Syncing opnfv compass-adapters With openstack/compass-adapters

Change-Id: Ibbadf313fe0759500ae9b0528aba8ceca259ec9a

ansible/openstack/HA-ansible-multinodes.yml

@@ -0,0 +1,239 @@
+---
+- hosts: all
+  remote_user: root
+  pre_tasks:
+    - name: make sure ssh dir exist
+      file:
+        path: '{{ item.path }}'
+        owner: '{{ item.owner }}'
+        group: '{{ item.group }}'
+        state: directory
+        mode: 0755
+      with_items:
+        - path: /root/.ssh
+          owner: root
+          group: root
+
+    - name: write ssh config
+      copy:
+        content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no"
+        dest: '{{ item.dest }}'
+        owner: '{{ item.owner }}'
+        group: '{{ item.group }}'
+        mode: 0600
+      with_items:
+        - dest: /root/.ssh/config
+          owner: root
+          group: root
+
+    - name: generate ssh keys
+      shell: if [ ! -f ~/.ssh/id_rsa.pub ]; then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; else echo "already gen ssh key!"; fi;
+
+    - name: fetch ssh keys
+      fetch: src=/root/.ssh/id_rsa.pub dest=/tmp/ssh-keys-{{ ansible_hostname }} flat=yes
+
+    - authorized_key:
+        user: root
+        key:  "{{ lookup('file', 'item') }}"
+      with_fileglob:
+        - /tmp/ssh-keys-*
+  max_fail_percentage: 0
+  roles:
+    - common
+
+- hosts: all
+  remote_user: root
+  accelerate: true
+  max_fail_percentage: 0
+  roles:
+    - setup-network
+
+- hosts: ha
+  remote_user: root
+  accelerate: true
+  max_fail_percentage: 0
+  roles:
+    - ha
+
+- hosts: controller
+  remote_user: root
+  accelerate: true
+  max_fail_percentage: 0
+  roles:
+    - memcached
+    - apache
+    - database
+    - mq
+    - keystone
+    - nova-controller
+    - neutron-controller
+    - cinder-controller
+    - glance
+    - neutron-common
+    - neutron-network
+    - ceilometer_controller
+#    - ext-network
+    - dashboard
+    - heat
+#    - aodh
+
+- hosts: all
+  remote_user: root
+  accelerate: true
+  max_fail_percentage: 0
+  roles:
+    - storage
+
+- hosts: compute
+  remote_user: root
+  accelerate: true
+  max_fail_percentage: 0
+  roles:
+    - nova-compute
+    - neutron-compute
+    - cinder-volume
+    - ceilometer_compute
+
+- hosts: all
+  remote_user: root
+  accelerate: true
+  max_fail_percentage: 0
+  roles:
+    - secgroup
+
+- hosts: ceph_adm
+  remote_user: root
+  accelerate: true
+  max_fail_percentage: 0
+  roles: []
+  #  - ceph-deploy
+
+- hosts: ceph
+  remote_user: root
+  accelerate: true
+  max_fail_percentage: 0
+  roles:
+    - ceph-purge
+    - ceph-config
+
+- hosts: ceph_mon
+  remote_user: root
+  accelerate: true
+  max_fail_percentage: 0
+  roles:
+    - ceph-mon
+
+- hosts: ceph_osd
+  remote_user: root
+  accelerate: true
+  max_fail_percentage: 0
+  roles:
+    - ceph-osd
+
+- hosts: ceph
+  remote_user: root
+  accelerate: true
+  max_fail_percentage: 0
+  roles:
+    - ceph-openstack
+
+- hosts: all
+  remote_user: root
+  accelerate: true
+  max_fail_percentage: 0
+  roles:
+    - monitor
+
+
+- hosts: all
+  remote_user: root
+  accelerate: true
+  max_fail_percentage: 0
+  tasks:
+    - name: set bash to nova
+      user:
+         name: nova
+         shell: /bin/bash
+
+    - name: make sure ssh dir exist
+      file:
+        path: '{{ item.path }}'
+        owner: '{{ item.owner }}'
+        group: '{{ item.group }}'
+        state: directory
+        mode: 0755
+      with_items:
+        - path: /var/lib/nova/.ssh
+          owner: nova
+          group: nova
+
+    - name: copy ssh keys for nova
+      shell: cp -rf /root/.ssh/id_rsa /var/lib/nova/.ssh;
+
+    - name: write ssh config
+      copy:
+        content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no"
+        dest: '{{ item.dest }}'
+        owner: '{{ item.owner }}'
+        group: '{{ item.group }}'
+        mode: 0600
+      with_items:
+        - dest: /var/lib/nova/.ssh/config
+          owner: nova
+          group: nova
+
+    - authorized_key:
+        user: nova
+        key:  "{{ lookup('file', 'item') }}"
+      with_fileglob:
+        - /tmp/ssh-keys-*
+
+    - name: chown ssh file
+      shell: chown -R nova:nova /var/lib/nova/.ssh;
+
+
+- hosts: all
+  remote_user: root
+  max_fail_percentage: 0
+  roles:
+    - odl_cluster
+
+- hosts: all
+  remote_user: root
+  accelerate: true
+  max_fail_percentage: 0
+  roles:
+    - onos_cluster
+
+- hosts: all
+  remote_user: root
+  sudo: True
+  max_fail_percentage: 0
+  roles:
+    - open-contrail
+
+- hosts: all
+  remote_user: root
+  serial: 1
+  max_fail_percentage: 0
+  roles:
+    - odl_cluster_neutron
+
+- hosts: all
+  remote_user: root
+  max_fail_percentage: 0
+  roles:
+    - odl_cluster_post
+
+- hosts: controller
+  remote_user: root
+  max_fail_percentage: 0
+  roles:
+    - ext-network
+
+- hosts: controller
+  remote_user: root
+  accelerate: true
+  max_fail_percentage: 0
+  roles:
+    - tacker

ansible/openstack/allinone.yml

@@ -1,7 +1,7 @@
 ---
 - hosts: controller
   sudo: True
-  roles: 
+  roles:
     - common
     - database
     - mq

ansible/openstack/group_vars/all

@@ -24,6 +24,10 @@ NOVA_PASS: nova_secret
 DASH_DBPASS: dash_db_secret
 CINDER_DBPASS: cinder_db_secret
 CINDER_PASS: cinder_secret
+HEAT_DBPASS: heat_db_secret
+HEAT_PASS: heat_secret
+AODH_DBPASS: aodh_db_secret
+AODH_PASS: aodh_secret
 NEUTRON_DBPASS: neutron_db_secret
 NEUTRON_PASS: netron_secret
 NEUTRON_TYPE_DRIVERS: ['flat', 'gre', 'vxlan']

ansible/openstack/multinodes.yml

@@ -65,3 +65,9 @@
     - common
     - nova-compute
     - neutron-compute
+
+- hosts: odl
+  remote_user: root
+  sudo: True
+  roles:
+    - odl

ansible/openstack/single-controller.yml

@@ -1,7 +1,7 @@
 ---
 - hosts: controller
   sudo: True
-  roles: 
+  roles:
     - common
     - database
     - mq
@@ -30,3 +30,9 @@
     - common
     - nova-compute
     - neutron-compute
+
+- hosts: odl
+  remote_user: root
+  sudo: True
+  roles:
+    - odl

ansible/openstack/templates/ml2_conf.ini

@@ -29,7 +29,7 @@ mechanism_drivers = {{ NEUTRON_MECHANISM_DRIVERS |join(",") }}
 # can be created. Use * to allow flat networks with arbitrary
 # physical_network names.
 #
-flat_networks = external
+flat_networks = *
 # Example:flat_networks = physnet1,physnet2
 # Example:flat_networks = *
 
@@ -39,7 +39,7 @@ flat_networks = external
 # tenant networks, as well as ranges of VLAN tags on each
 # physical_network available for allocation as tenant networks.
 #
-network_vlan_ranges =
+network_vlan_ranges = {{ NEUTRON_VLAN_RANGES|join(",") }}
 # Example: network_vlan_ranges = physnet1:1000:2999,physnet2
 
 [ml2_type_gre]
@@ -67,16 +67,18 @@ firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewal
 enable_security_group = True
 
 [database]
-connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/ovs_neutron?charset=utf8
+connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron?charset=utf8
 
 [ovs]
 local_ip = {{ internal_ip }}
 {% if 'openvswitch' in NEUTRON_MECHANISM_DRIVERS %}
 integration_bridge = br-int
+{% if NEUTRON_TUNNEL_TYPES %}
 tunnel_bridge = br-tun
 tunnel_id_ranges = 1001:4095
 tunnel_type = {{ NEUTRON_TUNNEL_TYPES |join(",") }}
-bridge_mappings = {{ neutron_ovs_bridge_mappings | default("external:br-ex") }}
+{% endif %}
+bridge_mappings = {{ NEUTRON_OVS_BRIDGE_MAPPINGS | join(",") }}
 {% endif %}
 
