Add openshift_openstack role and move tasks there

All the tasks that were previously in playbooks are now under
`roles/openshift_openstack`.

The `openshift-cluster` directory now only contains playbooks that
include tasks from that role. This makes the structure much closer to
that of the AWS provider.

15 files changed, 392 insertions, 0 deletions

diff --git a/roles/openshift_openstack/tasks/check-prerequisites.yml b/roles/openshift_openstack/tasks/check-prerequisites.yml
new file mode 100644
index 000000000..4d7cfbf11
--- /dev/null
+++ b/roles/openshift_openstack/tasks/check-prerequisites.yml
@@ -0,0 +1,109 @@
+---
+# Check ansible
+- name: Check Ansible version
+  assert:
+    that: >
+      (ansible_version.major == 2 and ansible_version.minor >= 3) or
+      (ansible_version.major > 2)
+    msg: "Ansible version must be at least 2.3"
+
+# Check shade
+- name: Try to import python module shade
+  command: python -c "import shade"
+  ignore_errors: yes
+  register: shade_result
+- name: Check if shade is installed
+  assert:
+    that: 'shade_result.rc == 0'
+    msg: "Python module shade is not installed"
+
+# Check jmespath
+- name: Try to import python module shade
+  command: python -c "import jmespath"
+  ignore_errors: yes
+  register: jmespath_result
+- name: Check if jmespath is installed
+  assert:
+    that: 'jmespath_result.rc == 0'
+    msg: "Python module jmespath is not installed"
+
+# Check python-dns
+- name: Try to import python DNS module
+  command: python -c "import dns"
+  ignore_errors: yes
+  register: pythondns_result
+- name: Check if python-dns is installed
+  assert:
+    that: 'pythondns_result.rc == 0'
+    msg: "Python module python-dns is not installed"
+
+# Check jinja2
+- name: Try to import jinja2 module
+  command: python -c "import jinja2"
+  ignore_errors: yes
+  register: jinja_result
+- name: Check if jinja2 is installed
+  assert:
+    that: 'jinja_result.rc == 0'
+    msg: "Python module jinja2 is not installed"
+
+# Check Glance image
+- name: Try to get image facts
+  os_image_facts:
+    image: "{{ openstack_default_image_name }}"
+  register: image_result
+- name: Check that image is available
+  assert:
+    that: "image_result.ansible_facts.openstack_image"
+    msg: "Image {{ openstack_default_image_name }} is not available"
+
+# Check network name
+- name: Try to get network facts
+  os_networks_facts:
+    name: "{{ openstack_external_network_name }}"
+  register: network_result
+  when: not openstack_provider_network_name|default(None)
+- name: Check that network is available
+  assert:
+    that: "network_result.ansible_facts.openstack_networks"
+    msg: "Network {{ openstack_external_network_name }} is not available"
+  when: not openstack_provider_network_name|default(None)
+
+# Check keypair
+# TODO kpilatov: there is no Ansible module for getting OS keypairs
+#                (os_keypair is not suitable for this)
+#                this method does not force python-openstackclient dependency
+- name: Try to show keypair
+  command: >
+           python -c 'import shade; cloud = shade.openstack_cloud();
+           exit(cloud.get_keypair("{{ openstack_ssh_public_key }}") is None)'
+  ignore_errors: yes
+  register: key_result
+- name: Check that keypair is available
+  assert:
+    that: 'key_result.rc == 0'
+    msg: "Keypair {{ openstack_ssh_public_key }} is not available"
+
+# Check that custom images are available
+- include: custom_image_check.yaml
+  with_items:
+  - "{{ openstack_master_image }}"
+  - "{{ openstack_infra_image }}"
+  - "{{ openstack_node_image }}"
+  - "{{ openstack_lb_image }}"
+  - "{{ openstack_etcd_image }}"
+  - "{{ openstack_dns_image }}"
+  loop_control:
+    loop_var: image
+
+# Check that custom flavors are available
+- include: custom_flavor_check.yaml
+  with_items:
+  - "{{ master_flavor }}"
+  - "{{ infra_flavor }}"
+  - "{{ node_flavor }}"
+  - "{{ lb_flavor }}"
+  - "{{ etcd_flavor }}"
+  - "{{ dns_flavor }}"
+  loop_control:
+    loop_var: flavor
diff --git a/roles/openshift_openstack/tasks/cleanup.yml b/roles/openshift_openstack/tasks/cleanup.yml
