Compare commits
15 Commits
f06a943916
...
feature/ci
Author | SHA1 | Date | |
---|---|---|---|
95ef38a3ba | |||
a3ee754ddb | |||
1cefcaac0d | |||
29c0634bc1 | |||
0c28f889b3 | |||
5571858b23 | |||
b148b04a0b | |||
233a9debc7 | |||
1010930171 | |||
2c6a09d079 | |||
7f58d25b58 | |||
803451d490 | |||
d964c29c06 | |||
e59d2c1c98 | |||
7a6c9ac360 |
38
README.md
38
README.md
@ -1,8 +1,42 @@
|
|||||||
# hpc-cloud
|
# hpc-cloud
|
||||||
|
|
||||||
This repository will contain playbooks to bring up openstack components inside docker containers.
|
This repository contains playbooks to bring up openstack components inside docker containers.
|
||||||
|
It makes use of ansible roles for the openstack components and the supporting infrastructure.
|
||||||
|
The following roles are installed.
|
||||||
|
|
||||||
|
### Openstack components.
|
||||||
|
|
||||||
|
* keystone
|
||||||
|
* glance-controller
|
||||||
|
* horizon
|
||||||
|
* neutron-controller
|
||||||
|
* nova-controller
|
||||||
|
* nova-compute
|
||||||
|
* cinder-controller
|
||||||
|
* cinder-storage
|
||||||
|
|
||||||
|
### Auxilary components:
|
||||||
|
|
||||||
|
* database (mariadb)
|
||||||
|
* rabbitmq (cluster of three nodes)
|
||||||
|
* memcached
|
||||||
|
|
||||||
|
## Getting started:
|
||||||
|
|
||||||
|
### Prerequisites:
|
||||||
|
* A cluster of servers to install the components on.
|
||||||
|
* The machines running nova-compute and neutron-controller need a separate interface for neutron to use.
|
||||||
|
* ubuntu 16.04 with python installed (usually already present).
|
||||||
|
* Access to the webhost12.service.rug.nl docker repository.
|
||||||
|
|
||||||
|
### Settings:
|
||||||
|
Passwords need be added to `secrets.yml.topol` and it needs to be saved as `secrets.yml`.
|
||||||
|
This can be done by running `./generate_secrets.py`.
|
||||||
|
Optionally, one can encrypt the secrtets by running `ansible-vault encrypt secrets.yml`.
|
||||||
|
|
||||||
|
|
||||||
|
### Secrets:
|
||||||
|
|
||||||
It makes use of ansible roles.
|
|
||||||
The roles can be set in the inventory file (hosts)
|
The roles can be set in the inventory file (hosts)
|
||||||
|
|
||||||
To bring up one role, for instance keystone, use:
|
To bring up one role, for instance keystone, use:
|
||||||
|
9
cinder-controller.yml
Normal file
9
cinder-controller.yml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
name: Dummy to gather facts
|
||||||
|
tasks: []
|
||||||
|
|
||||||
|
- hosts: cinder-controller
|
||||||
|
become: True
|
||||||
|
roles:
|
||||||
|
- cinder-controller
|
9
cinder-storage.yml
Normal file
9
cinder-storage.yml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
name: Dummy to gather facts
|
||||||
|
tasks: []
|
||||||
|
|
||||||
|
- hosts: cinder-storage
|
||||||
|
become: True
|
||||||
|
roles:
|
||||||
|
- cinder-storage
|
33
generate_secrets.py
Executable file
33
generate_secrets.py
Executable file
@ -0,0 +1,33 @@
|
|||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
"""
|
||||||
|
Open the secrets.yml and replace all passwords.
|
||||||
|
Original is backed up.
|
||||||
|
"""
|
||||||
|
|
||||||
|
import random
|
||||||
|
import string
|
||||||
|
from subprocess import call
|
||||||
|
from yaml import load, dump
|
||||||
|
|
||||||
|
try:
|
||||||
|
from yaml import CLoader as Loader, CDumper as Dumper
|
||||||
|
except ImportError:
|
||||||
|
from yaml import Loader, Dumper
|
||||||
|
|
||||||
|
# length of generated passwords.
|
||||||
|
pass_length = 20
|
||||||
|
|
||||||
|
with open('secrets.yml.topol', 'r') as f:
|
||||||
|
data = load(f, Loader=Loader)
|
||||||
|
|
||||||
|
for key, value in data.iteritems():
|
||||||
|
data[key] = ''.join(
|
||||||
|
random.choice(string.ascii_letters + string.digits)
|
||||||
|
for _ in range(pass_length))
|
||||||
|
|
||||||
|
# Make numbered backups of the secrets file.
|
||||||
|
call(['cp', '--backup=numbered', 'secrets.yml', 'secrets.yml.bak'])
|
||||||
|
|
||||||
|
with open('secrets.yml', 'w') as f:
|
||||||
|
dump(data, f, Dumper=Dumper, default_flow_style=False)
|
10
hosts
10
hosts
@ -34,10 +34,16 @@ openstack01-node03
|
|||||||
#run_options="-e CASSANDRA_SEEDS=172.23.41.1"
|
#run_options="-e CASSANDRA_SEEDS=172.23.41.1"
|
||||||
|
|
||||||
[neutron-controller]
|
[neutron-controller]
|
||||||
openstack01-node01
|
openstack01-node01 provider_interface_name=ens192
|
||||||
|
|
||||||
[nova-controller]
|
[nova-controller]
|
||||||
openstack01-node03
|
openstack01-node03
|
||||||
|
|
||||||
|
[cinder-controller]
|
||||||
|
openstack01-node03
|
||||||
|
|
||||||
|
[cinder-storage]
|
||||||
|
openstack01-node01 storage_volume=/dev/loop0
|
||||||
|
|
||||||
[nova-compute]
|
[nova-compute]
|
||||||
openstack01-node04
|
openstack01-node04 provider_interface_name=dummy0
|
||||||
|
26
post-install.yml
Normal file
26
post-install.yml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
name: Dummy to gather facts
|
||||||
|
tasks: []
|
||||||
|
|
||||||
|
- hosts: keystone
|
||||||
|
become: True
|
||||||
|
vars_files:
|
||||||
|
- settings.yml
|
||||||
|
tasks:
|
||||||
|
- name: copy public key
|
||||||
|
copy:
|
||||||
|
content: "{{ rsa_pub }}"
|
||||||
|
dest: /srv/keystone/root/id_rsa.pub
|
||||||
|
- name: post install configuration
|
||||||
|
command: docker exec -i keystone.service bash -c "source /root/admin-openrc.sh && {{ item }}"
|
||||||
|
with_items:
|
||||||
|
- openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
|
||||||
|
- >
|
||||||
|
openstack subnet create --network provider
|
||||||
|
--allocation-pool start={{ allocation_pool['start'] }},end={{ allocation_pool['end'] }}
|
||||||
|
--dns-nameserver {{ dns_nameserver }} --gateway {{ gateway }} --subnet-range {{ subnet_range }} provider
