Compare commits
111 Commits
f06a943916
...
merlin
| Author | SHA1 | Date | |
|---|---|---|---|
| 471d22ba03 | |||
| 4911ae69a1 | |||
| 584da4f141 | |||
| 82b408e3ee | |||
| 9d6db2c26b | |||
| 8aff8d97e1 | |||
| 5cbab0e12a | |||
| 1d56769405 | |||
| efd914de40 | |||
| 75c3a5da4e | |||
| 87514a5705 | |||
| 89910a1dba | |||
| 5758bbb7f7 | |||
| 5ab3e6565e | |||
| 11f660a51f | |||
| aba7e1fd43 | |||
| 1b84feb5ed | |||
| de998c6794 | |||
| fa66218193 | |||
| ca112f6977 | |||
| 0796ce6311 | |||
| 5b3e950e70 | |||
| aca5d696ad | |||
| 4885b488fd | |||
| a66adc2524 | |||
| c6b640febd | |||
| 4614ef373c | |||
| 26670534a6 | |||
| f5c3261b68 | |||
| ac271c2e4e | |||
| 7d1c3b7de7 | |||
| ca1dae370e | |||
| 2bcbd452e6 | |||
| 1f1679fef1 | |||
| 624326aaef | |||
| 4933956416 | |||
| 38936554bd | |||
| 3083a84b19 | |||
| c49db46a4d | |||
| b4d9eed775 | |||
| 50d5c672d0 | |||
| e9c62529ad | |||
| 3369b5d9d9 | |||
| 0b92467965 | |||
| 8942c31edc | |||
| 4e2477bb94 | |||
| b692f83b61 | |||
| a6b1f53f90 | |||
| 239daeceee | |||
| d013500aae | |||
| d447413dee | |||
| 75f384c579 | |||
| c0555cdcfa | |||
| 7cc4e17189 | |||
| 06db21ef4c | |||
| 3f8e213bbc | |||
| 2c6f89a6c3 | |||
| 594edf728f | |||
| 056f2bb9fd | |||
| 9af8291517 | |||
| 2effda6f58 | |||
| afa6dddb6b | |||
| e188ea4915 | |||
| 693b20e3bf | |||
| 6a5b46ace7 | |||
| 4d43334cb3 | |||
| 0c705f4c7a | |||
| 5a375bc850 | |||
| c89cf9065f | |||
| 62be5bd6b5 | |||
| 28431dca51 | |||
| 016405ffd7 | |||
| 240a1f22f3 | |||
| a150b58aaa | |||
| cc18e247c4 | |||
| 7114509697 | |||
| 6a6ebd0c60 | |||
| 7a41ca4187 | |||
| 469bcd769c | |||
| 598cbeec9d | |||
| 20ce7bcfc3 | |||
| 1bbf1e4270 | |||
| 84b901c8b3 | |||
| e3f3d5d3b7 | |||
| 68ac7a0a6d | |||
| 8da96590ac | |||
| fea7aaaff6 | |||
| fb2bdfe543 | |||
| 3347fa7c25 | |||
| f776756205 | |||
| 59233d8019 | |||
| 35551f69c1 | |||
| 85dcae1baf | |||
| 99eba86794 | |||
| 646e02ca9c | |||
| 30567679a2 | |||
| 95ef38a3ba | |||
| a3ee754ddb | |||
| 1cefcaac0d | |||
| 29c0634bc1 | |||
| 0c28f889b3 | |||
| 5571858b23 | |||
| b148b04a0b | |||
| 233a9debc7 | |||
| 1010930171 | |||
| 2c6a09d079 | |||
| 7f58d25b58 | |||
| 803451d490 | |||
| d964c29c06 | |||
| e59d2c1c98 | |||
| 7a6c9ac360 |
38
README.md
38
README.md
@ -1,8 +1,42 @@
|
||||
# hpc-cloud
|
||||
|
||||
This repository will contain playbooks to bring up openstack components inside docker containers.
|
||||
This repository contains playbooks to bring up openstack components inside docker containers.
|
||||
It makes use of ansible roles for the openstack components and the supporting infrastructure.
|
||||
The following roles are installed.
|
||||
|
||||
### Openstack components.
|
||||
|
||||
* keystone
|
||||
* glance-controller
|
||||
* horizon
|
||||
* neutron-controller
|
||||
* nova-controller
|
||||
* nova-compute
|
||||
* cinder-controller
|
||||
* cinder-storage
|
||||
|
||||
### Auxilary components:
|
||||
|
||||
* database (mariadb)
|
||||
* rabbitmq (cluster of three nodes)
|
||||
* memcached
|
||||
|
||||
## Getting started:
|
||||
|
||||
### Prerequisites:
|
||||
* A cluster of servers to install the components on.
|
||||
* The machines running nova-compute and neutron-controller need a separate interface for neutron to use.
|
||||
* ubuntu 16.04 with python installed (usually already present).
|
||||
* Access to the webhost12.service.rug.nl docker repository.
|
||||
|
||||
### Settings:
|
||||
Passwords need be added to `secrets.yml.topol` and it needs to be saved as `secrets.yml`.
|
||||
This can be done by running `./generate_secrets.py`.
|
||||
Optionally, one can encrypt the secrtets by running `ansible-vault encrypt secrets.yml`.
|
||||
|
||||
|
||||
### Secrets:
|
||||
|
||||
It makes use of ansible roles.
|
||||
The roles can be set in the inventory file (hosts)
|
||||
|
||||
To bring up one role, for instance keystone, use:
|
||||
|
||||
@ -1,2 +1,6 @@
|
||||
[defaults]
|
||||
hostfile = hosts
|
||||
inventory = merlin
|
||||
stdout_callback = debug
|
||||
vault_password_file = .vault_pass.txt
|
||||
forks = 20
|
||||
host_key_checking = false
|
||||
|
||||
6
ceph.xml
Normal file
6
ceph.xml
Normal file
@ -0,0 +1,6 @@
|
||||
<secret ephemeral="no" private="no">
|
||||
<uuid>d0db6ba7-a0c9-4da6-b0bc-aa7846325333</uuid>
|
||||
<usage type="ceph">
|
||||
<name>client.volumes secret</name>
|
||||
</usage>
|
||||
</secret>
|
||||
11
cinder-controller.yml
Normal file
11
cinder-controller.yml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
- hosts: all
|
||||
name: Dummy to gather facts
|
||||
tasks: []
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- hosts: cinder-controller
|
||||
become: True
|
||||
roles:
|
||||
- cinder-controller
|
||||
9
cinder-storage.yml
Normal file
9
cinder-storage.yml
Normal file
@ -0,0 +1,9 @@
|
||||
---
|
||||
- hosts: all
|
||||
name: Dummy to gather facts
|
||||
tasks: []
|
||||
|
||||
- hosts: cinder-storage
|
||||
become: True
|
||||
roles:
|
||||
- cinder-storage
|
||||
@ -1,5 +1,12 @@
|
||||
---
|
||||
- hosts: all
|
||||
become: True
|
||||
vars_prompt:
|
||||
- name: "docker_user"
|
||||
private: no
|
||||
prompt: "What is your p number?"
|
||||
- name: "docker_pass"
|
||||
prompt: "What is your password?"
|
||||
private: yes
|
||||
roles:
|
||||
- common
|
||||
|
||||
5
create-non-administrative-user
Normal file
5
create-non-administrative-user
Normal file
@ -0,0 +1,5 @@
|
||||
openstack project create --domain default --description "GCC testproject" gcc
|
||||
openstack user create --domain default --password-prompt gcc-user
|
||||
openstack role add --project gcc --user gcc-user user
|
||||
openstack user create --domain default --password-prompt gcc-admin
|
||||
openstack role add --project gcc --user gcc-admin admin
|
||||
35
gcc-post-install.yml
Normal file
35
gcc-post-install.yml
Normal file
@ -0,0 +1,35 @@
|
||||
---
|
||||
- hosts: all
|
||||
name: Dummy to gather facts
|
||||
tasks: []
|
||||
|
||||
- hosts: keystone
|
||||
become: True
|
||||
vars_files:
|
||||
- settings.yml
|
||||
tasks:
|
||||
- name: copy public key
|
||||
copy:
|
||||
content: "{{ rsa_pub }}"
|
||||
dest: /srv/keystone/root/id_rsa.pub
|
||||
- name: post install configuration
|
||||
command: docker exec -i keystone.service bash -c "source /root/admin-openrc.sh && {{ item }}"
|
||||
with_items:
|
||||
- openstack network create --share --external --provider-physical-network provider --provider-network-type vlan --provider-segment 985 vlan985
|
||||
- >
|
||||
openstack subnet create --subnet-range 172.23.34.0/24 --gateway 172.23.34.1
|
||||
--network vlan985 --allocation-pool start=172.23.34.50,end=172.23.34.60
|
||||
--dns-nameserver 8.8.4.4 vlan985_subnet
|
||||
- openstack network create --share --external --provider-physical-network provider --provider-network-type vlan --provider-segment 16 vlan16
|
||||
- >
|
||||
openstack subnet create --subnet-range 195.169.22.0/23 --gateway 195.169.23.251
|
||||
--network vlan16 --allocation-pool start=195.169.22.237,end=195.169.22.237
|
||||
--dns-nameserver 8.8.4.4 vlan16_subnet
|
||||
|
||||
- openstack flavor create --ram 4096 --disk 40 --vcpus 2 "Molgenis Dual"
|
||||
- openstack flavor create --ram 16384 --disk 40 --vcpus 4 "Molgenis Quad 16GB"
|
||||
- openstack flavor create --ram 8192 --disk 40 --vcpus 4 "Molgenis Quad 8GB"
|
||||
|
||||
- openstack keypair create --public-key /root/id_rsa.pub adminkey
|
||||
|
||||
|
||||
14
gcc-site.yml
Normal file
14
gcc-site.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
- include: common.yml
|
||||
- include: rabbitmq.yml
|
||||
- include: memcached.yml
|
||||
- include: mariadb.yml
|
||||
- include: keystone.yml
|
||||
- include: glance-controller.yml
|
||||
- include: nova-controller.yml
|
||||
- include: neutron-controller.yml
|
||||
- include: cinder-controller.yml
|
||||
- include: cinder-storage.yml
|
||||
- include: nova-compute.yml
|
||||
- include: horizon.yml
|
||||
- include: gcc-post-install.yml
|
||||
35
generate_secrets.py
Executable file
35
generate_secrets.py
Executable file
@ -0,0 +1,35 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Open the secrets.yml and replace all passwords.
|
||||
Original is backed up.
|
||||
"""
|
||||
|
||||
from os import path
|
||||
import random
|
||||
import string
|
||||
from subprocess import call
|
||||
from yaml import load, dump
|
||||
|
||||
try:
|
||||
from yaml import CLoader as Loader, CDumper as Dumper
|
||||
except ImportError:
|
||||
from yaml import Loader, Dumper
|
||||
|
||||
# length of generated passwords.
|
||||
pass_length = 20
|
||||
|
||||
with open('secrets.yml.topol', 'r') as f:
|
||||
data = load(f, Loader=Loader)
|
||||
|
||||
for key, value in data.iteritems():
|
||||
data[key] = ''.join(
|
||||
random.choice(string.ascii_letters + string.digits)
|
||||
for _ in range(pass_length))
|
||||
|
||||
# Make numbered backups of the secrets file.
|
||||
if path.isfile('secrets.yml'):
|
||||
call(['cp', '--backup=numbered', 'secrets.yml', 'secrets.yml.bak'])
|
||||
|
||||
with open('secrets.yml', 'w') as f:
|
||||
dump(data, f, Dumper=Dumper, default_flow_style=False)
|
||||
10
group_vars/all.yml
Normal file
10
group_vars/all.yml
Normal file
@ -0,0 +1,10 @@
|
||||
---
|
||||
keystone_external_fqdn: merlin.hpc.rug.nl
|
||||
use_ceph: true
|
||||
ceph_mon_initial_members:
|
||||
ceph_mon_host:
|
||||
ceph_public_network:
|
||||
ceph_osd_pool_default_size:
|
||||
ceph_compute_client_keyring:
|
||||
ceph_cinder_client_keyring:
|
||||
ceph_images_client_keyring:
|
||||
2
group_vars/horizon.yml
Normal file
2
group_vars/horizon.yml
Normal file
@ -0,0 +1,2 @@
|
||||
---
|
||||
security_fail2ban_enabled: false
|
||||
9
heat.yml
Normal file
9
heat.yml
Normal file
@ -0,0 +1,9 @@
|
||||
---
|
||||
- hosts: all
|
||||
name: Dummy to gather facts
|
||||
tasks: []
|
||||
|
||||
- hosts: heat
|
||||
become: True
|
||||
roles:
|
||||
- heat
|
||||
137
heat_templates/example_cluster.yml
Normal file
137
heat_templates/example_cluster.yml
Normal file
@ -0,0 +1,137 @@
|
||||
---
|
||||
heat_template_version: 2015-04-30
|
||||
|
||||
description: Simple Example template to deploy a virtual compute cluster.
|
||||
|
||||
parameters:
|
||||
image_name:
|
||||
type: string
|
||||
label: Image Name
|
||||
description: Name of image to be used for compute instance
|
||||
public_net:
|
||||
type: string
|
||||
label: Public Net Name
|
||||
description: Public network used for router.
|
||||
ssh_key:
|
||||
type: string
|
||||
label: ssh key name.
|
||||
description: ssh public key name. (Must be uploaded to openstack first)
|
||||
compute_flavor:
|
||||
type: string
|
||||
label: Flavor for compute nodes,
|
||||
description: Flavor with which to start compute nodes.
|
||||
aux_flavor:
|
||||
type: string
|
||||
label: Flavor for auxiliary nodes.
|
||||
description: Flavor with which to start auxiliary nodes. (for now only the interface machine)
|
||||
cidr:
|
||||
type: string
|
||||
label: Cidr for internal subnet
|
||||
description: Cidr for the subnet of the internal user network.
|
||||
internal_net_name:
|
||||
type: string
|
||||
label: Name for the internal network
|
||||
description: Name for the internal network of this cluster.
|
||||
volume_size:
|
||||
type: string
|
||||
label: Size (GB)
|
||||
description: Size (GB) of the volume for each compute node
|
||||
|
||||
|
||||
resources:
|
||||
internal_net:
|
||||
type: OS::Neutron::Net
|
||||
properties:
|
||||
name: {get_param: internal_net_name}
|
||||
|
||||
internal_subnet:
|
||||
type: OS::Neutron::Subnet
|
||||
properties:
|
||||
network_id: {get_resource: internal_net}
|
||||
cidr: {get_param: cidr}
|
||||
dns_nameservers: ["129.125.4.6", "129.125.36.10"]
|
||||
ip_version: 4
|
||||
|
||||
internal_router:
|
||||
type: OS::Neutron::Router
|
||||
properties:
|
||||
external_gateway_info: {network: {get_param: public_net}}
|
||||
|
||||
internal_interface:
|
||||
type: OS::Neutron::RouterInterface
|
||||
properties:
|
||||
router_id: {get_resource: internal_router}
|
||||
subnet: {get_resource: internal_subnet}
|
||||
|
||||
public_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
network_id: {get_resource: internal_net}
|
||||
fixed_ips:
|
||||
- subnet_id: {get_resource: internal_subnet}
|
||||
security_groups:
|
||||
- default
|
||||
|
||||
floating_ip:
|
||||
type: OS::Neutron::FloatingIP
|
||||
properties:
|
||||
floating_network_id: {get_param: public_net}
|
||||
port_id: {get_resource: public_port}
|
||||
|
||||
interface: # User-interface for cluster-operation
|
||||
type: OS::Nova::Server
|
||||
properties:
|
||||
key_name: {get_param: ssh_key}
|
||||
image: {get_param: image_name}
|
||||
flavor: {get_param: aux_flavor}
|
||||
networks:
|
||||
- port: {get_resource: public_port}
|
||||
|
||||
admin: # Machine to run slurm and other admin tools on.
