Convert AIO bootstrap from bash to Ansible

This patch converts the AIO bootstrap process to use Ansible
instead of bash scripting. The patch also minimises the options
available to focus the role concerned to just handle an AIO
bootstrap, but gives it just enough flexibility to allow the
use of an external MongoDB database for Ceilometer/Aodh and
for a deployer to specify a secondary disk for the AIO to
consume.

A major change is that the AIO bootstrap process no longer
assumes that it can destroy a secondary boot device. It
requires a device name to be provided. This prevents horrible
surprises.

TODO (in subsequent patches):
 - update the developer AIO docs
 - convert run-playbooks.sh into an Ansible playbook

Implements: blueprint convert-aio-bootstrap-to-ansible
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Change-Id: I6028952e7260388873f57db47cc3e08126ecc530
This commit is contained in:
Major Hayden 2015-12-01 15:41:32 +00:00 committed by Jesse Pretorius
parent 8402192c42
commit 892c7fe46c
26 changed files with 1356 additions and 634 deletions

View File

@ -1,6 +1,8 @@
- src: evrardjp.keepalived - src: evrardjp.keepalived
name: keepalived name: keepalived
version: '1.3' version: '1.3'
- src: mattwillsher.sshd
name: sshd
- name: apt_package_pinning - name: apt_package_pinning
src: https://github.com/openstack/openstack-ansible-apt_package_pinning src: https://github.com/openstack/openstack-ansible-apt_package_pinning
version: master version: master

View File

@ -12,7 +12,7 @@ used_ips:
global_overrides: global_overrides:
internal_lb_vip_address: 172.29.236.100 internal_lb_vip_address: 172.29.236.100
external_lb_vip_address: 192.168.1.1 external_lb_vip_address: {{ bootstrap_host_public_address | default(ansible_default_ipv4.address) }}
tunnel_bridge: "br-vxlan" tunnel_bridge: "br-vxlan"
management_bridge: "br-mgmt" management_bridge: "br-mgmt"
provider_networks: provider_networks:

