HPC/hpc-cloud
7
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: HPC:95ef38a3bad06de24170c90633c3c3c2c6c9e4bb
Branches Tags
HPC:master
HPC:develop
HPC:merlin
HPC:feature/add-variables
HPC:merlin-develop
HPC:feature/galera
HPC:feature/cinder-volume-encryption
HPC:umcg-0.2
HPC:umcg-0.1
..
compare: HPC:d7a9312682b4c47b52fea5572a534accc8643f75
Branches Tags
HPC:develop
HPC:merlin
HPC:master
HPC:feature/add-variables
HPC:merlin-develop
HPC:feature/galera
HPC:feature/cinder-volume-encryption
HPC:umcg-0.2
HPC:umcg-0.1

No commits in common. "95ef38a3bad06de24170c90633c3c3c2c6c9e4bb" and "d7a9312682b4c47b52fea5572a534accc8643f75" have entirely different histories.
95ef38a3ba ... d7a9312682

59 changed files with 627 additions and 1164 deletions
Show Stats Expand all files Collapse all files

49
README.md
View File

@ -1,48 +1,9 @@
# hpc-cloud
#hpc-cloud
This repository contains playbooks to bring up openstack components inside docker containers.
It makes use of ansible roles for the openstack components and the supporting infrastructure.
The following roles are installed.
### Openstack components.
* keystone
* glance-controller
* horizon
* neutron-controller
* nova-controller
* nova-compute
* cinder-controller
* cinder-storage
### Auxilary components:
* database (mariadb)
* rabbitmq (cluster of three nodes)
* memcached
## Getting started:
### Prerequisites:
* A cluster of servers to install the components on.
* The machines running nova-compute and neutron-controller need a separate interface for neutron to use.
* ubuntu 16.04 with python installed (usually already present).
* Access to the webhost12.service.rug.nl docker repository.
### Settings:
Passwords need be added to `secrets.yml.topol` and it needs to be saved as `secrets.yml`.
This can be done by running `./generate_secrets.py`.
Optionally, one can encrypt the secrtets by running `ansible-vault encrypt secrets.yml`.
### Secrets:
This repository will contain playbooks to bring up openstack components inside docker containers.
It makes use of [/home/egon/projects/hpc-cloud/roles/common/tasks/users.yml](ansible roles).
The roles can be set in the inventory file (hosts)
To bring up one role, for instance keystone, use:
$ ansible-playbook keystone.yml
To bring up all roles, use
$ ansible-playbook site.yml
Cirrently,Tue 25 Apr 2017 02:45:20 PM CEST, only mariadb and keystone are implemented. They can be brought up with
$ ansible-playbook main.yml

9
cinder-controller.yml
View File

@ -1,9 +0,0 @@
---
- hosts: all
name: Dummy to gather facts
tasks: []
- hosts: cinder-controller
become: True
roles:
- cinder-controller

9
cinder-storage.yml
View File

@ -1,9 +0,0 @@
---
- hosts: all
name: Dummy to gather facts
tasks: []
- hosts: cinder-storage
become: True
roles:
- cinder-storage

5
common.yml
View File

@ -1,5 +0,0 @@
---
- hosts: all
become: True
roles:
- common

5
dockerregistry.yml
View File

@ -1,5 +0,0 @@
---
- hosts: dockerregistry
become: True
roles:
- dockerregistry

33
generate_secrets.py
View File

@ -1,33 +0,0 @@
#!/usr/bin/env python
"""
Open the secrets.yml and replace all passwords.
Original is backed up.
"""
import random
import string
from subprocess import call
from yaml import load, dump
try:
from yaml import CLoader as Loader, CDumper as Dumper
except ImportError:
from yaml import Loader, Dumper
# length of generated passwords.
pass_length = 20
with open('secrets.yml.topol', 'r') as f:
data = load(f, Loader=Loader)
for key, value in data.iteritems():
data[key] = ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(pass_length))
# Make numbered backups of the secrets file.
call(['cp', '--backup=numbered', 'secrets.yml', 'secrets.yml.bak'])
with open('secrets.yml', 'w') as f:
dump(data, f, Dumper=Dumper, default_flow_style=False)

9
glance-controller.yml
View File

@ -1,9 +0,0 @@
---
- hosts: all
name: Dummy to gather facts
tasks: []
- hosts: glance-controller
become: True
roles:
- glance-controller

9
horizon.yml
View File

@ -1,9 +0,0 @@
---
- hosts: all
name: Dummy to gather facts
tasks: []
- hosts: horizon
become: True
roles:
- horizon

44
hosts
View File

@ -1,49 +1,15 @@
[databases]
openstack01-node02
ansible-test
[keystone]
openstack01-node03
[glance-controller]
openstack01-node02
[horizon]
openstack01-node03
ansible-test
[registry]
ansible-test
[rabbitmq]
openstack01-node01
openstack01-node02
openstack01-node03
ansible-test-mq
#[cassandra]
#openstack01-node[01:03]
#openstack01-node01
#
#[next_cassandra]
#openstack01-node02
#openstack01-node03
[memcached]
openstack01-node03
#[first_cassandra:vars]
#run_options=""
#
#[next_cassandra:vars]
#run_options="-e CASSANDRA_SEEDS=172.23.41.1"
[neutron-controller]
openstack01-node01 provider_interface_name=ens192
[nova-controller]
openstack01-node03
[cinder-controller]
openstack01-node03
[cinder-storage]
openstack01-node01 storage_volume=/dev/loop0
[nova-compute]
openstack01-node04 provider_interface_name=dummy0

9
keystone.yml
View File

@ -1,9 +0,0 @@
---
- hosts: databases
name: Dummy to gather facts
tasks: []
- hosts: keystone
become: True
roles:
- keystone

5
cassandra.yml → main.yml
View File

@ -1,6 +1,7 @@
---
# Run all plays as root.
- hosts: cassandra
- hosts: rabbitmq
become: True
roles:
- cassandra
- common
- rabbitmq

6
mariadb.yml
View File

@ -1,6 +0,0 @@
---
# Run all plays as root.
- hosts: databases
become: True
roles:
- mariadb

5
memcached.yml
View File

@ -1,5 +0,0 @@
---
- hosts: memcached
become: True
roles:
- memcached

9
neutron-controller.yml
View File

@ -1,9 +0,0 @@
---
- hosts: all
name: Dummy to gather facts
tasks: []
- hosts: neutron-controller
become: True
roles:
- neutron-controller

9
nova-compute.yml
View File

@ -1,9 +0,0 @@
---
- hosts: all
name: Dummy to gather facts
tasks: []
- hosts: nova-compute
become: True
roles:
- nova-compute

