Without host mode the docker container id

is referenced in volume name.

ansible.cfg

@@ -1,5 +1,5 @@
 [defaults]
-inventory = hosts
+inventory = merlin
 stdout_callback = debug
 vault_password_file = .vault_pass.txt
 forks = 20

ceph.xml

@@ -0,0 +1,6 @@
+<secret ephemeral="no" private="no">
+<uuid>d0db6ba7-a0c9-4da6-b0bc-aa7846325333</uuid>
+<usage type="ceph">
+<name>client.volumes secret</name>
+</usage>
+</secret>

cinder-controller.yml

@@ -1,13 +1,9 @@
 ---
 - hosts: all
   name: Dummy to gather facts
-  tasks:
-    - name: gather facts even if hosts are excluded.
-      setup:
-      delegate_to: "{{item}}"
-      delegate_facts: True
-      loop: "{{groups['all']}}"
-
+  tasks: []
+  tags:
+     - facts
 
 - hosts: cinder-controller
   become: True

common.yml

@@ -3,6 +3,7 @@
   become: True
   vars_prompt:
     - name: "docker_user"
+      private: no
       prompt: "What is your p number?"
     - name: "docker_pass"
       prompt: "What is your password?"

create-non-administrative-user

@@ -0,0 +1,5 @@
+openstack project create --domain default --description "GCC testproject" gcc
+openstack user create --domain default --password-prompt gcc-user
+openstack role add --project gcc --user gcc-user user
+openstack user create --domain default --password-prompt gcc-admin
+openstack role add --project gcc --user gcc-admin admin

gcc-site.yml

@@ -1,14 +1,14 @@
 ---
-- import_tasks: common.yml
-- import_tasks: rabbitmq.yml
-- import_tasks: memcached.yml
-- import_tasks: mariadb.yml
-- import_tasks: keystone.yml
-- import_tasks: glance-controller.yml
-- import_tasks: nova-controller.yml
-- import_tasks: neutron-controller.yml
-- import_tasks: cinder-controller.yml
-- import_tasks: cinder-storage.yml
-- import_tasks: nova-compute.yml
-- import_tasks: horizon.yml
-- import_tasks: gcc-post-install.yml
+- include: common.yml
+- include: rabbitmq.yml
+- include: memcached.yml
+- include: mariadb.yml
+- include: keystone.yml
+- include: glance-controller.yml
+- include: nova-controller.yml
+- include: neutron-controller.yml
+- include: cinder-controller.yml
+- include: cinder-storage.yml
+- include: nova-compute.yml
+- include: horizon.yml
+- include: gcc-post-install.yml

group_vars/all.yml

@@ -0,0 +1,10 @@
+---
+keystone_external_fqdn: merlin.hpc.rug.nl
+use_ceph: true
+ceph_mon_initial_members:
+ceph_mon_host:
+ceph_public_network:
+ceph_osd_pool_default_size:
+ceph_compute_client_keyring:
+ceph_cinder_client_keyring:
+ceph_images_client_keyring:

heat_templates/example_cluster.yml

@@ -0,0 +1,137 @@
+---
+heat_template_version: 2015-04-30
+
+description: Simple Example template to deploy a virtual compute cluster.
+
+parameters:
+  image_name:
+    type: string
+    label: Image Name
+    description: Name of image to be used for compute instance
+  public_net:
+    type: string
+    label: Public Net Name
+    description: Public network used for router.
+  ssh_key:
+    type: string
+    label: ssh key name.
+    description: ssh public key name. (Must be uploaded to openstack first)
+  compute_flavor:
+    type: string
+    label: Flavor for compute nodes,
+    description: Flavor with which to start compute nodes.
+  aux_flavor:
+    type: string
+    label: Flavor for auxiliary nodes.
+    description: Flavor with which to start auxiliary nodes. (for now only the interface machine)
+  cidr:
+    type: string
+    label: Cidr for internal subnet
+    description: Cidr for the subnet of the internal user network.
+  internal_net_name:
+    type: string
+    label: Name for the internal network
+    description: Name for the internal network of this cluster.
+  volume_size:
+    type: string
+    label: Size (GB)
+    description: Size (GB) of the volume for each compute node
+
+
+resources:
+  internal_net:
+    type: OS::Neutron::Net
+    properties:
+      name: {get_param: internal_net_name}
+
+  internal_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      network_id: {get_resource: internal_net}
+      cidr: {get_param: cidr}
+      dns_nameservers: ["129.125.4.6", "129.125.36.10"]
+      ip_version: 4
+
+  internal_router:
+    type: OS::Neutron::Router
+    properties:
+      external_gateway_info: {network: {get_param: public_net}}
+
+  internal_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router_id: {get_resource: internal_router}
+      subnet: {get_resource: internal_subnet}
+
+  public_port:
+    type: OS::Neutron::Port
+    properties:
+      network_id: {get_resource: internal_net}
+      fixed_ips:
+        - subnet_id: {get_resource: internal_subnet}
+      security_groups:
+        - default
+
+  floating_ip:
+    type: OS::Neutron::FloatingIP
+    properties:
+      floating_network_id: {get_param: public_net}
+      port_id: {get_resource: public_port}
+
+  interface:  # User-interface for cluster-operation
+    type: OS::Nova::Server
+    properties:
+      key_name: {get_param: ssh_key}
+      image: {get_param: image_name}
+      flavor: {get_param: aux_flavor}
+      networks:
+        - port: {get_resource: public_port}
+
+  admin:  # Machine to run slurm and other admin tools on.
+    type: OS::Nova::Server
+    properties:
+      key_name: {get_param: ssh_key}
+      image: {get_param: image_name}
+      flavor: {get_param: aux_flavor}
+      networks:
+        - network: {get_resource: internal_net}
+
+  vcompute01-volume:
+    type: OS::Cinder::Volume
+    properties:
+      size: {get_param: volume_size}
+
+  vcompute01:
+    type: OS::Nova::Server
+    properties:
+      key_name: adminkey
+      image: {get_param: image_name}
+      flavor: {get_param: compute_flavor}
+      networks:
+        - network: {get_resource: internal_net}
+
+  vcompute_01_volume_attachment:
+    type: OS::Cinder::VolumeAttachment
+    properties:
+      volume_id: {get_resource: vcompute01-volume}
+      instance_uuid: {get_resource: vcompute01}
+
+  vcompute02-volume:
+    type: OS::Cinder::Volume
+    properties:
+      size: {get_param: volume_size}
+
+  vcompute02:
+    type: OS::Nova::Server
+    properties:
+      key_name: adminkey
+      image: {get_param: image_name}
+      flavor: {get_param: compute_flavor}
+      networks:
+        - network: {get_resource: internal_net}
+
+  vcompute_02_volume_attachment:
+    type: OS::Cinder::VolumeAttachment
+    properties:
+      volume_id: {get_resource: vcompute02-volume}
+      instance_uuid: {get_resource: vcompute02}

host_vars/openstack03

@@ -1,2 +0,0 @@
----
-listen_ip: '172.23.40.243'

host_vars/openstack04

@@ -1,2 +0,0 @@
----
-listen_ip: '172.23.40.253'

hosts-openstack03

@@ -0,0 +1,26 @@
+[databases]
+openstack03.gcc.rug.nl
+
+[keystone]
+openstack03.gcc.rug.nl
+
+[glance-controller]
+openstack03.gcc.rug.nl
+
+[horizon]
+openstack03.gcc.rug.nl
+
+[rabbitmq]
+openstack03.gcc.rug.nl
+
+[memcached]
+openstack03.gcc.rug.nl
+
+[neutron-controller]
+openstack03.gcc.rug.nl
+
+[nova-controller]
+openstack03.gcc.rug.nl
+
+[nova-compute]
+openstack03.gcc.rug.nl

merlin

@@ -1,9 +1,9 @@
 [nova-compute]
-merlin-managementnode002 physical_interface_mappings=provider:eno3
-merlin-managementnode003 physical_interface_mappings=provider:eno3
-merlin-node001 physical_interface_mappings=provider:eno3
-merlin-node003 physical_interface_mappings=provider:eno3
-merlin-node004 physical_interface_mappings=provider:eno3
+merlin-node001 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.1
+merlin-node002 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.2
+merlin-node003 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.3
+merlin-node004 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.4
+merlin-node005 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.5
 
 [databases]
 merlin-managementnode001
@@ -16,7 +16,7 @@ merlin-managementnode002
 merlin-managementnode003
 
 [horizon]
-merlin-managementnode001
+merlin-managementnode001 horizon_external_fqdn=merlin.hpc.rug.nl
 
 [memcached]
 merlin-managementnode001
@@ -28,10 +28,23 @@ merlin-managementnode001
 merlin-managementnode001
 
 [neutron-controller]
-merlin-managementnode001 physical_interface_mappings=provider:eno3
+merlin-managementnode001 physical_interface_mappings=provider:enp5s0f1 overlay_ip=172.23.43.101
 