|
||||
type: OS::Nova::Server
|
||||
properties:
|
||||
key_name: {get_param: ssh_key}
|
||||
image: {get_param: image_name}
|
||||
flavor: {get_param: aux_flavor}
|
||||
networks:
|
||||
- network: {get_resource: internal_net}
|
||||
|
||||
vcompute01-volume:
|
||||
type: OS::Cinder::Volume
|
||||
properties:
|
||||
size: {get_param: volume_size}
|
||||
|
||||
vcompute01:
|
||||
type: OS::Nova::Server
|
||||
properties:
|
||||
key_name: adminkey
|
||||
image: {get_param: image_name}
|
||||
flavor: {get_param: compute_flavor}
|
||||
networks:
|
||||
- network: {get_resource: internal_net}
|
||||
|
||||
vcompute_01_volume_attachment:
|
||||
type: OS::Cinder::VolumeAttachment
|
||||
properties:
|
||||
volume_id: {get_resource: vcompute01-volume}
|
||||
instance_uuid: {get_resource: vcompute01}
|
||||
|
||||
vcompute02-volume:
|
||||
type: OS::Cinder::Volume
|
||||
properties:
|
||||
size: {get_param: volume_size}
|
||||
|
||||
vcompute02:
|
||||
type: OS::Nova::Server
|
||||
properties:
|
||||
key_name: adminkey
|
||||
image: {get_param: image_name}
|
||||
flavor: {get_param: compute_flavor}
|
||||
networks:
|
||||
- network: {get_resource: internal_net}
|
||||
|
||||
vcompute_02_volume_attachment:
|
||||
type: OS::Cinder::VolumeAttachment
|
||||
properties:
|
||||
volume_id: {get_resource: vcompute02-volume}
|
||||
instance_uuid: {get_resource: vcompute02}
|
||||
@ -6,4 +6,5 @@
|
||||
- hosts: horizon
|
||||
become: True
|
||||
roles:
|
||||
- geerlingguy.security
|
||||
- horizon
|
||||
|
||||
29
hosts
29
hosts
@ -1,5 +1,9 @@
|
||||
# A demo cluster of three nodes.
|
||||
|
||||
[databases]
|
||||
openstack01-node01
|
||||
openstack01-node02
|
||||
openstack01-node03
|
||||
|
||||
[keystone]
|
||||
openstack01-node03
|
||||
@ -15,29 +19,20 @@ openstack01-node01
|
||||
openstack01-node02
|
||||
openstack01-node03
|
||||
|
||||
#[cassandra]
|
||||
#openstack01-node[01:03]
|
||||
|
||||
#openstack01-node01
|
||||
#
|
||||
#[next_cassandra]
|
||||
#openstack01-node02
|
||||
#openstack01-node03
|
||||
|
||||
[memcached]
|
||||
openstack01-node03
|
||||
|
||||
#[first_cassandra:vars]
|
||||
#run_options=""
|
||||
#
|
||||
#[next_cassandra:vars]
|
||||
#run_options="-e CASSANDRA_SEEDS=172.23.41.1"
|
||||
|
||||
[neutron-controller]
|
||||
openstack01-node01
|
||||
openstack01-node01 physical_interface_mappings=provider:ens192
|
||||
|
||||
[nova-controller]
|
||||
openstack01-node03
|
||||
|
||||
[cinder-controller]
|
||||
openstack01-node03
|
||||
|
||||
[cinder-storage]
|
||||
openstack01-node01 storage_volume=/dev/loop0
|
||||
|
||||
[nova-compute]
|
||||
openstack01-node04
|
||||
openstack01-node04 physical_interface_mappings=provider:enp4s0f0
|
||||
|
||||
26
hosts-openstack03
Normal file
26
hosts-openstack03
Normal file
@ -0,0 +1,26 @@
|
||||
[databases]
|
||||
openstack03.gcc.rug.nl
|
||||
|
||||
[keystone]
|
||||
openstack03.gcc.rug.nl
|
||||
|
||||
[glance-controller]
|
||||
openstack03.gcc.rug.nl
|
||||
|
||||
[horizon]
|
||||
openstack03.gcc.rug.nl
|
||||
|
||||
[rabbitmq]
|
||||
openstack03.gcc.rug.nl
|
||||
|
||||
[memcached]
|
||||
openstack03.gcc.rug.nl
|
||||
|
||||
[neutron-controller]
|
||||
openstack03.gcc.rug.nl
|
||||
|
||||
[nova-controller]
|
||||
openstack03.gcc.rug.nl
|
||||
|
||||
[nova-compute]
|
||||
openstack03.gcc.rug.nl
|
||||
@ -4,3 +4,10 @@
|
||||
become: True
|
||||
roles:
|
||||
- mariadb
|
||||
vars:
|
||||
hostname_node0: "{{ hostvars[groups['databases'][0]]['ansible_hostname'] }}"
|
||||
hostname_node1: "{{ hostvars[groups['databases'][1]]['ansible_hostname'] }}"
|
||||
hostname_node2: "{{ hostvars[groups['databases'][2]]['ansible_hostname'] }}"
|
||||
ip_node0: "{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
ip_node1: "{{ hostvars[groups['databases'][1]]['listen_ip'] | default(hostvars[groups['databases'][1]]['ansible_default_ipv4']['address']) }}"
|
||||
ip_node2: "{{ hostvars[groups['databases'][2]]['listen_ip'] | default(hostvars[groups['databases'][2]]['ansible_default_ipv4']['address']) }}"
|
||||
|
||||
50
merlin
Normal file
50
merlin
Normal file
@ -0,0 +1,50 @@
|
||||
[nova-compute]
|
||||
merlin-node001 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.1
|
||||
merlin-node002 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.2
|
||||
merlin-node003 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.3
|
||||
merlin-node004 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.4
|
||||
merlin-node005 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.5
|
||||
|
||||
[databases]
|
||||
merlin-managementnode001
|
||||
merlin-managementnode002
|
||||
merlin-managementnode003
|
||||
|
||||
[rabbitmq]
|
||||
merlin-managementnode001
|
||||
merlin-managementnode002
|
||||
merlin-managementnode003
|
||||
|
||||
[horizon]
|
||||
merlin-managementnode001 horizon_external_fqdn=merlin.hpc.rug.nl
|
||||
|
||||
[memcached]
|
||||
merlin-managementnode001
|
||||
|
||||
[nova-controller]
|
||||
merlin-managementnode001
|
||||
|
||||
[keystone]
|
||||
merlin-managementnode001
|
||||
|
||||
[neutron-controller]
|
||||
merlin-managementnode001 physical_interface_mappings=provider:enp5s0f1 overlay_ip=172.23.43.101
|
||||
|
||||
[heat]
|
||||
merlin-managementnode001
|
||||
|
||||
[glance-controller]
|
||||
merlin-managementnode002
|
||||
|
||||
[cinder-controller]
|
||||
merlin-managementnode003
|
||||
|
||||
[cinder-storage]
|
||||
merlin-node001
|
||||
merlin-node002
|
||||
merlin-node003
|
||||
merlin-node004
|
||||
merlin-node005
|
||||
|
||||
[stor]
|
||||
merlin-stor00[1:8]
|
||||
50
merlin2
Normal file
50
merlin2
Normal file
@ -0,0 +1,50 @@
|
||||
[nova-compute]
|
||||
merlin-node008 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.8
|
||||
merlin-node009 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.9
|
||||
merlin-node010 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.10
|
||||
merlin-node011 physical_interface_mappings=provider:enp129s0f1 overlay_ip=172.23.43.11
|
||||
merlin-node012 physical_interface_mappings=provider:enp129s0f1 overlay_ip=172.23.43.12
|
||||
merlin-node013 physical_interface_mappings=provider:enp129s0f1 overlay_ip=172.23.43.13
|
||||
|
||||
[databases]
|
||||
merlin-node007
|
||||
merlin-node008
|
||||
merlin-node009
|
||||
|
||||
[rabbitmq]
|
||||
merlin-node007
|
||||
merlin-node008
|
||||
merlin-node009
|
||||
|
||||
[horizon]
|
||||
merlin-node007
|
||||
|
||||
[memcached]
|
||||
merlin-node007
|
||||
|
||||
[nova-controller]
|
||||
merlin-node007
|
||||
|
||||
[keystone]
|
||||
merlin-node007
|
||||
|
||||
[neutron-controller]
|
||||
merlin-node007 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.6
|
||||
|
||||
[heat]
|
||||
merlin-node007
|
||||
|
||||
[glance-controller]
|
||||
merlin-node008
|
||||
|
||||
[cinder-controller]
|
||||
merlin-node009
|
||||
|
||||
[cinder-storage]
|
||||
merlin-node008
|
||||
merlin-node009
|
||||
merlin-node010
|
||||
merlin-node011
|
||||
merlin-node012
|
||||
merlin-node013
|
||||
|
||||
37
merlinsdn
Normal file
37
merlinsdn
Normal file
@ -0,0 +1,37 @@
|
||||
[nova-compute]
|
||||
merlin-managementnode002 physical_interface_mappings=provider:eno3
|
||||
merlin-managementnode003 physical_interface_mappings=provider:eno3
|
||||
merlin-node001 physical_interface_mappings=provider:eno3
|
||||
merlin-node003 physical_interface_mappings=provider:eno3
|
||||
merlin-node004 physical_interface_mappings=provider:eno3
|
||||
|
||||
[databases]
|
||||
merlin-managementnode001
|
||||
merlin-managementnode002
|
||||
merlin-managementnode003
|
||||
|
||||
[rabbitmq]
|
||||
merlin-managementnode001
|
||||
merlin-managementnode002
|
||||
merlin-managementnode003
|
||||
|
||||
[horizon]
|
||||
merlin-managementnode001
|
||||
|
||||
[memcached]
|
||||
merlin-managementnode001
|
||||
|
||||
[nova-controller]
|
||||
merlin-managementnode001
|
||||
|
||||
[keystone]
|
||||
merlin-managementnode001
|
||||
|
||||
[neutron-controller]
|
||||
merlin-managementnode001 physical_interface_mappings=provider:eno3
|
||||
|
||||
[heat]
|
||||
merlin-managementnode001
|
||||
|
||||
[glance-controller]
|
||||
merlin-managementnode001
|
||||
1
meta/main.yml
Normal file
1
meta/main.yml
Normal file
@ -0,0 +1 @@
|
||||
---
|
||||
33
nuke.yml
Normal file
33
nuke.yml
Normal file
@ -0,0 +1,33 @@
|
||||
---
|
||||
# This playbook will reset the instalation to facilitate a new installation.
|
||||
# All data is lost!
|
||||
- hosts: all
|
||||
become: true
|
||||
name: Cleanup tasks on all hosts.
|
||||
tasks:
|
||||
- name: Stop docker service
|
||||
shell: "systemctl stop docker"
|
||||
- name: Verify docker is stopped.
|
||||
systemd:
|
||||
name: docker
|
||||
state: stopped
|
||||
- name: Purge docker images.
|
||||
shell: "rm -rf /var/lib/docker/"
|
||||
- name: remove volumes
|
||||
shell: "rm -rf /srv"
|
||||
- name: remove network namespaces
|
||||
shell: "rm /var/run/netns/*"
|
||||
ignore_errors: true
|
||||
- name: Remove stale vxlan interfaces
|
||||
shell: "for interface in $(ip link | grep DOWN | grep -Po 'vxlan-\\d{1,2}'); do ip link del $interface ; done"
|
||||
ignore_errors: true
|
||||
|
||||
|
||||
- hosts: nova-compute
|
||||
gather_facts: false
|
||||
become: true
|
||||
tasks:
|
||||
- name: kill all vm's
|
||||
shell: "for machine in $(virsh list --uuid ); do virsh destroy $machine ; done"
|
||||
- name: wipe all vm's
|
||||
shell: "for machine in $(virsh list --uuid --all); do virsh undefine $machine ; done"
|
||||
35
openstack03
Normal file
35
openstack03
Normal file
@ -0,0 +1,35 @@
|
||||
[databases]
|
||||
openstack03
|
||||
|
||||
[keystone]
|
||||
openstack03
|
||||
|
||||
[glance-controller]
|
||||
openstack03
|
||||
|
||||
[horizon]
|
||||
openstack03
|
||||
|
||||
[rabbitmq]
|
||||
openstack03
|
||||
|
||||
[memcached]
|
||||
openstack03
|
||||
|
||||
[neutron-controller]
|
||||
openstack03 physical_interface_mappings=provider:enp4s0f0
|
||||
|
||||
[nova-controller]
|
||||
openstack03
|
||||
|
||||
[cinder-controller]
|
||||
openstack03
|
||||
|
||||
[cinder-storage]
|
||||
openstack03 storage_volume=/dev/sdb1
|
||||
|
||||
[nova-compute]
|
||||
openstack03 physical_interface_mappings=provider:enp4s0f0
|
||||
|
||||
[all:vars]
|
||||
listen_ip=172.23.40.243
|
||||
37
os-test
Normal file
37
os-test
Normal file
@ -0,0 +1,37 @@
|
||||
# An all in one
|
||||
|
||||
[databases]
|
||||
os-test
|
||||
|
||||
[keystone]
|
||||
os-test
|
||||
|
||||
[glance-controller]
|
||||
os-test
|
||||
|
||||
[horizon]
|
||||
os-test
|
||||
|
||||
[rabbitmq]
|
||||
os-test
|
||||
|
||||
[memcached]
|
||||
os-test
|
||||
|
||||
[neutron-controller]
|
||||
os-test physical_interface_mappings=provider:enp4s0f0
|
||||
|
||||
[nova-controller]
|
||||
os-test
|
||||
|
||||
[cinder-controller]
|
||||
os-test
|
||||
|
||||
[cinder-storage]
|
||||
os-test storage_volume=/dev/sdb
|
||||
|
||||
[nova-compute]
|
||||
os-test physical_interface_mappings=provider:enp4s0f0
|
||||
|
||||
[all:vars]
|
||||
listen_ip=129.125.60.194
|
||||
37
post-install.yml
Normal file
37
post-install.yml
Normal file
@ -0,0 +1,37 @@
|
||||
---
|
||||
- hosts: all
|
||||
name: Dummy to gather facts
|
||||
tasks: []
|
||||
|
||||
- hosts: keystone
|
||||
become: True
|
||||
vars_files:
|
||||
- settings.yml
|
||||
tasks:
|
||||
- name: copy public key
|
||||
copy:
|
||||
content: "{{ rsa_pub }}"
|
||||
dest: /srv/keystone/root/id_rsa.pub
|
||||
- name: post install configuration
|
||||
command: docker exec -i keystone.service bash -c "source /root/admin-openrc.sh && {{ item }}"
|
||||
with_items:
|
||||
- openstack network create --share --external --provider-physical-network provider --provider-network-type vlan --provider-segment 983 vlan983
|
||||
- >
|
||||
openstack subnet create --subnet-range 172.23.41.0/24 --gateway 172.23.41.101
|
||||
--network vlan983 --allocation-pool start=172.23.41.75,end=172.23.41.100
|
||||
--dns-nameserver 8.8.8.8 vlan983_subnet
|
||||
- openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
|
||||
- openstack keypair create --public-key /root/id_rsa.pub adminkey
|
||||
- openstack security group rule create --protocol icmp default
|
||||
- >
|
||||
openstack security group rule create default
|
||||
--protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0
|
||||
- name: Install cirros image
|
||||
get_url:
|
||||
url: http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
|
||||
dest: /tmp/cirros-0.4.0-x86_64-disk.img
|
||||
checksum: sha256:a8dd75ecffd4cdd96072d60c2237b448e0c8b2bc94d57f10fdbc8c481d9005b8
|
||||
- shell: >
|
||||
bash -c "source /srv/keystone/root/admin-openrc.sh &&
|
||||
openstack image create --disk-format qcow2 cirros
|
||||
< /tmp/cirros-0.4.0-x86_64-disk.img"
|
||||
@ -7,9 +7,14 @@
|
||||
mode: 644
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: install service file
|
||||
command: systemctl daemon-reload
|
||||
|
||||
- name: make sure service is started
|
||||
systemd:
|
||||
name: cassandra.service
|
||||
state: started
|
||||
|
||||
- name: start service at boot.
|
||||
command: systemctl reenable cassandra.service
|
||||
|
||||
73
roles/cinder-controller/tasks/main.yml
Normal file
73
roles/cinder-controller/tasks/main.yml
Normal file
@ -0,0 +1,73 @@
|
||||
# Build and install a docker image for cinder.
|
||||
---
|
||||
- name: include secrets
|
||||
include_vars:
|
||||
file: ../../secrets.yml
|
||||
name: secrets
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- set_fact:
|
||||
docker_image: registry.webhosting.rug.nl/hpc/openstack-cinder-controller-merlin:latest
|
||||
env_vars: >
|
||||
-e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}"
|
||||
-e "CINDER_HOST={{ listen_ip | default(hostvars[groups['cinder-controller'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
|
||||
-e "CINDER_USER=cinder"
|
||||
-e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
||||
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
||||
-e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
|
||||
-e "RABBIT_USER=openstack"
|
||||
-e "RBD_SECRET_UUID={{ secrets['CINDER_RBD_SECRET_UUID']}}"
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: pull docker image
|
||||
docker_image:
|
||||
name: "{{ docker_image }}"
|
||||
tags: pull
|
||||
|
||||
- name: Make build and persistent directories
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0777
|
||||
with_items:
|
||||
- /srv/cinder-controller
|
||||
- /srv/cinder-controller/root
|
||||
|
||||
- name: install service file.
|
||||
template:
|
||||
src: templates/cinder-controller.service
|
||||
dest: /etc/systemd/system/cinder-controller.service
|
||||
mode: 644
|
||||
owner: root
|
||||
group: root
|
||||
tags:
|
||||
- systemd
|
||||
|
||||
- name: start service at boot.
