Fixed syntax error.

.. without running other tasks

ansible.cfg

@@ -1,2 +1,5 @@
 [defaults]
-hostfile = hosts
+inventory = merlin
+stdout_callback = debug
+vault_password_file = .vault_pass.txt
+forks = 20

ceph.xml

@@ -0,0 +1,6 @@
+<secret ephemeral="no" private="no">
+<uuid>d0db6ba7-a0c9-4da6-b0bc-aa7846325333</uuid>
+<usage type="ceph">
+<name>client.volumes secret</name>
+</usage>
+</secret>

cinder-controller.yml

@@ -2,6 +2,8 @@
 - hosts: all
   name: Dummy to gather facts
   tasks: []
+  tags:
+     - facts
 
 - hosts: cinder-controller
   become: True

create-non-administrative-user

@@ -0,0 +1,5 @@
+openstack project create --domain default --description "GCC testproject" gcc
+openstack user create --domain default --password-prompt gcc-user
+openstack role add --project gcc --user gcc-user user
+openstack user create --domain default --password-prompt gcc-admin
+openstack role add --project gcc --user gcc-admin admin

gcc-post-install.yml

@@ -0,0 +1,35 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: keystone
+  become: True
+  vars_files:
+    - settings.yml
+  tasks:
+    - name: copy public key
+      copy:
+        content: "{{ rsa_pub }}"
+        dest: /srv/keystone/root/id_rsa.pub
+    - name: post install configuration
+      command: docker exec -i keystone.service bash -c "source /root/admin-openrc.sh && {{ item }}"
+      with_items:
+        - openstack network create --share --external --provider-physical-network provider --provider-network-type vlan --provider-segment 985 vlan985
+        - >
+            openstack subnet create --subnet-range 172.23.34.0/24 --gateway 172.23.34.1
+            --network vlan985 --allocation-pool start=172.23.34.50,end=172.23.34.60
+            --dns-nameserver 8.8.4.4 vlan985_subnet
+        - openstack network create --share --external --provider-physical-network provider --provider-network-type vlan --provider-segment 16 vlan16
+        - >
+            openstack subnet create --subnet-range 195.169.22.0/23 --gateway 195.169.23.251
+            --network vlan16 --allocation-pool start=195.169.22.237,end=195.169.22.237
+            --dns-nameserver 8.8.4.4 vlan16_subnet
+
+        - openstack flavor create --ram 4096 --disk 40 --vcpus 2  "Molgenis Dual"
+        - openstack flavor create --ram 16384 --disk 40 --vcpus 4  "Molgenis Quad 16GB"
+        - openstack flavor create --ram 8192 --disk 40 --vcpus 4  "Molgenis Quad 8GB"
+
+        - openstack keypair create --public-key /root/id_rsa.pub adminkey
+
+

gcc-site.yml

@@ -0,0 +1,14 @@
+---
+- include: common.yml
+- include: rabbitmq.yml
+- include: memcached.yml
+- include: mariadb.yml
+- include: keystone.yml
+- include: glance-controller.yml
+- include: nova-controller.yml
+- include: neutron-controller.yml
+- include: cinder-controller.yml
+- include: cinder-storage.yml
+- include: nova-compute.yml
+- include: horizon.yml
+- include: gcc-post-install.yml

generate_secrets.py

@@ -5,6 +5,7 @@ Open the secrets.yml and replace all passwords.
 Original is backed up.
 """
 
+from os import path
 import random
 import string
 from subprocess import call
@@ -27,7 +28,8 @@ for key, value in data.iteritems():
         for _ in range(pass_length))
 
 # Make numbered backups of the secrets file.
-call(['cp', '--backup=numbered', 'secrets.yml', 'secrets.yml.bak'])
+if path.isfile('secrets.yml'):
+    call(['cp', '--backup=numbered', 'secrets.yml', 'secrets.yml.bak'])
 
 with open('secrets.yml', 'w') as f:
     dump(data, f, Dumper=Dumper, default_flow_style=False)

group_vars/all.yml

@@ -0,0 +1,9 @@
+---
+use_ceph: true
+ceph_mon_initial_members:
+ceph_mon_host:
+ceph_public_network:
+ceph_osd_pool_default_size:
+ceph_compute_client_keyring:
+ceph_cinder_client_keyring:
+ceph_images_client_keyring:

heat.yml

@@ -0,0 +1,9 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  tasks: []
+
+- hosts: heat
+  become: True
+  roles:
+     - heat

heat_templates/example_cluster.yml

@@ -0,0 +1,137 @@
+---
+heat_template_version: 2015-04-30
+
+description: Simple Example template to deploy a virtual compute cluster.
+
+parameters:
+  image_name:
+    type: string
+    label: Image Name
+    description: Name of image to be used for compute instance
+  public_net:
+    type: string
+    label: Public Net Name
+    description: Public network used for router.
+  ssh_key:
+    type: string
+    label: ssh key name.
+    description: ssh public key name. (Must be uploaded to openstack first)
+  compute_flavor:
+    type: string
+    label: Flavor for compute nodes,
+    description: Flavor with which to start compute nodes.
+  aux_flavor:
+    type: string
+    label: Flavor for auxiliary nodes.
+    description: Flavor with which to start auxiliary nodes. (for now only the interface machine)
+  cidr:
+    type: string
+    label: Cidr for internal subnet
+    description: Cidr for the subnet of the internal user network.
+  internal_net_name:
+    type: string
+    label: Name for the internal network
+    description: Name for the internal network of this cluster.
+  volume_size:
+    type: string
+    label: Size (GB)
+    description: Size (GB) of the volume for each compute node
+
+
+resources:
+  internal_net:
+    type: OS::Neutron::Net
+    properties:
+      name: {get_param: internal_net_name}
+
+  internal_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      network_id: {get_resource: internal_net}
+      cidr: {get_param: cidr}
+      dns_nameservers: ["129.125.4.6", "129.125.36.10"]
+      ip_version: 4
+
+  internal_router:
+    type: OS::Neutron::Router
+    properties:
+      external_gateway_info: {network: {get_param: public_net}}
+
+  internal_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router_id: {get_resource: internal_router}
+      subnet: {get_resource: internal_subnet}
+
+  public_port:
+    type: OS::Neutron::Port
+    properties:
+      network_id: {get_resource: internal_net}
+      fixed_ips:
+        - subnet_id: {get_resource: internal_subnet}
+      security_groups:
+        - default
+
+  floating_ip:
+    type: OS::Neutron::FloatingIP
+    properties:
+      floating_network_id: {get_param: public_net}
+      port_id: {get_resource: public_port}
+
+  interface:  # User-interface for cluster-operation
+    type: OS::Nova::Server
+    properties:
+      key_name: {get_param: ssh_key}
+      image: {get_param: image_name}
+      flavor: {get_param: aux_flavor}
+      networks:
+        - port: {get_resource: public_port}
+
+  admin:  # Machine to run slurm and other admin tools on.
+    type: OS::Nova::Server
+    properties:
+      key_name: {get_param: ssh_key}
+      image: {get_param: image_name}
+      flavor: {get_param: aux_flavor}
+      networks:
+        - network: {get_resource: internal_net}
+
+  vcompute01-volume:
+    type: OS::Cinder::Volume
+    properties:
+      size: {get_param: volume_size}
+
+  vcompute01:
+    type: OS::Nova::Server
+    properties:
+      key_name: adminkey
+      image: {get_param: image_name}
+      flavor: {get_param: compute_flavor}
+      networks:
+        - network: {get_resource: internal_net}
+
+  volume_attachment:
+    type: OS::Cinder::VolumeAttachment
+    properties:
+      volume_id: {get_resource: vcompute01-volume}
+      instance_uuid: {get_resource: vcompute01}
+
+  vcompute02-volume:
+    type: OS::Cinder::Volume
+    properties:
+      size: {get_param: volume_size}
+
+  vcompute02:
+    type: OS::Nova::Server
+    properties:
+      key_name: adminkey
+      image: {get_param: image_name}
+      flavor: {get_param: compute_flavor}
+      networks:
+        - network: {get_resource: internal_net}
+
+  volume_attachment:
+    type: OS::Cinder::VolumeAttachment
+    properties:
+      volume_id: {get_resource: vcompute02-volume}
+      instance_uuid: {get_resource: vcompute02}

hosts

@@ -1,5 +1,9 @@
+# A demo cluster of three nodes.
+
 [databases]
+openstack01-node01
 openstack01-node02
+openstack01-node03
 