 [heat]
 merlin-managementnode001
 
 [glance-controller]
-merlin-managementnode001
+merlin-managementnode002
+
+[cinder-controller]
+merlin-managementnode003
+
+[cinder-storage]
+merlin-node001
+merlin-node002
+merlin-node003
+merlin-node004
+merlin-node005
+
+[stor]
+merlin-stor00[1:8]

merlin2

@@ -0,0 +1,50 @@
+[nova-compute]
+merlin-node008 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.8
+merlin-node009 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.9
+merlin-node010 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.10
+merlin-node011 physical_interface_mappings=provider:enp129s0f1 overlay_ip=172.23.43.11
+merlin-node012 physical_interface_mappings=provider:enp129s0f1 overlay_ip=172.23.43.12
+merlin-node013 physical_interface_mappings=provider:enp129s0f1 overlay_ip=172.23.43.13
+
+[databases]
+merlin-node007
+merlin-node008
+merlin-node009
+
+[rabbitmq]
+merlin-node007
+merlin-node008
+merlin-node009
+
+[horizon]
+merlin-node007
+
+[memcached]
+merlin-node007
+
+[nova-controller]
+merlin-node007
+
+[keystone]
+merlin-node007
+
+[neutron-controller]
+merlin-node007 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.6
+
+[heat]
+merlin-node007
+
+[glance-controller]
+merlin-node008
+
+[cinder-controller]
+merlin-node009
+
+[cinder-storage]
+merlin-node008
+merlin-node009
+merlin-node010
+merlin-node011
+merlin-node012
+merlin-node013
+

merlinsdn

@@ -0,0 +1,37 @@
+[nova-compute]
+merlin-managementnode002 physical_interface_mappings=provider:eno3
+merlin-managementnode003 physical_interface_mappings=provider:eno3
+merlin-node001 physical_interface_mappings=provider:eno3
+merlin-node003 physical_interface_mappings=provider:eno3
+merlin-node004 physical_interface_mappings=provider:eno3
+
+[databases]
+merlin-managementnode001
+merlin-managementnode002
+merlin-managementnode003
+
+[rabbitmq]
+merlin-managementnode001
+merlin-managementnode002
+merlin-managementnode003
+
+[horizon]
+merlin-managementnode001
+
+[memcached]
+merlin-managementnode001
+
+[nova-controller]
+merlin-managementnode001
+
+[keystone]
+merlin-managementnode001
+
+[neutron-controller]
+merlin-managementnode001 physical_interface_mappings=provider:eno3
+
+[heat]
+merlin-managementnode001
+
+[glance-controller]
+merlin-managementnode001

nuke.yml

@@ -2,8 +2,8 @@
 # This playbook will reset the instalation to facilitate a new installation.
 # All data is lost!
 - hosts: all
-  become: True
-  name: Dummy to gather facts
+  become: true
+  name: Cleanup tasks on all hosts.
   tasks:
     - name: Stop docker service
       shell: "systemctl stop docker"
@@ -11,11 +11,23 @@
       systemd:
         name: docker
         state: stopped
+    - name: Purge docker images.
+      shell: "rm -rf /var/lib/docker/"
     - name: remove volumes
       shell: "rm -rf /srv"
+    - name: remove network namespaces
+      shell: "rm /var/run/netns/*"
+      ignore_errors: true
+    - name: Remove stale vxlan interfaces
+      shell: "for interface in $(ip link | grep DOWN | grep -Po 'vxlan-\\d{1,2}'); do ip link del $interface ; done"
+      ignore_errors: true
 
-- hosts: cinder-storage
-  become: True
+
+- hosts: nova-compute
+  gather_facts: false
+  become: true
   tasks:
-    - name: wipe cinder storage.
-      shell: "dd if=/dev/zero of={{ storage_volume }} bs=1M count=1 && sync"
+    - name: kill all vm's
+      shell: "for machine in  $(virsh list --uuid ); do virsh destroy $machine ; done"
+    - name: wipe all vm's
+      shell: "for machine in  $(virsh list --uuid --all); do virsh undefine $machine ; done"

openstack03

@@ -26,14 +26,10 @@ openstack03
 openstack03
 
 [cinder-storage]
-openstack01 storage_volume=/dev/sdc3
-openstack02 storage_volume=/dev/sda5
 openstack03 storage_volume=/dev/sdb1
-openstack04 storage_volume=/dev/sdb1
 
 [nova-compute]
-openstack01 physical_interface_mappings=provider:bond0
-openstack02 physical_interface_mappings=provider:enp34s0f1
 openstack03 physical_interface_mappings=provider:enp4s0f0
-openstack04 physical_interface_mappings=provider:eno1
 
+[all:vars]
+listen_ip=172.23.40.243

post-install.yml

@@ -15,12 +15,23 @@
     - name: post install configuration
       command: docker exec -i keystone.service bash -c "source /root/admin-openrc.sh && {{ item }}"
       with_items:
-        - openstack network create  --share --external  --provider-physical-network provider  --provider-network-type flat provider
+        - openstack network create --share --external --provider-physical-network provider --provider-network-type vlan --provider-segment 983 vlan983
         - >
-            openstack subnet create --network provider
-            --allocation-pool start={{ allocation_pool['start'] }},end={{ allocation_pool['end'] }}
-            --dns-nameserver {{ dns_nameserver }} --gateway {{ gateway }} --subnet-range {{ subnet_range }} providersub
+            openstack subnet create --subnet-range 172.23.41.0/24 --gateway 172.23.41.101
+            --network vlan983 --allocation-pool start=172.23.41.75,end=172.23.41.100
+            --dns-nameserver 8.8.8.8 vlan983_subnet
         - openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
         - openstack keypair create --public-key /root/id_rsa.pub adminkey
-
-
+        - openstack security group rule create --protocol icmp default
+        - >
+            openstack security group rule create default
+            --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0
+    - name: Install cirros image
+      get_url:
+        url: http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
+        dest: /tmp/cirros-0.4.0-x86_64-disk.img
+        checksum: sha256:a8dd75ecffd4cdd96072d60c2237b448e0c8b2bc94d57f10fdbc8c481d9005b8
+    - shell: >
+          bash -c "source /srv/keystone/root/admin-openrc.sh &&
+          openstack image create --disk-format qcow2 cirros
+          < /tmp/cirros-0.4.0-x86_64-disk.img"

roles/cinder-controller/tasks/main.yml

@@ -4,15 +4,17 @@
   include_vars:
     file: ../../secrets.yml
     name: secrets
+  tags:
+    - facts
 
 - set_fact:
-    docker_image: registry.webhosting.rug.nl/hpc/openstack-cinder-controller:latest
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-cinder-controller-merlin:latest
     env_vars: >
         -e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}"
         -e "CINDER_HOST={{ listen_ip | default(hostvars[groups['cinder-controller'][0]]['ansible_default_ipv4']['address']) }}"
         -e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
         -e "CINDER_USER=cinder"
-        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
@@ -20,6 +22,9 @@
         -e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
         -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
         -e "RABBIT_USER=openstack"
+        -e "RBD_SECRET_UUID={{ secrets['CINDER_RBD_SECRET_UUID']}}"
+  tags:
+    - facts
 
 - name: pull docker image
   docker_image:
@@ -42,11 +47,17 @@
     mode: 644
     owner: root
     group: root
+  tags:
+    - systemd
 
 - name: start service at boot.
   command: systemctl reenable cinder-controller.service
+  tags:
+    - systemd
 
 - command: systemctl daemon-reload
+  tags:
+    - systemd
 
 - name: Initialize database.
   command: >

roles/cinder-storage/files/ceph.client.volumes.keyring

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+39313161646365373665646331613930316437363735326262376531636166346138303139613138
+3361353633616136303365646165643339333130393031380a373934636436626336326436306666
+34316532333165346139633239313930326238333134633365666138326338386632373937343335
+3262383863653136300a393464646365623763663063303936646462313764633736613562633661
+62313961626165363761656363393538396461653936353932303137626435626161316239623338
+65656132353136656430613462663466616432643761303366396461653066616162366666356533
+39386261623861323861633739343237386266306264356436666430313531303238636235393665
+31396533306261393835

roles/cinder-storage/files/ceph.conf

@@ -0,0 +1,14 @@
+[global]
+fsid = ef0b40a2-bc8c-4432-9cde-0ca7c82c8717
+mon_initial_members = merlin-managementnode002
+mon_host = 172.23.59.102
+auth_cluster_required = cephx
+auth_service_required = cephx
+auth_client_required = cephx
+
+# Your network address
+public network = 172.23.59.0/24
+osd pool default size = 2
+
+[client.volumes]
+keyring = /etc/ceph/ceph.client.volumes.keyring

roles/cinder-storage/files/uuid

@@ -0,0 +1 @@
+d0db6ba7-a0c9-4da6-b0bc-aa7846325333

roles/cinder-storage/tasks/main.yml

@@ -6,23 +6,30 @@
     name: secrets
   tags: vars
 
+#- command: uuidgen
+#  register: uuid
+
 - set_fact:
-    docker_image: registry.webhosting.rug.nl/hpc/openstack-cinder-storage:latest
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-cinder-storage-merlin:latest
     env_vars: >
         -e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}"
         -e "CINDER_HOST={{ listen_ip | default(hostvars[groups['cinder-storage'][0]]['ansible_default_ipv4']['address']) }}"
         -e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
         -e "CINDER_USER=cinder"
         -e "GLANCE_HOST={{ listen_ip | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}"
-        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
         -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
         -e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
         -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
-        -e "AVAILABILITY_ZONE={{ ansible_nodename }}"
         -e "RABBIT_USER=openstack"
-        -e "CINDER_STORAGE_VOLUME={{ storage_volume }}"
+        -e "USE_CEPH={{ use_ceph }}"
+        -e "MON_INITIAL_MEMBERS={{ ceph_mon_initial_members }}"
+        -e "MON_HOST={{ ceph_mon_host }}"
+        -e "PUBLIC_NETWORK={{ ceph_public_network }}"
+        -e "OSD_POOL_DEFAULT_SIZE={{ ceph_osd_pool_default_size }}"
+        -e "RBD_SECRET_UUID={{ secrets['CINDER_RBD_SECRET_UUID']}}"
   tags: vars
 
 - name: pull docker image
@@ -36,8 +43,9 @@
     state: directory
     mode: 0777
   with_items:
-      - /srv/cinder-storage
-      - /srv/cinder-storage/root
+    - /srv/cinder-storage
+    - /srv/cinder-storage/root
+    - /srv/cinder-storage/etc/ceph
 
 - name: initial setup
   command: >
@@ -45,10 +53,21 @@
              --privileged
              {{ env_vars }}
              -v /srv/cinder-storage/root:/root \
-             -v /dev:/dev \
              {{ docker_image }} /etc/bootstrap.sh
   tags: bootstrap
 
+- name: copy ceph-client configurationfile
+  copy:
+    src: files/ceph.conf
+    dest: /srv/cinder-storage/etc/ceph/ceph.conf
+    mode: 0644
+
+- name: copy ceph-client-keyring
+  copy:
+    src: files/ceph.client.volumes.keyring
+    dest: /srv/cinder-storage/etc/ceph/ceph.client.volumes.keyring
+    mode: 0644
+
 - name: install service file.
   template:
     src: templates/cinder-storage.service
@@ -58,6 +77,12 @@
     group: root
   tags: systemd
 
+#- name: set ceph client keyring
+#  copy:
+#    content: "{{ceph_cinder_client_keyring}}"
+#    dest: /srv/cinder-storage/etc/ceph
+#  when: use_ceph
+
 - command: systemctl daemon-reload
   tags: systemd
 

roles/cinder-storage/templates/cinder-storage.service

@@ -12,8 +12,9 @@ ExecStart=/usr/bin/docker run --name %n \
   --privileged \
   {{ env_vars | replace('\n', '') }} \
   -v /srv/cinder-storage/root:/root \
-  -v "/dev":/dev \
-  -v "/var/lib/cinder:/var/lib/cinder" \
+  -v /etc/ceph:/etc/ceph \
+  -p 8777:8776 \
+  -p 3260:3260 \
   --network=host \
   {{ docker_image }}
 

roles/common/tasks/main.yml

@@ -10,13 +10,13 @@
 - name: common | install packages
   apt: pkg={{ item }} state=latest update_cache=yes
   with_items:
-     - curl
-     - htop
-     - molly-guard
-     - sudo
-     - tree
-     - vim
-     - python-simplejson
+    - curl
+    - htop
+    - molly-guard
+    - sudo
+    - tree
+    - vim
+    - python-simplejson
 
 - name: sshd_config
   file:
@@ -26,8 +26,10 @@
     owner: root
     group: root
 
-    #- import_tasks: docker.yml
+- name: disable apparmor
+  apt: pkg=apparmor state=absent
 
+- import_tasks: docker.yml
 
 - name: Log into DockerHub
   docker_login:

roles/glance-controller/files/ceph.client.images.keyring

@@ -0,0 +1,2 @@
+[client.images]
+	key = AQDCpDNbJ3DqDBAAvUOUcxEoZNvQUfoaU5i8iQ==

roles/glance-controller/files/ceph.conf

@@ -0,0 +1,14 @@
+[global]
+fsid = ef0b40a2-bc8c-4432-9cde-0ca7c82c8717
+mon_initial_members = merlin-managementnode002
+mon_host = 172.23.59.102
+auth_cluster_required = cephx
+auth_service_required = cephx
+auth_client_required = cephx
+
+# Your network address
+public network = 172.23.59.0/24
+osd pool default size = 2
+
+[client.images]
+keyring = /etc/ceph/ceph.client.images.keyring

roles/glance-controller/tasks/main.yml

@@ -6,12 +6,12 @@
     name: secrets
 
 - set_fact:
-    docker_image: registry.webhosting.rug.nl/hpc/openstack-glance:latest
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-glance-merlin:latest
     env_vars: >
         -e "GLANCE_HOST={{ listen_ip | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}"
         -e "GLANCE_PASSWORD={{ secrets['GLANCE_PASSWORD'] }}"
         -e "GLANCE_USER=glance"
-        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
@@ -19,11 +19,16 @@
         -e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
         -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
         -e "RABBIT_USER=openstack"
+        -e "USE_CEPH={{ use_ceph }}"
+        -e "MON_INITIAL_MEMBERS={{ ceph_mon_initial_members }}"
+        -e "MON_HOST={{ ceph_mon_host }}"
+        -e "PUBLIC_NETWORK={{ ceph_public_network }}"
+        -e "OSD_POOL_DEFAULT_SIZE={{ ceph_osd_pool_default_size }}"
 
-- name: pull docker image
-  docker_image:
-    name: "{{ docker_image }}"
-  tags: pull
+#- name: pull docker image
+#  docker_image:
+#    name: "{{ docker_image }}"
+#  tags: pull
 
 - name: Make build and persistent directories
   file:
@@ -33,6 +38,25 @@
   with_items:
       - /srv/glance
       - /srv/glance/root
+      - /srv/glance/etc/ceph
+
+- name: copy ceph-client configurationfile
+  copy:
+    src: files/ceph.conf
+    dest: /srv/glance/etc/ceph/ceph.conf
+    mode: 0644
+
+- name: copy ceph-client-keyring
+  copy:
+    src: files/ceph.client.images.keyring
+    dest: /srv/glance/etc/ceph/ceph.client.images.keyring
+    mode: 0644
+
+#- name: set ceph client keyring
+#  copy:
+#    content: "{{ceph_images_client_keyring}}"
+#    dest: /srv/cinder-storage/etc/ceph/ceph.client.images.keyring
+#  when: use_ceph
 
 - name: install service file.
   template:

roles/glance-controller/templates/glance.service

@@ -11,7 +11,7 @@ ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
   {{ env_vars | replace('\n', '') }} \
   -v /srv/glance/root:/root \
-  -v /var/lib/glance/images:/var/lib/glance/images \
+  -v /etc/ceph:/etc/ceph \
   -p 9292:9292 \
   {{ docker_image }}
 

roles/heat/tasks/main.yml

@@ -6,12 +6,12 @@
     name: secrets
 
 - set_fact:
-    docker_image: registry.webhosting.rug.nl/hpc/openstack-heat:latest
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-heat-merlin:latest
     env_vars: >
         -e "HEAT_HOST={{ listen_ip | default(hostvars[groups['heat'][0]]['ansible_default_ipv4']['address']) }}"
         -e "HEAT_PASSWORD={{ secrets['HEAT_PASSWORD'] }}"
         -e "HEAT_USER=heat"
-        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"

roles/horizon/tasks/main.yml

@@ -1,7 +1,7 @@
 # Run hpc/horizon
 ---
 - set_fact:
-    docker_image: registry.webhosting.rug.nl/hpc/openstack-horizon:latest
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-horizon-merlin:latest
 
 - name: pull docker image
   docker_image:
@@ -9,6 +9,22 @@
     force: True
   tags: pull
 
+- name: Make persistent directories
+  file:
+    path: /srv/horizon/certs
+    state: directory
+    mode: 0750
+
+- name: install ssl files
+  template:
+    src: templates/certs/{{ item }}
+    dest: /srv/horizon/certs/{{ item }}
+    mode: 400
+  with_items:
+    - merlin.hpc.rug.nl.key
+    - merlin.hpc.rug.nl.crt
+    - DigiCertCA.crt
+
 - name: install service file.
   template:
     src: templates/horizon.service

roles/horizon/templates/certs/DigiCertCA.crt

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE+zCCA+OgAwIBAgIQCHC8xa8/25Wakctq7u/kZTANBgkqhkiG9w0BAQsFADBl
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
+b3QgQ0EwHhcNMTQxMTE4MTIwMDAwWhcNMjQxMTE4MTIwMDAwWjBkMQswCQYDVQQG
+EwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFt
+MQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMV2Dw/ZQyk7bG3RR63eEL8jwnio
+Snc18SNb4EweQefCMQC9iDdFdd25AhCAHo/tZCMERaegOTuBTc9jP8JJ/yKeiLDS
+lrlcinQfkioq8hLIt2hUtVhBgUBoBhpPhSn7tU08D08/QJYbzqjMXjX/ZJj1dd10
+VAWgNhEEEiRVY++Udy538RV27tOkWUUhn6i+0SftCuirOMo/h9Ha8Y+5Cx9E5+Ct
+85XCFk3shKM6ktTPxn3mvcsaQE+zVLHzj28NHuO+SaNW5Ae8jafOHbBbV1bRxBz8
+mGXRzUYvkZS/RYVJ+G1ShxwCVgEnFqtyLvRx5GG1IKD6JmlqCvGrn223zyUCAwEA
+AaOCAaYwggGiMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMHkG
+CCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu
+Y29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln
+aUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4MDqgOKA2hjRodHRw
+Oi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3Js
+MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
+SURSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxo
+dHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBRn/YggFCeYxwnS
+JRm76VERY3VQYjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq
+hkiG9w0BAQsFAAOCAQEAqSg1esR71tonHqyYzyc2TxEydHTmQN0dzfJodzWvs4xd
+xgS/FfQjZ4u5b5cE60adws3J0aSugS7JurHogNAcyTnBVnZZbJx946nw09E02DxJ
+WYsamM6/xvLYMDX/6W9doK867mZTrqqMaci+mqege9iCSzMTyAfzd9fzZM2eY/lC
+J1OuEDOJcjcV8b73HjWizsMt8tey5gvHacDlH198aZt+ziYaM0TDuncFO7pdP0GJ
++hY77gRuW6xWS++McPJKe1e9GW6LNgdUJi2GCZQfXzer8CM/jyxflp5HcahE3qm5
+hS+1NGClXwmgmkMd1L8tRNaN2v11y18WoA5hwnA9Ng==
+-----END CERTIFICATE-----

