From 87514a5705fde7c5f1c10737dac47457b46e2a2f Mon Sep 17 00:00:00 2001 From: Egon Rijpkema Date: Thu, 16 Aug 2018 16:27:45 +0200 Subject: [PATCH] Changes for federated login on merlin. Not yet working.... Add ssl keystone endpoints Add ssl keystone endpoints use fqdn for keystone everywhere. Iadded certs for horizon. Also increased yield of nuke.yml --- group_vars/all.yml | 1 + merlin | 2 +- nuke.yml | 4 +- roles/cinder-controller/tasks/main.yml | 2 +- roles/cinder-storage/tasks/main.yml | 2 +- roles/glance-controller/tasks/main.yml | 2 +- roles/heat/tasks/main.yml | 2 +- roles/horizon/tasks/main.yml | 18 ++- roles/horizon/templates/certs/DigiCertCA.crt | 29 ++++ .../templates/certs/merlin.hpc.rug.nl.crt | 125 ++++++++++++++++++ .../templates/certs/merlin.hpc.rug.nl.key | 89 +++++++++++++ roles/horizon/templates/horizon.service | 4 +- roles/keystone/tasks/main.yml | 26 +++- roles/keystone/templates/certs/DigiCertCA.crt | 29 ++++ .../templates/certs/merlin.hpc.rug.nl.crt | 125 ++++++++++++++++++ .../templates/certs/merlin.hpc.rug.nl.key | 89 +++++++++++++ roles/keystone/templates/keystone.service | 5 +- roles/neutron-controller/tasks/main.yml | 2 +- .../templates/nova-compute.service | 2 +- roles/nova-controller/tasks/main.yml | 4 +- 20 files changed, 542 insertions(+), 20 deletions(-) create mode 100644 roles/horizon/templates/certs/DigiCertCA.crt create mode 100644 roles/horizon/templates/certs/merlin.hpc.rug.nl.crt create mode 100644 roles/horizon/templates/certs/merlin.hpc.rug.nl.key create mode 100644 roles/keystone/templates/certs/DigiCertCA.crt create mode 100644 roles/keystone/templates/certs/merlin.hpc.rug.nl.crt create mode 100644 roles/keystone/templates/certs/merlin.hpc.rug.nl.key diff --git a/group_vars/all.yml b/group_vars/all.yml index 3c1db06..9dec59b 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,4 +1,5 @@ --- +keystone_external_fqdn: merlin.hpc.rug.nl use_ceph: true ceph_mon_initial_members: ceph_mon_host: diff --git a/merlin b/merlin index 88cce38..bdafb5e 100644 --- a/merlin +++ b/merlin @@ -16,7 +16,7 @@ merlin-managementnode002 merlin-managementnode003 [horizon] -merlin-managementnode001 +merlin-managementnode001 horizon_external_fqdn=merlin.hpc.rug.nl [memcached] merlin-managementnode001 diff --git a/nuke.yml b/nuke.yml index ad12754..f40db05 100644 --- a/nuke.yml +++ b/nuke.yml @@ -3,7 +3,7 @@ # All data is lost! - hosts: all become: true - name: Dummy to gather facts + name: Cleanup tasks on all hosts. tasks: - name: Stop docker service shell: "systemctl stop docker" @@ -11,6 +11,8 @@ systemd: name: docker state: stopped + - name: Purge docker images. + shell: "rm -rf /var/lib/docker/" - name: remove volumes shell: "rm -rf /srv" - name: remove network namespaces diff --git a/roles/cinder-controller/tasks/main.yml b/roles/cinder-controller/tasks/main.yml index 1243633..dd46505 100644 --- a/roles/cinder-controller/tasks/main.yml +++ b/roles/cinder-controller/tasks/main.yml @@ -14,7 +14,7 @@ -e "CINDER_HOST={{ listen_ip | default(hostvars[groups['cinder-controller'][0]]['ansible_default_ipv4']['address']) }}" -e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}" -e "CINDER_USER=cinder" - -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" + -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}" -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}" -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}" diff --git a/roles/cinder-storage/tasks/main.yml b/roles/cinder-storage/tasks/main.yml index 3a1b994..9576f69 100644 --- a/roles/cinder-storage/tasks/main.yml +++ b/roles/cinder-storage/tasks/main.yml @@ -17,7 +17,7 @@ -e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}" -e "CINDER_USER=cinder" -e "GLANCE_HOST={{ listen_ip | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}" - -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" + -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}" -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}" -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}" diff --git a/roles/glance-controller/tasks/main.yml b/roles/glance-controller/tasks/main.yml index f6d3241..94183b9 100644 --- a/roles/glance-controller/tasks/main.yml +++ b/roles/glance-controller/tasks/main.yml @@ -11,7 +11,7 @@ -e "GLANCE_HOST={{ listen_ip | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}" -e "GLANCE_PASSWORD={{ secrets['GLANCE_PASSWORD'] }}" -e "GLANCE_USER=glance" - -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" + -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}" -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}" -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}" diff --git a/roles/heat/tasks/main.yml b/roles/heat/tasks/main.yml index 869bc67..73080b4 100644 --- a/roles/heat/tasks/main.yml +++ b/roles/heat/tasks/main.yml @@ -11,7 +11,7 @@ -e "HEAT_HOST={{ listen_ip | default(hostvars[groups['heat'][0]]['ansible_default_ipv4']['address']) }}" -e "HEAT_PASSWORD={{ secrets['HEAT_PASSWORD'] }}" -e "HEAT_USER=heat" - -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" + -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}" -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}" -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}" diff --git a/roles/horizon/tasks/main.yml b/roles/horizon/tasks/main.yml index 279c87c..585af04 100644 --- a/roles/horizon/tasks/main.yml +++ b/roles/horizon/tasks/main.yml @@ -1,7 +1,7 @@ # Run hpc/horizon --- - set_fact: - docker_image: registry.webhosting.rug.nl/hpc/openstack-horizon:latest + docker_image: registry.webhosting.rug.nl/hpc/openstack-horizon-merlin:latest - name: pull docker image docker_image: @@ -9,6 +9,22 @@ force: True tags: pull +- name: Make persistent directories + file: + path: /srv/horizon/certs + state: directory + mode: 0750 + +- name: install ssl files + template: + src: templates/certs/{{ item }} + dest: /srv/horizon/certs/{{ item }} + mode: 400 + with_items: + - merlin.hpc.rug.nl.key + - merlin.hpc.rug.nl.crt + - DigiCertCA.crt + - name: install service file. template: src: templates/horizon.service diff --git a/roles/horizon/templates/certs/DigiCertCA.crt b/roles/horizon/templates/certs/DigiCertCA.crt new file mode 100644 index 0000000..3a10905 --- /dev/null +++ b/roles/horizon/templates/certs/DigiCertCA.