roles/create-lxd/tasks/main.yml

---
# Copyright 2017-present Open Networking Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# file: create-lxd/tasks/main.yml

- name: Enable trusty-backports apt repository
  apt_repository:
    repo: "{{ item }}"
    state: present
  with_items:
    - "deb http://archive.ubuntu.com/ubuntu trusty-backports main restricted universe multiverse"

- name: Install LXD from trusty-backports
  apt:
    name: lxd
    default_release: trusty-backports
    update_cache: yes
    cache_valid_time: 3600

- name: Create LXD profiles for OpenStack services
  lxd_profile:
    name: "openstack-{{ item.name }}"
    state: present
    config:
      user.user-data: |
        #cloud-config
        ssh_authorized_keys:
          - "{{ lookup('file', ssh_pki_dir ~ '/client_certs/{{ pod_sshkey_name }}_sshkey.pub') }}"
    description: 'OpenStack service {{ item.name }} for CORD'
    devices:
      eth0:
        type: nic
        parent: "{{ management_net_bridge }}"
        nictype: bridged
        hwaddr: "{{ item.hwaddr | default( vtn_net_management_host_hwaddr_prefix ~ ( vtn_net_management_host_cidr | ipaddr(item.ipv4_last_octet) | ipaddr('address') | ip4_hex )) | hwaddr('linux') }}"
      certs:
        type: disk
        path: /usr/local/share/ca-certificates/cord/
        source: /usr/local/share/ca-certificates/
  with_items: "{{ head_lxd_list }}"

- name: Create containers for the OpenStack services
  lxd_container:
    name: "{{ item.name }}"
    architecture: x86_64
    state: started
    source:
      type: image
      mode: pull
      server: https://cloud-images.ubuntu.com/releases
      protocol: simplestreams
      alias: "{{ ansible_distribution_release }}"
    profiles: ["openstack-{{ item.name }}"]
    wait_for_ipv4_addresses: true
    timeout: 600
  with_items: "{{ head_lxd_list }}"

- name: fetch IP of DHCP harvester
  when: use_maas
  command: docker-ip harvester
  register: harvester_ip
  changed_when: False

- name: force a harvest to get container name resolution
  when: use_maas
  uri:
    url: http://{{ harvester_ip.stdout }}:8954/harvest
    method: POST

- name: wait for container name resolution
  when: use_maas
  host_dns_check:
    hosts: "{{ head_lxd_list | map(attribute='name') | list | to_json }}"
    command_on_fail: "curl -sS --connect-timeout 3 -XPOST http://{{ harvester_ip.stdout }}:8954/harvest"
  register: all_resolved
  until: all_resolved.everyone == "OK"
  retries: 5
  delay: 10
  failed_when: all_resolved.everyone != "OK"

- name: Wait for containers to be accessible via SSH
  wait_for:
    host: "{{ item.name }}"
    port: 22
    search_regex: "OpenSSH"
  with_items: "{{ head_lxd_list }}"

- name: Ensure /etc/ansible directory exists
  file:
    path: /etc/ansible
    state: directory
    owner: root
    group: root
    mode: 0755

- name: Create /etc/ansible/hosts file with containers list
  template:
    src: ansible_hosts.j2
    dest: /etc/ansible/hosts
    owner: root
    group: root
    mode: 0644