roles/horizon/templates/certs/merlin.hpc.rug.nl.crt

@@ -0,0 +1,125 @@
+$ANSIBLE_VAULT;1.1;AES256
+65356336313163323761363666626661373461653034313630353938616666323734663735343630
+3562356361313237623231366332343165613939393230310a613263373434396237633733613865
+38666637616264393237363366396232333664613732623332363136313163616432633366663537
+3135636261656133640a313661316538623765353063373134616663316237363536613761626637
+35316432633638303337343065623262643235356435633936356631383562363037656362316263
+33633136363933316334363965303138343462326536636162383838326138656133363034356561
+33623730626136373733376162663664303763613339343932613731653965313362623737373937
+33333966653538373664633763343239316537366332643135393033343235366564653765303738
+62633063636663343730323736643438323365383262656263326561663733666235623766313732
+39386366303366393339393935366238633966653738643637613266313231346632623535346139
+61343731643063646635623930626165623665343732383639353933313634313838336562303038
+31633532653361353765653836636162363761336338313535346537626432313562346430616232
+30613538326561326232623261623536363366353735323333653039306564616431323035366237
+33333661346437613466363236653463636234393730653765646463613535303439306463643764
+37306665353534393335366537643534383834633239646432373433613432663031363962633761
+33633765336164363165396634316163333739666264663864333632313462636338396339303138
+33333131343261643137373065636537366536336634633266373536633532363563666464306332
+39343136623063303061666564366135383339313866373666336364373663383266303364363437
+34383730393539376338383865373439386230393030633161646465366165343132373438306566
+34383965363366663435393032666366363739393739323335626438656632303266383661366433
+65376234383364313663663564333235303939363036303838393231303566343637346332376161
+30333331613738306338346539343762363562393966373963643964623331643036323935313165
+64626661363461656164626538313336306538666561646637616238643839336334633239393236
+63356139323433346335643031343930353937323333396332333735353861386265373633653532
+32313962616665343536663836326139316662653562373132633537386431356166643433366138
+37623534636264336437366462303266383836666333326333393831396466376132666265316533
+65663734653233666233373064326161643534353930393731313431643765383934353130613137
+66666663346536303363653562313139336333343133343938323030663432643161396538383966
+62646163396161373531663861333230393831333535343137343732393532336631393637383762
+66363632373938316536623161646339316236313966303737643632313839623730643364626266
+66643462663536356337653233353662363238346638396566363961643134613136353062633035
+37653833343032383937653530363331366632386261363661343131376539323335653439623830
+35316131663965353635643364396463346637346232313931326666316165653061346264663331
+63616265396463613666646438393133313865663338623436393466373134396230396561393431
+62353039633564393666373430663035313039633065323539373436323532363138333932633537
+65363338316663623934616130396661376163653636346630383531333263393265336461643363
+39366230613239313635366264303431663534666638663433323639613335376233313535666235
+36383566616532396630373763333566616232383538366163626463633530393165653032363433
+65343561323636616365656466623939383366366438646366393432303465353865623134383532
+35333435663831386130666238376531616362663134383366633736336337653763613135356138
+32336231333237656462383831663132316634313038373861356163663632336231383736316132
+37343430633432303462373664633761616635656462383935353731383431336265333734646166
+35376632383736383463353336383431613761626231356534313539666563633466313530666166
+39646462376236366466306139376238306236323337323463343733663439363631346135636564
+64666239613732326539313638633131333039623535366264383265616661663135343563333466
+34626632623932303630663161633437626532376463373135383131613663663432373233396163
+30666331366137316364376566616431366635613536623339616565623736323730336339653031
+38346335643132636231663837653639323230323238376466623034373763313531363930353335
+66356638666466303466653561626434383839626531333664633337333636333033666335383837
+35353837376130386532373961643962633361363831633632333133383738323436633836646537
+34323037313732386639383666326535383638333239363730383733363235623063626531326366
+33626366366231623638643836343339376361383562633933626332363432393265323335626436
+31613666633362643162616237383433633032366534303338313238626131353633396264333537
+61613166303639663366353539333832633263313333343662393533376437396438323135633865
+33383131363633343333646539386139306131623161633331393866393862383566333234386565
+37663334313039623763663361386531626131303262333063336437326633666438303334353035
+64376535666334623938343337663561636661386430313339633764323834323031303366666464
+31303237383333626433613534343337646134323364623763663062306439333464393366313262
+31386333663334373333393666383732333264383331376238653338333861383439353236303338
+37336466376538303234316663653262363162616439303065633263346139333439303732316632
+34646166313737393334303632326561373831646133376564323763633436323366326634613731
+63663033663338333833653766313938646239623038336430383739313034626663626261623531
+66363339656132643137303339633330653066643265303835356566303161393063383831613565
+35653165646165326531356634623532633964666132663339363334386465323565383732333130
+65613462363133616435633066356136353530383863613266353164616138363531313733636131
+64313166633236633835316239333730653437393064623735363234333663653362373136313361
+30623637393536653833373133346332363738343337633264376565653865633464363163366136
+31336561613333323036353937613764363237636463343461666266613435326239306238646666
+31393863346230663935363832633164663639383333343166373362383336366261656235393038
+63323632303166643837643539346465626435633935353230663262383135656230653934306335
+33333832323436663936613336393433666236363534646430666437646363303236363536666431
+65616332623561336461323632623664393031323637363263633334626232316638623565316632
+61376339323064366637353737396232313666316535333930663638656364396266353534363065
+38323664313435313035643866373535343937623331616136663232396635336463396432333363
+32343733613635313538366136393833623336653736353032366461636633393034303533353661
+31616631373238616566333662356137623139623964326130316235363137393338643930666364
+39306338616234326262373461336365653463636632336233303136363832616561633135323663
+39313839643730393730626139343338303631303066313433383438613730366434656161653936
+37313139626436666535356663396433333635343532303265306134316335613232313038333335
+34626136313933663463666334366466303939643334316261333161623239306632636561663463
+64636538643931623563666438333363303633316431323761643862613763626130383532346539
+31316565636363333331323630623337326133366263643638383339313330636162613666343432
+33666238663739333135363733363361356430643638336133343065366461373736376431373139
+61653231383735393838373731663932633139303362376164356635613130616362343835653536
+30376263376233303234343962663361333439623232636535366364396135356334633465363862
+66646564653061376632383235636330656236663563616166636339313738646166663235373330
+66646637376633616365373735326331313338353263613537386535343733346132663838336164
+31393863323266383563323263303233616533366434663332326530343264343364353839643363
+31643931663131633733666665623665663434666164346364366232313765333063613234393063
+64333333346431643837646139663937303437643830633131613864363663313633393932303538
+33303331613061663138373639396266343830646637306662653337323130313638303237306262
+61393238356633396361333866353838383630393038376133353133613732303061333137306662
+39306138393363626662353532386436333965656234366166383835393763633539346561636430
+65333231643266333732663366393164366234366131373636643034633361393935366236366237
+36616130666663353536336638346232616431333265393432303630663637656539323431633963
+39336564666135646261613361396339306332376131663639353431643564316136643336333466
+34653837316137656662303166623738616533376434316339653136376434623135363633333835
+39343366613265656537363332373862643662633264376432636434393464386666626365346466
+38326361343935363635373932396136363561363037333962303732303535356362383236653464
+37646563306235333863303935353431626133616330366566326531356331353137653165623062
+66636134393536656234323966363137613438306163366236623533373966333736633162623462
+62303463343963353535653462376561623230386563346631383161376434303464613231386165
+65376230396461336530366338356231363432356265376330623334363737383461626462326234
+62383436646236303966666537393231643835663462373435396666366264646335663136613336
+33656230393465663265316166313163313366653861643039383062313966303837396539363732
+36616230383931353632653330623138393939353434363130616533303463353439316131373465
+32373430623065386464643164316566383837373838383062346361623637386662643435303831
+62663430336235306166323761316262383536363939366663323638623765343537616430386635
+65306561646639336462636462646266663034336462663730653032386138316365346262323836
+64363033353937363530383462373133666262613937383536623333386239653935366661623435
+33613462383732636538396134393537343538366562643832333034366438333439353637346363
+33663861323331636538313632366134626137636635323930363363323466383165353166303930
+66386139376139346232373263363262313638666231336564313333343430343837656439636262
+33336438646134393863306631636131633138653037626638633165636136663865666434323665
+39363632636531323633313434333432316136353762653561383230336566316462336664353431
+39333132633533393362313761363339393963393361343161353633346232376666353734306663
+35366366396533643430643863663665646139636465316630393665383532393337616662656530
+36333032633430363165333238666133633264363266336636373736313332306333376637393465
+32343265383933613231623431323364653238343464393164623631663166313830616165323131
+65643661363265386562616232613863343964386130323635323434613639623666633962663432
+31323131363661336233346331376466323635323234643037383238613830626130386131353464
+30633736346633353237636536303436633036316131636530656161323666303131636665383730
+39653135663538656337623334376463323834363866313964386366383936316164663863323031
+33663738653232636665

roles/horizon/templates/certs/merlin.hpc.rug.nl.key

@@ -0,0 +1,89 @@
+$ANSIBLE_VAULT;1.1;AES256
+65336461353934306534356638306230323835396365363737626131663464643138336135373463
+3435343336346162383039313638303035346162393064660a646166383538633138346535646337
+32616265393438613266363930623031303866316161656261663634616533323035313132313339
+3131636330373734640a366466323366386338626365626665343266666333383966306165353637
+35393461343066363037373234313733363939353235373730373862316133653233363531356638
+33366339303366356439363664393463323037323162623061336462376461333936386666633637
+33666339303738663535626265376561646338613136616539336431366234616562363063323637
+39386261663964353763376232356466333235646332353564323862376663626530393737356361
+63633930633066613239333432306362303432666466616263376234626137386338613537613266
+66656532346161313966346233633236313538656638323762653766613032366662633237633138
+66363137346633353938633933303636323763383231626261373162656363636233653664313539
+36646162643337306131383737313162313162326634663766326335306232356133306665306465
+66613163623631333831623835373036303263343061376435666231393035356662383163656361
+32313636636432393362633662366638313565346561363736363638643034656133636362653233
+61643734376232643361613562383938623530663463616365396533623334646232643434626439
+36623034393564386362613631333137336637353464333634393630326662623033353366616266
+35373963316563346530333439633463613035613031383437393238333862613161373438396336
+38383466333364353236323830323533613636373332383432626164386134643866373530326139
+37306230326363313264303530346338613234336164636665353530393864393163343635656234
+32653731653330313732306461353133393536376433373732383432326236303833303032373436
+63353233396663343937363434623634646261393731653633383830396461386633643434383161
+62353031613532646263633437666331316435386437626439616637663664376566386662306235
+62343239613632643266396365313134393137353962363035633165306261336436363361356134
+65313631363232306364366366353132663864623533323566313238383237663532663165373563
+34333063393365633264343464333862343135323166353233616130666630666436363138393230
+31303461393861366532373963373837316238323435313266653466663138386434303232356463
+64663330383337656435346237613831333865363463313538623037336437616638363337356461
+38623236323134393639643135303939336564313732393861356332653330396430373262333763
+63303961633463616365356663626430613133386466626562636639323762333731363934393561
+39383263393964643639353963653063656565613532303264643431316439613032373130623162
+64363230306231383064363433623734326666323461656438623662346232353934633439313931
+34653330386564333934366134646163356234306462643061343964386164663461633733666563
+33643133613365373032656262366231336639303232346434333061343661323932333130316536
+61366563636265386633333164303539333565613039666563626434623234616135346664633364
+37373937323635643461386262326135666165363163396236623338356233656161303962373566
+35326139646466333934363964366536343439323864613066383435383435333037356362313565
+38326562393339613636303133333164336265646333396333666339383031663464303361366530
+35313033363931386633373566643866323939343765313030383330313830366432353331626339
+37376638326534323932363832373435376265653863633536333032313331356666386164663739
+33356235393537326136623038316434393166373865353461396566356566653835623765393337
+39353434316639313135383337343165353932383331313463366634336663303565316362623130
+39656664306336306662323161616630393234653530383133396463383236303931633635663133
+30333034303835373436353164613536303334633432356230303538373530343262386563623166
+31643036653833386332633933306439303463633163376231393936353665303637326132396332
+66653537343162623363346637333762636366636633316464646264396461303463356232343030
+30323735303535386363333833313966633463616161376633376265643336313765653933616466
+63373938366565376631346431623237326564366539326132393535343736336562376633613164
+38656631623339373263663638386531326136383338346438396438643435353033616365353333
+30386233383539626363343838323261653864633366653362656636623639653661653165346530
+65383732383038616639636335633337393333626336313838653261663733343861386464626638
+66366139396239326634383738373638643634613061393338353638396438333438616164356438
+37346265636535333163383835316334353836666163633166383135326232373936663365363663
+32643161363037666433313239336362303264356164626538643561306463636462643230623466
+62363033303638393137333334626162636465306661376635653664353631353930653165303131
+30326461353032616130643035323461656636373337346131303533656434393830613534656130
+62613939306233356363663661323439353466633565653666366130383861636565313834636230
+36313735316566663530643564663862386461366635666238323365343237373132346137613766
+64373830393664626165633339336266656465373662646661643032386161633339626236313130
+30373165373531626465373961363539313564636133363336376631326464303139643563636439
+63653838313637346132323331363232373234396664306365373435616432636164363464353335
+65663463396333303063626265313964616136316436316239393062646334323163663738313937
+36326230386664643434366332326139633537343630633936346637353732663266313865363538
+31343331653937396230383333653438383536646438373162616263626263636230633566626139
+32333862353066323537343930393832353838623038326666386637306239616662313237323935
+36306233303237383632656164656163313363616264643630333935393066633166303938393062
+61376335623361656461373731653465386233633666323236333737323165373931366263643961
+34313837383933623765346333626537323561326130323262333465653236353133366265623261
+35373734616436373738306636346363613632383636313333626562643638326333333435623437
+34306235306637393737653339303535353030353139653138373631336335323331373231663265
+63383533323739666262353731306439653537386436363137336364623635656266363733333630
+37666463646332373539623761656438383166633538636330316362326137333230653930623965
+64633431616137376230353133613833646235343161633931626661386438323434623831383737
+35393933386365353162333035393832616531636333623331646366343536373138613035396138
+38313366343737626662613266386265666465353332336230353430663031376336303263613863
+38303431666435363939636235313761656436653562643662323535346237333236326331393830
+65323061323263326461616539343364653961616538333436343431373639316439396638396361
+65393032623333353533643565393362346236383934623432386339396439326139333966383164
+38626663323261643865613365636634383331306463633838336530666163356234633564613961
+66326632393533306337613962653437333938316263656365343135626365656461323964326433
+63343430663837613162353661363338396166323766313933393535623332323932373063633963
+61383336313230653833323134303738366365356131366532663961643065393563346364316561
+35616137663837643964376337383531313334616465363038343461373630623236316332386466
+37363132333937313364643561616562623864623666313035313864643362653138393066326431
+35666565383036386464323166353333386337336666363966396535333232663231643666316130
+31376262393832313366663938653637656339663733313364616438636236383762353231666436
+61313563643262343164323830663063663764326132663139366538646536643031316163666662
+63333432653839363865346263343339623561373036393633363937616237313737366334633035
+63393661656138323936