 [agent]
@@ -90,11 +92,14 @@ l2_population = False
 [odl]
 {% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %}
 network_vlan_ranges = 1001:4095
+{% if NEUTRON_TUNNEL_TYPES %}
 tunnel_id_ranges = 1001:4095
 tun_peer_patch_port = patch-int
 int_peer_patch_port = patch-tun
-tenant_network_type = vxlan
 tunnel_bridge = br-tun
+{% endif %}
+
+tenant_network_type = {{ NEUTRON_TENANT_NETWORK_TYPES |join(",") }}
 integration_bridge = br-int
 controllers = 10.1.0.15:8080:admin:admin
 {% endif %}
@@ -103,6 +108,6 @@ controllers = 10.1.0.15:8080:admin:admin
 {% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %}
 username = {{ odl_username }}
 password = {{ odl_password }}
-url = http://{{ odl_controller }}:{{ odl_api_port }}/controller/nb/v2/neutron
+url = http://{{ controller }}:{{ odl_api_port }}/controller/nb/v2/neutron
 {% endif %}
 

ansible/openstack/templates/neutron.conf

@@ -142,7 +142,7 @@ rabbit_port = 5672
 # rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
 # rabbit_hosts = localhost:5672
 # User ID used for RabbitMQ connections
-rabbit_userid = guest
+rabbit_userid = {{ RABBIT_USER }}
 # Location of a virtual RabbitMQ installation.
 # rabbit_virtual_host = /
 # Maximum retries with trying to connect to RabbitMQ
@@ -153,7 +153,6 @@ rabbit_userid = guest
 # Use HA queues in RabbitMQ (x-ha-policy: all). You need to
 # wipe RabbitMQ database when changing this option. (boolean value)
 # rabbit_ha_queues = false
-
 # QPID
 # rpc_backend=neutron.openstack.common.rpc.impl_qpid
 # Qpid broker hostname
@@ -305,22 +304,23 @@ notify_nova_on_port_status_changes = True
 notify_nova_on_port_data_changes = True
 
 # URL for connection to nova (Only supports one nova region currently).
-nova_url = http://{{ compute_controller_host }}:8774/v2
+nova_url = http://{{ internal_vip.ip }}:8774/v2
 
 # Name of nova region to use. Useful if keystone manages more than one region
-nova_region_name = RegionOne
+nova_region_name = regionOne
 
 # Username for connection to nova in admin context
 nova_admin_username = nova
 
 # The uuid of the admin nova tenant
+{% if NOVA_ADMIN_TENANT_ID|default('') %}
 nova_admin_tenant_id = {{ NOVA_ADMIN_TENANT_ID.stdout_lines[0] }}
-
+{% endif %}
 # Password for connection to nova in admin context.
 nova_admin_password = {{ NOVA_PASS }}
 
 # Authorization URL for connection to nova in admin context.
-nova_admin_auth_url = http://{{ identity_host }}:35357/v2.0
+nova_admin_auth_url = http://{{ internal_vip.ip }}:35357/v2.0
 
 # Number of seconds between sending events to nova if there are any events to send
 send_events_interval = 2
@@ -394,8 +394,8 @@ report_interval = 30
 # ===========  end of items for agent management extension =====
 
 [keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/v2.0
-identity_uri = http://{{ identity_host }}:35357
+auth_uri = http://{{ internal_vip.ip }}:5000/v2.0
+identity_uri = http://{{ internal_vip.ip }}:35357
 admin_tenant_name = service
 admin_user = neutron
 admin_password = {{ NEUTRON_PASS }}
@@ -408,7 +408,7 @@ signing_dir = $state_path/keystone-signing
 # Replace 127.0.0.1 above with the IP address of the database used by the
 # main neutron server. (Leave it as is if the database runs on this host.)
 # connection = sqlite:////var/lib/neutron/neutron.sqlite
-#connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron
+connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron
 
 # The SQLAlchemy connection string used to connect to the slave database
 slave_connection =
@@ -428,7 +428,8 @@ min_pool_size = 1
 max_pool_size = 100
 
 # Timeout in seconds before idle sql connections are reaped
-idle_timeout = 3600
+idle_timeout = 30
+use_db_reconnect = True
 
 # If set, use this value for max_overflow with sqlalchemy
 max_overflow = 100
@@ -453,8 +454,7 @@ pool_timeout = 10
 # example of non-default provider:
 # service_provider=FIREWALL:name2:firewall_driver_path
 # --- Reference implementations ---
-service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
-service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
+service_provider=FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewllDriver:default
 # In order to activate Radware's lbaas driver you need to uncomment the next line.
 # If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below.
 # Otherwise comment the HA Proxy line
@@ -465,3 +465,9 @@ service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVP
 # service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default
 # Uncomment the line below to use Embrane heleos as Load Balancer service provider.
 # service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default
+
+{% if enable_fwaas %}
+[fwaas]
+driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
+enabled = True
+{% endif %}

ansible/openstack/templates/nova.conf

@@ -1,9 +1,15 @@
+{% set memcached_servers = [] %}
+{% for host in haproxy_hosts.values() %}
+{% set _ = memcached_servers.append('%s:11211'% host) %}
+{% endfor %}
+{% set memcached_servers = memcached_servers|join(',') %}
+
 [DEFAULT]
 dhcpbridge_flagfile=/etc/nova/nova.conf
 dhcpbridge=/usr/bin/nova-dhcpbridge
 logdir=/var/log/nova
 state_path=/var/lib/nova
-lock_path=/var/lock/nova
+lock_path=/var/lib/nova/tmp
 force_dhcp_release=True
 iscsi_helper=tgtadm
 libvirt_use_virtio_for_bridges=True
@@ -14,22 +20,24 @@ debug={{ DEBUG }}
 ec2_private_dns_show_ip=True
 api_paste_config=/etc/nova/api-paste.ini
 volumes_path=/var/lib/nova/volumes
-enabled_apis=ec2,osapi_compute,metadata
-
-vif_plugging_is_fatal: false
-vif_plugging_timeout: 0
+enabled_apis=osapi_compute,metadata
 
+default_floating_pool={{ public_net_info.network }}
 auth_strategy = keystone
 
 rpc_backend = rabbit
 rabbit_host = {{ rabbit_host }}
+rabbit_userid = {{ RABBIT_USER }}
 rabbit_password = {{ RABBIT_PASS }}
 
+osapi_compute_listen={{ internal_ip }}
+metadata_listen={{ internal_ip }}
+
 my_ip = {{ internal_ip }}
 vnc_enabled = True
-vncserver_listen = 0.0.0.0
+vncserver_listen = {{ internal_ip }}
 vncserver_proxyclient_address = {{ internal_ip }}
-novncproxy_base_url = http://{{ compute_controller_host }}:6080/vnc_auto.html
+novncproxy_base_url = http://{{ public_vip.ip }}:6080/vnc_auto.html
 
 novncproxy_host = {{ internal_ip }}
 novncproxy_port = 6080
@@ -45,24 +53,32 @@ notify_on_state_change = vm_and_task_state
 notification_driver = nova.openstack.common.notifier.rpc_notifier
 notification_driver = ceilometer.compute.nova_notifier
 
+memcached_servers = {{ memcached_servers }}
+
 [database]
 # The SQLAlchemy connection string used to connect to the database
 connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova
+idle_timeout = 30
+use_db_reconnect = True
+pool_timeout = 10
 
 [keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/2.0
-identity_uri = http://{{ identity_host }}:35357
+auth_uri = http://{{ internal_vip.ip }}:5000/2.0
+identity_uri = http://{{ internal_vip.ip }}:35357
 admin_tenant_name = service
 admin_user = nova
 admin_password = {{ NOVA_PASS }}
+memcached_servers = {{ memcached_servers }}
 
 [glance]
-host = {{ image_host }}
+host = {{ internal_vip.ip }}
 
 [neutron]
-url = http://{{ network_server_host }}:9696
+url = http://{{ internal_vip.ip }}:9696
 auth_strategy = keystone
 admin_tenant_name = service
 admin_username = neutron
 admin_password = {{ NEUTRON_PASS }}
-admin_auth_url = http://{{ identity_host }}:35357/v2.0
+admin_auth_url = http://{{ internal_vip.ip }}:35357/v2.0
+service_metadata_proxy = True
+metadata_proxy_shared_secret = {{ METADATA_SECRET }}

ansible/openstack_juno_plumgrid/single-controller.yml

@@ -1,35 +0,0 @@
----
-- hosts: controller
-  sudo: True
-  roles:
-    - common
-    - database
-    - mq
-    - keystone
-    - nova-controller
-    - neutron-controller
-    - dashboard
-    - cinder-controller
-    - glance
-    - plumgrid
-    - plumgrid-plugin
-
-- hosts: network
-  sudo: True
-  roles:
-    - common
-    - plumgrid
-
-- hosts: storage
-  sudo: True
-  roles:
-    - common
-    - cinder-volume
-
-- hosts: compute
-  sudo: True
-  roles:
-    - common
-    - nova-compute
-    - neutron-compute
-    - plumgrid

ansible/openstack_mitaka/aodh/handlers/main.yml

@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart aodh services
+  service: name={{ item }} state=restarted enabled=yes
+  with_items: services

ansible/openstack_mitaka/aodh/tasks/main.yml

@@ -0,0 +1,29 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: install aodh packages
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  with_items: packages | union(packages_noarch)
+
+- name: update aodh conf
+  template: src={{ item }} dest=/etc/aodh/{{ item }}
+            backup=yes
+  with_items:
+    - aodh.conf.j2
+#    - api_paste.ini.j2
+#    - policy.json.j2
+  notify: restart aodh services
+
+- name: write services to monitor list
+  lineinfile: dest=/opt/service create=yes line='{{ item }}'
+  with_items: services
+
+- meta: flush_handlers

ansible/openstack_mitaka/aodh/templates/aodh.conf.j2

@@ -0,0 +1,41 @@
+[DEFAULT]
+bind_host = {{ internal_ip }}
+bind_port = 8042
+rpc_backend = rabbit
+auth_strategy = keystone
+debug = True
+verbose = True
+
+[oslo_messaging_rabbit]
+rabbit_hosts = {{ internal_vip.ip }}
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+rabbit_use_ssl = false
+
+[database]
+connection = mongodb://aodh:{{ AODH_DBPASS }}@{{ internal_vip.ip }}:27017/aodh
+
+[keystone_authtoken]
+auth_uri = http://{{ internal_vip.ip }}:5000
+auth_url = http://{{ internal_vip.ip }}:35357
+identity_uri = http://{{ internal_vip.ip }}:35357
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = aodh
+password = {{ AODH_PASS }}
+memcached_servers = {{ memcached_servers }}
+token_cache_time = 300
+revocation_cache_time = 60
+
+[service_credentials]
+os_auth_url = http://{{ internal_vip.ip }}:5000/v2.0
+os_username = aodh
+os_tenant_name = service
+os_password = {{ AODH_PASS }}
+os_endpoint_type = internalURL
+os_region_name = regionOne
+
+[api]
+host = {{ internal_ip }}

ansible/openstack_mitaka/aodh/templates/api_paste.ini.j2

@@ -0,0 +1,22 @@
+# aodh API WSGI Pipeline
+# Define the filters that make up the pipeline for processing WSGI requests
+# Note: This pipeline is PasteDeploy's term rather than aodh's pipeline
+# used for processing samples
+
+# Remove authtoken from the pipeline if you don't want to use keystone authentication
+[pipeline:main]
+pipeline = cors request_id authtoken api-server
+
+[app:api-server]
+paste.app_factory = aodh.api.app:app_factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+oslo_config_project = aodh
+
+[filter:request_id]
+paste.filter_factory = oslo_middleware:RequestId.factory
+
+[filter:cors]
+paste.filter_factory = oslo_middleware.cors:filter_factory
+oslo_config_project = aodh

ansible/openstack_mitaka/aodh/templates/policy.json.j2

@@ -0,0 +1,20 @@
+{
+    "context_is_admin": "role:admin",
+    "segregation": "rule:context_is_admin",
+    "admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s",
+    "default": "rule:admin_or_owner",
+
+    "telemetry:get_alarm": "rule:admin_or_owner",
+    "telemetry:get_alarms": "rule:admin_or_owner",
+    "telemetry:query_alarm": "rule:admin_or_owner",
+
+    "telemetry:create_alarm": "",
+    "telemetry:change_alarm": "rule:admin_or_owner",
+    "telemetry:delete_alarm": "rule:admin_or_owner",
+
+    "telemetry:get_alarm_state": "rule:admin_or_owner",
+    "telemetry:change_alarm_state": "rule:admin_or_owner",
+
+    "telemetry:alarm_history": "rule:admin_or_owner",
+    "telemetry:query_alarm_history": "rule:admin_or_owner"
+}

ansible/openstack_mitaka/aodh/vars/Debian.yml

@@ -0,0 +1,22 @@
+#############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+#############################################################################
+---
+packages:
+  - aodh-api
+  - aodh-evaluator
+  - aodh-notifier
+  - aodh-listener
+  - aodh-expirer
+  - python-ceilometerclient
+
+services:
+  - aodh-api
+  - aodh-notifier
+  - aodh-evaluator
+  - aodh-listener

ansible/openstack_mitaka/aodh/vars/RedHat.yml

@@ -0,0 +1,22 @@
+#############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+#############################################################################
+---
+packages:
+  - openstack-aodh-api
+  - openstack-aodh-evaluator
+  - openstack-aodh-notifier
+  - openstack-aodh-listener
+  - openstack-aodh-expirer
+  - python-ceilometerclient
+
+services:
+  - aodh-api
+  - aodh-notifier
+  - aodh-evaluator
+  - aodh-listener

ansible/openstack_mitaka/aodh/vars/main.yml

@@ -0,0 +1,12 @@
+##############################################################################
+## Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+##
+## All rights reserved. This program and the accompanying materials
+## are made available under the terms of the Apache License, Version 2.0
+## which accompanies this distribution, and is available at
+## http://www.apache.org/licenses/LICENSE-2.0
+###############################################################################
+---
+packages_noarch: []
+
+services_noarch: []

ansible/openstack_mitaka/ceilometer_controller/vars/Debian.yml

@@ -0,0 +1,37 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+ceilometer_packages:
+  - ceilometer-api
+  - ceilometer-collector
+  - ceilometer-agent-central
+  - ceilometer-agent-notification
+#  - ceilometer-alarm-evaluator
+#  - ceilometer-alarm-notifier
+  - python-ceilometerclient
+
+ceilometer_services:
+  - ceilometer-agent-central
+  - ceilometer-agent-notification
+  - ceilometer-api
+  - ceilometer-collector
+#  - ceilometer-alarm-evaluator
+#  - ceilometer-alarm-notifier
+
+ceilometer_configs_templates:
+  - src: ceilometer.j2
+    dest:
+      - /etc/ceilometer/ceilometer.conf
+  - src: cinder.j2
+    dest:
+      - /etc/cinder/cinder.conf
+  - src: glance.j2
+    dest:
+      - /etc/glance/glance-api.conf
+      - /etc/glance/glance-registry.conf

ansible/openstack_mitaka/ceilometer_controller/vars/RedHat.yml

@@ -0,0 +1,36 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+ceilometer_packages:
+  - openstack-ceilometer-api
+  - openstack-ceilometer-collector
+  - openstack-ceilometer-central
+  - openstack-ceilometer-notification
+#  - openstack-ceilometer-alarm
+  - python-ceilometerclient
+
+ceilometer_services:
+  - openstack-ceilometer-central
+  - openstack-ceilometer-notification
+  - openstack-ceilometer-api
+  - openstack-ceilometer-collector
+#  - openstack-ceilometer-alarm-evaluator
+#  - openstack-ceilometer-alarm-notifier
+
+ceilometer_configs_templates:
+  - src: ceilometer.j2
+    dest:
+      - /etc/ceilometer/ceilometer.conf
+  - src: cinder.j2
+    dest:
+      - /etc/cinder/cinder.conf
+  - src: glance.j2
+    dest:
+      - /etc/glance/glance-api.conf
+      - /etc/glance/glance-registry.conf

ansible/openstack_mitaka/common/vars/Debian.yml

@@ -0,0 +1,30 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+  - ubuntu-cloud-keyring
+  #- python-dev
+  - openvswitch-datapath-dkms
+  - openvswitch-switch
+  - python-memcache
+  - python-iniparse
+  - python-lxml
+#  - python-d* #TODO, need remove
+
+pip_packages:
+  - crudini
+  - python-keyczar
+  - yang2tosca
+
+pip_conf: pip.conf
+
+services:
+  - ntp
+
+

ansible/roles/apache/handlers/main.yml

@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart apache related services
+  service: name={{ item }} state=restarted enabled=yes
+  with_items: services| union(services_noarch)

ansible/roles/apache/tasks/main.yml

@@ -0,0 +1,30 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: install packages
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=latest update_cache=yes"
+  with_items: packages | union(packages_noarch)
+
+- name: assure listen port exist
+  template:
+    dest: '{{ apache_config_dir }}/ports.conf'
+    src: ports.conf.j2
+  notify:
+    - restart apache related services
+
+- name: remove default listen port on centos
+  lineinfile:
+    dest: /etc/httpd/conf/httpd.conf
+    state: absent
+    regexp: 'Listen 80'
+  when: ansible_os_family == 'RedHat'
+
+- meta: flush_handlers

ansible/roles/apache/templates/openstack-dashboard.conf.j2

@@ -0,0 +1,15 @@
+{% set work_threads = (ansible_processor_vcpus + 1) // 2 %}
+
+<VirtualHost {{ internal_ip }}:80>
+    WSGIScriptAlias /horizon {{ horizon_dir }}/wsgi/django.wsgi
+    WSGIDaemonProcess horizon user=horizon group=horizon processes={{ work_threads }} threads={{ work_threads }}
+    WSGIProcessGroup horizon
+    Alias /static {{ horizon_dir }}/static/
+    Alias /horizon/static {{ horizon_dir }}/static/
+    <Directory {{ horizon_dir }}/wsgi>
+        Order allow,deny
+        Allow from all
+    </Directory>
+</VirtualHost>
+
+

ansible/roles/apache/templates/ports.conf.j2

@@ -0,0 +1 @@
+Listen {{ internal_ip }}:80

ansible/roles/apache/vars/Debian.yml

@@ -0,0 +1,17 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+  - apache2
+  - libapache2-mod-wsgi
+
+services:
+  - apache2
+
+apache_config_dir: /etc/apache2

ansible/roles/apache/vars/RedHat.yml

@@ -0,0 +1,17 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+  - mod_wsgi
+  - httpd
+
+services:
+  - httpd
+
+apache_config_dir: /etc/httpd/conf.d

ansible/roles/apache/vars/main.yml

@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+
+services_noarch: []

ansible/roles/ceilometer_compute/handlers/main.yml

@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart ceilometer relation service
+  service: name={{ item }} state=restarted enabled=yes
+  with_items: ceilometer_services

ansible/roles/ceilometer_compute/tasks/main.yml

@@ -0,0 +1,44 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: disable auto start
+  copy:
+    content: "#!/bin/sh\nexit 101"
+    dest: "/usr/sbin/policy-rc.d"
+    mode: 0755
+  when: ansible_os_family == "Debian"
+
+- name: install ceilometer packages
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  with_items: ceilometer_packages | union(packages_noarch)
+
+- name: enable auto start
+  file:
+    path=/usr/sbin/policy-rc.d
+    state=absent
+  when: ansible_os_family == "Debian"
+
+- name: copy ceilometer configs
+  template: src={{ item.src}} dest=/opt/os_templates
+  with_items: "{{ ceilometer_configs_templates }}"
+
+- name: update ceilometer configs
+  shell: crudini --merge {{ item.1 }} < /opt/os_templates/{{ item.0.src }}
+  with_subelements:
+    - ceilometer_configs_templates
+    - dest
+  notify: restart ceilometer relation service
+
+- name: write services to monitor list
+  lineinfile: dest=/opt/service create=yes line='{{ item }}'
+  with_items: ceilometer_services
+
+- meta: flush_handlers

ansible/roles/ceilometer_compute/templates/ceilometer.j2

@@ -0,0 +1,31 @@
+[DEFAULT]
+verbose = True
+rpc_backend = rabbit
+auth_strategy = keystone
+
+[oslo_messaging_rabbit]
+rabbit_host = {{ internal_vip.ip }}
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+
+[publisher]
+metering_secret = {{ metering_secret }}
+
+[keystone_authtoken]
+auth_uri = http://{{ internal_vip.ip }}:5000
+auth_url = http://{{ internal_vip.ip }}:35357
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = ceilometer
+password = {{ CEILOMETER_PASS }}
+
+[service_credentials]
+os_auth_url = http://{{ internal_vip.ip }}:5000/v2.0
+os_username = ceilometer
+os_tenant_name = service
+os_password = {{ CEILOMETER_PASS }}
+os_endpoint_type = internalURL
+os_region_name = regionOne
+

ansible/roles/ceilometer_compute/templates/nova.j2

@@ -0,0 +1,5 @@
+[DEFAULT]
+instance_usage_audit = True
+instance_usage_audit_period = hour
+notify_on_state_change = vm_and_task_state
+notification_driver = messagingv2

ansible/roles/ceilometer_compute/vars/Debian.yml

@@ -0,0 +1,23 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+ceilometer_packages:
+  - ceilometer-agent-compute
+
+ceilometer_services:
+  - ceilometer-agent-compute
+  - nova-compute
+
+ceilometer_configs_templates:
+  - src: ceilometer.j2
+    dest:
+      - /etc/ceilometer/ceilometer.conf
+  - src: nova.j2
+    dest:
+      - /etc/nova/nova.conf

ansible/roles/ceilometer_compute/vars/RedHat.yml

@@ -0,0 +1,25 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+ceilometer_packages:
+  - openstack-ceilometer-compute
+  - python-ceilometerclient
+  - python-pecan
+
+ceilometer_services:
+  - openstack-ceilometer-compute
+  - openstack-nova-compute 
+
+ceilometer_configs_templates:
+  - src: ceilometer.j2
+    dest:
+      - /etc/ceilometer/ceilometer.conf
+  - src: nova.j2
+    dest:
+      - /etc/nova/nova.conf

ansible/roles/ceilometer_compute/vars/main.yml

@@ -0,0 +1,11 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+metering_secret: 1c5df72079b31fb47747

ansible/roles/ceilometer_controller/handlers/main.yml

@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart ceilometer relation service
+  service: name={{ item }} state=restarted enabled=yes
+  with_items: ceilometer_services

ansible/roles/ceilometer_controller/tasks/main.yml

@@ -0,0 +1,51 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: disable auto start
+  copy:
+    content: "#!/bin/sh\nexit 101"
+    dest: "/usr/sbin/policy-rc.d"
+    mode: 0755
+  when: ansible_os_family == "Debian"
+
+- name: install ceilometer packages
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  with_items: ceilometer_packages | union(packages_noarch)
+
+- name: enable auto start
+  file:
+    path=/usr/sbin/policy-rc.d
+    state=absent
+  when: ansible_os_family == "Debian"
+
+- name: copy ceilometer configs
+  template: src={{ item.src}} dest=/opt/os_templates
+  with_items: "{{ ceilometer_configs_templates }}"
+
+- name: update ceilometer configs
+  shell: crudini --merge {{ item.1 }} < /opt/os_templates/{{ item.0.src }}
+  with_subelements:
+    - ceilometer_configs_templates
+    - dest
+  notify: restart ceilometer relation service
+
+- name: change meter polling interval to 300s
+  replace:
+    dest: /etc/ceilometer/pipeline.yaml
+    regexp: 'interval: .+'
+    replace: 'interval: 300'
+  notify: restart ceilometer relation service
+
+- name: write services to monitor list
+  lineinfile: dest=/opt/service create=yes line='{{ item }}'
+  with_items: ceilometer_services
+
+- meta: flush_handlers

ansible/roles/ceilometer_controller/templates/ceilometer.j2

@@ -0,0 +1,37 @@
+[DEFAULT]
+rpc_backend = rabbit
+auth_strategy = keystone
+verbose = True
+
+[oslo_messaging_rabbit]
+rabbit_host = {{ internal_vip.ip }}
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}
+
+[database]
+connection = mongodb://ceilometer:{{ CEILOMETER_DBPASS }}@{{ internal_vip.ip }}:27017/ceilometer
+
+[keystone_authtoken]
+auth_uri = http://{{ internal_vip.ip }}:5000
+auth_url = http://{{ internal_vip.ip }}:35357
+identity_uri = http://{{ internal_vip.ip }}:35357
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = ceilometer
+password = {{ CEILOMETER_PASS }}
+
+[service_credentials]
+os_auth_url = http://{{ internal_vip.ip }}:5000/v2.0
+os_username = ceilometer
+os_tenant_name = service
+os_password = {{ CEILOMETER_PASS }}
+os_endpoint_type = internalURL
+os_region_name = regionOne
+
+[publisher]
+metering_secret = {{ metering_secret }}
+
+[api]
+host = {{ internal_ip }}

ansible/roles/ceilometer_controller/templates/cinder.j2

@@ -0,0 +1,2 @@
+[DEFAULT]
+notification_driver = messagingv2

ansible/roles/ceilometer_controller/templates/glance.j2

@@ -0,0 +1,8 @@
+[DEFAULT]
+notification_driver = messagingv2
+rpc_backend = rabbit
+
+[oslo_messaging_rabbit]
+rabbit_host = {{ internal_vip.ip }}
+rabbit_userid = {{ RABBIT_USER }}
+rabbit_password = {{ RABBIT_PASS }}

ansible/roles/ceilometer_controller/vars/Debian.yml

@@ -0,0 +1,33 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+ceilometer_packages:
+  - ceilometer-api
+  - ceilometer-collector
+  - ceilometer-agent-central
+  - ceilometer-agent-notification
+  - python-ceilometerclient
+
+ceilometer_services:
+  - ceilometer-agent-central
+  - ceilometer-agent-notification
+  - ceilometer-api
+  - ceilometer-collector
+
+ceilometer_configs_templates:
+  - src: ceilometer.j2
+    dest:
+      - /etc/ceilometer/ceilometer.conf
+  - src: cinder.j2
+    dest:
+      - /etc/cinder/cinder.conf
+  - src: glance.j2
+    dest:
+      - /etc/glance/glance-api.conf
+      - /etc/glance/glance-registry.conf

ansible/roles/ceilometer_controller/vars/RedHat.yml

@@ -0,0 +1,33 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+ceilometer_packages:
+  - openstack-ceilometer-api
+  - openstack-ceilometer-collector
+  - openstack-ceilometer-central
+  - openstack-ceilometer-notification
+  - python-ceilometerclient
+
+ceilometer_services:
+  - openstack-ceilometer-central
+  - openstack-ceilometer-notification
+  - openstack-ceilometer-api
+  - openstack-ceilometer-collector
+
+ceilometer_configs_templates:
+  - src: ceilometer.j2
+    dest:
+      - /etc/ceilometer/ceilometer.conf
+  - src: cinder.j2
+    dest:
+      - /etc/cinder/cinder.conf
+  - src: glance.j2
+    dest:
+      - /etc/glance/glance-api.conf
+      - /etc/glance/glance-registry.conf

ansible/roles/ceilometer_controller/vars/main.yml

@@ -0,0 +1,11 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+metering_secret: 1c5df72079b31fb47747

ansible/roles/ceph-config/files/create_osd.sh

@@ -0,0 +1,39 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+if [ -d "/var/local/osd" ]; then
+echo "clear /var/local/osd"
+rm -r /var/local/osd/
+umount /var/local/osd
+rm -r /var/local/osd
+fi
+
+
+#safe check
+ps -ef |grep lvremove |awk '{print $2}' |xargs kill -9
+ps -ef |grep vgremove |awk '{print $2}' |xargs kill -9
+ps -ef |grep vgcreate |awk '{print $2}' |xargs kill -9
+ps -ef |grep lvcreate |awk '{print $2}' |xargs kill -9
+
+if [ -L "/dev/storage-volumes/ceph0" ]; then
+echo "remove lv vg"
+lvremove -f /dev/storage-volumes/ceph0
+fi
+
+
+echo "lvcreate"
+lvcreate -l 100%FREE -nceph0 storage-volumes
+echo "mkfs"
+mkfs.xfs -f /dev/storage-volumes/ceph0
+
+if [ ! -d "/var/local/osd" ]; then
+echo "mount osd"
+mkdir -p /var/local/osd
+mount /dev/storage-volumes/ceph0 /var/local/osd
+fi
+

ansible/roles/ceph-config/tasks/create_config.yml

@@ -0,0 +1,67 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- name: gen ceph fsid
+  shell: uuidgen
+  register: ceph_fsid
+  when: inventory_hostname in groups['ceph_adm']
+
+- name: gen ceph conf
+  local_action:
+    module: "template"
+    src: "ceph.j2"
+    dest: "/tmp/ceph.conf"
+  when: inventory_hostname in groups['ceph_adm']
+
+- name: "make directory for ceph config file"
+  file: path="/etc/ceph" state="directory"
+
+- name: copy ceph conf to dest mon node
+  copy: src="/tmp/ceph.conf" dest="/etc/ceph/ceph.conf"
+
+- name: install ceph-related packages
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  with_items:
+    - ceph
+
+- name: gen create monmap script
+  local_action: template src="create_monmap.j2" dest="/tmp/create_monmap.sh" mode=0755
+  when: inventory_hostname in groups['ceph_adm']
+
+- name: create monmap
+  script: /tmp/create_monmap.sh
+  when: inventory_hostname in groups['ceph_mon']
+
+- name: create mon.keyring
+  shell: "ceph-authtool --create-keyring /tmp/ceph.mon.keyring --gen-key -n mon. --cap mon 'allow *'"
+  when: inventory_hostname in groups['ceph_adm']
+
+- name: create admin.keyring
+  shell: "ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring --gen-key -n client.admin --set-uid=0 --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow'"
+  when: inventory_hostname in groups['ceph_adm']
+
+- name: Add the client.admin key to the ceph.mon.keyring
+  shell: "ceph-authtool /tmp/ceph.mon.keyring --import-keyring /etc/ceph/ceph.client.admin.keyring"
+  when: inventory_hostname in groups['ceph_adm']
+
+- name: fetch mon.keyring to local
+  fetch: src="/tmp/ceph.mon.keyring" dest="/tmp/ceph.mon.keyring" flat=yes
+  when: inventory_hostname in groups['ceph_adm']
+
+- name: fetch client.admin.keyring to local
+  fetch: src="/etc/ceph/ceph.client.admin.keyring" dest="/tmp/ceph.client.admin.keyring" flat=yes
+  when: inventory_hostname in groups['ceph_adm']
+
+- name: copy mon.keyring to remote nodes
+  copy: src="/tmp/ceph.mon.keyring" dest="/tmp/ceph.mon.keyring"
+
+- name: copy admin.keyring to remote nodes
+  copy: src="/tmp/ceph.client.admin.keyring" dest="/etc/ceph/ceph.client.admin.keyring"
+
+
+- meta: flush_handlers

ansible/roles/ceph-config/tasks/main.yml

@@ -0,0 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- include: create_config.yml
+  tags:
+    - ceph_config
+    - ceph_deploy
+    - ceph_mon

ansible/roles/ceph-config/templates/ceph.j2

@@ -0,0 +1,25 @@
+[global]
+fsid = {{ ceph_fsid.stdout }}
+mon initial members = {{ groups["ceph_mon"] | join(", ")}}
+mon host = 
+{%- for host in groups["ceph_mon"] -%}
+{{ ', ' if not loop.first else ''}}{{ ip_settings[host].mgmt.ip }}
+{%- endfor %}
+
+public network = {{ mgmt_cidr }}
+cluster network = {{ storage_cidr }}
+
+auth cluster required = cephx
+auth service required = cephx
+auth client required = cephx
+
+osd journal size = 1024
+filestore xattr use omap = true
+osd pool default size = 1 
+osd pool default min size = 1
+osd pool default pg num = 333
+osd pool default pgp num = 333
+osd crush chooseleaf type = 1
+
+debug mon = 1
+debug ms = 0

ansible/roles/ceph-config/templates/create_monmap.j2

@@ -0,0 +1,5 @@
+monmaptool --create --clobber --fsid {{ ceph_fsid.stdout }} 
+{%- for host in groups['ceph_mon']%}
+ --add {{host}} {{ ip_settings[host].mgmt.ip }}:6789 
+{%- endfor %}
+ /tmp/monmap 

ansible/roles/ceph-config/templates/dump_var.j2

@@ -0,0 +1,8 @@
+HOSTVARS (ANSIBLE GATHERED, group_vars, host_vars) :
+
+{{ hostvars[inventory_hostname] | to_yaml }}
+
+PLAYBOOK VARS:
+
+{{ vars | to_yaml }}
+

ansible/roles/ceph-mon/tasks/install_mon.yml

@@ -0,0 +1,32 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: Create a default data directory
+  file: path="/var/lib/ceph/mon/ceph-{{ inventory_hostname }}" state="directory"
+
+- name: Populate the monitor daemon
+  shell: "ceph-mon --mkfs -i {{ inventory_hostname }} --monmap /tmp/monmap --keyring /tmp/ceph.mon.keyring"
+
+- name: Touch the done and auto start file
+  file: path="/var/lib/ceph/mon/ceph-{{ inventory_hostname }}/{{ item }}" state="touch"
+  with_items:
+    - "done"
+    - "{{ ceph_start_type }}"
+
+- name: start mon daemon
+  shell: "{{ ceph_start_script }}"
+
+- name: wait for creating osd keyring
+  wait_for: path=/var/lib/ceph/bootstrap-osd/ceph.keyring
+
+- name: fetch osd keyring
+  fetch: src="/var/lib/ceph/bootstrap-osd/ceph.keyring" dest="/tmp/ceph.osd.keyring" flat=yes
+  run_once: True

ansible/roles/ceph-mon/tasks/main.yml

@@ -0,0 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- include: install_mon.yml
+  when: inventory_hostname in groups["ceph_mon"]
+  tags:
+    - ceph_mon
+    - ceph_deploy

ansible/roles/ceph-mon/vars/Debian.yml

@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+ceph_start_script: "start ceph-mon id={{ inventory_hostname }}"
+ceph_start_type: "upstart"

ansible/roles/ceph-mon/vars/RedHat.yml

@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+ceph_start_script: "/etc/init.d/ceph start mon.{{ inventory_hostname }}"
+ceph_start_type: "sysvinit"

ansible/roles/ceph-mon/vars/main.yml

@@ -0,0 +1,10 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+

ansible/roles/ceph-openstack/tasks/ceph_openstack_conf.yml

@@ -0,0 +1,40 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: chown of glance/api.log
+  shell: chown -R glance:glance /var/log/glance
+  when: inventory_hostname in groups['controller']
+  tags:
+    - ceph_conf_glance
+  ignore_errors: True
+
+- name: modify glance-api.conf for ceph
+  shell: sed -i 's/^\(default_store\).*/\1 = rbd/g' /etc/glance/glance-api.conf && sed -i '/^\[glance_store/a rbd_store_pool = images\nrbd_store_user = glance\nrbd_store_ceph_conf = /etc/ceph/ceph.conf\nrbd_store_chunk_size = 8\nshow_image_direct_url=True' /etc/glance/glance-api.conf
+  when: inventory_hostname in groups['controller']
+  tags:
+    - ceph_conf_glance
+
+- name: restart glance
+  shell: rm -f /var/log/glance/api.log && chown -R glance:glance /var/log/glance && service {{ glance_service }} restart
+  when: inventory_hostname in groups['controller']
+  tags:
+    - ceph_conf_glance
+  ignore_errors: True
+
+- name: modify cinder.conf for ceph
+  shell: sed -i 's/^\(volume_driver\).*/\1 = cinder.volume.drivers.rbd.RBDDriver/g' /etc/cinder/cinder.conf && sed -i 's/^\(rbd_secret_uuid\).*/\1 = {{ ceph_uuid.stdout_lines[0] }}/g' /etc/cinder/cinder.conf && sed -i '/^\[DEFAULT/a rbd_pool = volumes\nrbd_ceph_conf = /etc/ceph/ceph.conf\nrbd_flatten_volume_from_snapshot = false\nrbd_max_clone_depth = 5\nrbd_store_chunk_size = 4\nrados_connect_timeout = -1\nglance_api_version = 2\nrbd_user = cinder\nrbd_secret_uuid = {{ ceph_uuid.stdout_lines[0] }}' /etc/cinder/cinder.conf && service {{ cinder_service }} restart
+  when: inventory_hostname in groups['compute']
+  tags:
+    - ceph_conf_cinder
+
+- name: modify nova.conf for ceph
+  shell: sed -i 's/^\(images_type\).*/\1 = rbd/g' /etc/nova/nova-compute.conf && sed -i 's/^\(rbd_secret_uuid\).*/\1 = {{ ceph_uuid.stdout_lines[0] }}/g' /etc/nova/nova-compute.conf  && sed -i '/^\[libvirt/a images_rbd_pool = vms\nimages_rbd_ceph_conf = /etc/ceph/ceph.conf\nrbd_user = cinder\nrbd_secret_uuid = {{ ceph_uuid.stdout_lines[0] }}\ndisk_cachemodes=\"network=writeback\"\nlive_migration_flag=\"VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_PERSIST_DEST,VIR_MIGRATE_TUNNELLED\"' /etc/nova/nova-compute.conf && service  {{ nova_service }} restart
+  when: inventory_hostname in groups['compute']
+  tags:
+    - ceph_conf_nova

