hpc-cloud/roles/keystone/tasks/main.yml

107 lines
3.7 KiB
YAML
Raw Permalink Normal View History

# Build and install a docker image for keystone.
---
- name: include secrets
include_vars:
file: ../../secrets.yml
name: secrets
- name: Make persistent directories
file:
path: "{{ item }}"
state: directory
mode: 0777
with_items:
- /srv
- /srv/keystone
- /srv/keystone/fernet-keys
- /srv/keystone/root
2017-08-01 10:19:54 +02:00
- set_fact:
Fixes made while testing the playbooks. Updated url of docker registry. make a loop for more flexibility. Introducing listen_ip variable that overrides the default listen_ip. make a loop for more flexibility. Get a listen ip specifically for that host. see if components have listen_ip defined before using ansible_default_ipv4 Make service files look for listen_ip variable. implemented listen_ip variable here too map to different port to avoid clashes. Make PHYSICAL_INTERFACE_MAPPINGS variable... instead of just one provuider interface. it should contain something like: physnet2:eth1,physnet3:eth2 add openstack client on machine that is running keystone Added delay to check. enable all services are started at boot Inventory for gcc openstack03 all in one. added volume for glance images Added gcc all in one specific config. Prevent an error when there is no secrets.yml.. to back up removed reference to empty dir. added empty meta/main.yml And now with a list of roles ..and removed the list removed reference to empty dir. Added galera cluster support When at least three database nodes are installed, the playbook will install a galera cluster across them. The galera cnf can be the same template across... nodes. made environment file for the service. I am unable to reproduce systemctl set-environment to work as advertized. Reverted to updating init file by ansible. entrypoint.sh of the mariadb container seems unable to cope when a blank variable is passed by systemd. give the galera master node some time It seems to be nessecary to run in host mode.. for galera to work. I misunderstood pause. need sleep. Inventory for physical test cluster. Added CINDER_PASSWORD Make sure docker is started. If docker was already installed but not running it was not started. fixed refernce to neutron controller Added heat Added port for metadata service Passed metadata secret to be used in config. Listen ip should be the machine's ip... Added openstack client from repo. changed name of subnet added horizon Changed rabbitmq default user to openstack. This makes it no longer nesseccary to create a separate openstack user, which is lost on rabbitmq restart. Added sleep because hosts were usually.. not discovered. Removed unnessecary port mapping Making /dev/lvm available to container. fixed os-test inventory Make iscsi devices available (needed to attach cinder volumes to machines) command module no longer works with && add cinder to test setup
2017-08-31 15:02:47 +02:00
docker_image: registry.webhosting.rug.nl/hpc/openstack-keystone:latest
2017-08-01 10:19:54 +02:00
- name: pull docker image
2017-07-31 13:21:03 +02:00
docker_image:
2017-08-01 10:19:54 +02:00
name: "{{ docker_image }}"
force: True
2017-07-31 13:21:03 +02:00
tags: pull
- name: install service file.
template:
src: templates/keystone.service
dest: /etc/systemd/system/keystone.service
mode: 644
owner: root
group: root
- name: install service file
command: systemctl daemon-reload
Fixes made while testing the playbooks. Updated url of docker registry. make a loop for more flexibility. Introducing listen_ip variable that overrides the default listen_ip. make a loop for more flexibility. Get a listen ip specifically for that host. see if components have listen_ip defined before using ansible_default_ipv4 Make service files look for listen_ip variable. implemented listen_ip variable here too map to different port to avoid clashes. Make PHYSICAL_INTERFACE_MAPPINGS variable... instead of just one provuider interface. it should contain something like: physnet2:eth1,physnet3:eth2 add openstack client on machine that is running keystone Added delay to check. enable all services are started at boot Inventory for gcc openstack03 all in one. added volume for glance images Added gcc all in one specific config. Prevent an error when there is no secrets.yml.. to back up removed reference to empty dir. added empty meta/main.yml And now with a list of roles ..and removed the list removed reference to empty dir. Added galera cluster support When at least three database nodes are installed, the playbook will install a galera cluster across them. The galera cnf can be the same template across... nodes. made environment file for the service. I am unable to reproduce systemctl set-environment to work as advertized. Reverted to updating init file by ansible. entrypoint.sh of the mariadb container seems unable to cope when a blank variable is passed by systemd. give the galera master node some time It seems to be nessecary to run in host mode.. for galera to work. I misunderstood pause. need sleep. Inventory for physical test cluster. Added CINDER_PASSWORD Make sure docker is started. If docker was already installed but not running it was not started. fixed refernce to neutron controller Added heat Added port for metadata service Passed metadata secret to be used in config. Listen ip should be the machine's ip... Added openstack client from repo. changed name of subnet added horizon Changed rabbitmq default user to openstack. This makes it no longer nesseccary to create a separate openstack user, which is lost on rabbitmq restart. Added sleep because hosts were usually.. not discovered. Removed unnessecary port mapping Making /dev/lvm available to container. fixed os-test inventory Make iscsi devices available (needed to attach cinder volumes to machines) command module no longer works with && add cinder to test setup
2017-08-31 15:02:47 +02:00
- name: start service at boot.
