Merge branch 'develop'

Fixes made while testing the playbooks.
Updated url of docker registry. make a loop for more flexibility. Introducing listen_ip variable that overrides the default listen_ip. make a loop for more flexibility. Get a listen ip specifically for that host. see if components have listen_ip defined before using ansible_default_ipv4 Make service files look for listen_ip variable. implemented listen_ip variable here too map to different port to avoid clashes. Make PHYSICAL_INTERFACE_MAPPINGS variable... instead of just one provuider interface. it should contain something like: physnet2:eth1,physnet3:eth2 add openstack client on machine that is running keystone Added delay to check. enable all services are started at boot Inventory for gcc openstack03 all in one. added volume for glance images Added gcc all in one specific config. Prevent an error when there is no secrets.yml.. to back up removed reference to empty dir. added empty meta/main.yml And now with a list of roles ..and removed the list removed reference to empty dir. Added galera cluster support When at least three database nodes are installed, the playbook will install a galera cluster across them. The galera cnf can be the same template across... nodes. made environment file for the service. I am unable to reproduce systemctl set-environment to work as advertized. Reverted to updating init file by ansible. entrypoint.sh of the mariadb container seems unable to cope when a blank variable is passed by systemd. give the galera master node some time It seems to be nessecary to run in host mode.. for galera to work. I misunderstood pause. need sleep. Inventory for physical test cluster. Added CINDER_PASSWORD Make sure docker is started. If docker was already installed but not running it was not started. fixed refernce to neutron controller Added heat Added port for metadata service Passed metadata secret to be used in config. Listen ip should be the machine's ip... Added openstack client from repo. changed name of subnet added horizon Changed rabbitmq default user to openstack. This makes it no longer nesseccary to create a separate openstack user, which is lost on rabbitmq restart. Added sleep because hosts were usually.. not discovered. Removed unnessecary port mapping Making /dev/lvm available to container. fixed os-test inventory Make iscsi devices available (needed to attach cinder volumes to machines) command module no longer works with && add cinder to test setup
2018-01-19 09:18:10 +01:00 · 2018-01-19 09:17:50 +01:00
20 changed files with 174 additions and 17 deletions
--- a/generate_secrets.py
+++ b/generate_secrets.py
@@ -5,6 +5,7 @@ Open the secrets.yml and replace all passwords.
 Original is backed up.
 """
 from os import path
 import random
 import string
 from subprocess import call
@@ -27,6 +28,7 @@ for key, value in data.iteritems():
        for _ in range(pass_length))
 # Make numbered backups of the secrets file.
 if path.isfile('secrets.yml'):
    call(['cp', '--backup=numbered', 'secrets.yml', 'secrets.yml.bak'])
 with open('secrets.yml', 'w') as f:
--- a/heat.yml
+++ b/heat.yml
@@ -0,0 +1,9 @@
 ---
 - hosts: all
  name: Dummy to gather facts
  tasks: []
 - hosts: heat
  become: True
  roles:
     - heat
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -0,0 +1 @@
 ---
--- a/35
+++ b/35
@@ -0,0 +1,35 @@
 [databases]
 os-test
 [keystone]
 os-test
 [glance-controller]
 os-test
 [horizon]
 os-test
 [rabbitmq]
 os-test
 [memcached]
 os-test
 [neutron-controller]
 os-test physical_interface_mappings=provider:enp4s0f0
 [nova-controller]
 os-test
 [cinder-controller]
 os-test
 [cinder-storage]
 os-test storage_volume=/dev/sdb
 [nova-compute]
 os-test physical_interface_mappings=provider:enp4s0f0
 [all:vars]
 listen_ip=129.125.60.194
--- a/post-install.yml
+++ b/post-install.yml
@@ -19,7 +19,7 @@
        - >
            openstack subnet create --network provider
            --allocation-pool start={{ allocation_pool['start'] }},end={{ allocation_pool['end'] }}
-            --dns-nameserver {{ dns_nameserver }} --gateway {{ gateway }} --subnet-range {{ subnet_range }} provider
+            --dns-nameserver {{ dns_nameserver }} --gateway {{ gateway }} --subnet-range {{ subnet_range }} providersub
        - openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
        - openstack keypair create --public-key /root/id_rsa.pub adminkey
--- a/roles/cinder-storage/tasks/main.yml
+++ b/roles/cinder-storage/tasks/main.yml
@@ -4,6 +4,7 @@
  include_vars:
    file: ../../secrets.yml
    name: secrets
  tags: vars
 - set_fact:
    docker_image: registry.webhosting.rug.nl/hpc/openstack-cinder-storage:latest
@@ -20,6 +21,7 @@
        -e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
        -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
        -e "RABBIT_USER=openstack"
  tags: vars
 - name: pull docker image
  docker_image:
@@ -52,8 +54,10 @@
    mode: 644
    owner: root
    group: root
  tags: systemd
 - command: systemctl daemon-reload
  tags: systemd
 - name: start service at boot.
  command: systemctl reenable cinder-storage.service
--- a/roles/cinder-storage/templates/cinder-storage.service
+++ b/roles/cinder-storage/templates/cinder-storage.service
@@ -11,9 +11,13 @@ ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
  --privileged \
  {{ env_vars | replace('\n', '') }} \
  -v "/dev/cinder-volumes/":/dev/cinder-volumes \
  -v /srv/cinder-storage/root:/root \
  -v "{{ storage_volume }}":/dev/cinder_storage_volume \
  -v "/dev/lvm":/dev/lvm \
  -v "/srv/cinder-storage/volumes/:/var/lib/cinder/volumes/" \
  -p 8777:8776 \
  -p 3260:3260 \
  {{ docker_image }}
 [Install]
--- a/roles/common/tasks/docker.yml
+++ b/roles/common/tasks/docker.yml
@@ -13,3 +13,8 @@
  with_items:
     - docker-engine
     - python-docker
 - name: make sure service is started
  systemd:
    name: docker.service
    state: started
--- a/roles/heat/tasks/main.yml
+++ b/roles/heat/tasks/main.yml
@@ -0,0 +1,62 @@
 # Build and install a docker image for heat.
 ---
 - name: include secrets
  include_vars:
    file: ../../secrets.yml
    name: secrets
 - set_fact:
    docker_image: registry.webhosting.rug.nl/hpc/openstack-heat:latest
    env_vars: >
        -e "HEAT_HOST={{ listen_ip | default(hostvars[groups['heat'][0]]['ansible_default_ipv4']['address']) }}"
        -e "HEAT_PASSWORD={{ secrets['HEAT_PASSWORD'] }}"
        -e "HEAT_USER=heat"
        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
        -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
        -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
        -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
        -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
        -e "RABBIT_HOST={{ listen_ip | default(hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address']) }}"
        -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
        -e "RABBIT_USER=openstack"
 - name: pull docker image
  docker_image:
    name: "{{ docker_image }}"
  tags: pull
 - name: Make build and persistent directories
  file:
    path: "{{ item }}"
    state: directory
    mode: 0777
  with_items:
      - /srv/heat
      - /srv/heat/root
 - name: install service file.
  template:
    src: templates/heat.service
    dest: /etc/systemd/system/heat.service
    mode: 644
    owner: root
    group: root
 - name: start service at boot.
  command: systemctl reenable heat.service
 - command: systemctl daemon-reload
 - name: Initialize database.
  command: >
             /usr/bin/docker run --rm
             {{ env_vars }}
             --add-host=keystone:{{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
             -v /srv/heat/root:/root \
             {{ docker_image }} /etc/bootstrap.sh
  tags: bootstrap
 - name: make sure service is started
  systemd:
    name: heat.service
    state: restarted
--- a/roles/heat/templates/heat.service
+++ b/roles/heat/templates/heat.service
@@ -0,0 +1,19 @@
 [Unit]
 Description=Openstack heat Container
 After=docker.service
 Requires=docker.service
 [Service]
 TimeoutStartSec=0
 Restart=always
 ExecStartPre=-/usr/bin/docker kill %n
 ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
  {{ env_vars | replace('\n', '') }} \
  -v /srv/heat/root:/root \
  -p 8000:8000 \
  -p 8004:8004 \
  {{ docker_image }}
 [Install]
 WantedBy=multi-user.target
--- a/roles/keystone/tasks/main.yml
+++ b/roles/keystone/tasks/main.yml
@@ -86,11 +86,19 @@
             -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
             {{ docker_image }} bash /etc/bootstrap.sh
 - name: install openstack repo on host.
  command: >
      echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list &&
      apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
  tags: openstackclient
 - name: install openstack client for management
  apt:
    name: python-openstackclient
    state: latest
    update_cache: yes
  tags: openstackclient
 - name: source admin-openrc.sh in root .bashrc
  lineinfile:
--- a/roles/nova-compute/tasks/main.yml
+++ b/roles/nova-compute/tasks/main.yml
@@ -4,10 +4,11 @@
  include_vars:
    file: ../../secrets.yml
    name: secrets
  tags: vars
 - set_fact:
    docker_image: registry.webhosting.rug.nl/hpc/openstack-nova-compute:latest
-  tags: facts
+  tags: vars
 - name: pull docker image
  docker_image:
@@ -22,11 +23,13 @@
    mode: 644
    owner: root
    group: root
  tags: systemd
 - command: systemctl daemon-reload
  tags: systemd
 - apt:
-    name: '{{ item }}'
+    name: "{{ item }}"
  with_items:
      - kvm
      - libvirt0
@@ -42,5 +45,5 @@
  command: systemctl reenable nova-compute.service
 - name: let nova controler discover new host
-  command: docker exec -i nova-controller.service nova-manage cell_v2 discover_hosts
+  shell: "sleep 10 && docker exec -i nova-controller.service nova-manage cell_v2 discover_hosts"
  delegate_to: "{{ hostvars[groups['nova-controller'][0]]['ansible_hostname'] }}"
--- a/roles/nova-compute/templates/nova-compute.service
+++ b/roles/nova-compute/templates/nova-compute.service
@@ -11,8 +11,9 @@ ExecStartPre=-/usr/bin/docker rm %n
 ExecStart=/usr/bin/docker run --name %n \
    -e "GLANCE_CONTROLLER_HOST={{ hostvars[groups['glance-controller'][0]]['listen_ip'] | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}" \
    -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}" \
    -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}" \
    -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['listen_ip'] | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}" \
-    -e "MY_IP={{ hostvars[groups['nova-compute'][0]]['listen_ip'] | default(hostvars[groups['nova-compute'][0]]['ansible_default_ipv4']['address']) }}" \
+    -e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}" \
    -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}" \
    -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}" \
    -e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['listen_ip'] | default(hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address']) }}" \
@@ -33,6 +34,7 @@ ExecStart=/usr/bin/docker run --name %n \
    --add-host=keystone:{{ hostvars[groups['keystone'][0]]['listen_ip'] | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }} \
    --add-host=mariadb:{{ hostvars[groups['databases'][0]]['listen_ip'] | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }} \
    --privileged \
    -v /dev:/dev \
    -v /var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock \
    -v /var/lib/nova/instances:/var/lib/nova/instances \
    -v /lib/modules:/lib/modules \
--- a/roles/nova-controller/tasks/main.yml
+++ b/roles/nova-controller/tasks/main.yml
@@ -19,11 +19,12 @@
    env_vars: >
        -e "GLANCE_CONTROLLER_HOST={{ listen_ip | default(hostvars[groups['glance-controller'][0]]['ansible_default_ipv4']['address']) }}"
        -e "KEYSTONE_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