|
||||||
|
- openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
|
||||||
|
- openstack keypair create --public-key /root/id_rsa.pub adminkey
|
||||||
|
|
||||||
|
|
59
roles/cinder-controller/tasks/main.yml
Normal file
59
roles/cinder-controller/tasks/main.yml
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
# Build and install a docker image for cinder.
|
||||||
|
---
|
||||||
|
- name: include secrets
|
||||||
|
include_vars:
|
||||||
|
file: ../../secrets.yml
|
||||||
|
name: secrets
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
docker_image: webhost12.service.rug.nl/hpc/openstack-cinder-controller:latest
|
||||||
|
env_vars: >
|
||||||
|
-e "MY_IP={{ ansible_default_ipv4.address }}"
|
||||||
|
-e "CINDER_HOST={{ hostvars[groups['cinder-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
|
||||||
|
-e "CINDER_USER=cinder"
|
||||||
|
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
||||||
|
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
||||||
|
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
|
||||||
|
-e "RABBIT_USER=openstack"
|
||||||
|
|
||||||
|
- name: pull docker image
|
||||||
|
docker_image:
|
||||||
|
name: "{{ docker_image }}"
|
||||||
|
tags: pull
|
||||||
|
|
||||||
|
- name: Make build and persistent directories
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0777
|
||||||
|
with_items:
|
||||||
|
- /srv/cinder-controller
|
||||||
|
- /srv/cinder-controller/root
|
||||||
|
|
||||||
|
- name: install service file.
|
||||||
|
template:
|
||||||
|
src: templates/cinder-controller.service
|
||||||
|
dest: /etc/systemd/system/cinder-controller.service
|
||||||
|
mode: 644
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
- command: systemctl daemon-reload
|
||||||
|
|
||||||
|
- name: Initialize database.
|
||||||
|
command: >
|
||||||
|
/usr/bin/docker run --rm
|
||||||
|
{{ env_vars }}
|
||||||
|
-v /srv/cinder-controller/root:/root \
|
||||||
|
{{ docker_image }} /etc/bootstrap.sh
|
||||||
|
tags: bootstrap
|
||||||
|
|
||||||
|
- name: make sure service is started
|
||||||
|
systemd:
|
||||||
|
name: cinder-controller.service
|
||||||
|
state: restarted
|
18
roles/cinder-controller/templates/cinder-controller.service
Normal file
18
roles/cinder-controller/templates/cinder-controller.service
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Openstack Glance Container
|
||||||
|
After=docker.service
|
||||||
|
Requires=docker.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
TimeoutStartSec=0
|
||||||
|
Restart=always
|
||||||
|
ExecStartPre=-/usr/bin/docker kill %n
|
||||||
|
ExecStartPre=-/usr/bin/docker rm %n
|
||||||
|
ExecStart=/usr/bin/docker run --name %n \
|
||||||
|
{{ env_vars | replace('\n', '') }} \
|
||||||
|
-v /srv/cinder-controller/root:/root \
|
||||||
|
-p 8776:8776 \
|
||||||
|
{{ docker_image }}
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
61
roles/cinder-storage/tasks/main.yml
Normal file
61
roles/cinder-storage/tasks/main.yml
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
# Build and install a docker image for cinder.
|
||||||
|
---
|
||||||
|
- name: include secrets
|
||||||
|
include_vars:
|
||||||
|
file: ../../secrets.yml
|
||||||
|
name: secrets
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
docker_image: webhost12.service.rug.nl/hpc/openstack-cinder-storage:latest
|
||||||
|
env_vars: >
|
||||||
|
-e "MY_IP={{ ansible_default_ipv4.address }}"
|
||||||
|
-e "CINDER_HOST={{ hostvars[groups['cinder-storage'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
|
||||||
|
-e "CINDER_USER=cinder"
|
||||||
|
-e "GLANCE_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
||||||
|
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
||||||
|
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
|
||||||
|
-e "RABBIT_USER=openstack"
|
||||||
|
|
||||||
|
- name: pull docker image
|
||||||
|
docker_image:
|
||||||
|
name: "{{ docker_image }}"
|
||||||
|
tags: pull
|
||||||
|
|
||||||
|
- name: Make build and persistent directories
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0777
|
||||||
|
with_items:
|
||||||
|
- /srv/cinder-storage
|
||||||
|
- /srv/cinder-storage/root
|
||||||
|
|
||||||
|
- name: initial setup
|
||||||
|
command: >
|
||||||
|
/usr/bin/docker run --rm
|
||||||
|
--privileged
|
||||||
|
{{ env_vars }}
|
||||||
|
-v /srv/cinder-storage/root:/root \
|
||||||
|
-v "{{ storage_volume }}":/dev/cinder_storage_volume \
|
||||||
|
{{ docker_image }} /etc/bootstrap.sh
|
||||||
|
tags: bootstrap
|
||||||
|
|
||||||
|
- name: install service file.
