length > 0 and ceph_release != "distro"' + +- name: Update apt + apt: + force_apt_get: yes + update_cache: yes + cache_valid_time: 0 # - name: Ceph - Install packages - - name: Install ceph-common - apt: - name: - - ceph-common - install_recommends: no - state: present - when: '"client" in ceph_roles' - - - name: Install ceph-mon - apt: - name: - - ceph-mon - install_recommends: no - state: present - when: '"mon" in ceph_roles' - - - name: Install ceph-mgr - apt: - name: - - ceph-mgr - - python3-bcrypt - - python3-distutils - install_recommends: no - state: present - when: '"mgr" in ceph_roles' - - - name: Install ceph-mds - apt: - name: - - ceph-mds - install_recommends: no - state: present - when: '"mds" in ceph_roles' - - - name: Install ceph-osd - apt: - name: - - ceph-osd - - ceph-volume - install_recommends: no - state: present - when: '"osd" in ceph_roles' - - - name: Install ceph-rbd-mirror - apt: - name: - - rbd-mirror - install_recommends: no - state: present - when: '"rbd-mirror" in ceph_roles' - - - name: Install radosgw - apt: - name: - - radosgw - install_recommends: no - state: present - when: '"rgw" in ceph_roles' +- name: Install ceph-common + apt: + name: + - ceph-common + install_recommends: no + state: present + when: '"client" in ceph_roles' + +- name: Install ceph-mon + apt: + name: + - ceph-mon + install_recommends: no + state: present + when: '"mon" in ceph_roles' + +- name: Install ceph-mgr + apt: + name: + - ceph-mgr + - python3-bcrypt + - python3-distutils + install_recommends: no + state: present + when: '"mgr" in ceph_roles' + +- name: Install ceph-mds + apt: + name: + - ceph-mds + install_recommends: no + state: present + when: '"mds" in ceph_roles' + +- name: Install ceph-osd + apt: + name: + - ceph-osd + - ceph-volume + install_recommends: no + state: present + when: '"osd" in ceph_roles' + +- name: Install ceph-rbd-mirror + apt: + name: + - rbd-mirror + install_recommends: no + state: present + when: '"rbd-mirror" in ceph_roles' + +- name: Install radosgw + apt: + name: + - radosgw + install_recommends: no + state: present + when: '"rgw" in ceph_roles' # - name: Ceph - Set up config and keyrings - - name: Transfer the cluster configuration - template: - src: ../files/ceph/ceph.conf.tpl - dest: /etc/ceph/ceph.conf - notify: Restart Ceph - when: 'ceph_roles|length > 0' - - - name: Create main storage directory - file: - path: /var/lib/ceph - owner: ceph - group: ceph - mode: 0750 - state: directory - when: 'ceph_roles|length > 1 or ceph_roles[0] != "client"' - - - name: Create monitor bootstrap path - file: - path: /var/lib/ceph/bootstrap-mon - owner: ceph - group: ceph - mode: 0770 - state: directory - when: '"mon" in ceph_roles' - - - name: Create OSD bootstrap path - file: - path: /var/lib/ceph/bootstrap-osd - owner: ceph - group: ceph - mode: 0770 - state: directory - when: '"osd" in ceph_roles' - - - name: Transfer main admin keyring - copy: - src: '{{ ceph_client_admin_keyring }}' - dest: /etc/ceph/ceph.client.admin.keyring - owner: ceph - group: ceph - mode: 0660 - notify: Restart Ceph - when: '("client" in ceph_roles and "admin" in ceph_keyrings) or "mon" in ceph_roles' - - - name: Transfer additional client keyrings - copy: - src: '../data/ceph/cluster.{{ ceph_fsid }}.client.{{ item }}.keyring' - dest: '/etc/ceph/ceph.client.{{ item }}.keyring' - owner: ceph - group: ceph - mode: 0660 - with_items: - '{{ ceph_keyrings | difference(["admin"]) }}' - when: '"client" in ceph_roles' - - - name: Transfer bootstrap mon keyring - copy: - src: '{{ ceph_mon_keyring }}' - dest: /var/lib/ceph/bootstrap-mon/ceph.keyring - owner: ceph - group: ceph - mode: 0660 - when: '"mon" in ceph_roles' - - - name: Transfer bootstrap mon map - copy: - src: '{{ ceph_mon_map }}' - dest: /var/lib/ceph/bootstrap-mon/ceph.monmap - owner: ceph - group: ceph - mode: 0660 - when: '"mon" in ceph_roles' - - - name: Transfer bootstrap OSD keyring - copy: - src: '{{ ceph_bootstrap_osd_keyring }}' - dest: /var/lib/ceph/bootstrap-osd/ceph.keyring - owner: ceph - group: ceph - mode: 0660 - when: '"osd" in ceph_roles' +- name: Transfer the cluster configuration + template: + src: ../files/ceph/ceph.conf.tpl + dest: /etc/ceph/ceph.conf + notify: Restart Ceph + when: 'ceph_roles|length > 0' + +- name: Create main storage directory + file: + path: /var/lib/ceph + owner: ceph + group: ceph + mode: 0750 + state: directory + when: 'ceph_roles|length > 1 or ceph_roles[0] != "client"' + +- name: Create monitor bootstrap path + file: + path: /var/lib/ceph/bootstrap-mon + owner: ceph + group: ceph + mode: 0770 + state: directory + when: '"mon" in ceph_roles' + +- name: Create OSD bootstrap path + file: + path: /var/lib/ceph/bootstrap-osd + owner: ceph + group: ceph + mode: 0770 + state: directory + when: '"osd" in ceph_roles' + +- name: Transfer main admin keyring + copy: + src: '{{ ceph_client_admin_keyring }}' + dest: /etc/ceph/ceph.client.admin.keyring + owner: ceph + group: ceph + mode: 0660 + notify: Restart Ceph + when: '("client" in ceph_roles and "admin" in ceph_keyrings) or "mon" in ceph_roles' + +- name: Transfer additional client keyrings + copy: + src: '../data/ceph/cluster.