|
||||
command: systemctl reenable cinder-controller.service
|
||||
tags:
|
||||
- systemd
|
||||
|
||||
- command: systemctl daemon-reload
|
||||
tags:
|
||||
- systemd
|
||||
|
||||
- name: Initialize database.
|
||||
command: >
|
||||
/usr/bin/docker run --rm
|
||||
{{ env_vars }}
|
||||
-v /srv/cinder-controller/root:/root \
|
||||
{{ docker_image }} /etc/bootstrap.sh
|
||||
tags: bootstrap
|
||||
|
||||
- name: make sure service is started
|
||||
systemd:
|
||||
name: cinder-controller.service
|
||||
state: restarted
|
||||
18
roles/cinder-controller/templates/cinder-controller.service
Normal file
18
roles/cinder-controller/templates/cinder-controller.service
Normal file
@ -0,0 +1,18 @@
|
||||
[Unit]
|
||||
Description=Openstack Glance Container
|
||||
After=docker.service
|
||||
Requires=docker.service
|
||||
|
||||
[Service]
|
||||
TimeoutStartSec=0
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker kill %n
|
||||
ExecStartPre=-/usr/bin/docker rm %n
|
||||
ExecStart=/usr/bin/docker run --name %n \
|
||||
{{ env_vars | replace('\n', '') }} \
|
||||
-v /srv/cinder-controller/root:/root \
|
||||
-p 8776:8776 \
|
||||
{{ docker_image }}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
9
roles/cinder-storage/files/ceph.client.volumes.keyring
Normal file
9
roles/cinder-storage/files/ceph.client.volumes.keyring
Normal file
@ -0,0 +1,9 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
39313161646365373665646331613930316437363735326262376531636166346138303139613138
|
||||
3361353633616136303365646165643339333130393031380a373934636436626336326436306666
|
||||
34316532333165346139633239313930326238333134633365666138326338386632373937343335
|
||||
3262383863653136300a393464646365623763663063303936646462313764633736613562633661
|
||||
62313961626165363761656363393538396461653936353932303137626435626161316239623338
|
||||
65656132353136656430613462663466616432643761303366396461653066616162366666356533
|
||||
39386261623861323861633739343237386266306264356436666430313531303238636235393665
|
||||
31396533306261393835
|
||||
14
roles/cinder-storage/files/ceph.conf
Normal file
14
roles/cinder-storage/files/ceph.conf
Normal file
@ -0,0 +1,14 @@
|
||||
[global]
|
||||
fsid = ef0b40a2-bc8c-4432-9cde-0ca7c82c8717
|
||||
mon_initial_members = merlin-managementnode002
|
||||
mon_host = 172.23.59.102
|
||||
auth_cluster_required = cephx
|
||||
auth_service_required = cephx
|
||||
auth_client_required = cephx
|
||||
|
||||
# Your network address
|
||||
public network = 172.23.59.0/24
|
||||
osd pool default size = 2
|
||||
|
||||
[client.volumes]
|
||||
keyring = /etc/ceph/ceph.client.volumes.keyring
|
||||
1
roles/cinder-storage/files/uuid
Normal file
1
roles/cinder-storage/files/uuid
Normal file
@ -0,0 +1 @@
|
||||
d0db6ba7-a0c9-4da6-b0bc-aa7846325333
|
||||
95
roles/cinder-storage/tasks/main.yml
Normal file
95
roles/cinder-storage/tasks/main.yml
Normal file
@ -0,0 +1,95 @@
|
||||
# Build and install a docker image for cinder.
|
||||
---
|
||||
- name: include secrets
|
||||
include_vars:
|
||||
file: ../../secrets.yml
|
||||
name: secrets
|
||||
tags: vars
|
||||
|
||||
#- command: uuidgen
|
||||
# register: uuid
|
||||
|
||||
- set_fact:
|
||||
docker_image: registry.webhosting.rug.nl/hpc/openstack-cinder-storage-merlin:latest
|
||||
env_vars: >
|
||||
-e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}"
|
||||
-e "CINDER_HOST={{ listen_ip | default(hostvars[groups['cinder-storage'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
|
||||
-e "CINDER_USER=cinder"
|
||||
-e "GLANCE_HOST={{ listen_ip | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
||||
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
||||
-e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
|
||||
-e "RABBIT_USER=openstack"
|
||||
-e "USE_CEPH={{ use_ceph }}"
|
||||
-e "MON_INITIAL_MEMBERS={{ ceph_mon_initial_members }}"
|
||||
-e "MON_HOST={{ ceph_mon_host }}"
|
||||
-e "PUBLIC_NETWORK={{ ceph_public_network }}"
|
||||
-e "OSD_POOL_DEFAULT_SIZE={{ ceph_osd_pool_default_size }}"
|
||||
-e "RBD_SECRET_UUID={{ secrets['CINDER_RBD_SECRET_UUID']}}"
|
||||
tags: vars
|
||||
|
||||
- name: pull docker image
|
||||
docker_image:
|
||||
name: "{{ docker_image }}"
|
||||
tags: pull
|
||||
|
||||
- name: Make build and persistent directories
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0777
|
||||
with_items:
|
||||
- /srv/cinder-storage
|
||||
- /srv/cinder-storage/root
|
||||
- /srv/cinder-storage/etc/ceph
|
||||
|
||||
- name: initial setup
|
||||
command: >
|
||||
/usr/bin/docker run --rm
|
||||
--privileged
|
||||
{{ env_vars }}
|
||||
-v /srv/cinder-storage/root:/root \
|
||||
{{ docker_image }} /etc/bootstrap.sh
|
||||
tags: bootstrap
|
||||
|
||||
- name: copy ceph-client configurationfile
|
||||
copy:
|
||||
src: files/ceph.conf
|
||||
dest: /srv/cinder-storage/etc/ceph/ceph.conf
|
||||
mode: 0644
|
||||
|
||||
- name: copy ceph-client-keyring
|
||||
copy:
|
||||
src: files/ceph.client.volumes.keyring
|
||||
dest: /srv/cinder-storage/etc/ceph/ceph.client.volumes.keyring
|
||||
mode: 0644
|
||||
|
||||
- name: install service file.
|
||||
template:
|
||||
src: templates/cinder-storage.service
|
||||
dest: /etc/systemd/system/cinder-storage.service
|
||||
mode: 644
|
||||
owner: root
|
||||
group: root
|
||||
tags: systemd
|
||||
|
||||
#- name: set ceph client keyring
|
||||
# copy:
|
||||
# content: "{{ceph_cinder_client_keyring}}"
|
||||
# dest: /srv/cinder-storage/etc/ceph
|
||||
# when: use_ceph
|
||||
|
||||
- command: systemctl daemon-reload
|
||||
tags: systemd
|
||||
|
||||
- name: start service at boot.
|
||||
command: systemctl reenable cinder-storage.service
|
||||
|
||||
- name: make sure service is started
|
||||
systemd:
|
||||
name: cinder-storage.service
|
||||
state: restarted
|
||||
22
roles/cinder-storage/templates/cinder-storage.service
Normal file
22
roles/cinder-storage/templates/cinder-storage.service
Normal file
@ -0,0 +1,22 @@
|
||||
[Unit]
|
||||
Description=Openstack Cinder Storage container
|
||||
After=docker.service
|
||||
Requires=docker.service
|
||||
|
||||
[Service]
|
||||
TimeoutStartSec=0
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker kill %n
|
||||
ExecStartPre=-/usr/bin/docker rm %n
|
||||
ExecStart=/usr/bin/docker run --name %n \
|
||||
--privileged \
|
||||
{{ env_vars | replace('\n', '') }} \
|
||||
-v /srv/cinder-storage/root:/root \
|
||||
-v /etc/ceph:/etc/ceph \
|
||||
-p 8777:8776 \
|
||||
-p 3260:3260 \
|
||||
--network=host \
|
||||
{{ docker_image }}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@ -13,3 +13,8 @@
|
||||
with_items:
|
||||
- docker-engine
|
||||
- python-docker
|
||||
|
||||
- name: make sure service is started
|
||||
systemd:
|
||||
name: docker.service
|
||||
state: started
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
- name: Passwordless sudo for admins
|
||||
lineinfile: dest=/etc/sudoers line="%admin ALL=(ALL:ALL) NOPASSWD:ALL"
|
||||
|
||||
- include: users.yml
|
||||
- import_tasks: users.yml
|
||||
|
||||
- name: common | install packages
|
||||
apt: pkg={{ item }} state=latest update_cache=yes
|
||||
@ -26,4 +26,13 @@
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- include: docker.yml
|
||||
- name: disable apparmor
|
||||
apt: pkg=apparmor state=absent
|
||||
|
||||
- import_tasks: docker.yml
|
||||
|
||||
- name: Log into DockerHub
|
||||
docker_login:
|
||||
registry: registry.webhosting.rug.nl
|
||||
username: "{{ docker_user }}"
|
||||
password: "{{ docker_pass }}"
|
||||
|
||||
@ -7,13 +7,18 @@
|
||||
mode: 644
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: install service file
|
||||
command: systemctl daemon-reload
|
||||
|
||||
- name: make sure service is started
|
||||
systemd:
|
||||
name: dockerregistry.service
|
||||
state: started
|
||||
|
||||
- name: start service at boot.
|
||||
command: systemctl reenable dockerregistry.service
|
||||
|
||||
- name: Copy certificates and passwd file
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
|
||||
2
roles/glance-controller/files/ceph.client.images.keyring
Normal file
2
roles/glance-controller/files/ceph.client.images.keyring
Normal file
@ -0,0 +1,2 @@
|
||||
[client.images]
|
||||
key = AQDCpDNbJ3DqDBAAvUOUcxEoZNvQUfoaU5i8iQ==
|
||||
14
roles/glance-controller/files/ceph.conf
Normal file
14
roles/glance-controller/files/ceph.conf
Normal file
@ -0,0 +1,14 @@
|
||||
[global]
|
||||
fsid = ef0b40a2-bc8c-4432-9cde-0ca7c82c8717
|
||||
mon_initial_members = merlin-managementnode002
|
||||
mon_host = 172.23.59.102
|
||||
auth_cluster_required = cephx
|
||||
auth_service_required = cephx
|
||||
auth_client_required = cephx
|
||||
|
||||
# Your network address
|
||||
public network = 172.23.59.0/24
|
||||
osd pool default size = 2
|
||||
|
||||
[client.images]
|
||||
keyring = /etc/ceph/ceph.client.images.keyring
|
||||
@ -1,23 +1,34 @@
|
||||
# Build and install a docker image for glance.
|
||||
---
|
||||
- set_fact:
|
||||
docker_image: webhost12.service.rug.nl/hpc/openstack-glance:latest
|
||||
env_vars: >
|
||||
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MYSQL_ROOT_PASSWORD=geheim"
|
||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "GLANCE_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "GLANCE_USER=glance"
|
||||
-e "GLANCE_PASSWORD=geheim"
|
||||
-e "RABBIT_USER=openstack"
|
||||
-e "RABBIT_PASSWORD=geheim"
|
||||
- name: include secrets
|
||||
include_vars:
|
||||
file: ../../secrets.yml
|
||||
name: secrets
|
||||
|
||||
- name: pull docker image
|
||||
docker_image:
|
||||
name: "{{ docker_image }}"
|
||||
tags: pull
|
||||
- set_fact:
|
||||
docker_image: registry.webhosting.rug.nl/hpc/openstack-glance-merlin:latest
|
||||
env_vars: >
|
||||
-e "GLANCE_HOST={{ listen_ip | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "GLANCE_PASSWORD={{ secrets['GLANCE_PASSWORD'] }}"
|
||||
-e "GLANCE_USER=glance"
|
||||
-e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
||||
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
||||
-e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
|
||||
-e "RABBIT_USER=openstack"
|
||||
-e "USE_CEPH={{ use_ceph }}"
|
||||
-e "MON_INITIAL_MEMBERS={{ ceph_mon_initial_members }}"
|
||||
-e "MON_HOST={{ ceph_mon_host }}"
|
||||
-e "PUBLIC_NETWORK={{ ceph_public_network }}"
|
||||
-e "OSD_POOL_DEFAULT_SIZE={{ ceph_osd_pool_default_size }}"
|
||||
|
||||
#- name: pull docker image
|
||||
# docker_image:
|
||||
# name: "{{ docker_image }}"
|
||||
# tags: pull
|
||||
|
||||
- name: Make build and persistent directories
|
||||
file:
|
||||
@ -26,6 +37,26 @@
|
||||
mode: 0777
|
||||
with_items:
|
||||
- /srv/glance
|
||||
- /srv/glance/root
|
||||
- /srv/glance/etc/ceph
|
||||
|
||||
- name: copy ceph-client configurationfile
|
||||
copy:
|
||||
src: files/ceph.conf
|
||||
dest: /srv/glance/etc/ceph/ceph.conf
|
||||
mode: 0644
|
||||
|
||||
- name: copy ceph-client-keyring
|
||||
copy:
|
||||
src: files/ceph.client.images.keyring
|
||||
dest: /srv/glance/etc/ceph/ceph.client.images.keyring
|
||||
mode: 0644
|
||||
|
||||
#- name: set ceph client keyring
|
||||
# copy:
|
||||
# content: "{{ceph_images_client_keyring}}"
|
||||
# dest: /srv/cinder-storage/etc/ceph/ceph.client.images.keyring
|
||||
# when: use_ceph
|
||||
|
||||
- name: install service file.
|
||||
template:
|
||||
@ -35,13 +66,18 @@
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: start service at boot.
|
||||
command: systemctl reenable glance.service
|
||||
|
||||
- command: systemctl daemon-reload
|
||||
|
||||
- name: Initialize database.
|
||||
command: >
|
||||
/usr/bin/docker run --rm
|
||||
{{ env_vars }}
|
||||
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
|
||||
--add-host=keystone:{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
|
||||
-v /srv/glance/root:/root \
|
||||
-v /var/lib/glance/images:/var/lib/glance/images \
|
||||
{{ docker_image }} /etc/bootstrap.sh
|
||||
tags: bootstrap
|
||||
|
||||
|
||||
@ -6,9 +6,12 @@ Requires=docker.service
|
||||
[Service]
|
||||
TimeoutStartSec=0
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker rm -f %n
|
||||
ExecStartPre=-/usr/bin/docker kill %n
|
||||
ExecStartPre=-/usr/bin/docker rm %n
|
||||
ExecStart=/usr/bin/docker run --name %n \
|
||||
{{ env_vars | replace('\n', '') }} \
|
||||
-v /srv/glance/root:/root \
|
||||
-v /etc/ceph:/etc/ceph \
|
||||
-p 9292:9292 \
|
||||
{{ docker_image }}
|
||||
|
||||
|
||||
62
roles/heat/tasks/main.yml
Normal file
62
roles/heat/tasks/main.yml
Normal file
@ -0,0 +1,62 @@
|
||||
# Build and install a docker image for heat.
|
||||
---
|
||||
- name: include secrets
|
||||
include_vars:
|
||||
file: ../../secrets.yml
|
||||
name: secrets
|
||||
|
||||
- set_fact:
|
||||
docker_image: registry.webhosting.rug.nl/hpc/openstack-heat-merlin:latest
|
||||
env_vars: >
|
||||
-e "HEAT_HOST={{ listen_ip | default(hostvars[groups['heat'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "HEAT_PASSWORD={{ secrets['HEAT_PASSWORD'] }}"
|
||||
-e "HEAT_USER=heat"
|
||||
-e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
||||
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
||||
-e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
|
||||
-e "RABBIT_USER=openstack"
|
||||
|
||||
- name: pull docker image
|
||||
docker_image:
|
||||
name: "{{ docker_image }}"
|
||||
tags: pull
|
||||
|
||||
- name: Make build and persistent directories
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0777
|
||||
with_items:
|
||||
- /srv/heat
|
||||
- /srv/heat/root
|
||||
|
||||
- name: install service file.
|
||||
template:
|
||||
src: templates/heat.service
|
||||
dest: /etc/systemd/system/heat.service
|
||||
mode: 644
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: start service at boot.
|
||||
command: systemctl reenable heat.service
|
||||
|
||||
- command: systemctl daemon-reload
|
||||
|
||||
- name: Initialize database.
