Added openstack01 with /dev mounted in cinder container.

is referenced in volume name.

README.md

@@ -1,8 +1,42 @@
 # hpc-cloud
 
-This repository will contain playbooks to bring up openstack components inside docker containers.
+This repository contains playbooks to bring up openstack components inside docker containers.
+It makes use of ansible roles for the openstack components and the supporting infrastructure.
+The following roles are installed.
+
+### Openstack components.
+
+* keystone
+* glance-controller
+* horizon
+* neutron-controller
+* nova-controller
+* nova-compute
+* cinder-controller
+* cinder-storage
+
+### Auxilary components:
+
+* database (mariadb)
+* rabbitmq (cluster of three nodes)
+* memcached
+
+## Getting started:
+
+### Prerequisites:
+* A cluster of servers to install the components on.
+  * The machines running nova-compute and neutron-controller need a separate interface for neutron to use.
+* ubuntu 16.04 with python installed (usually already present).
+* Access to the webhost12.service.rug.nl docker repository.
+
+### Settings:
+Passwords need be added to `secrets.yml.topol` and it needs to be saved as `secrets.yml`.
+This can be done by running `./generate_secrets.py`.
+Optionally, one can encrypt the secrtets by running `ansible-vault encrypt secrets.yml`.
+
+
+### Secrets:
 
-It makes use of ansible roles.
 The roles can be set in the inventory file (hosts)
 
 To bring up one role, for instance keystone, use:

ansible.cfg

@@ -1,2 +1,6 @@
 [defaults]
-hostfile = hosts
+inventory = hosts
+stdout_callback = debug
+vault_password_file = .vault_pass.txt
+forks = 20
+host_key_checking = false

cassandra.yml

@@ -3,5 +3,4 @@
 - hosts: cassandra
   become: True
   roles:
-      - common
       - cassandra

cinder-controller.yml

@@ -0,0 +1,15 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks:
+    - name: gather facts even if hosts are excluded.
+      setup:
+      delegate_to: "{{item}}"
+      delegate_facts: True
+      loop: "{{groups['all']}}"
+
+
+- hosts: cinder-controller
+  become: True
+  roles:
+     - cinder-controller

cinder-storage.yml

@@ -0,0 +1,9 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: cinder-storage
+  become: True
+  roles:
+     - cinder-storage

common.yml

@@ -1,5 +1,11 @@
 ---
 - hosts: all
   become: True
+  vars_prompt:
+    - name: "docker_user"
+      prompt: "What is your p number?"
+    - name: "docker_pass"
+      prompt: "What is your password?"
+      private: yes
   roles:
       - common

database.yml

@@ -1,5 +0,0 @@
----
-- hosts: database
-  become: True
-  roles:
-     - mariadb

gcc-post-install.yml

@@ -0,0 +1,35 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: keystone
+  become: True
+  vars_files:
+    - settings.yml
+  tasks:
+    - name: copy public key
+      copy:
+        content: "{{ rsa_pub }}"
+        dest: /srv/keystone/root/id_rsa.pub
+    - name: post install configuration
+      command: docker exec -i keystone.service bash -c "source /root/admin-openrc.sh && {{ item }}"
+      with_items:
+        - openstack network create --share --external --provider-physical-network provider --provider-network-type vlan --provider-segment 985 vlan985
+        - >
+            openstack subnet create --subnet-range 172.23.34.0/24 --gateway 172.23.34.1
+            --network vlan985 --allocation-pool start=172.23.34.50,end=172.23.34.60
+            --dns-nameserver 8.8.4.4 vlan985_subnet
+        - openstack network create --share --external --provider-physical-network provider --provider-network-type vlan --provider-segment 16 vlan16
+        - >
+            openstack subnet create --subnet-range 195.169.22.0/23 --gateway 195.169.23.251
+            --network vlan16 --allocation-pool start=195.169.22.237,end=195.169.22.237
+            --dns-nameserver 8.8.4.4 vlan16_subnet
+
+        - openstack flavor create --ram 4096 --disk 40 --vcpus 2  "Molgenis Dual"
+        - openstack flavor create --ram 16384 --disk 40 --vcpus 4  "Molgenis Quad 16GB"
+        - openstack flavor create --ram 8192 --disk 40 --vcpus 4  "Molgenis Quad 8GB"
+
+        - openstack keypair create --public-key /root/id_rsa.pub adminkey
+
+

gcc-site.yml

@@ -0,0 +1,14 @@
+---
+- import_tasks: common.yml
+- import_tasks: rabbitmq.yml
+- import_tasks: memcached.yml
+- import_tasks: mariadb.yml
+- import_tasks: keystone.yml
+- import_tasks: glance-controller.yml
+- import_tasks: nova-controller.yml
+- import_tasks: neutron-controller.yml
+- import_tasks: cinder-controller.yml
+- import_tasks: cinder-storage.yml
+- import_tasks: nova-compute.yml
+- import_tasks: horizon.yml
+- import_tasks: gcc-post-install.yml

generate_secrets.py

@@ -0,0 +1,35 @@
+#!/usr/bin/env python
+
+"""
+Open the secrets.yml and replace all passwords.
+Original is backed up.
+"""
+
+from os import path
+import random
+import string
+from subprocess import call
+from yaml import load, dump
+
+try:
+    from yaml import CLoader as Loader, CDumper as Dumper
+except ImportError:
+    from yaml import Loader, Dumper
+
+# length of generated passwords.
+pass_length = 20
+
+with open('secrets.yml.topol', 'r') as f:
+    data = load(f, Loader=Loader)
+
+for key, value in data.iteritems():
+    data[key] = ''.join(
+        random.choice(string.ascii_letters + string.digits)
+        for _ in range(pass_length))
+
+# Make numbered backups of the secrets file.
+if path.isfile('secrets.yml'):
+    call(['cp', '--backup=numbered', 'secrets.yml', 'secrets.yml.bak'])
+
+with open('secrets.yml', 'w') as f:
+    dump(data, f, Dumper=Dumper, default_flow_style=False)

glance-controller.yml

@@ -0,0 +1,9 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: glance-controller
+  become: True
+  roles:
+     - glance-controller

glance.yml

@@ -1,5 +0,0 @@
----
-- hosts: glance
-  become: True
-  roles:
-     - glance

group_vars/horizon.yml

@@ -0,0 +1,2 @@
+---
+security_fail2ban_enabled: false

heat.yml

@@ -0,0 +1,9 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: heat
+  become: True
+  roles:
+     - heat

horizon.yml

@@ -1,5 +1,10 @@
 ---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
 - hosts: horizon
   become: True
   roles:
+     - geerlingguy.security
      - horizon

host_vars/openstack03

@@ -0,0 +1,2 @@
+---
+listen_ip: '172.23.40.243'

host_vars/openstack04

@@ -0,0 +1,2 @@
+---
+listen_ip: '172.23.40.253'