 [keystone]
 openstack01-node03
@@ -15,26 +19,11 @@ openstack01-node01
 openstack01-node02
 openstack01-node03
 
-#[cassandra]
-#openstack01-node[01:03]
-
-#openstack01-node01
-#
-#[next_cassandra]
-#openstack01-node02
-#openstack01-node03
-
 [memcached]
 openstack01-node03
 
-#[first_cassandra:vars]
-#run_options=""
-#
-#[next_cassandra:vars]
-#run_options="-e CASSANDRA_SEEDS=172.23.41.1"
-
 [neutron-controller]
-openstack01-node01 provider_interface_name=ens192
+openstack01-node01 physical_interface_mappings=provider:ens192
 
 [nova-controller]
 openstack01-node03
@@ -46,4 +35,4 @@ openstack01-node03
 openstack01-node01 storage_volume=/dev/loop0
 
 [nova-compute]
-openstack01-node04 provider_interface_name=dummy0
+openstack01-node04 physical_interface_mappings=provider:enp4s0f0

hosts-openstack03

@@ -0,0 +1,26 @@
+[databases]
+openstack03.gcc.rug.nl
+
+[keystone]
+openstack03.gcc.rug.nl
+
+[glance-controller]
+openstack03.gcc.rug.nl
+
+[horizon]
+openstack03.gcc.rug.nl
+
+[rabbitmq]
+openstack03.gcc.rug.nl
+
+[memcached]
+openstack03.gcc.rug.nl
+
+[neutron-controller]
+openstack03.gcc.rug.nl
+
+[nova-controller]
+openstack03.gcc.rug.nl
+
+[nova-compute]
+openstack03.gcc.rug.nl

mariadb.yml

@@ -4,3 +4,10 @@
   become: True
   roles:
       - mariadb
+  vars:
+      hostname_node0: "{{ hostvars[groups['databases'][0]]['ansible_hostname'] }}"
+      hostname_node1: "{{ hostvars[groups['databases'][1]]['ansible_hostname'] }}"
+      hostname_node2: "{{ hostvars[groups['databases'][2]]['ansible_hostname'] }}"
+      ip_node0: "{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
+      ip_node1: "{{ hostvars[groups['databases'][1]]['listen_ip'] | default(hostvars[groups['databases'][1]]['ansible_default_ipv4']['address']) }}"
+      ip_node2: "{{ hostvars[groups['databases'][2]]['listen_ip'] | default(hostvars[groups['databases'][2]]['ansible_default_ipv4']['address']) }}"

merlin

@@ -0,0 +1,50 @@
+[nova-compute]
+merlin-node001 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.1
+merlin-node002 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.2
+merlin-node003 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.3
+merlin-node004 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.4
+merlin-node005 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.5
+
+[databases]
+merlin-managementnode001
+merlin-managementnode002
+merlin-managementnode003
+
+[rabbitmq]
+merlin-managementnode001
+merlin-managementnode002
+merlin-managementnode003
+
+[horizon]
+merlin-managementnode001
+
+[memcached]
+merlin-managementnode001
+
+[nova-controller]
+merlin-managementnode001
+
+[keystone]
+merlin-managementnode001
+
+[neutron-controller]
+merlin-managementnode001 physical_interface_mappings=provider:enp5s0f1 overlay_ip=172.23.43.101
+
+[heat]
+merlin-managementnode001
+
+[glance-controller]
+merlin-managementnode002
+
+[cinder-controller]
+merlin-managementnode003
+
+[cinder-storage]
+merlin-node001
+merlin-node002
+merlin-node003
+merlin-node004
+merlin-node005
+
+[stor]
+merlin-stor00[1:8]

merlin2

@@ -0,0 +1,50 @@
+[nova-compute]
+merlin-node008 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.8
+merlin-node009 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.9
+merlin-node010 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.10
+merlin-node011 physical_interface_mappings=provider:enp129s0f1 overlay_ip=172.23.43.11
+merlin-node012 physical_interface_mappings=provider:enp129s0f1 overlay_ip=172.23.43.12
+merlin-node013 physical_interface_mappings=provider:enp129s0f1 overlay_ip=172.23.43.13
+
+[databases]
+merlin-node007
+merlin-node008
+merlin-node009
+
+[rabbitmq]
+merlin-node007
+merlin-node008
+merlin-node009
+
+[horizon]
+merlin-node007
+
+[memcached]
+merlin-node007
+
+[nova-controller]
+merlin-node007
+
+[keystone]
+merlin-node007
+
+[neutron-controller]
+merlin-node007 physical_interface_mappings=provider:enp130s0f0 overlay_ip=172.23.43.6
+
+[heat]
+merlin-node007
+
+[glance-controller]
+merlin-node008
+
+[cinder-controller]
+merlin-node009
+
+[cinder-storage]
+merlin-node008
+merlin-node009
+merlin-node010
+merlin-node011
+merlin-node012
+merlin-node013
+

merlinsdn

@@ -0,0 +1,37 @@
+[nova-compute]
+merlin-managementnode002 physical_interface_mappings=provider:eno3
+merlin-managementnode003 physical_interface_mappings=provider:eno3
+merlin-node001 physical_interface_mappings=provider:eno3
+merlin-node003 physical_interface_mappings=provider:eno3
+merlin-node004 physical_interface_mappings=provider:eno3
+
+[databases]
+merlin-managementnode001
+merlin-managementnode002
+merlin-managementnode003
+
+[rabbitmq]
+merlin-managementnode001
+merlin-managementnode002
+merlin-managementnode003
+
+[horizon]
+merlin-managementnode001
+
+[memcached]
+merlin-managementnode001
+
+[nova-controller]
+merlin-managementnode001
+
+[keystone]
+merlin-managementnode001
+
+[neutron-controller]
+merlin-managementnode001 physical_interface_mappings=provider:eno3
+
+[heat]
+merlin-managementnode001
+
+[glance-controller]
+merlin-managementnode001

meta/main.yml

@@ -0,0 +1 @@
+---

nuke.yml

@@ -0,0 +1,31 @@
+---
+# This playbook will reset the instalation to facilitate a new installation.
+# All data is lost!
+- hosts: all
+  become: true
+  name: Dummy to gather facts
+  tasks:
+    - name: Stop docker service
+      shell: "systemctl stop docker"
+    - name: Verify docker is stopped.
+      systemd:
+        name: docker
+        state: stopped
+    - name: remove volumes
+      shell: "rm -rf /srv"
+    - name: remove network namespaces
+      shell: "rm /var/run/netns/*"
+      ignore_errors: true
+    - name: Remove stale vxlan interfaces
+      shell: "for interface in $(ip link | grep DOWN | grep -Po 'vxlan-\\d{1,2}'); do ip link del $interface ; done"
+      ignore_errors: true
+
+
+- hosts: nova-compute
+  gather_facts: false
+  become: true
+  tasks:
+    - name: kill all vm's
+      shell: "for machine in  $(virsh list --uuid ); do virsh destroy $machine ; done"
+    - name: wipe all vm's
+      shell: "for machine in  $(virsh list --uuid --all); do virsh undefine $machine ; done"

openstack03

@@ -0,0 +1,35 @@
+[databases]
+openstack03
+
+[keystone]
+openstack03
+
+[glance-controller]
+openstack03
+
+[horizon]
+openstack03
+
+[rabbitmq]
+openstack03
+
+[memcached]
+openstack03
+
+[neutron-controller]
+openstack03 physical_interface_mappings=provider:enp4s0f0
+
+[nova-controller]
+openstack03
+
+[cinder-controller]
+openstack03
+
+[cinder-storage]
+openstack03 storage_volume=/dev/sdb1
+
+[nova-compute]
+openstack03 physical_interface_mappings=provider:enp4s0f0
+
+[all:vars]
+listen_ip=172.23.40.243