9
nova-controller.yml
View File

@ -1,9 +0,0 @@
---
- hosts: all
name: Dummy to gather facts
tasks: []
- hosts: nova-controller
become: True
roles:
- nova-controller

26
post-install.yml
View File

@ -1,26 +0,0 @@
---
- hosts: all
name: Dummy to gather facts
tasks: []
- hosts: keystone
become: True
vars_files:
- settings.yml
tasks:
- name: copy public key
copy:
content: "{{ rsa_pub }}"
dest: /srv/keystone/root/id_rsa.pub
- name: post install configuration
command: docker exec -i keystone.service bash -c "source /root/admin-openrc.sh && {{ item }}"
with_items:
- openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
- >
openstack subnet create --network provider
--allocation-pool start={{ allocation_pool['start'] }},end={{ allocation_pool['end'] }}
--dns-nameserver {{ dns_nameserver }} --gateway {{ gateway }} --subnet-range {{ subnet_range }} provider
- openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
- openstack keypair create --public-key /root/id_rsa.pub adminkey

7
rabbitmq.yml
View File

@ -1,7 +0,0 @@
---
- hosts: rabbitmq
become: True
roles:
- rabbitmq
vars:
hostname_node0: "{{ hostvars[groups['rabbitmq'][0]]['ansible_hostname'] }}"

15
roles/cassandra/tasks/main.yml
View File

@ -1,15 +0,0 @@
# Install a docker based cassandra cluster.
---
- name: install service file.
template:
src: templates/cassandra.service
dest: /etc/systemd/system/cassandra.service
mode: 644
owner: root
group: root
- name: install service file
command: systemctl daemon-reload
- name: make sure service is started
systemd:
name: cassandra.service
state: started

19
roles/cassandra/templates/cassandra.service
View File

@ -1,19 +0,0 @@
[Unit]
Description=Cassandra Container
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker stop %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStartPre=/usr/bin/docker pull cassandra:3.10
ExecStart=/usr/bin/docker run --name %n -v /srv/lib/cassandra:/var/lib/cassandra \
-p 7000:7000 -p 7001:7001 -p 7199:7199 -p 9042:9042 -p 9160:9160 \
-e CASSANDRA_BROADCAST_ADDRESS={{ansible_default_ipv4.address}} \
-e CASSANDRA_START_RPC=True \
cassandra:3.10
[Install]
WantedBy=multi-user.target

59
roles/cinder-controller/tasks/main.yml
View File

@ -1,59 +0,0 @@
# Build and install a docker image for cinder.
---
- name: include secrets
include_vars:
file: ../../secrets.yml
name: secrets
- set_fact:
docker_image: webhost12.service.rug.nl/hpc/openstack-cinder-controller:latest
env_vars: >
-e "MY_IP={{ ansible_default_ipv4.address }}"
-e "CINDER_HOST={{ hostvars[groups['cinder-controller'][0]]['ansible_default_ipv4']['address'] }}"
-e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
-e "CINDER_USER=cinder"
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
-e "RABBIT_USER=openstack"
- name: pull docker image
docker_image:
name: "{{ docker_image }}"
tags: pull
- name: Make build and persistent directories
file:
path: "{{ item }}"
state: directory
mode: 0777
with_items:
- /srv/cinder-controller
- /srv/cinder-controller/root
- name: install service file.
template:
src: templates/cinder-controller.service
dest: /etc/systemd/system/cinder-controller.service
mode: 644
owner: root
group: root
- command: systemctl daemon-reload
- name: Initialize database.
command: >
/usr/bin/docker run --rm
{{ env_vars }}
-v /srv/cinder-controller/root:/root \
{{ docker_image }} /etc/bootstrap.sh
tags: bootstrap
- name: make sure service is started
systemd:
name: cinder-controller.service
state: restarted

18
roles/cinder-controller/templates/cinder-controller.service
View File

@ -1,18 +0,0 @@
[Unit]
Description=Openstack Glance Container
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \
{{ env_vars | replace('\n', '') }} \
-v /srv/cinder-controller/root:/root \
-p 8776:8776 \
{{ docker_image }}
[Install]
WantedBy=multi-user.target

61
roles/cinder-storage/tasks/main.yml
View File

@ -1,61 +0,0 @@
# Build and install a docker image for cinder.
---
- name: include secrets
include_vars:
file: ../../secrets.yml
name: secrets
- set_fact:
docker_image: webhost12.service.rug.nl/hpc/openstack-cinder-storage:latest
env_vars: >
-e "MY_IP={{ ansible_default_ipv4.address }}"
-e "CINDER_HOST={{ hostvars[groups['cinder-storage'][0]]['ansible_default_ipv4']['address'] }}"
-e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
-e "CINDER_USER=cinder"
-e "GLANCE_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}"
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
-e "RABBIT_USER=openstack"
- name: pull docker image
docker_image:
name: "{{ docker_image }}"
tags: pull
- name: Make build and persistent directories
file:
path: "{{ item }}"
state: directory
mode: 0777
with_items:
- /srv/cinder-storage
- /srv/cinder-storage/root
- name: initial setup
command: >
/usr/bin/docker run --rm
--privileged
{{ env_vars }}
-v /srv/cinder-storage/root:/root \
-v "{{ storage_volume }}":/dev/cinder_storage_volume \
{{ docker_image }} /etc/bootstrap.sh
tags: bootstrap
- name: install service file.
template:
src: templates/cinder-storage.service
dest: /etc/systemd/system/cinder-storage.service
mode: 644
owner: root
group: root
- command: systemctl daemon-reload
- name: make sure service is started
systemd:
name: cinder-storage.service
state: restarted

20
roles/cinder-storage/templates/cinder-storage.service
View File

@ -1,20 +0,0 @@
[Unit]
Description=Openstack Glance Container
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \
--privileged \
{{ env_vars | replace('\n', '') }} \
-v /srv/cinder-storage/root:/root \
-v "{{ storage_volume }}":/dev/cinder_storage_volume \
-p 8776:8776 \
{{ docker_image }}
[Install]
WantedBy=multi-user.target

4
roles/common/tasks/main.yml
View File

@ -26,4 +26,6 @@
owner: root
group: root
- include: docker.yml
#- name: Load secrets file
# include_vars:
# file: secrets/password_list.yml