ansible/roles/ceph-openstack/tasks/ceph_openstack_pre.yml

@@ -0,0 +1,77 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: gen ceph uuid
+  shell: uuidgen
+  register: ceph_uuid
+  run_once: true
+  tags:
+    - ceph_copy_secret
+
+- name: gen template secret.xml
+  local_action:
+    module: "template"
+    src: "secret.j2"
+    dest: "/tmp/secret.xml"
+    mode: "0777"
+  when: inventory_hostname in groups['ceph_adm']
+  tags:
+    - ceph_copy_secret
+
+- name: create pool
+  shell: ceph osd pool create {{ item }} 50
+  with_items:
+    - volumes
+    - images
+    - backups
+    - vms
+  when: inventory_hostname in groups['ceph_adm']
+
+- name: create ceph users for openstack
+  shell: ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images' && ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images'
+  when: inventory_hostname in groups['ceph_adm']
+
+- name: send glance key to controller nodes
+  shell: ceph auth get-or-create client.glance | tee /etc/ceph/ceph.client.glance.keyring && chown glance:glance /etc/ceph/ceph.client.glance.keyring 
+  when: inventory_hostname in groups['controller']
+
+- name: send cinder key to compute nodes
+  shell: ceph auth get-or-create client.cinder | tee /etc/ceph/ceph.client.cinder.keyring && chown cinder:cinder /etc/ceph/ceph.client.cinder.keyring
+  when: inventory_hostname in groups['compute']
+  tags:
+    - ceph_send_key
+
+- name: copy cinder key to compute node
+  shell: ceph auth get-key client.cinder | tee client.cinder.key
+  when: inventory_hostname in groups['compute']
+  tags:
+    - ceph_copy_secret
+
+- name: copy secret.xml to compute nodes
+  copy: src="/tmp/secret.xml" dest="~/secret.xml"
+  when: inventory_hostname in groups['compute']
+  tags:
+    - ceph_copy_secret
+
+- name: undefine libvirt secret in case of repeatedly execute ceph_deploy
+  shell: "virsh secret-list | awk '$1 ~ /[0-9]+/ {print $1}' | xargs virsh secret-undefine"
+  when: inventory_hostname in groups['compute']
+  tags:
+    - ceph_copy_secret
+  ignore_errors: True
+
+
+- name: create key for libvirt on compute nodes
+  shell: "virsh secret-define --file ~/secret.xml && virsh secret-set-value --secret {{ ceph_uuid.stdout_lines[0] }} --base64 $(cat client.cinder.key)"
+  when: inventory_hostname in groups['compute']
+  tags:
+    - ceph_copy_secret
+  ignore_errors: True
+
+

ansible/roles/ceph-openstack/tasks/main.yml

@@ -0,0 +1,26 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- include_vars: "{{ ansible_os_family }}.yml"
+  tags:
+    - ceph_deploy
+    - ceph_openstack_pre
+    - ceph_openstack_conf
+    - ceph_openstack
+
+- include: ceph_openstack_pre.yml
+  tags:
+    - ceph_deploy
+    - ceph_openstack_pre
+    - ceph_openstack
+
+- include: ceph_openstack_conf.yml
+  tags:
+    - ceph_deploy
+    - ceph_openstack_conf
+    - ceph_openstack

ansible/roles/ceph-openstack/templates/secret.j2

@@ -0,0 +1,6 @@
+<secret ephemeral='no' private='no'>
+  <uuid>{{ ceph_uuid.stdout_lines[0] }}</uuid>
+  <usage type='ceph'>
+    <name>client.cinder secret</name>
+  </usage>
+</secret>

ansible/roles/ceph-openstack/vars/Debian.yml

@@ -0,0 +1,30 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+  - ceph-deploy
+  - python-flask
+  - libgoogle-perftools4
+  - libleveldb1
+  - liblttng-ust0
+  - libsnappy1
+  - librbd1
+  - librados2
+  - python-ceph
+  - ceph
+  - ceph-mds
+  - ceph-common
+  - ceph-fs-common
+  - gdisk
+
+services: []
+
+cinder_service: cinder-volume
+nova_service: nova-compute
+glance_service: glance-api

ansible/roles/ceph-openstack/vars/RedHat.yml

@@ -0,0 +1,20 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+  - ceph-radosgw
+  - fcgi
+  - ceph-deploy
+  - ceph
+
+services: []
+
+cinder_service: openstack-cinder-volume
+nova_service: openstack-nova-compute
+glance_service: openstack-glance-api

ansible/roles/ceph-openstack/vars/main.yml

@@ -0,0 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch: []
+
+ceph_cluster_dir:
+  - /root/ceph-cluster

ansible/roles/ceph-osd/files/create_osd.sh

@@ -0,0 +1,39 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+if [ -d "/var/local/osd" ]; then
+echo "clear /var/local/osd"
+rm -r /var/local/osd/
+umount /var/local/osd
+rm -r /var/local/osd
+fi
+
+
+#safe check
+ps -ef |grep lvremove |awk '{print $2}' |xargs kill -9
+ps -ef |grep vgremove |awk '{print $2}' |xargs kill -9
+ps -ef |grep vgcreate |awk '{print $2}' |xargs kill -9
+ps -ef |grep lvcreate |awk '{print $2}' |xargs kill -9
+
+if [ -L "/dev/storage-volumes/ceph0" ]; then
+echo "remove lv vg"
+lvremove -f /dev/storage-volumes/ceph0
+fi
+
+
+echo "lvcreate"
+lvcreate -l 100%FREE -nceph0 storage-volumes
+echo "mkfs"
+mkfs.xfs -f /dev/storage-volumes/ceph0
+
+if [ ! -d "/var/local/osd" ]; then
+echo "mount osd"
+mkdir -p /var/local/osd
+mount /dev/storage-volumes/ceph0 /var/local/osd
+fi
+

ansible/roles/ceph-osd/tasks/install_osd.yml

@@ -0,0 +1,33 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+- name: create osd lv and mount it on /var/local/osd
+  script: create_osd.sh
+
+- name: copy osd keyring
+  copy: src="/tmp/ceph.osd.keyring" dest="/var/lib/ceph/bootstrap-osd/ceph.keyring"
+
+- name: prepare osd disk
+  shell: ceph-disk prepare --fs-type xfs /var/local/osd
+
+- name: activate osd node
+  shell: ceph-disk activate /var/local/osd
+
+- name: enable ceph service
+  service: name=ceph enabled=yes
+
+- name: rebuild osd after reboot
+  lineinfile: dest=/etc/init/ceph-osd-all-starter.conf insertafter="^task" line="pre-start script\n  set -e\n  /opt/setup_storage/losetup.sh\n  sleep 3\n  mount /dev/storage-volumes/ceph0 /var/local/osd\nend script"
+  when: ansible_os_family == "Debian"
+
+- name: rebuild osd after reboot for centos
+  lineinfile: dest=/etc/init.d/ceph insertafter="^### END INIT INFO" line="\nsleep 1\nmount /dev/storage-volumes/ceph0 /var/local/osd"
+  when: ansible_os_family == "RedHat"
+

ansible/roles/ceph-osd/tasks/main.yml

@@ -0,0 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- include: install_osd.yml
+  when: inventory_hostname in groups["ceph_osd"]
+  tags:
+    - ceph_osd
+    - ceph_deploy

ansible/roles/ceph-purge/tasks/main.yml

@@ -0,0 +1,35 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- name: clear tmp files
+  local_action: shell rm -rf /tmp/ceph*
+  tags:
+    - ceph_purge
+    - ceph_deploy
+
+- name: install ceph-related packages
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  with_items:
+    - ceph-deploy
+  tags:
+    - ceph_purge
+    - ceph_deploy
+
+- name: purge ceph
+  shell: "ceph-deploy purge {{ inventory_hostname }}; ceph-deploy purgedata {{ inventory_hostname }}; ceph-deploy forgetkeys"
+  tags:
+    - ceph_purge
+    - ceph_deploy
+
+- name: remove monmap
+  file: path="/tmp/monmap" state="absent"
+  tags:
+    - ceph_purge
+    - ceph_deploy
+
+

ansible/roles/cinder-controller/handlers/main.yml

@@ -1,6 +1,13 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
 ---
-- name: restart cinder-scheduler
-  service: name=cinder-scheduler state=restarted
-- name: restart cinder-api
-  service: name=cinder-api state=restarted
+- name: restart cinder control serveice
+  service: name={{ item }} state=restarted enabled=yes
+  with_items: services | union(services_noarch)
 

ansible/roles/cinder-controller/tasks/cinder_config.yml

@@ -0,0 +1,19 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: upload cinder conf
+  template: src=cinder.conf dest=/etc/cinder/cinder.conf
+
+- name: sync cinder db
+  #cinder_manage: action=dbsync
+  shell: su -s /bin/sh -c 'cinder-manage db sync' cinder
+  ignore_errors: true
+  changed_when: true
+  notify:
+    - restart cinder control serveice

ansible/roles/cinder-controller/tasks/cinder_install.yml

@@ -0,0 +1,34 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: disable auto start
+  copy:
+    content: "#!/bin/sh\nexit 101"
+    dest: "/usr/sbin/policy-rc.d"
+    mode: 0755
+  when: ansible_os_family == "Debian"
+
+- name: install cinder packages
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  with_items: packages | union(packages_noarch)
+
+- name: enable auto start
+  file:
+    path=/usr/sbin/policy-rc.d
+    state=absent
+  when: ansible_os_family == "Debian"
+
+- name: generate common cinder service list
+  lineinfile: dest=/opt/service create=yes line='{{ item }}'
+  with_items: services | union(services_noarch)
+
+- name: upload cinder conf
+  template: src=cinder.conf dest=/etc/cinder/cinder.conf
+  notify:
+    - restart cinder control serveice

ansible/roles/cinder-controller/tasks/main.yml

@@ -1,29 +1,25 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
 ---
-- name: install cinder packages
-  apt: name={{ item }} state=present force=yes
-  with_items:
-    - cinder-api
-    - cinder-scheduler
-    - python-cinderclient
+- include_vars: "{{ ansible_os_family }}.yml"
 