{{ ceph_fsid }}.client.{{ item }}.keyring' + dest: '/etc/ceph/ceph.client.{{ item }}.keyring' + owner: ceph + group: ceph + mode: 0660 + with_items: + '{{ ceph_keyrings | difference(["admin"]) }}' + when: '"client" in ceph_roles' + +- name: Transfer bootstrap mon keyring + copy: + src: '{{ ceph_mon_keyring }}' + dest: /var/lib/ceph/bootstrap-mon/ceph.keyring + owner: ceph + group: ceph + mode: 0660 + when: '"mon" in ceph_roles' + +- name: Transfer bootstrap mon map + copy: + src: '{{ ceph_mon_map }}' + dest: /var/lib/ceph/bootstrap-mon/ceph.monmap + owner: ceph + group: ceph + mode: 0660 + when: '"mon" in ceph_roles' + +- name: Transfer bootstrap OSD keyring + copy: + src: '{{ ceph_bootstrap_osd_keyring }}' + dest: /var/lib/ceph/bootstrap-osd/ceph.keyring + owner: ceph + group: ceph + mode: 0660 + when: '"osd" in ceph_roles' # - name: Ceph - Deploy mon - - name: Bootstrap Ceph mon - shell: - cmd: sudo -u ceph ceph-mon --mkfs -i {{ inventory_hostname_short }} --monmap /var/lib/ceph/bootstrap-mon/ceph.monmap --keyring /var/lib/ceph/bootstrap-mon/ceph.keyring - creates: /var/lib/ceph/mon/ceph-{{ inventory_hostname_short }}/keyring - notify: - - Enable msgr2 - - Disable insecure_global_id_reclaim - when: '"mon" in ceph_roles' - - - name: Enable and start Ceph mon - systemd: - enabled: yes - name: ceph-mon@{{ inventory_hostname_short }} - state: started - when: '"mon" in ceph_roles' +- name: Bootstrap Ceph mon + shell: + cmd: sudo -u ceph ceph-mon --mkfs -i {{ inventory_hostname_short }} --monmap /var/lib/ceph/bootstrap-mon/ceph.monmap --keyring /var/lib/ceph/bootstrap-mon/ceph.keyring + creates: /var/lib/ceph/mon/ceph-{{ inventory_hostname_short }}/keyring + notify: + - Enable msgr2 + - Disable insecure_global_id_reclaim + when: '"mon" in ceph_roles' + +- name: Enable and start Ceph mon + systemd: + enabled: yes + name: ceph-mon@{{ inventory_hostname_short }} + state: started + when: '"mon" in ceph_roles' # - name: Ceph - Deploy osd - - name: Bootstrap Ceph OSD - shell: - cmd: ceph-volume lvm create --data /dev/disk/by-id/{{ item.data }}{% if "db" in item %} --block.db /dev/disk/by-id/{{ item.db }}{% endif %} - creates: /var/lib/ceph/osd/.{{ item.data }}.created - loop: '{{ ceph_disks }}' - when: '"osd" in ceph_roles' - - - name: Bootstrap Ceph OSD (stamp) - shell: - cmd: touch /var/lib/ceph/osd/.{{ item.data }}.created - creates: /var/lib/ceph/osd/.{{ item.data }}.created - loop: '{{ ceph_disks }}' - when: '"osd" in ceph_roles' +- name: Bootstrap Ceph OSD + shell: + cmd: ceph-volume lvm create --data /dev/disk/by-id/{{ item.data }}{% if "db" in item %} --block.db /dev/disk/by-id/{{ item.db }}{% endif %} + creates: /var/lib/ceph/osd/.{{ item.data }}.created + loop: '{{ ceph_disks }}' + when: '"osd" in ceph_roles' + +- name: Bootstrap Ceph OSD (stamp) + shell: + cmd: touch /var/lib/ceph/osd/.{{ item.data }}.created + creates: /var/lib/ceph/osd/.{{ item.data }}.created + loop: '{{ ceph_disks }}' + when: '"osd" in ceph_roles' # - name: Ceph - Deploy mgr - - name: Create /var/lib/ceph/mgr/ceph-{{ inventory_hostname_short }} - file: - path: /var/lib/ceph/mgr/ceph-{{ inventory_hostname_short }} - owner: ceph - group: ceph - mode: 0770 - state: directory - register: deploy_mgr - when: '"mgr" in ceph_roles' - - - name: Create mgr keyring - delegate_to: "{{ lookup('template', '../files/ceph/ceph.monitors.names.tpl') | from_yaml | first }}" - shell: - cmd: ceph auth get-or-create mgr.{{ inventory_hostname_short }} mon 'allow profile mgr' osd 'allow *' mds 'allow *' - register: mgr_keyring - when: '"mgr" in ceph_roles and deploy_mgr.changed' - - - name: Transfer mgr keyring - copy: - content: "{{ mgr_keyring.stdout }}\n" - dest: "/var/lib/ceph/mgr/ceph-{{ inventory_hostname_short }}/keyring" - owner: ceph - group: ceph - mode: 0660 - when: '"mgr" in ceph_roles and deploy_mgr.changed' - - - name: Enable ceph mgr - systemd: - enabled: yes - name: ceph-mgr@{{ inventory_hostname_short }} - state: started - when: '"mgr" in ceph_roles' +- name: Create /var/lib/ceph/mgr/ceph-{{ inventory_hostname_short }} + file: + path: /var/lib/ceph/mgr/ceph-{{ inventory_hostname_short }} + owner: ceph + group: ceph + mode: 0770 + state: directory + register: deploy_mgr + when: '"mgr" in ceph_roles' + +- name: Create mgr keyring + delegate_to: "{{ lookup('template', '../files/ceph/ceph.monitors.names.tpl') | from_yaml | first }}" + shell: + cmd: ceph auth get-or-create mgr.