Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
ansible/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml
Miroslav Suchý c1d43488f8 give up with rabbitmq ans ssl 
when I configured both server and OS for ssl, I get:
2015-02-02 12:32:26.475 15074 ERROR neutron.openstack.common.rpc.common [-] AMQP server on 209.132.184.9:5671 is unreachable: [Errno 1] _ssl.c:504: error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version. Trying again in 19 seconds
I simply give up
2015-02-02 12:54:15 +00:00

600 lines
26 KiB
YAML
Raw Blame History

---
- name: deploy Open Stack controler
hosts: fed-cloud09.cloud.fedoraproject.org
user: root
sudo: yes
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/fedora-cloud.yml
- /srv/private/ansible/files/openstack/passwords.yml
roles:
#- rkhunter
- nagios_client
- hosts
- fas_client
- sudo
tasks:
- include: "{{ tasks }}/cloud_setup_basic.yml"
vars:
root_auth_users: msuchy
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/2fa_client.yml"
- name: set root passwd
user: name=root password={{ cloud_rootpw }} state=present
tags:
- rootpw
- name: Set the hostname
action: hostname name=fed-cloud09.cloud.fedoraproject.org
- name: install core pkgs
action: yum state=present pkg={{ item }}
with_items:
- libselinux-python
- ntp
- wget
- scsi-target-utils
- lvm2
- iptables-services
- name: disable selinux
action: selinux policy=targeted state=permissive
- service: name=tgtd state=started enabled=yes
- command: vgrename vg_guests cinder-volumes
ignore_errors: yes
- lvg: vg=cinder-volumes pvs=/dev/md127 pesize=32 vg_options=''
- template: src={{ files }}/fedora-cloud/hosts dest=/etc/hosts owner=root mode=0644
- stat: path=/etc/packstack_sucessfully_finished
register: packstack_sucessfully_finished
# http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-networking.html
- service: name=NetworkManager state=stopped enabled=no
- service: name=network state=started enabled=yes
- service: name=firewalld state=stopped enabled=no
ignore_errors: yes
- service: name=iptables state=started enabled=yes
# http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-neutron-networking-controller-node.html
- lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^ONBOOT=" line="ONBOOT=yes"
# only for first run
- lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^NETMASK=" line="NETMASK=255.255.255.0"
when: packstack_sucessfully_finished.stat.exists == False
- lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^IPADDR=" line="IPADDR={{controller_private_ip}}"
when: packstack_sucessfully_finished.stat.exists == False
- lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="BOOTPROTO=" line="BOOTPROTO=none"
- template: src={{files}}/fedora-cloud/ifcfg-br-ex dest=/etc/sysconfig/network-scripts/ifcfg-br-ex owner=root mode=0644
when: packstack_sucessfully_finished.stat.exists == False
# FIXME notify network service restart, eth1 must be up and configured
# http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-ntp.html
- service: name=ntpd state=started enabled=yes
# http://docs.openstack.org/icehouse/install-guide/install/yum/content/basics-packages.html
- name: install basic openstack packages
action: yum state=present name={{ item }}
with_items:
- https://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-4.noarch.rpm
- http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
- openstack-utils
- openstack-selinux
- openstack-packstack
- python-glanceclient
- rabbitmq-server
- ansible-openstack-modules
- yum: name=* state=latest
- name: add ssl cert
copy: src={{ private }}/files/openstack/fed-cloud09.pem dest=/etc/pki/tls/certs/fed-cloud09.pem mode=600 owner=rabbitmq group=root
- name: add ssl key
copy: src={{ private }}/files/openstack/fed-cloud09.key dest=/etc/pki/tls/private/fed-cloud09.key mode=600 owner=rabbitmq group=root
# http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-database-controller.html
- name: install mysql packages
action: yum state=present pkg={{ item }}
with_items:
- mariadb-galera-server
- MySQL-python
- ini_file: dest=/etc/my.cnf section="mysqld" option="bind-address" value="{{ controller_public_ip }}"
- ini_file: dest=/etc/my.cnf section="mysqld" option="default-storage-engine" value="innodb"
- ini_file: dest=/etc/my.cnf section="mysqld" option="collation-server" value="utf8_general_ci"
- ini_file: dest=/etc/my.cnf section="mysqld" option="init-connect" value="'SET NAMES utf8'"
- ini_file: dest=/etc/my.cnf section="mysqld" option="character-set-server" value="utf8"
- service: name=mariadb state=started enabled=yes
# 'localhost' needs to be the last item for idempotency, see
# http://ansible.cc/docs/modules.html#mysql-user
- name: update mysql root password for localhost before setting .my.cnf
mysql_user: name=root host=localhost password={{ DBPASSWORD }}
- name: copy .my.cnf file with root password credentials
template: src={{ files }}/fedora-cloud/my.cnf dest=/root/.my.cnf owner=root mode=0600
- name: update mysql root password for all root accounts
mysql_user: name=root host={{ item }} password={{ DBPASSWORD }}
with_items:
- "{{ controller_public_ip }}"
- 127.0.0.1
- ::1
- name: copy .my.cnf file with root password credentials
template: src={{ files }}/fedora-cloud/my.cnf dest=/root/.my.cnf owner=root mode=0600
- name: delete anonymous MySQL server user for $server_hostname
action: mysql_user user="" host="{{ controller_public_ip }}" state="absent"
- name: delete anonymous MySQL server user for localhost
action: mysql_user user="" state="absent"
- name: remove the MySQL test database
action: mysql_db db=test state=absent
# WORKAROUNDS - already reported to OpenStack team
- lineinfile:
dest=/usr/lib/python2.7/site-packages/packstack/plugins/dashboard_500.py
regexp=" host_resources\.append\(*ssl_key, 'ssl_ps_server.key'\)*"
line=" host_resources.append((ssl_key, 'ssl_ps_server.key'))"
backup=yes
- lineinfile:
dest=/usr/share/openstack-puppet/modules/rabbitmq/manifests/config.pp
regexp="RABBITMQ_NODE_PORT"
line=" 'RABBITMQ_NODE_PORTTTTT' => $port,"
backup=yes
#- lineinfile:
# dest=/usr/share/openstack-puppet/modules/rabbitmq/templates/rabbitmq.config.erb
# regexp="cacertfile"
# line=" {ssl_options, [{cacertfile,\"<%= @ssl_cert %>\"},"
# backup=yes
#- lineinfile:
# dest=/usr/share/openstack-puppet/modules/neutron/manifests/init.pp
# regexp="rabbit_use_ssl = "
# line=" $rabbit_use_ssl = true,"
# backup=yes
#- lineinfile:
# dest=/usr/share/openstack-puppet/modules/nova/manifests/init.pp
# regexp="rabbit_use_ssl = "
# line=" $rabbit_use_ssl = true,"
# backup=yes
#- lineinfile:
# dest=/usr/share/openstack-puppet/modules/glance/manifests/notify/rabbitmq.pp
# regexp="rabbit_use_ssl = "
# line=" $rabbit_use_ssl = true,"
# backup=yes
#- lineinfile:
# dest=/usr/share/openstack-puppet/modules/ceilometer/manifests/init.pp
# regexp="rabbit_use_ssl = "
# line=" $rabbit_use_ssl = true,"
# backup=yes
- lineinfile:
dest=/usr/lib/python2.7/site-packages/packstack/puppet/templates/mongodb.pp
regexp="pidfilepath"
line=" pidfilepath => '/var/run/mongodb/mongod.pid'"
insertbefore="^}"
# http://openstack.redhat.com/Quickstart
- template: src={{ files }}/fedora-cloud/packstack-controller-answers.txt dest=/root/ owner=root mode=0600
- authorized_key: user=root key="{{ lookup('file', files + '/fedora-cloud/fed09-ssh-key.pub') }}"
- command: packstack --answer-file=/root/packstack-controller-answers.txt
when: packstack_sucessfully_finished.stat.exists == False
- file: path=/etc/packstack_sucessfully_finished state=touch
# FIXME we should really reboot here
# http://docs.openstack.org/icehouse/install-guide/install/yum/content/basics-queue.html
# https://openstack.redhat.com/Securing_services#qpid
#### FIXME
- lineinfile: dest=/etc/rabbitmq/rabbitmq-env.conf regexp="^RABBITMQ_NODE_PORT=" state="absent"
- service: name=rabbitmq-server state=started
