Compare commits

..

2 Commits

Author SHA1 Message Date
Egon Rijpkema
e59d2c1c98 Merge branch 'feature/encrypted-paswords' into develop 2017-08-17 10:41:17 +02:00
Egon Rijpkema
7a6c9ac360 Made Roles use repo wide secrets file.
Made keystone use repo wide secrets file.

Made glance-controller use repo wide secrets file.

kill and then remove image

Made neutron-controller use repo wide secrets file.

Made nova-controller use repo wide secrets file

Made nova-compute use repo wide secrets file.

 Made rabbitmq use repo wide secrets file.

Allow creation of admin-openrc.sh in docker.

added provider_interfaces.

added persistent root folder.

make each dir explicitely

added missing env vars.

mapped kvm machine-id from host
2017-08-17 10:41:01 +02:00
21 changed files with 138 additions and 121 deletions

4
hosts
View File

@ -34,10 +34,10 @@ openstack01-node03
#run_options="-e CASSANDRA_SEEDS=172.23.41.1" #run_options="-e CASSANDRA_SEEDS=172.23.41.1"
[neutron-controller] [neutron-controller]
openstack01-node01 openstack01-node01 provider_interface_name=ens192
[nova-controller] [nova-controller]
openstack01-node03 openstack01-node03
[nova-compute] [nova-compute]
openstack01-node04 openstack01-node04 provider_interface_name=dummy0

View File

@ -1,18 +1,24 @@
# Build and install a docker image for glance. # Build and install a docker image for glance.
--- ---
- name: include secrets
include_vars:
file: ../../secrets.yml
name: secrets
- set_fact: - set_fact:
docker_image: webhost12.service.rug.nl/hpc/openstack-glance:latest docker_image: webhost12.service.rug.nl/hpc/openstack-glance:latest
env_vars: > env_vars: >
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" -e "GLANCE_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}"
-e "GLANCE_PASSWORD={{ secrets['GLANCE_PASSWORD'] }}"
-e "GLANCE_USER=glance"
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
-e "MYSQL_ROOT_PASSWORD=geheim" -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
-e "GLANCE_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}" -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
-e "GLANCE_USER=glance" -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
-e "GLANCE_PASSWORD=geheim"
-e "RABBIT_USER=openstack" -e "RABBIT_USER=openstack"
-e "RABBIT_PASSWORD=geheim"
- name: pull docker image - name: pull docker image
docker_image: docker_image:
@ -26,6 +32,7 @@
mode: 0777 mode: 0777
with_items: with_items:
- /srv/glance - /srv/glance
- /srv/glance/root
- name: install service file. - name: install service file.
template: template:
@ -42,6 +49,7 @@
/usr/bin/docker run --rm /usr/bin/docker run --rm
{{ env_vars }} {{ env_vars }}
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \ --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
-v /srv/glance/root:/root \
{{ docker_image }} /etc/bootstrap.sh {{ docker_image }} /etc/bootstrap.sh
tags: bootstrap tags: bootstrap

View File

@ -6,9 +6,11 @@ Requires=docker.service
[Service] [Service]
TimeoutStartSec=0 TimeoutStartSec=0
Restart=always Restart=always
ExecStartPre=-/usr/bin/docker rm -f %n ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \ ExecStart=/usr/bin/docker run --name %n \
{{ env_vars | replace('\n', '') }} \ {{ env_vars | replace('\n', '') }} \
-v /srv/glance/root:/root \
-p 9292:9292 \ -p 9292:9292 \
{{ docker_image }} {{ docker_image }}

View File

@ -6,7 +6,8 @@ Requires=docker.service
[Service] [Service]
TimeoutStartSec=0 TimeoutStartSec=0
Restart=always Restart=always
ExecStartPre=-/usr/bin/docker rm -f %n ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \ ExecStart=/usr/bin/docker run --name %n \
-e "MEMCACHED_SERVER={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \ -e "MEMCACHED_SERVER={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \ -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \

View File

@ -1,31 +0,0 @@
# Build keystone. It needs to be run with
# --add-host=mariadb:<ip mariadb listens tp>
# Wen starting with an initialized db,
# run keystone-manage db_sync from this docker first:
# $ docker run hpc/keystone --add-host=mariadb:<ip mariadb> "keystone-manage db_sync"
FROM ubuntu:16.04
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
RUN set -x \
&& echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
&& apt-get -y update \
&& apt-get -y install \
&& apt-get -y install keystone python-openstackclient \
&& apt-get -y clean
# set admin token TODO: make this a secret
# in volume of met env
COPY keystone.conf /etc/keystone/keystone.conf
RUN mkdir /etc/keystone/fernet-keys
RUN chown keystone: /etc/keystone/fernet-keys
COPY admin-openrc.sh root/admin-openrc.sh
COPY bootstrap.sh /etc/bootstrap.sh
#RUN keystone-manage db_sync
CMD apachectl -DFOREGROUND

View File

@ -1,16 +0,0 @@
#!/bin/bash
source /root/admin-openrc.sh
openstack project create --domain default \
--description "Service Project" service
openstack project create --domain default \
--description "Demo Project" demo
openstack user create --domain default \
--password geheim demo
openstack role create user
openstack role add --project demo --user demo user

View File

@ -1,12 +0,0 @@
[DEFAULT]
verbose = true
[database]
connection = mysql+pymysql://keystone:keystone@mariadb/keystone
[token]
provider = fernet
[identity]
default_domain_id = default

View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Start a mariadb container to use its mysql client to initialize the keystone database. # Start a mariadb container to use its mysql client to initialize the keystone database.
docker run --rm -i mariadb:10.2 mysql -uroot -pgeheim --host "$1" << EOF docker run --rm -i mariadb:10.2 mysql -uroot -p"$MYSQL_ROOT_PASSWORD" --host "$DB_HOST" << EOF
CREATE DATABASE IF NOT EXISTS keystone; CREATE DATABASE IF NOT EXISTS keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';

View File

@ -1,10 +1,20 @@
# Build and install a docker image for keystone. # Build and install a docker image for keystone.
--- ---
- name: include secrets
include_vars:
file: ../../secrets.yml
name: secrets
- name: Make persistent directories - name: Make persistent directories
file: file:
path: /srv/keystone/fernet-keys path: "{{ item }}"
state: directory state: directory
mode: 0777 mode: 0777
with_items:
- /srv
- /srv/keystone
- /srv/keystone/fernet-keys
- /srv/keystone/root
- set_fact: - set_fact:
docker_image: webhost12.service.rug.nl/hpc/openstack-keystone:latest docker_image: webhost12.service.rug.nl/hpc/openstack-keystone:latest
@ -26,7 +36,10 @@
command: systemctl daemon-reload command: systemctl daemon-reload
- name: Initialize db - name: Initialize db
script: scripts/initialize_db.sh {{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} script: scripts/initialize_db.sh
environment:
MYSQL_ROOT_PASSWORD: "{{ secrets['MYSQL_ROOT_PASSWORD'] }}"
DB_HOST: "{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
register: result register: result
until: result|succeeded until: result|succeeded
# sometimes the initial connect fails. # sometimes the initial connect fails.
@ -47,7 +60,7 @@
- fernet_setup --keystone-user keystone --keystone-group keystone - fernet_setup --keystone-user keystone --keystone-group keystone
- credential_setup --keystone-user keystone --keystone-group keystone - credential_setup --keystone-user keystone --keystone-group keystone
- > - >
bootstrap --bootstrap-password geheim bootstrap --bootstrap-password {{ secrets['OS_PASSWORD'] }}
--bootstrap-admin-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/ --bootstrap-admin-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
--bootstrap-internal-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/ --bootstrap-internal-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
--bootstrap-public-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:5000/v3/ --bootstrap-public-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:5000/v3/
@ -63,5 +76,8 @@
/usr/bin/docker run --rm /usr/bin/docker run --rm
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
-v /srv/keystone/root:/root
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-e "OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3"
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
{{ docker_image }} bash /etc/bootstrap.sh {{ docker_image }} bash /etc/bootstrap.sh

View File

@ -1,5 +1,5 @@
export OS_TENANT_NAME=admin export OS_TENANT_NAME=admin
export OS_USERNAME=admin export OS_USERNAME=admin
export OS_PASSWORD=geheim export OS_PASSWORD={{ hostvars[groups['keystone'][0]]['OS_PASSWORD'] }}
export OS_AUTH_URL=http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3 export OS_AUTH_URL=http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3
export OS_IDENTITY_API_VERSION=3 export OS_IDENTITY_API_VERSION=3

