| --- |
| # Play: set up head node |
| # Assumes basic /etc/ansible/hosts file |
| - hosts: singapore-head |
| sudo: yes |
| tasks: |
| |
| - apt: name=python-pycurl |
| |
| - name: Add Juju repository |
| apt_repository: repo="ppa:juju/stable" |
| |
| - name: Add Ansible repository |
| apt_repository: repo="ppa:ansible/ansible" |
| |
| - name: Install older version of Juju due to bug in 1.22 |
| apt: name=juju-core=1.20.11-0ubuntu0.14.04.1 update_cache=yes |
| |
| - name: Install packages |
| apt: name={{ item.name }} state=latest |
| with_items: |
| - name: ansible |
| - name: uvtool |
| |
| - name: Get juju-ansible git repo |
| git: repo=https://github.com/cmars/juju-ansible.git |
| dest=/home/ubuntu/juju-ansible |
| |
| - name: Set up juju-ansible symlink |
| file: dest=/usr/local/bin/juju-ansible |
| src=/home/ubuntu/juju-ansible |
| state=link |
| |
| - name: Set up juju-ansible-playbook symlink |
| file: dest=/usr/local/bin/juju-ansible-playbook |
| src=/home/ubuntu/juju-ansible |
| state=link |
| |
| - name: Generate key to use in VMs |
| user: name=ubuntu generate_ssh_key=yes |
| |
| - name: Get new key |
| sudo: no |
| shell: cat /home/ubuntu/.ssh/id_rsa.pub |
| register: sshkey |
| |
| - name: Add to authorized_keys |
| authorized_key: user=ubuntu |
| key="{{ sshkey.stdout }}" |
| |
| - name: Get trusty image for uvtool |
| shell: uvt-simplestreams-libvirt sync release=trusty arch=amd64 |
| |
| - name: Create VMs to host OpenCloud services |
| sudo: no |
| script: scripts/create-vms.sh |
| |
| - pause: prompt="Hit return when all VMs have IP addresses" |
| |
| - include: tasks/vm-ips.yml |
| |
| - name: Add VMs to /etc/hosts |
| template: src=templates/etc/hosts.j2 |
| dest=/etc/hosts |
| |
| - name: Set up /etc/ansible/hosts |
| template: src=templates/etc/ansible/hosts.j2 |
| dest=/etc/ansible/hosts |
| |
| - name: Copy ansible.cfg to disable host key checking |
| sudo: no |
| copy: src=files/ansible.cfg |
| dest=/home/ubuntu/.ansible.cfg |
| |
| - name: Touch ~/.ssh/config |
| sudo: no |
| file: path=/home/ubuntu/.ssh/config state=touch |
| |
| - name: Disable host key checking in SSH |
| sudo: no |
| lineinfile: dest=/home/ubuntu/.ssh/config |
| line="StrictHostKeyChecking no" |
| |
| - name: Test that we can log into every VM |
| sudo: no |
| shell: ansible services -m ping |
| |
| # Play: Install services using Juju |
| - hosts: singapore-head |
| tasks: |
| - name: Initialize Juju |
| sudo: no |
| shell: juju generate-config |
| creates=/home/ubuntu/.juju/environments.yaml |
| |
| - shell: uvt-kvm ip juju |
| register: juju_ip |
| |
| - name: Juju config file |
| sudo: no |
| template: src=templates/environments.yaml.j2 |
| dest=/home/ubuntu/.juju/environments.yaml |
| |
| - name: Bootstrap Juju |
| sudo: no |
| shell: juju bootstrap |
| creates=/home/ubuntu/.juju/environments/manual.jenv |
| |
| # - pause: Break here and try rebooting Juju VM |
| |
| - name: Copy openstack.cfg for Juju |
| sudo: no |
| copy: src=files/openstack.cfg |
| dest=/home/ubuntu/openstack.cfg |
| |
| - name: Deploy OpenStack services with Juju |
| script: scripts/juju-setup.py |
| |
| - pause: prompt="Hit return when all services have started successfully" |
| |
| - name: Set MTU for GRE tunneling |
| shell: "juju set quantum-gateway instance-mtu=1400" |
| |
| - name: Use HTTPS for keystone authentication |
| shell: 'juju set keystone use-https=yes' |
| |
| - name: Use HTTPS for all service endpoints |
| shell: 'juju set keystone https-service-endpoints=True' |
| |
| - name: Use SSL for rabbitmq |
| shell: 'juju set rabbitmq-server ssl=on' |
| |
| - name: Add all Juju relations between services |
| script: scripts/juju-relations.py |
| |
| - pause: prompt="Wait for relations to be fully added" |
| |
| # Play: Use libvirt hooks to set up iptables |
| - hosts: singapore-head |
| sudo: yes |
| tasks: |
| - name: Enable port forwarding for services |
| copy: src=files/{{ item }} |
| dest={{ item }} |
| mode=0755 |
| notify: |
| - reload libvirt config |
| - run qemu hook |
| with_items: |
| - /etc/libvirt/hooks/daemon |
| - /etc/libvirt/hooks/qemu |
| |
| handlers: |
| - name: reload libvirt config |
| shell: killall -HUP libvirtd |
| |
| - name: run qemu hook |
| shell: /etc/libvirt/hooks/qemu start start |
| |
| # Play: Create credentials, set up some basic OpenStack |
| - hosts: singapore-head |
| sudo: no |
| tasks: |
| |
| - name: Get keystone admin password |
| shell: juju run --unit=keystone/0 "sudo cat /var/lib/keystone/keystone.passwd" |
| register: keystone_password |
| |
| - shell: uvt-kvm ip keystone |
| register: keystone_ip |
| |
| - name: Create credentials |
| template: src=templates/admin-openrc.sh.j2 |
| dest=/home/ubuntu/admin-openrc.sh |
| |
| - name: Copy credentials to nova-cloud-controller |
| shell: "scp admin-openrc.sh nova-cloud-controller:" |
| |
| - name: Get public key |
| shell: cat /home/ubuntu/.ssh/id_rsa.pub |
| register: sshkey |
| |
| - hosts: singapore-compute |
| sudo: yes |
| vars: |
| control_net: 192.168.122.0/24 |
| gateway: 198.71.44.85 |
| tasks: |
| - name: Add route via /etc/rc.local |
| template: src=templates/etc/rc.local |
| dest=/etc/rc.local |
| mode=0755 |
| notify: |
| - run /etc/rc.local |
| |
| - name: Add key |
| authorized_key: user=ubuntu |
| key="{{ hostvars['opencloud3.sing.internet2.edu']['sshkey']['stdout'] }}" |
| |
| handlers: |
| - name: run /etc/rc.local |
| shell: /etc/rc.local |
| |
| # Whaat's left |
| # - Adding compute nodes |
| # - Add machine |
| # - Deploy charm |
| # - Remove virbr0 |
| # |
| # - Creating br-ex and br-nat networks |
| # - But this should perhaps be done by OpenCloud? |