# WORKAROUND again
#- ini_file: dest=/etc/keystone/keystone.conf section="DEFAULT" option="rabbit_use_ssl" value="true"
#- service: name=rabbitmq-server state=restarted
#- ini_file: dest=/etc/nova/nova.conf section="DEFAULT" option="rabbit_use_ssl" value="true"
#- ini_file: dest=/etc/cinder/cinder.conf section="DEFAULT" option="rabbit_use_ssl" value="true"
#- ini_file: dest=/etc/ceilometer/ceilometer.conf section="DEFAULT" option="rabbit_use_ssl" value="true"
#- service: name="{{item}}" state=restarted
# with_items:
# - openstack-ceilometer-alarm-evaluator
# - openstack-ceilometer-alarm-notifier
# - openstack-ceilometer-api
# - openstack-ceilometer-central
# - openstack-ceilometer-collector
# - openstack-ceilometer-compute
# - openstack-ceilometer-notification
# - openstack-cinder-api
# - openstack-cinder-backup
# - openstack-cinder-scheduler
# - openstack-cinder-volume
# - openstack-nova-api
# - openstack-nova-cert
# - openstack-nova-compute
# - openstack-nova-conductor
# - openstack-nova-consoleauth
# - openstack-nova-novncproxy
# - openstack-nova-scheduler
# configure cider with multi back-end
# https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Cloud_Administrator_Guide/section_manage-volumes.html
- lineinfile: dest=/etc/cinder/cinder.conf regexp="^enabled_backends" insertafter="^#enabled_backends" line="enabled_backends=equallogic-1,lvmdriver-1"
# LVM
- ini_file: dest=/etc/cinder/cinder.conf section="lvmdriver-1" option="volume_group" value="cinder-volumes"
- ini_file: dest=/etc/cinder/cinder.conf section="lvmdriver-1" option="volume_driver" value="cinder.volume.drivers.lvm.LVMISCSIDriver"
- ini_file: dest=/etc/cinder/cinder.conf section="lvmdriver-1" option="volume_backend_name" value="LVM_iSCSI"
# Dell EqualLogic - http://docs.openstack.org/trunk/config-reference/content/dell-equallogic-driver.html
- ini_file: dest=/etc/cinder/cinder.conf section="equallogic-1" option="volume_driver" value="cinder.volume.drivers.eqlx.DellEQLSanISCSIDriver"
- ini_file: dest=/etc/cinder/cinder.conf section="equallogic-1" option="san_ip" value="{{ IP_EQLX }}"
- ini_file: dest=/etc/cinder/cinder.conf section="equallogic-1" option="san_login" value="{{ SAN_UNAME }}"
- name: set password for equallogic-1
ini_file: dest=/etc/cinder/cinder.conf section="equallogic-1" option="san_password" value="{{ SAN_PW }}"
- ini_file: dest=/etc/cinder/cinder.conf section="equallogic-1" option="eqlx_group_name" value="{{ EQLX_GROUP }}"
- ini_file: dest=/etc/cinder/cinder.conf section="equallogic-1" option="eqlx_pool" value="{{ EQLX_POOL }}"
- service: name=openstack-cinder-api state=restarted
- service: name=openstack-cinder-scheduler state=restarted
- service: name=openstack-cinder-volume state=restarted
# http://docs.openstack.org/trunk/install-guide/install/yum/content/glance-verify.html
- file: path=/root/images state=directory
- get_url: url=http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img dest=/root/images/cirros-0.3.2-x86_64-disk.img mode=0440
- name: Add the cirros-0.3.2-x86_64 image
glance_image:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
name=cirros-0.3.2-x86_64
disk_format=qcow2
is_public=True
file=/root/images/cirros-0.3.2-x86_64-disk.img
- name: create non-standard flavor
nova_flavor:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
name="m1.builder" id="6" ram="5120" disk="50" vcpus="2"
##### download common Images #####
- get_url: url=http://download.fedoraproject.org/pub/fedora/linux/updates/20/Images/x86_64/Fedora-x86_64-20-20140407-sda.qcow2 dest=/root/images/Fedora-x86_64-20-20140407-sda.qcow2 mode=0440
- get_url: url=http://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.qcow2 dest=/root/images/Fedora-Cloud-Base-20141203-21.x86_64.qcow2 mode=0440
# RHEL6 can be downloaded from https://rhn.redhat.com/rhn/software/channel/downloads/Download.do?cid=16952
# RHEL7 can be download from https://access.redhat.com/downloads/content/69/ver=/rhel---7/7.0/x86_64/product-downloads
- name: Add the images