|
||||
command: >
|
||||
/usr/bin/docker run --rm
|
||||
{{ env_vars }}
|
||||
--add-host=keystone:{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
|
||||
-v /srv/heat/root:/root \
|
||||
{{ docker_image }} /etc/bootstrap.sh
|
||||
tags: bootstrap
|
||||
|
||||
- name: make sure service is started
|
||||
systemd:
|
||||
name: heat.service
|
||||
state: restarted
|
||||
19
roles/heat/templates/heat.service
Normal file
19
roles/heat/templates/heat.service
Normal file
@ -0,0 +1,19 @@
|
||||
[Unit]
|
||||
Description=Openstack heat Container
|
||||
After=docker.service
|
||||
Requires=docker.service
|
||||
|
||||
[Service]
|
||||
TimeoutStartSec=0
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker kill %n
|
||||
ExecStartPre=-/usr/bin/docker rm %n
|
||||
ExecStart=/usr/bin/docker run --name %n \
|
||||
{{ env_vars | replace('\n', '') }} \
|
||||
-v /srv/heat/root:/root \
|
||||
-p 8000:8000 \
|
||||
-p 8004:8004 \
|
||||
{{ docker_image }}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@ -1,13 +1,30 @@
|
||||
# Run hpc/horizon
|
||||
---
|
||||
- set_fact:
|
||||
docker_image: webhost12.service.rug.nl/hpc/openstack-horizon:latest
|
||||
docker_image: registry.webhosting.rug.nl/hpc/openstack-horizon-merlin:latest
|
||||
|
||||
- name: pull docker image
|
||||
docker_image:
|
||||
name: "{{ docker_image }}"
|
||||
force: True
|
||||
tags: pull
|
||||
|
||||
- name: Make persistent directories
|
||||
file:
|
||||
path: /srv/horizon/certs
|
||||
state: directory
|
||||
mode: 0750
|
||||
|
||||
- name: install ssl files
|
||||
template:
|
||||
src: templates/certs/{{ item }}
|
||||
dest: /srv/horizon/certs/{{ item }}
|
||||
mode: 400
|
||||
with_items:
|
||||
- merlin.hpc.rug.nl.key
|
||||
- merlin.hpc.rug.nl.crt
|
||||
- DigiCertCA.crt
|
||||
|
||||
- name: install service file.
|
||||
template:
|
||||
src: templates/horizon.service
|
||||
@ -18,6 +35,9 @@
|
||||
|
||||
- command: systemctl daemon-reload
|
||||
|
||||
- name: start service at boot.
|
||||
command: systemctl reenable horizon.service
|
||||
|
||||
- name: make sure service is started
|
||||
systemd:
|
||||
name: horizon.service
|
||||
|
||||
29
roles/horizon/templates/certs/DigiCertCA.crt
Normal file
29
roles/horizon/templates/certs/DigiCertCA.crt
Normal file
@ -0,0 +1,29 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIE+zCCA+OgAwIBAgIQCHC8xa8/25Wakctq7u/kZTANBgkqhkiG9w0BAQsFADBl
|
||||
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
|
||||
d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
|
||||
b3QgQ0EwHhcNMTQxMTE4MTIwMDAwWhcNMjQxMTE4MTIwMDAwWjBkMQswCQYDVQQG
|
||||
EwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFt
|
||||
MQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzCCASIw
|
||||
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMV2Dw/ZQyk7bG3RR63eEL8jwnio
|
||||
Snc18SNb4EweQefCMQC9iDdFdd25AhCAHo/tZCMERaegOTuBTc9jP8JJ/yKeiLDS
|
||||
lrlcinQfkioq8hLIt2hUtVhBgUBoBhpPhSn7tU08D08/QJYbzqjMXjX/ZJj1dd10
|
||||
VAWgNhEEEiRVY++Udy538RV27tOkWUUhn6i+0SftCuirOMo/h9Ha8Y+5Cx9E5+Ct
|
||||
85XCFk3shKM6ktTPxn3mvcsaQE+zVLHzj28NHuO+SaNW5Ae8jafOHbBbV1bRxBz8
|
||||
mGXRzUYvkZS/RYVJ+G1ShxwCVgEnFqtyLvRx5GG1IKD6JmlqCvGrn223zyUCAwEA
|
||||
AaOCAaYwggGiMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMHkG
|
||||
CCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu
|
||||
Y29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln
|
||||
aUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4MDqgOKA2hjRodHRw
|
||||
Oi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3Js
|
||||
MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
|
||||
SURSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxo
|
||||
dHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBRn/YggFCeYxwnS
|
||||
JRm76VERY3VQYjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq
|
||||
hkiG9w0BAQsFAAOCAQEAqSg1esR71tonHqyYzyc2TxEydHTmQN0dzfJodzWvs4xd
|
||||
xgS/FfQjZ4u5b5cE60adws3J0aSugS7JurHogNAcyTnBVnZZbJx946nw09E02DxJ
|
||||
WYsamM6/xvLYMDX/6W9doK867mZTrqqMaci+mqege9iCSzMTyAfzd9fzZM2eY/lC
|
||||
J1OuEDOJcjcV8b73HjWizsMt8tey5gvHacDlH198aZt+ziYaM0TDuncFO7pdP0GJ
|
||||
+hY77gRuW6xWS++McPJKe1e9GW6LNgdUJi2GCZQfXzer8CM/jyxflp5HcahE3qm5
|
||||
hS+1NGClXwmgmkMd1L8tRNaN2v11y18WoA5hwnA9Ng==
|
||||
-----END CERTIFICATE-----
|
||||
125
roles/horizon/templates/certs/merlin.hpc.rug.nl.crt
Normal file
125
roles/horizon/templates/certs/merlin.hpc.rug.nl.crt
Normal file
@ -0,0 +1,125 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
65356336313163323761363666626661373461653034313630353938616666323734663735343630
|
||||
3562356361313237623231366332343165613939393230310a613263373434396237633733613865
|
||||
38666637616264393237363366396232333664613732623332363136313163616432633366663537
|
||||
3135636261656133640a313661316538623765353063373134616663316237363536613761626637
|
||||
35316432633638303337343065623262643235356435633936356631383562363037656362316263
|
||||
33633136363933316334363965303138343462326536636162383838326138656133363034356561
|
||||
33623730626136373733376162663664303763613339343932613731653965313362623737373937
|
||||
33333966653538373664633763343239316537366332643135393033343235366564653765303738
|
||||
62633063636663343730323736643438323365383262656263326561663733666235623766313732
|
||||
39386366303366393339393935366238633966653738643637613266313231346632623535346139
|
||||
61343731643063646635623930626165623665343732383639353933313634313838336562303038
|
||||
31633532653361353765653836636162363761336338313535346537626432313562346430616232
|
||||
30613538326561326232623261623536363366353735323333653039306564616431323035366237
|
||||
33333661346437613466363236653463636234393730653765646463613535303439306463643764
|
||||
37306665353534393335366537643534383834633239646432373433613432663031363962633761
|
||||
33633765336164363165396634316163333739666264663864333632313462636338396339303138
|
||||
33333131343261643137373065636537366536336634633266373536633532363563666464306332
|
||||
39343136623063303061666564366135383339313866373666336364373663383266303364363437
|
||||
34383730393539376338383865373439386230393030633161646465366165343132373438306566
|
||||
34383965363366663435393032666366363739393739323335626438656632303266383661366433
|
||||
65376234383364313663663564333235303939363036303838393231303566343637346332376161
|
||||
30333331613738306338346539343762363562393966373963643964623331643036323935313165
|
||||
64626661363461656164626538313336306538666561646637616238643839336334633239393236
|
||||
63356139323433346335643031343930353937323333396332333735353861386265373633653532
|
||||
32313962616665343536663836326139316662653562373132633537386431356166643433366138
|
||||
37623534636264336437366462303266383836666333326333393831396466376132666265316533
|
||||
65663734653233666233373064326161643534353930393731313431643765383934353130613137
|
||||
66666663346536303363653562313139336333343133343938323030663432643161396538383966
|
||||
62646163396161373531663861333230393831333535343137343732393532336631393637383762
|
||||
66363632373938316536623161646339316236313966303737643632313839623730643364626266
|
||||
66643462663536356337653233353662363238346638396566363961643134613136353062633035
|
||||
37653833343032383937653530363331366632386261363661343131376539323335653439623830
|
||||
35316131663965353635643364396463346637346232313931326666316165653061346264663331
|
||||
63616265396463613666646438393133313865663338623436393466373134396230396561393431
|
||||
62353039633564393666373430663035313039633065323539373436323532363138333932633537
|
||||
65363338316663623934616130396661376163653636346630383531333263393265336461643363
|
||||
39366230613239313635366264303431663534666638663433323639613335376233313535666235
|
||||
36383566616532396630373763333566616232383538366163626463633530393165653032363433
|
||||
65343561323636616365656466623939383366366438646366393432303465353865623134383532
|
||||
35333435663831386130666238376531616362663134383366633736336337653763613135356138
|
||||
32336231333237656462383831663132316634313038373861356163663632336231383736316132
|
||||
37343430633432303462373664633761616635656462383935353731383431336265333734646166
|
||||
35376632383736383463353336383431613761626231356534313539666563633466313530666166
|
||||
39646462376236366466306139376238306236323337323463343733663439363631346135636564
|
||||
64666239613732326539313638633131333039623535366264383265616661663135343563333466
|
||||
34626632623932303630663161633437626532376463373135383131613663663432373233396163
|
||||
30666331366137316364376566616431366635613536623339616565623736323730336339653031
|
||||
38346335643132636231663837653639323230323238376466623034373763313531363930353335
|
||||
66356638666466303466653561626434383839626531333664633337333636333033666335383837
|
||||
35353837376130386532373961643962633361363831633632333133383738323436633836646537
|
||||
34323037313732386639383666326535383638333239363730383733363235623063626531326366
|
||||
33626366366231623638643836343339376361383562633933626332363432393265323335626436
|
||||
31613666633362643162616237383433633032366534303338313238626131353633396264333537
|
||||
61613166303639663366353539333832633263313333343662393533376437396438323135633865
|
||||
33383131363633343333646539386139306131623161633331393866393862383566333234386565
|
||||
37663334313039623763663361386531626131303262333063336437326633666438303334353035
|
||||
64376535666334623938343337663561636661386430313339633764323834323031303366666464
|
||||
31303237383333626433613534343337646134323364623763663062306439333464393366313262
|
||||
31386333663334373333393666383732333264383331376238653338333861383439353236303338
|
||||
37336466376538303234316663653262363162616439303065633263346139333439303732316632
|
||||
34646166313737393334303632326561373831646133376564323763633436323366326634613731
|
||||
63663033663338333833653766313938646239623038336430383739313034626663626261623531
|
||||
66363339656132643137303339633330653066643265303835356566303161393063383831613565
|
||||
35653165646165326531356634623532633964666132663339363334386465323565383732333130
|
||||
65613462363133616435633066356136353530383863613266353164616138363531313733636131
|
||||
64313166633236633835316239333730653437393064623735363234333663653362373136313361
|
||||
30623637393536653833373133346332363738343337633264376565653865633464363163366136
|
||||
31336561613333323036353937613764363237636463343461666266613435326239306238646666
|
||||
31393863346230663935363832633164663639383333343166373362383336366261656235393038
|
||||
63323632303166643837643539346465626435633935353230663262383135656230653934306335
|
||||
33333832323436663936613336393433666236363534646430666437646363303236363536666431
|
||||
65616332623561336461323632623664393031323637363263633334626232316638623565316632
|
||||
61376339323064366637353737396232313666316535333930663638656364396266353534363065
|
||||
38323664313435313035643866373535343937623331616136663232396635336463396432333363
|
||||
32343733613635313538366136393833623336653736353032366461636633393034303533353661
|
||||
31616631373238616566333662356137623139623964326130316235363137393338643930666364
|
||||
39306338616234326262373461336365653463636632336233303136363832616561633135323663
|
||||
39313839643730393730626139343338303631303066313433383438613730366434656161653936
|
||||
37313139626436666535356663396433333635343532303265306134316335613232313038333335
|
||||
34626136313933663463666334366466303939643334316261333161623239306632636561663463
|
||||
64636538643931623563666438333363303633316431323761643862613763626130383532346539
|
||||
31316565636363333331323630623337326133366263643638383339313330636162613666343432
|
||||
33666238663739333135363733363361356430643638336133343065366461373736376431373139
|
||||
61653231383735393838373731663932633139303362376164356635613130616362343835653536
|
||||
30376263376233303234343962663361333439623232636535366364396135356334633465363862
|
||||
66646564653061376632383235636330656236663563616166636339313738646166663235373330
|
||||
66646637376633616365373735326331313338353263613537386535343733346132663838336164
|
||||
31393863323266383563323263303233616533366434663332326530343264343364353839643363
|
||||
31643931663131633733666665623665663434666164346364366232313765333063613234393063
|
||||
64333333346431643837646139663937303437643830633131613864363663313633393932303538
|
||||
33303331613061663138373639396266343830646637306662653337323130313638303237306262
|
||||
61393238356633396361333866353838383630393038376133353133613732303061333137306662
|
||||
39306138393363626662353532386436333965656234366166383835393763633539346561636430
|
||||
65333231643266333732663366393164366234366131373636643034633361393935366236366237
|
||||
36616130666663353536336638346232616431333265393432303630663637656539323431633963
|
||||
39336564666135646261613361396339306332376131663639353431643564316136643336333466
|
||||
34653837316137656662303166623738616533376434316339653136376434623135363633333835
|
||||
39343366613265656537363332373862643662633264376432636434393464386666626365346466
|
||||
38326361343935363635373932396136363561363037333962303732303535356362383236653464
|
||||
37646563306235333863303935353431626133616330366566326531356331353137653165623062
|
||||
66636134393536656234323966363137613438306163366236623533373966333736633162623462
|
||||
62303463343963353535653462376561623230386563346631383161376434303464613231386165
|
||||
65376230396461336530366338356231363432356265376330623334363737383461626462326234
|
||||
62383436646236303966666537393231643835663462373435396666366264646335663136613336
|
||||
33656230393465663265316166313163313366653861643039383062313966303837396539363732
|
||||
36616230383931353632653330623138393939353434363130616533303463353439316131373465
|
||||
32373430623065386464643164316566383837373838383062346361623637386662643435303831
|
||||
62663430336235306166323761316262383536363939366663323638623765343537616430386635
|
||||
65306561646639336462636462646266663034336462663730653032386138316365346262323836
|
||||
64363033353937363530383462373133666262613937383536623333386239653935366661623435
|
||||
33613462383732636538396134393537343538366562643832333034366438333439353637346363
|
||||
33663861323331636538313632366134626137636635323930363363323466383165353166303930
|
||||
66386139376139346232373263363262313638666231336564313333343430343837656439636262
|
||||
33336438646134393863306631636131633138653037626638633165636136663865666434323665
|
||||
39363632636531323633313434333432316136353762653561383230336566316462336664353431
|
||||
39333132633533393362313761363339393963393361343161353633346232376666353734306663
|
||||
35366366396533643430643863663665646139636465316630393665383532393337616662656530
|
||||
36333032633430363165333238666133633264363266336636373736313332306333376637393465
|
||||
32343265383933613231623431323364653238343464393164623631663166313830616165323131
|
||||
65643661363265386562616232613863343964386130323635323434613639623666633962663432
|
||||
31323131363661336233346331376466323635323234643037383238613830626130386131353464
|
||||
30633736346633353237636536303436633036316131636530656161323666303131636665383730
|
||||
39653135663538656337623334376463323834363866313964386366383936316164663863323031
|
||||
33663738653232636665
|
||||
89
roles/horizon/templates/certs/merlin.hpc.rug.nl.key
Normal file
89