|
||||||
|
template:
|
||||||
|
src: templates/cinder-storage.service
|
||||||
|
dest: /etc/systemd/system/cinder-storage.service
|
||||||
|
mode: 644
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
- command: systemctl daemon-reload
|
||||||
|
|
||||||
|
- name: make sure service is started
|
||||||
|
systemd:
|
||||||
|
name: cinder-storage.service
|
||||||
|
state: restarted
|
20
roles/cinder-storage/templates/cinder-storage.service
Normal file
20
roles/cinder-storage/templates/cinder-storage.service
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Openstack Glance Container
|
||||||
|
After=docker.service
|
||||||
|
Requires=docker.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
TimeoutStartSec=0
|
||||||
|
Restart=always
|
||||||
|
ExecStartPre=-/usr/bin/docker kill %n
|
||||||
|
ExecStartPre=-/usr/bin/docker rm %n
|
||||||
|
ExecStart=/usr/bin/docker run --name %n \
|
||||||
|
--privileged \
|
||||||
|
{{ env_vars | replace('\n', '') }} \
|
||||||
|
-v /srv/cinder-storage/root:/root \
|
||||||
|
-v "{{ storage_volume }}":/dev/cinder_storage_volume \
|
||||||
|
-p 8776:8776 \
|
||||||
|
{{ docker_image }}
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -1,18 +1,24 @@
|
|||||||
# Build and install a docker image for glance.
|
# Build and install a docker image for glance.
|
||||||
---
|
---
|
||||||
|
- name: include secrets
|
||||||
|
include_vars:
|
||||||
|
file: ../../secrets.yml
|
||||||
|
name: secrets
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
docker_image: webhost12.service.rug.nl/hpc/openstack-glance:latest
|
docker_image: webhost12.service.rug.nl/hpc/openstack-glance:latest
|
||||||
env_vars: >
|
env_vars: >
|
||||||
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
|
-e "GLANCE_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "GLANCE_PASSWORD={{ secrets['GLANCE_PASSWORD'] }}"
|
||||||
|
-e "GLANCE_USER=glance"
|
||||||
|
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
|
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
|
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
-e "MYSQL_ROOT_PASSWORD=geheim"
|
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
||||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
||||||
-e "GLANCE_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
-e "GLANCE_USER=glance"
|
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
|
||||||
-e "GLANCE_PASSWORD=geheim"
|
|
||||||
-e "RABBIT_USER=openstack"
|
-e "RABBIT_USER=openstack"
|
||||||
-e "RABBIT_PASSWORD=geheim"
|
|
||||||
|
|
||||||
- name: pull docker image
|
- name: pull docker image
|
||||||
docker_image:
|
docker_image:
|
||||||
@ -26,6 +32,7 @@
|
|||||||
mode: 0777
|
mode: 0777
|
||||||
with_items:
|
with_items:
|
||||||
- /srv/glance
|
- /srv/glance
|
||||||
|
- /srv/glance/root
|
||||||
|
|
||||||
- name: install service file.
|
- name: install service file.
|
||||||
template:
|
template:
|
||||||
@ -42,6 +49,7 @@
|
|||||||
/usr/bin/docker run --rm
|
/usr/bin/docker run --rm
|
||||||
{{ env_vars }}
|
{{ env_vars }}
|
||||||
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
|
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
|
||||||
|
-v /srv/glance/root:/root \
|
||||||
{{ docker_image }} /etc/bootstrap.sh
|
{{ docker_image }} /etc/bootstrap.sh
|
||||||
tags: bootstrap
|
tags: bootstrap
|
||||||
|
|
||||||
|
@ -6,9 +6,11 @@ Requires=docker.service
|
|||||||
[Service]
|
[Service]
|
||||||
TimeoutStartSec=0
|
TimeoutStartSec=0
|
||||||
Restart=always
|
Restart=always
|
||||||
ExecStartPre=-/usr/bin/docker rm -f %n
|
ExecStartPre=-/usr/bin/docker kill %n
|
||||||
|
ExecStartPre=-/usr/bin/docker rm %n
|
||||||
ExecStart=/usr/bin/docker run --name %n \
|
ExecStart=/usr/bin/docker run --name %n \
|
||||||
{{ env_vars | replace('\n', '') }} \
|
{{ env_vars | replace('\n', '') }} \
|
||||||
|
-v /srv/glance/root:/root \
|
||||||
-p 9292:9292 \
|
-p 9292:9292 \
|
||||||
{{ docker_image }}
|
{{ docker_image }}
|
||||||
|
|
||||||
|
@ -6,6 +6,7 @@
|
|||||||
- name: pull docker image
|
- name: pull docker image
|
||||||
docker_image:
|
docker_image:
|
||||||
name: "{{ docker_image }}"
|
name: "{{ docker_image }}"
|
||||||
|
force: True
|
||||||
tags: pull
|
tags: pull
|
||||||
|
|
||||||
- name: install service file.
|
- name: install service file.
|
||||||
|
@ -6,7 +6,8 @@ Requires=docker.service
|
|||||||
[Service]
|
[Service]
|
||||||
TimeoutStartSec=0
|
TimeoutStartSec=0
|
||||||
Restart=always
|
Restart=always
|
||||||
ExecStartPre=-/usr/bin/docker rm -f %n
|
ExecStartPre=-/usr/bin/docker kill %n
|
||||||
|
ExecStartPre=-/usr/bin/docker rm %n
|
||||||
ExecStart=/usr/bin/docker run --name %n \
|
ExecStart=/usr/bin/docker run --name %n \
|
||||||
-e "MEMCACHED_SERVER={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \
|
-e "MEMCACHED_SERVER={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
|
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||||
|
@ -1,31 +0,0 @@
|
|||||||
# Build keystone. It needs to be run with
|
|
||||||
# --add-host=mariadb:<ip mariadb listens tp>
|
|
||||||
# Wen starting with an initialized db,
|
|
||||||
# run keystone-manage db_sync from this docker first:
|
|
||||||
# $ docker run hpc/keystone --add-host=mariadb:<ip mariadb> "keystone-manage db_sync"
|
|
||||||
|
|
||||||
FROM ubuntu:16.04
|
|
||||||
|
|
||||||
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
|
|
||||||
|
|
||||||
RUN set -x \
|
|
||||||
&& echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
|
|
||||||
&& apt-get -y update \
|
|
||||||
&& apt-get -y install \
|
|
||||||
&& apt-get -y install keystone python-openstackclient \
|
|
||||||
&& apt-get -y clean
|
|
||||||
|
|
||||||
# set admin token TODO: make this a secret
|
|
||||||
# in volume of met env
|
|
||||||
COPY keystone.conf /etc/keystone/keystone.conf
|
|
||||||
|
|
||||||
RUN mkdir /etc/keystone/fernet-keys
|
|
||||||
|
|
||||||
RUN chown keystone: /etc/keystone/fernet-keys
|
|
||||||
|
|
||||||
COPY admin-openrc.sh root/admin-openrc.sh
|
|
||||||
|
|
||||||
COPY bootstrap.sh /etc/bootstrap.sh
|
|
||||||
|
|
||||||
#RUN keystone-manage db_sync
|
|
||||||
CMD apachectl -DFOREGROUND
|
|
@ -1,16 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
source /root/admin-openrc.sh
|
|
||||||
|
|
||||||
openstack project create --domain default \
|
|
||||||
--description "Service Project" service
|
|
||||||
|
|
||||||
openstack project create --domain default \
|
|
||||||
--description "Demo Project" demo
|
|
||||||
|
|
||||||
openstack user create --domain default \
|
|
||||||
--password geheim demo
|
|
||||||
|
|
||||||
openstack role create user
|
|
||||||
|
|
||||||
openstack role add --project demo --user demo user
|
|
@ -1,12 +0,0 @@
|
|||||||
[DEFAULT]
|
|
||||||
|
|
||||||
verbose = true
|
|
||||||
|
|
||||||
[database]
|
|
||||||
connection = mysql+pymysql://keystone:keystone@mariadb/keystone
|
|
||||||
|
|
||||||
[token]
|
|
||||||
provider = fernet
|
|
||||||
|
|
||||||
[identity]
|
|
||||||
default_domain_id = default
|
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# Start a mariadb container to use its mysql client to initialize the keystone database.