hosts

@@ -1,21 +1,38 @@
+# A demo cluster of three nodes.
+
 [databases]
-ansible-test
-[keystone]
-ansible-test
-[dockerregistry]
 openstack01-node01
-[rabbitmq]
-ansible-test
-ansible-test-2
-ansible-test-3
-[cassandra]
-openstack01-node[01:03]
-[first_cassandra]
-openstack01-node01
-[next_cassandra]
 openstack01-node02
 openstack01-node03
-[first_cassandra:vars]
-run_options=""
-[next_cassandra:vars]
-run_options="-e CASSANDRA_SEEDS=172.23.41.1"
+
+[keystone]
+openstack01-node03
+
+[glance-controller]
+openstack01-node02
+
+[horizon]
+openstack01-node03
+
+[rabbitmq]
+openstack01-node01
+openstack01-node02
+openstack01-node03
+
+[memcached]
+openstack01-node03
+
+[neutron-controller]
+openstack01-node01 physical_interface_mappings=provider:ens192
+
+[nova-controller]
+openstack01-node03
+
+[cinder-controller]
+openstack01-node03
+
+[cinder-storage]
+openstack01-node01 storage_volume=/dev/loop0
+
+[nova-compute]
+openstack01-node04 physical_interface_mappings=provider:enp4s0f0

keystone.yml

@@ -1,4 +1,8 @@
 ---
+- hosts: databases
+  name: Dummy to gather facts
+  tasks: []
+
 - hosts: keystone
   become: True
   roles:

mariadb.yml

@@ -3,5 +3,11 @@
 - hosts: databases
   become: True
   roles:
-      - common
       - mariadb
+  vars:
+      hostname_node0: "{{ hostvars[groups['databases'][0]]['ansible_hostname'] }}"
+      hostname_node1: "{{ hostvars[groups['databases'][1]]['ansible_hostname'] }}"
+      hostname_node2: "{{ hostvars[groups['databases'][2]]['ansible_hostname'] }}"
+      ip_node0: "{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
+      ip_node1: "{{ hostvars[groups['databases'][1]]['listen_ip'] | default(hostvars[groups['databases'][1]]['ansible_default_ipv4']['address']) }}"
+      ip_node2: "{{ hostvars[groups['databases'][2]]['listen_ip'] | default(hostvars[groups['databases'][2]]['ansible_default_ipv4']['address']) }}"

merlin

@@ -0,0 +1,37 @@
+[nova-compute]
+merlin-managementnode002 physical_interface_mappings=provider:eno3
+merlin-managementnode003 physical_interface_mappings=provider:eno3
+merlin-node001 physical_interface_mappings=provider:eno3
+merlin-node003 physical_interface_mappings=provider:eno3
+merlin-node004 physical_interface_mappings=provider:eno3
+
+[databases]
+merlin-managementnode001
+merlin-managementnode002
+merlin-managementnode003
+
+[rabbitmq]
+merlin-managementnode001
+merlin-managementnode002
+merlin-managementnode003
+
+[horizon]
+merlin-managementnode001
+
+[memcached]
+merlin-managementnode001
+
+[nova-controller]
+merlin-managementnode001
+
+[keystone]
+merlin-managementnode001
+
+[neutron-controller]
+merlin-managementnode001 physical_interface_mappings=provider:eno3
+
+[heat]
+merlin-managementnode001
+
+[glance-controller]
+merlin-managementnode001

meta/main.yml

@@ -0,0 +1 @@
+---

neutron-controller.yml

@@ -0,0 +1,9 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: neutron-controller
+  become: True
+  roles:
+     - neutron-controller

nova-compute.yml

@@ -0,0 +1,9 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: nova-compute
+  become: True
+  roles:
+     - nova-compute

nova-controller.yml

@@ -0,0 +1,9 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: nova-controller
+  become: True
+  roles:
+     - nova-controller

nova-management.yml

@@ -1,5 +0,0 @@
----
-- hosts: nova-management
-  become: True
-  roles:
-     - nova-management

nuke.yml

@@ -0,0 +1,21 @@
+---
+# This playbook will reset the instalation to facilitate a new installation.
+# All data is lost!
+- hosts: all
+  become: True
+  name: Dummy to gather facts
+  tasks:
+    - name: Stop docker service
+      shell: "systemctl stop docker"
+    - name: Verify docker is stopped.
+      systemd:
+        name: docker
+        state: stopped
+    - name: remove volumes
+      shell: "rm -rf /srv"
+
+- hosts: cinder-storage
+  become: True
+  tasks:
+    - name: wipe cinder storage.
+      shell: "dd if=/dev/zero of={{ storage_volume }} bs=1M count=1 && sync"

openstack03

@@ -0,0 +1,39 @@
+[databases]
+openstack03
+
+[keystone]
+openstack03
+
+[glance-controller]
+openstack03
+
+[horizon]
+openstack03
+
+[rabbitmq]
+openstack03
+
+[memcached]
+openstack03
+
+[neutron-controller]
+openstack03 physical_interface_mappings=provider:enp4s0f0
+
+[nova-controller]
+openstack03
+
+[cinder-controller]
+openstack03
+
+[cinder-storage]
+openstack01 storage_volume=/dev/sdc3
+openstack02 storage_volume=/dev/sda5
+openstack03 storage_volume=/dev/sdb1
+openstack04 storage_volume=/dev/sdb1
+
+[nova-compute]
+openstack01 physical_interface_mappings=provider:bond0
+openstack02 physical_interface_mappings=provider:enp34s0f1
+openstack03 physical_interface_mappings=provider:enp4s0f0
+openstack04 physical_interface_mappings=provider:eno1
+

os-test

@@ -0,0 +1,37 @@
+# An all in one
+
+[databases]
+os-test
+
+[keystone]
+os-test
+
+[glance-controller]
+os-test
+
+[horizon]
+os-test
+
+[rabbitmq]
+os-test
+
+[memcached]
+os-test
+
+[neutron-controller]
+os-test physical_interface_mappings=provider:enp4s0f0
+
+[nova-controller]
+os-test
+
+[cinder-controller]
+os-test
+
+[cinder-storage]
+os-test storage_volume=/dev/sdb
+
+[nova-compute]
+os-test physical_interface_mappings=provider:enp4s0f0
+
+[all:vars]
+listen_ip=129.125.60.194

post-install.yml

@@ -0,0 +1,26 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: keystone
+  become: True
+  vars_files:
+    - settings.yml
+  tasks:
+    - name: copy public key
+      copy:
+        content: "{{ rsa_pub }}"
+        dest: /srv/keystone/root/id_rsa.pub
+    - name: post install configuration
+      command: docker exec -i keystone.service bash -c "source /root/admin-openrc.sh && {{ item }}"
+      with_items:
+        - openstack network create  --share --external  --provider-physical-network provider  --provider-network-type flat provider
+        - >
+            openstack subnet create --network provider
+            --allocation-pool start={{ allocation_pool['start'] }},end={{ allocation_pool['end'] }}
+            --dns-nameserver {{ dns_nameserver }} --gateway {{ gateway }} --subnet-range {{ subnet_range }} providersub
+        - openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+        - openstack keypair create --public-key /root/id_rsa.pub adminkey
+
+

rabbitmq.yml

@@ -3,3 +3,5 @@
   become: True
   roles:
       - rabbitmq
+  vars:
+      hostname_node0: "{{ hostvars[groups['rabbitmq'][0]]['ansible_hostname'] }}"

roles/cassandra/tasks/main.yml

@@ -1,6 +1,5 @@
 # Install a docker based cassandra cluster.
 ---
-- include: ../common/tasks/docker.yml
 - name: install service file.
   template:
     src: templates/cassandra.service
@@ -8,9 +7,14 @@
     mode: 644
     owner: root
     group: root
+
 - name: install service file
   command: systemctl daemon-reload
+
 - name: make sure service is started
   systemd:
     name: cassandra.service
     state: started
+
+- name: start service at boot.
+  command: systemctl reenable cassandra.service

roles/cassandra/templates/cassandra.service

@@ -13,7 +13,7 @@ ExecStart=/usr/bin/docker run --name %n -v /srv/lib/cassandra:/var/lib/cassandra
  -p 7000:7000 -p 7001:7001 -p 7199:7199 -p 9042:9042 -p 9160:9160 \
  -e CASSANDRA_BROADCAST_ADDRESS={{ansible_default_ipv4.address}} \
  -e CASSANDRA_START_RPC=True \
- {{run_options}} cassandra:3.10
+ cassandra:3.10
 