View File

@ -1,5 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
#
# Copyright 2014, Rackspace US, Inc. # Copyright 2014, Rackspace US, Inc.
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
@ -17,447 +17,16 @@
## Shell Opts ---------------------------------------------------------------- ## Shell Opts ----------------------------------------------------------------
set -e -u -x set -e -u -x
## Variables -----------------------------------------------------------------
## Vars ---------------------------------------------------------------------- # Extra options to pass to the AIO bootstrap process
DEFAULT_PASSWORD=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 32) export BOOTSTRAP_OPTS=${BOOTSTRAP_OPTS:-''}
export BOOTSTRAP_AIO="yes"
export BOOTSTRAP_AIO_DIR=${BOOTSTRAP_AIO_DIR:-"/openstack"}
export HTTP_PROXY=${HTTP_PROXY:-""}
export HTTPS_PROXY=${HTTPS_PROXY:-""}
export ADMIN_PASSWORD=${ADMIN_PASSWORD:-$DEFAULT_PASSWORD}
export SERVICE_REGION=${SERVICE_REGION:-"RegionOne"}
export DEPLOY_OPENSTACK=${DEPLOY_OPENSTACK:-"yes"}
export DEPLOY_SWIFT=${DEPLOY_SWIFT:-"yes"}
export DEPLOY_CEILOMETER=${DEPLOY_CEILOMETER:-"yes"}
export PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-$(ip route show | awk '/default/ { print $NF }')}
export PUBLIC_ADDRESS=${PUBLIC_ADDRESS:-$(ip -o -4 addr show dev ${PUBLIC_INTERFACE} | awk -F '[ /]+' '/global/ {print $4}')}
export NOVA_VIRT_TYPE=${NOVA_VIRT_TYPE:-"qemu"}
export TEMPEST_FLAT_CIDR=${TEMPEST_FLAT_CIDR:-"172.29.248.0/22"}
export FLUSH_IPTABLES=${FLUSH_IPTABLES:-"yes"}
export RABBITMQ_PACKAGE_URL=${RABBITMQ_PACKAGE_URL:-""}
export MONGO_HOST=${MONGO_HOST:-"172.29.236.100"}
export DEBIAN_FRONTEND=${DEBIAN_FRONTEND:-"noninteractive"}
# Default disabled fatal deprecation warnings
export CINDER_FATAL_DEPRECATIONS=${CINDER_FATAL_DEPRECATIONS:-"no"}
export GLANCE_FATAL_DEPRECATIONS=${GLANCE_FATAL_DEPRECATIONS:-"no"}
export HEAT_FATAL_DEPRECATIONS=${HEAT_FATAL_DEPRECATIONS:-"no"}
export KEYSTONE_FATAL_DEPRECATIONS=${KEYSTONE_FATAL_DEPRECATIONS:-"no"}
export NEUTRON_FATAL_DEPRECATIONS=${NEUTRON_FATAL_DEPRECATIONS:-"no"}
export NOVA_FATAL_DEPRECATIONS=${NOVA_FATAL_DEPRECATIONS:-"no"}
export TEMPEST_FATAL_DEPRECATIONS=${TEMPEST_FATAL_DEPRECATIONS:-"no"}
# Ubuntu Repository Determination (based on existing host OS configuration)
UBUNTU_RELEASE=$(lsb_release -sc)
UBUNTU_REPO=${UBUNTU_REPO:-$(awk "/^deb .*ubuntu\/? ${UBUNTU_RELEASE} main/ {print \$2; exit}" /etc/apt/sources.list)}
UBUNTU_SEC_REPO=${UBUNTU_SEC_REPO:-$(awk "/^deb .*ubuntu\/? ${UBUNTU_RELEASE}-security main/ {print \$2; exit}" /etc/apt/sources.list)}
## Library Check -------------------------------------------------------------
info_block "Checking for required libraries." 2> /dev/null ||
source $(dirname ${0})/scripts-library.sh ||
source scripts/scripts-library.sh
## Main ---------------------------------------------------------------------- ## Main ----------------------------------------------------------------------
# Log some data about the instance and the rest of the system # Run AIO bootstrap playbook
log_instance_info pushd tests
ansible-playbook -i "localhost ansible-connection=local," \
-e "${BOOTSTRAP_OPTS}" \
bootstrap-aio.yml
popd
# Ensure that the current kernel can support vxlan
if ! modprobe vxlan; then
echo "VXLAN support is required for this to work. And the Kernel module was not found."
echo "This build will not work without it."
exit_fail
fi
info_block "Running AIO Setup"
# Set base DNS to google, ensuring consistent DNS in different environments
if [ ! "$(grep -e '^nameserver 8.8.8.8' -e '^nameserver 8.8.4.4' /etc/resolv.conf)" ];then
echo -e '\n# Adding google name servers\nnameserver 8.8.8.8\nnameserver 8.8.4.4' | tee -a /etc/resolv.conf
fi
# Ensure that the https apt transport is available before doing anything else
apt-get update && apt-get install -y apt-transport-https < /dev/null
# Set the host repositories to only use the same ones, always, for the sake of consistency.
cat > /etc/apt/sources.list <<EOF
# Base repositories
deb ${UBUNTU_REPO} ${UBUNTU_RELEASE} main restricted universe multiverse
# Updates repositories
deb ${UBUNTU_REPO} ${UBUNTU_RELEASE}-updates main restricted universe multiverse
# Backports repositories
deb ${UBUNTU_REPO} ${UBUNTU_RELEASE}-backports main restricted universe multiverse
# Security repositories
deb ${UBUNTU_SEC_REPO} ${UBUNTU_RELEASE}-security main restricted universe multiverse
EOF
# Update the package cache
apt-get update
# Remove known conflicting packages in the base image
apt-get purge -y libmysqlclient18 mysql-common < /dev/null
# Install required packages
apt-get install -y bridge-utils \
build-essential \
curl \
ethtool \
git-core \
ipython \
linux-image-extra-$(uname -r) \
lvm2 \
python2.7 \
python-dev \
tmux \
vim \
vlan \
xfsprogs < /dev/null
# Flush all the iptables rules set by openstack-infra
if [ "${FLUSH_IPTABLES}" == "yes" ]; then
# Flush all the iptables rules set by openstack-infra
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
fi
# Ensure newline at end of file (missing on Rackspace public cloud Trusty image)
if ! cat -E /etc/ssh/sshd_config | tail -1 | grep -q "\$$"; then
echo >> /etc/ssh/sshd_config
fi
# Ensure that sshd permits root login, or ansible won't be able to connect
if grep "^PermitRootLogin" /etc/ssh/sshd_config > /dev/null; then
sed -i 's/^PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
else
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
fi
# Create the directory BOOTSTRAP_AIO_DIR if it doesn't already exist
if [ ! -d "${BOOTSTRAP_AIO_DIR}" ]; then
mkdir -p ${BOOTSTRAP_AIO_DIR}
fi
# Remove the pip directory if its found
if [ -d "${HOME}/.pip" ];then
rm -rf "${HOME}/.pip"
fi
# Install pip
get_pip
# Ensure we use the HTTPS/HTTP proxy with pip if it is specified
PIP_OPTS=""
if [ -n "$HTTPS_PROXY" ]; then
PIP_OPTS="--proxy $HTTPS_PROXY"
elif [ -n "$HTTP_PROXY" ]; then
PIP_OPTS="--proxy $HTTP_PROXY"
fi
# Install requirements if there are any
if [ -f "requirements.txt" ];then
pip2 install $PIP_OPTS -r requirements.txt || pip install $PIP_OPTS -r requirements.txt
fi
# Configure all disk space
configure_diskspace
# Create /etc/rc.local if it doesn't already exist
if [ ! -f "/etc/rc.local" ];then
touch /etc/rc.local
chmod +x /etc/rc.local
fi
# Make the system key used for bootstrapping self
if [ ! -d /root/.ssh ];then
mkdir -p /root/.ssh
chmod 700 /root/.ssh
fi
ssh_key_create
# Make sure everything is mounted.
mount -a || true
# Build the loopback drive for swap to use
if [ ! "$(swapon -s | grep -v Filename)" ]; then
memory_kb=$(awk '/MemTotal/ {print $2}' /proc/meminfo)
if [ "${memory_kb}" -lt "8388608" ]; then
swap_size="4294967296"
else
swap_size="8589934592"
fi
loopback_create "${BOOTSTRAP_AIO_DIR}/swap.img" ${swap_size} thick swap
# Ensure swap will be used on the host
if [ ! $(sysctl vm.swappiness | awk '{print $3}') == "10" ];then
sysctl -w vm.swappiness=10 | tee -a /etc/sysctl.conf
fi
swapon -a
fi
if [ "${DEPLOY_OPENSTACK}" == "yes" ]; then
# Build the loopback drive for cinder to use
CINDER="cinder.img"
if ! vgs cinder-volumes; then
loopback_create "${BOOTSTRAP_AIO_DIR}/${CINDER}" 1073741824000 thin rc
CINDER_DEVICE=$(losetup -a | awk -F: "/${CINDER}/ {print \$1}")
pvcreate ${CINDER_DEVICE}
pvscan
# Check for the volume group
if ! vgs cinder-volumes; then
vgcreate cinder-volumes ${CINDER_DEVICE}
fi
# Ensure that the cinder loopback is enabled after reboot
if ! grep ${CINDER} /etc/rc.local && ! vgs cinder-volumes; then
sed -i "\$i losetup \$(losetup -f) /${BOOTSTRAP_AIO_DIR}/${CINDER}" /etc/rc.local
fi
fi
# Build the loopback drive for nova instance storage
NOVA="nova.img"
if ! grep -q "${NOVA}" /proc/mounts; then
loopback_create "${BOOTSTRAP_AIO_DIR}/${NOVA}" 1073741824000 thin none
mkfs.ext4 -F "${BOOTSTRAP_AIO_DIR}/${NOVA}"
mkdir -p /var/lib/nova/instances
mount "${BOOTSTRAP_AIO_DIR}/${NOVA}" /var/lib/nova/instances
fi
if ! grep -qw "^${BOOTSTRAP_AIO_DIR}/${NOVA}" /etc/fstab; then
echo "${BOOTSTRAP_AIO_DIR}/${NOVA} /var/lib/nova/instances ext4 defaults 0 0" >> /etc/fstab
fi
fi
# Enable swift deployment
if [ "${DEPLOY_SWIFT}" == "yes" ]; then
# build the loopback drives for swift to use
for SWIFT in swift1 swift2 swift3; do
if ! grep -q "${SWIFT}" /proc/mounts; then
loopback_create "${BOOTSTRAP_AIO_DIR}/${SWIFT}.img" 1073741824000 thin none
if ! grep -qw "^${BOOTSTRAP_AIO_DIR}/${SWIFT}.img" /etc/fstab; then
