Andy Bavier | a17d84b | 2016-11-16 09:39:26 -0800 | [diff] [blame] | 1 | --- |
| 2 | # file: create-lxd/tasks/main.yml |
| 3 | - name: Ensure DIG |
| 4 | become: yes |
| 5 | apt: |
| 6 | name: dnsutils=1:9* |
| 7 | state: present |
| 8 | |
| 9 | - name: Enable trusty-backports |
| 10 | become: yes |
| 11 | apt_repository: |
| 12 | repo: "{{ item }}" |
| 13 | state: present |
| 14 | with_items: |
| 15 | - "deb http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe" |
| 16 | - "deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe" |
| 17 | |
| 18 | - name: Ensure LXD |
| 19 | become: yes |
| 20 | apt: |
| 21 | name: lxd |
| 22 | state: present |
| 23 | update_cache: yes |
| 24 | default_release: trusty-backports |
| 25 | |
Zack Williams | 43d62b5 | 2017-01-23 07:34:45 -0700 | [diff] [blame] | 26 | # For lxd_profile, has to be run as normal user |
Zack Williams | 44845c6 | 2017-04-21 13:57:14 -0700 | [diff] [blame] | 27 | - name: slurp user's SSH public key on remote machine to create LXD profile |
| 28 | slurp: |
| 29 | src: "{{ ansible_user_dir }}/.ssh/id_rsa.pub" |
| 30 | register: slurped_pubkey |
Andy Bavier | a17d84b | 2016-11-16 09:39:26 -0800 | [diff] [blame] | 31 | |
| 32 | - name: Create openstack LXD profile |
| 33 | become: yes |
| 34 | lxd_profile: |
| 35 | name: openstack |
| 36 | state: present |
| 37 | config: |
| 38 | user.user-data: | |
| 39 | #cloud-config |
| 40 | ssh_authorized_keys: |
Zack Williams | 44845c6 | 2017-04-21 13:57:14 -0700 | [diff] [blame] | 41 | - "{{ slurped_pubkey['content'] | b64decode }}" |
Andy Bavier | a17d84b | 2016-11-16 09:39:26 -0800 | [diff] [blame] | 42 | description: 'OpenStack services on CORD' |
| 43 | devices: |
| 44 | eth0: |
| 45 | nictype: bridged |
| 46 | parent: mgmtbr |
| 47 | type: nic |
Andy Bavier | 1cac001 | 2017-03-13 10:06:18 -0400 | [diff] [blame] | 48 | certs: |
| 49 | type: disk |
| 50 | path: /usr/local/share/ca-certificates/cord/ |
| 51 | source: /usr/local/share/ca-certificates/ |
Andy Bavier | a17d84b | 2016-11-16 09:39:26 -0800 | [diff] [blame] | 52 | |
| 53 | - name: Create containers for the OpenStack services |
| 54 | become: yes |
| 55 | lxd_container: |
| 56 | name: "{{ item.name }}" |
| 57 | architecture: x86_64 |
| 58 | state: started |
| 59 | source: |
| 60 | type: image |
| 61 | mode: pull |
| 62 | server: https://cloud-images.ubuntu.com/releases |
| 63 | protocol: simplestreams |
| 64 | alias: "{{ ansible_distribution_release }}" |
| 65 | profiles: ["openstack"] |
| 66 | wait_for_ipv4_addresses: true |
| 67 | timeout: 600 |
| 68 | with_items: "{{ head_lxd_list }}" |
| 69 | |
| 70 | - name: fetch IP of DHCP harvester |
| 71 | when: on_maas |
| 72 | command: docker-ip harvester |
| 73 | register: harvester_ip |
| 74 | changed_when: False |
| 75 | |
| 76 | - name: force a harvest to get container name resolution |
| 77 | when: on_maas |
| 78 | uri: |
| 79 | url: http://{{ harvester_ip.stdout }}:8954/harvest |
| 80 | method: POST |
| 81 | |
| 82 | - name: wait for container name resolution |
| 83 | when: on_maas |
| 84 | host_dns_check: |
| 85 | hosts: "{{ head_lxd_list | map(attribute='name') | list | to_json }}" |
| 86 | command_on_fail: "curl -sS --connect-timeout 3 -XPOST http://{{ harvester_ip.stdout }}:8954/harvest" |
| 87 | register: all_resolved |
| 88 | until: all_resolved.everyone == "OK" |
| 89 | retries: 5 |
| 90 | delay: 10 |
| 91 | failed_when: all_resolved.everyone != "OK" |
| 92 | |
Zack Williams | 43d62b5 | 2017-01-23 07:34:45 -0700 | [diff] [blame] | 93 | - name: Wait for containers to be accessible via SSH |