8
roles/common/tasks/users.yml
View File

@ -1,13 +1,8 @@
---
# Tasks to set users
- group:
name: admin
state: present
- user:
name: "{{ item }}"
comment: "Admin users"
group: admin
name: "{{ item }}"
with_items:
- egon
- wim
@ -23,3 +18,4 @@
user: egon
key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUBdTEHUj6MxvfEU7KcI+UPAvqJ9jGJ7hHm3e7XFTb9 egon@egon-pc'
state: present

5
roles/dockerregistry/files/dockerregistry.service
View File

@ -9,8 +9,9 @@ Restart=on-failure
ExecStartPre=-/usr/bin/docker stop %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStartPre=/usr/bin/docker pull registry:2
ExecStart=/usr/bin/docker run -d -p 5000:5000 --name %n \
-v /srv/dockerregistry/certs:/certs \
ExecStart=/usr/bin/docker run -d -p 5000:5000 --restart=always --name %n \
-v /srv/dockerregistry/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /srv/dockerregistry/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/docker-registry.hpc.service.rug.nl.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/docker-registry.hpc.service.rug.nl.key \
-e REGISTRY_HTTP_SECRET=jahNoh2teev0 registry:2

1
roles/dockerregistry/tasks/main.yml
View File

@ -1,5 +1,6 @@
# Install a docker based mariadb.
---
- include: ../common/tasks/docker.yml
- name: install service file.
template:
src: files/dockerregistry.service

59
roles/glance-controller/tasks/main.yml
View File

@ -1,59 +0,0 @@
# Build and install a docker image for glance.
---
- name: include secrets
include_vars:
file: ../../secrets.yml
name: secrets
- set_fact:
docker_image: webhost12.service.rug.nl/hpc/openstack-glance:latest
env_vars: >
-e "GLANCE_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}"
-e "GLANCE_PASSWORD={{ secrets['GLANCE_PASSWORD'] }}"
-e "GLANCE_USER=glance"
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
-e "RABBIT_USER=openstack"
- name: pull docker image
docker_image:
name: "{{ docker_image }}"
tags: pull
- name: Make build and persistent directories
file:
path: "{{ item }}"
state: directory
mode: 0777
with_items:
- /srv/glance
- /srv/glance/root
- name: install service file.
template:
src: templates/glance.service
dest: /etc/systemd/system/glance.service
mode: 644
owner: root
group: root
- command: systemctl daemon-reload
- name: Initialize database.
command: >
/usr/bin/docker run --rm
{{ env_vars }}
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
-v /srv/glance/root:/root \
{{ docker_image }} /etc/bootstrap.sh
tags: bootstrap
- name: make sure service is started
systemd:
name: glance.service
state: restarted

18
roles/glance-controller/templates/glance.service
View File

@ -1,18 +0,0 @@
[Unit]
Description=Openstack Glance Container
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \
{{ env_vars | replace('\n', '') }} \
-v /srv/glance/root:/root \
-p 9292:9292 \
{{ docker_image }}
[Install]
WantedBy=multi-user.target

19
roles/horizon/files/Dockerfile Normal file
View File

@ -0,0 +1,19 @@
# Build keystone. It needs to be run with
# --add-host=mariadb:<ip mariadb listens tp>
# Wen starting with an initialized db,
# run keystone-manage db_sync from this docker first:
# $ docker run hpc/keystone --add-host=mariadb:<ip mariadb> "keystone-manage db_sync"
FROM ubuntu:zesty
RUN apt-get update
RUN apt-get install --yes openstack-dashboard
ADD local_settings.py /etc/openstack-dashboard/local_settings.py
RUN chown -R www-data: /var/lib/openstack-dashboard/
#RUN keystone-manage db_sync
CMD apachectl -DFOREGROUND