echo "${BOOTSTRAP_AIO_DIR}/${SWIFT}.img /srv/${SWIFT}.img xfs loop,noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab
fi
# Format the lo devices
mkfs.xfs -f "${BOOTSTRAP_AIO_DIR}/${SWIFT}.img"
mkdir -p "/srv/${SWIFT}.img"
mount "${BOOTSTRAP_AIO_DIR}/${SWIFT}.img" "/srv/${SWIFT}.img"
fi
done
fi
# Copy aio network config into place.
if [ ! -d "/etc/network/interfaces.d" ];then
mkdir -p /etc/network/interfaces.d/
fi
# Copy the basic aio network interfaces over
cp -R etc/network/interfaces.d/aio_interfaces.cfg /etc/network/interfaces.d/
# Ensure the network source is in place
if [ ! "$(grep -Rni '^source\ /etc/network/interfaces.d/\*.cfg' /etc/network/interfaces)" ]; then
echo "source /etc/network/interfaces.d/*.cfg" | tee -a /etc/network/interfaces
fi
# Bring up the new interfaces
for i in $(awk '/^iface/ {print $2}' /etc/network/interfaces.d/aio_interfaces.cfg); do
if grep "^$i\:" /proc/net/dev > /dev/null;then
/sbin/ifdown $i || true
fi
/sbin/ifup $i || true
done
# Remove an existing etc directory if already found
if [ -d "/etc/openstack_deploy" ];then
rm -rf "/etc/openstack_deploy"
fi
# Move the *.aio files into place for use within the AIO build.
cp -R etc/openstack_deploy /etc/
for i in $(find /etc/openstack_deploy/ -type f -name '*.aio');do
rename 's/\.aio$//g' $i
done
# Ensure the conf.d directory exists
if [ ! -d "/etc/openstack_deploy/conf.d" ];then
mkdir -p "/etc/openstack_deploy/conf.d"
fi
# Ensure containers are using the same resolvers as the host
RESOLVERS=$(grep nameserver /etc/resolv.conf | awk 'NF { print "\""$0"\""}' | tr '\n' ',' | sed 's/,$//' )
if [ ! "$(grep -Rni '^lxc_cache_resolvers' /etc/openstack_deploy/user_variables.yml)" ]; then
echo "lxc_cache_resolvers: [$RESOLVERS]" | tee -a /etc/openstack_deploy/user_variables.yml
fi
# Add tempest settings for particular use-cases
if [ ${DEPLOY_OPENSTACK} == "no" ]; then
for svc in cinder glance heat horizon neutron nova; do
echo "tempest_service_available_${svc}: False" | tee -a /etc/openstack_deploy/user_variables.yml
done
fi
if [ ${DEPLOY_SWIFT} == "no" ]; then
echo "tempest_service_available_swift: False" | tee -a /etc/openstack_deploy/user_variables.yml
fi
# Generate the passwords
scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml
# change the generated passwords for the OpenStack (admin)
sed -i "s/keystone_auth_admin_password:.*/keystone_auth_admin_password: ${ADMIN_PASSWORD}/" /etc/openstack_deploy/user_secrets.yml
sed -i "s/external_lb_vip_address:.*/external_lb_vip_address: ${PUBLIC_ADDRESS}/" /etc/openstack_deploy/openstack_user_config.yml
# Change affinities (number of containers per host) if the appropriate
# environment variables are set.
for container_type in keystone galera rabbit_mq horizon repo; do
var_name="NUM_${container_type}_CONTAINER"
set +u
num=${!var_name}
set -u
[[ -z $num ]] && continue
sed -i "s/${container_type}_container:.*/${container_type}_container: ${num}/" /etc/openstack_deploy/openstack_user_config.yml
done
if [ ${DEPLOY_CEILOMETER} == "yes" ]; then
# Install mongodb on the aio1 host
apt-get install mongodb-server mongodb-clients python-pymongo -y < /dev/null
# Change bind_ip to management ip
sed -i "s/^bind_ip.*/bind_ip = $MONGO_HOST/" /etc/mongodb.conf
# Asserting smallfiles key
sed -i "s/^smallfiles.*/smallfiles = true/" /etc/mongodb.conf
service mongodb restart
# Wait for mongodb to restart
for i in {1..12}; do
mongo --host $MONGO_HOST --eval ' ' && break
sleep 5
done
# Adding the ceilometer database
mongo --host $MONGO_HOST --eval '
db = db.getSiblingDB("ceilometer");
db.addUser({user: "ceilometer",
pwd: "ceilometer",
roles: [ "readWrite", "dbAdmin" ]})'
# Adding the aodh alarm database
mongo --host $MONGO_HOST --eval '
db = db.getSiblingDB("aodh");
db.addUser({user: "aodh",
pwd: "aodh",
roles: [ "readWrite", "dbAdmin" ]})'
# change the generated passwords for mongodb access
sed -i "s/ceilometer_container_db_password:.*/ceilometer_container_db_password: ceilometer/" /etc/openstack_deploy/user_secrets.yml
sed -i "s/aodh_container_db_password:.*/aodh_container_db_password: aodh/" /etc/openstack_deploy/user_secrets.yml
sed -i "s/aodh_db_ip:.*/aodh_db_ip: ${MONGO_HOST}/" /etc/openstack_deploy/user_variables.yml
# Change the Ceilometer user variables necessary for deployment
sed -i "s/ceilometer_db_ip:.*/ceilometer_db_ip: ${MONGO_HOST}/" /etc/openstack_deploy/user_variables.yml
# Enable Ceilometer for Swift
if [ ${DEPLOY_SWIFT} == "yes" ]; then
sed -i "s/swift_ceilometer_enabled:.*/swift_ceilometer_enabled: True/" /etc/openstack_deploy/user_variables.yml
fi
# Enable Ceilometer for other OpenStack Services
if [ ${DEPLOY_OPENSTACK} == "yes" ]; then
for svc in cinder glance heat nova; do
sed -i "s/${svc}_ceilometer_enabled:.*/${svc}_ceilometer_enabled: True/" /etc/openstack_deploy/user_variables.yml
done
fi
echo 'tempest_service_available_ceilometer: true' | tee -a /etc/openstack_deploy/user_variables.yml
fi
# Service region set
echo "service_region: ${SERVICE_REGION}" | tee -a /etc/openstack_deploy/user_variables.yml
# Virt type set
echo "nova_virt_type: ${NOVA_VIRT_TYPE}" | tee -a /etc/openstack_deploy/user_variables.yml
# Set network for tempest
echo "tempest_public_subnet_cidr: ${TEMPEST_FLAT_CIDR}" | tee -a /etc/openstack_deploy/user_variables.yml
# Minimize galera cache
echo 'galera_innodb_buffer_pool_size: 512M' | tee -a /etc/openstack_deploy/user_variables.yml
echo 'galera_innodb_log_buffer_size: 32M' | tee -a /etc/openstack_deploy/user_variables.yml
echo 'galera_wsrep_provider_options:
- { option: "gcache.size", value: "32M" }' | tee -a /etc/openstack_deploy/user_variables.yml
# Set the running kernel as the required kernel
echo "required_kernel: $(uname --kernel-release)" | tee -a /etc/openstack_deploy/user_variables.yml
# Set the Ubuntu apt repository used for containers to the same as the host
echo "lxc_container_template_main_apt_repo: ${UBUNTU_REPO}" | tee -a /etc/openstack_deploy/user_variables.yml
echo "lxc_container_template_security_apt_repo: ${UBUNTU_SEC_REPO}" | tee -a /etc/openstack_deploy/user_variables.yml
# Optimise the worker settings for an AIO
tee -a /etc/openstack_deploy/user_variables.yml << EOF
ceilometer_api_workers: 2
ceilometer_collector_workers: 2
ceilometer_notification_workers: 2
cinder_osapi_volume_workers: 2
glance_api_workers: 2
glance_registry_workers: 2
heat_api_workers: 2
heat_engine_workers: 2
horizon_wsgi_processes: 2
horizon_wsgi_threads: 2
keystone_wsgi_processes: 2
neutron_api_workers: 2
neutron_metadata_workers: 1
neutron_rpc_workers: 1
nova_conductor_workers: 2
nova_metadata_workers: 2
nova_osapi_compute_workers: 2
swift_account_server_workers: 2
swift_container_server_workers: 2
swift_object_server_workers: 2
swift_proxy_server_workers: 2
EOF
# Add in swift vars if needed
if [ "${DEPLOY_SWIFT}" == "yes" ]; then
# ensure that glance is configured to use swift
sed -i "s/glance_default_store:.*/glance_default_store: swift/" /etc/openstack_deploy/user_variables.yml
echo "cinder_service_backup_program_enabled: True" | tee -a /etc/openstack_deploy/user_variables.yml
echo "tempest_volume_backup_enabled: True" | tee -a /etc/openstack_deploy/user_variables.yml
fi
if [ ! -z "${RABBITMQ_PACKAGE_URL}" ]; then
echo "rabbitmq_package_url: ${RABBITMQ_PACKAGE_URL}" | tee -a /etc/openstack_deploy/user_variables.yml
fi
# Update fatal_deprecations settings
if [ "${CINDER_FATAL_DEPRECATIONS}" == "yes" ]; then
echo "cinder_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml
fi
if [ "${GLANCE_FATAL_DEPRECATIONS}" == "yes" ]; then
echo "glance_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml
fi
if [ "${HEAT_FATAL_DEPRECATIONS}" == "yes" ]; then
echo "heat_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml
fi
if [ "${KEYSTONE_FATAL_DEPRECATIONS}" == "yes" ]; then
echo "keystone_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml
fi
if [ "${NEUTRON_FATAL_DEPRECATIONS}" == "yes" ]; then
echo "neutron_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml
fi
if [ "${NOVA_FATAL_DEPRECATIONS}" == "yes" ]; then
echo "nova_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml
fi
if [ "${TEMPEST_FATAL_DEPRECATIONS}" == "yes" ]; then
echo "tempest_fatal_deprecations: True" | tee -a /etc/openstack_deploy/user_variables.yml
fi
# Log some data about the instance and the rest of the system
log_instance_info
info_block "The system has been prepared for an all-in-one build."

