Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
ansible/playbooks/groups/overcloud-config.yml
Kevin Fenzi 4b31ac5152 ansible: Change all our group names from foo-bar to foo_bar or foo-bar-baz to foo_bar_baz 
In ansible 2.8 the - character isn't supposed to be valid in group names.
While we could override this, might has well just bite the bullet and change it.
So, just switch all group names to use _ instead of -

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2019-05-20 17:38:09 +00:00

567 lines
20 KiB
YAML
Raw Blame History

- name: configure overcloud from undercloud
hosts: newcloud_undercloud
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/newcloud.yml
- /srv/private/ansible/files/openstack/overcloudrc.yml
tasks:
- name: setup auth/connection vars
set_fact:
os_cloud:
auth:
auth_url: http://192.168.20.51:5000//v3
username: admin
password: "{{ OS_PASSWORD }}"
project_name: admin
project_domain_name: default
user_domain_name: default
auth_type: v3password
region_name: regionOne
auth_version: 3
identity_api_version: 3
- name: create non-standard flavor
os_nova_flavor:
cloud: "{{ os_cloud }}"
name: "{{item.name}}"
ram: "{{item.ram}}"
disk: "{{item.disk}}"
vcpus: "{{item.vcpus}}"
swap: "{{item.swap}}"
ephemeral: 0
with_items:
- { name: m1.builder, ram: 5120, disk: 50, vcpus: 2, swap: 5120 }
- { name: ms2.builder, ram: 5120, disk: 20, vcpus: 2, swap: 100000 }
- { name: m2.prepare_builder, ram: 5000, disk: 16, vcpus: 2, swap: 0 }
# same as m.* but with swap
- { name: ms1.tiny, ram: 512, disk: 1, vcpus: 1, swap: 512 }
- { name: ms1.small, ram: 2048, disk: 20, vcpus: 1, swap: 2048 }
- { name: ms1.medium, ram: 4096, disk: 40, vcpus: 2, swap: 4096 }
- { name: ms1.medium.bigswap, ram: 4096, disk: 40, vcpus: 2, swap: 40000 }
- { name: ms1.large, ram: 8192, disk: 50, vcpus: 4, swap: 4096 }
- { name: ms1.xlarge, ram: 16384, disk: 160, vcpus: 8, swap: 16384 }
# inspired by http://aws.amazon.com/ec2/instance-types/
- { name: c4.large, ram: 3072, disk: 0, vcpus: 2, swap: 0 }
- { name: c4.xlarge, ram: 7168, disk: 0, vcpus: 4, swap: 0 }
- { name: c4.2xlarge, ram: 14336, disk: 0, vcpus: 8, swap: 0 }
- { name: r3.large, ram: 16384, disk: 32, vcpus: 2, swap: 16384 }
- name: download images
get_url:
dest: "/var/tmp/{{ item.imagename }}"
url: "{{ item.url }}"
with_items:
- { imagename: Fedora-Cloud-Base-28-1.1.ppc64le.qcow2,
url: "https://dl.fedoraproject.org/pub/fedora-secondary/releases/28/Cloud/ppc64le/images/Fedora-Cloud-Base-28-1.1.ppc64le.qcow2" }
- { imagename: Fedora-Cloud-Base-28-1.1.x86_64.qcow2,
url: "https://dl.fedoraproject.org/pub/fedora/linux/releases/28/Cloud/x86_64/images/Fedora-Cloud-Base-28-1.1.x86_64.qcow2" }
- { imagename: Fedora-Cloud-Base-29-1.2.x86_64.qcow2,
url: "https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Cloud/x86_64/images/Fedora-Cloud-Base-29-1.2.x86_64.qcow2" }
- name: Add the images
os_image:
cloud: "{{ os_cloud }}"
name: "{{ item.name }}"
disk_format: qcow2
is_public: True
filename: "{{ item.filename }}"
with_items:
- { name: Fedora-Cloud-Base-28-1.1.ppc64le, filename: /var/tmp/Fedora-Cloud-Base-28-1.1.ppc64le.qcow2 }
- { name: Fedora-Cloud-Base-28-1.1.x86_64, filename: /var/tmp/Fedora-Cloud-Base-28-1.1.x86_64.qcow2 }
- { name: Fedora-Cloud-Base-29-1.2.x86_64, filename: /var/tmp/Fedora-Cloud-Base-29-1.2.x86_64.qcow2 }
- name: Create tenants
os_project:
cloud: "{{ os_cloud }}"
name: "{{ item.name }}"
description: "{{ item.desc }}"
state: present
enabled: True
domain_id: default
with_items:
- { name: persistent, desc: "persistent instances" }
- { name: qa, desc: "developmnet and test-day applications of QA" }
- { name: transient, desc: 'transient instances' }
- { name: infrastructure, desc: "one off instances for infrastructure folks to test or check something (proof-of-concept)" }
- { name: copr, desc: 'Space for Copr builders' }
- { name: coprdev, desc: 'Development version of Copr' }
- { name: pythonbots, desc: 'project for python build bot users - twisted, etc' }