503
roles/horizon/files/local_settings.py Normal file
View File

@ -0,0 +1,503 @@
# -*- coding: utf-8 -*-
import os
from django.utils.translation import ugettext_lazy as _
from horizon.utils import secret_key
from openstack_dashboard.settings import HORIZON_CONFIG
DEBUG = False
WEBROOT = '/'
LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
SECRET_KEY = secret_key.generate_or_read_from_file('/var/lib/openstack-dashboard/secret_key')
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
},
}
# Send email to the console by default
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
# Configure these for your outgoing email host
#EMAIL_HOST = 'smtp.my-company.com'
#EMAIL_PORT = 25
#EMAIL_HOST_USER = 'djangomail'
#EMAIL_HOST_PASSWORD = 'top-secret!'
OPENSTACK_HOST = "172.23.38.125"
OPENSTACK_KEYSTONE_URL = "http://%s:5001/v2.0" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
# Disable SSL certificate checks (useful for self-signed certificates):
#OPENSTACK_SSL_NO_VERIFY = True
# The CA certificate to use to verify SSL connections
#OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
# capabilities of the auth backend for Keystone.
# If Keystone has been configured to use LDAP as the auth backend then set
# can_edit_user to False and name to 'ldap'.
#
# TODO(tres): Remove these once Keystone has an API to identify auth backend.
OPENSTACK_KEYSTONE_BACKEND = {
'name': 'native',
'can_edit_user': True,
'can_edit_group': True,
'can_edit_project': True,
'can_edit_domain': True,
'can_edit_role': True,
}
# Setting this to True, will add a new "Retrieve Password" action on instance,
# allowing Admin session password retrieval/decryption.
#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
# Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to
# determine the experience to enable. Set them both to true to enable
# both.
#LAUNCH_INSTANCE_LEGACY_ENABLED = True
#LAUNCH_INSTANCE_NG_ENABLED = False
# The Xen Hypervisor has the ability to set the mount point for volumes
# attached to instances (other Hypervisors currently do not). Setting
# can_set_mount_point to True will add the option to set the mount point
# from the UI.
OPENSTACK_HYPERVISOR_FEATURES = {
'can_set_mount_point': False,
'can_set_password': False,
'requires_keypair': False,
'enable_quotas': True
}
# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional
# services provided by cinder that is not exposed by its extension API.
OPENSTACK_CINDER_FEATURES = {
'enable_backup': False,
}
# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional
# services provided by neutron. Options currently available are load
# balancer service, security groups, quotas, VPN service.
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': True,
'enable_quotas': True,
'enable_ipv6': True,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': True,
'enable_firewall': True,
'enable_vpn': True,
'enable_fip_topology_check': True,
# profile_support can be turned on if needed.
'profile_support': None,
#'profile_support': 'cisco',
'supported_vnic_types': ['*'],
}
# The OPENSTACK_HEAT_STACK settings can be used to disable password
# field required while launching the stack.
OPENSTACK_HEAT_STACK = {
'enable_user_pass': True,
}
#OPENSTACK_IMAGE_BACKEND = {
# 'image_formats': [
# ('', _('Select format')),
# ('aki', _('AKI - Amazon Kernel Image')),
# ('ami', _('AMI - Amazon Machine Image')),
# ('ari', _('ARI - Amazon Ramdisk Image')),
# ('docker', _('Docker')),
# ('iso', _('ISO - Optical Disk Image')),
# ('ova', _('OVA - Open Virtual Appliance')),
# ('qcow2', _('QCOW2 - QEMU Emulator')),
# ('raw', _('Raw')),
# ('vdi', _('VDI - Virtual Disk Image')),
# ('vhd', _('VHD - Virtual Hard Disk')),
# ('vmdk', _('VMDK - Virtual Machine Disk')),
# ],
#}
# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for
# image custom property attributes that appear on image detail pages.
IMAGE_CUSTOM_PROPERTY_TITLES = {
"architecture": _("Architecture"),
"kernel_id": _("Kernel ID"),
"ramdisk_id": _("Ramdisk ID"),
"image_state": _("Euca2ools state"),
"project_id": _("Project ID"),
"image_type": _("Image Type"),
}
# The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image
# custom properties should not be displayed in the Image Custom Properties
# table.
IMAGE_RESERVED_CUSTOM_PROPERTIES = []
# Set to 'legacy' or 'direct' to allow users to upload images to glance via
# Horizon server. When enabled, a file form field will appear on the create
# image form. If set to 'off', there will be no file form field on the create
# image form. See documentation for deployment considerations.
#HORIZON_IMAGES_UPLOAD_MODE = 'legacy'
# Allow a location to be set when creating or updating Glance images.
# If using Glance V2, this value should be False unless the Glance
# configuration and policies allow setting locations.
#IMAGES_ALLOW_LOCATION = False
# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
# in the Keystone service catalog. Use this setting when Horizon is running
# external to the OpenStack environment. The default is 'publicURL'.
#OPENSTACK_ENDPOINT_TYPE = "publicURL"
# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the
# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints
# in the Keystone service catalog. Use this setting when Horizon is running
# external to the OpenStack environment. The default is None. This
# value should differ from OPENSTACK_ENDPOINT_TYPE if used.
#SECONDARY_ENDPOINT_TYPE = None
# The number of objects (Swift containers/objects or images) to display
# on a single page before providing a paging element (a "more" link)
# to paginate results.
API_RESULT_LIMIT = 1000
API_RESULT_PAGE_SIZE = 20
# The size of chunk in bytes for downloading objects from Swift
SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
# The default number of lines displayed for instance console log.
INSTANCE_LOG_LENGTH = 35
# Specify a maximum number of items to display in a dropdown.
DROPDOWN_MAX_ITEMS = 30
# The timezone of the server. This should correspond with the timezone
# of your entire OpenStack installation, and hopefully be in UTC.
TIME_ZONE = "UTC"
# When launching an instance, the menu of available flavors is
# sorted by RAM usage, ascending. If you would like a different sort order,
# you can provide another flavor attribute as sorting key. Alternatively, you
# can provide a custom callback method to use for sorting. You can also provide
# a flag for reverse sort. For more info, see
# http://docs.python.org/2/library/functions.html#sorted
#CREATE_INSTANCE_FLAVOR_SORT = {
# 'key': 'name',
# # or
# 'key': my_awesome_callback_method,
# 'reverse': False,
#}
# Set this to True to display an 'Admin Password' field on the Change Password
# form to verify that it is indeed the admin logged-in who wants to change
# the password.
#ENFORCE_PASSWORD_CHECK = False
# Modules that provide /auth routes that can be used to handle different types
# of user authentication. Add auth plugins that require extra route handling to
# this list.
#AUTHENTICATION_URLS = [
# 'openstack_auth.urls',
#]
# The Horizon Policy Enforcement engine uses these values to load per service
# policy rule files. The content of these files should match the files the
# OpenStack services are using to determine role based access control in the
# target installation.
# Path to directory containing policy.json files
#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf")
# Map of local copy of service policy files.
# Please insure that your identity policy file matches the one being used on
# your keystone servers. There is an alternate policy file that may be used
# in the Keystone v3 multi-domain case, policy.v3cloudsample.json.
# This file is not included in the Horizon repository by default but can be
# found at
# http://git.openstack.org/cgit/openstack/keystone/tree/etc/ \
# policy.v3cloudsample.json
# Having matching policy files on the Horizon and Keystone servers is essential
# for normal operation. This holds true for all services and their policy files.
#POLICY_FILES = {
# 'identity': 'keystone_policy.json',
# 'compute': 'nova_policy.json',
# 'volume': 'cinder_policy.json',
# 'image': 'glance_policy.json',
# 'orchestration': 'heat_policy.json',
# 'network': 'neutron_policy.json',
#}
# TODO: (david-lyle) remove when plugins support adding settings.
# Note: Only used when trove-dashboard plugin is configured to be used by
# Horizon.
# Trove user and database extension support. By default support for
# creating users and databases on database instances is turned on.
# To disable these extensions set the permission here to something
# unusable such as ["!"].
#TROVE_ADD_USER_PERMS = []
#TROVE_ADD_DATABASE_PERMS = []
# Change this patch to the appropriate list of tuples containing
# a key, label and static directory containing two files:
# _variables.scss and _styles.scss
#AVAILABLE_THEMES = [
# ('default', 'Default', 'themes/default'),
# ('material', 'Material', 'themes/material'),
#]
LOGGING = {
'version': 1,
# When set to True this will disable all logging except
# for loggers specified in this configuration dictionary. Note that
# if nothing is specified here and disable_existing_loggers is True,
# django.db.backends will still log unless it is disabled explicitly.
'disable_existing_loggers': False,
'formatters': {
'operation': {
# The format of "%(message)s" is defined by
# OPERATION_LOG_OPTIONS['format']
'format': '%(asctime)s %(message)s'
},
},
'handlers': {
'null': {
'level': 'DEBUG',
'class': 'logging.NullHandler',
},
'console': {
# Set the level to "DEBUG" for verbose output logging.
'level': 'INFO',
'class': 'logging.StreamHandler',
},
'operation': {
'level': 'INFO',
'class': 'logging.StreamHandler',
'formatter': 'operation',
},
},
'loggers': {
# Logging from django.db.backends is VERY verbose, send to null
# by default.
'django.db.backends': {
'handlers': ['null'],
'propagate': False,
},
'requests': {
'handlers': ['null'],
'propagate': False,
},
'horizon': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'horizon.operation_log': {
'handlers': ['operation'],
'level': 'INFO',
'propagate': False,
},
'openstack_dashboard': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'novaclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'cinderclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'keystoneclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'glanceclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'neutronclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'heatclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'swiftclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'openstack_auth': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'nose.plugins.manager': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'django': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'iso8601': {
'handlers': ['null'],
'propagate': False,
},
'scss': {
'handlers': ['null'],
'propagate': False,
},
},
}
# 'direction' should not be specified for all_tcp/udp/icmp.
# It is specified in the form.
SECURITY_GROUP_RULES = {
'all_tcp': {
'name': _('All TCP'),
'ip_protocol': 'tcp',
'from_port': '1',
'to_port': '65535',
},
'all_udp': {
'name': _('All UDP'),
'ip_protocol': 'udp',
'from_port': '1',
'to_port': '65535',
},
'all_icmp': {
'name': _('All ICMP'),
'ip_protocol': 'icmp',
'from_port': '-1',
'to_port': '-1',
},
'ssh': {
'name': 'SSH',
'ip_protocol': 'tcp',
'from_port': '22',
'to_port': '22',
},
'smtp': {
'name': 'SMTP',
'ip_protocol': 'tcp',
'from_port': '25',
'to_port': '25',
},
'dns': {
'name': 'DNS',
'ip_protocol': 'tcp',
'from_port': '53',
'to_port': '53',
},
'http': {
'name': 'HTTP',
'ip_protocol': 'tcp',
'from_port': '80',
'to_port': '80',
},
'pop3': {
'name': 'POP3',
'ip_protocol': 'tcp',
'from_port': '110',
'to_port': '110',
},
'imap': {
'name': 'IMAP',
'ip_protocol': 'tcp',
'from_port': '143',
'to_port': '143',
},
'ldap': {
'name': 'LDAP',
'ip_protocol': 'tcp',
'from_port': '389',
'to_port': '389',
},
'https': {
'name': 'HTTPS',
'ip_protocol': 'tcp',
'from_port': '443',
'to_port': '443',
},
'smtps': {
'name': 'SMTPS',
'ip_protocol': 'tcp',
'from_port': '465',
'to_port': '465',
},
'imaps': {
'name': 'IMAPS',
'ip_protocol': 'tcp',
'from_port': '993',
'to_port': '993',
},
'pop3s': {
'name': 'POP3S',
'ip_protocol': 'tcp',
'from_port': '995',
'to_port': '995',
},
'ms_sql': {
'name': 'MS SQL',
'ip_protocol': 'tcp',
'from_port': '1433',
'to_port': '1433',
},
'mysql': {
'name': 'MYSQL',
'ip_protocol': 'tcp',
'from_port': '3306',
'to_port': '3306',
},
'rdp': {
'name': 'RDP',
'ip_protocol': 'tcp',
'from_port': '3389',
'to_port': '3389',
},
}
REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
'LAUNCH_INSTANCE_DEFAULTS',
'OPENSTACK_IMAGE_FORMATS',
'OPENSTACK_KEYSTONE_DEFAULT_DOMAIN']
# The default theme if no cookie is present
DEFAULT_THEME = 'ubuntu'
# Default Ubuntu apache configuration uses /horizon as the application root.
WEBROOT='/horizon/'
# By default, validation of the HTTP Host header is disabled. Production
# installations should have this set accordingly. For more information
# see https://docs.djangoproject.com/en/dev/ref/settings/.
ALLOWED_HOSTS = '*'
# Compress all assets offline as part of packaging installation
COMPRESS_OFFLINE = True
ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}

