CC-Ansible
Last updated
Last updated
The cc-ansible
script in the root of the repo is used to drive the deployment. With this tool you can upgrade parts of the system, reconfigure various services, update and edit encrypted passwords, and run Chameleon-specific Ansible playbooks to set up supporting infrastructure not provided by the Kolla-Ansible project (such as Chameleon's automated toolkit).
Most commands require specifying a path to the site configuration, which contains your site-specific variables, overrides, and configuration. You can specify this in two ways, either with the --site
flag, or by setting the env variable CC_ANSIBLE_SITE
.
Playbooks are set up to target a host group with the same name. This means the grafana
playbook will target the grafana
host group etc. To run a playbook, you can use the ./cc-ansible
wrapper script, which just sets up two important parameters for you: the Ansible Vault configuration, and the inventory path.
Much of the deployment is ultimately controlled by . To invoke, you can use the ./cc-ansible
tool much like you could use kolla-ansible
:
There is a post-deploy
script you can run to finish things up. This will install compatible versions of all OpenStack clients for your deployment and set up some OpenStack entities needed to do bare metal provisioning.
Finally, consider adding the following to your .bashrc or similar:
A full upgrade of a given service (or set of services) is a pull
operation followed by an upgrade
. The pull
will pull the latest version of the Docker image for the service(s) and can be done ahead of time to save time in the maintenance window, if desired. The upgrade
task will perform any database migrations, update the runtime configuration, and redeploy the service at the new version.
Secrets like database and user passwords or sensitive API keys should be encrypted with in a passwords.yml
file located in the site configuration. This is encrypted with a symmetrical cipher key (vault_password
). This key should never be stored in source control. You can edit or view the encrypted contents with the ./cc-ansible
tool: