Cinder needs memcached host

it is encrypted with a default password...

README.md

@@ -1,9 +1,48 @@
-#hpc-cloud
+# hpc-cloud
 
-This repository will contain playbooks to bring up openstack components inside docker containers.
+This repository contains playbooks to bring up openstack components inside docker containers.
+It makes use of ansible roles for the openstack components and the supporting infrastructure.
+The following roles are installed.
+
+### Openstack components.
+
+* keystone
+* glance-controller
+* horizon
+* neutron-controller
+* nova-controller
+* nova-compute
+* cinder-controller
+* cinder-storage
+
+### Auxilary components:
+
+* database (mariadb)
+* rabbitmq (cluster of three nodes)
+* memcached
+
+## Getting started:
+
+### Prerequisites:
+* A cluster of servers to install the components on.
+  * The machines running nova-compute and neutron-controller need a separate interface for neutron to use.
+* ubuntu 16.04 with python installed (usually already present).
+* Access to the webhost12.service.rug.nl docker repository.
+
+### Settings:
+Passwords need be added to `secrets.yml.topol` and it needs to be saved as `secrets.yml`.
+This can be done by running `./generate_secrets.py`.
+Optionally, one can encrypt the secrtets by running `ansible-vault encrypt secrets.yml`.
+
+
+### Secrets:
 
-It makes use of [/home/egon/projects/hpc-cloud/roles/common/tasks/users.yml](ansible roles).
 The roles can be set in the inventory file (hosts)
 
-Cirrently,Tue 25 Apr 2017 02:45:20 PM CEST, only mariadb and keystone are implemented. They can be brought up with
- $ ansible-playbook main.yml
+To bring up one role, for instance keystone, use:
+
+    $ ansible-playbook keystone.yml
+
+To bring up all roles, use
+
+    $ ansible-playbook site.yml

cassandra.yml

@@ -1,7 +1,6 @@
 ---
 # Run all plays as root.
-- hosts: rabbitmq
+- hosts: cassandra
   become: True
   roles:
-      - common
-      - rabbitmq
+      - cassandra

cinder-controller.yml

@@ -0,0 +1,9 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: cinder-controller
+  become: True
+  roles:
+     - cinder-controller

cinder-storage.yml

@@ -0,0 +1,9 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: cinder-storage
+  become: True
+  roles:
+     - cinder-storage

common.yml

@@ -0,0 +1,5 @@
+---
+- hosts: all
+  become: True
+  roles:
+      - common

dockerregistry.yml

@@ -0,0 +1,5 @@
+---
+- hosts: dockerregistry
+  become: True
+  roles:
+      - dockerregistry

generate_secrets.py

@@ -0,0 +1,33 @@
+#!/usr/bin/env python
+
+"""
+Open the secrets.yml and replace all passwords.
+Original is backed up.
+"""
+
+import random
+import string
+from subprocess import call
+from yaml import load, dump
+
+try:
+    from yaml import CLoader as Loader, CDumper as Dumper
+except ImportError:
+    from yaml import Loader, Dumper
+
+# length of generated passwords.
+pass_length = 20
+
+with open('secrets.yml.topol', 'r') as f:
+    data = load(f, Loader=Loader)
+
+for key, value in data.iteritems():
+    data[key] = ''.join(
+        random.choice(string.ascii_letters + string.digits)
+        for _ in range(pass_length))
+
+# Make numbered backups of the secrets file.
+call(['cp', '--backup=numbered', 'secrets.yml', 'secrets.yml.bak'])
+
+with open('secrets.yml', 'w') as f:
+    dump(data, f, Dumper=Dumper, default_flow_style=False)

glance-controller.yml

@@ -0,0 +1,9 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: glance-controller
+  become: True
+  roles:
+     - glance-controller

horizon.yml

@@ -0,0 +1,9 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: horizon
+  become: True
+  roles:
+     - horizon

hosts

@@ -1,15 +1,49 @@
 [databases]
-ansible-test
+openstack01-node02
+
 [keystone]
-ansible-test
-[registry]
-ansible-test
+openstack01-node03
+
+[glance-controller]
+openstack01-node02
+
+[horizon]
+openstack01-node03
+
 [rabbitmq]
-ansible-test-mq
+openstack01-node01
+openstack01-node02
+openstack01-node03
 
+#[cassandra]
+#openstack01-node[01:03]
 
+#openstack01-node01
+#
+#[next_cassandra]
+#openstack01-node02
+#openstack01-node03
 
+[memcached]
+openstack01-node03
 
+#[first_cassandra:vars]
+#run_options=""
+#
+#[next_cassandra:vars]
+#run_options="-e CASSANDRA_SEEDS=172.23.41.1"
 
+[neutron-controller]
+openstack01-node01 provider_interface_name=ens192
 
+[nova-controller]
+openstack01-node03
 
+[cinder-controller]
+openstack01-node03
+
+[cinder-storage]
+openstack01-node01 storage_volume=/dev/loop0
+
+[nova-compute]
+openstack01-node04 provider_interface_name=dummy0

keystone.yml

@@ -0,0 +1,9 @@
+---
+- hosts: databases
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: keystone
+  become: True
+  roles:
+     - keystone

mariadb.yml

@@ -0,0 +1,6 @@
+---
+# Run all plays as root.
+- hosts: databases
+  become: True
+  roles:
+      - mariadb

memcached.yml

@@ -0,0 +1,5 @@
+---
+- hosts: memcached
+  become: True
+  roles:
+     - memcached

neutron-controller.yml

@@ -0,0 +1,9 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: neutron-controller
+  become: True
+  roles:
+     - neutron-controller

nova-compute.yml

@@ -0,0 +1,9 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: nova-compute
+  become: True
+  roles:
+     - nova-compute

nova-controller.yml

@@ -0,0 +1,9 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: nova-controller
+  become: True
+  roles:
+     - nova-controller

post-install.yml

@@ -0,0 +1,26 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: keystone
+  become: True
+  vars_files:
+    - settings.yml
+  tasks:
+    - name: copy public key
+      copy:
+        content: "{{ rsa_pub }}"
+        dest: /srv/keystone/root/id_rsa.pub
+    - name: post install configuration
+      command: docker exec -i keystone.service bash -c "source /root/admin-openrc.sh && {{ item }}"
+      with_items:
+        - openstack network create  --share --external  --provider-physical-network provider  --provider-network-type flat provider
+        - >
+            openstack subnet create --network provider
+            --allocation-pool start={{ allocation_pool['start'] }},end={{ allocation_pool['end'] }}
+            --dns-nameserver {{ dns_nameserver }} --gateway {{ gateway }} --subnet-range {{ subnet_range }} provider
+        - openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+        - openstack keypair create --public-key /root/id_rsa.pub adminkey
+
+

rabbitmq.yml

@@ -0,0 +1,7 @@
+---
+- hosts: rabbitmq
+  become: True
+  roles:
+      - rabbitmq
+  vars:
+      hostname_node0: "{{ hostvars[groups['rabbitmq'][0]]['ansible_hostname'] }}"

roles/cassandra/tasks/main.yml

@@ -0,0 +1,15 @@
+# Install a docker based cassandra cluster.
+---
+- name: install service file.
+  template:
+    src: templates/cassandra.service
+    dest: /etc/systemd/system/cassandra.service
+    mode: 644
+    owner: root
+    group: root
+- name: install service file
+  command: systemctl daemon-reload
+- name: make sure service is started
+  systemd:
+    name: cassandra.service
+    state: started