new file mode 100644
index 000000000..258334a6b
--- /dev/null
+++ b/roles/openshift_openstack/tasks/cleanup.yml
@@ -0,0 +1,6 @@
+---
+
+- name: cleanup temp files
+  file:
+    path: "{{ stack_template_pre.path }}"
+    state: absent
diff --git a/roles/openshift_openstack/tasks/container-storage-setup.yml b/roles/openshift_openstack/tasks/container-storage-setup.yml
new file mode 100644
index 000000000..5cd48ca2c
--- /dev/null
+++ b/roles/openshift_openstack/tasks/container-storage-setup.yml
@@ -0,0 +1,37 @@
+---
+- block:
+    - name: create the docker-storage config file
+      template:
+        src: "{{ role_path }}/templates/docker-storage-setup-overlayfs.j2"
+        dest: /etc/sysconfig/docker-storage-setup
+        owner: root
+        group: root
+        mode: 0644
+  when:
+    - ansible_distribution_version | version_compare('7.4', '>=')
+    - ansible_distribution == "RedHat"
+
+- block:
+    - name: create the docker-storage-setup config file
+      template:
+        src: "{{ role_path }}/templates/docker-storage-setup-dm.j2"
+        dest: /etc/sysconfig/docker-storage-setup
+        owner: root
+        group: root
+        mode: 0644
+  when:
+    - ansible_distribution_version | version_compare('7.4', '<')
+    - ansible_distribution == "RedHat"
+
+- block:
+    - name: create the docker-storage-setup config file for CentOS
+      template:
+        src: "{{ role_path }}/templates/docker-storage-setup-dm.j2"
+        dest: /etc/sysconfig/docker-storage-setup
+        owner: root
+        group: root
+        mode: 0644
+
+  # TODO(shadower): Find out which CentOS version supports overlayfs2
+  when:
+    - ansible_distribution == "CentOS"
diff --git a/roles/openshift_openstack/tasks/custom_flavor_check.yaml b/roles/openshift_openstack/tasks/custom_flavor_check.yaml
new file mode 100644
index 000000000..e11874c28
--- /dev/null
+++ b/roles/openshift_openstack/tasks/custom_flavor_check.yaml
@@ -0,0 +1,9 @@
+---
+- name: Try to get flavor facts
+  os_flavor_facts:
+    name: "{{ flavor }}"
+  register: flavor_result
+- name: Check that custom flavor is available
+  assert:
+    that: "flavor_result.ansible_facts.openstack_flavors"
+    msg: "Flavor {{ flavor }} is not available."
diff --git a/roles/openshift_openstack/tasks/custom_image_check.yaml b/roles/openshift_openstack/tasks/custom_image_check.yaml
new file mode 100644
index 000000000..4fbd6a687
--- /dev/null
+++ b/roles/openshift_openstack/tasks/custom_image_check.yaml
@@ -0,0 +1,10 @@
+---
+- name: Try to get image facts
+  os_image_facts:
+    image: "{{ image }}"
+  register: image_result
+
+- name: Check that custom image is available
+  assert:
+    that: "image_result.ansible_facts.openstack_image"
+    msg: "Image {{ image }} is not available."
diff --git a/roles/openshift_openstack/tasks/generate-templates.yml b/roles/openshift_openstack/tasks/generate-templates.yml
new file mode 100644
index 000000000..0ff50a095
--- /dev/null
+++ b/roles/openshift_openstack/tasks/generate-templates.yml
@@ -0,0 +1,26 @@
+---
+- name: create HOT stack template prefix
+  register: stack_template_pre
+  tempfile:
+    state: directory
+    prefix: openshift-ansible
+
+- name: set template paths
+  set_fact:
+    stack_template_path: "{{ stack_template_pre.path }}/stack.yaml"
+    user_data_template_path: "{{ stack_template_pre.path }}/user-data"
+
+- name: generate HOT stack template from jinja2 template
+  template:
+    src: heat_stack.yaml.j2
+    dest: "{{ stack_template_path }}"
+
+- name: generate HOT server template from jinja2 template
+  template:
+    src: heat_stack_server.yaml.j2
+    dest: "{{ stack_template_pre.path }}/server.yaml"
+
+- name: generate user_data from jinja2 template
+  template:
+    src: user_data.j2
+    dest: "{{ user_data_template_path }}"
diff --git a/roles/openshift_openstack/tasks/hostname.yml b/roles/openshift_openstack/tasks/hostname.yml
new file mode 100644
index 000000000..0fc8fbc4c
--- /dev/null
+++ b/roles/openshift_openstack/tasks/hostname.yml
@@ -0,0 +1,33 @@
+---