glance_image:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
name="{{ item.name }}"
disk_format=qcow2
is_public=True
file="{{ item.file }}"
with_items:
- name: fedora-cloud-64-20-20140407
file: /root/images/Fedora-x86_64-20-20140407-sda.qcow2
- name: Fedora-Cloud-Base-20141203-21
file: /root/images/Fedora-Cloud-Base-20141203-21.x86_64.qcow2
# FIXME uncomment when you manualy download
#- name: rhel-guest-image-6.5-20140630.0.x86_64
# file: /root/images/rhel-guest-image-6.5-20140630.0.x86_64.qcow2
#- name: rhel-guest-image-7.0-20140618.1.x86_64
# file: /root/images/rhel-guest-image-7.0-20140618.1.x86_64.qcow2
##### PROJECTS ######
- name: Create tenants
keystone_user:
login_user="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant="{{ item.name }}"
tenant_description="{{ item.desc }}"
state=present
with_items:
- { name: persistent, desc: "persistent instances" }
- { name: qa, desc: "" }
- { name: transient, desc: 'transient instances' }
- { name: infrastructure, desc: "" }
- { name: cloudintern, desc: 'project for the cloudintern under mattdm' }
- { name: cloudsig, desc: 'Fedora cloud sig folks.' }
- { name: copr, desc: 'Copr tenant for the buildsys' }
- { name: pythonbots, desc: 'project for python build bot users - twisted, etc' }
- { name: scratch, desc: 'scratch and short term instances' }
##### USERS #####
- name: Create users
keystone_user:
login_user="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
user="{{ item.name }}"
email="{{ item.email }}"
tenant="{{ item.tenant }}"
password="{{ item.password }}"
state=present
no_log: True
with_items:
- { name: kevin, email: 'kevin@fedoraproject.org', tenant: infrastructure, password: "{{kevin_password}}" }
- { name: laxathom, email: 'laxathom@fedoraproject.org', tenant: infrastructure, password: "{{laxathom_password}}" }
- { name: samkottler, email: 'samkottler@fedoraproject.org', tenant: infrastructure, password: "{{samkottler_password}}" }
- { name: puiterwijk, email: 'puiterwijk@fedoraproject.org', tenant: infrastructure, password: "{{puiterwijk_password}}" }
- { name: mattdm, email: 'mattdm@fedoraproject.org', tenant: infrastructure, password: "{{mattdm_password}}" }
- { name: tflink, email: 'tflink@fedoraproject.org', tenant: qa, password: "{{tflink_password}}" }
- { name: copr, email: 'admin@fedoraproject.org', tenant: copr, password: "{{copr_password}}" }
- { name: twisted, email: 'buildbot@twistedmatrix.com', tenant: pythonbots, password: "{{twisted_password}}" }
- { name: ausil, email: 'dennis@ausil.us', tenant: infrastructure, password: "{{ausil_password}}" }
- { name: anthomas, email: 'anthomas@redhat.com', tenant: cloudintern, password: "{{anthomas_password}}" }
- { name: jskladan, email: 'jskladan@redhat.com', tenant: qa, password: "{{jskladan_password}}" }
- { name: gholms, email: 'gholms@fedoraproject.org', tenant: cloudintern, password: "{{gholms_password}}" }
- { name: cockpit, email: 'walters@redhat.com', tenant: scratch, password: "{{cockpit_password}}" }
- { name: nb, email: 'nb@fedoraproject.org', tenant: infrastructure, password: "{{nb_password}}" }
- { name: pingou, email: 'pingou@pingoured.fr', tenant: infrastructure, password: "{{pingou_password}}" }
- { name: codeblock, email: 'codeblock@elrod.me', tenant: infrastructure, password: "{{codeblock_password}}" }
- { name: msuchy, email: 'msuchy@redhat.com', tenant: copr, password: "{{msuchy_password}}" }
- { name: red, email: 'red@fedoraproject.org', tenant: infrastructure, password: "{{red_password}}" }
#- template: src={{ files }}/fedora-cloud/keystonerc_msuchy dest=/root/ owner=root mode=0600
#- shell: source /root/keystonerc_admin && keystone user-password-update --pass 'XXXX' msuchy
##### NETWORK ####
# http://docs.openstack.org/havana/install-guide/install/apt/content/install-neutron.configure-networks.html
- name: Create en external network