|
# Start a mariadb container to use its mysql client to initialize the keystone database.
|
||||||
docker run --rm -i mariadb:10.2 mysql -uroot -pgeheim --host "$1" << EOF
|
docker run --rm -i mariadb:10.2 mysql -uroot -p"$MYSQL_ROOT_PASSWORD" --host "$DB_HOST" << EOF
|
||||||
CREATE DATABASE IF NOT EXISTS keystone;
|
CREATE DATABASE IF NOT EXISTS keystone;
|
||||||
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
|
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
|
||||||
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
|
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
|
||||||
|
@ -1,10 +1,20 @@
|
|||||||
# Build and install a docker image for keystone.
|
# Build and install a docker image for keystone.
|
||||||
---
|
---
|
||||||
|
- name: include secrets
|
||||||
|
include_vars:
|
||||||
|
file: ../../secrets.yml
|
||||||
|
name: secrets
|
||||||
|
|
||||||
- name: Make persistent directories
|
- name: Make persistent directories
|
||||||
file:
|
file:
|
||||||
path: /srv/keystone/fernet-keys
|
path: "{{ item }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0777
|
mode: 0777
|
||||||
|
with_items:
|
||||||
|
- /srv
|
||||||
|
- /srv/keystone
|
||||||
|
- /srv/keystone/fernet-keys
|
||||||
|
- /srv/keystone/root
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
docker_image: webhost12.service.rug.nl/hpc/openstack-keystone:latest
|
docker_image: webhost12.service.rug.nl/hpc/openstack-keystone:latest
|
||||||
@ -12,6 +22,7 @@
|
|||||||
- name: pull docker image
|
- name: pull docker image
|
||||||
docker_image:
|
docker_image:
|
||||||
name: "{{ docker_image }}"
|
name: "{{ docker_image }}"
|
||||||
|
force: True
|
||||||
tags: pull
|
tags: pull
|
||||||
|
|
||||||
- name: install service file.
|
- name: install service file.
|
||||||
@ -26,7 +37,10 @@
|
|||||||
command: systemctl daemon-reload
|
command: systemctl daemon-reload
|
||||||
|
|
||||||
- name: Initialize db
|
- name: Initialize db
|
||||||
script: scripts/initialize_db.sh {{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
|
script: scripts/initialize_db.sh
|
||||||
|
environment:
|
||||||
|
MYSQL_ROOT_PASSWORD: "{{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
||||||
|
DB_HOST: "{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
register: result
|
register: result
|
||||||
until: result|succeeded
|
until: result|succeeded
|
||||||
# sometimes the initial connect fails.
|
# sometimes the initial connect fails.
|
||||||
@ -47,7 +61,7 @@
|
|||||||
- fernet_setup --keystone-user keystone --keystone-group keystone
|
- fernet_setup --keystone-user keystone --keystone-group keystone
|
||||||
- credential_setup --keystone-user keystone --keystone-group keystone
|
- credential_setup --keystone-user keystone --keystone-group keystone
|
||||||
- >
|
- >
|
||||||
bootstrap --bootstrap-password geheim
|
bootstrap --bootstrap-password {{ secrets['OS_PASSWORD'] }}
|
||||||
--bootstrap-admin-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
|
--bootstrap-admin-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
|
||||||
--bootstrap-internal-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
|
--bootstrap-internal-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
|
||||||
--bootstrap-public-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:5000/v3/
|
--bootstrap-public-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:5000/v3/
|
||||||
@ -63,5 +77,8 @@
|
|||||||
/usr/bin/docker run --rm
|
/usr/bin/docker run --rm
|
||||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
|
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
|
||||||
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
|
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
|
||||||
|
-v /srv/keystone/root:/root
|
||||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3"
|
||||||
|
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
||||||
{{ docker_image }} bash /etc/bootstrap.sh
|
{{ docker_image }} bash /etc/bootstrap.sh
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
export OS_TENANT_NAME=admin
|
export OS_TENANT_NAME=admin
|
||||||
export OS_USERNAME=admin
|
export OS_USERNAME=admin
|
||||||
export OS_PASSWORD=geheim
|
export OS_PASSWORD={{ hostvars[groups['keystone'][0]]['OS_PASSWORD'] }}
|
||||||
export OS_AUTH_URL=http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3
|
export OS_AUTH_URL=http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3
|
||||||
export OS_IDENTITY_API_VERSION=3
|
export OS_IDENTITY_API_VERSION=3
|
||||||
|
@ -6,12 +6,14 @@ Requires=docker.service
|
|||||||
[Service]
|
[Service]
|
||||||
TimeoutStartSec=0
|
TimeoutStartSec=0
|
||||||
Restart=always
|
Restart=always
|
||||||
ExecStartPre=-/usr/bin/docker rm -f %n
|
ExecStartPre=-/usr/bin/docker kill %n
|
||||||
|
ExecStartPre=-/usr/bin/docker rm %n
|
||||||
ExecStart=/usr/bin/docker run --name %n \
|
ExecStart=/usr/bin/docker run --name %n \
|
||||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
|
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
|
||||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
|
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||||
-p 5000:5000 -p 35357:35357 \
|
-p 5000:5000 -p 35357:35357 \
|
||||||
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys \
|
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys \
|
||||||
|
-v /srv/keystone/root:/root \
|
||||||
{{ docker_image }}
|
{{ docker_image }}
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
@ -1,8 +1,13 @@
|
|||||||
# Install a docker based mariadb.
|
# Install a docker based mariadb.
|
||||||
---
|
---
|
||||||
|
- name: include secrets
|
||||||
|
include_vars:
|
||||||
|
file: ../../secrets.yml
|
||||||
|
name: secrets
|
||||||
|
|
||||||
- name: install service file.
