-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathconfigure_controllers.yml
174 lines (161 loc) · 6.16 KB
/
configure_controllers.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
---
- name: Delete old SSH Keys
hosts: localhost
connection: local
# vars_files:
# - ./answerfile.yml
gather_facts: False
tasks:
- name: Remove previous SSH keys from known_hosts - Managers
command: 'ssh-keygen -R "{{ hostvars[item].ansible_ssh_host }}"'
register: command_result
failed_when: "command_result.rc > 0 and command_result.rc != 255"
with_items: "{{ groups['nsxmanagers'] }}"
- name: Remove previous SSH keys from known_hosts - Controllers
command: 'ssh-keygen -R "{{ hostvars[item].ansible_ssh_host }}"'
register: command_result
failed_when: "command_result.rc > 0 and command_result.rc != 255"
with_items: "{{ groups['nsxcontrollers'] }}"
- name: Remove previous SSH keys from known_hosts - Edges
command: 'ssh-keygen -R "{{ hostvars[item].ansible_ssh_host }}"'
register: command_result
failed_when: "command_result.rc > 0 and command_result.rc != 255"
with_items: "{{ groups['nsxedges'] }}"
tags: clean_old_keys
- name: Wait for all VMs to be reachable
hosts:
- nsxmanagers
- nsxcontrollers
- nsxedges
gather_facts: False
tasks:
- name: Wait for all VMs
local_action: wait_for port=22 host={{ ansible_ssh_host }}
tags: wait_for_vms
- name: Populate known_hosts
hosts: localhost
connection: local
gather_facts: False
tasks:
- name: add host to known_hosts - Managers
shell: 'mkdir -p ~/.ssh; ssh-keyscan -H "{{ hostvars[item].ansible_ssh_host }}" >> ~/.ssh/known_hosts'
with_items: "{{ groups['nsxmanagers'] }}"
- name: add host to known_hosts - Controllers
shell: 'mkdir -p ~/.ssh; ssh-keyscan -H "{{ hostvars[item].ansible_ssh_host }}" >> ~/.ssh/known_hosts'
with_items: "{{ groups['nsxcontrollers'] }}"
- name: add host to known_hosts - Edges
shell: 'mkdir -p ~/.ssh; ssh-keyscan -H "{{ hostvars[item].ansible_ssh_host }}" >> ~/.ssh/known_hosts'
with_items: "{{ groups['nsxedges'] }}"
tags: populate_known_hosts
- name: Retrieve NSX Man thumbprint
serial: 1
hosts: nsx-manager
gather_facts: False
tasks:
- name: Retrieve thumbprint
command: >
/opt/vmware/nsx-cli/bin/scripts/nsxcli
-c get certificate api thumbprint
register: thumbprint
tags: nsxman_thumb
- name: Join controllers and gateways to NSX-Manager
hosts: nsxcontrollers:nsxedges
gather_facts: False
tasks:
- name: Join controllers and gateways to Manager
command: >
/opt/vmware/nsx-cli/bin/scripts/nsxcli
-c join management-plane "{{ hostvars['nsx-manager'].ansible_ssh_host }}"
username admin
thumbprint "{{ hostvars['nsx-manager']['thumbprint']['stdout'] }}"
password "{{ hostvars['nsx-manager'].ansible_ssh_pass }}"
ignore_errors: yes
register: join_result
- debug: msg="{{join_result}}"
- name: Check for Controllers Join Status failed
set_fact: failed_flag=failed
when: "'is already registered' not in item.stdout and item.stderr is defined and 'FAILED' in item.stderr "
with_items:
- "{{ join_result}}"
- fail: msg="Check Controllers Join Status Failed"
when: failed_flag is defined
tags: nsxmanager_join
- name: Prepare first Controller
hosts: nsx-controller01
gather_facts: False
tasks:
- name: Set security-model on first controller
command: >
/opt/vmware/nsx-cli/bin/scripts/nsxcli -c
set control-cluster security-model shared-secret secret "{{ hostvars['nsx-manager'].ansible_ssh_pass }}"
- name: Wait 1 minute before initialize the control-cluster
pause: minutes=1
- name: Initialize the controller cluster
command: >
/opt/vmware/nsx-cli/bin/scripts/nsxcli -c initialize control-cluster
register: initialize
- name: Wait 2 more minutes and try again as it seems the controller is not ready
pause: minutes=2
when: "'initialization timed out' in initialize.stdout"
- name: Retry when first try didn't work
command: >
/opt/vmware/nsx-cli/bin/scripts/nsxcli -c initialize control-cluster
when: "'initialization timed out' in initialize.stdout"
tags: first_controller
- name: Get second and third controllers thumbprint
hosts:
- nsx-controller02
- nsx-controller03
serial: 1
gather_facts: False
tasks:
- name: Set security-model on controllers
command: >
/opt/vmware/nsx-cli/bin/scripts/nsxcli -c
set control-cluster security-model shared-secret secret "{{ hostvars['nsx-manager'].ansible_ssh_pass }}"
- name: Retrieve thumbprint
command: >
/opt/vmware/nsx-cli/bin/scripts/nsxcli
-c get control-cluster certificate thumbprint
register: thumbprint
tags: secondary_controller_prep
- name: Join the second and third controller on the master
hosts: nsx-controller01
gather_facts: False
tasks:
- name: Join second controller to master controller
command: >
/opt/vmware/nsx-cli/bin/scripts/nsxcli -c
join control-cluster "{{ hostvars['nsx-controller02'].ansible_ssh_host }}"
thumbprint "{{ hostvars['nsx-controller02']['thumbprint']['stdout'] }}"
- name: Join third controllers to master controller
command: >
/opt/vmware/nsx-cli/bin/scripts/nsxcli -c
join control-cluster "{{ hostvars['nsx-controller03'].ansible_ssh_host }}"
thumbprint "{{ hostvars['nsx-controller03']['thumbprint']['stdout'] }}"
tags: nsxcontroller_join
- name: Activate Controllers
hosts: nsxcontrollers
serial: 1
gather_facts: False
tasks:
- name: Activate Controllers
command: >
/opt/vmware/nsx-cli/bin/scripts/nsxcli -c
activate control-cluster
register: activate
- name: Wait for 30 seconds and try again
pause: seconds=30
when: "'activation timed out' in activate.stdout"
- name: Retry when first try didn't work
command: >
/opt/vmware/nsx-cli/bin/scripts/nsxcli -c
activate control-cluster
when: "'activation timed out' in activate.stdout"
tags: nsxcontroller_activate
- name: Wait
hosts: localhost
gather_facts: False
tasks:
- name: Wait for 30 seconds before starting with the initial configuration
pause: seconds=30