Merge branch 'feature/add-variables'

Updated url of docker registry.

make a loop for more flexibility.

Introducing listen_ip variable that overrides

the default listen_ip.

make a loop for more flexibility.

Get a listen ip specifically for that host.

see if components have listen_ip defined before using ansible_default_ipv4

Make service files look for listen_ip variable.

implemented listen_ip variable here too

map to different port to avoid clashes.

Make PHYSICAL_INTERFACE_MAPPINGS variable...

instead of just one provuider interface.
it should contain something like:
physnet2:eth1,physnet3:eth2

add openstack client on machine that is running keystone

Added delay to check.

enable all services are started at boot

Inventory for gcc openstack03 all in one.

added volume for glance images

Added gcc all in one specific config.

Prevent an error when there is no secrets.yml..

to back up

removed reference to empty dir.

added empty meta/main.yml

And now with a list of roles

..and removed the list

removed reference to empty dir.

Added galera cluster support

When at least three database nodes are installed, the playbook will
install a galera cluster across them.

The galera cnf can be the same template across...

nodes.

made environment file for the service.

I am unable to reproduce systemctl set-environment to work as
advertized.

Reverted to updating init file by ansible.

entrypoint.sh of the mariadb container seems unable to cope when a blank
variable is passed by systemd.

give the galera master node some time

It seems to be nessecary to run in host mode..

for galera to work.

I misunderstood pause. need sleep.

Inventory for physical test cluster.

Added CINDER_PASSWORD

Make sure docker is started.

If docker was already installed but not running
it was not started.

fixed refernce to neutron controller

Added heat

Added port for metadata service

Passed metadata secret to be used in config.

Listen ip should be the machine's ip...

Added openstack client from repo.

changed name of subnet

added horizon

Changed rabbitmq default user to openstack.

This makes it no longer nesseccary to create a separate openstack user,
which is lost on rabbitmq restart.

Added sleep because hosts were usually..

not discovered.

Removed unnessecary port mapping

Making /dev/lvm available to container.

fixed os-test inventory

Make iscsi devices available

(needed to attach cinder volumes to machines)

command module no longer works with &&

add cinder to test setup

generate_secrets.py

@@ -5,6 +5,7 @@ Open the secrets.yml and replace all passwords.
 Original is backed up.
 """
 
+from os import path
 import random
 import string
 from subprocess import call
@@ -27,7 +28,8 @@ for key, value in data.iteritems():
         for _ in range(pass_length))
 
 # Make numbered backups of the secrets file.
-call(['cp', '--backup=numbered', 'secrets.yml', 'secrets.yml.bak'])
+if path.isfile('secrets.yml'):
+    call(['cp', '--backup=numbered', 'secrets.yml', 'secrets.yml.bak'])
 
 with open('secrets.yml', 'w') as f:
     dump(data, f, Dumper=Dumper, default_flow_style=False)

heat.yml

@@ -0,0 +1,9 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: heat
+  become: True
+  roles:
+     - heat

hosts

@@ -1,5 +1,9 @@
+# A demo cluster of three nodes.
+
 [databases]
+openstack01-node01
 openstack01-node02
+openstack01-node03
 
 [keystone]
 openstack01-node03
@@ -15,24 +19,9 @@ openstack01-node01
 openstack01-node02
 openstack01-node03
 
-#[cassandra]
-#openstack01-node[01:03]
-
-#openstack01-node01
-#
-#[next_cassandra]
-#openstack01-node02
-#openstack01-node03
-
 [memcached]
 openstack01-node03
 
-#[first_cassandra:vars]
-#run_options=""
-#
-#[next_cassandra:vars]
-#run_options="-e CASSANDRA_SEEDS=172.23.41.1"
-
 [neutron-controller]
 openstack01-node01 physical_interface_mappings=provider:ens192
 
@@ -46,4 +35,4 @@ openstack01-node03
 openstack01-node01 storage_volume=/dev/loop0
 
 [nova-compute]
-openstack01-node04 physical_interface_mappings=provider:dummy0
+openstack01-node04 physical_interface_mappings=provider:enp4s0f0

meta/main.yml

@@ -0,0 +1 @@
+---

neutron-controller.yml

@@ -5,5 +5,7 @@
 
 - hosts: neutron-controller
   become: True
+  vars_files:
+    - settings.yml
   roles:
-     - neutron-controller
+    - neutron-controller

nova-compute.yml

@@ -5,5 +5,7 @@
 
 - hosts: nova-compute
   become: True
+  vars_files:
+    - settings.yml
   roles:
-     - nova-compute
+    - nova-compute