25
roles/horizon/tasks/main.yml
View File

@ -1,25 +0,0 @@
# Run hpc/horizon
---
- set_fact:
docker_image: webhost12.service.rug.nl/hpc/openstack-horizon:latest
- name: pull docker image
docker_image:
name: "{{ docker_image }}"
force: True
tags: pull
- name: install service file.
template:
src: templates/horizon.service
dest: /etc/systemd/system/horizon.service
mode: 644
owner: root
group: root
- command: systemctl daemon-reload
- name: make sure service is started
systemd:
name: horizon.service
state: restarted

19
roles/horizon/templates/horizon.service
View File

@ -1,19 +0,0 @@
[Unit]
Description=Openstack Glance Container
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \
-e "MEMCACHED_SERVER={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
-p 80:80 \
{{ docker_image }}
[Install]
WantedBy=multi-user.target

22
roles/keystone/files/Dockerfile Normal file
View File

@ -0,0 +1,22 @@
# Build keystone. It needs to be run with
# --add-host=mariadb:<ip mariadb listens tp>
# Wen starting with an initialized db,
# run keystone-manage db_sync from this docker first:
# $ docker run hpc/keystone --add-host=mariadb:<ip mariadb> "keystone-manage db_sync"
FROM ubuntu:zesty
RUN apt-get update
RUN apt-get install --yes keystone
# set admin token TODO: make this a secret
ADD keystone.conf /etc/keystone/keystone.conf
RUN mkdir /etc/keystone/fernet-keys
RUN chown keystone: /etc/keystone/fernet-keys
#RUN keystone-manage db_sync
CMD apachectl -DFOREGROUND

8
roles/keystone/files/keystone.conf Normal file
View File

@ -0,0 +1,8 @@
[DEFAULT]
[database]
connection = mysql+pymysql://keystone:keystone@mariadb/keystone
[token]
provider = fernet

2
roles/keystone/scripts/initialize_db.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
# Start a mariadb container to use its mysql client to initialize the keystone database.
docker run --rm -i mariadb:10.2 mysql -uroot -p"$MYSQL_ROOT_PASSWORD" --host "$DB_HOST" << EOF
docker run -i mariadb:10.1.22 mysql -uroot -pgeheim --host 172.23.38.125 << EOF
CREATE DATABASE IF NOT EXISTS keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';