 [Install]
 WantedBy=multi-user.target

roles/cinder-controller/tasks/main.yml

@@ -0,0 +1,62 @@
+# Build and install a docker image for cinder.
+---
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
+
+- set_fact:
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-cinder-controller:latest
+    env_vars: >
+        -e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}"
+        -e "CINDER_HOST={{ listen_ip | default(hostvars[groups['cinder-controller'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
+        -e "CINDER_USER=cinder"
+        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+        -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+        -e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
+        -e "RABBIT_USER=openstack"
+
+- name: pull docker image
+  docker_image:
+    name: "{{ docker_image }}"
+  tags: pull
+
+- name: Make build and persistent directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0777
+  with_items:
+      - /srv/cinder-controller
+      - /srv/cinder-controller/root
+
+- name: install service file.
+  template:
+    src: templates/cinder-controller.service
+    dest: /etc/systemd/system/cinder-controller.service
+    mode: 644
+    owner: root
+    group: root
+
+- name: start service at boot.
+  command: systemctl reenable cinder-controller.service
+
+- command: systemctl daemon-reload
+
+- name: Initialize database.
+  command: >
+             /usr/bin/docker run --rm
+             {{ env_vars }}
+             -v /srv/cinder-controller/root:/root \
+             {{ docker_image }} /etc/bootstrap.sh
+  tags: bootstrap
+
+- name: make sure service is started
+  systemd:
+    name: cinder-controller.service
+    state: restarted

roles/cinder-controller/templates/cinder-controller.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=Openstack Glance Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker kill %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStart=/usr/bin/docker run --name %n \
+  {{ env_vars | replace('\n', '') }} \
+  -v /srv/cinder-controller/root:/root \
+  -p 8776:8776 \
+  {{ docker_image }}
+
+[Install]
+WantedBy=multi-user.target

roles/cinder-storage/tasks/main.yml

@@ -0,0 +1,70 @@
+# Build and install a docker image for cinder.
+---
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
+  tags: vars
+
+- set_fact:
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-cinder-storage:latest
+    env_vars: >
+        -e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}"
+        -e "CINDER_HOST={{ listen_ip | default(hostvars[groups['cinder-storage'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
+        -e "CINDER_USER=cinder"
+        -e "GLANCE_HOST={{ listen_ip | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+        -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+        -e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
+        -e "AVAILABILITY_ZONE={{ ansible_nodename }}"
+        -e "RABBIT_USER=openstack"
+        -e "CINDER_STORAGE_VOLUME={{ storage_volume }}"
+  tags: vars
+
+- name: pull docker image
+  docker_image:
+    name: "{{ docker_image }}"
+  tags: pull
+
+- name: Make build and persistent directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0777
+  with_items:
+      - /srv/cinder-storage
+      - /srv/cinder-storage/root
+
+- name: initial setup
+  command: >
+             /usr/bin/docker run --rm
+             --privileged
+             {{ env_vars }}
+             -v /srv/cinder-storage/root:/root \
+             -v /dev:/dev \
+             {{ docker_image }} /etc/bootstrap.sh
+  tags: bootstrap
+
+- name: install service file.
+  template:
+    src: templates/cinder-storage.service
+    dest: /etc/systemd/system/cinder-storage.service
+    mode: 644
+    owner: root
+    group: root
+  tags: systemd
+
+- command: systemctl daemon-reload
+  tags: systemd
+
+- name: start service at boot.
+  command: systemctl reenable cinder-storage.service
+
+- name: make sure service is started
+  systemd:
+    name: cinder-storage.service
+    state: restarted

roles/cinder-storage/templates/cinder-storage.service

@@ -0,0 +1,21 @@
+[Unit]
+Description=Openstack Cinder Storage container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker kill %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStart=/usr/bin/docker run --name %n \
+  --privileged \
+  {{ env_vars | replace('\n', '') }} \
+  -v /srv/cinder-storage/root:/root \
+  -v "/dev":/dev \
+  -v "/var/lib/cinder:/var/lib/cinder" \
+  --network=host \
+  {{ docker_image }}
+
+[Install]
+WantedBy=multi-user.target

roles/common/tasks/docker.yml

@@ -13,3 +13,8 @@
   with_items:
      - docker-engine
      - python-docker
+
+- name: make sure service is started
+  systemd:
+    name: docker.service
+    state: started

roles/common/tasks/main.yml

@@ -5,7 +5,7 @@
 - name: Passwordless sudo for admins
   lineinfile: dest=/etc/sudoers line="%admin  ALL=(ALL:ALL) NOPASSWD:ALL"
 
-- include: users.yml
+- import_tasks: users.yml
 
 - name: common | install packages
   apt: pkg={{ item }} state=latest update_cache=yes
@@ -26,6 +26,11 @@
     owner: root
     group: root
 
-    #- name: Load secrets file
-    #  include_vars:
-    #      file: secrets/password_list.yml
+    #- import_tasks: docker.yml
+
+
+- name: Log into DockerHub
+  docker_login:
+    registry: registry.webhosting.rug.nl
+    username: "{{ docker_user }}"
+    password: "{{ docker_pass }}"

roles/dockerregistry/tasks/main.yml

@@ -1,6 +1,5 @@
 # Install a docker based mariadb.
 ---
-- include: ../common/tasks/docker.yml
 - name: install service file.
   template:
     src: files/dockerregistry.service
@@ -8,13 +7,18 @@
     mode: 644
     owner: root
     group: root
+
 - name: install service file
   command: systemctl daemon-reload
+
 - name: make sure service is started
   systemd:
     name: dockerregistry.service
     state: started
 
+- name: start service at boot.
+  command: systemctl reenable dockerregistry.service
+
 - name: Copy certificates and passwd file
   copy:
     src: "{{ item }}"

roles/glance-controller/tasks/main.yml

@@ -0,0 +1,63 @@
+# Build and install a docker image for glance.
+---
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
+
+- set_fact:
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-glance:latest
+    env_vars: >
+        -e "GLANCE_HOST={{ listen_ip | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "GLANCE_PASSWORD={{ secrets['GLANCE_PASSWORD'] }}"
+        -e "GLANCE_USER=glance"
+        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+        -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+        -e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
+        -e "RABBIT_USER=openstack"
+
+- name: pull docker image
+  docker_image:
+    name: "{{ docker_image }}"
+  tags: pull
+
+- name: Make build and persistent directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0777
+  with_items:
+      - /srv/glance
+      - /srv/glance/root
+
+- name: install service file.
+  template:
+    src: templates/glance.service
+    dest: /etc/systemd/system/glance.service
+    mode: 644
+    owner: root
+    group: root
+
+- name: start service at boot.
+  command: systemctl reenable glance.service
+
+- command: systemctl daemon-reload
+
+- name: Initialize database.
+  command: >
+             /usr/bin/docker run --rm
+             {{ env_vars }}
+             --add-host=keystone:{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
+             -v /srv/glance/root:/root \
+             -v /var/lib/glance/images:/var/lib/glance/images \
+             {{ docker_image }} /etc/bootstrap.sh
+  tags: bootstrap
+
+- name: make sure service is started
+  systemd:
+    name: glance.service
+    state: restarted

roles/glance-controller/templates/glance.service

@@ -6,12 +6,14 @@ Requires=docker.service
 [Service]
 TimeoutStartSec=0
 Restart=always
-ExecStartPre=-/usr/bin/docker stop %n
+ExecStartPre=-/usr/bin/docker kill %n
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
-  --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
+  {{ env_vars | replace('\n', '') }} \
+  -v /srv/glance/root:/root \
+  -v /var/lib/glance/images:/var/lib/glance/images \
   -p 9292:9292 \
-  hpc/openstack-glance
+  {{ docker_image }}
 
 [Install]
 WantedBy=multi-user.target

roles/glance/tasks/main.yml

@@ -1,42 +0,0 @@
-# Build and install a docker image for glance.
----
-- include: ../common/tasks/docker.yml
-
-- name: Make build and persistent directories
-  file:
-    path: "{{ item }}"
-    state: directory
-    mode: 0777
-  with_items:
-      - /srv/glance
-
-## Todo: remove this when we have a docker repo
-#- name: clone docker-glance repo
-#  git:
-#    accept_hostkey: True
-#    repo: ssh://git@git.webhosting.rug.nl:222/P256174/docker-glance.git
-#    dest: /srv/glance
-
-- name: build glance image
-  docker_image:
-    path: /srv/glance
-    name: hpc/openstack-glance
-
-- name: install service file.
-  template:
-    src: templates/glance.service
-    dest: /etc/systemd/system/glance.service
-    mode: 644
-    owner: root
-    group: root
-
-- command: systemctl daemon-reload
-
-- name: Initialize database.
-  command: docke run --rm hpc/openstack-glance /etc/bootstrap.sh
-  tags: bootstrap
-
-- name: make sure service is started
-  systemd:
-    name: glance.service
-    state: restarted

roles/heat/tasks/main.yml

@@ -0,0 +1,62 @@
+# Build and install a docker image for heat.
+---
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
+
+- set_fact:
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-heat:latest
+    env_vars: >
+        -e "HEAT_HOST={{ listen_ip | default(hostvars[groups['heat'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "HEAT_PASSWORD={{ secrets['HEAT_PASSWORD'] }}"
+        -e "HEAT_USER=heat"
+        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+        -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+        -e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
+        -e "RABBIT_USER=openstack"
+
+- name: pull docker image
+  docker_image:
+    name: "{{ docker_image }}"
+  tags: pull
+
+- name: Make build and persistent directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0777
+  with_items:
+      - /srv/heat
+      - /srv/heat/root
+
+- name: install service file.
+  template:
+    src: templates/heat.service
+    dest: /etc/systemd/system/heat.service
+    mode: 644
+    owner: root
+    group: root
+
+- name: start service at boot.
+  command: systemctl reenable heat.service
+
+- command: systemctl daemon-reload
+
+- name: Initialize database.
+  command: >
+             /usr/bin/docker run --rm
+             {{ env_vars }}
+             --add-host=keystone:{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
+             -v /srv/heat/root:/root \
+             {{ docker_image }} /etc/bootstrap.sh
+  tags: bootstrap
+
+- name: make sure service is started
+  systemd:
+    name: heat.service
+    state: restarted

roles/heat/templates/heat.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=Openstack heat Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker kill %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStart=/usr/bin/docker run --name %n \
+  {{ env_vars | replace('\n', '') }} \
+  -v /srv/heat/root:/root \
+  -p 8000:8000 \
+  -p 8004:8004 \
+  {{ docker_image }}
+
+[Install]
+WantedBy=multi-user.target

roles/horizon/tasks/main.yml

@@ -1,14 +1,13 @@
-# Build and install a docker image for horizon.
+# Run hpc/horizon
 ---
-- include: ../common/tasks/docker.yml
+- set_fact:
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-horizon:latest
 
-- name: Make build and persistent directories
-  file:
-    path: "{{ item }}"
-    state: directory
-    mode: 0777
-  with_items:
-      - /srv/horizon
+- name: pull docker image
+  docker_image:
+    name: "{{ docker_image }}"
+    force: True
+  tags: pull
 
 - name: install service file.
   template:
@@ -20,6 +19,9 @@
 
 - command: systemctl daemon-reload
 
+- name: start service at boot.
+  command: systemctl reenable horizon.service
+
 - name: make sure service is started
   systemd:
     name: horizon.service

roles/horizon/templates/horizon.service

@@ -1,18 +1,19 @@
 [Unit]
-Description=Openstack Glance Container
+Description=Openstack Horizon Container
 After=docker.service
 Requires=docker.service
 
 [Service]
 TimeoutStartSec=0
 Restart=always
-ExecStartPre=-/usr/bin/docker stop %n
+ExecStartPre=-/usr/bin/docker kill %n
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
-  -e "MEMCACHED_SERVER={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
-  -e "OPENSTACK_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
+  -e "MEMCACHED_SERVER={{ hostvars[groups['memcached'][0]]['listen_ip'] | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}" \
+  -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \
+  --add-host=keystone:{{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
   -p 80:80 \
-  hpc/horizon
+  {{ docker_image }}
 
 [Install]
 WantedBy=multi-user.target

roles/keystone/files/Dockerfile

@@ -1,29 +0,0 @@
-# Build keystone. It needs to be run with
-# --add-host=mariadb:<ip mariadb listens tp>
-# Wen starting with an initialized db,
-# run keystone-manage db_sync from this docker first:
-# $ docker run hpc/keystone --add-host=mariadb:<ip mariadb> "keystone-manage db_sync"
-
-FROM ubuntu:16.04
-
-RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
-
-RUN set -x \
-    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
-    && apt-get -y update \
-    && apt-get -y install \
-    && apt-get -y install keystone python-openstackclient \
-    && apt-get -y clean
-
-# set admin token TODO: make this a secret
-# in volume of met env
-ADD keystone.conf /etc/keystone/keystone.conf
-
-RUN mkdir /etc/keystone/fernet-keys
-
-RUN chown keystone: /etc/keystone/fernet-keys
-
-COPY admin-openrc.sh root/admin-openrc.sh
-
-#RUN keystone-manage db_sync
-CMD apachectl -DFOREGROUND

roles/keystone/files/keystone.conf

@@ -1,12 +0,0 @@
-[DEFAULT]
-
-verbose = true
-
-[database]
-connection = mysql+pymysql://keystone:keystone@mariadb/keystone
-
-[token]
-provider = fernet
-
-[identity]
-default_domain_id = default

roles/keystone/scripts/initialize_db.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 # Start a mariadb container to use its mysql client to initialize the keystone database.
-docker run --rm -i mariadb:10.1.22 mysql -uroot -pgeheim --host "$1" << EOF
+docker run --rm -i mariadb:10.2 mysql -uroot -p"$MYSQL_ROOT_PASSWORD" --host "$DB_HOST" << EOF
 CREATE DATABASE IF NOT EXISTS keystone;
 GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
 GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';

roles/keystone/tasks/main.yml

@@ -1,30 +1,29 @@
 # Build and install a docker image for keystone.
 ---
-- include: ../common/tasks/docker.yml
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
 
-- name: Make build and persistent directories
+- name: Make persistent directories
   file:
     path: "{{ item }}"
     state: directory
     mode: 0777
   with_items:
-      - /srv/keystone
-      - /srv/keystone/fernet-keys
+    - /srv
+    - /srv/keystone
+    - /srv/keystone/fernet-keys
+    - /srv/keystone/root
 
-- name: install Dockerfile
-  copy:
-    src: files
-    dest: /srv/keystone
+- set_fact:
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-keystone:latest
 
-- name: keystone credentials file
-  template:
-      src: templates/admin-openrc.sh
-      dest: /srv/keystone
-
-- name: build keystone image
+- name: pull docker image
   docker_image:
-    path: /srv/keystone
-    name: hpc/keystone
+    name: "{{ docker_image }}"
+    force: True
+  tags: pull
 
 - name: install service file.
   template:
@@ -37,28 +36,82 @@
 - name: install service file
   command: systemctl daemon-reload
 
-- name: make sure service is started
-  systemd:
-    name: keystone.service
-    state: restarted
+- name: start service at boot.
+  command: systemctl reenable keystone.service
 
 - name: Initialize db
-  script: scripts/initialize_db.sh {{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
+  script: scripts/initialize_db.sh
+  environment:
+    MYSQL_ROOT_PASSWORD: "{{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+    DB_HOST: "{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
+  register: result
+  until: result|succeeded
+  # sometimes the initial connect fails.
+  # Retry until it succeeds.
+  retries: 7
+  delay: 3
+  ignore_errors: yes
 
-- name: keystone manage commands to setup db
+- name: keystone manage commands to setup db_sync
   command: >
              /usr/bin/docker run --rm
-             --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
+             --add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
              -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
-             hpc/keystone keystone-manage {{ item }}
+             -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+             {{ docker_image }} keystone-manage {{ item }}
   with_items:
       - db_sync
       - fernet_setup --keystone-user keystone --keystone-group keystone
       - credential_setup --keystone-user keystone --keystone-group keystone
       - >
-          bootstrap --bootstrap-password geheim
-                    --bootstrap-admin-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
-                    --bootstrap-internal-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
-                    --bootstrap-public-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:5000/v3/
+          bootstrap --bootstrap-password {{ secrets['OS_PASSWORD'] }}
+                    --bootstrap-admin-url http://{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/
+                    --bootstrap-internal-url http://{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/
+                    --bootstrap-public-url http://{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:5000/v3/
                     --bootstrap-region-id RegionOne
+  # sometimes the initial connect fails.
+  # Retry until it succeeds.
+  retries: 7
+  delay: 3
+  ignore_errors: yes
 
+- name: make sure service is started
+  systemd:
+    name: keystone.service
+    state: restarted
+
+- name: Create a domain, projects users and roles
+  command: >
+             /usr/bin/docker run --rm
+             --add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
+             -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
+             -v /srv/keystone/root:/root
+             -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+             -e "OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3"
+             -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+             {{ docker_image }} bash /etc/bootstrap.sh
+  register: result
+  retries: 7
+  delay: 3
+
+- name: install openstack repo host key.
+  command: apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
+  tags: openstackclient
+
+- name: install openstack repo on host.
+  apt_repository:
+      repo: "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main"
+      filename: ocata
+  tags: openstackclient
+
+- name: install openstack client for management
+  apt:
+    name: python-openstackclient
+    state: latest
+    update_cache: yes
+  tags: openstackclient
+
+- name: source admin-openrc.sh in root .bashrc
+  lineinfile:
+    path: /root/.bashrc
+    line: 'source /srv/keystone/root/admin-openrc.sh'

roles/keystone/templates/admin-openrc.sh

@@ -1,5 +1,7 @@
+export OS_PROJECT_DOMAIN_NAME=Default
+export OS_USER_DOMAIN_NAME=Default
 export OS_TENANT_NAME=admin
 export OS_USERNAME=admin
-export OS_PASSWORD=geheim
+export OS_PASSWORD={{ hostvars[groups['keystone'][0]]['OS_PASSWORD'] }}
 export OS_AUTH_URL=http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3
 export OS_IDENTITY_API_VERSION=3

roles/keystone/templates/keystone.service

@@ -6,13 +6,15 @@ Requires=docker.service
 [Service]
 TimeoutStartSec=0
 Restart=always
-ExecStartPre=-/usr/bin/docker stop %n
+ExecStartPre=-/usr/bin/docker kill %n
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
-  --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
+  --add-host=mariadb:{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} \
+  -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \
   -p 5000:5000 -p 35357:35357 \
   -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys \
-  hpc/keystone
+  -v /srv/keystone/root:/root \
+  {{ docker_image }}
 
 [Install]
 WantedBy=multi-user.target

roles/mariadb/files/galera.cnf

@@ -0,0 +1,20 @@
+[mysqld]
+binlog_format=ROW
+default-storage-engine=innodb
+innodb_autoinc_lock_mode=2
+bind-address=0.0.0.0
+
+# Galera Provider Configuration
+wsrep_on=ON
+wsrep_provider=/usr/lib/galera/libgalera_smm.so
+
+# Galera Cluster Configuration
+wsrep_cluster_name="test_cluster"
+wsrep_cluster_address="gcomm://{{ ip_node0 }},{{ ip_node1 }},{{ ip_node2 }}"
+
+# Galera Synchronization Configuration
+wsrep_sst_method=rsync
+
+# Galera Node Configuration
+wsrep_node_address="{{ listen_ip | default(ansible_default_ipv4.address) }}"
+wsrep_node_name="{{ ansible_nodename }}"

roles/mariadb/files/my.cnf

@@ -42,7 +42,7 @@ long_query_time = 10
 expire_logs_days        = 10
 max_binlog_size         = 100M
 default_storage_engine  = InnoDB
-innodb_buffer_pool_size = <t_CO>M
+innodb_buffer_pool_size = 128M
 innodb_log_buffer_size  = 8M
 innodb_file_per_table   = 1
 innodb_open_files       = 400

roles/mariadb/tasks/main.yml

@@ -1,29 +1,85 @@
 # Install a docker based mariadb.
 ---
-- include: ../common/tasks/docker.yml
-- name: install service file.
-  template:
-    src: files/mysql.service
-    dest: /etc/systemd/system/mysql.service
-    mode: 644
-    owner: root
-    group: root
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
 
 - name: make mariadb settings volume
   file:
-    path: /srv/mariadb/etc/mysql
+    path: "{{ item }}"
     state: directory
     mode: 0777
+  with_items:
+    - /srv/mariadb/lib/mysql
+    - /srv/mariadb/etc/mysql
+    - /srv/mariadb/etc/mysql/conf.d
 
 - name: place settings file
   copy:
     src: files/my.cnf
-    dest: /srv/mariadb/etc/mysql
+    dest: /srv/mariadb/etc/mysql/conf.d/my.cnf
     mode: 660
 
-- command: systemctl daemon-reload
+- name: >
+        Set galara.cnf on node if we have at least three nodes.
+        And we're part of the cluster.
+  template:
+    src: files/galera.cnf
+    dest: /srv/mariadb/etc/mysql/conf.d/galera.cnf
+    mode: 660
+  when: "'databases' in group_names and groups['databases'] | length >= 3"
+
+  # This mimics galera_new_cluster.sh
+- name: Initialize a new cluster.
+  block:
+    - set_fact:
+        mariadb_args: "--wsrep-new-cluster"
+
+    - template:
+        src: templates/mysql.service
+        dest: /etc/systemd/system/mysql.service
+        mode: 644
+        owner: root
+        group: root
+
+    - command: systemctl daemon-reload
+
+    - systemd:
+        name: mysql.service
+        state: started
+
+  when: "'databases' in group_names and groups['databases'] \
+         | length >= 3 and ansible_hostname == hostname_node0"
+
+- name: install service file.
+  block:
+    - set_fact:
+        mariadb_args: ""
+    - template:
+        src: templates/mysql.service
+        dest: /etc/systemd/system/mysql.service
+        mode: 644
+        owner: root
+        group: root
+
+- name: Give the master node some time to initialize the cluster.
+  command: bash -c "sleep 60"
+  when: "'databases' in group_names and groups['databases'] \
+         | length >= 3"
+
+- name: Daemon reload (the implicit doesn't work)
+  command: bash -c "systemctl daemon-reload"
 
 - name: make sure service is started
   systemd:
     name: mysql.service
     state: started
+    daemon_reload: yes
+
+- name: start service at boot.
+  command: systemctl reenable mysql.service
+
+- name: Give the cluster some time to initialize replication.
+  command: bash -c "sleep 60 && systemctl daemon-reload"
+  when: "'databases' in group_names and groups['databases'] | length >= 3"

roles/mariadb/templates/mysql.service

@@ -6,13 +6,14 @@ Requires=docker.service
 [Service]
 TimeoutStartSec=0
 Restart=always
-ExecStartPre=-/usr/bin/docker stop %n
+ExecStartPre=-/usr/bin/docker kill %n || /bin/true
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStartPre=/usr/bin/docker pull mariadb:10.2
-ExecStart=/usr/bin/docker run  -p 3306:3306 --name %n \
+ExecStart=/usr/bin/docker run --name %n \
+ --network host \
  -v /srv/mariadb/lib/mysql:/var/lib/mysql \
- -v /srv/mariadb/etc/mysql:/etc/mysql \
- -e MYSQL_ROOT_PASSWORD=geheim mariadb:10.2
+ -v /srv/mariadb/etc/mysql/conf.d:/etc/mysql/conf.d \
+ -e MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }} mariadb:10.2 {{ mariadb_args }}
 
 [Install]
 WantedBy=multi-user.target

roles/memcached/tasks/main.yml

@@ -1,6 +1,5 @@
 # Install a docker based mariadb.
 ---
-- include: ../common/tasks/docker.yml
 - name: install service file.
   template:
     src: files/memcached.service
@@ -8,8 +7,13 @@
     mode: 644
     owner: root
     group: root
+
 - name: install service file
   command: systemctl daemon-reload
+
+- name: start service at boot.
+  command: systemctl reenable memcached.service
+
 - name: make sure service is started
   systemd:
     name: memcached.service

roles/neutron-controller/tasks/main.yml

@@ -0,0 +1,65 @@
+# Build and install a docker image for neutron-controller.
+---
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
+
+- set_fact:
+    docker_image: "registry.webhosting.rug.nl/hpc/openstack-neutron-controller:latest"
+
+- name: pull docker image
+  docker_image:
+    name: "{{ docker_image }}"
+    force: True
+  tags: pull
+
+- set_fact:
+    env_vars: >
+        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}"
+        -e "MY_IP={{ listen_ip | default(hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+        -e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}"
+        -e "NEUTRON_USER=neutron"
+        -e "NOVA_USER=nova"
+        -e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}"
+        -e "NOVA_CONTROLLER_HOST={{ listen_ip | default(hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}"
+        -e "NOVA_PLACEMENT_USER=placement"
+        -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+        -e "PHYSICAL_INTERFACE_MAPPINGS={{ physical_interface_mappings }}"
+        -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
+        -e "RABBIT_USER=openstack"
+  tags: env
+
+- name: install service file.
+  template:
+    src: templates/neutron-controller.service
+    dest: /etc/systemd/system/neutron-controller.service
+    mode: 644
+    owner: root
+    group: root
+
+- command: systemctl daemon-reload
+
+- name: start service at boot.
+  command: systemctl reenable neutron-controller.service
+
+- name: Initialize neutron
+  command: >
+    /usr/bin/docker run --rm
+    {{ env_vars }}
+    --add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
+    --add-host=keystone:{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}
+    --network host
+    {{ docker_image }}
+    /etc/bootstrap.sh
+  tags: bootstrap
+
+- name: make sure service is started
+  systemd:
+    name: neutron-controller.service
+    state: restarted

roles/neutron-controller/templates/neutron-controller.service

@@ -0,0 +1,23 @@
+[Unit]
+Description=Openstack neutron-controller Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker kill %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStart=/usr/bin/docker run --name %n \
+  {{ env_vars | replace('\n', '') }} \
+  --add-host=nova-controller:{{ hostvars[groups['nova-controller'][0]]['listen_ip'] | default(hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address']) }} \
+  --add-host=mariadb:{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} \
+  --add-host=keystone:{{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
+  --add-host={{ ansible_nodename }}:{{ ansible_default_ipv4.address }} \
+  --privileged \
+  --network host \
+  -v /lib/modules:/lib/modules \
+  {{ docker_image }} /etc/run.sh
+
+[Install]
+WantedBy=multi-user.target

roles/nova-compute/tasks/main.yml

@@ -0,0 +1,49 @@
+# Build and install a docker image for nova-controller.
+---
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
+  tags: vars
+
+- set_fact:
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-nova-compute:latest
+  tags: vars
+
+- name: pull docker image
+  docker_image:
+    name: "{{ docker_image }}"
+    force: True
+  tags: pull
+
+- name: install service file.
+  template:
+    src: templates/nova-compute.service
+    dest: /etc/systemd/system/nova-compute.service
+    mode: 644
+    owner: root
+    group: root
+  tags: systemd
+
+- command: systemctl daemon-reload
+  tags: systemd
+
+- apt:
+    name: "{{ item }}"
+  with_items:
+      - kvm
+      - libvirt0
+      - libvirt-bin
+      - qemu
+
+- name: make sure service is started
+  systemd:
+    name: nova-compute.service
+    state: restarted
+
+- name: start service at boot.
+  command: systemctl reenable nova-compute.service
+
+- name: let nova controler discover new host
+  shell: "sleep 10 && docker exec -i nova-controller.service nova-manage cell_v2 discover_hosts"
+  delegate_to: "{{ hostvars[groups['nova-controller'][0]]['ansible_hostname'] }}"