        -e "METADATA_SECRET={{ secrets['METADATA_SECRET'] }}"
        -e "MEMCACHED_HOST={{ listen_ip | default(hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address']) }}"
-        -e "MY_IP={{ listen_ip | default(hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "MY_IP={{ listen_ip | default(ansible_default_ipv4.address) }}"
        -e "MYSQL_HOST={{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
        -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
-        -e "NEUTRON_CONTROLLER_HOST={{ listen_ip | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
+        -e "NEUTRON_CONTROLLER_HOST={{ hostvars[groups['neutron-controller'][0]]['listen_ip'] | default(hostvars[groups['neutron-controller'][0]]['ansible_default_ipv4']['address']) }}"
        -e "NEUTRON_PASSWORD={{ secrets['NEUTRON_PASSWORD'] }}"
        -e "NEUTRON_USER=neutron"
        -e "NOVA_CONTROLLER_HOST={{ listen_ip | default(hostvars[groups['nova-controller'][0]]['ansible_default_ipv4']['address']) }}"
--- a/roles/nova-controller/templates/nova-controller.service
+++ b/roles/nova-controller/templates/nova-controller.service
@@ -15,6 +15,7 @@ ExecStart=/usr/bin/docker run --name %n \
  --privileged \
  -v /srv/nova-controller/root:/root \
  -p 8774:8774 \
  -p 8775:8775 \
  -p 8778:8778 \
  -p 6080:6080 \
  {{ docker_image }} /etc/run.sh
--- a/roles/rabbitmq/files/rabbitmq.service
+++ b/roles/rabbitmq/files/rabbitmq.service
@@ -14,7 +14,7 @@ ExecStart=/usr/bin/docker run \
          --add-host "{{ host }}:{{ hostvars[host]['listen_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}" \
 {% endfor %}
          -p 4369:4369 -p 25679:25679 -p 25672:25672 -p 5671-5672:5671-5672 -p 8080:15672 \
-          -e "RABBITMQ_DEFAULT_USER=user" -e "RABBITMQ_DEFAULT_PASS={{ secrets['RABBIT_PASSWORD'] }}" \
+          -e "RABBITMQ_DEFAULT_USER=openstack" -e "RABBITMQ_DEFAULT_PASS={{ secrets['RABBIT_PASSWORD'] }}" \
          -e "RABBITMQ_ERLANG_COOKIE={{ secrets['RABBITMQ_ERLANG_COOKIE'] }}" \
          -e "RABBITMQ_NODENAME=rabbit_{{ ansible_nodename }}" \
          --hostname "{{ ansible_nodename }}" --name %n rabbitmq:3-management
--- a/roles/rabbitmq/tasks/main.yml
+++ b/roles/rabbitmq/tasks/main.yml
@@ -37,11 +37,3 @@
      - rabbitmqctl start_app
  when: ansible_nodename != hostname_node0
 - name: create openstack user
  command: "docker exec -i rabbitmq.service {{ item }}"
  with_items:
      - rabbitmqctl add_user openstack "{{ secrets['RABBIT_PASSWORD'] }}"
      - rabbitmqctl set_permissions openstack ".*" ".*" ".*"
  when: ansible_nodename == hostname_node0
  register: command_result
  failed_when: "command_result.rc not in (0, 70)"
--- a/secrets.yml.topol
+++ b/secrets.yml.topol
@@ -9,3 +9,5 @@ OS_PASSWORD:   # Keystone admin password
 OS_DEMO_PASSWORD: # Keystone demo user password
 RABBIT_PASSWORD:
 RABBITMQ_ERLANG_COOKIE:
 CINDER_PASSWORD:
 HEAT_PASSWORD:
--- a/site.yml
+++ b/site.yml
@@ -11,4 +11,5 @@
 - include: cinder-storage.yml
 - include: nova-compute.yml
 - include: horizon.yml
 - include: heat.yml
 - include: post-install.yml
--- a/6
+++ b/6
@@ -17,6 +17,9 @@ ansible-test
 ansible-test-2
 ansible-test-3
 [cinder-storage]
 ansible-test
 [memcached]
 ansible-test-3
@@ -28,3 +31,6 @@ ansible-test
 [nova-compute]
 ansible-test-2 physical_interface_mappings=provider:ens10
 [heat]
 ansible-test