update vendor/ansible to recent ansible/master

vendor/ansible/Vagrantfile

@@ -43,6 +43,9 @@ Vagrant.configure(2) do |config|
         node.vm.provider "virtualbox" do |vb|
             vb.customize ['modifyvm', :id, '--memory', "4096"]
             vb.customize ["modifyvm", :id, "--cpus", "2"]
+            vb.customize ['modifyvm', :id, '--paravirtprovider', 'kvm']
+            vb.customize ['modifyvm', :id, '--natdnshostresolver1', 'on']
+            vb.customize ['modifyvm', :id, '--natdnsproxy1', 'on']
         end
 
         if ansible_groups["devtest"] == nil then

vendor/ansible/cleanup.yml

@@ -8,34 +8,21 @@
   tasks:
     - include_vars: roles/{{ item }}/defaults/main.yml
       with_items:
-      - "etcd"
-      - "ucp"
-    - include: roles/contiv_network/tasks/cleanup.yml
-      ignore_errors: yes
-    - include: roles/contiv_storage/tasks/cleanup.yml
-      ignore_errors: yes
-    - include: roles/contiv_cluster/tasks/cleanup.yml
-      ignore_errors: yes
-    - include: roles/swarm/tasks/cleanup.yml
-      ignore_errors: yes
-    - include: roles/ucp/tasks/cleanup.yml
-      ignore_errors: yes
-    - include: roles/docker/tasks/cleanup.yml
-      ignore_errors: yes
-    - include: roles/etcd/tasks/cleanup.yml
-      ignore_errors: yes
-    - include: roles/ucarp/tasks/cleanup.yml
+        - "contiv_network"
+        - "contiv_storage"
+        - "contiv_cluster"
+        - "swarm"
+        - "ucp"
+        - "docker"
+        - "etcd"
+    - include: roles/{{ item }}/tasks/cleanup.yml
+      with_items:
+        - contiv_network
+        - contiv_storage
+        - contiv_cluster
+        - swarm
+        - ucp
+        - docker
+        - etcd
+        - ucarp
       ignore_errors: yes
-    # XXX: following syntax is much cleaner but is available only in v2.
-    # Will move to this once our packer images and hosts have consistently moved to Ansiblev2
-    #- include: roles/{{ item }}/tasks/cleanup.yml
-    #  with_items:
-    #    - contiv_network
-    #    - contiv_storage
-    #    - contiv_cluster
-    #    - swarm
-    #    - ucp
-    #    - docker
-    #    - etcd
-    #    - ucarp
-    #  ignore_errors: yes

vendor/ansible/group_vars/all

@@ -25,3 +25,5 @@ validate_certs: "yes"
 # env:
 # service_vip:
 # control_interface:
+
+host_capability: "can-run-user-containers, storage"

vendor/ansible/roles/ansible/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+# This role contains tasks for installing ansible
+
+- name: install ansible (redhat)
+  yum:
+    name: ansible
+    enablerepo: epel-testing
+    state: latest
+  when: ansible_os_family == "RedHat"
+
+- name: add ansible apt repository (debian)
+  apt_repository:
+    repo: ppa:ansible/ansible
+    state: present
+    validate_certs: "{{ validate_certs }}"
+  when: ansible_os_family == "Debian"
+
+- name: install ansible (debian)
+  apt: name=ansible state=latest
+  when: ansible_os_family == "Debian"

vendor/ansible/roles/base/tasks/redhat_tasks.yml

@@ -1,46 +1,23 @@
-- name: upgrade system (redhat)
-  yum:
-    update_cache: true
-    name: '*'
-    state: latest
-
 # install epel-release first to ensure the extra packages can be installed later
 - name: install epel release package (redhat)
   yum:
     name: epel-release
+    state: latest
 
-- name: install base packages (redhat)
+- name: install/upgrade base packages (redhat)
   yum:
     name: "{{ item }}"
+    update_cache: true
+    state: latest
   with_items:
     - ntp
     - unzip
     - bzip2
-    - vim
     - curl
-    - git
-    - mercurial
-    - gcc
-    - perl
     - librbd1-devel
-    - lshw
     - python-requests # XXX required by ceph repo, but it has a bad package on it
     - bash-completion
+    - kernel #keep kernel up to date
 
 - name: install and start ntp
   shell: systemctl enable ntpd
-
-- name: install python-crypto
-  yum: name=python-crypto state=present
-  register: python_crypto_result
-  ignore_errors: yes
-
-- name: remove python crypt egg file to work-around https://bugs.centos.org/view.php?id=9896&nbn=2
-  shell: rm -rf /usr/lib64/python2.7/site-packages/pycrypto-*.egg-info
-  when: '"Error unpacking rpm package python2-crypto-" in python_crypto_result.msg'
-
-- name: install ansible (redhat)
-  yum:
-    name: ansible
-    enablerepo: epel-testing
-    state: latest