neutron_network:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
name=external
router_external=True
provider_network_type=flat
provider_physical_network=floatnet
register: EXTERNAL_ID
- name: Create an external subnet
neutron_subnet:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
name=external-subnet
network_name=external
cidr="{{ public_interface_cidr }}"
allocation_pool_start="{{ public_floating_start }}"
allocation_pool_end="{{ public_floating_end }}"
gateway_ip="{{ public_gateway_ip }}"
enable_dhcp=false
register: EXTERNAL_SUBNET_ID
- shell: source /root/keystonerc_admin && nova floating-ip-create external
when: packstack_sucessfully_finished.stat.exists == False
# 172.16.0.1/12 -- 172.21.0.1/12 - Free to take
# 172.23.0.1/12 - free (but used by old cloud)
# 172.24.0.1/12 - RESERVED it is used internally for OS
# 172.25.0.1/12 - Cloudintern
# 172.26.0.1/12 - infrastructure
# 172.27.0.1/12 - persistent
# 172.28.0.1/12 - transient
# 172.29.0.1/12 - scratch
# 172.30.0.1/12 - copr
# 172.31.0.1/12 - Free to take
# Cloudintern network
- name: Create a router for Cloudintern
neutron_router:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=cloudintern
name=ext-to-cloudintern
register: ROUTER_ID
- name: Connect router's gateway to the external network
neutron_router_gateway:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
router_name="ext-to-cloudintern"
network_name="external"
- name: Create a private network for cloudintern
neutron_network:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=cloudintern
name=cloudintern-net
- name: Create a subnet in the cloudintern-net
neutron_subnet:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=cloudintern
network_name=cloudintern-net
name=cloudintern-subnet
cidr=172.25.0.1/12
gateway_ip=172.25.0.1
register: CLOUDINTERN_SUBNET_ID
- name: Connect router's interface to the cloudintern-subnet
neutron_router_interface:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=cloudintern
router_name="ext-to-cloudintern"
subnet_name="cloudintern-subnet"
# Copr network
- name: Create a router for copr
neutron_router:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=copr
name=ext-to-copr
register: ROUTER_ID
- name: Connect router's gateway to the external network
neutron_router_gateway:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
router_name="ext-to-copr"
network_name="external"
- name: Create a private network for copr
neutron_network:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=copr
name=copr-net
- name: Create a subnet in the copr-net
neutron_subnet:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=copr
network_name=copr-net
name=copr-subnet
cidr=172.30.0.1/12
gateway_ip=172.30.0.1
register: COPR_SUBNET_ID
- name: Connect router's interface to the copr-subnet
neutron_router_interface:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=copr
router_name="ext-to-copr"
subnet_name="copr-subnet"
# infrastructure network
- name: Create a router for infrastructure
neutron_router:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=infrastructure
name=ext-to-infrastructure
register: ROUTER_ID
- name: Connect router's gateway to the external network
neutron_router_gateway:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
router_name="ext-to-infrastructure"
network_name="external"
- name: Create a private network for infrastructure
neutron_network:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=infrastructure
name=infrastructure-net
- name: Create a subnet in the infrastructure-net
neutron_subnet:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=infrastructure
network_name=infrastructure-net
name=infrastructure-subnet
cidr=172.26.0.1/12
gateway_ip=172.26.0.1
register: INFRASTRUCTURE_SUBNET_ID
- name: Connect router's interface to the infrastructure-subnet
neutron_router_interface:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=infrastructure
