From 7a6c9ac360ddc4918bc1a23e3da92b8e254a4ee6 Mon Sep 17 00:00:00 2001 From: Egon Rijpkema Date: Mon, 14 Aug 2017 16:40:06 +0200 Subject: [PATCH] Made Roles use repo wide secrets file. Made keystone use repo wide secrets file. Made glance-controller use repo wide secrets file. kill and then remove image Made neutron-controller use repo wide secrets file. Made nova-controller use repo wide secrets file Made nova-compute use repo wide secrets file. Made rabbitmq use repo wide secrets file. Allow creation of admin-openrc.sh in docker. added provider_interfaces. added persistent root folder. make each dir explicitely added missing env vars. mapped kvm machine-id from host --- hosts | 4 +- roles/glance-controller/tasks/main.yml | 22 ++++++--- .../templates/glance.service | 4 +- roles/horizon/templates/horizon.service | 3 +- roles/keystone/files/Dockerfile | 31 ------------- roles/keystone/files/bootstrap.sh | 16 ------- roles/keystone/files/keystone.conf | 12 ----- roles/keystone/scripts/initialize_db.sh | 2 +- roles/keystone/tasks/main.yml | 22 +++++++-- roles/keystone/templates/admin-openrc.sh | 2 +- roles/keystone/templates/keystone.service | 4 +- roles/mariadb/tasks/main.yml | 7 ++- .../{files => templates}/mysql.service | 4 +- roles/neutron-controller/tasks/main.yml | 20 ++++++--- .../templates/neutron-controller.service | 3 +- roles/nova-compute/tasks/main.yml | 5 +++ .../templates/nova-compute.service | 30 +++++++------ roles/nova-controller/tasks/main.yml | 45 ++++++++++++------- .../templates/nova-controller.service | 5 ++- roles/rabbitmq/files/rabbitmq.service | 6 +-- roles/rabbitmq/tasks/main.yml | 12 ++++- 21 files changed, 138 insertions(+), 121 deletions(-) delete mode 100644 roles/keystone/files/Dockerfile delete mode 100755 roles/keystone/files/bootstrap.sh delete mode 100644 roles/keystone/files/keystone.conf rename roles/mariadb/{files => templates}/mysql.service (75%) diff --git a/hosts b/hosts index d118511..a0526af 100644 --- a/hosts +++ b/hosts @@ -34,10 +34,10 @@ openstack01-node03 #run_options="-e CASSANDRA_SEEDS=172.23.41.1" [neutron-controller] -openstack01-node01 +openstack01-node01 provider_interface_name=ens192 [nova-controller] openstack01-node03 [nova-compute] -openstack01-node04 +openstack01-node04 provider_interface_name=dummy0 diff --git a/roles/glance-controller/tasks/main.yml b/roles/glance-controller/tasks/main.yml index 1c48274..7611313 100644 --- a/roles/glance-controller/tasks/main.yml +++ b/roles/glance-controller/tasks/main.yml @@ -1,18 +1,24 @@ # Build and install a docker image for glance. --- +- name: include secrets + include_vars: + file: ../../secrets.yml + name: secrets + - set_fact: docker_image: webhost12.service.rug.nl/hpc/openstack-glance:latest env_vars: > - -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" + -e "GLANCE_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}" + -e "GLANCE_PASSWORD={{ secrets['GLANCE_PASSWORD'] }}" + -e "GLANCE_USER=glance" + -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" - -e "MYSQL_ROOT_PASSWORD=geheim" - -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" - -e "GLANCE_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}" - -e "GLANCE_USER=glance" - -e "GLANCE_PASSWORD=geheim" + -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}" + -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}" + -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" + -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}" -e "RABBIT_USER=openstack" - -e "RABBIT_PASSWORD=geheim" - name: pull docker image docker_image: @@ -26,6 +32,7 @@ mode: 0777 with_items: - /srv/glance + - /srv/glance/root - name: install service file. template: @@ -42,6 +49,7 @@ /usr/bin/docker run --rm {{ env_vars }} --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \ + -v /srv/glance/root:/root \ {{ docker_image }} /etc/bootstrap.sh tags: bootstrap diff --git a/roles/glance-controller/templates/glance.service b/roles/glance-controller/templates/glance.service index 6caf7aa..ae82d66 100644 --- a/roles/glance-controller/templates/glance.service +++ b/roles/glance-controller/templates/glance.service @@ -6,9 +6,11 @@ Requires=docker.service [Service] TimeoutStartSec=0 Restart=always -ExecStartPre=-/usr/bin/docker rm -f %n +ExecStartPre=-/usr/bin/docker kill %n +ExecStartPre=-/usr/bin/docker rm %n ExecStart=/usr/bin/docker run --name %n \ {{ env_vars | replace('\n', '') }} \ + -v /srv/glance/root:/root \ -p 9292:9292 \ {{ docker_image }} diff --git a/roles/horizon/templates/horizon.service b/roles/horizon/templates/horizon.service index 9f1a843..6b15bd0 100644 --- a/roles/horizon/templates/horizon.service +++ b/roles/horizon/templates/horizon.service @@ -6,7 +6,8 @@ Requires=docker.service [Service] TimeoutStartSec=0 Restart=always -ExecStartPre=-/usr/bin/docker rm -f %n +ExecStartPre=-/usr/bin/docker kill %n +ExecStartPre=-/usr/bin/docker rm %n ExecStart=/usr/bin/docker run --name %n \ -e "MEMCACHED_SERVER={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \ -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \ diff --git a/roles/keystone/files/Dockerfile b/roles/keystone/files/Dockerfile deleted file mode 100644 index 5ca0acc..0000000 --- a/roles/keystone/files/Dockerfile +++ /dev/null @@ -1,31 +0,0 @@ -# Build keystone. It needs to be run with -# --add-host=mariadb: -# Wen starting with an initialized db, -# run keystone-manage db_sync from this docker first: -# $ docker run hpc/keystone --add-host=mariadb: "keystone-manage db_sync" - -FROM ubuntu:16.04 - -RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA - -RUN set -x \ - && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \ - && apt-get -y update \ - && apt-get -y install \ - && apt-get -y install keystone python-openstackclient \ - && apt-get -y clean - -# set admin token TODO: make this a secret -# in volume of met env -COPY keystone.conf /etc/keystone/keystone.conf - -RUN mkdir /etc/keystone/fernet-keys - -RUN chown keystone: /etc/keystone/fernet-keys - -COPY admin-openrc.sh root/admin-openrc.sh - -COPY bootstrap.sh /etc/bootstrap.sh - -#RUN keystone-manage db_sync -CMD apachectl -DFOREGROUND diff --git a/roles/keystone/files/bootstrap.sh b/roles/keystone/files/bootstrap.sh deleted file mode 100755 index bd8480d..0000000 --- a/roles/keystone/files/bootstrap.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -source /root/admin-openrc.sh - -openstack project create --domain default \ - --description "Service Project" service - -openstack project create --domain default \ - --description "Demo Project" demo - -openstack user create --domain default \ - --password geheim demo - -openstack role create user - -openstack role add --project demo --user demo user diff --git a/roles/keystone/files/keystone.conf b/roles/keystone/files/keystone.conf deleted file mode 100644 index ae08a24..0000000 --- a/roles/keystone/files/keystone.conf +++ /dev/null @@ -1,12 +0,0 @@ -[DEFAULT] - -verbose = true - -[database] -connection = mysql+pymysql://keystone:keystone@mariadb/keystone - -[token] -provider = fernet - -[identity] -default_domain_id = default diff --git a/roles/keystone/scripts/initialize_db.sh b/roles/keystone/scripts/initialize_db.sh index aec2967..40e658c 100644 --- a/roles/keystone/scripts/initialize_db.sh +++ b/roles/keystone/scripts/initialize_db.sh @@ -1,6 +1,6 @@ #!