roles/horizon/templates/horizon.service

@@ -10,9 +10,11 @@ ExecStartPre=-/usr/bin/docker kill %n
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
   -e "MEMCACHED_SERVER={{ hostvars[groups['memcached'][0]]['listen_ip'] | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}" \
-  -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \
+  -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \
+  --volume=/srv/horizon/certs:/certs \
   --add-host=keystone:{{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
   -p 80:80 \
+  -p 443:443 \
   {{ docker_image }}
 
 [Install]

roles/keystone/tasks/main.yml

@@ -15,9 +15,21 @@
     - /srv/keystone
     - /srv/keystone/fernet-keys
     - /srv/keystone/root
+    - /srv/keystone/certs
+    - /srv/keystone/shibboleth
+
+- name: install ssl files
+  template:
+    src: templates/certs/{{ item }}
+    dest: /srv/keystone/certs/{{ item }}
+    mode: 400
+  with_items:
+    - merlin.hpc.rug.nl.key
+    - merlin.hpc.rug.nl.crt
+    - DigiCertCA.crt
 
 - set_fact:
-    docker_image: registry.webhosting.rug.nl/hpc/openstack-keystone:latest
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-keystone-merlin:latest
 
 - name: pull docker image
   docker_image:
@@ -45,7 +57,7 @@
     MYSQL_ROOT_PASSWORD: "{{ secrets['MYSQL_ROOT_PASSWORD'] }}"
     DB_HOST: "{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
   register: result
-  until: result|succeeded
+  until: result is succeeded
   # sometimes the initial connect fails.
   # Retry until it succeeds.
   retries: 7
@@ -57,7 +69,7 @@
              /usr/bin/docker run --rm
              --add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
              -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
-             -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+             -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
              {{ docker_image }} keystone-manage {{ item }}
   with_items:
       - db_sync
@@ -65,9 +77,9 @@
       - credential_setup --keystone-user keystone --keystone-group keystone
       - >
           bootstrap --bootstrap-password {{ secrets['OS_PASSWORD'] }}
-                    --bootstrap-admin-url http://{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/
-                    --bootstrap-internal-url http://{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/
-                    --bootstrap-public-url http://{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:5000/v3/
+                    --bootstrap-admin-url https://{{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/
+                    --bootstrap-internal-url https://{{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/
+                    --bootstrap-public-url https://{{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:5000/v3/
                     --bootstrap-region-id RegionOne
   # sometimes the initial connect fails.
   # Retry until it succeeds.
@@ -86,15 +98,16 @@
              --add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
              -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
              -v /srv/keystone/root:/root
-             -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
-             -e "OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3"
+             -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+             -e "OS_AUTH_URL=https://${KEYSTONE_HOST}:35357/v3"
              -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
              {{ docker_image }} bash /etc/bootstrap.sh
   register: result
   retries: 7
   delay: 3
 
-- name: install openstack repo host key.
+
+- name: install openstack repo key host.
   command: apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
   tags: openstackclient
 

roles/keystone/templates/certs/DigiCertCA.crt

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE+zCCA+OgAwIBAgIQCHC8xa8/25Wakctq7u/kZTANBgkqhkiG9w0BAQsFADBl
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
+b3QgQ0EwHhcNMTQxMTE4MTIwMDAwWhcNMjQxMTE4MTIwMDAwWjBkMQswCQYDVQQG
+EwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFt
+MQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMV2Dw/ZQyk7bG3RR63eEL8jwnio
+Snc18SNb4EweQefCMQC9iDdFdd25AhCAHo/tZCMERaegOTuBTc9jP8JJ/yKeiLDS
+lrlcinQfkioq8hLIt2hUtVhBgUBoBhpPhSn7tU08D08/QJYbzqjMXjX/ZJj1dd10
+VAWgNhEEEiRVY++Udy538RV27tOkWUUhn6i+0SftCuirOMo/h9Ha8Y+5Cx9E5+Ct
+85XCFk3shKM6ktTPxn3mvcsaQE+zVLHzj28NHuO+SaNW5Ae8jafOHbBbV1bRxBz8
+mGXRzUYvkZS/RYVJ+G1ShxwCVgEnFqtyLvRx5GG1IKD6JmlqCvGrn223zyUCAwEA
+AaOCAaYwggGiMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMHkG
+CCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu
+Y29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln
+aUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4MDqgOKA2hjRodHRw
+Oi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3Js
+MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
+SURSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxo
+dHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBRn/YggFCeYxwnS
+JRm76VERY3VQYjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq
+hkiG9w0BAQsFAAOCAQEAqSg1esR71tonHqyYzyc2TxEydHTmQN0dzfJodzWvs4xd
+xgS/FfQjZ4u5b5cE60adws3J0aSugS7JurHogNAcyTnBVnZZbJx946nw09E02DxJ
+WYsamM6/xvLYMDX/6W9doK867mZTrqqMaci+mqege9iCSzMTyAfzd9fzZM2eY/lC
+J1OuEDOJcjcV8b73HjWizsMt8tey5gvHacDlH198aZt+ziYaM0TDuncFO7pdP0GJ
++hY77gRuW6xWS++McPJKe1e9GW6LNgdUJi2GCZQfXzer8CM/jyxflp5HcahE3qm5
+hS+1NGClXwmgmkMd1L8tRNaN2v11y18WoA5hwnA9Ng==
+-----END CERTIFICATE-----