View File

@ -6,12 +6,14 @@ Requires=docker.service
[Service] [Service]
TimeoutStartSec=0 TimeoutStartSec=0
Restart=always Restart=always
ExecStartPre=-/usr/bin/docker rm -f %n ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \ ExecStart=/usr/bin/docker run --name %n \
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \ --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \ -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
-p 5000:5000 -p 35357:35357 \ -p 5000:5000 -p 35357:35357 \
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys \ -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys \
-v /srv/keystone/root:/root \
{{ docker_image }} {{ docker_image }}
[Install] [Install]

View File

@ -1,8 +1,13 @@
# Install a docker based mariadb. # Install a docker based mariadb.
--- ---
- name: include secrets
include_vars:
file: ../../secrets.yml
name: secrets
- name: install service file. - name: install service file.
template: template:
src: files/mysql.service src: templates/mysql.service
dest: /etc/systemd/system/mysql.service dest: /etc/systemd/system/mysql.service
mode: 644 mode: 644
owner: root owner: root

View File

@ -6,13 +6,13 @@ Requires=docker.service
[Service] [Service]
TimeoutStartSec=0 TimeoutStartSec=0
Restart=always Restart=always
ExecStartPre=-/usr/bin/docker stop %n ExecStartPre=-/usr/bin/docker kill %n || /bin/true
ExecStartPre=-/usr/bin/docker rm %n ExecStartPre=-/usr/bin/docker rm %n
ExecStartPre=/usr/bin/docker pull mariadb:10.2 ExecStartPre=/usr/bin/docker pull mariadb:10.2
ExecStart=/usr/bin/docker run -p 3306:3306 --name %n \ ExecStart=/usr/bin/docker run -p 3306:3306 --name %n \
-v /srv/mariadb/lib/mysql:/var/lib/mysql \ -v /srv/mariadb/lib/mysql:/var/lib/mysql \
-v /srv/mariadb/etc/mysql:/etc/mysql \ -v /srv/mariadb/etc/mysql:/etc/mysql \
-e MYSQL_ROOT_PASSWORD=geheim mariadb:10.2 -e MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }} mariadb:10.2
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View File

@ -1,5 +1,10 @@
# Build and install a docker image for neutron-controller. # Build and install a docker image for neutron-controller.
--- ---
- name: include secrets
include_vars:
file: ../../secrets.yml
name: secrets
- set_fact: - set_fact:
docker_image: "webhost12.service.rug.nl/hpc/openstack-neutron-controller:latest" docker_image: "webhost12.service.rug.nl/hpc/openstack-neutron-controller:latest"
@ -11,18 +16,19 @@
- set_fact: - set_fact:
env_vars: > env_vars: >
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-e "METADATA_SECRET=geheim" -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
-e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}"
-e "MY_IP={{ hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address'] }}" -e "MY_IP={{ hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address'] }}"
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
-e "MYSQL_ROOT_PASSWORD=geheim" -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
-e "NEUTRON_PASSWORD=geheim" -e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}"
-e "NEUTRON_USER=neutron" -e "NEUTRON_USER=neutron"
-e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}" -e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
-e "NOVA_PASSWORD=geheim" -e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}"
-e "NOVA_USER=nova" -e "NOVA_PLACEMENT_USER=placement"
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
-e "PROVIDER_INTERFACE_NAME={{ provider_interface_name }}" -e "PROVIDER_INTERFACE_NAME={{ provider_interface_name }}"
-e "RABBIT_PASSWORD=geheim" -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
-e "RABBIT_USER=openstack" -e "RABBIT_USER=openstack"
tags: env tags: env

View File

@ -6,7 +6,8 @@ Requires=docker.service
[Service] [Service]
TimeoutStartSec=0 TimeoutStartSec=0
Restart=always Restart=always
ExecStartPre=-/usr/bin/docker rm -f %n ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \ ExecStart=/usr/bin/docker run --name %n \
{{ env_vars | replace('\n', '') }} \ {{ env_vars | replace('\n', '') }} \
--add-host=nova-controller:{{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }} \ --add-host=nova-controller:{{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }} \

View File

@ -1,5 +1,10 @@
# Build and install a docker image for nova-controller. # Build and install a docker image for nova-controller.
--- ---
- name: include secrets
include_vars:
file: ../../secrets.yml
name: secrets
- set_fact: - set_fact:
docker_image: webhost12.service.rug.nl/hpc/openstack-nova-compute:latest docker_image: webhost12.service.rug.nl/hpc/openstack-nova-compute:latest
tags: facts tags: facts