{{ inventory_hostname_short }} mon 'allow profile mgr' osd 'allow *' mds 'allow *' + register: mgr_keyring + when: '"mgr" in ceph_roles and deploy_mgr.changed' + +- name: Transfer mgr keyring + copy: + content: "{{ mgr_keyring.stdout }}\n" + dest: "/var/lib/ceph/mgr/ceph-{{ inventory_hostname_short }}/keyring" + owner: ceph + group: ceph + mode: 0660 + when: '"mgr" in ceph_roles and deploy_mgr.changed' + +- name: Enable ceph mgr + systemd: + enabled: yes + name: ceph-mgr@{{ inventory_hostname_short }} + state: started + when: '"mgr" in ceph_roles' # - name: Ceph - Deploy mds - - name: Create /var/lib/ceph/mds/ceph-{{ inventory_hostname_short }} - file: - path: /var/lib/ceph/mds/ceph-{{ inventory_hostname_short }} - owner: ceph - group: ceph - mode: 0770 - state: directory - register: deploy_mds - when: '"mds" in ceph_roles' - - - name: Create mds keyring - delegate_to: "{{ lookup('template', '../files/ceph/ceph.monitors.names.tpl') | from_yaml | first }}" - shell: - cmd: ceph auth get-or-create mds.{{ inventory_hostname_short }} mon 'profile mds' mgr 'profile mds' mds 'allow *' osd 'allow *' - register: mds_keyring - when: '"mds" in ceph_roles and deploy_mds.changed' - - - name: Transfer mds keyring - copy: - content: "{{ mds_keyring.stdout }}\n" - dest: "/var/lib/ceph/mds/ceph-{{ inventory_hostname_short }}/keyring" - owner: ceph - group: ceph - mode: 0660 - when: '"mds" in ceph_roles and deploy_mds.changed' - - - name: Enable ceph mds - systemd: - enabled: yes - name: ceph-mds@{{ inventory_hostname_short }} - state: started - when: '"mds" in ceph_roles' +- name: Create /var/lib/ceph/mds/ceph-{{ inventory_hostname_short }} + file: + path: /var/lib/ceph/mds/ceph-{{ inventory_hostname_short }} + owner: ceph + group: ceph + mode: 0770 + state: directory + register: deploy_mds + when: '"mds" in ceph_roles' + +- name: Create mds keyring + delegate_to: "{{ lookup('template', '../files/ceph/ceph.monitors.names.tpl') | from_yaml | first }}" + shell: + cmd: ceph auth get-or-create mds.{{ inventory_hostname_short }} mon 'profile mds' mgr 'profile mds' mds 'allow *' osd 'allow *' + register: mds_keyring + when: '"mds" in ceph_roles and deploy_mds.changed' + +- name: Transfer mds keyring + copy: + content: "{{ mds_keyring.stdout }}\n" + dest: "/var/lib/ceph/mds/ceph-{{ inventory_hostname_short }}/keyring" + owner: ceph + group: ceph + mode: 0660 + when: '"mds" in ceph_roles and deploy_mds.changed' + +- name: Enable ceph mds + systemd: + enabled: yes + name: ceph-mds@{{ inventory_hostname_short }} + state: started + when: '"mds" in ceph_roles' # - name: Ceph - Deploy rgw - - name: Create /var/lib/ceph/radosgw/ceph-rgw.{{ inventory_hostname_short }} - file: - path: /var/lib/ceph/radosgw/ceph-rgw.{{ inventory_hostname_short }} - owner: ceph - group: ceph - mode: 0770 - state: directory - register: deploy_rgw - when: '"rgw" in ceph_roles' - - - name: Create Ceph rgw keyring - delegate_to: "{{ lookup('template', '../files/ceph/ceph.monitors.names.tpl') | from_yaml | first }}" - shell: - cmd: ceph auth get-or-create client.rgw.{{ inventory_hostname_short }} mon 'allow rw' osd 'allow rwx' - register: rgw_keyring - when: '"rgw" in ceph_roles and deploy_rgw.changed' - - - name: Transfer rgw keyring - copy: - content: "{{ rgw_keyring.stdout }}\n" - dest: "/var/lib/ceph/radosgw/ceph-rgw.{{ inventory_hostname_short }}/keyring" - owner: ceph - group: ceph - mode: 0660 - when: '"rgw" in ceph_roles and deploy_rgw.changed' - - - name: Enable ceph rgw - systemd: - enabled: yes - name: ceph-radosgw@rgw.{{ inventory_hostname_short }} - state: started - when: '"rgw" in ceph_roles' +- name: Create /var/lib/ceph/radosgw/ceph-rgw.{{ inventory_hostname_short }} + file: + path: /var/lib/ceph/radosgw/ceph-rgw.{{ inventory_hostname_short }} + owner: ceph + group: ceph + mode: 0770 + state: directory + register: deploy_rgw + when: '"rgw" in ceph_roles' + +- name: Create Ceph rgw keyring + delegate_to: "{{ lookup('template', '../files/ceph/ceph.monitors.names.tpl') | from_yaml | first }}" + shell: + cmd: ceph auth get-or-create client.rgw.{{ inventory_hostname_short }} mon 'allow rw' osd 'allow rwx' + register: rgw_keyring + when: '"rgw" in ceph_roles and deploy_rgw.changed' + +- name: Transfer rgw keyring + copy: + content: "{{ rgw_keyring.stdout }}\n" + dest: "/var/lib/ceph/radosgw/ceph-rgw.{{ inventory_hostname_short }}/keyring" + owner: ceph + group: ceph + mode: 0660 + when: '"rgw" in ceph_roles and deploy_rgw.changed' + +- name: Enable ceph rgw + systemd: + enabled: yes + name: ceph-radosgw@rgw.{{ inventory_hostname_short }} + state: started + when: '"rgw" in ceph_roles' # - name: Ceph - Deploy rbd-mirror - - name: Enable ceph rbd-mirror - systemd: - enabled: yes - name: ceph-rbd-mirror@admin - state: started - when: '"rbd-mirror" in ceph_roles' +- name: Enable ceph rbd-mirror + systemd: + enabled: yes + name: ceph-rbd-mirror@admin + state: started + when: '"rbd-mirror" in ceph_roles' diff --git a/roles/incus/tasks/main.yaml b/roles/incus/tasks/main.yaml index c000c02..cee84bf 100644 --- a/roles/incus/tasks/main.yaml +++ b/roles/incus/tasks/main.yaml @@ -1,160 +1,160 @@ --- # - name: Incus - Add package repository - - name: Create apt keyring path - file: - path: /etc/apt/keyrings/ - mode: 0755 - state: directory - when: 'incus_roles|length > 0 and incus_release != "distro"' - - - name: Add Zabbly repository key - copy: - src: ../files/incus/zabbly.asc - dest: /etc/apt/keyrings/ansible-zabbly.asc - notify: Update apt - when: 'incus_roles|length > 0 and incus_release != "distro"' - - - name: Get DPKG architecture - shell: dpkg --print-architecture - register: dpkg_architecture - changed_when: false - check_mode: no - when: 'incus_roles|length > 0 and incus_release != "distro"' - - - name: Add Zabbly package source - template: - src: ../files/incus/incus.sources.tpl - dest: /etc/apt/sources.list.d/ansible-zabbly-incus-{{ incus_release }}.sources - notify: Update apt - when: 'incus_roles|length > 0 and incus_release != "distro"' - - - name: Update apt - apt: - force_apt_get: yes - update_cache: yes - cache_valid_time: 0 +- name: Create apt keyring path + file: + path: /etc/apt/keyrings/ + mode: 0755 + state: directory + when: 'incus_roles|length > 0 and incus_release != "distro"' + +- name: Add Zabbly repository key + copy: + src: ../files/incus/zabbly.asc + dest: /etc/apt/keyrings/ansible-zabbly.asc + notify: Update apt + when: 'incus_roles|length > 0 and incus_release != "distro"' + +- name: Get DPKG architecture + shell: dpkg --print-architecture + register: dpkg_architecture + changed_when: false + check_mode: no + when: 'incus_roles|length > 0 and incus_release != "distro"' + +- name: Add Zabbly package source + template: + src: ../files/incus/incus.sources.tpl + dest: /etc/apt/sources.list.d/ansible-zabbly-incus-{{ incus_release }}.sources + notify: Update apt + when: 'incus_roles|length > 0 and incus_release != "distro"' + +- name: Update apt + apt: + force_apt_get: yes + update_cache: yes + cache_valid_time: 0 # - name: Incus - Install packages and bootstrap - - name: Install the Incus package - apt: - name: - - incus - install_recommends: no - state: present - register: install - when: 'incus_roles | length > 0' - - - name: Install the Incus UI package - apt: - name: - - incus-ui-canonical - install_recommends: no - state: present - when: '"ui" in incus_roles' - - - name: Install btrfs tools - apt: - name: - - btrfs-progs - install_recommends: no - state: present - when: "incus_roles | length > 0 and 'btrfs' in incus_init['storage'] | dict2items | json_query('[].value.driver')" - - - name: Install ceph tools - apt: - name: - - ceph-common - install_recommends: no - state: present - when: "incus_roles | length > 0 and 'ceph' in incus_init['storage'] | dict2items | json_query('[].value.driver')" - - - name: Install LVM tools - apt: - name: - - lvm2 - install_recommends: no - state: present - when: "incus_roles | length > 0 and 'lvm' in incus_init['storage'] | dict2items | json_query('[].value.driver')" - - - name: Install ZFS tools - apt: - name: - - zfsutils-linux - install_recommends: no - state: present - when: "incus_roles | length > 0 and 'zfs' in incus_init['storage'] | dict2items | json_query('[].value.driver')" - - - name: Set client listen address - shell: - cmd: "incus --force-local config set core.https_address {{ incus_ip_address }}" - when: 'install.changed and ("standalone" in incus_roles or ("cluster" in incus_roles and incus_servers[0] == inventory_hostname))' - - - name: Set cluster listen address - shell: - cmd: "incus --force-local config set cluster.https_address {{ incus_ip_address }}" - when: 'install.changed and "cluster" in incus_roles and incus_servers[0] == inventory_hostname' - - - name: Set OVN NorthBound database - shell: - cmd: "incus --force-local config set network.ovn.northbound_connection={{ incus_ovn_northbound }} network.ovn.client_cert=\"{{ lookup('file', '../data/ovn/'+ovn_name+'/'+inventory_hostname+'.crt') }}\" network.ovn.client_key=\"{{ lookup('file', '../data/ovn/'+ovn_name+'/'+inventory_hostname+'.key') }}\" network.ovn.ca_cert=\"{{ lookup('file', '../data/ovn/'+ovn_name+'/ca.crt') }}\"" - notify: Restart Incus - when: 'install.changed and incus_ovn_northbound and ("standalone" in incus_roles or "cluster" in incus_roles)' - - - name: Add networks - shell: - cmd: "incus network create {{ item.key }} --type={{ item.value.type }}{% for k in item.value.local_config | default([]) %} {{ k }}={{ item.value.local_config[k] }}{% endfor %}{% for k in item.value.config | default([]) %} {{ k }}={{ item.value.config[k] }}{% endfor %}" - loop: "{{ incus_init['network'] | dict2items }}" - when: 'install.changed and ("standalone" in incus_roles or ("cluster" in incus_roles and incus_servers[0] == inventory_hostname))' - - - name: Add storage pools - shell: - cmd: "incus storage create {{ item.key }} {{ item.value.driver }}{% for k in item.value.local_config | default([]) %} {{ k }}={{ item.value.local_config[k] }}{% endfor %}{% for k in