os-test

@@ -0,0 +1,37 @@
+# An all in one
+
+[databases]
+os-test
+
+[keystone]
+os-test
+
+[glance-controller]
+os-test
+
+[horizon]
+os-test
+
+[rabbitmq]
+os-test
+
+[memcached]
+os-test
+
+[neutron-controller]
+os-test physical_interface_mappings=provider:enp4s0f0
+
+[nova-controller]
+os-test
+
+[cinder-controller]
+os-test
+
+[cinder-storage]
+os-test storage_volume=/dev/sdb
+
+[nova-compute]
+os-test physical_interface_mappings=provider:enp4s0f0
+
+[all:vars]
+listen_ip=129.125.60.194

post-install.yml

@@ -19,8 +19,21 @@
         - >
             openstack subnet create --network provider
             --allocation-pool start={{ allocation_pool['start'] }},end={{ allocation_pool['end'] }}
-            --dns-nameserver {{ dns_nameserver }} --gateway {{ gateway }} --subnet-range {{ subnet_range }} provider
+            --dns-nameserver {{ dns_nameserver }} --gateway {{ gateway }} --subnet-range {{ subnet_range }} providersub
+      when: "{{ configure_networks }}" == True
+
+
+- hosts: keystone
+  become: True
+  vars_files:
+    - settings.yml
+  tasks:
+    - name: copy public key
+      copy:
+        content: "{{ rsa_pub }}"
+        dest: /srv/keystone/root/id_rsa.pub
+    - name: post install configuration
+      command: docker exec -i keystone.service bash -c "source /root/admin-openrc.sh && {{ item }}"
+      with_items:
         - openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
         - openstack keypair create --public-key /root/id_rsa.pub adminkey
-
-

roles/cinder-storage/tasks/main.yml

@@ -4,6 +4,7 @@
   include_vars:
     file: ../../secrets.yml
     name: secrets
+  tags: vars
 
 - set_fact:
     docker_image: registry.webhosting.rug.nl/hpc/openstack-cinder-storage:latest
@@ -20,6 +21,7 @@
         -e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
         -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
         -e "RABBIT_USER=openstack"
+  tags: vars
 
 - name: pull docker image
   docker_image:
@@ -52,8 +54,10 @@
     mode: 644
     owner: root
     group: root
+  tags: systemd
 
 - command: systemctl daemon-reload
+  tags: systemd
 
 - name: start service at boot.
   command: systemctl reenable cinder-storage.service

roles/cinder-storage/templates/cinder-storage.service

@@ -11,9 +11,13 @@ ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
   --privileged \
   {{ env_vars | replace('\n', '') }} \
+  -v "/dev/cinder-volumes/":/dev/cinder-volumes \
   -v /srv/cinder-storage/root:/root \
   -v "{{ storage_volume }}":/dev/cinder_storage_volume \
+  -v "/dev/lvm":/dev/lvm \
+  -v "/srv/cinder-storage/volumes/:/var/lib/cinder/volumes/" \
   -p 8777:8776 \
+  -p 3260:3260 \
   {{ docker_image }}
 
 [Install]

roles/common/tasks/docker.yml

@@ -13,3 +13,8 @@
   with_items:
      - docker-engine
      - python-docker
+
+- name: make sure service is started
+  systemd:
+    name: docker.service
+    state: started

roles/heat/tasks/main.yml

@@ -0,0 +1,62 @@
+# Build and install a docker image for heat.
+---
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
+
+- set_fact:
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-heat:latest
+    env_vars: >
+        -e "HEAT_HOST={{ listen_ip | default(hostvars[groups['heat'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "HEAT_PASSWORD={{ secrets['HEAT_PASSWORD'] }}"
+        -e "HEAT_USER=heat"
+        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+        -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+        -e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
+        -e "RABBIT_USER=openstack"
+
+- name: pull docker image
+  docker_image:
+    name: "{{ docker_image }}"
+  tags: pull
+
+- name: Make build and persistent directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0777
+  with_items:
+      - /srv/heat
+      - /srv/heat/root
+
+- name: install service file.
+  template:
+    src: templates/heat.service
+    dest: /etc/systemd/system/heat.service
+    mode: 644
+    owner: root
+    group: root
+
+- name: start service at boot.
+  command: systemctl reenable heat.service
+
+- command: systemctl daemon-reload
+
+- name: Initialize database.
+  command: >
+             /usr/bin/docker run --rm
+             {{ env_vars }}
+             --add-host=keystone:{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
+             -v /srv/heat/root:/root \
+             {{ docker_image }} /etc/bootstrap.sh
+  tags: bootstrap
+
+- name: make sure service is started
+  systemd:
+    name: heat.service
+    state: restarted

roles/heat/templates/heat.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=Openstack heat Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker kill %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStart=/usr/bin/docker run --name %n \
+  {{ env_vars | replace('\n', '') }} \
+  -v /srv/heat/root:/root \
+  -p 8000:8000 \
+  -p 8004:8004 \
+  {{ docker_image }}
+
+[Install]
+WantedBy=multi-user.target

roles/keystone/tasks/main.yml

@@ -86,11 +86,19 @@
              -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
              {{ docker_image }} bash /etc/bootstrap.sh
 
