📦
CHI-in-a-box
  • What is CHI-in-a-Box?
  • Before You Begin
    • Assumed Knowledge
    • Hosts and Services
    • Network Overview
    • CC-Ansible
    • The site configuration
      • inventory
      • defaults.yml
      • passwords.yml
      • certificates/
      • node_custom_config/ (optional)
      • post-deploy.yml (optional)
    • How Deployment Works
    • Security considerations
  • Setup Guides
    • Evaluation Site
      • Bring up the Control Plane
    • Production Baremetal
      • Baremetal QuickStart
      • Host Networking Configuration
    • Troubleshooting
      • Networking
    • Verification Checklist
    • Dev-in-a-Box
    • Edge-in-a-Box
  • Reference
    • Chameleon Identity Federation
    • Ironic Flat Networking
    • Ironic Multi-Tenant Networking
    • Glance Image Storage
    • Resource Reservation
      • Default Resource Properties
    • Monitoring
      • IPMI Metrics
      • SNMP Metrics
  • Example Deployments
    • ARM/x86 mixed architecture
    • Edge computing/container testbed
  • Operations
    • Hardware management
    • Certificate management
    • Chameleon tools
      • Hammers 🔨
        • maintenance_reservation
      • Disk image subscription
      • Usage reporting
    • Troubleshooting
      • Known issues
        • Neutron (networking)
        • Nova (KVM)
        • Ironic (bare metal)
      • Instance networking diagnostics
      • Security incident triage
      • Troublesome Hardware
    • Alert runbooks
      • Cron Job No Recent Success
      • Instance Failure
      • Image Cache Space
      • Ironic Node Error State
      • Jupyter Server Launch Failure
      • MySQL Host Down
      • MySQL Replication Error
      • Node Exporter Down
      • Node Network Bridge Down
      • Node Network Bridge Low Traffic
      • Nova Ironic Instance Launch Failure
      • OpenStack API Down
      • PeriodicTask No Recent Success
      • Portal Down
      • Precis Parsed Events Low
      • Provider Conflict
      • Runbook Template
    • User support guide
    • Upgrading to a new Release
  • Development
    • Developing OpenStack Services
    • Dev-in-a-box
Powered by GitBook
On this page
  • CC-Ansible
  • Configuration secrets
  • Common tasks
  • Upgrade to a new version of an OpenStack image/config
Edit on GitHub
  1. Before You Begin

CC-Ansible

PreviousNetwork OverviewNextThe site configuration

Last updated 2 years ago

CC-Ansible

The cc-ansible script in the root of the repo is used to drive the deployment. With this tool you can upgrade parts of the system, reconfigure various services, update and edit encrypted passwords, and run Chameleon-specific Ansible playbooks to set up supporting infrastructure not provided by the Kolla-Ansible project (such as Chameleon's automated toolkit).

Specifying the site configuration

Most commands require specifying a path to the site configuration, which contains your site-specific variables, overrides, and configuration. You can specify this in two ways, either with the --site flag, or by setting the env variable CC_ANSIBLE_SITE.

./cc-ansible --site /path/to/site-config <cmd>
# Or, by setting env
export CC_ANSIBLE_SITE=/path/to/site-config
./cc-ansible <cmd>

Applying playbooks

Playbooks are set up to target a host group with the same name. This means the grafana playbook will target the grafana host group etc. To run a playbook, you can use the ./cc-ansible wrapper script, which just sets up two important parameters for you: the Ansible Vault configuration, and the inventory path.

# Run the 'grafana' playbook (deploys/updates grafana)
./cc-ansible --playbook playbooks/grafana.yml
# Run only the tasks tagged 'configuration' in the 'grafana' playbook
# (Any arguments normally passed to ansible-playbook can be passed here.)
./cc-ansible --playbook playbooks/grafana.yml --tags configuration

Running Kolla-Ansible actions

Much of the deployment is ultimately controlled by . To invoke, you can use the ./cc-ansible tool much like you could use kolla-ansible:

# Deploy the Neutron components
./cc-ansible deploy --tags neutron
# Pull latest images for all components
./cc-ansible pull
# Upgrade Nova and Ironic
./cc-ansible upgrade --tags nova,ironic

Post-deployment

There is a post-deploy script you can run to finish things up. This will install compatible versions of all OpenStack clients for your deployment and set up some OpenStack entities needed to do bare metal provisioning.

./cc-ansible post-deploy

Finally, consider adding the following to your .bashrc or similar:

# Pre-set site so you don't have to type it each time
export CC_ANSIBLE_SITE=/opt/config/<your_site>

# Source OpenStack client environment automatically
if [ -f "$CC_ANSIBLE_SITE/admin-openrc.sh" ]; then
  source "$CC_ANSIBLE_SITE/admin-openrc.sh"
fi

# Source virtualenv to have access to OpenStack clients installed
# in virtualenv (assumes this repo is installed at /etc/ansible)
if [ -f /etc/ansible/venv/bin/activate ]; then
  export VIRTUAL_ENV_DISABLE_PROMPT=1
  source /etc/ansible/venv/bin/activate
fi

Configuration secrets

# Opens an interactive editor for editing passwords
./cc-ansible edit_passwords
# Prints unencrypted passwords to stdout
./cc-ansible decrypt_passwords

Common tasks

Upgrade to a new version of an OpenStack image/config

A full upgrade of a given service (or set of services) is a pull operation followed by an upgrade. The pull will pull the latest version of the Docker image for the service(s) and can be done ahead of time to save time in the maintenance window, if desired. The upgrade task will perform any database migrations, update the runtime configuration, and redeploy the service at the new version.

./cc-ansible pull --tags ironic
./cc-ansible upgrade --tags ironic
# Or, perform a full (!) upgrade of all OpenStack services
./cc-ansible pull && ./cc-ansible upgrade

Secrets like database and user passwords or sensitive API keys should be encrypted with in a passwords.yml file located in the site configuration. This is encrypted with a symmetrical cipher key (vault_password). This key should never be stored in source control. You can edit or view the encrypted contents with the ./cc-ansible tool:

hammers
Kolla-Ansible
Ansible Vault