|
- name: install service file.
|
||||||
template:
|
template:
|
||||||
src: files/mysql.service
|
src: templates/mysql.service
|
||||||
dest: /etc/systemd/system/mysql.service
|
dest: /etc/systemd/system/mysql.service
|
||||||
mode: 644
|
mode: 644
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -6,13 +6,13 @@ Requires=docker.service
|
|||||||
[Service]
|
[Service]
|
||||||
TimeoutStartSec=0
|
TimeoutStartSec=0
|
||||||
Restart=always
|
Restart=always
|
||||||
ExecStartPre=-/usr/bin/docker stop %n
|
ExecStartPre=-/usr/bin/docker kill %n || /bin/true
|
||||||
ExecStartPre=-/usr/bin/docker rm %n
|
ExecStartPre=-/usr/bin/docker rm %n
|
||||||
ExecStartPre=/usr/bin/docker pull mariadb:10.2
|
ExecStartPre=/usr/bin/docker pull mariadb:10.2
|
||||||
ExecStart=/usr/bin/docker run -p 3306:3306 --name %n \
|
ExecStart=/usr/bin/docker run -p 3306:3306 --name %n \
|
||||||
-v /srv/mariadb/lib/mysql:/var/lib/mysql \
|
-v /srv/mariadb/lib/mysql:/var/lib/mysql \
|
||||||
-v /srv/mariadb/etc/mysql:/etc/mysql \
|
-v /srv/mariadb/etc/mysql:/etc/mysql \
|
||||||
-e MYSQL_ROOT_PASSWORD=geheim mariadb:10.2
|
-e MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }} mariadb:10.2
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
@ -1,28 +1,37 @@
|
|||||||
# Build and install a docker image for neutron-controller.
|
# Build and install a docker image for neutron-controller.
|
||||||
---
|
---
|
||||||
|
- name: include secrets
|
||||||
|
include_vars:
|
||||||
|
file: ../../secrets.yml
|
||||||
|
name: secrets
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
docker_image: "webhost12.service.rug.nl/hpc/openstack-neutron-controller:latest"
|
docker_image: "webhost12.service.rug.nl/hpc/openstack-neutron-controller:latest"
|
||||||
|
|
||||||
- name: pull docker image
|
- name: pull docker image
|
||||||
docker_image:
|
docker_image:
|
||||||
name: "{{ docker_image }}"
|
name: "{{ docker_image }}"
|
||||||
|
force: True
|
||||||
tags: pull
|
tags: pull
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
env_vars: >
|
env_vars: >
|
||||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
-e "METADATA_SECRET=geheim"
|
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}"
|
||||||
-e "MY_IP={{ hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
-e "MY_IP={{ hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
|
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
-e "MYSQL_ROOT_PASSWORD=geheim"
|
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
||||||
-e "NEUTRON_PASSWORD=geheim"
|
-e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}"
|
||||||
-e "NEUTRON_USER=neutron"
|
-e "NEUTRON_USER=neutron"
|
||||||
-e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
|
||||||
-e "NOVA_PASSWORD=geheim"
|
|
||||||
-e "NOVA_USER=nova"
|
-e "NOVA_USER=nova"
|
||||||
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
|
-e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}"
|
||||||
|
-e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}"
|
||||||
|
-e "NOVA_PLACEMENT_USER=placement"
|
||||||
|
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
||||||
-e "PROVIDER_INTERFACE_NAME={{ provider_interface_name }}"
|
-e "PROVIDER_INTERFACE_NAME={{ provider_interface_name }}"
|
||||||
-e "RABBIT_PASSWORD=geheim"
|
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
|
||||||
-e "RABBIT_USER=openstack"
|
-e "RABBIT_USER=openstack"
|
||||||
tags: env
|
tags: env
|
||||||
|
|
||||||
|
@ -6,12 +6,14 @@ Requires=docker.service
|
|||||||
[Service]
|
[Service]
|
||||||
TimeoutStartSec=0
|
TimeoutStartSec=0
|
||||||
Restart=always
|
Restart=always
|
||||||
ExecStartPre=-/usr/bin/docker rm -f %n
|
ExecStartPre=-/usr/bin/docker kill %n
|
||||||
|
ExecStartPre=-/usr/bin/docker rm %n
|
||||||
ExecStart=/usr/bin/docker run --name %n \
|
ExecStart=/usr/bin/docker run --name %n \
|
||||||
{{ env_vars | replace('\n', '') }} \
|
{{ env_vars | replace('\n', '') }} \
|
||||||
--add-host=nova-controller:{{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }} \
|
--add-host=nova-controller:{{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }} \
|
||||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
|
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
|
||||||
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
|
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
|
||||||
|
--add-host={{ ansible_nodename }}:{{ ansible_default_ipv4.address }} \
|
||||||
--privileged \
|
--privileged \
|
||||||
--network host \
|
--network host \
|
||||||
-v /lib/modules:/lib/modules \
|
-v /lib/modules:/lib/modules \
|
||||||
|
@ -1,5 +1,10 @@
|
|||||||
# Build and install a docker image for nova-controller.
|
# Build and install a docker image for nova-controller.
|
||||||
---
|
---
|
||||||
|
- name: include secrets
|
||||||
|
include_vars:
|
||||||
|
file: ../../secrets.yml
|
||||||
|
name: secrets
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
docker_image: webhost12.service.rug.nl/hpc/openstack-nova-compute:latest
|
docker_image: webhost12.service.rug.nl/hpc/openstack-nova-compute:latest
|
||||||
tags: facts
|
tags: facts
|
||||||
@ -7,6 +12,7 @@
|
|||||||
- name: pull docker image
|
- name: pull docker image
|
||||||
docker_image:
|
docker_image:
|
||||||
name: "{{ docker_image }}"
|
name: "{{ docker_image }}"
|
||||||
|
force: True
|
||||||
tags: pull
|
tags: pull
|
||||||
|
|
||||||
- name: install service file.