os-test

@@ -0,0 +1,37 @@
+# An all in one
+
+[databases]
+os-test
+
+[keystone]
+os-test
+
+[glance-controller]
+os-test
+
+[horizon]
+os-test
+
+[rabbitmq]
+os-test
+
+[memcached]
+os-test
+
+[neutron-controller]
+os-test physical_interface_mappings=provider:enp4s0f0
+
+[nova-controller]
+os-test
+
+[cinder-controller]
+os-test
+
+[cinder-storage]
+os-test storage_volume=/dev/sdb
+
+[nova-compute]
+os-test physical_interface_mappings=provider:enp4s0f0
+
+[all:vars]
+listen_ip=129.125.60.194

post-install.yml

@@ -15,12 +15,19 @@
     - name: post install configuration
       command: docker exec -i keystone.service bash -c "source /root/admin-openrc.sh && {{ item }}"
       with_items:
-        - openstack network create  --share --external  --provider-physical-network provider  --provider-network-type flat provider
+        - openstack network create --share --external --provider-physical-network provider --provider-network-type vlan --provider-segment 983 vlan983
         - >
-            openstack subnet create --network provider
-            --allocation-pool start={{ allocation_pool['start'] }},end={{ allocation_pool['end'] }}
-            --dns-nameserver {{ dns_nameserver }} --gateway {{ gateway }} --subnet-range {{ subnet_range }} provider
+            openstack subnet create --subnet-range 172.23.41.0/24 --gateway 172.23.41.101
+            --network vlan983 --allocation-pool start=172.23.41.75,end=172.23.41.100
+            --dns-nameserver 8.8.8.8 vlan983_subnet
         - openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
         - openstack keypair create --public-key /root/id_rsa.pub adminkey
-
-
+    - name: Install cirros image
+      get_url:
+        url: http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
+        dest: /tmp/cirros-0.4.0-x86_64-disk.img
+        checksum: sha256:a8dd75ecffd4cdd96072d60c2237b448e0c8b2bc94d57f10fdbc8c481d9005b8
+    - shell: >
+          bash -c "source /srv/keystone/root/admin-openrc.sh &&
+          openstack image create --disk-format qcow2 cirros
+          < /tmp/cirros-0.4.0-x86_64-disk.img"

roles/cassandra/tasks/main.yml

@@ -7,9 +7,14 @@
     mode: 644
     owner: root
     group: root
+
 - name: install service file
   command: systemctl daemon-reload
+
 - name: make sure service is started
   systemd:
     name: cassandra.service
     state: started
+
+- name: start service at boot.
+  command: systemctl reenable cassandra.service

roles/cinder-controller/tasks/main.yml

@@ -4,22 +4,27 @@
   include_vars:
     file: ../../secrets.yml
     name: secrets
+  tags:
+    - facts
 
 - set_fact:
-    docker_image: webhost12.service.rug.nl/hpc/openstack-cinder-controller:latest
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-cinder-controller-merlin:latest
     env_vars: >
-        -e "MY_IP={{ ansible_default_ipv4.address }}"
-        -e "CINDER_HOST={{ hostvars[groups['cinder-controller'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}"
+        -e "CINDER_HOST={{ listen_ip | default(hostvars[groups['cinder-controller'][0]]['ansible_default_ipv4']['address']) }}"
         -e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
         -e "CINDER_USER=cinder"
-        -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-        -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
-        -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
         -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
-        -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
         -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
         -e "RABBIT_USER=openstack"
+        -e "RBD_SECRET_UUID={{ secrets['CINDER_RBD_SECRET_UUID']}}"
+  tags:
+    - facts
 
 - name: pull docker image
   docker_image:
@@ -42,8 +47,17 @@
     mode: 644
     owner: root
     group: root
+  tags:
+    - systemd
+
+- name: start service at boot.
+  command: systemctl reenable cinder-controller.service
+  tags:
+    - systemd
 
 - command: systemctl daemon-reload
+  tags:
+    - systemd
 
 - name: Initialize database.
   command: >

roles/cinder-storage/files/ceph.client.volumes.keyring

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+39313161646365373665646331613930316437363735326262376531636166346138303139613138
+3361353633616136303365646165643339333130393031380a373934636436626336326436306666
+34316532333165346139633239313930326238333134633365666138326338386632373937343335
+3262383863653136300a393464646365623763663063303936646462313764633736613562633661
+62313961626165363761656363393538396461653936353932303137626435626161316239623338
+65656132353136656430613462663466616432643761303366396461653066616162366666356533
+39386261623861323861633739343237386266306264356436666430313531303238636235393665
+31396533306261393835

roles/cinder-storage/files/ceph.conf

@@ -0,0 +1,14 @@
+[global]
+fsid = ef0b40a2-bc8c-4432-9cde-0ca7c82c8717
+mon_initial_members = merlin-managementnode002
+mon_host = 172.23.59.102
+auth_cluster_required = cephx
+auth_service_required = cephx
+auth_client_required = cephx
+
+# Your network address
+public network = 172.23.59.0/24
+osd pool default size = 2
+
+[client.volumes]
+keyring = /etc/ceph/ceph.client.volumes.keyring

roles/cinder-storage/files/uuid

@@ -0,0 +1 @@
+d0db6ba7-a0c9-4da6-b0bc-aa7846325333

roles/cinder-storage/tasks/main.yml

@@ -4,22 +4,33 @@
   include_vars:
     file: ../../secrets.yml
     name: secrets
+  tags: vars
+
+#- command: uuidgen
+#  register: uuid
 
 - set_fact:
-    docker_image: webhost12.service.rug.nl/hpc/openstack-cinder-storage:latest
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-cinder-storage-merlin:latest
     env_vars: >
-        -e "MY_IP={{ ansible_default_ipv4.address }}"
-        -e "CINDER_HOST={{ hostvars[groups['cinder-storage'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}"
+        -e "CINDER_HOST={{ listen_ip | default(hostvars[groups['cinder-storage'][0]]['ansible_default_ipv4']['address']) }}"
         -e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
         -e "CINDER_USER=cinder"
-        -e "GLANCE_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}"
-        -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-        -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "GLANCE_HOST={{ listen_ip | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
         -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
-        -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
         -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
         -e "RABBIT_USER=openstack"
+        -e "USE_CEPH={{ use_ceph }}"
+        -e "MON_INITIAL_MEMBERS={{ ceph_mon_initial_members }}"
+        -e "MON_HOST={{ ceph_mon_host }}"
+        -e "PUBLIC_NETWORK={{ ceph_public_network }}"
+        -e "OSD_POOL_DEFAULT_SIZE={{ ceph_osd_pool_default_size }}"
+        -e "RBD_SECRET_UUID={{ secrets['CINDER_RBD_SECRET_UUID']}}"
+  tags: vars
 
 - name: pull docker image
   docker_image:
@@ -32,8 +43,9 @@
     state: directory
     mode: 0777
   with_items:
-      - /srv/cinder-storage
-      - /srv/cinder-storage/root
+    - /srv/cinder-storage
+    - /srv/cinder-storage/root
+    - /srv/cinder-storage/etc/ceph
 
 - name: initial setup
   command: >
@@ -41,10 +53,21 @@
              --privileged
              {{ env_vars }}
              -v /srv/cinder-storage/root:/root \
-             -v "{{ storage_volume }}":/dev/cinder_storage_volume \
              {{ docker_image }} /etc/bootstrap.sh
   tags: bootstrap
 
+- name: copy ceph-client configurationfile
+  copy:
+    src: files/ceph.conf
+    dest: /srv/cinder-storage/etc/ceph/ceph.conf
+    mode: 0644
+
+- name: copy ceph-client-keyring
+  copy:
+    src: files/ceph.client.volumes.keyring
+    dest: /srv/cinder-storage/etc/ceph/ceph.client.volumes.keyring
+    mode: 0644
+
 - name: install service file.
   template:
     src: templates/cinder-storage.service
@@ -52,8 +75,19 @@
     mode: 644
     owner: root
     group: root
+  tags: systemd
+
+#- name: set ceph client keyring
+#  copy:
+#    content: "{{ceph_cinder_client_keyring}}"
+#    dest: /srv/cinder-storage/etc/ceph
+#  when: use_ceph
 
 - command: systemctl daemon-reload
+  tags: systemd
+
+- name: start service at boot.
+  command: systemctl reenable cinder-storage.service
 
 - name: make sure service is started
   systemd:

roles/cinder-storage/templates/cinder-storage.service

@@ -1,5 +1,5 @@
 [Unit]
-Description=Openstack Glance Container
+Description=Openstack Cinder Storage container
 After=docker.service
 Requires=docker.service
 
@@ -12,8 +12,9 @@ ExecStart=/usr/bin/docker run --name %n \
   --privileged \
   {{ env_vars | replace('\n', '') }} \
   -v /srv/cinder-storage/root:/root \
-  -v "{{ storage_volume }}":/dev/cinder_storage_volume \
-  -p 8776:8776 \
+  -v /etc/ceph:/etc/ceph \
+  -p 8777:8776 \
+  -p 3260:3260 \
   {{ docker_image }}
 
 [Install]

roles/common/tasks/docker.yml

@@ -13,3 +13,8 @@
   with_items:
      - docker-engine
      - python-docker
+
+- name: make sure service is started
+  systemd:
+    name: docker.service
+    state: started

roles/common/tasks/main.yml

@@ -10,13 +10,13 @@
 - name: common | install packages
   apt: pkg={{ item }} state=latest update_cache=yes
   with_items:
-     - curl
-     - htop
-     - molly-guard
-     - sudo
-     - tree
-     - vim
-     - python-simplejson
+    - curl
+    - htop
+    - molly-guard
+    - sudo
+    - tree
+    - vim
+    - python-simplejson
 
 - name: sshd_config
   file:
@@ -26,4 +26,7 @@
     owner: root
     group: root
 
+- name: disable apparmor
+  apt: pkg=apparmor state=absent
+
 - include: docker.yml

roles/dockerregistry/tasks/main.yml

@@ -7,13 +7,18 @@
     mode: 644
     owner: root
     group: root
+
 - name: install service file
   command: systemctl daemon-reload
+
 - name: make sure service is started
   systemd:
     name: dockerregistry.service
     state: started
 
+- name: start service at boot.
+  command: systemctl reenable dockerregistry.service
+
 - name: Copy certificates and passwd file
   copy:
     src: "{{ item }}"

roles/glance-controller/files/ceph.client.images.keyring

@@ -0,0 +1,2 @@
+[client.images]
+	key = AQDCpDNbJ3DqDBAAvUOUcxEoZNvQUfoaU5i8iQ==

roles/glance-controller/files/ceph.conf

@@ -0,0 +1,14 @@
+[global]
+fsid = ef0b40a2-bc8c-4432-9cde-0ca7c82c8717
+mon_initial_members = merlin-managementnode002
+mon_host = 172.23.59.102
+auth_cluster_required = cephx
+auth_service_required = cephx
+auth_client_required = cephx
+
+# Your network address
+public network = 172.23.59.0/24
+osd pool default size = 2
+
+[client.images]
+keyring = /etc/ceph/ceph.client.images.keyring

roles/glance-controller/tasks/main.yml

@@ -6,24 +6,29 @@
     name: secrets
 
 - set_fact:
-    docker_image: webhost12.service.rug.nl/hpc/openstack-glance:latest
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-glance-merlin:latest
     env_vars: >
-        -e "GLANCE_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "GLANCE_HOST={{ listen_ip | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}"
         -e "GLANCE_PASSWORD={{ secrets['GLANCE_PASSWORD'] }}"
         -e "GLANCE_USER=glance"
-        -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-        -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
-        -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
         -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
-        -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
         -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
         -e "RABBIT_USER=openstack"
+        -e "USE_CEPH={{ use_ceph }}"
+        -e "MON_INITIAL_MEMBERS={{ ceph_mon_initial_members }}"
+        -e "MON_HOST={{ ceph_mon_host }}"
+        -e "PUBLIC_NETWORK={{ ceph_public_network }}"
+        -e "OSD_POOL_DEFAULT_SIZE={{ ceph_osd_pool_default_size }}"
 
-- name: pull docker image
-  docker_image:
-    name: "{{ docker_image }}"
-  tags: pull
+#- name: pull docker image
+#  docker_image:
+#    name: "{{ docker_image }}"
+#  tags: pull
 
 - name: Make build and persistent directories
   file:
@@ -33,6 +38,25 @@
   with_items:
       - /srv/glance
       - /srv/glance/root
+      - /srv/glance/etc/ceph
+
+- name: copy ceph-client configurationfile
+  copy:
+    src: files/ceph.conf
+    dest: /srv/glance/etc/ceph/ceph.conf
+    mode: 0644
+
+- name: copy ceph-client-keyring
+  copy:
+    src: files/ceph.client.images.keyring
+    dest: /srv/glance/etc/ceph/ceph.client.images.keyring
+    mode: 0644
+
+#- name: set ceph client keyring
+#  copy:
+#    content: "{{ceph_images_client_keyring}}"
+#    dest: /srv/cinder-storage/etc/ceph/ceph.client.images.keyring
+#  when: use_ceph
 
 - name: install service file.
   template:
@@ -42,14 +66,18 @@
     owner: root
     group: root
 
+- name: start service at boot.
+  command: systemctl reenable glance.service
+
 - command: systemctl daemon-reload
 
 - name: Initialize database.
   command: >
              /usr/bin/docker run --rm
              {{ env_vars }}
-             --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
+             --add-host=keystone:{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
              -v /srv/glance/root:/root \
+             -v /var/lib/glance/images:/var/lib/glance/images \
              {{ docker_image }} /etc/bootstrap.sh
   tags: bootstrap
 

roles/glance-controller/templates/glance.service

@@ -11,6 +11,7 @@ ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
   {{ env_vars | replace('\n', '') }} \
   -v /srv/glance/root:/root \
+  -v /etc/ceph:/etc/ceph \
   -p 9292:9292 \
   {{ docker_image }}
 

roles/heat/tasks/main.yml

@@ -0,0 +1,62 @@
+# Build and install a docker image for heat.
+---
+- name: include secrets
+  include_vars:
+    file: ../../secrets.yml
+    name: secrets
+
+- set_fact:
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-heat:latest
+    env_vars: >
+        -e "HEAT_HOST={{ listen_ip | default(hostvars[groups['heat'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "HEAT_PASSWORD={{ secrets['HEAT_PASSWORD'] }}"
+        -e "HEAT_USER=heat"
+        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+        -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+        -e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
+        -e "RABBIT_USER=openstack"
+
+- name: pull docker image
+  docker_image:
+    name: "{{ docker_image }}"
+  tags: pull
+
+- name: Make build and persistent directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0777
+  with_items:
+      - /srv/heat
+      - /srv/heat/root
+
+- name: install service file.
+  template:
+    src: templates/heat.service
+    dest: /etc/systemd/system/heat.service
+    mode: 644
+    owner: root
+    group: root
+
+- name: start service at boot.
+  command: systemctl reenable heat.service
+
+- command: systemctl daemon-reload
+
+- name: Initialize database.
+  command: >
+             /usr/bin/docker run --rm
+             {{ env_vars }}
+             --add-host=keystone:{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
+             -v /srv/heat/root:/root \
+             {{ docker_image }} /etc/bootstrap.sh
+  tags: bootstrap
+
+- name: make sure service is started
+  systemd:
+    name: heat.service
+    state: restarted

roles/heat/templates/heat.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=Openstack heat Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker kill %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStart=/usr/bin/docker run --name %n \
+  {{ env_vars | replace('\n', '') }} \
+  -v /srv/heat/root:/root \
+  -p 8000:8000 \
+  -p 8004:8004 \
+  {{ docker_image }}
+
+[Install]
+WantedBy=multi-user.target

roles/horizon/tasks/main.yml

@@ -1,7 +1,7 @@
 # Run hpc/horizon
 ---
 - set_fact:
-    docker_image: webhost12.service.rug.nl/hpc/openstack-horizon:latest
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-horizon:latest
 