View File

@ -17,120 +17,107 @@
set -e -u -x set -e -u -x
## Variables ----------------------------------------------------------------- ## Variables -----------------------------------------------------------------
export BOOTSTRAP_ANSIBLE=${BOOTSTRAP_ANSIBLE:-"yes"}
export BOOTSTRAP_AIO=${BOOTSTRAP_AIO:-"yes"}
export RUN_PLAYBOOKS=${RUN_PLAYBOOKS:-"yes"}
export RUN_TEMPEST=${RUN_TEMPEST:-"yes"}
# Ansible options
export ANSIBLE_PARAMETERS=${ANSIBLE_PARAMETERS:-"-v"} export ANSIBLE_PARAMETERS=${ANSIBLE_PARAMETERS:-"-v"}
# Deployment options
export DEPLOY_HOST=${DEPLOY_HOST:-"yes"}
export DEPLOY_LB=${DEPLOY_LB:-"yes"}
export DEPLOY_INFRASTRUCTURE=${DEPLOY_INFRASTRUCTURE:-"yes"}
export DEPLOY_LOGGING=${DEPLOY_LOGGING:-"yes"}
export DEPLOY_OPENSTACK=${DEPLOY_OPENSTACK:-"yes"}
export DEPLOY_SWIFT=${DEPLOY_SWIFT:-"yes"}
export DEPLOY_TEMPEST=${DEPLOY_TEMPEST:-"yes"}
# Limit the gate check to only performing one attempt, unless already set
export MAX_RETRIES=${MAX_RETRIES:-"2"} export MAX_RETRIES=${MAX_RETRIES:-"2"}
# tempest and testr options, default is to run tempest in serial # tempest and testr options, default is to run tempest in serial
export RUN_TEMPEST_OPTS=${RUN_TEMPEST_OPTS:-'--serial'} export RUN_TEMPEST_OPTS=${RUN_TEMPEST_OPTS:-'--serial'}
export TESTR_OPTS=${TESTR_OPTS:-''} export TESTR_OPTS=${TESTR_OPTS:-''}
# Disable the python output buffering so that jenkins gets the output properly
export PYTHONUNBUFFERED=1
# Extra options to pass to the AIO bootstrap process
export BOOTSTRAP_OPTS=${BOOTSTRAP_OPTS:-''}
## Functions ----------------------------------------------------------------- ## Functions -----------------------------------------------------------------
info_block "Checking for required libraries." 2> /dev/null || source $(dirname ${0})/scripts-library.sh info_block "Checking for required libraries." 2> /dev/null || source $(dirname ${0})/scripts-library.sh
## Main ---------------------------------------------------------------------- ## Main ----------------------------------------------------------------------
# Log some data about the instance and the rest of the system
log_instance_info
# Determine the largest secondary disk device available for repartitioning
DATA_DISK_DEVICE=$(lsblk -brndo NAME,TYPE,RO,SIZE | \
awk '/d[b-z]+ disk 0/{ if ($4>m){m=$4; d=$1}}; END{print d}')
# Only set the secondary disk device option if there is one
if [ -n "${DATA_DISK_DEVICE}" ]; then
export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_data_disk_device=${DATA_DISK_DEVICE}"
fi
# Bootstrap Ansible
source $(dirname ${0})/bootstrap-ansible.sh
# Log some data about the instance and the rest of the system
log_instance_info
# Flush all the iptables rules set by openstack-infra
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Adjust settings based on the Cloud Provider info in OpenStack-CI # Adjust settings based on the Cloud Provider info in OpenStack-CI
if [ -f /etc/nodepool/provider -a -s /etc/nodepool/provider ]; then if [ -f /etc/nodepool/provider -a -s /etc/nodepool/provider ]; then
source /etc/nodepool/provider source /etc/nodepool/provider
if [[ ${NODEPOOL_PROVIDER} == "rax"* ]]; then if [[ ${NODEPOOL_PROVIDER} == "rax"* ]]; then
# Set the Ubuntu Repository to the RAX Mirror # Set the Ubuntu Repository for the AIO to the RAX Mirror
export UBUNTU_REPO="http://mirror.rackspace.com/ubuntu" export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_ubuntu_repo=http://mirror.rackspace.com/ubuntu"
export UBUNTU_SEC_REPO="${UBUNTU_REPO}" export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_ubuntu_security_repo=http://mirror.rackspace.com/ubuntu"
elif [[ ${NODEPOOL_PROVIDER} == "hpcloud"* ]]; then elif [[ ${NODEPOOL_PROVIDER} == "hpcloud"* ]]; then
# Set the Ubuntu Repository to the HP Cloud Mirror # Set the Ubuntu Repository for the AIO to the HP Cloud Mirror
export UBUNTU_REPO="http://${NODEPOOL_AZ}.clouds.archive.ubuntu.com/ubuntu" export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_ubuntu_repo=http://${NODEPOOL_AZ}.clouds.archive.ubuntu.com/ubuntu"
export UBUNTU_SEC_REPO="${UBUNTU_REPO}" export BOOTSTRAP_OPTS="${BOOTSTRAP_OPTS} bootstrap_host_ubuntu_security_repo=http://${NODEPOOL_AZ}.clouds.archive.ubuntu.com/ubuntu"
fi fi
# Reduce container affinities as Liberty appears to consume
# a greater volume of resources, causing greater numbers
# of failures with the default affinities.
for container_type in rabbit_mq repo horizon keystone; do
export "NUM_${container_type}_CONTAINER=1"
done
fi fi
# Bootstrap an AIO setup if required # Bootstrap an AIO
if [ "${BOOTSTRAP_AIO}" == "yes" ]; then pushd $(dirname ${0})/../tests
source $(dirname ${0})/bootstrap-aio.sh sed -i '/\[defaults\]/a nocolor = 1/' ansible.cfg
fi ansible-playbook -i "localhost ansible-connection=local," \
-e "${BOOTSTRAP_OPTS}" \
# Bootstrap ansible if required ${ANSIBLE_PARAMETERS} \
if [ "${BOOTSTRAP_ANSIBLE}" == "yes" ]; then bootstrap-aio.yml
source $(dirname ${0})/bootstrap-ansible.sh popd
fi
# Make the /openstack/log directory for openstack-infra gate check log publishing
mkdir -p /openstack/log
# Implement the log directory link for openstack-infra log publishing # Implement the log directory link for openstack-infra log publishing
mkdir -p /openstack/log
ln -sf /openstack/log $(dirname ${0})/../logs ln -sf /openstack/log $(dirname ${0})/../logs
pushd $(dirname ${0})/../playbooks
# Disable Ansible color output
sed -i 's/nocolor.*/nocolor = 1/' ansible.cfg
# Create ansible logging directory and add in a log file entry into ansible.cfg # Create ansible logging directory and add in a log file entry into ansible.cfg
mkdir -p /openstack/log/ansible-logging mkdir -p /openstack/log/ansible-logging
sed -i '/\[defaults\]/a log_path = /openstack/log/ansible-logging/ansible.log' $(dirname ${0})/../playbooks/ansible.cfg sed -i '/\[defaults\]/a log_path = /openstack/log/ansible-logging/ansible.log' ansible.cfg
# Enable detailed task profiling # Enable detailed task profiling
sed -i '/\[defaults\]/a callback_plugins = plugins/callbacks' $(dirname ${0})/../playbooks/ansible.cfg sed -i '/\[defaults\]/a callback_plugins = plugins/callbacks' ansible.cfg
popd
# Disable Ansible color output
sed -i 's/nocolor.*/nocolor = 1/' $(dirname ${0})/../playbooks/ansible.cfg
# Enable debug logging for all services to make failure debugging easier
echo "debug: True" | tee -a /etc/openstack_deploy/user_variables.yml
# NOTE: hpcloud-b4's eth0 uses 10.0.3.0/24, which overlaps with the
# lxc_net_address default
# TODO: We'll need to implement a mechanism to determine valid lxc_net_address
# value which will not overlap with an IP already assigned to the host.
echo "lxc_net_address: 10.255.255.1" | tee -a /etc/openstack_deploy/user_variables.yml
echo "lxc_net_netmask: 255.255.255.0" | tee -a /etc/openstack_deploy/user_variables.yml
echo "lxc_net_dhcp_range: 10.255.255.2,10.255.255.253" | tee -a /etc/openstack_deploy/user_variables.yml
# Disable the python output buffering so that jenkins gets the output properly
export PYTHONUNBUFFERED=1
# Run the ansible playbooks if required
if [ "${RUN_PLAYBOOKS}" == "yes" ]; then
# Set-up our tiny awk script.
strip_debug="
!/(^[ 0-9|:.-]+<[0-9.]|localhost+>)|Extracting/ {
gsub(/{.*/, \"\");
gsub(/\\n.*/, \"\");
gsub(/\=\>.*/, \"\");
print
}
"
set -o pipefail
bash $(dirname ${0})/run-playbooks.sh | awk "${strip_debug}"
set +o pipefail
fi
# Log some data about the instance and the rest of the system # Log some data about the instance and the rest of the system
log_instance_info log_instance_info
# Run the tempest tests if required # Execute the Playbooks
if [ "${RUN_TEMPEST}" == "yes" ]; then bash $(dirname ${0})/run-playbooks.sh
# Log some data about the instance and the rest of the system
log_instance_info
# Run the tempest tests
source $(dirname ${0})/run-tempest.sh source $(dirname ${0})/run-tempest.sh
fi
# Log some data about the instance and the rest of the system
log_instance_info
exit_success exit_success

View File

@ -25,9 +25,9 @@ DEPLOY_LOGGING=${DEPLOY_LOGGING:-"yes"}
DEPLOY_OPENSTACK=${DEPLOY_OPENSTACK:-"yes"} DEPLOY_OPENSTACK=${DEPLOY_OPENSTACK:-"yes"}
DEPLOY_SWIFT=${DEPLOY_SWIFT:-"yes"} DEPLOY_SWIFT=${DEPLOY_SWIFT:-"yes"}
DEPLOY_CEILOMETER=${DEPLOY_CEILOMETER:-"yes"} DEPLOY_CEILOMETER=${DEPLOY_CEILOMETER:-"yes"}
DEPLOY_TEMPEST=${DEPLOY_TEMPEST:-"no"} DEPLOY_TEMPEST=${DEPLOY_TEMPEST:-"yes"}
COMMAND_LOGS=${COMMAND_LOGS:-"/openstack/log/ansible_cmd_logs/"} COMMAND_LOGS=${COMMAND_LOGS:-"/openstack/log/ansible_cmd_logs/"}
ADD_NEUTRON_AGENT_CHECKSUM_RULE=${BOOTSTRAP_AIO:-"no"} ADD_NEUTRON_AGENT_CHECKSUM_RULE=${ADD_NEUTRON_AGENT_CHECKSUM_RULE:-"yes"}
## Functions ----------------------------------------------------------------- ## Functions -----------------------------------------------------------------