roles/cassandra/templates/cassandra.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=Cassandra Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker stop %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStartPre=/usr/bin/docker pull cassandra:3.10
+ExecStart=/usr/bin/docker run --name %n -v /srv/lib/cassandra:/var/lib/cassandra \
+ -p 7000:7000 -p 7001:7001 -p 7199:7199 -p 9042:9042 -p 9160:9160 \
+ -e CASSANDRA_BROADCAST_ADDRESS={{ansible_default_ipv4.address}} \
+ -e CASSANDRA_START_RPC=True \
+ cassandra:3.10
+
+[Install]
+WantedBy=multi-user.target

roles/cinder-controller/tasks/main.yml

@@ -0,0 +1,59 @@
+# Build and install a docker image for cinder.
+---
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
+
+- set_fact:
+    docker_image: webhost12.service.rug.nl/hpc/openstack-cinder-controller:latest
+    env_vars: >
+        -e "MY_IP={{ ansible_default_ipv4.address }}"
+        -e "CINDER_HOST={{ hostvars[groups['cinder-controller'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
+        -e "CINDER_USER=cinder"
+        -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+        -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+        -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
+        -e "RABBIT_USER=openstack"
+
+- name: pull docker image
+  docker_image:
+    name: "{{ docker_image }}"
+  tags: pull
+
+- name: Make build and persistent directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0777
+  with_items:
+      - /srv/cinder-controller
+      - /srv/cinder-controller/root
+
+- name: install service file.
+  template:
+    src: templates/cinder-controller.service
+    dest: /etc/systemd/system/cinder-controller.service
+    mode: 644
+    owner: root
+    group: root
+
+- command: systemctl daemon-reload
+
+- name: Initialize database.
+  command: >
+             /usr/bin/docker run --rm
+             {{ env_vars }}
+             -v /srv/cinder-controller/root:/root \
+             {{ docker_image }} /etc/bootstrap.sh
+  tags: bootstrap
+
+- name: make sure service is started
+  systemd:
+    name: cinder-controller.service
+    state: restarted

roles/cinder-controller/templates/cinder-controller.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=Openstack Glance Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker kill %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStart=/usr/bin/docker run --name %n \
+  {{ env_vars | replace('\n', '') }} \
+  -v /srv/cinder-controller/root:/root \
+  -p 8776:8776 \
+  {{ docker_image }}
+
+[Install]
+WantedBy=multi-user.target

roles/cinder-storage/tasks/main.yml

@@ -0,0 +1,61 @@
+# Build and install a docker image for cinder.
+---
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
+
+- set_fact:
+    docker_image: webhost12.service.rug.nl/hpc/openstack-cinder-storage:latest
+    env_vars: >
+        -e "MY_IP={{ ansible_default_ipv4.address }}"
+        -e "CINDER_HOST={{ hostvars[groups['cinder-storage'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
+        -e "CINDER_USER=cinder"
+        -e "GLANCE_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+        -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+        -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
+        -e "RABBIT_USER=openstack"
+
+- name: pull docker image
+  docker_image:
+    name: "{{ docker_image }}"
+  tags: pull
+
+- name: Make build and persistent directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0777
+  with_items:
+      - /srv/cinder-storage
+      - /srv/cinder-storage/root
+
+- name: initial setup
+  command: >
+             /usr/bin/docker run --rm
+             --privileged
+             {{ env_vars }}
+             -v /srv/cinder-storage/root:/root \
+             -v "{{ storage_volume }}":/dev/cinder_storage_volume \
+             {{ docker_image }} /etc/bootstrap.sh
+  tags: bootstrap
+
+- name: install service file.
+  template:
+    src: templates/cinder-storage.service
+    dest: /etc/systemd/system/cinder-storage.service
+    mode: 644
+    owner: root
+    group: root
+
+- command: systemctl daemon-reload
+
+- name: make sure service is started
+  systemd:
+    name: cinder-storage.service
+    state: restarted

roles/cinder-storage/templates/cinder-storage.service

@@ -0,0 +1,20 @@
+[Unit]
+Description=Openstack Glance Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker kill %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStart=/usr/bin/docker run --name %n \
+  --privileged \
+  {{ env_vars | replace('\n', '') }} \
+  -v /srv/cinder-storage/root:/root \
+  -v "{{ storage_volume }}":/dev/cinder_storage_volume \
+  -p 8776:8776 \
+  {{ docker_image }}
+
+[Install]
+WantedBy=multi-user.target

roles/common/tasks/main.yml

@@ -26,6 +26,4 @@
     owner: root
     group: root
 
-    #- name: Load secrets file
-    #  include_vars:
-    #      file: secrets/password_list.yml
+- include: docker.yml

roles/common/tasks/users.yml

@@ -1,8 +1,13 @@
 ---
 # Tasks to set users
+- group:
+    name: admin
+    state: present
+
 - user:
-    group: admin
     name: "{{ item }}"
+    comment: "Admin users"
+    group: admin
   with_items:
       - egon
       - wim
@@ -18,4 +23,3 @@
     user: egon
     key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUBdTEHUj6MxvfEU7KcI+UPAvqJ9jGJ7hHm3e7XFTb9 egon@egon-pc'
     state: present
-

roles/dockerregistry/files/dockerregistry.service

@@ -9,9 +9,8 @@ Restart=on-failure
 ExecStartPre=-/usr/bin/docker stop %n
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStartPre=/usr/bin/docker pull registry:2
-ExecStart=/usr/bin/docker run -d -p 5000:5000 --restart=always --name %n \
-          -v /srv/dockerregistry/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"   \
-          -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd  -v /srv/dockerregistry/certs:/certs                               \
+ExecStart=/usr/bin/docker run -d -p 5000:5000 --name %n \
+          -v /srv/dockerregistry/certs:/certs \
           -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/docker-registry.hpc.service.rug.nl.crt                      \
           -e REGISTRY_HTTP_TLS_KEY=/certs/docker-registry.hpc.service.rug.nl.key                              \
           -e REGISTRY_HTTP_SECRET=jahNoh2teev0  registry:2

roles/dockerregistry/tasks/main.yml

@@ -1,6 +1,5 @@
 # Install a docker based mariadb.
 ---
-- include: ../common/tasks/docker.yml
 - name: install service file.
   template:
     src: files/dockerregistry.service

roles/glance-controller/tasks/main.yml

@@ -0,0 +1,59 @@
+# Build and install a docker image for glance.
+---
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
+
+- set_fact:
+    docker_image: webhost12.service.rug.nl/hpc/openstack-glance:latest
+    env_vars: >
+        -e "GLANCE_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "GLANCE_PASSWORD={{ secrets['GLANCE_PASSWORD'] }}"
+        -e "GLANCE_USER=glance"
+        -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+        -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+        -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
+        -e "RABBIT_USER=openstack"
+
+- name: pull docker image
+  docker_image:
+    name: "{{ docker_image }}"
+  tags: pull
+
+- name: Make build and persistent directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0777
+  with_items:
+      - /srv/glance
+      - /srv/glance/root
+
+- name: install service file.
+  template:
+    src: templates/glance.service
+    dest: /etc/systemd/system/glance.service
+    mode: 644
+    owner: root
+    group: root
+
+- command: systemctl daemon-reload
+
+- name: Initialize database.
+  command: >
+             /usr/bin/docker run --rm
+             {{ env_vars }}
+             --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
+             -v /srv/glance/root:/root \
+             {{ docker_image }} /etc/bootstrap.sh
+  tags: bootstrap
+
+- name: make sure service is started
+  systemd:
+    name: glance.service
+    state: restarted