command: systemctl reenable keystone.service
- name: Initialize db
script: scripts/initialize_db.sh
environment:
MYSQL_ROOT_PASSWORD: "{{ secrets['MYSQL_ROOT_PASSWORD'] }}"
Fixes made while testing the playbooks. Updated url of docker registry. make a loop for more flexibility. Introducing listen_ip variable that overrides the default listen_ip. make a loop for more flexibility. Get a listen ip specifically for that host. see if components have listen_ip defined before using ansible_default_ipv4 Make service files look for listen_ip variable. implemented listen_ip variable here too map to different port to avoid clashes. Make PHYSICAL_INTERFACE_MAPPINGS variable... instead of just one provuider interface. it should contain something like: physnet2:eth1,physnet3:eth2 add openstack client on machine that is running keystone Added delay to check. enable all services are started at boot Inventory for gcc openstack03 all in one. added volume for glance images Added gcc all in one specific config. Prevent an error when there is no secrets.yml.. to back up removed reference to empty dir. added empty meta/main.yml And now with a list of roles ..and removed the list removed reference to empty dir. Added galera cluster support When at least three database nodes are installed, the playbook will install a galera cluster across them. The galera cnf can be the same template across... nodes. made environment file for the service. I am unable to reproduce systemctl set-environment to work as advertized. Reverted to updating init file by ansible. entrypoint.sh of the mariadb container seems unable to cope when a blank variable is passed by systemd. give the galera master node some time It seems to be nessecary to run in host mode.. for galera to work. I misunderstood pause. need sleep. Inventory for physical test cluster. Added CINDER_PASSWORD Make sure docker is started. If docker was already installed but not running it was not started. fixed refernce to neutron controller Added heat Added port for metadata service Passed metadata secret to be used in config. Listen ip should be the machine's ip... Added openstack client from repo. changed name of subnet added horizon Changed rabbitmq default user to openstack. This makes it no longer nesseccary to create a separate openstack user, which is lost on rabbitmq restart. Added sleep because hosts were usually.. not discovered. Removed unnessecary port mapping Making /dev/lvm available to container. fixed os-test inventory Make iscsi devices available (needed to attach cinder volumes to machines) command module no longer works with && add cinder to test setup
