blob: fd3ace2897ffa8d741fabe13e2a855d58b277937 [file] [log] [blame]
Andy Baviera17d84b2016-11-16 09:39:26 -08001---
2# file: create-lxd/tasks/main.yml
3- name: Ensure DIG
4 become: yes
5 apt:
6 name: dnsutils=1:9*
7 state: present
8
9- name: Enable trusty-backports
10 become: yes
11 apt_repository:
12 repo: "{{ item }}"
13 state: present
14 with_items:
15 - "deb http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe"
16 - "deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe"
17
18- name: Ensure LXD
19 become: yes
20 apt:
21 name: lxd
22 state: present
23 update_cache: yes
24 default_release: trusty-backports
25
Zack Williams43d62b52017-01-23 07:34:45 -070026# For lxd_profile, has to be run as normal user
27- name: Get user's SSH public key into lxd_ssh_pubkey to create LXD profile
28 set_fact:
29 lxd_ssh_pubkey: "{{ lookup('file', '{{ ansible_user_dir }}/.ssh/id_rsa.pub') }}"
Andy Baviera17d84b2016-11-16 09:39:26 -080030
31- name: Create openstack LXD profile
32 become: yes
33 lxd_profile:
34 name: openstack
35 state: present
36 config:
37 user.user-data: |
38 #cloud-config
39 ssh_authorized_keys:
Zack Williams43d62b52017-01-23 07:34:45 -070040 - "{{ lxd_ssh_pubkey }}"
Andy Baviera17d84b2016-11-16 09:39:26 -080041 description: 'OpenStack services on CORD'
42 devices:
43 eth0:
44 nictype: bridged
45 parent: mgmtbr
46 type: nic
Andy Bavier1cac0012017-03-13 10:06:18 -040047 certs:
48 type: disk
49 path: /usr/local/share/ca-certificates/cord/
50 source: /usr/local/share/ca-certificates/
Andy Baviera17d84b2016-11-16 09:39:26 -080051
52- name: Create containers for the OpenStack services
53 become: yes
54 lxd_container:
55 name: "{{ item.name }}"
56 architecture: x86_64
57 state: started
58 source:
59 type: image
60 mode: pull
61 server: https://cloud-images.ubuntu.com/releases
62 protocol: simplestreams
63 alias: "{{ ansible_distribution_release }}"
64 profiles: ["openstack"]
65 wait_for_ipv4_addresses: true
66 timeout: 600
67 with_items: "{{ head_lxd_list }}"
68
69- name: fetch IP of DHCP harvester
70 when: on_maas
71 command: docker-ip harvester
72 register: harvester_ip
73 changed_when: False
74
75- name: force a harvest to get container name resolution
76 when: on_maas
77 uri:
78 url: http://{{ harvester_ip.stdout }}:8954/harvest
79 method: POST
80
81- name: wait for container name resolution
82 when: on_maas
83 host_dns_check:
84 hosts: "{{ head_lxd_list | map(attribute='name') | list | to_json }}"
85 command_on_fail: "curl -sS --connect-timeout 3 -XPOST http://{{ harvester_ip.stdout }}:8954/harvest"
86 register: all_resolved
87 until: all_resolved.everyone == "OK"
88 retries: 5
89 delay: 10
90 failed_when: all_resolved.everyone != "OK"
91
Zack Williams43d62b52017-01-23 07:34:45 -070092- name: Wait for containers to be accessible via SSH
Andy Baviera17d84b2016-11-16 09:39:26 -080093 wait_for:
Zack Williams43d62b52017-01-23 07:34:45 -070094 host: "{{ item.name }}"
95 port: 22
96 search_regex: "OpenSSH"
Andy Baviera17d84b2016-11-16 09:39:26 -080097 with_items: "{{ head_lxd_list }}"
98
Sapan Bhatia35dba662017-04-18 13:32:28 +020099- name: Ensure /etc/ansible directory exists
100 become: yes
101 file: path=/etc/ansible state=directory
102
Andy Baviera17d84b2016-11-16 09:39:26 -0800103- name: Create /etc/ansible/hosts file
104 become: yes
105 template:
106 src=ansible_hosts.j2
107 dest=/etc/ansible/hosts
108
109- name: Verify that we can log into every container
110 command: ansible containers -m ping -u ubuntu
111 tags:
112 - skip_ansible_lint # connectivity check
113
Andy Bavier03363372017-02-23 14:57:34 -0500114- name: Verify that containers have external connectivity
115 command: ansible containers -m uri -u ubuntu -a "url=http://www.google.com"
116 tags:
117 - skip_ansible_lint # connectivity check
118
Andy Baviera17d84b2016-11-16 09:39:26 -0800119- name: Have containers use the apt-cache
120 command: ansible containers -b -u ubuntu -m lineinfile -a "dest=/etc/apt/apt.conf.d/02apt-cacher-ng create=yes mode=0644 owner=root group=root regexp='^Acquire' line='Acquire::http { Proxy \"http://{{ apt_cacher_name }}:{{ apt_cacher_port | default('3142') }}\"; };'"
121 tags:
122 - skip_ansible_lint # running a sub job
123
124- name: Update apt cache
125 command: ansible containers -m apt -b -u ubuntu -a "update_cache=yes cache_valid_time=3600"
126 tags:
127 - skip_ansible_lint # running a sub job
128
129- name: Update software in all the containers
130 when: run_dist_upgrade
131 command: ansible containers -m apt -b -u ubuntu -a "upgrade=dist"
132 tags:
133 - skip_ansible_lint # running a sub job
134
Andy Bavier1cac0012017-03-13 10:06:18 -0400135- name: Update CA certificates in containers
136 command: ansible containers -m shell -b -u ubuntu -a "update-ca-certificates"
137 tags:
138 - skip_ansible_lint # running a sub job
139
Andy Baviera17d84b2016-11-16 09:39:26 -0800140- name: Create containers' eth0 interface config file for DNS config via resolvconf program
141 when: not on_maas
142 template:
143 src=eth0.cfg.j2
144 dest={{ ansible_user_dir }}/eth0.cfg
145
146- name: Copy eth0 interface config file to all containers
147 when: not on_maas
148 command: ansible containers -b -u ubuntu -m copy -a "src={{ ansible_user_dir }}/eth0.cfg dest=/etc/network/interfaces.d/eth0.cfg owner=root group=root mode=0644"
149
150- name: Restart eth0 interface on all containers
151 when: not on_maas
152 command: ansible containers -b -u ubuntu -m shell -a "ifdown eth0 ; ifup eth0"
153
154- name: Verify that we can log into every container after restarting network interfaces
155 when: not on_maas
156 command: ansible containers -m ping -u ubuntu