- { name: openshift, desc: 'Tenant for openshift deployment' }
- { name: maintainertest, desc: 'Tenant for maintainer test machines' }
- { name: aos-ci-cd, desc: 'Tenant for aos-ci-cd' }
##### NETWORK ####
# http://docs.openstack.org/havana/install-guide/install/apt/content/install-neutron.configure-networks.html
#
# NEW:
# network is 38.145.48.0/23
# gateway is 38.145.49.254
# leave 38.145.49.250-253 unused for dcops
# leave 38.145.49.231-249 unused for future testing
#
# OLD:
# external network is a class C: 209.132.184.0/24
# 209.132.184.1 to .25 - reserved for hardware.
# 209.132.184.26 to .30 - reserver for test cloud external ips
# 209.132.184.31 to .69 - icehouse cloud
# 209.132.184.70 to .89 - reserved for arm03 SOCs
# 209.132.184.90 to .251 - folsom cloud
#
- name: Create an external network
os_network:
cloud: "{{ os_cloud }}"
name: external
provider_network_type: flat
provider_physical_network: datacentre
external: true
shared: true
register: EXTERNAL_ID
- name: Create an external subnet
os_subnet:
cloud: "{{ os_cloud }}"
name: external-subnet
network_name: external
cidr: 38.145.48.0/23
allocation_pool_start: 38.145.48.1
allocation_pool_end: 38.145.49.230
gateway_ip: 38.145.49.254
enable_dhcp: false
register: EXTERNAL_SUBNET_ID
#- shell: source /root/keystonerc_admin && nova floating-ip-create external
# when: packstack_sucessfully_finished.stat.exists == False
# 172.16.0.1/16 -- 172.22.0.1/16 - free (can be split to /20)
# 172.23.0.1/16 - free (but used by old cloud)
# 172.24.0.1/24 - RESERVED it is used internally for OS
# 172.24.1.0/24 -- 172.24.255.0/24 - likely free (?)
# 172.25.0.1/20 - Cloudintern (172.25.0.1 - 172.25.15.254)
# 172.25.16.1/20 - infrastructure (172.25.16.1 - 172.25.31.254)
# 172.25.32.1/20 - persistent (172.25.32.1 - 172.25.47.254)
# 172.25.48.1/20 - transient (172.25.48.1 - 172.25.63.254)
# 172.25.64.1/20 - scratch (172.25.64.1 - 172.25.79.254)
# 172.25.80.1/20 - copr (172.25.80.1 - 172.25.95.254)
# 172.25.96.1/20 - cloudsig (172.25.96.1 - 172.25.111.254)
# 172.25.112.1/20 - qa (172.25.112.1 - 172.25.127.254)
# 172.25.128.1/20 - pythonbots (172.25.128.1 - 172.25.143.254)
# 172.25.144.1/20 - coprdev (172.25.144.1 - 172.25.159.254)
# 172.25.160.1/20 -- 172.25.240.1/20 - free
# 172.26.0.1/16 -- 172.31.0.1/16 - free (can be split to /20)
- name: Create a router for all tenants
os_router:
cloud: "{{ os_cloud }}"
project: "{{ item }}"
name: "ext-to-{{ item }}"
network: "external"
with_items: "{{all_projects}}"
- name: Create a private network for all tenants
os_network:
cloud: "{{ os_cloud }}"
project: "{{ item.name }}"
name: "{{ item.name }}-net"
shared: "{{ item.shared }}"
with_items:
- { name: copr, shared: true }
- { name: coprdev, shared: true }
- { name: infrastructure, shared: false }
- { name: persistent, shared: false }
- { name: pythonbots, shared: false }
- { name: transient, shared: false }
- { name: openshift, shared: false }
- { name: maintainertest, shared: false }
- { name: aos-ci-cd, shared: false }
- name: Create a subnet for all tenants
os_subnet:
cloud: "{{ os_cloud }}"
project: "{{ item.name }}"
network_name: "{{ item.name }}-net"
name: "{{ item.name }}-subnet"
cidr: "{{ item.cidr }}"
gateway_ip: "{{ item.gateway }}"
dns_nameservers: "66.35.62.163,140.211.169.201"
with_items:
- { name: copr, cidr: '172.25.80.1/20', gateway: '172.25.80.1' }
- { name: coprdev, cidr: '172.25.144.1/20', gateway: '172.25.144.1' }