roles/nova-compute/templates/nova-compute.service

@@ -0,0 +1,47 @@
+[Unit]
+Description=Openstack nova-compute Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker kill %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStart=/usr/bin/docker run --name %n \
+    -e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['listen_ip'] | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}" \
+    -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \
+    -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}" \
+    -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['listen_ip'] | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}" \
+    -e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}" \
+    -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}" \
+    -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}" \
+    -e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['listen_ip'] | default(hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address']) }}" \
+    -e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}" \
+    -e "NEUTRON_USER=neutron" \
+    -e "NOVA_COMPUTE_USER=nova_compute" \
+    -e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['listen_ip'] | default(hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address']) }}" \
+    -e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}" \
+    -e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}" \
+    -e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}" \
+    -e "NOVA_PLACEMENT_USER=placement" \
+    -e "NOVA_USER=nova" \
+    -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}" \
+    -e "PHYSICAL_INTERFACE_MAPPINGS={{ physical_interface_mappings }}" \
+    -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['listen_ip'] | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}" \
+    -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}" \
+    -e "RABBIT_USER=openstack" \
+    -e "AVAILABILITY_ZONE={{ ansible_nodename }}" \
+    --add-host=keystone:{{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
+    --add-host=mariadb:{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} \
+    --privileged \
+    -v /dev:/dev \
+    -v /var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock \
+    -v /var/lib/nova/instances:/var/lib/nova/instances \
+    -v /lib/modules:/lib/modules \
+    -v /etc/machine-id:/etc/machine-id \
+    --network host \
+    {{ docker_image }} /etc/run.sh
+
+[Install]
+WantedBy=multi-user.target

roles/nova-controller/tasks/main.yml

@@ -0,0 +1,73 @@
+# Build and install a docker image for nova-controller.
+---
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
+
+- name: Make persistent directories
+  file:
+    path: "{ item }}"
+    state: directory
+    mode: 0777
+  with_items:
+    - /srv/nova-controller
+    - /srv/nova-controller/root
+
+- set_fact:
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-nova-service:latest
+    env_vars: >
+        -e "GLANCE_CONTROLLER_HOST={{ listen_ip | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}"
+        -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}"
+        -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+        -e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['listen_ip'] | default(hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}"
+        -e "NEUTRON_USER=neutron"
+        -e "NOVA_CONTROLLER_HOST={{ listen_ip | default(hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}"
+        -e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}"
+        -e "NOVA_PLACEMENT_USER=placement"
+        -e "NOVA_USER=nova"
+        -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+        -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
+        -e "RABBIT_USER=openstack"
+  tags: facts
+
+- name: pull docker image
+  docker_image:
+    name: "{{ docker_image }}"
+    force: True
+  tags: pull
+
+- name: install service file.
+  template:
+    src: templates/nova-controller.service
+    dest: /etc/systemd/system/nova-controller.service
+    mode: 644
+    owner: root
+    group: root
+
+- command: systemctl daemon-reload
+
+- name: start service at boot.
+  command: systemctl reenable nova-controller.service
+
+- name: Initialize database.
+  command: >
+    /usr/bin/docker run --rm
+    {{ env_vars }}
+    --add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
+    --add-host=keystone:{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}
+    -v /srv/nova-controller/root:/root
+    {{ docker_image }}
+    /etc/bootstrap.sh
+  tags: bootstrap
+
+- name: make sure service is started
+  systemd:
+    name: nova-controller.service
+    state: restarted

roles/nova-controller/templates/nova-controller.service

@@ -0,0 +1,24 @@
+[Unit]
+Description=Openstack nova-controller Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker kill %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStart=/usr/bin/docker run --name %n \
+  {{ env_vars | replace('\n', '') }} \
+  --add-host=mariadb:{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} \
+  --add-host=keystone:{{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
+  --privileged \
+  -v /srv/nova-controller/root:/root \
+  -p 8774:8774 \
+  -p 8775:8775 \
+  -p 8778:8778 \
+  -p 6080:6080 \
+  {{ docker_image }} /etc/run.sh
+
+[Install]
+WantedBy=multi-user.target

roles/nova-management/tasks/main.yml

@@ -1,48 +0,0 @@
-# Build and install a docker image for nova-controller.
----
-- include: ../common/tasks/docker.yml
-
-- name: Make build and persistent directories
-  file:
-    path: "{{ item }}"
-    state: directory
-    mode: 0777
-  with_items:
-      - /srv/nova-controller
-
-# Todo: remove this when we have a docker repo
-# Disabled because of https://github.com/ansible/ansible/issues/20653
-#- name: clone docker-glance repo
-#  git:
-#    accept_hostkey: True
-#    repo: ssh://git@git.webhosting.rug.nl:222/HPC/docker-nova-service
-#    dest: /srv/docker-nova-service
-
-- name: build nova-controller image
-  docker_image:
-    path: /srv/docker-nova-service
-    name: hpc/novacontroller
-
-- name: install service file.
-  template:
-    src: templates/nova-controller.service
-    dest: /etc/systemd/system/nova-controller.service
-    mode: 644
-    owner: root
-    group: root
-
-- command: systemctl daemon-reload
-
-- name: Initialize database.
-  command: >
-    /usr/bin/docker run --rm
-    --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
-    --add-host=controller:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}
-    hpc/novacontroller
-    /etc/bootstrap.sh
-  tags: bootstrap
-
-- name: make sure service is started
-  systemd:
-    name: nova-controller.service
-    state: restarted

roles/nova-management/templates/nova-controller.service

@@ -1,19 +0,0 @@
-[Unit]
-Description=Openstack nova-controller Container
-After=docker.service
-Requires=docker.service
-
-[Service]
-TimeoutStartSec=0
-Restart=always
-ExecStartPre=-/usr/bin/docker stop %n
-ExecStartPre=-/usr/bin/docker rm %n
-ExecStart=/usr/bin/docker run --name %n \
-  --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
-  --add-host=controller:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
-  -p 8774:8774 \
-  -p 8778:8778 \
-  hpc/novacontroller /etc/run.sh
-
-[Install]
-WantedBy=multi-user.target

roles/rabbitmq/files/rabbitmq.service

@@ -2,20 +2,22 @@
 Description=rabbitmq Container
 After=docker.service
 Requires=docker.service
- 
+
 [Service]
 TimeoutStartSec=0
 Restart=always
-ExecStartPre=-/usr/bin/docker stop %n
+ExecStartPre=-/usr/bin/docker kill %n
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStartPre=/usr/bin/docker pull rabbitmq:latest
 ExecStart=/usr/bin/docker run \
-          --add-host ansible-test:172.23.38.125 --add-host ansible-test-2:172.23.38.127 --add-host ansible-test-3:172.23.38.128 \
+{% for host in groups['rabbitmq'] %}
+          --add-host "{{ host }}:{{ hostvars[host]['listen_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}" \
+{% endfor %}
           -p 4369:4369 -p 25679:25679 -p 25672:25672 -p 5671-5672:5671-5672 -p 8080:15672 \
-          -e "RABBITMQ_DEFAULT_USER=user" -e "RABBITMQ_DEFAULT_PASS=password" \
-          -e "RABBITMQ_ERLANG_COOKIE=IHyW9HpfbXRL+pZkhGd8pA==" \
+          -e "RABBITMQ_DEFAULT_USER=openstack" -e "RABBITMQ_DEFAULT_PASS={{ secrets['RABBIT_PASSWORD'] }}" \
+          -e "RABBITMQ_ERLANG_COOKIE={{ secrets['RABBITMQ_ERLANG_COOKIE'] }}" \
           -e "RABBITMQ_NODENAME=rabbit_{{ ansible_nodename }}" \
-          --hostname "{{ansible_nodename}}" --name %n rabbitmq:3-management
- 
+          --hostname "{{ ansible_nodename }}" --name %n rabbitmq:3-management
+
 [Install]
 WantedBy=multi-user.target