 - name: pull docker image
   docker_image:
@@ -19,6 +19,9 @@
 
 - command: systemctl daemon-reload
 
+- name: start service at boot.
+  command: systemctl reenable horizon.service
+
 - name: make sure service is started
   systemd:
     name: horizon.service

roles/horizon/templates/horizon.service

@@ -1,5 +1,5 @@
 [Unit]
-Description=Openstack Glance Container
+Description=Openstack Horizon Container
 After=docker.service
 Requires=docker.service
 
@@ -9,9 +9,9 @@ Restart=always
 ExecStartPre=-/usr/bin/docker kill %n
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
-  -e "MEMCACHED_SERVER={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \
-  -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
-  --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
+  -e "MEMCACHED_SERVER={{ hostvars[groups['memcached'][0]]['listen_ip'] | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}" \
+  -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \
+  --add-host=keystone:{{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
   -p 80:80 \
   {{ docker_image }}
 

roles/keystone/tasks/main.yml

@@ -17,7 +17,7 @@
     - /srv/keystone/root
 
 - set_fact:
-    docker_image: webhost12.service.rug.nl/hpc/openstack-keystone:latest
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-keystone:latest
 
 - name: pull docker image
   docker_image:
@@ -36,25 +36,28 @@
 - name: install service file
   command: systemctl daemon-reload
 
+- name: start service at boot.
+  command: systemctl reenable keystone.service
+
 - name: Initialize db
   script: scripts/initialize_db.sh
   environment:
     MYSQL_ROOT_PASSWORD: "{{ secrets['MYSQL_ROOT_PASSWORD'] }}"
-    DB_HOST: "{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
+    DB_HOST: "{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
   register: result
-  until: result|succeeded
+  until: result is succeeded
   # sometimes the initial connect fails.
   # Retry until it succeeds.
   retries: 7
   delay: 3
   ignore_errors: yes
 
-- name: keystone manage commands to setup db
+- name: keystone manage commands to setup db_sync
   command: >
              /usr/bin/docker run --rm
-             --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
+             --add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
              -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
-             -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
+             -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
              {{ docker_image }} keystone-manage {{ item }}
   with_items:
       - db_sync
@@ -62,10 +65,15 @@
       - credential_setup --keystone-user keystone --keystone-group keystone
       - >
           bootstrap --bootstrap-password {{ secrets['OS_PASSWORD'] }}
-                    --bootstrap-admin-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
-                    --bootstrap-internal-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
-                    --bootstrap-public-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:5000/v3/
+                    --bootstrap-admin-url http://{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/
+                    --bootstrap-internal-url http://{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/
+                    --bootstrap-public-url http://{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:5000/v3/
                     --bootstrap-region-id RegionOne
+  # sometimes the initial connect fails.
+  # Retry until it succeeds.
+  retries: 7
+  delay: 3
+  ignore_errors: yes
 
 - name: make sure service is started
   systemd:
@@ -75,10 +83,36 @@
 - name: Create a domain, projects users and roles
   command: >
              /usr/bin/docker run --rm
-             --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
+             --add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
              -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
              -v /srv/keystone/root:/root
-             -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
+             -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
              -e "OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3"
              -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
              {{ docker_image }} bash /etc/bootstrap.sh
+  register: result
+  retries: 7
+  delay: 3
+
+
+- name: install openstack repo key host.
+  command: apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
+  tags: openstackclient
+
+- name: install openstack repo on host.
+  apt_repository:
+      repo: "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main"
+      filename: ocata
+  tags: openstackclient
+
+- name: install openstack client for management
+  apt:
+    name: python-openstackclient
+    state: latest
+    update_cache: yes
+  tags: openstackclient
+
+- name: source admin-openrc.sh in root .bashrc
+  lineinfile:
+    path: /root/.bashrc
+    line: 'source /srv/keystone/root/admin-openrc.sh'

roles/keystone/templates/admin-openrc.sh

@@ -1,3 +1,5 @@
+export OS_PROJECT_DOMAIN_NAME=Default
+export OS_USER_DOMAIN_NAME=Default
 export OS_TENANT_NAME=admin
 export OS_USERNAME=admin
 export OS_PASSWORD={{ hostvars[groups['keystone'][0]]['OS_PASSWORD'] }}

roles/keystone/templates/keystone.service

@@ -9,8 +9,8 @@ Restart=always
 ExecStartPre=-/usr/bin/docker kill %n
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
-  --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
-  -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
+  --add-host=mariadb:{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} \
+  -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \
   -p 5000:5000 -p 35357:35357 \
   -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys \
   -v /srv/keystone/root:/root \

roles/mariadb/files/galera.cnf

@@ -0,0 +1,20 @@
+[mysqld]
+binlog_format=ROW
+default-storage-engine=innodb
+innodb_autoinc_lock_mode=2
+bind-address=0.0.0.0
+
+# Galera Provider Configuration
+wsrep_on=ON
+wsrep_provider=/usr/lib/galera/libgalera_smm.so
+
+# Galera Cluster Configuration
+wsrep_cluster_name="test_cluster"
+wsrep_cluster_address="gcomm://{{ ip_node0 }},{{ ip_node1 }},{{ ip_node2 }}"
+
+# Galera Synchronization Configuration
+wsrep_sst_method=rsync
+
+# Galera Node Configuration
+wsrep_node_address="{{ listen_ip | default(ansible_default_ipv4.address) }}"
+wsrep_node_name="{{ ansible_nodename }}"

roles/mariadb/tasks/main.yml

@@ -5,14 +5,6 @@
     file: ../../secrets.yml
     name: secrets
 
-- name: install service file.
-  template:
-    src: templates/mysql.service
-    dest: /etc/systemd/system/mysql.service
-    mode: 644
-    owner: root
-    group: root
-
 - name: make mariadb settings volume
   file:
     path: "{{ item }}"
@@ -21,16 +13,65 @@
   with_items:
       - /srv/mariadb/lib/mysql
       - /srv/mariadb/etc/mysql
+      - /srv/mariadb/etc/mysql/conf.d
 
 - name: place settings file
   copy:
     src: files/my.cnf
-    dest: /srv/mariadb/etc/mysql
+    dest: /srv/mariadb/etc/mysql/conf.d/my.cnf
     mode: 660
 
-- command: systemctl daemon-reload
+- name: Set galara.cnf on node if we have at least three nodes.
+  template:
+    src: files/galera.cnf
+    dest: /srv/mariadb/etc/mysql/conf.d/galera.cnf
+    mode: 660
+  when: groups['databases'] | length >= 3
+
+  # This mimics galera_new_cluster.sh
+- name: Initialize a new cluster.
+  block:
+    - set_fact:
+        mariadb_args: "--wsrep-new-cluster"
+
+    - template:
+        src: templates/mysql.service
+        dest: /etc/systemd/system/mysql.service
+        mode: 644
+        owner: root
+        group: root
+
+    - command: systemctl daemon-reload
+
+    - systemd:
+        name: mysql.service
+        state: started
+
+  when: groups['databases'] | length >= 3 and ansible_hostname == hostname_node0
+
+- name: install service file.
+  block:
+    - set_fact:
+        mariadb_args: ""
+    - template:
+        src: templates/mysql.service
+        dest: /etc/systemd/system/mysql.service
+        mode: 644
+        owner: root
+        group: root
+
+- name: Give the master node some time to initialize the cluster.
+  command: bash -c "sleep 60 && systemctl daemon-reload"
 