/bin/bash # Start a mariadb container to use its mysql client to initialize the keystone database. -docker run --rm -i mariadb:10.2 mysql -uroot -pgeheim --host "$1" << EOF +docker run --rm -i mariadb:10.2 mysql -uroot -p"$MYSQL_ROOT_PASSWORD" --host "$DB_HOST" << EOF CREATE DATABASE IF NOT EXISTS keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone'; diff --git a/roles/keystone/tasks/main.yml b/roles/keystone/tasks/main.yml index f65e3df..0aa665c 100644 --- a/roles/keystone/tasks/main.yml +++ b/roles/keystone/tasks/main.yml @@ -1,10 +1,20 @@ # Build and install a docker image for keystone. --- +- name: include secrets + include_vars: + file: ../../secrets.yml + name: secrets + - name: Make persistent directories file: - path: /srv/keystone/fernet-keys + path: "{{ item }}" state: directory mode: 0777 + with_items: + - /srv + - /srv/keystone + - /srv/keystone/fernet-keys + - /srv/keystone/root - set_fact: docker_image: webhost12.service.rug.nl/hpc/openstack-keystone:latest @@ -26,7 +36,10 @@ command: systemctl daemon-reload - name: Initialize db - script: scripts/initialize_db.sh {{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} + script: scripts/initialize_db.sh + environment: + MYSQL_ROOT_PASSWORD: "{{ secrets['MYSQL_ROOT_PASSWORD'] }}" + DB_HOST: "{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" register: result until: result|succeeded # sometimes the initial connect fails. @@ -47,7 +60,7 @@ - fernet_setup --keystone-user keystone --keystone-group keystone - credential_setup --keystone-user keystone --keystone-group keystone - > - bootstrap --bootstrap-password geheim + bootstrap --bootstrap-password {{ secrets['OS_PASSWORD'] }} --bootstrap-admin-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/ --bootstrap-internal-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/ --bootstrap-public-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:5000/v3/ @@ -63,5 +76,8 @@ /usr/bin/docker run --rm --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys + -v /srv/keystone/root:/root -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" + -e "OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3" + -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}" {{ docker_image }} bash /etc/bootstrap.sh diff --git a/roles/keystone/templates/admin-openrc.sh b/roles/keystone/templates/admin-openrc.sh index 219a24f..e825fda 100644 --- a/roles/keystone/templates/admin-openrc.sh +++ b/roles/keystone/templates/admin-openrc.sh @@ -1,5 +1,5 @@ export OS_TENANT_NAME=admin export OS_USERNAME=admin -export OS_PASSWORD=geheim +export OS_PASSWORD={{ hostvars[groups['keystone'][0]]['OS_PASSWORD'] }} export OS_AUTH_URL=http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3 export OS_IDENTITY_API_VERSION=3 diff --git a/roles/keystone/templates/keystone.service b/roles/keystone/templates/keystone.service index 95d9225..a9d0726 100644 --- a/roles/keystone/templates/keystone.service +++ b/roles/keystone/templates/keystone.service @@ -6,12 +6,14 @@ Requires=docker.service [Service] TimeoutStartSec=0 Restart=always -ExecStartPre=-/usr/bin/docker rm -f %n +ExecStartPre=-/usr/bin/docker kill %n +ExecStartPre=-/usr/bin/docker rm %n ExecStart=/usr/bin/docker run --name %n \ --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \ -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \ -p 5000:5000 -p 35357:35357 \ -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys \ + -v /srv/keystone/root:/root \ {{ docker_image }} [Install] diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml index 868dc22..b3c6ac4 100644 --- a/roles/mariadb/tasks/main.yml +++ b/roles/mariadb/tasks/main.yml @@ -1,8 +1,13 @@ # Install a docker based mariadb. --- +- name: include secrets + include_vars: + file: ../../secrets.yml + name: secrets + - name: install service file. template: - src: files/mysql.service + src: templates/mysql.service dest: /etc/systemd/system/mysql.service mode: 644 owner: root diff --git a/roles/mariadb/files/mysql.service b/roles/mariadb/templates/mysql.service similarity index 75% rename from roles/mariadb/files/mysql.service