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE+zCCA+OgAwIBAgIQCHC8xa8/25Wakctq7u/kZTANBgkqhkiG9w0BAQsFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgQ0EwHhcNMTQxMTE4MTIwMDAwWhcNMjQxMTE4MTIwMDAwWjBkMQswCQYDVQQG +EwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFt +MQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMV2Dw/ZQyk7bG3RR63eEL8jwnio +Snc18SNb4EweQefCMQC9iDdFdd25AhCAHo/tZCMERaegOTuBTc9jP8JJ/yKeiLDS +lrlcinQfkioq8hLIt2hUtVhBgUBoBhpPhSn7tU08D08/QJYbzqjMXjX/ZJj1dd10 +VAWgNhEEEiRVY++Udy538RV27tOkWUUhn6i+0SftCuirOMo/h9Ha8Y+5Cx9E5+Ct +85XCFk3shKM6ktTPxn3mvcsaQE+zVLHzj28NHuO+SaNW5Ae8jafOHbBbV1bRxBz8 +mGXRzUYvkZS/RYVJ+G1ShxwCVgEnFqtyLvRx5GG1IKD6JmlqCvGrn223zyUCAwEA +AaOCAaYwggGiMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMHkG +CCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu +Y29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln +aUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4MDqgOKA2hjRodHRw +Oi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3Js +MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk +SURSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxo +dHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBRn/YggFCeYxwnS +JRm76VERY3VQYjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq +hkiG9w0BAQsFAAOCAQEAqSg1esR71tonHqyYzyc2TxEydHTmQN0dzfJodzWvs4xd +xgS/FfQjZ4u5b5cE60adws3J0aSugS7JurHogNAcyTnBVnZZbJx946nw09E02DxJ +WYsamM6/xvLYMDX/6W9doK867mZTrqqMaci+mqege9iCSzMTyAfzd9fzZM2eY/lC +J1OuEDOJcjcV8b73HjWizsMt8tey5gvHacDlH198aZt+ziYaM0TDuncFO7pdP0GJ ++hY77gRuW6xWS++McPJKe1e9GW6LNgdUJi2GCZQfXzer8CM/jyxflp5HcahE3qm5 +hS+1NGClXwmgmkMd1L8tRNaN2v11y18WoA5hwnA9Ng== +-----END CERTIFICATE----- diff --git a/roles/horizon/templates/certs/merlin.hpc.rug.nl.crt b/roles/horizon/templates/certs/merlin.hpc.rug.nl.crt new file mode 100644 index 0000000..eb95d1d --- /dev/null +++ b/roles/horizon/templates/certs/merlin.hpc.rug.nl.crt @@ -0,0 +1,125 @@ +$ANSIBLE_VAULT;1.1;AES256 +65356336313163323761363666626661373461653034313630353938616666323734663735343630 +3562356361313237623231366332343165613939393230310a613263373434396237633733613865 +38666637616264393237363366396232333664613732623332363136313163616432633366663537 +3135636261656133640a313661316538623765353063373134616663316237363536613761626637 +35316432633638303337343065623262643235356435633936356631383562363037656362316263 +33633136363933316334363965303138343462326536636162383838326138656133363034356561 +33623730626136373733376162663664303763613339343932613731653965313362623737373937 +33333966653538373664633763343239316537366332643135393033343235366564653765303738 +62633063636663343730323736643438323365383262656263326561663733666235623766313732 +39386366303366393339393935366238633966653738643637613266313231346632623535346139 +61343731643063646635623930626165623665343732383639353933313634313838336562303038 +31633532653361353765653836636162363761336338313535346537626432313562346430616232 +30613538326561326232623261623536363366353735323333653039306564616431323035366237 +33333661346437613466363236653463636234393730653765646463613535303439306463643764 +37306665353534393335366537643534383834633239646432373433613432663031363962633761 +33633765336164363165396634316163333739666264663864333632313462636338396339303138 +33333131343261643137373065636537366536336634633266373536633532363563666464306332 +39343136623063303061666564366135383339313866373666336364373663383266303364363437 +34383730393539376338383865373439386230393030633161646465366165343132373438306566 +34383965363366663435393032666366363739393739323335626438656632303266383661366433 +65376234383364313663663564333235303939363036303838393231303566343637346332376161 +30333331613738306338346539343762363562393966373963643964623331643036323935313165 +64626661363461656164626538313336306538666561646637616238643839336334633239393236 +63356139323433346335643031343930353937323333396332333735353861386265373633653532 +32313962616665343536663836326139316662653562373132633537386431356166643433366138 +37623534636264336437366462303266383836666333326333393831396466376132666265316533 +65663734653233666233373064326161643534353930393731313431643765383934353130613137 +66666663346536303363653562313139336333343133343938323030663432643161396538383966 +62646163396161373531663861333230393831333535343137343732393532336631393637383762 +66363632373938316536623161646339316236313966303737643632313839623730643364626266 +66643462663536356337653233353662363238346638396566363961643134613136353062633035 +37653833343032383937653530363331366632386261363661343131376539323335653439623830 +35316131663965353635643364396463346637346232313931326666316165653061346264663331 +63616265396463613666646438393133313865663338623436393466373134396230396561393431 +62353039633564393666373430663035313039633065323539373436323532363138333932633537 +65363338316663623934616130396661376163653636346630383531333263393265336461643363 +39366230613239313635366264303431663534666638663433323639613335376233313535666235 +36383566616532396630373763333566616232383538366163626463633530393165653032363433 +65343561323636616365656466623939383366366438646366393432303465353865623134383532 +35333435663831386130666238376531616362663134383366633736336337653763613135356138 +32336231333237656462383831663132316634313038373861356163663632336231383736316132 +37343430633432303462373664633761616635656462383935353731383431336265333734646166 +35376632383736383463353336383431613761626231356534313539666563633466313530666166 +39646462376236366466306139376238306236323337323463343733663439363631346135636564 +64666239613732326539313638633131333039623535366264383265616661663135343563333466 +34626632623932303630663161633437626532376463373135383131613663663432373233396163 +30666331366137316364376566616431366635613536623339616565623736323730336339653031 +38346335643132636231663837653639323230323238376466623034373763313531363930353335 +66356638666466303466653561626434383839626531333664633337333636333033666335383837 +35353837376130386532373961643962633361363831633632333133383738323436633836646537 +34323037313732386639383666326535383638333239363730383733363235623063626531326366 +33626366366231623638643836343339376361383562633933626332363432393265323335626436 +31613666633362643162616237383433633032366534303338313238626131353633396264333537 +61613166303639663366353539333832633263313333343662393533376437396438323135633865 +33383131363633343333646539386139306131623161633331393866393862383566333234386565 +37663334313039623763663361386531626131303262333063336437326633666438303334353035 +64376535666334623938343337663561636661386430313339633764323834323031303366666464 +31303237383333626433613534343337646134323364623763663062306439333464393366313262 +31386333663334373333393666383732333264383331376238653338333861383439353236303338 +37336466376538303234316663653262363162616439303065633263346139333439303732316632 +34646166313737393334303632326561373831646133376564323763633436323366326634613731 +63663033663338333833653766313938646239623038336430383739313034626663626261623531 +66363339656132643137303339633330653066643265303835356566303161393063383831613565 +35653165646165326531356634623532633964666132663339363334386465323565383732333130 +65613462363133616435633066356136353530383863613266353164616138363531313733636131 +64313166633236633835316239333730653437393064623735363234333663653362373136313361 +30623637393536653833373133346332363738343337633264376565653865633464363163366136 +31336561613333323036353937613764363237636463343461666266613435326239306238646666 +31393863346230663935363832633164663639383333343166373362383336366261656235393038 +63323632303166643837643539346465626435633935353230663262383135656230653934306335 +33333832323436663936613336393433666236363534646430666437646363303236363536666431 +65616332623561336461323632623664393031323637363263633334626232316638623565316632 +61376339323064366637353737396232313666316535333930663638656364396266353534363065 +38323664313435313035643866373535343937623331616136663232396635336463396432333363 +32343733613635313538366136393833623336653736353032366461636633393034303533353661 +31616631373238616566333662356137623139623964326130316235363137393338643930666364 +39306338616234326262373461336365653463636632336233303136363832616561633135323663 +39313839643730393730626139343338303631303066313433383438613730366434656161653936 +37313139626436666535356663396433333635343532303265306134316335613232313038333335 +34626136313933663463666334366466303939643334316261333161623239306632636561663463 +64636538643931623563666438333363303633316431323761643862613763626130383532346539 +31316565636363333331323630623337326133366263643638383339313330636162613666343432 +33666238663739333135363733363361356430643638336133343065366461373736376431373139 +61653231383735393838373731663932633139303362376164356635613130616362343835653536 +30376263376233303234343962663361333439623232636535366364396135356334633465363862 +66646564653061376632383235636330656236663563616166636339313738646166663235373330 +66646637376633616365373735326331313338353263613537386535343733346132663838336164 +31393863323266383563323263303233616533366434663332326530343264343364353839643363 +31643931663131633733666665623665663434666164346364366232313765333063613234393063 +64333333346431643837646139663937303437643830633131613864363663313633393932303538 +33303331613061663138373639396266343830646637306662653337323130313638303237306262 +61393238356633396361333866353838383630393038376133353133613732303061333137306662 +39306138393363626662353532386436333965656234366166383835393763633539346561636430 +65333231643266333732663366393164366234366131373636643034633361393935366236366237 +36616130666663353536336638346232616431333265393432303630663637656539323431633963 +39336564666135646261613361396339306332376131663639353431643564316136643336333466 +34653837316137656662303166623738616533376434316339653136376434623135363633333835 +39343366613265656537363332373862643662633264376432636434393464386666626365346466 +38326361343935363635373932396136363561363037333962303732303535356362383236653464 +37646563306235333863303935353431626133616330366566326531356331353137653165623062 +66636134393536656234323966363137613438306163366236623533373966333736633162623462 +62303463343963353535653462376561623230386563346631383161376434303464613231386165 +65376230396461336530366338356231363432356265376330623334363737383461626462326234 +62383436646236303966666537393231643835663462373435396666366264646335663136613336 +33656230393465663265316166313163313366653861643039383062313966303837396539363732 +36616230383931353632653330623138393939353434363130616533303463353439316131373465 +32373430623065386464643164316566383837373838383062346361623637386662643435303831 +62663430336235306166323761316262383536363939366663323638623765343537616430386635 +65306561646639336462636462646266663034336462663730653032386138316365346262323836 +64363033353937363530383462373133666262613937383536623333386239653935366661623435 +33613462383732636538396134393537343538366562643832333034366438333439353637346363 +33663861323331636538313632366134626137636635323930363363323466383165353166303930 +66386139376139346232373263363262313638666231336564313333343430343837656439636262 +33336438646134393863306631636131633138653037626638633165636136663865666434323665 +39363632636531323633313434333432316136353762653561383230336566316462336664353431 +39333132633533393362313761363339393963393361343161353633346232376666353734306663 +35366366396533643430643863663665646139636465316630393665383532393337616662656530 +36333032633430363165333238666133633264363266336636373736313332306333376637393465 +32343265383933613231623431323364653238343464393164623631663166313830616165323131 +65643661363265386562616232613863343964386130323635323434613639623666633962663432 +31323131363661336233346331376466323635323234643037383238613830626130386131353464 +30633736346633353237636536303436633036316131636530656161323666303131636665383730 +39653135663538656337623334376463323834363866313964386366383936316164663863323031 +33663738653232636665 diff --git a/roles/horizon/templates/certs/merlin.hpc.rug.nl.key b/roles/horizon/templates/certs/merlin.hpc.rug.nl.key new file mode 100644 index 0000000..fd4567b --- /dev/null +++ b/roles/horizon/templates/certs/merlin.hpc.rug.nl.key @@ -0,0 +1,89 @@ +$ANSIBLE_VAULT;1.1;AES256 +65336461353934306534356638306230323835396365363737626131663464643138336135373463 +3435343336346162383039313638303035346162393064660a646166383538633138346535646337 +32616265393438613266363930623031303866316161656261663634616533323035313132313339 +3131636330373734640a366466323366386338626365626665343266666333383966306165353637 +35393461343066363037373234313733363939353235373730373862316133653233363531356638 +33366339303366356439363664393463323037323162623061336462376461333936386666633637 +33666339303738663535626265376561646338613136616539336431366234616562363063323637 +39386261663964353763376232356466333235646332353564323862376663626530393737356361 +63633930633066613239333432306362303432666466616263376234626137386338613537613266 +66656532346161313966346233633236313538656638323762653766613032366662633237633138 +66363137346633353938633933303636323763383231626261373162656363636233653664313539 +36646162643337306131383737313162313162326634663766326335306232356133306665306465 +66613163623631333831623835373036303263343061376435666231393035356662383163656361 +32313636636432393362633662366638313565346561363736363638643034656133636362653233 +61643734376232643361613562383938623530663463616365396533623334646232643434626439 +36623034393564386362613631333137336637353464333634393630326662623033353366616266 +35373963316563346530333439633463613035613031383437393238333862613161373438396336 +38383466333364353236323830323533613636373332383432626164386134643866373530326139 +37306230326363313264303530346338613234336164636665353530393864393163343635656234 +32653731653330313732306461353133393536376433373732383432326236303833303032373436 +63353233396663343937363434623634646261393731653633383830396461386633643434383161 +62353031613532646263633437666331316435386437626439616637663664376566386662306235 +62343239613632643266396365313134393137353962363035633165306261336436363361356134 +65313631363232306364366366353132663864623533323566313238383237663532663165373563 +34333063393365633264343464333862343135323166353233616130666630666436363138393230 +31303461393861366532373963373837316238323435313266653466663138386434303232356463 +64663330383337656435346237613831333865363463313538623037336437616638363337356461 +38623236323134393639643135303939336564313732393861356332653330396430373262333763 +63303961633463616365356663626430613133386466626562636639323762333731363934393561 +39383263393964643639353963653063656565613532303264643431316439613032373130623162 +64363230306231383064363433623734326666323461656438623662346232353934633439313931 +34653330386564333934366134646163356234306462643061343964386164663461633733666563 +33643133613365373032656262366231336639303232346434333061343661323932333130316536 +61366563636265386633333164303539333565613039666563626434623234616135346664633364 +37373937323635643461386262326135666165363163396236623338356233656161303962373566 +35326139646466333934363964366536343439323864613066383435383435333037356362313565 +38326562393339613636303133333164336265646333396333666339383031663464303361366530 +35313033363931386633373566643866323939343765313030383330313830366432353331626339 +37376638326534323932363832373435376265653863633536333032313331356666386164663739 +33356235393537326136623038316434393166373865353461396566356566653835623765393337 +39353434316639313135383337343165353932383331313463366634336663303565316362623130 +39656664306336306662323161616630393234653530383133396463383236303931633635663133 +30333034303835373436353164613536303334633432356230303538373530343262386563623166 +31643036653833386332633933306439303463633163376231393936353665303637326132396332 +66653537343162623363346637333762636366636633316464646264396461303463356232343030 +30323735303535386363333833313966633463616161376633376265643336313765653933616466 +63373938366565376631346431623237326564366539326132393535343736336562376633613164 +38656631623339373263663638386531326136383338346438396438643435353033616365353333 +30386233383539626363343838323261653864633366653362656636623639653661653165346530 +65383732383038616639636335633337393333626336313838653261663733343861386464626638 +66366139396239326634383738373638643634613061393338353638396438333438616164356438 +37346265636535333163383835316334353836666163633166383135326232373936663365363663 +32643161363037666433313239336362303264356164626538643561306463636462643230623466 +62363033303638393137333334626162636465306661376635653664353631353930653165303131 +30326461353032616130643035323461656636373337346131303533656434393830613534656130 +62613939306233356363663661323439353466633565653666366130383861636565313834636230 +36313735316566663530643564663862386461366635666238323365343237373132346137613766 +64373830393664626165633339336266656465373662646661643032386161633339626236313130 +30373165373531626465373961363539313564636133363336376631326464303139643563636439 +63653838313637346132323331363232373234396664306365373435616432636164363464353335 +65663463396333303063626265313964616136316436316239393062646334323163663738313937 +36326230386664643434366332326139633537343630633936346637353732663266313865363538 +31343331653937396230383333653438383536646438373162616263626263636230633566626139 +32333862353066323537343930393832353838623038326666386637306239616662313237323935 +36306233303237383632656164656163313363616264643630333935393066633166303938393062 +61376335623361656461373731653465386233633666323236333737323165373931366263643961 +34313837383933623765346333626537323561326130323262333465653236353133366265623261 +35373734616436373738306636346363613632383636313333626562643638326333333435623437 +34306235306637393737653339303535353030353139653138373631336335323331373231663265 +63383533323739666262353731306439653537386436363137336364623635656266363733333630 +37666463646332373539623761656438383166633538636330316362326137333230653930623965 +64633431616137376230353133613833646235343161633931626661386438323434623831383737 +35393933386365353162333035393832616531636333623331646366343536373138613035396138 +38313366343737626662613266386265666465353332336230353430663031376336303263613863 +38303431666435363939636235313761656436653562643662323535346237333236326331393830 +65323061323263326461616539343364653961616538333436343431373639316439396638396361 +65393032623333353533643565393362346236383934623432386339396439326139333966383164 +38626663323261643865613365636634383331306463633838336530666163356234633564613961 +66326632393533306337613962653437333938316263656365343135626365656461323964326433 +63343430663837613162353661363338396166323766313933393535623332323932373063633963 +61383336313230653833323134303738366365356131366532663961643065393563346364316561 +35616137663837643964376337383531313334616465363038343461373630623236316332386466 +37363132333937313364643561616562623864623666313035313864643362653138393066326431 +35666565383036386464323166353333386337336666363966396535333232663231643666316130 +31376262393832313366663938653637656339663733313364616438636236383762353231666436 +61313563643262343164323830663063663764326132663139366538646536643031316163666662 +63333432653839363865346263343339623561373036393633363937616237313737366334633035 +63393661656138323936 diff --git