 - name: make sure service is started
   systemd:
     name: mysql.service
     state: started
+
+- name: start service at boot.
+  command: systemctl reenable mysql.service
+
+- name: Give the cluster some time to initialize replication.
+  command: bash -c "sleep 60 && systemctl daemon-reload"
+  when: groups['databases'] | length >= 3
+

roles/mariadb/templates/mysql.service

@@ -9,10 +9,11 @@ Restart=always
 ExecStartPre=-/usr/bin/docker kill %n || /bin/true
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStartPre=/usr/bin/docker pull mariadb:10.2
-ExecStart=/usr/bin/docker run  -p 3306:3306 --name %n \
+ExecStart=/usr/bin/docker run --name %n \
+ --network host \
  -v /srv/mariadb/lib/mysql:/var/lib/mysql \
- -v /srv/mariadb/etc/mysql:/etc/mysql \
- -e MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }} mariadb:10.2
+ -v /srv/mariadb/etc/mysql/conf.d:/etc/mysql/conf.d \
+ -e MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }} mariadb:10.2 {{ mariadb_args }}
 
 [Install]
 WantedBy=multi-user.target

roles/memcached/tasks/main.yml

@@ -7,8 +7,13 @@
     mode: 644
     owner: root
     group: root
+
 - name: install service file
   command: systemctl daemon-reload
+
+- name: start service at boot.
+  command: systemctl reenable memcached.service
+
 - name: make sure service is started
   systemd:
     name: memcached.service

roles/neutron-controller/tasks/main.yml

@@ -6,7 +6,7 @@
     name: secrets
 
 - set_fact:
-    docker_image: "webhost12.service.rug.nl/hpc/openstack-neutron-controller:latest"
+    docker_image: "registry.webhosting.rug.nl/hpc/openstack-neutron-controller-merlin:latest"
 
 - name: pull docker image
   docker_image:
@@ -16,21 +16,22 @@
 
 - set_fact:
     env_vars: >
-        -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-        -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
         -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}"
-        -e "MY_IP={{ hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address'] }}"
-        -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "MY_IP={{ listen_ip | default(hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
         -e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}"
         -e "NEUTRON_USER=neutron"
         -e "NOVA_USER=nova"
         -e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}"
-        -e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "NOVA_CONTROLLER_HOST={{ listen_ip | default(hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address']) }}"
         -e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}"
         -e "NOVA_PLACEMENT_USER=placement"
+        -e "OVERLAY_IP={{ overlay_ip }}"
         -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
-        -e "PROVIDER_INTERFACE_NAME={{ provider_interface_name }}"
+        -e "PHYSICAL_INTERFACE_MAPPINGS={{ physical_interface_mappings }}"
         -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
         -e "RABBIT_USER=openstack"
   tags: env
@@ -45,12 +46,15 @@
 
 - command: systemctl daemon-reload
 
+- name: start service at boot.
+  command: systemctl reenable neutron-controller.service
+
 - name: Initialize neutron
   command: >
     /usr/bin/docker run --rm
     {{ env_vars }}
-    --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
-    --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}
+    --add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
+    --add-host=keystone:{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}
     --network host
     {{ docker_image }}
     /etc/bootstrap.sh

roles/neutron-controller/templates/neutron-controller.service

@@ -10,13 +10,14 @@ ExecStartPre=-/usr/bin/docker kill %n
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
   {{ env_vars | replace('\n', '') }} \
-  --add-host=nova-controller:{{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }} \
-  --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
-  --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
+  --add-host=nova-controller:{{ hostvars[groups['nova-controller'][0]]['listen_ip'] | default(hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address']) }} \
+  --add-host=mariadb:{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} \
+  --add-host=keystone:{{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
   --add-host={{ ansible_nodename }}:{{ ansible_default_ipv4.address }} \
   --privileged \
   --network host \
   -v /lib/modules:/lib/modules \
+  -v /var/run/netns:/var/run/netns \
   {{ docker_image }} /etc/run.sh
 
 [Install]

roles/nova-compute/files/ceph.conf

@@ -0,0 +1,14 @@
+[global]
+fsid = ef0b40a2-bc8c-4432-9cde-0ca7c82c8717
+mon_initial_members = merlin-managementnode002
+mon_host = 172.23.59.102
+auth_cluster_required = cephx
+auth_service_required = cephx
+auth_client_required = cephx
+
+# Your network address
+public network = 172.23.59.0/24
+osd pool default size = 2
+
+[client.compute]
+keyring = /etc/ceph/ceph.client.compute.keyring

roles/nova-compute/files/uuid

@@ -0,0 +1 @@
+b5044271-1918-4070-822c-f19ed14d7494

roles/nova-compute/tasks/main.yml

@@ -4,10 +4,11 @@
   include_vars:
     file: ../../secrets.yml
     name: secrets
+  tags: vars
 
 - set_fact:
-    docker_image: webhost12.service.rug.nl/hpc/openstack-nova-compute:latest
-  tags: facts
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-nova-compute-merlin:latest
+  tags: vars
 
 - name: pull docker image
   docker_image:
@@ -15,6 +16,27 @@
     force: True
   tags: pull
 
+- name: Make build and persistent directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0777
+  with_items:
+    - /srv/nova-compute
+    - /srv/nova-compute/etc/ceph
+
+- name: copy ceph-client configurationfile
+  copy:
+    src: files/ceph.conf
+    dest: /srv/nova-compute/etc/ceph/ceph.conf
+    mode: 0644
+
+- name: copy ceph-client-keyring
+  copy:
+    src: files/ceph.client.compute.keyring
+    dest: /srv/nova-compute/etc/ceph/ceph.client.compute.keyring
+    mode: 0644
+
 - name: install service file.
   template:
     src: templates/nova-compute.service
@@ -22,22 +44,38 @@
     mode: 644
     owner: root
     group: root
+  tags: systemd
+
+#- name: set ceph client keyring
+#  copy:
+#    content: "{{ceph_compute_client_keyring}}"
+#    dest: /srv/nova-compute/etc/ceph
+#  when: use_ceph
 
 - command: systemctl daemon-reload
+  tags: systemd
 
 - apt:
-    name: '{{ item }}'
+    name: "{{ item }}"
   with_items:
-      - kvm
-      - libvirt0
-      - libvirt-bin
-      - qemu
+    - kvm
+    - libvirt0
+    - libvirt-bin
+    - qemu
 
 - name: make sure service is started
   systemd:
     name: nova-compute.service
     state: restarted
 
+- name: start service at boot.
+  command: systemctl reenable nova-compute.service
+
 - name: let nova controler discover new host
-  command: docker exec -i nova-controller.service nova-manage cell_v2 discover_hosts
+  shell: "sleep 10 && docker exec -i nova-controller.service nova-manage cell_v2 discover_hosts"
   delegate_to: "{{ hostvars[groups['nova-controller'][0]]['ansible_hostname'] }}"
+  register: result
+  until: result is succeeded
+  retries: 7
+  delay: 3
+  ignore_errors: yes