- { name: infrastructure, cidr: '172.25.16.1/20', gateway: '172.25.16.1' }
- { name: persistent, cidr: '172.25.32.1/20', gateway: '172.25.32.1' }
- { name: pythonbots, cidr: '172.25.128.1/20', gateway: '172.25.128.1' }
- { name: transient, cidr: '172.25.48.1/20', gateway: '172.25.48.1' }
- { name: openshift, cidr: '172.25.160.1/20', gateway: '172.25.160.1' }
- { name: maintainertest, cidr: '172.25.176.1/20', gateway: '172.25.176.1' }
- { name: aos-ci-cd, cidr: '172.25.180.1/20', gateway: '172.25.180.1' }
- name: "Connect routers interface to the TENANT-subnet"
os_router:
cloud: "{{ os_cloud }}"
project: "{{ item }}"
name: "ext-to-{{ item }}"
interfaces: ["{{ item }}-subnet"]
with_items: "{{all_projects}}"
#################
# Security Groups
################
- name: "Change the quota of quotas"
os_quota:
cloud: "{{os_cloud}}"
name: "{{item}}"
security_group: 100
security_group_rule: 100
with_items: "{{all_projects}}"
- name: "Create 'ssh-anywhere' security group"
os_security_group:
cloud: "{{ os_cloud }}"
name: 'ssh-anywhere-{{item}}'
description: "allow ssh from anywhere"
project: "{{item}}"
with_items: "{{all_projects}}"
- name: "Add rules to security group ( ssh-anywhere )"
os_security_group_rule:
security_group: 'ssh-anywhere-{{item}}'
cloud: "{{ os_cloud }}"
direction: "ingress"
port_range_min: "22"
port_range_max: "22"
ethertype: "IPv4"
protocol: "tcp"
remote_ip_prefix: "0.0.0.0/0"
project: "{{item}}"
with_items: "{{all_projects}}"
- name: "Allow nagios checks"
os_security_group:
cloud: "{{ os_cloud }}"
state: "present"
name: 'allow-nagios-{{item}}'
description: "allow nagios checks"
project: "{{item}}"
with_items:
- persistent
- name: Add rule to new security group (nagios)
os_security_group_rule:
security_group: 'allow-nagios-{{item}}'
cloud: "{{ os_cloud }}"
direction: "ingress"
port_range_min: "5666"
port_range_max: "5666"
ethertype: "IPv4"
protocol: "tcp"
remote_ip_prefix: "209.132.181.35/32"
project: "{{item}}"
with_items:
- persistent
- name: "Create 'ssh-from-persistent' security group"
os_security_group:
cloud: "{{ os_cloud }}"
state: "present"
name: 'ssh-from-persistent-{{item}}'
description: "allow ssh from persistent"
project: "{{item}}"
with_items:
- copr
- coprdev
- name: add rule to new security group (ssh-from-persistent)
os_security_group_rule:
security_group: 'ssh-from-persistent-{{item}}'
cloud: "{{ os_cloud }}"
direction: "ingress"
port_range_min: "22"
port_range_max: "22"
ethertype: "IPv4"
protocol: "tcp"
remote_ip_prefix: "172.25.32.1/20"
project: "{{item}}"
with_items:
- copr
- coprdev
- name: "Create 'ssh-internal' security group"
os_security_group:
state: "present"
cloud: "{{ os_cloud }}"
name: 'ssh-internal-{{item.name}}'
description: "allow ssh from {{item.name}}-network"
project: "{{ item.name }}"
with_items:
- { name: copr, prefix: '172.25.80.1/20' }
- { name: coprdev, prefix: '172.25.80.1/20' }
- { name: infrastructure, prefix: "172.25.16.1/20" }
- { name: persistent, prefix: "172.25.32.1/20" }
- { name: pythonbots, prefix: '172.25.128.1/20' }
- { name: transient, prefix: '172.25.48.1/20' }
- { name: openshift, prefix: '172.25.160.1/20' }
- { name: maintainertest, prefix: '172.25.180.1/20' }
- { name: aos-ci-cd, prefix: '172.25.200.1/20' }
- name: add rule to new security group (ssh-internal)
os_security_group_rule:
security_group: 'ssh-internal-{{item.name}}'
cloud: "{{ os_cloud }}"
direction: "ingress"
port_range_min: "22"
port_range_max: "22"