rename to roles/mariadb/templates/mysql.service index 3e9badf..530de12 100644 --- a/roles/mariadb/files/mysql.service +++ b/roles/mariadb/templates/mysql.service @@ -6,13 +6,13 @@ Requires=docker.service [Service] TimeoutStartSec=0 Restart=always -ExecStartPre=-/usr/bin/docker stop %n +ExecStartPre=-/usr/bin/docker kill %n || /bin/true ExecStartPre=-/usr/bin/docker rm %n ExecStartPre=/usr/bin/docker pull mariadb:10.2 ExecStart=/usr/bin/docker run -p 3306:3306 --name %n \ -v /srv/mariadb/lib/mysql:/var/lib/mysql \ -v /srv/mariadb/etc/mysql:/etc/mysql \ - -e MYSQL_ROOT_PASSWORD=geheim mariadb:10.2 + -e MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }} mariadb:10.2 [Install] WantedBy=multi-user.target diff --git a/roles/neutron-controller/tasks/main.yml b/roles/neutron-controller/tasks/main.yml index a28058d..09e4616 100644 --- a/roles/neutron-controller/tasks/main.yml +++ b/roles/neutron-controller/tasks/main.yml @@ -1,5 +1,10 @@ # Build and install a docker image for neutron-controller. --- +- name: include secrets + include_vars: + file: ../../secrets.yml + name: secrets + - set_fact: docker_image: "webhost12.service.rug.nl/hpc/openstack-neutron-controller:latest" @@ -11,18 +16,19 @@ - set_fact: env_vars: > -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" - -e "METADATA_SECRET=geheim" + -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" + -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}" -e "MY_IP={{ hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address'] }}" -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" - -e "MYSQL_ROOT_PASSWORD=geheim" - -e "NEUTRON_PASSWORD=geheim" + -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}" + -e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}" -e "NEUTRON_USER=neutron" -e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}" - -e "NOVA_PASSWORD=geheim" - -e "NOVA_USER=nova" - -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" + -e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}" + -e "NOVA_PLACEMENT_USER=placement" + -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}" -e "PROVIDER_INTERFACE_NAME={{ provider_interface_name }}" - -e "RABBIT_PASSWORD=geheim" + -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}" -e "RABBIT_USER=openstack" tags: env diff --git a/roles/neutron-controller/templates/neutron-controller.service b/roles/neutron-controller/templates/neutron-controller.service index 9473311..14352dc 100644 --- a/roles/neutron-controller/templates/neutron-controller.service +++ b/roles/neutron-controller/templates/neutron-controller.service @@ -6,7 +6,8 @@ Requires=docker.service [Service] TimeoutStartSec=0 Restart=always -ExecStartPre=-/usr/bin/docker rm -f %n +ExecStartPre=-/usr/bin/docker kill %n +ExecStartPre=-/usr/bin/docker rm %n ExecStart=/usr/bin/docker run --name %n \ {{ env_vars | replace('\n', '') }} \ --add-host=nova-controller:{{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }} \ diff --git a/roles/nova-compute/tasks/main.yml b/roles/nova-compute/tasks/main.yml index 9660888..7d1a029 100644 --- a/roles/nova-compute/tasks/main.yml +++ b/roles/nova-compute/tasks/main.yml @@ -1,5 +1,10 @@ # Build and install a docker image for nova-controller. --- +- name: include secrets + include_vars: + file: ../../secrets.yml + name: secrets + - set_fact: docker_image: webhost12.service.rug.nl/hpc/openstack-nova-compute:latest tags: facts diff --git a/roles/nova-compute/templates/nova-compute.service b/roles/nova-compute/templates/nova-compute.service index 49c662c..905f8c8 100644 --- a/roles/nova-compute/templates/nova-compute.service +++ b/roles/nova-compute/templates/nova-compute.service @@ -6,33 +6,37 @@ Requires=docker.service [Service] TimeoutStartSec=0 Restart=always -ExecStartPre=-/usr/bin/docker rm -f %n +ExecStartPre=-/usr/bin/docker