|
- name: install service file.
|
||||||
@ -31,3 +37,7 @@
|
|||||||
systemd:
|
systemd:
|
||||||
name: nova-compute.service
|
name: nova-compute.service
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
|
- name: let nova controler discover new host
|
||||||
|
command: docker exec -i nova-controller.service nova-manage cell_v2 discover_hosts
|
||||||
|
delegate_to: "{{ hostvars[groups['nova-controller'][0]]['ansible_hostname'] }}"
|
||||||
|
@ -6,33 +6,37 @@ Requires=docker.service
|
|||||||
[Service]
|
[Service]
|
||||||
TimeoutStartSec=0
|
TimeoutStartSec=0
|
||||||
Restart=always
|
Restart=always
|
||||||
ExecStartPre=-/usr/bin/docker rm -f %n
|
ExecStartPre=-/usr/bin/docker kill %n
|
||||||
|
ExecStartPre=-/usr/bin/docker rm %n
|
||||||
ExecStart=/usr/bin/docker run --name %n \
|
ExecStart=/usr/bin/docker run --name %n \
|
||||||
-e "MY_IP={{ hostvars[groups['nova-compute'][0]]['ansible_default_ipv4']['address'] }}" \
|
-e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||||
-e "NOVA_USER=nova" \
|
|
||||||
-e "NOVA_COMPUTE_USER=nova_compute" \
|
|
||||||
-e "NOVA_PASSWORD=geheim" \
|
|
||||||
-e "NOVA_PLACEMENT_USER=placement" \
|
|
||||||
-e "NOVA_PLACEMENT_PASSWORD=geheim" \
|
|
||||||
-e "RABBIT_USER=openstack" \
|
|
||||||
-e "RABBIT_PASSWORD=geheim" \
|
|
||||||
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" \
|
|
||||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
|
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||||
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \
|
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||||
|
-e "MY_IP={{ hostvars[groups['nova-compute'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||||
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" \
|
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||||
-e "MYSQL_ROOT_PASSWORD=geheim" \
|
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}" \
|
||||||
-e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address'] }}" \
|
-e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||||
-e "NEUTRON_PASSWORD=geheim" \
|
-e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}" \
|
||||||
-e "NEUTRON_USER=neutron" \
|
-e "NEUTRON_USER=neutron" \
|
||||||
|
-e "NOVA_COMPUTE_USER=nova_compute" \
|
||||||
-e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}" \
|
-e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||||
|
-e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}" \
|
||||||
|
-e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}" \
|
||||||
|
-e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}" \
|
||||||
|
-e "NOVA_PLACEMENT_USER=placement" \
|
||||||
|
-e "NOVA_USER=nova" \
|
||||||
|
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}" \
|
||||||
-e "PROVIDER_INTERFACE_NAME={{ provider_interface_name }}" \
|
-e "PROVIDER_INTERFACE_NAME={{ provider_interface_name }}" \
|
||||||
-e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}" \
|
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||||
|
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}" \
|
||||||
|
-e "RABBIT_USER=openstack" \
|
||||||
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
|
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
|
||||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
|
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
|
||||||
--privileged \
|
--privileged \
|
||||||
-v /var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock \
|
-v /var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock \
|
||||||
-v /var/lib/nova/instances:/var/lib/nova/instances \
|
-v /var/lib/nova/instances:/var/lib/nova/instances \
|
||||||
-v /lib/modules:/lib/modules \
|
-v /lib/modules:/lib/modules \
|
||||||
|
-v /etc/machine-id:/etc/machine-id \
|
||||||
--network host \
|
--network host \
|
||||||
{{ docker_image }} /etc/run.sh
|
{{ docker_image }} /etc/run.sh
|
||||||
|
|
||||||
|
@ -1,30 +1,45 @@
|
|||||||
# Build and install a docker image for nova-controller.
|
# Build and install a docker image for nova-controller.
|
||||||
---
|
---
|
||||||
|
- name: include secrets
|
||||||
|
include_vars:
|
||||||
|
file: ../../secrets.yml
|
||||||
|
name: secrets
|
||||||
|
|
||||||
|
- name: Make persistent directories
|
||||||
|
file:
|
||||||
|
path: "{ item }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0777
|
||||||
|
with_items:
|
||||||
|
- /srv/nova-controller
|
||||||
|
- /srv/nova-controller/root
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
docker_image: webhost12.service.rug.nl/hpc/openstack-nova-service:latest
|
docker_image: webhost12.service.rug.nl/hpc/openstack-nova-service:latest
|
||||||
env_vars: >
|
env_vars: >
|
||||||
-e "MY_IP={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
|
||||||
-e "NOVA_USER=nova"
|
|
||||||
-e "NOVA_PASSWORD=geheim"
|
|
||||||
-e "NOVA_PLACEMENT_USER=placement"
|
|
||||||
-e "NOVA_PLACEMENT_PASSWORD=geheim"
|
|
||||||
-e "RABBIT_USER=openstack"
|
|
||||||
-e "RABBIT_PASSWORD=geheim"
|
|
||||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
|
||||||
-e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
|
||||||
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
|
|
||||||
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
|
|
||||||
-e "MYSQL_ROOT_PASSWORD=geheim"
|
|
||||||
-e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
|
||||||
-e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
-e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
-e "NEUTRON_PASSWORD=geheim"
|
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "MY_IP={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
||||||
|
-e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}"
|
||||||
-e "NEUTRON_USER=neutron"
|
-e "NEUTRON_USER=neutron"
|
||||||
-e "METADATA_SECRET=geheim"
|
-e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
||||||
|
-e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}"
|
||||||
|
-e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}"
|
||||||
|
-e "NOVA_PLACEMENT_USER=placement"
|
||||||
|
-e "NOVA_USER=nova"
|
||||||
|
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
||||||
|
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
|
||||||
|
-e "RABBIT_USER=openstack"
|
||||||
tags: facts
|
tags: facts
|
||||||
|
|
||||||
- name: pull docker image
|
- name: pull docker image
|
||||||
docker_image:
|
docker_image:
|
||||||
name: "{{ docker_image }}"
|
name: "{{ docker_image }}"
|
||||||
|
force: True
|
||||||
tags: pull
|
tags: pull
|
||||||
|
|
||||||
- name: install service file.