ethertype: "IPv4"
protocol: "tcp"
remote_ip_prefix: "{{ item.prefix }}"
project: "{{item.name}}"
with_items:
- { name: copr, prefix: '172.25.80.1/20' }
- { name: coprdev, prefix: '172.25.80.1/20' }
- { name: infrastructure, prefix: "172.25.16.1/20" }
- { name: persistent, prefix: "172.25.32.1/20" }
- { name: pythonbots, prefix: '172.25.128.1/20' }
- { name: transient, prefix: '172.25.48.1/20' }
- { name: openshift, prefix: '172.25.160.1/20' }
- { name: maintainertest, prefix: '172.25.180.1/20' }
- { name: aos-ci-cd, prefix: '172.25.200.1/20' }
- name: "Create 'web-80-anywhere' security group"
os_security_group:
state: "present"
name: 'web-80-anywhere-{{item}}'
cloud: "{{ os_cloud }}"
description: "allow web-80 from anywhere"
project: "{{item}}"
with_items: "{{all_projects}}"
- name: add rule to new security group (web-80-anywhere)
os_security_group_rule:
security_group: 'web-80-anywhere-{{item}}'
cloud: "{{ os_cloud }}"
direction: "ingress"
port_range_min: "80"
port_range_max: "80"
ethertype: "IPv4"
protocol: "tcp"
remote_ip_prefix: "0.0.0.0/0"
project: "{{item}}"
with_items: "{{all_projects}}"
- name: "Create 'web-443-anywhere' security group"
os_security_group:
state: "present"
name: 'web-443-anywhere-{{item}}'
cloud: "{{ os_cloud }}"
description: "allow web-443 from anywhere"
project: "{{item}}"
with_items: "{{all_projects}}"
- name: add rule to new security group (web-443-anywhere)
os_security_group_rule:
security_group: 'web-443-anywhere-{{item}}'
cloud: "{{ os_cloud }}"
direction: "ingress"
port_range_min: "443"
port_range_max: "443"
ethertype: "IPv4"
protocol: "tcp"
remote_ip_prefix: "0.0.0.0/0"
project: "{{item}}"
with_items: "{{all_projects}}"
- name: "Create 'oci-registry-5000-anywhere' security group"
os_security_group:
state: "present"
name: 'oci-registry-5000-anywhere-{{item}}'
cloud: "{{ os_cloud }}"
description: "allow oci-registry-5000 from anywhere"
project: "{{item}}"
with_items: "{{all_projects}}"
- name: add rule to new security group (oci-registry-5000-anywhere)
os_security_group_rule:
security_group: 'oci-registry-5000-anywhere-{{item}}'
cloud: "{{ os_cloud }}"
direction: "ingress"
port_range_min: "5000"
port_range_max: "5000"
ethertype: "IPv4"
protocol: "tcp"
remote_ip_prefix: "0.0.0.0/0"
project: "{{item}}"
with_items: "{{all_projects}}"
- name: "Create 'wide-open' security group"
os_security_group:
state: "present"
name: 'wide-open-{{item}}'
cloud: "{{ os_cloud }}"
description: "allow anything from anywhere"
project: "{{item}}"
with_items: "{{all_projects}}"
- name: add rule to new security group (wide-open/tcp)
os_security_group_rule:
security_group: 'wide-open-{{item}}'
cloud: "{{ os_cloud }}"
direction: "ingress"
port_range_min: "1"
port_range_max: "65535"
ethertype: "IPv4"
protocol: "tcp"
remote_ip_prefix: "0.0.0.0/0"
project: "{{item}}"
with_items: "{{all_projects}}"
- name: add rule to new security group (wide-open/udp)
os_security_group_rule:
security_group: 'wide-open-{{item}}'
cloud: "{{ os_cloud }}"
direction: "ingress"
port_range_min: "1"
port_range_max: "65535"
ethertype: "IPv4"
protocol: "udp"
remote_ip_prefix: "0.0.0.0/0"
project: "{{item}}"
with_items: "{{all_projects}}"
- name: "Create 'ALL ICMP' security group"
os_security_group:
state: "present"
name: 'all-icmp-{{item}}'
cloud: "{{ os_cloud }}"
description: "allow all ICMP traffic"
project: "{{item}}"
with_items: "{{all_projects}}"
- name: add rule to new security group (all-icmp)