View File

@ -18,9 +18,6 @@
## Vars ---------------------------------------------------------------------- ## Vars ----------------------------------------------------------------------
LINE='----------------------------------------------------------------------' LINE='----------------------------------------------------------------------'
MAX_RETRIES=${MAX_RETRIES:-5} MAX_RETRIES=${MAX_RETRIES:-5}
BOOTSTRAP_AIO_DIR=${BOOTSTRAP_AIO_DIR:-"/openstack"}
DATA_DISK_DEVICE=${DATA_DISK_DEVICE:-}
MIN_DISK_SIZE_GB=${MIN_DISK_SIZE_GB:-80}
REPORT_DATA=${REPORT_DATA:-""} REPORT_DATA=${REPORT_DATA:-""}
ANSIBLE_PARAMETERS=${ANSIBLE_PARAMETERS:-""} ANSIBLE_PARAMETERS=${ANSIBLE_PARAMETERS:-""}
STARTTIME="${STARTTIME:-$(date +%s)}" STARTTIME="${STARTTIME:-$(date +%s)}"
@ -76,74 +73,6 @@ function install_bits {
successerator openstack-ansible ${ANSIBLE_PARAMETERS} --forks ${FORKS} $@ successerator openstack-ansible ${ANSIBLE_PARAMETERS} --forks ${FORKS} $@
} }
function configure_diskspace {
# If there are any block devices available other than the one
# used for the root disk, repurpose it for our needs.
# If DATA_DISK_DEVICE is not set or empty, then try to figure out which
# device to use
if [ -z "${DATA_DISK_DEVICE}" ]; then
# Identify the list of disk devices available, sort from largest to
# smallest, and pick the largest.
# Excludes:
# - the first device, as that is where the OS is expected
# - read only devices, as we can't write to them
DATA_DISK_DEVICE=$(lsblk -brndo NAME,TYPE,RO,SIZE | \
awk '/d[b-z]+ disk 0/{ if ($4>m){m=$4; d=$1}}; END{print d}')
fi
# We only want to continue if a device was found to use. If not,
# then we simply leave the disks alone.
if [ ! -z "${DATA_DISK_DEVICE}" ]; then
# Calculate the minimum disk size in bytes
MIN_DISK_SIZE_B=$((MIN_DISK_SIZE_GB * 1024 * 1024 * 1024))
# Determine the size in bytes of the selected device
blk_dev_size_b=$(lsblk -nrdbo NAME,TYPE,SIZE | \
awk "/^${DATA_DISK_DEVICE} disk/ {print \$3}")
# Determine if the device is large enough
if [ "${blk_dev_size_b}" -ge "${MIN_DISK_SIZE_B}" ]; then
# Only execute the disk partitioning process if a partition labeled
# 'openstack-data{1,2}' is not present and that partition is not
# formatted as ext4. This is an attempt to achieve idempotency just
# in case this script is run multiple times.
if ! parted --script -l -m | egrep -q ':ext4:openstack-data[12]:;$'; then
# Dismount any mount points on the device
mount_points=$(awk "/^\/dev\/${DATA_DISK_DEVICE}[0-9]* / {print \$2}" /proc/mounts)
for mount_point in ${mount_points}; do
umount ${mount_point}
sed -i ":${mount_point}:d" /etc/fstab
done
# Partition the whole disk for our usage
parted --script /dev/${DATA_DISK_DEVICE} mklabel gpt
parted --align optimal --script /dev/${DATA_DISK_DEVICE} mkpart openstack-data1 ext4 0% 40%
parted --align optimal --script /dev/${DATA_DISK_DEVICE} mkpart openstack-data2 ext4 40% 100%
# Format the bootstrap partition, create the mount point, and mount it.
mkfs.ext4 /dev/${DATA_DISK_DEVICE}1
mkdir -p ${BOOTSTRAP_AIO_DIR}
mount /dev/${DATA_DISK_DEVICE}1 ${BOOTSTRAP_AIO_DIR}
# Format the lxc partition, create the mount point, and mount it.
mkfs.ext4 /dev/${DATA_DISK_DEVICE}2
mkdir -p /var/lib/lxc
mount /dev/${DATA_DISK_DEVICE}2 /var/lib/lxc
fi
# Add the fstab entries if they aren't there already
if ! grep -qw "^/dev/${DATA_DISK_DEVICE}1" /etc/fstab; then
echo "/dev/${DATA_DISK_DEVICE}1 ${BOOTSTRAP_AIO_DIR} ext4 defaults 0 0" >> /etc/fstab
fi
if ! grep -qw "^/dev/${DATA_DISK_DEVICE}2" /etc/fstab; then
echo "/dev/${DATA_DISK_DEVICE}2 /var/lib/lxc ext4 defaults 0 0" >> /etc/fstab
fi
fi
fi
}
function ssh_key_create { function ssh_key_create {
# Ensure that the ssh key exists and is an authorized_key # Ensure that the ssh key exists and is an authorized_key
key_path="${HOME}/.ssh" key_path="${HOME}/.ssh"
@ -167,44 +96,6 @@ function ssh_key_create {
fi fi
} }
function loopback_create {
LOOP_FILENAME=${1}
LOOP_FILESIZE=${2}
LOOP_FILE_TYPE=${3} # thin, thick
LOOP_MOUNT_METHOD=${4} # swap, rc, none
if [ ! -f "${LOOP_FILENAME}" ]; then
if [ "${LOOP_FILE_TYPE}" = "thin" ]; then
truncate -s ${LOOP_FILESIZE} ${LOOP_FILENAME}
elif [ "${LOOP_FILE_TYPE}" = "thick" ]; then
fallocate -l ${LOOP_FILESIZE} ${LOOP_FILENAME} &> /dev/null || \
dd if=/dev/zero of=${LOOP_FILENAME} bs=1M count=$(( LOOP_FILESIZE / 1024 / 1024 ))
else
exit_fail "No valid option ${LOOP_FILE_TYPE} found."
fi
fi
if [ "${LOOP_MOUNT_METHOD}" = "rc" ]; then
if ! losetup -a | grep -q "(${LOOP_FILENAME})$"; then
LOOP_DEVICE=$(losetup -f)
losetup ${LOOP_DEVICE} ${LOOP_FILENAME}
fi
if ! grep -q ${LOOP_FILENAME} /etc/rc.local; then
sed -i "\$i losetup \$(losetup -f) ${LOOP_FILENAME}" /etc/rc.local
fi
fi
if [ "${LOOP_MOUNT_METHOD}" = "swap" ]; then
if ! swapon -s | grep -q ${LOOP_FILENAME}; then
mkswap ${LOOP_FILENAME}
swapon -a
fi
if ! grep -q "^${LOOP_FILENAME} " /etc/fstab; then
echo "${LOOP_FILENAME} none swap loop 0 0" >> /etc/fstab
fi
fi
}
function exit_state { function exit_state {
set +x set +x
TOTALSECONDS="$(( $(date +%s) - STARTTIME ))" TOTALSECONDS="$(( $(date +%s) - STARTTIME ))"

5
tests/ansible.cfg Normal file
View File

@ -0,0 +1,5 @@
[defaults]
action_plugins = ../playbooks/plugins/actions
callback_plugins = ../playbooks/plugins/callbacks
library = ../playbooks/library
host_key_checking = False

21
tests/bootstrap-aio.yml Normal file
View File

@ -0,0 +1,21 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: localhost
user: root
roles:
- sshd
- pip_install
- bootstrap-host

View File

@ -0,0 +1,101 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Boolean option to implement OpenStack-Ansible configuration for an AIO
bootstrap_host_aio_config: yes
## Swap memory
# If there is no swap memory present, the bootstrap will create a loopback disk
# for the purpose of having swap memory available. Swap is required for some of
# the services deployed and is useful for AIO's built with less than 16GB memory.
# By default the swap size is set to 8GB unless the host memory is less than 8GB,
# in which case it is set to 4GB.
bootstrap_host_swap_size: "{% if ansible_memory_mb['real']['total'] < 8*1024 %}4{% else %}8{% endif %}"
## Loopback volumes
# Sparse loopback disks are used for Cinder, Swift and Nova (instance storage).
# The size of the loopback volumes can be customized here (in gigabytes).
#
# Boolean option to deploy the loopback disk for Cinder
bootstrap_host_loopback_cinder: yes
# Size of the Cinder loopback disk in gigabytes (GB).
bootstrap_host_loopback_cinder_size: 1024
#
# Boolean option to deploy the loopback disk for Swift
bootstrap_host_loopback_swift: yes
# Size of the Swift loopback disk in gigabytes (GB).
bootstrap_host_loopback_swift_size: 1024
#
# Boolean option to deploy the loopback disk for Nova
bootstrap_host_loopback_nova: yes
# Size of the Nova loopback disk in gigabytes (GB).
bootstrap_host_loopback_nova_size: 1024
## Bridge configuration
# The AIO bootstrap configures bridges for use with the AIO deployment.
# By default, these bridges are configured to be independent of any physical
# interfaces, and they have their 'bridge_ports' set to 'none'. However,
# deployers can add a physical interface to 'bridge_ports' to connect the
# bridge to a real physical interface.
#
# A setting of 'none' keeps the bridges as independent from physical
# interfaces (the default).
#
# Setting the value to 'eth1' would mean that the bridge is directly connected
# to the eth1 device.
#
# See https://wiki.debian.org/BridgeNetworkConnections for more details.
bootstrap_host_bridge_mgmt_ports: none
bootstrap_host_bridge_vxlan_ports: none
bootstrap_host_bridge_storage_ports: none
## Extra storage
# An AIO may optionally be built using a second storage device. If a
# secondary disk device to use is not specified, then the AIO will be
# built on any existing disk partitions.
#
# WARNING: The data on a secondary storage device specified here will
# be destroyed and repartitioned.
#
# Specify the secondary disk device to use.
#bootstrap_host_data_disk_device: vdb
#
# Boolean value to force the repartitioning of the secondary device.
bootstrap_host_data_disk_device_force: no
#
# If the storage capacity on this device is greater than or equal to this
# size (in GB), the bootstrap process will use it.
bootstrap_host_data_disk_min_size: 80
### MongoDB Settings
# MongoDB is installed on the host in the AIO for Ceilometer and Aodh to use.
#
# Boolean value to deploy and configure the MongoDB service on the host.
bootstrap_host_mongodb_service: yes
#
# Specify the IP address of a MongoDB Host.
bootstrap_host_mongodb_address: 172.29.236.100
### Optional Settings ###
# Set the apt repository URL's configured for the host and containers.
# By default the configuration will be derived from the host.
#bootstrap_host_ubuntu_repo: http://archive.ubuntu.com/ubuntu/
#bootstrap_host_ubuntu_security_repo: http://archive.ubuntu.com/ubuntu/
# Specify the public IP address for the host.
# By default the address will be set to the ipv4 address of the
# host's network interface that has the default route on it.
#bootstrap_host_public_address: 0.0.0.0

View File

@ -0,0 +1,56 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Check for a supported Operating System
assert:
that: ansible_distribution | lower == 'ubuntu'
tags:
- check-operating-system
- name: Identify the space available in /
shell: |
df -BG / | awk '/^[^Filesystem]/ {print $4}' | sed 's/G//'
when:
- bootstrap_host_data_disk_device is not defined
changed_when: false
register: root_space_available
tags:
- check-disk-size
- name: Fail if there is not enough space available in /
assert:
that: |
root_space_available.stdout | int >= (bootstrap_host_data_disk_min_size * 0.75) | int
when:
- bootstrap_host_data_disk_device is not defined
tags:
- check-disk-size
- name: Fail if there is not enough disk space available (disk specified)
assert:
that: |
(ansible_devices[bootstrap_host_data_disk_device]['size'] | replace(' GB','')) | int
>= bootstrap_host_data_disk_min_size | int
when:
- bootstrap_host_data_disk_device is defined
tags:
- check-disk-size
- name: Ensure that the kernel has VXLAN support
modprobe:
name: vxlan
state: present
tags:
- check-vxlan

View File

@ -0,0 +1,97 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure that apt supports HTTPS package sources
apt:
name: apt-transport-https
state: present
tags:
- apt-install-prerequisites
- name: Determine the existing Ubuntu repo configuration
shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list'
register: ubuntu_repo
when:
- bootstrap_host_ubuntu_repo is not defined
changed_when: false
tags:
- find-apt-repo
- name: Determine the existing Ubuntu Security repo configuration
shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }}-security main/ {print \$2; exit}" /etc/apt/sources.list'
register: ubuntu_security_repo
when:
- bootstrap_host_ubuntu_security_repo is not defined
changed_when: false
tags:
- find-apt-security-repo
- name: Set apt repo facts based on discovered information
set_fact:
bootstrap_host_ubuntu_repo: "{{ ubuntu_repo.stdout }}"
bootstrap_host_ubuntu_security_repo: "{{ ubuntu_security_repo.stdout }}"
when:
- bootstrap_host_ubuntu_repo is not defined
- bootstrap_host_ubuntu_security_repo is not defined
- ubuntu_repo is defined
- ubuntu_security_repo is defined
- name: Configure apt's sources.list (Ubuntu only)
template:
src: apt-sources.list.j2
dest: /etc/apt/sources.list
backup: yes
when:
- ansible_distribution == 'Ubuntu'
- bootstrap_host_ubuntu_repo is defined
- bootstrap_host_ubuntu_security_repo is defined
register: apt_sources_configure
- name: Update apt-cache
apt:
update_cache: yes
when:
- apt_sources_configure is defined
- apt_sources_configure | changed
tags:
- apt-cache-update
- name: Remove known problem packages
apt:
name: "{{ item }}"
state: absent
with_items:
- "{{ packages_remove }}"
tags:
- remove-packages
- name: Install required packages
apt:
name: "{{ item }}"
state: present
with_items:
- "{{ packages_install }}"
tags:
- install-packages
- name: Install MongoDB packages
apt:
name: "{{ item }}"
state: present
with_items:
- "{{ packages_mongodb }}"
when: bootstrap_host_mongodb_service | bool
tags:
- install-mongodb

View File

@ -0,0 +1,110 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Before we do anything, check the minimum requirements
- include: check-requirements.yml
tags:
- check-requirements
# We will look for the most specific variable files first and eventually
# end up with the least-specific files.
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
- "{{ ansible_distribution | lower }}.yml"
- "{{ ansible_os_family | lower }}.yml"
tags:
- always
- name: Create the required directories
file:
path: "{{ item }}"
state: directory
with_items:
- "/openstack"
tags:
- create-directories
# Configure apt in a known way to reduce the chance of unexpected failures
- include: install-apt.yml
when:
- ansible_pkg_mgr == 'apt'
tags:
- install-apt
# Prepare the data disk, if one is provided
- include: prepare_data_disk.yml
when:
- bootstrap_host_data_disk_device is defined
tags:
- prepare-data-disk
# Prepare the swap space loopback disk
# This is only necessary if there isn't swap already
- include: prepare_loopback_swap.yml
when:
- ansible_swaptotal_mb < 1
tags:
- prepare-loopback-swap
# Prepare the Cinder LVM VG loopback disk
# This is only necessary if bootstrap_host_loopback_cinder is set to yes
- include: prepare_loopback_cinder.yml
when:
- bootstrap_host_loopback_cinder | bool
tags:
- prepare-loopback-cinder
# Prepare the Nova instance storage loopback disk
- include: prepare_loopback_nova.yml
when:
- bootstrap_host_loopback_nova | bool
tags:
- prepare-loopback-nova
# Prepare the Swift data storage loopback disks
- include: prepare_loopback_swift.yml
when:
- bootstrap_host_loopback_swift | bool
tags:
- prepare-loopback-swift
# Prepare the network interfaces
- include: prepare_networking.yml
tags:
- prepare-networking
# Ensure that there are both private and public ssh keys for root
- include: prepare_ssh_keys.yml
tags:
- prepare-ssh-keys
# Put the OpenStack-Ansible configuration for an All-In-One on the host
- include: prepare_aio_config.yml
when: bootstrap_host_aio_config | bool
tags:
- prepare-aio-config
# Prepare the MongoDB Service for Ceilometer/Aodh
- include: prepare_mongodb_service.yml
when: bootstrap_host_mongodb_service | bool
tags:
- prepare-mongodb-service
# Prepare the MongoDB Users for Ceilometer/Aodh
- include: prepare_mongodb_users.yml
tags:
- prepare-mongodb-users

View File

@ -0,0 +1,149 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create the required deployment directories
file:
path: "{{ item }}"
state: directory
with_items:
- "/etc/openstack_deploy/"
- "/etc/openstack_deploy/conf.d"
- "/etc/openstack_deploy/env.d"
tags:
- create-directories
- name: Deploy environment (env.d) configuration
config_template:
src: "../etc/openstack_deploy/env.d/{{ item.name }}"
dest: "/etc/openstack_deploy/env.d/{{ item.name }}"
config_overrides: "{{ item.override }}"
config_type: "yaml"
with_items:
- name: aodh.yml
override: "{{ aodh_env_overrides | default({}) }}"
- name: ceilometer.yml
override: "{{ ceilometer_env_overrides | default({}) }}"
- name: cinder.yml
override: "{{ cinder_env_overrides | default({}) }}"
- name: galera.yml
override: "{{ galera_env_overrides | default({}) }}"
- name: glance.yml
override: "{{ glance_env_overrides | default({}) }}"
- name: haproxy.yml
override: "{{ haproxy_env_overrides | default({}) }}"
- name: heat.yml
override: "{{ heat_env_overrides | default({}) }}"
- name: horizon.yml
override: "{{ horizon_env_overrides | default({}) }}"
- name: infra.yml
override: "{{ infra_env_overrides | default({}) }}"
- name: keystone.yml
override: "{{ keystone_env_overrides | default({}) }}"
- name: memcache.yml
override: "{{ memcache_env_overrides | default({}) }}"
- name: neutron.yml
override: "{{ neutron_env_overrides | default({}) }}"
- name: nova.yml
override: "{{ nova_env_overrides | default({}) }}"
- name: os-infra.yml
override: "{{ os_infra_env_overrides | default({}) }}"
- name: pkg_repo.yml
override: "{{ pkg_repo_env_overrides | default({}) }}"
- name: rabbitmq.yml
override: "{{ rabbitmq_env_overrides | default({}) }}"
- name: rsyslog.yml
override: "{{ rsyslog_env_overrides | default({}) }}"
- name: shared-infra.yml
override: "{{ shared_infra_env_overrides | default({}) }}"
- name: swift-remote.yml
override: "{{ swift_remote_env_overrides | default({}) }}"
- name: swift.yml
override: "{{ swift_env_overrides | default({}) }}"
- name: utility.yml
override: "{{ utility_env_overrides | default({}) }}"
tags:
- deploy-envd
- name: Deploy user conf.d configuration
config_template:
src: "../etc/openstack_deploy/conf.d/{{ item.name }}"
dest: "/etc/openstack_deploy/conf.d/{{ item.name | regex_replace('.aio$', '') }}"
config_overrides: "{{ item.override }}"
config_type: "yaml"
with_items:
- name: aodh.yml.aio
override: "{{ aodh_conf_overrides | default({}) }}"
- name: ceilometer.yml.aio
override: "{{ ceilometer_conf_overrides | default({}) }}"
- name: swift.yml.aio
override: "{{ swift_conf_overrides | default({}) }}"
tags:
- deploy-confd
- name: Deploy openstack_user_config
config_template:
src: "../etc/openstack_deploy/openstack_user_config.yml.aio"
dest: "/etc/openstack_deploy/openstack_user_config.yml"
config_overrides: "{{ openstack_user_config_overrides | default({}) }}"
config_type: "yaml"
tags:
- deploy-openstack-user-config
- name: Deploy openstack_environment
config_template:
src: "../etc/openstack_deploy/openstack_environment.yml"
dest: "/etc/openstack_deploy/openstack_environment.yml"
config_overrides: "{{ openstack_environment_overrides | default({}) }}"
config_type: "yaml"
tags:
- deploy-openstack-environment
- name: Deploy user_secrets file
config_template:
src: "../etc/openstack_deploy/user_secrets.yml"
dest: "/etc/openstack_deploy/user_secrets.yml"
config_overrides: "{{ user_secrets_overrides | default({}) }}"
config_type: "yaml"
tags:
- deploy-user-secrets
- name: Generate any missing values in user_secrets
shell: ../scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml
tags:
- generate_secrets
- name: Get the DNS servers in use on the host
shell: grep nameserver /etc/resolv.conf
register: nameservers
when:
- lxc_cache_resolvers is not defined
tags:
- get-nameservers
- name: Set lxc_cache_resolvers fact
set_fact:
lxc_cache_resolvers: "[\"{{ nameservers.stdout_lines | join('\",\"') }}\"]"
when:
- nameservers is defined
tags:
- set-fact-lxc_cache_resolvers
- name: Set the user_variables
config_template:
src: user_variables.aio.yml.j2
dest: /etc/openstack_deploy/user_variables.yml
config_overrides: "{{ user_variables_overrides | default({}) }}"
config_type: yaml