roles/glance-controller/templates/glance.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=Openstack Glance Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker kill %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStart=/usr/bin/docker run --name %n \
+  {{ env_vars | replace('\n', '') }} \
+  -v /srv/glance/root:/root \
+  -p 9292:9292 \
+  {{ docker_image }}
+
+[Install]
+WantedBy=multi-user.target

roles/horizon/files/Dockerfile

@@ -1,19 +0,0 @@
-# Build keystone. It needs to be run with
-# --add-host=mariadb:<ip mariadb listens tp>
-# Wen starting with an initialized db,
-# run keystone-manage db_sync from this docker first:
-# $ docker run hpc/keystone --add-host=mariadb:<ip mariadb> "keystone-manage db_sync"
-
-FROM ubuntu:zesty
-
-RUN apt-get update
-
-RUN apt-get install --yes openstack-dashboard
-
-ADD local_settings.py /etc/openstack-dashboard/local_settings.py
-
-RUN chown -R www-data: /var/lib/openstack-dashboard/
-
-#RUN keystone-manage db_sync
-CMD apachectl -DFOREGROUND
-

roles/horizon/files/local_settings.py

@@ -1,503 +0,0 @@
-# -*- coding: utf-8 -*-
-
-import os
-
-from django.utils.translation import ugettext_lazy as _
-
-from horizon.utils import secret_key
-
-from openstack_dashboard.settings import HORIZON_CONFIG
-
-DEBUG = False
-
-WEBROOT = '/'
-
-LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
-
-SECRET_KEY = secret_key.generate_or_read_from_file('/var/lib/openstack-dashboard/secret_key')
-
-
-CACHES = {
-    'default': {
-        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
-        'LOCATION': '127.0.0.1:11211',
-    },
-}
-
-# Send email to the console by default
-EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
-
-# Configure these for your outgoing email host
-#EMAIL_HOST = 'smtp.my-company.com'
-#EMAIL_PORT = 25
-#EMAIL_HOST_USER = 'djangomail'
-#EMAIL_HOST_PASSWORD = 'top-secret!'
-
-OPENSTACK_HOST = "172.23.38.125"
-OPENSTACK_KEYSTONE_URL = "http://%s:5001/v2.0" % OPENSTACK_HOST
-OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
-
-# Disable SSL certificate checks (useful for self-signed certificates):
-#OPENSTACK_SSL_NO_VERIFY = True
-
-# The CA certificate to use to verify SSL connections
-#OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
-
-# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
-# capabilities of the auth backend for Keystone.
-# If Keystone has been configured to use LDAP as the auth backend then set
-# can_edit_user to False and name to 'ldap'.
-#
-# TODO(tres): Remove these once Keystone has an API to identify auth backend.
-OPENSTACK_KEYSTONE_BACKEND = {
-    'name': 'native',
-    'can_edit_user': True,
-    'can_edit_group': True,
-    'can_edit_project': True,
-    'can_edit_domain': True,
-    'can_edit_role': True,
-}
-
-# Setting this to True, will add a new "Retrieve Password" action on instance,
-# allowing Admin session password retrieval/decryption.
-#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
-
-# Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to
-# determine the experience to enable.  Set them both to true to enable
-# both.
-#LAUNCH_INSTANCE_LEGACY_ENABLED = True
-#LAUNCH_INSTANCE_NG_ENABLED = False
-
-# The Xen Hypervisor has the ability to set the mount point for volumes
-# attached to instances (other Hypervisors currently do not). Setting
-# can_set_mount_point to True will add the option to set the mount point
-# from the UI.
-OPENSTACK_HYPERVISOR_FEATURES = {
-    'can_set_mount_point': False,
-    'can_set_password': False,
-    'requires_keypair': False,
-    'enable_quotas': True
-}
-
-# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional
-# services provided by cinder that is not exposed by its extension API.
-OPENSTACK_CINDER_FEATURES = {
-    'enable_backup': False,
-}
-
-# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional
-# services provided by neutron. Options currently available are load
-# balancer service, security groups, quotas, VPN service.
-OPENSTACK_NEUTRON_NETWORK = {
-    'enable_router': True,
-    'enable_quotas': True,
-    'enable_ipv6': True,
-    'enable_distributed_router': False,
-    'enable_ha_router': False,
-    'enable_lb': True,
-    'enable_firewall': True,
-    'enable_vpn': True,
-    'enable_fip_topology_check': True,
-
-    # profile_support can be turned on if needed.
-    'profile_support': None,
-    #'profile_support': 'cisco',
-    'supported_vnic_types': ['*'],
-}
-
-# The OPENSTACK_HEAT_STACK settings can be used to disable password
-# field required while launching the stack.
-OPENSTACK_HEAT_STACK = {
-    'enable_user_pass': True,
-}
-
-#OPENSTACK_IMAGE_BACKEND = {
-#    'image_formats': [
-#        ('', _('Select format')),
-#        ('aki', _('AKI - Amazon Kernel Image')),
-#        ('ami', _('AMI - Amazon Machine Image')),
-#        ('ari', _('ARI - Amazon Ramdisk Image')),
-#        ('docker', _('Docker')),
-#        ('iso', _('ISO - Optical Disk Image')),
-#        ('ova', _('OVA - Open Virtual Appliance')),
-#        ('qcow2', _('QCOW2 - QEMU Emulator')),
-#        ('raw', _('Raw')),
-#        ('vdi', _('VDI - Virtual Disk Image')),
-#        ('vhd', _('VHD - Virtual Hard Disk')),
-#        ('vmdk', _('VMDK - Virtual Machine Disk')),
-#    ],
-#}
-
-# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for
-# image custom property attributes that appear on image detail pages.
-IMAGE_CUSTOM_PROPERTY_TITLES = {
-    "architecture": _("Architecture"),
-    "kernel_id": _("Kernel ID"),
-    "ramdisk_id": _("Ramdisk ID"),
-    "image_state": _("Euca2ools state"),
-    "project_id": _("Project ID"),
-    "image_type": _("Image Type"),
-}
-
-# The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image
-# custom properties should not be displayed in the Image Custom Properties
-# table.
-IMAGE_RESERVED_CUSTOM_PROPERTIES = []
-
-# Set to 'legacy' or 'direct' to allow users to upload images to glance via
-# Horizon server. When enabled, a file form field will appear on the create
-# image form. If set to 'off', there will be no file form field on the create
-# image form. See documentation for deployment considerations.
-#HORIZON_IMAGES_UPLOAD_MODE = 'legacy'
-
-# Allow a location to be set when creating or updating Glance images.
-# If using Glance V2, this value should be False unless the Glance
-# configuration and policies allow setting locations.
-#IMAGES_ALLOW_LOCATION = False
-
-# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
-# in the Keystone service catalog. Use this setting when Horizon is running
-# external to the OpenStack environment. The default is 'publicURL'.
-#OPENSTACK_ENDPOINT_TYPE = "publicURL"
-
-# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the
-# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints
-# in the Keystone service catalog. Use this setting when Horizon is running
-# external to the OpenStack environment. The default is None. This
-# value should differ from OPENSTACK_ENDPOINT_TYPE if used.
-#SECONDARY_ENDPOINT_TYPE = None
-
-# The number of objects (Swift containers/objects or images) to display
-# on a single page before providing a paging element (a "more" link)
-# to paginate results.
-API_RESULT_LIMIT = 1000
-API_RESULT_PAGE_SIZE = 20
-
-# The size of chunk in bytes for downloading objects from Swift
-SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
-
-# The default number of lines displayed for instance console log.
-INSTANCE_LOG_LENGTH = 35
-
-# Specify a maximum number of items to display in a dropdown.
-DROPDOWN_MAX_ITEMS = 30
-
-# The timezone of the server. This should correspond with the timezone
-# of your entire OpenStack installation, and hopefully be in UTC.
-TIME_ZONE = "UTC"
-
-# When launching an instance, the menu of available flavors is
-# sorted by RAM usage, ascending. If you would like a different sort order,
-# you can provide another flavor attribute as sorting key. Alternatively, you
-# can provide a custom callback method to use for sorting. You can also provide
-# a flag for reverse sort. For more info, see
-# http://docs.python.org/2/library/functions.html#sorted
-#CREATE_INSTANCE_FLAVOR_SORT = {
-#    'key': 'name',
-#     # or
-#    'key': my_awesome_callback_method,
-#    'reverse': False,
-#}
-
-# Set this to True to display an 'Admin Password' field on the Change Password
-# form to verify that it is indeed the admin logged-in who wants to change
-# the password.
-#ENFORCE_PASSWORD_CHECK = False
-
-# Modules that provide /auth routes that can be used to handle different types
-# of user authentication. Add auth plugins that require extra route handling to
-# this list.
-#AUTHENTICATION_URLS = [
-#    'openstack_auth.urls',