os_security_group_rule:
security_group: 'all-icmp-{{item}}'
cloud: "{{ os_cloud }}"
direction: "ingress"
ethertype: "IPv4"
protocol: "icmp"
remote_ip_prefix: "0.0.0.0/0"
project: "{{item}}"
with_items: "{{all_projects}}"
- name: "Create 'keygen-persistent' security group"
os_security_group:
state: "present"
name: 'keygen-persistent-{{item}}'
cloud: "{{ os_cloud }}"
description: "rules for copr-keygen"
project: "{{item}}"
with_items:
- copr
- coprdev
- name: add rule to new security group (keygen-persistent/5167)
os_security_group_rule:
security_group: 'keygen-persistent-{{item}}'
cloud: "{{ os_cloud }}"
direction: "ingress"
port_range_min: "5167"
port_range_max: "5167"
ethertype: "IPv4"
protocol: "tcp"
remote_ip_prefix: "172.25.32.1/20"
project: "{{item}}"
with_items:
- copr
- coprdev
- name: add rule to new security group (keygen-persistent/80)
os_security_group_rule:
security_group: 'keygen-persistent-{{item}}'
cloud: "{{ os_cloud }}"
direction: "ingress"
port_range_min: "80"
port_range_max: "80"
ethertype: "IPv4"
protocol: "tcp"
remote_ip_prefix: "172.25.32.1/20"
project: "{{item}}"
with_items:
- copr
- coprdev
- name: "Create 'pg-5432-anywhere' security group"
os_security_group:
state: "present"
name: 'pg-5432-anywhere-{{item}}'
cloud: "{{ os_cloud }}"
description: "allow postgresql-5432 from anywhere"
project: "{{item}}"
with_items: "{{all_projects}}"
- name: add rule to new security group (pg-5432-anywhere)
os_security_group_rule:
security_group: 'pg-5432-anywhere-{{item}}'
cloud: "{{ os_cloud }}"
direction: "ingress"
port_range_min: "5432"
port_range_max: "5432"
ethertype: "IPv4"
protocol: "tcp"
remote_ip_prefix: "0.0.0.0/0"
project: "{{item}}"
with_items: "{{all_projects}}"
- name: "Create 'fedmsg-relay-persistent' security group"
os_security_group:
state: "present"
name: 'fedmsg-relay-persistent-{{item}}'
cloud: "{{ os_cloud }}"
description: "allow incoming 2003 and 4001 from internal network"
project: "{{item}}"
with_items: "{{all_projects}}"
- name: add rule to new security group (fedmsg-relay-persistent/2003)
os_security_group_rule:
security_group: 'fedmsg-relay-persistent-{{item}}'
cloud: "{{ os_cloud }}"
direction: "ingress"
port_range_min: "2003"
port_range_max: "2003"
ethertype: "IPv4"
protocol: "tcp"
remote_ip_prefix: "172.25.80.1/16"
project: "{{item}}"
with_items: "{{all_projects}}"
- name: add rule to new security group (fedmsg-relay-persistent/4001)
os_security_group_rule:
security_group: 'fedmsg-relay-persistent-{{item}}'
cloud: "{{ os_cloud }}"
direction: "ingress"
port_range_min: "4001"
port_range_max: "4001"
ethertype: "IPv4"
protocol: "tcp"
remote_ip_prefix: "172.25.80.1/16"
project: "{{item}}"
with_items: "{{all_projects}}"
#########
# quotas
#########
- name: set quotas for copr
os_quota:
cloud: "{{ os_cloud }}"
cores: "{{ item.cores }}"
floating_ips: "{{ item.floating_ips }}"
instances: "{{ item.instances }}"
name: "{{ item.name }}"
security_group: "{{ item.security_group }}"
with_items:
- { name: copr, cores: 100, floating_ips: 10, instances: 50, ram: 350000, security_group: 15 }
- { name: coprdev, cores: 80, floating_ips: 10, instances: 40, ram: 300000, security_group: 15 }
- { name: persistent, cores: 175, floating_ips: 50, instances: 60, ram: 300000, security_group: 15 }
- { name: transient, cores: 70, floating_ips: 10, instances: 30, ram: 150000, security_group: 15 }
Reference in a new issue View git blame Copy permalink