[tripleo] Ansible roles repo and how to inject them into the overcloud

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[tripleo] Ansible roles repo and how to inject them into the overcloud

Juan Antonio Osorio
Hi folks!

I would like to know if there are thoughts about where to put tripleo-specific ansible roles.

I've been working lately on a role that would deploy ipsec tunnels for most networks in an overcloud [1]. And I think that would be quite useful for folks as an alternative to TLS everywhere. However, I don't know in what TripleO repository I could put that role. Any ideas?

Also, I know I could call that from a composable service (although I would need that to be ran after the puppet steps so maybe I'll need an extra hook). However, is there any recommended way right now on how to inject extra ansible roles into the overcloud nodes? If not, maybe a dedicated hook to do this kind of thing would be something useful for others as well.

Any thoughts?

[1] https://github.com/JAORMX/tripleo-ipsec

--
Juan Antonio Osorio R.
e-mail: [hidden email]


__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [hidden email]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [tripleo] Ansible roles repo and how to inject them into the overcloud

Ben Nemec
On 06/07/2017 09:25 AM, Juan Antonio Osorio wrote:

> Hi folks!
>
> I would like to know if there are thoughts about where to put
> tripleo-specific ansible roles.
>
> I've been working lately on a role that would deploy ipsec tunnels for
> most networks in an overcloud [1]. And I think that would be quite
> useful for folks as an alternative to TLS everywhere. However, I don't
> know in what TripleO repository I could put that role. Any ideas?
>
> Also, I know I could call that from a composable service (although I
> would need that to be ran after the puppet steps so maybe I'll need an
> extra hook). However, is there any recommended way right now on how to
> inject extra ansible roles into the overcloud nodes? If not, maybe a
> dedicated hook to do this kind of thing would be something useful for
> others as well.

I believe you could use the artifact deployment hook.  It can drop files
anywhere on the filesystem.

http://hardysteven.blogspot.com/2016/08/tripleo-deploy-artifacts-and-puppet.html

If this is a thing we expect to be doing a lot we might consider adding
an ansible-specific version like we did for puppet.

>
> Any thoughts?
>
> [1] https://github.com/JAORMX/tripleo-ipsec
>
> --
> Juan Antonio Osorio R.
> e-mail: [hidden email] <mailto:[hidden email]>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: [hidden email]?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [hidden email]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [tripleo] Ansible roles repo and how to inject them into the overcloud

Emilien Macchi-4
In reply to this post by Juan Antonio Osorio
On Wed, Jun 7, 2017 at 10:25 AM, Juan Antonio Osorio
<[hidden email]> wrote:

> Hi folks!
>
> I would like to know if there are thoughts about where to put
> tripleo-specific ansible roles.
>
> I've been working lately on a role that would deploy ipsec tunnels for most
> networks in an overcloud [1]. And I think that would be quite useful for
> folks as an alternative to TLS everywhere. However, I don't know in what
> TripleO repository I could put that role. Any ideas?
>
> Also, I know I could call that from a composable service (although I would
> need that to be ran after the puppet steps so maybe I'll need an extra
> hook). However, is there any recommended way right now on how to inject
> extra ansible roles into the overcloud nodes? If not, maybe a dedicated hook
> to do this kind of thing would be something useful for others as well.
>
> Any thoughts?

General answer (not only for your module):

- If the module can be used by anyone in Ansible community (and not
only in TripleO), push it to be in Ansible Modules Extras:
https://github.com/ansible/ansible-modules-extras
- If it's rejected from Ansible Modules Extras, you can host it on
your own namespace or use redhat-openstack. Example with
https://github.com/redhat-openstack/ansible-pacemaker.
- If it's something TripleO (which means you can run the roles /
module only in a TripleO environment): I would suggest to move it
under OpenStack namespace, under TripleO umbrella, to have a
consistent governance, CI and release management.

I hope this short answer helped. Please give any feedback.

Thanks,

> [1] https://github.com/JAORMX/tripleo-ipsec
>
> --
> Juan Antonio Osorio R.
> e-mail: [hidden email]
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: [hidden email]?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



--
Emilien Macchi

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [hidden email]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Loading...