roles/horizon/templates/certs/merlin.hpc.rug.nl.key
Normal file
@ -0,0 +1,89 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
65336461353934306534356638306230323835396365363737626131663464643138336135373463
|
||||
3435343336346162383039313638303035346162393064660a646166383538633138346535646337
|
||||
32616265393438613266363930623031303866316161656261663634616533323035313132313339
|
||||
3131636330373734640a366466323366386338626365626665343266666333383966306165353637
|
||||
35393461343066363037373234313733363939353235373730373862316133653233363531356638
|
||||
33366339303366356439363664393463323037323162623061336462376461333936386666633637
|
||||
33666339303738663535626265376561646338613136616539336431366234616562363063323637
|
||||
39386261663964353763376232356466333235646332353564323862376663626530393737356361
|
||||
63633930633066613239333432306362303432666466616263376234626137386338613537613266
|
||||
66656532346161313966346233633236313538656638323762653766613032366662633237633138
|
||||
66363137346633353938633933303636323763383231626261373162656363636233653664313539
|
||||
36646162643337306131383737313162313162326634663766326335306232356133306665306465
|
||||
66613163623631333831623835373036303263343061376435666231393035356662383163656361
|
||||
32313636636432393362633662366638313565346561363736363638643034656133636362653233
|
||||
61643734376232643361613562383938623530663463616365396533623334646232643434626439
|
||||
36623034393564386362613631333137336637353464333634393630326662623033353366616266
|
||||
35373963316563346530333439633463613035613031383437393238333862613161373438396336
|
||||
38383466333364353236323830323533613636373332383432626164386134643866373530326139
|
||||
37306230326363313264303530346338613234336164636665353530393864393163343635656234
|
||||
32653731653330313732306461353133393536376433373732383432326236303833303032373436
|
||||
63353233396663343937363434623634646261393731653633383830396461386633643434383161
|
||||
62353031613532646263633437666331316435386437626439616637663664376566386662306235
|
||||
62343239613632643266396365313134393137353962363035633165306261336436363361356134
|
||||
65313631363232306364366366353132663864623533323566313238383237663532663165373563
|
||||
34333063393365633264343464333862343135323166353233616130666630666436363138393230
|
||||
31303461393861366532373963373837316238323435313266653466663138386434303232356463
|
||||
64663330383337656435346237613831333865363463313538623037336437616638363337356461
|
||||
38623236323134393639643135303939336564313732393861356332653330396430373262333763
|
||||
63303961633463616365356663626430613133386466626562636639323762333731363934393561
|
||||
39383263393964643639353963653063656565613532303264643431316439613032373130623162
|
||||
64363230306231383064363433623734326666323461656438623662346232353934633439313931
|
||||
34653330386564333934366134646163356234306462643061343964386164663461633733666563
|
||||
33643133613365373032656262366231336639303232346434333061343661323932333130316536
|
||||
61366563636265386633333164303539333565613039666563626434623234616135346664633364
|
||||
37373937323635643461386262326135666165363163396236623338356233656161303962373566
|
||||
35326139646466333934363964366536343439323864613066383435383435333037356362313565
|
||||
38326562393339613636303133333164336265646333396333666339383031663464303361366530
|
||||
35313033363931386633373566643866323939343765313030383330313830366432353331626339
|
||||
37376638326534323932363832373435376265653863633536333032313331356666386164663739
|
||||
33356235393537326136623038316434393166373865353461396566356566653835623765393337
|
||||
39353434316639313135383337343165353932383331313463366634336663303565316362623130
|
||||
39656664306336306662323161616630393234653530383133396463383236303931633635663133
|
||||
30333034303835373436353164613536303334633432356230303538373530343262386563623166
|
||||
31643036653833386332633933306439303463633163376231393936353665303637326132396332
|
||||
66653537343162623363346637333762636366636633316464646264396461303463356232343030
|
||||
30323735303535386363333833313966633463616161376633376265643336313765653933616466
|
||||
63373938366565376631346431623237326564366539326132393535343736336562376633613164
|
||||
38656631623339373263663638386531326136383338346438396438643435353033616365353333
|
||||
30386233383539626363343838323261653864633366653362656636623639653661653165346530
|
||||
65383732383038616639636335633337393333626336313838653261663733343861386464626638
|
||||
66366139396239326634383738373638643634613061393338353638396438333438616164356438
|
||||
37346265636535333163383835316334353836666163633166383135326232373936663365363663
|
||||
32643161363037666433313239336362303264356164626538643561306463636462643230623466
|
||||
62363033303638393137333334626162636465306661376635653664353631353930653165303131
|
||||
30326461353032616130643035323461656636373337346131303533656434393830613534656130
|
||||
62613939306233356363663661323439353466633565653666366130383861636565313834636230
|
||||
36313735316566663530643564663862386461366635666238323365343237373132346137613766
|
||||
64373830393664626165633339336266656465373662646661643032386161633339626236313130
|
||||
30373165373531626465373961363539313564636133363336376631326464303139643563636439
|
||||
63653838313637346132323331363232373234396664306365373435616432636164363464353335
|
||||
65663463396333303063626265313964616136316436316239393062646334323163663738313937
|
||||
36326230386664643434366332326139633537343630633936346637353732663266313865363538
|
||||
31343331653937396230383333653438383536646438373162616263626263636230633566626139
|
||||
32333862353066323537343930393832353838623038326666386637306239616662313237323935
|
||||
36306233303237383632656164656163313363616264643630333935393066633166303938393062
|
||||
61376335623361656461373731653465386233633666323236333737323165373931366263643961
|
||||
34313837383933623765346333626537323561326130323262333465653236353133366265623261
|
||||
35373734616436373738306636346363613632383636313333626562643638326333333435623437
|
||||
34306235306637393737653339303535353030353139653138373631336335323331373231663265
|
||||
63383533323739666262353731306439653537386436363137336364623635656266363733333630
|
||||
37666463646332373539623761656438383166633538636330316362326137333230653930623965
|
||||
64633431616137376230353133613833646235343161633931626661386438323434623831383737
|
||||
35393933386365353162333035393832616531636333623331646366343536373138613035396138
|
||||
38313366343737626662613266386265666465353332336230353430663031376336303263613863
|
||||
38303431666435363939636235313761656436653562643662323535346237333236326331393830
|
||||
65323061323263326461616539343364653961616538333436343431373639316439396638396361
|
||||
65393032623333353533643565393362346236383934623432386339396439326139333966383164
|
||||
38626663323261643865613365636634383331306463633838336530666163356234633564613961
|
||||
66326632393533306337613962653437333938316263656365343135626365656461323964326433
|
||||
63343430663837613162353661363338396166323766313933393535623332323932373063633963
|
||||
61383336313230653833323134303738366365356131366532663961643065393563346364316561
|
||||
35616137663837643964376337383531313334616465363038343461373630623236316332386466
|
||||
37363132333937313364643561616562623864623666313035313864643362653138393066326431
|
||||
35666565383036386464323166353333386337336666363966396535333232663231643666316130
|
||||
31376262393832313366663938653637656339663733313364616438636236383762353231666436
|
||||
61313563643262343164323830663063663764326132663139366538646536643031316163666662
|
||||
63333432653839363865346263343339623561373036393633363937616237313737366334633035
|
||||
63393661656138323936
|
||||
@ -1,17 +1,20 @@
|
||||
[Unit]
|
||||
Description=Openstack Glance Container
|
||||
Description=Openstack Horizon Container
|
||||
After=docker.service
|
||||
Requires=docker.service
|
||||
|
||||
[Service]
|
||||
TimeoutStartSec=0
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker rm -f %n
|
||||
ExecStartPre=-/usr/bin/docker kill %n
|
||||
ExecStartPre=-/usr/bin/docker rm %n
|
||||
ExecStart=/usr/bin/docker run --name %n \
|
||||
-e "MEMCACHED_SERVER={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
|
||||
-e "MEMCACHED_SERVER={{ hostvars[groups['memcached'][0]]['listen_ip'] | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}" \
|
||||
-e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \
|
||||
--volume=/srv/horizon/certs:/certs \
|
||||
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
|
||||
-p 80:80 \
|
||||
-p 443:443 \
|
||||
{{ docker_image }}
|
||||
|
||||
[Install]
|
||||
|
||||
@ -1,31 +0,0 @@
|
||||
# Build keystone. It needs to be run with
|
||||
# --add-host=mariadb:<ip mariadb listens tp>
|
||||
# Wen starting with an initialized db,
|
||||
# run keystone-manage db_sync from this docker first:
|
||||
# $ docker run hpc/keystone --add-host=mariadb:<ip mariadb> "keystone-manage db_sync"
|
||||
|
||||
FROM ubuntu:16.04
|
||||
|
||||
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
|
||||
|
||||
RUN set -x \
|
||||
&& echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install \
|
||||
&& apt-get -y install keystone python-openstackclient \
|
||||
&& apt-get -y clean
|
||||
|
||||
# set admin token TODO: make this a secret
|
||||
# in volume of met env
|
||||
COPY keystone.conf /etc/keystone/keystone.conf
|
||||
|
||||
RUN mkdir /etc/keystone/fernet-keys
|
||||
|
||||
RUN chown keystone: /etc/keystone/fernet-keys
|
||||
|
||||
COPY admin-openrc.sh root/admin-openrc.sh
|
||||
|
||||
COPY bootstrap.sh /etc/bootstrap.sh
|
||||
|
||||
#RUN keystone-manage db_sync
|
||||
CMD apachectl -DFOREGROUND
|
||||
@ -1,16 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
source /root/admin-openrc.sh
|
||||
|
||||
openstack project create --domain default \
|
||||
--description "Service Project" service
|
||||
|
||||
openstack project create --domain default \
|
||||
--description "Demo Project" demo
|
||||
|
||||
openstack user create --domain default \
|
||||
--password geheim demo
|
||||
|
||||
openstack role create user
|
||||
|
||||
openstack role add --project demo --user demo user
|
||||
@ -1,12 +0,0 @@
|
||||
[DEFAULT]
|
||||
|
||||
verbose = true
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://keystone:keystone@mariadb/keystone
|
||||
|
||||
[token]
|
||||
provider = fernet
|
||||
|
||||
[identity]
|
||||
default_domain_id = default
|
||||
@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
# Start a mariadb container to use its mysql client to initialize the keystone database.
|
||||
docker run --rm -i mariadb:10.2 mysql -uroot -pgeheim --host "$1" << EOF
|
||||
docker run --rm -i mariadb:10.2 mysql -uroot -p"$MYSQL_ROOT_PASSWORD" --host "$DB_HOST" << EOF
|
||||
CREATE DATABASE IF NOT EXISTS keystone;
|
||||
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
|
||||
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
|
||||
|
||||
@ -1,17 +1,40 @@
|
||||
# Build and install a docker image for keystone.
|
||||
---
|
||||
- name: include secrets
|
||||
include_vars:
|
||||
file: ../../secrets.yml
|
||||
name: secrets
|
||||
|
||||
- name: Make persistent directories
|
||||
file:
|
||||
path: /srv/keystone/fernet-keys
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0777
|
||||
with_items:
|
||||
- /srv
|
||||
- /srv/keystone
|
||||
- /srv/keystone/fernet-keys
|
||||
- /srv/keystone/root
|
||||
- /srv/keystone/certs
|
||||
- /srv/keystone/shibboleth
|
||||
|
||||
- name: install ssl files
|
||||
template:
|
||||
src: templates/certs/{{ item }}
|
||||
dest: /srv/keystone/certs/{{ item }}
|
||||
mode: 400
|
||||
with_items:
|
||||
- merlin.hpc.rug.nl.key
|
||||
- merlin.hpc.rug.nl.crt
|
||||
- DigiCertCA.crt
|
||||
|
||||
- set_fact:
|
||||
docker_image: webhost12.service.rug.nl/hpc/openstack-keystone:latest
|
||||
docker_image: registry.webhosting.rug.nl/hpc/openstack-keystone-merlin:latest
|
||||
|
||||
- name: pull docker image
|
||||
docker_image:
|
||||
name: "{{ docker_image }}"
|
||||
force: True
|
||||
tags: pull
|
||||
|
||||
- name: install service file.
|
||||
@ -25,33 +48,44 @@
|
||||
- name: install service file
|
||||
command: systemctl daemon-reload
|
||||
|
||||
- name: start service at boot.
|
||||
command: systemctl reenable keystone.service
|
||||
|
||||
- name: Initialize db
|
||||
script: scripts/initialize_db.sh {{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
|
||||
script: scripts/initialize_db.sh
|
||||
environment:
|
||||
MYSQL_ROOT_PASSWORD: "{{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
||||
DB_HOST: "{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
register: result
|
||||
until: result|succeeded
|
||||
until: result is succeeded
|
||||
# sometimes the initial connect fails.
|
||||
# Retry until it succeeds.
|
||||
retries: 7
|
||||
delay: 3
|
||||
ignore_errors: yes
|
||||
|
||||
- name: keystone manage commands to setup db
|
||||
- name: keystone manage commands to setup db_sync
|
||||
command: >
|
||||
/usr/bin/docker run --rm
|
||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
|
||||
--add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
|
||||
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
|
||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
{{ docker_image }} keystone-manage {{ item }}
|
||||
with_items:
|
||||
- db_sync
|
||||
- fernet_setup --keystone-user keystone --keystone-group keystone
|
||||
- credential_setup --keystone-user keystone --keystone-group keystone
|
||||
- >
|
||||
bootstrap --bootstrap-password geheim
|
||||
--bootstrap-admin-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
|
||||
--bootstrap-internal-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
|
||||
--bootstrap-public-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:5000/v3/
|
||||
bootstrap --bootstrap-password {{ secrets['OS_PASSWORD'] }}
|
||||
--bootstrap-admin-url https://{{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/
|
||||
--bootstrap-internal-url https://{{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/
|
||||
--bootstrap-public-url https://{{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:5000/v3/
|
||||
--bootstrap-region-id RegionOne
|
||||
# sometimes the initial connect fails.
|
||||
# Retry until it succeeds.
|
||||
retries: 7
|
||||
delay: 3
|
||||
ignore_errors: yes
|
||||
|
||||
- name: make sure service is started
|
||||
systemd:
|
||||
@ -61,7 +95,36 @@
|
||||
- name: Create a domain, projects users and roles
|
||||
command: >
|
||||
/usr/bin/docker run --rm
|
||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
|
||||
--add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
|
||||
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
|
||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-v /srv/keystone/root:/root
|
||||
-e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "OS_AUTH_URL=https://${KEYSTONE_HOST}:35357/v3"
|
||||
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
||||
{{ docker_image }} bash /etc/bootstrap.sh
|
||||
register: result
|
||||
retries: 7
|
||||
delay: 3
|
||||
|
||||
|
||||
- name: install openstack repo key host.
|
||||
command: apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
|
||||
tags: openstackclient
|
||||
|
||||
- name: install openstack repo on host.