68
roles/keystone/tasks/main.yml
View File

@ -1,29 +1,25 @@
# Build and install a docker image for keystone.
---
- name: include secrets
include_vars:
file: ../../secrets.yml
name: secrets
- include: ../common/tasks/docker.yml
- name: Make persistent directories
- name: Make build and persistent directories
file:
path: "{{ item }}"
state: directory
mode: 0777
with_items:
- /srv
- /srv/keystone
- /srv/keystone/fernet-keys
- /srv/keystone/root
- /srv/keystone
- /srv/keystone/fernet-keys
- set_fact:
docker_image: webhost12.service.rug.nl/hpc/openstack-keystone:latest
- name: install Dockerfile
copy:
src: files/
dest: /srv/keystone
- name: pull docker image
- name: build keystone image
docker_image:
name: "{{ docker_image }}"
force: True
tags: pull
path: /srv/keystone
name: hpc/keystone
- name: install service file.
template:
@ -36,49 +32,27 @@
- name: install service file
command: systemctl daemon-reload
- name: make sure service is started
systemd:
name: keystone.service
state: started
- name: Initialize db
script: scripts/initialize_db.sh
environment:
MYSQL_ROOT_PASSWORD: "{{ secrets['MYSQL_ROOT_PASSWORD'] }}"
DB_HOST: "{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
register: result
until: result|succeeded
# sometimes the initial connect fails.
# Retry until it succeeds.
retries: 7
delay: 3
ignore_errors: yes
- name: keystone manage commands to setup db
command: >
/usr/bin/docker run --rm
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
{{ docker_image }} keystone-manage {{ item }}
hpc/keystone keystone-manage {{ item }}
with_items:
- db_sync
- fernet_setup --keystone-user keystone --keystone-group keystone
- credential_setup --keystone-user keystone --keystone-group keystone
- >
bootstrap --bootstrap-password {{ secrets['OS_PASSWORD'] }}
--bootstrap-admin-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
--bootstrap-internal-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
--bootstrap-public-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:5000/v3/
bootstrap --bootstrap-password geheim
--bootstrap-admin-url http://localhost:35357/v3/
--bootstrap-internal-url http://localhost:35357/v3/
--bootstrap-public-url http://localhost:5000/v3/
--bootstrap-region-id RegionOne
- name: make sure service is started
systemd:
name: keystone.service
state: restarted
- name: Create a domain, projects users and roles
command: >
/usr/bin/docker run --rm
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
-v /srv/keystone/root:/root
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-e "OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3"
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
{{ docker_image }} bash /etc/bootstrap.sh

5
roles/keystone/templates/admin-openrc.sh
View File

@ -1,5 +0,0 @@
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD={{ hostvars[groups['keystone'][0]]['OS_PASSWORD'] }}
export OS_AUTH_URL=http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3
export OS_IDENTITY_API_VERSION=3

8
roles/keystone/templates/keystone.service
View File

@ -6,15 +6,13 @@ Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker stop %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
-p 5000:5000 -p 35357:35357 \
-p 5001:5000 -p 35357:35357 \
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys \
-v /srv/keystone/root:/root \
{{ docker_image }}
hpc/keystone
[Install]
WantedBy=multi-user.target

68
roles/mariadb/files/my.cnf
View File

@ -1,68 +0,0 @@
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
[mysqld]
skip-host-cache
skip-name-resolve
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc_messages_dir = /usr/share/mysql
lc_messages = en_US
skip-external-locking
connect_timeout = 5
wait_timeout = 600
max_allowed_packet = 16M
thread_cache_size = 128
sort_buffer_size = 4M
bulk_insert_buffer_size = 16M
tmp_table_size = 32M
max_heap_table_size = 32M
myisam_recover_options = BACKUP
key_buffer_size = 128M
table_open_cache = 400
myisam_sort_buffer_size = 512M
concurrent_insert = 2
read_buffer_size = 2M
read_rnd_buffer_size = 1M
query_cache_limit = 128K
query_cache_size = 64M
slow_query_log_file = /var/log/mysql/mariadb-slow.log
long_query_time = 10
expire_logs_days = 10
max_binlog_size = 100M
default_storage_engine = InnoDB
innodb_buffer_pool_size = 128M
innodb_log_buffer_size = 8M
innodb_file_per_table = 1
innodb_open_files = 400
innodb_io_capacity = 400
innodb_flush_method = O_DIRECT
default-storage-engine = innodb
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[galera]
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
[mysql]
[isamchk]
key_buffer = 16M

16
roles/mariadb/files/mysql.service Normal file
View File

@ -0,0 +1,16 @@
[Unit]
Description=Mariadb Container
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker stop %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStartPre=/usr/bin/docker pull mariadb:10.1.22
ExecStart=/usr/bin/docker run -p 3306:3306 --name %n -v /srv/lib/mysql:/var/lib/mysql \
-e MYSQL_ROOT_PASSWORD=geheim mariadb:10.1.22
[Install]
WantedBy=multi-user.target

28
roles/mariadb/tasks/main.yml
View File

@ -1,35 +1,15 @@
# Install a docker based mariadb.
---
- name: include secrets
include_vars:
file: ../../secrets.yml
name: secrets
- include: ../common/tasks/docker.yml
- name: install service file.
template:
src: templates/mysql.service
src: files/mysql.service
dest: /etc/systemd/system/mysql.service
mode: 644
owner: root
group: root
- name: make mariadb settings volume
file:
path: "{{ item }}"
state: directory
mode: 0777
with_items:
- /srv/mariadb/lib/mysql
- /srv/mariadb/etc/mysql
- name: place settings file
copy:
src: files/my.cnf
dest: /srv/mariadb/etc/mysql
mode: 660
- command: systemctl daemon-reload
- name: install service file
command: systemctl daemon-reload
- name: make sure service is started
systemd:
name: mysql.service

18
roles/mariadb/templates/mysql.service
View File

@ -1,18 +0,0 @@
[Unit]
Description=Mariadb Container
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker kill %n || /bin/true
ExecStartPre=-/usr/bin/docker rm %n
ExecStartPre=/usr/bin/docker pull mariadb:10.2
ExecStart=/usr/bin/docker run -p 3306:3306 --name %n \
-v /srv/mariadb/lib/mysql:/var/lib/mysql \
-v /srv/mariadb/etc/mysql:/etc/mysql \
-e MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }} mariadb:10.2
[Install]
WantedBy=multi-user.target

15
roles/memcached/files/memcached.service
View File

@ -1,15 +0,0 @@
[Unit]
Description=memcached Container
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker stop %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStartPre=/usr/bin/docker pull memcached:1.4
ExecStart=/usr/bin/docker run --name %n -p 11211:11211 -m 1024m memcached:1.4
[Install]
WantedBy=multi-user.target

15
roles/memcached/tasks/main.yml
View File

@ -1,15 +0,0 @@
# Install a docker based mariadb.
---
- name: install service file.
template:
src: files/memcached.service
dest: /etc/systemd/system/memcached.service
mode: 644
owner: root
group: root
- name: install service file
command: systemctl daemon-reload
- name: make sure service is started
systemd:
name: memcached.service
state: started