roles/nova-compute/templates/nova-compute.service

@@ -9,34 +9,45 @@ Restart=always
 ExecStartPre=-/usr/bin/docker kill %n
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
-    -e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}" \
-    -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
-    -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \
-    -e "MY_IP={{ hostvars[groups['nova-compute'][0]]['ansible_default_ipv4']['address'] }}" \
-    -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" \
+    -e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['listen_ip'] | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}" \
+    -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \
+    -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}" \
+    -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['listen_ip'] | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}" \
+    -e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}" \
+    -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}" \
     -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}" \
-    -e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address'] }}" \
+    -e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['listen_ip'] | default(hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address']) }}" \
     -e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}" \
     -e "NEUTRON_USER=neutron" \
     -e "NOVA_COMPUTE_USER=nova_compute" \
-    -e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}" \
+    -e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['listen_ip'] | default(hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address']) }}" \
     -e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}" \
     -e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}" \
     -e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}" \
     -e "NOVA_PLACEMENT_USER=placement" \
     -e "NOVA_USER=nova" \
+    -e "OVERLAY_IP={{ overlay_ip }}" \
     -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}" \
-    -e "PROVIDER_INTERFACE_NAME={{ provider_interface_name }}" \
-    -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" \
+    -e "PHYSICAL_INTERFACE_MAPPINGS={{ physical_interface_mappings }}" \
+    -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['listen_ip'] | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}" \
     -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}" \
     -e "RABBIT_USER=openstack" \
-    --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
-    --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
+    -e "USE_CEPH={{ use_ceph }}" \
+    -e "MON_INITIAL_MEMBERS={{ ceph_mon_initial_members }}" \
+    -e "MON_HOST={{ ceph_mon_host }}" \
+    -e "PUBLIC_NETWORK={{ ceph_public_network }}" \
+    -e "OSD_POOL_DEFAULT_SIZE={{ ceph_osd_pool_default_size }}" \
+    -e "RBD_SECRET_UUID={{ secrets['NOVA_RBD_SECRET_UUID'] }}" \
+    --add-host=keystone:{{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
+    --add-host=mariadb:{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} \
     --privileged \
+    -v /dev:/dev \
     -v /var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock \
     -v /var/lib/nova/instances:/var/lib/nova/instances \
+    -v /var/run/netns:/var/run/netns \
     -v /lib/modules:/lib/modules \
     -v /etc/machine-id:/etc/machine-id \
+    -v /etc/ceph:/etc/ceph \
     --network host \
     {{ docker_image }} /etc/run.sh
 

roles/nova-controller/tasks/main.yml

@@ -15,18 +15,19 @@
     - /srv/nova-controller/root
 
 - set_fact:
-    docker_image: webhost12.service.rug.nl/hpc/openstack-nova-service:latest
+    docker_image: registry.webhosting.rug.nl/hpc/openstack-nova-service:latest
     env_vars: >
-        -e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address'] }}"
-        -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-        -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
-        -e "MY_IP={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
-        -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "GLANCE_CONTROLLER_HOST={{ listen_ip | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}"
+        -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}"
+        -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
         -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
-        -e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['listen_ip'] | default(hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address']) }}"
         -e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}"
         -e "NEUTRON_USER=neutron"
-        -e "NOVA_CONTROLLER_HOST={{ hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address'] }}"
+        -e "NOVA_CONTROLLER_HOST={{ listen_ip | default(hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address']) }}"
         -e "NOVA_PASSWORD={{ secrets['NOVA_PASSWORD'] }}"
         -e "NOVA_PLACEMENT_PASSWORD={{ secrets['NOVA_PLACEMENT_PASSWORD'] }}"
         -e "NOVA_PLACEMENT_USER=placement"
@@ -52,12 +53,15 @@
 
 - command: systemctl daemon-reload
 
+- name: start service at boot.
+  command: systemctl reenable nova-controller.service
+
 - name: Initialize database.
   command: >
     /usr/bin/docker run --rm
     {{ env_vars }}
-    --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
-    --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}
+    --add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
+    --add-host=keystone:{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}
     -v /srv/nova-controller/root:/root
     {{ docker_image }}
     /etc/bootstrap.sh

roles/nova-controller/templates/nova-controller.service

@@ -10,11 +10,12 @@ ExecStartPre=-/usr/bin/docker kill %n
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
   {{ env_vars | replace('\n', '') }} \
-  --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
-  --add-host=keystone:{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }} \
+  --add-host=mariadb:{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} \
+  --add-host=keystone:{{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
   --privileged \
   -v /srv/nova-controller/root:/root \
   -p 8774:8774 \
+  -p 8775:8775 \
   -p 8778:8778 \
   -p 6080:6080 \
   {{ docker_image }} /etc/run.sh

roles/rabbitmq/files/rabbitmq.service

@@ -10,11 +10,11 @@ ExecStartPre=-/usr/bin/docker kill %n
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStartPre=/usr/bin/docker pull rabbitmq:latest
 ExecStart=/usr/bin/docker run \
-          --add-host "{{ hostvars[groups['rabbitmq'][0]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" \
-          --add-host "{{ hostvars[groups['rabbitmq'][1]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][1]]['ansible_default_ipv4']['address'] }}" \
-          --add-host "{{ hostvars[groups['rabbitmq'][2]]['ansible_hostname'] }}:{{ hostvars[groups['rabbitmq'][2]]['ansible_default_ipv4']['address'] }}" \
+{% for host in groups['rabbitmq'] %}
+          --add-host "{{ host }}:{{ hostvars[host]['listen_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}" \
+{% endfor %}
           -p 4369:4369 -p 25679:25679 -p 25672:25672 -p 5671-5672:5671-5672 -p 8080:15672 \
-          -e "RABBITMQ_DEFAULT_USER=user" -e "RABBITMQ_DEFAULT_PASS={{ secrets['RABBIT_PASSWORD'] }}" \
+          -e "RABBITMQ_DEFAULT_USER=openstack" -e "RABBITMQ_DEFAULT_PASS={{ secrets['RABBIT_PASSWORD'] }}" \
           -e "RABBITMQ_ERLANG_COOKIE={{ secrets['RABBITMQ_ERLANG_COOKIE'] }}" \
           -e "RABBITMQ_NODENAME=rabbit_{{ ansible_nodename }}" \
           --hostname "{{ ansible_nodename }}" --name %n rabbitmq:3-management

roles/rabbitmq/tasks/main.yml

@@ -5,9 +5,6 @@
     file: ../../secrets.yml
     name: secrets
 
-- include_vars:
-    dir: 'vars'
-
 - name: install service file.
   template:
     src: files/rabbitmq.service
@@ -19,6 +16,9 @@
 - name: install service file
   command: systemctl daemon-reload
 
+- name: start service at boot.
+  command: systemctl reenable rabbitmq.service
+
 - name: make sure service is started
   systemd:
     name: rabbitmq.service
@@ -27,6 +27,7 @@
 - name: wait for container to be started
   wait_for:
       port: 5672
+      delay: 5
 
 - name: setup the cluster
   command: "docker exec -i rabbitmq.service {{ item }}"
@@ -36,11 +37,3 @@
       - rabbitmqctl start_app
   when: ansible_nodename != hostname_node0
 
-- name: create openstack user
-  command: "docker exec -i rabbitmq.service {{ item }}"
-  with_items:
-      - rabbitmqctl add_user openstack "{{ secrets['RABBIT_PASSWORD'] }}"
-      - rabbitmqctl set_permissions openstack ".*" ".*" ".*"
-  when: ansible_nodename == hostname_node0
-  register: command_result
-  failed_when: "command_result.rc not in (0, 70)"