|
||||
apt_repository:
|
||||
repo: "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main"
|
||||
filename: ocata
|
||||
tags: openstackclient
|
||||
|
||||
- name: install openstack client for management
|
||||
apt:
|
||||
name: python-openstackclient
|
||||
state: latest
|
||||
update_cache: yes
|
||||
tags: openstackclient
|
||||
|
||||
- name: source admin-openrc.sh in root .bashrc
|
||||
lineinfile:
|
||||
path: /root/.bashrc
|
||||
line: 'source /srv/keystone/root/admin-openrc.sh'
|
||||
|
||||
@ -1,5 +1,7 @@
|
||||
export OS_PROJECT_DOMAIN_NAME=Default
|
||||
export OS_USER_DOMAIN_NAME=Default
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_USERNAME=admin
|
||||
export OS_PASSWORD=geheim
|
||||
export OS_PASSWORD={{ hostvars[groups['keystone'][0]]['OS_PASSWORD'] }}
|
||||
export OS_AUTH_URL=http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
|
||||
29
roles/keystone/templates/certs/DigiCertCA.crt
Normal file
29
roles/keystone/templates/certs/DigiCertCA.crt
Normal file
@ -0,0 +1,29 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIE+zCCA+OgAwIBAgIQCHC8xa8/25Wakctq7u/kZTANBgkqhkiG9w0BAQsFADBl
|
||||
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
|
||||
d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
|
||||
b3QgQ0EwHhcNMTQxMTE4MTIwMDAwWhcNMjQxMTE4MTIwMDAwWjBkMQswCQYDVQQG
|
||||
EwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFt
|
||||
MQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzCCASIw
|
||||
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMV2Dw/ZQyk7bG3RR63eEL8jwnio
|
||||
Snc18SNb4EweQefCMQC9iDdFdd25AhCAHo/tZCMERaegOTuBTc9jP8JJ/yKeiLDS
|
||||
lrlcinQfkioq8hLIt2hUtVhBgUBoBhpPhSn7tU08D08/QJYbzqjMXjX/ZJj1dd10
|
||||
VAWgNhEEEiRVY++Udy538RV27tOkWUUhn6i+0SftCuirOMo/h9Ha8Y+5Cx9E5+Ct
|
||||
85XCFk3shKM6ktTPxn3mvcsaQE+zVLHzj28NHuO+SaNW5Ae8jafOHbBbV1bRxBz8
|
||||
mGXRzUYvkZS/RYVJ+G1ShxwCVgEnFqtyLvRx5GG1IKD6JmlqCvGrn223zyUCAwEA
|
||||
AaOCAaYwggGiMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMHkG
|
||||
CCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu
|
||||
Y29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln
|
||||
aUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4MDqgOKA2hjRodHRw
|
||||
Oi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3Js
|
||||
MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk
|
||||
SURSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxo
|
||||
dHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBRn/YggFCeYxwnS
|
||||
JRm76VERY3VQYjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq
|
||||
hkiG9w0BAQsFAAOCAQEAqSg1esR71tonHqyYzyc2TxEydHTmQN0dzfJodzWvs4xd
|
||||
xgS/FfQjZ4u5b5cE60adws3J0aSugS7JurHogNAcyTnBVnZZbJx946nw09E02DxJ
|
||||
WYsamM6/xvLYMDX/6W9doK867mZTrqqMaci+mqege9iCSzMTyAfzd9fzZM2eY/lC
|
||||
J1OuEDOJcjcV8b73HjWizsMt8tey5gvHacDlH198aZt+ziYaM0TDuncFO7pdP0GJ
|
||||
+hY77gRuW6xWS++McPJKe1e9GW6LNgdUJi2GCZQfXzer8CM/jyxflp5HcahE3qm5
|
||||
hS+1NGClXwmgmkMd1L8tRNaN2v11y18WoA5hwnA9Ng==
|
||||
-----END CERTIFICATE-----
|
||||
125
roles/keystone/templates/certs/merlin.hpc.rug.nl.crt
Normal file
125
roles/keystone/templates/certs/merlin.hpc.rug.nl.crt
Normal file
@ -0,0 +1,125 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
65356336313163323761363666626661373461653034313630353938616666323734663735343630
|
||||
3562356361313237623231366332343165613939393230310a613263373434396237633733613865
|
||||
38666637616264393237363366396232333664613732623332363136313163616432633366663537
|
||||
3135636261656133640a313661316538623765353063373134616663316237363536613761626637
|
||||
35316432633638303337343065623262643235356435633936356631383562363037656362316263
|
||||
33633136363933316334363965303138343462326536636162383838326138656133363034356561
|
||||
33623730626136373733376162663664303763613339343932613731653965313362623737373937
|
||||
33333966653538373664633763343239316537366332643135393033343235366564653765303738
|
||||
62633063636663343730323736643438323365383262656263326561663733666235623766313732
|
||||
39386366303366393339393935366238633966653738643637613266313231346632623535346139
|
||||
61343731643063646635623930626165623665343732383639353933313634313838336562303038
|
||||
31633532653361353765653836636162363761336338313535346537626432313562346430616232
|
||||
30613538326561326232623261623536363366353735323333653039306564616431323035366237
|
||||
33333661346437613466363236653463636234393730653765646463613535303439306463643764
|
||||
37306665353534393335366537643534383834633239646432373433613432663031363962633761
|
||||
33633765336164363165396634316163333739666264663864333632313462636338396339303138
|
||||
33333131343261643137373065636537366536336634633266373536633532363563666464306332
|
||||
39343136623063303061666564366135383339313866373666336364373663383266303364363437
|
||||
34383730393539376338383865373439386230393030633161646465366165343132373438306566
|
||||
34383965363366663435393032666366363739393739323335626438656632303266383661366433
|
||||
65376234383364313663663564333235303939363036303838393231303566343637346332376161
|
||||
30333331613738306338346539343762363562393966373963643964623331643036323935313165
|
||||
64626661363461656164626538313336306538666561646637616238643839336334633239393236
|
||||
63356139323433346335643031343930353937323333396332333735353861386265373633653532
|
||||
32313962616665343536663836326139316662653562373132633537386431356166643433366138
|
||||
37623534636264336437366462303266383836666333326333393831396466376132666265316533
|
||||
65663734653233666233373064326161643534353930393731313431643765383934353130613137
|
||||
66666663346536303363653562313139336333343133343938323030663432643161396538383966
|
||||
62646163396161373531663861333230393831333535343137343732393532336631393637383762
|
||||
66363632373938316536623161646339316236313966303737643632313839623730643364626266
|
||||
66643462663536356337653233353662363238346638396566363961643134613136353062633035
|
||||
37653833343032383937653530363331366632386261363661343131376539323335653439623830
|
||||
35316131663965353635643364396463346637346232313931326666316165653061346264663331
|
||||
63616265396463613666646438393133313865663338623436393466373134396230396561393431
|
||||
62353039633564393666373430663035313039633065323539373436323532363138333932633537
|
||||
65363338316663623934616130396661376163653636346630383531333263393265336461643363
|
||||
39366230613239313635366264303431663534666638663433323639613335376233313535666235
|
||||
36383566616532396630373763333566616232383538366163626463633530393165653032363433
|
||||
65343561323636616365656466623939383366366438646366393432303465353865623134383532
|
||||
35333435663831386130666238376531616362663134383366633736336337653763613135356138
|
||||
32336231333237656462383831663132316634313038373861356163663632336231383736316132
|
||||
37343430633432303462373664633761616635656462383935353731383431336265333734646166
|
||||
35376632383736383463353336383431613761626231356534313539666563633466313530666166
|
||||
39646462376236366466306139376238306236323337323463343733663439363631346135636564
|
||||
64666239613732326539313638633131333039623535366264383265616661663135343563333466
|
||||
34626632623932303630663161633437626532376463373135383131613663663432373233396163
|
||||
30666331366137316364376566616431366635613536623339616565623736323730336339653031
|
||||
38346335643132636231663837653639323230323238376466623034373763313531363930353335
|
||||
66356638666466303466653561626434383839626531333664633337333636333033666335383837
|
||||
35353837376130386532373961643962633361363831633632333133383738323436633836646537
|
||||
34323037313732386639383666326535383638333239363730383733363235623063626531326366
|
||||
33626366366231623638643836343339376361383562633933626332363432393265323335626436
|
||||
31613666633362643162616237383433633032366534303338313238626131353633396264333537
|
||||
61613166303639663366353539333832633263313333343662393533376437396438323135633865
|
||||
33383131363633343333646539386139306131623161633331393866393862383566333234386565
|
||||
37663334313039623763663361386531626131303262333063336437326633666438303334353035
|
||||
64376535666334623938343337663561636661386430313339633764323834323031303366666464
|
||||
31303237383333626433613534343337646134323364623763663062306439333464393366313262
|
||||
31386333663334373333393666383732333264383331376238653338333861383439353236303338
|
||||
37336466376538303234316663653262363162616439303065633263346139333439303732316632
|
||||
34646166313737393334303632326561373831646133376564323763633436323366326634613731
|
||||
63663033663338333833653766313938646239623038336430383739313034626663626261623531
|
||||
66363339656132643137303339633330653066643265303835356566303161393063383831613565
|
||||
35653165646165326531356634623532633964666132663339363334386465323565383732333130
|
||||
65613462363133616435633066356136353530383863613266353164616138363531313733636131
|
||||
64313166633236633835316239333730653437393064623735363234333663653362373136313361
|
||||
30623637393536653833373133346332363738343337633264376565653865633464363163366136
|
||||
31336561613333323036353937613764363237636463343461666266613435326239306238646666
|
||||
31393863346230663935363832633164663639383333343166373362383336366261656235393038
|
||||
63323632303166643837643539346465626435633935353230663262383135656230653934306335
|
||||
33333832323436663936613336393433666236363534646430666437646363303236363536666431
|
||||
65616332623561336461323632623664393031323637363263633334626232316638623565316632
|
||||
61376339323064366637353737396232313666316535333930663638656364396266353534363065
|
||||
38323664313435313035643866373535343937623331616136663232396635336463396432333363
|
||||
32343733613635313538366136393833623336653736353032366461636633393034303533353661
|
||||
31616631373238616566333662356137623139623964326130316235363137393338643930666364
|
||||
39306338616234326262373461336365653463636632336233303136363832616561633135323663
|
||||
39313839643730393730626139343338303631303066313433383438613730366434656161653936
|
||||
37313139626436666535356663396433333635343532303265306134316335613232313038333335
|
||||
34626136313933663463666334366466303939643334316261333161623239306632636561663463
|
||||
64636538643931623563666438333363303633316431323761643862613763626130383532346539
|
||||
31316565636363333331323630623337326133366263643638383339313330636162613666343432
|
||||
33666238663739333135363733363361356430643638336133343065366461373736376431373139
|
||||
61653231383735393838373731663932633139303362376164356635613130616362343835653536
|
||||
30376263376233303234343962663361333439623232636535366364396135356334633465363862
|
||||
66646564653061376632383235636330656236663563616166636339313738646166663235373330
|
||||
66646637376633616365373735326331313338353263613537386535343733346132663838336164
|
||||
31393863323266383563323263303233616533366434663332326530343264343364353839643363
|
||||
31643931663131633733666665623665663434666164346364366232313765333063613234393063
|
||||
64333333346431643837646139663937303437643830633131613864363663313633393932303538
|
||||
33303331613061663138373639396266343830646637306662653337323130313638303237306262
|
||||
61393238356633396361333866353838383630393038376133353133613732303061333137306662
|
||||
39306138393363626662353532386436333965656234366166383835393763633539346561636430
|
||||
65333231643266333732663366393164366234366131373636643034633361393935366236366237
|
||||
36616130666663353536336638346232616431333265393432303630663637656539323431633963
|
||||
39336564666135646261613361396339306332376131663639353431643564316136643336333466
|
||||
34653837316137656662303166623738616533376434316339653136376434623135363633333835
|
||||
39343366613265656537363332373862643662633264376432636434393464386666626365346466
|
||||
38326361343935363635373932396136363561363037333962303732303535356362383236653464
|
||||
37646563306235333863303935353431626133616330366566326531356331353137653165623062
|
||||
66636134393536656234323966363137613438306163366236623533373966333736633162623462
|
||||
62303463343963353535653462376561623230386563346631383161376434303464613231386165
|
||||
65376230396461336530366338356231363432356265376330623334363737383461626462326234
|
||||
62383436646236303966666537393231643835663462373435396666366264646335663136613336
|
||||
33656230393465663265316166313163313366653861643039383062313966303837396539363732
|
||||
36616230383931353632653330623138393939353434363130616533303463353439316131373465
|
||||
32373430623065386464643164316566383837373838383062346361623637386662643435303831
|
||||
62663430336235306166323761316262383536363939366663323638623765343537616430386635
|
||||
65306561646639336462636462646266663034336462663730653032386138316365346262323836
|
||||
64363033353937363530383462373133666262613937383536623333386239653935366661623435
|
||||
33613462383732636538396134393537343538366562643832333034366438333439353637346363
|
||||
33663861323331636538313632366134626137636635323930363363323466383165353166303930
|
||||
66386139376139346232373263363262313638666231336564313333343430343837656439636262
|
||||
33336438646134393863306631636131633138653037626638633165636136663865666434323665
|
||||
39363632636531323633313434333432316136353762653561383230336566316462336664353431
|
||||
39333132633533393362313761363339393963393361343161353633346232376666353734306663
|
||||
35366366396533643430643863663665646139636465316630393665383532393337616662656530
|
||||
36333032633430363165333238666133633264363266336636373736313332306333376637393465
|
||||
32343265383933613231623431323364653238343464393164623631663166313830616165323131
|
||||
65643661363265386562616232613863343964386130323635323434613639623666633962663432
|
||||
31323131363661336233346331376466323635323234643037383238613830626130386131353464
|
||||
30633736346633353237636536303436633036316131636530656161323666303131636665383730
|
||||
39653135663538656337623334376463323834363866313964386366383936316164663863323031
|
||||
33663738653232636665
|
||||
89
roles/keystone/templates/certs/merlin.hpc.rug.nl.key
Normal file
89
roles/keystone/templates/certs/merlin.hpc.rug.nl.key
Normal file
@ -0,0 +1,89 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
65336461353934306534356638306230323835396365363737626131663464643138336135373463
|
||||
3435343336346162383039313638303035346162393064660a646166383538633138346535646337
|
||||
32616265393438613266363930623031303866316161656261663634616533323035313132313339
|
||||
3131636330373734640a366466323366386338626365626665343266666333383966306165353637
|
||||
35393461343066363037373234313733363939353235373730373862316133653233363531356638
|
||||
33366339303366356439363664393463323037323162623061336462376461333936386666633637
|
||||
33666339303738663535626265376561646338613136616539336431366234616562363063323637
|
||||
39386261663964353763376232356466333235646332353564323862376663626530393737356361
|
||||
63633930633066613239333432306362303432666466616263376234626137386338613537613266
|
||||
66656532346161313966346233633236313538656638323762653766613032366662633237633138
|
||||
66363137346633353938633933303636323763383231626261373162656363636233653664313539
|
||||
36646162643337306131383737313162313162326634663766326335306232356133306665306465
|
||||
66613163623631333831623835373036303263343061376435666231393035356662383163656361
|
||||
32313636636432393362633662366638313565346561363736363638643034656133636362653233
|
||||
61643734376232643361613562383938623530663463616365396533623334646232643434626439
|
||||
36623034393564386362613631333137336637353464333634393630326662623033353366616266
|
||||
35373963316563346530333439633463613035613031383437393238333862613161373438396336
|
||||
38383466333364353236323830323533613636373332383432626164386134643866373530326139
|
||||
37306230326363313264303530346338613234336164636665353530393864393163343635656234
|
||||
32653731653330313732306461353133393536376433373732383432326236303833303032373436
|
||||
63353233396663343937363434623634646261393731653633383830396461386633643434383161
|
||||
62353031613532646263633437666331316435386437626439616637663664376566386662306235
|
||||
62343239613632643266396365313134393137353962363035633165306261336436363361356134
|
||||
65313631363232306364366366353132663864623533323566313238383237663532663165373563
|
||||
34333063393365633264343464333862343135323166353233616130666630666436363138393230
|
||||
31303461393861366532373963373837316238323435313266653466663138386434303232356463
|
||||
64663330383337656435346237613831333865363463313538623037336437616638363337356461
|
||||
38623236323134393639643135303939336564313732393861356332653330396430373262333763
|
||||
63303961633463616365356663626430613133386466626562636639323762333731363934393561
|
||||
39383263393964643639353963653063656565613532303264643431316439613032373130623162
|
||||
64363230306231383064363433623734326666323461656438623662346232353934633439313931
|
||||
34653330386564333934366134646163356234306462643061343964386164663461633733666563
|
||||
33643133613365373032656262366231336639303232346434333061343661323932333130316536
|
||||
61366563636265386633333164303539333565613039666563626434623234616135346664633364
|
||||
37373937323635643461386262326135666165363163396236623338356233656161303962373566
|
||||
35326139646466333934363964366536343439323864613066383435383435333037356362313565
|
||||
38326562393339613636303133333164336265646333396333666339383031663464303361366530
|
||||
35313033363931386633373566643866323939343765313030383330313830366432353331626339
|
||||
37376638326534323932363832373435376265653863633536333032313331356666386164663739
|
||||
33356235393537326136623038316434393166373865353461396566356566653835623765393337
|
||||
39353434316639313135383337343165353932383331313463366634336663303565316362623130
|
||||
39656664306336306662323161616630393234653530383133396463383236303931633635663133
|
||||
30333034303835373436353164613536303334633432356230303538373530343262386563623166
|
||||
31643036653833386332633933306439303463633163376231393936353665303637326132396332
|
||||
66653537343162623363346637333762636366636633316464646264396461303463356232343030
|
||||
30323735303535386363333833313966633463616161376633376265643336313765653933616466
|
||||
63373938366565376631346431623237326564366539326132393535343736336562376633613164
|
||||
38656631623339373263663638386531326136383338346438396438643435353033616365353333
|
||||
30386233383539626363343838323261653864633366653362656636623639653661653165346530
|
||||
65383732383038616639636335633337393333626336313838653261663733343861386464626638
|
||||
66366139396239326634383738373638643634613061393338353638396438333438616164356438
|
||||
37346265636535333163383835316334353836666163633166383135326232373936663365363663
|
||||
32643161363037666433313239336362303264356164626538643561306463636462643230623466
|
||||
62363033303638393137333334626162636465306661376635653664353631353930653165303131
|
||||
30326461353032616130643035323461656636373337346131303533656434393830613534656130
|
||||
62613939306233356363663661323439353466633565653666366130383861636565313834636230
|
||||
36313735316566663530643564663862386461366635666238323365343237373132346137613766
|
||||
64373830393664626165633339336266656465373662646661643032386161633339626236313130
|
||||
30373165373531626465373961363539313564636133363336376631326464303139643563636439
|
||||
63653838313637346132323331363232373234396664306365373435616432636164363464353335
|
||||
65663463396333303063626265313964616136316436316239393062646334323163663738313937
|
||||
36326230386664643434366332326139633537343630633936346637353732663266313865363538
|
||||
31343331653937396230383333653438383536646438373162616263626263636230633566626139
|
||||
32333862353066323537343930393832353838623038326666386637306239616662313237323935
|
||||
36306233303237383632656164656163313363616264643630333935393066633166303938393062
|
||||
61376335623361656461373731653465386233633666323236333737323165373931366263643961
|
||||
34313837383933623765346333626537323561326130323262333465653236353133366265623261
|
||||
35373734616436373738306636346363613632383636313333626562643638326333333435623437
|
||||
34306235306637393737653339303535353030353139653138373631336335323331373231663265
|
||||
63383533323739666262353731306439653537386436363137336364623635656266363733333630
|
||||
37666463646332373539623761656438383166633538636330316362326137333230653930623965
|
||||
64633431616137376230353133613833646235343161633931626661386438323434623831383737
|
||||
35393933386365353162333035393832616531636333623331646366343536373138613035396138
|
||||
38313366343737626662613266386265666465353332336230353430663031376336303263613863
|
||||
38303431666435363939636235313761656436653562643662323535346237333236326331393830
|
||||
65323061323263326461616539343364653961616538333436343431373639316439396638396361
|
||||
65393032623333353533643565393362346236383934623432386339396439326139333966383164
|
||||
38626663323261643865613365636634383331306463633838336530666163356234633564613961
|
||||
66326632393533306337613962653437333938316263656365343135626365656461323964326433
|
||||
63343430663837613162353661363338396166323766313933393535623332323932373063633963
|
||||
61383336313230653833323134303738366365356131366532663961643065393563346364316561
|
||||
35616137663837643964376337383531313334616465363038343461373630623236316332386466
|
||||
37363132333937313364643561616562623864623666313035313864643362653138393066326431
|
||||
35666565383036386464323166353333386337336666363966396535333232663231643666316130
|
||||
31376262393832313366663938653637656339663733313364616438636236383762353231666436
|
||||
61313563643262343164323830663063663764326132663139366538646536643031316163666662
|
||||
63333432653839363865346263343339623561373036393633363937616237313737366334633035
|
||||
63393661656138323936
|
||||
@ -6,12 +6,17 @@ Requires=docker.service
|
||||
[Service]
|
||||
TimeoutStartSec=0
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker rm -f %n
|
||||
ExecStartPre=-/usr/bin/docker kill %n
|
||||
ExecStartPre=-/usr/bin/docker rm %n
|
||||
ExecStart=/usr/bin/docker run --name %n \
|
||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
|
||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} \
|
||||
-e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \
|
||||
-p 5000:5000 -p 35357:35357 \
|
||||
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys \
|
||||
-v /srv/keystone/root:/root \
|
||||
-v /srv/keystone/certs:/certs \
|
||||
-v /srv/keystone/shibboleth/sp-key.pem:/etc/shibboleth/sp-key.pem \
|
||||
-v /srv/keystone/shibboleth/sp-cert.pem:/etc/shibboleth/sp-cert.pem \
|
||||
{{ docker_image }}
|
||||
|
||||
[Install]
|
||||
|
||||
20
roles/mariadb/files/galera.cnf
Normal file
20
roles/mariadb/files/galera.cnf
Normal file
@ -0,0 +1,20 @@
|
||||
[mysqld]
|
||||
binlog_format=ROW
|
||||
default-storage-engine=innodb
|
||||
innodb_autoinc_lock_mode=2
|
||||
bind-address=0.0.0.0
|
||||
|
||||
# Galera Provider Configuration
|
||||
wsrep_on=ON
|
||||
wsrep_provider=/usr/lib/galera/libgalera_smm.so
|
||||
|
||||
# Galera Cluster Configuration
|
||||
wsrep_cluster_name="test_cluster"
|
||||
wsrep_cluster_address="gcomm://{{ ip_node0 }},{{ ip_node1 }},{{ ip_node2 }}"
|
||||
|
||||
# Galera Synchronization Configuration
|
||||
wsrep_sst_method=rsync
|
||||
|
||||
# Galera Node Configuration
|
||||
wsrep_node_address="{{ listen_ip | default(ansible_default_ipv4.address) }}"
|
||||
wsrep_node_name="{{ ansible_nodename }}"
|
||||
@ -1,12 +1,9 @@
|
||||
# Install a docker based mariadb.
|
||||
---
|
||||
- name: install service file.