roles/keystone/templates/certs/merlin.hpc.rug.nl.crt

@@ -0,0 +1,125 @@
+$ANSIBLE_VAULT;1.1;AES256
+65356336313163323761363666626661373461653034313630353938616666323734663735343630
+3562356361313237623231366332343165613939393230310a613263373434396237633733613865
+38666637616264393237363366396232333664613732623332363136313163616432633366663537
+3135636261656133640a313661316538623765353063373134616663316237363536613761626637
+35316432633638303337343065623262643235356435633936356631383562363037656362316263
+33633136363933316334363965303138343462326536636162383838326138656133363034356561
+33623730626136373733376162663664303763613339343932613731653965313362623737373937
+33333966653538373664633763343239316537366332643135393033343235366564653765303738
+62633063636663343730323736643438323365383262656263326561663733666235623766313732
+39386366303366393339393935366238633966653738643637613266313231346632623535346139
+61343731643063646635623930626165623665343732383639353933313634313838336562303038
+31633532653361353765653836636162363761336338313535346537626432313562346430616232
+30613538326561326232623261623536363366353735323333653039306564616431323035366237
+33333661346437613466363236653463636234393730653765646463613535303439306463643764
+37306665353534393335366537643534383834633239646432373433613432663031363962633761
+33633765336164363165396634316163333739666264663864333632313462636338396339303138
+33333131343261643137373065636537366536336634633266373536633532363563666464306332
+39343136623063303061666564366135383339313866373666336364373663383266303364363437
+34383730393539376338383865373439386230393030633161646465366165343132373438306566
+34383965363366663435393032666366363739393739323335626438656632303266383661366433
+65376234383364313663663564333235303939363036303838393231303566343637346332376161
+30333331613738306338346539343762363562393966373963643964623331643036323935313165
+64626661363461656164626538313336306538666561646637616238643839336334633239393236
+63356139323433346335643031343930353937323333396332333735353861386265373633653532
+32313962616665343536663836326139316662653562373132633537386431356166643433366138
+37623534636264336437366462303266383836666333326333393831396466376132666265316533
+65663734653233666233373064326161643534353930393731313431643765383934353130613137
+66666663346536303363653562313139336333343133343938323030663432643161396538383966
+62646163396161373531663861333230393831333535343137343732393532336631393637383762
+66363632373938316536623161646339316236313966303737643632313839623730643364626266
+66643462663536356337653233353662363238346638396566363961643134613136353062633035
+37653833343032383937653530363331366632386261363661343131376539323335653439623830
+35316131663965353635643364396463346637346232313931326666316165653061346264663331
+63616265396463613666646438393133313865663338623436393466373134396230396561393431
+62353039633564393666373430663035313039633065323539373436323532363138333932633537
+65363338316663623934616130396661376163653636346630383531333263393265336461643363
+39366230613239313635366264303431663534666638663433323639613335376233313535666235
+36383566616532396630373763333566616232383538366163626463633530393165653032363433
+65343561323636616365656466623939383366366438646366393432303465353865623134383532
+35333435663831386130666238376531616362663134383366633736336337653763613135356138
+32336231333237656462383831663132316634313038373861356163663632336231383736316132
+37343430633432303462373664633761616635656462383935353731383431336265333734646166
+35376632383736383463353336383431613761626231356534313539666563633466313530666166
+39646462376236366466306139376238306236323337323463343733663439363631346135636564
+64666239613732326539313638633131333039623535366264383265616661663135343563333466
+34626632623932303630663161633437626532376463373135383131613663663432373233396163
+30666331366137316364376566616431366635613536623339616565623736323730336339653031
+38346335643132636231663837653639323230323238376466623034373763313531363930353335
+66356638666466303466653561626434383839626531333664633337333636333033666335383837
+35353837376130386532373961643962633361363831633632333133383738323436633836646537
+34323037313732386639383666326535383638333239363730383733363235623063626531326366
+33626366366231623638643836343339376361383562633933626332363432393265323335626436
+31613666633362643162616237383433633032366534303338313238626131353633396264333537
+61613166303639663366353539333832633263313333343662393533376437396438323135633865
+33383131363633343333646539386139306131623161633331393866393862383566333234386565
+37663334313039623763663361386531626131303262333063336437326633666438303334353035
+64376535666334623938343337663561636661386430313339633764323834323031303366666464
+31303237383333626433613534343337646134323364623763663062306439333464393366313262
+31386333663334373333393666383732333264383331376238653338333861383439353236303338
+37336466376538303234316663653262363162616439303065633263346139333439303732316632
+34646166313737393334303632326561373831646133376564323763633436323366326634613731
+63663033663338333833653766313938646239623038336430383739313034626663626261623531
+66363339656132643137303339633330653066643265303835356566303161393063383831613565
+35653165646165326531356634623532633964666132663339363334386465323565383732333130
+65613462363133616435633066356136353530383863613266353164616138363531313733636131
+64313166633236633835316239333730653437393064623735363234333663653362373136313361
+30623637393536653833373133346332363738343337633264376565653865633464363163366136
+31336561613333323036353937613764363237636463343461666266613435326239306238646666
+31393863346230663935363832633164663639383333343166373362383336366261656235393038
+63323632303166643837643539346465626435633935353230663262383135656230653934306335
+33333832323436663936613336393433666236363534646430666437646363303236363536666431
+65616332623561336461323632623664393031323637363263633334626232316638623565316632
+61376339323064366637353737396232313666316535333930663638656364396266353534363065
+38323664313435313035643866373535343937623331616136663232396635336463396432333363
+32343733613635313538366136393833623336653736353032366461636633393034303533353661
+31616631373238616566333662356137623139623964326130316235363137393338643930666364
+39306338616234326262373461336365653463636632336233303136363832616561633135323663
+39313839643730393730626139343338303631303066313433383438613730366434656161653936
+37313139626436666535356663396433333635343532303265306134316335613232313038333335
+34626136313933663463666334366466303939643334316261333161623239306632636561663463
+64636538643931623563666438333363303633316431323761643862613763626130383532346539
+31316565636363333331323630623337326133366263643638383339313330636162613666343432
+33666238663739333135363733363361356430643638336133343065366461373736376431373139
+61653231383735393838373731663932633139303362376164356635613130616362343835653536
+30376263376233303234343962663361333439623232636535366364396135356334633465363862
+66646564653061376632383235636330656236663563616166636339313738646166663235373330
+66646637376633616365373735326331313338353263613537386535343733346132663838336164
+31393863323266383563323263303233616533366434663332326530343264343364353839643363
+31643931663131633733666665623665663434666164346364366232313765333063613234393063
+64333333346431643837646139663937303437643830633131613864363663313633393932303538
+33303331613061663138373639396266343830646637306662653337323130313638303237306262
+61393238356633396361333866353838383630393038376133353133613732303061333137306662
+39306138393363626662353532386436333965656234366166383835393763633539346561636430
+65333231643266333732663366393164366234366131373636643034633361393935366236366237
+36616130666663353536336638346232616431333265393432303630663637656539323431633963
+39336564666135646261613361396339306332376131663639353431643564316136643336333466
+34653837316137656662303166623738616533376434316339653136376434623135363633333835
+39343366613265656537363332373862643662633264376432636434393464386666626365346466
+38326361343935363635373932396136363561363037333962303732303535356362383236653464
+37646563306235333863303935353431626133616330366566326531356331353137653165623062
+66636134393536656234323966363137613438306163366236623533373966333736633162623462
+62303463343963353535653462376561623230386563346631383161376434303464613231386165
+65376230396461336530366338356231363432356265376330623334363737383461626462326234
+62383436646236303966666537393231643835663462373435396666366264646335663136613336
+33656230393465663265316166313163313366653861643039383062313966303837396539363732
+36616230383931353632653330623138393939353434363130616533303463353439316131373465
+32373430623065386464643164316566383837373838383062346361623637386662643435303831
+62663430336235306166323761316262383536363939366663323638623765343537616430386635
+65306561646639336462636462646266663034336462663730653032386138316365346262323836
+64363033353937363530383462373133666262613937383536623333386239653935366661623435
+33613462383732636538396134393537343538366562643832333034366438333439353637346363
+33663861323331636538313632366134626137636635323930363363323466383165353166303930
+66386139376139346232373263363262313638666231336564313333343430343837656439636262
+33336438646134393863306631636131633138653037626638633165636136663865666434323665
+39363632636531323633313434333432316136353762653561383230336566316462336664353431
+39333132633533393362313761363339393963393361343161353633346232376666353734306663
+35366366396533643430643863663665646139636465316630393665383532393337616662656530
+36333032633430363165333238666133633264363266336636373736313332306333376637393465
+32343265383933613231623431323364653238343464393164623631663166313830616165323131
+65643661363265386562616232613863343964386130323635323434613639623666633962663432
+31323131363661336233346331376466323635323234643037383238613830626130386131353464
+30633736346633353237636536303436633036316131636530656161323666303131636665383730
+39653135663538656337623334376463323834363866313964386366383936316164663863323031
+33663738653232636665

roles/keystone/templates/certs/merlin.hpc.rug.nl.key

@@ -0,0 +1,89 @@
+$ANSIBLE_VAULT;1.1;AES256
+65336461353934306534356638306230323835396365363737626131663464643138336135373463
+3435343336346162383039313638303035346162393064660a646166383538633138346535646337
+32616265393438613266363930623031303866316161656261663634616533323035313132313339
+3131636330373734640a366466323366386338626365626665343266666333383966306165353637
+35393461343066363037373234313733363939353235373730373862316133653233363531356638
+33366339303366356439363664393463323037323162623061336462376461333936386666633637
+33666339303738663535626265376561646338613136616539336431366234616562363063323637
+39386261663964353763376232356466333235646332353564323862376663626530393737356361
+63633930633066613239333432306362303432666466616263376234626137386338613537613266
+66656532346161313966346233633236313538656638323762653766613032366662633237633138
+66363137346633353938633933303636323763383231626261373162656363636233653664313539
+36646162643337306131383737313162313162326634663766326335306232356133306665306465
+66613163623631333831623835373036303263343061376435666231393035356662383163656361
+32313636636432393362633662366638313565346561363736363638643034656133636362653233
+61643734376232643361613562383938623530663463616365396533623334646232643434626439
+36623034393564386362613631333137336637353464333634393630326662623033353366616266
+35373963316563346530333439633463613035613031383437393238333862613161373438396336
+38383466333364353236323830323533613636373332383432626164386134643866373530326139
+37306230326363313264303530346338613234336164636665353530393864393163343635656234
+32653731653330313732306461353133393536376433373732383432326236303833303032373436
+63353233396663343937363434623634646261393731653633383830396461386633643434383161
+62353031613532646263633437666331316435386437626439616637663664376566386662306235
+62343239613632643266396365313134393137353962363035633165306261336436363361356134
+65313631363232306364366366353132663864623533323566313238383237663532663165373563
+34333063393365633264343464333862343135323166353233616130666630666436363138393230
+31303461393861366532373963373837316238323435313266653466663138386434303232356463
+64663330383337656435346237613831333865363463313538623037336437616638363337356461
+38623236323134393639643135303939336564313732393861356332653330396430373262333763
+63303961633463616365356663626430613133386466626562636639323762333731363934393561
+39383263393964643639353963653063656565613532303264643431316439613032373130623162
+64363230306231383064363433623734326666323461656438623662346232353934633439313931
+34653330386564333934366134646163356234306462643061343964386164663461633733666563
+33643133613365373032656262366231336639303232346434333061343661323932333130316536
+61366563636265386633333164303539333565613039666563626434623234616135346664633364
+37373937323635643461386262326135666165363163396236623338356233656161303962373566
+35326139646466333934363964366536343439323864613066383435383435333037356362313565
+38326562393339613636303133333164336265646333396333666339383031663464303361366530
+35313033363931386633373566643866323939343765313030383330313830366432353331626339
+37376638326534323932363832373435376265653863633536333032313331356666386164663739
+33356235393537326136623038316434393166373865353461396566356566653835623765393337
+39353434316639313135383337343165353932383331313463366634336663303565316362623130
+39656664306336306662323161616630393234653530383133396463383236303931633635663133
+30333034303835373436353164613536303334633432356230303538373530343262386563623166
+31643036653833386332633933306439303463633163376231393936353665303637326132396332
+66653537343162623363346637333762636366636633316464646264396461303463356232343030
+30323735303535386363333833313966633463616161376633376265643336313765653933616466
+63373938366565376631346431623237326564366539326132393535343736336562376633613164
+38656631623339373263663638386531326136383338346438396438643435353033616365353333
+30386233383539626363343838323261653864633366653362656636623639653661653165346530
+65383732383038616639636335633337393333626336313838653261663733343861386464626638
+66366139396239326634383738373638643634613061393338353638396438333438616164356438
+37346265636535333163383835316334353836666163633166383135326232373936663365363663
+32643161363037666433313239336362303264356164626538643561306463636462643230623466
+62363033303638393137333334626162636465306661376635653664353631353930653165303131
+30326461353032616130643035323461656636373337346131303533656434393830613534656130
+62613939306233356363663661323439353466633565653666366130383861636565313834636230
+36313735316566663530643564663862386461366635666238323365343237373132346137613766
+64373830393664626165633339336266656465373662646661643032386161633339626236313130
+30373165373531626465373961363539313564636133363336376631326464303139643563636439
+63653838313637346132323331363232373234396664306365373435616432636164363464353335
+65663463396333303063626265313964616136316436316239393062646334323163663738313937
+36326230386664643434366332326139633537343630633936346637353732663266313865363538
+31343331653937396230383333653438383536646438373162616263626263636230633566626139
+32333862353066323537343930393832353838623038326666386637306239616662313237323935
+36306233303237383632656164656163313363616264643630333935393066633166303938393062
+61376335623361656461373731653465386233633666323236333737323165373931366263643961
+34313837383933623765346333626537323561326130323262333465653236353133366265623261
+35373734616436373738306636346363613632383636313333626562643638326333333435623437
+34306235306637393737653339303535353030353139653138373631336335323331373231663265
+63383533323739666262353731306439653537386436363137336364623635656266363733333630
+37666463646332373539623761656438383166633538636330316362326137333230653930623965
+64633431616137376230353133613833646235343161633931626661386438323434623831383737
+35393933386365353162333035393832616531636333623331646366343536373138613035396138
+38313366343737626662613266386265666465353332336230353430663031376336303263613863
+38303431666435363939636235313761656436653562643662323535346237333236326331393830
+65323061323263326461616539343364653961616538333436343431373639316439396638396361
+65393032623333353533643565393362346236383934623432386339396439326139333966383164
+38626663323261643865613365636634383331306463633838336530666163356234633564613961
+66326632393533306337613962653437333938316263656365343135626365656461323964326433
+63343430663837613162353661363338396166323766313933393535623332323932373063633963
+61383336313230653833323134303738366365356131366532663961643065393563346364316561
+35616137663837643964376337383531313334616465363038343461373630623236316332386466
+37363132333937313364643561616562623864623666313035313864643362653138393066326431
+35666565383036386464323166353333386337336666363966396535333232663231643666316130
+31376262393832313366663938653637656339663733313364616438636236383762353231666436
+61313563643262343164323830663063663764326132663139366538646536643031316163666662
+63333432653839363865346263343339623561373036393633363937616237313737366334633035
+63393661656138323936