item.value.config | default([]) %} {{ k }}={{ item.value.config[k] }}{% endfor %}" - loop: "{{ incus_init['storage'] | dict2items }}" - when: 'install.changed and ("standalone" in incus_roles or ("cluster" in incus_roles and incus_servers[0] == inventory_hostname))' - - - name: Add storage pool to default profile - shell: - cmd: "incus profile device add default root disk path=/ pool={{ item }}" - loop: "{{ incus_init['storage'] | dict2items | json_query('[?value.default].key') }}" - when: 'install.changed and ("standalone" in incus_roles or ("cluster" in incus_roles and incus_servers[0] == inventory_hostname))' - - - name: Add network to default profile - shell: - cmd: "incus profile device add default eth0 nic network={{ item }} name=eth0" - loop: "{{ incus_init['network'] | dict2items | json_query('[?value.default].key') }}" - when: 'install.changed and ("standalone" in incus_roles or ("cluster" in incus_roles and incus_servers[0] == inventory_hostname))' - - - name: Bootstrap the cluster - shell: - cmd: "incus --force-local cluster enable {{ inventory_hostname }}" - when: 'install.changed and "cluster" in incus_roles and incus_servers[0] == inventory_hostname' - - - name: Create join tokens - delegate_to: "{{ incus_servers[0] }}" - shell: - cmd: "incus --force-local --quiet cluster add {{ inventory_hostname }}" - register: cluster_add - when: 'install.changed and "cluster" in incus_roles and incus_servers[0] != inventory_hostname' - - - name: Join the cluster - throttle: 1 - shell: - cmd: "incus --force-local admin init --preseed" - stdin: |- - cluster: - enabled: true - cluster_address: "{{ incus_ip_address }}" - cluster_token: "{{ cluster_add.stdout }}" - server_address: "{{ incus_ip_address }}" - member_config:{% for pool in incus_init.storage %}{% for key in incus_init.storage[pool].local_config | default([]) %} - - - entity: storage-pool - name: {{ pool }} - key: {{ key }} - value: {{ incus_init.storage[pool].local_config[key] }}{% endfor %}{% endfor %}{% for network in incus_init.network %}{% for key in incus_init.network[network].local_config | default([]) %} - - - entity: network - name: {{ network }} - key: {{ key }} - value: {{ incus_init.network[network].local_config[key] }}{% endfor %}{% endfor %} - when: 'cluster_add.changed' +- name: Install the Incus package + apt: + name: + - incus + install_recommends: no + state: present + register: install + when: 'incus_roles | length > 0' + +- name: Install the Incus UI package + apt: + name: + - incus-ui-canonical + install_recommends: no + state: present + when: '"ui" in incus_roles' + +- name: Install btrfs tools + apt: + name: + - btrfs-progs + install_recommends: no + state: present + when: "incus_roles | length > 0 and 'btrfs' in incus_init['storage'] | dict2items | json_query('[].value.driver')" + +- name: Install ceph tools + apt: + name: + - ceph-common + install_recommends: no + state: present + when: "incus_roles | length > 0 and 'ceph' in incus_init['storage'] | dict2items | json_query('[].value.driver')" + +- name: Install LVM tools + apt: + name: + - lvm2 + install_recommends: no + state: present + when: "incus_roles | length > 0 and 'lvm' in incus_init['storage'] | dict2items | json_query('[].value.driver')" + +- name: Install ZFS tools + apt: + name: + - zfsutils-linux + install_recommends: no + state: present + when: "incus_roles | length > 0 and 'zfs' in incus_init['storage'] | dict2items | json_query('[].value.driver')" + +- name: Set client listen address + shell: + cmd: "incus --force-local config set core.https_address {{ incus_ip_address }}" + when: 'install.changed and ("standalone" in incus_roles or ("cluster" in incus_roles and incus_servers[0] == inventory_hostname))' + +- name: Set cluster listen address + shell: + cmd: "incus --force-local config set cluster.https_address {{ incus_ip_address }}" + when: 'install.changed and "cluster" in incus_roles and incus_servers[0] == inventory_hostname' + +- name: Set OVN NorthBound database + shell: + cmd: "incus --force-local config set network.ovn.northbound_connection={{ incus_ovn_northbound }} network.ovn.client_cert=\"{{ lookup('file', '../data/ovn/'+ovn_name+'/'+inventory_hostname+'.crt') }}\" network.ovn.client_key=\"{{ lookup('file', '../data/ovn/'+ovn_name+'/'+inventory_hostname+'.key') }}\" network.ovn.ca_cert=\"{{ lookup('file', '../data/ovn/'+ovn_name+'/ca.crt') }}\"" + notify: Restart Incus + when: 'install.changed and incus_ovn_northbound and ("standalone" in incus_roles or "cluster" in incus_roles)' + +- name: Add networks + shell: + cmd: "incus network create {{ item.key }} --type={{ item.value.type }}{% for k in item.value.local_config | default([]) %} {{ k }}={{ item.value.local_config[k] }}{% endfor %}{% for k in item.value.config | default([]) %} {{ k }}={{ item.value.config[k] }}{% endfor %}" + loop: "{{ incus_init['network'] | dict2items }}" + when: 'install.changed and ("standalone" in incus_roles or ("cluster" in incus_roles and incus_servers[0] == inventory_hostname))' + +- name: Add storage pools + shell: + cmd: "incus storage create {{ item.key }} {{ item.value.driver }}{% for k in item.value.local_config | default([]) %} {{ k }}={{ item.value.local_config[k] }}{% endfor %}{% for k in item.value.config | default([]) %} {{ k }}={{ item.value.config[k] }}{% endfor %}" + loop: "{{ incus_init['storage'] | dict2items }}" + when: 'install.changed and ("standalone" in incus_roles or ("cluster" in incus_roles and incus_servers[0] == inventory_hostname))' + +- name: Add storage pool to default profile + shell: + cmd: "incus profile device add default root disk path=/ pool={{ item }}" + loop: "{{ incus_init['storage'] | dict2items | json_query('[?value.default].key') }}" + when: 'install.changed and ("standalone" in incus_roles or ("cluster" in incus_roles and incus_servers[0] == inventory_hostname))' + +- name: Add network to default profile + shell: + cmd: "incus profile device add default eth0 nic network={{ item }} name=eth0" + loop: "{{ incus_init['network'] | dict2items | json_query('[?value.default].key') }}" + when: 'install.changed and ("standalone" in incus_roles or ("cluster" in incus_roles and incus_servers[0] == inventory_hostname))' + +- name: Bootstrap the cluster + shell: + cmd: "incus --force-local cluster enable {{ inventory_hostname }}" + when: 'install.changed and "cluster" in incus_roles and incus_servers[0] == inventory_hostname' + +- name: Create join tokens + delegate_to: "{{ incus_servers[0] }}" + shell: + cmd: "incus --force-local --quiet cluster add {{ inventory_hostname }}" + register: cluster_add + when: 'install.changed and "cluster" in incus_roles and incus_servers[0] != inventory_hostname' + +- name: Join the cluster + throttle: 1 + shell: + cmd: "incus --force-local admin init --preseed" + stdin: |- + cluster: + enabled: true + cluster_address: "{{ incus_ip_address }}" + cluster_token: "{{ cluster_add.stdout }}" + server_address: "{{ incus_ip_address }}" + member_config:{% for pool in incus_init.storage %}{% for key in incus_init.storage[pool].local_config | default([]) %} + + - entity: storage-pool + name: {{ pool }} + key: {{ key }} + value: {{ incus_init.storage[pool].local_config[key] }}{% endfor %}{% endfor %}{% for network in incus_init.network %}{% for key in incus_init.network[network].local_config | default([]) %} + + - entity: network + name: {{ network }} + key: {{ key }} + value: {{ incus_init.network[network].local_config[key] }}{% endfor %}{% endfor %} + when: 'cluster_add.changed' diff --git a/roles/ovn/tasks/main.yaml b/roles/ovn/tasks/main.yaml index 68cf3a9..a0a4377 100644 --- a/roles/ovn/tasks/main.yaml +++ b/roles/ovn/tasks/main.yaml @@ -1,233 +1,233 @@ --- # - name: OVN - Generate PKI certificates (central) - - name: Create cluster directory - delegate_to: 127.0.0.1 - file: - path: "../data/ovn/{{ ovn_name }}" - mode: 0755 - state: directory - throttle: 1 - when: '"central" in ovn_roles or "host" in ovn_roles' - - - name: Create CA private key - delegate_to: 127.0.0.1 - community.crypto.openssl_privatekey: - path: "{{ ovn_pki_path }}/ca.key" - register: ca_key - throttle: 1 - when: '"central" in ovn_roles or "host" in ovn_roles' - - - name: Create CA signing request - delegate_to: 127.0.0.1 - community.crypto.openssl_csr_pipe: - privatekey_path: "{{ ovn_pki_path }}/ca.key" - common_name: "OVN CA for {{ ovn_name }}" - use_common_name_for_san: false - basic_constraints: - - 'CA:TRUE' - basic_constraints_critical: true - key_usage: - - keyCertSign - key_usage_critical: true - register: ca_csr - when: "ca_key.changed" - throttle: 1 - - - name: Issue CA certificate - delegate_to: 127.0.0.1 - community.crypto.x509_certificate: - path: "{{ ovn_pki_path }}/ca.crt" - csr_content: "{{ ca_csr.csr }}" - privatekey_path: "{{ ovn_pki_path }}/ca.key" - provider: selfsigned - when: "ca_csr.changed" - throttle: 1 - - - name: Create server keys - delegate_to: 127.0.0.1 - community.crypto.openssl_privatekey: - path: "{{ ovn_pki_path }}/{{ inventory_hostname }}.key" - register: cert_key - when: 'ovn_roles | length > 0' - - - name: Create server signing request - delegate_to: 127.0.0.1 - community.crypto.openssl_csr_pipe: - privatekey_path: "{{ ovn_pki_path }}/{{ inventory_hostname }}.key" - common_name: "OVN certificate for {{ inventory_hostname }}" - use_common_name_for_san: false - register: cert_csr - when: "cert_key.changed" - - - name: Issue server certificate - delegate_to: 127.0.0.1 - community.crypto.x509_certificate: - path: "{{ ovn_pki_path }}/{{ inventory_hostname }}.crt" - csr_content: "{{ cert_csr.csr }}" - ownca_path: "{{ ovn_pki_path }}/ca.crt" - ownca_privatekey_path: "{{ ovn_pki_path }}/ca.key" - ownca_not_after: "+3650d" - ownca_not_before: "-1d" - provider: ownca - when: "cert_csr.changed" - throttle: 1 +- name: Create cluster