-- name: upload cinder conf
-  template: src=cinder.conf dest=/etc/cinder/cinder.conf
-  notify:
-    - restart cinder-scheduler
-    - restart cinder-api
+- include: cinder_install.yml
+  tags:
+    - install
+    - cinder-install
+    - cinder
 
-- name: sync cinder db
-  shell: su -s /bin/sh -c "cinder-manage db sync" cinder && cinder
-  notify:
-    - restart cinder-scheduler
-    - restart cinder-api
+- include: cinder_config.yml
+  when: inventory_hostname == groups['controller'][0]
+  tags:
+    - config
+    - cinder-config
+    - cinder
 
 - meta: flush_handlers
-
-- name: upload cinder keystone register script
-  template: src=cinder_init.sh dest=/opt/cinder_init.sh mode=0744
-
-- name: run cinder register script
-  shell: /opt/cinder_init.sh && touch cinder_init_complete
-  args:
-    creates: cinder_init_complete

ansible/roles/cinder-controller/templates/api-paste.ini

@@ -54,8 +54,8 @@ paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
 # auth_host = 127.0.0.1
 # auth_port = 35357
 # auth_protocol = http
-auth_uri = http://{{ identity_host }}:5000/v2.0
-identity_uri = http://{{ identity_host }}:35357
+auth_uri = http://{{ internal_vip.ip }}:5000/v2.0
+identity_uri = http://{{ internal_vip.ip }}:35357
 admin_tenant_name = service
 admin_user = cinder
 admin_password = {{ CINDER_PASS }}

ansible/roles/cinder-controller/templates/cinder.conf

@@ -3,7 +3,7 @@ rootwrap_config = /etc/cinder/rootwrap.conf
 api_paste_confg = /etc/cinder/api-paste.ini
 iscsi_helper = tgtadm
 volume_name_template = volume-%s
-volume_group = cinder-volumes
+volume_group = storage-volumes
 verbose = {{ VERBOSE }}
 debug = {{ DEBUG }}
 auth_strategy = keystone
@@ -18,11 +18,11 @@ control_exchange = cinder
 rpc_backend = rabbit
 rabbit_host = {{ rabbit_host }}
 rabbit_port = 5672
-rabbit_userid = guest
+rabbit_userid = {{ RABBIT_USER }}
 rabbit_password = {{ RABBIT_PASS }}
 my_ip = {{ storage_controller_host }}
 
-glance_host = {{ image_host }}
+glance_host = {{ internal_vip.ip }}
 glance_port = 9292
 api_rate_limit = False
 storage_availability_zone = nova
@@ -39,7 +39,6 @@ volume_name_template = volume-%s
 snapshot_name_template = snapshot-%s
 
 max_gigabytes=10000
-volume_group=cinder-volumes
 
 volume_clear=zero
 volume_clear_size=10
@@ -53,11 +52,15 @@ volumes_dir=/var/lib/cinder/volumes
 volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver
 
 [keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/v2.0
-identity_uri = http://{{ identity_host }}:35357
+auth_uri = http://{{ internal_vip.ip }}:5000/v3
+identity_uri = http://{{ internal_vip.ip }}:35357
 admin_tenant_name = service
 admin_user = cinder
 admin_password = {{ CINDER_PASS }}
 
 [database]
 connection = mysql://cinder:{{ CINDER_DBPASS }}@{{ db_host }}/cinder
+idle_timeout = 30
+
+[keymgr]
+encryption_auth_url=http://{{ internal_vip.ip }}:5000/v3

ansible/roles/cinder-controller/templates/cinder_init.sh

@@ -1,6 +0,0 @@
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 user-create --name=cinder --pass={{ CINDER_PASS }} --email=cinder@example.com
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 user-role-add --user=cinder --tenant=service --role=admin
-
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 service-create --name=cinder --type=volume --description="OpenStack Block Storage"
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 endpoint-create --service-id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ identity_host }}:35357/v2.0 service-list | awk '/ volume / {print $2}') --publicurl=http://{{ storage_controller_host }}:8776/v1/%\(tenant_id\)s --internalurl=http://{{ storage_controller_host }}:8776/v1/%\(tenant_id\)s --adminurl=http://{{ storage_controller_host }}:8776/v1/%\(tenant_id\)s
-

ansible/roles/cinder-controller/vars/Debian.yml

@@ -0,0 +1,17 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+
+packages:
+  - cinder-api
+  - cinder-scheduler
+
+services:
+  - cinder-api
+  - cinder-scheduler

ansible/roles/cinder-controller/vars/RedHat.yml

@@ -0,0 +1,16 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+  - openstack-cinder
+  - python-oslo-db
+
+services:
+  - openstack-cinder-api
+  - openstack-cinder-scheduler

ansible/roles/cinder-controller/vars/main.yml

@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch:
+  - python-cinderclient
+
+services_noarch: []
+

ansible/roles/cinder-volume/files/loop.yml

@@ -1 +0,0 @@
-physical_device: /dev/loop0

ansible/roles/cinder-volume/handlers/main.yml

@@ -1,6 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
 ---
-- name: restart cinder-volume
-  service: name=cinder-volume state=restarted
-
-- name: restart tgt
-  shell: service tgt restart
+- name: restart cinder-volume services
+  service: name={{ item }} state=restarted enabled=yes
+  with_items: services | union(services_noarch)

ansible/roles/cinder-volume/tasks/main.yml

@@ -1,51 +1,39 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
 ---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: disable auto start
+  copy:
+    content: "#!/bin/sh\nexit 101"
+    dest: "/usr/sbin/policy-rc.d"
+    mode: 0755
+  when: ansible_os_family == "Debian"
+
 - name: install cinder-volume and lvm2 packages
-  apt: name={{ item }} state=present force=yes
-  with_items:
-    - cinder-volume
-    - lvm2
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  with_items: packages | union(packages_noarch)
 
-- name: check if physical device exists
-  stat: path={{ physical_device }}
-  register: st
+- name: enable auto start
+  file:
+    path=/usr/sbin/policy-rc.d
+    state=absent
+  when: ansible_os_family == "Debian"
 
-- name: repace physical_device if st is false
-  local_action: copy src=loop.yml dest=/tmp/loop.yml
-  when: st.stat.exists == False
-
-- name: load loop.yml
-  include_vars: /tmp/loop.yml
-  when: st.stat.exists == False
-
-- name: check if cinder-volumes is mounted
-  shell: ls /mnt
-  register: cindervolumes
-
-- name: get available partition size
-  shell: df / | awk '$3 ~ /[0-9]+/ { print $4 }'
-  register: partition_size
-
-- name: if not mounted, mount it
-  shell: dd if=/dev/zero of=/mnt/cinder-volumes
-         bs=1 count=0 seek={{ partition_size.stdout }}
-  when: cindervolumes.stdout != 'cinder-volumes'
-
-- name: get first lo device
-  shell: ls /dev/loop* | egrep 'loop[0-9]+'|sed -n 1p
-  register: first_lo
-  when: cindervolumes.stdout != 'cinder-volumes'
-
-- name: do a losetup on /mnt/cinder-volumes
-  shell: losetup {{ first_lo.stdout }} /mnt/cinder-volumes
-  when: cindervolumes.stdout != 'cinder-volumes'
-
-- name: create physical and group volumes
-  lvg: vg=cinder-volumes pvs={{ physical_device }}
-       vg_options=--force
+- name: generate cinder volume service list
+  lineinfile: dest=/opt/service create=yes line='{{ item }}'
+  with_items: services | union(services_noarch)
 
 - name: upload cinder-volume configuration
   template: src=cinder.conf dest=/etc/cinder/cinder.conf
             backup=yes
   notify:
-     - restart cinder-volume
-     - restart tgt
+     - restart cinder-volume services
+
+- meta: flush_handlers

ansible/roles/cinder-volume/templates/cinder.conf

@@ -3,11 +3,11 @@ rootwrap_config = /etc/cinder/rootwrap.conf
 api_paste_confg = /etc/cinder/api-paste.ini
 iscsi_helper = tgtadm
 volume_name_template = volume-%s
-volume_group = cinder-volumes
+volume_group = storage-volumes
 verbose = True
 auth_strategy = keystone
 state_path = /var/lib/cinder
-lock_path = /var/lock/cinder
+lock_path = /var/lib/cinder/tmp
 notification_driver=cinder.openstack.common.notifier.rpc_notifier
 volumes_dir = /var/lib/cinder/volumes
 
@@ -17,11 +17,11 @@ control_exchange = cinder
 rpc_backend = rabbit
 rabbit_host = {{ rabbit_host }}
 rabbit_port = 5672
-rabbit_userid = guest
+rabbit_userid = {{ RABBIT_USER }}
 rabbit_password = {{ RABBIT_PASS }}
 my_ip = {{ storage_controller_host }}
 