router_name="ext-to-infrastructure"
subnet_name="infrastructure-subnet"
# persistent network
- name: Create a router for persistent
neutron_router:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=persistent
name=ext-to-persistent
register: ROUTER_ID
- name: Connect router's gateway to the external network
neutron_router_gateway:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
router_name="ext-to-persistent"
network_name="external"
- name: Create a private network for persistent
neutron_network:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=persistent
name=persistent-net
- name: Create a subnet in the persistent-net
neutron_subnet:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=persistent
network_name=persistent-net
name=persistent-subnet
cidr=172.27.0.1/12
gateway_ip=172.27.0.1
register: PERSISTENT_SUBNET_ID
- name: Connect router's interface to the persistent-subnet
neutron_router_interface:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=persistent
router_name="ext-to-persistent"
subnet_name="persistent-subnet"
# transient network
- name: Create a router for transient
neutron_router:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=transient
name=ext-to-transient
register: ROUTER_ID
- name: Connect router's gateway to the external network
neutron_router_gateway:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
router_name="ext-to-transient"
network_name="external"
- name: Create a private network for transient
neutron_network:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=transient
name=transient-net
- name: Create a subnet in the transient-net
neutron_subnet:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=transient
network_name=transient-net
name=transient-subnet
cidr=172.28.0.1/12
gateway_ip=172.28.0.1
register: TRANSIENT_SUBNET_ID
- name: Connect router's interface to the transient-subnet
neutron_router_interface:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=transient
router_name="ext-to-transient"
subnet_name="transient-subnet"
# scratch network
- name: Create a router for scratch
neutron_router:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=scratch
name=ext-to-scratch
register: ROUTER_ID
- name: Connect router's gateway to the external network
neutron_router_gateway:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
router_name="ext-to-scratch"
network_name="external"
- name: Create a private network for scratch
neutron_network:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=scratch
name=scratch-net
- name: Create a subnet in the scratch-net
neutron_subnet:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=scratch
network_name=scratch-net
name=scratch-subnet
cidr=172.29.0.1/12
gateway_ip=172.29.0.1
register: SCRATCH_SUBNET_ID
- name: Connect router's interface to the scratch-subnet
neutron_router_interface:
login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
tenant_name=scratch
router_name="ext-to-scratch"
subnet_name="scratch-subnet"
################
# Copr
# ##############
- name: Copr - Create 'ssh-anywhere' security group
neutron_sec_group:
login_username: "admin"
login_password: "{{ ADMIN_PASS }}"
login_tenant_name: "admin"
state: "present"
name: 'ssh-anywhere'
description: "allow ssh from anywhere"
tenant_name: "copr"
rules:
- direction: "ingress"
port_range_min: "22"
port_range_max: "22"
ethertype: "IPv4"
protocol: "tcp"
remote_ip_prefix: "0.0.0.0/0"
- name: Copr - Create 'ssh-internal' security group
neutron_sec_group:
login_username: "admin"
login_password: "{{ ADMIN_PASS }}"
login_tenant_name: "admin"
state: "present"
name: 'ssh-internal'
description: "allow ssh from copr-network"
tenant_name: "copr"
rules:
- direction: "ingress"
port_range_min: "22"
port_range_max: "22"
ethertype: "IPv4"
protocol: "tcp"
remote_ip_prefix: "172.30.0.1/12"
Reference in a new issue View git blame Copy permalink