2017-08-31 15:02:47 +02:00
DB_HOST: "{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
2017-08-02 15:22:10 +02:00
register: result
until: result|succeeded
# sometimes the initial connect fails.
# Retry until it succeeds.
retries: 7
delay: 3
ignore_errors: yes
- name: keystone manage commands to setup db
command: >
/usr/bin/docker run --rm
Fixes made while testing the playbooks. Updated url of docker registry. make a loop for more flexibility. Introducing listen_ip variable that overrides the default listen_ip. make a loop for more flexibility. Get a listen ip specifically for that host. see if components have listen_ip defined before using ansible_default_ipv4 Make service files look for listen_ip variable. implemented listen_ip variable here too map to different port to avoid clashes. Make PHYSICAL_INTERFACE_MAPPINGS variable... instead of just one provuider interface. it should contain something like: physnet2:eth1,physnet3:eth2 add openstack client on machine that is running keystone Added delay to check. enable all services are started at boot Inventory for gcc openstack03 all in one. added volume for glance images Added gcc all in one specific config. Prevent an error when there is no secrets.yml.. to back up removed reference to empty dir. added empty meta/main.yml And now with a list of roles ..and removed the list removed reference to empty dir. Added galera cluster support When at least three database nodes are installed, the playbook will install a galera cluster across them. The galera cnf can be the same template across... nodes. made environment file for the service. I am unable to reproduce systemctl set-environment to work as advertized. Reverted to updating init file by ansible. entrypoint.sh of the mariadb container seems unable to cope when a blank variable is passed by systemd. give the galera master node some time It seems to be nessecary to run in host mode.. for galera to work. I misunderstood pause. need sleep. Inventory for physical test cluster. Added CINDER_PASSWORD Make sure docker is started. If docker was already installed but not running it was not started. fixed refernce to neutron controller Added heat Added port for metadata service Passed metadata secret to be used in config. Listen ip should be the machine's ip... Added openstack client from repo. changed name of subnet added horizon Changed rabbitmq default user to openstack. This makes it no longer nesseccary to create a separate openstack user, which is lost on rabbitmq restart. Added sleep because hosts were usually.. not discovered. Removed unnessecary port mapping Making /dev/lvm available to container. fixed os-test inventory Make iscsi devices available (needed to attach cinder volumes to machines) command module no longer works with && add cinder to test setup
2017-08-31 15:02:47 +02:00
--add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
Fixes made while testing the playbooks. Updated url of docker registry. make a loop for more flexibility. Introducing listen_ip variable that overrides the default listen_ip. make a loop for more flexibility. Get a listen ip specifically for that host. see if components have listen_ip defined before using ansible_default_ipv4 Make service files look for listen_ip variable. implemented listen_ip variable here too map to different port to avoid clashes. Make PHYSICAL_INTERFACE_MAPPINGS variable... instead of just one provuider interface. it should contain something like: physnet2:eth1,physnet3:eth2 add openstack client on machine that is running keystone Added delay to check. enable all services are started at boot Inventory for gcc openstack03 all in one. added volume for glance images Added gcc all in one specific config. Prevent an error when there is no secrets.yml.. to back up removed reference to empty dir. added empty meta/main.yml And now with a list of roles ..and removed the list removed reference to empty dir. Added galera cluster support When at least three database nodes are installed, the playbook will install a galera cluster across them. The galera cnf can be the same template across... nodes. made environment file for the service. I am unable to reproduce systemctl set-environment to work as advertized. Reverted to updating init file by ansible. entrypoint.sh of the mariadb container seems unable to cope when a blank variable is passed by systemd. give the galera master node some time It seems to be nessecary to run in host mode.. for galera to work. I misunderstood pause. need sleep. Inventory for physical test cluster. Added CINDER_PASSWORD Make sure docker is started. If docker was already installed but not running it was not started. fixed refernce to neutron controller Added heat Added port for metadata service Passed metadata secret to be used in config. Listen ip should be the machine's ip... Added openstack client from repo. changed name of subnet added horizon Changed rabbitmq default user to openstack. This makes it no longer nesseccary to create a separate openstack user, which is lost on rabbitmq restart. Added sleep because hosts were usually.. not discovered. Removed unnessecary port mapping Making /dev/lvm available to container. fixed os-test inventory Make iscsi devices available (needed to attach cinder volumes to machines) command module no longer works with && add cinder to test setup
2017-08-31 15:02:47 +02:00
-e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
2017-08-01 10:19:54 +02:00
{{ docker_image }} keystone-manage {{ item }}
with_items:
- db_sync
- fernet_setup --keystone-user keystone --keystone-group keystone
- credential_setup --keystone-user keystone --keystone-group keystone