-#]
-
-# The Horizon Policy Enforcement engine uses these values to load per service
-# policy rule files. The content of these files should match the files the
-# OpenStack services are using to determine role based access control in the
-# target installation.
-
-# Path to directory containing policy.json files
-#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf")
-
-# Map of local copy of service policy files.
-# Please insure that your identity policy file matches the one being used on
-# your keystone servers. There is an alternate policy file that may be used
-# in the Keystone v3 multi-domain case, policy.v3cloudsample.json.
-# This file is not included in the Horizon repository by default but can be
-# found at
-# http://git.openstack.org/cgit/openstack/keystone/tree/etc/ \
-# policy.v3cloudsample.json
-# Having matching policy files on the Horizon and Keystone servers is essential
-# for normal operation. This holds true for all services and their policy files.
-#POLICY_FILES = {
-#    'identity': 'keystone_policy.json',
-#    'compute': 'nova_policy.json',
-#    'volume': 'cinder_policy.json',
-#    'image': 'glance_policy.json',
-#    'orchestration': 'heat_policy.json',
-#    'network': 'neutron_policy.json',
-#}
-
-# TODO: (david-lyle) remove when plugins support adding settings.
-# Note: Only used when trove-dashboard plugin is configured to be used by
-# Horizon.
-# Trove user and database extension support. By default support for
-# creating users and databases on database instances is turned on.
-# To disable these extensions set the permission here to something
-# unusable such as ["!"].
-#TROVE_ADD_USER_PERMS = []
-#TROVE_ADD_DATABASE_PERMS = []
-
-# Change this patch to the appropriate list of tuples containing
-# a key, label and static directory containing two files:
-# _variables.scss and _styles.scss
-#AVAILABLE_THEMES = [
-#    ('default', 'Default', 'themes/default'),
-#    ('material', 'Material', 'themes/material'),
-#]
-
-LOGGING = {
-    'version': 1,
-    # When set to True this will disable all logging except
-    # for loggers specified in this configuration dictionary. Note that
-    # if nothing is specified here and disable_existing_loggers is True,
-    # django.db.backends will still log unless it is disabled explicitly.
-    'disable_existing_loggers': False,
-    'formatters': {
-        'operation': {
-            # The format of "%(message)s" is defined by
-            # OPERATION_LOG_OPTIONS['format']
-            'format': '%(asctime)s %(message)s'
-        },
-    },
-    'handlers': {
-        'null': {
-            'level': 'DEBUG',
-            'class': 'logging.NullHandler',
-        },
-        'console': {
-            # Set the level to "DEBUG" for verbose output logging.
-            'level': 'INFO',
-            'class': 'logging.StreamHandler',
-        },
-        'operation': {
-            'level': 'INFO',
-            'class': 'logging.StreamHandler',
-            'formatter': 'operation',
-        },
-    },
-    'loggers': {
-        # Logging from django.db.backends is VERY verbose, send to null
-        # by default.
-        'django.db.backends': {
-            'handlers': ['null'],
-            'propagate': False,
-        },
-        'requests': {
-            'handlers': ['null'],
-            'propagate': False,
-        },
-        'horizon': {
-            'handlers': ['console'],
-            'level': 'DEBUG',
-            'propagate': False,
-        },
-        'horizon.operation_log': {
-            'handlers': ['operation'],
-            'level': 'INFO',
-            'propagate': False,
-        },
-        'openstack_dashboard': {
-            'handlers': ['console'],
-            'level': 'DEBUG',
-            'propagate': False,
-        },
-        'novaclient': {
-            'handlers': ['console'],
-            'level': 'DEBUG',
-            'propagate': False,
-        },
-        'cinderclient': {
-            'handlers': ['console'],
-            'level': 'DEBUG',
-            'propagate': False,
-        },
-        'keystoneclient': {
-            'handlers': ['console'],
-            'level': 'DEBUG',
-            'propagate': False,
-        },
-        'glanceclient': {
-            'handlers': ['console'],
-            'level': 'DEBUG',
-            'propagate': False,
-        },
-        'neutronclient': {
-            'handlers': ['console'],
-            'level': 'DEBUG',
-            'propagate': False,
-        },
-        'heatclient': {
-            'handlers': ['console'],
-            'level': 'DEBUG',
-            'propagate': False,
-        },
-        'swiftclient': {
-            'handlers': ['console'],
-            'level': 'DEBUG',
-            'propagate': False,
-        },
-        'openstack_auth': {
-            'handlers': ['console'],
-            'level': 'DEBUG',
-            'propagate': False,
-        },
-        'nose.plugins.manager': {
-            'handlers': ['console'],
-            'level': 'DEBUG',
-            'propagate': False,
-        },
-        'django': {
-            'handlers': ['console'],
-            'level': 'DEBUG',
-            'propagate': False,
-        },
-        'iso8601': {
-            'handlers': ['null'],
-            'propagate': False,
-        },
-        'scss': {
-            'handlers': ['null'],
-            'propagate': False,
-        },
-    },
-}
-
-# 'direction' should not be specified for all_tcp/udp/icmp.
-# It is specified in the form.
-SECURITY_GROUP_RULES = {
-    'all_tcp': {
-        'name': _('All TCP'),
-        'ip_protocol': 'tcp',
-        'from_port': '1',
-        'to_port': '65535',
-    },
-    'all_udp': {
-        'name': _('All UDP'),
-        'ip_protocol': 'udp',
-        'from_port': '1',
-        'to_port': '65535',
-    },
-    'all_icmp': {
-        'name': _('All ICMP'),
-        'ip_protocol': 'icmp',
-        'from_port': '-1',
-        'to_port': '-1',
-    },
-    'ssh': {
-        'name': 'SSH',
-        'ip_protocol': 'tcp',
-        'from_port': '22',
-        'to_port': '22',
-    },
-    'smtp': {
-        'name': 'SMTP',
-        'ip_protocol': 'tcp',
-        'from_port': '25',
-        'to_port': '25',
-    },
-    'dns': {
-        'name': 'DNS',
-        'ip_protocol': 'tcp',
-        'from_port': '53',
-        'to_port': '53',
-    },
-    'http': {
-        'name': 'HTTP',
-        'ip_protocol': 'tcp',
-        'from_port': '80',
-        'to_port': '80',
-    },
-    'pop3': {
-        'name': 'POP3',
-        'ip_protocol': 'tcp',
-        'from_port': '110',
-        'to_port': '110',
-    },
-    'imap': {
-        'name': 'IMAP',
-        'ip_protocol': 'tcp',
-        'from_port': '143',
-        'to_port': '143',
-    },
-    'ldap': {
-        'name': 'LDAP',
-        'ip_protocol': 'tcp',
-        'from_port': '389',
-        'to_port': '389',
-    },
-    'https': {
-        'name': 'HTTPS',
-        'ip_protocol': 'tcp',
-        'from_port': '443',
-        'to_port': '443',
-    },
-    'smtps': {
-        'name': 'SMTPS',
-        'ip_protocol': 'tcp',
-        'from_port': '465',
-        'to_port': '465',
-    },
-    'imaps': {
-        'name': 'IMAPS',
-        'ip_protocol': 'tcp',
-        'from_port': '993',
-        'to_port': '993',
-    },
-    'pop3s': {
-        'name': 'POP3S',
-        'ip_protocol': 'tcp',
-        'from_port': '995',
-        'to_port': '995',
-    },
-    'ms_sql': {
-        'name': 'MS SQL',
-        'ip_protocol': 'tcp',
-        'from_port': '1433',
-        'to_port': '1433',
-    },
-    'mysql': {
-        'name': 'MYSQL',
-        'ip_protocol': 'tcp',
-        'from_port': '3306',
-        'to_port': '3306',
-    },
-    'rdp': {
-        'name': 'RDP',
-        'ip_protocol': 'tcp',
-        'from_port': '3389',
-        'to_port': '3389',
-    },
-}
-
-REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
-                              'LAUNCH_INSTANCE_DEFAULTS',
-                              'OPENSTACK_IMAGE_FORMATS',
-                              'OPENSTACK_KEYSTONE_DEFAULT_DOMAIN']
-
- # The default theme if no cookie is present
-DEFAULT_THEME = 'ubuntu'
-
-# Default Ubuntu apache configuration uses /horizon as the application root.
-WEBROOT='/horizon/'
-
-# By default, validation of the HTTP Host header is disabled.  Production
-# installations should have this set accordingly.  For more information
-# see https://docs.djangoproject.com/en/dev/ref/settings/.
-ALLOWED_HOSTS = '*'
-
-# Compress all assets offline as part of packaging installation
-COMPRESS_OFFLINE = True
-
-ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}
-