roles/keystone/templates/keystone.service

@@ -10,10 +10,13 @@ ExecStartPre=-/usr/bin/docker kill %n
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
   --add-host=mariadb:{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} \
-  -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \
+  -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \
   -p 5000:5000 -p 35357:35357 \
   -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys \
   -v /srv/keystone/root:/root \
+  -v /srv/keystone/certs:/certs \
+  -v /srv/keystone/shibboleth/sp-key.pem:/etc/shibboleth/sp-key.pem \
+  -v /srv/keystone/shibboleth/sp-cert.pem:/etc/shibboleth/sp-cert.pem \
   {{ docker_image }}
 
 [Install]

roles/mariadb/tasks/main.yml

@@ -11,9 +11,9 @@
     state: directory
     mode: 0777
   with_items:
-    - /srv/mariadb/lib/mysql
-    - /srv/mariadb/etc/mysql
-    - /srv/mariadb/etc/mysql/conf.d
+      - /srv/mariadb/lib/mysql
+      - /srv/mariadb/etc/mysql
+      - /srv/mariadb/etc/mysql/conf.d
 
 - name: place settings file
   copy:
@@ -21,14 +21,12 @@
     dest: /srv/mariadb/etc/mysql/conf.d/my.cnf
     mode: 660
 
-- name: >
-        Set galara.cnf on node if we have at least three nodes.
-        And we're part of the cluster.
+- name: Set galara.cnf on node if we have at least three nodes.
   template:
     src: files/galera.cnf
     dest: /srv/mariadb/etc/mysql/conf.d/galera.cnf
     mode: 660
-  when: "'databases' in group_names and groups['databases'] | length >= 3"
+  when: groups['databases'] | length >= 3
 
   # This mimics galera_new_cluster.sh
 - name: Initialize a new cluster.
@@ -49,8 +47,7 @@
         name: mysql.service
         state: started
 
-  when: "'databases' in group_names and groups['databases'] \
-         | length >= 3 and ansible_hostname == hostname_node0"
+  when: groups['databases'] | length >= 3 and ansible_hostname == hostname_node0
 
 - name: install service file.
   block:
@@ -64,22 +61,17 @@
         group: root
 
 - name: Give the master node some time to initialize the cluster.
-  command: bash -c "sleep 60"
-  when: "'databases' in group_names and groups['databases'] \
-         | length >= 3"
-
-- name: Daemon reload (the implicit doesn't work)
-  command: bash -c "systemctl daemon-reload"
+  command: bash -c "sleep 60 && systemctl daemon-reload"
 
 - name: make sure service is started
   systemd:
     name: mysql.service
     state: started
-    daemon_reload: yes
 
 - name: start service at boot.
   command: systemctl reenable mysql.service
 
 - name: Give the cluster some time to initialize replication.
   command: bash -c "sleep 60 && systemctl daemon-reload"
-  when: "'databases' in group_names and groups['databases'] | length >= 3"
+  when: groups['databases'] | length >= 3
+

roles/neutron-controller/tasks/main.yml

@@ -6,7 +6,7 @@
     name: secrets
 
 - set_fact:
-    docker_image: "registry.webhosting.rug.nl/hpc/openstack-neutron-controller:latest"
+    docker_image: "registry.webhosting.rug.nl/hpc/openstack-neutron-controller-merlin:latest"
 
 - name: pull docker image
   docker_image:
@@ -16,7 +16,7 @@
 
 - set_fact:
     env_vars: >
-        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
         -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}"
         -e "MY_IP={{ listen_ip | default(hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address']) }}"
@@ -29,6 +29,7 @@
         -e "NOVA_CONTROLLER_HOST={{ listen_ip | default(hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address']) }}"
         -e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}"
         -e "NOVA_PLACEMENT_USER=placement"
+        -e "OVERLAY_IP={{ overlay_ip }}"
         -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
         -e "PHYSICAL_INTERFACE_MAPPINGS={{ physical_interface_mappings }}"
         -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"

roles/neutron-controller/templates/neutron-controller.service

@@ -17,6 +17,7 @@ ExecStart=/usr/bin/docker run --name %n \
   --privileged \
   --network host \
   -v /lib/modules:/lib/modules \
+  -v /var/run/netns:/var/run/netns \
   {{ docker_image }} /etc/run.sh
 
 [Install]

roles/nova-compute/files/ceph.conf

@@ -0,0 +1,14 @@
+[global]
+fsid = ef0b40a2-bc8c-4432-9cde-0ca7c82c8717
+mon_initial_members = merlin-managementnode002
+mon_host = 172.23.59.102
+auth_cluster_required = cephx
+auth_service_required = cephx
+auth_client_required = cephx
+
+# Your network address
+public network = 172.23.59.0/24
+osd pool default size = 2
+
+[client.compute]
+keyring = /etc/ceph/ceph.client.compute.keyring

roles/nova-compute/files/uuid

@@ -0,0 +1 @@
+b5044271-1918-4070-822c-f19ed14d7494

roles/nova-compute/tasks/main.yml

@@ -7,7 +7,7 @@
   tags: vars
 
 - set_fact:
-    docker_image: registry.webhosting.rug.nl/hpc/openstack-nova-compute:latest
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-nova-compute-merlin:latest
   tags: vars
 
 - name: pull docker image
@@ -16,6 +16,27 @@
     force: True
   tags: pull
 
+- name: Make build and persistent directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0777
+  with_items:
+    - /srv/nova-compute
+    - /srv/nova-compute/etc/ceph
+
+- name: copy ceph-client configurationfile
+  copy:
+    src: files/ceph.conf
+    dest: /srv/nova-compute/etc/ceph/ceph.conf
+    mode: 0644
+
+- name: copy ceph-client-keyring
+  copy:
+    src: files/ceph.client.compute.keyring
+    dest: /srv/nova-compute/etc/ceph/ceph.client.compute.keyring
+    mode: 0644
+
 - name: install service file.
   template:
     src: templates/nova-compute.service
@@ -25,16 +46,22 @@
     group: root
   tags: systemd
 
+#- name: set ceph client keyring
+#  copy:
+#    content: "{{ceph_compute_client_keyring}}"
+#    dest: /srv/nova-compute/etc/ceph
+#  when: use_ceph
+
 - command: systemctl daemon-reload
   tags: systemd
 
 - apt:
     name: "{{ item }}"
   with_items:
-      - kvm
-      - libvirt0
-      - libvirt-bin
-      - qemu
+    - kvm
+    - libvirt0
+    - libvirt-bin
+    - qemu
 