|
||||
template:
|
||||
src: files/mysql.service
|
||||
dest: /etc/systemd/system/mysql.service
|
||||
mode: 644
|
||||
owner: root
|
||||
group: root
|
||||
- name: include secrets
|
||||
include_vars:
|
||||
file: ../../secrets.yml
|
||||
name: secrets
|
||||
|
||||
- name: make mariadb settings volume
|
||||
file:
|
||||
@ -16,16 +13,65 @@
|
||||
with_items:
|
||||
- /srv/mariadb/lib/mysql
|
||||
- /srv/mariadb/etc/mysql
|
||||
- /srv/mariadb/etc/mysql/conf.d
|
||||
|
||||
- name: place settings file
|
||||
copy:
|
||||
src: files/my.cnf
|
||||
dest: /srv/mariadb/etc/mysql
|
||||
dest: /srv/mariadb/etc/mysql/conf.d/my.cnf
|
||||
mode: 660
|
||||
|
||||
- command: systemctl daemon-reload
|
||||
- name: Set galara.cnf on node if we have at least three nodes.
|
||||
template:
|
||||
src: files/galera.cnf
|
||||
dest: /srv/mariadb/etc/mysql/conf.d/galera.cnf
|
||||
mode: 660
|
||||
when: groups['databases'] | length >= 3
|
||||
|
||||
# This mimics galera_new_cluster.sh
|
||||
- name: Initialize a new cluster.
|
||||
block:
|
||||
- set_fact:
|
||||
mariadb_args: "--wsrep-new-cluster"
|
||||
|
||||
- template:
|
||||
src: templates/mysql.service
|
||||
dest: /etc/systemd/system/mysql.service
|
||||
mode: 644
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- command: systemctl daemon-reload
|
||||
|
||||
- systemd:
|
||||
name: mysql.service
|
||||
state: started
|
||||
|
||||
when: groups['databases'] | length >= 3 and ansible_hostname == hostname_node0
|
||||
|
||||
- name: install service file.
|
||||
block:
|
||||
- set_fact:
|
||||
mariadb_args: ""
|
||||
- template:
|
||||
src: templates/mysql.service
|
||||
dest: /etc/systemd/system/mysql.service
|
||||
mode: 644
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Give the master node some time to initialize the cluster.
|
||||
command: bash -c "sleep 60 && systemctl daemon-reload"
|
||||
|
||||
- name: make sure service is started
|
||||
systemd:
|
||||
name: mysql.service
|
||||
state: started
|
||||
|
||||
- name: start service at boot.
|
||||
command: systemctl reenable mysql.service
|
||||
|
||||
- name: Give the cluster some time to initialize replication.
|
||||
command: bash -c "sleep 60 && systemctl daemon-reload"
|
||||
when: groups['databases'] | length >= 3
|
||||
|
||||
|
||||
@ -6,13 +6,14 @@ Requires=docker.service
|
||||
[Service]
|
||||
TimeoutStartSec=0
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker stop %n
|
||||
ExecStartPre=-/usr/bin/docker kill %n || /bin/true
|
||||
ExecStartPre=-/usr/bin/docker rm %n
|
||||
ExecStartPre=/usr/bin/docker pull mariadb:10.2
|
||||
ExecStart=/usr/bin/docker run -p 3306:3306 --name %n \
|
||||
ExecStart=/usr/bin/docker run --name %n \
|
||||
--network host \
|
||||
-v /srv/mariadb/lib/mysql:/var/lib/mysql \
|
||||
-v /srv/mariadb/etc/mysql:/etc/mysql \
|
||||
-e MYSQL_ROOT_PASSWORD=geheim mariadb:10.2
|
||||
-v /srv/mariadb/etc/mysql/conf.d:/etc/mysql/conf.d \
|
||||
-e MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }} mariadb:10.2 {{ mariadb_args }}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@ -7,8 +7,13 @@
|
||||
mode: 644
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: install service file
|
||||
command: systemctl daemon-reload
|
||||
|
||||
- name: start service at boot.
|
||||
command: systemctl reenable memcached.service
|
||||
|
||||
- name: make sure service is started
|
||||
systemd:
|
||||
name: memcached.service
|
||||
|
||||
@ -1,28 +1,38 @@
|
||||
# Build and install a docker image for neutron-controller.
|
||||
---
|
||||
- name: include secrets
|
||||
include_vars:
|
||||
file: ../../secrets.yml
|
||||
name: secrets
|
||||
|
||||
- set_fact:
|
||||
docker_image: "webhost12.service.rug.nl/hpc/openstack-neutron-controller:latest"
|
||||
docker_image: "registry.webhosting.rug.nl/hpc/openstack-neutron-controller-merlin:latest"
|
||||
|
||||
- name: pull docker image
|
||||
docker_image:
|
||||
name: "{{ docker_image }}"
|
||||
force: True
|
||||
tags: pull
|
||||
|
||||
- set_fact:
|
||||
env_vars: >
|
||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "METADATA_SECRET=geheim"
|
||||
-e "MY_IP={{ hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MYSQL_ROOT_PASSWORD=geheim"
|
||||
-e "NEUTRON_PASSWORD=geheim"
|
||||
-e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}"
|
||||
-e "MY_IP={{ listen_ip | default(hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
||||
-e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}"
|
||||
-e "NEUTRON_USER=neutron"
|
||||
-e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "NOVA_PASSWORD=geheim"
|
||||
-e "NOVA_USER=nova"
|
||||
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "PROVIDER_INTERFACE_NAME={{ provider_interface_name }}"
|
||||
-e "RABBIT_PASSWORD=geheim"
|
||||
-e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}"
|
||||
-e "NOVA_CONTROLLER_HOST={{ listen_ip | default(hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}"
|
||||
-e "NOVA_PLACEMENT_USER=placement"
|
||||
-e "OVERLAY_IP={{ overlay_ip }}"
|
||||
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
||||
-e "PHYSICAL_INTERFACE_MAPPINGS={{ physical_interface_mappings }}"
|
||||
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
|
||||
-e "RABBIT_USER=openstack"
|
||||
tags: env
|
||||
|
||||
@ -36,12 +46,15 @@
|
||||
|
||||
- command: systemctl daemon-reload
|
||||
|
||||
- name: start service at boot.
|
||||
command: systemctl reenable neutron-controller.service
|
||||
|
||||
- name: Initialize neutron
|
||||
command: >
|
||||
/usr/bin/docker run --rm
|
||||
{{ env_vars }}
|
||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
|
||||
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}
|
||||
--add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
|
||||
--add-host=keystone:{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}
|
||||
--network host
|
||||
{{ docker_image }}
|
||||
/etc/bootstrap.sh
|
||||
|
||||
@ -6,15 +6,18 @@ Requires=docker.service
|
||||
[Service]
|
||||
TimeoutStartSec=0
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker rm -f %n
|
||||
ExecStartPre=-/usr/bin/docker kill %n
|
||||
ExecStartPre=-/usr/bin/docker rm %n
|
||||
ExecStart=/usr/bin/docker run --name %n \
|
||||
{{ env_vars | replace('\n', '') }} \
|
||||
--add-host=nova-controller:{{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }} \
|
||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
|
||||
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
|
||||
--add-host=nova-controller:{{ hostvars[groups['nova-controller'][0]]['listen_ip'] | default(hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address']) }} \
|
||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} \
|
||||
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
|
||||
--add-host={{ ansible_nodename }}:{{ ansible_default_ipv4.address }} \
|
||||
--privileged \
|
||||
--network host \
|
||||
-v /lib/modules:/lib/modules \
|
||||
-v /var/run/netns:/var/run/netns \
|
||||
{{ docker_image }} /etc/run.sh
|
||||
|
||||
[Install]
|
||||
|
||||
14
roles/nova-compute/files/ceph.conf
Normal file
14
roles/nova-compute/files/ceph.conf
Normal file
@ -0,0 +1,14 @@
|
||||
[global]
|
||||
fsid = ef0b40a2-bc8c-4432-9cde-0ca7c82c8717
|
||||
mon_initial_members = merlin-managementnode002
|
||||
mon_host = 172.23.59.102
|
||||
auth_cluster_required = cephx
|
||||
auth_service_required = cephx
|
||||
auth_client_required = cephx
|
||||
|
||||
# Your network address
|
||||
public network = 172.23.59.0/24
|
||||
osd pool default size = 2
|
||||
|
||||
[client.compute]
|
||||
keyring = /etc/ceph/ceph.client.compute.keyring
|
||||
1
roles/nova-compute/files/uuid
Normal file
1
roles/nova-compute/files/uuid
Normal file
@ -0,0 +1 @@
|
||||
b5044271-1918-4070-822c-f19ed14d7494
|
||||
@ -1,14 +1,42 @@
|
||||
# Build and install a docker image for nova-controller.
|
||||
---
|
||||
- name: include secrets
|
||||
include_vars:
|
||||
file: ../../secrets.yml
|
||||
name: secrets
|
||||
tags: vars
|
||||
|
||||
- set_fact:
|
||||
docker_image: webhost12.service.rug.nl/hpc/openstack-nova-compute:latest
|
||||
tags: facts
|
||||
docker_image: registry.webhosting.rug.nl/hpc/openstack-nova-compute-merlin:latest
|
||||
tags: vars
|
||||
|
||||
- name: pull docker image
|
||||
docker_image:
|
||||
name: "{{ docker_image }}"
|
||||
force: True
|
||||
tags: pull
|
||||
|
||||
- name: Make build and persistent directories
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0777
|
||||
with_items:
|
||||
- /srv/nova-compute
|
||||
- /srv/nova-compute/etc/ceph
|
||||
|
||||
- name: copy ceph-client configurationfile
|
||||
copy:
|
||||
src: files/ceph.conf
|
||||
dest: /srv/nova-compute/etc/ceph/ceph.conf
|
||||
mode: 0644
|
||||
|
||||
- name: copy ceph-client-keyring
|
||||
copy:
|
||||
src: files/ceph.client.compute.keyring
|
||||
dest: /srv/nova-compute/etc/ceph/ceph.client.compute.keyring
|
||||
mode: 0644
|
||||
|
||||
- name: install service file.
|
||||
template:
|
||||
src: templates/nova-compute.service
|
||||
@ -16,11 +44,19 @@
|
||||
mode: 644
|
||||
owner: root
|
||||
group: root
|
||||
tags: systemd
|
||||
|
||||
#- name: set ceph client keyring
|
||||
# copy:
|
||||
# content: "{{ceph_compute_client_keyring}}"
|
||||
# dest: /srv/nova-compute/etc/ceph
|
||||
# when: use_ceph
|
||||
|
||||
- command: systemctl daemon-reload
|
||||
tags: systemd
|
||||
|
||||
- apt:
|
||||
name: '{{ item }}'
|
||||
name: "{{ item }}"
|
||||
with_items:
|
||||
- kvm
|
||||
- libvirt0
|
||||
@ -31,3 +67,15 @@
|
||||
systemd:
|
||||
name: nova-compute.service
|
||||
state: restarted
|
||||
|
||||
- name: start service at boot.
|
||||
command: systemctl reenable nova-compute.service
|
||||
|
||||
- name: let nova controler discover new host
|
||||
shell: "sleep 10 && docker exec -i nova-controller.service nova-manage cell_v2 discover_hosts"
|
||||
delegate_to: "{{ hostvars[groups['nova-controller'][0]]['ansible_hostname'] }}"
|
||||
register: result
|
||||
until: result is succeeded
|
||||
retries: 7
|
||||
delay: 3
|
||||
ignore_errors: yes
|
||||
|
||||
@ -6,33 +6,49 @@ Requires=docker.service
|
||||
[Service]
|
||||
TimeoutStartSec=0
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker rm -f %n
|
||||
ExecStartPre=-/usr/bin/docker kill %n
|
||||
ExecStartPre=-/usr/bin/docker rm %n
|
||||
ExecStart=/usr/bin/docker run --name %n \
|
||||
-e "MY_IP={{ hostvars[groups['nova-compute'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||
-e "NOVA_USER=nova" \
|
||||
-e "NOVA_COMPUTE_USER=nova_compute" \
|
||||
-e "NOVA_PASSWORD=geheim" \
|
||||
-e "NOVA_PLACEMENT_USER=placement" \
|
||||
-e "NOVA_PLACEMENT_PASSWORD=geheim" \
|
||||
-e "RABBIT_USER=openstack" \
|
||||
-e "RABBIT_PASSWORD=geheim" \
|
||||
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||
-e "MYSQL_ROOT_PASSWORD=geheim" \
|
||||
-e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||
-e "NEUTRON_PASSWORD=geheim" \
|
||||
-e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['listen_ip'] | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}" \
|
||||
-e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \
|
||||
-e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}" \
|
||||
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['listen_ip'] | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}" \
|
||||
-e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}" \
|
||||
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}" \
|
||||
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}" \
|
||||
-e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['listen_ip'] | default(hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address']) }}" \
|
||||
-e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}" \
|
||||
-e "NEUTRON_USER=neutron" \
|
||||
-e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||
-e "PROVIDER_INTERFACE_NAME={{ provider_interface_name }}" \
|
||||
-e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
|
||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
|
||||
-e "NOVA_COMPUTE_USER=nova_compute" \
|
||||
-e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['listen_ip'] | default(hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address']) }}" \
|
||||
-e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}" \
|
||||
-e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}" \
|
||||
-e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}" \
|
||||
-e "NOVA_PLACEMENT_USER=placement" \
|
||||
-e "NOVA_USER=nova" \
|
||||
-e "OVERLAY_IP={{ overlay_ip }}" \
|
||||
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}" \
|
||||
-e "PHYSICAL_INTERFACE_MAPPINGS={{ physical_interface_mappings }}" \
|
||||
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['listen_ip'] | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}" \