kill %n +ExecStartPre=-/usr/bin/docker rm %n ExecStart=/usr/bin/docker run --name %n \ - -e "MY_IP={{ hostvars[groups['nova-compute'][0]]['ansible_default_ipv4']['address'] }}" \ - -e "NOVA_USER=nova" \ - -e "NOVA_COMPUTE_USER=nova_compute" \ - -e "NOVA_PASSWORD=geheim" \ - -e "NOVA_PLACEMENT_USER=placement" \ - -e "NOVA_PLACEMENT_PASSWORD=geheim" \ - -e "RABBIT_USER=openstack" \ - -e "RABBIT_PASSWORD=geheim" \ - -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" \ + -e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}" \ -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \ -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \ + -e "MY_IP={{ hostvars[groups['nova-compute'][0]]['ansible_default_ipv4']['address'] }}" \ -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" \ - -e "MYSQL_ROOT_PASSWORD=geheim" \ + -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}" \ -e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address'] }}" \ - -e "NEUTRON_PASSWORD=geheim" \ + -e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}" \ -e "NEUTRON_USER=neutron" \ + -e "NOVA_COMPUTE_USER=nova_compute" \ -e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}" \ + -e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}" \ + -e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}" \ + -e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}" \ + -e "NOVA_PLACEMENT_USER=placement" \ + -e "NOVA_USER=nova" \ + -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}" \ -e "PROVIDER_INTERFACE_NAME={{ provider_interface_name }}" \ - -e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}" \ + -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" \ + -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}" \ + -e "RABBIT_USER=openstack" \ --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \ --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \ --privileged \ -v /var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock \ -v /var/lib/nova/instances:/var/lib/nova/instances \ -v /lib/modules:/lib/modules \ + -v /etc/machine-id:/etc/machine-id \ --network host \ {{ docker_image }} /etc/run.sh diff --git a/roles/nova-controller/tasks/main.yml b/roles/nova-controller/tasks/main.yml index 7dda305..e843de2 100644 --- a/roles/nova-controller/tasks/main.yml +++ b/roles/nova-controller/tasks/main.yml @@ -1,25 +1,39 @@ # Build and install a docker image for nova-controller. --- +- name: include secrets + include_vars: + file: ../../secrets.yml + name: secrets + +- name: Make persistent directories + file: + path: "{ item }}" + state: directory + mode: 0777 + with_items: + - /srv/nova-controller + - /srv/nova-controller/root + - set_fact: docker_image: webhost12.service.rug.nl/hpc/openstack-nova-service:latest env_vars: > - -e "MY_IP={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}" - -e "NOVA_USER=nova" - -e "NOVA_PASSWORD=geheim" - -e "NOVA_PLACEMENT_USER=placement" - -e "NOVA_PLACEMENT_PASSWORD=geheim" - -e "RABBIT_USER=openstack" - -e "RABBIT_PASSWORD=geheim" - -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" - -e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" - -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" - -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" - -e "MYSQL_ROOT_PASSWORD=geheim" - -e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}" -e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}" - -e "NEUTRON_PASSWORD=geheim" + -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" + -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" + -e "MY_IP={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}" + -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" + -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}" + -e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" + -e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}" -e "NEUTRON_USER=neutron" - -e "METADATA_SECRET=geheim" + -e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}" + -e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}" + -e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}" + -e "NOVA_PLACEMENT_USER=placement" + -e "NOVA_USER=nova" + -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}" + -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}" + -e "RABBIT_USER=openstack" tags: facts - name: pull docker image @@ -43,6 +57,7 @@ {{ env_vars }} --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} + -v /srv/nova-controller/root:/root {{ docker_image }} /etc/bootstrap.sh tags: bootstrap diff --git a/roles/nova-controller/templates/nova-controller.service b/roles/nova-controller/templates/nova-controller.service index 3e68aa1..956f918 100644 --- a/roles/nova-controller/templates/nova-controller.service +++ b/roles/nova-controller/templates/nova-controller.service @@ -6,14 +6,17 @@ Requires=docker.service [Service] TimeoutStartSec=0 Restart=always -ExecStartPre=-/usr/bin/docker rm -f %n +ExecStartPre=-/usr/bin/docker kill %n +ExecStartPre=-/usr/bin/docker rm %n ExecStart=/usr/bin/docker run --name %n \ {{ env_vars | replace('\n', '') }} \ --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \ --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \ --privileged \ + -v /srv/nova-controller/root:/root \ -p 8774:8774 \ -p 8778:8778 \ + -p 6080:6080 \ {{ docker_image }} /etc/run.sh [Install] diff --git a/roles/rabbitmq/files/rabbitmq.service b/roles/rabbitmq/files/rabbitmq.service index 814dbdb..775706c 100644 --- a/roles/rabbitmq/files/rabbitmq.service +++ b/roles/rabbitmq/files/rabbitmq.service @@ -6,7 +6,7 @@ Requires=docker.service [Service] TimeoutStartSec=0 Restart=always -ExecStartPre=-/usr/bin/docker stop %n +ExecStartPre=-/usr/bin/docker kill %n ExecStartPre=-/usr/bin/docker rm %n ExecStartPre=/usr/bin/docker pull rabbitmq:latest ExecStart=/usr/bin/docker run \ @@ -14,8 +14,8 @@ ExecStart=/usr/bin/docker run \ --add-host "{{ hostvars[groups['rabbitmq'][1]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][1]]['ansible_default_ipv4']['address'] }}" \ --add-host "{{ hostvars[groups['rabbitmq'][2]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][2]]['ansible_default_ipv4']['address'] }}" \ -p 4369:4369 -p 25679:25679 -p 25672:25672 -p 5671-5672:5671-5672 -p 8080:15672 \ - -e "RABBITMQ_DEFAULT_USER=user" -e "RABBITMQ_DEFAULT_PASS=password" \ - -e "RABBITMQ_ERLANG_COOKIE=IHyW9HpfbXRL+pZkhGd8pA==" \ + -e "RABBITMQ_DEFAULT_USER=user" -e "RABBITMQ_DEFAULT_PASS={{ secrets['RABBIT_PASSWORD'] }}" \ + -e "RABBITMQ_ERLANG_COOKIE={{ secrets['RABBITMQ_ERLANG_COOKIE'] }}" \ -e "RABBITMQ_NODENAME=rabbit_{{ ansible_nodename }}" \ --hostname "{{ ansible_nodename }}" --name %n rabbitmq:3-management diff --git a/roles/rabbitmq/tasks/main.yml b/roles/rabbitmq/tasks/main.yml index 8ffb0f9..f4fca77 100644 --- a/roles/rabbitmq/tasks/main.yml +++ b/roles/rabbitmq/tasks/main.yml @@ -1,5 +1,13 @@ # Install a docker based rabbitMQ. --- +- name: include secrets + include_vars: + file: ../../secrets.yml + name: secrets + +- include_vars: + dir: 'vars' + - name: install service file. template: src: files/rabbitmq.service @@ -18,7 +26,7 @@ - name: wait for container to be started wait_for: - port: 15671 + port: 5672 - name: setup the cluster command: "docker exec -i rabbitmq.service {{ item }}" @@ -31,7 +39,7 @@ - name: create openstack user command: "docker exec -i rabbitmq.service {{ item }}" with_items: - - rabbitmqctl add_user openstack geheim + - rabbitmqctl add_user openstack "{{ secrets['RABBIT_PASSWORD'] }}" - rabbitmqctl set_permissions openstack ".*" ".*" ".*" when: ansible_nodename == hostname_node0 register: command_result