roles/horizon/tasks/main.yml

@@ -0,0 +1,25 @@
+# Run hpc/horizon
+---
+- set_fact:
+    docker_image: webhost12.service.rug.nl/hpc/openstack-horizon:latest
+
+- name: pull docker image
+  docker_image:
+    name: "{{ docker_image }}"
+    force: True
+  tags: pull
+
+- name: install service file.
+  template:
+    src: templates/horizon.service
+    dest: /etc/systemd/system/horizon.service
+    mode: 644
+    owner: root
+    group: root
+
+- command: systemctl daemon-reload
+
+- name: make sure service is started
+  systemd:
+    name: horizon.service
+    state: restarted

roles/horizon/templates/horizon.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=Openstack Glance Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker kill %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStart=/usr/bin/docker run --name %n \
+  -e "MEMCACHED_SERVER={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \
+  -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
+  --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
+  -p 80:80 \
+  {{ docker_image }}
+
+[Install]
+WantedBy=multi-user.target

roles/keystone/files/Dockerfile

@@ -1,22 +0,0 @@
-# Build keystone. It needs to be run with
-# --add-host=mariadb:<ip mariadb listens tp>
-# Wen starting with an initialized db,
-# run keystone-manage db_sync from this docker first:
-# $ docker run hpc/keystone --add-host=mariadb:<ip mariadb> "keystone-manage db_sync"
-
-FROM ubuntu:zesty
-
-RUN apt-get update
-
-RUN apt-get install --yes keystone
-
-# set admin token TODO: make this a secret
-ADD keystone.conf /etc/keystone/keystone.conf
-
-RUN mkdir /etc/keystone/fernet-keys
-
-RUN chown keystone: /etc/keystone/fernet-keys
-
-#RUN keystone-manage db_sync
-CMD apachectl -DFOREGROUND
-

roles/keystone/files/keystone.conf

@@ -1,8 +0,0 @@
-[DEFAULT]
-
-[database]
-
-connection = mysql+pymysql://keystone:keystone@mariadb/keystone
-
-[token]
-provider = fernet

roles/keystone/scripts/initialize_db.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 # Start a mariadb container to use its mysql client to initialize the keystone database.
-docker run -i mariadb:10.1.22 mysql -uroot -pgeheim --host 172.23.38.125 << EOF
+docker run --rm -i mariadb:10.2 mysql -uroot -p"$MYSQL_ROOT_PASSWORD" --host "$DB_HOST" << EOF
 CREATE DATABASE IF NOT EXISTS keystone;
 GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
 GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';

roles/keystone/tasks/main.yml

@@ -1,25 +1,29 @@
 # Build and install a docker image for keystone.
 ---
-- include: ../common/tasks/docker.yml
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
 
-- name: Make build and persistent directories
+- name: Make persistent directories
   file:
     path: "{{ item }}"
     state: directory
     mode: 0777
   with_items:
-      - /srv/keystone
-      - /srv/keystone/fernet-keys
+    - /srv
+    - /srv/keystone
+    - /srv/keystone/fernet-keys
+    - /srv/keystone/root
 
-- name: install Dockerfile
-  copy:
-    src: files/
-    dest: /srv/keystone
+- set_fact:
+    docker_image: webhost12.service.rug.nl/hpc/openstack-keystone:latest
 
-- name: build keystone image
+- name: pull docker image
   docker_image:
-    path: /srv/keystone
-    name: hpc/keystone
+    name: "{{ docker_image }}"
+    force: True
+  tags: pull
 
 - name: install service file.
   template:
@@ -32,27 +36,49 @@
 - name: install service file
   command: systemctl daemon-reload
 
-- name: make sure service is started
-  systemd:
-    name: keystone.service
-    state: started
-
 - name: Initialize db
   script: scripts/initialize_db.sh
+  environment:
+    MYSQL_ROOT_PASSWORD: "{{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+    DB_HOST: "{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
+  register: result
+  until: result|succeeded
+  # sometimes the initial connect fails.
+  # Retry until it succeeds.
+  retries: 7
+  delay: 3
+  ignore_errors: yes
 