directory + delegate_to: 127.0.0.1 + file: + path: "../data/ovn/{{ ovn_name }}" + mode: 0755 + state: directory + throttle: 1 + when: '"central" in ovn_roles or "host" in ovn_roles' + +- name: Create CA private key + delegate_to: 127.0.0.1 + community.crypto.openssl_privatekey: + path: "{{ ovn_pki_path }}/ca.key" + register: ca_key + throttle: 1 + when: '"central" in ovn_roles or "host" in ovn_roles' + +- name: Create CA signing request + delegate_to: 127.0.0.1 + community.crypto.openssl_csr_pipe: + privatekey_path: "{{ ovn_pki_path }}/ca.key" + common_name: "OVN CA for {{ ovn_name }}" + use_common_name_for_san: false + basic_constraints: + - 'CA:TRUE' + basic_constraints_critical: true + key_usage: + - keyCertSign + key_usage_critical: true + register: ca_csr + when: "ca_key.changed" + throttle: 1 + +- name: Issue CA certificate + delegate_to: 127.0.0.1 + community.crypto.x509_certificate: + path: "{{ ovn_pki_path }}/ca.crt" + csr_content: "{{ ca_csr.csr }}" + privatekey_path: "{{ ovn_pki_path }}/ca.key" + provider: selfsigned + when: "ca_csr.changed" + throttle: 1 + +- name: Create server keys + delegate_to: 127.0.0.1 + community.crypto.openssl_privatekey: + path: "{{ ovn_pki_path }}/{{ inventory_hostname }}.key" + register: cert_key + when: 'ovn_roles | length > 0' + +- name: Create server signing request + delegate_to: 127.0.0.1 + community.crypto.openssl_csr_pipe: + privatekey_path: "{{ ovn_pki_path }}/{{ inventory_hostname }}.key" + common_name: "OVN certificate for {{ inventory_hostname }}" + use_common_name_for_san: false + register: cert_csr + when: "cert_key.changed" + +- name: Issue server certificate + delegate_to: 127.0.0.1 + community.crypto.x509_certificate: + path: "{{ ovn_pki_path }}/{{ inventory_hostname }}.crt" + csr_content: "{{ cert_csr.csr }}" + ownca_path: "{{ ovn_pki_path }}/ca.crt" + ownca_privatekey_path: "{{ ovn_pki_path }}/ca.key" + ownca_not_after: "+3650d" + ownca_not_before: "-1d" + provider: ownca + when: "cert_csr.changed" + throttle: 1 # - name: OVN - Add package repository - - name: Create apt keyring path - file: - path: /etc/apt/keyrings/ - mode: 0755 - state: directory - when: 'ovn_roles|length > 0 and ovn_release != "distro"' - - - name: Add PPA GPG key - copy: - src: ../files/ovn/ovn-ppa.asc - dest: /etc/apt/keyrings/ansible-ovn-ppa.asc - notify: Update apt - when: 'ovn_roles|length > 0 and ovn_release == "ppa"' - - - name: Get DPKG architecture - shell: dpkg --print-architecture - register: dpkg_architecture - changed_when: false - check_mode: no - when: 'ovn_roles|length > 0 and ovn_release != "distro"' - - - name: Add OVN PPA package source - template: - src: ../files/ovn/ovn-ppa.sources.tpl - dest: /etc/apt/sources.list.d/ansible-ovn-ppa.sources - notify: Update apt - when: 'ovn_roles|length > 0 and ovn_release == "ppa"' - - - name: Update apt - apt: - force_apt_get: yes - update_cache: yes - cache_valid_time: 0 +- name: Create apt keyring path + file: + path: /etc/apt/keyrings/ + mode: 0755 + state: directory + when: 'ovn_roles|length > 0 and ovn_release != "distro"' + +- name: Add PPA GPG key + copy: + src: ../files/ovn/ovn-ppa.asc + dest: /etc/apt/keyrings/ansible-ovn-ppa.asc + notify: Update apt + when: 'ovn_roles|length > 0 and ovn_release == "ppa"' + +- name: Get DPKG architecture + shell: dpkg --print-architecture + register: dpkg_architecture + changed_when: false + check_mode: no + when: 'ovn_roles|length > 0 and ovn_release != "distro"' + +- name: Add OVN PPA package source + template: + src: ../files/ovn/ovn-ppa.sources.tpl + dest: /etc/apt/sources.list.d/ansible-ovn-ppa.sources + notify: Update apt + when: 'ovn_roles|length > 0 and ovn_release == "ppa"' + +- name: Update apt + apt: + force_apt_get: yes + update_cache: yes + cache_valid_time: 0 # - name: OVN - Install packages - - name: Install the OVN central package - apt: - name: - - ovn-central - install_recommends: no - state: present - when: '"central" in ovn_roles' - - - name: Install the OVN IC database package - apt: - name: - - ovn-ic-db - install_recommends: no - state: present - when: '"ic-db" in ovn_roles' - - - name: Install the OVN IC package - apt: - name: - - ovn-ic - install_recommends: no - state: present - when: '"ic" in ovn_roles' - - - name: Install the OVN host package - apt: - name: - - ovn-host - install_recommends: no - state: present - notify: - - Configure OVS - - Enable OVN IC gateway - when: '"host" in ovn_roles' +- name: Install the OVN central package + apt: + name: + - ovn-central + install_recommends: no + state: present + when: '"central" in ovn_roles' + +- name: Install the OVN IC database package + apt: + name: + - ovn-ic-db + install_recommends: no + state: present + when: '"ic-db" in ovn_roles' + +- name: Install the OVN IC package + apt: + name: + - ovn-ic + install_recommends: no + state: present + when: '"ic" in ovn_roles' + +- name: Install the OVN host package + apt: + name: + - ovn-host + install_recommends: no + state: present + notify: + - Configure OVS + - Enable OVN IC gateway + when: '"host" in ovn_roles' # - name: OVN - Set up daemon configuration - - name: Create OVN config directory - file: - path: /etc/ovn - mode: 0755 - state: directory - when: 'ovn_roles | length > 0' - - - name: Transfer OVN CA certificate - copy: - src: "{{ ovn_pki_path }}/ca.crt" - dest: /etc/ovn/{{ ovn_name }}.ca.crt - mode: 0644 - when: 'ovn_roles | length > 0' - - - name: Transfer OVN server certificate - copy: - src: "{{ ovn_pki_path }}/{{ inventory_hostname }}.crt" - dest: /etc/ovn/{{ ovn_name }}.server.crt - mode: 0644 - when: 'ovn_roles | length > 0' - - - name: Transfer OVN server key - copy: - src: "{{ ovn_pki_path }}/{{ inventory_hostname }}.key" - dest: /etc/ovn/{{ ovn_name }}.server.key - mode: 0600 - when: 'ovn_roles | length > 0' - notify: - - Configure OVN central northbound DB for SSL (certs) - - Configure OVN central northbound DB for SSL (ports) - - Configure OVN central southbound DB for SSL (certs) - - Configure OVN central southbound DB for SSL (ports) - - Configure OVN IC northbound DB for SSL (certs) - - Configure OVN IC northbound DB for SSL (ports) - - Configure OVN IC southbound DB for SSL (certs) - - Configure OVN IC southbound DB for SSL (ports) - - - name: Configure OVN central database - template: - src: ../files/ovn/ovn-central.tpl - dest: /etc/default/ovn-central - notify: - - Restart OVN central - - Configure OVN AZ name - - Enable OVN IC route sharing - when: '"central" in ovn_roles' - - - name: Configure OVN host - template: - src: ../files/ovn/ovn-host.tpl - dest: /etc/default/ovn-host - notify: - - Restart OVN host - when: '"host" in ovn_roles' - - - name: Create OVN IC override directory - file: - path: /etc/systemd/system/ovn-ic.service.d - mode: 0755 - state: directory - when: '"ic" in ovn_roles' - - - name: Transfer OVN IC override - copy: - content: | - [Service] - EnvironmentFile=-/etc/default/ovn-ic - ExecStart= - ExecStart=/usr/share/ovn/scripts/ovn-ctl start_ic --no-monitor $OVN_CTL_OPTS - dest: /etc/systemd/system/ovn-ic.service.d/ansible.conf - notify: Restart OVN IC - when: '"ic" in ovn_roles' - - - name: Configure OVN IC database - template: - src: ../files/ovn/ovn-ic.tpl - dest: /etc/default/ovn-ic - notify: - - Restart OVN IC databases - - Restart OVN IC - when: '"ic" in ovn_roles or "ic-db" in ovn_roles' - - - name: Transfer OVN aliases - template: - src: ../files/ovn/alias.sh.tpl - dest: /etc/ovn/alias.sh - when: 'ovn_roles | length > 0' +- name: Create OVN config directory + file: + path: /etc/ovn + mode: 0755 + state: directory + when: 'ovn_roles | length > 0' + +- name: Transfer OVN CA certificate + copy: + src: "{{ ovn_pki_path }}/ca.crt" + dest: /etc/ovn/{{ ovn_name }}.ca.crt + mode: 0644 + when: 'ovn_roles | length > 0' + +- name: Transfer OVN server certificate + copy: + src: "{{ ovn_pki_path }}/{{ inventory_hostname }}.crt" + dest: /etc/ovn/{{ ovn_name }}.server.crt + mode: 0644 + when: 'ovn_roles | length > 0' + +- name: Transfer OVN server key + copy: + src: "{{ ovn_pki_path }}/{{ inventory_hostname }}.key" + dest: /etc/ovn/{{ ovn_name }}.server.key + mode: 0600 + when: 'ovn_roles | length > 0' + notify: + - Configure OVN central northbound DB for SSL (certs) + - Configure OVN central northbound DB for SSL (ports) + - Configure OVN central southbound DB for SSL (certs) + - Configure OVN central southbound DB for SSL (ports) + - Configure OVN IC northbound DB for SSL (certs) + - Configure OVN IC northbound DB for SSL (ports) + - Configure OVN IC southbound DB for SSL (certs) + - Configure OVN IC southbound DB for SSL (ports) + +- name: Configure OVN central database + template: + src: ../files/ovn/ovn-central.tpl + dest: /etc/default/ovn-central + notify: + - Restart OVN central + - Configure OVN AZ name + - Enable OVN IC route sharing + when: '"central" in ovn_roles' + +- name: Configure OVN host + template: + src: ../files/ovn/ovn-host.tpl + dest: /etc/default/ovn-host + notify: + - Restart OVN host + when: '"host" in ovn_roles' + +- name: Create OVN IC override directory + file: + path: /etc/systemd/system/ovn-ic.service.d + mode: 0755 + state: directory + when: '"ic" in ovn_roles' + +- name: Transfer OVN IC override + copy: + content: | + [Service] + EnvironmentFile=-/etc/default/ovn-ic + ExecStart= + ExecStart=/usr/share/ovn/scripts/ovn-ctl start_ic --no-monitor $OVN_CTL_OPTS + dest: /etc/systemd/system/ovn-ic.service.d/ansible.conf + notify: Restart OVN IC + when: '"ic" in ovn_roles' + +- name: Configure OVN IC database + template: + src: ../files/ovn/ovn-ic.tpl + dest: /etc/default/ovn-ic + notify: + - Restart OVN IC databases + - Restart OVN IC + when: '"ic" in ovn_roles or "ic-db" in ovn_roles' + +- name: Transfer OVN aliases + template: + src: ../files/ovn/alias.sh.tpl + dest: /etc/ovn/alias.sh + when: 'ovn_roles | length > 0'