+- name: "Verify hostname"
+  command: hostnamectl status --static
+  register: hostname_fqdn
+
+- name: "Set hostname if required"
+  when: hostname_fqdn.stdout != ansible_fqdn
+  block:
+  - name: Setting Hostname Fact
+    set_fact:
+      new_hostname: "{{ custom_hostname | default(inventory_hostname_short) }}"
+
+  - name: Setting FQDN Fact
+    set_fact:
+      new_fqdn: "{{ new_hostname }}.{{ full_dns_domain }}"
+
+  - name: Setting hostname and DNS domain
+    hostname: name="{{ new_fqdn }}"
+
+  - name: Check for cloud.cfg
+    stat: path=/etc/cloud/cloud.cfg
+    register: cloud_cfg
+
+  - name: Prevent cloud-init updates of hostname/fqdn (if applicable)
+    lineinfile:
+      dest: /etc/cloud/cloud.cfg
+      state: present
+      regexp: "{{ item.regexp }}"
+      line: "{{ item.line }}"
+    with_items:
+    - { regexp: '^ - set_hostname', line: '# - set_hostname' }
+    - { regexp: '^ - update_hostname', line: '# - update_hostname' }
+    when: cloud_cfg.stat.exists == True
diff --git a/roles/openshift_openstack/tasks/net_vars_check.yaml b/roles/openshift_openstack/tasks/net_vars_check.yaml
new file mode 100644
index 000000000..68afde415
--- /dev/null
+++ b/roles/openshift_openstack/tasks/net_vars_check.yaml
@@ -0,0 +1,14 @@
+---
+- name: Check the provider network configuration
+  fail:
+    msg: "Flannel SDN requires a dedicated containers data network and can not work over a provider network"
+  when:
+    - openstack_provider_network_name is defined
+    - openstack_private_data_network_name is defined
+
+- name: Check the flannel network configuration
+  fail:
+    msg: "A dedicated containers data network is only supported with Flannel SDN"
+  when:
+    - openstack_private_data_network_name is defined
+    - not openshift_use_flannel|default(False)|bool
diff --git a/roles/openshift_openstack/tasks/node-configuration.yml b/roles/openshift_openstack/tasks/node-configuration.yml
new file mode 100644
index 000000000..8a6a8022f
--- /dev/null
+++ b/roles/openshift_openstack/tasks/node-configuration.yml
@@ -0,0 +1,11 @@
+---
+- include: hostname.yml
+
+- include: container-storage-setup.yml
+
+- include: node-network.yml
+
+- name: "Verify SELinux is enforcing"
+  fail:
+    msg: "SELinux is required for OpenShift and has been detected as '{{ ansible_selinux.config_mode }}'"
+  when: ansible_selinux.config_mode != "enforcing"
diff --git a/roles/openshift_openstack/tasks/node-network.yml b/roles/openshift_openstack/tasks/node-network.yml
new file mode 100644
index 000000000..f494e5158
--- /dev/null
+++ b/roles/openshift_openstack/tasks/node-network.yml
@@ -0,0 +1,19 @@
+---
+- name: configure NetworkManager
+  lineinfile:
+    dest: "/etc/sysconfig/network-scripts/ifcfg-{{ ansible_default_ipv4['interface'] }}"
+    regexp: '^{{ item }}='
+    line: '{{ item }}=yes'
+    state: present
+    create: yes
+  with_items:
+  - 'USE_PEERDNS'
+  - 'NM_CONTROLLED'
+
+- name: enable and start NetworkManager
+  service:
+    name: NetworkManager
+    state: restarted
+    enabled: yes
+
+# TODO(shadower): add the flannel interface tasks from post-provision-openstack.yml
diff --git a/roles/openshift_openstack/tasks/node-packages.yml b/roles/openshift_openstack/tasks/node-packages.yml
new file mode 100644
index 000000000..c65eaec3b
--- /dev/null
+++ b/roles/openshift_openstack/tasks/node-packages.yml
@@ -0,0 +1,15 @@
+---
+# TODO: subscribe to RHEL and install docker and other packages here
+
+- name: Install required packages
+  yum:
+    name: "{{ item }}"
+    state: latest
+  with_items: "{{ required_packages }}"
+
+- name: Install debug packages (optional)
+  yum:
+    name: "{{ item }}"
+    state: latest
+  with_items: "{{ debug_packages }}"
+  when: install_debug_packages|bool
diff --git a/roles/openshift_openstack/tasks/populate-dns.yml b/roles/openshift_openstack/tasks/populate-dns.yml
new file mode 100644
index 000000000..f1a868a19
--- /dev/null
+++ b/roles/openshift_openstack/tasks/populate-dns.yml
@@ -0,0 +1,5 @@
+# TODO: use nsupdate to populate the DNS servers using the keys
+# specified in the inventory.