|
||||
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}" \
|
||||
-e "RABBIT_USER=openstack" \
|
||||
-e "USE_CEPH={{ use_ceph }}" \
|
||||
-e "MON_INITIAL_MEMBERS={{ ceph_mon_initial_members }}" \
|
||||
-e "MON_HOST={{ ceph_mon_host }}" \
|
||||
-e "PUBLIC_NETWORK={{ ceph_public_network }}" \
|
||||
-e "OSD_POOL_DEFAULT_SIZE={{ ceph_osd_pool_default_size }}" \
|
||||
-e "RBD_SECRET_UUID={{ secrets['NOVA_RBD_SECRET_UUID'] }}" \
|
||||
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
|
||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} \
|
||||
--privileged \
|
||||
-v /dev:/dev \
|
||||
-v /var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock \
|
||||
-v /var/lib/nova/instances:/var/lib/nova/instances \
|
||||
-v /var/run/netns:/var/run/netns \
|
||||
-v /lib/modules:/lib/modules \
|
||||
-v /etc/machine-id:/etc/machine-id \
|
||||
-v /etc/ceph:/etc/ceph \
|
||||
-v /etc/hosts:/etc/hosts \
|
||||
--network host \
|
||||
{{ docker_image }} /etc/run.sh
|
||||
|
||||
|
||||
@ -1,30 +1,46 @@
|
||||
# Build and install a docker image for nova-controller.
|
||||
---
|
||||
- name: include secrets
|
||||
include_vars:
|
||||
file: ../../secrets.yml
|
||||
name: secrets
|
||||
|
||||
- name: Make persistent directories
|
||||
file:
|
||||
path: "{ item }}"
|
||||
state: directory
|
||||
mode: 0777
|
||||
with_items:
|
||||
- /srv/nova-controller
|
||||
- /srv/nova-controller/root
|
||||
|
||||
- set_fact:
|
||||
docker_image: webhost12.service.rug.nl/hpc/openstack-nova-service:latest
|
||||
docker_image: registry.webhosting.rug.nl/hpc/openstack-nova-service-merlin:latest
|
||||
env_vars: >
|
||||
-e "MY_IP={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "NOVA_USER=nova"
|
||||
-e "NOVA_PASSWORD=geheim"
|
||||
-e "NOVA_PLACEMENT_USER=placement"
|
||||
-e "NOVA_PLACEMENT_PASSWORD=geheim"
|
||||
-e "RABBIT_USER=openstack"
|
||||
-e "RABBIT_PASSWORD=geheim"
|
||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MYSQL_ROOT_PASSWORD=geheim"
|
||||
-e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "NEUTRON_PASSWORD=geheim"
|
||||
-e "GLANCE_CONTROLLER_HOST={{ listen_ip | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}"
|
||||
-e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}"
|
||||
-e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
||||
-e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['listen_ip'] | default(hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}"
|
||||
-e "NEUTRON_USER=neutron"
|
||||
-e "METADATA_SECRET=geheim"
|
||||
-e "NOVA_CONTROLLER_HOST={{ listen_ip | default(hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address']) }}"
|
||||
-e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}"
|
||||
-e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}"
|
||||
-e "NOVA_PLACEMENT_USER=placement"
|
||||
-e "NOVA_USER=nova"
|
||||
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
||||
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
|
||||
-e "RABBIT_USER=openstack"
|
||||
tags: facts
|
||||
|
||||
- name: pull docker image
|
||||
docker_image:
|
||||
name: "{{ docker_image }}"
|
||||
force: True
|
||||
tags: pull
|
||||
|
||||
- name: install service file.
|
||||
@ -37,12 +53,16 @@
|
||||
|
||||
- command: systemctl daemon-reload
|
||||
|
||||
- name: start service at boot.
|
||||
command: systemctl reenable nova-controller.service
|
||||
|
||||
- name: Initialize database.
|
||||
command: >
|
||||
/usr/bin/docker run --rm
|
||||
{{ env_vars }}
|
||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
|
||||
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}
|
||||
--add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
|
||||
--add-host=keystone:{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}
|
||||
-v /srv/nova-controller/root:/root
|
||||
{{ docker_image }}
|
||||
/etc/bootstrap.sh
|
||||
tags: bootstrap
|
||||
|
||||
@ -6,14 +6,18 @@ Requires=docker.service
|
||||
[Service]
|
||||
TimeoutStartSec=0
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker rm -f %n
|
||||
ExecStartPre=-/usr/bin/docker kill %n
|
||||
ExecStartPre=-/usr/bin/docker rm %n
|
||||
ExecStart=/usr/bin/docker run --name %n \
|
||||
{{ env_vars | replace('\n', '') }} \
|
||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
|
||||
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
|
||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} \
|
||||
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
|
||||
--privileged \
|
||||
-v /srv/nova-controller/root:/root \
|
||||
-p 8774:8774 \
|
||||
-p 8775:8775 \
|
||||
-p 8778:8778 \
|
||||
-p 6080:6080 \
|
||||
{{ docker_image }} /etc/run.sh
|
||||
|
||||
[Install]
|
||||
|
||||
@ -6,16 +6,16 @@ Requires=docker.service
|
||||
[Service]
|
||||
TimeoutStartSec=0
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker stop %n
|
||||
ExecStartPre=-/usr/bin/docker kill %n
|
||||
ExecStartPre=-/usr/bin/docker rm %n
|
||||
ExecStartPre=/usr/bin/docker pull rabbitmq:latest
|
||||
ExecStart=/usr/bin/docker run \
|
||||
--add-host "{{ hostvars[groups['rabbitmq'][0]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||
--add-host "{{ hostvars[groups['rabbitmq'][1]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][1]]['ansible_default_ipv4']['address'] }}" \
|
||||
--add-host "{{ hostvars[groups['rabbitmq'][2]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][2]]['ansible_default_ipv4']['address'] }}" \
|
||||
{% for host in groups['rabbitmq'] %}
|
||||
--add-host "{{ host }}:{{ hostvars[host]['listen_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}" \
|
||||
{% endfor %}
|
||||
-p 4369:4369 -p 25679:25679 -p 25672:25672 -p 5671-5672:5671-5672 -p 8080:15672 \
|
||||
-e "RABBITMQ_DEFAULT_USER=user" -e "RABBITMQ_DEFAULT_PASS=password" \
|
||||
-e "RABBITMQ_ERLANG_COOKIE=IHyW9HpfbXRL+pZkhGd8pA==" \
|
||||
-e "RABBITMQ_DEFAULT_USER=openstack" -e "RABBITMQ_DEFAULT_PASS={{ secrets['RABBIT_PASSWORD'] }}" \
|
||||
-e "RABBITMQ_ERLANG_COOKIE={{ secrets['RABBITMQ_ERLANG_COOKIE'] }}" \
|
||||
-e "RABBITMQ_NODENAME=rabbit_{{ ansible_nodename }}" \
|
||||
--hostname "{{ ansible_nodename }}" --name %n rabbitmq:3-management
|
||||
|
||||
|
||||
@ -1,5 +1,10 @@
|
||||
# Install a docker based rabbitMQ.
|
||||
---
|
||||
- name: include secrets
|
||||
include_vars:
|
||||
file: ../../secrets.yml
|
||||
name: secrets
|
||||
|
||||
- name: install service file.
|
||||
template:
|
||||
src: files/rabbitmq.service
|
||||
@ -11,6 +16,9 @@
|
||||
- name: install service file
|
||||
command: systemctl daemon-reload
|
||||
|
||||
- name: start service at boot.
|
||||
command: systemctl reenable rabbitmq.service
|
||||
|
||||
- name: make sure service is started
|
||||
systemd:
|
||||
name: rabbitmq.service
|
||||
@ -18,7 +26,8 @@
|
||||
|
||||
- name: wait for container to be started
|
||||
wait_for:
|
||||
port: 15671
|
||||
port: 5672
|
||||
delay: 5
|
||||
|
||||
- name: setup the cluster
|
||||
command: "docker exec -i rabbitmq.service {{ item }}"
|
||||
@ -28,11 +37,3 @@
|
||||
- rabbitmqctl start_app
|
||||
when: ansible_nodename != hostname_node0
|
||||
|
||||
- name: create openstack user
|
||||
command: "docker exec -i rabbitmq.service {{ item }}"
|
||||
with_items:
|
||||
- rabbitmqctl add_user openstack geheim
|
||||
- rabbitmqctl set_permissions openstack ".*" ".*" ".*"
|
||||
when: ansible_nodename == hostname_node0
|
||||
register: command_result
|
||||
failed_when: "command_result.rc not in (0, 70)"
|
||||
|
||||
42
secrets.yml
Normal file
42
secrets.yml
Normal file
@ -0,0 +1,42 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
65633261656530663035316431306465633266376462653564613237663833333630663333643764
|
||||
6434623237626630356632313933323637316535636235330a323266636338326361343938343931
|
||||
63356362343538393030663864663363373633303231643233616563616537376239663337306464
|
||||
3164666366623639630a646633636134316561376137646632336139323265636366343938613062
|
||||
32663934633366623664636364396130333463366535333336303962633663666432623365356537
|
||||
65616339633433623761626537666131646365373334316237663839613264393564353230666134
|
||||
63386439323966343065666138636436643433363931373766363632653661363031303138646632
|
||||
61646437316265376539333661356239386533663533643864376263653237313533616263666563
|
||||
65306465313362396235393366363532353932383633623832393161323265373065326432656338
|
||||
34613761373230396332393239323733383937363339373438326434393030646231376531663963
|
||||
32623664303935623334326532383334343466613133623532363062396363626262396135626663
|
||||
35636636623833623165386137383664633561646630613930333061333466343831376332366266
|
||||
65353030383461623665653362613863646331633036616637643838666231653438636332376132
|
||||
30356433623662616430353265386632306564326633616538306632386465343636633538623263
|
||||
30366139366638613564333532333733383364323063376638613063346665663965356439636636
|
||||
32613035653134663733633731356530303338353030333532323762653864616230643931363032
|
||||
35653962373030663164383666316636616639666431656638653064303433613431636263333636
|
||||
65666138626563653538626164646265373766643131646162343366353835643031663866666137
|
||||
39363232616632323035643432626639323233333930646230613732386163383133383964623133
|
||||
33623663663130323737646133353139353833653138636338636336656562313639626162646531
|
||||
32353331333163373366616666356539306238653865616435633734393966333765313134616338
|
||||
34623337623739333439656638303363323534333165303861363334646137373037653665323961
|
||||
61623632373330323835653232353961663931326535356162656164616132623437636330653161
|
||||
65623861396665386331653734373334663532393731656430333933326264323133396463653239
|
||||
33383662303031356564666531613731663166613061383039393431643530656665306339326436
|
||||
65303063363163643362643163366365346230643936643231616530373763333536363838656130
|
||||
39326235373835326635306366653864316534663061323062376666666466363434363661623636
|
||||
31626332643839346138326336353665363838346535373335656466336665613265633461663134
|
||||
31323838336465366236353932646330333562363063616437633365353433303962346231663939
|
||||
31343133343336343431643564393839373139623365386330623665383264646163396438626539
|
||||
38343464343736363936636139653965303731353330653963383465633037633237383064396162
|
||||
33363864336235346663616230636633353361613138333236393866316165666162656565383739
|
||||
38653233346135373661613739393735343535623230653739316433376165663932366233643431
|
||||
39383261623065353932386632646134383136393664306465326637366639666433386162393237
|
||||
63663063656461653233643665306366653965393737376532356132623333383337333266316339
|
||||
33323934623734353639643330383066313632623166306337323932323933393536366361616564
|
||||
33303830333430663233336662353631663633303136346366376163353235303363326165306131
|
||||
62393166633232343065663062646435363563313961396132303737343263363363613137636236
|
||||
31316464613164353233366364306136663735343361333335353564666131396332643461303966
|
||||
65316339616166343232613632363030386432656339623363356661323163353563326238633863
|
||||
6431
|
||||
13
secrets.yml.topol
Normal file
13
secrets.yml.topol
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
GLANCE_PASSWORD:
|
||||
METADATA_SECRET:
|
||||
MYSQL_ROOT_PASSWORD:
|
||||
NEUTRON_PASSWORD:
|
||||
NOVA_PASSWORD:
|
||||
NOVA_PLACEMENT_PASSWORD:
|
||||
OS_PASSWORD: # Keystone admin password
|
||||
OS_DEMO_PASSWORD: # Keystone demo user password
|
||||
RABBIT_PASSWORD:
|
||||
RABBITMQ_ERLANG_COOKIE:
|
||||
CINDER_PASSWORD:
|
||||
HEAT_PASSWORD:
|
||||
17
set_ceph_secrets.yml
Normal file
17
set_ceph_secrets.yml
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
|
||||
- hosts: nova-compute
|
||||
become: true
|
||||
tasks:
|
||||
- copy:
|
||||
src: ceph.xml
|
||||
dest: /root/ceph.xml
|
||||
mode: 0644
|
||||
- name: include secrets
|
||||
include_vars:
|
||||
file: secrets.yml
|
||||
name: secrets
|
||||
- command: virsh secret-define --file /root/ceph.xml
|
||||
- command: >
|
||||
virsh secret-set-value --secret d0db6ba7-a0c9-4da6-b0bc-aa7846325333
|
||||
--base64 {{ secrets['ceph_client_volumes_key'] }}
|
||||
14
settings.yml
Normal file
14
settings.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
- allocation_pool:
|
||||
start: 172.23.128.50
|
||||
end: 172.23.128.249
|
||||
|
||||
- dns_nameserver: 129.125.4.6
|
||||
|
||||
- gateway: 172.23.128.250
|
||||
|
||||
- subnet_range: 172.23.128.0/24
|
||||
|
||||
- rsa_pub: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStPUPXkcu81onUm/le54JCu174yXJJDsthDr96Mv8irBVBWuy5FxnaASuDpmC4QE4s0UAIg1iq/SWrr8qdBQ4OVuYFiW0S7ZJvcoKr/40Wh+T5MeltGQfmkDp6kBsfaMSo6M4tF1c8i+XgOgxb4fxHYb8mFhseztRLx6McxJJJLB0nu+T12WQ01nl0XtwD+3EsZWfxRH0KA59VHZSe3Anc5z+Fm7WU+1Vzy6/pkiIhVReI1L6VVhZsIdSu3fQK6fHQcujtfuw6RKEpisZQqnxMUviWQ98yeQXHk6Nx840WCh3vvKveEAoC4Y/UEZa1TMe6PczfUaLjaidUkpulJsP egon@egon-pc
|
||||
|
||||
- use_ceph: True
|
||||
4
site.yml
4
site.yml
@ -7,5 +7,9 @@
|
||||
- include: glance-controller.yml
|
||||
- include: nova-controller.yml
|
||||
- include: neutron-controller.yml
|
||||
- include: cinder-controller.yml
|
||||
- include: cinder-storage.yml
|
||||
- include: nova-compute.yml
|
||||
- include: horizon.yml
|
||||
- include: heat.yml
|
||||
- include: post-install.yml
|
||||
|
||||
48
test_hosts
Normal file
48
test_hosts
Normal file
@ -0,0 +1,48 @@
|
||||
[databases]
|
||||
openstack-test05
|
||||
openstack-test06
|
||||
openstack-test07
|
||||
|
||||
[keystone]
|
||||
openstack-test05
|
||||
|
||||
[glance-controller]
|
||||
openstack-test05
|
||||
|
||||
[horizon]
|
||||
openstack-test05
|
||||
|
||||
[rabbitmq]
|
||||
openstack-test05
|
||||
openstack-test06
|
||||
openstack-test07
|
||||
|
||||
[memcached]
|
||||
openstack-test05
|
||||
|
||||
[neutron-controller]
|
||||
openstack-test05 physical_interface_mappings=provider:enp4s0f0
|
||||
|
||||
[nova-controller]
|
||||
openstack-test05
|
||||
|
||||
[cinder-controller]
|
||||
openstack-test05
|
||||
|
||||
[heat]
|
||||
openstack-test05
|
||||
|
||||
[cinder-storage]
|
||||
openstack-test05 storage_volume=/dev/openstack-test05-vg/cinder
|
||||
openstack-test06 storage_volume=/dev/openstack-test06-vg/cinder
|
||||
openstack-test07 storage_volume=/dev/openstack-test07-vg/cinder
|
||||
openstack-test08 storage_volume=/dev/openstack-test08-vg/cinder
|
||||
openstack-test09 storage_volume=/dev/openstack-test09-vg/cinder
|
||||
openstack-test10 storage_volume=/dev/openstack-test10-vg/cinder
|
||||
|
||||
[nova-compute]
|
||||
openstack-test06 physical_interface_mappings=provider:enp4s0f0
|
||||
openstack-test07 physical_interface_mappings=provider:enp4s0f0
|
||||
openstack-test08 physical_interface_mappings=provider:enp4s0f0
|
||||
openstack-test09 physical_interface_mappings=provider:enp4s0f0
|
||||
openstack-test10 physical_interface_mappings=provider:enp4s0f0
|
||||
18
ubuntucloudrepo.yml
Normal file
18
ubuntucloudrepo.yml
Normal file
@ -0,0 +1,18 @@
|
||||
---
|
||||
- hosts: all
|
||||
name: Dummy to gather facts
|
||||
become: true
|
||||
tasks:
|
||||
|
||||
- name: install openstack repo key host.
|
||||
command: apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
|
||||
tags: openstackclient
|
||||
|
||||
- name: install openstack repo on host.
|
||||
apt_repository:
|
||||
repo: "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main"
|
||||
filename: ocata
|
||||
tags: openstackclient
|
||||
|
||||
- apt:
|
||||
update_cache: yes
|
||||
Reference in New Issue
Block a user