|
- name: install service file.
|
||||||
@ -43,6 +58,7 @@
|
|||||||
{{ env_vars }}
|
{{ env_vars }}
|
||||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
|
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
|
||||||
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}
|
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}
|
||||||
|
-v /srv/nova-controller/root:/root
|
||||||
{{ docker_image }}
|
{{ docker_image }}
|
||||||
/etc/bootstrap.sh
|
/etc/bootstrap.sh
|
||||||
tags: bootstrap
|
tags: bootstrap
|
||||||
|
@ -6,14 +6,17 @@ Requires=docker.service
|
|||||||
[Service]
|
[Service]
|
||||||
TimeoutStartSec=0
|
TimeoutStartSec=0
|
||||||
Restart=always
|
Restart=always
|
||||||
ExecStartPre=-/usr/bin/docker rm -f %n
|
ExecStartPre=-/usr/bin/docker kill %n
|
||||||
|
ExecStartPre=-/usr/bin/docker rm %n
|
||||||
ExecStart=/usr/bin/docker run --name %n \
|
ExecStart=/usr/bin/docker run --name %n \
|
||||||
{{ env_vars | replace('\n', '') }} \
|
{{ env_vars | replace('\n', '') }} \
|
||||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
|
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
|
||||||
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
|
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
|
||||||
--privileged \
|
--privileged \
|
||||||
|
-v /srv/nova-controller/root:/root \
|
||||||
-p 8774:8774 \
|
-p 8774:8774 \
|
||||||
-p 8778:8778 \
|
-p 8778:8778 \
|
||||||
|
-p 6080:6080 \
|
||||||
{{ docker_image }} /etc/run.sh
|
{{ docker_image }} /etc/run.sh
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
@ -6,7 +6,7 @@ Requires=docker.service
|
|||||||
[Service]
|
[Service]
|
||||||
TimeoutStartSec=0
|
TimeoutStartSec=0
|
||||||
Restart=always
|
Restart=always
|
||||||
ExecStartPre=-/usr/bin/docker stop %n
|
ExecStartPre=-/usr/bin/docker kill %n
|
||||||
ExecStartPre=-/usr/bin/docker rm %n
|
ExecStartPre=-/usr/bin/docker rm %n
|
||||||
ExecStartPre=/usr/bin/docker pull rabbitmq:latest
|
ExecStartPre=/usr/bin/docker pull rabbitmq:latest
|
||||||
ExecStart=/usr/bin/docker run \
|
ExecStart=/usr/bin/docker run \
|
||||||
@ -14,8 +14,8 @@ ExecStart=/usr/bin/docker run \
|
|||||||
--add-host "{{ hostvars[groups['rabbitmq'][1]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][1]]['ansible_default_ipv4']['address'] }}" \
|
--add-host "{{ hostvars[groups['rabbitmq'][1]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][1]]['ansible_default_ipv4']['address'] }}" \
|
||||||
--add-host "{{ hostvars[groups['rabbitmq'][2]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][2]]['ansible_default_ipv4']['address'] }}" \
|
--add-host "{{ hostvars[groups['rabbitmq'][2]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][2]]['ansible_default_ipv4']['address'] }}" \
|
||||||
-p 4369:4369 -p 25679:25679 -p 25672:25672 -p 5671-5672:5671-5672 -p 8080:15672 \
|
-p 4369:4369 -p 25679:25679 -p 25672:25672 -p 5671-5672:5671-5672 -p 8080:15672 \
|
||||||
-e "RABBITMQ_DEFAULT_USER=user" -e "RABBITMQ_DEFAULT_PASS=password" \
|
-e "RABBITMQ_DEFAULT_USER=user" -e "RABBITMQ_DEFAULT_PASS={{ secrets['RABBIT_PASSWORD'] }}" \
|
||||||
-e "RABBITMQ_ERLANG_COOKIE=IHyW9HpfbXRL+pZkhGd8pA==" \
|
-e "RABBITMQ_ERLANG_COOKIE={{ secrets['RABBITMQ_ERLANG_COOKIE'] }}" \
|
||||||
-e "RABBITMQ_NODENAME=rabbit_{{ ansible_nodename }}" \
|
-e "RABBITMQ_NODENAME=rabbit_{{ ansible_nodename }}" \
|
||||||
--hostname "{{ ansible_nodename }}" --name %n rabbitmq:3-management
|
--hostname "{{ ansible_nodename }}" --name %n rabbitmq:3-management
|
||||||
|
|
||||||
|
@ -1,5 +1,13 @@
|
|||||||
# Install a docker based rabbitMQ.
|
# Install a docker based rabbitMQ.
|
||||||
---
|
---
|
||||||
|
- name: include secrets
|
||||||
|
include_vars:
|
||||||
|
file: ../../secrets.yml
|
||||||
|
name: secrets
|
||||||
|
|
||||||
|
- include_vars:
|
||||||
|
dir: 'vars'
|
||||||
|
|
||||||
- name: install service file.
|
- name: install service file.