-glance_host = {{ image_host }}
+glance_host = {{ internal_vip.ip }}
 glance_port = 9292
 api_rate_limit = False
 storage_availability_zone = nova
@@ -38,7 +38,6 @@ volume_name_template = volume-%s
 snapshot_name_template = snapshot-%s
 
 max_gigabytes=10000
-volume_group=cinder-volumes
 
 volume_clear=zero
 volume_clear_size=10
@@ -52,11 +51,12 @@ volumes_dir=/var/lib/cinder/volumes
 volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver
 
 [keystone_authtoken]
-auth_uri = http://{{ identity_host }}:5000/v2.0
-identity_uri = http://{{ identity_host }}:35357
+auth_uri = http://{{ internal_vip.ip }}:5000/v3
+identity_uri = http://{{ internal_vip.ip }}:35357
 admin_tenant_name = service
 admin_user = cinder
 admin_password = {{ CINDER_PASS }}
 
 [database]
 connection = mysql://cinder:{{ CINDER_DBPASS }}@{{ db_host }}/cinder
+idle_timeout = 30

ansible/roles/cinder-volume/vars/Debian.yml

@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+  - cinder-volume
+
+services:
+  - cinder-volume

ansible/roles/cinder-volume/vars/RedHat.yml

@@ -0,0 +1,19 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+  - openstack-cinder
+  - targetcli
+  - python-oslo-db
+  - MySQL-python
+  - lvm2
+
+services:
+  - openstack-cinder-volume
+  - lvm2-lvmetad

ansible/roles/cinder-volume/vars/main.yml

@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch:
+  - lvm2
+
+services_noarch: []
+

ansible/roles/common/files/sources.list.d/cloudarchive-juno.list

@@ -1 +0,0 @@
-deb http://ubuntu-cloud.archive.canonical.com/ubuntu trusty-updates/juno main

ansible/roles/common/handlers/main.yml

@@ -1,4 +0,0 @@
----
-- name: restart ntp
-  command: su -s /bin/sh -c "service ntp stop; ntpd -gq; hwclock --systohc; service ntp start"
-  ignore_errors: True

ansible/roles/common/tasks/main.yml

@@ -1,38 +1,92 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
 ---
-- name: first update pkgs
-  apt: update_cache=yes
+- include_vars: "{{ ansible_os_family }}.yml"
 
-- name: install ubuntu-cloud-keyring(ubuntu)
-  apt: name={{ item }} state=latest
-  with_items:
-    - ubuntu-cloud-keyring
-
-- name: add juno cloudarchive
-  apt_repository: repo="{{ juno_cloud_archive }}" state=present
-
-- name: update packages once
-  apt: update_cache=yes 
+- name: speed up ansible by purging landscape-common
+  apt: pkg=landscape-common state=absent purge=yes
+  when: ansible_os_family == "Debian"
 
 - name: update hosts files to all hosts
-  template: src=hosts
-            dest=/etc/hosts
-            backup=yes
+  template: src=hosts dest=/etc/hosts backup=yes
 
-- name: install common packages
-  apt: name={{ item }} state=latest
-  with_items:
-    - python-pip
-    - python-dev
-    - python-mysqldb
-    - ntp
+- name: get compass-core hostname
+  local_action: shell hostname
+  register: name
+
+- name: get compass-core addr
+  shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
+  register: COMPASS_SERVER
+
+- name: update compass-core name and ip to hosts files
+  shell: |
+    echo "# compass" >> /etc/hosts
+    echo {{ COMPASS_SERVER.stdout_lines[0] }} {{ name.stdout_lines[0] }} >> /etc/hosts
+
+- name: install python-crypto
+  yum: name=python-crypto state=present
+  register: python_crypto_result
+  ignore_errors: yes
+  when: ansible_os_family == "RedHat"
+
+- name: remove python crypt egg file to work-around https://bugs.centos.org/view.php?id=9896&nbn=2
+  shell: rm -rf /usr/lib64/python2.7/site-packages/pycrypto-2.6.1-py2.7.egg-info
+  when: ansible_os_family == "RedHat" and python_crypto_result.msg == "Error unpacking rpm package python2-crypto-2.6.1-9.el7.x86_64\n"
+
+- name: install packages
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=latest update_cache=yes"
+  with_items: packages | union(packages_noarch)
+
+- name: make config template dir exist
+  file: path=/opt/os_templates state=directory mode=0755
+
+- name: create pip config directory
+  file: path=~/.pip state=directory
+
+- name: update pip.conf
+  template: src=pip.conf dest=~/.pip/{{ pip_conf }}
+
+- name: install pip packages
+  pip: name={{ item }} state=present extra_args='--pre'
+  with_items: pip_packages
+
+- name: install keyczar for accelerate
+  pip: name=python-keyczar state=present extra_args='--pre'
+  delegate_to: 127.0.0.1
+  run_once: true
 
 - name: update ntp conf
   template: src=ntp.conf dest=/etc/ntp.conf backup=yes
-  notify:
-    - restart ntp
 
-- name: update pip
-  pip: name={{ item }} state=latest
-  with_items:
-    - pip
+- name: use ntpdate once for initial sync time
+  shell: ntpdate {{ ntp_server }}
+  ignore_errors: True
 
+- name: sync sys clock to hard clock
+  shell: hwclock --systohc
+  ignore_errors: True
+
+- name: create fireball keys dir
+  file: path=~/.fireball.keys state=directory mode=0700
+  delegate_to: 127.0.0.1
+  run_once: true
+
+- name: restart services
+  service: name={{ item }} state=restarted enabled=yes
+  with_items: services| union(services_noarch)
+
+- name: write services to monitor list
+  lineinfile: dest=/opt/service create=yes line='{{ item }}'
+  with_items: services| union(services_noarch)
+
+- name: kill daemon for accelerate
+  shell: lsof -ni :5099|grep LISTEN|awk '{print $2}'|xargs kill -9
+  ignore_errors: true
+
+- meta: flush_handlers

ansible/roles/common/templates/hosts

@@ -1,22 +1,9 @@
-# compute-controller
-10.145.89.136 host-136
-# database
-10.145.89.136 host-136
-# messaging
-10.145.89.136 host-136
-# storage-controller
-10.145.89.138 host-138
-# image
-10.145.89.138 host-138
-# identity
-10.145.89.136 host-136
-# network-server
-10.145.89.138 host-138
-# dashboard
-10.145.89.136 host-136
-# storage-volume
-10.145.89.139 host-139
-# network-worker
-10.145.89.139 host-139
-# compute-worker
-10.145.89.137 host-137
+# localhost
+127.0.0.1 localhost
+# controller
+10.1.0.50 host1
+10.1.0.51 host2
+10.1.0.52 host3
+# compute
+10.1.0.53 host4
+10.1.0.54 host5

ansible/roles/common/templates/ntp.conf

@@ -16,14 +16,12 @@ filegen clockstats file clockstats type day enable
 # Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
 # on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
 # more information.
-server {{ NTP_SERVER_LOCAL }}
-server 0.ubuntu.pool.ntp.org
-server 1.ubuntu.pool.ntp.org
-server 2.ubuntu.pool.ntp.org
-server 3.ubuntu.pool.ntp.org
+server {{ ntp_server }}
+server {{ internal_vip.ip }}
 
-# Use Ubuntu's ntp server as a fallback.
-server ntp.ubuntu.com
+# Use local server as a fallback.
+server  127.127.1.0     # local clock
+fudge   127.127.1.0 stratum 10
 
 # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
 # details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
@@ -34,8 +32,8 @@ server ntp.ubuntu.com
 # up blocking replies from your own upstream servers.
 
 # By default, exchange time with everybody, but don't allow configuration.
-restrict -4 default kod notrap nomodify nopeer noquery
-restrict -6 default kod notrap nomodify nopeer noquery
+restrict -4 default kod notrap nomodify
+restrict -6 default kod notrap nomodify
 
 # Local users may interrogate the ntp server more closely.
 restrict 127.0.0.1

ansible/roles/common/templates/pip.conf

@@ -0,0 +1,5 @@
+[global]
+find-links = http://{{ COMPASS_SERVER.stdout_lines[0] }}/pip
+no-index = true
+[install]
+trusted-host={{ COMPASS_SERVER.stdout_lines[0] }}

ansible/roles/common/vars/Debian.yml

@@ -0,0 +1,30 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+  - ubuntu-cloud-keyring
+  - python-dev
+  - openvswitch-datapath-dkms
+  - openvswitch-switch
+  - python-memcache
+  - python-iniparse
+  - python-lxml
+  #- python-d* #TODO, need remove
+
+pip_packages:
+  - crudini
+  - python-keyczar
+  - yang2tosca
+
+pip_conf: pip.conf
+
+services:
+  - ntp
+
+

ansible/roles/common/vars/RedHat.yml

@@ -0,0 +1,26 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages:
+  - openvswitch
+  - python-devel
+  - python-memcached
+  - gcc
+  - redhat-lsb-core
+  - python-crypto
+
+pip_packages:
+  - crudini
+  - python-keyczar
+
+pip_conf: pip.conf
+
+services:
+  - openvswitch
+  - ntpd

ansible/roles/common/vars/main.yml

@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch:
+  - python-pip
+  - ntp
+
+services_noarch: []

ansible/roles/dashboard/handlers/main.yml

@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart dashboard services
+  service: name={{ item }} state=restarted enabled=yes
+  with_items: services | union(services_noarch)