a/roles/horizon/templates/horizon.service b/roles/horizon/templates/horizon.service index d1a51da..d0c5090 100644 --- a/roles/horizon/templates/horizon.service +++ b/roles/horizon/templates/horizon.service @@ -10,9 +10,11 @@ ExecStartPre=-/usr/bin/docker kill %n ExecStartPre=-/usr/bin/docker rm %n ExecStart=/usr/bin/docker run --name %n \ -e "MEMCACHED_SERVER={{ hostvars[groups['memcached'][0]]['listen_ip'] | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}" \ - -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \ + -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \ + --volume=/srv/horizon/certs:/certs \ --add-host=keystone:{{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \ -p 80:80 \ + -p 443:443 \ {{ docker_image }} [Install] diff --git a/roles/keystone/tasks/main.yml b/roles/keystone/tasks/main.yml index d6f0efe..bce9f29 100644 --- a/roles/keystone/tasks/main.yml +++ b/roles/keystone/tasks/main.yml @@ -15,9 +15,21 @@ - /srv/keystone - /srv/keystone/fernet-keys - /srv/keystone/root + - /srv/keystone/certs + - /srv/keystone/shibboleth + +- name: install ssl files + template: + src: templates/certs/{{ item }} + dest: /srv/keystone/certs/{{ item }} + mode: 400 + with_items: + - merlin.hpc.rug.nl.key + - merlin.hpc.rug.nl.crt + - DigiCertCA.crt - set_fact: - docker_image: registry.webhosting.rug.nl/hpc/openstack-keystone:latest + docker_image: registry.webhosting.rug.nl/hpc/openstack-keystone-merlin:latest - name: pull docker image docker_image: @@ -57,7 +69,7 @@ /usr/bin/docker run --rm --add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys - -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" + -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" {{ docker_image }} keystone-manage {{ item }} with_items: - db_sync @@ -65,9 +77,9 @@ - credential_setup --keystone-user keystone --keystone-group keystone - > bootstrap --bootstrap-password {{ secrets['OS_PASSWORD'] }} - --bootstrap-admin-url http://{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/ - --bootstrap-internal-url http://{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/ - --bootstrap-public-url http://{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:5000/v3/ + --bootstrap-admin-url https://{{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/ + --bootstrap-internal-url https://{{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/ + --bootstrap-public-url https://{{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:5000/v3/ --bootstrap-region-id RegionOne # sometimes the initial connect fails. # Retry until it succeeds. @@ -86,8 +98,8 @@ --add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys -v /srv/keystone/root:/root - -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" - -e "OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3" + -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" + -e "OS_AUTH_URL=https://${KEYSTONE_HOST}:35357/v3" -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}" {{ docker_image }} bash /etc/bootstrap.sh register: result diff --git a/roles/keystone/templates/certs/DigiCertCA.crt b/roles/keystone/templates/certs/DigiCertCA.crt new file mode 100644 index 0000000..3a10905 --- /dev/null +++ b/roles/keystone/templates/certs/DigiCertCA.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE+zCCA+OgAwIBAgIQCHC8xa8/25Wakctq7u/kZTANBgkqhkiG9w0BAQsFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgQ0EwHhcNMTQxMTE4MTIwMDAwWhcNMjQxMTE4MTIwMDAwWjBkMQswCQYDVQQG +EwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFt +MQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMV2Dw/ZQyk7bG3RR63eEL8jwnio +Snc18SNb4EweQefCMQC9iDdFdd25AhCAHo/tZCMERaegOTuBTc9jP8JJ/yKeiLDS +lrlcinQfkioq8hLIt2hUtVhBgUBoBhpPhSn7tU08D08/QJYbzqjMXjX/ZJj1dd10 +VAWgNhEEEiRVY++Udy538RV27tOkWUUhn6i+0SftCuirOMo/h9Ha8Y+5Cx9E5+Ct +85XCFk3shKM6ktTPxn3mvcsaQE+zVLHzj28NHuO+SaNW5Ae8jafOHbBbV1bRxBz8 +mGXRzUYvkZS/RYVJ+G1ShxwCVgEnFqtyLvRx5GG1IKD6JmlqCvGrn223zyUCAwEA +AaOCAaYwggGiMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMHkG +CCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu +Y29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln +aUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4MDqgOKA2hjRodHRw +Oi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3Js +MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk +SURSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxo +dHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBRn/YggFCeYxwnS +JRm76VERY3VQYjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq +hkiG9w0BAQsFAAOCAQEAqSg1esR71tonHqyYzyc2TxEydHTmQN0dzfJodzWvs4xd +xgS/FfQjZ4u5b5cE60adws3J0aSugS7JurHogNAcyTnBVnZZbJx946nw09E02DxJ +WYsamM6/xvLYMDX/6W9doK867mZTrqqMaci+mqege9iCSzMTyAfzd9fzZM2eY/lC +J1OuEDOJcjcV8b73HjWizsMt8tey5gvHacDlH198aZt+ziYaM0TDuncFO7pdP0GJ ++hY77gRuW6xWS++McPJKe1e9GW6LNgdUJi2GCZQfXzer8CM/jyxflp5HcahE3qm5 +hS+1NGClXwmgmkMd1L8tRNaN2v11y18WoA5hwnA9Ng== +-----END CERTIFICATE----- diff --git a/roles/keystone/templates/certs/merlin.hpc.rug.nl.crt b/roles/keystone/templates/certs/merlin.hpc.rug.nl.crt new file mode 100644 index 0000000..eb95d1d --- /dev/null +++ b/roles/keystone/templates/certs/merlin.hpc.rug.nl.crt @@ -0,0 +1,125 @@ +$ANSIBLE_VAULT;1.1;AES256 +65356336313163323761363666626661373461653034313630353938616666323734663735343630 +3562356361313237623231366332343165613939393230310a613263373434396237633733613865 +38666637616264393237363366396232333664613732623332363136313163616432633366663537 +3135636261656133640a313661316538623765353063373134616663316237363536613761626637 +35316432633638303337343065623262643235356435633936356631383562363037656362316263 +33633136363933316334363965303138343462326536636162383838326138656133363034356561 +33623730626136373733376162663664303763613339343932613731653965313362623737373937 +33333966653538373664633763343239316537366332643135393033343235366564653765303738 +62633063636663343730323736643438323365383262656263326561663733666235623766313732 +39386366303366393339393935366238633966653738643637613266313231346632623535346139 +61343731643063646635623930626165623665343732383639353933313634313838336562303038 +31633532653361353765653836636162363761336338313535346537626432313562346430616232 +30613538326561326232623261623536363366353735323333653039306564616431323035366237 +33333661346437613466363236653463636234393730653765646463613535303439306463643764 +37306665353534393335366537643534383834633239646432373433613432663031363962633761 +33633765336164363165396634316163333739666264663864333632313462636338396339303138 +33333131343261643137373065636537366536336634633266373536633532363563666464306332 +39343136623063303061666564366135383339313866373666336364373663383266303364363437 +34383730393539376338383865373439386230393030633161646465366165343132373438306566 +34383965363366663435393032666366363739393739323335626438656632303266383661366433 +65376234383364313663663564333235303939363036303838393231303566343637346332376161 +30333331613738306338346539343762363562393966373963643964623331643036323935313165 +64626661363461656164626538313336306538666561646637616238643839336334633239393236 +63356139323433346335643031343930353937323333396332333735353861386265373633653532 +32313962616665343536663836326139316662653562373132633537386431356166643433366138 +37623534636264336437366462303266383836666333326333393831396466376132666265316533 +65663734653233666233373064326161643534353930393731313431643765383934353130613137 +66666663346536303363653562313139336333343133343938323030663432643161396538383966 +62646163396161373531663861333230393831333535343137343732393532336631393637383762 +66363632373938316536623161646339316236313966303737643632313839623730643364626266 +66643462663536356337653233353662363238346638396566363961643134613136353062633035 +37653833343032383937653530363331366632386261363661343131376539323335653439623830 +35316131663965353635643364396463346637346232313931326666316165653061346264663331 +63616265396463613666646438393133313865663338623436393466373134396230396561393431 +62353039633564393666373430663035313039633065323539373436323532363138333932633537 +65363338316663623934616130396661376163653636346630383531333263393265336461643363 +39366230613239313635366264303431663534666638663433323639613335376233313535666235 +36383566616532396630373763333566616232383538366163626463633530393165653032363433 +65343561323636616365656466623939383366366438646366393432303465353865623134383532 +35333435663831386130666238376531616362663134383366633736336337653763613135356138 +32336231333237656462383831663132316634313038373861356163663632336231383736316132 +37343430633432303462373664633761616635656462383935353731383431336265333734646166 +35376632383736383463353336383431613761626231356534313539666563633466313530666166 +39646462376236366466306139376238306236323337323463343733663439363631346135636564 +64666239613732326539313638633131333039623535366264383265616661663135343563333466 +34626632623932303630663161633437626532376463373135383131613663663432373233396163 +30666331366137316364376566616431366635613536623339616565623736323730336339653031 +38346335643132636231663837653639323230323238376466623034373763313531363930353335 +66356638666466303466653561626434383839626531333664633337333636333033666335383837 +35353837376130386532373961643962633361363831633632333133383738323436633836646537 +34323037313732386639383666326535383638333239363730383733363235623063626531326366 +33626366366231623638643836343339376361383562633933626332363432393265323335626436 +31613666633362643162616237383433633032366534303338313238626131353633396264333537 +61613166303639663366353539333832633263313333343662393533376437396438323135633865 +33383131363633343333646539386139306131623161633331393866393862383566333234386565 +37663334313039623763663361386531626131303262333063336437326633666438303334353035 +64376535666334623938343337663561636661386430313339633764323834323031303366666464 +31303237383333626433613534343337646134323364623763663062306439333464393366313262 +31386333663334373333393666383732333264383331376238653338333861383439353236303338 +37336466376538303234316663653262363162616439303065633263346139333439303732316632 +34646166313737393334303632326561373831646133376564323763633436323366326634613731 +63663033663338333833653766313938646239623038336430383739313034626663626261623531 +66363339656132643137303339633330653066643265303835356566303161393063383831613565 +35653165646165326531356634623532633964666132663339363334386465323565383732333130 +65613462363133616435633066356136353530383863613266353164616138363531313733636131 +64313166633236633835316239333730653437393064623735363234333663653362373136313361 +30623637393536653833373133346332363738343337633264376565653865633464363163366136 +31336561613333323036353937613764363237636463343461666266613435326239306238646666 +31393863346230663935363832633164663639383333343166373362383336366261656235393038 +63323632303166643837643539346465626435633935353230663262383135656230653934306335 +33333832323436663936613336393433666236363534646430666437646363303236363536666431 +65616332623561336461323632623664393031323637363263633334626232316638623565316632 +61376339323064366637353737396232313666316535333930663638656364396266353534363065 +38323664313435313035643866373535343937623331616136663232396635336463396432333363 +32343733613635313538366136393833623336653736353032366461636633393034303533353661 +31616631373238616566333662356137623139623964326130316235363137393338643930666364 +39306338616234326262373461336365653463636632336233303136363832616561633135323663 +39313839643730393730626139343338303631303066313433383438613730366434656161653936 +37313139626436666535356663396433333635343532303265306134316335613232313038333335 +34626136313933663463666334366466303939643334316261333161623239306632636561663463 +64636538643931623563666438333363303633316431323761643862613763626130383532346539 +31316565636363333331323630623337326133366263643638383339313330636162613666343432 +33666238663739333135363733363361356430643638336133343065366461373736376431373139 +61653231383735393838373731663932633139303362376164356635613130616362343835653536 +30376263376233303234343962663361333439623232636535366364396135356334633465363862 +66646564653061376632383235636330656236663563616166636339313738646166663235373330 +66646637376633616365373735326331313338353263613537386535343733346132663838336164 +31393863323266383563323263303233616533366434663332326530343264343364353839643363 +31643931663131633733666665623665663434666164346364366232313765333063613234393063 +64333333346431643837646139663937303437643830633131613864363663313633393932303538 +33303331613061663138373639396266343830646637306662653337323130313638303237306262 +61393238356633396361333866353838383630393038376133353133613732303061333137306662 +39306138393363626662353532386436333965656234366166383835393763633539346561636430 +65333231643266333732663366393164366234366131373636643034633361393935366236366237 +36616130666663353536336638346232616431333265393432303630663637656539323431633963 +39336564666135646261613361396339306332376131663639353431643564316136643336333466 +34653837316137656662303166623738616533376434316339653136376434623135363633333835 +39343366613265656537363332373862643662633264376432636434393464386666626365346466 +38326361343935363635373932396136363561363037333962303732303535356362383236653464 +37646563306235333863303935353431626133616330366566326531356331353137653165623062 +66636134393536656234323966363137613438306163366236623533373966333736633162623462 +62303463343963353535653462376561623230386563346631383161376434303464613231386165 +65376230396461336530366338356231363432356265376330623334363737383461626462326234 +62383436646236303966666537393231643835663462373435396666366264646335663136613336 +33656230393465663265316166313163313366653861643039383062313966303837396539363732 +36616230383931353632653330623138393939353434363130616533303463353439316131373465 +32373430623065386464643164316566383837373838383062346361623637386662643435303831 +62663430336235306166323761316262383536363939366663323638623765343537616430386635 +65306561646639336462636462646266663034336462663730653032386138316365346262323836 +64363033353937363530383462373133666262613937383536623333386239653935366661623435 +33613462383732636538396134393537343538366562643832333034366438333439353637346363 +33663861323331636538313632366134626137636635323930363363323466383165353166303930 +66386139376139346232373263363262313638666231336564313333343430343837656439636262 +33336438646134393863306631636131633138653037626638633165636136663865666434323665 +39363632636531323633313434333432316136353762653561383230336566316462336664353431 +39333132633533393362313761363339393963393361343161353633346232376666353734306663 +35366366396533643430643863663665646139636465316630393665383532393337616662656530 +36333032633430363165333238666133633264363266336636373736313332306333376637393465 +32343265383933613231623431323364653238343464393164623631663166313830616165323131 +65643661363265386562616232613863343964386130323635323434613639623666633962663432 +31323131363661336233346331376466323635323234643037383238613830626130386131353464 +30633736346633353237636536303436633036316131636530656161323666303131636665383730 +39653135663538656337623334376463323834363866313964386366383936316164663863323031 +33663738653232636665 diff --git a/roles/keystone/templates/certs/merlin.hpc.rug.nl.key b/roles/keystone/templates/certs/merlin.hpc.rug.nl.key new file mode 100644 index 0000000..fd4567b --- /dev/null +++ b/roles/keystone/templates/certs/merlin.hpc.rug.nl.key @@ -0,0 +1,89 @@ +$ANSIBLE_VAULT;1.1;AES256 +65336461353934306534356638306230323835396365363737626131663464643138336135373463 +3435343336346162383039313638303035346162393064660a646166383538633138346535646337 +32616265393438613266363930623031303866316161656261663634616533323035313132313339 +3131636330373734640a366466323366386338626365626665343266666333383966306165353637 +35393461343066363037373234313733363939353235373730373862316133653233363531356638 +33366339303366356439363664393463323037323162623061336462376461333936386666633637 +33666339303738663535626265376561646338613136616539336431366234616562363063323637 +39386261663964353763376232356466333235646332353564323862376663626530393737356361 +63633930633066613239333432306362303432666466616263376234626137386338613537613266 +66656532346161313966346233633236313538656638323762653766613032366662633237633138 +66363137346633353938633933303636323763383231626261373162656363636233653664313539 +36646162643337306131383737313162313162326634663766326335306232356133306665306465 +66613163623631333831623835373036303263343061376435666231393035356662383163656361 +32313636636432393362633662366638313565346561363736363638643034656133636362653233 +61643734376232643361613562383938623530663463616365396533623334646232643434626439 +36623034393564386362613631333137336637353464333634393630326662623033353366616266 +35373963316563346530333439633463613035613031383437393238333862613161373438396336 +38383466333364353236323830323533613636373332383432626164386134643866373530326139 +37306230326363313264303530346338613234336164636665353530393864393163343635656234 +32653731653330313732306461353133393536376433373732383432326236303833303032373436 +63353233396663343937363434623634646261393731653633383830396461386633643434383161 +62353031613532646263633437666331316435386437626439616637663664376566386662306235 +62343239613632643266396365313134393137353962363035633165306261336436363361356134 +65313631363232306364366366353132663864623533323566313238383237663532663165373563 +34333063393365633264343464333862343135323166353233616130666630666436363138393230 +31303461393861366532373963373837316238323435313266653466663138386434303232356463 +64663330383337656435346237613831333865363463313538623037336437616638363337356461 +38623236323134393639643135303939336564313732393861356332653330396430373262333763 +63303961633463616365356663626430613133386466626562636639323762333731363934393561 +39383263393964643639353963653063656565613532303264643431316439613032373130623162 +64363230306231383064363433623734326666323461656438623662346232353934633439313931 +34653330386564333934366134646163356234306462643061343964386164663461633733666563 +33643133613365373032656262366231336639303232346434333061343661323932333130316536 +61366563636265386633333164303539333565613039666563626434623234616135346664633364 +37373937323635643461386262326135666165363163396236623338356233656161303962373566 +35326139646466333934363964366536343439323864613066383435383435333037356362313565 +38326562393339613636303133333164336265646333396333666339383031663464303361366530 +35313033363931386633373566643866323939343765313030383330313830366432353331626339 +37376638326534323932363832373435376265653863633536333032313331356666386164663739 +33356235393537326136623038316434393166373865353461396566356566653835623765393337 +39353434316639313135383337343165353932383331313463366634336663303565316362623130 +39656664306336306662323161616630393234653530383133396463383236303931633635663133 +30333034303835373436353164613536303334633432356230303538373530343262386563623166 +31643036653833386332633933306439303463633163376231393936353665303637326132396332 +66653537343162623363346637333762636366636633316464646264396461303463356232343030 +30323735303535386363333833313966633463616161376633376265643336313765653933616466 +63373938366565376631346431623237326564366539326132393535343736336562376633613164 +38656631623339373263663638386531326136383338346438396438643435353033616365353333 +30386233383539626363343838323261653864633366653362656636623639653661653165346530 +65383732383038616639636335633337393333626336313838653261663733343861386464626638 +66366139396239326634383738373638643634613061393338353638396438333438616164356438 +37346265636535333163383835316334353836666163633166383135326232373936663365363663 +32643161363037666433313239336362303264356164626538643561306463636462643230623466 +62363033303638393137333334626162636465306661376635653664353631353930653165303131 +30326461353032616130643035323461656636373337346131303533656434393830613534656130 +62613939306233356363663661323439353466633565653666366130383861636565313834636230 +36313735316566663530643564663862386461366635666238323365343237373132346137613766 +64373830393664626165633339336266656465373662646661643032386161633339626236313130 +30373165373531626465373961363539313564636133363336376631326464303139643563636439 +63653838313637346132323331363232373234396664306365373435616432636164363464353335 +65663463396333303063626265313964616136316436316239393062646334323163663738313937 +36326230386664643434366332326139633537343630633936346637353732663266313865363538 +31343331653937396230383333653438383536646438373162616263626263636230633566626139 +32333862353066323537343930393832353838623038326666386637306239616662313237323935 +36306233303237383632656164656163313363616264643630333935393066633166303938393062 +61376335623361656461373731653465386233633666323236333737323165373931366263643961 +34313837383933623765346333626537323561326130323262333465653236353133366265623261 +35373734616436373738306636346363613632383636313333626562643638326333333435623437 +34306235306637393737653339303535353030353139653138373631336335323331373231663265 +63383533323739666262353731306439653537386436363137336364623635656266363733333630 +37666463646332373539623761656438383166633538636330316362326137333230653930623965 +64633431616137376230353133613833646235343161633931626661386438323434623831383737 +35393933386365353162333035393832616531636333623331646366343536373138613035396138 +38313366343737626662613266386265666465353332336230353430663031376336303263613863 +38303431666435363939636235313761656436653562643662323535346237333236326331393830 +65323061323263326461616539343364653961616538333436343431373639316439396638396361 +65393032623333353533643565393362346236383934623432386339396439326139333966383164 +38626663323261643865613365636634383331306463633838336530666163356234633564613961 +66326632393533306337613962653437333938316263656365343135626365656461323964326433 +63343430663837613162353661363338396166323766313933393535623332323932373063633963 +61383336313230653833323134303738366365356131366532663961643065393563346364316561 +35616137663837643964376337383531313334616465363038343461373630623236316332386466 +37363132333937313364643561616562623864623666313035313864643362653138393066326431 +35666565383036386464323166353333386337336666363966396535333232663231643666316130 +31376262393832313366663938653637656339663733313364616438636236383762353231666436 +61313563643262343164323830663063663764326132663139366538646536643031316163666662 +63333432653839363865346263343339623561373036393633363937616237313737366334633035 +63393661656138323936 diff --git a/roles/keystone/templates/keystone.service b/roles/keystone/templates/keystone.service index 6517c08..953a6e8 100644 --- a/roles/keystone/templates/keystone.service +++ b/roles/keystone/templates/keystone.service @@ -10,10 +10,13 @@ ExecStartPre=-/usr/bin/docker kill %n ExecStartPre=-/usr/bin/docker rm %n ExecStart=/usr/bin/docker run --name %n \ --add-host=mariadb:{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} \ - -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \ + -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \ -p 5000:5000 -p 35357:35357 \ -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys \ -v /srv/keystone/root:/root \ + -v /srv/keystone/certs:/certs \ + -v /srv/keystone/shibboleth/sp-key.pem:/etc/shibboleth/sp-key.pem \ + -v /srv/keystone/shibboleth/sp-cert.pem:/etc/shibboleth/sp-cert.pem \ {{ docker_image }} [Install] diff --git a/roles/neutron-controller/tasks/main.yml b/roles/neutron-controller/tasks/main.yml index f12959f..6c721cf 100644 --- a/roles/neutron-controller/tasks/main.yml +++ b/roles/neutron-controller/tasks/main.yml @@ -16,7 +16,7 @@ - set_fact: env_vars: > - -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" + -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}" -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}" -e "MY_IP={{ listen_ip | default(hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address']) }}" diff --git a/roles/nova-compute/templates/nova-compute.service b/roles/nova-compute/templates/nova-compute.service index bcf67cc..19def00 100644 --- a/roles/nova-compute/templates/nova-compute.service +++ b/roles/nova-compute/templates/nova-compute.service @@ -10,7 +10,7 @@ ExecStartPre=-/usr/bin/docker kill %n ExecStartPre=-/usr/bin/docker rm %n ExecStart=/usr/bin/docker run --name %n \ -e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['listen_ip'] | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}" \ - -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \ + -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \ -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}" \ -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['listen_ip'] | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}" \ -e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}" \ diff --git a/roles/nova-controller/tasks/main.yml b/roles/nova-controller/tasks/main.yml index f74a3de..ce5327c 100644 --- a/roles/nova-controller/tasks/main.yml +++ b/roles/nova-controller/tasks/main.yml @@ -15,10 +15,10 @@ - /srv/nova-controller/root - set_fact: - docker_image: registry.webhosting.rug.nl/hpc/openstack-nova-service:latest + docker_image: registry.webhosting.rug.nl/hpc/openstack-nova-service-merlin:latest env_vars: > -e "GLANCE_CONTROLLER_HOST={{ listen_ip | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}" - -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" + -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}" -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}" -e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}"