 - name: keystone manage commands to setup db
   command: >
              /usr/bin/docker run --rm
              --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
              -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
-             hpc/keystone keystone-manage {{ item }}
+             -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
+             {{ docker_image }} keystone-manage {{ item }}
   with_items:
       - db_sync
       - fernet_setup --keystone-user keystone --keystone-group keystone
       - credential_setup --keystone-user keystone --keystone-group keystone
       - >
-          bootstrap --bootstrap-password geheim
-                    --bootstrap-admin-url http://localhost:35357/v3/
-                    --bootstrap-internal-url http://localhost:35357/v3/
-                    --bootstrap-public-url http://localhost:5000/v3/
+          bootstrap --bootstrap-password {{ secrets['OS_PASSWORD'] }}
+                    --bootstrap-admin-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
+                    --bootstrap-internal-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
+                    --bootstrap-public-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:5000/v3/
                     --bootstrap-region-id RegionOne
+
+- name: make sure service is started
+  systemd:
+    name: keystone.service
+    state: restarted
+
+- name: Create a domain, projects users and roles
+  command: >
+             /usr/bin/docker run --rm
+             --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
+             -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
+             -v /srv/keystone/root:/root
+             -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
+             -e "OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3"
+             -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+             {{ docker_image }} bash /etc/bootstrap.sh

roles/keystone/templates/admin-openrc.sh

@@ -0,0 +1,5 @@
+export OS_TENANT_NAME=admin
+export OS_USERNAME=admin
+export OS_PASSWORD={{ hostvars[groups['keystone'][0]]['OS_PASSWORD'] }}
+export OS_AUTH_URL=http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3
+export OS_IDENTITY_API_VERSION=3

roles/keystone/templates/keystone.service

@@ -6,13 +6,15 @@ Requires=docker.service
 [Service]
 TimeoutStartSec=0
 Restart=always
-ExecStartPre=-/usr/bin/docker stop %n
+ExecStartPre=-/usr/bin/docker kill %n
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
   --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
-  -p 5001:5000 -p 35357:35357 \
+  -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
+  -p 5000:5000 -p 35357:35357 \
   -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys \
-  hpc/keystone
+  -v /srv/keystone/root:/root \
+  {{ docker_image }}
 
 [Install]
 WantedBy=multi-user.target

roles/mariadb/files/my.cnf

@@ -0,0 +1,68 @@
+[client]
+port            = 3306
+socket          = /var/run/mysqld/mysqld.sock
+
+
+[mysqld_safe]
+socket          = /var/run/mysqld/mysqld.sock
+nice            = 0
+
+[mysqld]
+skip-host-cache
+skip-name-resolve
+pid-file        = /var/run/mysqld/mysqld.pid
+socket          = /var/run/mysqld/mysqld.sock
+port            = 3306
+basedir         = /usr
+datadir         = /var/lib/mysql
+tmpdir          = /tmp
+lc_messages_dir = /usr/share/mysql
+lc_messages     = en_US
+skip-external-locking
+connect_timeout         = 5
+wait_timeout            = 600
+max_allowed_packet      = 16M
+thread_cache_size       = 128
+sort_buffer_size        = 4M
+bulk_insert_buffer_size = 16M
+tmp_table_size          = 32M
+max_heap_table_size     = 32M
+myisam_recover_options = BACKUP
+key_buffer_size         = 128M
+table_open_cache        = 400
+myisam_sort_buffer_size = 512M
+concurrent_insert       = 2
+read_buffer_size        = 2M
+read_rnd_buffer_size    = 1M
+query_cache_limit               = 128K
+query_cache_size                = 64M
+slow_query_log_file     = /var/log/mysql/mariadb-slow.log
+long_query_time = 10
+
+expire_logs_days        = 10
+max_binlog_size         = 100M
+default_storage_engine  = InnoDB
+innodb_buffer_pool_size = 128M
+innodb_log_buffer_size  = 8M
+innodb_file_per_table   = 1
+innodb_open_files       = 400
+innodb_io_capacity      = 400
+innodb_flush_method     = O_DIRECT
+
+default-storage-engine = innodb
+max_connections = 4096
+collation-server = utf8_general_ci
+character-set-server = utf8
+
+[galera]
+
+[mysqldump]
+quick
+quote-names
+max_allowed_packet      = 16M
+
+[mysql]
+
+[isamchk]
+key_buffer              = 16M
+

roles/mariadb/files/mysql.service

@@ -1,16 +0,0 @@
-[Unit]
-Description=Mariadb Container
-After=docker.service
-Requires=docker.service
- 
-[Service]
-TimeoutStartSec=0
-Restart=always
-ExecStartPre=-/usr/bin/docker stop %n
-ExecStartPre=-/usr/bin/docker rm %n
-ExecStartPre=/usr/bin/docker pull mariadb:10.1.22
-ExecStart=/usr/bin/docker run  -p 3306:3306 --name %n -v /srv/lib/mysql:/var/lib/mysql \
- -e MYSQL_ROOT_PASSWORD=geheim mariadb:10.1.22
- 
-[Install]
-WantedBy=multi-user.target

roles/mariadb/tasks/main.yml

@@ -1,15 +1,35 @@
 # Install a docker based mariadb.
 ---
-- include: ../common/tasks/docker.yml
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
+
 - name: install service file.
   template:
-    src: files/mysql.service
+    src: templates/mysql.service
     dest: /etc/systemd/system/mysql.service
     mode: 644
     owner: root
     group: root
-- name: install service file
-  command: systemctl daemon-reload
+
+- name: make mariadb settings volume
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0777
+  with_items:
+      - /srv/mariadb/lib/mysql
+      - /srv/mariadb/etc/mysql
+
+- name: place settings file
+  copy:
+    src: files/my.cnf
+    dest: /srv/mariadb/etc/mysql
+    mode: 660
+
+- command: systemctl daemon-reload
+
 - name: make sure service is started
   systemd:
     name: mysql.service

roles/mariadb/templates/mysql.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=Mariadb Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker kill %n || /bin/true
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStartPre=/usr/bin/docker pull mariadb:10.2
+ExecStart=/usr/bin/docker run  -p 3306:3306 --name %n \
+ -v /srv/mariadb/lib/mysql:/var/lib/mysql \
+ -v /srv/mariadb/etc/mysql:/etc/mysql \
+ -e MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }} mariadb:10.2
+
+[Install]
+WantedBy=multi-user.target

roles/memcached/files/memcached.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=memcached Container
+After=docker.service
+Requires=docker.service
+ 
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker stop %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStartPre=/usr/bin/docker pull memcached:1.4
+ExecStart=/usr/bin/docker run --name %n -p 11211:11211 -m 1024m memcached:1.4
+ 
+[Install]
+WantedBy=multi-user.target

roles/memcached/tasks/main.yml

@@ -0,0 +1,15 @@
+# Install a docker based mariadb.
+---
+- name: install service file.
+  template:
+    src: files/memcached.service
+    dest: /etc/systemd/system/memcached.service
+    mode: 644
+    owner: root
+    group: root
+- name: install service file
+  command: systemctl daemon-reload
+- name: make sure service is started
+  systemd:
+    name: memcached.service
+    state: started