secrets.yml

@@ -1,30 +1,42 @@
 $ANSIBLE_VAULT;1.1;AES256
-62633134346438356462333363626164393762356139653666323461333037393536373631653565
-6631306631333538353534663738313062636232633339610a303161323131373739393735666463
-65353135626430353737373239623361306137326334333761626235353463393465383830666666
-6138616530346563310a306263316331346263356139383435316239346230313266636363313564
-36633130393062373936363765636361343939313639326237633337353665666338633338343837
-34613534333063303537323738396436333964613362636664366264313334663365336132623464
-64656131373261376466356638636338643135393139386534626132323262393064626666323462
-64323664373262356632393465653932303939313338656665336639613966626234636666373163
-35633231666338643863623737396435626364333365656536613130666435323837323136663339
-61363936336434656530313538643463663737613831646265313731363734356635356438353062
-34323063346265393737343834343065616139656234666230323131366138396265393737666236
-39353766643239323339623534393962666432656331323462656439306365613539366230643133
-36316138303361313134336431343137343433383430616137376563383233303432383664333930
-61613531313638303531643232343066376565663032326533313461363839383664366338356439
-37363233666663653736376538386536653262653633323065363830623032363063393635653762
-32636365656362323362303962306538336234626533323830656230386432666461343063663832
-62373133343933353563653762333836333862376232353339313662363865616439623635393839
-37346433346264633036343761613230396434366132653261643137386466326235613030306235
-34333065623232303939623233373762393939653639333734336336303762326662386530356563
-65303165623564303635356337353662363433626466653939323438633938386166386262623435
-64376431396631623034386434393431616631363663393835343035313639663538643565616330
-65353365303131326335646164333231306564383936396139643935646331393235326666336230
-38326165663865343966356335326438303133663239656235313935626332323332376665343132
-62336139643262333938303537313533623535333736643163373137343035393034613939663061
-36323063643734343865333138356434643266663436653435353132386330636238343637653434
-65616361333263336332643262623034343439383737366663373166643433653466313237613930
-32373162646461323266353662326134343839613264313339306430366165633838663831666565
-65333337623962313561306333616232393334353934316565666331336561633934623339353138
-62656339386530333036383831613762353234643461656436623033613930353531
+65633261656530663035316431306465633266376462653564613237663833333630663333643764
+6434623237626630356632313933323637316535636235330a323266636338326361343938343931
+63356362343538393030663864663363373633303231643233616563616537376239663337306464
+3164666366623639630a646633636134316561376137646632336139323265636366343938613062
+32663934633366623664636364396130333463366535333336303962633663666432623365356537
+65616339633433623761626537666131646365373334316237663839613264393564353230666134
+63386439323966343065666138636436643433363931373766363632653661363031303138646632
+61646437316265376539333661356239386533663533643864376263653237313533616263666563
+65306465313362396235393366363532353932383633623832393161323265373065326432656338
+34613761373230396332393239323733383937363339373438326434393030646231376531663963
+32623664303935623334326532383334343466613133623532363062396363626262396135626663
+35636636623833623165386137383664633561646630613930333061333466343831376332366266
+65353030383461623665653362613863646331633036616637643838666231653438636332376132
+30356433623662616430353265386632306564326633616538306632386465343636633538623263
+30366139366638613564333532333733383364323063376638613063346665663965356439636636
+32613035653134663733633731356530303338353030333532323762653864616230643931363032
+35653962373030663164383666316636616639666431656638653064303433613431636263333636
+65666138626563653538626164646265373766643131646162343366353835643031663866666137
+39363232616632323035643432626639323233333930646230613732386163383133383964623133
+33623663663130323737646133353139353833653138636338636336656562313639626162646531
+32353331333163373366616666356539306238653865616435633734393966333765313134616338
+34623337623739333439656638303363323534333165303861363334646137373037653665323961
+61623632373330323835653232353961663931326535356162656164616132623437636330653161
+65623861396665386331653734373334663532393731656430333933326264323133396463653239
+33383662303031356564666531613731663166613061383039393431643530656665306339326436
+65303063363163643362643163366365346230643936643231616530373763333536363838656130
+39326235373835326635306366653864316534663061323062376666666466363434363661623636
+31626332643839346138326336353665363838346535373335656466336665613265633461663134
+31323838336465366236353932646330333562363063616437633365353433303962346231663939
+31343133343336343431643564393839373139623365386330623665383264646163396438626539
+38343464343736363936636139653965303731353330653963383465633037633237383064396162
+33363864336235346663616230636633353361613138333236393866316165666162656565383739
+38653233346135373661613739393735343535623230653739316433376165663932366233643431
+39383261623065353932386632646134383136393664306465326637366639666433386162393237
+63663063656461653233643665306366653965393737376532356132623333383337333266316339
+33323934623734353639643330383066313632623166306337323932323933393536366361616564
+33303830333430663233336662353631663633303136346366376163353235303363326165306131
+62393166633232343065663062646435363563313961396132303737343263363363613137636236
+31316464613164353233366364306136663735343361333335353564666131396332643461303966
+65316339616166343232613632363030386432656339623363356661323163353563326238633863
+6431

secrets.yml.topol

@@ -9,3 +9,5 @@ OS_PASSWORD:   # Keystone admin password
 OS_DEMO_PASSWORD: # Keystone demo user password
 RABBIT_PASSWORD:
 RABBITMQ_ERLANG_COOKIE:
+CINDER_PASSWORD:
+HEAT_PASSWORD:

set_ceph_secrets.yml

@@ -0,0 +1,17 @@
+---
+
+- hosts: nova-compute
+  become: true
+  tasks:
+    - copy:
+        src: ceph.xml
+        dest: /root/ceph.xml
+        mode: 0644
+    - name: include secrets
+      include_vars:
+        file: secrets.yml
+        name: secrets
+    - command: virsh secret-define --file /root/ceph.xml
+    - command: >
+          virsh secret-set-value --secret d0db6ba7-a0c9-4da6-b0bc-aa7846325333
+          --base64 {{ secrets['ceph_client_volumes_key'] }}

settings.yml

@@ -10,3 +10,5 @@
 - subnet_range: 172.23.128.0/24
 
 - rsa_pub: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStPUPXkcu81onUm/le54JCu174yXJJDsthDr96Mv8irBVBWuy5FxnaASuDpmC4QE4s0UAIg1iq/SWrr8qdBQ4OVuYFiW0S7ZJvcoKr/40Wh+T5MeltGQfmkDp6kBsfaMSo6M4tF1c8i+XgOgxb4fxHYb8mFhseztRLx6McxJJJLB0nu+T12WQ01nl0XtwD+3EsZWfxRH0KA59VHZSe3Anc5z+Fm7WU+1Vzy6/pkiIhVReI1L6VVhZsIdSu3fQK6fHQcujtfuw6RKEpisZQqnxMUviWQ98yeQXHk6Nx840WCh3vvKveEAoC4Y/UEZa1TMe6PczfUaLjaidUkpulJsP egon@egon-pc
+
+- use_ceph: True

site.yml

@@ -7,6 +7,9 @@
 - include: glance-controller.yml
 - include: nova-controller.yml
 - include: neutron-controller.yml
+- include: cinder-controller.yml
+- include: cinder-storage.yml
 - include: nova-compute.yml
 - include: horizon.yml
+- include: heat.yml
 - include: post-install.yml

test_hosts

@@ -1,28 +1,48 @@
 [databases]
-ansible-test-2
+openstack-test05
+openstack-test06
+openstack-test07
 
 [keystone]
-ansible-test-3
+openstack-test05
 
 [glance-controller]
-ansible-test-2
+openstack-test05
 
 [horizon]
-ansible-test-3
+openstack-test05
 
 [rabbitmq]
-ansible-test
-ansible-test-2
-ansible-test-3
+openstack-test05
+openstack-test06
+openstack-test07
 
 [memcached]
-ansible-test-3
+openstack-test05
 
 [neutron-controller]
-ansible-test provider_interface_name=ens10
+openstack-test05 physical_interface_mappings=provider:enp4s0f0
 
 [nova-controller]
-ansible-test
+openstack-test05
+
+[cinder-controller]
+openstack-test05
+
+[heat]
+openstack-test05
+
+[cinder-storage]
+openstack-test05 storage_volume=/dev/openstack-test05-vg/cinder
+openstack-test06 storage_volume=/dev/openstack-test06-vg/cinder
+openstack-test07 storage_volume=/dev/openstack-test07-vg/cinder
+openstack-test08 storage_volume=/dev/openstack-test08-vg/cinder
+openstack-test09 storage_volume=/dev/openstack-test09-vg/cinder
+openstack-test10 storage_volume=/dev/openstack-test10-vg/cinder
 
 [nova-compute]
-ansible-test-2 provider_interface_name=ens10
+openstack-test06 physical_interface_mappings=provider:enp4s0f0
+openstack-test07 physical_interface_mappings=provider:enp4s0f0
+openstack-test08 physical_interface_mappings=provider:enp4s0f0
+openstack-test09 physical_interface_mappings=provider:enp4s0f0
+openstack-test10 physical_interface_mappings=provider:enp4s0f0

ubuntucloudrepo.yml

@@ -0,0 +1,18 @@
+---
+- hosts: all
+  name: Dummy to gather facts
+  become: true
+  tasks:
+
+      - name: install openstack repo key host.
+        command: apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
+        tags: openstackclient
+
+      - name: install openstack repo on host.
+        apt_repository:
+            repo: "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main"
+            filename: ocata
+        tags: openstackclient
+
+      - apt:
+          update_cache: yes