|
||||||
template:
|
template:
|
||||||
src: files/rabbitmq.service
|
src: files/rabbitmq.service
|
||||||
@ -18,7 +26,7 @@
|
|||||||
|
|
||||||
- name: wait for container to be started
|
- name: wait for container to be started
|
||||||
wait_for:
|
wait_for:
|
||||||
port: 15671
|
port: 5672
|
||||||
|
|
||||||
- name: setup the cluster
|
- name: setup the cluster
|
||||||
command: "docker exec -i rabbitmq.service {{ item }}"
|
command: "docker exec -i rabbitmq.service {{ item }}"
|
||||||
@ -31,7 +39,7 @@
|
|||||||
- name: create openstack user
|
- name: create openstack user
|
||||||
command: "docker exec -i rabbitmq.service {{ item }}"
|
command: "docker exec -i rabbitmq.service {{ item }}"
|
||||||
with_items:
|
with_items:
|
||||||
- rabbitmqctl add_user openstack geheim
|
- rabbitmqctl add_user openstack "{{ secrets['RABBIT_PASSWORD'] }}"
|
||||||
- rabbitmqctl set_permissions openstack ".*" ".*" ".*"
|
- rabbitmqctl set_permissions openstack ".*" ".*" ".*"
|
||||||
when: ansible_nodename == hostname_node0
|
when: ansible_nodename == hostname_node0
|
||||||
register: command_result
|
register: command_result
|
||||||
|
30
secrets.yml
Normal file
30
secrets.yml
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
62633134346438356462333363626164393762356139653666323461333037393536373631653565
|
||||||
|
6631306631333538353534663738313062636232633339610a303161323131373739393735666463
|
||||||
|
65353135626430353737373239623361306137326334333761626235353463393465383830666666
|
||||||
|
6138616530346563310a306263316331346263356139383435316239346230313266636363313564
|
||||||
|
36633130393062373936363765636361343939313639326237633337353665666338633338343837
|
||||||
|
34613534333063303537323738396436333964613362636664366264313334663365336132623464
|
||||||
|
64656131373261376466356638636338643135393139386534626132323262393064626666323462
|
||||||
|
64323664373262356632393465653932303939313338656665336639613966626234636666373163
|
||||||
|
35633231666338643863623737396435626364333365656536613130666435323837323136663339
|
||||||
|
61363936336434656530313538643463663737613831646265313731363734356635356438353062
|
||||||
|
34323063346265393737343834343065616139656234666230323131366138396265393737666236
|
||||||
|
39353766643239323339623534393962666432656331323462656439306365613539366230643133
|
||||||
|
36316138303361313134336431343137343433383430616137376563383233303432383664333930
|
||||||
|
61613531313638303531643232343066376565663032326533313461363839383664366338356439
|
||||||
|
37363233666663653736376538386536653262653633323065363830623032363063393635653762
|
||||||
|
32636365656362323362303962306538336234626533323830656230386432666461343063663832
|
||||||
|
62373133343933353563653762333836333862376232353339313662363865616439623635393839
|
||||||
|
37346433346264633036343761613230396434366132653261643137386466326235613030306235
|
||||||
|
34333065623232303939623233373762393939653639333734336336303762326662386530356563
|
||||||
|
65303165623564303635356337353662363433626466653939323438633938386166386262623435
|
||||||
|
64376431396631623034386434393431616631363663393835343035313639663538643565616330
|
||||||
|
65353365303131326335646164333231306564383936396139643935646331393235326666336230
|
||||||
|
38326165663865343966356335326438303133663239656235313935626332323332376665343132
|
||||||
|
62336139643262333938303537313533623535333736643163373137343035393034613939663061
|
||||||
|
36323063643734343865333138356434643266663436653435353132386330636238343637653434
|
||||||
|
65616361333263336332643262623034343439383737366663373166643433653466313237613930
|
||||||
|
32373162646461323266353662326134343839613264313339306430366165633838663831666565
|
||||||
|
65333337623962313561306333616232393334353934316565666331336561633934623339353138
|
||||||
|
62656339386530333036383831613762353234643461656436623033613930353531
|
11
secrets.yml.topol
Normal file
11
secrets.yml.topol
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
GLANCE_PASSWORD:
|
||||||
|
METADATA_SECRET:
|
||||||
|
MYSQL_ROOT_PASSWORD:
|
||||||
|
NEUTRON_PASSWORD:
|
||||||
|
NOVA_PASSWORD:
|
||||||
|
NOVA_PLACEMENT_PASSWORD:
|
||||||
|
OS_PASSWORD: # Keystone admin password
|
||||||
|
OS_DEMO_PASSWORD: # Keystone demo user password
|
||||||
|
RABBIT_PASSWORD:
|
||||||
|
RABBITMQ_ERLANG_COOKIE:
|
12
settings.yml
Normal file
12
settings.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
- allocation_pool:
|
||||||
|
start: 172.23.128.50
|
||||||
|
end: 172.23.128.249
|
||||||
|
|
||||||
|
- dns_nameserver: 129.125.4.6
|
||||||
|
|
||||||
|
- gateway: 172.23.128.250
|
||||||
|
|
||||||
|
- subnet_range: 172.23.128.0/24
|
||||||
|
|
||||||
|
- rsa_pub: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStPUPXkcu81onUm/le54JCu174yXJJDsthDr96Mv8irBVBWuy5FxnaASuDpmC4QE4s0UAIg1iq/SWrr8qdBQ4OVuYFiW0S7ZJvcoKr/40Wh+T5MeltGQfmkDp6kBsfaMSo6M4tF1c8i+XgOgxb4fxHYb8mFhseztRLx6McxJJJLB0nu+T12WQ01nl0XtwD+3EsZWfxRH0KA59VHZSe3Anc5z+Fm7WU+1Vzy6/pkiIhVReI1L6VVhZsIdSu3fQK6fHQcujtfuw6RKEpisZQqnxMUviWQ98yeQXHk6Nx840WCh3vvKveEAoC4Y/UEZa1TMe6PczfUaLjaidUkpulJsP egon@egon-pc
|
1
site.yml
1
site.yml
@ -9,3 +9,4 @@
|
|||||||
- include: neutron-controller.yml
|
- include: neutron-controller.yml
|
||||||
- include: nova-compute.yml
|
- include: nova-compute.yml
|
||||||
- include: horizon.yml
|
- include: horizon.yml
|
||||||
|
- include: post-install.yml
|
||||||
|
28
test_hosts
Normal file
28
test_hosts
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
[databases]
|
||||||
|
ansible-test-2
|
||||||
|
|
||||||
|
[keystone]
|
||||||
|
ansible-test-3
|
||||||
|
|
||||||
|
[glance-controller]
|
||||||
|
ansible-test-2
|
||||||
|
|
||||||
|
[horizon]
|
||||||
|
ansible-test-3
|
||||||
|
|
||||||
|
[rabbitmq]
|
||||||
|
ansible-test
|
||||||
|
ansible-test-2
|
||||||
|
ansible-test-3
|
||||||
|
|
||||||
|
[memcached]
|
||||||
|
ansible-test-3
|
||||||
|
|
||||||
|
[neutron-controller]
|
||||||
|
ansible-test provider_interface_name=ens10
|
||||||
|
|
||||||
|
[nova-controller]
|
||||||
|
ansible-test
|
||||||
|
|
||||||
|
[nova-compute]
|
||||||
|
ansible-test-2 provider_interface_name=ens10
|
Reference in New Issue
Block a user