vendor/ansible/roles/base/tasks/ubuntu_tasks.yml

@@ -6,25 +6,11 @@
 - name: install base packages (debian)
   apt:
     name: "{{ item }}"
+    state: latest
   with_items:
     - unzip
     - bzip2
-    - vim-nox
     - curl
     - python-software-properties
-    - git
-    - mercurial
-    - build-essential
-    - perl
     - librbd-dev
-    - lshw
     - bash-completion
-
-- name: add ansible apt repository (debian)
-  apt_repository:
-    repo: ppa:ansible/ansible
-    state: present
-    validate_certs: "{{ validate_certs }}"
-
-- name: install ansible (debian)
-  apt: name=ansible state=present

vendor/ansible/roles/ceph-common/handlers/main.yml

@@ -3,6 +3,18 @@
   apt:
     update-cache: yes
 
+- name: check for a ceph socket
+  shell: "stat /var/run/ceph/*.asok > /dev/null 2>&1"
+  changed_when: false
+  failed_when: false
+  register: socket
+
+- name: check for a rados gateway socket
+  shell: "stat {{ rbd_client_admin_socket_path }}*.asok > /dev/null 2>&1"
+  changed_when: false
+  failed_when: false
+  register: socketrgw
+
 - name: restart ceph mons
   command: service ceph restart mon
   when:

vendor/ansible/roles/ceph-common/tasks/main.yml

@@ -37,18 +37,6 @@
     radosgw_frontend == 'apache' and
     rgw_group_name in group_names
 
-- name: check for a ceph socket
-  shell: "stat /var/run/ceph/*.asok > /dev/null 2>&1"
-  changed_when: false
-  failed_when: false
-  register: socket
-
-- name: check for a rados gateway socket
-  shell: "stat {{ rbd_client_admin_socket_path }}*.asok > /dev/null 2>&1"
-  changed_when: false
-  failed_when: false
-  register: socketrgw
-
 - name: create a local fetch directory if it doesn't exist
   local_action: file path={{ fetch_directory }} state=directory
   changed_when: false
@@ -86,6 +74,8 @@
     group: root
     mode: 0644
   notify:
+    - check for a ceph socket
+    - check for a rados gateway socket
     - restart ceph mons
     - restart ceph mons on ubuntu
     - restart ceph mons with systemd

vendor/ansible/roles/contiv_cluster/defaults/main.yml

@@ -1,11 +1,15 @@
 ---
 # role variable for the cluster manager service
 
-collins_image: contiv/collins:02_25_2016
+collins_image: contiv/collins
+collins_image_version: "02_25_2016"
 collins_host_port: 9000
 collins_guest_port: 9000
 
-contiv_cluster_version: "v0.0.0-03-08-2016.00-06-26.UTC"
+clusterm_args_file: "clusterm.args"
+clusterm_conf_file: "clusterm.conf"
+
+contiv_cluster_version: "v0.0.0-03-13-2016.03-44-45.UTC"
 contiv_cluster_tar_file: "cluster-{{ contiv_cluster_version }}.tar.bz2"
 contiv_cluster_src_file: "https://github.com/contiv/cluster/releases/download/{{ contiv_cluster_version }}/{{ contiv_cluster_tar_file }}"
 contiv_cluster_dest_file: "/tmp/{{ contiv_cluster_tar_file }}"

vendor/ansible/roles/contiv_cluster/files/clusterm.args

@@ -0,0 +1 @@
+CLUSTERM_ARGS="--config=/etc/default/clusterm/clusterm.conf"

vendor/ansible/roles/contiv_cluster/files/clusterm.conf

@@ -0,0 +1,3 @@
+{
+  "comment" : "empty JSON loads a default clusterm configuration. Add configuration here and restart clusterm service to load non-default configuration"
+}

vendor/ansible/roles/contiv_cluster/meta/main.yml

@@ -0,0 +1,5 @@
+---
+# The dependecies for cluster-mgr
+
+dependencies:
+- { role: ansible }

vendor/ansible/roles/contiv_cluster/tasks/main.yml

@@ -11,8 +11,16 @@
   tags:
     - prebake-for-dev
 
+- name: check for collins image
+  shell: "docker images | grep {{ collins_image }} | grep -q {{ collins_image_version }}"
+  ignore_errors: true
+  register: collins_exists
+  tags:
+    - prebake-for-dev
+
 - name: pull collins container image
-  shell: docker pull {{ collins_image }}
+  shell: "docker pull {{ collins_image }}:{{ collins_image_version }}"
+  when: not collins_exists|success
   tags:
     - prebake-for-dev
 
@@ -33,11 +41,22 @@
     chdir: /usr/bin/
   when: download_result | changed 
 
-- name: copy environment file for clusterm
-  copy: src=clusterm dest=/etc/default/clusterm
+- name: create conf dir for clusterm
+  file:
+    name: /etc/default/clusterm/
+    state: directory
+
+- name: copy conf files for clusterm
+  copy:
+    src: "{{ item }}"
+    dest: /etc/default/clusterm/{{ item }}
+    force: yes
+  with_items:
+    - "{{ clusterm_args_file }}"
+    - "{{ clusterm_conf_file }}"
 
 - name: copy systemd units for clusterm
-  copy: src=clusterm.service dest=/etc/systemd/system/clusterm.service
+  template: src=clusterm.j2 dest=/etc/systemd/system/clusterm.service
 
