-
Notifications
You must be signed in to change notification settings - Fork 0
/
test.yml
224 lines (194 loc) · 8.42 KB
/
test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
---
- hosts: compute
sudo: True
tasks:
- command: docker pull marklee77/baseimage-cloud
register: docker_pull_baseimage_cloud
changed_when: not docker_pull_baseimage_cloud.stdout.find("Image is up to date")
- hosts: controller
sudo: False
vars_files:
- defaults/main.yml
vars:
openstack_identity_demo_password: password
tasks:
- name: update admin.openrc from template
template:
src: templates/admin.openrc
dest: "{{ ansible_env.PWD }}/admin.openrc"
owner: "{{ ansible_ssh_user }}"
- name: create demo tenant
keystone_user:
endpoint: "{{ openstack_identity_admin_url }}"
token: "{{ openstack_identity_admin_token }}"
tenant: demo
tenant_description: "Demo Tenant"
- name: create demo user
keystone_user:
endpoint: "{{ openstack_identity_admin_url }}"
token: "{{ openstack_identity_admin_token }}"
tenant: demo
user: demo
password: "{{ openstack_identity_demo_password }}"
- name: associate _member_ role with demo user
keystone_user:
endpoint: "{{ openstack_identity_admin_url }}"
token: "{{ openstack_identity_admin_token }}"
tenant: demo
user: demo
role: _member_
- name: update demo.openrc template
template:
src: templates/demo.openrc
dest: "{{ ansible_env.PWD }}/demo.openrc"
mode: 0600
- name: check to see what images have been registered with glance
command: glance --os-auth-url "{{ openstack_identity_public_url }}" --os-tenant-name demo --os-username demo --os-password "{{ openstack_identity_demo_password }}" image-list
register: glance_image_check
changed_when: false
- name: import baseimage-cloud image into glance if necessary
shell: docker save marklee77/baseimage-cloud | glance --os-auth-url "{{ openstack_identity_public_url }}" --os-tenant-name demo --os-username demo --os-password "{{ openstack_identity_demo_password }}" image-create --name=marklee77/baseimage-cloud --is-public=true --container-format=docker --disk-format=raw
when: -1 == glance_image_check.stdout.find("marklee77/baseimage-cloud")
- name: query glance for image id
glance_image:
auth_url: "{{ openstack_identity_public_url }}"
login_tenant_name: demo
login_username: demo
login_password: "{{ openstack_identity_demo_password }}"
name: marklee77/baseimage-cloud
file: /tmp/dummy
state: present
register: baseimage_cloud_image
# Ansible neutron modules lists all tenants to get ids, but this is not
# permitted for non-admin users. Need to fix neutron_* modules as non-admin
# *should* be able to create networks, associate floating ips, etc.
- name: ensure demo user has admin role
keystone_user:
endpoint: "{{ openstack_identity_admin_url }}"
token: "{{ openstack_identity_admin_token }}"
tenant: demo
user: demo
role: admin
- name: update demo.openrc from template
template:
src: templates/demo.openrc
dest: "{{ ansible_env.PWD }}/demo.openrc"
owner: "{{ ansible_ssh_user }}"
- name: ensure internal network is registered
neutron_network:
auth_url: "{{ openstack_identity_public_url }}"
login_tenant_name: demo
login_username: demo
login_password: "{{ openstack_identity_demo_password }}"
tenant_name: demo
name: demo-net
state: present
register: openstack_network_internal
- name: ensure subnet internal network is registered
neutron_subnet:
auth_url: "{{ openstack_identity_public_url }}"
login_tenant_name: demo
login_username: demo
login_password: "{{ openstack_identity_demo_password }}"
tenant_name: demo
name: demo-subnet
network_name: demo-net
cidr: 192.168.13.0/24
enable_dhcp: true
gateway_ip: 192.168.13.1
dns_nameservers: 8.8.8.8
state: present
- name: ensure router exists
neutron_router:
auth_url: "{{ openstack_identity_public_url }}"
