Without host mode the docker container id

is referenced in volume name.

ansible.cfg

@@ -3,3 +3,4 @@ inventory = merlin
 stdout_callback = debug
 vault_password_file = .vault_pass.txt
 forks = 20
+host_key_checking = false

common.yml

@@ -1,5 +1,12 @@
 ---
 - hosts: all
   become: True
+  vars_prompt:
+    - name: "docker_user"
+      private: no
+      prompt: "What is your p number?"
+    - name: "docker_pass"
+      prompt: "What is your password?"
+      private: yes
   roles:
       - common

group_vars/horizon.yml

@@ -0,0 +1,2 @@
+---
+security_fail2ban_enabled: false

heat_templates/example_cluster.yml

@@ -110,7 +110,7 @@ resources:
       networks:
         - network: {get_resource: internal_net}
 
-  volume_attachment:
+  vcompute_01_volume_attachment:
     type: OS::Cinder::VolumeAttachment
     properties:
       volume_id: {get_resource: vcompute01-volume}
@@ -130,7 +130,7 @@ resources:
       networks:
         - network: {get_resource: internal_net}
 
-  volume_attachment:
+  vcompute_02_volume_attachment:
     type: OS::Cinder::VolumeAttachment
     properties:
       volume_id: {get_resource: vcompute02-volume}

horizon.yml

@@ -6,4 +6,5 @@
 - hosts: horizon
   become: True
   roles:
+     - geerlingguy.security
      - horizon

post-install.yml

@@ -22,6 +22,10 @@
             --dns-nameserver 8.8.8.8 vlan983_subnet
         - openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
         - openstack keypair create --public-key /root/id_rsa.pub adminkey
+        - openstack security group rule create --protocol icmp default
+        - >
+            openstack security group rule create default
+            --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0
     - name: Install cirros image
       get_url:
         url: http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img

roles/cinder-storage/templates/cinder-storage.service

@@ -15,6 +15,7 @@ ExecStart=/usr/bin/docker run --name %n \
   -v /etc/ceph:/etc/ceph \
   -p 8777:8776 \
   -p 3260:3260 \
+  --network=host \
   {{ docker_image }}
 
 [Install]

roles/common/tasks/main.yml

@@ -5,7 +5,7 @@
 - name: Passwordless sudo for admins
   lineinfile: dest=/etc/sudoers line="%admin  ALL=(ALL:ALL) NOPASSWD:ALL"
 
-- include: users.yml
+- import_tasks: users.yml
 
 - name: common | install packages
   apt: pkg={{ item }} state=latest update_cache=yes
@@ -29,4 +29,10 @@
 - name: disable apparmor
   apt: pkg=apparmor state=absent
 
-- include: docker.yml
+- import_tasks: docker.yml
+
+- name: Log into DockerHub
+  docker_login:
+    registry: registry.webhosting.rug.nl
+    username: "{{ docker_user }}"
+    password: "{{ docker_pass }}"

roles/heat/tasks/main.yml

@@ -6,7 +6,7 @@
     name: secrets
 
 - set_fact:
-    docker_image: registry.webhosting.rug.nl/hpc/openstack-heat:latest
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-heat-merlin:latest
     env_vars: >
         -e "HEAT_HOST={{ listen_ip | default(hostvars[groups['heat'][0]]['ansible_default_ipv4']['address']) }}"
         -e "HEAT_PASSWORD={{ secrets['HEAT_PASSWORD'] }}"

roles/nova-compute/templates/nova-compute.service

@@ -48,6 +48,7 @@ ExecStart=/usr/bin/docker run --name %n \
     -v /lib/modules:/lib/modules \
     -v /etc/machine-id:/etc/machine-id \
     -v /etc/ceph:/etc/ceph \
+    -v /etc/hosts:/etc/hosts \
     --network host \
     {{ docker_image }} /etc/run.sh