- >
bootstrap --bootstrap-password {{ secrets['OS_PASSWORD'] }}
Fixes made while testing the playbooks. Updated url of docker registry. make a loop for more flexibility. Introducing listen_ip variable that overrides the default listen_ip. make a loop for more flexibility. Get a listen ip specifically for that host. see if components have listen_ip defined before using ansible_default_ipv4 Make service files look for listen_ip variable. implemented listen_ip variable here too map to different port to avoid clashes. Make PHYSICAL_INTERFACE_MAPPINGS variable... instead of just one provuider interface. it should contain something like: physnet2:eth1,physnet3:eth2 add openstack client on machine that is running keystone Added delay to check. enable all services are started at boot Inventory for gcc openstack03 all in one. added volume for glance images Added gcc all in one specific config. Prevent an error when there is no secrets.yml.. to back up removed reference to empty dir. added empty meta/main.yml And now with a list of roles ..and removed the list removed reference to empty dir. Added galera cluster support When at least three database nodes are installed, the playbook will install a galera cluster across them. The galera cnf can be the same template across... nodes. made environment file for the service. I am unable to reproduce systemctl set-environment to work as advertized. Reverted to updating init file by ansible. entrypoint.sh of the mariadb container seems unable to cope when a blank variable is passed by systemd. give the galera master node some time It seems to be nessecary to run in host mode.. for galera to work. I misunderstood pause. need sleep. Inventory for physical test cluster. Added CINDER_PASSWORD Make sure docker is started. If docker was already installed but not running it was not started. fixed refernce to neutron controller Added heat Added port for metadata service Passed metadata secret to be used in config. Listen ip should be the machine's ip... Added openstack client from repo. changed name of subnet added horizon Changed rabbitmq default user to openstack. This makes it no longer nesseccary to create a separate openstack user, which is lost on rabbitmq restart. Added sleep because hosts were usually.. not discovered. Removed unnessecary port mapping Making /dev/lvm available to container. fixed os-test inventory Make iscsi devices available (needed to attach cinder volumes to machines) command module no longer works with && add cinder to test setup
2017-08-31 15:02:47 +02:00
--bootstrap-admin-url http://{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/
--bootstrap-internal-url http://{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/
--bootstrap-public-url http://{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:5000/v3/
--bootstrap-region-id RegionOne
2017-06-16 16:33:45 +02:00
2017-08-01 10:19:54 +02:00
- name: make sure service is started
systemd:
name: keystone.service
state: restarted
- name: Create a domain, projects users and roles
command: >
/usr/bin/docker run --rm
Fixes made while testing the playbooks. Updated url of docker registry. make a loop for more flexibility. Introducing listen_ip variable that overrides the default listen_ip. make a loop for more flexibility. Get a listen ip specifically for that host. see if components have listen_ip defined before using ansible_default_ipv4 Make service files look for listen_ip variable. implemented listen_ip variable here too map to different port to avoid clashes. Make PHYSICAL_INTERFACE_MAPPINGS variable... instead of just one provuider interface. it should contain something like: physnet2:eth1,physnet3:eth2 add openstack client on machine that is running keystone Added delay to check. enable all services are started at boot Inventory for gcc openstack03 all in one. added volume for glance images Added gcc all in one specific config. Prevent an error when there is no secrets.yml.. to back up removed reference to empty dir. added empty meta/main.yml And now with a list of roles ..and removed the list removed reference to empty dir. Added galera cluster support When at least three database nodes are installed, the playbook will install a galera cluster across them. The galera cnf can be the same template across... nodes. made environment file for the service. I am unable to reproduce systemctl set-environment to work as advertized. Reverted to updating init file by ansible. entrypoint.sh of the mariadb container seems unable to cope when a blank variable is passed by systemd. give the galera master node some time It seems to be nessecary to run in host mode.. for galera to work. I misunderstood pause. need sleep. Inventory for physical test cluster. Added CINDER_PASSWORD Make sure docker is started. If docker was already installed but not running it was not started. fixed refernce to neutron controller Added heat Added port for metadata service Passed metadata secret to be used in config. Listen ip should be the machine's ip... Added openstack client from repo. changed name of subnet added horizon Changed rabbitmq default user to openstack. This makes it no longer nesseccary to create a separate openstack user, which is lost on rabbitmq restart. Added sleep because hosts were usually.. not discovered. Removed unnessecary port mapping Making /dev/lvm available to container. fixed os-test inventory Make iscsi devices available (needed to attach cinder volumes to machines) command module no longer works with && add cinder to test setup
2017-08-31 15:02:47 +02:00
--add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
-v /srv/keystone/root:/root