roles/neutron-controller/tasks/main.yml

@@ -0,0 +1,62 @@
+# Build and install a docker image for neutron-controller.
+---
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
+
+- set_fact:
+    docker_image: "webhost12.service.rug.nl/hpc/openstack-neutron-controller:latest"
+
+- name: pull docker image
+  docker_image:
+    name: "{{ docker_image }}"
+    force: True
+  tags: pull
+
+- set_fact:
+    env_vars: >
+        -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}"
+        -e "MY_IP={{ hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+        -e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}"
+        -e "NEUTRON_USER=neutron"
+        -e "NOVA_USER=nova"
+        -e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}"
+        -e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}"
+        -e "NOVA_PLACEMENT_USER=placement"
+        -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+        -e "PROVIDER_INTERFACE_NAME={{ provider_interface_name }}"
+        -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
+        -e "RABBIT_USER=openstack"
+  tags: env
+
+- name: install service file.
+  template:
+    src: templates/neutron-controller.service
+    dest: /etc/systemd/system/neutron-controller.service
+    mode: 644
+    owner: root
+    group: root
+
+- command: systemctl daemon-reload
+
+- name: Initialize neutron
+  command: >
+    /usr/bin/docker run --rm
+    {{ env_vars }}
+    --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
+    --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}
+    --network host
+    {{ docker_image }}
+    /etc/bootstrap.sh
+  tags: bootstrap
+
+- name: make sure service is started
+  systemd:
+    name: neutron-controller.service
+    state: restarted

roles/neutron-controller/templates/neutron-controller.service

@@ -0,0 +1,23 @@
+[Unit]
+Description=Openstack neutron-controller Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker kill %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStart=/usr/bin/docker run --name %n \
+  {{ env_vars | replace('\n', '') }} \
+  --add-host=nova-controller:{{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }} \
+  --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
+  --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
+  --add-host={{ ansible_nodename }}:{{ ansible_default_ipv4.address }} \
+  --privileged \
+  --network host \
+  -v /lib/modules:/lib/modules \
+  {{ docker_image }} /etc/run.sh
+
+[Install]
+WantedBy=multi-user.target

roles/nova-compute/tasks/main.yml

@@ -0,0 +1,43 @@
+# Build and install a docker image for nova-controller.
+---
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
+
+- set_fact:
+    docker_image: webhost12.service.rug.nl/hpc/openstack-nova-compute:latest
+  tags: facts
+
+- name: pull docker image
+  docker_image:
+    name: "{{ docker_image }}"
+    force: True
+  tags: pull
+
+- name: install service file.
+  template:
+    src: templates/nova-compute.service
+    dest: /etc/systemd/system/nova-compute.service
+    mode: 644
+    owner: root
+    group: root
+
+- command: systemctl daemon-reload
+
+- apt:
+    name: '{{ item }}'
+  with_items:
+      - kvm
+      - libvirt0
+      - libvirt-bin
+      - qemu
+
+- name: make sure service is started
+  systemd:
+    name: nova-compute.service
+    state: restarted
+
+- name: let nova controler discover new host
+  command: docker exec -i nova-controller.service nova-manage cell_v2 discover_hosts
+  delegate_to: "{{ hostvars[groups['nova-controller'][0]]['ansible_hostname'] }}"

roles/nova-compute/templates/nova-compute.service

@@ -0,0 +1,44 @@
+[Unit]
+Description=Openstack nova-compute Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker kill %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStart=/usr/bin/docker run --name %n \
+    -e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}" \
+    -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
+    -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \
+    -e "MY_IP={{ hostvars[groups['nova-compute'][0]]['ansible_default_ipv4']['address'] }}" \
+    -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" \
+    -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}" \
+    -e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address'] }}" \
+    -e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}" \
+    -e "NEUTRON_USER=neutron" \
+    -e "NOVA_COMPUTE_USER=nova_compute" \
+    -e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}" \
+    -e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}" \
+    -e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}" \
+    -e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}" \
+    -e "NOVA_PLACEMENT_USER=placement" \
+    -e "NOVA_USER=nova" \
+    -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}" \
+    -e "PROVIDER_INTERFACE_NAME={{ provider_interface_name }}" \
+    -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" \
+    -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}" \
+    -e "RABBIT_USER=openstack" \
+    --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
+    --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
+    --privileged \
+    -v /var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock \
+    -v /var/lib/nova/instances:/var/lib/nova/instances \
+    -v /lib/modules:/lib/modules \
+    -v /etc/machine-id:/etc/machine-id \
+    --network host \
+    {{ docker_image }} /etc/run.sh
+
+[Install]
+WantedBy=multi-user.target

roles/nova-controller/tasks/main.yml

@@ -0,0 +1,69 @@
+# Build and install a docker image for nova-controller.
+---
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
+
+- name: Make persistent directories
+  file:
+    path: "{ item }}"
+    state: directory
+    mode: 0777
+  with_items:
+    - /srv/nova-controller
+    - /srv/nova-controller/root
+
+- set_fact:
+    docker_image: webhost12.service.rug.nl/hpc/openstack-nova-service:latest
+    env_vars: >
+        -e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "MY_IP={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+        -e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}"
+        -e "NEUTRON_USER=neutron"
+        -e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}"
+        -e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}"
+        -e "NOVA_PLACEMENT_USER=placement"
+        -e "NOVA_USER=nova"
+        -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+        -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
+        -e "RABBIT_USER=openstack"
+  tags: facts
+
+- name: pull docker image
+  docker_image:
+    name: "{{ docker_image }}"
+    force: True
+  tags: pull
+
+- name: install service file.
+  template:
+    src: templates/nova-controller.service
+    dest: /etc/systemd/system/nova-controller.service
+    mode: 644
+    owner: root
+    group: root
+
+- command: systemctl daemon-reload
+
+- name: Initialize database.
+  command: >
+    /usr/bin/docker run --rm
+    {{ env_vars }}
+    --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
+    --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}
+    -v /srv/nova-controller/root:/root
+    {{ docker_image }}
+    /etc/bootstrap.sh
+  tags: bootstrap
+
+- name: make sure service is started
+  systemd:
+    name: nova-controller.service
+    state: restarted

roles/nova-controller/templates/nova-controller.service

@@ -0,0 +1,23 @@
+[Unit]
+Description=Openstack nova-controller Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker kill %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStart=/usr/bin/docker run --name %n \
+  {{ env_vars | replace('\n', '') }} \
+  --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
+  --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
+  --privileged \
+  -v /srv/nova-controller/root:/root \
+  -p 8774:8774 \
+  -p 8778:8778 \
+  -p 6080:6080 \
+  {{ docker_image }} /etc/run.sh
+
+[Install]
+WantedBy=multi-user.target