+
+# this is an optional step -- the deployers may do whatever else they
+# wish here.
diff --git a/roles/openshift_openstack/tasks/prepare-and-format-cinder-volume.yaml b/roles/openshift_openstack/tasks/prepare-and-format-cinder-volume.yaml
new file mode 100644
index 000000000..fc51f6dc2
--- /dev/null
+++ b/roles/openshift_openstack/tasks/prepare-and-format-cinder-volume.yaml
@@ -0,0 +1,59 @@
+---
+- name: Attach the volume to the VM
+  os_server_volume:
+    state: present
+    server: "{{ groups['masters'][0] }}"
+    volume: "{{ cinder_volume }}"
+  register: volume_attachment
+
+- set_fact:
+    attached_device: >-
+      {{ volume_attachment['attachments']|json_query("[?volume_id=='" + cinder_volume + "'].device | [0]") }}
+
+- delegate_to: "{{ groups['masters'][0] }}"
+  block:
+  - name: Wait for the device to appear
+    wait_for: path={{ attached_device }}
+
+  - name: Create a temp directory for mounting the volume
+    tempfile:
+      prefix: cinder-volume
+      state: directory
+    register: cinder_mount_dir
+
+  - name: Format the device
+    filesystem:
+      fstype: "{{ cinder_fs }}"
+      dev: "{{ attached_device }}"
+
+  - name: Mount the device
+    mount:
+      name: "{{ cinder_mount_dir.path }}"
+      src: "{{ attached_device }}"
+      state: mounted
+      fstype: "{{ cinder_fs }}"
+
+  - name: Change mode on the filesystem
+    file:
+      path: "{{ cinder_mount_dir.path }}"
+      state: directory
+      recurse: true
+      mode: 0777
+
+  - name: Unmount the device
+    mount:
+      name: "{{ cinder_mount_dir.path }}"
+      src: "{{ attached_device }}"
+      state: absent
+      fstype: "{{ cinder_fs }}"
+
+  - name: Delete the temp directory
+    file:
+      name: "{{ cinder_mount_dir.path }}"
+      state: absent
+
+- name: Detach the volume from the VM
+  os_server_volume:
+    state: absent
+    server: "{{ groups['masters'][0] }}"
+    volume: "{{ cinder_volume }}"
diff --git a/roles/openshift_openstack/tasks/provision.yml b/roles/openshift_openstack/tasks/provision.yml
new file mode 100644
index 000000000..8ebda8100
--- /dev/null
+++ b/roles/openshift_openstack/tasks/provision.yml
@@ -0,0 +1,30 @@
+---
+- name: Generate the templates
+  include: generate-templates.yml
+  when:
+  - stack_state == 'present'
+
+- name: Handle the Stack (create/delete)
+  ignore_errors: False
+  register: stack_create
+  os_stack:
+    name: "{{ stack_name }}"
+    state: "{{ stack_state }}"
+    template: "{{ stack_template_path | default(omit) }}"
+    wait: yes
+
+- name: Add the new nodes to the inventory
+  meta: refresh_inventory
+
+- name: Populate DNS entries
+  include: populate-dns.yml
+  when:
+  - stack_state == 'present'
+
+- name: CleanUp
+  include: cleanup.yml
+  when:
+  - stack_state == 'present'
+
+# TODO(shadower): create the registry and PV Cinder volumes if specified
+# and include the `prepare-and-format-cinder-volume` tasks to set it up
diff --git a/roles/openshift_openstack/tasks/subnet_update_dns_servers.yaml b/roles/openshift_openstack/tasks/subnet_update_dns_servers.yaml
new file mode 100644
index 000000000..af28fc98f
--- /dev/null
+++ b/roles/openshift_openstack/tasks/subnet_update_dns_servers.yaml
@@ -0,0 +1,9 @@
+---
+- name: Live update the subnet's DNS servers
+  os_subnet:
+    name: openshift-ansible-{{ stack_name }}-subnet
+    network_name: openshift-ansible-{{ stack_name }}-net
+    state: present
+    use_default_subnetpool: yes
+    dns_nameservers: "{{ [private_dns_server|default(public_dns_nameservers[0])]|union(public_dns_nameservers)|unique }}"
+  when: not provider_network