View File

@ -6,33 +6,37 @@ Requires=docker.service
[Service] [Service]
TimeoutStartSec=0 TimeoutStartSec=0
Restart=always Restart=always
ExecStartPre=-/usr/bin/docker rm -f %n ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \ ExecStart=/usr/bin/docker run --name %n \
-e "MY_IP={{ hostvars[groups['nova-compute'][0]]['ansible_default_ipv4']['address'] }}" \ -e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}" \
-e "NOVA_USER=nova" \
-e "NOVA_COMPUTE_USER=nova_compute" \
-e "NOVA_PASSWORD=geheim" \
-e "NOVA_PLACEMENT_USER=placement" \
-e "NOVA_PLACEMENT_PASSWORD=geheim" \
-e "RABBIT_USER=openstack" \
-e "RABBIT_PASSWORD=geheim" \
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" \
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \ -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \ -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \
-e "MY_IP={{ hostvars[groups['nova-compute'][0]]['ansible_default_ipv4']['address'] }}" \
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" \ -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" \
-e "MYSQL_ROOT_PASSWORD=geheim" \ -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}" \
-e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address'] }}" \ -e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address'] }}" \
-e "NEUTRON_PASSWORD=geheim" \ -e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}" \
-e "NEUTRON_USER=neutron" \ -e "NEUTRON_USER=neutron" \
-e "NOVA_COMPUTE_USER=nova_compute" \
-e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}" \ -e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}" \
-e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}" \
-e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}" \
-e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}" \
-e "NOVA_PLACEMENT_USER=placement" \
-e "NOVA_USER=nova" \
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}" \
-e "PROVIDER_INTERFACE_NAME={{ provider_interface_name }}" \ -e "PROVIDER_INTERFACE_NAME={{ provider_interface_name }}" \
-e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}" \ -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" \
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}" \
-e "RABBIT_USER=openstack" \
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \ --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \ --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
--privileged \ --privileged \
-v /var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock \ -v /var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock \
-v /var/lib/nova/instances:/var/lib/nova/instances \ -v /var/lib/nova/instances:/var/lib/nova/instances \
-v /lib/modules:/lib/modules \ -v /lib/modules:/lib/modules \
-v /etc/machine-id:/etc/machine-id \
--network host \ --network host \
{{ docker_image }} /etc/run.sh {{ docker_image }} /etc/run.sh

View File

@ -1,25 +1,39 @@
# Build and install a docker image for nova-controller. # Build and install a docker image for nova-controller.
--- ---
- name: include secrets
include_vars:
file: ../../secrets.yml
name: secrets
- name: Make persistent directories
file:
path: "{ item }}"
state: directory
mode: 0777
with_items:
- /srv/nova-controller
- /srv/nova-controller/root
- set_fact: - set_fact:
docker_image: webhost12.service.rug.nl/hpc/openstack-nova-service:latest docker_image: webhost12.service.rug.nl/hpc/openstack-nova-service:latest
env_vars: > env_vars: >
-e "MY_IP={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
-e "NOVA_USER=nova"
-e "NOVA_PASSWORD=geheim"
-e "NOVA_PLACEMENT_USER=placement"
-e "NOVA_PLACEMENT_PASSWORD=geheim"
-e "RABBIT_USER=openstack"
-e "RABBIT_PASSWORD=geheim"
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
-e "MYSQL_ROOT_PASSWORD=geheim"
-e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
-e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}" -e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}"
-e "NEUTRON_PASSWORD=geheim" -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
-e "MY_IP={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
-e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}"
-e "NEUTRON_USER=neutron" -e "NEUTRON_USER=neutron"
-e "METADATA_SECRET=geheim" -e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
-e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}"
-e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}"
-e "NOVA_PLACEMENT_USER=placement"
-e "NOVA_USER=nova"
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
-e "RABBIT_USER=openstack"
tags: facts tags: facts
- name: pull docker image - name: pull docker image
@ -43,6 +57,7 @@
{{ env_vars }} {{ env_vars }}
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}
-v /srv/nova-controller/root:/root
{{ docker_image }} {{ docker_image }}
/etc/bootstrap.sh /etc/bootstrap.sh
tags: bootstrap tags: bootstrap