View File

@ -0,0 +1,73 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Only execute the disk partitioning process if a partition labeled
# 'openstack-data{1,2}' is not present and that partition is not
# formatted as ext4. This is an attempt to achieve idempotency just
# in case these tasks are executed multiple times.
- name: Determine whether partitions labeled openstack-data{1,2} are present
shell: |
parted --script -l -m | egrep -q ':ext4:openstack-data[12]:;$'
register: data_disk_partitions
changed_when: false
ignore_errors: yes
tags:
- check-data-disk-partitions
- name: Dismount and remove fstab entries for anything on the data disk device
mount:
name: "{{ item.mount }}"
src: "{{ item.device }}"
fstype: ext4
state: absent
when:
- data_disk_partitions.rc == 1 or bootstrap_host_data_disk_device_force | bool
- item.device | search(bootstrap_host_data_disk_device)
with_items:
- "{{ ansible_mounts }}"
- name: Partition the whole data disk for our usage
shell: "{{ item }}"
when: data_disk_partitions.rc == 1 or bootstrap_host_data_disk_device_force | bool
with_items:
- "parted --script /dev/{{ bootstrap_host_data_disk_device }} mklabel gpt"
- "parted --align optimal --script /dev/{{ bootstrap_host_data_disk_device }} mkpart openstack-data1 ext4 0% 40%"
- "parted --align optimal --script /dev/{{ bootstrap_host_data_disk_device }} mkpart openstack-data2 ext4 40% 100%"
tags:
- create-data-disk-partitions
- name: Format the partitions
filesystem:
fstype: ext4
dev: "{{ item }}"
when: data_disk_partitions.rc == 1 or bootstrap_host_data_disk_device_force | bool
with_items:
- "/dev/{{ bootstrap_host_data_disk_device }}1"
- "/dev/{{ bootstrap_host_data_disk_device }}2"
tags:
- format-data-partitions
- name: Create the mount points, fstab entries and mount the file systems
mount:
name: "{{ item.mount_point }}"
src: "{{ item.device }}"
fstype: ext4
state: mounted
with_items:
- { mount_point: /openstack, device: "/dev/{{ bootstrap_host_data_disk_device }}1"}
- { mount_point: /var/lib/lxc, device: "/dev/{{ bootstrap_host_data_disk_device }}2"}
tags:
- mount-data-partitions

View File

@ -0,0 +1,72 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create sparse Cinder file
shell: "truncate -s {{ bootstrap_host_loopback_cinder_size }}G /openstack/cinder.img"
args:
creates: /openstack/cinder.img
register: cinder_create
tags:
- cinder-file-create
- name: Get a loopback device for cinder file
shell: losetup -f
when: cinder_create | changed
register: cinder_losetup
tags:
- cinder-device-get
- name: Create the loopback device
shell: "losetup {{ cinder_losetup.stdout }} /openstack/cinder.img"
when: cinder_create | changed
tags:
- cinder-device-create
- name: Ensure that rc.local exists
file:
path: /etc/rc.local
state: touch
mode: "u+x"
tags:
- cinder-rc-file
# As the cinder loopback is an LVM VG, it needs to be mounted differently
# to the other loopback files. It requires the use of rc.local to attach
# the loopback device on boot so that the VG becomes available immediately
# after the boot process completes.
- name: Create loopback devices at boot time
lineinfile:
dest: /etc/rc.local
line: "losetup $(losetup -f) /openstack/cinder.img"
tags:
- cinder-rc-config
- name: Make LVM physical volume on the cinder device
shell: "{{ item }}"
when: cinder_create | changed
with_items:
- "pvcreate {{ cinder_losetup.stdout }}"
- "pvscan"
tags:
- cinder-lvm-pv
- name: Add cinder-volumes volume group
lvg:
vg: cinder-volumes
pvs: "{{ cinder_losetup.stdout }}"
when: cinder_create | changed
tags:
- cinder-lvm-vg

View File

@ -0,0 +1,39 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create sparse Nova file
shell: "truncate -s {{ bootstrap_host_loopback_nova_size }}G /openstack/nova.img"
args:
creates: /openstack/nova.img
register: nova_create
tags:
- nova-file-create
- name: Format the Nova file
filesystem:
fstype: ext4
dev: /openstack/nova.img
when: nova_create | changed
tags:
- nova-format-file
- name: Create the mount points, fstab entries and mount the file systems
mount:
name: /var/lib/nova/instances
src: /openstack/nova.img
fstype: ext4
state: mounted
tags:
- nova-file-mount

View File

@ -0,0 +1,61 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create swap file
shell: "fallocate -l {{ bootstrap_host_swap_size }}G /openstack/swap.img"
args:
creates: /openstack/swap.img
register: swap_create
tags:
- swap-file-create
- name: Set swap file permissions to 0600
file:
path: /openstack/swap.img
mode: 0600
tags:
- swap-permissions
- name: Format the swap file
shell: mkswap /openstack/swap.img
when: swap_create | changed
tags:
- swap-format
- name: Ensure that the swap file entry is in /etc/fstab
mount:
name: none
src: /openstack/swap.img
fstype: swap
opts: sw
passno: 0
dump: 0
state: present
tags:
- swap-fstab
- name: Bring swap file online
shell: swapon /openstack/swap.img
tags:
- swap-online
- name: Set system swappiness
sysctl:
name: vm.swappiness
value: 10
state: present
tags:
- swap-sysctl

View File

@ -0,0 +1,54 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create sparse Swift files
shell: "truncate -s {{ bootstrap_host_loopback_cinder_size }}G /openstack/{{ item }}.img"
args:
creates: "/openstack/{{ item }}.img"
with_items:
- 'swift1'
- 'swift2'
- 'swift3'
register: swift_create
tags:
- swift-file-create
- name: Format the Swift files
filesystem:
fstype: xfs
dev: "/openstack/{{ item }}.img"
when: swift_create | changed
with_items:
- 'swift1'
- 'swift2'
- 'swift3'
tags:
- swift-format-file
- name: Create the Swift mount points, fstab entries and mount the file systems
mount:
name: "/srv/{{ item }}.img"
src: "/openstack/{{ item }}.img"
fstype: xfs
opts: 'loop,noatime,nodiratime,nobarrier,logbufs=8'
passno: 0
dump: 0
state: mounted
with_items:
- 'swift1'
- 'swift2'
- 'swift3'
tags:
- swift-file-mount

View File

@ -0,0 +1,61 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Configure the MongoDB bind address
lineinfile:
dest: /etc/mongodb.conf
regexp: "^(#)?bind_ip"
line: "bind_ip = {{ bootstrap_host_mongodb_address }}"
register: mongodb_bind
tags:
- mongodb-conf-bind_ip
- name: Enable the MongoDB smallfiles option
lineinfile:
dest: /etc/mongodb.conf
regexp: "^(#)?smallfiles"
line: "smallfiles = true"
register: mongodb_smallfiles
tags:
- mongodb-conf-smallfiles
- name: Restart mongodb
service:
name: mongodb
state: restarted
when:
- mongodb_bind | changed or mongodb_smallfiles | changed
register: mongodb_restart
tags:
- mongodb-restart
- name: Wait for mongodb to come back online after the restart
wait_for:
host: "{{ bootstrap_host_mongodb_address }}"
port: 27017
delay: 5
timeout: 30
when:
- mongodb_restart is defined
- mongodb_restart | changed
tags:
- mongodb-wait
- name: Test mongodb connectivity
command: "mongo --host {{ bootstrap_host_mongodb_address }} --eval ' '"
changed_when: False
tags:
- mongodb-test