 - name: start clusterm
   service: name=clusterm state=started

vendor/ansible/roles/contiv_cluster/files/clusterm.service → vendor/ansible/roles/contiv_cluster/templates/clusterm.j2

@@ -3,7 +3,7 @@ Description=Clusterm
 After=auditd.service systemd-user-sessions.service time-sync.target serf.service collins.service
 
 [Service]
-EnvironmentFile=/etc/default/clusterm
+EnvironmentFile=/etc/default/clusterm/{{ clusterm_args_file }}
 ExecStart=/usr/bin/clusterm $CLUSTERM_ARGS
 Restart=on-failure
 RestartSec=10

vendor/ansible/roles/contiv_cluster/templates/collins.j2

@@ -11,7 +11,7 @@ start)
     set -e
 
     /usr/bin/docker run -t -p {{ collins_host_port }}:{{ collins_guest_port }} \
-        --name collins {{ collins_image }}
+        --name collins {{ collins_image }}:{{ collins_image_version }}
     ;;
 
 stop)

vendor/ansible/roles/contiv_network/defaults/main.yml

@@ -7,13 +7,24 @@
 contiv_network_mode: "standalone" # Accepted values: standalone, aci
 netplugin_mode: "docker" # Accepted values: docker, kubernetes
 fwd_mode: "bridge" #Accepted values: bridge , routing
+ofnet_master_port: 9001
+ofnet_agent_port1: 9002
+ofnet_agent_port2: 9003
+netmaster_port: 9999
+gobgp_grpc_port: 8080
+bgp_port: 179
+vxlan_port: 4789
+netplugin_rule_comment: "contiv network traffic"
 
-contiv_network_version: "v0.1-03-05-2016.09-42-48.UTC"
+contiv_network_version: "v0.1-03-16-2016.13-43-59.UTC"
 contiv_network_tar_file: "netplugin-{{ contiv_network_version }}.tar.bz2"
 contiv_network_src_file: "https://github.com/contiv/netplugin/releases/download/{{ contiv_network_version }}/{{ contiv_network_tar_file }}"
 contiv_network_dest_file: "/tmp/{{ contiv_network_tar_file }}"
 
-contivctl_version: "v0.0.0-03-07-2016.23-26-25.UTC"
+contivctl_version: "v0.0.0-03-10-2016.22-13-24.UTC"
 contivctl_tar_file: "contivctl-{{ contivctl_version }}.tar.bz2"
 contivctl_src_file: "https://github.com/contiv/contivctl/releases/download/{{ contivctl_version }}/{{ contivctl_tar_file }}"
 contivctl_dest_file: "/tmp/{{ contivctl_tar_file }}"
+
+apic_epg_bridge_domain: "not_specified"
+apic_contracts_unrestricted_mode: "no"

vendor/ansible/roles/contiv_network/tasks/cleanup.yml

@@ -7,4 +7,22 @@
 - name: stop netplugin
   service: name=netplugin state=stopped
 
+- name: cleanup netmaster host alias
+  lineinfile:
+    dest: /etc/hosts
+    regexp: " netmaster$"
+    state: absent
+  become: true
+
+- name: cleanup iptables for contiv network control plane
+  shell: iptables -D INPUT -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "{{ netplugin_rule_comment }} ({{ item }})"
+  become: true
+  with_items:
+    - "{{ ofnet_master_port }}"
+    - "{{ ofnet_agent_port1 }}"
+    - "{{ ofnet_agent_port2 }}"
+    - "{{ netmaster_port }}"
+    - "{{ gobgp_grpc_port }}"
+    - "{{ bgp_port }}"
+
 - include: ovs_cleanup.yml

vendor/ansible/roles/contiv_network/tasks/main.yml

@@ -17,6 +17,19 @@
 # install can be conditional based on deployment environment.
 - include: ovs.yml
 
+- name: setup iptables for contiv network control plane
+  shell: >
+      ( iptables -L INPUT | grep "{{ netplugin_rule_comment }} ({{ item }})" ) || \
+      iptables -I INPUT 1 -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "{{ netplugin_rule_comment }} ({{ item }})"
+  become: true
+  with_items:
+    - "{{ ofnet_master_port }}"
+    - "{{ ofnet_agent_port1 }}"
+    - "{{ ofnet_agent_port2 }}"
+    - "{{ netmaster_port }}"
+    - "{{ gobgp_grpc_port }}"
+    - "{{ bgp_port }}"
+
 - name: download netmaster and netplugin
   get_url:
     validate_certs: "{{ validate_certs }}"
@@ -54,7 +67,12 @@
   shell: systemctl daemon-reload && systemctl start netplugin
 
 - name: setup netmaster host alias
-  shell: echo "{{ service_vip }} netmaster" >> /etc/hosts
+  lineinfile:
+    dest: /etc/hosts
+    line: "{{ service_vip }} netmaster"
+    regexp: " netmaster$"
+    state: present
+  become: true
 
 - name: copy environment file for netmaster
   copy: src=netmaster dest=/etc/default/netmaster