more dns-ification work
diff --git a/roles/juju-setup/handlers/main.yml b/roles/juju-setup/handlers/main.yml
deleted file mode 100644
index d54f5dc..0000000
--- a/roles/juju-setup/handlers/main.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-# roles/juju-setup/handlers/tasks.yml
-
-- name: reload libvirt-bin
- service:
- name=libvirt-bin
- state=reloaded
-
-- name: run qemu hook
- command: /etc/libvirt/hooks/qemu start start
-
-
diff --git a/roles/juju-setup/tasks/main.yml b/roles/juju-setup/tasks/main.yml
index d1b2f30..672c9be 100644
--- a/roles/juju-setup/tasks/main.yml
+++ b/roles/juju-setup/tasks/main.yml
@@ -2,7 +2,7 @@
# roles/juju-setup/main/tasks.yml
- name: create Virtual Machines with uvt-kvm
- shell: uvt-kvm create {{ item.name }} --cpu={{ item.cpu }} --memory={{ item.memMB }} --disk={{ item.diskGB }}; \
+ shell: uvt-kvm create {{ item.name }} --cpu={{ item.cpu }} --memory={{ item.memMB }} --disk={{ item.diskGB }} ; \
uvt-kvm wait --insecure {{ item.name }}
creates=/var/lib/uvtool/libvirt/images/{{ item.name }}.qcow
with_items: "{{ head_vm_list }}"
@@ -11,17 +11,6 @@
command: virsh autostart {{ item.name }}
with_items: "{{ head_vm_list }}"
-- name: Discover VM IP addresses
- shell: "uvt-kvm ip {{ item.name }}"
- with_items: "{{ head_vm_list }}"
- register: vm_ip
-
-- name: Create /etc/hosts with VM IP addresses
- become: yes
- template:
- src=hosts.j2
- dest=/etc/hosts
-
- name: Create /etc/ansible/hosts file
become: yes
template:
@@ -31,18 +20,19 @@
- name: Verify that we can log into every VM
command: ansible services -m ping -u ubuntu
-- name: Have libvirt enable port forwarding to VM's
- become: yes
+- name: Update software in all the VMs
+ command: ansible services -m apt -b -u ubuntu -a "upgrade=dist update_cache=yes cache_valid_time=3600"
+
+- name: Create VM's eth0 interface config file for DNS config via resolvconf program
template:
- src={{ item }}.j2
- dest=/etc/libvirt/hooks/{{ item }}
- mode=0755 owner=root
- with_items:
- - daemon
- - qemu
- notify:
- - reload libvirt-bin
- - run qemu hook
+ src=eth0.cfg.j2
+ dest={{ ansible_user_dir }}/eth0.cfg
+
+- name: Copy eth0 interface config file to all VMs
+ command: ansible services -b -u ubuntu -m copy -a "src={{ ansible_user_dir }}/eth0.cfg dest=/etc/network/interfaces.d/eth0.cfg owner=root group=root mode=0644"
+
+- name: Restart eth0 interface on all VMs
+ command: ansible services -b -u ubuntu -m shell -a "ifdown eth0 ; ifup eth0"
- name: Initialize Juju
command: juju generate-config
@@ -64,7 +54,7 @@
dest={{ openstack_cfg_path }}
# Code for this is in library/juju_facts.py
-- name: Obtain Juju Facts
+- name: Obtain Juju Facts for creating machines
juju_facts:
# For setwise operations on desired vs Juju state:
@@ -74,7 +64,11 @@
- name: Add machines to Juju
command: "juju add-machine ssh:{{ item }}"
- with_items: "{{ head_vm_list | map(attribute='name') | list | difference( juju_machines.keys() ) }}"
+ with_items: "{{ head_vm_list | map(attribute='service') | list | difference( juju_machines.keys() ) }}"
+
+# run this again, so machines will be in the juju_machines list
+- name: Obtain Juju Facts after machine creation
+ juju_facts:
- name: Deploy services that are hosted in their own VM
command: "juju deploy {{ item }} --to {{ juju_machines[item]['machine_id'] }} --config={{ openstack_cfg_path }}"
@@ -92,15 +86,39 @@
# Previous method wasn't idempotent either
- name: Create relations between services
command: "juju add-relation '{{ item.0.name }}' '{{ item.1 }}'"
- ignore_errors: True
+ register: juju_relation
+ failed_when: "juju_relation|failed and 'relation already exists' not in juju_relation.stderr"
with_subelements:
- "{{ service_relations }}"
- relations
+# run another time, so services will be in juju_services list
+- name: Obtain Juju Facts after service creation
+ juju_facts:
+
# This should be able to test for the VM's coming up, but not working right now
#- name: Wait for juju services on VM's to come up
-# wait_for:
+# wait_for:
# port={{ item.ext }}
# timeout=10
# with_items: "{{ head_vm_list | map(attribute='forwarded_ports') | reject('undefined') | list }}"
+# - name: Obtain keystone admin password
+# command: "juju run --unit={{ juju_services['keystone']['units'].keys()[0] }} 'sudo cat /var/lib/keystone/keystone.passwd'"
+# register: keystone_password
+
+- name: Create admin-openrc.sh credentials file
+ template:
+ src=admin-openrc.sh.j2
+ dest={{ ansible_user_dir }}/admin-openrc.sh