Andy Bavier | a17d84b | 2016-11-16 09:39:26 -0800 | [diff] [blame] | 94 | wait_for: |
Zack Williams | 43d62b5 | 2017-01-23 07:34:45 -0700 | [diff] [blame] | 95 | host: "{{ item.name }}" |
| 96 | port: 22 |
| 97 | search_regex: "OpenSSH" |
Andy Bavier | a17d84b | 2016-11-16 09:39:26 -0800 | [diff] [blame] | 98 | with_items: "{{ head_lxd_list }}" |
| 99 | |
Sapan Bhatia | 35dba66 | 2017-04-18 13:32:28 +0200 | [diff] [blame] | 100 | - name: Ensure /etc/ansible directory exists |
| 101 | become: yes |
| 102 | file: path=/etc/ansible state=directory |
| 103 | |
Andy Bavier | a17d84b | 2016-11-16 09:39:26 -0800 | [diff] [blame] | 104 | - name: Create /etc/ansible/hosts file |
| 105 | become: yes |
| 106 | template: |
| 107 | src=ansible_hosts.j2 |
| 108 | dest=/etc/ansible/hosts |
| 109 | |
| 110 | - name: Verify that we can log into every container |
| 111 | command: ansible containers -m ping -u ubuntu |
| 112 | tags: |
| 113 | - skip_ansible_lint # connectivity check |
| 114 | |
Andy Bavier | 0336337 | 2017-02-23 14:57:34 -0500 | [diff] [blame] | 115 | - name: Verify that containers have external connectivity |
| 116 | command: ansible containers -m uri -u ubuntu -a "url=http://www.google.com" |
| 117 | tags: |
| 118 | - skip_ansible_lint # connectivity check |
| 119 | |
Andy Bavier | a17d84b | 2016-11-16 09:39:26 -0800 | [diff] [blame] | 120 | - name: Have containers use the apt-cache |
| 121 | command: ansible containers -b -u ubuntu -m lineinfile -a "dest=/etc/apt/apt.conf.d/02apt-cacher-ng create=yes mode=0644 owner=root group=root regexp='^Acquire' line='Acquire::http { Proxy \"http://{{ apt_cacher_name }}:{{ apt_cacher_port | default('3142') }}\"; };'" |
| 122 | tags: |
| 123 | - skip_ansible_lint # running a sub job |
| 124 | |
| 125 | - name: Update apt cache |
| 126 | command: ansible containers -m apt -b -u ubuntu -a "update_cache=yes cache_valid_time=3600" |
| 127 | tags: |
| 128 | - skip_ansible_lint # running a sub job |
| 129 | |
| 130 | - name: Update software in all the containers |
| 131 | when: run_dist_upgrade |
| 132 | command: ansible containers -m apt -b -u ubuntu -a "upgrade=dist" |
| 133 | tags: |
| 134 | - skip_ansible_lint # running a sub job |
| 135 | |
Andy Bavier | 1cac001 | 2017-03-13 10:06:18 -0400 | [diff] [blame] | 136 | - name: Update CA certificates in containers |
| 137 | command: ansible containers -m shell -b -u ubuntu -a "update-ca-certificates" |
| 138 | tags: |
| 139 | - skip_ansible_lint # running a sub job |
| 140 | |
Andy Bavier | a17d84b | 2016-11-16 09:39:26 -0800 | [diff] [blame] | 141 | - name: Create containers' eth0 interface config file for DNS config via resolvconf program |
| 142 | when: not on_maas |
| 143 | template: |
| 144 | src=eth0.cfg.j2 |
| 145 | dest={{ ansible_user_dir }}/eth0.cfg |
| 146 | |
| 147 | - name: Copy eth0 interface config file to all containers |
| 148 | when: not on_maas |
| 149 | command: ansible containers -b -u ubuntu -m copy -a "src={{ ansible_user_dir }}/eth0.cfg dest=/etc/network/interfaces.d/eth0.cfg owner=root group=root mode=0644" |
| 150 | |
| 151 | - name: Restart eth0 interface on all containers |
| 152 | when: not on_maas |
| 153 | command: ansible containers -b -u ubuntu -m shell -a "ifdown eth0 ; ifup eth0" |
| 154 | |
| 155 | - name: Verify that we can log into every container after restarting network interfaces |
| 156 | when: not on_maas |
| 157 | command: ansible containers -m ping -u ubuntu |