Fixes made while testing the playbooks. Updated url of docker registry. make a loop for more flexibility. Introducing listen_ip variable that overrides the default listen_ip. make a loop for more flexibility. Get a listen ip specifically for that host. see if components have listen_ip defined before using ansible_default_ipv4 Make service files look for listen_ip variable. implemented listen_ip variable here too map to different port to avoid clashes. Make PHYSICAL_INTERFACE_MAPPINGS variable... instead of just one provuider interface. it should contain something like: physnet2:eth1,physnet3:eth2 add openstack client on machine that is running keystone Added delay to check. enable all services are started at boot Inventory for gcc openstack03 all in one. added volume for glance images Added gcc all in one specific config. Prevent an error when there is no secrets.yml.. to back up removed reference to empty dir. added empty meta/main.yml And now with a list of roles ..and removed the list removed reference to empty dir. Added galera cluster support When at least three database nodes are installed, the playbook will install a galera cluster across them. The galera cnf can be the same template across... nodes. made environment file for the service. I am unable to reproduce systemctl set-environment to work as advertized. Reverted to updating init file by ansible. entrypoint.sh of the mariadb container seems unable to cope when a blank variable is passed by systemd. give the galera master node some time It seems to be nessecary to run in host mode.. for galera to work. I misunderstood pause. need sleep. Inventory for physical test cluster. Added CINDER_PASSWORD Make sure docker is started. If docker was already installed but not running it was not started. fixed refernce to neutron controller Added heat Added port for metadata service Passed metadata secret to be used in config. Listen ip should be the machine's ip... Added openstack client from repo. changed name of subnet added horizon Changed rabbitmq default user to openstack. This makes it no longer nesseccary to create a separate openstack user, which is lost on rabbitmq restart. Added sleep because hosts were usually.. not discovered. Removed unnessecary port mapping Making /dev/lvm available to container. fixed os-test inventory Make iscsi devices available (needed to attach cinder volumes to machines) command module no longer works with && add cinder to test setup
2017-08-31 15:02:47 +02:00
-e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
-e "OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3"
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
2017-08-01 10:19:54 +02:00
{{ docker_image }} bash /etc/bootstrap.sh
Fixes made while testing the playbooks. Updated url of docker registry. make a loop for more flexibility. Introducing listen_ip variable that overrides the default listen_ip. make a loop for more flexibility. Get a listen ip specifically for that host. see if components have listen_ip defined before using ansible_default_ipv4 Make service files look for listen_ip variable. implemented listen_ip variable here too map to different port to avoid clashes. Make PHYSICAL_INTERFACE_MAPPINGS variable... instead of just one provuider interface. it should contain something like: physnet2:eth1,physnet3:eth2 add openstack client on machine that is running keystone Added delay to check. enable all services are started at boot Inventory for gcc openstack03 all in one. added volume for glance images Added gcc all in one specific config. Prevent an error when there is no secrets.yml.. to back up removed reference to empty dir. added empty meta/main.yml And now with a list of roles ..and removed the list removed reference to empty dir. Added galera cluster support When at least three database nodes are installed, the playbook will install a galera cluster across them. The galera cnf can be the same template across... nodes. made environment file for the service. I am unable to reproduce systemctl set-environment to work as advertized. Reverted to updating init file by ansible. entrypoint.sh of the mariadb container seems unable to cope when a blank variable is passed by systemd. give the galera master node some time It seems to be nessecary to run in host mode.. for galera to work. I misunderstood pause. need sleep. Inventory for physical test cluster. Added CINDER_PASSWORD Make sure docker is started. If docker was already installed but not running it was not started. fixed refernce to neutron controller Added heat Added port for metadata service Passed metadata secret to be used in config. Listen ip should be the machine's ip... Added openstack client from repo. changed name of subnet added horizon Changed rabbitmq default user to openstack. This makes it no longer nesseccary to create a separate openstack user, which is lost on rabbitmq restart. Added sleep because hosts were usually.. not discovered. Removed unnessecary port mapping Making /dev/lvm available to container. fixed os-test inventory Make iscsi devices available (needed to attach cinder volumes to machines) command module no longer works with && add cinder to test setup
2017-08-31 15:02:47 +02:00
- name: install openstack repo on host.
command: >
echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list &&
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
tags: openstackclient
- name: install openstack client for management
apt:
name: python-openstackclient
state: latest
update_cache: yes
tags: openstackclient
- name: source admin-openrc.sh in root .bashrc
lineinfile:
path: /root/.bashrc
line: 'source /srv/keystone/root/admin-openrc.sh'