View File

@ -0,0 +1,41 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Read user_secrets vars
include_vars: /etc/openstack_deploy/user_secrets.yml
tags:
- mongodb-secrets
- name: Add ceilometer database user
mongodb_user:
login_host: "{{ bootstrap_host_mongodb_address }}"
database: ceilometer
name: ceilometer
password: "{{ ceilometer_container_db_password }}"
roles: 'readWrite,dbAdmin'
state: present
tags:
- mongodb-create-user-ceilometer
- name: Add aodh database user
mongodb_user:
login_host: "{{ bootstrap_host_mongodb_address }}"
database: aodh
name: aodh
password: "{{ aodh_container_db_password }}"
roles: 'readWrite,dbAdmin'
state: present
tags:
- mongodb-create-user-aodh

View File

@ -0,0 +1,58 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure that /etc/network/interfaces.d/ exists
file:
path: /etc/network/interfaces.d/
state: directory
tags:
- networking-dir-create
- name: Copy network configuration
template:
src: osa_interfaces.cfg.j2
dest: /etc/network/interfaces.d/osa_interfaces.cfg
register: osa_interfaces
tags:
- networking-interfaces-file
- name: Ensure our interfaces.d configuration files are loaded automatically
lineinfile:
dest: /etc/network/interfaces
line: "source /etc/network/interfaces.d/*.cfg"
tags:
- networking-interfaces-load
- name: Shut down the network interfaces
command: "ifdown {{ item }}"
when: osa_interfaces | changed
with_items:
- br-mgmt
- br-storage
- br-vlan
- br-vxlan
tags:
- networking-interfaces-stop
- name: Start the network interfaces
command: "ifup {{ item }}"
when: osa_interfaces | changed
with_items:
- br-mgmt
- br-storage
- br-vlan
- br-vxlan
tags:
- networking-interfaces-start

View File

@ -0,0 +1,67 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure root has a .ssh directory
file:
path: /root/.ssh
state: directory
owner: root
group: root
mode: 0700
tags:
- ssh-key-dir
- name: Check for existing ssh private key file
stat:
path: /root/.ssh/id_rsa
register: ssh_key_private
tags:
- ssh-key-check
- name: Check for existing ssh public key file
stat:
path: /root/.ssh/id_rsa.pub
register: ssh_key_public
tags:
- ssh-key-check
- name: Remove an existing private/public ssh keys if one is missing
file:
path: "/root/.ssh/{{ item }}"
state: absent
when: not ssh_key_public.stat.exists or not ssh_key_private.stat.exists
with_items:
- 'id_rsa'
- 'id_rsa.pub'
tags:
- ssh-key-clean
- name: Create ssh key pair for root
user:
name: root
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: /root/.ssh/id_rsa
tags:
- ssh-key-generate
- name: Ensure root's new public ssh key is in authorized_keys
authorized_key:
user: root
key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
manage_dir: no
tags:
- ssh-key-authorized

View File

@ -0,0 +1,10 @@
# {{ ansible_managed }}
# Base repositories
deb {{ bootstrap_host_ubuntu_repo }} {{ ansible_distribution_release }} main restricted universe multiverse
# Updates repositories
deb {{ bootstrap_host_ubuntu_repo }} {{ ansible_distribution_release }}-updates main restricted universe multiverse
# Backports repositories
deb {{ bootstrap_host_ubuntu_repo }} {{ ansible_distribution_release }}-backports main restricted universe multiverse
# Security repositories
deb {{ bootstrap_host_ubuntu_security_repo }} {{ ansible_distribution_release }}-security main restricted universe multiverse

View File

@ -0,0 +1,68 @@
## The default networking requires several bridges. These bridges were named to be informative
## however they can be named what ever you like and is adaptable to any network infrastructure
## environment. This file serves as an example of how to setup basic networking and was ONLY
## built for the purpose of being an example and used expressly in the building of an ALL IN
## ONE development environment.
auto br-mgmt
iface br-mgmt inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
# Notice the bridge port is the vlan tagged interface
bridge_ports {{ bootstrap_host_bridge_mgmt_ports }}
address 172.29.236.100
netmask 255.255.252.0
offload-sg off
auto br-vxlan
iface br-vxlan inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
bridge_ports {{ bootstrap_host_bridge_vxlan_ports }}
address 172.29.240.100
netmask 255.255.252.0
offload-sg off
# To ensure ssh checksum is correct
up /sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill
down /sbin/iptables -D POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill
# To provide internet connectivity to instances
up /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
down /sbin/iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
auto br-storage
iface br-storage inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
bridge_ports {{ bootstrap_host_bridge_storage_ports }}
address 172.29.244.100
netmask 255.255.252.0
offload-sg off
auto br-vlan
iface br-vlan inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
address 172.29.248.100
netmask 255.255.252.0
offload-sg off
# Create veth pair, don't bomb if already exists
pre-up ip link add br-vlan-veth type veth peer name eth12 || true
# Set both ends UP
pre-up ip link set br-vlan-veth up
pre-up ip link set eth12 up
# Delete veth pair on DOWN
post-down ip link del br-vlan-veth || true
bridge_ports br-vlan-veth
# Add an additional address to br-vlan
iface br-vlan inet static
# Flat network default gateway
# -- This needs to exist somewhere for network reachability
# -- from the router namespace for floating IP paths.
# -- Putting this here is primarily for tempest to work.
address 172.29.248.1
netmask 255.255.252.0

View File

@ -0,0 +1,91 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## General options
debug: True
## Ceilometer Options
ceilometer_db_type: mongodb
ceilometer_db_ip: {{ bootstrap_host_mongodb_address }}
ceilometer_db_port: 27017
cinder_ceilometer_enabled: True
glance_ceilometer_enabled: True
heat_ceilometer_enabled: True
neutron_ceilometer_enabled: True
nova_ceilometer_enabled: True
swift_ceilometer_enabled: True
## Aodh Options
aodh_db_type: mongodb
aodh_db_ip: {{ bootstrap_host_mongodb_address }}
aodh_db_port: 27017
## Glance Options
glance_default_store: swift
## SSL Settings
ssl_protocol: "ALL -SSLv2 -SSLv3"
# Cipher suite string from https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
## Cinder settings
cinder_service_backup_program_enabled: True
## Tempest settings
tempest_service_available_ceilometer: True
tempest_public_subnet_cidr: 172.29.248.0/22
tempest_volume_backup_enabled: True
## Galera settings
galera_innodb_buffer_pool_size: 512M
galera_innodb_log_buffer_size: 32M
galera_wsrep_provider_options:
- { option: "gcache.size", value: "32M" }
## Set workers for all services to optimise memory usage
ceilometer_api_workers: 2
ceilometer_collector_workers: 2
ceilometer_notification_workers: 2
cinder_osapi_volume_workers: 2
glance_api_workers: 2
glance_registry_workers: 2
heat_api_workers: 2
heat_engine_workers: 2
horizon_wsgi_processes: 2
horizon_wsgi_threads: 2
keystone_wsgi_processes: 2
neutron_api_workers: 2
neutron_metadata_workers: 1
neutron_rpc_workers: 1
nova_conductor_workers: 2
nova_metadata_workers: 2
nova_osapi_compute_workers: 2
swift_account_server_workers: 2
swift_container_server_workers: 2
swift_object_server_workers: 2
swift_proxy_server_workers: 2
# NOTE: hpcloud-b4's eth0 uses 10.0.3.0/24, which overlaps with the
# lxc_net_address default
# TODO: We'll need to implement a mechanism to determine valid lxc_net_address
# value which will not overlap with an IP already assigned to the host.
lxc_net_address: 10.255.255.1
lxc_net_netmask: 255.255.255.0
lxc_net_dhcp_range: 10.255.255.2,10.255.255.253
## LXC Container Settings
lxc_cache_resolvers: {{ lxc_cache_resolvers }}
lxc_container_template_main_apt_repo: {{ bootstrap_host_ubuntu_repo }}
lxc_container_template_security_apt_repo: {{ bootstrap_host_ubuntu_security_repo }}

View File

@ -0,0 +1,39 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
packages_install:
- bridge-utils
- build-essential
- curl
- ethtool
- git-core
- ipython
- linux-image-extra-{{ ansible_kernel }}
- lvm2
- python2.7
- python-dev
- tmux
- vim
- vlan
- xfsprogs
packages_remove:
- libmysqlclient18
- mysql-common
packages_mongodb:
- mongodb-clients
- mongodb-server
- python-pymongo