62
roles/neutron-controller/tasks/main.yml
View File

@ -1,62 +0,0 @@
# Build and install a docker image for neutron-controller.
---
- name: include secrets
include_vars:
file: ../../secrets.yml
name: secrets
- set_fact:
docker_image: "webhost12.service.rug.nl/hpc/openstack-neutron-controller:latest"
- name: pull docker image
docker_image:
name: "{{ docker_image }}"
force: True
tags: pull
- set_fact:
env_vars: >
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
-e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}"
-e "MY_IP={{ hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address'] }}"
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
-e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}"
-e "NEUTRON_USER=neutron"
-e "NOVA_USER=nova"
-e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}"
-e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
-e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}"
-e "NOVA_PLACEMENT_USER=placement"
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
-e "PROVIDER_INTERFACE_NAME={{ provider_interface_name }}"
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
-e "RABBIT_USER=openstack"
tags: env
- name: install service file.
template:
src: templates/neutron-controller.service
dest: /etc/systemd/system/neutron-controller.service
mode: 644
owner: root
group: root
- command: systemctl daemon-reload
- name: Initialize neutron
command: >
/usr/bin/docker run --rm
{{ env_vars }}
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}
--network host
{{ docker_image }}
/etc/bootstrap.sh
tags: bootstrap
- name: make sure service is started
systemd:
name: neutron-controller.service
state: restarted

23
roles/neutron-controller/templates/neutron-controller.service
View File

@ -1,23 +0,0 @@
[Unit]
Description=Openstack neutron-controller Container
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \
{{ env_vars | replace('\n', '') }} \
--add-host=nova-controller:{{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }} \
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
--add-host={{ ansible_nodename }}:{{ ansible_default_ipv4.address }} \
--privileged \
--network host \
-v /lib/modules:/lib/modules \
{{ docker_image }} /etc/run.sh
[Install]
WantedBy=multi-user.target

43
roles/nova-compute/tasks/main.yml
View File

@ -1,43 +0,0 @@
# Build and install a docker image for nova-controller.
---
- name: include secrets
include_vars:
file: ../../secrets.yml
name: secrets
- set_fact:
docker_image: webhost12.service.rug.nl/hpc/openstack-nova-compute:latest
tags: facts
- name: pull docker image
docker_image:
name: "{{ docker_image }}"
force: True
tags: pull
- name: install service file.
template:
src: templates/nova-compute.service
dest: /etc/systemd/system/nova-compute.service
mode: 644
owner: root
group: root
- command: systemctl daemon-reload
- apt:
name: '{{ item }}'
with_items:
- kvm
- libvirt0
- libvirt-bin
- qemu
- name: make sure service is started
systemd:
name: nova-compute.service
state: restarted
- name: let nova controler discover new host
command: docker exec -i nova-controller.service nova-manage cell_v2 discover_hosts
delegate_to: "{{ hostvars[groups['nova-controller'][0]]['ansible_hostname'] }}"

44
roles/nova-compute/templates/nova-compute.service
View File

@ -1,44 +0,0 @@
[Unit]
Description=Openstack nova-compute Container
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \
-e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}" \
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \
-e "MY_IP={{ hostvars[groups['nova-compute'][0]]['ansible_default_ipv4']['address'] }}" \
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" \
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}" \
-e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address'] }}" \
-e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}" \
-e "NEUTRON_USER=neutron" \
-e "NOVA_COMPUTE_USER=nova_compute" \
-e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}" \
-e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}" \
-e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}" \
-e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}" \
-e "NOVA_PLACEMENT_USER=placement" \
-e "NOVA_USER=nova" \
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}" \
-e "PROVIDER_INTERFACE_NAME={{ provider_interface_name }}" \
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" \
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}" \
-e "RABBIT_USER=openstack" \
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
--privileged \
-v /var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock \
-v /var/lib/nova/instances:/var/lib/nova/instances \
-v /lib/modules:/lib/modules \
-v /etc/machine-id:/etc/machine-id \
--network host \
{{ docker_image }} /etc/run.sh
[Install]
WantedBy=multi-user.target

69
roles/nova-controller/tasks/main.yml
View File

@ -1,69 +0,0 @@
# Build and install a docker image for nova-controller.
---
- name: include secrets
include_vars:
file: ../../secrets.yml
name: secrets
- name: Make persistent directories
file:
path: "{ item }}"
state: directory
mode: 0777
with_items:
- /srv/nova-controller
- /srv/nova-controller/root
- set_fact:
docker_image: webhost12.service.rug.nl/hpc/openstack-nova-service:latest
env_vars: >
-e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}"
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
-e "MY_IP={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
-e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}"
-e "NEUTRON_USER=neutron"
-e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
-e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}"
-e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}"
-e "NOVA_PLACEMENT_USER=placement"
-e "NOVA_USER=nova"
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
-e "RABBIT_USER=openstack"
tags: facts
- name: pull docker image
docker_image:
name: "{{ docker_image }}"
force: True
tags: pull
- name: install service file.
template:
src: templates/nova-controller.service
dest: /etc/systemd/system/nova-controller.service
mode: 644
owner: root
group: root
- command: systemctl daemon-reload
- name: Initialize database.
command: >
/usr/bin/docker run --rm
{{ env_vars }}
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}
-v /srv/nova-controller/root:/root
{{ docker_image }}
/etc/bootstrap.sh
tags: bootstrap
- name: make sure service is started
systemd:
name: nova-controller.service
state: restarted

23
roles/nova-controller/templates/nova-controller.service
View File

@ -1,23 +0,0 @@
[Unit]
Description=Openstack nova-controller Container
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \
{{ env_vars | replace('\n', '') }} \
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
--privileged \
-v /srv/nova-controller/root:/root \
-p 8774:8774 \
-p 8778:8778 \
-p 6080:6080 \
{{ docker_image }} /etc/run.sh
[Install]
WantedBy=multi-user.target

15
roles/rabbitmq/files/rabbitmq.service
View File

@ -6,18 +6,13 @@ Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker stop %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStartPre=/usr/bin/docker pull rabbitmq:latest
ExecStart=/usr/bin/docker run \
--add-host "{{ hostvars[groups['rabbitmq'][0]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" \
--add-host "{{ hostvars[groups['rabbitmq'][1]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][1]]['ansible_default_ipv4']['address'] }}" \
--add-host "{{ hostvars[groups['rabbitmq'][2]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][2]]['ansible_default_ipv4']['address'] }}" \
-p 4369:4369 -p 25679:25679 -p 25672:25672 -p 5671-5672:5671-5672 -p 8080:15672 \
-e "RABBITMQ_DEFAULT_USER=user" -e "RABBITMQ_DEFAULT_PASS={{ secrets['RABBIT_PASSWORD'] }}" \
-e "RABBITMQ_ERLANG_COOKIE={{ secrets['RABBITMQ_ERLANG_COOKIE'] }}" \
-e "RABBITMQ_NODENAME=rabbit_{{ ansible_nodename }}" \
--hostname "{{ ansible_nodename }}" --name %n rabbitmq:3-management
ExecStart=/usr/bin/docker run -d \
-p 4369:4369 -p 25679:25679 -p 5671-5672:5671-5672 -p 8080:15672 \
-e "RABBITMQ_DEFAULT_USER=user" -e "RABBITMQ_DEFAULT_PASS=password" \
--hostname rabbitmq --name %n rabbitmq:3-management
[Install]
WantedBy=multi-user.target

