blob: a86fe66ff28e2f219b08547a6a91de99333d1fe9 [file] [log] [blame]
---
# file: create-lxd/tasks/main.yml
- name: Ensure DIG
become: yes
apt:
name: dnsutils=1:9*
state: present
- name: Enable trusty-backports
become: yes
apt_repository:
repo: "{{ item }}"
state: present
with_items:
- "deb http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe"
- "deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe"
- name: Ensure LXD
become: yes
apt:
name: lxd
state: present
update_cache: yes
default_release: trusty-backports
# For lxd_profile, has to be run as normal user
- name: Get user's SSH public key into lxd_ssh_pubkey to create LXD profile
set_fact:
lxd_ssh_pubkey: "{{ lookup('file', '{{ ansible_user_dir }}/.ssh/id_rsa.pub') }}"
- name: Create openstack LXD profile
become: yes
lxd_profile:
name: openstack
state: present
config:
user.user-data: |
#cloud-config
ssh_authorized_keys:
- "{{ lxd_ssh_pubkey }}"
description: 'OpenStack services on CORD'
devices:
eth0:
nictype: bridged
parent: mgmtbr
type: nic
certs:
type: disk
path: /usr/local/share/ca-certificates/cord/
source: /usr/local/share/ca-certificates/
- name: Create containers for the OpenStack services
become: yes
lxd_container:
name: "{{ item.name }}"
architecture: x86_64
state: started
source:
type: image
mode: pull
server: https://cloud-images.ubuntu.com/releases
protocol: simplestreams
alias: "{{ ansible_distribution_release }}"
profiles: ["openstack"]
wait_for_ipv4_addresses: true
timeout: 600
with_items: "{{ head_lxd_list }}"
- name: fetch IP of DHCP harvester
when: on_maas
command: docker-ip harvester
register: harvester_ip
changed_when: False
- name: force a harvest to get container name resolution
when: on_maas
uri:
url: http://{{ harvester_ip.stdout }}:8954/harvest
method: POST
- name: wait for container name resolution
when: on_maas
host_dns_check:
hosts: "{{ head_lxd_list | map(attribute='name') | list | to_json }}"
command_on_fail: "curl -sS --connect-timeout 3 -XPOST http://{{ harvester_ip.stdout }}:8954/harvest"
register: all_resolved
until: all_resolved.everyone == "OK"
retries: 5
delay: 10
failed_when: all_resolved.everyone != "OK"
- name: Wait for containers to be accessible via SSH
wait_for:
host: "{{ item.name }}"
port: 22
search_regex: "OpenSSH"
with_items: "{{ head_lxd_list }}"
- name: Create /etc/ansible/hosts file
become: yes
template:
src=ansible_hosts.j2
dest=/etc/ansible/hosts
- name: Verify that we can log into every container
command: ansible containers -m ping -u ubuntu
tags:
- skip_ansible_lint # connectivity check
- name: Verify that containers have external connectivity
command: ansible containers -m uri -u ubuntu -a "url=http://www.google.com"
tags:
- skip_ansible_lint # connectivity check
- name: Have containers use the apt-cache
command: ansible containers -b -u ubuntu -m lineinfile -a "dest=/etc/apt/apt.conf.d/02apt-cacher-ng create=yes mode=0644 owner=root group=root regexp='^Acquire' line='Acquire::http { Proxy \"http://{{ apt_cacher_name }}:{{ apt_cacher_port | default('3142') }}\"; };'"
tags:
- skip_ansible_lint # running a sub job
- name: Update apt cache
command: ansible containers -m apt -b -u ubuntu -a "update_cache=yes cache_valid_time=3600"
tags:
- skip_ansible_lint # running a sub job
- name: Update software in all the containers
when: run_dist_upgrade
command: ansible containers -m apt -b -u ubuntu -a "upgrade=dist"
tags:
- skip_ansible_lint # running a sub job
- name: Update CA certificates in containers
command: ansible containers -m shell -b -u ubuntu -a "update-ca-certificates"
tags:
- skip_ansible_lint # running a sub job
- name: Create containers' eth0 interface config file for DNS config via resolvconf program
when: not on_maas
template:
src=eth0.cfg.j2
dest={{ ansible_user_dir }}/eth0.cfg
- name: Copy eth0 interface config file to all containers
when: not on_maas
command: ansible containers -b -u ubuntu -m copy -a "src={{ ansible_user_dir }}/eth0.cfg dest=/etc/network/interfaces.d/eth0.cfg owner=root group=root mode=0644"
- name: Restart eth0 interface on all containers
when: not on_maas
command: ansible containers -b -u ubuntu -m shell -a "ifdown eth0 ; ifup eth0"
- name: Verify that we can log into every container after restarting network interfaces
when: not on_maas
command: ansible containers -m ping -u ubuntu