+
+- name: Copy nova-cloud-controller CA certificate to head
+ command: juju scp {{ juju_services['nova-cloud-controller']['units'].keys()[0] }}:/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt {{ ansible_user_dir }}
+ creates={{ ansible_user_dir }}/keystone_juju_ca_cert.crt
+
+- name: Move cert to system location
+ become: yes
+ command: mv {{ ansible_user_dir }}/keystone_juju_ca_cert.crt /usr/local/share/ca-certificates
+ creates=/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt
+ notify: update-ca-certificates
+
diff --git a/roles/juju-setup/templates/admin-openrc.sh.j2 b/roles/juju-setup/templates/admin-openrc.sh.j2
new file mode 100644
index 0000000..bd195a4
--- /dev/null
+++ b/roles/juju-setup/templates/admin-openrc.sh.j2
@@ -0,0 +1,5 @@
+export OS_USERNAME=admin
+export OS_PASSWORD={{ keystone_admin_password }}
+export OS_TENANT_NAME=admin
+export OS_AUTH_URL=https://keystone.{{ site_suffix }}:5000/v2.0
+export OS_REGION_NAME=RegionOne
diff --git a/roles/juju-setup/templates/daemon.j2 b/roles/juju-setup/templates/daemon.j2
deleted file mode 100644
index 32e9b55..0000000
--- a/roles/juju-setup/templates/daemon.j2
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/sh
-
-SHELL="/bin/bash"
-
-NIC=$( route|grep default|awk '{print $NF}' )
-
-NAME="${1}"
-OP="${2}"
-SUBOP="${3}"
-ARGS="${4}"
-
-add_port_fwd_rule() {
- DPORT=$1
- VM=$2
- TOPORT=$3
-
- VMIP=$( getent ahosts $VM|head -1|awk '{print $1}' )
- iptables -t nat -C PREROUTING -p tcp -i $NIC --dport $DPORT -j DNAT --to-destination $VMIP:$TOPORT
- if [ "$?" -ne 0 ]
- then
- iptables -t nat -A PREROUTING -p tcp -i $NIC --dport $DPORT -j DNAT --to-destination $VMIP:$TOPORT
- fi
-}
-
-if [ "$OP" = "start" ] || [ "$OP" = "reload" ]
-then
- iptables -t nat -F
-
-{% for vm in head_vm_list -%}
-{% if vm.forwarded_ports is defined -%}
-{% for port in vm.forwarded_ports -%}
- add_port_fwd_rule {{ port.ext }} {{ vm.name }} {{ port.int }}
-{% endfor -%}
-{% endif -%}
-{% endfor -%}
-
- # Also flush the filter table before rules re-added
- iptables -F
-fi
-
diff --git a/roles/juju-setup/templates/eth0.cfg.j2 b/roles/juju-setup/templates/eth0.cfg.j2
new file mode 100644
index 0000000..0baa7a8
--- /dev/null
+++ b/roles/juju-setup/templates/eth0.cfg.j2
@@ -0,0 +1,7 @@
+# The primary network interface
+auto eth0
+iface eth0 inet dhcp
+ dns-nameservers{% for ns in dns_servers %} {{ ns }}{% endfor %}
+{% if dns_search is defined %}
+ dns-search{% for searchdom in dns_search %} {{ searchdom }}{% endfor %}
+{% endif %}
diff --git a/roles/juju-setup/templates/openstack.cfg.j2 b/roles/juju-setup/templates/openstack.cfg.j2
index b5b635d..5a1f224 100644
--- a/roles/juju-setup/templates/openstack.cfg.j2
+++ b/roles/juju-setup/templates/openstack.cfg.j2
@@ -3,10 +3,9 @@
glance:
openstack-origin: "cloud:trusty-kilo"
keystone:
- admin-password: ""
+ use-https: "yes"
https-service-endpoints: "True"
openstack-origin: "cloud:trusty-kilo"
- use-https: "yes"
mysql:
mongodb:
nagios:
@@ -30,6 +29,7 @@
network-manager: "Neutron"
openstack-origin: "cloud:trusty-kilo"
nova-compute:
+ virt-type:kvm
config-flags: "firewall_driver=nova.virt.firewall.NoopFirewallDriver"
# config-flags: "firewall_driver=nova.virt.firewall.NoopFirewallDriver,xos_api_url=http://portal.opencloud.us"
disable-neutron-security-groups: "True"
diff --git a/roles/juju-setup/templates/qemu.j2 b/roles/juju-setup/templates/qemu.j2
deleted file mode 100644
index 1c947f9..0000000
--- a/roles/juju-setup/templates/qemu.j2
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/sh
-
-SHELL="/bin/bash"
-
-NIC=$( route|grep default|awk '{print $NF}' )
-PORTAL=$( dig +short portal.opencloud.us | tail -1 )
-
-NAME="${1}"
-OP="${2}"
-SUBOP="${3}"
-ARGS="${4}"
-
-add_rule() {
- CHAIN=$1
- ARGS=$2
- iptables -C $CHAIN $ARGS
- if [ "$?" -ne 0 ]
- then
- iptables -I $CHAIN 1 $ARGS
- fi
-}
-
-add_local_access_rules() {
- SUBNET=$( ip addr show $NIC|grep "inet "|awk '{print $2}' )
- PRIVATENET=$( ip addr show virbr0|grep "inet "|awk '{print $2}' )
- add_rule "FORWARD" "-s $SUBNET -j ACCEPT"
- # Don't NAT traffic from service VMs destined to the local subnet
- add_rule "POSTROUTING" "-t nat -s $PRIVATENET -d $SUBNET -j RETURN"
-}
-
-add_portal_access_rules() {
- add_rule "FORWARD" "-s $PORTAL -j ACCEPT"
-}
-
-add_web_access_rules() {
- add_rule "FORWARD" "-p tcp --dport 80 -j ACCEPT"
-}
-
-if [ "$OP" = "start" ]
-then
- add_local_access_rules
- add_portal_access_rules
- add_web_access_rules
-fi