roles/rabbitmq/files/rabbitmq.service

@@ -2,17 +2,22 @@
 Description=rabbitmq Container
 After=docker.service
 Requires=docker.service
- 
+
 [Service]
 TimeoutStartSec=0
 Restart=always
-ExecStartPre=-/usr/bin/docker stop %n
+ExecStartPre=-/usr/bin/docker kill %n
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStartPre=/usr/bin/docker pull rabbitmq:latest
-ExecStart=/usr/bin/docker run -d \
-          -p 4369:4369 -p 25679:25679 -p 5671-5672:5671-5672 -p 8080:15672 \
-          -e "RABBITMQ_DEFAULT_USER=user" -e "RABBITMQ_DEFAULT_PASS=password" \
-          --hostname rabbitmq --name %n rabbitmq:3-management
- 
+ExecStart=/usr/bin/docker run \
+          --add-host "{{ hostvars[groups['rabbitmq'][0]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" \
+          --add-host "{{ hostvars[groups['rabbitmq'][1]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][1]]['ansible_default_ipv4']['address'] }}" \
+          --add-host "{{ hostvars[groups['rabbitmq'][2]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][2]]['ansible_default_ipv4']['address'] }}" \
+          -p 4369:4369 -p 25679:25679 -p 25672:25672 -p 5671-5672:5671-5672 -p 8080:15672 \
+          -e "RABBITMQ_DEFAULT_USER=user" -e "RABBITMQ_DEFAULT_PASS={{ secrets['RABBIT_PASSWORD'] }}" \
+          -e "RABBITMQ_ERLANG_COOKIE={{ secrets['RABBITMQ_ERLANG_COOKIE'] }}" \
+          -e "RABBITMQ_NODENAME=rabbit_{{ ansible_nodename }}" \
+          --hostname "{{ ansible_nodename }}" --name %n rabbitmq:3-management
+
 [Install]
 WantedBy=multi-user.target

roles/rabbitmq/tasks/main.yml

@@ -1,6 +1,13 @@
 # Install a docker based rabbitMQ.
 ---
-- include: ../common/tasks/docker.yml
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
+
+- include_vars:
+    dir: 'vars'
+
 - name: install service file.
   template:
     src: files/rabbitmq.service
@@ -8,9 +15,32 @@
     mode: 644
     owner: root
     group: root
+
 - name: install service file
   command: systemctl daemon-reload
+
 - name: make sure service is started
   systemd:
     name: rabbitmq.service
     state: started
+
+- name: wait for container to be started
+  wait_for:
+      port: 5672
+
+- name: setup the cluster
+  command: "docker exec -i rabbitmq.service {{ item }}"
+  with_items:
+      - rabbitmqctl stop_app
+      - "rabbitmqctl join_cluster rabbit_{{ hostname_node0 }}@{{ hostname_node0 }}"
+      - rabbitmqctl start_app
+  when: ansible_nodename != hostname_node0
+
+- name: create openstack user
+  command: "docker exec -i rabbitmq.service {{ item }}"
+  with_items:
+      - rabbitmqctl add_user openstack "{{ secrets['RABBIT_PASSWORD'] }}"
+      - rabbitmqctl set_permissions openstack ".*" ".*" ".*"
+  when: ansible_nodename == hostname_node0
+  register: command_result
+  failed_when: "command_result.rc not in (0, 70)"

secrets.yml

@@ -0,0 +1,30 @@
+$ANSIBLE_VAULT;1.1;AES256
+62633134346438356462333363626164393762356139653666323461333037393536373631653565
+6631306631333538353534663738313062636232633339610a303161323131373739393735666463
+65353135626430353737373239623361306137326334333761626235353463393465383830666666
+6138616530346563310a306263316331346263356139383435316239346230313266636363313564
+36633130393062373936363765636361343939313639326237633337353665666338633338343837
+34613534333063303537323738396436333964613362636664366264313334663365336132623464
+64656131373261376466356638636338643135393139386534626132323262393064626666323462
+64323664373262356632393465653932303939313338656665336639613966626234636666373163
+35633231666338643863623737396435626364333365656536613130666435323837323136663339
+61363936336434656530313538643463663737613831646265313731363734356635356438353062
+34323063346265393737343834343065616139656234666230323131366138396265393737666236
+39353766643239323339623534393962666432656331323462656439306365613539366230643133
+36316138303361313134336431343137343433383430616137376563383233303432383664333930
+61613531313638303531643232343066376565663032326533313461363839383664366338356439
+37363233666663653736376538386536653262653633323065363830623032363063393635653762
+32636365656362323362303962306538336234626533323830656230386432666461343063663832
+62373133343933353563653762333836333862376232353339313662363865616439623635393839
+37346433346264633036343761613230396434366132653261643137386466326235613030306235
+34333065623232303939623233373762393939653639333734336336303762326662386530356563
+65303165623564303635356337353662363433626466653939323438633938386166386262623435
+64376431396631623034386434393431616631363663393835343035313639663538643565616330
+65353365303131326335646164333231306564383936396139643935646331393235326666336230
+38326165663865343966356335326438303133663239656235313935626332323332376665343132
+62336139643262333938303537313533623535333736643163373137343035393034613939663061
+36323063643734343865333138356434643266663436653435353132386330636238343637653434
+65616361333263336332643262623034343439383737366663373166643433653466313237613930
+32373162646461323266353662326134343839613264313339306430366165633838663831666565
+65333337623962313561306333616232393334353934316565666331336561633934623339353138
+62656339386530333036383831613762353234643461656436623033613930353531

secrets.yml.topol

@@ -0,0 +1,11 @@
+---
+GLANCE_PASSWORD:
+METADATA_SECRET:
+MYSQL_ROOT_PASSWORD:
+NEUTRON_PASSWORD:
+NOVA_PASSWORD:
+NOVA_PLACEMENT_PASSWORD:
+OS_PASSWORD:   # Keystone admin password
+OS_DEMO_PASSWORD: # Keystone demo user password
+RABBIT_PASSWORD:
+RABBITMQ_ERLANG_COOKIE:

settings.yml

@@ -0,0 +1,12 @@
+---
+- allocation_pool:
+    start: 172.23.128.50
+    end: 172.23.128.249
+
+- dns_nameserver: 129.125.4.6
+
+- gateway: 172.23.128.250
+
+- subnet_range: 172.23.128.0/24
+
+- rsa_pub: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStPUPXkcu81onUm/le54JCu174yXJJDsthDr96Mv8irBVBWuy5FxnaASuDpmC4QE4s0UAIg1iq/SWrr8qdBQ4OVuYFiW0S7ZJvcoKr/40Wh+T5MeltGQfmkDp6kBsfaMSo6M4tF1c8i+XgOgxb4fxHYb8mFhseztRLx6McxJJJLB0nu+T12WQ01nl0XtwD+3EsZWfxRH0KA59VHZSe3Anc5z+Fm7WU+1Vzy6/pkiIhVReI1L6VVhZsIdSu3fQK6fHQcujtfuw6RKEpisZQqnxMUviWQ98yeQXHk6Nx840WCh3vvKveEAoC4Y/UEZa1TMe6PczfUaLjaidUkpulJsP egon@egon-pc

site.yml

@@ -0,0 +1,12 @@
+---
+- include: common.yml
+- include: rabbitmq.yml
+- include: memcached.yml
+- include: mariadb.yml
+- include: keystone.yml
+- include: glance-controller.yml
+- include: nova-controller.yml
+- include: neutron-controller.yml
+- include: nova-compute.yml
+- include: horizon.yml
+- include: post-install.yml

test_hosts

@@ -0,0 +1,28 @@
+[databases]
+ansible-test-2
+
+[keystone]
+ansible-test-3
+
+[glance-controller]
+ansible-test-2
+
+[horizon]
+ansible-test-3
+
+[rabbitmq]
+ansible-test
+ansible-test-2
+ansible-test-3
+
+[memcached]
+ansible-test-3
+
+[neutron-controller]
+ansible-test provider_interface_name=ens10
+
+[nova-controller]
+ansible-test
+
+[nova-compute]
+ansible-test-2 provider_interface_name=ens10