32
roles/rabbitmq/tasks/main.yml
View File

@ -1,13 +1,6 @@
# Install a docker based rabbitMQ.
---
- name: include secrets
include_vars:
file: ../../secrets.yml
name: secrets
- include_vars:
dir: 'vars'
- include: ../common/tasks/docker.yml
- name: install service file.
template:
src: files/rabbitmq.service
@ -15,32 +8,9 @@
mode: 644
owner: root
group: root
- name: install service file
command: systemctl daemon-reload
- name: make sure service is started
systemd:
name: rabbitmq.service
state: started
- name: wait for container to be started
wait_for:
port: 5672
- name: setup the cluster
command: "docker exec -i rabbitmq.service {{ item }}"
with_items:
- rabbitmqctl stop_app
- "rabbitmqctl join_cluster rabbit_{{ hostname_node0 }}@{{ hostname_node0 }}"
- rabbitmqctl start_app
when: ansible_nodename != hostname_node0
- name: create openstack user
command: "docker exec -i rabbitmq.service {{ item }}"
with_items:
- rabbitmqctl add_user openstack "{{ secrets['RABBIT_PASSWORD'] }}"
- rabbitmqctl set_permissions openstack ".*" ".*" ".*"
when: ansible_nodename == hostname_node0
register: command_result
failed_when: "command_result.rc not in (0, 70)"

30
secrets.yml
View File

@ -1,30 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
62633134346438356462333363626164393762356139653666323461333037393536373631653565
6631306631333538353534663738313062636232633339610a303161323131373739393735666463
65353135626430353737373239623361306137326334333761626235353463393465383830666666
6138616530346563310a306263316331346263356139383435316239346230313266636363313564
36633130393062373936363765636361343939313639326237633337353665666338633338343837
34613534333063303537323738396436333964613362636664366264313334663365336132623464
64656131373261376466356638636338643135393139386534626132323262393064626666323462
64323664373262356632393465653932303939313338656665336639613966626234636666373163
35633231666338643863623737396435626364333365656536613130666435323837323136663339
61363936336434656530313538643463663737613831646265313731363734356635356438353062
34323063346265393737343834343065616139656234666230323131366138396265393737666236
39353766643239323339623534393962666432656331323462656439306365613539366230643133
36316138303361313134336431343137343433383430616137376563383233303432383664333930
61613531313638303531643232343066376565663032326533313461363839383664366338356439
37363233666663653736376538386536653262653633323065363830623032363063393635653762
32636365656362323362303962306538336234626533323830656230386432666461343063663832
62373133343933353563653762333836333862376232353339313662363865616439623635393839
37346433346264633036343761613230396434366132653261643137386466326235613030306235
34333065623232303939623233373762393939653639333734336336303762326662386530356563
65303165623564303635356337353662363433626466653939323438633938386166386262623435
64376431396631623034386434393431616631363663393835343035313639663538643565616330
65353365303131326335646164333231306564383936396139643935646331393235326666336230
38326165663865343966356335326438303133663239656235313935626332323332376665343132
62336139643262333938303537313533623535333736643163373137343035393034613939663061
36323063643734343865333138356434643266663436653435353132386330636238343637653434
65616361333263336332643262623034343439383737366663373166643433653466313237613930
32373162646461323266353662326134343839613264313339306430366165633838663831666565
65333337623962313561306333616232393334353934316565666331336561633934623339353138
62656339386530333036383831613762353234643461656436623033613930353531

11
secrets.yml.topol
View File

@ -1,11 +0,0 @@
---
GLANCE_PASSWORD:
METADATA_SECRET:
MYSQL_ROOT_PASSWORD:
NEUTRON_PASSWORD:
NOVA_PASSWORD:
NOVA_PLACEMENT_PASSWORD:
OS_PASSWORD: # Keystone admin password
OS_DEMO_PASSWORD: # Keystone demo user password
RABBIT_PASSWORD:
RABBITMQ_ERLANG_COOKIE:

12
settings.yml
View File

@ -1,12 +0,0 @@
---
- allocation_pool:
start: 172.23.128.50
end: 172.23.128.249
- dns_nameserver: 129.125.4.6
- gateway: 172.23.128.250
- subnet_range: 172.23.128.0/24
- rsa_pub: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStPUPXkcu81onUm/le54JCu174yXJJDsthDr96Mv8irBVBWuy5FxnaASuDpmC4QE4s0UAIg1iq/SWrr8qdBQ4OVuYFiW0S7ZJvcoKr/40Wh+T5MeltGQfmkDp6kBsfaMSo6M4tF1c8i+XgOgxb4fxHYb8mFhseztRLx6McxJJJLB0nu+T12WQ01nl0XtwD+3EsZWfxRH0KA59VHZSe3Anc5z+Fm7WU+1Vzy6/pkiIhVReI1L6VVhZsIdSu3fQK6fHQcujtfuw6RKEpisZQqnxMUviWQ98yeQXHk6Nx840WCh3vvKveEAoC4Y/UEZa1TMe6PczfUaLjaidUkpulJsP egon@egon-pc

12
site.yml
View File

@ -1,12 +0,0 @@
---
- include: common.yml
- include: rabbitmq.yml
- include: memcached.yml
- include: mariadb.yml
- include: keystone.yml
- include: glance-controller.yml
- include: nova-controller.yml
- include: neutron-controller.yml
- include: nova-compute.yml
- include: horizon.yml
- include: post-install.yml

28
test_hosts
View File

@ -1,28 +0,0 @@
[databases]
ansible-test-2
[keystone]
ansible-test-3
[glance-controller]
ansible-test-2
[horizon]
ansible-test-3
[rabbitmq]
ansible-test
ansible-test-2
ansible-test-3
[memcached]
ansible-test-3
[neutron-controller]
ansible-test provider_interface_name=ens10
[nova-controller]
ansible-test
[nova-compute]
ansible-test-2 provider_interface_name=ens10