+
+- name: install openstack repo on host.
+  command: >
+      echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list &&
+      apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
+  tags: openstackclient
+
 - name: install openstack client for management
   apt:
     name: python-openstackclient
     state: latest
     update_cache: yes
+  tags: openstackclient
 
 - name: source admin-openrc.sh in root .bashrc
   lineinfile:

roles/mariadb/tasks/main.yml

@@ -60,12 +60,8 @@
         owner: root
         group: root
 
-- name: give the galera master node some time to Initialize
+- name: Give the master node some time to initialize the cluster.
-  pause:
+  command: bash -c "sleep 60 && systemctl daemon-reload"
-    minutes: 1
-  when: ansible_hostname != hostname_node0
-
-- command: systemctl daemon-reload
 
 - name: make sure service is started
   systemd:

roles/neutron-controller/tasks/main.yml

@@ -16,6 +16,7 @@
 
 - set_fact:
     env_vars: >
+        -e "GLOBAL_PHYSNET_MTU={{ global_physnet_mtu }}"
         -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
         -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}"

roles/nova-compute/tasks/main.yml

@@ -4,10 +4,11 @@
   include_vars:
     file: ../../secrets.yml
     name: secrets
+  tags: vars
 
 - set_fact:
     docker_image: registry.webhosting.rug.nl/hpc/openstack-nova-compute:latest
-  tags: facts
+  tags: vars
 
 - name: pull docker image
   docker_image:
@@ -22,11 +23,13 @@
     mode: 644
     owner: root
     group: root
+  tags: systemd
 
 - command: systemctl daemon-reload
+  tags: systemd
 
 - apt:
-    name: '{{ item }}'
+    name: "{{ item }}"
   with_items:
       - kvm
       - libvirt0
@@ -42,5 +45,5 @@
   command: systemctl reenable nova-compute.service
 
 - name: let nova controler discover new host
-  command: docker exec -i nova-controller.service nova-manage cell_v2 discover_hosts
+  shell: "sleep 10 && docker exec -i nova-controller.service nova-manage cell_v2 discover_hosts"
   delegate_to: "{{ hostvars[groups['nova-controller'][0]]['ansible_hostname'] }}"

roles/nova-compute/templates/nova-compute.service

@@ -10,9 +10,12 @@ ExecStartPre=-/usr/bin/docker kill %n
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
     -e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['listen_ip'] | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}" \
+    -e "GLOBAL_PHYSNET_MTU={{ global_physnet_mtu }}" \
+    -e "GLOBAL_PHYSNET_MTU={{ global_physnet_mtu }}" \
     -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \
+    -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}" \
     -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['listen_ip'] | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}" \
-    -e "MY_IP={{ hostvars[groups['nova-compute'][0]]['listen_ip'] | default(hostvars[groups['nova-compute'][0]]['ansible_default_ipv4']['address']) }}" \
+    -e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}" \
     -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}" \
     -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}" \
     -e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['listen_ip'] | default(hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address']) }}" \
@@ -33,6 +36,7 @@ ExecStart=/usr/bin/docker run --name %n \
     --add-host=keystone:{{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
     --add-host=mariadb:{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} \
     --privileged \
+    -v /dev:/dev \
     -v /var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock \
     -v /var/lib/nova/instances:/var/lib/nova/instances \
     -v /lib/modules:/lib/modules \

roles/nova-controller/tasks/main.yml

@@ -19,11 +19,12 @@
     env_vars: >
         -e "GLANCE_CONTROLLER_HOST={{ listen_ip | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}"
         -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}"
         -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
-        -e "MY_IP={{ listen_ip | default(hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}"
         -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
-        -e "NEUTRON_CONTROLLER_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['listen_ip'] | default(hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address']) }}"
         -e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}"
         -e "NEUTRON_USER=neutron"
         -e "NOVA_CONTROLLER_HOST={{ listen_ip | default(hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address']) }}"

roles/nova-controller/templates/nova-controller.service

@@ -15,6 +15,7 @@ ExecStart=/usr/bin/docker run --name %n \
   --privileged \
   -v /srv/nova-controller/root:/root \
   -p 8774:8774 \
+  -p 8775:8775 \
   -p 8778:8778 \
   -p 6080:6080 \
   {{ docker_image }} /etc/run.sh