login_tenant_name: demo
login_username: demo
login_password: "{{ openstack_identity_demo_password }}"
tenant_name: demo
name: demo-router
state: present
- name: ensure router has interface connected to internal network
neutron_router_interface:
auth_url: "{{ openstack_identity_public_url }}"
login_tenant_name: demo
login_username: demo
login_password: "{{ openstack_identity_demo_password }}"
tenant_name: demo
router_name: demo-router
subnet_name: demo-subnet
state: present
- name: ensure router has external network gateway
neutron_router_gateway:
auth_url: "{{ openstack_identity_public_url }}"
login_tenant_name: demo
login_username: demo
login_password: "{{ openstack_identity_demo_password }}"
router_name: demo-router
network_name: public
state: present
- name: create ssh keypair
command: ssh-keygen -q -f {{ ansible_env.PWD }}/.ssh/id_rsa -P ""
creates={{ ansible_env.PWD }}/.ssh/id_rsa
- name: capture public key in variable
command: cat {{ ansible_env.PWD }}/.ssh/id_rsa.pub
register: pubkey
changed_when: false
- name: add ssh keypair to nova
nova_keypair:
auth_url: "{{ openstack_identity_public_url }}"
login_tenant_name: demo
login_username: demo
login_password: "{{ openstack_identity_demo_password }}"
name: demo-keypair
public_key: "{{ pubkey.stdout }}"
state: present
# the neutron_sec_group module needs work...
- name: verify existence of demo security group
command: neutron --os-auth-url "{{ openstack_identity_public_url }}" --os-tenant-name demo --os-username demo --os-password "{{ openstack_identity_demo_password }}" security-group-show demo-secgroup
register: verify_secgroup
ignore_errors: yes
changed_when: false
- name: create demo-secgroup security group if necessary
command: neutron --os-auth-url "{{ openstack_identity_public_url }}" --os-tenant-name demo --os-username demo --os-password "{{ openstack_identity_demo_password }}" security-group-create demo-secgroup
when: verify_secgroup|failed
- name: ensure that demo-secgroup allows ping
command: neutron --os-auth-url "{{ openstack_identity_public_url }}" --os-tenant-name demo --os-username demo --os-password "{{ openstack_identity_demo_password }}" security-group-rule-create --direction=ingress --protocol=icmp demo-secgroup
when: verify_secgroup|failed
- name: ensure that demo-secgroup allows ssh
command: neutron --os-auth-url "{{ openstack_identity_public_url }}" --os-tenant-name demo --os-username demo --os-password "{{ openstack_identity_demo_password }}" security-group-rule-create --direction=ingress --protocol=tcp --port-range-min=22 --port-range-max=22 demo-secgroup
when: verify_secgroup|failed
- name: create a new virtual machine instance
nova_compute:
auth_url: "{{ openstack_identity_public_url }}"
login_tenant_name: demo
login_username: demo
login_password: "{{ openstack_identity_demo_password }}"
name: demo-instance
flavor_id: 1
image_id: "{{ baseimage_cloud_image.id }}"
nics:
- net-id: "{{ openstack_network_internal.id }}"
key_name: demo-keypair
security_groups: demo-secgroup
wait: "yes"
state: present
- name: ensure floating ip is associated with vm instance
neutron_floating_ip:
auth_url: "{{ openstack_identity_public_url }}"
login_tenant_name: demo
login_username: demo
login_password: "{{ openstack_identity_demo_password }}"
instance_name: demo-instance
network_name: public
state: present
register: demo_floating_ip
- name: wait for ssh to become available
wait_for:
host: "{{ demo_floating_ip.public_ip }}"
port: 22
- name: ping demo virtual machine
command: ping -c 4 {{ demo_floating_ip.public_ip }}
changed_when: false
- name: verify that virtual machine can be logged into via ssh
command: ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@{{ demo_floating_ip.public_ip }} hostname
changed_when: false