roles/rabbitmq/tasks/main.yml

@@ -1,6 +1,10 @@
 # Install a docker based rabbitMQ.
 ---
-- include: ../common/tasks/docker.yml
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
+
 - name: install service file.
   template:
     src: files/rabbitmq.service
@@ -8,9 +12,28 @@
     mode: 644
     owner: root
     group: root
+
 - name: install service file
   command: systemctl daemon-reload
+
+- name: start service at boot.
+  command: systemctl reenable rabbitmq.service
+
 - name: make sure service is started
   systemd:
     name: rabbitmq.service
     state: started
+
+- name: wait for container to be started
+  wait_for:
+      port: 5672
+      delay: 5
+
+- name: setup the cluster
+  command: "docker exec -i rabbitmq.service {{ item }}"
+  with_items:
+      - rabbitmqctl stop_app
+      - "rabbitmqctl join_cluster rabbit_{{ hostname_node0 }}@{{ hostname_node0 }}"
+      - rabbitmqctl start_app
+  when: ansible_nodename != hostname_node0
+

secrets.yml

@@ -0,0 +1,32 @@
+$ANSIBLE_VAULT;1.1;AES256
+32313865346461323861313234623330633830663561353636396161643566353733393931303232
+3134353364393034626564333866383065633162383561390a656463303464616434303435303037
+63313232373630616136626464373464646535353030396136656361343162666165366566383737
+6133326539393432390a386162393639636137326532393939633665326637373461663766656565
+36636661653939373134313165383261353832373362613533366431626330313831643836363932
+38623937663335646134323130636539333335636265313564323032623065393031343235633832
+33336138653336633932383133366566656464356331306265663662356166613135663234326434
+64343765366439303766613062363830346238376435366138323662366463353634623937376663
+39313263613764623533323562333932656564346462333961663538353366313065343263383431
+39643734353632336134663965343062373933656461393264323938303261316563313962343837
+66623562333031646633643734383439386130653033343962633930613031313433633033383561
+65366230663263346661343339636537336332323266623230646534323563373934356332663136
+30626231623534616562323033333437353239306538653835623931363164383536336562336136
+30666265366536313436646535383632626137613831633132666666653830383566323532306332
+34353534336331653330663137323936303337306134333036633932363664643864333534316438
+31623062303137376637353061643838383831663561663436663130663064323665316261316531
+32616533333165636130623334373130316339326538343330646366383933353137623631323530
+39653437343432383161323661643931346664663265326664336461373033646563666333353661
+61633865373764346131623131346266373331626336663735303439376230333537386562303939
+65363139346564653464663633326639323930333464376136353064393039373535613231623138
+61373434323065646238356436373730333939613965666237616265653033333230353466316266
+30383939376335656632626232663061623332636337646234653565363561353334643462376666
+30326438303333336265306463313137656334313235643434616238333564373761333235633639
+66346161316130633463623435646639366136386335386139613230653064663230366265633036
+33613132633035393337653436613031383765616638323663363866393165613030306637393134
+38333734373939626364343533306662393463646264666161346434363832623239643864303431
+39383931333139633338663761646335613935636239636439383333313531633364653439323036
+35373639363164386666366335313934336231333261623763633133393562656237313761356631
+39663234653339313466326534333435306662316461333035623339353435383137383735373733
+32373535303338646266346539386364356233616631316661633037346665353762353138376538
+386535333439313233663464353534376535

secrets.yml.topol

@@ -0,0 +1,13 @@
+---
+GLANCE_PASSWORD:
+METADATA_SECRET:
+MYSQL_ROOT_PASSWORD:
+NEUTRON_PASSWORD:
+NOVA_PASSWORD:
+NOVA_PLACEMENT_PASSWORD:
+OS_PASSWORD:   # Keystone admin password
+OS_DEMO_PASSWORD: # Keystone demo user password
+RABBIT_PASSWORD:
+RABBITMQ_ERLANG_COOKIE:
+CINDER_PASSWORD:
+HEAT_PASSWORD:

settings.yml

@@ -0,0 +1,12 @@
+---
+- allocation_pool:
+    start: 172.23.128.50
+    end: 172.23.128.249
+
+- dns_nameserver: 129.125.4.6
+
+- gateway: 172.23.128.250
+
+- subnet_range: 172.23.128.0/24
+
+- rsa_pub: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStPUPXkcu81onUm/le54JCu174yXJJDsthDr96Mv8irBVBWuy5FxnaASuDpmC4QE4s0UAIg1iq/SWrr8qdBQ4OVuYFiW0S7ZJvcoKr/40Wh+T5MeltGQfmkDp6kBsfaMSo6M4tF1c8i+XgOgxb4fxHYb8mFhseztRLx6McxJJJLB0nu+T12WQ01nl0XtwD+3EsZWfxRH0KA59VHZSe3Anc5z+Fm7WU+1Vzy6/pkiIhVReI1L6VVhZsIdSu3fQK6fHQcujtfuw6RKEpisZQqnxMUviWQ98yeQXHk6Nx840WCh3vvKveEAoC4Y/UEZa1TMe6PczfUaLjaidUkpulJsP egon@egon-pc

site.yml

@@ -1,6 +1,15 @@
 ---
-- include: common.yml
-- include: database.yml
-- include: dockerregistry.yml
-- include: mariadb.yml
-- include: rabbitmq.yml
+- import_playbook: common.yml
+- import_playbook: rabbitmq.yml
+- import_playbook: memcached.yml
+- import_playbook: mariadb.yml
+- import_playbook: keystone.yml
+- import_playbook: glance-controller.yml
+- import_playbook: nova-controller.yml
+- import_playbook: neutron-controller.yml
+- import_playbook: cinder-controller.yml
+- import_playbook: cinder-storage.yml
+- import_playbook: nova-compute.yml
+- import_playbook: horizon.yml
+- import_playbook: heat.yml
+- import_playbook: post-install.yml

test_hosts

@@ -0,0 +1,48 @@
+[databases]
+openstack-test05
+openstack-test06
+openstack-test07
+
+[keystone]
+openstack-test05
+
+[glance-controller]
+openstack-test05
+
+[horizon]
+openstack-test05
+
+[rabbitmq]
+openstack-test05
+openstack-test06
+openstack-test07
+
+[memcached]
+openstack-test05
+
+[neutron-controller]
+openstack-test05 physical_interface_mappings=provider:enp4s0f0
+
+[nova-controller]
+openstack-test05
+
+[cinder-controller]
+openstack-test05
+
+[heat]
+openstack-test05
+
+[cinder-storage]
+openstack-test05 storage_volume=/dev/openstack-test05-vg/cinder
+openstack-test06 storage_volume=/dev/openstack-test06-vg/cinder
+openstack-test07 storage_volume=/dev/openstack-test07-vg/cinder
+openstack-test08 storage_volume=/dev/openstack-test08-vg/cinder
+openstack-test09 storage_volume=/dev/openstack-test09-vg/cinder
+openstack-test10 storage_volume=/dev/openstack-test10-vg/cinder
+
+[nova-compute]
+openstack-test06 physical_interface_mappings=provider:enp4s0f0
+openstack-test07 physical_interface_mappings=provider:enp4s0f0
+openstack-test08 physical_interface_mappings=provider:enp4s0f0
+openstack-test09 physical_interface_mappings=provider:enp4s0f0
+openstack-test10 physical_interface_mappings=provider:enp4s0f0