roles/rabbitmq/files/rabbitmq.service

@@ -14,7 +14,7 @@ ExecStart=/usr/bin/docker run \
           --add-host "{{ host }}:{{ hostvars[host]['listen_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}" \
 {% endfor %}
           -p 4369:4369 -p 25679:25679 -p 25672:25672 -p 5671-5672:5671-5672 -p 8080:15672 \
-          -e "RABBITMQ_DEFAULT_USER=user" -e "RABBITMQ_DEFAULT_PASS={{ secrets['RABBIT_PASSWORD'] }}" \
+          -e "RABBITMQ_DEFAULT_USER=openstack" -e "RABBITMQ_DEFAULT_PASS={{ secrets['RABBIT_PASSWORD'] }}" \
           -e "RABBITMQ_ERLANG_COOKIE={{ secrets['RABBITMQ_ERLANG_COOKIE'] }}" \
           -e "RABBITMQ_NODENAME=rabbit_{{ ansible_nodename }}" \
           --hostname "{{ ansible_nodename }}" --name %n rabbitmq:3-management

roles/rabbitmq/tasks/main.yml

@@ -5,9 +5,6 @@
     file: ../../secrets.yml
     name: secrets
 
-- include_vars:
-    dir: 'vars'
-
 - name: install service file.
   template:
     src: files/rabbitmq.service
@@ -40,11 +37,3 @@
       - rabbitmqctl start_app
   when: ansible_nodename != hostname_node0
 
-- name: create openstack user
-  command: "docker exec -i rabbitmq.service {{ item }}"
-  with_items:
-      - rabbitmqctl add_user openstack "{{ secrets['RABBIT_PASSWORD'] }}"
-      - rabbitmqctl set_permissions openstack ".*" ".*" ".*"
-  when: ansible_nodename == hostname_node0
-  register: command_result
-  failed_when: "command_result.rc not in (0, 70)"

secrets.yml.topol

@@ -9,3 +9,5 @@ OS_PASSWORD:   # Keystone admin password
 OS_DEMO_PASSWORD: # Keystone demo user password
 RABBIT_PASSWORD:
 RABBITMQ_ERLANG_COOKIE:
+CINDER_PASSWORD:
+HEAT_PASSWORD:

settings.yml

@@ -1,4 +1,7 @@
 ---
+
+- configure_networks: "True"
+# Allocation pool for a flat provider network.
 - allocation_pool:
     start: 172.23.128.50
     end: 172.23.128.249
@@ -9,4 +12,12 @@
 
 - subnet_range: 172.23.128.0/24
 
-- rsa_pub: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStPUPXkcu81onUm/le54JCu174yXJJDsthDr96Mv8irBVBWuy5FxnaASuDpmC4QE4s0UAIg1iq/SWrr8qdBQ4OVuYFiW0S7ZJvcoKr/40Wh+T5MeltGQfmkDp6kBsfaMSo6M4tF1c8i+XgOgxb4fxHYb8mFhseztRLx6McxJJJLB0nu+T12WQ01nl0XtwD+3EsZWfxRH0KA59VHZSe3Anc5z+Fm7WU+1Vzy6/pkiIhVReI1L6VVhZsIdSu3fQK6fHQcujtfuw6RKEpisZQqnxMUviWQ98yeQXHk6Nx840WCh3vvKveEAoC4Y/UEZa1TMe6PczfUaLjaidUkpulJsP egon@egon-pc
+- global_physnet_mtu: 9000
+
+- rsa_pub: >
+    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStPUPXkcu81onUm/le54JCu174yXJJDsthDr9
+    6Mv8irBVBWuy5FxnaASuDpmC4QE4s0UAIg1iq/SWrr8qdBQ4OVuYFiW0S7ZJvcoKr/40Wh+T5Mel
+    tGQfmkDp6kBsfaMSo6M4tF1c8i+XgOgxb4fxHYb8mFhseztRLx6McxJJJLB0nu+T12WQ01nl0Xtw
+    D+3EsZWfxRH0KA59VHZSe3Anc5z+Fm7WU+1Vzy6/pkiIhVReI1L6VVhZsIdSu3fQK6fHQcujtfuw
+    6RKEpisZQqnxMUviWQ98yeQXHk6Nx840WCh3vvKveEAoC4Y/UEZa1TMe6PczfUaLjaidUkpulJsP
+     egon@egon-pc

site.yml

@@ -11,4 +11,5 @@
 - include: cinder-storage.yml
 - include: nova-compute.yml
 - include: horizon.yml
+- include: heat.yml
 - include: post-install.yml

test_hosts

@@ -17,6 +17,9 @@ ansible-test
 ansible-test-2
 ansible-test-3
 
+[cinder-storage]
+ansible-test
+
 [memcached]
 ansible-test-3
 
@@ -28,3 +31,6 @@ ansible-test
 
 [nova-compute]
 ansible-test-2 physical_interface_mappings=provider:ens10
+
+[heat]
+ansible-test