blob: 1b1dd7a1cabd3f1099a0271f4c1191211fcdd92a [file] [log] [blame]
Andy Baviera17d84b2016-11-16 09:39:26 -08001---
2# file: create-lxd/tasks/main.yml
3- name: Ensure DIG
4 become: yes
5 apt:
6 name: dnsutils=1:9*
7 state: present
8
9- name: Enable trusty-backports
10 become: yes
11 apt_repository:
12 repo: "{{ item }}"
13 state: present
14 with_items:
15 - "deb http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe"
16 - "deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe"
17
18- name: Ensure LXD
19 become: yes
20 apt:
21 name: lxd
22 state: present
23 update_cache: yes
24 default_release: trusty-backports
25
Zack Williams43d62b52017-01-23 07:34:45 -070026# For lxd_profile, has to be run as normal user
Zack Williams44845c62017-04-21 13:57:14 -070027- name: slurp user's SSH public key on remote machine to create LXD profile
28 slurp:
29 src: "{{ ansible_user_dir }}/.ssh/id_rsa.pub"
30 register: slurped_pubkey
Andy Baviera17d84b2016-11-16 09:39:26 -080031
32- name: Create openstack LXD profile
33 become: yes
34 lxd_profile:
35 name: openstack
36 state: present
37 config:
38 user.user-data: |
39 #cloud-config
40 ssh_authorized_keys:
Zack Williams44845c62017-04-21 13:57:14 -070041 - "{{ slurped_pubkey['content'] | b64decode }}"
Andy Baviera17d84b2016-11-16 09:39:26 -080042 description: 'OpenStack services on CORD'
43 devices:
44 eth0:
45 nictype: bridged
46 parent: mgmtbr
47 type: nic
Andy Bavier1cac0012017-03-13 10:06:18 -040048 certs:
49 type: disk
50 path: /usr/local/share/ca-certificates/cord/
51 source: /usr/local/share/ca-certificates/
Andy Baviera17d84b2016-11-16 09:39:26 -080052
53- name: Create containers for the OpenStack services
54 become: yes
55 lxd_container:
56 name: "{{ item.name }}"
57 architecture: x86_64
58 state: started
59 source:
60 type: image
61 mode: pull
62 server: https://cloud-images.ubuntu.com/releases
63 protocol: simplestreams
64 alias: "{{ ansible_distribution_release }}"
65 profiles: ["openstack"]
66 wait_for_ipv4_addresses: true
67 timeout: 600
68 with_items: "{{ head_lxd_list }}"
69
70- name: fetch IP of DHCP harvester
71 when: on_maas
72 command: docker-ip harvester
73 register: harvester_ip
74 changed_when: False
75
76- name: force a harvest to get container name resolution
77 when: on_maas
78 uri:
79 url: http://{{ harvester_ip.stdout }}:8954/harvest
80 method: POST
81
82- name: wait for container name resolution
83 when: on_maas
84 host_dns_check:
85 hosts: "{{ head_lxd_list | map(attribute='name') | list | to_json }}"
86 command_on_fail: "curl -sS --connect-timeout 3 -XPOST http://{{ harvester_ip.stdout }}:8954/harvest"
87 register: all_resolved
88 until: all_resolved.everyone == "OK"
89 retries: 5
90 delay: 10
91 failed_when: all_resolved.everyone != "OK"
92
Zack Williams43d62b52017-01-23 07:34:45 -070093- name: Wait for containers to be accessible via SSH
Andy Baviera17d84b2016-11-16 09:39:26 -080094 wait_for:
Zack Williams43d62b52017-01-23 07:34:45 -070095 host: "{{ item.name }}"
96 port: 22
97 search_regex: "OpenSSH"
Andy Baviera17d84b2016-11-16 09:39:26 -080098 with_items: "{{ head_lxd_list }}"
99
Sapan Bhatia35dba662017-04-18 13:32:28 +0200100- name: Ensure /etc/ansible directory exists
101 become: yes
102 file: path=/etc/ansible state=directory
103
Andy Baviera17d84b2016-11-16 09:39:26 -0800104- name: Create /etc/ansible/hosts file
105 become: yes
106 template:
107 src=ansible_hosts.j2
108 dest=/etc/ansible/hosts
109
110- name: Verify that we can log into every container
111 command: ansible containers -m ping -u ubuntu
112 tags:
113 - skip_ansible_lint # connectivity check
114
Andy Bavier03363372017-02-23 14:57:34 -0500115- name: Verify that containers have external connectivity
116 command: ansible containers -m uri -u ubuntu -a "url=http://www.google.com"
117 tags:
118 - skip_ansible_lint # connectivity check
119
Andy Baviera17d84b2016-11-16 09:39:26 -0800120- name: Have containers use the apt-cache
121 command: ansible containers -b -u ubuntu -m lineinfile -a "dest=/etc/apt/apt.conf.d/02apt-cacher-ng create=yes mode=0644 owner=root group=root regexp='^Acquire' line='Acquire::http { Proxy \"http://{{ apt_cacher_name }}:{{ apt_cacher_port | default('3142') }}\"; };'"
122 tags:
123 - skip_ansible_lint # running a sub job
124
125- name: Update apt cache
126 command: ansible containers -m apt -b -u ubuntu -a "update_cache=yes cache_valid_time=3600"
127 tags:
128 - skip_ansible_lint # running a sub job
129
130- name: Update software in all the containers
131 when: run_dist_upgrade
132 command: ansible containers -m apt -b -u ubuntu -a "upgrade=dist"
133 tags:
134 - skip_ansible_lint # running a sub job
135
Andy Bavier1cac0012017-03-13 10:06:18 -0400136- name: Update CA certificates in containers
137 command: ansible containers -m shell -b -u ubuntu -a "update-ca-certificates"
138 tags:
139 - skip_ansible_lint # running a sub job
140
Andy Baviera17d84b2016-11-16 09:39:26 -0800141- name: Create containers' eth0 interface config file for DNS config via resolvconf program
142 when: not on_maas
143 template:
144 src=eth0.cfg.j2
145 dest={{ ansible_user_dir }}/eth0.cfg
146
147- name: Copy eth0 interface config file to all containers
148 when: not on_maas
149 command: ansible containers -b -u ubuntu -m copy -a "src={{ ansible_user_dir }}/eth0.cfg dest=/etc/network/interfaces.d/eth0.cfg owner=root group=root mode=0644"
150
151- name: Restart eth0 interface on all containers
152 when: not on_maas
153 command: ansible containers -b -u ubuntu -m shell -a "ifdown eth0 ; ifup eth0"
154
155- name: Verify that we can log into every container after restarting network interfaces
156 when: not on_maas
157 command: ansible containers -m ping -u ubuntu