View File

@ -6,14 +6,17 @@ Requires=docker.service
[Service] [Service]
TimeoutStartSec=0 TimeoutStartSec=0
Restart=always Restart=always
ExecStartPre=-/usr/bin/docker rm -f %n ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \ ExecStart=/usr/bin/docker run --name %n \
{{ env_vars | replace('\n', '') }} \ {{ env_vars | replace('\n', '') }} \
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \ --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
--add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \ --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
--privileged \ --privileged \
-v /srv/nova-controller/root:/root \
-p 8774:8774 \ -p 8774:8774 \
-p 8778:8778 \ -p 8778:8778 \
-p 6080:6080 \
{{ docker_image }} /etc/run.sh {{ docker_image }} /etc/run.sh
[Install] [Install]

View File

@ -6,7 +6,7 @@ Requires=docker.service
[Service] [Service]
TimeoutStartSec=0 TimeoutStartSec=0
Restart=always Restart=always
ExecStartPre=-/usr/bin/docker stop %n ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n ExecStartPre=-/usr/bin/docker rm %n
ExecStartPre=/usr/bin/docker pull rabbitmq:latest ExecStartPre=/usr/bin/docker pull rabbitmq:latest
ExecStart=/usr/bin/docker run \ ExecStart=/usr/bin/docker run \
@ -14,8 +14,8 @@ ExecStart=/usr/bin/docker run \
--add-host "{{ hostvars[groups['rabbitmq'][1]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][1]]['ansible_default_ipv4']['address'] }}" \ --add-host "{{ hostvars[groups['rabbitmq'][1]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][1]]['ansible_default_ipv4']['address'] }}" \
--add-host "{{ hostvars[groups['rabbitmq'][2]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][2]]['ansible_default_ipv4']['address'] }}" \ --add-host "{{ hostvars[groups['rabbitmq'][2]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][2]]['ansible_default_ipv4']['address'] }}" \
-p 4369:4369 -p 25679:25679 -p 25672:25672 -p 5671-5672:5671-5672 -p 8080:15672 \ -p 4369:4369 -p 25679:25679 -p 25672:25672 -p 5671-5672:5671-5672 -p 8080:15672 \
-e "RABBITMQ_DEFAULT_USER=user" -e "RABBITMQ_DEFAULT_PASS=password" \ -e "RABBITMQ_DEFAULT_USER=user" -e "RABBITMQ_DEFAULT_PASS={{ secrets['RABBIT_PASSWORD'] }}" \
-e "RABBITMQ_ERLANG_COOKIE=IHyW9HpfbXRL+pZkhGd8pA==" \ -e "RABBITMQ_ERLANG_COOKIE={{ secrets['RABBITMQ_ERLANG_COOKIE'] }}" \
-e "RABBITMQ_NODENAME=rabbit_{{ ansible_nodename }}" \ -e "RABBITMQ_NODENAME=rabbit_{{ ansible_nodename }}" \
--hostname "{{ ansible_nodename }}" --name %n rabbitmq:3-management --hostname "{{ ansible_nodename }}" --name %n rabbitmq:3-management

View File

@ -1,5 +1,13 @@
# Install a docker based rabbitMQ. # Install a docker based rabbitMQ.
--- ---
- name: include secrets
include_vars:
file: ../../secrets.yml
name: secrets
- include_vars:
dir: 'vars'
- name: install service file. - name: install service file.
template: template:
src: files/rabbitmq.service src: files/rabbitmq.service
@ -18,7 +26,7 @@
- name: wait for container to be started - name: wait for container to be started
wait_for: wait_for:
port: 15671 port: 5672
- name: setup the cluster - name: setup the cluster
command: "docker exec -i rabbitmq.service {{ item }}" command: "docker exec -i rabbitmq.service {{ item }}"
@ -31,7 +39,7 @@
- name: create openstack user - name: create openstack user
command: "docker exec -i rabbitmq.service {{ item }}" command: "docker exec -i rabbitmq.service {{ item }}"
with_items: with_items:
- rabbitmqctl add_user openstack geheim - rabbitmqctl add_user openstack "{{ secrets['RABBIT_PASSWORD'] }}"
- rabbitmqctl set_permissions openstack ".*" ".*" ".*" - rabbitmqctl set_permissions openstack ".*" ".*" ".*"
when: ansible_nodename == hostname_node0 when: ansible_nodename == hostname_node0
register: command_result register: command_result