 - name: make sure service is started
   systemd:
@@ -47,3 +74,8 @@
 - name: let nova controler discover new host
   shell: "sleep 10 && docker exec -i nova-controller.service nova-manage cell_v2 discover_hosts"
   delegate_to: "{{ hostvars[groups['nova-controller'][0]]['ansible_hostname'] }}"
+  register: result
+  until: result is succeeded
+  retries: 7
+  delay: 3
+  ignore_errors: yes

roles/nova-compute/templates/nova-compute.service

@@ -10,7 +10,7 @@ ExecStartPre=-/usr/bin/docker kill %n
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
     -e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['listen_ip'] | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}" \
-    -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \
+    -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \
     -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}" \
     -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['listen_ip'] | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}" \
     -e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}" \
@@ -26,20 +26,29 @@ ExecStart=/usr/bin/docker run --name %n \
     -e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}" \
     -e "NOVA_PLACEMENT_USER=placement" \
     -e "NOVA_USER=nova" \
+    -e "OVERLAY_IP={{ overlay_ip }}" \
     -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}" \
     -e "PHYSICAL_INTERFACE_MAPPINGS={{ physical_interface_mappings }}" \
     -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['listen_ip'] | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}" \
     -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}" \
     -e "RABBIT_USER=openstack" \
-    -e "AVAILABILITY_ZONE={{ ansible_nodename }}" \
+    -e "USE_CEPH={{ use_ceph }}" \
+    -e "MON_INITIAL_MEMBERS={{ ceph_mon_initial_members }}" \
+    -e "MON_HOST={{ ceph_mon_host }}" \
+    -e "PUBLIC_NETWORK={{ ceph_public_network }}" \
+    -e "OSD_POOL_DEFAULT_SIZE={{ ceph_osd_pool_default_size }}" \
+    -e "RBD_SECRET_UUID={{ secrets['NOVA_RBD_SECRET_UUID'] }}" \
     --add-host=keystone:{{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
     --add-host=mariadb:{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} \
     --privileged \
     -v /dev:/dev \
     -v /var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock \
     -v /var/lib/nova/instances:/var/lib/nova/instances \
+    -v /var/run/netns:/var/run/netns \
     -v /lib/modules:/lib/modules \
     -v /etc/machine-id:/etc/machine-id \
+    -v /etc/ceph:/etc/ceph \
+    -v /etc/hosts:/etc/hosts \
     --network host \
     {{ docker_image }} /etc/run.sh
 

roles/nova-controller/tasks/main.yml

@@ -15,10 +15,10 @@
     - /srv/nova-controller/root
 
 - set_fact:
-    docker_image: registry.webhosting.rug.nl/hpc/openstack-nova-service:latest
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-nova-service-merlin:latest
     env_vars: >
         -e "GLANCE_CONTROLLER_HOST={{ listen_ip | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}"
-        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
         -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}"
         -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}"

secrets.yml

@@ -1,32 +1,42 @@
 $ANSIBLE_VAULT;1.1;AES256
-32313865346461323861313234623330633830663561353636396161643566353733393931303232
-3134353364393034626564333866383065633162383561390a656463303464616434303435303037
-63313232373630616136626464373464646535353030396136656361343162666165366566383737
-6133326539393432390a386162393639636137326532393939633665326637373461663766656565
-36636661653939373134313165383261353832373362613533366431626330313831643836363932
-38623937663335646134323130636539333335636265313564323032623065393031343235633832
-33336138653336633932383133366566656464356331306265663662356166613135663234326434
-64343765366439303766613062363830346238376435366138323662366463353634623937376663
-39313263613764623533323562333932656564346462333961663538353366313065343263383431
-39643734353632336134663965343062373933656461393264323938303261316563313962343837
-66623562333031646633643734383439386130653033343962633930613031313433633033383561
-65366230663263346661343339636537336332323266623230646534323563373934356332663136
-30626231623534616562323033333437353239306538653835623931363164383536336562336136
-30666265366536313436646535383632626137613831633132666666653830383566323532306332
-34353534336331653330663137323936303337306134333036633932363664643864333534316438
-31623062303137376637353061643838383831663561663436663130663064323665316261316531
-32616533333165636130623334373130316339326538343330646366383933353137623631323530
-39653437343432383161323661643931346664663265326664336461373033646563666333353661
-61633865373764346131623131346266373331626336663735303439376230333537386562303939
-65363139346564653464663633326639323930333464376136353064393039373535613231623138
-61373434323065646238356436373730333939613965666237616265653033333230353466316266
-30383939376335656632626232663061623332636337646234653565363561353334643462376666
-30326438303333336265306463313137656334313235643434616238333564373761333235633639
-66346161316130633463623435646639366136386335386139613230653064663230366265633036
-33613132633035393337653436613031383765616638323663363866393165613030306637393134
-38333734373939626364343533306662393463646264666161346434363832623239643864303431
-39383931333139633338663761646335613935636239636439383333313531633364653439323036
-35373639363164386666366335313934336231333261623763633133393562656237313761356631
-39663234653339313466326534333435306662316461333035623339353435383137383735373733
-32373535303338646266346539386364356233616631316661633037346665353762353138376538
-386535333439313233663464353534376535
+65633261656530663035316431306465633266376462653564613237663833333630663333643764
+6434623237626630356632313933323637316535636235330a323266636338326361343938343931
+63356362343538393030663864663363373633303231643233616563616537376239663337306464
+3164666366623639630a646633636134316561376137646632336139323265636366343938613062
+32663934633366623664636364396130333463366535333336303962633663666432623365356537
+65616339633433623761626537666131646365373334316237663839613264393564353230666134
+63386439323966343065666138636436643433363931373766363632653661363031303138646632
+61646437316265376539333661356239386533663533643864376263653237313533616263666563
+65306465313362396235393366363532353932383633623832393161323265373065326432656338
+34613761373230396332393239323733383937363339373438326434393030646231376531663963
+32623664303935623334326532383334343466613133623532363062396363626262396135626663
+35636636623833623165386137383664633561646630613930333061333466343831376332366266
+65353030383461623665653362613863646331633036616637643838666231653438636332376132
+30356433623662616430353265386632306564326633616538306632386465343636633538623263
+30366139366638613564333532333733383364323063376638613063346665663965356439636636
+32613035653134663733633731356530303338353030333532323762653864616230643931363032
+35653962373030663164383666316636616639666431656638653064303433613431636263333636
+65666138626563653538626164646265373766643131646162343366353835643031663866666137
+39363232616632323035643432626639323233333930646230613732386163383133383964623133
+33623663663130323737646133353139353833653138636338636336656562313639626162646531
+32353331333163373366616666356539306238653865616435633734393966333765313134616338
+34623337623739333439656638303363323534333165303861363334646137373037653665323961
+61623632373330323835653232353961663931326535356162656164616132623437636330653161
+65623861396665386331653734373334663532393731656430333933326264323133396463653239
+33383662303031356564666531613731663166613061383039393431643530656665306339326436
+65303063363163643362643163366365346230643936643231616530373763333536363838656130
+39326235373835326635306366653864316534663061323062376666666466363434363661623636
+31626332643839346138326336353665363838346535373335656466336665613265633461663134
+31323838336465366236353932646330333562363063616437633365353433303962346231663939
+31343133343336343431643564393839373139623365386330623665383264646163396438626539
+38343464343736363936636139653965303731353330653963383465633037633237383064396162
+33363864336235346663616230636633353361613138333236393866316165666162656565383739
+38653233346135373661613739393735343535623230653739316433376165663932366233643431
+39383261623065353932386632646134383136393664306465326637366639666433386162393237
+63663063656461653233643665306366653965393737376532356132623333383337333266316339
+33323934623734353639643330383066313632623166306337323932323933393536366361616564
+33303830333430663233336662353631663633303136346366376163353235303363326165306131
+62393166633232343065663062646435363563313961396132303737343263363363613137636236
+31316464613164353233366364306136663735343361333335353564666131396332643461303966
+65316339616166343232613632363030386432656339623363356661323163353563326238633863
+6431

set_ceph_secrets.yml

@@ -0,0 +1,17 @@
+---
+
+- hosts: nova-compute
+  become: true
+  tasks:
+    - copy:
+        src: ceph.xml
+        dest: /root/ceph.xml
+        mode: 0644
+    - name: include secrets
+      include_vars:
+        file: secrets.yml
+        name: secrets
+    - command: virsh secret-define --file /root/ceph.xml
+    - command: >
+          virsh secret-set-value --secret d0db6ba7-a0c9-4da6-b0bc-aa7846325333
+          --base64 {{ secrets['ceph_client_volumes_key'] }}

settings.yml

@@ -10,3 +10,5 @@
 - subnet_range: 172.23.128.0/24
 
 - rsa_pub: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStPUPXkcu81onUm/le54JCu174yXJJDsthDr96Mv8irBVBWuy5FxnaASuDpmC4QE4s0UAIg1iq/SWrr8qdBQ4OVuYFiW0S7ZJvcoKr/40Wh+T5MeltGQfmkDp6kBsfaMSo6M4tF1c8i+XgOgxb4fxHYb8mFhseztRLx6McxJJJLB0nu+T12WQ01nl0XtwD+3EsZWfxRH0KA59VHZSe3Anc5z+Fm7WU+1Vzy6/pkiIhVReI1L6VVhZsIdSu3fQK6fHQcujtfuw6RKEpisZQqnxMUviWQ98yeQXHk6Nx840WCh3vvKveEAoC4Y/UEZa1TMe6PczfUaLjaidUkpulJsP egon@egon-pc
+
+- use_ceph: True

site.yml

@@ -1,15 +1,15 @@
 ---
-- import_playbook: common.yml
-- import_playbook: rabbitmq.yml
-- import_playbook: memcached.yml
-- import_playbook: mariadb.yml
-- import_playbook: keystone.yml
-- import_playbook: glance-controller.yml
-- import_playbook: nova-controller.yml
-- import_playbook: neutron-controller.yml
-- import_playbook: cinder-controller.yml
-- import_playbook: cinder-storage.yml
-- import_playbook: nova-compute.yml
-- import_playbook: horizon.yml
-- import_playbook: heat.yml
-- import_playbook: post-install.yml
+- include: common.yml
+- include: rabbitmq.yml
+- include: memcached.yml
+- include: mariadb.yml
+- include: keystone.yml
+- include: glance-controller.yml
+- include: nova-controller.yml
+- include: neutron-controller.yml
+- include: cinder-controller.yml
+- include: cinder-storage.yml
+- include: nova-compute.yml
+- include: horizon.yml
+- include: heat.yml
+- include: post-install.yml

ubuntucloudrepo.yml

@@ -0,0 +1,18 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  become: true
+  tasks:
+
+      - name: install openstack repo key host.
+        command: apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
+        tags: openstackclient
+
+      - name: install openstack repo on host.
+        apt_repository:
+            repo: "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main"
+            filename: ocata
+        tags: openstackclient
+
+      - apt:
+          update_cache: yes